Unit 1 - Practice Quiz

The Linux kernel is famously developed under an open-source model, meaning its source code is freely available for anyone to view, use, and modify.

The kernel is the central part of the OS, responsible for managing hardware, memory, CPU scheduling, and other low-level system resources.

A shell is a command-line interpreter; it takes commands from the user and executes them by making requests to the operating system's kernel.

The ls command is the standard Linux utility for listing directory contents. While dir might work on some systems for compatibility, ls is the native and universal command.

pwd stands for 'print working directory' and it displays the full path of the directory you are currently in.

The man command is the standard way to access the system's manual pages (man pages) for detailed information about a command.

Many commands support the --help flag to print a short usage summary directly to the terminal, which is often faster than reading the full man page.

The useradd command is the standard low-level utility for creating a new user account on a Linux system.

The /etc/passwd file is a plain text file that contains a list of the system's user accounts and their basic attributes, readable by all users.

The passwd command is used by users to change their own password or by the root user to change any user's password.

groupadd is the standard command for creating a new group on a Linux system.

The /etc/group file defines the groups on the system, mapping group names to GIDs and listing their members.

sudo (superuser do) allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers file.

The /etc/sudoers file contains the rules that define sudo access policies. It should always be edited with the special visudo command to prevent syntax errors.

The chage -l command lists account aging information, including the last password change, password expiration date, and whether the account is inactive or locked.

The id command provides a summary of the current user's (or a specified user's) identity, including their UID, primary GID, and all supplementary group memberships.

After the BIOS/UEFI initializes the hardware, the bootloader's main job is to locate the Linux kernel on the disk and load it into RAM to begin the OS startup process.

The BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) is firmware on the motherboard that initializes the hardware (POST) and then finds and executes the bootloader.

On most modern systems, /etc/default/grub contains the main configuration settings. After editing this file, you must run update-grub or a similar command to apply the changes to the actual /boot/grub/grub.cfg file.

The GRUB boot menu is interactive. By pressing a key (often 'e'), the user can edit the boot parameters for the current boot session only. These changes are not saved and will be gone on the next reboot.

The open-source nature of the Linux kernel means its source code is freely available to view, modify, and redistribute. This allows developers to directly alter components like drivers to fit specific needs, which would not be possible with proprietary, closed-source operating systems.

This is the most robust method. find ... -mtime -1 correctly identifies files modified within the last day. The crucial part is using -print0 which separates filenames with a null character, and xargs -0 which reads null-separated input. This combination correctly handles filenames that contain spaces or other special characters, which would cause simpler pipelines to fail.

This entry is the most specific and adheres to the principle of least privilege. It specifies the user (auditor), the hosts they can run from (ALL), the user they can run as (root), and the absolute path to the exact command with its allowed arguments. The other options are too permissive: one allows tailing any file, another grants full root access, and the last one incorrectly applies the rule to a group instead of a user.

The kernel itself is kept small and doesn't contain every possible driver. The initramfs is a small, temporary root filesystem loaded into memory. Its main job is to contain the necessary kernel modules (e.g., for LVM, RAID, or specific disk controllers) required to mount the actual root filesystem. Once the real root is mounted, the system pivots to it and continues the boot process.

The useradd command provides flags for common setup tasks. -m creates the home directory, -s sets the shell, and the -e YYYY-MM-DD flag specifically sets the account expiration date. The chage command can also set this, but the -e flag allows it to be done in a single useradd command.

The man -k command (which is equivalent to apropos) searches the short descriptions of all manual pages for a given keyword. This is the perfect tool for discovering commands when you know what they do but not their exact name. whatis only finds exact matches, and man requires the exact page name.

This is a common and critical distinction. Using usermod -G without the -a (append) flag will overwrite all of the user's current supplementary groups, potentially revoking necessary permissions. The -aG combination ensures the user is added to the new group while retaining all previous group memberships.

A user's group memberships are read and cached when their login session is created. Adding a user to a new group does not affect their current, active sessions. The user must log out completely and log back in to start a new session with a new security token that includes the new group. This is a very common troubleshooting scenario.

