Bài giảng Quản trị Linux - Chủ đề 4: Basic System Administration

pdf 79 trang phuongnguyen 2710
Download
Bạn đang xem 20 trang mẫu của tài liệu "Bài giảng Quản trị Linux - Chủ đề 4: Basic System Administration", để tải tài liệu gốc về máy bạn click vào nút DOWNLOAD ở trên

Tài liệu đính kèm:

  • pdfbai_giang_quan_tri_linux_chu_de_4_basic_system_administratio.pdf

Nội dung text: Bài giảng Quản trị Linux - Chủ đề 4: Basic System Administration

  1. Đặng Thanh Bình Basic System Administration
  2. Contents • File and Directory management – ls, cd, pwd, mkdir, mv cp, rm, rmdir, locate, find, grep – touch, cat – Recursive and interactive modes – PATH variable, which command • Linking Files • File and directory permissions • sudoers 2
  3. FILE AND DIRECTORY MANAGEMENT 3
  4. The Linux Directory Structure • Directory: Used to organize other files into a logical tree structure – Stored in a filesystem of a specific partition in the hard disk • Root: The top level directory – Referred to using the / character • Forms root of a hierarchical tree 4
  5. The Linux Directory Structure • The Windows file system structure 5
  6. The Linux Directory Structure • The Linux file system structure 6
  7. File Types • 4 basic file types – Normal files (program, text, library, ) – Directory – Special files (device, socket, pipe, ) – Symbolic links (symlinks) 7
  8. File Name Regulations • Maximum 255 characters • May contain any characters (including special characters) • Hidden file/directory starts with a period (.) 8
  9. Pathname • Absolute pathname: starts with “/” • Relative pathname: DOES not start with a “/” • Special pathnames: • – parent directory • . – current directory 9
  10. Changing Directories • Home directory: unique to each user – ~ metacharacter used to refer to home directory • pwd (print working directory) command: displays current directory in the directory tree • cd (change directory) command: change the current directory in the directory tree – Argument specifies the destination directory – cd: go to user’s home directory – cd PATHNAME 10
  11. Listing Files • ls command: List the files in a directory • May pass an argument indicating the directory to be listed – –F option: Argument to indicate file types – –l option: Argument to list long file listings Long listing for each file includes eight • Owner components • Group owner • File type character • File size • List of permissions (mode • Most recent modification of the file) time • Hard link count • Filename 11
  12. Listing Files 12
  13. Listing Files 13
  14. Creating Files • touch command: creat an empty file – touch FILENAME – touch FILE1 FILE2 • cat command: display and/or edit file content – -n option: displays line number and contents – cat FILENAME – cat > FILENAME (use Ctrl-D to finish) 14
  15. Viewing Text Files • tac command: displays contents of a text file in reverse order • head command: view first ten lines of a file • tail command: view last ten lines of a file • For head and tail commands – Line count includes blank lines – Can provide numeric option to specify the number of lines to be displayed (e.g., head -2 filename) 15
  16. Viewing Text Files • more command: displays text files page-by- page – Pressing Spacebar displays the next page – Pressing Enter displays the next line • less command: same as more command, but can also use cursor to scroll • Interaction with more and less: – pressing h key gets Help screen – pressing q key quits more and less commands 16
  17. Viewing Text Files • more and less can be used with output of other commands • If output is too large to fit on terminal screen, use “|” metacharacter and more or less command – e.g., ls -l | more 17
  18. Displaying the Contents of Binary Files • strings command: searches for and displays text characters in a binary file – Might indicate purpose of binary file • od command: displays contents of file in octal format (numeric base 8 format) – -x option displays contents of the file in hexadecimal format (numeric base 16 format) 18
  19. Managing Files and Directories • mkdir command: creates new directories – Arguments specify directory’s absolute or relative pathname • mv command: moves files – Minimum of two arguments: • Source file/directory (may specify multiple sources) • Target file/directory – Pathnames can be absolute or relative – For multiple files, can use wildcards in pathname – Also used to rename files or directories 19
  20. Managing Files and Directories • cp command: copies files – Same arguments as the mv command – Also used to make copies of files 20
  21. Managing Files and Directories • Recursive: referring to itself and its own contents – Recursive copy command copies the directory and all subdirectories and contents – Recursive search includes all subdirectories in a directory and their contents – Use –r option • Interactive mode: Prompts user before overwriting files – –i option – –f option (force): Overrides interactive mode 21
