Dahne-linux Foundation-day05

Cron Scheduled Tasks
System Services: Crond
Log file:/var/log/cron
Using the crontab command
-Edit crontab-e-u user name
-View crontab-l-u user name
-Clear Crontab-r-u user name
1. View service Status
Systemctl Status Crond
2. Writing Planning tasks
* * * * * * time-sharing week
Useradd Lisi Create user Lisi
[[Email protected] Desktop]# which date view date Run program's location
/usr/bin/date
[[Email protected] Desktop]# crontab-e-u Lisi writing Scheduled Tasks
*/1 * * * * */usr/bin/date >>/home/lisi/1.txt Append the date data to 1.txt every 1 minutes.
watch-n 1 cat/home/lisi/1.txt 1s per interval to view data in 1.txt.
###########################################################################################

Basic permission Categories
-Read Allow view content-read-r
-Write allow to modify content-write-w
-executable allows to run and switch-excute-x
For text files:
R:cat Less head tail
W:vim
X: Run
Permissions apply to the object:
-Owner: User u with this file/directory
-Owning group: Group G with this file/directory
-Other users: Out owner, user outside of group other O
To view permissions:
Ls-ld file or directory
[Email protected] ~]# ls-ld/root/
Dr-xr-x---. Root root 4096 October 19:58/root/
Type hard connection number is main group size last modified time File/directory name

Set basic permissions:
Using the chmod command
-chmod-r Attribution Relationship +-= permission category document
-R recursion gives permission
[[email protected] ~]# chmod u-x/nsd01 Cancel the owner's executable permission
[Email protected] ~]# ls-ld/nsd01/
Drw-r-xr-x. 2 root root 6 October 20:15/nsd01/
[[email protected] ~]# chmod g+w/nsd01/Add Write permission for the genus Group
[Email protected] ~]# ls-ld/nsd01/
Drw-rwxr-x. 2 root root 6 October 20:15/nsd01/
[Email protected] ~]# chmod u=rwx,g=rwx,o=rwx/nsd01/
Owner of the genus Group has read and write executable permissions
[Email protected] ~]# ls-ld/nsd01/
Drwxrwxrwx. 2 root root 6 October 20:15/nsd01/

How to tell if a user has permissions:
1. Determine the identity owner > owning group > Others who belong to the user
2. See the permissions of the corresponding permission bit division
Permissions for directory R: Ability to browse directory contents with LS
Permissions for directory W: Ability to CP/MV/MKDIR/TOUCH/RM and change directory contents
Directory x permissions: Ability to switch to this directory on CD
Set Document Attribution:
-chown-r master Document
-chown-r Group Documents
-chown-r: Genus Group Document
[[email protected] ~]# mkdir/nsd05 Create directory
[Email protected] ~]# LS-LD/NSD05
Drwxr-xr-x. 2 root root 6 October 20:35/nsd05 View directory Permissions
[Email protected] ~]# groupadd tedu Create Group tedu
[[email protected] ~]# CHOWN:TEDU/NSD05 Change the group of NSD05 to Tedu
[Email protected] ~]# LS-LD/NSD05
Drwxr-xr-x. 2 root tedu 6 October 20:35/nsd05 View permissions, genus Group has become tedu
#######################################################################################

Special permissions:
Set UID
Attached to the X-position of the owner
-The owner's permission mark will change to S
-For executables, Set UID allows the user to have the identity of the owner of the file and some of the permissions (pass the identity of the owners)
[[email protected] ~]# chmod u+s/usr/bin/mkdir Set special permissions for the owner
[Email protected] ~]# Ls-lh/usr/bin/mkdir
-rwsr-xr-x. 1 root root 78K January 2014/usr/bin/mkdir
[[email protected] ~]$ mkdir/a into Zhangsan user, create a directory with mkdir
[Email protected] ~]$ ls-ld/a
Drwxrwxr-x. 2 Root Zhangsan 6 OCT 30 20:55
The master identity of the A directory is root (if the owner of a directory not set special permissions should be Zhangsan)
When we set special permissions on the owner of the executable, and then use other users to execute the executable file, the owner's identity is inherited.
Set GID
Attached to the X-position of the genus Group
-the permission flag of the genus Group becomes s
-Works with executable files, similar to set UID (pass-through group identity)
-For directories, you can make new documents in the directory automatically set to the same group as the parent directory
[Email protected] ~]# chown:tedu/tarena/
[Email protected] ~]# ls-ld/tarena/
Drwxrwxr-x. 2 root tedu 6 October 21:06/tarena/
[[email protected] ~]# chmod G+s/tarena Set special permissions for the genus Group
[Email protected] ~]# mkdir/tarena/a
[Email protected] ~]#
[Email protected] ~]# ls-ld/tarena/a
Drwxr-sr-x. 2 root tedu 6 October 21:08/tarena/a
The genus Group of documents created under Tarena will inherit the genus Group of Tarena.

