102-500日本語 無料問題集「Lpi LPIC-1 Exam 102, Part 2 of 2, version 5.0 (102-500日本語版)」
シャドウパスワードが有効になっているLinuxシステムで、ファイルシステムのどのファイルにすべてのローカルユーザーのパスワードハッシュが含まれていますか? (パスを含むファイルのフルネームを指定してください。)
正解:
/etc/shadow
Explanation:
On a Linux system with shadow passwords enabled, the file that contains the password hashes of all local users is /etc/shadow. This file is a replacement for the password field in /etc/passwd, which is a world-readable file that contains basic information about users. The /etc/shadow file is not readable by regular users, and it stores the encrypted passwords (or hashes) of each user, along with other information such as password expiration dates, minimum and maximum password ages, and password warning periods. The /etc/shadow file has nine colon-delimited fields for each user:
* Username: The name used when the user logs into the system.
* Password: The encrypted password of the user, or a special character that indicates the password status.
For example, an asterisk (*) means the account is locked, and an exclamation mark (!) means the password is expired.
* Last Password Change: The date of the last password change, expressed as the number of days since January 1, 1970.
* Minimum Password Age: The minimum number of days required between password changes. A zero means the password can be changed anytime.
* Maximum Password Age: The maximum number of days the password is valid. After this number of days, the password must be changed. A zero means the password never expires.
* Password Warning Period: The number of days before the password expires that the user will be warned. A zero means no warning is given.
* Password Inactivity Period: The number of days after the password expires that the account will be disabled. A negative value means the account is never disabled.
* Account Expiration Date: The date when the account will be disabled, expressed as the number of days since January 1, 1970. A zero means the account never expires.
* Reserved Field: A field for future use.
The /etc/shadow file can be modified by using the commands passwd and chage, which are used to change the password and the password aging information of a user, respectively. The /etc/shadow file should not be edited directly, but always through the tools provided by the distribution. For more details, see the shadow manual page.
References:
* LPIC-1 Exam 102 Objectives, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Weight: 2, Key Knowledge Areas: Configure sudo and sudoers. Use sudo to execute commands as another user.
* LPIC-1 Exam 102 Learning Materials, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Section 110.2.1: sudo and sudoers, Page 3-5.
Explanation:
On a Linux system with shadow passwords enabled, the file that contains the password hashes of all local users is /etc/shadow. This file is a replacement for the password field in /etc/passwd, which is a world-readable file that contains basic information about users. The /etc/shadow file is not readable by regular users, and it stores the encrypted passwords (or hashes) of each user, along with other information such as password expiration dates, minimum and maximum password ages, and password warning periods. The /etc/shadow file has nine colon-delimited fields for each user:
* Username: The name used when the user logs into the system.
* Password: The encrypted password of the user, or a special character that indicates the password status.
For example, an asterisk (*) means the account is locked, and an exclamation mark (!) means the password is expired.
* Last Password Change: The date of the last password change, expressed as the number of days since January 1, 1970.
* Minimum Password Age: The minimum number of days required between password changes. A zero means the password can be changed anytime.
* Maximum Password Age: The maximum number of days the password is valid. After this number of days, the password must be changed. A zero means the password never expires.
* Password Warning Period: The number of days before the password expires that the user will be warned. A zero means no warning is given.
* Password Inactivity Period: The number of days after the password expires that the account will be disabled. A negative value means the account is never disabled.
* Account Expiration Date: The date when the account will be disabled, expressed as the number of days since January 1, 1970. A zero means the account never expires.
* Reserved Field: A field for future use.
The /etc/shadow file can be modified by using the commands passwd and chage, which are used to change the password and the password aging information of a user, respectively. The /etc/shadow file should not be edited directly, but always through the tools provided by the distribution. For more details, see the shadow manual page.
References:
* LPIC-1 Exam 102 Objectives, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Weight: 2, Key Knowledge Areas: Configure sudo and sudoers. Use sudo to execute commands as another user.
* LPIC-1 Exam 102 Learning Materials, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Section 110.2.1: sudo and sudoers, Page 3-5.
sshでのX11転送で、X11転送が有効になっていないときに設定されない環境変数は、リモートホストシェルに自動的に設定されますか? (追加のコマンドや値を付けずに環境変数のみを指定してください。)
正解:
DISPLAY, $DISPLAY
Explanation:
With X11 forwarding in ssh, the environment variable that is automatically set in the remote host shell is DISPLAY. This variable specifies the name of the X display to which X11 clients should connect. When X11 forwarding is enabled, the ssh server sets the DISPLAY variable to a value like localhost:10.0, which means that the X11 clients will connect to a proxy X11 display on the remote host. The proxy display will then forward the X11 protocol over ssh to the X server on the local host. This way, the X11 clients can display their graphical output on the local host, even though they are running on the remote host. If X11 forwarding is not enabled, the DISPLAY variable is not set by the ssh server, and the X11 clients will not be able to connect to any X display unless the user manually sets the DISPLAY variable to a valid value. However, this may not work if the X server on the local host does not allow remote connections or if there are firewall rules that block the X11 traffic.
References:
* 3: Built-in SSH X11 forwarding in PowerShell or Windows Command Prompt - X410
* 4: Understanding X11 Forwarding through SSH - start to finish steps
* 1: Why use ssh X11 forwarding with LSF; How to use ssh X11 forwarding - IBM
Explanation:
With X11 forwarding in ssh, the environment variable that is automatically set in the remote host shell is DISPLAY. This variable specifies the name of the X display to which X11 clients should connect. When X11 forwarding is enabled, the ssh server sets the DISPLAY variable to a value like localhost:10.0, which means that the X11 clients will connect to a proxy X11 display on the remote host. The proxy display will then forward the X11 protocol over ssh to the X server on the local host. This way, the X11 clients can display their graphical output on the local host, even though they are running on the remote host. If X11 forwarding is not enabled, the DISPLAY variable is not set by the ssh server, and the X11 clients will not be able to connect to any X display unless the user manually sets the DISPLAY variable to a valid value. However, this may not work if the X server on the local host does not allow remote connections or if there are firewall rules that block the X11 traffic.
References:
* 3: Built-in SSH X11 forwarding in PowerShell or Windows Command Prompt - X410
* 4: Understanding X11 Forwarding through SSH - start to finish steps
* 1: Why use ssh X11 forwarding with LSF; How to use ssh X11 forwarding - IBM