Re: Red Hat Linux Interview Series 17 - Page 2

Chetan_Tiwary_ · ‎10-09-2024

Q.) I have configured apache web service to serve the contents of the /home/student/public_html directory , allowing anyone with home directory permission to access its contents. However while accessing http://servera/~student/index.html it gives http 403 forbidden error. How to resolve this ?

Q.) What is the utility of nsswitch.conf file ?

Q.) You have been provided a sar archive report - "report.data", how will you get the network statistics from this archive file ?

Bonus Q.) Please find the format of the network statistics :

Screenshot from 2024-10-10 01-21-37.png

How will you determine the highest number of network packets received per second for interface enp1s0, as recorded in the report.data file.

Level - L2 and above.

I'll be posting a series of Linux-related questions covering various skill levels. Feel free to share your insights and expertise. Your contributions will benefit learners at all stages, from those in current roles to those preparing for Linux interviews.

Trevor · ‎10-10-2024

Dang Chetan! If you're gonna give me that level of a hint, you've
essentially given me the answer:-)

Labeling issue!!!

There's no rule in the SELinux policy that supports access of the
object (target), from the subject (source).

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_ · ‎10-10-2024

@Trevor If I say the labelling is not the issue here, how will you proceed further?

The hint is same : SELinux.

Armanator · ‎10-10-2024

If it's not a labeling issue and it's a 403 forbidden error I would most likely look at what permissions are set for the public_html directory. Give "others" read and execute permissions.

Chetan_Tiwary_ · ‎10-10-2024

That access is already there as per the question and that is not the issue, then how to proceed further for troubleshooting ?
Use the hint : think around selinux .

TM · ‎10-10-2024

setsebool -P httpd_enable_homedirs=on

Chetan_Tiwary_ · ‎10-10-2024

Great job @TM !

httpd by default is not allowed to access users home directories. If you want to allow access to users home directories you need to set the httpd_enable_homedirs boolean .

you can see getting httpd AVC denials for both search and getattr (/home/student), and /var/log/httpd/error_log showing error like search permissions missing on path. You will still need perms 711 on the user's homedir and at least 755 on $USER/public_html but that was already there as per this hypothetical interview scenario.

Trevor · ‎10-10-2024

If the issue is not due to labeling, which takes the SELinux policy
out of the equation, I'm going to guess that there's a possibility
that the directory of an NFS mounted one, in which case the SELinux
boolean that pertains to this needs to be set. I'll go with this for now
until I can do some additional research. This is a great challenge!!!

Trevor "Red Hat Evangelist" Chandler

Emanuel_Haine · ‎10-11-2024

Question 1

After making sure the DAC permissions are and file labeling are good, we should allow this via SELinux booleans:

setsebool -P httpd_enable_homedirs 1

or

semanage boolean -m --on httpd_enable_homedirs

I believe if you have the setroubleshoot-server package installed, it would give this hint in the journalctl output.

Chetan_Tiwary_ · ‎10-12-2024

@Emanuel_Haine Great job!

Emanuel_Haine · ‎10-12-2024

Thank you, @Chetan_Tiwary_

Red Hat Linux Interview Series 17

administration

DevOps

job interview

Learn

linux

linux-admin

Practice

Question

rhca

round

screening

SRE

SysAdmin

technical

troubleshooting