Quiz: Root Access, Boot Process, File Systems, Partitions, and Mounting

1. True/False

The root user is the superuser account and has the highest access rights on a Linux system.

Answer: True

---

2. True/False

It is recommended to stay logged in as root for normal daily work because it is faster.

Answer: False
Explanation: Staying logged in as root is risky because mistakes may affect the entire system.

---

3. Multiple Choice

Which command is preferred when you need to run one privileged command?

A. su -
B. sudo command
C. exit
D. whoami

Answer: B. sudo command

---

4. Multiple Choice

What does the command below do?

su -

A. Runs one command as root
B. Opens a login shell as root
C. Shows the current user
D. Lists mounted filesystems

Answer: B. Opens a login shell as root

---

5. Multiple Choice

Which process is usually started by the kernel as the first userspace process?

A. GRUB
B. BIOS
C. systemd or init
D. fdisk

Answer: C. systemd or init

---

6. Multiple Choice

Which systemd target usually represents a non-graphical multi-user system?

A. poweroff.target
B. rescue.target
C. multi-user.target
D. graphical.target

Answer: C. multi-user.target

---

7. Multi-Select

Which of the following are risks of using the root account directly?

Select all that apply.

A. Accidental system-wide file changes
B. Running ordinary tasks with unnecessary privileges
C. Forgetting that you are logged in as root
D. More accountability than sudo
E. Background processes may run with root privilege

Answers: A, B, C, E

---

8. Multi-Select

Which commands are commonly part of the basic partition, format, mount, and verify workflow?

Select all that apply.

A. lsblk
B. fdisk
C. mkfs
D. mount
E. df -h
F. passwd

Answers: A, B, C, D, E

---

9. Multi-Select

Which statements about filesystems are correct?

Select all that apply.

A. A filesystem organizes data and metadata on storage
B. Journaling can reduce recovery time after an unclean shutdown
C. ext4 is commonly used on many Linux distributions
D. FAT is a modern Linux-native journaling filesystem
E. NTFS is associated with Microsoft Windows

Answers: A, B, C, E

---

10. Fill in the Blank with Choices

A filesystem defines how __________ and metadata are organized and accessed on a storage device.

A. users
B. data
C. passwords
D. targets

Answer: B. data

---

11. Fill in the Blank with Choices

The Linux filesystem table is stored in the file __________.

A. /etc/passwd
B. /etc/fstab
C. /boot/grub
D. /var/log

Answer: B. /etc/fstab

---

12. Fill in the Blank with Choices

On modern systems, __________ is normally preferred over MBR for large disks unless compatibility requires MBR.

A. FAT
B. GPT
C. ext2
D. BIOS

Answer: B. GPT

---

13. Matching

Match each FHS directory with its purpose.

Directory	Purpose
1. /etc	A. User home directories
2. /var	B. Device files
3. /home	C. System-wide configuration files
4. /dev	D. Logs and changing data
5. /boot	E. Boot loader files and kernels

Answer:

Directory	Correct Purpose
/etc	C
/var	D
/home	A
/dev	B
/boot	E

---

14. Matching

Match each command with its purpose.

Command	Purpose
1. lsblk	A. Format a partition with a filesystem
2. fdisk	B. Show block devices
3. mkfs	C. Modify partition tables
4. mount	D. Attach a filesystem to the Linux directory tree
5. umount	E. Detach a mounted filesystem

Answer:

Command	Correct Purpose
lsblk	B
fdisk	C
mkfs	A
mount	D
umount	E

---

15. Ordering

Put the boot stages in the correct order.

A. Kernel starts init/systemd
B. BIOS/UEFI starts
C. GRUB loads the selected kernel
D. System reaches target/services
E. MBR or boot loader code begins the boot manager stage

Correct Order:

1. B
2. E
3. C
4. A
5. D

---

16. Ordering

Put the storage setup steps in the correct order.

A. Format the partition with mkfs
B. Identify the disk with lsblk
C. Mount the filesystem
D. Create a partition using fdisk
E. Verify using df -h

Correct Order:

1. B
2. D
3. A
4. C
5. E

---

17. Short Answer

Explain the difference between sudo and su -.

