What the FreeBSD system administrator should know

1. FreeBSD can directly use the command to generate a class, such as upgrading freebsd8.0 to freebsd8.1.

Directly in FreeBSD command line mode, enter the following command

sudo freebsd-update -r 8.1-RELEASE upgrade

Enter the prompt in the middle.

Does this look reasonable (y/n )? All y

Most of them do not need to be modified, but the file version time changes.

There will be some files to be merged, and the program will automatically open them with vi. Just fix it.

After

sudo freebsd-update install

The following prompt is displayed:

Installing updates...Kernel updates have been installed. Please reboot and run"/usr/sbin/freebsd-update install" again to finish installing updates

Then

sudo shutdown -r now

After restarting

sudo freebsd-update install

Uname-a check, OK

FreeBSD www.wsck.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010    root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

※It is worth noting that all online production servers use freebsd8_release amd64, and the generation process may be different. We recommend that you first use a virtual machine or try online servers that are not particularly important, we do not recommend that you generate a grade directly, so proceed with caution.

II. The Vim of FreeBSD is indeed different from Vim in Linux.

Many complained that the vim in FreeBSD is not easy to use, especially compared with RHEL. In fact, it is slightly worse than Linux to use Vim in configuration; the Vim configuration file is as follows ~ /. Vimrc

set nobackupset numberset cindentset autoindentset shiftwidth=2set tabstop=2set softtabstop=2set expandtabset rulersyntax on

Common settings

The following describes some common settings and their meanings.

Set nobackup does not back up files. Backup files are used (the original file is suffixed ~)
Set Number Display row number
Set cindent to set C-style indentation and use nocindent to cancel the settings
Set autoindent to set Automatic indentation. Each line is equal to the last line. Use noautoindet to cancel the settings.
Set shiftwidth = 2 set indent to two spaces
Set tabstop = 2 set the tab to two spaces
Set softtabstop = 2 set the soft tab to two spaces
Set expandtab indentation and (soft) tabs are replaced by spaces, and noexpandtab is used to cancel the settings.
Set ruler display the row and column numbers of the cursor
Syntax on startup syntax highlighting

Glossary

Cindent

The C language indentation method is used to automatically adjust the indentation based on special characters such as "{", "}", ":", and whether the statement ends; it is automatically set when editing C/C ++ and other types of files;

Softtabstop

Soft tab width. If it is set to a non-zero value, the number of cells moved by the tab key and backspace time is equal to this value. However, the actual inserted characters are still controlled by tabstop and expandtab; in this way, it is much easier to configure Vim than before.

 

3. configuring the network environment in FreeBSD is easier than centos.

The advantage of using sysinstall for network configuration is that all network data will be set in the same interface, so it is not prone to errors or omissions. However, skilled Unix users prefer manual configuration when maintaining the system, because manual configuration has many advantages:

After familiar with commands, manual configuration is faster;

Advanced features of configuration commands;

It is easier to maintain the configuration file and identify system faults;

You can have a deeper understanding of how system configurations are implemented.

If you only use sysinstall for settings, you cannot have a deep understanding of the system settings. Therefore, once a question occurs, you are easily helpless. For administrators, they should not passively stay in the stages of being able to use and operate. Instead, they must understand how the system works to better maintain and manage the system. Therefore, you must use the command line method. Once you are familiar with it, you will find that the command line can provide all the flexible operation capabilities, while the full screen mode has many limitations and is too dull. In addition, in order to make the configuration take effect permanently, we recommend that you use the same configuration as centos5.4 and the file configuration method. The process is as follows (taking freebsd8.0 as an example here), which is easier than Linux, particularly compared to the NIC configuration/etc/sysconfig/network-scripts/ifcfg-eth0 under centos5.4, the directory took me three days to remember :)

#vi /etc/rc.confhostname="mail.bolaninfo.com"ifconfig_le0="inet 192.168.1.108 netmask 255.255.255.0"defaultrouter="192.168.1.1"

The DNS configuration is as follows:

#vi /etc/resolv.confnameserver 210.5.4.116nameserver 210.51.176.71

To make the above process take effect permanently, reboot can use ifconfig to verify the IP address after restarting the server. netstat-R can verify that the gateway is in effect, NSLookup and dig can verify that the DNS configuration is correct.

