Hệ điều hành - Basic system administration
Mode: inode section that stores permissions
• Three sections, based on the user(s) that
receive the permission:
– User permissions: owner
– Group permissions: group owner
– Other permissions: everyone on system
• Three regular permissions may be assigned to
each user:
– Read
– Write
– Execute
79 trang |
Chia sẻ: huyhoang44 | Lượt xem: 791 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Hệ điều hành - Basic system administration, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Đặng Thanh Bình
Basic System Administration
2Contents
• File and Directory management
– ls, cd, pwd, mkdir, mv cp, rm, rmdir, locate, find,
grep
– touch, cat
– Recursive and interactive modes
– PATH variable, which command
• Linking Files
• File and directory permissions
• sudoers
3
FILE AND DIRECTORY MANAGEMENT
4The Linux Directory Structure
• Directory: Used to organize other files into a
logical tree structure
– Stored in a filesystem of a specific partition in
the hard disk
• Root: The top level directory
– Referred to using the / character
• Forms root of a hierarchical tree
5The Linux Directory Structure
• The Windows file system structure
6The Linux Directory
Structure
• The Linux file system structure
7File Types
• 4 basic file types
– Normal files (program, text, library, )
– Directory
– Special files (device, socket, pipe, )
– Symbolic links (symlinks)
8File Name Regulations
• Maximum 255 characters
• May contain any characters (including
special characters)
• Hidden file/directory starts with a period (.)
9Pathname
• Absolute pathname: starts with “/”
• Relative pathname: DOES not start with a
“/”
• Special pathnames:
• .. – parent directory
• . – current directory
10
Changing Directories
• Home directory: unique to each user
– ~ metacharacter used to refer to home directory
• pwd (print working directory) command:
displays current directory in the directory tree
• cd (change directory) command: change the
current directory in the directory tree
– Argument specifies the destination directory
– cd: go to user’s home directory
– cd PATHNAME
11
Listing Files
• ls command: List the files in a directory
• May pass an argument indicating the
directory to be listed
– –F option: Argument to indicate file types
– –l option: Argument to list long file listings
Long listing for each file
includes eight
components
• File type character
• List of permissions (mode
of the file)
• Hard link count
• Owner
• Group owner
• File size
• Most recent modification
time
• Filename
12
Listing Files
13
Listing Files
14
Creating Files
• touch command: creat an empty file
– touch FILENAME
– touch FILE1 FILE2
• cat command: display and/or edit file
content
– -n option: displays line number and contents
– cat FILENAME
– cat > FILENAME (use Ctrl-D to finish)
15
Viewing Text Files
• tac command: displays contents of a text file
in reverse order
• head command: view first ten lines of a file
• tail command: view last ten lines of a file
• For head and tail commands
– Line count includes blank lines
– Can provide numeric option to specify the
number of lines to be displayed (e.g., head -2
filename)
16
Viewing Text Files
• more command: displays text files page-by-
page
– Pressing Spacebar displays the next page
– Pressing Enter displays the next line
• less command: same as more command,
but can also use cursor to scroll
• Interaction with more and less:
– pressing h key gets Help screen
– pressing q key quits more and less commands
17
Viewing Text Files
• more and less can be used with output of
other commands
• If output is too large to fit on terminal
screen, use “|” metacharacter and more or
less command
– e.g., ls -l | more
18
Displaying the Contents of Binary Files
• strings command: searches for and displays
text characters in a binary file
– Might indicate purpose of binary file
• od command: displays contents of file in
octal format (numeric base 8 format)
– -x option displays contents of the file in
hexadecimal format (numeric base 16 format)
19
Managing Files and Directories
• mkdir command: creates new directories
– Arguments specify directory’s absolute or
relative pathname
• mv command: moves files
– Minimum of two arguments:
• Source file/directory (may specify multiple sources)
• Target file/directory
