Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 5. Managing Users > Answers to Review Questions

5.10. Answers to Review Questions

  1. A, C. A Linux username must contain fewer than 32 characters and start with a letter, and it may consist of letters, numbers, and certain symbols. Options A and C both meet these criteria. (Option C uses mixed upper- and lowercase characters, which is legal but discouraged.) Option B begins with a number, which is invalid. Option D is longer than 32 characters.

  2. A. Groups provide a good method of file-access control. Although they may have passwords, these are not account login passwords; those passwords are set on a per-account basis. Files do have associated groups, but these are in addition to individual file ownership, so they cannot be used to mask the file's owner. Deleting a group does not delete all the accounts associated with the group.

  3. B, C. Direct login as root and using su to acquire root privileges from an ordinary login both allow a user to administer a system. The chgrp command is used to change group ownership of a file, not to acquire administrative privileges. Although Linux does support a single-user emergency rescue mode, this mode isn't invoked simply by having only one user logged on.

  4. D. The -num parameter restricts last to the last num logins, as option D specifies. The -i parameter of option A causes output to show IP numbers rather than hostnames; it doesn't change the number of logins shown. The last command doesn't have -since or -limit parameters.

  5. D. Both the superuser and the account owner may change an account's password. The utility for doing this is called passwd, not password. Although an individual user might use just lowercase letters and numbers for a password, Linux also supports uppercase letters and punctuation. The system administrator may enforce once-a-month password changes, but such changes aren't required by Linux per se.

  6. D. Either chage -E or usermod -e may be used for this task, followed by a date expressed in YYYY/MM/DD or YYYY-MM-DD format. Option A uses the wrong parameter (-I), and option B uses the nonexistent userchange command. Option C is actually a legal command, but it specifies a date 2005 days after January 1, 1970—in other words, in mid-1975.

  7. A. The groupadd command creates one group per call to the program. Such a group may be a user private group, but need not be. Group passwords are created with gpasswd, not groupadd.

  8. A, C. The groupdel command modifies the group configuration files, and it checks the user configuration files to be sure that it doesn't "orphan" any users first. The group may contain members, though, as long as none lists the group as its primary group. The groupdel command performs no search for files belonging to the group, but it's a good idea for you to do this manually either before or after removing the group.

  9. D. Although Red Hat and Mandriva use the user private group strategy by default, you can design and use another strategy. Likewise, you may use the user private group strategy with any Linux distribution, even if it doesn't use this strategy by default. Ordinary users can't create groups by themselves, although if they're group administrators in a user private group system, they may add other users to their own existing groups.

  10. C. The newgrp command changes the user's active group membership, which determines the group associated with any files the user creates. This command is not required to give the user access to files with other group associations if the user is a member of the other group and the file has appropriate group access permissions. Files have exactly one group association, so a user who belongs to multiple groups must specify to which group any created files belong. This is handled at login by setting a default or primary group recorded with the user's other account defaults in /etc/passwd.

  11. A. Education helps users to understand the reasons to be concerned, which can motivate conformance with password procedures. Cracking procedures are common knowledge, so withholding general information won't keep that information out of the hands of those who want it. Copying password files and sending unencrypted passwords through e-mail are both invitations to disaster; encrypted files can be cracked, and e-mail can be intercepted.

  12. B. One or both of daemon and mail might be required by the mail server or other system software, so these are poor prospects for removal. Likewise, nobody is used by a variety of processes that need only low-privilege access rights. The games account is most frequently used by games for high-score files and the like and so is most likely unused on a mail server.

  13. D. When an x appears for entries in the second field of the passwd file, it indicates that the passwords are stored elsewhere—in the /etc/shadow file. Expiration information is stored in /etc/shadow, not /etc/passwd. An account that does not require a password for login has an empty password field in /etc/passwd or /etc/shadow.

  14. C. The pwconv utility is used to convert conventional passwords to shadow passwords (the opposite of this action is performed by pwunconv). skel is a file, not a utility, that holds a "skeleton" of settings to be applied to newly created users. The shadow file (/etc/shadow) is where the passwords are stored, but it is not a utility. crypt is a utility that hashes data; it can be used to encrypt passwords, but doesn't convert conventional to shadow passwords or vice versa.

  15. B, D. The who and w commands both display lists of currently logged-in users, as the question specifies. The login program manages text-mode console logins and some types of remote logins; it presents the login: and password: prompts and then, if the user is authenticated, launches a shell. The which command tells you whether a command is internal to the shell, a shell alias, or an external command; it has nothing to do with who's logged in.

  16. A. The whoami command displays the effective user ID—the username associated with the command, which will in turn be the username associated with the current shell. Option B will display the current account database file, but this information won't help answer the question of what account you're using. Even if a desktop environment has a File » User menu item, that item won't reliably tell you whose account you're using at a command shell. Any shell you launch from the current one will run with the current shell's privileges, so option D won't be effective.

  17. A. Linux's password tools support passwords longer than eight characters for MD5 or SHA hashes, but not for 3DES hashes. 3DES hashes are limited to passwords of eight characters or less.

  18. C. Linux supports multiple simultaneous logins through its standard console through the use of virtual terminals (VTs). From a text-mode login, pressing the Alt key along with a function key from F1 to F6 typically switches to a different virtual screen. Multitasking allows the machine to do more than one task at a time, while multithreading simply means that more than one thread can be executed at a time. Concurrency is not a common term used other than describing how many different users can log on at one time.

  19. B. While the userdel utility removes the user, the –r parameter causes the system to remove all files from the user's home directory, as well as the home directory itself. There is no –a option for the userdel utility, and there is no standard utility in Linux named deluser.

  20. B. The sudo program restricts root access to a single command at a time, thus minimizing the risk of mistakenly running a command as root when an ordinary user account would suffice. Of the options listed, options A and C are both somewhat less secure than using sudo, while option D is downright dangerous because of the risk of data interception.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint