Linux cloud automated O & M course 4: linux cloud Automation

Linux cloud automated O & M course 4: linux cloud Automation
Automated O & M for Linux

I. vim

 

1. Move the vim cursor

1) In command mode

: Number ### move to the specified row

G ### last line of the file

Gg ### first line of the file

2) In insert mode

I ### insert a cursor

I ### first line of the cursor

A ### next position of the character where the cursor is located

A ### end of the row where the cursor is located

O ### next row of the cursor

O ### the last row of the cursor

S ### Delete the character Insert where the cursor is located

S ### Delete the row where the cursor is located and insert it

 

2. vim exit Mode

: Q ### exit directly when you use vim to open a file but do not perform any operations on the Characters

: Q! ### When you use vim to open a file and perform operations on characters, discard all operations and exit

: Wq ### save and exit

: Wq! ### Force save and exit, effective for the superuser and file owner

 

3. vim Manual

Vimtutor ### vim Manual

: Q ### exit vimtutor

 

2. gedit

 

Ctrl + n ### open a new tab in gedit

Ctrl + s ### save the file

Ctrl + o ### open a file

Ctrl + x ### cut characters

Ctrl + v ### paste characters

Ctrl + c ### copy characters

Yelp help: gedit ### gedit's graphic Manual

 

Iii. User understanding

 

Limit, share

The user is the identity of the System user.

In the system, the user stores several strings + several system configuration files

System configuration files related to user information:

/Etc/passwd ### user information

User: Password: uid: gid: Description: Home Directory: shell used by the user

/Etc/shadow ### user authentication information

User: Password: last password modification time: Shortest validity period: maximum validity period: warning period: inactive period: Account Expiration Date

/Etc/group ### group information

Group Name: group password: Group id: attach group member

/Etc/gshadow ### group authentication information

/Home/username ### user's home directory

/Etc/skel/. * ### user skeleton File

 

Iv. User Management

 

1. user-created

Useradd parameter User Name

-U ### specify the user uid

-G ### specify the initial user group information, which must already exist.

-G ### specify an additional group, which must exist

-C ### user description

-D ### user's home directory

-S ### the shell used by the user./etc/shells records the shell name that the user can use.

Eg: [root @ foundation42 Desktop] # useradd westos ### create a new user. The parameters are default.

[Root @ foundation42 Desktop] # useradd-u 6666 westos ### create a new user and set the uid to 6666

[Root @ foundation42 Desktop] # groupadd-g 9999 westo ### create a group and set gid to 9999

[Root @ foundation42 Desktop] # useradd-g 9999 westos ### create a new user and specify the group gid as 9999

[Root @ foundation42 Desktop] # useradd-G 21 westos ### create a new user and specify the append group id as 21

[Root @ foundation42 Desktop] # useradd-c "westos user" westos ### create a new user and specify the user description as westos user

[Root @ foundation42 Desktop] # useradd-d/home/linux westos ### create a new user and specify the user's home directory as/home/linux/

[Root @ foundation42 Desktop] # useradd-s/bin/sh westos ### create a new user and specify the shell used by the user

Ps: [root @ foundation42 Desktop] # userdel-r westos ### delete a user westos. When a new user exists, delete the user before creating a new user.

 

2. delete a user

Userdel-r user name ###-r indicates deleting user information and User System Configuration

Eg: [root @ foundation42 Desktop] # userdel-r westos ### Delete westos user information and its System Configuration

 

3. Create a group

Groupadd-g group name ### create a group

Groupdel group name ### delete a group

Ps: the monitoring command for the above experiments:

[Root @ foundation42 Desktop] # watch-n 1 'Tail-n 3/etc/passwd/etc/group; echo ===; ls-l/home; echo =; ls-l/mnt'

Eg: [root @ foundation42 Desktop] # groupadd linux ### create a linux Group. The parameters are all default.

