After conducting a security audit within the Stratos DC, the Nautilus security team discovered misconfigured permissions on critical files. To address this, corrective actions are being taken by the production support team. Specifically, the file named /etc/hosts on Nautilus App 1 server requires adjustments to its Access Control Lists (ACLs) as follows:
-
The file's user owner and group owner should be set to root.
-
Others should possess read only permissions on the file.
-
User kirsty must not have any permissions on the file.
-
User jerome should be granted read only permission on the file.
Log in to the server as the user tony:
ssh tony@stapp01sudo suVerify the current ACLs on /etc/hosts:
getfacl /etc/hosts-
Output Example:
getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- group::r-- other::r--
chown root:root /etc/hosts id kristy
# id: ‘kristy’: no such user
useradd kirsty-
Remove All Permissions for
kirsty:setfacl -m u:kirsty:0 /etc/hosts
-
Grant Read-Only Permissions to
jerome:setfacl -m u:jerome:r /etc/hosts
getfacl /etc/hosts-
Expected Output:
getfacl: Removing leading '/' from absolute path names # file: etc/hosts # owner: root # group: root user::rw- user:jerome:r-- user:kirsty:--- group::r-- mask::r-- other::r--