ACL, Quotas, Automount/fstab, LV, Named, NFS, RAIDPrvo mora da se u fstab doda
Code:
LABEL=/home /home ext3 defaults,acl 0 0
LABEL=/home /home ext3 defaults,acl 0 0
ili na nekom drugom mount point-u.
zatim
Code:
mount -o remount -o acl LABEL=/home
mount -o remount -o acl LABEL=/home
da vidimo trenutni ACL na /home/folderu
Code:
getfacl /home/djordje
getfacl /home/djordje
sada treba da podesiti prvo acl za folder u kom je file
Code:
setfacl -m user:djordje:r-x /home/djordje
setfacl -m user:djordje:r-x /home/djordje
Code:
setfacl -m mask:r-x /home/djordje
setfacl -m mask:r-x /home/djordje
maska je vazna jer ona dozvoljava svima sa acl liste odredjeni pristup, kako smo je vec podesili.
Da objasnim malo ovo
Imamo folder test, gde je useru(root) dozvoljeno rwx, grupu i other su oduzeta sva prava.
Code:
drwx------ 3 root root 4096 Aug 24 08:22 test
drwx------ 3 root root 4096 Aug 24 08:22 test
Izlistacemo ACL
Code:
getfacl test
# file: test
# owner: root
# group: root
user::rwx
group::---
other::---
getfacl test
# file: test
# owner: root
# group: root
user::rwx
group::---
other::---
Sada dozvolimo useru djordje da pristupi folderu
Code:
setfacl -m u:djordje:rx test/
setfacl -m u:djordje:rx test/
namestimo masku samo read
Code:
setfacl -m m:r test/
setfacl -m m:r test/
dobijamo sledeci ACL na test
Code:
getfacl test
# file: test
# owner: root
# group: root
user::rwx
user:djordje:r-x #effective:r--
group::---
mask::r--
other::---
getfacl test
# file: test
# owner: root
# group: root
user::rwx
user:djordje:r-x #effective:r--
group::---
mask::r--
other::---
U ovoj situaciji i pored rx premisija za usera djordje on ne moze da pristupi folderu zbog effective premisije maske!
__________________________________________
For example, to give read and write permissions to user andrius:
Citat:
setfacl -m u:andrius:rw /project/somefile
For example, to remove all permissions from the user with UID 500:
Code:
setfacl -x u:500 /project/somefile
setfacl -x u:500 /project/somefile
_______________________________________________
To set a default ACL, add d: before the rule and specify a directory instead of a file name.
For example, to set the default ACL for the /share/ directory to read and execute for users not in the user group (an access ACL for an individual file can override it):
Code:
setfacl -m d:o:rx /share
setfacl -m d:o:rx /share
____________________________________
Code:
setfacl -m u::rx,g::rw,m:---,u:djordje:rw dir
setfacl -m u::rx,g::rw,m:---,u:djordje:rw dir
:: izmedju usera i prava znaci da se odnose na sve usere
da se izbrise dafault
Code:
setfacl -k dir
setfacl -k dir
_______________________________________________________
##########################################################
Quotas
fstab
Code:
/dev/VolGroup00/LogVol00 / ext3 defaults,grpquota,usrquota 1 1
/dev/VolGroup00/LogVol00 / ext3 defaults,grpquota,usrquota 1 1
posle promene a mora i remount (mount -o remount /home) ako je / onda mora restart
zatim izvrsite sledecu komandu
Code:
quotacheck -avcm
quotacheck -avcm
zatim dodeljumemo koliko prostora moze svako da koristi
Code:
edquota user_name
edquota user_name
Code:
edquota -t
(grace period za soft, posle toga ne user ne moze nista da dodaje nego mora da obrise nesto da bi oslobodio prostor)edquota -t
Citat:
repquota -s /
Code:
edquota -up bora aleksa vesna
(ovo ce da iskopira quota settings bore na aleksu i vesnu)edquota -up bora aleksa vesna
_______________________________________________________________________________
SUDOERS
Code:
visudo
visudo
se koristi za izmenu ovog file
/etc/sudoers
Automount/fstab
automount
Code:
cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
nfs -fstype=nfs 192.168.1.10:/nfs_homes/home
project -fstype=ext3 :/dev/sdb1 (to mount localfilesystem)
samba -fstype=cifs,username=djordje,password=djordje ://192.168.1.10/samba_shares
cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
nfs -fstype=nfs 192.168.1.10:/nfs_homes/home
project -fstype=ext3 :/dev/sdb1 (to mount localfilesystem)
samba -fstype=cifs,username=djordje,password=djordje ://192.168.1.10/samba_shares
fstab
Code:
//192.168.1.10/samba_shares /root/samba cifs username=djordje,password=djordje 0 0
192.168.1.10:/nfs_homes/home /root/nfs nfs soft,timeo=300 0 0
//192.168.1.10/samba_shares /root/samba cifs username=djordje,password=djordje 0 0
192.168.1.10:/nfs_homes/home /root/nfs nfs soft,timeo=300 0 0
Vrlo je vazno da se zapamti tacan format za automount i fstab, ovo "://" nije "//" ili ":/", ukoliko pogresimo jednostavno se to nece mountovati.
