This article is not a reproduction of exam questions. It summarizes the knowledge and concepts I learned while studying for LPIC-102.
Introduction
While working through LPIC-102 practice exams, I kept running into problems I thought I understood — but couldn't answer correctly. All three came down to the same pattern: confusing similar things with each other.
Once I compared them side by side, everything clicked. Here's what I learned.
Stumbling Point ① nmcli Subcommands
What I got wrong
I thought ethernet and wifi were valid subcommands of nmcli. They're not.
The correct understanding
nmcli has a clear subcommand structure:
nmcli
├── device ← Manage network devices
├── connection ← Manage connection profiles
├── general ← Show overall NetworkManager status
├── networking ← Enable/disable networking entirely
├── radio ← Enable/disable wireless
└── monitor ← Watch for events
Common misconception
ethernet and wifi are not subcommands.
They are device type names that appear in the output of nmcli device.
How it actually works
# List devices (device is the subcommand)
nmcli device status
# Example output
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected wired-connection
wlan0 wifi connected MyWiFi
# ↑ "ethernet" and "wifi" appear in the TYPE column — they are NOT subcommands
# List connection profiles (connection is the subcommand)
nmcli connection show
# Common usage
nmcli device wifi list # Scan for Wi-Fi networks
nmcli connection up <profile-name> # Bring up a connection
The distinction at a glance
| Category | Examples | Role |
|---|---|---|
| Subcommands |
device connection
|
What you want nmcli to do |
| Type names |
ethernet wifi
|
The kind of device (shown in output) |
"device and connection are verbs — they tell nmcli what to do. ethernet and wifi are nouns — they describe what type of hardware it is."
Stumbling Point ② What's Actually Stored in /etc/shadow
What I got wrong
I answered "last login timestamp" for a question about what /etc/shadow stores. I must have assumed it held all user-related information.
The correct understanding
/etc/shadow is a password-only confidential file.
/etc/passwd → World-readable (UID, home directory, shell, etc.)
/etc/shadow → Root-only (password hashes and expiry info)
The fields in /etc/shadow
username:hashed_password:last_change:min_days:max_days:warn_days:inactive_days:expire_date
# Example entry (illustrative)
alice:$6$xxxx...(SHA-512 hash):19800:0:99999:7:::
↑ ↑ ↑ ↑ ↑
hashed password changed min max warn
What lives where
/etc/shadow
✅ Hashed password
✅ Password expiry / change date
❌ Last login timestamp → /var/log/lastlog
❌ SSH private key → ~/.ssh/
❌ UID → /etc/passwd
❌ Home directory path → /etc/passwd
Where to find last login info
last # reads /var/log/wtmp
lastlog # reads /var/log/lastlog
Easy to mix up with shadow — don't!
Memory tip
"shadow stores password secrets only. Login history lives in a separate ledger (lastlog)."
Stumbling Point ③ cron.allow vs at.allow
What I got wrong
For a question about which file lists users allowed to use cron, I answered /etc/at.allow. The at command was floating around in my head and got in the way.
The correct understanding
Both cron and at have their own pair of allow/deny files:
cron control files:
/etc/cron.allow ← Lists users permitted to use cron
/etc/cron.deny ← Lists users blocked from using cron
at control files:
/etc/at.allow ← Lists users permitted to use at
/etc/at.deny ← Lists users blocked from using at
Priority rules (cron.allow / cron.deny)
If cron.allow exists:
→ Only users listed in it can use cron
If cron.allow does NOT exist:
→ Check cron.deny
→ Users listed in cron.deny cannot use cron
→ If neither file exists → everyone can use cron
| cron.allow | cron.deny | Result |
|---|---|---|
| Exists | — | Only listed users may use cron |
| Does not exist | Exists | Listed users are blocked |
| Does not exist | Does not exist | All users may use cron |
Memory tip
"The command name becomes the file prefix: cron → cron.allow, at → at.allow. Simple as that."
cron → /etc/cron.allow
at → /etc/at.allow
Summary
| Topic | Why I got it wrong | Key takeaway |
|---|---|---|
| nmcli subcommands | Confused type names for subcommands | Subcommands = verbs; ethernet/wifi = output type labels |
| /etc/shadow | Assumed it held all user info | shadow = passwords only; login history = lastlog |
| cron.allow | Mixed up cron and at | Command name = file prefix (cron→cron.allow, at→at.allow) |
All three mistakes came from confusing similar things. The fix: always compare them side by side.
Bonus: AI prompts to go deeper on these topics
Explain the following topic by contrasting it with what's commonly confused.
Topic: The difference between nmcli subcommands and device type names
- Summarize the distinction in a table
- Include real command examples
- End with a one-line takeaway
📅 February 2026 — LPIC-102 Study Notes
noteで日本語版を公開中