MODULE 15 - System and User security Flashcards by Amogelang Rapholo

Which command allows you to run a shell as a different user in Linux?

The su command allows you to switch users and run commands under another user’s privileges, often used to switch to the root user.

How well did you know this?

Not at all

Perfectly

Which 3 options fully configure the new shell with the settings of the new user, ensuring that all commands are executed correctly?

The login shell option (su -, su -l, su –login) fully configures the new shell with the settings of the new user, ensuring that all commands are executed correctly.

How well did you know this?

Not at all

Perfectly

What is the default behavior when no username is provided with the su command?

By default, the su command opens a new shell as the root user.

How well did you know this?

Not at all

Perfectly

How can you specify the login shell option when using the su command?

You can specify the login shell option with one of these commands:

su -

su -l

su –login

How well did you know this?

Not at all

Perfectly

Which command allows a user to execute a single command as another user, typically the root user, without switching shells?

The sudo command lets users execute commands with elevated privileges, assuming root permissions by default.

How well did you know this?

Not at all

Perfectly

What command is equivalent to su - root when switching to the root user?

The command su - is equivalent to su - root when switching to the root user.

How well did you know this?

Not at all

Perfectly

What should you use to return to your original user account after performing administrative tasks with the root user?

To return to your original shell, use the exit command.

How well did you know this?

Not at all

Perfectly

How can you confirm successfully switching to the root user using the su command?

The id command is used to confirm successfully switching to the root user using the su command.

How well did you know this?

Not at all

Perfectly

Which password is required when using the sudo command to execute a privileged command?

The user must enter their own password, not the root user’s password, when prompted by sudo.

How well did you know this?

Not at all

Perfectly

What is the default timeout period during which the password prompt does not reappear for sudo after a successful entry?

Five minutes is the default timeout window during which a user can run additional sudo commands without being prompted again.

How well did you know this?

Not at all

Perfectly

Which logging advantage does sudo offer that su does not?

Each command run with sudo is logged individually, showing the user, time, and specific command, ensuring better accountability.

How well did you know this?

Not at all

Perfectly

Which file in the /etc directory contains basic user account information for all users on the system?

/etc/passwd file in the /etc directory contains basic user account information for all users on the system.

How well did you know this?

Not at all

Perfectly

What does an x in the second field of a line in /etc/passwd indicate?

The actual password is stored in /etc/shadow, not in /etc/passwd.

How well did you know this?

Not at all

Perfectly

Which command is used to check if a specific user (e.g., sysadmin) exists in the /etc/passwd file?

grep sysadmin /etc/passwd command is used to check if a specific user exists in the /etc/passwd file.

How well did you know this?

Not at all

Perfectly

What is the purpose of the third field (e.g., 1001) in a line from /etc/passwd?

It represents the User ID (UID) used by the system internally to identify the user.

How well did you know this?

Not at all

Perfectly

What does the fourth field in /etc/passwd specify?

The Primary Group ID (GID) the user belongs to.

How well did you know this?

Not at all

Perfectly

What is typically stored in the fifth field (the comment field) of the /etc/passwd file?

User information such as the real name or other identifiers (e.g., “System Administrator”).

How well did you know this?

Not at all

Perfectly

Where is the default home directory for a regular user like bob located?

/home/bob

How well did you know this?

Not at all

Perfectly

What is the default home directory for the root user?

/root

How well did you know this?

Not at all

Perfectly

Which field in the /etc/passwd file defines the user’s default shell at login?

The seventh field, typically something like /bin/bash

How well did you know this?

Not at all

Perfectly

Which shell is most commonly assigned as the login shell for Linux users?

/bin/bash

How well did you know this?

Not at all

Perfectly

What does the $6$ prefix in the password field indicate in the following /etc/shadow line?
sysadmin:$6$c75ekQWF$…:16874:5:30:7:60:15050:

It indicates that the password is encrypted.

How well did you know this?

Not at all

Perfectly

Which field in the following /etc/shadow line shows the exact number of days since the password was last changed: sysadmin:$6$c75ekQWF$…:16874:5:30:7:60:15050: ?

The third field (16874) shows the last change date, representing the number of days since the Unix Epoch (Jan 1, 1970).

How well did you know this?

Not at all

Perfectly

In this /etc/shadow line, what does the 5 represent?
sysadmin:$6$c75ekQWF$…:16874:5:30:7:60:15050:

It represents the minimum number of days required between password changes—meaning the user must wait 5 days before changing the password again.

How well did you know this?

Not at all

Perfectly

What is the purpose of the 30 in this /etc/shadow line? sysadmin:$6$c75ekQWF$...:16874:5:30:7:60:15050:

It’s the maximum password age in days. The user is forced to change their password every 30 days.

