Linux System Learning Day Fifth

Source: Internet
Author: User
Tags gtk ldap ldap search base parent directory

Operation on the real machine, restoring the environment
[[Email protected] Desktop]# rht-vmctl Reset Classroom
[[Email protected] Desktop]# rht-vmctl Reset Server
[[Email protected] Desktop]# rht-vmctl Reset Desktop

###################################################
Configure the following static address parameters for the virtual machine server
– Host Name: server0.example.com

– IP Address: 172.25.0.11
– Subnet Mask: 255.255.255.0
– Default gateway: 172.25.0.254

–dns Server: 172.25.254.254

# Cat/etc/sysconfig/network-scripts/ifcfg-eth0
# cat/etc/resolv.conf

Test DNS resolution
[email protected] ~]# nslookup server0.example.com

###################################################
Cron Scheduled Tasks

System Services: Crond
Log file:/var/log/crond


? Using the crontab command
– Edit: Crontab-e [-u user Name]
– View: crontab-l [u user name]
– Clear: Crontab-r [-u user Name]

1. View service Status
[Email protected] ~]# systemctl status Crond

2. Write a scheduled task,
*    *    *    *    *
Time-sharing Week
[Email protected] ~]# Useradd Natasha
[email protected] ~]# which ifconfig #查询命令所对应的程序在那里
[email protected] ~]# which date
[Email protected] ~]# crontab-e-u Natasha
[Email protected] ~]# crontab-l-u Natasha

*/1 * * * */usr/bin/date >>/home/natasha/abc.txt

[Email protected] ~]# Watch-n 1 cat/home/natasha/abc.txt

#######################################################
Categories of basic permissions
? Access Mode (permissions)
– read: Allow viewing of content-read R
– Write: Allow content to be modified-write W
– Executable: Allow to run and switch-execute x

For text files:
R:cat Head Tail Less
W:vim
X: Run

? Permissions applicable object (attribution)
– Owner: The user who owns this file/directory-user u
– Owning group: The group that owns this file/directory-group g
– Other users:-other o for users other than the owner, the owning group




Permission bit hard connection number belongs to main group size last modified time File/directory name

[Email protected] ~]# ls-l/etc/passwd
[Email protected] ~]# ls-ld/etc/

[Email protected] ~]# Ls-ld/root

[Email protected] ~]# ls-ld/home/student

[Email protected] ~]# ls-ld/tmp

Start with "-": File
Start with "L": Shortcut
Start with "D": Directory

? Using the chmod command
–chmod [-R] Attribution relationship +-= permission category document ...
[-R] Recursion gives permission

[Email protected] ~]# MKDIR/NSD01
[Email protected] ~]# LS-LD/NSD01

[Email protected] ~]# chmod u-x/nsd01
[Email protected] ~]# LS-LD/NSD01

[Email protected] ~]# chmod g+w/nsd01
[Email protected] ~]# LS-LD/NSD01

[Email protected] ~]# chmod o=rwx/nsd01
[Email protected] ~]# LS-LD/NSD01

[Email protected] ~]# chmod u=rwx,g=rx,o=r/nsd01
[Email protected] ~]# LS-LD/NSD01

################################################
How to tell if a user has permissions
1. Determine the identity owner > owning group > Other person to match and stop
2. To see the permissions of the corresponding permission level division


R Permissions for the directory: Ability to view this directory content ls
W Permissions for the directory: ability to perform rm/mv/cp/mkdir/touch/... Actions to change directory contents
Directory x permissions: Ability to switch to this directory on CD

####################################################
Create a new/nsddir/directory with the root user, create a new Readme.txt file in this directory, and further complete the following operations
1) Enable user Zhangsan to create sub-directories in this directory to switch users Su-zhangsan
chmod o+w/nsddir/

2) make the user Zhangsan not be able to create subdirectories under this directory
chmod o-w/nsddir/

3) Enable user Zhangsan to modify Readme.txt file
chmod o+w/nsddir/readme.txt

4) Adjust permissions on this directory so that all users cannot access this directory
chmod u-x,g-x,o-x/nsddir/

5) Set permissions for this directory and all documents under it rwxr-x---
Chmod-r u=rwx,g=rx,o=---/nsddir/

###############################################

Set document Attribution
? Using the Chown command
–chown [-R] belongs to main document ...
–chown [-R]: belongs to group document ...
–chown [-R] Owner: a group of documents ...

[Email protected] ~]# MKDIR/NSD05
[Email protected] ~]# LS-LD/NSD05
[Email protected] ~]# Groupadd tedu
[Email protected] ~]# chown dc:tedu/nsd05
[Email protected] ~]# LS-LD/NSD05

[Email protected] ~]# chown student/nsd05
[Email protected] ~]# LS-LD/NSD05

[Email protected] ~]# chown:root/nsd05/
[Email protected] ~]# ls-ld/nsd05/

####################################################
Special permissions (Additional permissions)

Set UID

? Attached to the X-position of the owner
– The owner's permission identifier becomes S
– For executable files, Set UID allows the user to have the file
Master identity and Partial permissions (pass-through owner identity)


Set GID
? Attached to the X-position of the genus Group
– the permission identifier of the group becomes S
– for executables, similar to set UID (pass as group identity)

