Linux User Accounts Quiz

Questions and Answers

What is the primary purpose of a user account in a Linux system?

• To facilitate guest logins without restrictions
• To create a security boundary for users and programs (correct)
• To allow multiple users to run programs simultaneously
• To provide shared access to all files

Which user account type has full system access on a Linux system?

• Guest user
• Superuser (correct)
• Regular user
• System user

How can you view the user ID and group information of the currently logged-in user?

• Using the `ls -l` command
• Using the `whoami` command
• Using the `id` command (correct)
• Using the `groups` command

What does the ls -ld command accomplish?

Shows the owner of a directory without displaying its contents (C)

What represents a security feature of user accounts on a Linux system?

Unique user identification numbers (UIDs) (A)

Which command would you use to find out about another user's group membership?

id username (B)

Which type of user account is primarily used for running background services?

System user (D)

What is typically assigned to human users for secure logins?

A unique secret password (C)

What file does the system refer to for user password verification?

/etc/shadow (D)

What command is used to configure password aging in a Linux system?

chage (B)

If the maximum password age is set to 90 days, what happens after this period?

The user is forced to change their password. (C)

What does the '-E' option in the chage command specify?

Password expiration date (C)

What is the purpose of combining the salt with the plain text password during login?

To create a unique hash for each password (D)

What is the correct way to set a warning period of 7 days using the chage command?

-W 7 (A)

What is indicated by the command 'chage -l cloudadmin10 | grep "Account expires"'?

It displays the expiration date of a user’s account. (C)

Which behavior indicates that a user may have left an SSH session open?

Using sudo to access other users' files (A)

What privilege does the superuser account allow in a Linux system?

Override normal file system privileges (C)

When is it recommended to use the root user account in Red Hat Linux?

Only when performing administrative tasks (D)

What does the su command do when executed by a normal user?

Switches to another user account with a password requirement (A)

What happens if you omit the username when using the su command?

It attempts to switch to the root user by default (A)

Which of the following statements is true regarding the use of the root account?

Compromising the root account endangers system security (A)

What does the su - command do differently from the su command?

Starts a login shell (A)

What is a common responsibility of the root user?

Administering user permissions for normal users (D)

Which of the following best describes the potential risk of using the root account?

It can lead to accidental system damage (B)

What command is used to set the maximum password age for the operator1 user to 90 days?

chage -M 90 operator1 (A)

What is the significance of the command 'chage -d 0 operator1'?

It forces a password change on the first login for the operator1 account. (C)

How is the expiration date of the operator1 account set to 180 days from the current date?

By determining the future date with 'date -d '+180 days' +%F' (C)

What happens if a user tries to log in while their password is expired?

They will be required to change their password immediately. (C)

Which command would verify the password expiration details of the operator1 user?

chage -l operator1 (B)

What does the output 'Password inactive: never' indicate regarding operator1's account?

There is no period where the account will be inactive after the password expires. (D)

Upon logging in as operator1 after changing the password, what is the expected prompt?

You must change your password immediately. (D)

What is the purpose of the command 'sudo -i' when executed by student?

To open an interactive root shell. (A)

What is the maximum number of days a password can be used as per the new configuration?

180 (D)

Which command is used to edit the password aging policy in the configuration file?

vim /etc/login.defs (A)

What is the minimum number of days required between password changes?

0 (A)

What happens to existing users when default password and account expiry settings are applied?

They are unaffected. (B)

How many days of warning are provided before a password expires?

7 (C)

Which of the following is true regarding the creation of a supplementary group?

It allows members to run sudo commands. (D)

What is the purpose of setting PASS_WARN_AGE in the configuration?

To specify the number of days before password expiration that a warning is given. (B)

Which commands must be executed as root to create a new supplementary group and set its permissions?

sudo groupadd & sudo visudo (A)

What is the minimum password length requirement indicated in the example?

8 characters (A)

How long will the accounts consultant1, consultant2, and consultant3 remain active before expiry?

90 days (A)

Which command is used to change the expiry date of a user account?

chage (D)

What is the command to set a requirement for a user to change their password every 15 days?

chage -M 15 (D)

What does the command 'chage -d 0 user' do?

Requires the user to change the password at their next login (B)

Which of the following user types does NOT typically exist in a Linux environment?

Anonymous users (C)

What files contain critical user and group information in a Linux system?

/etc/passwd, /etc/group, and /etc/shadow (D)

Which commands are primarily used for executing commands as the superuser?

su and sudo (A)

Flashcards

What is a user account?

A user account provides security boundaries between individuals and running programs on a Linux system. It allows for unique identification and control over access to resources.

What is a UID (User ID)?

A unique numerical identifier assigned to each user account, used by the system to differentiate between users.

What is a password used for in user accounts?

A secret code used to authenticate user identity, ensuring that only authorized individuals can access their account.

What is file ownership?

A fundamental concept in system security, establishing the ownership of processes and files, thereby controlling access based on the user associated with them.

What is the superuser?

The primary administrative account on a Linux system, with complete control over all aspects of the system, including user management and file access.

What are system users?

User accounts used by system processes providing essential services, such as network management or printing. They run with limited privileges to ensure system security.

