- Create Directories Commands used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ mkdir Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ mkdir Test02
- Create Users Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo useradd dinujaya
[sudo] password for neo:
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo useradd Neo
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo useradd Trinity
verify the users are created by checking /etc/passwd
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ cat /etc/passwd
tharushka:x:1001:1001::/home/tharushka:/bin/sh
dinujaya:x:1002:1002::/home/dinujaya:/bin/sh
Neo:x:1003:1003::/home/Neo:/bin/sh
Trinity:x:1004:1004::/home/Trinity:/bin/sh- Set the file ACL of each user over each directory Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:dinujaya:rw Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:dinujaya:r Test02
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:Neo:rx Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:Neo:rwx Test02
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:Trinity:0 Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m u:Trinity:rwx Test02
Assigned permissions:
- dinujaya: Read and write on dir1, read-only on dir2
- Neo: Execute and read on dir1, read, write, and execute on dir2
- Trinity: No permissions on dir1, full permissions on dir2
- Check the given permissions of both directories Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ getfacl Test01
# file: Test01
# owner: neo
# group: neo
user::rwx
user:dinujaya:rw-
user:Neo:r-x
user:Trinity:---
group::rwx
mask::rwx
other::r-x
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ getfacl Test02
# file: Test02
# owner: neo
# group: neo
user::rwx
user:dinujaya:r--
user:Neo:rwx
user:Trinity:rwx
group::rwx
mask::rwx
other::r-x
- Create Groups Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo groupadd black
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo groupadd white
- Add some users to the groups you have created Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo gpasswd -a dinujaya black
Adding user dinujaya to group black
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo gpasswd -a Neo White
gpasswd: group 'White' does not exist in /etc/group
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo gpasswd -a Neo white
Adding user Neo to group white
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ sudo gpasswd -a Trinity black
- Check if the users are added to the groups Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ groups dinujaya
dinujaya : dinujaya black
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ groups Neo
Neo : Neo white
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ groups Trinity
Trinity : Trinity black
- Set the file ACL of each group over the directories Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m g:black:rw Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m g:black:r Test02
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m g:white:rw Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -m g:white:rw Test02
- Check the ACL of your directories and see if your group permissions are done. Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ getfacl Test01
# file: Test01
# owner: neo
# group: neo
user::rwx
user:dinujaya:rw-
user:Neo:r-x
user:Trinity:---
group::rwx
group:black:rw-
group:white:rw-
mask::rwx
other::r-x
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ getfacl Test02
# file: Test02
# owner: neo
# group: neo
user::rwx
user:dinujaya:r--
user:Neo:rwx
user:Trinity:rwx
group::rwx
group:black:r--
group:white:rw-
mask::rwx
other::r-x
- Cancel some permissions given to a user or a group over a directory Commands Used :
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -x u:dinujaya Test01
┌──(neo㉿0xneoxploit)-[~/Desktop]
└─$ setfacl -x g:white Test02 