All Posts

Topics

Cybersecurity
Cloudcomputing

Share

Project
5 min read

Linux in the Cloud 2

Scenario:

Some new developers have joined our team, so we need to create some users/groups and further need to setup some permissions and access rights for them.

Inspect the requirements in detail by clicking on the icons of the interactive architecture diagram on the right and complete the tasks. Once done click on the Check button to validate your work.

Create a group called "devs"

Create a user called "ray" , change his login shell to "/bin/sh" and set "D3vU3r321" password for this user.

Make user "ray" a member of "devs" group.

·       Create a user called "lisa", change her login shell to "/bin/sh" and set "D3vUd3r123" password for this user.

·       Make user "lisa" a member of "devs" group.

·       Make sure all users under "devs" group can only run the "dnf" command with "sudo" and without entering any password.

·       Edit the disk quota for the group called "devs". Limit the amount of storage space it can use (not inodes). Set a "soft" limit of "100MB" and a "hard" limit of "500MB" on "/data" partition.

·       Configure a "resource limit" for the "devs" group so that this group (members of the group) can not run more than "30 processes" in their session. This should be both a "hard limit" and a "soft limit", written in a single line.

Create a group called "admins"

Create a user called "david" , change his login shell to "/bin/zsh" and set "D3vUd3raaw" password for this user.

Make user "david" a member of "admins" group.

Create a user called "natasha" , change her login shell to "/bin/zsh" and set "DwfawUd113" password for this user.

Make user "natasha" a member of "admins" group.

Give some additional permissions to "admins" group on "/data" directory so that any user who is the member the "admins" group has "full permissions" on this directory.

Make sure "/data" directory is owned by user "bob" and group "devs" and "user/group" owner has "full" permissions but "other" should not have any permissions.

Make sure "/data" directory is owned by user "bob".

  1. Since all of these tasks require that bob is root, I will switch to root. Then I will create group devs and admins.

 

[bob@centos-host sudo -i [root@centos-host groupadd devs [root@centos-host groupadd *ins [root@centos-host

 

  1. Next, I will create a user called david and change his login shell to /bin/zsh. Then I will change his password to "D3vUd3raaw". I will then make the user david a member of the admins group.

 

[root@centos-host [root@centos-host Changing password for New password : Retype new password: useradd -s /bin/zsh david passwd david user david. passwd: all authentication tokens updated successfully. [root@centos-host usermod -G *ins david [root@centos-host

 

  1. Next I will be creating the user Natasha, and changing her login shell to /bin/zsh as well. I will set the password to DwfawUd113 and make Natasha a member of the admins group.
[ root@centos - host [root@centos-host [ root@centos - host Changing password for New password : pe new password: useradd -s /bin/zsh natasha passwd natasha user natasha. passwd: all authentication tokens updated successfully. [root@centos-host usermod -G *ins natasha [root@centos-host

 

  1. Next I will be creating a user called "ray" and changing his login shell to /bin/sh. Then I will set his password to D3vU3r321 and make him a member of the devs group.

 

[root@centos-host [root@centos-host Changing password for New password: Retype new password: useradd -s /bin/sh ray passwd ray user ray. passwd: all authentication tokens updated successfully.

 

Next, I will create a user called lisa, and change her login shell to /bin/sh. Then I will change her password to D3vUd3r123 and make her a member of the devs group.

 

 

Changing password New password: [ root@centos - host Changing password New password : for for 11sa pas user lisa. passwd lisa user lisa. pe new password: passwd: all authentication tokens updated successfully. [root@centos-host usermod -G devs lisa [root@centos-host C]

 

  1. Next, I will make sure that the data directory is owned by user bob and that the group devs and user/group owner has full permissions but others should not have any access.

 

[root@centos - host [root@centos - host [ root@centos - host [ root@centos - host -host [root@centos usermod -G devs lisa chown bob :devs /data a-mod 770 /data setfacl -m g: aånins:rwx /data

 

  1. Next, I will make sure that all users under admins group can run all commands with sudo and without entering any password. At the end of the file I added "%admins ALL=(ALL) NOPASSWD:ALL"
*admins NOPASSWD:ALL
  1. Next, I will ensure that all users under devs group can only run the dns command with sudo without entering any password

 

  1. Next, I will configure a resource limit for the devs group so that the group - members of the group - can not run more than 30 processes in their session. There should be a hard limit and a soft limit written in a single line. At the end of the file I added "@devs            -   nproc       30"

 

  1. Lastly, I will edit the disk quote for the group called devs. I will limit the amount of storage space it can use and set a soft limit of 100MB and a hard limit of 500MB on /data partition. In order to do this I have to determine the device path for data. Then I will set the quote on the device

 

Previous

network security and python software engineer

Next

SIEM in Azure

CS

Pages
PortfolioResume
Contact
Linkedinjelani.bobcombe@gmail.com
© 2023 All rights reserved.
Cookies Settings