– Pathnames can be absolute or relative
– For multiple files, can use wildcards in pathname
– Also used to rename files or directories
20
Managing Files and Directories
• cp command: copies files
– Same arguments as the mv command
– Also used to make copies of files
21
Managing Files and Directories
• Recursive: referring to itself and its own
contents
– Recursive copy command copies the directory and all
subdirectories and contents
– Recursive search includes all subdirectories in a
directory and their contents
– Use –r option
• Interactive mode: Prompts user before
overwriting files
– –i option
– –f option (force): Overrides interactive mode
22
Managing Files and Directories
• rm command: Removes files
– Arguments are a list of files
– Can use wildcards
– Interactive mode by default
– Use -f option to override
23
Managing Files and Directories
• rmdir command: removes directories
– Arguments are a list of files
– Can use wildcards
– Interactive mode by default
– Use -f option to override
– Cannot be used to remove directory full of files
• To delete directory and all its contents
(subdirectories and files), use rm –r
command
24
Finding Files
• locate command: Search for files on system
– Receives full or partial filename as argument
– Uses premade indexed database of all files on
system
• To update the database use updatedb command
– Information returned may not fit on screen
• Use with more or less commands
25
Finding Files
• find command: recursively search for files
starting from a specified directory
– Slower than locate command, but more versatile
– Format: find -criteria <what to
find>
• e.g., find /root –name project
– If using wildcard metacharacters, ensure that they
are interpreted by the find command
• Place wildcards in quotation marks
– To reduce search time, specify subdirectory to be
searched
26
Finding Files
• Common criteria used with find command
27
Finding Files
• Common criteria used with the find
command
28
Finding Files
• PATH variable: lists directories on system
where executable files are located
– Allows executable files to be run without
specifying absolute or relative path
• which command: search for an executable
file
– Searches the PATH variable
– If the file is not found, lists the directories that
were searched
29
Searching for Text Within Files
• Text tools: commands that search for and
manipulate text
• Regular expressions (regexp): text
wildcards that ease the search for specific
text
– Match patterns of text within a text document
– Used by many text tools and programming
languages
– Including grep, emacs, C++, PERL, and many
more
30
Searching for Text Within Files
• Regular Expressions
– Different from wildcard metacharacters
• Wildcard metacharacters interpreted by shell; regexps
interpreted by text tools
• Wildcard metacharacters match characters in
filenames; regexps match characters within text files
• Wildcard metacharacters have different definitions
that regexps
• More regexps than wildcard metacharacters
– Regular expressions are divided into common
regexps and extended regexps
31
Searching for Text Within Files
• Regular Expressions
32
Searching for Text Within Files
• grep (global regular expression print)
command: displays lines in a text file that
match common regexps
• egrep command: displays lines in a text file
that match extended regexps
– Can be written as grep -E
• fgrep command: does not interpret any
regular expressions
– Returns results much faster than egrep
– Can be written as grep -F
33
Searching for Text Within Files
• grep requires two arguments
– Text to search for
• Can use regular expressions
– Files in which to search
• grep is case sensitive
– For case-insensitive search, use –i option
• grep matches patterns of text, ignoring
division into words
• To search only for occurrences of a word,
surround it by space characters
34
LINKING FILES
35
What is an INODE?
• Inodes store information about files and folders,
such as file ownership, access mode (read, write,
execute permissions), and file type.
– Fixed number of inodes per file system
– Inodes do not contain file names, only file metadata.
• Use df -i to see inode usage
• Use ls -i to determine a filenames inode number
• WARNING: You can use up all of a filesystems
inodes without using all of the storage space on
the disk it resides.
