Unit 2 - Practice Quiz

The chmod (change mode) command is the standard utility for modifying the access permissions (read, write, execute) for files and directories.

The mkdir command stands for 'make directory' and is used to create one or more new directories.

The cat (concatenate) command is commonly used to read files sequentially and print their content to the standard output (usually the terminal screen).

The single forward slash (/) represents the root directory, which is the starting point for the entire filesystem tree. All other directories are contained within it.

The which command specifically searches the directories listed in the user's PATH environment variable to find the location of a given executable command.

nano is known for its user-friendly interface, displaying available commands at the bottom of the screen, making it easier for beginners compared to vim or emacs.

Linux permissions are read in three sets of three: user, group, and other. The middle set, r-x, indicates that the group has read (r) and execute (x) permissions, but not write (-).

The cp command is used to create a copy of a source file or directory at a specified destination.

The sticky bit is commonly used on shared directories like /tmp. It allows users to create and modify their own files but prevents them from deleting files owned by other users.

The /etc directory is the standard location for system-wide configuration files for the operating system and installed applications.

The tail command is specifically designed to output the last part of files. By default, it shows the last 10 lines, which is useful for checking log files.

Standard permissions only define access for one owner, one group, and everyone else. ACLs extend this model, allowing you to grant specific permissions to any number of additional users and groups on a single file or directory.

locate queries a database (often updated daily by a updatedb cron job) which is much faster than find, which has to traverse the file system in real-time.

The rm (remove) command is the standard utility for deleting files from the filesystem. The -r option can be added to remove directories recursively.

The SUID bit allows a user to run a program with the privileges of the file owner. This is used for commands like passwd that need to modify system files (e.g., /etc/shadow) which normal users cannot access directly.

The getfacl (get file access control lists) command is used to display the ACLs of a file or directory. setfacl is used to modify them.

The Escape key is the standard way to exit the current mode (like Insert or Visual mode) and return to Normal mode, where you can navigate the file and execute commands.

chown stands for 'change owner'. It is used to change the user owner and, optionally, the group owner of a given file or directory.

The touch command is the standard utility for creating empty files. It can also be used to update the access and modification timestamps of existing files.

The /home directory is the standard parent directory for individual users' personal directories, such as /home/alice or /home/bob.

The command chmod 1770 /shared/projectA sets the permissions to rwxrwx--- with the sticky bit (1) enabled. The sticky bit on a directory prevents users from deleting or renaming files they do not own. chgrp developers /shared/projectA sets the group ownership correctly. chmod g+rws would set the SGID bit, which is different. chmod 770 alone would allow developers to delete each other's files. setfacl could also work but is not a standard permission setting.

The tar command is used for creating archives. The flags -c (create), -v (verbose, to see the files), -z (compress with gzip), and -f (specify filename) are the correct combination for this task. -xvf is for extracting. zip is a different utility. gzip alone only compresses a single file or stream, it doesn't archive directories.

The comm command is designed to compare two sorted files line by line. It produces three columns of output: lines unique to file1, lines unique to file2, and lines common to both. The options -23 suppress the second and third columns, thus showing only the lines that are unique to list1.txt.

The find command is used for this. -size +100M correctly searches for files larger than 100 Megabytes. -atime +90 finds files that were last accessed more than 90 days ago. -mtime checks modification time, -ctime checks status change time, and locate does not have size or time-based search options like this.

Setting the Set Group ID (SGID) bit on a directory (chmod g+s) causes all new files and subdirectories created within it to inherit the group ownership of the directory itself. This is the standard way to ensure consistent group ownership in a shared directory. SUID (u+s) is for executables, and the sticky bit (+t) is for controlling file deletion.

Access Control Lists (ACLs) are used to provide more granular permissions than standard Unix permissions. The setfacl -m u:auditor:r-- command modifies the ACL to add a specific entry for the user auditor, granting them read permissions. Changing other permissions (chmod) or adding the user to the group (usermod) would grant broader access than required or alter the fundamental security model.

