Hệ điều hành - Basic system administration

Đặng Thanh Bình Basic System Administration 2Contents • File and Directory management – ls, cd, pwd, mkdir, mv cp, rm, rmdir, locate, find, grep – touch, cat – Recursive and interactive modes – PATH variable, which command • Linking Files • File and directory permissions • sudoers 3 FILE AND DIRECTORY MANAGEMENT 4The Linux Directory Structure • Directory: Used to organize other files into a logical tree structure – Stored in a filesystem of a specific partition in the hard disk • Root: The top level directory – Referred to using the / character • Forms root of a hierarchical tree 5The Linux Directory Structure • The Windows file system structure 6The Linux Directory Structure • The Linux file system structure 7File Types • 4 basic file types – Normal files (program, text, library, ) – Directory – Special files (device, socket, pipe, ) – Symbolic links (symlinks) 8File Name Regulations • Maximum 255 characters • May contain any characters (including special characters) • Hidden file/directory starts with a period (.) 9Pathname • Absolute pathname: starts with “/” • Relative pathname: DOES not start with a “/” • Special pathnames: • .. – parent directory • . – current directory 10 Changing Directories • Home directory: unique to each user – ~ metacharacter used to refer to home directory • pwd (print working directory) command: displays current directory in the directory tree • cd (change directory) command: change the current directory in the directory tree – Argument specifies the destination directory – cd: go to user’s home directory – cd PATHNAME 11 Listing Files • ls command: List the files in a directory • May pass an argument indicating the directory to be listed – –F option: Argument to indicate file types – –l option: Argument to list long file listings Long listing for each file includes eight components • File type character • List of permissions (mode of the file) • Hard link count • Owner • Group owner • File size • Most recent modification time • Filename 12 Listing Files 13 Listing Files 14 Creating Files • touch command: creat an empty file – touch FILENAME – touch FILE1 FILE2 • cat command: display and/or edit file content – -n option: displays line number and contents – cat FILENAME – cat > FILENAME (use Ctrl-D to finish) 15 Viewing Text Files • tac command: displays contents of a text file in reverse order • head command: view first ten lines of a file • tail command: view last ten lines of a file • For head and tail commands – Line count includes blank lines – Can provide numeric option to specify the number of lines to be displayed (e.g., head -2 filename) 16 Viewing Text Files • more command: displays text files page-by- page – Pressing Spacebar displays the next page – Pressing Enter displays the next line • less command: same as more command, but can also use cursor to scroll • Interaction with more and less: – pressing h key gets Help screen – pressing q key quits more and less commands 17 Viewing Text Files • more and less can be used with output of other commands • If output is too large to fit on terminal screen, use “|” metacharacter and more or less command – e.g., ls -l | more 18 Displaying the Contents of Binary Files • strings command: searches for and displays text characters in a binary file – Might indicate purpose of binary file • od command: displays contents of file in octal format (numeric base 8 format) – -x option displays contents of the file in hexadecimal format (numeric base 16 format) 19 Managing Files and Directories • mkdir command: creates new directories – Arguments specify directory’s absolute or relative pathname • mv command: moves files – Minimum of two arguments: • Source file/directory (may specify multiple sources) • Target file/directory – Pathnames can be absolute or relative – For multiple files, can use wildcards in pathname – Also used to rename files or directories 20 Managing Files and Directories • cp command: copies files – Same arguments as the mv command – Also used to make copies of files 21 Managing Files and Directories • Recursive: referring to itself and its own contents – Recursive copy command copies the directory and all subdirectories and contents – Recursive search includes all subdirectories in a directory and their contents – Use –r option • Interactive mode: Prompts user before overwriting files – –i option – –f option (force): Overrides interactive mode 22 Managing Files and Directories • rm command: Removes files – Arguments are a list of files – Can use wildcards – Interactive mode by default – Use -f option to override 23 Managing Files and Directories • rmdir command: removes directories – Arguments are a list of files – Can use wildcards – Interactive mode by default – Use -f option to override – Cannot be used to remove directory full of files • To delete directory and all its contents (subdirectories and files), use rm –r command 24 Finding Files • locate command: Search for files on system – Receives full or partial filename as argument – Uses premade indexed database of all files on system • To update the database use updatedb command – Information returned may not fit on screen • Use with more or less commands 25 Finding Files • find command: recursively search for files starting from a specified directory – Slower than locate command, but more versatile – Format: find -criteria <what to find> • e.g., find /root –name project – If using wildcard metacharacters, ensure that they are interpreted by the find command • Place wildcards in quotation marks – To reduce search time, specify subdirectory to be searched 26 Finding Files • Common criteria used with find command 27 Finding Files • Common criteria used with the find command 28 Finding Files • PATH variable: lists directories on system where executable files are located – Allows executable files to be run without specifying absolute or relative path • which command: search for an executable file – Searches the PATH variable – If the file is not found, lists the directories that were searched 29 Searching for Text Within Files • Text tools: commands that search for and manipulate text • Regular expressions (regexp): text wildcards that ease the search for specific text – Match patterns of text within a text document – Used by many text tools and programming languages – Including grep, emacs, C++, PERL, and many more 30 Searching for Text Within Files • Regular Expressions – Different from wildcard metacharacters • Wildcard metacharacters interpreted by shell; regexps interpreted by text tools • Wildcard metacharacters match characters in filenames; regexps match characters within text files • Wildcard metacharacters have different definitions that regexps • More regexps than wildcard metacharacters – Regular expressions are divided into common regexps and extended regexps 31 Searching for Text Within Files • Regular Expressions 32 Searching for Text Within Files • grep (global regular expression print) command: displays lines in a text file that match common regexps • egrep command: displays lines in a text file that match extended regexps – Can be written as grep -E • fgrep command: does not interpret any regular expressions – Returns results much faster than egrep – Can be written as grep -F 33 Searching for Text Within Files • grep requires two arguments – Text to search for • Can use regular expressions – Files in which to search • grep is case sensitive – For case-insensitive search, use –i option • grep matches patterns of text, ignoring division into words • To search only for occurrences of a word, surround it by space characters 34 LINKING FILES 35 What is an INODE? • Inodes store information about files and folders, such as file ownership, access mode (read, write, execute permissions), and file type. – Fixed number of inodes per file system – Inodes do not contain file names, only file metadata. • Use df -i to see inode usage • Use ls -i to determine a filenames inode number • WARNING: You can use up all of a filesystems inodes without using all of the storage space on the disk it resides. 36 Linking Files • Symbolic link: one file is a pointer or shortcut to another • Hard link: two files share the same data 37 Linking Files • Filesystem has three main structural sections: – Superblock: Contains general information about the filesystem • e.g., number of inodes and data blocks, size of each data block – The inode table: consists of several inodes, each of which describes a file or directory • Unique inode number, file size, data block locations, last date modified, permissions, and ownership – Data blocks: Data making up contents of a file 38 Linking Files • Hard linked files share the same inode and inode number – Must reside on the same filesystem • To remove hard linked files, delete one of the linked files – Reduces the link count for the file 39 Linking Files • The structure of hard linked files 40 Linking Files • Symbolic linked files do not share the same inode and inode number with their target file • Symbolic linked file is a pointer to the target file – Data blocks in the linked file contain only a pathname for the target file • Linked file and target file have different sizes – Editing symbolic linked file actually edits the target file • If the target file is deleted, symbolic link serves no function 41 Linking Files • The structure of symbolically linked files 42 Linking Files • ln (link) command: Create hard and symbolic links – Two arguments: • Existing file to link • Target file to create as a link to existing file – Use –s option to create symbolic link – Arguments can be relative or absolute pathnames 43 FILE AND DIRECTORY PERMISSIONS 44 File and Directory Permissions • All users must login with a username and password • Users identified by username and group memberships • Access to resources depends on username and group membership • Must have required permissions 45 File and Directory Ownership • Primary group: user’s default group • During file creation, file’s owner and group owner set to user’s username and primary group – Same for directory creation • whoami command: view current user name • groups command: view group memberships and primary group • touch command: create an empty file 46 File and Directory Ownership • chown (change owner) command: change ownership of a file or directory – Two arguments: • New owner • File to change – Can use –R option for contents of directory • chgrp (change group) command: change group owner of a file or directory – Same arguments and options as for chown command 47 File and Directory Permissions • Mode: inode section that stores permissions • Three sections, based on the user(s) that receive the permission: – User permissions: owner – Group permissions: group owner – Other permissions: everyone on system • Three regular permissions may be assigned to each user: – Read – Write – Execute 48 Interpreting the Mode 49 Interpreting the Mode • User: refers to owner of a file or directory • Owner: refers to users with ability to change permissions on a file or directory • Other: refers to all users on system • Permissions are not additive 50 Interpreting Permissions 51 Changing Permissions • chmod (change mode) command: change mode (permissions) of files or directories – Two arguments at minimum • Criteria used to change permissions • Filenames to change • Permissions stored in a file’s or a directory’s inode as binary powers of two 52 Changing Permissions 53 Changing Permissions 54 Default Permissions • New files given rw-rw-rw- permissions by default • The default permissions are configurable. These are defined by the user mask (umask), which is set by the umask command • umask : find what the current umask is • umask –S: display the umask expressed symbolically rather than in octal form • umask u=rwx,g=rx,o=rx is equivalent to umask 022 55 Default Permissions 56 Default Permissions • Performing a umask 022 calculation 57 Default Permissions • Performing a umask 007 calculation 58 Special Permissions • Three more optional special permissions for files and directories – SUID (Set User ID) – SGID (Set Group ID) – Sticky bit 59 Special Permissions • SUID – If set on a file, user who executes the file becomes owner of the file during execution • e.g., ping command – No functionality when set on a directory – Only applicable to binary compiled programs • Cannot be used on shell scripts – Excample: • chmod u+s file1.txt • chmod 4750 file1.txt 60 Special Permissions • SGID – Applicable to files and directories – If set on a file, user who executes the file becomes member of the file’s group during execution – If a user creates a file in a directory with SGID set, the file’s group owner is set to be the directory’s group owner and not the user’s primary group – Example: • chmod g+s file1.txt • chmod 2750 file1.txt 61 Special Permissions • Sticky bit – Previously used to lock files in memory – Currently only applicable to directories – Ensures that a user can only delete his/her own files when given write permissions in a directory – Example • chmod o+t /opt/dump/ or chmod +t /opt/dump/ • chmod 1757 /opt/dump/ 62 Setting Special Permissions • Special permissions require execute • Mask the execute permission when displayed by the ls –l command • May be set even if file or directory does not have execute permission – Indicating letter in the mode will be capitalized • Add special permissions via chmod command – Add an extra digit at front of permissions argument 63 Setting Special Permissions • Representing special permissions in the mode 64 Setting Special Permissions • Representing special permissions in the absence of the execute permissions 65 Setting Special Permissions • Numeric representation of regular and special permissions 66 SUDOERS 67 How To Obtain Root Privileges • Login as root • Use “su” to become root • Use “sudo” to execute commands as root 68 /etc/sudoers file • The /etc/sudoers file controls – who can run what commands as what users on what machines – special things such as whether you need a password for particular commands. • The file is composed – aliases (basically variables) and – user specifications (which control who can run what). 