Operation on the real machine, restoring the environment
[[Email protected] Desktop]# rht-vmctl Reset Classroom
[[Email protected] Desktop]# rht-vmctl Reset Server
[[Email protected] Desktop]# rht-vmctl Reset Desktop
###################################################
Configure the following static address parameters for the virtual machine server
– Host Name: server0.example.com
– IP Address: 172.25.0.11
– Subnet Mask: 255.255.255.0
– Default gateway: 172.25.0.254
–dns Server: 172.25.254.254
# Cat/etc/sysconfig/network-scripts/ifcfg-eth0
# cat/etc/resolv.conf
Test DNS resolution
[email protected] ~]# nslookup server0.example.com
###################################################
Cron Scheduled Tasks
System Services: Crond
Log file:/var/log/crond
? Using the crontab command
– Edit: Crontab-e [-u user Name]
– View: crontab-l [u user name]
– Clear: Crontab-r [-u user Name]
1. View service Status
[Email protected] ~]# systemctl status Crond
2. Write a scheduled task,
* * * * *
Time-sharing Week
[Email protected] ~]# Useradd Natasha
[email protected] ~]# which ifconfig #查询命令所对应的程序在那里
[email protected] ~]# which date
[Email protected] ~]# crontab-e-u Natasha
[Email protected] ~]# crontab-l-u Natasha
*/1 * * * */usr/bin/date >>/home/natasha/abc.txt
[Email protected] ~]# Watch-n 1 cat/home/natasha/abc.txt
#######################################################
Categories of basic permissions
? Access Mode (permissions)
– read: Allow viewing of content-read R
– Write: Allow content to be modified-write W
– Executable: Allow to run and switch-execute x
For text files:
R:cat Head Tail Less
W:vim
X: Run
? Permissions applicable object (attribution)
– Owner: The user who owns this file/directory-user u
– Owning group: The group that owns this file/directory-group g
– Other users:-other o for users other than the owner, the owning group
Permission bit hard connection number belongs to main group size last modified time File/directory name
[Email protected] ~]# ls-l/etc/passwd
[Email protected] ~]# ls-ld/etc/
[Email protected] ~]# Ls-ld/root
[Email protected] ~]# ls-ld/home/student
[Email protected] ~]# ls-ld/tmp
Start with "-": File
Start with "L": Shortcut
Start with "D": Directory
? Using the chmod command
–chmod [-R] Attribution relationship +-= permission category document ...
[-R] Recursion gives permission
[Email protected] ~]# MKDIR/NSD01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod u-x/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod g+w/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod o=rwx/nsd01
[Email protected] ~]# LS-LD/NSD01
[Email protected] ~]# chmod u=rwx,g=rx,o=r/nsd01
[Email protected] ~]# LS-LD/NSD01
################################################
How to tell if a user has permissions
1. Determine the identity owner > owning group > Other person to match and stop
2. To see the permissions of the corresponding permission level division
R Permissions for the directory: Ability to view this directory content ls
W Permissions for the directory: ability to perform rm/mv/cp/mkdir/touch/... Actions to change directory contents
Directory x permissions: Ability to switch to this directory on CD
####################################################
Create a new/nsddir/directory with the root user, create a new Readme.txt file in this directory, and further complete the following operations
1) Enable user Zhangsan to create sub-directories in this directory to switch users Su-zhangsan
chmod o+w/nsddir/
2) make the user Zhangsan not be able to create subdirectories under this directory
chmod o-w/nsddir/
3) Enable user Zhangsan to modify Readme.txt file
chmod o+w/nsddir/readme.txt
4) Adjust permissions on this directory so that all users cannot access this directory
chmod u-x,g-x,o-x/nsddir/
5) Set permissions for this directory and all documents under it rwxr-x---
Chmod-r u=rwx,g=rx,o=---/nsddir/
###############################################
Set document Attribution
? Using the Chown command
–chown [-R] belongs to main document ...
–chown [-R]: belongs to group document ...
–chown [-R] Owner: a group of documents ...