Sample Answer:
sudo runs a single command with elevated privileges and logs the action. su - opens a new login shell as another user, usually root if no username is provided. sudo is safer for one administrative task, while su - is used when a full shell as another user is needed.

---

18. Hands-on Short Answer

Write commands to format /dev/sdb1 as ext4, create /mnt/test, mount the partition, and verify it.

Sample Answer:

sudo mkfs -t ext4 /dev/sdb1
sudo mkdir -p /mnt/test
sudo mount -t ext4 /dev/sdb1 /mnt/test
df -h

---

19. Analytical Short Answer

Why is /dev/sdb commonly used with fdisk, but /dev/sdb1 is commonly used with mkfs?

Sample Answer:
/dev/sdb represents the whole disk, so fdisk uses it to create or modify the disk’s partition table. /dev/sdb1 represents a specific partition, so mkfs formats that partition with a filesystem.

---

20. Higher-Order Short Answer

A server should automatically mount a new ext4 partition after every reboot. Which file should be configured, and what information does it need?

Sample Answer:
The file /etc/fstab should be configured. It needs the filesystem or UUID, mount point, filesystem type, mount options, dump value, and filesystem check pass value. Example pattern:

UUID=... /mnt/data ext4 defaults 0 2

This allows the system to mount the filesystem automatically during boot.

REF: AI Tools/ChatGPT

Linux Special Permissions: SUID, SGID, and Sticky Bit

Linux normally uses three permission groups:

u = user/owner
g = group
o = others

And three basic permissions:

r = read
w = write
x = execute

Example:

ls -l file.txt

Output:

-rwxr-xr--

But Linux also has special permissions:

SUID       = user +s
SGID       = group +s
Sticky Bit = others +t

They appear in ls -l output as:

s, S, t, or T

---

1. SUID — Set User ID

Meaning

SUID means:

When an executable file runs, it runs with the permission of the file owner, not the user who started it.

SUID is mainly useful on executable programs, not normal text files.

Set SUID

chmod u+s filename

Numeric form:

chmod 4755 filename

The 4 means SUID.

Remove SUID

chmod u-s filename

---

Example: /usr/bin/passwd

The passwd command lets a normal user change their own password.

ls -l /usr/bin/passwd

Possible output:

-rwsr-xr-x 1 root root ... /usr/bin/passwd

Notice:

rws

The s appears in the user execute position.

Normal owner permission would be:

rwx

With SUID, it becomes:

rws

Because /usr/bin/passwd is owned by root, when a normal user runs:

passwd

the program temporarily runs with the file owner’s privilege, which is root, but only for the controlled task of changing the password.

---

SUID: lowercase s vs uppercase S

This is very important.

Lowercase s

Lowercase s means:

SUID is set AND owner execute permission exists.

Example:

touch demo
chmod 755 demo
chmod u+s demo
ls -l demo

Output:

-rwsr-xr-x 1 user user ... demo

Here:

rws

means:

owner has read + write + execute
SUID is also set

Uppercase S

Uppercase S means:

SUID is set BUT owner execute permission is missing.

Example:

touch demo
chmod 644 demo
chmod u+s demo
ls -l demo

Output:

-rwSr--r-- 1 user user ... demo

Here:

rwS

means:

SUID is set
but owner execute permission is missing

So uppercase S usually means the special permission is set, but it is not useful for execution because x is missing.

---

2. SGID — Set Group ID

Meaning on files

SGID on an executable file means:

When the file runs, it runs with the permission of the file’s group owner.

Meaning on directories

SGID is especially useful on directories.

On a directory, SGID means:

New files and subdirectories created inside the directory inherit the directory’s group ownership.

This is very useful for shared project folders.

---

Set SGID

chmod g+s filename_or_directory

Numeric form:

chmod 2755 filename_or_directory

The 2 means SGID.