  22. Managing Files and Directories • rm command: Removes files – Arguments are a list of files – Can use wildcards – Interactive mode by default – Use -f option to override 22
  23. Managing Files and Directories • rmdir command: removes directories – Arguments are a list of files – Can use wildcards – Interactive mode by default – Use -f option to override – Cannot be used to remove directory full of files • To delete directory and all its contents (subdirectories and files), use rm –r command 23
  24. Finding Files • locate command: Search for files on system – Receives full or partial filename as argument – Uses premade indexed database of all files on system • To update the database use updatedb command – Information returned may not fit on screen • Use with more or less commands 24
  25. Finding Files • find command: recursively search for files starting from a specified directory – Slower than locate command, but more versatile – Format: find -criteria • e.g., find /root –name project – If using wildcard metacharacters, ensure that they are interpreted by the find command • Place wildcards in quotation marks – To reduce search time, specify subdirectory to be searched 25
  26. Finding Files • Common criteria used with find command 26
  27. Finding Files • Common criteria used with the find command 27
  28. Finding Files • PATH variable: lists directories on system where executable files are located – Allows executable files to be run without specifying absolute or relative path • which command: search for an executable file – Searches the PATH variable – If the file is not found, lists the directories that were searched 28
  29. Searching for Text Within Files • Text tools: commands that search for and manipulate text • Regular expressions (regexp): text wildcards that ease the search for specific text – Match patterns of text within a text document – Used by many text tools and programming languages – Including grep, emacs, C++, PERL, and many more 29
  30. Searching for Text Within Files • Regular Expressions – Different from wildcard metacharacters • Wildcard metacharacters interpreted by shell; regexps interpreted by text tools • Wildcard metacharacters match characters in filenames; regexps match characters within text files • Wildcard metacharacters have different definitions that regexps • More regexps than wildcard metacharacters – Regular expressions are divided into common regexps and extended regexps 30
  31. Searching for Text Within Files • Regular Expressions 31
  32. Searching for Text Within Files • grep (global regular expression print) command: displays lines in a text file that match common regexps • egrep command: displays lines in a text file that match extended regexps – Can be written as grep -E • fgrep command: does not interpret any regular expressions – Returns results much faster than egrep – Can be written as grep -F 32
  33. Searching for Text Within Files • grep requires two arguments – Text to search for • Can use regular expressions – Files in which to search • grep is case sensitive – For case-insensitive search, use –i option • grep matches patterns of text, ignoring division into words • To search only for occurrences of a word, surround it by space characters 33
  34. LINKING FILES 34
  35. What is an INODE? • Inodes store information about files and folders, such as file ownership, access mode (read, write, execute permissions), and file type. – Fixed number of inodes per file system – Inodes do not contain file names, only file metadata. • Use df -i to see inode usage • Use ls -i to determine a filenames inode number • WARNING: You can use up all of a filesystems inodes without using all of the storage space on the disk it resides. 35
  36. Linking Files • Symbolic link: one file is a pointer or shortcut to another • Hard link: two files share the same data 36
  37. Linking Files • Filesystem has three main structural sections: – Superblock: Contains general information about the filesystem • e.g., number of inodes and data blocks, size of each data block – The inode table: consists of several inodes, each of which describes a file or directory • Unique inode number, file size, data block locations, last date modified, permissions, and ownership – Data blocks: Data making up contents of a file 37
  38. Linking Files • Hard linked files share the same inode and inode number – Must reside on the same filesystem • To remove hard linked files, delete one of the linked files – Reduces the link count for the file 38
  39. Linking Files • The structure of hard linked files 39