36
Linking Files
• Symbolic link: one file is a pointer or
shortcut to another
• Hard link: two files share the same data
37
Linking Files
• Filesystem has three main structural
sections:
– Superblock: Contains general information about
the filesystem
• e.g., number of inodes and data blocks, size of each
data block
– The inode table: consists of several inodes, each
of which describes a file or directory
• Unique inode number, file size, data block locations,
last date modified, permissions, and ownership
– Data blocks: Data making up contents of a file
38
Linking Files
• Hard linked files share the same inode and
inode number
– Must reside on the same filesystem
• To remove hard linked files, delete one of
the linked files
– Reduces the link count for the file
39
Linking Files
• The structure of hard linked files
40
Linking Files
• Symbolic linked files do not share the same
inode and inode number with their target file
• Symbolic linked file is a pointer to the target file
– Data blocks in the linked file contain only a
pathname for the target file
• Linked file and target file have different sizes
– Editing symbolic linked file actually edits the target
file
• If the target file is deleted, symbolic link serves
no function
41
Linking Files
• The structure of symbolically linked files
42
Linking Files
• ln (link) command: Create hard and symbolic
links
– Two arguments:
• Existing file to link
• Target file to create as a link to existing file
– Use –s option to create symbolic link
– Arguments can be relative or absolute
pathnames
43
FILE AND DIRECTORY
PERMISSIONS
44
File and Directory Permissions
• All users must login with a username and
password
• Users identified by username and group
memberships
• Access to resources depends on username
and group membership
• Must have required permissions
45
File and Directory Ownership
• Primary group: user’s default group
• During file creation, file’s owner and group
owner set to user’s username and primary
group
– Same for directory creation
• whoami command: view current user name
• groups command: view group memberships
and primary group
• touch command: create an empty file
46
File and Directory Ownership
• chown (change owner) command: change
ownership of a file or directory
– Two arguments:
• New owner
• File to change
– Can use –R option for contents of directory
• chgrp (change group) command: change
group owner of a file or directory
– Same arguments and options as for chown
command
47
File and Directory Permissions
• Mode: inode section that stores permissions
• Three sections, based on the user(s) that
receive the permission:
– User permissions: owner
– Group permissions: group owner
– Other permissions: everyone on system
• Three regular permissions may be assigned to
each user:
– Read
– Write
– Execute
48
Interpreting the Mode
49
Interpreting the Mode
• User: refers to owner of a file or directory
• Owner: refers to users with ability to change
permissions on a file or directory
• Other: refers to all users on system
• Permissions are not additive
50
Interpreting Permissions
51
Changing Permissions
• chmod (change mode) command: change
mode (permissions) of files or directories
– Two arguments at minimum
• Criteria used to change permissions
• Filenames to change
• Permissions stored in a file’s or a directory’s
inode as binary powers of two
52
Changing Permissions
53
Changing Permissions
54
Default Permissions
• New files given rw-rw-rw- permissions by
default
• The default permissions are configurable.
These are defined by the user mask (umask),
which is set by the umask command
• umask : find what the current umask is
• umask –S: display the umask expressed
symbolically rather than in octal form
• umask u=rwx,g=rx,o=rx is equivalent to
umask 022
55
Default Permissions
56
Default Permissions
• Performing a umask 022 calculation
57
Default Permissions
• Performing a umask 007 calculation
58
Special Permissions
• Three more optional special permissions for
files and directories
– SUID (Set User ID)
– SGID (Set Group ID)
– Sticky bit
59
Special Permissions
• SUID
– If set on a file, user who executes the file
becomes owner of the file during execution
• e.g., ping command
– No functionality when set on a directory
– Only applicable to binary compiled programs
• Cannot be used on shell scripts
– Excample:
• chmod u+s file1.txt
• chmod 4750 file1.txt
60
Special Permissions
• SGID
– Applicable to files and directories
– If set on a file, user who executes the file becomes
member of the file’s group during execution
– If a user creates a file in a directory with SGID set,
the file’s group owner is set to be the directory’s
group owner and not the user’s primary group
– Example:
• chmod g+s file1.txt
• chmod 2750 file1.txt
61
Special Permissions
• Sticky bit
– Previously used to lock files in memory
– Currently only applicable to directories
– Ensures that a user can only delete his/her own
files when given write permissions in a directory
– Example
• chmod o+t /opt/dump/ or chmod +t /opt/dump/
• chmod 1757 /opt/dump/
62
Setting Special Permissions
• Special permissions require execute
• Mask the execute permission when
displayed by the ls –l command
• May be set even if file or directory does not
have execute permission
– Indicating letter in the mode will be capitalized
• Add special permissions via chmod
command
– Add an extra digit at front of permissions
argument
63
Setting Special Permissions
• Representing special permissions in the
mode
64
Setting Special Permissions
• Representing special permissions in the
absence of the execute permissions
65
Setting Special Permissions
• Numeric representation of regular and
special permissions
66
SUDOERS
67
How To Obtain Root Privileges
• Login as root
• Use “su” to become root
• Use “sudo” to execute commands as root
68
/etc/sudoers file
• The /etc/sudoers file controls
– who can run what commands as what
users on what machines
– special things such as whether you need a
password for particular commands.
• The file is composed
– aliases (basically variables) and
– user specifications (which control who can
run what).
