Home > Question & Answers > Linux server side Interview Question & Answers part-2

Linux server side Interview Question & Answers part-2

  • Sharebar

GNU/Linux

1. What does ‘xinetd’ expand to?
2. What was the name of its precursor?
3. What is the config file for xinetd?
4. How would you see all xinetd-based services?
5. Where are the config files of all xinetd-based services?
6. What is the name of the telnet config file?
7. What is the name of the telnet daemon?
8. What is the name of the chat config file?
9. What is the name of the chat daemon?
10. Four ways to enable telnet?
11. Does one need to do anything at all if any change is made to the config
files in /etc/xinetd.d/*?
12. How would I limit telnet connections to max only 5 users?
13. How would I make sure telnet ran with the highest priority?
14. Which directive tells me the name of the server daemon which is launched by xinetd?
15. How would I limit only hosts from ibm.com to my telnet server?
16. How would I deny access to EVERYONE to telnet?
17. How would I deny access to all hosts from cracker.org to my telnet server ?
18. How would you allow only hosts from ibm.com to access your telnet server between 9am-1pm and 2pm to 5pm.
19. Which directive logs failures to SYSLOG ?
20. Which directive logs successes to SYSLOG ?
21. Which file maps NW service name to Port numbers for non-RPC services?
22. Telnet binds to which port?
23. FTP binds to which port?
24. POP3 binds to which port?
25. SMTP binds to which port?
26. What are privileged ports? Why are they called so?
27. What are well-known ports?
28. Examples
29. How would you secure telnet on your server with xinetd?
[Note: telnet listens to 0.0.0.0 ie all interfaces, by default]
30. How would disallow a user from ftp’ing twice from the same source machine?
31. Explain ‘cps’
32. How would you disable all xinetd-based services?
33. How would you enable only ftp but disallow all other xinetd-based services?

 

Answers :
1. Extended InterNet Superserver TCP daemon
2. inetd
3. /etc/xinetd.conf
4. chkconfig –list or examine /etc/xinetd.d/*
5. /etc/xinetd.d/*
6. /etc/xinetd.d/telnet
7. /usr/sbin/in.telnetd
8. /etc/xinetd.d/ntalk
9. /usr/sbin/in.ntalkd
* chkconfig telnet on ; service xinetd restart
* Edit /etc/xinetd.d/telnet and disable = no ; service xinetd restart
* ntsysv; check telnet; service xinetd restart
* In X, redhat-config-services
11. Yes
12. In /etc/xinetd.d/telnet —> instances = 5
13. In /etc/xinetd.d/telnet —> nice = -20
14. server
15. only_from = .ibm.com in /etc/xinetd.d/telnet
16. only_from =
17. no_access = .cracker.org
18. only_from = .ibm.com
access_times = 9:00-1300 1400-1700
19. log_on_failure
20. log_on_success
21. /etc/services
22. 23
23. 21
24. 110
25. 25
26. All Port < 1024. Only root can start/stop daemons which bind to these ports
27. Std fixed ports which cannot be changed
28. 21,22,23,25,53,67,80,110,518,6000,7100
29. bind or interface = 192.168.0.20
30. per_source = 2
31. Limits the rate of incoming connections. Takes two arguments.
The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled.
The second argument is the number of seconds to wait before re-enabling the service after it has been disabled.
The default for this setting is 50 incoming connections and the interval is 10 seconds.
32. Put a ‘enable=’ in /etc/xinetd.conf or stop xinetd daemon
or conmment “includedir /etc/xinetd.d” in /etc/xinetd.conf.
33. Put a ‘enable = ftp’ in /etc/xinetd.conf
****
 SysAdministration

1. Which command is used to configure a printer in text mode ?
A: redhat-config-printer-tui aka printconf aka printconf-tui
2. Which command is used to configure a printer in GUI mode?
A: redhat-config-printer-gui
3. Linux supports 2 types of common standard printing sub-systems. What are they ?
A: LPRng and CUPS
4. What is CUPS ?
A: Common Unix Printing System
5. How many types of print queues can you configure with printconf ?
A: 5
6. What are they ?
A: Local Printer, Unix Printer, Windows [Samba] Printer, Novell and JetDirect.
7. What daemon is required to be started for printing?
A: lpd
8. What command is used to monitor a print queue?
A: lpq
9. What two commands is used to print a file?
A: lp and lpr
10. What command is used to remove a file from a print queue?
A: lprm
11. What command is used to check the integrity of the printer configuration file?
A: checkpc
12. What commands prints the name of the destination printer?
A: lpstat -d
13. lpadmin was a legacy command for printer admin. What is it’s equivalent currently on Linux?
A: lpc
14. What command would you use to format a file before printing?
A: lpr
15. How would you display the queue status every 5 secs, refreshened ?
A: lpq -t5
16. How would you check whether the print scheduler is up or not ?
A: lpq -r
17. How would you remove job no 45 from a print queue ?
A: lprm 45
18. How would you remove all jobs belonging to foo from a print queue ?
A: lprm foo
19. How would you remove all jobs from a print queue ?
A: lprm -
20. lpstat is a front-end to the newer lpc cmd interface. Explain the following
lpc > status
A: Show
A: lpc > quit
A: lpc > kill printer
A: lpc > status
A: lpc > status
A: lpc > status
A: lpc > status
====================
========
 DHCP
========
1. Expand DHCP?
A: Dynamic Host Configuration Protocol.
