Appendix-C Memory Tables Answer Key - Red Hat

APPENDIX C

Memory Tables Answer Key

Chapter 2

Table 2.2 Standard Input, Output, and Error Overview

Name Default destination Use in RedirectionFile Descriptor Number

STDIN Computer keyboard < (same as 0<) 0

STDOUT Computer monitor > (same as 1>) 1

STDERR Computer monitor 2> 2

Table 2.3 Common Bash Redirectors

Redirector Explanation

> (same as 1>) Redirects STDOUT. If redirection is to a file, the current contents of that file are overwritten.

>> (same as 1>>) Redirects STDOUT. If output is written to a file, the output is appended to that file.

2> Redirects STDERR.

2>&1 Redirects STDERR to the same destination as STDOUT.

< (same as 0<) Redirects STDIN.

Table 2.4 Vim Essential Commands

vim command explanation

Esc Switches from input mode to command mode. Use this before typing any command.

i, a Switches from command mode to input mode at (i) or after (a) the current cursor position.

o Opens a new line below the current cursor position and goes to input mode.

4 Red Hat RHCSA/RHCE 7 Cert Guide

vim command explanation

:wq Writes the current file and quits.

:q! Quits the file without applying any changes. The ! forces the command to do its work. Only add the ! if you really know what you are doing.

:w filename Writes the current file with a new filename.

dd Deletes the current line.

yy Copies the current line.

p Pastes the current selection.

v Enters visual mode, which allows you to select a block of text, using the arrow keys. Use d to cut, or y to copy the selection.

u Undoes the last command. Repeat as often as necessary.

Ctrl+r Redoes the last undo.

gg Goes to the first line in the document.

G Goes to the last line in the document.

/text Searches for text from the current cursor position forward.

?text Searches for text from the current cursor position backward.

^ Goes to the first position in the current line.

$ Goes to the last position in the current line.

!ls Adds the output of ls (or any other command) in the current file.

:%s/old/new/g Replaces all occurrences of old with new.

Chapter 3

Table 3.2 FSH Overview

Directory Use

/ The root directory. This is where the file system tree starts.

/bin In here, you find executable programs that are needed to repair a system in a minimal troubleshooting mode. This directory is essential during boot.

/boot Contains all files and directories that are needed to boot the Linux kernel.

/dev Device files that are used for accessing physical devices. This directory is essential during boot.

/etc Contains configuration files that are used by programs and services that are used on your server. This directory is essential during boot.

Appendix C: Memory Tables Answer Key 5

Directory Use

/home Used for local user home directories.

/lib, /lib64 Shared libraries that are used by programs in /boot, /bin and /sbin.

/media, /mnt Directories that are used for mounting devices in the file system tree.

/opt This directory is used for optional packages that may be installed on your server.

/proc This directory is used by the proc file system. This is a file system structure that gives access to kernel information.

/root The home directory of the root user.

/run Contains process and user specific information that has been created since the last boot.

/sbin Like /bin, but for system administration commands that are not necessarily needed by regular users.

/srv Directory that may be used for data that is used by services like NFS, FTP and HTTP

/sys Used as an interface to different hardware devices that is managed by the Linux kernel and associated processes.

/tmp Contains temporary files that may be deleted without any warning during boot.

/usr Directory that contains subdirectories with program files, libraries for these program files and documentation about them. Typically, many subdirectories exist in this directory that mimic the contents of the / directory. The contents of /usr is not required during boot.

/var Directory that contains files which may change in size dynamically, such as log files, mail boxes and spool files.

Chapter 4

Table 4.2 Essential Tools for Managing Text File Contents

Command Explanation

less Opens the text file in a pager, which allows for easy reading of the text file

cat Dumps the contents of the text file on the screen

head Shows the first 10 lines of the text file

tail Shows the last 10 lines of the text file


Command Explanation

cut Used to filter specific columns or characters from a text file

sort Sorts contents of a text file

wc Counts the number of lines, words, and characters in a file

Table 4.3 Most Significant Regular Expressions

Regular Expression Use

^text Line starts with text.

text$ Line ends with text.

