Linux system file permissions + scheduled tasks + log system experiment objective: to master the concepts related to file permissions and specific operation experiment environment: Red Hat Enterprise Linux Server 5.3 tutorial steps: i. File Permission II. Task Scheduling III. Log System I. File Permission (I) Basic permission 1. r (read, 4) w (write, 2) x (Execution, 1) 2. u (owner) g (all groups) o (Others) 3. chmod (Change File Permission) chown (change file owner and all groups) 4. chmod 777 boss (set the boss file to readable, writable, and executable) 5. chown boss. root (set the boss file to owned by the boss user and owned by the root group, and change the file owner by default) 6. chgrp groupname f I lename (change all groups of files) (2) special permissions 1. suid 4 chmod u + s f ilename chmod 4755 f ilename2.sgid 2 chmod g + s f ilename chmod 2755 f ilename3.sticky-bit 1 chmod o + t f ilename chmod 1755 f ilename (3) file system permission 1. chattr (set file system permissions) a can only append I but cannot modify specific permission options. You can use man chattr2. lsattr (View File System permissions)-d to view folders (4) facl File Access Control List 1. facl can only be set for partitions. 2. vi/etc/fstab in this partition/dev/sda6/boss ext3 defaults, acl 0 03. mount-o remount/boss4. set facl-m u: username: permit ion f ilename (set for users) 5. set facl-m g: groupname: permit ion file Name (for group settings) 6. set facl-x username f ilename (delete user settings) 7. set facl-x groupname f ilename (delete group settings) 8. getfacl f ilename (View File Settings) (5) disk quota 1. quota can only be set for partitions. 2. vi/etc/fstab (to enable this partition to support quota)/dev/sda6/boss ext3 defaults, usrquota, kgquota 0 03. mount-o remount/boss (remount the file system) 4. quotacheck-cugm/home5. edquota username (edit the user's Disk quota) Disk quotas for user user1 (uid 503): (unit: k) Filesystem blocks soft hard inodes so F t hard/dev/sda11 0 0 0 0 06. edquota-g groupname (Disk Quota of the editing group) Disk quotas for group root (gid 0): Filesystem blocks soft hard inodes soft hard/dev/sda11 3105312 0 0 0 6 0 07. quotaon/home (enable Disk Quota) 8. repquota-a (view the disk quota of the system) 9. edquota-t (view expiration time) 10. setquota (command line disk quota setting) setquota username (block soft) (block hard) (inode sof t) (inode hard) ii. scheduled task 1.at temporary scheduled task at 10/30/08at> wall "hello world" command at> Ctrl + z save close corn ****** minute by day month week 32 15 ***/var/spool/at (save directory) 2. crontab-e (edit a scheduled periodic task)/etc/init. d/crond start (Daemon must be enabled) crontab format description minute 0-59hour 0-23day of month 1-31month 1-12 (or names, see below) day of week 0-7 (0 or 7 is Sun, or use names) Minute hour day month week command 3. crontab-l (view the current user's cron scheduled task list) crontab-u (specified user) 4. crontab-r (clear all scheduled tasks) crontab f ilename (read the file into crontab Medium) 5.cd/var/spool/cron/(crontable task storage location) 6.vim/ etc/crontab (scheduled task managed by the System) SHELL =/bin/bash execution environment PATH =/sbin: /bin:/usr/sbin: /usr/bin command execution environment MAILTO = root running information mail sent to rootHOME =/# run-parts directory specified script (missing supplemental script) 01 ***** root run-parts/etc/cron. hourly (the first minute of every hour) 02 4 *** root run-parts/etc/cron. daily (04:02 every day) 22 4 ** 0 root run-parts/etc/cron. weekly (04:22 every Sunday) 42 4 1 ** root run-parts/etc/cron. monthl Y (04:42 am on the first day of every month). Run the ID to specify the directory (run all scripts under the directory). 7. anacron # vim/etc/anacrontab checks cron (daily. week. monthly) whether to run. If not, immediately add 1 65 cron. daily run-parts/etc/cron. daily7 70 cron. weekly run-parts/etc/cron. weekly30 75 cron. monthly run-parts/etc/cron. monthly time limit 1 day found cron. if daily is not running, run/etc/cron. daily 65: the cron was found with a latency of 65 minutes and 7 days. daily does not run 70: delay 70 minutes 30 days found cron. monthly 75: delay 75 minutes 8. /var/spool/anacron (anacron storage location) 9. anacron shoushou Protection process 10. the spool/anacron file records the last running time (changed after each running). calculation time difference. 