Linux Ch. 22 Investigating User Issues
7. Sarah, a system administrator, attempts to create a file and receives an error message indicating the file cannot be created. Which of the following might be the problem? (Choose all that apply.) A. The filesystem on which she is attempting to create the file has quotas set, and she is past her quota and grace period. B. The filesystem on which she is attempting to create the file has run out of space. C. The file that she is attempting to create has the immutable bit set and therefore cannot be created. D. The action is triggering either a SELinux or an AppArmor policy violation. E. The filesystem is experiencing inode exhaustion and therefore cannot accommodate any new files.
A, B, D, E. A file with an immutable bit cannot be deleted, and thus option C is the only incorrect choice.
5. Tarissa needs to run a shell script, which has the permissions of rwxr--r--, is owned by root, and belongs to the wheel group. Tarissa's user account is T2T1000, and she is a member of the admin group. What can be done to allow her to run this script? (Choose all that apply.) A. Add Tarissa to the wheel group. B. Create a new account for Tarissa named wheel. C. Add w to the script file's group permissions. D. Add x to the script file's group permissions. E. Nothing. Tarissa can run the script now.
A, D. From the choices listed, to allow Tarissa to run the script, add her to the wheel group and add execute (x) to the shell script file's permissions. Thus, options A and D are the correct answers.
10. Mark Watney, a system administrator, has his account, MW2015, modified by a new system admin intern. When Mark logs into the system and tries to group a list of commands, it no longer works. No one else is having this problem. He suspects his account's default shell has been changed from /bin/bash to /bin/tcsh. Which of the following will help determine if his suspicion is correct? (Choose all that apply.) A. cat /etc/profile B. echo $SHELL C. sudo grep tcsh$ /etc/passwd D. sudo getent shadow MW2015 E. sudo getent passwd MW2015
B, C, E. The echo $SHELL command will show Mark his current shell. Though it could be a modified environment variable, this will help to determine if his default shell has been changed. Thus, option B is a correct answer. The sudo grep tcsh$ /etc/passwd command will display any /etc/passwd file records that have /bin/tcsh as their default shell, including Mark's. Thus, option C is a correct answer too. The sudo getent passwd MW2015 command will show Mark's account's password file setting, including its default shell. Therefore, option E is also a correct answer.
6. Miles needs to change his present working directory to the /home/miles directory. He does not own the directory, nor is he a member of its group. Assuming needed parent directory permissions are set, what needs to take place for this to successfully occur? A. Nothing. The /home/miles directory is Miles's home directory, so he can access it by default. B. The execute (x) permission needs to be added. C. The write (w) permission needs to be added. D. The read (r) permission needs to be added. E. The dash (-) permission needs to be added.
B. For Miles to change his present working directory to /home/miles, the other section must have the execute (x) permission. Therefore, option B is the correct answer.
3. Vincent is attempting to remotely log into the system using OpenSSH without success. He asks you what he can do to help troubleshoot this problem. What should you recommend first? A. Check the /etc/ssh/sshd_config configuration file. B. Add the -vvv option on to Vincent's ssh command. C. Add the -X option onto Vincent's ssh command. D. Confirm Vincent's public key is stored in the ~/.ssh/authorized_keys file. E. Check the ~/.ssh/config configuration file.
B. To enlist Vincent's help, have him add the -vvv option on to his ssh command. This will provide a great deal of information that will assist you as you track down the problem. Therefore, option B is the correct answer.
1. Lamar, a contractor, claims he cannot log into his account locally. He was able to do so yesterday. No one else seems to be having problems accessing the system. What should you check first? A. Check if GUI services are running via the systemctl command. B. Look at the OpenSSH server configuration files. C. Determine if his account is expired via the chage command. D. See if the account is locked via the faillock utility. E. Check for policy violations in the SELinux log files.
C. Since Lamar is a contractor, his account should have an expiration date set. Thus, the first thing to check for his particular local access problem is whether or not the account has expired. Option C is the correct answer.
4. Anton is struggling to determine why a particular user cannot log into a CentOS system, where SELinux is disabled and auditd is not used. Which of the following are the best log files to peruse? (Choose two.) A. /var/log/audit/audit.log B. /var/log/messages C. /var/log/auth D. /var/log/secure E. /var/log/lastlog
D, E. The best log files for Anton to peruse in this situation are /var/log/secure and /var/log/lastlog via the lastlog command. Therefore, options D and E are the correct answers.
9. Melissa wants to set her default editor to the vim editor and wants this to stay set when she enters a subshell. What should she do? A. Put EDITOR='vim' in the /etc/profile file. B. Put export EDITOR='vim' in the /etc/profile file. C. Put EDITOR='vim' in her ~/.profile file. D. Put export EDITOR='vim' in her ~/.profile file. E. Put export EDITOR='vim' in her ~/. bash.bashrc file.
D. When the export EDITOR='vim' line is put in her ~/.profile file, the default editor will be set to the vim editor for Melissa. It will also stay set when she enters a subshell. Thus, option D is the correct answer.
2. Irene normally logs into the system locally via the tty4 terminal but cannot today. She tries her authentication at the tty3 terminal and logs in successfully. What should you check first? A. Determine if getty services are running via the systemctl command. B. Review access rules in the /etc/security/access.conf file. C. See if the account is locked via the passwd -S command. D. Use the last command to see when she last logged in. E. Check if the tty4 device file is corrupt via the ls -l command.
E. Since Irene normally logs into the system via the tty4 terminal and is having trouble today but can log in via the tty3 terminal, the first thing to check is whether or not the tty4 device file is corrupt. Therefore, option E is the correct answer.
8. A user cannot delete one of her files but is able to delete other files in her directory. John, a system admin, is attempting to troubleshoot this issue. What command should he use first on the file? A. chow B. chattr C. chmod D. umask E. lsattr
E. The lsattr command used on the file will display whether or not the immutable bit is set. If this bit is set, the user cannot delete the file until it is removed. Therefore, option E is the correct answer.
Describe various file problems/solutions
File access and management requires understanding of basic file and directory permissions as well as ownership and group membership. Additional system items to review include filesystem quotas, disk space, inode use, and umask settings. Check the kernel security module log files for policy violations as well. If a user cannot delete a file, look for the immutable bit set on the file.
Summarize user access problems/solutions
For impeded local access, research corrupt terminal files, improperly configured GUI components, and expired passwords/accounts. Remote access problems are often caused by misconfigured OpenSSH components or remote desktop applications. Other issues can involve layered authentication software such as PAM or a system's kernel security module, such as SELinux or AppArmor.
Explain user environment and shell issues.
Improperly configured environment variables or ones that are not exported will cause user problems. Examine the various environment files, both global and user, for issues. Difficulties may also arise from the user account's default shell setting.