69
Aliases
• 4 kinds of aliases: User_Alias, Runas_Alias,
Host_Alias and Cmnd_Alias
• Each alias definition is of the form:
– Alias_Type NAME = item1, item2, ...
where Alias_Type is one of 4 types above.
• Use semicolon as separator
– Alias_Type NAME1 = item1, item2 : NAME2 =
item3
• There are also built in aliases called ALL which
match everything where they are used.
70
User Alias
# Everybody in the system group "admin" is covered by
the alias ADMINS
User_Alias ADMINS = %admin
# The users "tom", "dick", and "harry" are covered by
the USERS alias
User_Alias USERS = tom, dick, harry
# The users "tom" and "mary" are in the WEBMASTERS
alias
User_Alias WEBMASTERS = tom, mary
# You can also use ! to exclude users from an alias
# This matches anybody in the USERS alias who isn't in
WEBMASTERS or ADMINS aliases
User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS
71
Runas Aliases
# UID 0 is normally used for root
# Note the hash (#) on the following line
indicates a uid, not a comment.
Runas_Alias ROOT = #0
# This is for all the admin users similar to
the User_Alias of ADMINS set earlier
# with the addition of "root"
Runas_Alias ADMINS = %admin, root
72
Host Aliases
# This is all the servers
Host_Alias SERVERS = 192.168.0.1, 192.168.0.2, server1
# This is the whole network
Host_Alias NETWORK = 192.168.0.0/255.255.255.0
# And this is every machine in the network that is not
a server
Host_Alias WORKSTATIONS = NETWORK, !SERVER
# This could have been done in one step with
#Host_Alias WORKSTATIONS = 192.168.0.0/255.255.255.0, !
SERVERS
# but I think this method is clearer.
73
Command Aliases
# All the shutdown commands
Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff,
/sbin/reboot, /sbin/halt
# Printing commands
Cmnd_Alias PRINTING_CMDS = /usr/sbin/lpc,
/usr/sbin/lprm
# Admin commands
Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd,
/usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod, /usr/sbin/visudo
# Web commands
Cmnd_Alias WEB_CMDS = /etc/init.d/apache2
74
User Specifications
• User Specifications are where the sudoers file sets who can run
what as who.
• Syntax
=
• user list is a list of users or a user alias
• host list is a list of hosts or a host alias
• operator list is a list of users they must be running as
• command list is a list of commands or a cmnd alias.
• tag list allows you set special things
– PASSWD and NOPASSWD to specify whether the user has to
enter a password or not
– NOEXEC to prevent any programs launching shells
themselves
75
User Specifications Example
# This lets the webmasters run all the web commands on
the machine "webserver" provided they give a password
WEBMASTERS webserver= WEB_CMDS
# This lets the admins run all the admin commands on
the servers
ADMINS SERVERS= ADMIN_CMDS
# This lets all the USERS run admin commands on the
workstations provided they give the root password or
and admin password (using "sudo u ")
USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS
# This lets "harry" shutdown his own machine without a
password
harry harrysmachine= NOPASSWD: SHUTDOWN_CMDS
# And this lets everybody print without requiring a
password
ALL ALL=(ALL) NOPASSWD: PRINTING_CMDS
76
What is visudo?
• The program used to edit the sudoers file.
• Traditionally, visudo opens the /etc/sudoers
file with the "vi" text editor
• Ubuntu, however, has configured visudo to
use the "nano" text editor instead.
• If you would like to change it, issue the
following command:
sudo selecteditor
77
What is visudo?
$ sudo selecteditor
Select an editor. To change later, run
'selecteditor'.
1. /bin/ed
2. /bin/nano < easiest
3. /usr/bin/vim.tiny
Choose 13 [2]:
78
Default sudoers file
# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers
file.
Defaults env_reset
# Uncomment to allow members of group sudo to not need a
password
# %sudo ALL=NOPASSWD: ALL
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
79
Common Tasks
• Shutting Down From The Console Without A
Password
Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff,
/sbin/halt, /sbin/reboot
ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS
• Multiple tags on a line
myuser ALL = (root) NOPASSWD:NOEXEC:
/usr/bin/vim
• Enabling Visual Feedback when Typing
Passwords
Defaults env_reset,pwfeedback
Các file đính kèm theo tài liệu này:
- 04_basic_system_administration_0591.pdf