What are regular users?

User accounts designed for everyday tasks and personal use, granted limited access to the system for security reasons.

What is the 'id' command?

A command used to display information about the currently logged-in user or a specified user.

Root user

The superuser account in Red Hat Enterprise Linux, having full control over the system.

su

A command used to switch to a different user account in Linux.

su -

A variation of the 'su' command that starts a login shell.

Privilege escalation

The act of granting a regular user temporary root privileges.

sudo

A command that allows users to run specific commands with root privileges.

Removable device management

Normal users can manage removable devices such as USB drives.

Hard drive management

Root users can manage hard drives by default.

Device control

Only root can access and control certain system devices.

Password Verification

The process of verifying a user's identity by comparing the cryptographic hash of the entered password against the stored hash in the /etc/shadow file.

Salt

A random string of characters added to a user's password before hashing, making it harder to crack.

Cryptographic Hashing Algorithm

A special algorithm used to generate a unique digital fingerprint for a given password.

Password Aging

The process of setting rules and restrictions for how long a password can be used before requiring a change.

chage Command

A command-line tool for managing user password policies.

Minimum Age

The minimum number of days a password must be in use before it can be changed.

Maximum Age

The maximum number of days a password can be used before it must be changed.

Warning Period

The number of days before a password expires, a warning message is displayed to the user.

How to set a user's password maximum age?

This command changes a user's password settings, including maximum age. The format is chage -M <days> <username>.

How to check the expiration of a user's password?

This command displays the expiration settings of a user's password. The format is chage -l <username>.

How to force a password change on the first login?

Use the chage -d 0 <username> command to force a password change on the first login. This ensures a user is prompted to choose a new password right away upon logging in. This prevents accidental use of previously weak passwords.

PASS_MAX_DAYS

The maximum number of days a password can be used before it must be changed.

How to get a future date in Y-M-D format?

Use the date -d "<number> days" +%F command to calculate the specified date. The +%F format outputs the date in Year-Month-Day.

PASS_MIN_DAYS

The minimum number of days a user must wait before they can change their password again.

How to set a user account expiration date?

The chage -E <date> <username> command sets the expiration of a user account. The date format should be Year-Month-Day.

PASS_MIN_LEN

The minimum number of characters allowed in a password.

PASS_WARN_AGE

The number of days in advance a user is warned that their password is going to expire.

How to verify a user account's expiration settings?

This command displays information about a user's account. The format is chage -l <username>.

Default password policy

The default password policy applies only to new user accounts. Existing users are not affected by these settings.

Supplementary group

A group designed to supplement the main group membership, allowing users to perform specific tasks, such as using sudo for root privileges.

User-specific password aging policy

Allows users to customize password expiration policies on a per-user basis, overriding the default settings.

What is a password policy?

A password policy is a set of rules and guidelines that are designed to ensure the strength and security of passwords. This includes requirements like minimum length, complexity, and frequency of changes.

What does the chage command do?

The chage command is used to modify the password aging settings for a specific user account.

What does the -E option do with chage?

The -E option with chage is used to set the expiration date for a user's password.

What does the -M option do with chage?

The -M option with chage is used to set the maximum number of days a user can keep their password before being forced to change it.

What does the -d option do with chage?

The -d option with chage is used to force a user to change their password on their next login.

How to calculate the date 90 days from now?

The date command with the option -d +90 days calculates the date 90 days in the future. This is useful for setting account expiration dates.

What does the passwd command do?

The passwd command is used to modify a user's password.

What are password criteria?

A password must meet certain criteria to be considered secure. These criteria may include factors such as length, complexity, and the absence of common patterns.

Study Notes

Manage Local Users and Groups

• User accounts provide security boundaries between users and programs.
• Users are identified by usernames and unique identification numbers (UIDs).
• User accounts are essential for system security; every process runs as a specific user.
• File ownership determines access control for users.
• User account types include superuser (root, UID 0), system users, and regular users.
• Superusers have full system access.
• System users run supporting services.
• Regular users have limited access for daily tasks.

User Accounts

• User accounts are fundamental to system security.
• Every process on the system runs as a particular user.
• Every file has an owner.
• The user associated with a running process determines the files and directories accessible to that process.

Superuser

• The superuser account (root) administers the system.
• Root has a UID of 0.
• Root has full system access.

System Users

• System users are used by processes that provide supporting services.
• These processes (often called daemons) typically do not need superuser privileges.
• System users have less access to protect their files from other processes and users.

Regular Users

• Most users have regular user accounts.
• Regular users have limited system access for everyday work.

User Management Commands

• id: Displays information about the currently logged-in user or another user.
• ls -l: Lists file details, the third field shows the owner name.
• ps -au: Lists all running processes and shows the user associated with each process. -su/sudo: Allows users to temporarily take on the privileges of another user. The sudo command is commonly used in situations where access to the root user is required without needing the user to know the password of the root user. This offers more security features than su.

Linux File Structure

• /etc/passwd: Contains information about local users (username:encrypted password:uid:gid:user comment:home directory:shell).
• /etc/group: Contains information about local groups (group name:password field:GID:list of user names).