Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
RHCSA - Create & Configure File Systems: Diagnose & Correct File Permission Problems
How to list and set file and directory permissions, is covered in a previous lesson: List, Set & change Standard ugo/rwx Permissions.
There are however a few things still left to discuss that fit into t current objective, namely:
chowncommand: Change file owner and group.chgrpcommand: Change file group only.mountoptions: Has a file system been mounted with appropriate permissions.
Lesson Setup
To actively participate in the exercises, make sure to attach an additional empty disk to your system. While the exercises assume that the additional disk is 1G in size, feel free to use whatever disk size is available to you.
Do not use a disk with data on as following the exercises will mean that data will be deleted.
Once the disk is attached, you should be able to see it by running the lsblk command, which in this example shows as the sdb device:
After rebooting, the disk may not retain the same device name, making it essential to always run lsblk to verify that you are working with the correct disk.
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 600M 0 part /boot/efi
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 17G 0 part
├─os_vg-root 253:0 0 15G 0 lvm /
└─os_vg-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 1G 0 disk
You will now create and mount a partition using the /dev/sdb device, followed by creating two users which we will call perms_user1 & perms_user2:
Wipe the /dev/sdb disk clean if it has been used in previous lesson:
sudo wipefs --all /dev/sdb*
sudo dd if=/dev/zero of=/dev/sdb bs=1M
sudo sed -i '/\/dev\/sdb/d' /etc/lvm/devices/system.devices
Create and mount a 100MB partition:
sudo parted -s /dev/sdb mklabel gpt mkpart ext4 0% 100MB
sudo mkfs.ext4 /dev/sdb1
sudo mkdir -pv /mnt/options
sudo e2label /dev/sdb1 mount_options
echo 'LABEL=mount_options /mnt/options ext4 ro,noexec,defaults 0 0' | sudo tee -a /etc/fstab
sudo systemctl daemon-reload
sudo mount -L mount_options
Confirm the partition is mounted:
df -h /mnt/options
Filesystem Size Used Avail Use% Mounted on
/dev/sdb1 83M 14K 76M 1% /mnt/options
Create user perms_user1:
Create users:
sudo useradd perms_user
chown & chgrp Commands
Both the chown and chgrp commands are used to change the ownership of files and directories. They can assist in resolving file permission issues by allowing you to grant appropriate ownership to users and groups.
You typically need to be root or use sudo to run these commands.
chown
The chown command is used to change the ownership of files and directories. It allows you to transfer ownership from one user to another. This is useful when you need to give ownership of a file to a specific user, especially if that user requires access to the file for reading, writing, or executing.
When specifying group ownership, the group follows either a colon : or period .. Before the colon or period the user owner can be omitted if you do not intend for that to change, for example chown current_owner:new_group file is the same as chown :new_group file.
Change user owner of a file:
Create a file as root:
sudo touch /tmp/chown.owner
Confirm root is the user and group owner:
ls -l /tmp/chown.owner
Output should show:
-rw-r--r--. 1 root root 0 Aug 9 08:28 /tmp/chown.owner
Change the owner of the file to perms_user1:
sudo chown -v perms_user1 /tmp/chown.owner
Command output shows the ownership change working as expected:
changed ownership of '/tmp/chown.owner' from root to perms_user1
Change group owner of a file:
Create a file as root:
sudo touch /tmp/chown.group
Confirm root is the user and group owner:
ls -l /tmp/chown.group
Output should show:
-rw-r--r--. 1 root root 0 Aug 9 08:33 /tmp/chown.group
Change the group of the file to perms_user1:
sudo chown -v :perms_user1 /tmp/chown.group
Command output shows the ownership change working as expected, where only the group has changed.
changed ownership of '/tmp/chown.group' from root:root to :perms_user1
Change both user and group owner of a file:
Create a file as root:
sudo touch /tmp/chown.user_group
Confirm root is the user and group owner:
ls -l /tmp/chown.user_group
Output should show:
-rw-r--r--. 1 root root 0 Aug 9 08:39 /tmp/chown.user_group
Change the user and group of the file to perms_user1:
sudo chown -v perms_user1:perms_user1 /tmp/chown.user_group
Command output shows the ownership change working as expected.
changed ownership of '/tmp/chown.user_group' from root:root to perms_user1:perms_user1
chgrp
The chgrp command is used to change the group ownership of files and directories. It allows you to transfer group ownership from one group to another. This is helpful when you want to ensure that a specific group has the necessary permissions on a file or directory.
Change group owner of a file:
Create a file as root:
sudo touch /tmp/chgrp.group
Confirm root is the group owner:
ls -l /tmp/chgrp.group
Output should show:
-rw-r--r--. 1 root root 0 Aug 9 08:42 /tmp/chgrp.group
Change the group of the file to perms_user1:
sudo chgrp -v perms_user1 /tmp/chgrp.group
Command output shows the ownership change working as expected:
changed group of '/tmp/chgrp.group' from root to perms_user1
Mount Options
There may be scenarios where permission issues are caused by mount options. An example may be that someone has set the noexec mount option by mistake against a filesystem. The noexec option stops direct execution of any binaries or scripts on the mounted filesystem.
The mount options for a filesystem may have also been set to read only (ro), instead of read write (rw), preventing users from being able to write to a filesystem.
The exercise below will show you how to diagnose these types of problems by displaying what mount options have been applied to a filesystem. You will also learn how to remount with new options applied:
Diagnose and change mount options for /mnt/options filesystem:
Check what mount options are applied:
mount | grep '/mnt/options'
This should show ro,noexec,relatime,seclabel as being active. The ro means the filesystem is read-only and the noexec means you can not execute binaries or scripts:
/dev/sdb1 on /mnt/options type ext4 (ro,noexec,relatime,seclabel)
Attempt to write a file to the filesystem:
sudo touch /mnt/options/file.txt
Even when using sudo you cannot write to the filesystem:
touch: cannot touch '/mnt/options/file.txt': Read-only file system
Remount the filesystem with rw option:
sudo mount -o remount,rw /mnt/options
Now you can write a file:
sudo touch /mnt/options/file.txt
This time there was no error presented when creating the file.
Create a script that you want to execute:
echo 'echo I executed!' | sudo tee /mnt/options/script.sh
sudo chmod +x /mnt/options/script.sh
Now execute the script:
sudo /mnt/options/script.sh
You will receive a permission denied message:
sudo: unable to execute /mnt/options/script.sh: Permission denied
The denied message is due to the noexec option on the filesystem, so remount the filesystem with exec enabled:
sudo mount -o remount,exec /mnt/options
Attempt to run the script again:
sudo /mnt/options/script.sh
Success, the script executed and printed:
I executed!
In the exercise you diagnosed and changed mount options, but the changes were temporary. If there is a filesystem option that is a applied that you do not want to be present at boot time, then you must ensure to either remove or set the desired option in the /etc/fstab file. See lesson Mount File Systems at Boot Time for details.
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.