IS3440 CHAP 4 USER PRIVILEGES AND PERMISSIONS Flashcards
(COMMAND) ____ is a PAM module that can verify account validity based on expiration dates, time limits, or configuration files with restricted users.
(COMMAND) account
(COMMAND) ____ is a PAM module that can verify passwords, group memberships, and even Kerberos tickets.
(COMMAND) auth
(COMMAND) ____ is a command that can modify password related information for a user, such as the password’s expiration date.
(COMMAND) chage
(COMMAND) ___ is a message bus system for interprocess communication between a variety of applications and devices.
(COMMAND) dbus
(COMMAND) ____ This is a useful option that lists users by the frequency of their recent logins. Found under the ck -history command it can provide extended information about recent users.
(COMMAND) –frequent
(COMMAND) ____ is a command that can add a group.
(COMMAND) groupadd
(COMMAND) ____ is a command that can delete a group.
(COMMAND) groupdel
(COMMAND) ____ is a command that can modify the settings of a group in the files of the shadow password suite.
(COMMAND) groupmod
(COMMAND) ____This is a useful option that lists last-logged-in users, by user, sessions, seat, and time. Found under the ck -history command it can provide extended information about recent users.
(COMMAND) –last
(COMMAND) ____ is a PAM flag that labels a configuration line that is normally ignored unless there are no other PAM flags in the file.
(COMMAND) optional
(COMMAND) ____ is a PAM module that can control changes to user passwords and limit the number of login attempts.
(COMMAND) password
(COMMAND) ____ is a PAM flag that labels a configuration line that must work for the authentication attempt to succeed. However, if the line fails, PAM continues to check the other lines in the file.
(COMMAND) required
(COMMAND) ____is a PAM flag that labels a configuration line that must work for the authentication attempt to succeed. However, if the line fails, PAM immediately returns a failure in the authentication attempt.
(COMMAND) requisite
(COMMAND) ____ is a PAM module that can control mounting and logging.
(COMMAND) session
(COMMAND) ____ is a command that can connect with the privileges of another group. It requires a group password in
/etc/gshadow
(COMMAND) sg
(COMMAND) ____is a command that can connect with the privileges of another user. Requires the password of the target user. When no target user is specified, the root administrative user is assumed.
(COMMAND) su
(COMMAND) ____ is a command that can connect as the administrative user if authorization is configured in
/etc/sudoers
(COMMAND) sudo
(COMMAND) ____ is a PAM flag that labels a configuration line. If the line works, PAM immediately returns a success message in the authentication attempt.
(COMMAND) sufficient
(COMMAND) ____ a command that can add a user.
(COMMAND) useradd
(COMMAND) ____ a command that can delete a user.
(COMMAND) userdel
(COMMAND) ____ a command that can modify the settings of a user in the files of the shadow password suite.
(COMMAND) usermod
___ is the number associated with a group name in Linux,as defined in
/etc/group and
/etc/gshadow
(GID) Group ID
___ is a directory service for network-baseed authentication. Its communication can be encrypted.
(LDAP) Lightweight Directory Access Protocol
___ is a directory service for network-based authentication. Its database can be created from the files of the shadow password suite.
(NIS) Network Information Service
___ is a condition where a system sends a flood of ICMP packets to a server. It may be created with the (COMMAND) ping -f
Ping storm
___ is a special permission commonly applied to a directory. With this, users who are members of the group that owns the directory have permissions to read and write to all files in that directory. It assigns the group owner of the directory as the group owner of all files copied to that directory.
(SGID) Set Group ID bit
___ is a special permission that allows others to execute the given file with the rights of the user owner of the file.
(SUID) Set User ID bit
\_\_\_is the files that make up the local Linux password authentication database. The files are: /etc/passwd /etc/shadow /etc/group /etc/gshadow login. su passwd
Shadow password suite
___ is a special permission commonly applied to a directory. With this and full permissions, all users can write to the associated directory. However, ownership is retained rousers won’t be able to overwrite files copied by other users.
Sticky bit
___ is the number associated with a user name in Linux as defined in:
/etc/passwd
(UID) User ID
___ is the standard in Linux where a special group is created for every user. By default, the user and group names (along with the UID and GID numbers) are identical. The user is the only standard member of that group.
User private group scheme
- Which of the following files is NOT normally readable by all users? (Written in COMMAND style)
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/login/defs
/etc/shadow
- Which of the following files contains information about time limits on a password?
- /etc/passwd
- /etc/shadow
- /etc/group
- /etc/gshadow
/etc/shadow
- Which of the following commands can be used to revise expiration information on a user password? (Written in COMMAND style)
- useradd
- passwd
- groupmod
- chage
chage
- The ___ command searches for all files owned by the group named audio. Assume you’re logged into the root administrative account.
find / -group audio
Written in COMMAND style
- which of the following statements is true with the user private group scheme?
- There are no private groups in Linux
- User information in the group is private
- The primary UID for the user is the same as the primary GID for the user.
- Users are members of the same private group
The primary UID for the user is the same as the primary GID for the user.
- Members of which of the following groups are frequently set up as printer administrators. (Select two)(Written in COMMAND style)
- admin
- adm
- lpadmin
- sys
lpadmin
sys
7. Which of the following commands only requires the password of a configured standard user? (Written in COMMAND style) 1. sudoers 2. sudo 3. su 4. sg
sudo
- enter the ___ command to open and edit the
/etc/sudoers file in a command-line console.
visudo
Written in COMMAND style
- Which of the following special permissions is associated with a shared directory? That directory is NOT accessible to others who are NOT members of the group owner of that directory.
- SUID
- SGID
- Sticky bit
- Executable bit
SGID
- Which of the following options in a log configuration file collects information on login attempts and failures?(Written in COMMAND style)
- auth
- sys
- log
- user
auth
- Which of the following PAM modules is least related to login information? (Written in COMMAND style)
- auth
- account
- passwd
- session
session
- Enter the ___ directory for PAM modules.
/lib/security/
- Which of the following PolicyKit concepts is associated with configuring access rules to special desktop tools by user?
- Implicit authorizations
- Explicit authorizations
- Administrative authorizations
- PolicyKit authorizations
Explicit authorizations
- which of the following PolicyKit commands can be used to identify user logins by session?
(Written in COMMAND style) - ck-history
- ck-list
- ck-launch-session
- ck -logins
ck-history
ck-list
- Which of following commands can help identify network ports used by NIS through the portmapper?(Written in COMMAND style)
- nismap -p
- ypbind -p
- rpcinfo -p
- portmap -p
rpcinfo -p
