This is more of a permissions and security chapter.
First off are file permissions. Executable, sticky bits, etc. Interesting that you cannot set umask to create executable files by default. The parts I’ll need to remember are the various special values. SUID==4, SGID==2, and the sticky bit==1. Of course it’s easier to just run chmod u+s file, chmod g+s, or chmod o+t for the three special values.
SELinux will be the big study part as it’s listed as being pretty pervasive in the test. Per the book, he doesn’t think you can pass the test without knowledge of SELinux.
But the file permissions and tools are pretty common and reasonably well known to a working sysadmin.
The chattr command (and lsattr) could really cause problems with documented procedures. If during a process you find a file can’t be copied or edited, even as root, you may be stymied until you figure it out. It needs to be added to the processes.
Hmm, Access Control Lists need the file system mounted with the acl option. Lots of nice bits with ACLs including letting just one person or group have access to a file or directory. Standard permissions apply too though. If a directory is 700, even if a file is ACLd to permit editing by account, if it can’t get into the directory, it can’t view the file. You can add an ACL to the directory to permit just the user access to the directory. And deny access by passing ‘—‘ to chattr for the user.