In vim's Normal mode, dd deletes the current line. Prepending a number to a command repeats it that many times. Therefore, 5dd executes the dd command 5 times, deleting the current line and the next 4 lines. d5j would delete from the cursor to 5 lines down. d5w deletes 5 words. 5x deletes 5 characters.

In Linux, when a file is deleted, its link in the directory is removed. However, the data blocks on the disk are not freed until all processes that have the file open close their file handles. This is a common issue with log files. Running lsof | grep deleted can help identify the process. Restarting the associated service or killing the process will release the file handle and free the disk space.

The 's' in the user/owner execute position indicates that the SUID bit is set. A lowercase 's' means the underlying execute bit for the owner is also set. If it were an uppercase 'S', it would mean the SUID bit is set, but the owner does not have execute permission. This permission allows a user to execute the file with the permissions of the file's owner.

This pipeline is efficient and correct. cut -d' ' -f1 extracts the first column (the IP address). sort -u sorts the IPs and removes duplicates. Finally, wc -l counts the number of remaining lines, giving the total count of unique IPs. The grep command would count every single IP line, not unique ones. cat | sort | uniq would sort entire lines, not just IPs. The awk command is similar but less direct than the cut pipeline.

locate is extremely fast because it searches a pre-built database of the filesystem, rather than traversing the disk in real-time. Since the database is updated nightly and config files don't move often, this is the best choice. Piping to grep /etc filters the results to the relevant directory. find / -name httpd.conf would work but would be much slower as it scans the entire filesystem. which only finds executables in the user's PATH. grep searches for content within files, not filenames.

This for loop correctly iterates through each file ending in .jpeg. The shell parameter expansion ${f%.jpeg} removes the .jpeg suffix from the filename, and .jpg is appended. This is a standard, safe, and portable way to perform bulk renames. mv *.jpeg *.jpg is incorrect syntax for renaming multiple files. rename syntax varies by distribution and may not work as written. The xargs command would rename file.jpeg to file.jpeg.jpg, which is not the desired outcome.

To set Access Control Lists that will be inherited by new files and directories, you must specify them as 'default' ACLs. The d: prefix in the setfacl command (d:g:analysts:rw) designates the entry as a default ACL for the directory. A command without the d: would only set the ACL on the directory itself, not on new items created within it.

The /proc filesystem is not a real filesystem stored on a disk. It is a pseudo-filesystem created in memory by the kernel. The files and directories within /proc provide a direct look into the running state of the system, including information about running processes (in numbered directories), memory usage (/proc/meminfo), CPU info (/proc/cpuinfo), and other kernel parameters. It is a critical tool for monitoring and diagnostics.

This sequence breaks down as: gg (go to the first line), V (enter visual line mode), G (go to the last line, selecting everything), "*y (yank/copy the selection to the system clipboard register *). Then, :new new_config opens a new file in a split. Finally, "*p pastes the content from the system clipboard register. While :%y followed by :e and :p is conceptually similar, using named registers is more robust, and the first option describes a very common workflow. :w! new_config is the 'save as' command and is a much simpler way to do this, but the question implies a copy/paste operation into a new buffer.

The 's' in the owner's execute permission field signifies the SUID (Set User ID) bit. When a user executes a file with the SUID bit set, the process runs with the effective user ID of the file's owner, not the user who ran it. For passwd, this is essential as it allows a regular user to change their own password by temporarily gaining root's privileges to write to the /etc/shadow file, which is otherwise restricted.

The tail command is used to view the end of a file. The -n 20 option specifies that the last 20 lines should be displayed. The -f (or --follow) option tells tail to not exit after displaying the lines, but to wait and display any new lines appended to the file. The order of -n and -f does not matter, so tail -f -n 20 is also correct, but the first option is the most common representation.

The umask value is subtracted from the system's default permissions for new files (666) and directories (777). A umask of 0077 means 'subtract nothing from owner, subtract read/write/execute from group, subtract read/write/execute from others'. For a file: 666 - 077 = 600. For a directory: 777 - 077 = 700. This results in maximum privacy for newly created items.

rsync is ideal for this task. The -a (archive) flag is a shortcut for -rlptgoD, which preserves almost everything (permissions, timestamps, ownership, etc.). -v is for verbose output, -h makes file sizes human-readable, and --progress shows transfer progress. The cp command can preserve attributes but doesn't have a progress bar. The tar pipeline is a classic method but rsync is more modern and feature-rich for this purpose.