[Root @ foundation42 Desktop] # groupadd-g 8888 westos ### create a group named westos and id 8888

[Root @ foundation42 Desktop] # groupdel westos ### delete a group of westos

 

4. view User ID information

Id parameter user

-U ### user uid

-G ### user initial group id

-G ### id of all user groups

-N ### display name rather than id number

-A ### display all information

Eg: [root @ foundation42 Desktop] # id-a westos ### view all westos Information

[Root @ foundation42 Desktop] # id-u westos ### view the user uid of westos

[Root @ foundation42 Desktop] # id-g westos ### view the user's initial group gid of westos

[Root @ foundation42 Desktop] # id-G westos ### view the IDs of all groups of westos

[Root @ foundation42 Desktop] # id-un westos ### view the westos User Name

[Root @ foundation42 Desktop] # id-gn westos ### view the initial group name of westos

[Root @ foundation42 Desktop] # id-Gn westos ### view the names of all the groups in westos

 

5. Change User Information

Usermod parameter user

-L ### change the user name

-U ### change uid

-G ### change gid

-G ### change an additional group

-AG ### add an additional group

-C ### change description

-D ### change the name of a Home Directory

-S ### change shell

-L ### freeze an account

-U ### unlock

Eg: [root @ foundation42 Desktop] # usermod-l linux westos ### change the user name westos to linux

[Root @ foundation42 Desktop] # usermod-u 1111 linux ### Change User uid to 1111

[Root @ foundation42 Desktop] # usermod-g 72 linux ### change the user group id.

[Root @ foundation42 Desktop] # usermod-G wheel linux ### change the user's additional group to wheel.

[Root @ foundation42 Desktop] # usermod-aG 21 linux ### add an additional group with id 21 based on the existing additional group

[Root @ foundation42 Desktop] # usermod-c "linux user" linux ### instructions for changing linux Users

[Root @ foundation42 Desktop] # usermod-d/home/linux ### change the linux user's home directory

[Root @ foundation42 Desktop] # usermod-md/home/linux ### change the linux user's home directory and home directory name

[Root @ foundation42 Desktop] # usermod-s/bin/shell ### change shell

 

V. User decentralization

 

1. Super-level users in the system can delegate operations that ordinary users cannot perform to normal users.

Delegate power configuration file:/etc/sudoers

 

2. Decentralization Methods

*) The super user executes the export do command to enter the edit/etc/sudoers mode.

*) Format:

Get Permission user host name = (obtained user identity) command

Test topics top0.example.com = (root)/usr/sbin/useradd

The test user can run/usr/sbin/useradd as a superuser on top0.example.com.

Eg: [root @ foundation42 Desktop] # export do --> enter/etc/sudoers edit mode --> kiosk foundation42.ilt.example.com = (root)/usr/sbin/useradd --> Save and quit

 

3. Execute the command for granting permissions

Sudo command ### enter the current user password if sudo is executed for the first time

Ps: in/etc/sudoers, if you set kiosk foundation42.ilt.example.com = (root) NOPASSWD:/usr/sbin/useradd, the user does not need to use his own password when calling the sudo command.

Eg: [kiosk @ foundation42 Desktop] $ sudo/usr/sbin/useradd linux ### execute the permission granting command

 

Vi. User Authentication Information Control

 

Chage parameter user

-D ### the last modification time of the User Password group. If it is set to 0, the user must change his/her password after logging on to the system.

-M ### minimum validity period

-M ### maximum validity period

-W ### warning period

-I ### number of inactive user days

-E ### Account Expiration Date Format-E "YYYY-MM-DD"

Eg: [root @ foundation42 Desktop] # watch-n 1 tail-n 5/etc/shadow ### monitor password changes in real time

[Root @ foundation42 Desktop] # chage-d 0 student ### you must change your password after logging on to the system.

[Root @ foundation42 Desktop] # chage-m 1 student ### the shortest validity period is one day, and the password can be changed after at least one day

[Root @ foundation42 Desktop] # chage-M 30 student ### the maximum validity period is 30 days. You must change the password within 30 days.

