feat: a2

.gitignore

@@ -2,3 +2,5 @@
 sheet01/a2/Hash.java
 *.class
 passwd
+sheet04/AuthWithTOTP.java
+sheet04/key-exchange.pcap

sheet05/a1/create_user.sh

@@ -1,3 +1,3 @@
 #!/bin/bash
 # $1 = username, $2 = comma-separated groups
-useradd -G "$2" -m -s /bin/bash "$1" || usermod -aG "$2" "$1"
+useradd -G "$2" "$1" || usermod -aG "$2" "$1"

sheet05/a2/archive.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+TARGET_DIR=$1
+chmod -R a-w "$TARGET_DIR"

sheet05/a2/create_user.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+USERNAME=$1
+GROUPS=$2
+useradd -G "$GROUPS" "$USERNAME" || usermod -aG "$GROUPS" "$USERNAME"

sheet05/a2/explanation.txt

@@ -0,0 +1,3 @@
+The supervisor's read access would fail with UNIX permissions, since they are limited to one owner, one group, and "others". 
+Access Control Lists (ACLs) resolve this problem by allowing permissions beyond the standard three. 
+Using `setfacl`, we can append specific read and execute rights (r-x) for individual users (the supervisors) directly to the files and directories.

sheet05/a2/supervisor.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+SUPERVISOR=$1
+# Grant read and execute permissions to the supervisor user recursively
+setfacl -R -m u:"$SUPERVISOR":r-x .
+# Set the default ACL
+setfacl -R -d -m u:"$SUPERVISOR":r-x .