69 Aliases • 4 kinds of aliases: User_Alias, Runas_Alias, Host_Alias and Cmnd_Alias • Each alias definition is of the form: – Alias_Type NAME = item1, item2, ...  where Alias_Type is one of 4 types above. • Use semicolon as separator – Alias_Type NAME1 = item1, item2 : NAME2 =  item3  • There are also built in aliases called ALL which match everything where they are used. 70 User Alias # Everybody in the system group "admin" is covered by  the alias ADMINS  User_Alias ADMINS = %admin  # The users "tom", "dick", and "harry" are covered by  the USERS alias  User_Alias USERS = tom, dick, harry  # The users "tom" and "mary" are in the WEBMASTERS  alias  User_Alias WEBMASTERS = tom, mary  # You can also use ! to exclude users from an alias  # This matches anybody in the USERS alias who isn't in  WEBMASTERS or ADMINS aliases  User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS 71 Runas Aliases # UID 0 is normally used for root #  Note  the  hash  (#)  on  the  following  line  indicates a uid, not a comment.  Runas_Alias ROOT = #0 #  This  is  for  all  the  admin  users  similar  to  the User_Alias of ADMINS set earlier  # with the addition of "root"  Runas_Alias ADMINS = %admin, root 72 Host Aliases # This is all the servers  Host_Alias SERVERS = 192.168.0.1, 192.168.0.2, server1 # This is the whole network  Host_Alias NETWORK = 192.168.0.0/255.255.255.0 # And this is every machine in the network that is not  a server  Host_Alias WORKSTATIONS = NETWORK, !SERVER # This could have been done in one step with  #Host_Alias WORKSTATIONS = 192.168.0.0/255.255.255.0, ! SERVERS  # but I think this method is clearer. 73 Command Aliases  # All the shutdown commands  Cmnd_Alias SHUTDOWN_CMDS = /sbin/poweroff,  /sbin/reboot, /sbin/halt  # Printing commands  Cmnd_Alias PRINTING_CMDS = /usr/sbin/lpc,  /usr/sbin/lprm  # Admin commands  Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd,  /usr/sbin/useradd, /usr/sbin/userdel,  /usr/sbin/usermod, /usr/sbin/visudo  # Web commands  Cmnd_Alias WEB_CMDS = /etc/init.d/apache2 74 User Specifications • User Specifications are where the sudoers file sets who can run what as who. • Syntax     =      • user list is a list of users or a user alias • host list is a list of hosts or a host alias • operator list is a list of users they must be running as • command list is a list of commands or a cmnd alias. • tag list allows you set special things – PASSWD and NOPASSWD to specify whether the user has to enter a password or not – NOEXEC to prevent any programs launching shells themselves 75 User Specifications Example # This lets the webmasters run all the web commands on  the machine "webserver" provided they give a password  WEBMASTERS webserver= WEB_CMDS #  This  lets  the  admins  run  all  the  admin  commands  on  the servers  ADMINS SERVERS= ADMIN_CMDS #  This  lets  all  the  USERS  run  admin  commands  on  the  workstations  provided  they  give  the  root  password  or  and admin password (using "sudo ­u ")  USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS # This lets "harry" shutdown his own machine without a  password  harry harrys­machine= NOPASSWD: SHUTDOWN_CMDS #  And  this  lets  everybody  print  without  requiring  a  password  ALL ALL=(ALL) NOPASSWD: PRINTING_CMDS 76 What is visudo? • The program used to edit the sudoers file. • Traditionally, visudo opens the /etc/sudoers file with the "vi" text editor • Ubuntu, however, has configured visudo to use the "nano" text editor instead. • If you would like to change it, issue the following command: sudo select­editor 77 What is visudo? $ sudo select­editor  Select  an  editor.    To  change  later,  run  'select­editor'.   1. /bin/ed   2. /bin/nano        <­­­­ easiest   3. /usr/bin/vim.tiny Choose 1­3 [2]: 78 Default sudoers file # /etc/sudoers # This file MUST be edited with the 'visudo' command as root. #  See  the  man  page  for  details  on  how  to  write  a  sudoers  file. Defaults    env_reset #  Uncomment  to  allow  members  of  group  sudo  to  not  need  a  password # %sudo ALL=NOPASSWD: ALL # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root    ALL=(ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL 79 Common Tasks • Shutting Down From The Console Without A Password Cmnd_Alias  SHUTDOWN_CMDS  =  /sbin/poweroff,  /sbin/halt, /sbin/reboot  ALL=(ALL) NOPASSWD: SHUTDOWN_CMDS • Multiple tags on a line myuser  ALL  =  (root)  NOPASSWD:NOEXEC:  /usr/bin/vim • Enabling Visual Feedback when Typing Passwords Defaults        env_reset,pwfeedback