[Root @ foundation42 Desktop] # chage-W 2 student ### warning period 2 days, 2 days before password expiration, the system issues a warning to remind you to change the password

[Root @ foundation42 Desktop] # chage-I 1 student ### the number of inactive days of a user is one day, and the number of inactive days is one day after 30 days. If the password has not been changed, the system will freeze the account.

[Root @ foundation42 Desktop] # chage-E "" student ### set the Account Expiration format

 

VII. View File Attributes

 

Ls-l filename

-| Rw-r --. | 1 | root | 46 | Oct 1 05:03 | filename

-----------------------------------------

1 2 3 4 5 6 7 8

 

1. "-": file type

-### Common files

D ### directory

C ### character Devices

S ### socket

P ### MPs queue

B ### fast Device

L ### connection

Eg: [kiosk @ foundation42 Desktop] $ ls-l/etc/passwd

-Rw-r --. 1 root 2270 Mar 20/etc/passwd ### common file

[Kiosk @ foundation42 Desktop] $ ls-ld/etc/

Drwxr-xr-x. 134 root 8192 Mar 23/etc/### directory

 

2. "rw-r --": file read/write permission

Rw-| r --

U g o

 

U: permissions of all users

G: permissions for all groups

O: permissions of others

 

3. "1 ":

File: Number of times the file content is recorded by the System

Number of bytes of the file attribute in the directory

Eg: [kiosk @ foundation42 Desktop] $ ls-l/etc/passwd

-Rw-r --. 1 root 2270 Mar 20/etc/passwd ### the file content is recorded once by the system and can be deleted once.

[Kiosk @ foundation42 Desktop] $ ls-ld/etc/

Drwxr-xr-x. 134 root 8192 Mar 23/etc/### Number of File Attribute bytes in the/etc directory

 

4. "root": file owner

Eg: [kiosk @ foundation42 Desktop] $ ls-l file

-Rw-r -- 1 kiosk 0 Mar 23 file ### the file owner is the user kiosk

 

5. "root": All file groups

Eg: [kiosk @ foundation42 Desktop] $ ls-l file

-Rw-r -- 1 kiosk 0 Mar 23 file ### all file groups are group kiosk

 

6. "46": File Content size

Eg: [kiosk @ foundation42 Desktop] $ ls-l file

-Rw-r -- 1 kiosk 0 Mar 23 file ### the file is an empty file and the file size is 0.

 

7. "Oct 1": Last time the file was modified

Eg: [kiosk @ foundation42 Desktop] $ ls-l file

-Rw-r -- 1 kiosk 0 Mar 23 file ### the last file modification time is 03-23

 

8. "filename": File Name

Eg: [kiosk @ foundation42 Desktop] $ ls-l file

-Rw-r -- 1 kiosk 0 Mar 23 file ### file name

 

8. Management of all file owners

 

Chown username file | dir ### change the object owner

Chown username: groupname file | dir ### change all groups of all users

Chown-R username dir ### change the directory itself and all its users

Chgrp-R groupname dir ### change the directory itself and all groups in all content

 

Eg: [root @ foundation42 Desktop] # watch-n 1 ls-lR/mnt ### Real-time Monitoring/changes in file and directory information in mnt

[Root @ foundation42 Desktop] # chown student/mnt/file ### change the owner of the file to student

[Root @ foundation42 Desktop] # chown student. wheel/mnt/dir ### change everyone in the dir directory to student, and change all groups to wheel

[Root @ foundation42 Desktop] # chown student: wheel/mnt/dir ### the same effect as the previous command

[Root @ foundation42 Desktop] # chown-R student/mnt/dir ### change the dir directory itself and all its content to student

[Root @ foundation42 Desktop] # chgrp-R wheel/mnt/dir ### change the directory itself and all groups in the directory

 

9. Common File Permissions

 

Rw-| r --

U g o

U: The file owner can read and write the file.

G: file members are readable.

O: others are readable.

U-first match, g-first match, o-when u and g-do not match

 

1. r

Object: You can view characters in the object.

Directory: You can view the file information in the directory.

 

2. w

File: You can change the characters in the file.

Directory: You can add or delete files in the directory.

