q.

Creating Users and Modifying Passwords Using useradd and passwd

 Creating New Users:

o In this step, I used the useradd command to create two new user
accounts, user3 and user4. The useradd command adds the specified users to the
system, creating their home directories and initializing necessary configuration files,
making them ready for system access.

 Setting User Passwords:

o After creating the user accounts, I used the passwd command to set passwords for
both user3 and user4. The passwd command is used to assign secure passwords for
each user, ensuring their accounts are protected and accessible only by authorized
individuals.
Viewing User Information and Modifying User Groups Using cat, usermod, and groups

 Viewing User Information:

o To examine the user details, I used the cat /etc/passwd command. This command
displays the contents of the /etc/passwd file, which contains user account
information such as usernames, user IDs, group IDs, home directories, and login
shells. The output confirmed the presence of the newly created users along with
their default settings.

 Changing the Primary Group of Users:

o I then used the usermod -g group1 user3 command to change the primary group
of user3 to group1. Similarly, I executed the command usermod -g group2 user4 to
set group2 as the primary group for user4. The usermod command allows
modification of user account properties, including group associations, ensuring that
each user is assigned the correct primary group.

 Adding Additional Groups to Users:

o Next, I added supplementary groups to both users. For user4, I added group1 as an
additional group, while for user3, I assigned group2 as an additional group. This was
achieved by using the usermod -aG command, which appends the specified group
memberships to the users without removing any existing group associations. Adding
 users to multiple groups provides them with the necessary permissions for different
system resources.

Viewing Group Information Using cat /etc/group

 Viewing Group Details:

o To examine the group information on the system, I used the cat

/etc/group command. This command displays the contents of the /etc/group file,
which contains details about the groups on the system, including group names,
group IDs (GIDs), and the users associated with each group. The output confirmed
that the groups (group1 and group2) were correctly listed along with their associated
users, providing a clear overview of the group membership configuration.
Viewing Shadow File Information Using cat /etc/shadow

 Viewing User Account Security Details:

o To inspect the security-related information for user accounts, I used the cat
/etc/shadow command. This command displays the contents of the /etc/shadow file,
which contains encrypted password information, account expiration details, and
other security settings for each user. The output confirmed the presence of the user
accounts (user3 and user4) along with their password hashes and related security
settings, ensuring that the system's password management and security policies are
correctly configured.

Verifying User Group Memberships Using id Command

 Verifying Primary and Secondary Groups:

o To verify the group memberships for user3 and user4, I used the id command for
each user (id user3 and id user4). This command displays the user's unique ID (UID),
primary group ID (GID), and the list of all groups the user is a member of. The output
confirmed that user3's primary group is group1, and user4's primary group
is group2, along with their respective secondary group memberships, ensuring that
the group modifications were successfully applied.
q.2

File Creation:

 Two new files, file1 and file2, were created to demonstrate file ownership and permission
changes.

Permission Inspection:

 The ls -l command was used to view the initial file permissions for file1 and file2. This
command displays file permissions, ownership, and other details.

Ownership Modification:

 The ownership of each file was modified using the chown command:

o Ownership of file1 was assigned to user1 and the group group1.

o Ownership of file2 was assigned to user2 and the group group2.

 These changes were verified using the ls -l command to confirm that the ownership updates
were successfully applied.

Changing File Permissions and Adding Special Bits

 Permission Modification:

o The file permissions for file1 and file2 were altered using the chmod command to
control access rights:

 For file1:

 The permissions were set to 770, providing:

  Read (r), write (w), and execute (x) permissions to the owner
and the group.

 No permissions for others.

 For file2:

 The permissions were set to 750, providing:

 Read (r), write (w), and execute (x) permissions to the

owner.

 Read (r) and execute (x) permissions to the group.

 No permissions for others.

o These changes were verified using the ls -l command to ensure the correct
permission settings were applied.

 Adding Special Bits:

o Special file attributes were added to enhance security and functionality:

 For file1:

 The Set User ID (SUID) bit was added. This allows users executing the
file to temporarily inherit the file owner's privileges.

 For file2:

 The Sticky Bit was applied. This restricts file deletion within a
directory to only the file owner, even if others have write
permissions.

o The modifications were verified again using the ls -l command, confirming the
presence of the special bits:

 The SUID bit is denoted by an s in the owner's execute permission position

(rws).

 The Sticky Bit is indicated by a t in the others' execute permission position

(rwxr-x--T).
Ques 3

Managing Access Control Lists (ACLs) for Files

 Viewing Initial ACLs:

o The getfacl command was used to inspect the current Access Control List (ACL)
of testfile.

 This command displays detailed information about file permissions,

including additional user-specific or group-specific access rights.

 Modifying ACLs:

o The setfacl command was employed to assign specific permissions to a user:

 For user1:

 Permissions were set to rw (read and write) on testfile. This

allows user1 to view and modify the contents of the file.

 Verification of Changes:

o The getfacl command was executed again to verify that the new ACL settings had
been successfully applied.

 The output confirmed that user1 was explicitly granted read and write
permissions.

Using chattr +i to Modify File Attributes

 Applying Immutable Attribute:

o The chattr command was used with the +i flag on file1 to make it immutable:
  Effect of the Immutable Attribute:

 Once the immutable attribute is set, the file cannot be modified,

deleted, or renamed, even by the file owner or root user.

o The changes were verified using the lsattr command:

 The output confirmed that the immutable attribute (i) was successfully
applied to file1.

 Testing the Immutable Attribute:

o An attempt was made to write data to file1 using the echo command:

o The operation failed, and a "Permission denied" error was returned.

 This behavior demonstrates that the immutable attribute effectively

prevents any changes to the file content.

Using chattr +a to Modify File Attributes

 Applying the Append-Only Attribute:

o The chattr command was used with the +a flag on file4 to make it append-only:

 Effect of the Append-Only Attribute:

 Once the append-only attribute is applied, data can only be added

(appended) to the file.

 Overwriting, modifying, or deleting existing content is restricted,

even for the file owner or root user.

o The changes were verified using the lsattr command:

 The output confirmed that the append-only attribute (a) was successfully
applied to file4.

 Testing the Append-Only Attribute:

o An attempt was made to append data to file4 using the echo command:

 The operation succeeded, as appending data is allowed under

the +a attribute.
o An attempt was then made to overwrite the content of file4:

 This operation failed, confirming that the append-only attribute prevents

overwriting existing content.