chlebik / rhcsa-practice-questions Goto Github PK

RHCSA practice questions for version 7/8

linux rhcsa-certification rhcsa rhcsa-exam rhel7 rhel centos7 centos shell rhcsa-practice-questions

rhcsa-practice-questions's Introduction

RHCSA Practice Questions repository

This repository contains separate practice questions/scenarios that should help You pass RHCSA exam (for version 7). It is a collection gathered from various places on the internet - below list should contain all sources I've used to create it.

MeetDarji - https://www.youtube.com/channel/UCCgSGcWnSQYwBchMxoIBIWA
InsideGNULinux - https://insidegnulinux.blogspot.com/2016/11/rhel-7-rhcsa-exam-questions-and-answers.html
CertDepot - https://www.certdepot.net/rhel7-rhcsa-sample-exam-1/

Every question is placed in a separate file - therefore it is easier to split studying into small and comprehensive parts which can be used every day. There is no particular order in which questions are laid - it is a good way to easilly change context and not to stay focused on one topic for longer time.

At the very beginning of every file there is a question, then comes blank space in order for the answer not be seen when opening the file. I've tried to make answers clear and very detailed - mentioning possible problems You can encounter along the way.

If You've found any mistake or error please do not hesitate to contact me or create PR with a fix. If You want to expand this repo please feel free to do so - I am open to new questions all the time.

There is also a folder with my notes from Sander van Gut certification book. However it is only in Polish.

All the questions were validated by me on CentOS 7 - it is possible that it won't be working for newer versions!!! Questions for RHCSA 8 exams are explicitly marked.

rhcsa-practice-questions's People

Contributors

Stargazers

Watchers

Forkers

tcharewicz roblesniak mallesha frogus-tec artursyl amit128149 nlmitterecker irmo-keulen raja324 maxyymilian w-adisurya moody1511 ankita2295 aymanesmael wues4 dpskvn doctypehuman tadxb888 yoyellow chipitsine marisalinux malikperang vinhducnguyen1708 billybennett bparinas rakibsec knolp codesamplestore apohadin quackzack skysbsb achrefbensaad annabogdanovich91 khld paaaron vostorga nieuport rohitsamad alexander-krug pieterdauds gadingisy allenvarughese22 dmierm coolscripting harish0201 adszm nmakanan davidffry pranavparamel ismaelrlg krushnabhanage10 fastidious aa90416 methamode liamfitt999 pavanmudigonda tylerjgold igiasiranis sanjay-sinha nivedkarimpunkara russseaman chrsierra spenfraz hiprakash josserpinat srajeshwintel cgpala ccaswara rajeevranjancom payalbhatia info-tech-nologie darshhd jtplace1 corporalcupcake allansong2012 aynyuh siqueirafls hsahu26 ccjung earba81 wtankoua edy-1 afsatou724263 bedniyjorik chansky9 mverma-cloud lacherv ashish7myid alvarosola1 dwenzi tanseemkalam ikhtear2005 jnecam dongjinmedia pepsdiop phillipmschwartz jcvn-info m-swapnesh chroot007 mariuszkuswik

rhcsa-practice-questions's Issues

Solution is NOT the Correct one for 031_finding_files.md

Hello Chlebik,

Correct me if i am Wrong

But the I Think the answer is not Correct for

31) 031_finding_files.md

Question: Find All Files in /etc (not subdirectories) that where modified more than 180 days ago.

The Correct Answer Should be (Since it Says Files)
find /etc -type f -maxdepth 1 -mtime +180

If we use this:
find /etc/ -maxdepth 1 -mtime +180

It also gives dir
/etc/rc3.d
/etc/rc4.d
/etc/rc5.d
/etc/rc6.d

"008_create_users_with_specified_uid" - Question says to change "account validity", solution expires the password

It says right there:
"Remember there is a difference between password expiration and account validation. It is usually better to expire password and make user not being able to log into the system or disable the user, rather than deleting it."
So I don't get it, chage is supposed to just change password validity, right? Which is not what the question is asking.
So the given solution would not be the same as:
usermod --expiredate $(whatever the required date)

I'm confused.

Is the purpose of the setting of the SGID bit on /common (question 10 I think) so that any new files created will be group-owned by team?

The answer explanation says it's to give full access to John and Davis but doesn't setting the group owner to team do that automatically, if they're both in it?

Incorrect SUID description

I've found it in your notes and decided to point it out (maybe you are not aware of the mistake?)

Istnieja specjalne privilage:

SUID (np. /usr/bin/passwd) -> ustawia sie u+s albo dajac prefix 4 - co oznacza, ze efektywny UID procesu, ktory ma dostep do pliku to UID ownera pliku. Nie da sie tego ustawic na skryptach!!!

Actually, SUID can be set only on regular files, below you've got an example that shows the usage and problem it solves

Please do not treat my recent contributions and this issue as offence, I just want to share the knowledge :) Close once you acknowledge it

001_restore_root_password.md - use .autorelabel in order to handle selinux when re-rooting box

Instead of having to do...

In order to finish the task SELinux must be taken care of. If not, contents of /etc/shadow will be messed up. 
There are two commands to be provided:
 load_policy -i 
 chcon -t shadow_t /etc/shadow

You can just do
touch /.autorelabel
After you set the password.

And then reboot. That will take care of relabeling for selinux.