2. Which port does DHCP use?
A: 67.
3. What is BOOTP?
It was the predecessor of DHCP.
4. Why aren’t we learning that?
A: DHCP is a superset of BOOTP and contains far more interesting things
like auto assigning nameservers to clients etc which BOOTP could only
dream of doing.
5. The DHCP server configuration file is?
A: /etc/dhcpd.conf.
6. After installing dhcp-3.0… where is the configuration file for DHCP?
A: The server binary does not install a ready configuration file.
7. Well….. ?
A: A template does exist in /usr/share/doc/dhcp…/dhcp.conf.sample.
Use this to create your startup configuration file.
8. How would you test the syntax of the DHCP configuration file?
A: dhcpd -t
9. Which service has to be started for a DHCP server?
A: service dhcpd restart
10 What command would tell you a DCHP server is running?
A: dhcpd -f
11 Where is the DHCP leases file?
A: /var/lib/dhcp/dhcpd.leases.
12 Can a DHCP server function w/o this file?
No.
13 What command would you use to test the leases file?
A: dhcpd -T
14 In a DHCP server, a pool of available IPs is specified by which directive in the configuration file?
A: range
15 Basically, a DHCP server services the IP reqmts of a NW segment. Which directives are vital for this to happen?
A: subnet and netmask.
16 Which file is modified on the client to enable it to get dynamic IPs?
A: /etc/sysconfiguration/network-scripts/ifcfg-eth0
17 Is there any utility you could use to do the above?
A: netconfiguration
18 Which directive specifies the default lease time?
A: default-lease-time
19 Which directive specifies the max lease time?
A: max-lease-time
20 What would be the typical value for a lease on a DHCP server?
A: 6hrs or One working day. All depends on the requirements
21. Some entries start with the word ‘option’ and some don’t. Explain.
A: You may have noticed that while some parameters start with the option keyword, some do not.
Parameters starting with the option keyword correspond to actual DHCP options, while parameters that do not start with the option keyword either control the behavior of the DHCP server (e.g., how long a lease dhcpd will give out), or specify client parameters that are not optional in the DHCP protocol (for example, servername and filename).
22. How would I assign a fixed IP to a DHCP Client?
A: Using the following directives:
hardware ethernet
fixed-address
23 What all can a DHCP server provide Clients?
A: 1. IP
2. netmask
3. BC
4. nameserver
5. domain name
6. NIS domain
7. netbios name-server
8. netbios-node-type 2
9. MAC addr-based IP
10. default lease time
11. max lease time
24. What is the problem with the below DHCP configuration file ?
subnet 192.168.0.0 netmask 255.255.255.0
{
range 192.168.0.100 192.168.0.200
option subnet-mask 255.255.255.0
default-lease-time 21600;
max-lease-time 43200;
host brahma
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 192.168.0.240;
}
A: * semi-colons missing in lines 2 and 3
* The last 2 lines should be enclosed in braces
******************
=========
 SAMBA
=========
==============================
1) How did the name SAMBA originate ?
A: From the SMB aka NetBIOS aka CIFS protocol used by M$ for NWing
2) SAMBA uses two daemons to handle its work. What are they ?
A: smbd, nmbd
3) What is the name and location of Samba’s config file ?
A: /etc/samba/smb.conf
4) How would you test the syntax of this config file ?
A: testparm
5) What is the name of the startup script used to startup a Samba server?
A: /etc/rc.d/init.d/smb
6) What ports does Samba listen on?
A. 137-139
7) How would you know ? What is it called ?
A. In /etc/services, netbios-ssn
8) A Samba server basically shares shares with Clients?
What are the other synonyms for shares?
A: services or sections
9) Every share should, most always, have a __________ directive ?
A: path =
10) When would a share not have a path directive?
A: When the share is a template share or a home share
xx. And then if it is a home share, where would it get its path from ?
A: /etc/passwd
xx. Should a share have the same name as a VSU ?
A: No
xx. What can go wrong with this ?
A: If there is a share called by the username, its path will be used
and the user will not get [at all] his/her home share
Bad idea to have a share named after a VSU
xx. So where do home shares get their path from ?
A: From /etc/passwd
11) A SAMBA server’s canonical name is ganesh.bom.labs.net.
How would I query it from a remote client to see all its shares?
A: smbclient -L ganesh
12) On Samba server ganesh.bom.labs.net, if a share were funny, how would you
connect to it as user ‘foo’ from another Linux machine?
A: smbclient //ganesh/funny -U foo
13) In the above case, How would you give the password on the command line
itself?
A: smbclient //ganesh/funny -U foo%fool
14) How would you mount the remote samba dir on a local dir /haha?
A: smbmount //ganesh/funny /haha
15) How would you automate this on the client?
A. In /etc/fstab
//ganesh/jokes /funny smbfs username=foo,password=fool,fmask=666,dmask=777 0 0
16) How would you enable a Samba server to handle encrypted passwords of
non-Linux remote netbios Clients ?
A: encrypt passwords = yes
Then : smbpasswd -a foo
17) How would you know which version of Samba you are using ?
A: smbd -V
18) How would you disable M$, a non-linux netbios client, from sending
encrypted passwords ? And where does Linux help you with the hack ?
a. ftp /usr/share/doc/samba-.x.x/docs/Registry/Winxx….reg to M$
and execute
b. regedit-> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWo rkStation\Parameters] “EnablePlainTextPassword”=dword:00000001
19) A SAMBA server is running on the above mentioned ganesh/192.168.0.20.