The /etc/default/grub file is a configuration source file, not the file GRUB reads at boot. The grub2-mkconfig utility reads this file and other system settings to generate the actual bootloader configuration file, /boot/grub2/grub.cfg. Without running this command, the changes made to /etc/default/grub will have no effect. On Debian/Ubuntu systems, the equivalent command is update-grub.

The % prefix correctly identifies jr_admins as a group. The rule ALL = /path/to/command grants permission to run the specified command after password authentication. The NOPASSWD: tag would violate the authentication requirement. Not using the % would apply the rule to a user named jr_admins, not the group. The last option is syntactically incorrect for this purpose.

The pipe | is a fundamental feature of the shell for creating command pipelines. It connects the standard output (stdout) of the command on its left to the standard input (stdin) of the command on its right. In this case, the full process list generated by ps aux is 'piped' into grep, which then filters that list for lines containing 'httpd'.

In the shadow password suite, a single exclamation mark ! or a double exclamation mark !! in the password field (the 2nd field) of the /etc/shadow file (or sometimes reflected in /etc/passwd with a placeholder) indicates that the account is locked and no password hash can match, thus preventing login.

The process begins with the system firmware (UEFI) which initializes hardware. UEFI then executes the bootloader (GRUB) from the EFI System Partition. GRUB loads the Linux kernel and the initramfs into memory and passes control to the kernel. The kernel uses the initramfs to mount the root filesystem, and then starts the initial process, systemd (PID 1), which brings the system up to a functional state.

Given the provided permissions, user jane (as part of the devs group) has both read (r) and execute (x) permissions on the script file itself. The directory permissions also allow her to access the file. Therefore, the 'permission denied' error is not coming from the execution of the script itself, but most likely from an action within the script (e.g., trying to read/write a root-only file) that she is not authorized to perform.

Preemptive multitasking is the feature where the kernel's scheduler is responsible for allocating CPU time slices to all running processes. It can interrupt (preempt) a process that has used up its time slice to allow other processes to run. This ensures that a single, resource-heavy process cannot monopolize the CPU and that all processes get a fair share of processing time, which is critical for system responsiveness.

On modern systems using systemd, the correct parameter to boot into a single-user-like maintenance mode is systemd.unit=rescue.target. While 1 or single often work as aliases for compatibility, rescue.target is the explicit systemd target for this purpose. init=/bin/sh is a more drastic measure that bypasses the init system entirely, dropping you directly into a shell.

The groupadd -r or groupadd --system command is specifically designed to create a system group. It automatically picks a free Group ID (GID) from the range defined for system accounts in /etc/login.defs (e.g., SYS_GID_MIN to SYS_GID_MAX), which is the standard and recommended practice. While groupadd -g 500 would work, it requires manual selection of a GID. addgroup --system is a Debian/Ubuntu specific front-end, but groupadd -r is more universal.

Man pages use the less pager by default. In less (and vi/vim), you can search forward for a pattern by typing / followed by the pattern and pressing Enter. The n key will then jump to the next occurrence, and N will jump to the previous one. ? is used for searching backward.

The most critical feature of visudo is its built-in syntax checker. A syntax error in /etc/sudoers will cause the sudo command to fail for all users, potentially locking administrators out of privilege escalation. visudo edits a temporary copy of the file and only overwrites the original if the syntax is valid, thereby preventing this catastrophic failure mode.

The userdel command is used to delete user accounts. By default, it only removes the user's entry from system account files like /etc/passwd. The -r or --remove flag is crucial; it tells userdel to also remove the user's home directory and mail spool. While the rm command could be run separately, using userdel -r is the standard, atomic, and recommended way to perform this action.

The initramfs (initial RAM filesystem) contains a minimal set of drivers and utilities needed to mount the real root filesystem. If it lacks the driver for the storage controller (like SATA/AHCI or NVMe) or the filesystem itself (ext4, XFS, etc.), the kernel will be unable to access the physical device, even if the kernel parameters like root=UUID=... are correct. This is a common failure mode after a kernel upgrade if the initramfs generation process fails to include a required module. The other options are less likely: /etc/fstab is read after the root filesystem is mounted; a corrupted kernel would likely cause a kernel panic before the initramfs shell; a BIOS/UEFI mode mismatch would typically prevent the bootloader (GRUB) from even starting.

