SUDOThe focus of sudo execution is: "The ability to use sudo must look at the/etc/sudoers setpoint, while the sudo can be used to enter the user's own password to execute the subsequent instruction string" because the use of/etc/sudoers-related, we certainly have to edit sudoer S file! However, because the content of the file is a certain standard, so the direct use of VI to edit is not good. At this point, we have to go through the Visudo to modify this file Oh! Visudo and/etc/sudoersWhy use Visudo, because/etc/sudoers has a fixed syntax, if the VI editor accidentally, grammatical errors will lead to the bad results of sudo instruction, and Visudo will check the syntax;[Email protected] ~]# Visudo .... (omitted previously) .... Root all= (All) all <== find this line, about 76 rows or so Vbird1 all= (all) all <== this line is what you want to add! .... (omitted earlier) ....Visudo just use VI to call out/etc/sudoers to modify,
VisudoUser account Login Source hostname = (switchable identity) can release the command root all= (all) all <== This is the default value The four component meanings of the above line are: 1. Which account of the system can use sudo the meaning of this instruction, the default is root this account; 2. When this account is connected to this Linux host by which host, it means that the account may be a network host to come online, this setting can specify the client computer (trust the user's meaning). The default value root can be from any network host 3. This account can switch to what status to release subsequent instructions, the default root can be switched to anyone; 4. What instructions can be issued with this identity? This command must be written using an absolute path. Default root allows you to switch to any group processing VisudoThe simple point is to let a group support sudo instructions, so that users need sudo instructions to support the group is good;[[email protected] ~]# Visudo <== the same, please use ROOT to set first
.... (omitted earlier) ....
%wheel all= (All) all <== about 84 rows, please take off this line of #! # on the leftmost side plus%, which is followed by a "group"password-free use of sudo[[email protected] ~]# Visudo <== the same, please use ROOT to set first
.... (omitted earlier) ....
%wheel all= (All) Nopasswd:all <== around 87 lines, please take the #
Off! # on the leftmost side plus%, which is followed by a "group"Add nopasswd before you can order all to password-free use of sudo;Restricted instruction operationwhen the general user has root privileges, if he changes the root password this time will be very headache, so to limit;[[email protected] ~]# Visudo <== Note is root myuser1 all= (root)!/usr/bin/passwd,/usr/bin/passwd [a-za-z]*,!/usr/bin/ passwd Rootuse! and wildcards, ensure that you can not enter passwd and passwd root, to ensure that the root password can not be modified oh;It is worth studying that Visudo in Ubuntu is not limited, and his users can only change their own passwords; Where does ubuntu restrict it?
Introduction to the PAM modulePluggable authentication Modules Embedded Module Pam can be said to be a set of application programming interfaces (application Programming Interface, API), he provides a series of authentication mechanisms, As long as the consumer informs Pam about the requirements of the validation phase, Pam is able to return the results of the user's validation (success or failure). The data that Pam uses to validate is called a module (Modules), and each PAM module is functionally different. For example, when we use the PASSWD directive in this chapter, the passwd will return the error message if you enter the string that is found in the dictionary. What is this for? This is the function of PAM's pam_cracklib.so module! He can tell if the password is in the dictionary! and return to the password modification program, this time you can understand the strength of your password.
user Information transfer on hostQuery users: W, who, last, Lastlog User talk: Write, MESG, walla large number of accounts, of course, is to use the script, the key statement: Echo $username | passwd--stdin $username; username as password;15th Chapter, disk quotas (Quota) and advanced file System management
QuotaDisk capacity use According to fairness, example:/home is a separate partition 10G, and/home under a total of 30 users, so that each user should 333M, but there is a user in their home directory put a lot of 8G movies, so that other users are not happy enough to use AH So quota is here to deal with this problem; quota more often use the following:
? For WWW server, for example: the capacity limit for everyone's web space!
? For mail server, for example: Each person's message space limit. For file server, for example: Maximum available network hard disk space for everyone (most common in a teaching environment!) )The above is designed for network services, then for Linux system hosts are:? Limit the maximum disk quotas that a group of groups can use (using group throttling):? Limit the maximum disk quota for a user (using user restrictions):? Link to make the message available as a restricted quota (change/var/spool/mail this path):16th. Routine work schedule (crontab)Types of Linux work scheduling: at Crontabat: scheduled to end only oncecrontab: Scheduling of periodic execution instructionsCommon routine work on Linux:? Rotation of the login file (log rotate):? Login file Analysis Logwatch's tasks:? Create a locate database:? The establishment of Whatis database:? RPM Software login file creation:? To remove a temporary archive:? Network SERVICE-related profiling behavior: If you have a similar WWW server software installed (a software called Apache), your Linux system will usually proactively analyze the software's login files. At the same time, some of the credentials and authentication network information is outdated, our Linux system will also be very friendly to help you do automatic check!