 

3. x

File: You can run the program actions recorded in the file.

Directory: You can enter the Directory

 

4. Modify the File Permission In Character Mode

Chmod [-R] <u | g | o> <+ |-| => <r | w | x> file | dir

Chmod u-x file1 ### remove the x permission from the file1 owner

Chmod g + w file1 ### file1 has w permissions on the group

Chmod u-x, g + w file1 ### remove the x permission from the file1 owner, and add w permissions to the file1 Group

Chmod ugo-r file2 ### remove the r permission from the user group of file2

Chmod ug + x, o-r file3 ### Add the x permission to file3 users and groups. Remove the r permission from other users.

 

Eg: [root @ foundation42 Desktop] # watch-n 1 ls-lR/mnt ### Real-time Monitoring/changes in file and directory information in mnt

[Root @ foundation42 Desktop] # chmod u-x/mnt/dir ### dir has the student permission to remove x, switch to the student user, and cannot enter the Directory

[Root @ foundation42 Desktop] # chmod g + w/mnt/dir ### dir has the permission to add w to the wheel group. Other users in the wheel group have the permission to add and delete files in the dir directory.

[Root @ foundation42 Desktop] # chmod u-x, g + w/mnt/dir ### same effect as the preceding two Commands

[Root @ foundation42 Desktop] # chmod ugo-r/mnt/dir ### remove the r permission from the owner, user group, and others of the dir directory to view the file information in the directory.

[Root @ foundation42 Desktop] # chmod ug + x, o-r/mnt/dir ### Add the x permission to the owner and user group of the dir directory. The owner and user group can access the directory, other users cannot view the file information in the directory after removing the r permission.

 

5. Modify the File Permission In numeric Mode

In linux: r = 4, w = 2, x = 1

File Permission numeric representation

Rw-| r --

U g o

U = rw-= 4 + 2 + 0 = 6

G = r -- = 4 + 0 + 0 = 4

O = r -- = 4 + 0 + 0 = 4

Therefore, the File Permission is 644.

7 = rwx, 6 = rw-, 5 = r-x, 4 = r --, 3 =-wx, 2 =-w-, 1 = -- x, 0 = ---

Eg: [root @ foundation42 Desktop] # chmod 640/mnt/file ### the owner of the file can read and write the file, and all groups can read the file, others cannot do anything about it.

 

10. Set default system Permissions

 

From the perspective of system existence, the larger the open power, the higher the significance of the system existence.

From the perspective of system security, the less open power, the higher the system security

Therefore, some permissions will be removed when the system sets new files or directories.

Setting Method

Umask ### view the system's reserved permissions. The default value is 022.

Umask 077 ### modify the system's reserved permission to 077. This setting is temporary and only takes effect in the current shell.

 

Permanent setting method:

Vim/etc/bashrc ### shell, go to edit

If [$ UID-gt 199] & ["'id-gn '" = "'id-un'"]; then

Umask 002 ### general user umask

Else

Umask 077 ### modify the superuser umask to 077

Fi

Vim/etc/profile ### system, go to edit

If [$ UID-gt 199] & ["'id-gn '" = "'id-un'"]; then

Umask 002 ### general user umask

Else

Umask 077 ### modify the superuser umask to 077

Fi

 

The umask values of the above two files must be consistent

Source/etc/bashrc

Source/etc/profile

Make settings take effect immediately

Ps: before modifying umask, the default parameter of the new file is 644, the owner is readable and writable, and all groups and others are readable only. After the parameter is modified, it becomes 600. Only the owner can read and write data. All groups and others have no permissions.

 

11. Special Permissions

 

1. suid ### adventure bit

Only for binary executable files,

The owner of the processes produced by the programs recorded in the file is the owner of the file.

Independent of the Process initiator identity

 

Setting method:

Chmod u + s file

Suid = 4

Chmod 4xxx file

 

2. sgid ### force bit

For Files: For binary executable files only,

Anyone running a binary file

All groups of processes generated by the program are all groups of files.