Remove SGID

chmod g-s filename_or_directory

---

Example: Shared project directory

Suppose we have a group named developers.

sudo mkdir /project
sudo chgrp developers /project
sudo chmod 2775 /project

Check:

ls -ld /project

Possible output:

drwxrwsr-x 2 root developers ... /project

Notice the group part:

rws

That means:

group has read + write + execute
SGID is set

Now when a user creates a file inside /project, the file can inherit the directory’s group:

touch /project/app.txt
ls -l /project/app.txt

Possible output:

-rw-r--r-- 1 alice developers ... app.txt

Even if Alice’s normal primary group is different, the file is created with the developers group because the parent directory has SGID.

---

SGID: lowercase s vs uppercase S

Lowercase s

Lowercase s means:

SGID is set AND group execute permission exists.

Example:

mkdir shared
chmod 775 shared
chmod g+s shared
ls -ld shared

Output:

drwxrwsr-x 2 user user ... shared

The group permission part is:

rws

This means SGID is set and the group can enter/search the directory.

Uppercase S

Uppercase S means:

SGID is set BUT group execute permission is missing.

Example:

mkdir shared
chmod 764 shared
chmod g+s shared
ls -ld shared

Output:

drwxrwSr-- 2 user user ... shared

The group permission part is:

rwS

This means SGID is set, but group execute is missing.

For a directory, this is usually a problem because group members need x permission to enter or access items inside the directory.

---

3. Sticky Bit

Meaning

The Sticky Bit is mostly used on directories.

It means:

Users can create files in the directory, but they can delete only their own files.

This is useful for shared writable directories.

---

Set Sticky Bit

chmod o+t directory

Numeric form:

chmod 1777 directory

The 1 means Sticky Bit.

Remove Sticky Bit

chmod o-t directory

---

Example: /tmp

The /tmp directory is shared by many users and programs.

ls -ld /tmp

Possible output:

drwxrwxrwt 10 root root ... /tmp

Notice the last character:

t

That means Sticky Bit is set.

The directory is writable by many users, but one user cannot delete another user’s files.

---

Example: Create a shared temporary directory

sudo mkdir /sharedtmp
sudo chmod 1777 /sharedtmp
ls -ld /sharedtmp

Output:

drwxrwxrwt 2 root root ... /sharedtmp

Now different users can create files inside /sharedtmp, but they cannot delete files owned by other users.

---

Sticky Bit: lowercase t vs uppercase T

Sticky Bit uses t or T, not s or S.

Lowercase t

Lowercase t means:

Sticky Bit is set AND others execute permission exists.

Example:

mkdir sharedtmp
chmod 777 sharedtmp
chmod o+t sharedtmp
ls -ld sharedtmp

Output:

drwxrwxrwt 2 user user ... sharedtmp

The others permission part is:

rwt

This means:

others have read + write + execute
Sticky Bit is set

Uppercase T

Uppercase T means:

Sticky Bit is set BUT others execute permission is missing.

Example:

mkdir sharedtmp
chmod 776 sharedtmp
chmod o+t sharedtmp
ls -ld sharedtmp

Output:

drwxrwxrwT 2 user user ... sharedtmp

The others permission part is:

rwT

This means Sticky Bit is set, but others do not have execute permission.

For a directory, this usually means others cannot properly enter or access the directory.

---

Quick Summary of s, S, t, and T

Symbol	Location in ls -l	Meaning
s	user execute position	SUID set and user execute exists
S	user execute position	SUID set but user execute missing
s	group execute position	SGID set and group execute exists
S	group execute position	SGID set but group execute missing
t	others execute position	Sticky Bit set and others execute exists
T	others execute position	Sticky Bit set but others execute missing

---

Visual Examples

Normal executable file

-rwxr-xr-x

Owner has execute permission.

SUID with execute

-rwsr-xr-x

SUID is active and owner execute exists.

SUID without execute

-rwSr-xr-x

SUID is set, but owner execute is missing.

---

Normal group-executable directory

drwxrwxr-x

Group has execute permission.

SGID directory with execute

drwxrwsr-x

SGID is active and group execute exists.

SGID directory without group execute

drwxrwSr-x

SGID is set, but group execute is missing.

---

Sticky Bit directory with others execute

drwxrwxrwt

Sticky Bit is active and others execute exists.

