Practice one: Linux basic practices

Source: Internet
Author: User
Tags naming convention ssh server ssh config ssh config file xming

First, the Linux basic Practice 1.1

1. Master The maintenance method of the software source, configure the system to use the software source image. Master the method of finding, installing, uninstalling and updating software through the software source.

This part of the content in many seniors study Sister's report has a very detailed explanation, I do not repeat here.

1.2

1. Master the concept of Linux rights Management. Master the meaning and setting method of 9bit related to rights management.

    • Linux Rights Management : Linux is a multi-user multitasking operating system that allows multiple users to be built on the system, while multiple users can log on to the same system to perform different tasks at the same time. To ensure that they do not affect each other, the Linux file Permissions division and management, each user within the scope of permission to complete different tasks
    • Convert to root mode : sudo su (will switch to root and require input of the current user's password)

  • Rights Management :

    ① category (User level) for file visitors

      • Owner of file and file directory: U (User)
      • User of the group that owns the file and file directory: G (group)
      • Other users: O (Others)

    ② types of File access rights

      • Basic permissions

    READ: For a file, has the right to read the contents of the file, for the directory, the permission to browse the directory information write (write): For the file, with the ability to modify the contents of the file, for the directory to delete files in the Move directory permission Execution (execute): for the file, have permission to execute the file; for directory, have permission to enter directory Iv. " -"indicates that the item does not have this permission

      • Special permissions

    SUID: can only be applied on the executable file, allowing any user to execute the file as the owner of the file Sgid: can only be applied on the executable file, so that any user in the execution of the file, will be the identity of the member of the group to perform the sticky bit: only on the directory file, will enable users to perform the deletion in the directory , you can delete only the objects you own

    ③ How to express file permission values

      • The first character shows the type of file:

    "-" indicates a normal file. "D" represents a catalog file. "L" means the linked file. "C" indicates a character device. "B" represents a block device. "P" indicates a named pipe, such as a FIFO file (first-in, in-out). "F" represents a stack file, such as LIFO (LIFO). "S" represents the socket. 

      • After the first character there are three three-bit character groups:

    The first three-bit character group represents the file owner (U) permissions on the file. The second three-bit character group represents the file user Group (g) permissions on the file. The third three-bit character group represents the permissions of other users of the system (O) to the file. If the user group does not have permission for this, the "-" character is generally displayed.

    Note: There are some differences in directory permissions and file permissions. For directory permissions, r means that files and subdirectories under that directory are allowed to be listed, and W represents the permission to generate and delete files in that directory, and X represents the permission to access the directory.

      • Character Representation method

    r--:   read-           only-w-  :         write --x:   execute           rw-:  read/         write-wx:  Write and execute        R - X: Reads and executes rwx: Read and        write execution ---:  

      • 8 Binary numeric representation method

R:4           w:2      1   65                 wx:3  rwx:7         0: Delegate has no permissions

2. Mastering the use of chmod directives

    • Features: set access permissions for files
    • format:chmod [parameters] permission file name
    • Parameters:

R: Recursively modify the permissions of the directory file V: Show instruction execution Process reference=< reference file or directory;: Set the permissions of the specified file or directory to the same permissions as the reference file or directory

Note: Only the file owner and root can change the file permissions

    • chmod The format of the command permission value: user identifier +/-/= permission character

      ① User identifier:

      U: Owner g: Owner same group user o: Other User A: all users  

      ②+/-/=:

    • +: Increase the permissions represented by the permission code to the scope of permission-: to the permission rangeto remove the permission code represented by the Permission =: give permission to the scope of the permission code represented by the permission

    • ③ permission characters: can be "R" (read-only), "W" (writable) and "X" (executable), and their combination.

      ④ Example: Canceling the file owner's readable, writable, and operational permissions to the Haha folder

3. Mastering the use of Chown directives

    • Function: Modify the file owner and group
    • Format: chown [parameter] User name or user group name file name
    • Parameters:

R: Recursive change the owner of the directory F: does not show the owner's details

    • Example:

Note: You must have permission to modify the file's owner and group in root mode.

4. Master the user and user group maintenance methods

    • Change root user: sudo su
    • To create a user:

/ETC/PASSWD (add a line of records to the/etc/passwd file)

    • Delete User: Userdel user name

    • To create a group:

Groupadd Group name grep Group name storage address (/etc/group)

    • Delete Group: Groupdel Group name

    • Set Password: passwd user name

5. Modifying the boot script or scripting

    • Go to the/etc/init folder and open the rc-sysinit.conf file

Lines marked with line code: EVN default_runlevel=2 means that RUNLEVEL (RunLevel) is 2 after the system is currently started. The basic operation of switching user mode can be realized by modifying the number.

Linux system has 7 runlevel (RunLevel): Run Level 0: System down state, the system default RunLevel cannot be set to 0, otherwise it will not start run Level 1: Single user working status, root privilege, for system maintenance, prohibit remote login run Level 2: Multi-user status ( No NFS) RunLevel 3: Full multiuser State (with NFS), login to console command line mode run Level 4: System unused, keep RunLevel 5:x11 console, log in to GUI mode run Level 6: The system shuts down and restarts, the default runlevel cannot be set to 6. Otherwise, it won't start properly.

