File Sharing Flashcards
Samba, NFS and FTP
1
Q
Samba got its name from the SMB protocol, what does SMB SMB stand for?
A
Server Message Block
2
Q
Which 3 Daemon services does Samba use?
A
smbd - Samba Daemon
nmbd - Netbios Daemon
winbind - Manages connections between Linux & Windows
3
Q
What are the 5 Samba package names on Debian based distros?
A
cifs-utils - utilities to manage shares samba - server function samba-common - configs and docs smbclient - client connections winbind - winbind functions
4
Q
What are the 5 Samba package names on Redhat based distros?
A
cifs-utils - utilities to manage shares samba - server function samba-common - configs and docs samba-client - client connections samba-winbind - winbind functions
5
Q
Where is the samba documentation installed?
A
/usr/share/doc/samba* or
/usr/share/doc/samba-version
6
Q
Where does Samba store the storage/DB files?
A
/var/lib/samba
7
Q
Where does Samba write log messages?
A
/var/log/samba
8
Q
Where is the main samba config file?
A
/etc/samba/smb.conf
9
Q
Samba utility that mounts samba shares
A
mount.cifs
10
Q
Samba utility that can be used to administer a samba server and remote servers
A
net
11
Q
Samba utility that can lookup netbios info
A
nmblookup
12
Q
Samba utility that is used to manage samba user databases
A
pdbedit
13
Q
Samba utility that executes remote procedure call functions
A
rpcclient
14
Q
Samba utility that displays or modifies Samba access control functions
A
smbcacs
15
Q
Samba utility that connects, list shares or provides ftp like access to a share
A
smbclient
16
Q
Samba utility that manages the smbd daemon
A
smbcontrol
17
Q
Samba utility that mounts samba shares - an older tool that has been replaced by mount.cifs
A
smbmount
18
Q
Samba utility that manages the samba smbpasswd or tdbsam database
A
smbpaswd
19
Q
Samba utility that sends files to a samba printer share
A
smbspool
20
Q
Samba utility that displays the status of the samba server connections
A
smbstatus
21
Q
Samba utility that createss samba file sare backups
A
smbtar
22
Q
Samba utility that tests the syntax of the sm.conf file
A
testparm
23
Q
Samba utility that displays winbindd info
A
wbinfo
24
Q
Samba utility that is used to configure Samba as an active directory domain controller
A
samba-tool
25
Samba directive that defines the workgroup name
workgroup
26
Samba directive that declares a comment describing the samba server
server string
27
Samba directive that defines a netbios name for the Samba server (typically only required on legacy windows networks)
netbios name
28
Samba directive that defines a Kerberos realm
realm
29
Samba directive that defines which interface(s) to provide the Samba service
interfaces
30
Samba directive that defines systems that are allowed to access the Samba service
hosts allow
31
Samba directive that defines systems that should be denied access to the Samba services
hosts deny
32
Samba directive that stops the nmbd daemon from launching
disable netbios
33
Samba directive that defines which port numbers to listen on
smb ports
34
Samba directive that defines enables wins support on a netbios network
wins support
35
Samba directive that defines the Samba log file
log file
36
Samba directive that defines the logging level
log level
37
Samba directive that defines the maximum Samba log size
max log size
| 0 = no limit
38
Samba directive that defines the security mode of the server (ads, domain, server,share or user)
security
39
Samba directive that defines the account database (ldapsam, smbpasswd or tdbsam)
passdb backend
40
Samba directive that defines if encryption is allowed or required
smb encrypt
41
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for all shares?
[global]
42
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for a new share called LPIC-Share?
[LPIC-Share]
43
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for user home directories?
[homes]
44
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for a Samba server acting as a domain Controller? (A samba server that is responding to security authentication requests.
[netlogin]
45
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for printer shares?
[printers]
46
Samba file section names are enclosed in square brackets [ ]. Which file section name sets the directives for roaming user profiles?
[profiles]
47
Samba configuration file directive that describes the samba share
comment
48
Samba configuration file directive that determines if the Samba share is listed as an available share
browseable
49
Samba configuration file directive that declares a list of authorised users for a share
valid users
50
Samba configuration file directive that declares a list of unauthorised users for a share
invalid users
51
Samba configuration file directive that declares the absolute directory for a share
path
52
Samba configuration file directive that defines whether a password will be required for a share or not.
public
| public = no #password required
53
Samba configuration file directive that allows only guest connections to a share
guest only
54
Samba configuration file directive that sets a group name for users connecting to a share
group
55
Samba configuration file directive that defines whether a share is writable or not
writable
56
Samba configuration file directive that declares a list or users and/or groups that can write to a share
write list
57
Samba utility that tests thesmb.conf file for errors. You should run this after every edit of smb.conf.
testparm
58
What does this command do?
| pdbedit -L
pdbedit is used to manage backend user databases. The -L option will list the users in the database.