Sticky Bit directory without others execute

drwxrwxrwT

Sticky Bit is set, but others execute is missing.

---

Numeric Permission Summary

Special permissions are added before the normal three permission digits.

Permission	Numeric value	Example
SUID	4	chmod 4755 program
SGID	2	chmod 2775 shareddir
Sticky Bit	1	chmod 1777 sharedtmp

Examples:

chmod 4755 program      # SUID + rwxr-xr-x
chmod 2755 directory    # SGID + rwxr-xr-x
chmod 1777 directory    # Sticky Bit + rwxrwxrwx

You can also combine them:

chmod 6755 program

Here:

6 = 4 + 2

So 6755 means:

SUID + SGID + rwxr-xr-x

---

Command Summary

Set SUID:

chmod u+s program

Remove SUID:

chmod u-s program

Set SGID:

chmod g+s directory

Remove SGID:

chmod g-s directory

Set Sticky Bit:

chmod o+t directory

Remove Sticky Bit:

chmod o-t directory

Check permissions:

ls -l filename
ls -ld directory

---

Practical Use Cases

SUID use case

Used when a normal user needs to run a specific program with the file owner’s privileges.

Common example:

ls -l /usr/bin/passwd

Possible output:

-rwsr-xr-x 1 root root ... /usr/bin/passwd

This allows users to change their passwords safely without giving them full root access.

---

SGID use case

Used for shared team directories.

Example:

sudo mkdir /team
sudo chgrp developers /team
sudo chmod 2775 /team

Result:

drwxrwsr-x root developers /team

Files created inside /team inherit the developers group.

---

Sticky Bit use case

Used for shared writable directories where users should not delete each other’s files.

Example:

sudo mkdir /publicdrop
sudo chmod 1777 /publicdrop

Result:

drwxrwxrwt root root /publicdrop

Users can create files, but they cannot delete other users’ files.

---

Final Blog Summary

SUID: Run an executable as the file owner.
SGID: Run an executable as the file group, or make files inherit a directory group.
Sticky Bit: In shared directories, users can delete only their own files.

The lowercase letters mean the related execute permission is present:

s = SUID/SGID + execute
t = Sticky Bit + execute

The uppercase letters mean the special permission is set, but execute is missing:

S = SUID/SGID set, execute missing
T = Sticky Bit set, execute missing

For practical use, lowercase s and t are usually what you expect to see. Uppercase S or T often indicates a permission setup that should be reviewed.

REF: AI Tools/ChatGPT

When people say:

Max permissions on a file: 666

they usually mean default maximum permissions when a new regular file is created, not the maximum you can manually set.

1. Default maximum for new files: 666

For a new regular file, Linux normally starts from:

666 = rw-rw-rw-

That means:

owner  = read + write
group  = read + write
others = read + write

No execute permission by default.

Why? Because most new files are text files, data files, documents, config files, etc. They should not automatically be executable.

Example:

touch file1.txt
ls -l file1.txt

You may see something like:

-rw-r--r-- 1 user user file1.txt

The actual permission is affected by the umask.

---

2. Default maximum for directories: 777

For a new directory, Linux normally starts from:

777 = rwxrwxrwx

Why? Because directories need x permission to be entered or searched.

Example:

mkdir dir1
ls -ld dir1

You may see:

drwxr-xr-x 2 user user dir1

Again, the final permission is affected by the umask.

---

3. What if I give a file 777?

You can manually give a file 777:

chmod 777 file1.txt
ls -l file1.txt

Output:

-rwxrwxrwx 1 user user file1.txt

This means:

owner  = read + write + execute
group  = read + write + execute
others = read + write + execute

So everyone can read, modify, and execute the file.

---

4. Is 777 allowed?

Yes, it is allowed.

But it is usually not safe.

For a regular file, 777 means any user can change the file and possibly run it as a program or script.

For example, this is risky:

chmod 777 script.sh

because any user may be able to modify the script and then execute it.

