CST8177 – Assignment 1
Managing File Access
Objectives
Submission
This project requires two submissions:
  1. Gzipped-tar submission to your lab teacher by email. Name the file
    A1-8177-<your-name>.tgz.

Example: A1-8177-Hawking.tgz or
(for a team) A1-8177-Hawking-Turing.tgz.
You can combine gzip with tar by using the tar command czf to create the file, or separately create the tar file with cf and then use gzip. Be careful with file extensions.
Note: If the naming convention is not followed, this part of the submission will not be considered for marking.
The submission contains the following files from your Linux system:
  1. Paper-based submission in your lab teacher's physical dropbox (beside room T324). The submission must be stapled in the top left corner and may not be submitted in an envelope, folder, or equivalent.

The paper submission contains:
find /home/project -ls
tree -pug /home/project
Section A - Planning
Problem description
For this assignment, you will be the system administrator of a fictional company called AlgoTech, a medium-sized software development company. As such, you are in charge of the file server, which is implemented as a Fedora Linux server.
After their yearly review, the executive committee has proposed that some changes be made to allow for proper sharing and protection of information across the different departments of the company.
The company has identified three major user groups:
  1. The Manager group (henceforth called mgmt): this group ensures that the timelines and budgetary constraints of the projects are observed.
  2. The Project Leader group (henceforth called pl): this group oversees and administers projects.
  3. The Development group (henceforth called dev): this group is responsible for the actual development (analysis, design & implementation) of the projects.
The executive committee has identified the following document sharing requirements. All files are:
The executive committee, using the information above, has created a preliminary directory tree structure. All the directories listed are located in /home/project: mgmt/secure, mgmt/final, mgmt/approved, dev/prelim, dev/rev, dev/final and share.
Proposed solution
Plan the assignment of ownership (user, group) and permissions (for files and directories) to ensure that the directory tree structure, access rights, and access for each user/group is done to match the criteria listed above.
There may be more than one way to solve the problem.
NOTE: ACLs may NOT be used in this assignment.
You may use the table below, Table #1: Planning directory access, to determine the rights you will need to assign for each directory: place a check mark.
You may use the table below, Table #2: Planning file access, to determine the rights you will need to assign for each file: place a check mark.

Section B - Implementation and Testing
Implementation
su - mgmt1
echo "management approved text"
> /home/project/mgmt/approved/file.txt
exit su - dev1 ... and so on
Testing
Test your setup. Log in as each user in turn and test the proper access rights to files that user needs access to, and nothing else, by accessing each directory and trying to read and write each file in each directory one at a time. To do this, fill out Sample Table #3: Test Plan for Files as suitably modified to handle all your users.
Develop the Test Plan you will follow, showing for each individual test at least:
Use the script command (it's not a script, nor does it require you to write a script – it's just the name of a command and is short for "typescript", a now-obsolete word) to log all your final test activities for inclusion in your submissions. You may make light editing changes: for example, to clean up the prompts.
Note: All this testing effort may seem time consuming, but it is the only way to ensure that your solution is working properly. This is one of the places you would ordinarily use scripting, to develop a test script to avoid tedious and error-prone manual test entry.
You may create a test script if you wish but it's not a requirement.

Section C - Identifying problems and refining the solution
Identifying problems
Once you have determined proper file access, determine what capabilities users have in the various directories. 
Can users who have read-only access to files in a given directory also create files in that same directory?
Does the owner of a file have to change ownership and/or permissions on every newly-created file?
Note: It is most effective to keep default permissions (based on umask) whenever possible: when a user creates a file the default file permissions (as set by the user's umask) should be sufficient. You can require a certain umask setting for each user of the system.
A user should only be able to delete their own files in the publicly shared folder share.
Refining the solution
Below are samples for Tables 1, 2, and 3.
Not supplied, but required, is a similar testing table to summarize directory testing (what will you do to test reading, writing, and accessing a directory? Answer this and other questions in your paper submission).
Directories
Group mgmt

		


Group pl



Group dev

		
R
W
X
R
W
X
R
mgmt/ secure








mgmt/final








mgmt/ approved








dev/prelim








dev/rev








dev/final








share








Sample Table #1: Planning directory access suggestion

File
Group mgmt

		
Group pl


Group dev


others

		
R
W
R
W
R
W
R
mgmt/secure/
text-file.ms








mgmt/final/
text-file.mf








mgmt/approved
text-file.ma








dev/prelim/
text-file.dp








dev/rev/
text-file.dr








dev/final
text-file.df








share/text-file








Sample Table #2: Planning file access suggestion
Files
User mgmt2

		
User pl2

		
User dev2

		
Other users

		
Write (echo)
Read (cat)
Write (echo)
Read (cat)
Write (echo)
Read (cat)
Write (echo)
mgmt/secure/
text-file.ms








mgmt/final/
text-file.mf








mgmt/approved
text-file.ma








dev/prelim/
text-file.dp








dev/rev/
text-file.dr








dev/final
text-file.df








share/text-file








Sample Table #3: Testing suggestion for files