Chapter 7 Review Questions
1. When a user account has been locked using the usermod -L command, you will see what in the /etc/shadow file's record for that user? A. An x in the password field B. An !! in the password field C. A blank password field D. A zero (0) at the front of the password field E. An ! at the front of the password field
1. E. When the usermod -L username command is used, the username record in the /etc/shadow file has its password field modified. An exclamation point (!) is placed in front of the password, making the password inoperable and thus locking the account. Therefore, option E is correct. An x exists in the /etc/passwd file's records' password field, if the /etc/shadow file is used for passwords (which it should be) and does not indicate a locked account. Therefore, option A is incorrect. Option B is only true when an account has not yet had a password set. Therefore, option B is incorrect. Option C is also incorrect. You would never have a blank password field for a user account's /etc/shadow record, unless the file had been incorrectly manually modified. Manual modifications of the /etc/shadow files are never recommended. A user record could have a zero (0) as the first character in their password field, but this would be due to the password being hashed, not locked. Therefore, option D is incorrect.
9. Which of the following configuration files does the logrotate program consult for its settings? A. /etc/logrotate.conf B. /usr/sbin/logrotate/logrotate.conf C. /usr/src/logrotate/logrotate.conf D. /etc/logrotate/.conf E. ~/.logrotate
9. A. The logrotate program consults a configuration file called /etc/logrotate.conf (option A), which includes several default settings and typically refers to files in /etc/ logrotate.d to handle specific log files. The remaining options are all fictitious, at least as working log files for logrotate.
10. You want to create a log file entry noting that you're manually shutting down the system to add a new network card. How might you create this log entry, just prior to using shutdown? A. dmesg -l "shutting down to add network card" B. syslog shutting down to add network card C. rsyslogd "shutting down to add network card" D. logger shutting down to add network card E. wall "shutting down to add network card"
10. D. The logger utility can be used to create a one-time log file entry that you specify. In its simplest form, it takes no special arguments, just a message to be inserted in the log file, as in option D. The dmesg utility in option A is used to review the kernel ring buffer; it doesn't create log file entries. Option B's syslog command isn't a Linux usermode command, although it is the name of the logging system generically as well as a programming language command name. Option C's rsyslogd is the name of one of several system logging daemons; it maintains the system log, but isn't used to manually insert log entries. Option E's wall command writes a message to all users logged into virtual console terminals. It won't create a log file entry as the question requires and is not installed on all distributions.
11. Your manager has asked that you configure logrotate to run on a regular, unattended basis. What utility/feature should you configure to make this possible? A. at B. logrotate.d C. cron D. inittab E. ntpd
11. C. The logrotate program can be started automatically—and unattended—on a regular basis by adding an entry for it in cron, so option C is correct. The at utility (option A) would be used if you wanted the program to run only once. Option B, logrotate.d, is a file stored in the /etc directory, which defines how the program is to handle specific log files. The inittab file (option D) is used for services and startup and not for individual programs. The ntpd program (option E) is the Network Time Protocol daemon, which synchronizes the system's clock with outside time sources.
12. You've set your system (software) clock on a Linux computer to the correct time, and now you want to set the hardware clock to match. What command might you type to accomplish this goal? A. date --sethwclock B. ntpdate C. sysclock --tohc D. time --set -hw E. hwclock --systohc
12. E. The hwclock utility is used to view or set the hardware clock. The --systohc sets the hardware clock based on the current value of the software clock, thus option E is correct. Option A's date utility can be used to set the software clock but not the hardware clock; it has no --sethwclock option. Option B's ntpdate is used to set the software clock to the time maintained by an NTP server; it doesn't directly set the hardware clock. Option C's sysclock utility is fictitious. Option D's time command is used to time how long a command takes to complete; it has no --set or --hw option and does not set the hardware clock.
13. As root, you type date 12110710. What will be the effect? A. The software clock will be set to 7:10 a.m. on December 11 of the current year. B. The software clock will be set to 12:11 p.m. on October 7 of the current year. C. The software clock will be set to 7:10 a.m. on November 12 of the current year. D. The software clock will be set to 12:11 p.m. on July 10 of the current year. E. The software clock will be set to July 10 in the year 1211.