Grub
/boot/grub/grub.conf
____________________________________________
ako hocemo da stavimo sifru
Code:
grub-md5-crypt
grub-md5-crypt
zatim u grub.conf
ovako
password --md5 copy-of-the-output
Da se ukuca sifra u Grub, pritisnite "p"
____________________________________________
komande u grub.conf
Code:
grub> find (hd0,0)/grub/grub.conf
(i menjamo ovu drugu "0" redom dok ne dobijemo pravu particiju)grub> find (hd0,0)/grub/grub.conf
komande redom
Citat:
root
kernel vmlinuz (tab za complete)
initrd (tab za complete)
boot
kernel vmlinuz (tab za complete)
initrd (tab za complete)
boot
_________________________________________
LVs , VGs , PVs
Krenucemo redom. Imamo disk/particije sdb1 i sdc1
Prvo kreiramo Phisical Volumes
Code:
pvcreate /dev/sdc1
pvcreate /dev/sdb1
pvcreate /dev/sdc1
pvcreate /dev/sdb1
Code:
pvscan
pvscan
PV /dev/sdb1 lvm2 [486.31 MB]
PV /dev/sdc1 lvm2 [486.31 MB]
kada kreiramo 2 ili vise physical volume onda kreiramo Volume group
Citat:
vgcreate prvaGrupa /dev/sdb1 /dev/sdc1
vgscan
Reading all physical volumes. This may take a while...
Found volume group "prvaGrupa" using metadata type lvm2
vgscan
Reading all physical volumes. This may take a while...
Found volume group "prvaGrupa" using metadata type lvm2
Sada mozemo da pravimo Logical Volumes u “prvaGrupa” grupi. Imamo oko 1GB (2 puta po oko 500MB) da rasporedimo na koliko vec zelimo Lv
Da kreiramo LV “prvi-lv” u grupi “prvaGrupa” velicine 200M
Code:
lvcreate -L 200m prvaGrupa -n prvi-lv
Logical volume "prvi-lv" created
lvscan
ACTIVE '/dev/prvaGrupa/prvi-lv' [200.00 MB] inherit
lvcreate -L 200m prvaGrupa -n prvi-lv
Logical volume "prvi-lv" created
lvscan
ACTIVE '/dev/prvaGrupa/prvi-lv' [200.00 MB] inherit
Nakon sto smo kreirali LV, formatiracemo ga I koritsiti kao normalnu particiju.