. Wildcard. (Matches any single character.)

[abc] Matches a, b, or c.

* Match 0 to an infinite number of the previous character.

\{2\} Match exactly 2 of the previous character.

\{1,3\} Match a minimum of 1 and a maximum of 3 of the previous character.

colou?r Match 0 or 1 of the previous character. This makes the previous character optional, which in this example would match both color and colour.

Table 4.4 Most Useful grep Options

Option Use

-i Not case sensitive. Matches uppercase as well as lowercase.

-v Only show lines that do not contain the regular expression.

-r Search files in the current directory and all subdirectories.

-e Use this to search for lines matching more than one regular expression.

-A <number> Show <number> of lines after the matching regular expression.

-B <number> Show <number> of lines before the matching regular expression.


Chapter 6

Table 6.2 Methods to Run Tasks with Elevated Permissions

suOpens a subshell as a different user, with the advantage that only in the subshell commands are executed as root

sudo Allows you to set up an environment where specific tasks are executed with administrative privileges

PolicyKit Allows you to set up graphical utilities to run with administrative privileges

Chapter 8

Table 8.2 Binary-Decimal Conversion Overview

Binary Value Decimal Value

00000000 0

00100000 32

01000000 64

01100000 96

10000000 128

10100000 160

11000000 192

11100000 224

Chapter 9

Table 9.2 Job Management Overview

Command Use

& (used at the end of a command line)

Starts the command immediately in the background.

Ctrl+Z Stops the job temporarily so that it can be managed. For instance, it can be moved to the background.

Ctrl+D Send the End Of File (EOF) character to the current job to indicate that it should stop waiting for further input.

Ctrl+C Can be used to cancel the current interactive job.


Command Use

bg Continues the job that has just been frozen using Ctrl+Z in the background.

fg Brings the last job that was moved to background execution back to the foreground.

jobs Shows which jobs are currently running from this shell. Displays job numbers that can be used as an argument to the commands bg and fg.

Table 9.3 Linux Process States Overview

State Meaning

Running (R) The process is currently active and using CPU time, or in the queue of runnable processes waiting to get services.

Sleeping (S) The process is waiting for an event to complete.

Uninterruptable sleep (D) The process is in a sleep state that cannot be stopped. This usually happens while a process is waiting for I/O.

Stopped (S) The process has been stopped, which typically has happened to an interactive shell process using the Ctrl+Z key sequence.

Zombie (Z) The process has been stopped, but could not be removed by its parent, which has put it in an unmanageable state.

Chapter 11

Table 11.2 Key Options in .repo Files

Option Explanation

[label] The label used as an identifier in the repository file.

name= The name of the repository.

mirrorlist= Refers to a URL where information about mirror servers for this server can be obtained. Typically used for big online repositories only.

baseurl= The base URL where to go to find the RPM packages.

gpgcheck= Set to 1 if a GPG integrity check needs to be performed on the packages. If set to 1, a gpgkey is required.

gpgkey= Specifies the location of the GPG key that is used to check package integrity.


Table 11.3 Repository Types and Their Support Status

Type Description

base This is the base repository that contains all essential Red Hat software. Its packages are fully supported.

updates A specific repository that contains updates only.

optional This repository contains packages that are provided for the convenience of Red Hat customers. The packages in this repository are open source and not supported by Red Hat.

supplementary This repository contains packages that are provided for the convenience of Red Hat customers. The packages in this repository are proprietary and not supported by Red Hat.

extras This repository contains packages that are provided for the convenience of Red Hat customers. Software in this repository comes from different sources and is not supported by Red Hat.

Chapter 13

Table 13.2 System Log Files Overview

Log File Explanation

/var/log/messages The most commonly used log file, it is the generic log file where most messages are written to.

/var/log/dmesg Contains kernel log messages.

/var/log/secure Contains authentication related messages. Look here to see which authentication errors have occurred on a server.