How would you connect to a share – fin – from a linux client as user foo
without a password prompt ?
A: smbclient //ganesh/fin -U foo%fool
20) How would you copy a file fin1 from this share to your remote machine?
A: smbclient //ganesh/fin -U foo
smb> get fin1
21) How would user foo mount the above share fin on to a local directory
/money, a-la NFS.
A: foo cannot. Only root can do that.
smbmount //ganesh/fin /money
22) What protocol does SAMBA use to handle M$ clients?
A: SMB
23) What does this acronym expand to ?
A: Server Message Block
24) Where does SAMBA send its logging info by default ?
A: /var/log/messages – The system logging file
25) How would you know how many users are connected to your SAMBA server ?
A: smbstatus
26) How would you send a Winpop message to a M$ netbios client named winbrahma?
A: smbclient -M winbrahma
=====================================
smb.conf.37final
Directives covered : 1 – 17 / 34 – 52
=====================================
27) Which directives are critical to Samba showing up on a Win NN ?
workgroup = WinWg
encrypt passwords = yes
28) Shares by default are always read-only? T/F
A: True
29) Shares by default are always browseable ? T/F
A: True
30) Which directive is used to specify an alternate smb.conf config file
for a Netbios Client?
A: config file =
31) What does Samba use and how does it distinguish between connecting Netbios
Clients in the above case?
A: By using magic cookies and in this case %m
viz config file = smb.conf.%m
32) Which directive is used to customize visibility of shares on a per-Netbios
client basis ?
A: include =
33) Consider the following :
[tricerotops]
browseable = no
writeable = no
[pterodactyl]
path=/jokes
writeable = yes
copy = tricerotops
[archeoptryx]
path=/funny
copy = tricerotops
writeable = yes
a) Can user foo delete a file in share ‘pterodactyl’ ?
b) Can user foo delete a file in share ‘archeoptryx’ ?
A: Yes, Yes. The copy command cannot override other similar directives
in the same share.
34) Why would you then want to use the copy directive?
A:
a) Create a template share and then use the copy directive to clone the
template in other shares.
b) If you change a directive in the template share, the domino effect
modularizes and save time
c) You can see the copy directive in action
d) A share w/o a path directive ! A rare case in point.
35) How would you name your samba server to show up differently in a M$ Win NN?
A: netbios name =
36) How would you speed up name resolution on a netbios client ?
A: Keep this ‘netbios name =’ less than 8 characters and upper case, afaip.
37) If the above directive is not specified, what does the server’s name
default to ?
A: canonical hostname -s
38) Which SAMBA directives control global Networking Security ?
A: hosts allow , hosts deny
39) Differentiate between the following directives :
a) keepalive
b) deadtime
40) Every share should have a _______
A: path =
41) How many ways can you connect to a share ‘test’ on ganesh if the share had
the foll :
a] available = no
A: You cannot ; In any way, period. Share is invisible.
42) How many ways can you connect to a share ‘test’ on ganesh if the share had
the foll :
a] browseable = no
A: Share is invisible, like the above. You can, however, use the following :
* A UNC in Win$
* Map NW drive in Win$ using UNC
* smbclient from a Linux client
* smbmount from a Linux client
* Configure /etc/fstab on a Linux client
* Use ‘net use’ from MSDOS
43) Expand UNC ?
A: Universal Naming Convention
44) When I can use the mouse to pt-&-click, why would I ever want to use a UNC?
A: Text-based Clients, smbclient, smbmount, /etc/fstab and if you make
‘browseable =no’ to hide the share from users.
Only those in the know can access it via UNC
45) How would you document your server ?
A: server string =
46) What are magic cookies ?
A: Variable substitutions
47) What would happen if foo connected to the following share ?
[test]
path = /home/%u
A: %u is translated into the connecting user’s name, hence foo will see
his home directory
48) What would happen if foo connected to the following share ?
[test]
path = /%u
A: Error!!! share ‘\\ganesh\test’ is not accessible. NW name not found.
Unless, of course, a dir /foo exists.
49) What would happen if foo connected to the following share ?
[test]
comment = %I
path=/jokes
A: The share would be documented with 192.168.0.20 ; The name of the
server on which this share resides.
50) Continuing in the same vein, what would happen if foo connected to the
following share ?
[global]
server string = %L
A: The SMB server would be documented with the netbios name of the server,
if given, or else would be hostname -s.
51) What would happen if no ‘server string’ directive were given at all?
Then how would the Samba server be documented, if at all?
A: Samba 2.2.7 since the def. is ‘Samba %v’
52) How would you document your share ?
A: comment =
53) Are share names case-insensitive ?
A: Yes
54) What would you use to add comments to a SMB config file ?
a) #
b) ;
c) # or ;
d) ##
e) none of the above
A: a,b,c,d
55) The most imp directive in Samba?
A: security =
56) What are the options here?
A: security = user, share, server, domain
57) What is the default if the ‘security =’ directive is not given ?
A: user
58) What is the synonym for the ‘path’ directive ?
A: directory
59) In a share ‘test’, how would you allow all users delete permissions?
A: writeable = yes
60) What are the synonyms for the ‘writeable’ directive ?
A: writeable, writable, write ok = yes
61) What is the synonym for the ‘hosts allow’ directive ?