The sudoers file is parsed from top to bottom, and for rules that match a user, the last matching rule takes precedence. If a generic rule like junior_admin ALL=(ALL) ALL (which requires a password by default) appears after the more specific NOPASSWD rule, it will be the one that applies to any command it matches. Since it matches both tcpdump and top, it would override the previous entry. The most common mistake is to add specific permissions at the top of the file while a generic rule exists at the bottom.

The standard find command separates filenames with newlines, and the standard xargs command splits input on whitespace (spaces, tabs, newlines). This breaks when a filename itself contains a space. The -print0 option for find tells it to use a null character (\0) as a separator. The corresponding -0 option for xargs tells it to expect null-terminated strings. Since the null character is the only character that cannot exist in a valid Linux filename, this combination is the most robust and secure way to pipe filenames from find to xargs.

The userdel -r command removes the user's account from system files (e.g., /etc/passwd) and also removes their home directory and mail spool. It does not search the entire filesystem to find and manage other files owned by that user. The files in /srv/data will remain. Because the user john no longer exists in /etc/passwd, commands like ls -l cannot resolve the stored UID to a username. Consequently, they will display the raw numerical UID as the owner, indicating an 'orphaned' file.

Editing the boot parameters in the GRUB menu (usually by pressing 'e') is a temporary, one-time modification. The changes are held in memory and used for that boot instance only. They are not written back to the persistent grub.cfg file on disk. This is a critical feature for system recovery and diagnostics, as it allows booting with special parameters (like single-user mode) without making permanent changes.

To access any file or directory in a path, a user must have execute (x) permission on every parent directory in that path. This is known as 'traverse' permission. Even if /opt/app/data has the correct permissions, if Jane cannot traverse through /opt or /opt/app because the execute bit is not set for her (either via user, group, or other permissions), the kernel will deny access to the final directory before even evaluating its permissions.

The "VFS: Unable to mount root fs" error at this stage means the kernel cannot find or mount the specified root device. The initramfs is a temporary RAM-based filesystem whose primary job is to provide the necessary drivers for the kernel to access the real root filesystem. If this image was built incorrectly during the kernel upgrade and is missing a required module (e.g., nvme.ko for an NVMe SSD or xfs.ko for an XFS filesystem), the kernel won't be able to access the block device, leading to this exact error. /etc/fstab is not read until after the root filesystem is mounted.

Sudo rules are very specific and must match the exact command path being executed. The user is running /usr/bin/systemctl, but the rule only allows for /bin/systemctl. The sudo rule does not match, so access is denied. The correct and secure fix is to change the path in the sudoers rule to match the actual location of the executable. Option A is insecure as it allows any systemctl command (reboot, poweroff, etc.). Option B doesn't fix the path mismatch. Option D has incorrect syntax.

The newgrp command logs the user into a new group. It accomplishes this by starting a new shell instance (technically, it uses exec to replace the newgrp process with a new shell). In this new shell, the user's effective GID is changed to the one specified (data), meaning new files created will be group-owned by data. Critically, the user retains their full list of original supplementary groups for permission checking purposes. The change is not permanent and only lasts for the duration of the new shell.

Placing commands within parentheses (...) executes them in a separate subshell. Any environment changes made within the subshell, such as changing the current working directory with cd, are local to that subshell and are discarded when it exits. The parent shell's environment, including its current directory, remains completely unaffected. This is a powerful technique for performing operations in a different context without disrupting the flow of a script.

This question tests knowledge of where low-level system information is defined. The system call numbers are part of the kernel's ABI (Application Binary Interface) and are defined in architecture-specific kernel headers. On an x86_64 system, unistd_64.h contains the #define preprocessor directives that map the symbolic name (e.g., __NR_openat) to its specific integer value. This is the canonical source. The other options are less direct: info and man pages describe the usage of the calls, and apropos is for finding documentation, not implementation details like syscall numbers.

