Can you answer this sample Security+ question?
Linux Permissions Sample Question
Q. Lisa does not have access to the project.doc file but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file:
rwx r– —
What should Homer modify to grant Lisa read access to the file?
A. File ownership
B. The FACL
C. Parent directory permissions
D. Group ownership
Answer and explanation available here.
I added this sample question to one of the extra test banks on the gcgapremium.com site after receiving queries from several people about Linux permissions.
While Linux or Linux permissions aren’t listed directly on the Security+ objectives, CompTIA might add in questions that you may find a little challenging without a little knowledge of Linux permissions.
Don’t let the appearance of Linux permissions throw you. While Linux lists permissions a little differently, they work similarly to NTFS permissions described in Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
Entities within Linux Permissions
There are three primary entities that you can assign permissions to within Linux. They are:
- Owner – This is a user that owns the file or directory and the owner is typically granted all permissions for the file or directory.
- Group – The file can also be owned by a named group. Members of this group are granted specific permissions for the file or directory. These permissions are typically less than the permissions applied to the owner
- Everyone else – This is sometimes referred to as All Users, but permissions applied here do NOT override the Owner or Group permissions.
Basic Types of Linux Permissions
Linux files and directories have three basic types of Linux permissions. They are:
- Read (r) – view the file
- Write (w) – modify the file
- Execute (x) – run the file (assuming it is an application)
- If a permission is not assigned, you’ll set it represented as a dash
The following table shows how these Linux permission types are often displayed in a file access control list (FACL).
| Ref Line | Owner | Group | Users |
|---|---|---|---|
| 1 | rwx | rw- | — |
| 2 | rwx | rw- | r– |
| 3 | rw- | rw- | rw— |
Looking at the above table, you can see that the following permissions will be assigned to the different entities:
- Line 1: rwx rw- —
- Owner has read, write, and execute permissions rwx
- Group has read and write permissions rw-
- Other users have zero permissions —
- Line 2: rwx rw- r–
- Owner has read, write, and execute permissions rwx
- Group has read and write permissions rw-
- Other users have read permissions r–
- Line 3:
- Owner has read and write permissions rw-
- Group has read and write permissions rw-
- Other users have read and write permissions rw-
Linux Permissions using Octal Notation
You might also see permissions listed in octal notation format. In other words, instead of seeing letters such as rwx rw- —, you might see numbers such as 760.
Octal notation uses only three bits with each bit having a value of 0 or 1. With three bits, you can represent eight numbers (0 through 8). The following table shows the octal value based on the value of each of the bits.
| Octal Value | Read (r) 2^2 | Write (w) 2^1 | Execute (x) 2^0 | Permission |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | — |
| 1 | 0 | 0 | 1 | –x |
| 2 | 0 | 1 | 0 | -w- |
| 3 | 0 | 1 | 1 | -wx |
| 4 | 1 | 0 | 0 | r– |
| 5 | 1 | 0 | 1 | r-x |
| 6 | 1 | 1 | 0 | rw- |
| 7 | 1 | 1 | 1 | rwx |
All of these values are not used for Linux permissions. For example, while an octal 1 is possible, it isn’t feasible to grant execute permission without also granting read permission.
I’ve bolded the more commonly used permissions within the table and the following graphic combines the different concepts.
Linux Permissions Answer to Sample Question
Q. Lisa does not have access to the project.doc file but she needs access to this file for her job. Homer is the system administrator and he has identified the following permissions for the file:
rwx r– —
What should Homer modify to grant Lisa read access to the file?
A. File ownership
B. The FACL
C. Parent directory permissions
D. Group ownership
The system administrator should modify the file access control list (FACL) to grant Lisa access. There are multiple ways to do so, but the key is that the administrator needs to modify the FACL to grant access to the user.
Based on the scenario, the permissions are:
- Owner: read, write, and execute (rwx)
- Group: read (r–)
- Everyone else: none (—)
It isn’t appropriate to modify who owns the file (file ownership) just to grant a single user access to the file. This will effectively change the original owner’s permissions.
The file typically inherits the permissions from the parent directory, but if you modify the parent directory permissions, it modifies the permissions of all other files in the directory. In other words, modifying the parent directory modifies much more than just the permissions for the file.
Modifying group ownership will affect everyone in the group that currently has access to the file via the group ownership permissions.
Note: While FACL is not in the objectives for the SY0-401 exam, it is in the acronym list.
I’ve been posting blogs on the Security+ exam almost since it was released and this page provides a listing of most of those Security blog posts organized by topic.
