Chapter 22 Flashcards
Investigating User Issues
Summarize user access problems/solutions.
For impeded local access, research corrupted terminal files, improperly configured GUI components, and expired passwords/accounts. Remote access problems are often caused by misconfigured OpenSSH components or remote desktop applications. Other issues can involve layered authentication software such as PAM or a system’s kernel security module, such as SELinux or AppArmor.
Describe various file problems/solutions.
File access and management requires understanding of basic file and directory permissions as well as ownership and group membership. Additional system items to review include filesystem quotas, disk space, inode use, and umask settings. Check the kernel security module log files for policy violations as well. If a user cannot delete a file, look for the immutable bit set on the file.
Explain user environment and shell issues.
Improperly configured environment variables or ones that are not exported will cause user problems. Examine the various environment files, both global and user, for issues. Difficulties may also arise from the user account’s default shell setting.
Lamar, a contractor, claims he cannot log into his account locally. He was able to do so yesterday. No one else seems to be having problems accessing the system. What should you check first?
Check if GUI services are running using the systemctl command. Look at the OpenSSH server configuration files. Determine if his account has expired by using the chage command. See if the account is locked using the faillock utility. Check for policy violations in the SELinux log files.
C. Since Lamar is a contractor, his account should have an expiration date set. Thus, the first thing to check for his particular local access problem is whether or not the account has expired. Option C is the correct answer. GUI services may not be running, but this is not the first thing to check (and no one else is having problems, just Lamar). Thus, option A is an incorrect choice. Lamar is not employing a utility such as OpenSSH, so option B is a wrong answer. The account might be locked, but this is not the first thing to check, so option D is an incorrect answer. SELinux policy violations also may be a problem, but you don’t know if the system is running SELinux or AppArmor. Therefore, option E is also an incorrect choice.
Irene normally logs into the system locally via the tty4 terminal but cannot today. She tries her authentication at the tty3 terminal and logs in successfully. What should you check first?
Determine if getty services are running using the systemctl command. Review access rules in the /etc/security/access.conf file. See if the account is locked using the passwd -S command. Use the last command to see when she last logged in. Check if the tty4 device file is corrupted using the ls -l command.
E. Since Irene normally logs into the system using the tty4 terminal and is having trouble today but can log in using the tty3 terminal, the first thing to check is whether or not the tty4 device file is corrupted. Therefore, option E is the correct answer. If getty services were not running, Irene could not log into the tty3 terminal, so option A is a wrong answer. Option B is not the first item to check, so it is an incorrect answer. The account is not locked because Irene can log in via the tty3 terminal. Thus, option C is an incorrect answer. Using the last command is not helpful in this scenario, unless you think Irene is confused, so option D is an incorrect choice as well.
Vincent is attempting to remotely log into the system using OpenSSH without success. He asks you what he can do to help troubleshoot this problem. What should you recommend first?
Check the /etc/ssh/sshd_config configuration file. Add the -vvv option on to Vincent's ssh command. Add the -X option onto Vincent's ssh command. Confirm that Vincent's public key is stored in the ~/.ssh/authorized_keys file. Check the ~/.ssh/config configuration file.
B. To enlist Vincent’s help, have him add the -vvv option on to his ssh command. This will provide a great deal of information that will assist you as you track down the problem. Therefore, option B is the correct answer. The /etc/ssh/sshd_config configuration file is on the server side, and Vincent cannot reach the system, so option A is the wrong answer. The -X option will only help if your system is forwarding X11 GUI servers over the network, so option C is an incorrect answer. If Vincent is using token-based authentication via ssh, then this will need to be checked, but it’s not the first item to address. Thus, option D is a wrong choice. The config file may need to be checked, but it’s not the first item to address, so option E is an incorrect choice as well.
Anton is struggling to determine why a particular user cannot log into a Rocky Linux system, where SELinux is disabled and auditd is not used. Which of the following are the best log files to peruse? (Choose two.)
/var/log/audit/audit.log /var/log/messages /var/log/auth /var/log/secure /var/log/lastlog
D, E. The best log files for Anton to peruse in this situation are /var/log/secure and /var/log/lastlog using the lastlog command. Therefore, options D and E are the correct answers. Since auditd is not employed, the file in option A is not available and is a wrong answer. Since SELinux is not used, the file in option B is also an incorrect answer. This system, Rocky Linux, is a Red Hat–based system and not Debian, so the /var/log/auth file is not available. Thus option C is also an incorrect choice.
Tarissa needs to run a shell script, which has the permissions of rwxr–r–, is owned by root, and belongs to the wheel group. Tarissa’s user account is T2T1000, and she is a member of the admin group. What can be done to allow her to run this script? (Choose all that apply.)
Add Tarissa to the wheel group. Create a new account for Tarissa named wheel. Add w to the script file's group permissions. Add x to the script file's group permissions. Nothing. Tarissa can run the script now.