---

5. Better permissions

For a normal text/config/data file:

chmod 644 file.txt

Meaning:

owner can read/write
group can read
others can read

For a private file:

chmod 600 file.txt

For a script that only the owner should run:

chmod 700 script.sh

For a script others can read and execute but not modify:

chmod 755 script.sh

---

Simple summary

666 = normal maximum default for new files
777 = normal maximum default for new directories
777 on a file is possible, but usually unsafe

Slide-friendly version:

Linux does not give execute permission to new regular files by default. New files start from a maximum of 666, while directories start from 777 because directories need execute permission to be entered. A file can be changed to 777 manually, but this gives everyone read, write, and execute access, which is usually insecure.

REF: AI Tools/ChatGPT

SELinux stands for Security-Enhanced Linux.

It is a Linux security system that adds an extra layer of protection to the operating system. It controls what users, programs, services, and processes are allowed to do.

A simple definition:

SELinux is a security feature in Linux that enforces strict rules about which processes can access which files, directories, ports, and system resources.

General idea

Normal Linux permissions ask:

Does this user have permission to access this file?

SELinux asks an additional question:

Is this process allowed by security policy to access this object?

So even if normal file permissions allow access, SELinux can still block it.

Example

Suppose Apache web server tries to read:

/var/www/html/index.html

Normal permissions may allow it:

-rw-r--r--

But SELinux also checks the file’s security label. If the file has the wrong SELinux label, Apache may be denied access.

Example command:

ls -Z /var/www/html/index.html

This shows SELinux security context labels.

Why SELinux is useful

SELinux helps protect the system if a service is misconfigured or compromised.

For example, if a web server is attacked, SELinux can limit what the web server process is allowed to access. The attacker may control the web server process, but SELinux can still prevent it from reading unrelated system files.

Common SELinux modes

getenforce

Possible outputs:

Enforcing
Permissive
Disabled

Mode	Meaning
Enforcing	SELinux policy is active and blocks unauthorized actions
Permissive	SELinux does not block, but logs warnings
Disabled	SELinux is turned off

Slide-friendly summary

SELinux is a mandatory access control system for Linux. It uses security policies and labels to control what processes can access. It provides extra protection beyond normal Linux permissions.

REF: AI Tools/ChatGPT

To remove a specific user completely from ACL permissions, use setfacl -x.

Remove a user ACL from a file

setfacl -x u:username filename

Example:

setfacl -x u:john report.txt

Check:

getfacl report.txt

---

Remove a user ACL from a directory

setfacl -x u:username directoryname

Example:

setfacl -x u:john projectdir

---

If the directory has default ACLs too

For directories, a user may have:

1. Access ACL — applies to the directory itself
2. Default ACL — automatically inherited by new files/subdirectories created inside

Remove both:

setfacl -x u:john projectdir
setfacl -x d:u:john projectdir

Or in one command:

setfacl -x u:john,d:u:john projectdir

---

Remove user ACL recursively

To remove that user from a directory and everything inside it:

setfacl -R -x u:john projectdir

To remove both access ACL and default ACL recursively:

setfacl -R -x u:john,d:u:john projectdir

---

Important note

This removes the user from the ACL, but it does not delete the Linux user account.

Also, if that user is the owner of the file, removing ACL will not remove owner permissions. You would need chown or chmod for that.

Example:

chown otheruser report.txt
chmod 640 report.txt

---

Remove all ACL entries from a file

To remove all extended ACLs, not just one user:

setfacl -b filename

Example:

setfacl -b report.txt

Use this carefully because it removes all extra ACL users/groups.

REF: AI Tools/ChatGPT

Linux has two main permission layers:

1. Traditional permissions: user / group / others  (UGO)
2. ACL permissions: extra permission rules for specific users/groups

1. Traditional UGO permissions

UGO means:

u = user owner
g = group owner
o = others

Example:

chmod ugo+x script.sh

means:

Give execute permission to user, group, and others.

Another example:

chmod 777 file.txt

means:

Owner  = read + write + execute
Group  = read + write + execute
Others = read + write + execute

So 777 is very broad. It gives everyone full access.

r = 4
w = 2
x = 1

7 = 4 + 2 + 1 = rwx

So:

777 = rwxrwxrwx

This is usually not safe, especially for shared systems.