59
User John has access to a Samba server (192.168.20.10) on his network. How can John check which shares are available on the server?
Use the smbclient command.
| smbclient -L //192.168.20.10 -U John
60
Samba will use DNS, which port does DNS use?
53
61
Which port numbers does the Samba Netbios feature use?
137 - 139
137 - Netbios Name service
138 - Netbios datagram service
139 - Netbios session service
62
Which port does Samba use for end point resolution?
135
63
Which port is used for SMB over TCP?
445
64
User John has access to a Samba server (192.168.20.10) on his network. How can John access a shared named public and use ftp like commands while connected to the share?
use smbclient
smbclient //192.168.20.10/public -U John
65
User John has access to a Samba server (192.168.20.10) on his network. How can John access a shared named public as if it were a local directory?
John need to mount the share.
Create a mount point : mkdir /mnt/public
then mount the share: mount -t cifs -o username=John,noperm //192.168.20.10/public /mnt/public
66
The SMB protocol has two security levels what are they?
user level security and
share level security
share level doesn't use usernames, just passwords to access a share - it is now deprecated.
user level - users authenticate with a username and a password.
67
Samba has 5 modes, what are they?
ads - Allows Samba server to join active Directory as a member
domain - User names and passwords are authenticated by the domain controller.
server - Usernames and passwords handled by remote (possibly Samba) server
share - only password used to access share
user - username and password handled by this Samba server
68
How would you setup Samba as an Active Directory member?
1 Install Samba and utilities
2 If domain controller is providing DNS, change resolv.conf
3 Setup NTP
4 Check domain controller name to IP resolution is correct - modify /etc/hosts if required
5 Modify smb,conf as required
6 Join the domain (e.g. net ads join -U Admin-user
7 Change nsswitch.conf to use winbind
8 Start the winbind service
69
How would you make all printers defined in /etc/cups/printers available via samba? hint: you'll need 6 directives...
```
[printers]
comment = All Printers on Server X
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
```
70
User John has access to a Samba server (192.168.20.10) on his network which has a printer share "HP-Laserjet" availbale. How can John send his lpic-notes.txt file to the printer?
with the smbclient tool...
smbclient //192.168.20.10/HP-Laserjet -U John -c "print lpic-notes.txt"
71
Name 8 things you can do to troubleshoot Samba
```
1 run testparm
2 Check the Service is started and running
3 Check share with smbclient -L
4 Check the workgroup setting
5 Do some network diagnostics, ping, traceroute...
6 Review log files increase debug level
7 check smbstatus (if installed)
8 Review user/group settings
```
72
How can you break the log file into separate files for each client.
using the log file directive in smb.conf:
| log file = /var/log/samba/log.%m
73
How can you increase and decrease the Samba log level on the fly?
Increase:
kill SIGUSR1 smbd-PID
Decrease
kill SIGUSR2 smbd-PID
* Where smbd-PID is the process ID of the smbd service.
74
What are the Samba Log levels high and low settings?
log level = 0 #off
log level = 1 #low
log level - 10 # highest
75
Which Samba utility command will display the netbios name for server 192.168.20.10?
nmblookup -A 192.168.20.10
76
Which Samba utility command will display the netbios name and hostname for server 192.168.20.10?
nmblookup -S 192.168.20.10
77
Which Samba utility command would you run to check if a user is in the local samba user database?
pdbedit -L or
| pdbedit -L -u username
78
Which Samba utility command would you run to check if a user on a Samba server that is a member of an Active directory?
wbinfo -u (for user info)
| wbinfo -g (for group info)
79
Which NFS Version supports UDP only, is 32 bit and has limited maximum file sizes and performance issues?
NFSv2, released in 1989, should avoid v2 now if possible.
80
Which NFS Version utilises "weak cache" to change files in memory, uses multiple ports including TCP and uses NVM Network Lock Manager to help prevent issues?
NFSv3, released in 1995, v3 is the version tested on the LPIC exam.
81
Which NFS Version introduces Kerberos Authentication,, consolidates multi-ports to a single port and features built-in file lcoking, better performance and security?
NFSv4, released in 2000 and refreshed in 2015.
