Operation on the real machine, restoring the environment
[[Email protected] Desktop]# rht-vmctl Reset Classroom
[[Email protected] Desktop]# rht-vmctl Reset Server
[[Email protected] Desktop]# rht-vmctl Reset Desktop
Configure the following static address parameters for the virtual machine server
– Host Name: server0.example.com
– IP Address: 172.25.0.11
– Subnet Mask: 255.255.255.0
– Default gateway: 172.25.0.254
–dns Server: 172.25.254.254
# Cat/etc/sysconfig/network-scripts/ifcfg-eth0
# cat/etc/resolv.conf
Test DNS resolution
[email protected] ~]# nslookup server0.example.com?
###################################################
? Cron Scheduled Tasks
System Services: Crond
Log file:/var/log/crond
? Using the crontab command
– Edit: Crontab-e [-u user Name]
– View: crontab-l [u user name]
– Clear: Crontab-r [-u user Name]
1. View service Status
[Email protected] ~]# systemctl status Crond
2. Writing a planning task?
? ?* ? ?* ? ?* ? ?* ? ?*
The day of the month?
[[Email protected] ~] #useradd Hanjie
[[Email protected] ~] #ls/Home
[[Email protected] ~] #su-hanjie?
[email protected] ~]#$ Touch a.txt
[[Email protected] ~] #crontab-e-U Hanjie
*/1 * * * */usr/bin/date?>>/home/hanjie/abc.txt
[[Email protected] ~] #watch-N 1 cat/home/natasha/abc.txt
[Email protected] ~]# Useradd Natasha
[email protected] ~]# which ifconfig?? #查询命令所对应的程序在那里
[email protected] ~]# which date
[Email protected] ~]# crontab-e-u Natasha
[Email protected] ~]# crontab-l-u Natasha
*/1 * * * */usr/bin/date?>>/home/natasha/abc.txt
[Email protected] ~]# Watch-n 1 cat/home/natasha/abc.txt
#######################################################
Categories of basic permissions
? Access Mode (permissions)
– read: Allow viewing of content-read?? r
– Write: Allow content to be modified-write?? W
– Executable: Allow to run and switch-execute? x
? For text files:
? ? ? ? ? ? R:cat Head Tail Less
? ? ? ? ? ? W:? vim
? ? ? ? ? ? x:? run
? Permissions applicable object (attribution)
– Owner: The user who owns this file/directory-user?? U
– Owning group: The group that owns this file/directory-group??? G
– Other users:-other for users other than the owner, the owning group? o
Permission bit hard connection number belongs to main group size last modified time File/directory name
[Email protected] ~]# ls-l/etc/passwd
[Email protected] ~]# ls-ld/etc/
[Email protected] ~]# Ls-ld/root
[Email protected] ~]# ls-ld/home/student
[[email protected] ~]# ls-ld/tmp----is a special basic privilege
? Start with "-": File
? Start with "L": Shortcut
? Start with "D": Directory
? Using the chmod command
–chmod [-R] Attribution relationship +-= permission category document ...
? ? ? ? [-R] Recursion gives permission
[Email protected] ~]# mkdir/nsd010
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod u-x/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod g+w/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod o=rwx/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod u=rwx,g=rx,o=r/nsd01
[Email protected] ~]# LS-LD/NSD01
################################################
? How to tell if a user has permissions
??? 1. Determine the user's identity???? Owner > Owning group > Other people? Match and stop??
??? 2. See Permissions Division for corresponding permission bits
? ?
The r permission of the directory: Ability to view this directory content ls
The W permission of the directory: ability to perform rm/mv/cp/mkdir/touch/... Actions to change directory contents
? directory x permissions: Ability to switch to this directory on CD
####################################################
Create a new/nsddir/directory with the root user, create a new Readme.txt file in this directory, and further complete the following operations
1) Enable user Zhangsan to create subdirectories in this directory? Switch users? Su-zhangsan
? ? chmod o+w?/nsddir/
[Email protected] ~]# Mkdir/nsddir
[Email protected] ~]# Touch/nsddir/readme.txt
[Email protected] ~]# Useradd Zhangsan
[Email protected] ~]# Su-zhangsan
[[Email protected] ~]$ exit
[Email protected] ~]# chmod o+w/nsddir/
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ MKDIR/NSDDIR/ABC
[Email protected] ~]$ ls/nsddir/
2) make the user Zhangsan not be able to create subdirectories under this directory
? ? chmod o-w?/nsddir/
3) Enable user Zhangsan to modify Readme.txt file
? ? chmod o+w?/nsddir/readme.txt
4) Adjust permissions on this directory so that all users cannot access this directory
?? chmod u-x,g-x,o-x?/nsddir/
5) Set permissions for this directory and all documents under it rwxr-x---
?? chmod-r? u=rwx,g=rx,o=---?/nsddir/
###############################################
Set document Attribution
? Using the Chown command
–chown [-R] belongs to main document ...
–chown [-R]: belongs to group document ...
–chown [-R] Owner: a group of documents ...
