OPS105 Fall 2025 Project

• run in full screen after it boots and user has logged in to the desktop.
• have Internet access only when gateway VM is running and configured to route traffic to the internal network.

Create a file sharing server for users on this network. Create three users: alice, bob, and cyan in addition to your MySeneca-named user. So there are four users, not including root, on all three VMs in this network.

Create three groups: attack, defend, and opsec which are team names used in attack, defend, and opsec strategies commonly found at capture the flag events. The MySeneca-named user is a member in all three groups. Users alice, bob, and cyan each belong to two groups: their own and their team (attack, defend, or opsec). User alice is a member of groups: alice and attack. User bob is a member of groups: bob and defend. User cyan a member of groups: cyan and opsec. MySeneca-named user is a member of MySeneca-named group and a member of groups: attack, defend, and opsec.

Login as each user on all three VMs. Configure ssh server on gateway so users: alice, bob, cyan, and MySeneca-named user can upload files to and download files from the /pub directory on gateway.

Login as bob on the gateway and try to read from and write to files that users alice and cyan created in the /pub directory on the gateway. Similarly login to gateway as cyan, alice, and as MySeneca-named user and try to read from and write to files that others created in the /pub directory.

On gateway verify that users alice, bob, cyan, and MySeneca-named user can meet these requirements:

• Scenario 1: User bob can read but not write to /pub/alice.txt as the file is owned by alice. In this scenario bob and alice can read from but not write to each other's files. Both alice and bob do not want user cyan to read or write to any of their files. User cyan, however, wants to read and write to any file owned by either bob or alice.

• Scenario 2: User alice can write but not read from bob's /pub/bob.txt. In this scenario bob and alice can each write to some of the other's files. Yet neither alice nor bob should not be allowed to read or delete files not owned by them. As described before, users bob and alice allow files to be shared with each other but neither want cyan to read or write to any of their files.

• Scenario 3: User cyan intends to try any and all means to access files created by any user on the server. Configure the file sharing gateway and /pub directory so user cyan cannot read or write to files not owed by cyan. This means user cyan can only read and write to files created by user cyan.

• Scenario 4: As the MySeneca named user is a member in all groups: attack, defend, and opsec; MySeneca named user has read and write access to files permitted by groups attack, defend, and opsec.

• Users bob, alice, and MySeneca named user cannot change permissions of files not owned by them. Example: if file /pub/bob.txt is owned by bob then neither alice nor MySeneca named user can change the permissions of bob's /pub/bob.txt.

Go Pro: When available, complete the lab on Bash scripting. Make a copy of your Bash script and call it publish.bash. Modify the newly created script to do the following when publish.bash is called:

• without arguments: display a usage message describing how to call the script and quit.
• called with one argument that is not an existing file: display an error message using the given non-file argument and quit.
• called with one argument that is an existing file copy that file to /pub directory on gateway.
• called with multiple arguments some of which are files: copy those that are files to /pub but show error messages for those that are not files.
• called with multiple arguments all of which are files: copy all files to /pub.

Configure your login shell so $HOME/bin is in the environment variable $PATH when each user logs in. Place publish.bash in $HOME/bin of each user on Ubuntu and Kali VMs. Modify publish.bash to personalize it for that user. For example: after user alice has uploaded a file that is to be shared by user bob and not user cyan, modify the script publish.bash in alice's $HOME/bin to verify that the permissions were set correctly and warn user alice if it isn't.