Independent of the program initiator group identity

Directory: When the directory has the sgid permission, all groups of all newly created files in the directory

Are automatically assigned to all groups in the directory, regardless of the group where the file creator is located.

 

Setting method:

 

Chmod g + s file | dir

Sgid = 2

Chmod 2xxx file | dir

 

3. sticky ### stick bit

T permission:

Only target and directory. If a directory has t permission, the files in the directory can only be deleted by everyone.

 

Setting method:

Chmod o + t direcotry

T = 1

Chmod 1777 direcotry

 

 

Unit4-job

 

1. create user groups shengchan, caiwu, and jishu

[Root @ localhost Desktop] # groupadd shengchan

[Root @ localhost Desktop] # groupadd caiwu

[Root @ localhost Desktop] # groupadd jishu

 

2. the requirements for creating a user are as follows:

*) Tom is an additional user in the shengchan group.

*) Harry is an additional user in the caiwu group.

*) Leo is an additional user in the jishu group.

*) Create an admin user. This user does not belong to the three departments mentioned above.

[Root @ localhost Desktop] # useradd-G shengchan tom

[Root @ localhost Desktop] # useradd-G caiwu harry

[Root @ localhost Desktop] # useradd-G jishu leo

[Root @ localhost Desktop] # useradd admin

 

3. the requirements for creating a directory are as follows:

*) The/pub directory is a public storage directory that is readable and executable to all users, but users can only delete their own files.

*) The/SC directory is the storage directory of the production department and can only be written to the production department personnel. All files created by the production department personnel are automatically assigned to the shengchan group.

*) The/cw directory is the finance department's storage directory and can only be written to finance department personnel. All files created by Finance Department personnel are automatically assigned to the caiwu group.

*) The admin user can use the touch tool to create any file in the/SC directory and/cw directory, but cannot delete the file.

[Root @ localhost Desktop] # mkdir/pub

[Root @ localhost Desktop] # chmod 777/pub

[Root @ localhost Desktop] # chmod o + t/pub

Ps: the preceding two commands can be combined into one [root @ localhost Desktop] # chmod 1777/pub

[Root @ localhost Desktop] # mkdir/SC

[Root @ localhost Desktop] # chgrp shengchan/SC

[Root @ localhost Desktop] # chmod 770/SC

[Root @ localhost Desktop] # chmod g + s/SC

Ps: the preceding two commands can be combined into one [root @ localhost Desktop] # chmod 2770/SC

[Root @ localhost Desktop] # mkdir/cw

[Root @ localhost Desktop] # chgrp caiwu/cw

[Root @ localhost Desktop] # chmod 770/cw

[Root @ localhost Desktop] # chmod g + s/cw

Ps: the preceding two commands can be combined into one [root @ localhost Desktop] # chmod 2770/cw

[Root @ localhost Desktop] # modify do --> enter the editing status and add -->

Admin localhost = (root) NOPASSWD:/bin/touch

[Root @ localhost Desktop] # su-admin

[Admin @ localhost ~] $ Sudo/bin/touch/SC/file

 

4. Set the permission of a common user to "r -- r -----"

[Root @ localhost Desktop] # vim/etc/profile --> enter the editing status -->

59 if [$ UID-gt 199] & ["'id-gn '" = "'id-un'"]; then

60 umask 002 ### change to 226

61 else

62 umask 022

63 fi

[Root @ localhost Desktop] # vim/etc/bashrc --> enter the editing status -->

70 if [$ UID-gt 199] & ["'id-gn '" = "'id-un'"]; then

71 umask 002 ### modify to 226

72 else

73 umask 022

74 fi

[Root @ localhost Desktop] # source/etc/profile

[Root @ localhost Desktop] # source/ect/bashrc

 

5. Set admin users to freely create new users through sudo

[Root @ localhost Desktop] # modify do --> enter the editing status and add -->

Admin localhost = (root) NOPASSWD:/usr/sbin/useradd

[Root @ localhost Desktop] # su-admin

[Admin @ localhost ~] $ Sudo/usr/sbin/useradd xyh