/var/log/boot.log Look here for messages that are related to system startup.

/var/log/audit/audit.log Contains audit messages. SELinux writes to this file.

/var/log/maillog Look here for mail-related messages.

/var/log/samba Provides log files for the Samba service. Notice that Samba by default is not managed through rsyslog, but writes directly to the /var/log directory.

/var/log/sssd Contains messages that have been written by the sssd service, which plays an important role in the authentication process.

/var/log/cups Contains log messages that were generated by the print service CUPS.

/var/log/httpd/ Directory that contains log files that are written by the Apache web server. Notice that Apache writes messages to these files directly and not through rsyslog.


Chapter 14

Table 14.6 Common Mount Options

Option Use

auto / noauto The file system will [not] be mounted automatically.

acl Adds support for file system access control lists (see Chapter 7, “Configuring Permissions”).

user_xattr Add support for user extended attributes (see Chapter 7).

ro Mounts the file system in read-only mode.

atime / noatime Disables or enables access time modifications.

noexec / exec Denies or allows execution of program files from the file system.

_netdev Use this to mount a network file system. This tells fstab to wait until the network is available before mounting this file system.

Chapter 18

Table 18.2 Systemd Status Overview

Status Description

Loaded The unit file has been processed and the unit is active.

Active(running) Running with one or more active processes.

Active(exited) Successfully completed a one-time configuration.

Active(waiting) Running and waiting for an event.

Inactive Not running.

Enabled Will be started at boot time.

Disabled Will not be started at boot time.

Static This unit cannot be enabled but may be started by another unit automatically.


Chapter 19

Table 19.2 Boot Phase Configuration and Troubleshooting Overview

Boot Phase Configuring It Fixing It

POST Hardware configuration (F2, Esc, F10, or another key)

Replace hardware.

Selecting the bootable device

BIOS/UEFI configuration or hardware boot menu

Replace hardware or use rescue system.

Loading the boot loader grub2-install and edits to /etc/defaults/grub

GRUB boot prompt and edits to /etc/defaults/grub, followed by grub2-mkconfig.

Loading the kernel Edits to the GRUB configuration and /etc/dracut.conf

GRUB boot prompt and edits to /etc/defaults/grub, followed by grub2-mkconfig.

Starting /sbin/init Compiled into initramfs init= kernel boot argument, rd.break kernel boot argument.

Processing initrd.target Compiled into initramfs Not typically required.

Switch to the root file system

/etc/fstab /etc/fstab.

Running the default target /etc/systemd/system/default.target

Start the rescue.target as a kernel boot argument.

Chapter 21

Table 21.2 SELinux Core Elements

Element Use

Policy A collection of rules that define which source has access to which target.

Source domain The object that is trying to access a target. Typically a user or a process.

Target domain The thing that a source domain is trying to access. Typically a file or port.

Context A security label that is used to categorize objects in SELinux.

Rule A specific part of the policy that determines which source domain has which access permissions to which target domain.

Labels Same as context label, defined to determine which source domain has access to which target domain.


Chapter 22

Table 22.2 Firewalld Default Zones

Zone name Default Settings

Block Incoming network connections are rejected with an “icmp-host-prohibited” message. Only network connections that were initiated on this system are allowed.

Dmz For use on computers in the demilitarized zone. Only selected incoming connections are accepted, and limited access to the internal network is allowed.

Drop Any incoming packets are dropped and there is no reply.

External For use on external networks with masquerading (Network Address Translation [NAT]) enabled, used especially on routers. Only selected incoming connections are accepted.

Home For use with home networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

Internal For use in internal networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

Public For use in public areas. Other computers in the same network are not trusted, and limited connections are accepted. This is the default zone for all newly created network interfaces.

trusted All network connections are accepted.

work For use in work areas. Most computers on the same network are trusted, and only selected incoming connections are accepted.

