nerdexam
CompTIA

XK0-004 · Question #83

Two specific users need access to a directory owned by root where backups are located. Which of the following commands would BEST ensure the specified users can access the backup files?

The correct answer is D. setfacl. When two specific users need access to a root-owned directory without altering group membership or general permissions, setfacl is the best tool because it supports named per-user ACL entries.

Security

Question

Two specific users need access to a directory owned by root where backups are located. Which of the following commands would BEST ensure the specified users can access the backup files?

Options

  • Aumask
  • Bchcon
  • Cchmod
  • Dsetfacl

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    9% (3)
  • C
    6% (2)
  • D
    81% (26)

Why each option

When two specific users need access to a root-owned directory without altering group membership or general permissions, setfacl is the best tool because it supports named per-user ACL entries.

Aumask

umask controls the default permission bits subtracted when new files and directories are created and cannot grant access to an existing resource.

Bchcon

chcon modifies the SELinux security context label of a file, which affects mandatory access control policy, not traditional discretionary per-user file permissions.

Cchmod

chmod can only set permissions for the owner, a single group, and all others, so it cannot target two specific users without restructuring group assignments.

DsetfaclCorrect

setfacl (set file access control list) allows an administrator to create discrete permission entries for specific named users on any file or directory, operating independently of the traditional owner/group/other permission model. A command such as 'setfacl -m u:username:rwx /backup' grants exactly the required access without modifying the directory's ownership or exposing it to other users. This is the only listed tool that natively targets individual users by name.

Concept tested: Granting per-user directory access using setfacl

Source: https://man7.org/linux/man-pages/man1/setfacl.1.html

Topics

#ACL#setfacl#file permissions#access control

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice