Linux system Administrator Technology (Admin)-------Fifth day

Source: Internet
Author: User
Tags gtk ldap ldap search base parent directory


Operation on the real machine, restoring the environment

[[Email protected] Desktop]# rht-vmctl Reset Classroom

[[Email protected] Desktop]# rht-vmctl Reset Server

[[Email protected] Desktop]# rht-vmctl Reset Desktop


###################################################

Configure the following static address parameters for the virtual machine server

– Host Name: server0.example.com


– IP Address: 172.25.0.11

– Subnet Mask: 255.255.255.0

– Default gateway: 172.25.0.254


–dns Server: 172.25.254.254


# Cat/etc/sysconfig/network-scripts/ifcfg-eth0

# cat/etc/resolv.conf


Test DNS resolution

[email protected] ~]# nslookup server0.example.com?


###################################################

? Cron Scheduled Tasks


System Services: Crond

Log file:/var/log/crond



? Using the crontab command

– Edit: Crontab-e [-u user Name]

– View: crontab-l [u user name]

– Clear: Crontab-r [-u user Name]


1. View service Status

[Email protected] ~]# systemctl status Crond


2. Writing a planning task?

? ?* ? ?* ? ?* ? ?* ? ?*

The day of the month?

[[Email protected] ~] #useradd Hanjie

[[Email protected] ~] #ls/Home

[[Email protected] ~] #su-hanjie?

[email protected] ~]#$ Touch a.txt

[[Email protected] ~] #crontab-e-U Hanjie

*/1 * * * */usr/bin/date?>>/home/hanjie/abc.txt

[[Email protected] ~] #watch-N 1 cat/home/natasha/abc.txt



[Email protected] ~]# Useradd Natasha

[email protected] ~]# which ifconfig?? #查询命令所对应的程序在那里

[email protected] ~]# which date

[Email protected] ~]# crontab-e-u Natasha

[Email protected] ~]# crontab-l-u Natasha


*/1 * * * */usr/bin/date?>>/home/natasha/abc.txt


[Email protected] ~]# Watch-n 1 cat/home/natasha/abc.txt


#######################################################

Categories of basic permissions

? Access Mode (permissions)

– read: Allow viewing of content-read?? r

– Write: Allow content to be modified-write?? W

– Executable: Allow to run and switch-execute? x


? For text files:

? ? ? ? ? ? R:cat Head Tail Less

? ? ? ? ? ? W:? vim

? ? ? ? ? ? x:? run


? Permissions applicable object (attribution)

– Owner: The user who owns this file/directory-user?? U

– Owning group: The group that owns this file/directory-group??? G

– Other users:-other for users other than the owner, the owning group? o





Permission bit hard connection number belongs to main group size last modified time File/directory name


[Email protected] ~]# ls-l/etc/passwd

[Email protected] ~]# ls-ld/etc/


[Email protected] ~]# Ls-ld/root


[Email protected] ~]# ls-ld/home/student


[[email protected] ~]# ls-ld/tmp----is a special basic privilege


? Start with "-": File

? Start with "L": Shortcut

? Start with "D": Directory


? Using the chmod command

–chmod [-R] Attribution relationship +-= permission category document ...

? ? ? ? [-R] Recursion gives permission


[Email protected] ~]# mkdir/nsd010

[Email protected] ~]# LS-LD/NSD01


[Email protected] ~]# chmod u-x/nsd01

[Email protected] ~]# LS-LD/NSD01


[Email protected] ~]# chmod g+w/nsd01

[Email protected] ~]# LS-LD/NSD01


[Email protected] ~]# chmod o=rwx/nsd01

[Email protected] ~]# LS-LD/NSD01


[Email protected] ~]# chmod u=rwx,g=rx,o=r/nsd01

[Email protected] ~]# LS-LD/NSD01


################################################

? How to tell if a user has permissions

??? 1. Determine the user's identity???? Owner > Owning group > Other people? Match and stop??

??? 2. See Permissions Division for corresponding permission bits


? ?

The r permission of the directory: Ability to view this directory content ls

The W permission of the directory: ability to perform rm/mv/cp/mkdir/touch/... Actions to change directory contents

? directory x permissions: Ability to switch to this directory on CD


####################################################

Create a new/nsddir/directory with the root user, create a new Readme.txt file in this directory, and further complete the following operations

1) Enable user Zhangsan to create subdirectories in this directory? Switch users? Su-zhangsan

? ? chmod o+w?/nsddir/

[Email protected] ~]# Mkdir/nsddir

[Email protected] ~]# Touch/nsddir/readme.txt

[Email protected] ~]# Useradd Zhangsan

[Email protected] ~]# Su-zhangsan

[[Email protected] ~]$ exit

[Email protected] ~]# chmod o+w/nsddir/

[Email protected] ~]# Su-zhangsan

[Email protected] ~]$ MKDIR/NSDDIR/ABC

[Email protected] ~]$ ls/nsddir/

2) make the user Zhangsan not be able to create subdirectories under this directory

? ? chmod o-w?/nsddir/


3) Enable user Zhangsan to modify Readme.txt file

? ? chmod o+w?/nsddir/readme.txt


4) Adjust permissions on this directory so that all users cannot access this directory

?? chmod u-x,g-x,o-x?/nsddir/


5) Set permissions for this directory and all documents under it rwxr-x---

?? chmod-r? u=rwx,g=rx,o=---?/nsddir/


###############################################


Set document Attribution

? Using the Chown command

–chown [-R] belongs to main document ...

–chown [-R]: belongs to group document ...

–chown [-R] Owner: a group of documents ...


[Email protected] ~]# MKDIR/NSD05

[Email protected] ~]# LS-LD/NSD05

[Email protected] ~]# Groupadd tedu

[Email protected] ~]# chown dc:tedu/nsd05

[Email protected] ~]# LS-LD/NSD05


[Email protected] ~]# chown student/nsd05

[Email protected] ~]# LS-LD/NSD05


[Email protected] ~]# chown:root/nsd05/

[Email protected] ~]# ls-ld/nsd05/


####################################################

? Special permissions (Additional permissions)


Set UID


? Attached to the X-position of the owner

– The owner's permission identifier becomes S

– For executable files, Set UID allows the user to have the file

Master identity and Partial permissions (pass-through owner identity)



Set GID

? Attached to the X-position of the genus Group

– the permission identifier of the group becomes S

– for executables, similar to set UID (pass as group identity)


– For directories, set GID allows new documents to be automatically set in the directory

The same group as the parent directory

??

[Email protected] ~]# Mkdir/tarena

[Email protected] ~]# Ls-ld/tarena


[Email protected] ~]# Chown:tedu/tarena

[Email protected] ~]# Ls-ld/tarena


[Email protected] ~]# MKDIR/TARENA/NSD01

[Email protected] ~]# LS-LD/TARENA/NSD01


[Email protected] ~]# chmod g+s?/tarena/

[Email protected] ~]# ls-ld?/tarena/


[Email protected] ~]# mkdir? /tarena/nsd02

[Email protected] ~]# ls-ld?/tarena/nsd02

[email protected] ~]# touch?/tarena/nsd02/abc.txt

[Email protected] ~]# ls-l?/tarena/nsd02/abc.txt

#################################################



Sticky Bit

? Attached to another person's X-position

– The other person's permission ID will change to T

– A directory for open W permissions that can prevent users from abusing W writes

Permissions (Prohibit manipulating others ' documents)


[Email protected] ~]# Mkdir/public

[Email protected] ~]# chmod u=rwx,g=rwx,o=rwx/public

[Email protected] ~]# Ls-ld/public


[Email protected] ~]# chmod o+t/public

[Email protected] ~]# Ls-ld/public


###################################################


The role of ACL policies


? Limitations of document Attribution

– No one belongs to three roles: owner, group, other person

– Unable to achieve finer control


? ACL Access Policy

– Ability to set independent permissions on individual users, individual groups

– Most mounted EXT3/4, XFS file systems are supported by default



[Email protected] ~]# mkdir/test

[Email protected] ~]# ls-ld/test

[Email protected] ~]# chmod o=---/test

[Email protected] ~]# ls-ld/test

[Email protected] ~]# Su-zhangsan


[Email protected] ~]$ cd/test/

-BASH:CD:/test/: Permission denied

[[Email protected] ~]$ exit

Logout


[Email protected] ~]# setfacl-m u:zhangsan:rx/test/

[Email protected] ~]# getfacl/test/

[Email protected] ~]# Su-zhangsan

[Email protected] ~]$ cd/test/

[Email protected] test]$ pwd

[[Email protected] test]$ exit



? Using the Getfacl, Setfacl command

–getfacl documentation ...

–setfacl?-M u: User name: Permission category Document ...

–setfacl?-M G: Group name: Permissions Category Document ...

–setfacl?-X u: User name?? Document...? ? ? ? #删除指定的ACL策略??

–setfacl?-B documentation ...? ? ? ? ? ? ? ? ? ? ? ? ? ? #清空ACL策略?????


[Email protected] ~]# getfacl/test/

[Email protected] ~]# setfacl-m u:dc:rwx/test/

[Email protected] ~]# setfacl-m u:natasha:rx/test/

[Email protected] ~]# getfacl/test/


[Email protected] ~]# setfacl-x u:dc/test/? #删除指定的ACL

[Email protected] ~]# getfacl/test/


[Email protected] ~]# setfacl-b/test/?? #清空所有的ACL

[Email protected] ~]# getfacl/test/




##################################################

[Email protected] ~]# MKDIR/NSD20

[Email protected] ~]# chmod U=RWX,G=RWX,O=RWX/NSD20

[Email protected] ~]# LS-LD/NSD20

Drwxrwxrwx. 2 root root 6 October 15:49/nsd20

[Email protected] ~]# setfacl-m U:natasha:---/nsd20


###################################################

Using LDAP authentication


"????" Traditional username password: locally created for local login?/etc/passwd

???? network users: Created on the LDAP server, you can log on to each machine in the domain


? LDAP server: Classroom


? ? Client: Specify the server-side LDAP location

? ??

? 1. Installing the Client Software

? ? ? Package

? ? ? ? ? SSSD: Communication software with the server


? ? ? ? ? AUTHCONFIG-GTK: Graphics Configuration SSSD Tool


[Email protected] ~]# rpm-q sssd????? #验证软件包安装成功

[Email protected] ~]# rpm-q AUTHCONFIG-GTK


? 2. Run the Graphics Configuration SSSD tool: AUTHCONFIG-GTK

[Email protected] ~]# AUTHCONFIG-GTK


? User account Database: LDAP

? LDAP Search Base dn:dc=example,dc=com

? LDAP server: classroom.example.com


Check: Connect with TLS encryption

? ? ? ? Specify Certificate encryption:

?????? http://172.25.254.254/pub/example-ca.crt

?? Authentication method: LDAP password


3. Start the SSSD service and set it to boot from

[Email protected] ~]# systemctl restart SSSD

[Email protected] ~]# Systemctl enable SSSD

4. Verification

[[email protected] ~]# grep ' Ldapuser0 '/etc/passwd

[[email protected] ~]# ID LDAPUSER0


##################################################

Home directory Roaming


? Network File system

– The specified folder is shared to the client by the NFS server

– The client will mount this shared directory to a local directory to access this share

Resources are as convenient as accessing a local directory

– Similar to EXT4, XFS and other types, except that resources are online



? View NFS Resources

[Email protected] ~]# showmount-e 172.25.254.254



? Mount to mount NFS shared content on the server to a local directory

[Email protected] ~]# mkdir/home/guests


# Mount 172.25.254.254:/home/guests/??/home/guests


[Email protected] ~]# ls/home/guests

[Email protected] ~]# Su-ldapuser0











Linux system Administrator Technology (Admin)-------Fifth day

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.