Study Guide - Chap15: Applying Ownership and Permissions

Question 1

2- What user categories can be assigned permissions in Linux? (Choose three.)

• Root
• Owner
• Group
• Others
• Department

Answer 1

• Owner
• Group
• Others

The three categories Linux uses for assigning permissions are the owner, the group, and all others on the system; thus answers B, C, and D are correct. The root user account already has full permissions on all files and folders, so it’s not specified as a separate category, so option A is incorrect. Linux doesn’t use a department category because departments must be defined as groups, so option E is also incorrect.

Question 2

3- Sam needs to allow standard users to run an application with root privileges. What special permissions bit should she apply to the application file?

• The sticky bit
• The SUID bit
• The GUID bit
• Execute
• Write

Answer 2

The SUID bit

The Set User ID bit (SUID) allows all users to run applications as the root user account, so option B is correct. The sticky bit prevents users from deleting files for which they have group permissions but don’t own. It doesn’t allow users to run the file with root privileges, so option A is incorrect. The GUID bit directs Linux to set all files in a directory with the directory’s group assignment and not that of the user account creating the file. However, it doesn’t allow users to run files as the root user account, so option C is incorrect. The execute and write bits set those permissions for the standard category of users, groups, or others. They don’t allow users to run files as the root user account, so both options D and E are incorrect.

Question 3

SUID bit

Answer 3

A special permission bit (represented by ‘s’) that allows a file to execute with the permissions of the file owner rather than the user running it, enabling privilege escalation for specific programs.

Question 4

SDIG bit

(book might mistakenly call it the GUID bit)

Answer 4

A special permission bit (represented by ‘s’) that when set on files allows execution with group owner privileges, or when set on directories makes new files inherit the directory’s group ownership.

Question 5

Sticky Bit

Answer 5

A special permission bit (represented by ‘t’) set on directories that allows only the file owner or root to delete files within that directory, commonly used on /tmp.

Question 6

4- What are the equivalent symbolic mode permissions for the octal mode value of 644?

• rwxrw-r–
• -w–w–w-
• -w-r–r–
• rwxrw-rw-
• rw-r—r–

Answer 6

rw-r—r–

The octal mode permission 644 represents read/write for the owner and read only for the group and other categories. In symbolic mode that would be rw-r–r–, so option E is correct. Option A, rwxrw-r–, would be octal mode 764, so it is incorrect. Option B, -w–w–w-, would be octal mode 222, so it is incorrect. Option C, -w-r–r–, would be octal mode 244, so it is also incorrect. Option D, rwxrw-rw-, would be octal mode 766, so it too is incorrect.

Question 7

5- Fred was assigned the task of creating a new group on the company Linux server and now needs to assign permissions for that group to files and directories. What Linux utility should he use to change the group assigned to the files and directories? (Choose all that apply.)

• chgrp
• chown
• chmod
• chage
• ulimit

Answer 7

• chgrp
• chown

The chgrp command is used to change the group assigned to a file or directory; however, you can also specify a new group with the chown command to change the owner and the group at the same time, so both options A and B are correct. The chmod command changes the permissions assigned to a file or directory but not the group, so option C is incorrect. The chage command is used to control the password of user accounts, not the group assigned to a file or directory, so option D is incorrect. The ulimit command is used to restrict the system resources a user account can use, not to set the group assignment of a file or directory, so option E is incorrect.

Question 8

chgrp

Answer 8

Changes the group ownership of files and directories, allowing you to assign files to different groups for access control purposes.

Question 9

chown

Answer 9

Changes the user ownership (and optionally group ownership) of files and directories, typically used with syntax chown user:group filename.

Question 10

chmod

Answer 10

Modifies file and directory permissions using either symbolic notation (u+rwx) or octal notation (755) to control read, write, and execute access.

Question 11

ulimit

Answer 11

Sets or displays system resource limits for the current shell session, controlling things like maximum file size, number of open files, and memory usage.

Question 12

6- ally needs to view the ACL permissions assigned to a file on her Linux server. What command should she use?

