XK0-005 Question #1226: Real Exam Question with Answer & Explanation

The correct answer is C: ls -z. An access_denied error despite permissive file permissions (777) strongly suggests that Security-Enhanced Linux (SELinux) is enforcing a policy. The ls -Z command is used to inspect the SELinux security context of files.

Troubleshooting

Question

A user receives an access_denied error when trying to modify a file, even though the file permissions are set to 777. Which of the following commands should be used to view additional file permissions?

Options

Agetsebool
Bgetenforce
Cls -z
Dps -z

Explanation

An access_denied error despite permissive file permissions (777) strongly suggests that Security-Enhanced Linux (SELinux) is enforcing a policy. The ls -Z command is used to inspect the SELinux security context of files.

Common mistakes.

A. getsebool is used to display the current state of SELinux boolean values, which control high-level policy behaviors, but not the specific security context of individual files.
B. getenforce shows the current global enforcement mode of SELinux (e.g., Enforcing, Permissive, Disabled), but it does not provide details on why a particular file access was denied.
D. ps -z displays the SELinux security context for running processes, not for static files, making it irrelevant for diagnosing file access permission issues.

Concept tested. SELinux context with ls -Z

Reference. https://man7.org/linux/man-pages/man1/ls.1.html

Topics

#SELinux#File Permissions#Troubleshooting#ls command

Community Discussion

No community discussion yet for this question.

Full XK0-005 Practice Browse All XK0-005 Questions