A: allow hosts
62) What is the synonym for the ‘hosts deny’ directive ?
A: deny hosts
63) Which 3 security directives make SAMBA specifically listen to particular
selected interfaces ?
A: interfaces, bind interfaces only, socket address
64) How would you make your Samba server ‘ganesh’ appear as ganesha and maruti
on a M$ NN?
A: netbios aliases = ganesha, maruti
65) How would you make sure a user, on using maruti server above, is really
using the server?
A: config file = smb.conf.%L
66) How would you give every connecting remote netbios client a seperate
customized log file ?
A: log file = /var/log/samba.log.%m
67) How would you control the granularity of logging in Samba?
A: log level =
68) A synonym for the above is _________:
A: debug level
69) What are the max and min values that can be given above?
A: 0-10
70) How would you disable the date and time that appear in log files?
A: debug timestamp = no
71) A synonym for the above is _________
A: timestamp logs =
72) Explain the following Samba Logging directive :
a) debug pid
73) Explain the following Samba Logging directive
a) debug uid
74) Explain the following Samba Logging directive
a) syslog = 1
75) Explain the following Samba Logging directive
a) syslog only = yes
76) Explain the following Samba Logging directive
a) status = yes
77) How would you explain the ‘volume ‘ directive in Samba?
A: This share level directive is used to document mapped Samba NW’d shares
as drives on Win$ machines
78) I cannot see the above in my Win Client. Explain.
A: Only Win98 shows this. You are probably using Win2kP or XP.
79) How would you make a Samba share into a Win98 drive ?
A: Map NW drive the Samba share to a drive alphabet
80) How would you do the same in MSDOS ?
A: Start -> Run -> command ->
C:\> net use x: \\ganesh\fin
x:> dir would show the files of /finance dir on Linux
81) How would you see all connected machines in MSDOS ?
A: Start -> Run -> command ->
C:\> net view
82) Create a weird file called ‘MixED.Up’ – on this test share in Win$.
[test]
path = /jokes
preserve case =yes
short preserve case =yes
* How would this file appear if you saw it in /jokes in LSamba?
A: Just as it was given in M$ – MixED.Up, ;
keep the 8.3 format which the DOS Client provides
83) Now check out this variation.
[test]
path = /jokes
preserve case = no
short preserve case = no
* How would this file appear if you saw it in /jokes in LSamba?
A: Now all depends on what the ‘default case’ is, which will then be used
to handle how this file is stored in Samba for each of the 2 OS’s.
* Note: The default case is used only, if any of the the above 2
directives is no.
And since the ‘default case’ is not mentioned, it is ‘lower’.
84) Now check out this variation. Explain!!
[test]
path = /jokes
case sensitive =no
* If a M$ user, were to use a UNC or a prg to access the said file on the
Samba server, s/he could type whatever s/he liked and the file would be
accessed. M$ is case insensitive.
85) Now check out this!
[test]
path = /jokes
case sensitive =yes
* If a M$ user, were to use a UNC or a prg to access the said file on the
Samba server, s/he would have to type MixED. Up exactly, or else the file would be inaccessible.
* Remember: Linux and Samba are case retentive!
* A very imp directive, indeed!
86) What is the synonym for ‘case sensitive’ ?
A: casesignames
87) Explain the following :
[Note the following affect DOS and, to some extent, FAT16 M$ Clients]
[test]
path = /jokes
mangled names = no
mangling char = ‘~’
mangle case = yes
mangled stack =50
* For DOS Clients. All 128 char M$ files on the Samba share will be
truncated to 8.3 format
* The mangled char will be a ‘~’ but here it is useless since truncation
rules here.
* If no, and case is mixed viz., MixED.Up, will show up as is on M$ Clients
* If yes, and case is mixed viz., MixED.Up, will be mangled as MIXED-F3.
Up and show up on M$ Clients
* No of mangled names to keep on stack. If no DOS Clients, then use 1.
88) Explain the following :
[test]
path = /jokes
mangled map = (*.html *.htm) (*.jpeg *.jpg)
89) Examine the following directives in share test:
[test]
path = /jokes
hide dot files =yes
hide files = /*.bak/*.swap/
veto files = /*Security*/*.tmp/
delete veto files =no
follow symlinks =yes
wide links =yes
dont descend = /proc,/dev
getwd cache = yes
90) Will file ‘.moment’ be visible in ‘test’ share when seen on a M$ Client?
91) Will file ‘whatever.bak’ be visible in test share when seen on M$ Client?
92) What is the difference between ‘hide files’ and ‘veto files’?
93) What is the difference between ‘follow symlinks’ and ‘wide links’ ?
A: For files and dirs resp.
94) Explain ‘don’t descend’ ?
95) Explain ‘getwd cache’?
getwd cache = yes
96) The directive which allows Win Clients’ encrypted passwords to be handled
by Samba is :
a) encrypted passwords=yes
b) encrypt passwd = yes
c) encrypted passwds = yes
d) encrypt passwords = yes
e) encrypt password = yes
f) encrypt passwds = yes
g) encrypt passwords=yes
h) encrypted passwd = yes
A: d, g
97) Why would you use the ‘encrypt passwords = yes’ directive in Samba ?
A: Bcos Win Clients send passwords in encrypted format and Samba,
by default, handles cleartext passwords.
98) What command is used to create a Samba user with password ?