  40. Linking Files • Symbolic linked files do not share the same inode and inode number with their target file • Symbolic linked file is a pointer to the target file – Data blocks in the linked file contain only a pathname for the target file • Linked file and target file have different sizes – Editing symbolic linked file actually edits the target file • If the target file is deleted, symbolic link serves no function 40
  41. Linking Files • The structure of symbolically linked files 41
  42. Linking Files • ln (link) command: Create hard and symbolic links – Two arguments: • Existing file to link • Target file to create as a link to existing file – Use –s option to create symbolic link – Arguments can be relative or absolute pathnames 42
  43. FILE AND DIRECTORY PERMISSIONS 43
  44. File and Directory Permissions • All users must login with a username and password • Users identified by username and group memberships • Access to resources depends on username and group membership • Must have required permissions 44
  45. File and Directory Ownership • Primary group: user’s default group • During file creation, file’s owner and group owner set to user’s username and primary group – Same for directory creation • whoami command: view current user name • groups command: view group memberships and primary group • touch command: create an empty file 45
  46. File and Directory Ownership • chown (change owner) command: change ownership of a file or directory – Two arguments: • New owner • File to change – Can use –R option for contents of directory • chgrp (change group) command: change group owner of a file or directory – Same arguments and options as for chown command 46
  47. File and Directory Permissions • Mode: inode section that stores permissions • Three sections, based on the user(s) that receive the permission: – User permissions: owner – Group permissions: group owner – Other permissions: everyone on system • Three regular permissions may be assigned to each user: – Read – Write – Execute 47
  48. Interpreting the Mode 48
  49. Interpreting the Mode • User: refers to owner of a file or directory • Owner: refers to users with ability to change permissions on a file or directory • Other: refers to all users on system • Permissions are not additive 49
  50. Interpreting Permissions 50
  51. Changing Permissions • chmod (change mode) command: change mode (permissions) of files or directories – Two arguments at minimum • Criteria used to change permissions • Filenames to change • Permissions stored in a file’s or a directory’s inode as binary powers of two 51
  52. Changing Permissions 52
  53. Changing Permissions 53
  54. Default Permissions • New files given rw-rw-rw- permissions by default • The default permissions are configurable. These are defined by the user mask (umask), which is set by the umask command • umask : find what the current umask is • umask –S: display the umask expressed symbolically rather than in octal form • umask u=rwx,g=rx,o=rx is equivalent to umask 022 54
  55. Default Permissions 55
  56. Default Permissions • Performing a umask 022 calculation 56
  57. Default Permissions • Performing a umask 007 calculation 57
  58. Special Permissions • Three more optional special permissions for files and directories – SUID (Set User ID) – SGID (Set Group ID) – Sticky bit 58
  59. Special Permissions • SUID – If set on a file, user who executes the file becomes owner of the file during execution • e.g., ping command – No functionality when set on a directory – Only applicable to binary compiled programs • Cannot be used on shell scripts – Excample: • chmod u+s file1.txt • chmod 4750 file1.txt 59
  60. Special Permissions • SGID – Applicable to files and directories – If set on a file, user who executes the file becomes member of the file’s group during execution – If a user creates a file in a directory with SGID set, the file’s group owner is set to be the directory’s group owner and not the user’s primary group – Example: • chmod g+s file1.txt • chmod 2750 file1.txt 60
  61. Special Permissions • Sticky bit – Previously used to lock files in memory – Currently only applicable to directories – Ensures that a user can only delete his/her own files when given write permissions in a directory – Example • chmod o+t /opt/dump/ or chmod +t /opt/dump/ • chmod 1757 /opt/dump/ 61
  62. Setting Special Permissions • Special permissions require execute • Mask the execute permission when displayed by the ls –l command • May be set even if file or directory does not have execute permission – Indicating letter in the mode will be capitalized • Add special permissions via chmod command – Add an extra digit at front of permissions argument 62
  63. Setting Special Permissions • Representing special permissions in the mode 63
  64. Setting Special Permissions • Representing special permissions in the absence of the execute permissions 64
