###File Types - Permissions###
Features:
1. Classification of files
2. Permissions
Tasks:
1. Classification of files
a. Use 'ls -l' to expose file properties
'-rw-rw-r--. 1 william william 195127 Jul 18 15:38 vim.jpg'
'-' -> standard file
'drwxrwxr-x. 4 william william 4096 Jul 23 09:43 cisco'
'd' -> directory
Note: RHEL6 uses color templates for classifying files:
'black' -> standard file
'blue' -> directory
'red' -> compressed file
'gree' -> executable
Note: The color pattern is subject to change, so don't always rely upon it
'crw--w----. 1 root root 4, 1 Jul 23 08:54 tty1'
'c' -> character device
'lrwxrwxrwx. 1 root root 15 Jul 23 08:53 stdin -> /proc/self/fd/0'
'l' -> symbolic link
'brw-rw----. 1 root disk 8, 0 Jul 23 08:53 sda'
'b' -> block (storage) device - i.e. hard drive, USB stick, etc.
2. Permissions
a. Represented by 9-rightmost bits in 10-bits permissions block
'-rw-rw-r--. 1 william william 195127 Jul 18 15:38 vim.jpg'
'rw-' - owner bits - 2,3,4 = 4+2 = 6
'rw-' - group owner bits - 5,6,7 = 4+2 = 6
'r--' - other/everyone bits - 8,9.10 = 4+0 = 4
Permissions Values:
'r' = 4 = read
'w' = 2 = write
'x' = 1 = execute
b. Use 'chmod' to influence permissions on file objects - it changes the octal mode
c. Default permissions are inherited from the $UMASK variable
Note: $UMASK is set in '/etc/login.defs'
d. 'chmod 666 /tmp/1million.txt'
e. 'chmod u-w /tmp/1million.txt' - removes owner's ability to write to the content
e. 'chmod u-w /tmp/1million.txt' - removes other/everyone's ability to write to the content
f. 'chmod g-w /tmp/1million.txt' - removes group's ability to write to the content
'drwxrwxr-x. 4 william william 4096 Jul 23 09:43 cisco'
Default directory permissions is octal: 775
g. 'chown linuxcbt /tmp/1million.txt && ls -l /tmp/1million.txt'
h. 'chmod 0-r /tmp/1million.txt && stat /tmp/1million.txt'
i. 'chmod 600 /tmp/1million.txt && stat /tmp/1million.txt'
j. 'chown linuxcbt:linuxcbt /tmp/1million.txt && stat /tmp/1million.txt'
k. 'chgrp linuxcbt /tmp/1million.txt && stat /tmp/1million.txt'
Note: 'chgrp' 'chown' can change file's ctime (change time)
3. SETUID/SETGID/STICKY Bit
a. chmod 4755 perl_script_1.pl' - causes script to always run as uer/owner
Note: permission will reflect: '4755' with 'rws'
Note: The 's' replaces the 'x' for the owner to indicate SETUID
b. 'mkdir /projcetx && chmod 2755 /projectx' - causes files created in directory to inherit group permissions
b1. 'chmod g+s /projectx'
b2. 'groupadd projectx'
b3. 'chown linuxcbt:projectx /projectx'
b4. 'chmod 2775 /projectx && stat /projectx'
c. '/tmp' -> example of sticky bit - leading value of: '3'
c1. 'chmod 3777 /tmp' || 'chmod +t /tmp' - sets sticky bit on object
###Symbolic Links###
Features:
1. Two types
a. 'symlinks' - soft - facilitate intra/inter-file-system links
a1. based on file names in the file system, NOT inode
b. 'hard links' - hard - facilitate intra-file-system links
b1. based on inode, NOT file names
Tasks:
1. Symlinks - shortcuts
a. 'ln -s /tmp/1million.txt ./tmp.1million.txt'
lrwxrwxrwx. 1 william william 22 Jul 23 11:06 tmp.1million.txt -> gedit-fix-practice.txt
Creates a link to the actual file name
Note: Soft-links do NOT increment the link counter returned by 'ls -l' || 'stat'
Note: So long as the source file name and directory location remain unchanged, the soft-links will work
2. Hard links - shortcuts to inodes - may not span (go across) file systems
a. 'ln /tmp/1million.txt /projects/hard.1million.txt' - increments the link counter
b. 'ls -li /projcets/hard.1million.txt' - reveals inode
Note: permissions apply to ALL linked (hard & soft) file
###Quota Implemenation###
Feature:
1. Limit storage consumption per user/group
2. Based on: disk block usage or inode usage
3. Imposed in 2 stages (thresholds): soft & hard
a. Soft limit: may be execeeded for up to the grace period
b. Hard limit: may never be execeeded under any circumstance
Requires:
1. 'quota*' RPM
2. Must associates file system(s) with quota management: user and/or group
Steps:
1. Enable in: '/etc/fstab'
a. 'defaults,usrquota,grpquota' - impose on: '/home'
2. Remount the file system: '/home'
Note: Effect quota management during single-user / installation modes to avoid disconnects in services
a. 'mount -o remount /home' - remounts the file system
Note: Optional methods of remounting the file system include: umount/mount OR reboot the system
b. 'mount' - reflects whether or not: 'usrquota', 'grpquota' options have been enabled
3. Create quota database files and generate disk usage table - defines baseliine
a. 'quotacheck -cug /home' - applies user and group quotas
Note: 'quotacheck' should be run in: Single-user mode OR when the system reboots to facilitate: read-only remount of target file system
b. Use: '-m' option to override
4. Check defined quota database:
a. 'quotacheck -amvug' - checks quotas - forces check
5. Assign quota policies per user and/or group:
a. 'edquota linuxcbt4' - uses default editor($EDITOR)
6. Run 'quotacheck -avugm' to update stats
7. Run 'repquota /home' to show FS-wide usage report
8. Use: 'edquota -t' to modify grace period
a. 'edquota -T linuxcbt4'
9 Use: 'quotaon ...' - to enter production mode
a. 'quotaon -vug /home' - enters production mode
b. 'quotaon -p /home' - echoes current quota status
Note: Default grace period is 7-days
10. Attempt to write data beyond soft limit grace period
###Provision Partitions & File systems###
Features:
1. Ability to provision additional storage
Tools:
1. 'fdisk'
2. 'parted'
2. 'make2fs' - ext2, ext3, ext4 FSs
Storage Hierarchy:
Disk
-Partition(s)
-File System(s)
Tasks:
1. Enumerate available storage:
a. 'fdisk -l' - enumerates disks and partitions
b. 'parted -l'
2. Provision additional storage:
a. Select disk: /dev/sdb
b. 'parted /dev/sdb'
c. 'mkpart primary 1 10GB'
d. 'mke2fs -t ext4 -j /dev/sdb1' - overlays EXT4 FS on: /dev/sdb1
e. 'mkdir /temp10G1'
f. 'mount /dev/sdb1 /temp10G1/ && mount'
g. Create content in new repository
3. Repeat process on the same disk
4. Make partitions available across reboots:
a. '/etc/fstab'
4. Unmount both partitions and re-mount via: '/etc/fstab'
a. 'umount /temp10G1 && umount /temp10G2 && mount'
b. 'mount -a' - reads the contents of: '/etc/fstab'
Note: Partitioning is typically handled during installation and/or within runlevel 1
###Logical Volume Management (LVM)###
Features:
1. Volume sets - aggreate storage from disparate sources
2. Resize storage on-the-fly
3. Provision storage as necessary
Tasks:
1. LVM Storage Hierarchy
Logical Volume - configure file system at this level
- Volume Groups - represents one or more physicla volumes
- Physical Volumes: (i.e. /dev/sdb4, /dev/sdc3, etc.) - partition, using fdisk or parted: LVM type (8e)
2. Create LVM Storage Hierarchy - 6-steps
a. Create LVM partitions on available disks
a1. 'parted /dev/sdb'
a2. 'mkpart parimary start end'
a3. 'set partition_num lvm on'
a4. 'reboot'
b. 'pvcreate /dev/sdb4 /dev/sdc3' - create physical LVM volumes from partitions
b1. 'pvdisplay'
c. 'vgcreate volgroupvar /dev/sdb4 /dev/sdc3' - allocates both volumes to the volume group
d. 'lvcreate -L 5GB -n logvolvar volgroupvar'
e. 'mke2fs -t ext4 -j /dev/volgroupvar/logvolvar' - overlays EXT4 FS on LVM volume
f. 'mkdir /lvmvar1 && mount /dev/volgroupvar/logvolvar /lvmvar1'
###RAID###
Features:
1. Data spread across 2 or more disk/partitions
2. Redundancy - recover from catastrophy
3. Levels: 0,1,4,5,6,10
Tasks:
1. RAID0
a. Create multiple partitions: /dev/sd[bc][5-8] - of type '83' || 'linux'
b. 'init 6' - reboot
c. 'mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb5 /dev/sdc5'
d. 'mke2f -t ext4 -j /dev/md0'
e. 'mkdir /raid0 && mount /dev/md0 /raid0'
f. 'nano /etc/fstab'
2. RAID1 - mirroring - halves the storage
a. 'mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb6 /dev/sdc6'
b. 'mke2fs -t ext4 -j /dev/md1'
c. 'mkdir /raid1 && mount /dev/md1 /raid1'
3. RAID5 - striping with parity - sacrifices the equivalent of 1-drive(partition)
a. 'mdadm --create /dev/md2 --level=5 --raid-devices=4 /dev/sdb7 /dev/sdb8 /dev/sdc7 /dev/sdc8'
b. 'mke2fs -t ext4 -j /dev/md2'
c. 'mkdir /raid5 && mount /dev/md2 /raid5 && seq 1000000 > /raid5/1million.txt && ls -l /raid5/1million.txt'
d. 'nano /etc/fstab'
e. test auto-mount during system initialization
###RAID Management###
Features:
1. Create
2. Assemble: assembles pre-existing array(s)
3. Manage: use to fail devices to tak them offline
4. Monitor: E-mail, run processes, etc.
5. Misc: '--query', '--detail', '--examine'(individual RAID components)
Tasks:
1. 'cat /proc/mdstat' - enumerates currently-available RAId-arrays (sets)
2. 'mdadm --query /dev/md[0-2]' - returns information about the 3 arrays: 0-2
3. Publish RAID array as a read-only volume
a. 'umount /dev/md0' - unmounts the RAID array
b. 'mdadm -o /dev/md0' - flags, in the superblock, the array: /dev/md0 as Read-Only
c. 'mount /dev/md0 /raid0'
d. 'mount'
4. Publish RAID array as a read-write volume
a. 'umount /dev/md0' - unmounts the RAID array
b. 'mdadm -w /dev/md0' - flags, in the superblock, the array: /dev/md0 as Read-Only
c. 'mount /dev/md0 /raid0'
d. 'mount'
5. Stop RAID volume for management purposes
a. 'mdadm --manage --stop /dev/md0' - facilitates offline management
Note: Stopping/deactivating the array will remove its '/dev/md?' entry
Note: There are mutiple ways to reassemble RAID arrays:
1. command-line: 'mdadm -A /dev/md0 /dev/sdb5 /dev/sdc5' - restarts (reassembles) '/dev/md0 from its component parts
2. '/etc/mdadm.conf' - associates DEVICES & ARRAYS and management/notification info.
a. 'DEVICE /dev/sdb[5678] /dev/sdc[5678]'
b. 'ARRAY /dev/md0 devices=/dev/sdb5,/dev/sdc5'
6. Other options:
a. 'mdadm -D /dev/md[0-2]' - enumerates info, about ARRAYS
b. 'mdadm -E /dev/sd[cb][78]' - enumerates info, about the 4 partitions on the 2 drives: /dev/sd[bc]
3. Resize LVMs
a. 'lvresize -L 6GB /dev/volgroupvar/logvolvar'
b. 'resize2fs /dev/volgroupvar/logvolvar 6G'
c. 'lvresize -L 4GB /dev/volgroupvar/logvolvar'
d. 'resize2fs /dev/volgroupvar/logvolvar 4G'
Note: Reductions will likely return errors resulting in re-provisioning of the FS
4. Rename Logival Volume
a. 'lvrename volgroupvar logvolvar logvolopt' - renames volume, NOT volume group
b. 'lvresize -L 6GB /dev/volgroupvar/logvolopt' - restores to 6GB
5. Rename Volume Group
a. 'vgrename volgroupvar volgroupopt' - renames the volume group
b. update: /'etc/fstab' - to reflect volume group change
6. Assign more partitions(storage) to LVM
a. 'parted /dev/sdc'
b. 'mkpart primary 16.1GB 26.1GB'
c. 'set 4 lvm on'
d. 'pvcreate /dev/sdc4' - assigns LVM partition to LVM management
e. 'vgextend volgoupopt /dev/sdc4' - extend volume group: 'volgroupopt'
f. 'lvresize -L 15G /dev/volgroupopt/logvolopt' - online resize
g. 'resize2fs /dev/volgroupopt/logvolopt 15G' - online resize
7. LVM GUI
a. 'system-config-lvm'
b. 'ssh -X root@192.168.75.20' - redirects x.org session back to local GUI
c. Extend storage of: '/dev/volgroupopt/logvolopt' to: 16GB
Note: GUI will send appropriate commands to system to:
a. Resize logical volume (logvolopt)
b. Resize EXT4 FS to appropriate size
8. Recoreate LVM hierarchy
a. Unmount any partitons tied to: '/dev/sd[bc]'
b. 'parted /dev/sdb' - remove partitiions & create new LVM partitions
c. 'init 6' - reboot
d. Use: 'system-config-lvm' to create volume group from: '/dev/sdb1' & '/dev/sdc1'
e. Create logical volume: 'logvolopt'
###PackageKit###
Features:
1. GUI for package management
2. Front-end to YUM
3. Supports YUM plug-ins
Tasks:
1. Explore Interface
###Cron###
Features:
1. Job Scheduler
a. minutely
b. hourly
c. dayly
d. monthly
e. yearly