Table 22.3 Common firewall-cmd Options

Firewall-cmd Options Explanation

--get-zones Lists all available zones

--get-default-zone Shows the zone currently set as default zone

--set-default-zone=<ZONE> Changes the default zone

--get-services Shows all available services

--list-services Shows services currently in use

--add-service=<service-name> [--zone=<ZONE>]

Adds a service to the current default zone or the zone that is specified

--remove-service=<service-name> Removes a service from the configuration

--list-all [--zone=<ZONE>] Lists all configurations in a zone


Firewall-cmd Options Explanation

--add-port=<port/protocol> [--zone=<ZONE>]

Adds a port and protocol

--remove-port=<port/protocol> [--zone=<ZONE>]

Removes a port from the configuration

--add-interface=<INTERFACE> [--zone=<ZONE>]

Adds an interface to the default zone or a specific zone that is specified

--remove-interface=<INTERFACE> [--zone=<ZONE>]

Removes an interface from a specific zone

--add-source=<ipaddress/netmask> [--zone=<ZONE>]

Adds a specific IP address

--remove-source=<ipaddress/netmask> [--zone=<ZONE>]

Removes an IP address from the configuration

--permanent Writes configuration to disk and not to run-time

--reload Reloads the on-disk configuration

Chapter 23

Table 23.2 Default NFS Security Options

Option Explanation

none Access to files is anonymous and mapped to the UID and GID of the user nfsnobody. Writes are permitted only if nfsnobody has write access.

sys File access is based on UID and GID values on the client and the matching of these to the IDs used on the server. This is the default setting.

krb5 Client users must prove identity using Kerberos. After that, Linux permissions apply. See Chapter 36, “Configuring NFS,” to learn more about the RHCE objective of setting up Kerberized NFS servers and mounts.

krb5i Like krb5 but adds the guarantee that data in a request has not been tampered with.

krb5p Like krb5i but adds encryption to each request. This has the highest level of protection, but does have a negative impact on performance.


Chapter 24

Table 24.2 Understanding Linux Time

Concept Explanation

Hardware clock The hardware clock that resides on the main card of a computer system

Real-time clock Same as the hardware clock

System time The time that is maintained by the operating system

Software clock Similar to system time

Universal time coordinated A worldwide standard time

Daylight savings time Calculation that is made to change time automatically when daylight savings time changes occur

Local time The time that corresponds to the time in the current time zone

Table 24.3 Commands Related to RHEL 7 Time Management

Command Short description

date Manages local time

hwclock Manages hardware time

timedatectl Developed to manage all aspects of time on RHEL 7

Table 24.4 timedatectl Command Overview

Command Explanation

status Show current time settings

set-time TIME Set the current time

set-timezone ZONE Set the current time zone

list-timezone Show a list of all time zones

set-local-rtc [0|1] Control whether RTC (the Real Time Clock—this normally refers to the hardware clock) is in local time

set-ntp [0|1] Control whether NTP is enabled


Chapter 25

Table 25.2 Account Information and Authentication Services Overview

Service Used for Description

LDAP Account information and authentication

Generic network service used for authentication. Implemented in products such as Active Directory and IPA server.

NIS Account information and authentication

Legacy UNIX method to provide centralized account information and authentication.

NIS+ Account information and authentication

An update on the legacy NIS service that was mentioned previously.

Kerberos Authentication Protocol developed for secure authentication of users and services.

/etc/passwd Account information Default file that contains account information.

/etc/shadow Authentication Default file that contains authentication information.

Chapter 26

Table 26.2 iSCSI Terminology

Item Description

IQN The iSCSI qualified name. A unique name that is used for identifying targets as well as initiators.

Backend storage The storage devices on the iSCSI target that the iSCSI target component is providing access to.

Target The service on an iSCSI server that gives access to backend storage devices.

Initiator The iSCSI client that connects to a target and is identified by an IQN.

ACL The access control list that is based on the iSCSI initiator IQNs and used to provide access to a specific target. While setting up the iSCSI target on RHEL 7, creating an ACL is mandatory. This ACL is based on the IQN of the iSCSI initiator that should be granted access.