Podman folder can be maped using podman unshare chown uid:gid and using :Z upon create running

Hello, I seen that podman now has update for ability to map subuid and subguid using unshare

Take example mysql using 27:27, you can map it into your /home/student folder, and using simpler command, you don't need to restorecon -Rv on it, because it automatically shared

example :

podman unshare chown 27:27 /home/student/mysql
podman run -itd --name mysql8 -v /home/student/mysql:/var/lib/mysql:Z -e MYSQL_ROOT_PASSWORD=my-secret-pw -p 13306:3306 docker.io/library/mysql:8.0

see the ...mysql:Z -e...

It's available since 9.0, as 8.0 exam already phased out in mid December 2022.

Worth to add questions about podman

Manage containers
Find and retrieve container images from a remote registry
Inspect container images
Perform container management using commands such as podman and skopeo
Perform basic container management such as running, starting, stopping, and listing running containers
Run a service inside a container
Configure a container to start automatically as a systemd service -- very important
Attach persistent storage to a container there is

https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam?section=Objectives

A sample question might be (not taken from any RHCSA exam)

Login to the registry. Download image for a webserver. Run web server in a container as a user-service on port 8080, sharing files from /home/user/webfiles

Sample answer:
root$ podman login
user$ podman create . f.e. podman create docker.io/library/httpd as I don't have any local registry present
user$ podman run -d -v /home/user/webfiles:/usr/local/apache2/htdocs -p 8080:80 --name user_httpd docker.io/library/httpd
user$ sudo podman generate systemd user_httpd -o /etc/systemd/user/user_httpd.service (or just copy output if user is not sudoer)
user$ systemctl --user enable --now user_httpd.service (you need to be logged in as a user, not just su to it)

Add SELinux permissions to the catalog
root$ semanage fcontext -at container_file_t "/home/admin/user(/.*)?"
root$ restorecon -vR /home/admin/webfiles

Add port to the firewall
root$ firewall-cmd --add-port=8080/tcp --permanent
root$ firewall-cmd --reload

009 "default" prefix (d:) problematic

I believe adding the "default" (d:) flag to the ACL is incorrect; this results in the target user being unable to access the folder.

Creating a new directory /facl with 0700 (default /home directory permissions) then assigning the ACL as suggested:

[root@centos7 ~]# mkdir /facl
[root@centos7 ~]# chmod 0700 /facl
[root@centos7 ~]# ls -ld /facl
drwx------. 2 root root 6 Sep  9 18:46 /facl
[root@centos7 ~]# setfacl -R -m d:u:centos:rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::---
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

However when attempting to access the directory, the specified user cannot access it.

[centos@centos7 ~]$ cd /facl
-bash: cd: /facl: Permission denied
[centos@centos7 ~]$ touch /facl/test
touch: cannot touch ‘/facl/test’: Permission denied

This is likely due to the user (centos) not having write access already in place, but only on newly created files/directories. Adding u:centos:rwx without the preceding d: resolves this:

[root@centos7 ~]# setfacl -m u::rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

Confirming access:

[centos@centos7 ~]$ cd /facl
[centos@centos7 /facl]$ ls -la
total 0
drwxrwx--x+  2 root root   6 Sep  9 18:46 .
dr-xr-xr-x. 18 root root 236 Sep  9 18:46 ..
[centos@centos7 /facl]$ touch x
[centos@centos7 /facl]$ ls -la
total 0
drwxrwx--x+  2 root   root    15 Sep  9 18:58 .
dr-xr-xr-x. 18 root   root   236 Sep  9 18:46 ..
-rw-rw----+  1 centos centos   0 Sep  9 18:58 x
[centos@centos7 /facl]$ getfacl x
# file: x
# owner: centos
# group: centos
user::rw-
user:centos:rwx                 #effective:rw-
group::---
mask::rw-
other::---

Resultant ACL: (note the additional user:centos:rwx)

[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
user:centos:rwx
group::---
mask::rwx
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::---

After removing all ACLs and starting anew, another way to do this in one fell swoop (if you must use the d: prefix) is:

[root@centos7 ~]# setfacl -b /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
group::---
other::--x
[root@centos7 ~]# setfacl -R -m u:centos:rwx,d:u:centos:rwx /facl
[root@centos7 ~]# getfacl /facl
getfacl: Removing leading '/' from absolute path names
# file: facl
# owner: root
# group: root
user::rwx
user:centos:rwx
group::---
mask::rwx
other::--x
default:user::rwx
default:user:centos:rwx
default:group::---
default:mask::rwx
default:other::--x

bash vdo command not found

While trying to install vdo, I got error bash: vdo command not found. Nor was stratisd recognized.

Question 008_create_users_with_specified_uid answer isn't correct

Hello,

Iv been looking around ways to prepare and do all kinds of materias for rhcsa test.
Now that I tried to do and replicate the answer in 008 it doesn't work. I'll get error saying: "passwd -e 2020-11-19 davis
passwd: Only one user name may be specified."

Im not sure if something is changed or what, but that isn't working anymore. I can use it just "passwd -e john" but then the account expires right now. What I found out is the chage -command can be used like "chage davis" and it will ask what date's I want to set. Also its possible to say "chage -E 2020-11-19 davis" which is closest I find what your answer says.

Rediz

When creating a user and password, wouldn't it be better to do a one-liner with useradd with -p <password>?

And can an account expiration be done with usermod -e instead of chage?

Question 028. Wrong statement about redirection

Answer:
The command is simple and straightforward (just remember that >> overrides the file contents and > appends):

It's actually the other way around: > overrides the file contents and >> appends
https://www.gnu.org/software/bash/manual/html_node/Redirections.html