Note: Fields: a-e are specified as per the order above in appropriate config. file
2. Assumes computer is always on unlike: anacron
3. Maintains: global and per-user schedules
4. /var/spool/cron - stores crontabs for: /etc/passwd users or LDAP or otherwise
5. Checks ALL config files every minute, including: /etc/anacrontab
6. Supplies 'crontab' utility to manage jobs
7. Runs in ALL multi-user modes, Does NOT executein: Single-User(1) mode
Tasks:
1. Analyze current cron setup
a. 'ps -ef | grep cron'
b. '/etc/crontab'
2. Define system-wide job
a. '*/1 * * * * linuxcbt /usr/bin/uptime >> /home/linuxcbt/uptime.stat'
3. Define per-user job
b. 'crontab -e' - run as user principle: 'linuxcbt'
4. Manipulate 'linuxcbt' job as 'root'
a. 'crontab -e -u linuxcbt' - run as 'root' - edits user's job(s)
b. 'crontab -l -u linuxcbt' - run as 'root' - lists user's job(s)
5. Restrict Cron-access
a. '/etc/cron.allow' - add 'linuxcbt' to list - User Must be on the list in order to submit jobs to 'cron'
b. '/etc/cron.deny' - add 'linuxcbt2' to list
###Anacron###
Features:
1. Runs jobs once per day during an allowed interval
2. Assumes computer is NOT always on, unlike: Cron
3. Facilitates delays in starting jobs - reduces resource contention
4. Maintains one schedule: '/etc/anacrontab'
Tasks:
1. Examine: '/etc/anacrontab'
###Package Management with RPM###
Features:
1. Compression of packages
2. SHA-256 hashes are used to sign packages
3. RPM DB: '/var/lib/rpm' - tracks installed packages, attributes of package file, etc.
4. 5-Modes of operations:
a. Install
b. Uninstall
c. Upgrade
d. Query
e. Verify
5. Caveat: Does NOT auto-resolve dependencies: Use 'yum'
6. Caveat: RPM does NOT track non-RPM programs/apps: i.e. '*.tar.gz' || '*.tar.bz2'
Tasks:
1. Query
a. 'rpm -qa' - dumps ALL installed packages (RPMs)
b. 'rpm -qa | grep grep' - 'grep-2.6.3-2.el6.x86_64'
'grep' - main name of package
'2.6.3-2' - package version
'el6.x86_64' - RedHat Version & Platform
c. 'rpm -qi grep' - returns metadata about 'grep' package
d. 'rpm -ql grep' - enumerates the contents of the package: 'grep'
e. 'rpm -qf /bin/grep' - enumerates the file's package membership
f. 'rpm -qd grep' - enumerates the included documentation
g. 'rpm -qc lftp' - enumerates a package's configuration file(s)
h. 'rpm -qpi unix2dos-2.2-35.el6.x86_64.rpm
3. Verify - Verifies file system contents against installed package in RPM DB
Note: Returns: '.' per test performed if the test passed
Note: If test fails, one of the following will be returned:
5(MD5), S(file size), L(symlink), T(mod time), D(device), m(mode), ?(unreadable file), U(user), G(group)
a. 'rpm -Vvf /bin/grep' - compares: /bin/grep to 'grep' RPM
b. 'mv /bin/grep /bin/grep.original && touch /bin/grep'
SM5....T. /bin/grep
3. Install - Works if package does NOT exist on the system
a. 'rpm -ivh unix2dos-2.2-35.el6.x86_64.rpm
4. Upgrade - Install and/or Upgrades
a. 'rpm -Uvh unix2dos-2.2-35.el6.x86_64.rpm'
b. 'rpm -Uvh --replacepkgs unix2dos-2.2-35.el6.x86_64.rpm
5. Uninstall
a. 'rpm -e grep' - checks dependencies and warns where appropriate
6. Import RedHat RPM GPG Key to confirm package signatures:
a. 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
b. 'rpm -qa gpg-pubkey*'
© 著作权归作者所有
举报
加载中
选择专区和圈子:{{title}}
{{o.name}}
{{m.name}}
公众号
视频号
问题反馈
深圳市奥思网络科技有限公司版权所有
粤ICP备12009483号
顶部