13. A. The format of the date command's date code is [MMDDhhmm[[CC]YY][.ss]]. Given that the question specified an eight-digit code, this means that the ordering of the items, in two-digit blocks, is month-day-hour-minute. Option A correctly parses this order, whereas options B, C, D, and E do not.
14. What will be the effect of a computer having the following two lines in /etc/ntp.conf? server pool.ntp.org server tardis.example.org A. The local computer's NTP server will poll a server in the public NTP server pool; the first server option overrides subsequent server options. B. The local computer's NTP server will poll the tardis.example.org time server; the last server option overrides earlier server options. C. The local computer's NTP server will poll both a server in the public NTP server pool and the server at tardis.example.org and use whichever site provides the cleanest time data. D. The local computer's NTP server will refuse to run because of a malformed server specification in /etc/ntp.conf. E. The local computer's NTP server will poll a computer in the public NTP server pool but will fall back on tardis.example.org if and only if the public pool server is down.
14. C. Multiple server entries in /etc/ntp.conf tell the system to poll all of the named servers and to use whichever one provides the best time data. Thus option C is correct. (The pool.ntp.org subdomain and numbered computers within that subdomain give round-robin access to a variety of public time servers.) Options A and B both incorrectly state that one server statement overrides another, when in fact this isn't the case. The server statements shown in the question are properly formed. These server entries are properly formed, so option D is incorrect. Although it is true that this configuration will result in use of tardis.example.com should the public-pool server be unavailable, as option E states, this is not the only reason the NTP server will use tardis.example.com; this could happen if the public-pool server provides an inferior time signal, for instance. Thus option E is incorrect.
15. You've configured one computer (gateway.pangaea.edu) on your five-computer network as an NTP server that obtains its time signal from ntp.example.com. What computer(s) should your network's other computers use as their time source(s)? A. You should consult a public NTP server list to locate the best server for you. B. Both gateway.pangaea.edu and ntp.example.com C. Only ntp.example.com D. Only gateway.pangaea.edu E. None. NTP should be used on the Internet, not on small local networks.
15. D. Once you've configured one computer on your network to use an outside time source and run NTP, the rest of your computers should use the first computer as their time reference. This practice reduces the load on the external time servers as well as your own external network traffic. Thus option D is correct. (Very large networks might configure two or three internal time servers that refer to outside servers for redundancy, but this isn't necessary for the small network described in the question.) Option A describes the procedure to locate a time server for the first computer configured (gateway.pangaea.edu) but not for subsequent computers. Although configuring other computers to use ntp.example.com instead of or in addition to gateway.pangaea.edu is possible, doing so will needlessly increase your network traffic and the load on the ntp.example.com server. Thus options B and C are both incorrect. Contrary to option E, NTP is suitable for use on small local networks, and in fact it's very helpful if you use certain protocols, such as Kerberos.
16. Which of the following tasks are most likely to be handled by a cron job? (Select two.) A. Starting an important server when the computer boots B. Finding and deleting old temporary files C. Scripting supervised account creation D. Monitoring disk partition space status and emailing a report E. Sending files to a printer in an orderly manner
16. B, D. The cron utility is a good tool for performing tasks that can be done in an unsupervised manner, such as deleting old temporary files (option B) or checking to see that disk space is not low (option D). Tasks that require interaction or do not occur on a scheduled basis, such as creating accounts (option C), aren't good candidates for cron jobs, which must execute unsupervised and on a schedule. Although a cron job could restart a crashed server, it's not normally used to start a server when the system boots (option A); that's done through system startup scripts or a super server. Sending files to a printer (option E) is generally handled by a print server such as the cupsd daemon.
