[ Machiavelli... @ 02.09.2010. 06:23 ] @
| ACL - Access Control Lists Prvo mora da se u fstab doda Code: LABEL=/home /home ext3 defaults,acl 0 0 ili na nekom drugom mount point-u. zatim Code: mount -o remount -o acl LABEL=/home da vidimo trenutni ACL na /home/folderu Code: getfacl /home/djordje sada treba da podesiti prvo acl za folder u kom je file Code: setfacl -m user:djordje:r-x /home/djordje Code: setfacl -m mask:r-x /home/djordje maska je vazna jer ona dozvoljava svima sa acl liste odredjeni pristup, kako smo je vec podesili. Da objasnim malo ovo Imamo folder test, gde je useru(root) dozvoljeno rwx, grupu i other su oduzeta sva prava. Code: drwx------ 3 root root 4096 Aug 24 08:22 test Izlistacemo ACL Code: getfacl test # file: test # owner: root # group: root user::rwx group::--- other::--- Sada dozvolimo useru djordje da pristupi folderu Code: setfacl -m u:djordje:rx test/ namestimo masku samo read Code: setfacl -m m:r test/ dobijamo sledeci ACL na test Code: getfacl test # file: test # owner: root # group: root user::rwx user:djordje:r-x #effective:r-- group::--- mask::r-- other::--- U ovoj situaciji i pored rx premisija za usera djordje on ne moze da pristupi folderu zbog effective premisije maske! __________________________________________ For example, to give read and write permissions to user andrius: Citat: setfacl -m u:andrius:rw /project/somefile For example, to remove all permissions from the user with UID 500: Code: setfacl -x u:500 /project/somefile _______________________________________________ To set a default ACL, add d: before the rule and specify a directory instead of a file name. For example, to set the default ACL for the /share/ directory to read and execute for users not in the user group (an access ACL for an individual file can override it): Code: setfacl -m d:o:rx /share ____________________________________ Code: setfacl -m u::rx,g::rw,m:---,u:djordje:rw dir :: izmedju usera i prava znaci da se odnose na sve usere da se izbrise dafault Code: setfacl -k dir _______________________________________________________ ########################################################## Quotas fstab Code: /dev/VolGroup00/LogVol00 / ext3 defaults,grpquota,usrquota 1 1 posle promene a mora i remount (mount -o remount /home) ako je / onda mora restart zatim izvrsite sledecu komandu Code: quotacheck -avcm zatim dodeljumemo koliko prostora moze svako da koristi Code: edquota user_name Code: (grace period za soft, posle toga ne user ne moze nista da dodaje nego mora da obrise nesto da bi oslobodio prostor)edquota -t Citat: repquota -s / Code: (ovo ce da iskopira quota settings bore na aleksu i vesnu)edquota -up bora aleksa vesna _______________________________________________________________________________ SUDOERS Code: visudo se koristi za izmenu ovog file /etc/sudoers Automount/fstab automount Code: cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom nfs -fstype=nfs 192.168.1.10:/nfs_homes/home project -fstype=ext3 :/dev/sdb1 (to mount localfilesystem) samba -fstype=cifs,username=djordje,password=djordje ://192.168.1.10/samba_shares fstab Code: //192.168.1.10/samba_shares /root/samba cifs username=djordje,password=djordje 0 0 192.168.1.10:/nfs_homes/home /root/nfs nfs soft,timeo=300 0 0 Vrlo je vazno da se zapamti tacan format za automount i fstab, ovo "://" nije "//" ili ":/", ukoliko pogresimo jednostavno se to nece mountovati. Grub /boot/grub/grub.conf ____________________________________________ ako hocemo da stavimo sifru Code: grub-md5-crypt zatim u grub.conf ovako password --md5 copy-of-the-output Da se ukuca sifra u Grub, pritisnite "p" ____________________________________________ komande u grub.conf Code: (i menjamo ovu drugu "0" redom dok ne dobijemo pravu particiju)grub> find (hd0,0)/grub/grub.conf komande redom Citat: root kernel vmlinuz (tab za complete) initrd (tab za complete) boot _________________________________________ LVs , VGs , PVs Krenucemo redom. Imamo disk/particije sdb1 i sdc1 Prvo kreiramo Phisical Volumes Code: pvcreate /dev/sdc1 pvcreate /dev/sdb1 Code: pvscan PV /dev/sdb1 lvm2 [486.31 MB] PV /dev/sdc1 lvm2 [486.31 MB] kada kreiramo 2 ili vise physical volume onda kreiramo Volume group Citat: vgcreate prvaGrupa /dev/sdb1 /dev/sdc1 vgscan Reading all physical volumes. This may take a while... Found volume group "prvaGrupa" using metadata type lvm2 Sada mozemo da pravimo Logical Volumes u “prvaGrupa” grupi. Imamo oko 1GB (2 puta po oko 500MB) da rasporedimo na koliko vec zelimo Lv Da kreiramo LV “prvi-lv” u grupi “prvaGrupa” velicine 200M Code: lvcreate -L 200m prvaGrupa -n prvi-lv Logical volume "prvi-lv" created lvscan ACTIVE '/dev/prvaGrupa/prvi-lv' [200.00 MB] inherit Nakon sto smo kreirali LV, formatiracemo ga I koritsiti kao normalnu particiju. Code: mkfs.ext3 /dev/prvaGrupa/prvi-lv mkdir test mount -t ext3 /dev/prvaGrupa/prvi-lv test/ Da bi ovaj mount “preziveo” restart idemo u fstab I Code: /dev/prvaGrupa/prvi-lv /test ext3 defaults 0 0 mozemo da dodajemo nove particije na VG Code: vgextend prvaGrupa /dev/sdb2 ukloniti particiju iz VG Code: vgreduce prvaGrupa /dev/sdb2 da vidimo sta imamo i gde se nalazi LV, GV, PV Citat: vgdisplay lvdisplay lvscan pvscan vgscan _______________________________________ da dodamo novi prostor (300MB) Code: lvextend -L +300M /dev/prvaGrupa/prvi-lv Uglavnom novi prostor je dodat bez dodatnih akcija, ali moguce je da je potrebno umount, resize2fs. Code: resize2fs /dev/prvaGrupa/prvi-lv Ukoliko ovo pravi probleme onda mora unmount pa Code: e2fsck -f /dev/prvaGrupa/prvi-lv Da smanjimo velicinu LV za 100MB Code: lvreduce -L -100M /dev/prvaGrupa/prvi-lv Napomena, prilikom dodavanja prostora nije nepohodno (premda preporucljivo) da se backup LV, ali prilikom smanjivanja je NEOPHODNO! ########################################################## 10. Named instalirati Code: yum install bind yum install system-config-bind zatim Code: system-config-bind Ovo je GUI alat koji generise default named.conf (u cashing only mode). Ukoliko ovo hocete peske, morate sami da kopirate I named.conf, sve zone fileove... onda snimiti default i to je up and running cashing only server Zone file za master zonu bi izgledao ovako Code: zone "dorde-dokanovic.info" IN { type master; file "/var/named/dorde-dokanovic.info"; allow-transfer { 192.168.1.101; }; }; Slave Code: zone "db.dorde.dokanovic.info" IN { type slave; file "slaves/db.dorde.dokanovic.info"; masters { 192.168.1.101; }; }; Da startujemo servis prilikom boot-a (za 2,3,4,5 runlevel) Code: chkconfig –-level 2345 named on _______________________________________ kada kreiramo novu zonu svi fileovi ce biti u /var/named ako hocemo drugu lokaciju mora da se specificira tacno Da vidimo kakav je status procesa Code: /etc/init.d/named status service named status _____________________________________ port je TCP/UDP 53 Najprostije bi bilo ovako i iptables Code: iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT ####################################################### NFS /etc/exports primer Code: /temp_dir1 *(rw,sync,no_root_squash) /temp_dir2 192.168.1.11(rw,sync) 192.168.1.12(ro) 192.168.1.0/24(ro,sync,no_root_squash) “no_root_squash” (remote root users will NOT be treated as a root once they connect to the server) _____________________________________________ Nfs deamon menja portove na kojima slusa prilikom restart servisa ili reboot. Stoga da bi lepo radio kroz iptables moraju da se podese staticki portovi za locked (TCP) locked (UDP) mountd (TCP) statd (TCP) koje mozemo videti sa Code: rpcinfo -p Da podesimo staticke portove (uncomment) za pomenute deamons Code: vi /etc/sysconfig/nfs Citat: RQUOTAD_PORT LOCKD_TCPPORT LOCKD_UDPPORT MOUNTD_PORT STATD_PORT STATD_OUTGOING_PORT Kada podesimo da budu staticki portovi, startujemo nfs Code: service nfs start Da mount direktorijum sa udaljenog servera Code: mount -t nfs 192.168.1.10:/remote_dir /local_dir/ _____________________________________________ Videti share-ovano Code: showmount -e ################################ Mount-ovanje imate u Automount/fstab sekciji ######################################## nakon promena u /etc/exports exportfs -a (za sve) exportfs -r kada dodamo dir da se doda u shares __________________________________ podrzati pisanje(write) pristup - selinux Code: setsebool -P nfs_export_all_rw 1 Za detaljniji Selinux pogledati Code: man nfs_selinux Host acces se regulise u /etc/exports User Acces preko acl! ########################################## RAID RAID 0 koristi oba diska da pise po njima ne obezbedjuje data redudancy (ako jedan rikne ide sve u ku***) RAID 1 mirroring izmedju 2 ili vise diskova RAID 4 (requires 3 or more disks) jedan sluzi kao parity disk ostala dva za podatke, obezbedjena data redudancy RAID 5 (requires 3 or more disks) slicno kao RAID 4 ali se parity informacije pisu na svm diskovma , obezbedjena data redudancy RAID 6 (requires 4 or more disks) two levels of parity, 2 mogu da riknu i podaci da budu sigurni :-) da se vidi poostojeci RAID Code: cat /proc/mdstat Fromatiracemo prvo sve diskove (sdd, sde, sdf) Code: fdisk /dev/sdd System type treba da bude “fd” (Linux raid auto) da se kreira RAID Code: mdadm --create --verbose /dev/md0 --level=4 --raid-devices=3 /dev/sdd1 /dev/sde1 /dev/sdf1 remove disk from raid Code: mdadm --verbose /dev/md0 -f /dev/sdd1 -r /dev/sdd1 Prikaz raid Code: (il md1 ili koji vec)mdadm --detail /dev/md0 zatm se formatira RAID device Code: mkfs.ext3 /dev/md0 Sada mozemo da mount raid /dev/md0 Code: mount -t ext3 /dev/md0 /raid/ Dodati novi disk RAID array Code: mdadm --verbose /dev/md0 -a /dev/sdg1 |