LUN A logical unit number. The backend storage devices that are shared through the target. This can be any device that supports read/write operations, such as disks, partitions, logical volumes, files, or tape drives.


Item Description

Portal The IP address and port that a target or initiator uses to establish connections. Also referred to as node.

TPG The target portal group. This is the collection of IP addresses and TCP ports to which a specific iSCSI target will listen.

Discovery The process whereby an initiator finds the targets that are configured on a portal and stores this information locally for future reference. Discovery is done by using the iscsiadm command.

Login Authentication that gives an initiator access to LUNs on the target. After successful login, the login information is stored on the initiator automatically. Login is performed using the iscsiadm command.

Chapter 27

Table 27.2 CPU Performance Parameters

Performance Indicator Explanation

us Percentage of time the CPU spends handling processes in user mode. This often is processes that have been started without root privileges and do not do any direct interaction with the Linux kernel.

sy Percentage of time the CPU spends in kernel mode. This is globally the time that is spent handling system calls and accessing drivers.

ni The percentage of time the server spends handling processes of which the nice value has been adjusted.

id Percentage of time the processor spends in the idle loop. This is time the CPU is available without taking time away from other processes.

wa Time the processor spends waiting for noninterruptible I/O, such as requests to disks, hard-mounted NFS, and tape units. A high value in this parameter indicates slow-performing storage and may need further optimization, which would normally be applied to the storage channel.

hi Time the processor spends handling hardware interrupts. A high value may indicate faulty hardware.

si Time the processor spends handling software interrupts.

st Percentage of stolen time. This parameter shows in a virtualization environment where virtual machines are “stealing” processor time from the hypervisor.


Table 27.3 Memory Usage Parameters

Usage Indicator Explanation

KiB Mem Total amount of physical memory in KiB (1 KiB = 1024 bytes)

used Total amount of RAM that is used for any purpose

free Total amount of RAM that is not used for anything

buffers Total amount of used memory that is used for storing unstructured data

cached Mem Total amount of memory that is used to cache files that have recently been fetched from disk

Table 27.4 Performance Monitoring Utilities Overview

Tool Description

cifsiostat Shows performance statistics for the CIFS file sharing service

nfsiostat Shows performance statistics for the NFS file sharing service

iostat Generic utility that shows I/O performance statistics

mpstat Used to show CPU utilization information in a multi-CPU environment

pidstat Shows process ID (PID)-related performance statistics

vmstat Generic utility that shows detailed information about memory usage

Chapter 28

Table 28.4 sysctl Command-Line Options

Option Value

-a Shows all tunables.

--system Shows all tunables that have been changed through sysctl.

-p <filename> Loads values from the <filename> that is specified. Use this to activate changes that you have just entered in a sysctl file. If no filename is specified, etc/sysctl.conf is used.

-w Write a new value to a tunable. This has the same effect as using echo to write the value to the variable.

-x Does nothing. This information does not help you; I just wanted to share that this command has a defined option that does not do anything.


Table 28.5 Most Useful sysctl Tunables

Tunable Use

net.ipv4.ip_forward Set to 1 to enable packet forwarding between network interfaces.

net.ipv4.icmp_echo_ignore_all Set to 1 to disable all ping.

net.ipv4.icmp_echo_ignore_broadcasts Set to 1 to disable broadcast ping.

vm.swappiness Use a value between 0 and 100 to increase the willingness of your server to swap data.

kernel.hostname Set the hostname of this system.

Chapter 29

Table 29.2 imfile Module Parameters Overview

Module Use

InputFileName Name of the file that the module is monitoring

InputFileTag Tag that is used when writing log messages

InputFileStateFile Name of the file that rsyslog is using internally to track changes

InputRunFileMonitor Parameter that is used to trigger continuous monitoring of the input file

InputFileFacility Name of the facility that rsyslog will be using

InputFileSeverity The priority that will be used when logging messages through this file

InputFilePollInterval The interval that should be used for polling the input file

Chapter 30

Table 30.2 Teaming Runners Overview

Runner Working

broadcast All packets are transmitted on all ports.

roundrobin Packets are transmitted in a round-robin fashion from each port in the team.

activebackup A failover runner that watches for link changes and selects an active interface.