17. Which of the following lines, if used in a user cron job, will run /usr/local/bin/cleanup twice a day? A. 15 7,19 * * * tbaker /usr/local/bin/cleanup B. 15 7,19 * * * /usr/local/bin/cleanup C. 15 */2 * * * tbaker /usr/local/bin/cleanup D. 15 */2 * * * /usr/local/bin/cleanup E. 2 * * * * /usr/local/bin/cleanup
17. B. User cron jobs don't include a username specification (tbaker in options A and C). The */2 specification for the hour in options C and D causes the job to execute every other hour; the 7,19 specification in options A and B causes it to execute twice a day, on the 7th and 19th hours (in conjunction with the 15 minute specification, that means at 7:15 a.m. and 7:15 p.m.). Thus, option B provides the correct syntax and runs the job twice a day, as the question specifies, whereas options A, C, and D all get something wrong. Option E causes the job to run once an hour, not twice a day.
18. You're installing Linux on a critical business system. Which of the following programs might you want to add to ensure that a daily backup job is handled correctly? A. tempus B. anacron C. crontab D. ntpd E. syslog-ng
18. B. The anacron program is a supplement to cron that helps ensure that log rotation, daily backups, and other traditional cron tasks are handled even when the computer is shut down (and, hence, when cron isn't running) for extended periods of time. This is the program to add to the system to achieve the stated goal, and option B is correct. There is no common Linux utility called tempus, so option A is incorrect. Option C's crontab is the name of a file or program for controlling cron, which is likely to be an unreliable means of log rotation on a laptop computer. The ntpd program (option D) is the NTP daemon, which helps keep the system clock in sync with an external source. Although running ntpd on a laptop computer is possible, it won't directly help with the task of scheduling log rotation. The syslog-ng package is an alternative system log daemon, but this program doesn't help solve the problem of missed daily backups when using standard cron utilities, so option E is incorrect.
19. What do the following commands accomplish? (The administrator presses Ctrl+D after typing the second command.) # at teatime at> /usr/local/bin/system-maintenance A. Nothing; these commands aren't valid. B. Nothing; teatime isn't a valid option to at. C. Nothing; you may only type valid bash built-in commands at the at> prompt. D. Nothing; at requires you to pass it the name of a script, which teatime is not. E. The /usr/local/bin/system-maintenance program or script is run at 4:00 p.m.
19. E. The at command runs a specified program at the stated time in the future. This time may be specified in several ways, one of which is teatime, which stands for 4:00 p.m. Thus, option E is correct. The objections stated in options A, B, C, and D are all invalid. (You may pass a script to at with the -f parameter, but this isn't required, contrary to option D.)
2. What commands can be used to add user accounts to a Linux system? A. useradd username B. adduser username C. useradd -c "full name" username D. usradd username E. passwd username
2. A, B, C. The useradd command is used to add user accounts to a Linux system, and therefore option A is correct. The adduser command is available on some Linux distributions, and it also allows you to add user accounts to the system. Thus, option B is correct as well. The useradd command has a valid -c option that allows you to enter comments, such as a user's full name. Therefore, option C is also correct. There is no usradd command, so option D is incorrect. The passwd command cannot add users to the system. Therefore, option E is incorrect.
20. How might you schedule a script to run once a day on a Linux computer? (Select two.) A. Place the script, or a link to it, in /etc/cron.daily. B. Use the at command to schedule the specified script to run on a daily basis at a time of your choosing. C. Create a user cron job that calls the specified script once a day at a time of your choosing, and install that cron job using crontab. D. Use run-parts to schedule the specified script to run on a daily basis. E. Type crontab -d scriptname, where scriptname is the name of your script
20. A, C. The contents of /etc/cron.daily are automatically run on a daily basis in most Linux distributions, and the crontab utility can create user cron jobs that run programs at arbitrary time intervals, so both A and C are correct. The at command noted in option B can be used to run a program a single time, but not on a regular basis (such as daily). Option D's run-parts utility is used by some distributions as a tool to help run programs in the /etc/cron.* subdirectories, but it's not used to schedule jobs. Although the crontab program can maintain user crontabs, it's not used as shown in option E and it has no -d parameter at all.
3. An administrator types chage -M 7 time. What is the effect of this command? A. The time account's password must be changed at least once every seven days. B. All users must change their passwords at least once every seven days. C. All users are permitted to change their passwords at most seven times. D. The time account's age is set to seven months. E. The account database's time stamp is set to seven months ago.