How many days before password expiry will the user be warned, according to this line? sysadmin:$6$c75ekQWF$...:16874:5:30:7:60:15050:

7 days. The warn field (7) notifies the user during login within that time window before password expiration.

After the password expires, how many days does the user have to still log in and change it before the admin must intervene? sysadmin:$6$c75ekQWF$...:16874:5:30:7:60:15050:

60 days. That’s the inactive field, providing a grace period after expiry during which the user can still update their password if they log in.

What does the value 15050 at the end of this /etc/shadow line represent? sysadmin:$6$c75ekQWF$...:16874:5:30:7:60:15050:

It’s the account expiration date, given as the number of days since Jan 1, 1970. Once reached, the account is locked (but not deleted).

In a /etc/shadow line, what does a * or ! in the password field indicate?

It marks the account as locked or disabled. * is typically used for system accounts, while ! indicates login is disabled.

Which command is used to view user account info from /etc/shadow or /etc/passwd, including over a network?

getent — it retrieves entries from databases like passwd or shadow and works with both local and network-based sources.

What does the x in the second field of /etc/group indicate?

A placeholder showing that the group password is stored in /etc/gshadow (if used), not in /etc/group

Define the concept described as: accounts that run services, not meant for direct login, and have UID values from 1 to 499?

System accounts.

If the maximum field is set to 99999, what effect does that have on password aging?

It essentially disables forced password changes—the password will never expire, since 99999 days ≈ 274 years.

What does /usr/sbin/nologin or /bin/false field in /etc/passwd file mean?

The shell field, which is typically set to /usr/sbin/nologin or /bin/false for a system account prevents login.

Which type of account has a UID of 0 and full system access?

The root account.

Why do most system accounts in /etc/passwd lack a home directory?

Because system accounts don't need to store user files or configurations, they typically don't require home directories.

Which UID range is typically reserved for regular user accounts?

UID > 500 (on some systems UID > 1000).

What file defines supplemental (secondary) group memberships in Linux?

/etc/group

What does an asterisk * in the password field of /etc/shadow mean ?

An asterisk * in the password field of /etc/shadow means it is a system account disabled for interactive logins.

In the group file entry mail:x:12:mail,postfix, what does the mail in the first field represent?

The group name.

What file defines a user’s primary group membership in Linux?

/etc/passwd

How did traditional UNIX systems limit group membership per user? How many groups can a user belong to in modern Linux kernels?

In traditional UIX systems Users could belong to no more than 16 groups, in modern Linux kernels users can belong to Over 65,000 groups.

In the line mail:x:12:mail,postfix, what does the final field list?

Users who are secondary members of the group

What does the number 12 in the group entry mail:x:12:mail,postfix represent?

The Group ID (GID) — a unique numeric identifier for the group

Which command is used To view information about a specific group

grep groupname /etc/group

Which command is used to view a user's UID, GID, and group memberships?

id.

What command shows all groups (by GID) that the current user belongs to?

id -G

What happens if you run the id command without any arguments?

It displays UID, GID, and group memberships for the current user.

What command shows the numeric GID of the current user’s primary group? Answer:

id -g

What file confirms the secondary groups a user belongs to?

/etc/group

Which command displays a list of users currently logged into the system along with their login details?

who

What does an IP address or domain in the who command's last column indicate?

A remote login from that host or network.

What command can be used alongside cat to search for group entries of a specific user?

cat /etc/group | grep username

What does it mean if the terminal name in who starts with tty?

The user logged in using a local command-line terminal.

What does it mean if the terminal name in who starts with pts?

The user is connected via a pseudo-terminal (e.g., SSH or terminal emulator).

What does (:0) or (:0.0) indicate in the last column of who output?

A local graphical login session (using X Window System display 0).

What does the who -b option display?

The last system boot time.

What is the term for A functional state of the system that determines which services are running?

A runlevel

What does the who -r option show?

The current system runlevel and when it was reached.

Which command gives a more detailed list of logged-in users and their activity?

What is shown in the WHAT column of w output?

The current command or process the user is running.

What does the JCPU column in the w command output represent?

Total CPU time used by all processes attached to the terminal since login.

What does the load average in w output represent?

System load (CPU usage) over time; on a single-core, 1.00 means 100% usage.

What does the IDLE field in w output indicate?

The time since the user last executed a command.

What does the PCPU column show in w output?

The CPU time used by the current process the user is running.

Which command shows a history of all logins and reboots on a Linux system?

last

Which file does the last command read from to display login history?

/var/log/wtmp

Which command shows only the users currently logged in (not history)?

who

Which command shows history of all user logins &logouts date and time, and system reboots?

The last command.

What file does the who command read to list currently logged-in users?

/var/log/utmp

Which command would be used to view account information of you, the sysadmin in the /etc/shadow folder?

getent passwd sysadmin

Which command which you use to view the account information of the root user?

id root