2 Administering Users & 3 Configure Perms Flashcards

1
Q

User passwd fields

A

username
passwd
uid
gid
comment
home dir
login shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

User shadow fields

A

-username
-passwd
-days since change
-day before may change
-days before must change
-days until max warned to change
-days to account disable after expire
-days until expire
-reserved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

/etc/profile

A

set system wide enviroment variables (e.g. mail notification) and start up programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

/etc/bashrc

A

system wide functions and aliases for new user shells

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

~/.bash_profile

A

Login shell that can source the .profile file and runs upon user login in the background . Set user-specific variables for new shell login sessions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

~/.bashrc

A

Interactive shell that runs the terminal and accepts user inputs for specific outputs. Can apply user-specific variables and configs/preferences for each login session like aliases

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

/etc/skel

A

files copied to home directory of new user, prepopulates config files life .bashrc with suggested settings or policy docs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

/etc/login.def

A

define default account settings:
-mail box location,
- passwd aging values,
-uid,
-guid,
-home dir creation,
-umask,
-pass encryp hash & methods (AES)
display: useradd -D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

useradd -c -e -m -s -u -D

A

-c comment
-e expiration yyyy-mm-dd
-m home dir
-s shell
-u uid
-D default settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

usermod/del error codes 0,1,2,6,8

A

0 success
1 couldn’t update passwd file
2 invalid syntax
6 specified user doesn’t exist
8 cannot del, user logged in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

who , w

A

who : displays login sessions
w : displays specific users logged in and idle time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

id {uname}

A

display uid, guid, group memberships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

passwd -d -e -l -u

A

-d del
-e expire passwd for change
-l lock account
-u unlock account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

chage -l

A

display:
-last passwd change date
-Password expiration date
-Account inactive date
-account expiration date
-min days between pass changes
-max days between pass changes
- # days before pass expiration before warning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

chage -l -M -m -W -E

A

-l display values
-M max # of days between pass changes
-m min # of days between pass changes
-W days before pass expiration before warning
-E lock account after date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

pam_faillock

A

tracks login attempts and can configure policies after # failed attempts for lockout

display tally of logins attempts with faillock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

/etc/group

A

groups and memberships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

group commands

A

groupadd,
groupmod,
groupdel,
gpasswd

19
Q

groupadd error code 0,2,4,9

A

0 succes
2 invalid syntax argument
4 GID not unique
9 Group name not unique

20
Q

groupmod/del 0,2,6,8,10

A

0 success
2 invalid command syntax
6 group don’t exists
8 cant remove user primary group (del)
10 cant update group

21
Q

how are users given root privileges

A

sudo, which is delegated from the /etc/sudoers file but edit must be done from visudo to ensure correctness

-sudo -l displays sudo privileges

22
Q

visudo -c -f -s -x

A

-s check file for errors
-f edit file in different location
-s check file in strict mode: aliases used before defined will cause error
-x output file in to a file in JSON format

23
Q

how to edit visudoers file to add priviliegs

A

-full privileges are done with “ uname ALL=(ALL:ALL) ALL “

-specific privileges without passwd “uname ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS”
: assuming
shutdown_cmds is
an alias for all
related
shutdown
commands

-allow use of sudo edit “%editors ALL - sudoedit /path/to/file”

24
Q

wheel group

A

gives users root privileges with use of sudo

visudo can edit this groups privileges

25
Q

sudoedit /path/to/file

A

allows edit of files requiring root privileges using their own privileges

26
Q

polkit

A

delegates specific root actions than sudo allowing aliases of cmd groups

rules for actions written in XML files /usr/share/polkit-1/actions “*.policy”

27
Q

polkit cmds: pkexec

A

allow user to execute an action

” sudo pkexec useradd uname “

28
Q

polkit cmd: pkaction

A

diplays details about an action

29
Q

polkit cmd: pkcheck

A

displays whether a process is authorized

30
Q

polkit cmd: pkttyagent

A

provide text-based authentication

31
Q

halt processes for users

A

sudo killall -u uname

32
Q

login processes from boot

A
  1. The operating system boots and the kernel is loaded. Assume the system boots to the CLI and displays an authentication prompt.
  2. The user enters a name and password combination. These are checked against the /etc/passwd and /etc/shadow files. Settings such as expired passwords and locked accounts are checked for at this point.
  3. System and user profile files are processed, and the user is presented with an authenticated and customized environment.
33
Q

lastlog command

A

tracks latest login attempts recorded in /var/log/lastlog

34
Q

last command

A

displays wtmp file including every login and logoff and can filter time stamps

found in /var/log/wtmp

35
Q

chown and chmod

A

chown : alters ownership and group
chown {user}:{group} or chown :{group}

chgrp : group ownership

chmod : alters permissions of dir/file with rwx

-R recursive

36
Q

rwx

A

r - read files and list dir
w - save write changes to files : w/ (x) perm - create, rename, execute files in dir
x - run scripts, program, software file, access dir and execute file from dir, or perform task on dir

37
Q

lsattr -R -a -d -v chattr -R -v +i -i

A

lsattr:
-R recursively list attr in dir and contents
-a ls all files
-d ls dir not files
-v ls version # file
chattr:
-R recursively change attr
-v {version} set version number of file
- “+i” mark as immutable
- “-i” remove immutable

chattr [-R] [-v {version}] [+-{attributes}] {file/directory names}

even root affected by immutable flag

38
Q

setUID or setGID

A

set users to have similar permissions as file or group owner.
New files set with setGID will inherit the SGID and the dir ID instead of GID of user.
this doesn’t affect existing files even moved

39
Q

how to set SUID or SGID

A

SUID chmod u+s {file}
GUID chmod g+s {file}

SUID chmod 4— {file}
SUID chmod 2— {file}

removing uses “-“ in symbolic and “0” on the 4/2 in absolute

40
Q

sticky bit and how to set

A

similar to immutable but protects files in dir from users with wx privileges. root and owner can still delete file/dir

set: +/1 add -/0 remove
chmod {+ or -} t {dir}
chmod {1 or 0}— {dir}

viewed with a t or T (if x perm not set) int the other users x bit

41
Q

ACL

A

assigns specific perms to individual users instead of only being able to set perm by a user, a group, and all others

also allows multiple users or groups presume ownership of files/dir with rwx perms of a file

doesn’t replace perms

42
Q

getfacl

A

display exiting ACL settings for a file

43
Q

setfacl -R -s -m -x -b

A

change ACL file perms:
-R recursively set
ACL options
-s set ACL replacing exiting ACL
-m Modify existing ACL
-x Remove ACL entries
-b Remove all ACL entries

setfacl [-bR] [-mx {u or g}:{u or g name}:{perm}] {file/directory names}

”,” can separate multiple acl_spec entries for u or g entries but don’t use a space