A: smbpasswd
99) And in which file would this Samba username and password be stored ?
A: The file pointed to by the ‘smb password file’ directive in the Samba
config file
100) And what if the above directive were not given in the Samba config file ?
A: Then the default will be used : /etc/samba/smbpasswd
101) smbpasswd is a :
a) Regular file
b) A binary
c) Both
d) None of the above
A: Both
102) I change the Samba password of a user. How will the local login password also change alongwith simultaneously?
A: unix password sync
103) Somehow this does not seem to work? What could be the problem?
A: Do a ‘which passwd’ ; put the right path of the ‘passwd’ binary in the
directive ‘passwd program = ‘. The default may be wrong !!
104) When would I use the ‘password level’ directive ? [ eg = 0 or 1 or 2 ]
A: * Some users like to use mixed-case pwds. Good idea, always.
* Win$ clients like WfWG,95/98 force all pwds to Uppercase before sending
them. This parameter defines the max no of chars that may be uppercase
in pwds.
* Consider a password given as ‘FRED’. If this fails, the the following
will be tried depending on the value of the ‘password level’ directive.
* Suppose ‘password level =0′. Then password will be checked as is, then
converted to all-lowercase and then checked.
If still no match, then an invalid pwd msg is sent to the Client.
* Suppose ‘password level =1′. Then the foll combinations are checked :
‘fred’, ‘Fred’, ‘fRed’, ‘frEd’, ‘freD’.
* Suppose ‘password level =2′. Then the foll combinations are checked :
‘FRed’, ‘FrEd’, ‘FreD’, ‘fREd’, ‘fReD’, ‘frED’.
* The higher the value, the better the chances of a match of a mixed case
pwd against a single case pwd. Security and speed are decreased.
105) When would I use the ‘username level ‘ directive ? [ eg = 0 or 1 or 2 ]
A:
* Here, Samba tries to guess the username, since many DOS Clients send all
uppercase pwds.
Suppose ‘username level =0′. If the username is not valid, then Samba
tries it with all-lowercase conversion,then the first letter capitalized.
If still no match, then an invalid username msg is sent to the Client.
* Similar to the one above – ‘password level’.
* Use this when you have strange usernames on Win$ Clients like
‘AstrangeUser’.
106) How would you map a Windows user ‘Administrator’ to Samba superuser ‘root’?
A:
* Create a file called /etc/samba/username.map
* Enter the foll : root Administrator administrator
* In Samba, put ‘username map = /etc/samba/username.map’
* On logging into the Samba server from Win$, Administrator will be mapped
to Samba user ‘root’
* Make sure, root is a Samba user too. [In /etc/samba/smbpasswd]
107) I wish to migrate from Win95 to Win98? Which Samba directive will help me?
A: update encrypted = yes
108) How would user ‘foo’ from a Win98 Client log in to a Samba server w/o a
password?
A: On Linux do the following :
* smbpasswd -n foo
* In smb.conf put the directive “null passwords = yes”
================================================
Access Control Options: Directives

================================================
Consider the following share :
[Note: All dirs created by 'root' are def:0755 since root's umask is 022]
drwxr-xr-x root root /jokes on Linux OS
[funny]
path = /jokes
109) User foo can delete files in the above share ‘funny’ ? T/F
A: F
110) Why not ?
A: Share does not have write perm for anybody since by default all shares
are writeable = no
111) Examine the share below. Now can foo delete files in share funny?
[funny]
path = /jokes
writeable = yes
A: No. Bcos OS dir level perms do not allow it. !
112) How would you make ‘foo’ a superuser of the share funny?
A: [funny]
path = /jokes
admin users = foo
113) Now can foo delete files in share funny ?
A: No.
114) Why not?
A: writeable = yes is not given. Samba will not allow it.
Regardless of superuser status/dir perms
115) And now ? [with the modified share]
[funny]
path = /jokes
writeable = yes
admin users = foo
A: Yes.
116) But how? Examine the perms on the Linux dir /jokes to which share funny
is mapped?
There is no “w” perm for others.
A: Agreed! But foo is a superuser now and hence mapped to the root of the
LFS. And root has “w” perm on dir /jokes. Dirs are created 755 by
default, remember? And therefore foo [now root] can delete files in the
dir. Agree ?????????????????
117) How would you allow all hosts from vashi.com only to use this share funny?
A:
[funny]
path = /jokes
hosts allow = .vashi.com
118) How would you block everybody from this share?
A:
[funny]
path = /jokes
hosts deny =
or
Simply make the share unavailable i.e available = no
119) How’d you force R/O access for all hosts from vashi.com to this share?
A:
[funny]
path = /jokes
read list = .vashi.com
120) But shares are R/O by default. So why the big deal of ‘read list’?
Hosts from .vashi.com domain would anyway have R/O access.
So why do we explicitly give it above?
A: Agreed. Here it is probably not required. But if the share had been
writeable, and dir perms for others had allowed deleting,then everybody
would be allowed to delete files in /jokes.
In that case, this directive would make more sense.
121) Will a host from ibm.com be allowed to delete a file from this share?
A: No
122) Why?
A: writeable is, by default, no for shares and nothing is given, hence
default.
123) Consider the following :
[funny]
path = /jokes
valid users = foo
Will user bar be able to connect to this share?
A: No. Even if one user is specified, all other are denied.
Note this point carefully!