Runner Working

loadbalance A runner that uses a hash function to reach optimal load balancing when selecting network interfaces for packet transmission.

lacp A runner that is doing load balancing based on the Lightweight Access Control Protocol (LACP), which is also known as 802.3ad. Make sure that it is supported on your switches before selecting this runner. If this runner is used, you’ll probably have to do some additional configuration on your switches as well.

Chapter 32

Table 32.2 Rich Rules Basic Manipulations

Manipulation Explanation

--add-rich-rule=’<RULE>’ Adds <RULE> to the default zone or to the zone that is specified.

--remove-rich-rule=’<RULE>’ Removes <RULE> from the default zone or from the zone that is specified.

--query-rich-rule=’<RULE>’ Queries if <RULE> has been added to a zone. Returns 0 if the rule is present and 1 if it is not and does not give any further details.

--list-rich-rules Lists all rich rules for the default zone or for the zone that is specified as an argument.

Chapter 33

Table 33.2 httpd.conf Essential Configuration Parameters Overview

Parameter Explanation

ServerRoot The directory that contains all server configuration. Names of other configuration files are relative to this directory.

Listen The port that the httpd process listens on.

Include Used to refer to directories that contain additional configuration files that need to be included.

ServerAdmin The name of the server administrator.


Parameter Explanation

Directory Used as a block of parameters to specify parameters that are specific for one directory. Often used to determine which kind of content is allowed. A directory block often contains AllowOverride, Require, and Options as common directives.

AllowOverride If set to None, httpd will not read the contents of the .htaccess file that can be used for per-directory settings.

Options Used to specify several options. A common option is Indexes, which will show a directory listing if no index.html exists in the directory that access is requested to.

Require All Set to Granted to allow the contents of the directory to be accessed. Set to Denied to deny access to all contents of this specific directory.

DirectoryIndex Specifies the name of the file to which contents should be shown when accessing a directory. index.html is used by default for this purpose.

ErrorLog Used to name the file where errors are logged to.

LogLevel Indicates which type of messages (and higher) should be logged.

ScriptAlias Defines an alias that is relative to the DocumentRoot where Apache looks for scripts that are allowed for execution.

IncludeOptional Lists optional configuration files that can be included as well.

Table 33.3 Apache-Related SELinux Settings

Setting Type Use

httpd_sys_content_t Context type Set on directories that Apache is allowed access to.

httpd_sys_content_rw_t Context type Set on directories that Apache is allowed read/write access to.

httpd_sys_script_exec_t Context type Used for directories that contain executable scripts.

httpd_unified Boolean Defines Apache restricted policy. It is off by default, or simplified/unified policy when set to on.

httpd_enable_cgi Boolean Switched on by default to allow Apache to run scripts.

httpd_tty_comm Boolean Used to determine if Apache is allowed access to a TTY. Make sure to switch on if you are using TLS private keys that prompt for a password on startup.


Table 33.4 Commonly Used Options for Apache Access Restrictions.

Directive Use

AuthType Specifies the type of authentication that will be used. Set to Basic in most cases. More advanced authentication types are beyond the RHCE objectives.

AuthName Defines a name for the authenticated directory.

AuthUserFile Defines which file is used to check for users.

AuthGroupFile Refers to the file that contains group names that are used for HTTP access restrictions.

Require Specifies which users or groups have access. Three common ways exist to use this parameter:

n Require valid user: Allows access to all users that are defined

n Require user lisa bob: Allows access to users lisa and bob

n Require group admin: allows access to members of the admin group

Chapter 34

Table 34.2 Important Resource Record Types

Resource Record Type Use

A (IPv4 address) Maps a hostname to an IPv4 address.