  65. Setting Special Permissions • Numeric representation of regular and special permissions 65
  66. SUDOERS 66
  67. How To Obtain Root Privileges • Login as root • Use “su” to become root • Use “sudo” to execute commands as root 67
  68. /etc/sudoers file • The /etc/sudoers file controls – who can run what commands as what users on what machines – special things such as whether you need a password for particular commands. • The file is composed – aliases (basically variables) and – user specifications (which control who can run what). 68
  69. Aliases • 4 kinds of aliases: User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias • Each alias definition is of the form: – Alias_Type NAME = item1, item2, where Alias_Type is one of 4 types above. • Use semicolon as separator – Alias_Type NAME1 = item1, item2 : NAME2 = item3 • There are also built in aliases called ALL which match everything where they are used. 69
  70. User Alias # Everybody in the system group "admin" is covered by the alias ADMINS User_Alias ADMINS = %admin # The users "tom", "dick", and "harry" are covered by the USERS alias User_Alias USERS = tom, dick, harry # The users "tom" and "mary" are in the WEBMASTERS alias User_Alias WEBMASTERS = tom, mary # You can also use ! to exclude users from an alias # This matches anybody in the USERS alias who isn't in WEBMASTERS or ADMINS aliases User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS 70
  71. Runas Aliases # UID 0 is normally used for root # Note the hash (#) on the following line indicates a uid, not a comment. Runas_Alias ROOT = #0 # This is for all the admin users similar to the User_Alias of ADMINS set earlier # with the addition of "root" Runas_Alias ADMINS = %admin, root 71
  72. Host Aliases # This is all the servers Host_Alias SERVERS = 192.168.0.1, 192.168.0.2, server1 # This is the whole network Host_Alias NETWORK = 192.168.0.0/255.255.255.0 # And this is every machine in the network that is not a server Host_Alias WORKSTATIONS = NETWORK, !SERVER # This could have been done in one step with #Host_Alias WORKSTATIONS = 192.168.0.0/255.255.255.0, ! SERVERS # but I think this method is clearer. 72
  73. Command Aliases # All the shutdown commands Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/reboot, /sbin/halt # Printing commands Cmnd_Alias PRINTING_CMDS = /usr/sbin/lpc, /usr/sbin/lprm # Admin commands Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/visudo # Web commands Cmnd_Alias WEB_CMDS = /etc/init.d/apache2 73
  74. User Specifications • User Specifications are where the sudoers file sets who can run what as who. • Syntax = • user list is a list of users or a user alias • host list is a list of hosts or a host alias • operator list is a list of users they must be running as • command list is a list of commands or a cmnd alias. • tag list allows you set special things – PASSWD and NOPASSWD to specify whether the user has to enter a password or not – NOEXEC to prevent any programs launching shells themselves 74
  75. User Specifications Example # This lets the webmasters run all the web commands on the machine "webserver" provided they give a password WEBMASTERS webserver= WEB_CMDS # This lets the admins run all the admin commands on the servers ADMINS SERVERS= ADMIN_CMDS # This lets all the USERS run admin commands on the workstations provided they give the root password or and admin password (using "sudo ­u ") USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS # This lets "harry" shutdown his own machine without a password harry harrys­machine= NOPASSWD: SHUTDOWN_CMDS # And this lets everybody print without requiring a password ALL ALL=(ALL) NOPASSWD: PRINTING_CMDS 75
  76. What is visudo? • The program used to edit the sudoers file. • Traditionally, visudo opens the /etc/sudoers file with the "vi" text editor • Ubuntu, however, has configured visudo to use the "nano" text editor instead. • If you would like to change it, issue the following command: sudo select­editor 76
  77. What is visudo? $ sudo select­editor Select an editor. To change later, run 'select­editor'. 1. /bin/ed 2. /bin/nano <­­­­ easiest 3. /usr/bin/vim.tiny Choose 1­3 [2]: 77
  78. Default sudoers file # /etc/sudoers # This file MUST be edited with the 'visudo' command as root. # See the man page for details on how to write a sudoers file. Defaults env_reset # Uncomment to allow members of group sudo to not need a password # %sudo ALL=NOPASSWD: ALL # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL 78
  79. Common Tasks • Shutting Down From The Console Without A Password Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff, /sbin/halt, /sbin/reboot ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS • Multiple tags on a line myuser ALL = (root) NOPASSWD:NOEXEC: /usr/bin/vim • Enabling Visual Feedback when Typing Passwords Defaults env_reset,pwfeedback 79