3. A. The chage command changes various account expiration options. The -M parameter sets the maximum number of days for which a password is valid, and in the context of the given command, time is a username. Thus, option A is correct. Options B, C, D, and E are all made up.
4. What is wrong with the following /etc/passwd file entry? sally:x:1029:Sally Jones:/home/myhome:/bin/passwd A. The default shell is set to /bin/passwd, which is an invalid shell. B. The username is invalid. Linux usernames can't be all lowercase letters. C. The home directory doesn't match the username. D. Either the UID or the GID field is missing. E. The hashed password is missing.
4. D. The /etc/passwd entries have third and fourth fields of the UID and the GID, but this line has only one of those fields (which one is intended is impossible to determine); this example line's fourth field is clearly the fifth field of a valid entry. Thus, option D is the correct answer. Option A is incorrect because, although /bin/passwd is an unorthodox login shell, it's perfectly valid. This configuration might be used on, say, a Samba file server or a POP mail server to enable users to change their passwords via SSH without granting login shell access. The sally username is valid and thus, Option B is not a correct answer. You may have usernames that are all lowercase letters. Option C is a correct observation, but an incorrect answer; the username and the user's home directory name need not match. The hashed password is officially stored in the second field, but in practice, most Linux computers place the hashed passwords in the /etc/shadow file. An x value for the password is consistent with this use, so option E is incorrect.
5. You want sally, who is already a member of the Production group, also to be a member of the Development group. What is the best way to accomplish this? A. Use the groupadd Development sally command. B. Use the groupadd Production sally command. C. Manually edit the /etc/group file, and change the Development group's record to Development:501:sally. D. Use the usermod -G Development sally command. E. Use the usermod -a -G Development sally command.
5. E. Option E is the best way to accomplish the task, because it will add sally to the Development group without removing her from any other groups or potentially damaging the /etc/group file. Option A would attempt to add the groups Development and sally to the system, thus it is not even a valid choice. Option B, also not a valid choice, would attempt to add the groups Production and sally. Option C would work, but it is very dangerous to edit an account configuration file manually instead of using account tools. Therefore, option C is not the best choice. Option D would work, but it would remove sally from all of her other groups, including the Production group. Therefore, option D is not the best choice either.
6. What types of files might you expect to find in /etc/skel? (Select three.) A. A copy of the /etc/shadow file B. An empty set of directories to encourage good file management practices C. A README or similar welcome file for new users D. A starting .bashrc file E. The RPM or Debian package management database
6. B, C, D. Files in /etc/skel are copied from this directory to the new users' home directories by certain account-creation tools. Thus, files that you want in all new users' home directories should reside in /etc/skel. Options B, C, and D all describe reasonable possibilities, although none is absolutely required. Including a copy of /etc/ shadow in /etc/skel (option A) would be a very bad idea because this would give all users access to all other users' hashed passwords, at least as of the moment of account creation. You wouldn't likely find package management databases (option E) in /etc/ skel, since users don't need privileged access to this data, nor do they need individualized copies of it.
7. What would a Linux system administrator type to remove the nemo account and its home directory? A. userdel nemo B. userdel -f nemo C. userdel -r nemo D. rm -r /home/nemo E. usermod -D nemo
7. C. The userdel command deletes an account, and the -r option to userdel (option C) causes it to delete the user's home directory and mail spool, thus satisfying the terms of the question. Option A deletes the account but leaves the user's home directory intact. Option B does the same; the -f option forces account deletion and file removal under some circumstances, but it's meaningful only when -r is also used. Option D's rm command deletes the user's home directory (assuming that it's located in the conventional place, given the username) but doesn't delete the user's account. Option E's usermod command can modify accounts, including locking them, but it can't delete accounts. Furthermore, the -D option to usermod is fictitious.
8. Which of the following system logging codes represents the highest priority? A. info B. warning C. crit D. debug E. emerg
8. E. The emerg priority code (option E) is the highest code available and so is higher than all the other options. From highest to lowest priorities, the codes given as options are emerg, crit, warning, info, and debug.