AAAA (IPv6 address) Maps a hostname to an IPv6 address.

CNAME (canonical name) An alias for one name to another name that should have an A or AAAA record.

PTR (pointer) Maps an IP address (v4 or v6) to a hostname.

NS (name server) Maps a domain name to a DNS name server that is authoritative for the DNS zone.

SOA (start of authority) Contains generic information about how a DNS zone works. It contains information about who is responsible for administration of the domain.

MX (mail exchange) Indicates which MTA mail servers are used within a DNS domain.

TXT (text) Maps a name to human readable text. This type of resource record is, for instance, used by protocols like Send Policy Framework, which in email is used to verify the name of the domain an email message was received from.

SRV (service) Indicates which host to contact for specific services such as LDAP and Kerberos.


Table 34.3 Common dig Status Indicators

Indicator Meaning

NOERROR DNS resolving was successful.

NXDOMAIN The DNS information that was requested was not found.

SERVFAIL There was an error contacting a vital DNS server.

Chapter 35

Table 35.2 Database Elements

Name Description

Database The totality of data that consists of different tables. Employees can be the name of a database.

Table Classes of items that are used in a database. In an employee’s database, you can have tables such as employment status and addressbook. Within the database, the tables can be interrelated. In each database, you must have at least one table.

Fields The type of information that is created in a table. In an addressbook table, you have fields such as name, street, and city, for example.

Record The specific dataset stored in a table. Every customer, for example, has a record in the addressbook database, where the name and street records contain specific values for that customer.

Value Specific values that are stored in a field. For instance, the name field in the addressbook table may have Linda Jones as its value.

Chapter 37

Table 37.2 Samba Global Parameters

Samba Parameter Use

workgroup Specifies the Windows workgroup that the Samba server is a member of. This setting is also used to specify the Samba domain.

security Indicates how security is handled. The default is set to security = user, which requires users to have a valid username that is managed by the Samba server and mapped to a Linux user account name.


Samba Parameter Use

host allow A comma, space, or tab-delimited list of hosts that are allowed access to the Samba service. See man 5 hosts_access for details on the format that needs to be used.

load printers This option, which by default is set to yes, ensures that printers from the CUPS print subsystem are shared through Samba.

cups options This option is used to specify that print driver processing is handled by CUPS, and at the Samba level no interpretation of print jobs has to happen.

log file Specifies the name of the file that Samba writes log messages to.

Table 37.3 Common Directory Share Options

Directive Use

path The path on the Linux file system of the shared directory.

writable Enables write access on a share. If set to yes, all authenticated users have write access (if also permitted by Linux permissions). If set to no, a comma-separated write list of users or groups can be used to specify names of users and groups that have write permissions on the share. (See also read only.)

read only Setting the read only parameter to no has the same effect as setting writable to yes.

write list Contains a comma separated list of users or groups that have write access, even if writable is set to no. To use groups, put a @ in front of the group name.

valid users Use to limit access to the share to listed users only. By default all users have access to the share.

comment Use to specify a comment. This comment is displayed to users before connecting to the share.

guest ok Allows access to the guest account. Be careful using this because it basically bypasses all security settings. This parameter is required on some administrative shares though.

browseable Allows browse access to shares, which means that users can navigate through the share structure to see items available in the share. Make sure to disable on the [home] share.


Table 37.4 Samba-Related SELinux Settings

SELinux Setting Use

samba_share_t Gives Samba read and write access to this directory and everything below it.

public_content_t Gives Samba and other services read-only access to this directory and everything below it.

public_content_rw_t Gives Samba and other services read/write access to this directory and everything below it. Needs an additional Boolean setting.

smbd_anon_write Allows write access for Samba anonymous users. Required when using the public_content_rw_t context type.

samba_enable_home_dirs Allows Linux home directories to be shared through Samba.

use_samba_home_dirs Allows remote SMB file shares to be mounted and shared as local Linux home directories.