The key distinction lies in how tasks are handled when they are executing in kernel mode (e.g., during a system call). All modern kernels can preempt tasks in user mode. However, a fully preemptive kernel (like the standard modern Linux kernel) can also interrupt a task that is currently executing inside the kernel, provided it's in a preemptible section of code. This reduces latency and improves system responsiveness. A non-preemptive kernel would have to wait for the task to finish its kernel-mode work, block on I/O, or explicitly yield the CPU before a higher-priority task could be scheduled.

This is a multi-part requirement. -u 1500 -g users -d /home/temp sets the basic attributes. The -m flag is essential to create the home directory. The trick to prevent populating it is the -k /dev/null flag. This tells useradd to use /dev/null as the skeleton directory, which effectively means copying no files. Option A might work but could produce an error message about the non-existent directory. Option C (-M) explicitly prevents the creation of the home directory. Option D is not a valid flag; there is no --no-skel option in standard useradd.

When a user's shell is set to /sbin/nologin or /bin/false in /etc/passwd, it designates them as a non-interactive system account. After successful authentication, the system attempts to execute this 'shell'. These programs are designed to print a message and immediately exit with a non-zero status code, which terminates the session. This is the classic symptom. A DenyUsers directive would prevent authentication itself. Incorrect home directory ownership would likely prevent login or cause errors within the shell, but not an immediate clean exit. A broken .bashrc is possible but setting the shell to /sbin/nologin is a more common administrative technique that produces this exact behavior.

The Defaults directive in sudoers can be scoped. The Defaults!Command_Path syntax applies the following default settings only to the specified command. The requiretty option, often enabled globally for security, prevents sudo usage from sessions without a controlling terminal (TTY). The !requiretty syntax negates this setting. Therefore, this line specifically carves out an exception for /usr/bin/find, making it usable in scripts or cron jobs, while the global requiretty setting (if present) remains in effect for all other commands.

systemd-boot is a simple UEFI boot manager that does not use the complex scripting of GRUB. It reads its configuration from plain text files located in /boot/loader/entries/. Each .conf file in this directory describes a bootable entry. To permanently add a kernel parameter, the administrator must directly edit the options line within the appropriate .conf file for that kernel. Options related to grub are irrelevant. While /etc/kernel/cmdline is used by some helper scripts like kernel-install to populate these files, the most direct and universally applicable method is to edit the entry file itself.

The s in the group permissions (rws) of the parent directory is the setgid (Set Group ID) bit. When setgid is on a directory, it has two effects: 1) Any new file or directory created within it will inherit the group ownership of the parent directory (projecta in this case). 2) If a new subdirectory is created, the setgid bit will be automatically set on that new subdirectory as well, propagating the inheritance behavior. Therefore, bobs_work will be owned by group projecta and will also have the setgid bit (rwxrws---), assuming a standard umask like 0002.

switch_root is a specific user-space utility designed for the final transition from initramfs. Its key distinguishing feature compared to a manual pivot_root is that it first deletes all files in the current root filesystem (tmpfs of the initramfs). This is critical because it frees up all the RAM that the initramfs was occupying. After clearing the initramfs, it performs a chroot operation to the new, real root filesystem (which must already be mounted) and then uses exec to replace itself with the real init process (e.g., systemd), which becomes PID 1.

This is a powerful, built-in feature of Bash. The special file path /dev/tcp/host/port is interpreted by the shell to open a TCP socket. The exec command applies the redirection to the shell itself. The <> operator opens the 'file' for both reading and writing. The 3 assigns this open connection to file descriptor 3. Subsequent commands in the script can then read from and write to this socket using >&3 and <&3, allowing for direct network I/O from within the shell script without needing external tools like netcat.

This question tests detailed knowledge of the /etc/shadow file format (user:pass:lastchange:min:max:warn:inactive:expire). The third field, lastchange, stores the date of the last password change as days since the Unix epoch. It has a special-case value: if this field is set to 0, the system interprets this as a flag to force a password change on the next login. The user will be able to authenticate with their current password but will not get a shell until they have successfully chosen a new one.