124) Consider the following :
[funny]
path = /jokes
valid users = foo
Will user foo be able to connect to this share?
A: Yes. All others are denied.
125) Consider the following :
[funny]
path = /jokes
valid users = foo
invalid users = foo
Will user foo be able to connect to this share?
A: No. invalid users overrides
===========
Part B
===========
126)
drwxr-xr-x root root jokes
Note : Def. perms with which a dir is created as root [umask=022]
[funny]
path = /jokes
admin users = foo
Q: Will foo be able to delete files in /jokes ?
After all, ‘admin users’ maps foo to local root, and root does have “w”
perm on OS dir /jokes.
A: No. Share does not allow writeable
Samba does not allow although Linux allows
127)
We make the dir R/O for root now
dr-xr-xr-x root root jokes
[funny]
path = /jokes
admin users = foo
Q: Will foo be able to delete files in /jokes
A: Obviously not! Share still does not allow writeable
128)
dir is still R/O for root
dr-xr-xr-x root root jokes
[funny]
path = /jokes
writeable = yes
admin users = foo
Q: Will foo be able to delete files in /jokes
A: Yes. admin users totally ignores OS dir and file perms, although,
generally, foo should not have been allowed to delete even when he
became root since no “w” privileges for root on /jokes.
129)
dir is still R/O for root
dr-xr-xr-x root root jokes
[funny]
path = /jokes
writeable = yes
admin users = foo
read list = foo
Q: Will foo be able to delete files in /jokes
A: No. He now has R/O perms on the share. And yes, read list overrides
admin users.
130) Can bar delete files on the above ?
A: No. OS dir has no “w” perm for others
131)
dir /jokes perms changed back to def “w” for root
BUT now we make “w” for the world
drwxr-xrwx root root jokes
[funny]
path = /jokes
writeable = yes
read list = foo
Q: Will foo be able to delete files in /jokes ?
A: No. He is on the read list, although Samba and Linux allow it.
132) What about bar ?
A: Yes. Samba allows it [writeable=yes] and so does Linux
[OS dir has "w" for world]
IMP: The read list applies to foo only.
DO not confuse this with ‘valid users’ where only those listed will be
allowed access and the rest are not!
133)
Again, dir perms for /jokes remain the same viz.,
drwxr-xrwx root root jokes
[funny]
path = /jokes
writeable = yes
read list = foo
write list = foo
Q: Will foo be able to delete files in /jokes ?
A: Yes. No matter what the ‘read list’ says, if a user is on the
‘write list’ he is given write perm on the share. Only Linux can stop
it [OS dir perm]
134) Will bar be able to delete files in the above case?
A: Yes. Samba allows it [writeable=yes] and most importantly, so does Linux
[OS dir has "w" for world]
135)
Now we change dir perms for /jokes back to normal def levels
Note : Def. perms with which a dir is created by root – 755 [umask=022]
drwxr-xr-x root root jokes
[funny]
path = /jokes
write list = foo
Q: Will foo be able to delete files in /jokes ?
: Let’s analyze this.
* The share is R/O since writeable is not specified
* Methinks : Samba will not allow deleting on this share BUT wait a minute !
* ‘write list’ implicitly implies a ‘writeable =yes’ and need not be explicit
given, hence foo is allowed to delete !
* Only OS dir level perms can stop him! Let’s check that now!
* The “w” in world perms is missing
–> Methinks : Linux will not allow world users delete perm on this dir
Verdict : No. foo will not be allowed delete perm on this share!!
136)
Now I change the “w” perms for world users
drwxr-xrwx root root jokes
[funny]
path = /jokes
write list = foo
Q: Will foo be able to delete files in /jokes ?
A: Now let’s analyze this one.
* The share is R/O since writeable is not specified
* Methinks : Samba will not allow deleting on this share BUT wait a minute !
* ‘write list’ is whatmakes writeable=yes for the entries on the write list
* hence foo is allowed to delete!
* Only OS dir level perms can stop him! Let’s check that now!
* The “w” in world perms is extant!
–> Methinks : Linux WILL allow world users delete perm on this dir
Verdict : Yes. foo will be allowed delete perm on this share!!
Moral: If dir perms allow it, a user can delete files in a share even if
writeable = no on that share,
AS LONG AS the user is on the ‘write list =’
137) Q: Continuing with the above example, will bar be able to delete files
in /jokes ?
Below is the exact same constraints as before,reproduced here for easability
drwxr-xrwx root root jokes
[funny]
path = /jokes
write list = foo
Analyis/Paralysis
————————-
A: * The share is R/O since writeable is not specified
* admin users cannot delete since share is R/O.
* Only those on the write list will be able to delete files, since
‘write list’ makes an implicit ‘writeable=yes’ for just those users.
Dir perms will, of course, come into play later
* bar is not on the write list which is the only way she could have
had delete perms on this share
* Samba disallows bar.
* Hence no point in examining the OS level dir perms.
* Verdict: bar cannot delete files in the above dir
138) Q: And now ?
drwxr-xrwx root root jokes
[funny]
path = /jokes
writeable=yes
write list = foo
Analyis/Paralysis
————————-
A: * The share is writeable
* All users are allowed delete perm on the /jokes dir, OS dir perms
permitting!
* Specifying a write list in this case is plain useless, since ‘foo’
anyway does have perm, like all others
* So do not get psyched out and think that only foo can delete files
in /jokes.
* Of course, if writeable=yes was not there then you would be right!