• ls -Z
• ls -l
• getfacl
• chmod
• setfacl

Answer 12

getfacl

The getfacl command retrieves all of the ACL permissions assigned to a file or directory, so option C is correct. The -Z option added to the ls command displays SELinux context settings, not ACL permissions, so option A is incorrect. The -l option of the ls command displays the standard Linux file permissions, not the ACL permissions, so option B is incorrect. The chmod command allows you to change the standard permissions assigned to a file or directory, not display the ACL permissions, so option D is incorrect. The setfacl command allows you to change the ACL permissions for a file or directory, but not view them, so option E is incorrect.

Question 13

setfacl

Answer 13

Modifies Access Control Lists (ACLs) on files and directories, allowing you to set granular permissions for specific users and groups beyond traditional owner/group/other permissions.

Question 14

getfacl

Answer 14

Displays the Access Control Lists (ACLs) for files and directories, showing detailed permissions including extended ACL entries beyond standard Unix permissions.

Question 15

7- What SELinux mode tracks policy violations but doesn’t enforce them?

Disabled
Enforcing
Targeted
Permissive
MLS

Answer 15

Permissive

The permissive mode in SELinux logs policy violations but doesn’t prevent the action from happening, so option D is correct. The disabled mode allows all actions to happen but doesn’t log them, so option A is incorrect. The enforcing mode logs policy violations and enforces them, so option B is incorrect. Options C and E, targeted and MLS, are not SELinux modes but rather define what types of daemons to monitor; they are both incorrect.

Question 16

SELinux mode: Enforcing

Answer 16

In this mode, SELinux actively enforces access control policies. It denies unauthorized actions and generates audit logs for policy violations.

Question 17

SELinux mode: Permissive

Answer 17

SELinux does not enforce access control policies in this mode but logs policy violations. This mode is useful for analysis and debugging purposes.

Question 18

SELinux mode: Disabled

Answer 18

When SELinux is completely disabled, the kernel reverts to the default Discretionary Access Control (DAC) model

Question 19

8- Ted is tasked with documenting the SELinux security context assigned to a group of files in a directory. What command should he use?

• getsebool
• setsebool
• ls -Z
• getenforce
• ls -l

Answer 19

ls -Z

The -Z option of the ls command displays the SELinux security context assigned to a file or directory, so option C is correct. The getsebool command displays the current setting for a policy rule, not the security context of files, so option A is incorrect. The setsebool command enables or disables a policy rule, and it doesn’t display the security context of a file, so option B is incorrect. The getenforce command displays the current SELinux mode, not the security context of files, so option D is incorrect. The -l option of the ls command displays the standard permissions assigned to a file, not the SELinux security context of the file, so option E is incorrect.

Question 20

Mary is required to log into her Linux system as a standard user but needs to run an application with administrator privileges. What commands can she use to do that? (Choose all that apply.)

• su
• wheel
• visudo
• sudo
• adm

Answer 20

• su
• sudo

The su command allows you to run an application as another user, including the root user account, and the sudo command allows you to run an application as the root user account, so options A and D are both correct. Both wheel and adm are user groups that provide administrator privileges, but they aren’t commands that run applications themselves, so options B and E are both incorrect. The visudo command opens an editor to edit the sudoers file so you can edit it, but it can’t run other applications, so option C is incorrect.

Question 21

10- What user groups are commonly used to assign privileges for group members to run applications as the administrator? (Choose two.)

• lp
• adm
• wheel
• sudo
• su

Answer 21

• wheel
• sudo

Red Hat–based distributions use the wheel group and Debian‐based distributions use the sudo group to allow members to gain administrator privileges on the system to run applications, so options C and D are correct. The lp group is used to grant access to system printers, not run applications with administrator privileges, so option A is incorrect. The adm group is commonly used in Debian‐based systems to grant access to log files, but not run applications with administrator privileges, so option B is incorrect. Option E, su, is a command‐line command for running commands as another user, not a user group, so it is incorrect.

Question 22

lp

Answer 22

group for access to printers

Question 23

adm

Answer 23

group in Debian systems for accessing logs