System Admin Q & A – XXII

Ques 1: – What is PXE Server in Linux?

Ans: – The Preboot Execution Environment (PXE) is a method of network booting blade and cluster systems. It is the core technology for Intel’s Wired for Management (WfM) initiative and is supported by most commercial network interfaces.
A PXE install server allows your client computers to boot and install a Linux distribution over the network, without the need of burning Linux iso images onto a CD/DVD, boot floppy images, etc.

Ques 2: – For how much time sudo command stores sudoer’s password & how can we change it ?

Ans: –
By default, sudo stores the sudoer’s password for a five minute timeout period. Any subsequent uses of the command during this period will not prompt the user for a password. This could be exploited by an attacker if the user leaves his workstation unattended and unlocked while still being logged in. This behavior can be changed by adding the following line to the /etc/sudoers file:

Defaults timestamp_timeout=
where is the desired timeout length in minutes. Setting the to 0 causes sudo to require a password every time

Ques 3: – What is sosreport & why it is required ?

Ans: – sosreport is a command in linux (RHEL / CentOS) which collects system configuration and diagnostic information of your linux box like running kernel version, loaded modules, and system and service configuration files. This command also runs external programs to collect further information, and stores this output in the resulting archive.

Sosreport is required when you have open a case with redhat for technical support. Redhat support Engineers will require sosreport of your server for troubleshooting purpose.

Ques 4: – How to check nfs server IO stats & performance in Linux ?

Using command ‘nfsiostat‘ we can list iostat of nfs mount points. Use the below command :

#  nfsiostat interval count mount_point

: specifies the amount of time in seconds between each report. The first report contains statistics for the time since each file system was mounted. Each subsequent report contains statistics collected during the interval since the previ-ous report.

: If the parameter is specified, the value of determines the number of reports generated at seconds apart. if the interval parameter is specified without the parameter, the command generates reports continuously.

: If one or more names are specified, statistics for only these mount points will be displayed. Otherwise, all NFS mount points on the client are listed.

Ques 5: – What is portmap?

Ans: – The portmapper keeps a list of what services are running on what ports. This list is used by a connecting machine to see what ports it wants to talk to access certain services.

Ques 6: – What are different versions of NFS Server ?

Ans: – Currently, there are three versions of NFS. NFS version 2 (NFSv2) is older and widely supported. NFS version 3 (NFSv3) supports safe asynchronous writes and is more robust at error handling than NFSv2; it also supports 64-bit file sizes and offsets, allowing clients to access more than 2Gb of file data.

NFS version 4 (NFSv4) works through firewalls and on the Internet, no longer requires an rpcbind service, supports ACLs, and utilizes stateful operations. Red Hat Enterprise Linux 6.X & Centos 6.X supports NFSv2, NFSv3, and NFSv4 clients. When mounting a file system via NFS, Red Hat Enterprise Linux uses NFSv4 by default, if the server supports it.

Ques 7: – What is difference between root_squash & no_root_squash ?

Ans: – root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server.

(Exactly which UID the request is mapped to depends on the UID of user “nobody” on the server, not the client.)

no_root_squash : if this option is used , then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories. You should not specify this option without a good reason.

Ques 8: – What is chroot environment in ftp server ?

Ans: – chroot environment prevents the user from leaving its home directory means jail like environment where users are limited to their home directory only. It is the addon security of ftp server.

Ques 9: – What are the defaults ports used for linux ftp server ?

Ans: – Port 20 – This is the data transfer port. All the all subsequent data transfers between the client and server are done using this port.

Port 21 – On this port control connection is established. All commands we send and the ftp server’s responses to those commands will go over the control connection, but any data sent back (such as “ls” directory lists or actual file data in either direction) will go over the data connection.

Ques 10: – What is the difference between Hard mount & Soft mount in nfs ?

Ans: – Difference between soft mount and hard mount is listed below :

Soft Mount : Consider we have mounted a NFS share using ‘soft mount’ . When a program or application requests a file from the NFS filesystem, NFS client daemons will try to retrieve the data from the NFS server. But, if it doesn’t get any response from the NFS server (due to any crash or failure of NFS server), the NFS client will report an error to the process on the client machine requesting the file access. The advantage of this mechanism is “fast responsiveness” as it doesn’t wait for the NFS server to respond. But, the main disadvantage of this method is data corruption or loss of data. So, this is not a recommended option to use.

Hard Mount : Suppose we have mounted the NFS share using hard mount, it will repeatedly retry to contact the server. Once the server is back online the program will continue to execute undisturbed from the state where it was during server crash. We can use the mount option “intr” which allows NFS requests to be interrupted if the server goes down or cannot be reached. Hence the recommended settings are hard and intr options.

Ques 11: – How to enable only limited/allowed users are able to login via ftp ?

Ans: – This can be done by editing the file ‘/etc/vsftpd/vsftpd.conf’ and add the below directives :

The file specified by userlist_file will now contain users that are able to login.