how the ATD starts and at operation:ATD is at the service, at is the specific instruction; [email protected] ~]#/etc/init.d/atd restart
Stopping ATD: [OK] activating ATD: [OK]Chkconfig:Self-starting ATD service at boot time[Email protected] ~]# chkconfig ATD onhow the at works:At generating the work requested for operation, and the work is written as a text file in the/var/spool/at directory, the work can wait for ATD This service to be used and executed;limit management for at:/etc/at.allow/etc/at.denyAfter actually adding the two documents above, at is working like this: 1. Find First
/etc/at.allowThis file, written in this file by the user to use at, not in this file users can not use at (even if not written in At.deny); 2. If/etc/at.allow does not exist, look for
/etc/at.denyThis file, if written in this At.deny user can not use at, but not in this At.deny file user, you may use at; 3. If none of the two files exist, then only root can use the AT command. [[email protected] ~]# at [-MLDV] Time
[[email protected] ~]# at-c work number options and parameters:-M: When the at job is completed, even if there is no output message, the user is also notified by email that the work has been completed. -l:at-l quite with &NBSP;ATQ, lists all of the current system above the user's at scheduling,-d:at-d equivalent to &NBSP;ATRM, you can cancel a work at the at scheduling;-V: You can use the more obvious time format bar out of the task bar in the schedule C: You can list the actual instruction content of the work that is followed. Time: date format, i.e. when to do at this work, format: hh:mm &NB Sp ex>04:00hh:mm yyyy-mm-dd ex>04:00 2009-03-17hh: MM[AM|PM] [Month] [Date] ex>04pm March 17hh:mm[am|pm] + number [minutes|hours|days|weeks] &N Bsp , &NB Sp Ex>now + 5 minutes &NB Sp EX>04PM + 3 days Note: After the routine is set, Ctrl+d is not really set, note that Ctrl+c,ctrl+c is not used to end the; actually AT-C show is the/vat/spool/at directory under a usually start with a executable file, of course, you can also The instruction is written directly in the execution document, because the AT service executes the document directly, OH; user-friendly batch: The system is empty when the background task;He will work when the CPU workload is less than 0.8;Workloads say the amount of work the CPU is responsible for in a single time, and the CPU usage is different; the load refers to the number of tasks that a single-time CPU is responsible for, that is, how many tasks are waiting for a practical CPU in a single time period;As for the use method and at the same;cyclic execution of work scheduling:Cron (crond) This servicecrontab this command .Limit:? /etc/cron.allow: will be able to use the Crontab account can be written to it, if not in this file users are not allowed to use crontab; /etc/cron.deny: Will not be able to use the Crontab account to write to it, if not recorded in this file users, you can use the crontab.set up work with crontab instructions will be recorded into the/var/spool/cron inside, and is to use the account as a discriminant, root using crontab, work records into the/var/spool/cron/root inside;but do not use VI direct editing, because if the syntax as, will cause corn this service can not be executed, and each of Cron's own work will be recorded to/var/log/cron this login file, so you can look at this file, to determine whether you have been black oh;It seems that this/var/log/corn is very important, [[email protected] ~]# crontab [-u username] [-l|-e|-r] options and parameters:-u: Only root can do this task, that is, to help other users build/remove crontab work schedule;-e: Edit the work of Crontab-L: Check the work of crontab-r: Remove all the crontab's work, and if you want to remove only one, use-e to edit. Example one: Use Dmtsai's identity in the daily 12:00 letter to yourself [[email protected] ~]$ crontab-e# will enter the VI editing screen to let you edit the work! Notice that each job is a row. 0 * * * mail Dmtsai-s "at" special characters represent meaning:* (asterisk) means to accept at any moment! For example, the day, month, and week of an example are *, which means "follow-up instructions are executed 12:00" on the day of the week, regardless of the month. , (comma) represents the meaning of the separation period. For example, if the job to be released is 3:00 and 6:00, it will be: 0 3,6 * * * Command time parameter or five columns, but the second column is 3,6, representing 3 and 6 are applicable! -(minus sign) represents a period of time in the range. For example, 8 to 12 hours of 20 points per hour to do a job: 8-12 * * Command carefully see the second column into 8-12 Oh! The meaning of 8,9,10,11,12 is applicable! /n (slash) that n represents a number, which means "Every n unit interval" meaning, for example, every five minutes, then: */5 * * * * command Note at this time */5 is the first column oh;Note: The time of the five columns should be separated by a space oh;
AnacronIn days or after the boot immediately after the execution of Anacron, he will detect the downtime should be carried out but did not carry out the crontab task, and the task executed once, Anacron automatically stop;designed to solve crontab tasks that are not performed when shutting down, in fact Anacron is also run through crontab, so its use as time usually has two, one is the system boot period, one is written to crontab scheduling. Anacron and/etc/anacrontabAnacron is actually a program is not a service, this program in CentOS has been written in the process of crontab; key reviews
? The system can use the at this command to schedule a single job task! "At Time" is the method of instruction release, when the system executes the scheduling work, the task will go to the directory when it is released.
? The execution of the at must be supported by the ATD service, and/etc/at.deny is the user account that controls whether it can be executed;
? Through the ATQ, ATRM can query and delete at the work schedule;
? Batch is the same as at, but batch can perform subsequent work schedules when the CPU workload is less than 0.8;
? The system's cyclic routine work scheduling uses the Cron service, while using CRONTAB-E and/etc/crontab to arrange scheduling;
? CRONTAB-E set the project into six columns, "Minutes, hours, days, months, weeks, led order" for its set basis;
? /etc/crontab set is divided into seven columns, "Minutes, hours, days, months, weeks, performers, directives" for its set basis; Anacron with the/etc/anacrontab settings, you can wake up the system is not in the crontab task during the shutdown!
Basic Linux Learning 4