The find command is the most robust tool for this. The expression breaks down as: ~/ (search home directory), -type f (only find regular files), -empty (which is a synonym for -size 0 and very clear), and -delete (an action to perform on found files). Using the -delete action is safer and more efficient than piping the results to rm via xargs or command substitution, as it correctly handles filenames with spaces or special characters.

The effective permissions for a named user or group in an ACL are calculated by performing a logical AND operation between their assigned permissions and the mask entry. Here, bob is granted rwx (111 in binary), but the mask is r-- (100 in binary). The result of 111 AND 100 is 100, which corresponds to r-- (read-only) permissions. Therefore, despite the user:bob:rwx entry, the mask restricts his effective permissions to read-only.

This scenario combines multiple concepts. The SGID bit (s) on the directory /data/collaboration means any new file created within it will inherit the directory's group, which is collaboration. The owner will be the user who created it, carol. The base permissions for a new file are 666. The umask 0027 is subtracted from this: 666 - 027 results in 640 (-rw-r-----). The sticky bit (t) on the directory only affects file deletion rights and is not relevant to the permissions of the newly created file.

The -exec ... + syntax is the most efficient method here. It gathers a list of matching files and passes them as multiple arguments to a single gzip command, minimizing process creation. ... -exec gzip {} \; spawns a new gzip process for every single file found, which is very inefficient. ... | xargs gzip is a good alternative, but can be problematic with filenames containing spaces or special characters unless used with find -print0 | xargs -0. gzip $(...) is also unsafe with special characters and can fail if the command substitution result is too long for the shell.

In Linux, mv on the same filesystem is a rename() system call. It does not change the file's inode or data; it only changes the directory entry (the filename and its location in the directory tree). A file descriptor points to the file's entry in the kernel's file table, which in turn points to the inode. Since the inode is unchanged, the process's open file descriptor remains valid and any subsequent writes will appear in the file at its new location, /var/log/data.log.

This requires knowing advanced pasting commands. :10,20y yanks lines 10-20. 50G goes to line 50. The key is the paste command. p pastes without adjusting indent. ]p and [p are special paste commands that adjust the indentation of the pasted block to match the surrounding code. :10,20t50 (or :co) copies the lines to after line 50 but does not handle re-indentation automatically in the same way. :10,20m50 moves the lines, it doesn't copy them.

The umask is a bitmask that is 'subtracted' from the base permissions. The base permission for a directory is 777 (rwxrwxrwx) and for a file is 666 (rw-rw-rw-). The calculation is base_permissions AND (NOT umask).

For the directory: 777 & ~027 -> 111 111 111 & ~(000 010 111) -> 111 111 111 & 111 101 000 -> 111 101 000 which is 750 (rwxr-x---).

For the file: 666 & ~027 -> 110 110 110 & ~(000 010 111) -> 110 110 110 & 111 101 000 -> 110 100 000 which is 640 (rw-r-----).

This is a complex data manipulation task. The correct awk command must first set the input field separator to a comma (-F,) and the output field separator to a comma (OFS=","). Then, for each line, it must use a temporary variable (t) to store the value of the first column (3) to the first, assign the temporary value to the third ($3=t), and finally print the reconstructed line (print). The sed command is also a valid way to do this with regular expressions, but the question specifically asks for awk. The other awk options either only print a subset of columns or print them with the default space separator.

This tests deep knowledge of rsync. The -a (archive) flag is a shortcut for -rlptgoD, which preserves almost all attributes. --delete removes extraneous files from the destination. --info=progress2 provides a total transfer progress summary, which is often more useful than the per-file progress given by --progress. Crucially, the trailing slash on the source directory (/home/user/) tells rsync to copy the contents of the directory, not the directory itself, into the destination. The combination of all these features makes this option the most robust and complete solution for the described backup scenario.