Last example!
* VVVIMP: Regardless of the writeable and write list, nobody would be
allowed perm
* To delete IF the OS dir perm did not allow it! Watch out for this!
* Verdict: Yes, bar can delete files in /jokes
=========
Part C
=========
139)
[funny]
path = /jokes
guest ok = yes
Q: Will “badman”, a non-VLU, be able to access the share funny?
A: No. You might think that ‘badman’ will be allowed as a guest user
- nobody/nobody [99/99], which is a System a/c.
But ‘map to guest’, which is a Global directive, is not specified here.
And its default is ‘Never’.
So ‘badman’ will not be allowed and only VLU’s with right pwds, as it should always be.
140) What is a synonym for ‘guest ok’?
A: public
141) Why ‘nobody/nobody’?
A: Bcos, by def ‘guest account = nobody’.
142) What if a VLU ‘foo’ logs into this share. Will he also be mapped to ‘nobody/nobody’ ?
A: No. A VLU will be his own un/gn. [Create a dir in the share to check]
143) I wish for ALL users to be logged in as guests, including VLUs. How?
A:
[funny]
path = /jokes
guest ok = yes
guest only = yes
144) What is the synonym for guest only?
A: only guest
145) What would I have to do to map guest users to some other username/grpname called Berlin/berlin?
A: adduser -r berlin [system a/c/]
Then do :
guest ok = yes
guest account = berlin
guest only = yes
146) What is this ‘map to guest’ directive?
This is a global directive!
This tells smbd what to do if a user logs into a share with a good/bad
username and a good/bad pwd.
Options are : Never [def], Bad User, Bad Password
a. Never : If a user logs in with an invalid username or an invalid pwd,
s/he will be rejected according to the default. This is what
normally transpires.
b. Bad User : If the username given is wrong, the VLU is allowed in with
guest access
c. Bad Password : If the username given is wrong, like when a VLU makes a
typo, the VLU is allowed in with guest access
147) Consider the following:
[global]
default services = helpline
[helpline]
path = /help
Q: Explain how you would use this from a Win or Linux Client?
A: In Win, enter a UNC as \\shivasmbsrv\somewrongshare, you will see the
files pointed to by the default service directive – ie. the files in
dir /help in Linux
or
# smbclient //shivasmbsrv/somewrongshare -U foo%fool will show you the files too
148) Machines become LMBs by configuration or by election?
A: Election
149) Do you have to be a LMB to become a DMB?
A: Yes
150) What directives are needed to make Samba into a LMB?
A: local master = yes, os level = 33, preferred master = yes
151) Why would I ever need a LMB?
A: Keeps a browse list of all the machines on the domain or NW segment and eliminates BC and NW chatter. Also makes for faster browsing [aka name resolution]
152) What directives are needed to make Samba into a DMB?
A: domain master = yes
153) What is the purpose of a DMB?
A: To coordinate browse lists of other LMBs.
154) If I have but just one segment. DO I need a DMB?
A: NO. A DMB acts as a router for browse list coordination between multiple segments, where each segment has its own LMB.
155) What directives are needed to make Samba into a WINS server ?
A: wins support = yes. But first the m/c must be a DMB and therefore a LMB.
156) And into a PDC?
A: security = user,
B: encrypt passwords = yes
C: domain logons = yes
157) If your Samba server was SAMBA, what cmd would you use to check if you were a LMB for the domain ?
A: # nmblookup -SR samba
158) How would you know ?
A: # Look for the “_ _ MSBROWSE _ _”
159) How would you check if you were a DMB for the domain?
A: The same cmd is used. # nmblookup -SR samba
160) How would you know?
A: # Look for the “<1b>”
161) If your Samba server was SAMBA, what cmd would you use to check where the LMB or DMB is from Windows?
A: # nbtstat -a samba
162) There are 2 basic security models. What are they ?
A: user and share
163) The security directive can have what values?
A: user, share, domain and server
164) I wish to make my Samba server just another netbios client using a WinNT PDC/WINS server? What should I do?
A: security = domain wins server = IP of WinNT PDC/WINS server
165) I wish to have my samba pwd validated on another m/c which could be a WIN$ or Samba Server with security = user. What should I do ?
A: security = server
password server = IP of WinNT PDC/WINS server or Another Samba server
********************************
GNU/Linux
=====================
NETWORKING – NIS
=====================
===============
Server-side NIS
===============
1. NIS expands to :
A: NW Info Service
2. It was formerly called :
A: yellow pages
3. Is it still called that ?
A: No. It’s called NIS now since BT UK owns that brandname.
But all NIS software still start with the ‘yp’ chars
4. It was developed by :
A: Sun
5. Which daemons have to be started on a Linux server to enable NIS?
A: portmap, nfs and ypserv [and yppasswdd - optional ]
6. Which dir does one export in NFS to setup a NIS server ?
A: /home
7. And which config file would you do this in ?
A: /etc/exports
8. How would you set the NISDOMAIN for the server ?
A: In /etc/sysconfig/network NISDOMAIN=bom.labs.net
9. How would you check if the NIS domain has been set ?
A: # nisdomainname*
10 # nisdomainname shows (none). Not set. What could be the problem ?
A: You made a change in /etc/sysconfig/network.
You did not start ypserv
11 Can a NIS domain and a canonical domain of a Linux server be the same ?
A: Yes.