– For directories, set GID allows new documents to be automatically set in the directory
The same group as the parent directory

[Email protected] ~]# Mkdir/tarena
[Email protected] ~]# Ls-ld/tarena

[Email protected] ~]# Chown:tedu/tarena
[Email protected] ~]# Ls-ld/tarena

[Email protected] ~]# MKDIR/TARENA/NSD01
[Email protected] ~]# LS-LD/TARENA/NSD01

[Email protected] ~]# chmod g+s/tarena/
[Email protected] ~]# ls-ld/tarena/

[Email protected] ~]# MKDIR/TARENA/NSD02
[Email protected] ~]# LS-LD/TARENA/NSD02
[Email protected] ~]# Touch/tarena/nsd02/abc.txt
[Email protected] ~]# ls-l/tarena/nsd02/abc.txt
#################################################


Sticky Bit
? Attached to another person's X-position
– The other person's permission ID will change to T
– A directory for open W permissions that can prevent users from abusing W writes
Permissions (Prohibit manipulating others ' documents)

[Email protected] ~]# Mkdir/public
[Email protected] ~]# chmod u=rwx,g=rwx,o=rwx/public
[Email protected] ~]# Ls-ld/public

[Email protected] ~]# chmod o+t/public
[Email protected] ~]# Ls-ld/public

###################################################

The role of ACL policies

? Limitations of document Attribution
– No one belongs to three roles: owner, group, other person
– Unable to achieve finer control

? ACL Access Policy
– Ability to set independent permissions on individual users, individual groups
– Most mounted EXT3/4, XFS file systems are supported by default


[Email protected] ~]# mkdir/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# chmod o=---/test
[Email protected] ~]# ls-ld/test
[Email protected] ~]# Su-zhangsan

[Email protected] ~]$ cd/test/
-BASH:CD:/test/: Permission denied
[[Email protected] ~]$ exit
Logout

[Email protected] ~]# setfacl-m u:zhangsan:rx/test/
[Email protected] ~]# getfacl/test/
[Email protected] ~]# Su-zhangsan
[Email protected] ~]$ cd/test/
[Email protected] test]$ pwd
[[Email protected] test]$ exit


? Using the Getfacl, Setfacl command
–getfacl documentation ...
–setfacl-m u: User name: Permission category Document ...
–setfacl-m g: Group name: Permission Category Document ...
–setfacl-x u: User name Document ... #删除指定的ACL策略
–setfacl-b documentation ... #清空ACL策略

[Email protected] ~]# getfacl/test/
[Email protected] ~]# setfacl-m u:dc:rwx/test/
[Email protected] ~]# setfacl-m u:natasha:rx/test/
[Email protected] ~]# getfacl/test/

[Email protected] ~]# setfacl-x u:dc/test/#删除指定的ACL
[Email protected] ~]# getfacl/test/

[Email protected] ~]# setfacl-b/test/#清空所有的ACL
[Email protected] ~]# getfacl/test/



##################################################
[Email protected] ~]# MKDIR/NSD20
[Email protected] ~]# chmod U=RWX,G=RWX,O=RWX/NSD20
[Email protected] ~]# LS-LD/NSD20
Drwxrwxrwx. 2 root root 6 October 15:49/nsd20
[Email protected] ~]# setfacl-m U:natasha:---/nsd20

###################################################
Using LDAP authentication

Traditional username password: locally created for local login/etc/passwd
Network user: Created on LDAP server, can log on to every machine in the domain

LDAP server: Classroom

Client: Specify the server-side LDAP location

1. Installing the Client Software
Package
SSSD: Communication software with the server

AUTHCONFIG-GTK: Graphics Configuration SSSD Tool

[Email protected] ~]# rpm-q SSSD #验证软件包安装成功
[Email protected] ~]# rpm-q AUTHCONFIG-GTK

2. Run the Graphics Configuration SSSD tool: AUTHCONFIG-GTK
[Email protected] ~]# AUTHCONFIG-GTK

User account Database: LDAP
LDAP Search Base dn:dc=example,dc=com
LDAP server: classroom.example.com

Hook-and-choose: Encrypted connection with TLS
Specify Certificate encryption:
Http://172.25.254.254/pub/example-ca.crt
Authentication method: LDAP password

3. Start the SSSD service and set it to boot from
[Email protected] ~]# systemctl restart SSSD
[Email protected] ~]# Systemctl enable SSSD
4. Verification
[[email protected] ~]# grep ' Ldapuser0 '/etc/passwd
[[email protected] ~]# ID LDAPUSER0

##################################################
Home directory Roaming

? Network File system
– The specified folder is shared to the client by the NFS server
– The client will mount this shared directory to a local directory to access this share
Resources are as convenient as accessing a local directory
– Similar to EXT4, XFS and other types, except that resources are online


? View NFS Resources
[Email protected] ~]# showmount-e 172.25.254.254


? Mount to mount NFS shared content on the server to a local directory
[Email protected] ~]# mkdir/home/guests

# Mount 172.25.254.254:/home/guests//home/guests

[Email protected] ~]# ls/home/guests
[Email protected] ~]# Su-ldapuser0

#####################################################

Linux System Learning Day Fifth

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.