3. log system. 1. dmesg to view system initialization information 2. log daemon syslogd klogd types: auth (verification), authpriv, cron (scheduled task), daemon, kernl (kernel), lpr (print), mail (mail) mark (time stamp is usually disabled), news (news), security (same as auth), syslog, user (user), uucplocal0 through local7 (user-Defined) level: debug, info (details), not ice (notification), warning (warning), warn (same as warning) err (error message) error (same as err) crit, alert, emerg, panic (panic) (same as emerg ). # Man 5 syslog. conf3.vim/etc/syslog. conf # Log all kernel messages to the console. # Logging much else clutters up the screen. # kern. */dev/console (sent to the console) # Log anything (same T mail) of level info or higher. # Don't log private authent icat ion messages! *. Info; mail. none; authpriv. none; cron. none/var/log/messages (The info level of all objects, except main, authpriv, cron) # The authpriv f ile has restricted access. authpriv. */var/log/secure (all level information of authpriv is saved to the/var/log/secure File) # Log all the mail messages in one place. mail. *-/var/log/maillog (all levels of the mai l object are saved to the/var/log/maillog file immediately) # Log cron stuffcron. */var/log/cron (all levels of cron objects, saved to the/var/log/cron file) # Everybody gets em Ergency messages *. emerg * (the most severe level of all objects, sent to all users) # Save news errors of level crit and higher in a special f ile. uucp, news. crit/var/log/spooler # Save boot messages also to boot. loglocal7. */var/log/boot. log4. # type. level #*. debug all types. debugging #*.! = Info all information except info #*.! In addition to info, info requires # mail, kern. debug specifies the debug information of mail and kern objects # kern. */dev/console *. * @ 192.168.0.15. by default, syslog logs are synchronized.-If the configuration is not synchronized, logs can be sent to/dev/tty1 (console) and @ 192.168.0.1 (Remote Server) by default, logs are recorded directly to the disk (if you need a buffer before the directory-), restart syslog (the new configuration takes effect after restart) # tail-f/var/log/messages view log file Oct 31 10:08:54 localhost syslogd 1.4.1: restart (remote Login T ion ). m date host process name message 6.vim/etc/syscongif/syslog (enable remote log reception) --------------------------------------------- # Opt ions to syslogd #-m 0 disables 'mark' messages. (disable the mask object) #-r enables logging fromremote machines (accept logs from remote computers) #-x disables DNS lookups on messages recieved with (disable DNS resolution) # See syslogd (8) for more detailsSYSLOGD_OPTIONS = "-m 0" (changed to SYSLOGD_OPTIONS = "-m 0-f-x ") # Opt ions to klogd #-2 prints all kernel oops messages twice; once for klogd to decode, and # once for processing with 'K' #-x disables all klogd processing of oops messages ent irely # See klogd (8) for more detailsKLOGD_OPTIONS = "-x" # SYSLOG_UMASK = 077 # set this to a umask value to use for all log f iles as in umask (1 ). # By default, all permissions are removed for "group" and "other ". --------------------------------------------- 7. logger-p kern.info (level) "content"-t object manually Send Logs,-p specifies the object category, send information 8. place the web service access log on the log server CustomLog "| logger-p local4.info-t apache" common9.syslogd to use port 514 and use iptables to control which users will receive logs 10. log polling is executed on/etc/cron every day. in daily/vim/etc/logrotate. conf # see "man logrotate" for details # rotate log f iles weeklyweekly (The unit of file record week) # keep 4 weeks worth of backlogsrotate 4 (the volume of logs stored for one month) # create new (empty) log f iles after rotat ing old onescreate (create a new file) # uncomment this if you want your log f iles compressed # compress (whether to use compression) # RPM packages drop log rotat ion generation ion into this directoryinclude/etc/logrotate. d # no packages own wtmp -- we'll rotate them here/var/log/wtmp {monthlycreate 0664 root utmprotate 1}