82
What is RPC?
Remote Procedure Call protocol. It allows programs to be ignorant of network details but still request services from another system.
83
The filesystem an NFS server offers is called either an...
export or a share
84
NFS daemon or kernel service that maps user and group ids?
idmapd (alias rpc.idmapd) - based on settings in idmapd.conf - not used in NFSv3 and lower.
85
NFS daemon or kernel service that starts the NLM protocol service
locks (alias rpc.lockd) - not used in NFSv4
86
NFS daemon or kernel service that handles NFS client mount requests on te NFS server side
mountd (alias rpc.mountd)
87
NFS daemon or kernel service that handles user level NFS file access and data streaming
nfsd (alias rpc.nfsd) not used/required in NFSv4
88
NFS daemon or kernel service that maps RPC services to port - need to be running on both client and server
portmapper (rpcbind)
89
NFS daemon or kernel service that manages NFS quotas
rquotad (alias rpc.rquotad)
90
NFS daemon or kernel service that provides NSM (Network Status Monitor and is used with lockd to provide NLM file locking
statd (alias rpc.statd)
91
Which directory is the NFS documentation typically installed in?
/usr/share/doc/nfs*/
92
NFS packages for Redhat based distros
nfs-utils
nfs-utils-lib
rpcbind
portmap
93
NFS Packages for Debian based distros
nfs-kernel-server
nfs-common
rpcbind
portmap
94
NFS - Main Export file also known as server export table
/etc/exports
95
NFS - Directory with extra config files (files with .exports extension)
/etc/exports.d/
96
NFS - mount config file used on NFS clients
/etc/nfsmount.conf
97
NFS - primary nfs config files (for both Redhat and Debian based distros)
/etc/sysconfig/nfs
/etc/default/nfs-kernel-server
/etc/default/nfs-common
98
NFS file that contains current exports and clients using them - maintained by the kernel
/proc/fs/nfs/exports
99
NFS file that contains current exports and clients using them - not maintained by the kernel
/var/lib/nfs/xtab
100
NFS file that contains a list of current exports for client systems - on the server only
/var/lib/nfs/etab
101
NFS file tat contains a list of current exports and the client systems that currently have them mounted
/var/lib/nfs/rmtab
102
NFS export directive that ensures clients can't write to the share
ro
| read-only
103
NFS export directive that ensures clients can write to a share
rw
| read-write
104
NFS export directive that doesn't check the write cache has been written to disk before reading data
async
105
NFS export directive that checks the buffer has been written to disk before reading data
sync
106
NFS export directive that treats ALL users as anonymous
all_squash
107
NFS export directive that maps client root accounts to unprivileged accounts
root_squash
108
NFS export directive that allows client root users to access export as root
no_root_squash
109
NFS export directive that identifies filesystem export by UUID
fsid
110
NFS export directive that assigns a specified GID to anonymous group clients
anongid
111
NFS export directive that assigns a specified UID to anonymous user clients
anonuid
112
NFS export directive that enables subtree checking so permissions are checked on higher level directories
subtree_check
113
NFS export directive that ensures permission on higher level directories arenot checked
No_subtree_check
114
NFS utility that manages and displays information concerning shares
exportfs
115
NFS utility that mounts a NFS export on a NFS client
mount.nfs
116
NFS utility that displays client per mount stats
mountstats
e.g.
mountstats /path/to/mounted/nfsshare
117
NFS utility that displays client per mount IO stats
nfsiostat
118
NFS utility that displays NFs client and server activity stats
nfsstats
119
NFS utility that displays rpc service information
rpcinfo
120
NFS utility that displays NFS server information, can be used remotely
showmount
121
NFS utility that unmounts an NFS export
umount.nfs
122
What command would you run to display a list of all registered RPC programs
rpcinfo -p
123
exportfs command to export all shares
exportfs -a
124
exportfs command to unexport all shares
exportfs -u
125
exportfs command to ignore /etc/exports and use the command line
exportfs -i
126
exportfs command to export share with command line options
exportfs -o
127
exportfs command to refresh shares in /etc/exports
exportfs -r
or
exportfs -ra
128
exportfs command to provide verbose info
exportfs -v
129
what is this doing?
| exportfs 192.168.20.10:/srv/nfsshare1
Exporting the share "nfsshare1" on the server 192.168.20.10
130
How can you display NFS shares with all the associated options (ro,rw,sync,async etc..)
exportfs -v for localhost or
or
exportfs -v 192.168.20.10 or
cat /var/lib/nfs/etab
131
What does an nfs mount definition look like in fstab? force use of version 3.