Code:
mkfs.ext3 /dev/prvaGrupa/prvi-lv
mkdir test
mount -t ext3 /dev/prvaGrupa/prvi-lv test/
mkfs.ext3 /dev/prvaGrupa/prvi-lv
mkdir test
mount -t ext3 /dev/prvaGrupa/prvi-lv test/
Da bi ovaj mount “preziveo” restart idemo u fstab I
Code:
/dev/prvaGrupa/prvi-lv /test ext3 defaults 0 0
/dev/prvaGrupa/prvi-lv /test ext3 defaults 0 0
mozemo da dodajemo nove particije na VG
Code:
vgextend prvaGrupa /dev/sdb2
vgextend prvaGrupa /dev/sdb2
ukloniti particiju iz VG
Code:
vgreduce prvaGrupa /dev/sdb2
vgreduce prvaGrupa /dev/sdb2
da vidimo sta imamo i gde se nalazi LV, GV, PV
Citat:
vgdisplay
lvdisplay
lvscan
pvscan
vgscan
lvdisplay
lvscan
pvscan
vgscan
_______________________________________
da dodamo novi prostor (300MB)
Code:
lvextend -L +300M /dev/prvaGrupa/prvi-lv
lvextend -L +300M /dev/prvaGrupa/prvi-lv
Uglavnom novi prostor je dodat bez dodatnih akcija, ali moguce je da je potrebno umount, resize2fs.
Code:
resize2fs /dev/prvaGrupa/prvi-lv
resize2fs /dev/prvaGrupa/prvi-lv
Ukoliko ovo pravi probleme onda mora unmount pa
Code:
e2fsck -f /dev/prvaGrupa/prvi-lv
e2fsck -f /dev/prvaGrupa/prvi-lv
Da smanjimo velicinu LV za 100MB
Code:
lvreduce -L -100M /dev/prvaGrupa/prvi-lv
lvreduce -L -100M /dev/prvaGrupa/prvi-lv
Napomena, prilikom dodavanja prostora nije nepohodno (premda preporucljivo) da se backup LV, ali prilikom smanjivanja je NEOPHODNO!
##########################################################
10. Named
instalirati
Code:
yum install bind
yum install system-config-bind
yum install bind
yum install system-config-bind
zatim
Code:
system-config-bind
system-config-bind
Ovo je GUI alat koji generise default named.conf (u cashing only mode). Ukoliko ovo hocete peske, morate sami da kopirate I named.conf, sve zone fileove...
onda snimiti default i to je up and running cashing only server
Zone file za master zonu bi izgledao ovako
Code:
zone "dorde-dokanovic.info" IN {
type master;
file "/var/named/dorde-dokanovic.info";
allow-transfer { 192.168.1.101; };
};
zone "dorde-dokanovic.info" IN {
type master;
file "/var/named/dorde-dokanovic.info";
allow-transfer { 192.168.1.101; };
};
Slave
Code:
zone "db.dorde.dokanovic.info" IN {
type slave;
file "slaves/db.dorde.dokanovic.info";
masters { 192.168.1.101; };
};
zone "db.dorde.dokanovic.info" IN {
type slave;
file "slaves/db.dorde.dokanovic.info";
masters { 192.168.1.101; };
};
Da startujemo servis prilikom boot-a (za 2,3,4,5 runlevel)
Code:
chkconfig –-level 2345 named on
chkconfig –-level 2345 named on
_______________________________________
kada kreiramo novu zonu svi fileovi ce biti u /var/named
ako hocemo drugu lokaciju mora da se specificira tacno
Da vidimo kakav je status procesa
Code:
/etc/init.d/named status
service named status
/etc/init.d/named status
service named status
_____________________________________
port je TCP/UDP 53
Najprostije bi bilo ovako i iptables
Code:
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
#######################################################
NFS
/etc/exports
primer
Code:
/temp_dir1 *(rw,sync,no_root_squash)
/temp_dir2 192.168.1.11(rw,sync) 192.168.1.12(ro) 192.168.1.0/24(ro,sync,no_root_squash)
/temp_dir1 *(rw,sync,no_root_squash)
/temp_dir2 192.168.1.11(rw,sync) 192.168.1.12(ro) 192.168.1.0/24(ro,sync,no_root_squash)
“no_root_squash” (remote root users will NOT be treated as a root once they connect to the server)
