Sunday, October 11, 2015

Can you answer this Security+ practice test question on Linux permissions?

Linux Permissions Sample Question

Question. Lisa does not have access to the project.doc file but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file:

rwx r-- ---

What should Homer modify to grant Lisa read access to the file?

A. File ownership
B. The FACL
C. Parent directory permissions
D. Group ownership



After receiving queries from several people about Linux permissions, I added this sample question to one of the extra test banks on the gcgapremium.com site.

While Linux or Linux permissions aren't listed directly on the Security+ objectives, CompTIA might add in questions that you may find a little challenging without a little knowledge of Linux permissions.


Don't let the appearance of Linux permissions throw you. Linux does list the permissions a little differently, but they work similarly to NTFS permissions. If you understand NTFS permissions as described in Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, these questions shouldn't be too challenging.

Entities within Linux Permissions

There are 3 primary entities that you can assign permissions to within Linux. They are:
  • Owner - This is a user that owns the file or directory and the owner is typically granted all permissions for the file or directory.
  • Group - The file can also be owned by a named group. Members of this group are granted specific permissions for the file or directory. These permissions are typically less than the permissions applied to the owner
  • Everyone else (or all users) - This is sometimes referred to as All Users, but permissions applied here do NOT override the Owner or Group permissions.

Basic Types of Linux Permissions

Linux files and directories have three basic types of Linux permissions. They are:
  • Read (r) - view the file
  • Write (w) - modify the file
  • Execute (x) - run the file (assuming it is an application)
  • If a permission is not assigned, you'll set it represented as a dash
The following table shows how these Linux permission types are often displayed in a file access control list (FACL).

Ref LineOwnerGroupUsers
1rwxrw----
2rwxrw-r--
3rw-rw-rw---

Looking at the above table, you can see that the following permissions will be assigned to the different entities:
  • Line 1: rwx rw- ---
    • Owner has read, write, and execute permissions rwx
    • Group has read and write permissions rw-
    • Other users have zero permissions ---
  • Line 2: rwx rw- r--
    • Owner has read, write, and execute permissions rwx
    • Group has read and write permissions rw-
    • Other users have read permissions r--
  • Line 3:
    • Owner has read and write permissions rw-
    • Group has read and write permissions rw-
    • Other users have read and write permissions rw-

Linux Permissions using Octal Notation

You might also see permissions listed in octal notation format. In other words, instead of seeing letters such as rwx rw- ---, you might see numbers such as 760.

Octal notation uses only three bits with each bit having a value of 0 or 1. With three bits, you can represent eight numbers (0 through 8). The following table shows the octal value based on the value of each of the bits.

Octal ValueRead (r)
2^2
Write (w)
2^1
Execute (x)
2^0
Permission
0000---
1001--x
2010-w-
3011-wx
4100r--
5101r-x
6110rw-
7111rwx

All of these values are not used for Linux permissions. For example, while an octal 1 is possible, it isn't feasible to grant execute permission without also granting read permission.

I've bolded the more commonly used permissions within the table and the following graphic combines the different concepts.

Security+ and Linux Permissions



Answer and explanation for practice test question available here.