12 The config file of the NIS server is :
A: /etc/yp.conf
13 Which config file stores the vital info regarding the location and IP of
the NIS server and the domain for which the NIS server is authoratative ?
A: /etc/yp.conf
14 What should it contain if my NIS server is authoritative for the
192.168.0.0 segment or the domain ‘.bom.labs.net’ ?
domain bom.labs.net server 192.168.0.20
15 The file which defines access rights [Allow/Deny] for remote hosts to your
NIS server from NIS Clients :
A: /etc/securenets
16 Is NIS tcp-wrapper-aware ?
A: No
17 In general, any remote user can issue an RPC and retrieve the contents of
your NIS maps, if s/he knows your domain name. What would you do to allow
only hosts from 192.168.0.0 to access your NIS server ?
A: In /etc/securenets,
255.0.0.0 127.0.0.0
255.255.255.0 192.168.0.0
18 Does the /etc/securenets file exist, by default ?
A: No.
19 So what does that imply ?
A: Let anyone access your NIS server or 0.0.0.0 0.0.0.0, which is a
very bad idea!
20 Are only IPs allowed in the /etc/securenets file ?
A: Yes
21 What are NIS maps ?
A: These are encrypted, indexed dbm’es created from text config files like
/etc/passwd, hosts etc.
Naturally, they are faster to search and more secure.
22 How would you create NIS maps for a Master NIS server ?
A: # /usr/lib/yp/ypinit -m [ Check in /var/yp ]
23 What is this ‘-m’ ?
A: Create a Master NIS Server
24 What is “/usr/lib/yp/ypinit”, a script or a binary ?
A: A shell script to create the NIS maps
25 Where will these map files be created ?
A: The base dir for NIS is /var/yp/. A dir will be created here
corresponding to your NIS domain – bom.labs.net
Under /var/yp/bom/labs.net/ you will find your maps. Which are :
Local Linux File Map File
================ ============
/etc/passwd passwd.byname
passwd.byuid
/etc/group group.bygid
group.byname
/etc/hosts hosts.byaddr
hosts.byname
/etc/services services.byname
services.byservicename
/etc/protocols protocols.byname
protocols.bynumber
/etc/rpc rpc.byname
rpc.bynumber
/etc/networks
/etc/netgroup
mail.aliases
netid.byname
ypservers
===============
Client-side NIS
===============
26 Which daemon connects a NIS client to the NIS server?
A: ypbind
27 To configure a NIS Client the ‘authconfig’ cmd simplifies a lot of work.
What all does this text-based full-screen utility do ? [Hint: Three things]
A: * Puts NISDOMAIN=bom.labs.net in /etc/sysconfig/network
* Puts ‘domain bom.labs.net server brahma.bom.labs.net’ in /etc/yp.conf
* Restarts the ypbind service and binds to a NIS Master server
* Changes the K to a S in Runlevel 3 for the ypbind service.
Check with ntsysv
28 From a NIS Client, how would you know where the NIS Master server is ?
A: ypwhich
29. How would you change you NIS passwd from a Client ?
A: make sure the yppasswdd* daemon is running on the server, then,
# yppasswdd
30. How would you change your shell as a NIS Client ?
A: ypchsh
31. How would you change your GECOS info as a NIS Client ?
A: ypchfn
32. NIS maps are encrypted dbms. How would a Client see the NIS pwd db ?
A: ypcat passwd
33. The NIS DB consists of maps created from local Linux files.
These maps [/var/yp/NISdomain/*] are encrypted dbm’es.
Each map also has a nickname.
How would you see these [shorter/alias] nicknames ?
A: ypcat -x
Use “ethers” for map “ethers.byname”
Use “aliases” for map “mail.aliases”
Use “services” for map “services.byname”
Use “protocols” for map “protocols.bynumber”
Use “hosts” for map “hosts.byname”
Use “networks” for map “networks.byaddr”
Use “group” for map “group.byname”
Use “passwd” for map “passwd.byname”
34. Which file does the above cmd read ?
A: /var/yp/nicknames
Contains a list of aliases to the corresponding maps
35. How would you see the values of all keys in the NIS passwd database ?
A: ypcat passwd or ypcat passwd.byname
36. My NIS server and Clients are working fine. I create a user ‘foo’ on the
server. Can I log in with this foo on the Client ?
A: No. The NIS maps for this user have to be updated.
37. Anyway to check from Client regarding this updation ?
A: Yes. ‘ypcat passwd’. Will show that foo is not in this NIS passwd DB.
38. How do I update these maps for new user ‘foo’ on NIS server?
A: # cd /var/yp
# make
38. What does this make command do ?
A: Examines and follows instructions in the Makefile.
39. What are netgroups and what is a netgroup file?
A: 1. Most often the netgroup file is /etc/netgroup
2. This Netgroup file describes ‘netgroups’ which are sets of host,
user and domain tuples [aka triple] – used for perm checking when
doing remote mounts, remote logins and shells
40. Explain the following entry in /etc/netgroup ?
sysadmins (-,sshah,) (-,foo,)
A: Here is an example of a triple – host, user, domain
/etc/passwd will probably have the following entry :
+@sysadmins::::::
Implies that users sshah and foo will be the only users to have access
to your systems only, any host.
**********************

  1. No comments yet.
  1. No trackbacks yet.

Uses wordpress plugins developed by www.wpdevelop.com Copy Protected by Chetans WP-Copyprotect.