---

2. ACL permissions

ACL means Access Control List.

ACL lets you give permission to specific extra users or groups, without changing the main owner/group/others permissions.

Example:

setfacl -m u:john:rwx project.txt

This gives user john read, write, and execute permission on project.txt.

Check ACL:

getfacl project.txt

Remove John’s ACL:

setfacl -x u:john project.txt

---

Main difference

Feature	UGO / chmod	ACL / setfacl
Basic permission system	Yes	Extended permission system
Controls owner, group, others	Yes	Yes, but with extra rules
Give permission to one specific extra user	Limited	Yes
Good for simple permissions	Yes	Yes
Good for complex/shared access	Not ideal	Better
Example	chmod 755 file	setfacl -m u:john:rwx file

---

Example situation

Suppose you have this file:

ls -l report.txt

Output:

-rw------- 1 sayed sayed report.txt

Only sayed can read and write.

Now you want only john to also read it.

Bad approach:

chmod 777 report.txt

This gives everyone full access.

Better approach:

setfacl -m u:john:r report.txt

This gives only John read permission.

---

Simple summary

chmod / UGO = basic permissions for owner, group, and everyone else.
ACL = extra detailed permissions for specific users or groups.

Use chmod 777 only in rare testing situations. For real systems, ACL is safer when you want to give access to one specific user or group.

REF: AI Tools/ChatGPT

ACL vs SELinux

ACL and SELinux both control access, but they work at different levels.

Feature	ACL	SELinux
Full name	Access Control List	Security-Enhanced Linux
Main purpose	Give extra file permissions to specific users/groups	Enforce system-wide security policy
Access model	DAC: Discretionary Access Control	MAC: Mandatory Access Control
Controlled by	File owner/root	SELinux policy/root
Works on	Files/directories	Files, processes, ports, services, users
Common commands	getfacl, setfacl	getenforce, ls -Z, semanage, restorecon

---

Simple explanation

ACL

ACL is like saying:

“This specific user or group can access this file/directory.”

Example:

setfacl -m u:john:rwx projectdir

This gives user john read, write, and execute permission on projectdir.

Check ACL:

getfacl projectdir

ACL extends normal Linux permissions:

owner / group / others

So ACL is mainly about who can access a file or directory.

---

SELinux

SELinux is like saying:

“Even if Linux permissions allow this, the system security policy must also allow it.”

Example:

ls -Z /var/www/html

You may see SELinux context labels such as:

system_u:object_r:httpd_sys_content_t:s0

This label tells SELinux what type of object it is.

For example, Apache may be allowed to read files labeled:

httpd_sys_content_t

But Apache may be blocked from reading a file with the wrong SELinux label, even if file permissions are 777.

---

Important rule

For access to work, both must allow it:

Linux permissions / ACL must allow it
AND
SELinux policy must allow it

If either one denies access, the access fails.

Example:

ACL allows user john
SELinux denies the action
Result: Access denied

Another example:

SELinux allows Apache
File permission denies Apache
Result: Access denied

---

Example situation

Suppose Apache cannot read a web page.

You check normal permissions:

ls -l /var/www/html/index.html

Output:

-rw-r--r-- 1 root root index.html

Looks okay.

Then check SELinux label:

ls -Z /var/www/html/index.html

If the label is wrong, Apache may still be denied.

Fix SELinux context:

sudo restorecon -v /var/www/html/index.html

or for the whole directory:

sudo restorecon -Rv /var/www/html

---

Commands summary

ACL commands

getfacl file.txt
setfacl -m u:john:r file.txt
setfacl -x u:john file.txt
setfacl -b file.txt

SELinux commands

getenforce
sestatus
ls -Z file.txt
restorecon -v file.txt

---

Slide-friendly summary

ACL = extra file permissions for specific users/groups.
SELinux = mandatory security policy using labels and rules.

ACL answers: “Which user/group can access this file?”
SELinux answers: “Is this process allowed to access this object in this way?”

Access works only when both Linux permissions/ACL and SELinux policy allow it.

REF: AI Tools/ChatGPT