[Email protected] ~]# MKDIR/NSD05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# Groupadd tedu
[Email protected] ~]# chown dc:tedu/nsd05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# chown student/nsd05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# chown:root/nsd05/
[Email protected] ~]# ls-ld/nsd05/
####################################################
? Special permissions (Additional permissions)
Set UID
? Attached to the X-position of the owner
– The owner's permission identifier becomes S
– For executable files, Set UID allows the user to have the file
Master identity and Partial permissions (pass-through owner identity)
Set GID
? Attached to the X-position of the genus Group
– the permission identifier of the group becomes S
– for executables, similar to set UID (pass as group identity)
– For directories, set GID allows new documents to be automatically set in the directory
The same group as the parent directory
??
[Email protected] ~]# Mkdir/tarena
[Email protected] ~]# Ls-ld/tarena
[Email protected] ~]# Chown:tedu/tarena
[Email protected] ~]# Ls-ld/tarena
[Email protected] ~]# MKDIR/TARENA/NSD01
[Email protected] ~]# LS-LD/TARENA/NSD01
[Email protected] ~]# chmod g+s?/tarena/
[Email protected] ~]# ls-ld?/tarena/
[Email protected] ~]# mkdir? /tarena/nsd02
[Email protected] ~]# ls-ld?/tarena/nsd02
[email protected] ~]# touch?/tarena/nsd02/abc.txt
[Email protected] ~]# ls-l?/tarena/nsd02/abc.txt
#################################################
Sticky Bit
? Attached to another person's X-position
– The other person's permission ID will change to T
– A directory for open W permissions that can prevent users from abusing W writes
Permissions (Prohibit manipulating others ' documents)
[Email protected] ~]# Mkdir/public
[Email protected] ~]# chmod u=rwx,g=rwx,o=rwx/public
[Email protected] ~]# Ls-ld/public
[Email protected] ~]# chmod o+t/public
[Email protected] ~]# Ls-ld/public
###################################################
The role of ACL policies
? Limitations of document Attribution
– No one belongs to three roles: owner, group, other person
– Unable to achieve finer control
? ACL Access Policy
– Ability to set independent permissions on individual users, individual groups
– Most mounted EXT3/4, XFS file systems are supported by default
[Email protected] ~]# mkdir/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# chmod o=---/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
-BASH:CD:/test/: Permission denied
[[Email protected] ~]$ exit
Logout
[Email protected] ~]# setfacl-m u:zhangsan:rx/test/
[Email protected] ~]# getfacl/test/
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
[Email protected] test]$ pwd
[[Email protected] test]$ exit
? Using the Getfacl, Setfacl command
–getfacl documentation ...
–setfacl?-M u: User name: Permission category Document ...
–setfacl?-M G: Group name: Permissions Category Document ...
–setfacl?-X u: User name?? Document...? ? ? ? #删除指定的ACL策略??
–setfacl?-B documentation ...? ? ? ? ? ? ? ? ? ? ? ? ? ? #清空ACL策略?????
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-m u:dc:rwx/test/
[Email protected] ~]# setfacl-m u:natasha:rx/test/
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-x u:dc/test/? #删除指定的ACL
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-b/test/?? #清空所有的ACL
[Email protected] ~]# getfacl/test/
##################################################
[Email protected] ~]# MKDIR/NSD20
[Email protected] ~]# chmod U=RWX,G=RWX,O=RWX/NSD20
[Email protected] ~]# LS-LD/NSD20
Drwxrwxrwx. 2 root root 6 October 15:49/nsd20
[Email protected] ~]# setfacl-m U:natasha:---/nsd20
###################################################
Using LDAP authentication
"????" Traditional username password: locally created for local login?/etc/passwd
???? network users: Created on the LDAP server, you can log on to each machine in the domain
? LDAP server: Classroom
? ? Client: Specify the server-side LDAP location
? ??
? 1. Installing the Client Software
? ? ? Package
? ? ? ? ? SSSD: Communication software with the server
? ? ? ? ? AUTHCONFIG-GTK: Graphics Configuration SSSD Tool
[Email protected] ~]# rpm-q sssd????? #验证软件包安装成功
[Email protected] ~]# rpm-q AUTHCONFIG-GTK
? 2. Run the Graphics Configuration SSSD tool: AUTHCONFIG-GTK
[Email protected] ~]# AUTHCONFIG-GTK
? User account Database: LDAP
? LDAP Search Base dn:dc=example,dc=com
? LDAP server: classroom.example.com
Check: Connect with TLS encryption
? ? ? ? Specify Certificate encryption:
?????? http://172.25.254.254/pub/example-ca.crt
?? Authentication method: LDAP password
3. Start the SSSD service and set it to boot from
[Email protected] ~]# systemctl restart SSSD
[Email protected] ~]# Systemctl enable SSSD
4. Verification
[[email protected] ~]# grep ' Ldapuser0 '/etc/passwd
[[email protected] ~]# ID LDAPUSER0
##################################################
Home directory Roaming
? Network File system
– The specified folder is shared to the client by the NFS server
– The client will mount this shared directory to a local directory to access this share
Resources are as convenient as accessing a local directory
– Similar to EXT4, XFS and other types, except that resources are online
? View NFS Resources
[Email protected] ~]# showmount-e 172.25.254.254
? Mount to mount NFS shared content on the server to a local directory
[Email protected] ~]# mkdir/home/guests
# Mount 172.25.254.254:/home/guests/??/home/guests
[Email protected] ~]# ls/home/guests
[Email protected] ~]# Su-ldapuser0
Linux system Administrator Technology (Admin)-------Fifth day