[Email protected] ~]# MKDIR/NSD05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# Groupadd tedu
[Email protected] ~]# chown dc:tedu/nsd05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# chown student/nsd05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# chown:root/nsd05/
[Email protected] ~]# ls-ld/nsd05/
####################################################
Special permissions (Additional permissions)
Set UID
? Attached to the X-position of the owner
– The owner's permission identifier becomes S
– For executable files, Set UID allows the user to have the file
Master identity and Partial permissions (pass-through owner identity)
Set GID
? Attached to the X-position of the genus Group
– the permission identifier of the group becomes S
– for executables, similar to set UID (pass as group identity)
– For directories, set GID allows new documents to be automatically set in the directory
The same group as the parent directory
[Email protected] ~]# Mkdir/tarena
[Email protected] ~]# Ls-ld/tarena
[Email protected] ~]# Chown:tedu/tarena
[Email protected] ~]# Ls-ld/tarena
[Email protected] ~]# MKDIR/TARENA/NSD01
[Email protected] ~]# LS-LD/TARENA/NSD01
[Email protected] ~]# chmod g+s/tarena/
[Email protected] ~]# ls-ld/tarena/
[Email protected] ~]# MKDIR/TARENA/NSD02
[Email protected] ~]# LS-LD/TARENA/NSD02
[Email protected] ~]# Touch/tarena/nsd02/abc.txt
[Email protected] ~]# ls-l/tarena/nsd02/abc.txt
#################################################
Sticky Bit
? Attached to another person's X-position
– The other person's permission ID will change to T
– A directory for open W permissions that can prevent users from abusing W writes
Permissions (Prohibit manipulating others ' documents)
[Email protected] ~]# Mkdir/public
[Email protected] ~]# chmod u=rwx,g=rwx,o=rwx/public
[Email protected] ~]# Ls-ld/public
[Email protected] ~]# chmod o+t/public
[Email protected] ~]# Ls-ld/public
###################################################
The role of ACL policies
? Limitations of document Attribution
– No one belongs to three roles: owner, group, other person
– Unable to achieve finer control
? ACL Access Policy
– Ability to set independent permissions on individual users, individual groups
– Most mounted EXT3/4, XFS file systems are supported by default
[Email protected] ~]# mkdir/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# chmod o=---/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
-BASH:CD:/test/: Permission denied
[[Email protected] ~]$ exit
Logout
[Email protected] ~]# setfacl-m u:zhangsan:rx/test/
[Email protected] ~]# getfacl/test/
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
[Email protected] test]$ pwd
[[Email protected] test]$ exit
? Using the Getfacl, Setfacl command
–getfacl documentation ...
–setfacl-m u: User name: Permission category Document ...
–setfacl-m g: Group name: Permission Category Document ...
–setfacl-x u: User name Document ... #删除指定的ACL策略
–setfacl-b documentation ... #清空ACL策略
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-m u:dc:rwx/test/
[Email protected] ~]# setfacl-m u:natasha:rx/test/
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-x u:dc/test/#删除指定的ACL
[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-b/test/#清空所有的ACL
[Email protected] ~]# getfacl/test/
##################################################
[Email protected] ~]# MKDIR/NSD20
[Email protected] ~]# chmod U=RWX,G=RWX,O=RWX/NSD20
[Email protected] ~]# LS-LD/NSD20
Drwxrwxrwx. 2 root root 6 October 15:49/nsd20
[Email protected] ~]# setfacl-m U:natasha:---/nsd20
###################################################
Using LDAP authentication
Traditional username password: locally created for local login/etc/passwd
Network user: Created on LDAP server, can log on to every machine in the domain
LDAP server: Classroom
Client: Specify the server-side LDAP location
1. Installing the Client Software
Package
SSSD: Communication software with the server
AUTHCONFIG-GTK: Graphics Configuration SSSD Tool
[Email protected] ~]# rpm-q SSSD #验证软件包安装成功
[Email protected] ~]# rpm-q AUTHCONFIG-GTK
2. Run the Graphics Configuration SSSD tool: AUTHCONFIG-GTK
[Email protected] ~]# AUTHCONFIG-GTK
User account Database: LDAP
LDAP Search Base dn:dc=example,dc=com
LDAP server: classroom.example.com
Hook-and-choose: Encrypted connection with TLS
Specify Certificate encryption:
Http://172.25.254.254/pub/example-ca.crt
Authentication method: LDAP password
3. Start the SSSD service and set it to boot from
[Email protected] ~]# systemctl restart SSSD
[Email protected] ~]# Systemctl enable SSSD
4. Verification
[[email protected] ~]# grep ' Ldapuser0 '/etc/passwd
[[email protected] ~]# ID LDAPUSER0
##################################################
Home directory Roaming
? Network File system
– The specified folder is shared to the client by the NFS server
– The client will mount this shared directory to a local directory to access this share
Resources are as convenient as accessing a local directory
– Similar to EXT4, XFS and other types, except that resources are online
? View NFS Resources
[Email protected] ~]# showmount-e 172.25.254.254
? Mount to mount NFS shared content on the server to a local directory
[Email protected] ~]# mkdir/home/guests
# Mount 172.25.254.254:/home/guests//home/guests
[Email protected] ~]# ls/home/guests
[Email protected] ~]# Su-ldapuser0
#####################################################
Linux System Learning Day Fifth