_____________________________________________
Nfs deamon menja portove na kojima slusa prilikom restart servisa ili reboot. Stoga da bi lepo radio kroz iptables moraju da se podese staticki portovi za
locked (TCP)
locked (UDP)
mountd (TCP)
statd (TCP)
koje mozemo videti sa
Code:
rpcinfo -p
rpcinfo -p
Da podesimo staticke portove (uncomment) za pomenute deamons
Code:
vi /etc/sysconfig/nfs
vi /etc/sysconfig/nfs
Citat:
RQUOTAD_PORT
LOCKD_TCPPORT
LOCKD_UDPPORT
MOUNTD_PORT
STATD_PORT
STATD_OUTGOING_PORT
LOCKD_TCPPORT
LOCKD_UDPPORT
MOUNTD_PORT
STATD_PORT
STATD_OUTGOING_PORT
Kada podesimo da budu staticki portovi, startujemo nfs
Code:
service nfs start
service nfs start
Da mount direktorijum sa udaljenog servera
Code:
mount -t nfs 192.168.1.10:/remote_dir /local_dir/
mount -t nfs 192.168.1.10:/remote_dir /local_dir/
_____________________________________________
Videti share-ovano
Code:
showmount -e
showmount -e
################################
Mount-ovanje imate u Automount/fstab sekciji
########################################
nakon promena u /etc/exports
exportfs -a (za sve)
exportfs -r kada dodamo dir da se doda u shares
__________________________________
podrzati pisanje(write) pristup - selinux
Code:
setsebool -P nfs_export_all_rw 1
setsebool -P nfs_export_all_rw 1
Za detaljniji Selinux pogledati
Code:
man nfs_selinux
man nfs_selinux
Host acces se regulise u /etc/exports
User Acces preko acl!
##########################################
RAID
RAID 0 koristi oba diska da pise po njima ne obezbedjuje data redudancy (ako jedan rikne ide sve u ku***)
RAID 1 mirroring izmedju 2 ili vise diskova
RAID 4 (requires 3 or more disks) jedan sluzi kao parity disk ostala dva za podatke, obezbedjena data redudancy
RAID 5 (requires 3 or more disks) slicno kao RAID 4 ali se parity informacije pisu na svm diskovma , obezbedjena data redudancy
RAID 6 (requires 4 or more disks) two levels of parity, 2 mogu da riknu i podaci da budu sigurni :-)
da se vidi poostojeci RAID
Code:
cat /proc/mdstat
cat /proc/mdstat
Fromatiracemo prvo sve diskove (sdd, sde, sdf)
Code:
fdisk /dev/sdd
fdisk /dev/sdd
System type treba da bude “fd” (Linux raid auto)
da se kreira RAID
Code:
mdadm --create --verbose /dev/md0 --level=4 --raid-devices=3 /dev/sdd1 /dev/sde1 /dev/sdf1
mdadm --create --verbose /dev/md0 --level=4 --raid-devices=3 /dev/sdd1 /dev/sde1 /dev/sdf1
remove disk from raid
Code:
mdadm --verbose /dev/md0 -f /dev/sdd1 -r /dev/sdd1
mdadm --verbose /dev/md0 -f /dev/sdd1 -r /dev/sdd1
Prikaz raid
Code:
mdadm --detail /dev/md0
(il md1 ili koji vec)mdadm --detail /dev/md0
zatm se formatira RAID device
Code:
mkfs.ext3 /dev/md0
mkfs.ext3 /dev/md0
Sada mozemo da mount raid /dev/md0
Code:
mount -t ext3 /dev/md0 /raid/
mount -t ext3 /dev/md0 /raid/
Dodati novi disk RAID array
Code:
mdadm --verbose /dev/md0 -a /dev/sdg1
mdadm --verbose /dev/md0 -a /dev/sdg1
Having an idea is like being in a nutshell, but exchanging idea and collaborate
with
others is like being in infinite ocean of knowledge.
________________________________________________________________
____
Veruj u sebe. Ako ti neces, ko hoce?!
„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“
with
others is like being in infinite ocean of knowledge.
________________________________________________________________
____
Veruj u sebe. Ako ti neces, ko hoce?!
„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“