Sticky Bit
-Attach to other people's X-position
-Other people's permissions will change to T
-Directory for open W permissions, which prevents users from abusing W writes

[Email protected] ~]# useradd DC
[Email protected] ~]# Useradd TC
[[email protected] ~]# mkdir/public Public Directory Creation
[Email protected] ~]# ls-ld/public/
Drwxr-xr-x. 2 root root 6 October 21:15/public/
[[email protected] ~]# chmod u=rwx,g=rwx,o=rwx/public/Let any user have read-write and run permissions under public.
The problem with this is that others can edit, delete, and so on to other people's documents.
[Email protected] ~]# chmod o+t/public/We set special permissions for other people
[Email protected] ~]# ls-ld/public/
DRWXRWXRWT. 2 root root 30 October 21:25/public/
[[email protected] ~]$ rm-rf/public/2.txt Delete files created by other users
Rm:cannot remove '/public/2.txt ': Operation not permitted prompt for insufficient permissions.
###########################################################################################
ACL access Control List

The role of ACL policies

Limitations of document Attribution
– No one belongs to three roles: owner, group, other person
– Unable to achieve finer control

ACL Access Policy
– Ability to set independent permissions on individual users, individual groups
– Most mounted EXT3/4, XFS file systems are supported by default


[[email protected] ~]# mkdir/test//Create Directory
[Email protected] ~]# ls-ld/test
[[email protected] ~]# chmod o=---/test//prohibit other people from accessing
[Email protected] ~]# ls-ld/test
[Email protected] ~]# Su-zhangsan

[Email protected] ~]$ cd/test/
-BASH:CD:/test/: Permission denied
[[Email protected] ~]$ exit
Logout

[[email protected] ~]# setfacl-m U:zhangsan:rx/test/zhangsan user gives Rx permission
[[email protected] ~]# getfacl/test/View permissions List
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
[Email protected] test]$ pwd
[[Email protected] test]$ exit


Using the Getfacl, Setfacl command
–getfacl documentation ...
–setfacl-m u: User name: Permission category Document ...
–setfacl-m g: Group name: Permission Category Document ...
–setfacl-x u: User name Document ... #删除指定的ACL策略
–setfacl-b documentation ... #清空ACL策略

[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-m u:dc:rwx/test/
[Email protected] ~]# setfacl-m u:natasha:rx/test/
[Email protected] ~]# getfacl/test/

[Email protected] ~]# setfacl-x u:dc/test/#删除指定的ACL
[Email protected] ~]# getfacl/test/

[Email protected] ~]# setfacl-b/test/#清空所有的ACL
[Email protected] ~]# getfacl/test/
########################################################################################
Using LDAP authentication

Traditional username password: locally created for local login/etc/passwd
Network user: Created on LDAP server, can log on to every machine in the domain

LDAP server: Classroom

Client: Specify the server-side LDAP location

1. Installing the Client Software
Package
SSSD: Communication software with the server

AUTHCONFIG-GTK: Graphics Configuration SSSD Tool

[Email protected] ~]# rpm-q SSSD #验证软件包安装成功
[Email protected] ~]# rpm-q AUTHCONFIG-GTK

2. Run the Graphics Configuration SSSD tool: AUTHCONFIG-GTK
[Email protected] ~]# AUTHCONFIG-GTK

User account Database: LDAP
LDAP Search Base dn:dc=example,dc=com
LDAP server: classroom.example.com

Hook-and-choose: Encrypted connection with TLS
Specify Certificate encryption:
Http://172.25.254.254/pub/example-ca.crt
Authentication method: LDAP password

3. Start the SSSD service and set it to boot from
[Email protected] ~]# systemctl restart SSSD
[Email protected] ~]# Systemctl enable SSSD
4. Verification
[[email protected] ~]# grep ' Ldapuser0 '/etc/passwd
[[email protected] ~]# ID LDAPUSER0

##################################################
Home directory Roaming

Network File system
– The specified folder is shared to the client by the NFS server
– The client will mount this shared directory to a local directory to access this share
Resources are as convenient as accessing a local directory
– Similar to EXT4, XFS and other types, except that resources are online


View NFS Resources
[Email protected] ~]# showmount-e 172.25.254.254


Mount to mount NFS shared content on the server to a local directory
[Email protected] ~]# mkdir/home/guests

# Mount 172.25.254.254:/home/guests//home/guests

[Email protected] ~]# ls/home/guests
[Email protected] ~]# Su-ldapuser0

#####################################################

Dahne-linux Foundation-day05