    • The principle of operating level

1.There are many server scripts under directory/etc/rc.d/INIT.D, commonly referred to as service2. Under/etc/RC.D there are 7 directories named RCN.D, corresponding to the system's 7 runlevel 3. RCN.D directories are symbolic link files that point to a service script file under the INIT.D directory, with a naming convention of k+nn+ service name or s+nn+ service name, where NN is a two-digit number.  4. The system will enter the corresponding RCN.D directory according to the specified run level, and retrieve the link file under the directory in the order of file name     for files beginning with K, the system terminates the corresponding service     for files beginning with S. The system will start the corresponding service 5. View RunLevel by: RunLevel6. Enter another runlevel: Init N7. Init0 for shutdown, init 6 reboot system

    • Modify the/ETC/RC2.D/SXXGDM to/etc/rcx.d/kxxgdm:sudo MV SXXGDM KXXGDM (s) starting with the start, the start of the K-start, the statement is to terminate the RCX.D directory of the corresponding service. )

    • Remove a boot file from: sudo update-rc.d–f xxx remove (XXX is a non-numeric part of the file name except S and K)

6. Add the boot-up file

    • First download vim and write a new script file under the/etc/init.d folder haha.sh

    • Then set the permissions on the script document, execute the command sudo chmod 755 haha.sh After you can see the haha.sh becomes the executable file (green)

    • Writes the path of the script to/etc/init.d/rc.local

    • sudo update-rc.d haha.sh defaults 99 (99 for Boot order)

7. Understand and modify the PATH environment variable

    • Concept: $PATH determines which directories the shell will look for commands or programs, the value of path is a series of directories, and when a program is run, Linux searches for compiled links in these directories

    • To edit the format of the path declaration:

1 2>:<path3>:-----: <path n>

    • When the environment variable is changed, it takes effect the next time the user logs on, and if you want to take effect immediately, you can execute the following statement: $ source. bash_profile

    • Use the Export command to view the path value
    • You can view the PATH environment variable separately #echo $PATH command
    • modifying environment variables

1. # vim/etc/profile2. At the end of the document add: Export path=" directory: $PATH", save and exit 3. #source/etc/profile

1.3

SSH concept: Secure SHell. By using SSH, all transmitted data can be encrypted to prevent man-in-the-middle attacks and also to prevent DNS and IP spoofing. And the transmitted data is compressed, so the speed of transmission can be speeded up. SSH has a number of features that can replace Telnet and provide a secure "channel" for FTP, POP, and even PPP.

1. properly install the SSH service and understand the configuration file

    • Log on to the Linux system with root privileges and open the Terminal command. Enter Rpm-qa |grep ssh to find out if the SSH service is already installed on the current system. Perform the Apt-get install openssh-server command to install the SSH service if the display is not installed

    • Turn on the SSH service and use the PS and grep commands to view specific user processes through the pipeline

    • Run NETSTAT-ANTP | grep sshd command verifies that Port 22 is activated (port 22 is the SSH default port and the SSH service is enabled)

    • Run the vi/etc/ssh/ssh_config command into the SSH configuration file

192.168. 1.1  /etc/ssh/1024x768: Defines the number of bits of the server key. ...

2. Use the command line to start or stop the service, and from the test can be normal from remote access

    • Start SSH service: sudo/etc/init.d/ssh start
    • Stop SSH service: sudo/etc/init.d/ssh stop
    • Querying Linux virtual machine IP using ifconfig

    • View native IP addresses and virtual machine IP addresses, change them to the same network segment, and switch network settings to bridged NIC mode

    • Using the SSH service in the host or other terminal (in this case, using the Putty Software in Windows7)

1.4

1. use username/password for identity authentication

2. using certificates for identity authentication

    • Run Puttygen.exe Select Generate key pair (the build process needs to slide the mouse in the current Program Activity window to generate the random key). Generate the key pair as shown in. Click Save Private to save the private key. ppk file to Local. and copy the public key contents.

    • Use putty to connect to the host and gain root privileges . Use the command vim ~/.ssh/authorized_keys to open the file you want to modify to paste in the public key contents, save and exit.

    • Modify the configuration file by Command Vim/etc/ssh/sshd_ Config, find the next two lines of code and remove the comment:

pubkeyauthentication yesauthorizedkeysfile. SSH/authorized_keys

After you save and exit, disconnect.

    • When you connect again using Putty, select "Connect", "SSH", "Authentication", select the local private key file

    • Result connection succeeded with public key authentication

1.5

1. using the WINSCP Client connection and file transfer

    • Enter the IP address, username and password for the Linux, the SSH service default port number is 22 (do not change)

    • Pop-up dialog prompts cache key, select "Yes"
    • After successful login, you can enter the interface for file transfer.

2. putty in Windows can run the Xwindows program

    • Install xming, open the Xming shortcut on the desktop, and add parameters to the command line of the target-ac

    • Open Xming program, tick allow X11 mapping in putty

    • In putty, log in as root account, edit the SSH server configuration file Vi/etc/ssh/sshd_config and turn on TCP forwarding and X11 forwarding, that is, add the following two sentences:

Allowtcpforwarding yesx11forwarding Yes

    • Note: Because my login username is different from the owner of the folder where the public key is stored, all the additional strictmodes yes to Strictmodes No in the configuration file, and the production machine prohibits root remote SSH login, so you need to add Permitrootlogin Yes, that's the word. (Strictmodes is required to ensure that the folder holding the public key is the same as the login user name.) )

    • Open putty, log on to Linux on the terminal. Map output to native: Export display= native ip:0.0 (0.0 means display number for xming is 0, and if display # is set to a different value it needs to be consistent)

    • Enter a command in putty to open the appropriate program, such as Firefox, Gedit

Appendix Reference
    1. 7 operating levels for Linux systems: http://blog.chinaunix.net/uid-22746363-id-383989.html
    2. View and add path environment variables under Linux: http://blog.sina.com.cn/s/blog_7dc29ca001017j6y.html
    3. SSH config file: http://www.cnblogs.com/phoenix/articles/115476.html
    4. Ubuntu Open SSH Login for root account: http://blog.csdn.net/lichangzai/article/details/39379153

Practice one: Linux basic practices

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.