Table 37.5 cifscreds Options

Option Explanation

add Adds the SMB credentials to the current user session. This option is followed by the name of the SMB server.

update Updates the existing credentials. This option needs the name of the SMB server.

clear Removes an entry from the current session. This option needs the name of the SMB server.

clearall Clears all existing credentials from the session.

Chapter 38

Table 38.2 Postfix Server Processes Overview

Process Purpose

master The process that controls all other Postfix processes.

smtp Responsible for SMTP communication between Postfix hosts.

pickup Picks up messages after they have been placed in the message queue.

cleanup Cleans up the message queue after the message has been delivered.


Process Purpose

rewrite If postfix maps are used to rewrite parts of the message header, the rewrite process takes care of that.

sendmail The standard program that is used to send messages and which is implemented by Postfix.

qmgr Generic process that manages the contents of the message queue.

Table 38.3 Essential Postfix Parameters

Parameter Use

inet_interfaces Interface(s) on which the Postfix service will offer services. By default, set to loopback only! Set to all to have Postfix listen on all network interfaces.

myorigin Allows you to rewrite posted email to come from a specific domain instead of $myhostname. Most often used to strip off the hostname from the sender’s email address.

relayhost Specifies which central mail server to forward messages to.

mydestination Domains handled by this server. Mail addressed to a domain not listed in mydestination is rejected.

local_transport Specifies what to use for local mail delivery. On servers that do not handle mail reception, set to “error: local delivery disabled.”

inet_protocols Specifies which protocol to use to offer services. Defaults to IPv6 if this is available. Set to ipv4 to keep configuration easy.

mynetworks Space-separated list of networks that are allowed to relay.

Chapter 39

Table 39.2 Most Useful sshd Configuration Options

Option Use

Port Defines the TCP listening port.

PermitRootLogin Allow/disallow root login.

MaxAuthTries Used to specify the maximum number of authentication tries. After reaching half of this number, failures are logged to syslog.

MaxSessions The maximum number of sessions that can be open from one IP address.


Option Use

AllowUsers Used to specify a space-separated list of users that are allowed to connect to the server.

PasswordAuthentication Specifies whether to allow password authentication. This option is on by default.

GSSAPIAuthentication Indicates whether authentication through the GSSAPI needs to be enabled. Used for Kerberos-based authentication.

TCPKeepAlive Set to yes if you do not want to clean up inactive TCP connections.

ClientAliveInterval The interval in seconds that packets are sent to the client to figure out if the client is still alive.

ClientAliveCountMax The number of client alive packets that needs to be sent.

UseDNS If on, uses DNS name lookup to match incoming IP addresses to names.

ServerAliveInterval The interval in seconds that a client sends packet to a server to keep connections alive.

ServerAliveCountMax The maximum number of packets a client sends to a server to keep connections alive.

Table 39.3 Port Forwarding Examples

Command Use

ssh -fNL 4444:server.rhatcertification.com:80 [email protected]

Connect as root to server2.example.com to forward port 80 on server.rhatcertification.com to local port 4444.

ssh -fNL 5555:localhost:80 [email protected]

Connect as root to server2.example.com to forward port 80 on that host to port 5555 on localhost.

ssh -fNR 80:localhost:8088 [email protected]

Connect as user to lab.sandervanvugt.nl to forward port 8088 to port 80 on localhost.


Chapter 40

Table 40.3 chronyc Tracking Columns

Parameter Use

Reference ID IP address or name of the remote source.

Stratum Distance to the reference clock.

Ref time The time in UTC when the last measurement from the reference source was processed.

System time The difference between the NTP time and the local clock.

Last offset The estimated local time difference on the last update.

RMS offset The long-term average of the offset. Higher values indicate a more unreliable clock.

Frequency The rate by which the clock would be wrong without chronyd correcting it.

Date post:	13-Apr-2016
Category:	Documents
Upload:	xjohnyx
View:	17 times
Download:	0 times

Appendix-C Memory Tables Answer Key - Red Hat

Documents