Part of my Cloud Support Engineering portfolio, demonstrating Linux user and group administration, access control, file permissions, and troubleshooting through a realistic support scenario.
Status: Complete
Scenario: An operations team needed a secure shared directory — team members required access to shared documentation while unauthorized users needed to be locked out.
Solution: Created a dedicated user and group, applied least-privilege permissions, diagnosed a parent-directory access issue, and relocated resources to /srv/cloudsupport following Linux filesystem standards.
Skills: Linux user & group administration · Ownership & permissions · Least privilege · Root cause troubleshooting · Technical documentation
Tools: Ubuntu (WSL2) · Bash · Git · GitHub
A Cloud Support Engineer needs to configure a secure shared project directory for an operations team. Team members require access to shared documentation while preventing unauthorized users from viewing or modifying sensitive files.
The solution uses Linux users, groups, ownership, and permissions while following the principle of least privilege and Linux filesystem best practices.
- Created a Linux user (
alex) and a shared group (cloudsupport) - Configured a shared project directory with secure group ownership
- Applied least-privilege permissions using
chmodandchgrp - Investigated and resolved an access issue caused by parent directory permissions
- Relocated shared resources to
/srv/cloudsupportfollowing Linux filesystem standards - Verified access using a secondary user account
sudo groupadd cloudsupport
sudo useradd -m alex
sudo passwd alex
chgrp cloudsupport /srv/cloudsupport
chmod 770 /srv/cloudsupport
sudo -u alex ls -l /srv/cloudsupport/project-filesThe solution was verified by testing access from multiple user accounts and confirming that only authorized users could access the shared project directory.
uid=1001(alex)
groups=1002(alex),1001(cloudsupport)
drwxrwx--- root cloudsupport project-files
-rw-rw---- gabby cloudsupport project-plan.txt
| Test | Result |
|---|---|
| Linux user created | Passed |
| Linux group created | Passed |
| User added to shared group | Passed |
| Ownership configured | Passed |
| Permissions configured | Passed |
Access verified using alex |
Passed |
| Unauthorized access prevented | Passed |
- Ubuntu 26.04 LTS (WSL2)
- Bash
- Git
- GitHub
- Visual Studio Code
This project reinforced that Linux access depends on both file permissions and group membership. During troubleshooting, I discovered that correct file permissions alone were insufficient because execute permission is required on every parent directory in the path.
Rather than weakening the security of a user's home directory, I relocated the shared resources to /srv/cloudsupport, following Linux filesystem best practices for shared service resources.
- Configure SetGID for automatic group inheritance
- Implement POSIX Access Control Lists (ACLs)
- Automate user and group provisioning with Bash
- Deploy the solution on an AWS EC2 Linux instance
Gabriell Bedoy Cloud Support Engineer candidate building hands-on experience with Linux, AWS, networking, and cloud infrastructure.
GitHub: https://github.com/GabbyCloudSec