In addition, the hosts name is resolved here, and its execution sequence is superior to DNS. At this stage, it is mostly used in cluster environments, such as heartbeat and MySQL cluster. The configuration process is as follows:

#vi /etc/hosts192.168.1.100 HA1192.168.1.101 HA2192.168.1.188 vip.balaninfo.com

Remote connection management I use xmanager3 xshell in my work, but freebsd8.0 by default, root cannot be logged on locally. Here, you need to change the/etc/ssh/sshd_config file.

※It is worth noting that

A. the system needs to change the/etc/ssh/sshd_config file instead of the/etc/ssh/ssh_config file. This problem has left me depressed for a long time, here, I am going to criticize myself for my carelessness;

B. Add three items at the end of sshd_config:

Permitrootlogin yes # allow root to log on to permitemptypasswords no # Do not allow empty passwords to log on to passwordauthentication yes # Set whether to use password verification

The content marked by the red line is required, and then restart the sshd service./etc/rc. d/sshd restart.

4. We strongly recommend that you use sudo in FreeBSD. Some users may not be familiar with Linux. However, after a long time, you will find that the advantage is greater than the disadvantage.

Although FreeBSD can be configured to allow root remote SSH, we strongly recommend that you do not do this. We recommend that you assign a normal user with the wheel permission to perform operations, if you have special requirements, sudo is required. This is not only safe, but can at least provide a warning when it comes to devastating attacks. Therefore, I strongly recommend sudo operations under FreeBSD.

Sudo is an open-source security tool that allows administrators to grant certain users or groups the right to run specific commands as root users or other users. The software can also record commands and parameters of specific system users. Sudo developers declare that the basic starting point of the software is "to allow people to do their work with as few permissions as possible. Sudo was its first release in the summer of 1986, and Mr. Todd Miller is now responsible for this program and will issue it under a BSD license. Sudo home: http://www.sudo.ws/sudo. The sudo program is a security tool that works in the command line mode, and we only execute one command at a time. It supports functions such as tables (SUDO supports almost all unix OS versions)

 

5. Many users like to use adduser to add new users to FreeBSD. In fact, PW can be used in FreeBSD to create, delete, modify, and display user and group command line tools. It also provides system users and group file editors. Its usage is as follows:

1. User Management

1) Add a user

pw [-V etcdir] useradd [name|uid] [-C config] [-q] [-n name] [-u uid] [-c comment][-d dir] [-e date] [-p date] [-g group] [-G grouplist] [-m] [-k dir][-w method] [-s shell] [-o] [-L class] [-h fd | -H fd] [-N] [-P] [-Y][-V etcdir]

By default, when a group or user is added,/etc/PW. conf is used as the PW configuration file. You can also refer to other files. The pw. conf file does not exist. When this parameter is used

Use-C config [-C config] [-q] In the interactive environment. This option enables PW to support output of error messages [-N, but does not really change the group and user information. [-Y] automatically updates the YP database. [-N name] specify the user name [-u uid] specify the user ID (PS: It seems useless) [-C comment] the full name of the user and other comments (PS: useless) [-D dir] specifies the expiration time of the [-e date] account in the user's home directory. The time format can be absolute day-month-year, and 2 is a digital year or 4-digit year, A month can be a digit or an abbreviated month ('Jan ', 'feb', etc)

It can also be relative time, + N [time-sharing day, week, month, year], N can be in decimal format, octal format [starting with 0], or hexadecimal format [starting with 0x].

1. [-P date] password expiration time, in the same format as above.
2. [-G group] specifies the group (group name or group ID ).
3. [-G grouplist] specifies a group list separated by spaces. For example,-G wheel MySQL teczm places an account in these three groups.
4. [-L Class] specifies the logon level when the user is created.
5. [-M] automatically create a user's home directory
6. [-S shell] specifies the User Shell

[-W method] methods include:

1. No. logon prohibited for the newly created account
2. Yes force the new account password to be the same as the account password (PS: This is not safe)
3. None force the new account to use a blank password (PS: This is not safe)
4. Random generates a random password

pw useradd username -g tests -d /home/test -s /bin/sh -h 0

Add the-H 0 parameter to get the password for User Username: This prompt allows you to set the Username Password.

2) frequently used group operations

[-M memberlist] placing users in a group will replace existing users.

[-M newmembers] adding new users to the group does not replace existing users.

Example:

1. Create a new user bsder using cshell. The home directory is [color]/home/bsder [/color], which belongs to the group [color] wheel [/color] and password interactive input.

# PW useradd bsder-S/bin/CSH-D/home/bsder-m-g wheel-H 0 or # PW user add bsder-S/bin/CSH-D/home /bsder-m g wheel-H 0

Note:-H 0 indicates password for user username, which prompts you to set the Username Password.

2. Change the shell used by bsder to/bin/sh.

#pw usermod bsder -s /bin/sh

3. Place bsder in the test group

#pw groupmod test -m bsder

4. Lock the bsder User Account

#pw lock bsder

5. Unlock the bsder account

#pw unlock bsder

6. Display bsder user attributes

#pw usershow bsder

7. Delete bsder users

# PW userdel bsder or # ps user del bsder

6. Install Axel to optimize its ports Speed. Do not use the default fetch tool.

The default tool of the ports Installation Tool in FreeBSD uses fetch, which often causes turtle speed during download. To improve the port installation speed, I recommend the axel tool. Of course, you must configure the make. conf file.

cd /usr/ports/ftp/axelmake install

# Modify/ET/make. conf

vi /etc/make.conf

# Add the following content

FETCH_CMD=axelFETCH_BEFORE_ARGS= -n 10 -aFETCH_AFTER_ARGS=DISABLE_SIZE=yesMASTER_SITE_OVERRIDE?=\http://ports.hshh.org/${DIST_SUBDIR}/\http://ports.cn.freebsd.org/${DIST_SUBDIR}/\ftp://ftp.freeBSDchina.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}

# The above path is used to replace the default download source of the program with a website with a relatively fast speed to achieve acceleration. Before I configure it at home, it is about 20 kb/s, it is 230kb/s after configuration, so it is strongly recommended.

7. You will use ports and pkg_add to install software on FreeBSD. But what about their advanced usage? This feature is specially indexed for future use.

① The ports directory is in/usr/ports.

② Sometimes this package may have been installed in posts, and you will be prompted to continue the installation. You can use the parameters in the prompt

#make install clean FORCE_PKG_REGISTER=yes

In this way, the installation will continue. Yes is case-insensitive.

③ When installing the software on ports, the MD5 values of the packages that can be downloaded sometimes do not match. You can add parameters to force installation.

#make install clean NO_CHECKSUM=yes

④ How to find and install a port Software

If you know the detailed name of the file, you can directly use whereis

#whereis php5

If you do not know the detailed file name, you can use:

#cd /usr/ports#make search name=php

If you only know the descriptive main words, you can use:

#cd /usr/ports/#make search key=php

⑤ How to find information about installed software packages

#pkg_info

Filter and locate using MPs queue commands

#pkg_info grep php

⑥ How to delete a software package

# The pkg_delete software package is named in detail and can be identified using the pkg_info grep pipeline command.

With the-F parameter, you can delete software packages that depend on one software.

# Pkg_delete-F software package name

7. How to modify the configuration after installing the software on Ports

Some post packages are installed on a blue configuration selection page, which is usually not displayed once.

# Make rmconfig: to delete a configuration, you must have the root permission.

# Make reconfig re-configuration requires the root permission

⑧ Reinstall the installed ports Software Package

#make reinstall

The ports software package has been installed.

#make deinstall#make clean

If the system does not expire by default, You can manually download the TBZ package, and then install it directly using the pkg_add package name.

8. FreeBSD remote connection

Pietty is easier and more convenient than xshell, and the remote SSH FreeBSD machine is also very easy. We recommend that you try it. I remember reading this article, this tool seems to be recommended by Yahoo employees in China, because FreeBSD is generally used by wheel users (SUDO is recommended). Because no password is required, pietty is more practical.

IX. virtual machines under FreeBSD

I feel that everyone prefers to use the Exi and xen in vmwareg as virtual machines. In fact, FreeBSD itself has the jail Virtual Machine. Due to the stability of Intranet development, we bravely applied it to the production environment, and the effect was not too bad.

10. MySQL under FreeBSD

The efficiency of using MySQL in FreeBSD is indeed worse than that in centos. This is an indisputable fact. If you are interested, you can test it in two platform environments; my MySQL production server is a 64-bit centos. If you need to run Oracle and other large applications, and Oracle supports better in Linux, so using Linux is a good choice, because it is very troublesome to install Oracle under FreeBSD.