192.168.20.10:/srv/nfsshare1 /mnt/nfsshare1 nfs intr,nfsvers=3,tcp 0 0
132
What are the two built in methods of security in NFS
user level share options in /etc/exports and
| AUTH_SYS or AUTH_UNIX uid and gid file permissions
133
What 6 things can we do to improve NFSv3 security?
1 Use TCP (UDP is easier to spoof)
2 Limit wildcard use in export definitions
3 Use root_squash
4 consider all_squash
5 Manage access to ports
6 Use TCP wrappers (hosts.allow and hosts.deny)
134
What can we do to troubleshoot NFS issues?
1 Check /etc/exports
2 Verify Daemons are running
3 Review NFS ports
4 Check server exports (exportfs -v showmount -e)
5 Basic network diagnostics (ping, traceroute...)
6 Review log file (/var/log/messages |grep nfs)
7 check available exports on the server: showmount -e [server]
9 check NFS export option exportfs -v
135
Which ports are used in FTP passive mode
Ports 20 and 21
136
Which ports are used in FTP active mode
unknown, these ports a negotiated between the client and server when establishing the connection
137
Name the 3 ftp servers mentioned on the LPIC exam
vsftpd
pure-FTPd
proFTPD
138
There are 2 command linux command line ftp clients, what are they?
ftp - standard basic ftp client
| lftp - refined ftp client
139
vsftpd package name
vsftpd
| sudo apt-get install vsftpd
140
vsftpd document location
/usr/share/doc/vsftpd-version or
| /usr/share/doc/vsftpd
141
vsftpd config file location
/etc/vsftpd.conf or
| /etc/vsftpd/vsftpd.conf
142
vsftpd config directive to allow anonymous users to create directories
anon_mkdir_write_enable
| Default - No
143
vsftpd config directive to permit anonymous users to rename and delete files
anon_other_write_enable
| Default - No
144
vsftpd config directive to specify the directory an anonymous user changes into on login
anon_root
| Default - Directory in /etc/passwd for FTP user
145
vsftpd config directive to allow anonymous users to see and download world readable file
anon_world_readable_only
| Default - Yes
146
vsftpd config directive to allow anonymous users to upload files
anon_upload_enable
| Default - No
147
vsftpd config directive to allow anonymous user access to the FTP server
anonymous_enable
| Default - Yes
148
vsftpd config directive to change ownership of anonymous users uploaded files
chown_uploads
Default - No
Define username with chown_username
149
vsftpd config directive to change the owner of all anonymously uploaded files
chown_username
| enable with chown_uploads, set username with chown_username
150
vsftpd config directive to chroot local users
chroot_local_user
| Default - No
151
vsftpd config directive to define a list of users to be placed in chroot
chroot_list_enable
| chroot_list_file
152
vsftpd config directive to set the default ftp account
ftp_username
| Default - ftp
153
vsftpd config directive to run in either standalone mod or via initialisation service
listen
| listen_ipv6
154
vsftpd config directive to allow local users to login via ftp
local_enable
| Default - No
155
vsftpd config directive to log all ftp queries
log_ftp_protocol
| Default - No
156
vsftpd config directive to check a file for a list of valid/invalid users
userlist_enable
| userlist_file
157
vsftpd config directive to allow ftp users access to commands that modify the filesystem
write_enable
| Default - No
158
How would you check if the vsftpd service supports tcp wrappers
Get the full path
which fsftpd
then check if the binary uses the libwrap library
ldd /usr/sbin/vsftpd |grep libwrap
159
How would you install pure-ftpd in Debian and Redhat?
```
Debian:
apt-get install pure-ftpd
Redhat
check epel repo is enabled
yum -enablerep=epel info pure-ftpd
yum -enablerep=epel install pure-ftpd
```
160
pure-ftpd command line option to listen only for ipv4
- 4
| - -ipv4only
161
pure-ftpd command line option to listen for only ipv6
- 6
| - -ipv6only
162
pure-ftpd command line option to chroot all users
- A
| - -chrooteveryone
163
pure-ftpd command line option to set the max number of client connections
- c
| - -maxclientsnumber
164
pure-ftpd command line option to set the max number of clients per IP
- C
| - -macclientsperip
165
pure-ftpd command line option to allow anonymous users
- e
| - -anonymously
166
pure-ftpd command line option to disallow anonymous users
- E
| - -noanonymous
167
pure-ftpd command line option to start the service in the background.
- B
| - -daemonize