Default ACLs on a directory dictate the ACLs that objects created within it will inherit. When a file is created, the directory's default ACL becomes the new file's access ACL. A key and subtle part of this process is that the mask entry for the new file's access ACL is not directly copied. Instead, it is recalculated to be the union of permissions for all named user and group entries in the newly inherited ACL, effectively setting the maximum allowed permissions for those entries.

This is a classic security edge case. For security reasons, most modern Linux kernels ignore the SUID bit on interpreted scripts (any file starting with #!). The kernel recognizes that allowing an interpreter like /bin/bash to run with elevated privileges based on the script's SUID bit creates a massive security hole. Therefore, the SUID bit is ignored, and the script runs with the real user ID of the caller. The SUID bit is only honored for compiled binary executables.

The find command has a specific, though less common, predicate for this exact purpose. The -xtype test checks the type of the file that the symbolic link points to. -xtype l specifically finds symbolic links whose targets are also symbolic links (or don't exist, which falls under this test). However, the most direct and idiomatic way is to use find /etc -xtype l. A more common but slightly different approach is find /etc -type l ! -exec test -e {} \;, but the most correct and direct answer for finding broken links is the dedicated -xtype l predicate. Let's refine this, as -xtype l is not the standard way. The standard way is find -L /etc -type l. But this follows the link. The most reliable POSIX way is find /etc -type l ! -exec test -e {} \;. Let's re-evaluate. The -xtype test is specific to some versions of find (like GNU find). A more portable way might be needed. Wait, a simpler GNU find option is -lname. No, that's for the name. A-ha! find /etc -xtype l is indeed a feature of GNU find to find broken symlinks. Another is find /etc -type l -exec test ! -e {} \; -print. This is also valid. The question is about direct and accurate. Let me re-check the man page for -xtype. Okay, -xtype c is for file type c. The specific test for a broken link is find /etc -type l ! -path '*/proc/*' ! -path '*/sys/*' -exec test ! -e {} \; -print. The most direct and simple one in GNU find is just -xtype l. Let's assume a standard GNU environment. Wait, there's an even better option. find -L . -type l. No, that follows symlinks and lists them if they point to a symlink. What about find . -type l -delete? No. The best is -xtype l. It is specifically designed for this. Let's make the option more distinct. My initial choice find /etc -xtype l is a bit obscure but correct in GNU find. find /etc -type l -exec test ! -e {} \; is functionally correct but verbose. find -L /etc -type l is a common mistake. Let's go with a more canonical answer that is less implementation-specific. find /etc -type l ! -exec test -e {} \; -print. Let's re-examine my options. Oh, I made a mistake in my thought process. find /etc -xtype l actually finds symlinks that point to other symlinks. The correct GNU find predicate is -lname '*' ! -exec test -e {} \;... no. find /etc -type l ! -exec test -e {} \; -print is the most robust. So Option B is find /etc -type l ! -exec test -e {} \;. This is wrong, it just returns a status. It should be -print. Let's rewrite the options. A) find /etc -type l -exec readlink {} \; | grep 'No such file'. B) find /etc -type l ! -exec test -e {} \; -print. C) find /etc -xtype f. D) ls -l $(find /etc -type l) | grep broken. Option B is the most robust and correct. Let's stick with my original question but make the options clearer. I will use -xtype l because it's a perfect hard-level question testing knowledge of a specific, efficient tool for the job provided by GNU findutils, which is standard on most Linux systems. man find: "-xtype c: The same as -type unless the file is a symbolic link. For symbolic links: if the -H or -P option was specified, true if the file is a link to a file of type c; if the -L option has been given, true if c is 'l'. In other words, for symbolic links, -xtype checks the type of the file that -type does not check." This means -xtype l is not for broken links. find -L /path -type l is the canonical way to find broken links. It follows all links (-L) and then finds things that are still type link (-type l), which only happens if the target doesn't exist. Okay, new correct answer.

Let's re-write the original question with this new understanding.