A, D. From the choices listed, to allow Tarissa to run the script, add her to the wheel group and add execute (x) to the shell script file’s permissions. Thus, options A and D are the correct answers. Option B will do nothing for this situation and is a wrong answer. Adding write (w) to the group permissions will not allow her (or the wheel group members) to execute the file. Thus, option C is a wrong choice. Actions need to take place, so option E is incorrect.
Miles needs to change his present working directory to the /home/miles directory. He does not own the directory, nor is he a member of its group. Assuming needed parent directory permissions are set, what needs to take place for this to successfully occur?
Nothing. The /home/miles directory is Miles's home directory, so he can access it by default. The execute (x) permission needs to be added. The write (w) permission needs to be added. The read (r) permission needs to be added. The dash (-) permission needs to be added.
B. For Miles to change his present working directory to /home/miles, the other section must have the execute (x) permission. Therefore, option B is the correct answer. You do not know Miles’s home directory configuration, so you cannot assume it is /home/miles. Thus, option A is the wrong answer. The write (w) and read (r) permissions don’t allow a user to change his present working directory to this directory. Therefore, options C and D are incorrect answers. The dash (-) in a file permission listing is not a permission but instead shows the absence of a permission. Thus, option E is also an incorrect choice.
Sarah, a system administrator, attempts to create a file and receives an error message indicating the file cannot be created. Which of the following might be the problem? (Choose all that apply.)
The filesystem on which she is attempting to create the file has quotas set, and she is past her quota and grace period. The filesystem on which she is attempting to create the file has run out of space. The file that she is attempting to create has the immutable bit set and therefore cannot be created. The action is triggering either a SELinux or an AppArmor policy violation. The filesystem is experiencing inode exhaustion and therefore cannot accommodate any new files.
A, B, D, E. Options A, B, D, and E contain potential causes of Sarah’s file creation problem and are therefore correct answers. A file with an immutable bit cannot be deleted, and thus option C is the only incorrect choice.
A user cannot delete one of their files but is able to delete other files in their directory. John, a system administrator, is attempting to troubleshoot this issue. What command should he use first on the file?
chown chattr chmod umask lsattr
E. The lsattr command used on the file will display whether or not the immutable bit is set. If this bit is set, the user cannot delete the file until it is removed. Therefore, option E is the correct answer. The chown command changes a file’s ownership, and thus option A is the wrong answer. The chattr command can add or remove certain file attributes, such as the immutable bit, but is not helpful at this point, so option B is an incorrect answer. The chmod utility changes file permissions (modes), but it does not help in this situation, so option C is a wrong choice. The umask command displays or sets what permissions are removed from default permissions when a file or directory is created. This is not helpful here, so option D is an incorrect choice.
Melissa wants to set her default editor to the vim editor and wants this to stay set when she enters a subshell. What should she do?
Put EDITOR='vim' in the /etc/profile file. Put export EDITOR='vim' in the /etc/profile file. Put EDITOR='vim' in her ~/.profile file. Put export EDITOR='vim' in her ~/.profile file. Put export EDITOR='vim' in her ~/. bash.bashrc file.
D. When the export EDITOR=’vim’ line is put in her ~/.profile file, the default editor will be set to the vim editor for Melissa. It will also stay set when she enters a subshell. Thus, option D is the correct answer. If option A or B was completed, then everyone on the system would have the vim editor as their default editor. Therefore, options A and B are incorrect answers. Option C would set the vim editor as Melissa’s default editor, but it would not be set when she entered a subshell due to the missing export command. Thus, option C is also an incorrect answer. The . bash.bashrc file does not reside in the user’s local directory (it is located in the /etc directory) and is also not a hidden file, so option E is an incorrect choice.
Mark Watney, a system administrator, has his account, MW2015, modified by a new system administrator intern. When Mark logs into the system and tries to group a list of commands by using braces, it no longer works. No one else is having this problem. He suspects his account’s default shell has been changed from /bin/bash to /bin/tcsh. Which of the following will help determine if his suspicion is correct? (Choose all that apply.)
cat /etc/profile echo $SHELL sudo grep tcsh$ /etc/passwd sudo getent shadow MW2015 sudo getent passwd MW2015
B, C, E. The echo $SHELL command will show Mark his current shell. Though it could be a modified environment variable, this will help to determine if his default shell has been changed. Thus, option B is a correct answer. The sudo grep tcsh$ /etc/passwd command will display any /etc/passwd file records that have /bin/tcsh as their default shell, including Mark’s. Thus, option C is a correct answer too. The sudo getent passwd MW2015 command will show Mark’s account’s password file setting, including its default shell. Therefore, option E is also a correct answer. The option A command will display the settings in the profile environment configuration file, but since Mark is the only one experiencing the problem, the SHELL environment variable is not set with this method. Thus, option A is a wrong answer. The command in option D will show the shadow file records and not the password file records. Therefore, option D is an incorrect choice.
