linux basic security

Question 1

explain what this does and every part:
cat /etc/passwd | grep “/root”

Answer 1

This command will display the information related to user accounts where the home directory is set to “/root”

1) cat displays file content of /etc/passwd
2) /etc/passwd is a system file that stores information about users
3) | a command-line operator that allows the output of one command to be passed as input to another command
4) grep “/root” filters out results to display the lines that match the search criteria

Question 2

explain what this does and every part:
cat /etc/passwd | grep “seed”

Answer 2

1) cat displays file content of /etc/passwd
2) /etc/passwd is a system file that stores information about users
3) | a command-line operator that allows the output of one command to be passed as input to another command
4) grep “seed” filters out results to display the lines that match the search criteria

Question 3

what is and what does it contain:
/etc/passwd

Answer 3

1) it is a plain text file that stores essential information required during login for every user account
2) contains user fields separated by comma
e.g.
name:password:UID:GID:User info:Directory:Shell
sarah:x:1001:Sarah Selama:/home/sarah:/bin/bash

Question 4

what type of access does /etc/passwd have and why:

Answer 4

1) read only
2) because many command utilities and system processes rely on it to map user IDs (UIDs) to user names

Question 5

which user has write access to the /etc/passwd file:

Answer 5

root user (superuser)

Question 6

length of user in /etc/passwd

Answer 6

1-32 characters

Question 7

x in /etc/passwd

Answer 7

1) an encrypted password saved in the /etc/shadow file
2) can be used ONLY by root to verify/write a user password

Question 8

what are the UID numbers reserved for in /etc/passwd

Answer 8

1) zero for /root
2) 1-99 are for predefined accounts
3) 100-999 are reserved by system for
administrative and system accounts/groups

Question 9

what happens when a user tries to log in

Answer 9

1) the operating system will compare username and password with those in the /etc/passwd file, once authentication..
2) the operating system creates an initial process specifically for that user (user’s login shell)
3) UID of this initial process is set based on the third field of the corresponding entry in the /etc/passwd file

Question 10

two ways to add a user

Answer 10

1) use adduser command
2) manually add a new record to the /etc/passwd and /etc/shadow files

Question 11

what will this display:
grep seed /etc/group

Answer 11

groupname:x:GID:user1:user2:….:usern

Question 12

what will this display:
groups

Answer 12

the names of all the groups for the currently logged-in users

Question 13

break this down and what it does:
sudo usermod -a -G prof user1

Answer 13

> sudo: execute superuser commands
usermode: modify user
-a: append
-G: groupname, followed by username

Question 14

what is:
sudo groupadd prof

Answer 14

> creates a group called “prof”

Question 15

types of access on files and explain each:

Answer 15

– read (r): user can view the contents of the file
– write (w): user can change the contents of the file
– execute (x): user can execute or run the file if it is a program or script

Question 16

types of access for directories and explain each

Answer 16

– read (r): user can list the contents of the directory (e.g., using ls)
– write (w): user can create files and sub-directories inside the directory
– execute (x): user can enter that directory (e.g., using cd)

Question 17

the two categories that rights are divided into

Answer 17

> permission
ownership

Question 18

difference between:
ls -al and ls -ls

Answer 18

-al includes all the files that start with a “.”
-ls excludes all the files that start with a “.”

Question 19

columns of ls:

Answer 19

file size (blocks)
file type
owner access rights
group access rights
other access rights
number of links
user owning the file
groups owning the file
file size (bytes)
date: MDY
filename

Question 20

what is umask

Answer 20

a system setting that determines the default permissions for newly created files and directories

Question 21

which commands do you use to set permissions to a file and create it

Answer 21

• umask (umask value)
• touch (filename.type)

Question 22

which command do you use to create new directory in the current directory

Answer 22

• mkdir (new_directory)

Question 23

what happens if mkdir (new_directory) throws an error and how do you handle it

Answer 23

• it means directory already exists
• create a parent directory using:
  $ mkdir -p main_directory/intermediate_directory/target_directory
  which then you can use to add your new directory

Question 24

what is ls -l t*

Answer 24

a command that shows details of every file that starts with the letter t
* represents any character after t

Question 25

what happens if you run - umask 022 - touch t1 but file t1 exists

Answer 25

it will update the timestamp and that's it

Question 26

what is the ACL (access control list) model

Answer 26

a model that allows file owners or privileged users to grant rights to specific subjects (users, or group of users)

Question 27

difference between traditional model and ACL model

Answer 27

- the traditional model has a fixed number of permission sets (owner, group, others) - the ACL model allows for additional entries to specify permissions for specific users or groups. ACL provides more flexibility in assigning permissions, allowing for more customized access control

Question 28

the length of permission list and the subjects in ACL

Answer 28

- length is 3 (rwx) - subject is either owner, group, or other

Question 29

difference between getfacl and setfacl

Answer 29

- getfacl retrieves the ACL entries for a file or directory and displays them - setfacl sets or modifies the ACL entries for a file or directory, allowing you to define or change the access control settings

Question 30

breakdown: setfacl {-m, -x} {u,g}::[r,w,x]

Answer 30

> setfacl: modified the ACL entries for a file or directory > -m: modify ACL entries > -x: removes ACL entries > u: for user > g: for group > : of user or group > [r,w,x]: rwx permissions > : specifies the file or directory for which the ACL entries are being set or modified

Question 31

what does the + indicate here: -rw-rw-r--+

Answer 31

that ACLs are defined

Question 32

what is the structure of the password entry in the /etc/shadow file

Answer 32

$id$salt$password_hash$ > id: specifies the algorithm id > salt: random numbers added to password to make them complex > password_hash: output of user's password that was passed into a hash function

Question 33

what does "!" mean in the password field

Answer 33

account has been locked or disabled