chlebik / rhcsa-practice-questions Goto Github PK

Hello Chlebik,

Correct me if i am Wrong

But the I Think the answer is not Correct for

31) 031_finding_files.md

Question: Find All Files in /etc (not subdirectories) that where modified more than 180 days ago.

The Correct Answer Should be (Since it Says Files)
find /etc -type f -maxdepth 1 -mtime +180

If we use this:
find /etc/ -maxdepth 1 -mtime +180

It also gives dir
/etc/rc3.d
/etc/rc4.d
/etc/rc5.d
/etc/rc6.d

Answer:
The command is simple and straightforward (just remember that >> overrides the file contents and > appends):

It's actually the other way around: > overrides the file contents and >> appends
https://www.gnu.org/software/bash/manual/html_node/Redirections.html

It says right there:
"Remember there is a difference between password expiration and account validation. It is usually better to expire password and make user not being able to log into the system or disable the user, rather than deleting it."
So I don't get it, chage is supposed to just change password validity, right? Which is not what the question is asking.
So the given solution would not be the same as:
usermod --expiredate $(whatever the required date)

I'm confused.

Instead of having to do...

In order to finish the task SELinux must be taken care of. If not, contents of /etc/shadow will be messed up. 
There are two commands to be provided:
 load_policy -i 
 chcon -t shadow_t /etc/shadow

You can just do
touch /.autorelabel
After you set the password.

And then reboot. That will take care of relabeling for selinux.

I believe adding the "default" (d:) flag to the ACL is incorrect; this results in the target user being unable to access the folder.

Creating a new directory /facl with 0700 (default /home directory permissions) then assigning the ACL as suggested:

[root@centos7 ~]# mkdir /facl
[root@centos7 ~]# chmod 0700 /facl
[root@centos7 ~]# ls -ld /facl
drwx------. 2 root root 6 Sep  9 18:46 /facl
[root@centos7 ~]# setfacl -R -m d:u:centos:rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::---
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

However when attempting to access the directory, the specified user cannot access it.

[centos@centos7 ~]$ cd /facl
-bash: cd: /facl: Permission denied
[centos@centos7 ~]$ touch /facl/test
touch: cannot touch ‘/facl/test’: Permission denied

This is likely due to the user (centos) not having write access already in place, but only on newly created files/directories. Adding u:centos:rwx without the preceding d: resolves this:

[root@centos7 ~]# setfacl -m u::rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

Confirming access:

[centos@centos7 ~]$ cd /facl
[centos@centos7 /facl]$ ls -la
total 0
drwxrwx--x+  2 root root   6 Sep  9 18:46 .
dr-xr-xr-x. 18 root root 236 Sep  9 18:46 ..
[centos@centos7 /facl]$ touch x
[centos@centos7 /facl]$ ls -la
total 0
drwxrwx--x+  2 root   root    15 Sep  9 18:58 .
dr-xr-xr-x. 18 root   root   236 Sep  9 18:46 ..
-rw-rw----+  1 centos centos   0 Sep  9 18:58 x
[centos@centos7 /facl]$ getfacl x
# file: x
# owner: centos
# group: centos
user::rw-
user:centos:rwx                 #effective:rw-
group::---
mask::rw-
other::---

Resultant ACL: (note the additional user:centos:rwx)

[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
user:centos:rwx
group::---
mask::rwx
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

After removing all ACLs and starting anew, another way to do this in one fell swoop (if you must use the d: prefix) is:

[root@centos7 ~]# setfacl -b /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::--x
[root@centos7 ~]# setfacl -R -m u:centos:rwx,d:u:centos:rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
user:centos:rwx
group::---
mask::rwx
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::--x

Hello, I seen that podman now has update for ability to map subuid and subguid using unshare

Take example mysql using 27:27, you can map it into your /home/student folder, and using simpler command, you don't need to restorecon -Rv on it, because it automatically shared

example :

podman unshare chown 27:27 /home/student/mysql
podman run -itd --name mysql8 -v /home/student/mysql:/var/lib/mysql:Z -e MYSQL_ROOT_PASSWORD=my-secret-pw -p 13306:3306 docker.io/library/mysql:8.0

see the ...mysql:Z -e...

It's available since 9.0, as 8.0 exam already phased out in mid December 2022.

Manage containers
Find and retrieve container images from a remote registry
Inspect container images
Perform container management using commands such as podman and skopeo
Perform basic container management such as running, starting, stopping, and listing running containers
Run a service inside a container
Configure a container to start automatically as a systemd service -- very important
Attach persistent storage to a container there is

https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam?section=Objectives

A sample question might be (not taken from any RHCSA exam)

Login to the registry. Download image for a webserver. Run web server in a container as a user-service on port 8080, sharing files from /home/user/webfiles

Sample answer:
root$ podman login
user$ podman create . f.e. podman create docker.io/library/httpd as I don't have any local registry present
user$ podman run -d -v /home/user/webfiles:/usr/local/apache2/htdocs -p 8080:80 --name user_httpd docker.io/library/httpd
user$ sudo podman generate systemd user_httpd -o /etc/systemd/user/user_httpd.service (or just copy output if user is not sudoer)
user$ systemctl --user enable --now user_httpd.service (you need to be logged in as a user, not just su to it)

Add SELinux permissions to the catalog
root$ semanage fcontext -at container_file_t "/home/admin/user(/.*)?"
root$ restorecon -vR /home/admin/webfiles

Add port to the firewall
root$ firewall-cmd --add-port=8080/tcp --permanent
root$ firewall-cmd --reload

I've found it in your notes and decided to point it out (maybe you are not aware of the mistake?)

Istnieja specjalne privilage:

• ​SUID ​(np. /usr/bin/passwd) -> ustawia sie u+s albo dajac prefix 4 - co oznacza, ze efektywny UID procesu, ktory ma dostep do pliku to UID ownera pliku. ​Nie da sie tego ustawic na skryptach!!!

Actually, SUID can be set only on regular files, below you've got an example that shows the usage and problem it solves

Please do not treat my recent contributions and this issue as offence, I just want to share the knowledge :) Close once you acknowledge it

And can an account expiration be done with usermod -e instead of chage?

The answer explanation says it's to give full access to John and Davis but doesn't setting the group owner to team do that automatically, if they're both in it?

While trying to install vdo, I got error bash: vdo command not found. Nor was stratisd recognized.

Hello,

Iv been looking around ways to prepare and do all kinds of materias for rhcsa test.
Now that I tried to do and replicate the answer in 008 it doesn't work. I'll get error saying: "passwd -e 2020-11-19 davis
passwd: Only one user name may be specified."

Im not sure if something is changed or what, but that isn't working anymore. I can use it just "passwd -e john" but then the account expires right now. What I found out is the chage -command can be used like "chage davis" and it will ask what date's I want to set. Also its possible to say "chage -E 2020-11-19 davis" which is closest I find what your answer says.

• Rediz