7th ppt
1. Basic knowledge
1. User account management
Whether logging in to the Linux system from the local machine or remotely, each operator must have his own user account, and different accounts have different access rights to resources. In the scope of system management, in addition to the management of file resources, the most important job of the system administrator is user account management. The so-called user account management refers to operations such as account creation, deletion, modification, account planning, and permission granting. Linux system accounts are divided into user accounts and group accounts:
- User account: usually an operator has a user account, each user account has a unique identification number UID (User ID). The Linux system has a root user root. In addition, users created in the system are divided into administrators and standard users. Administrator users have more permissions than standard users.
- Group account: each user account has its own group (the identification number of the group is GID (Group ID))
Account management and view commands:
| command | meaning |
|---|---|
| useradd user | New user account user |
| useradd -g xxx user | Create a new user account user, whose group is xxx |
| passwd user | Modify user's password (root user changes other user passwords) |
| passwd | Ordinary users modify their own passwords |
| userdel user | Delete user user |
| usermod | Modify user attributes |
| groupadd group | New user group group |
| groupdel group | Delete user group group |
| Modify group members | Edit the /etc/group file |
| su xxx | Switch user to xxx |
| whoami | Display the user's own username |
| who | Query which users are in the current system |
| w | Query which users are in the current system, which is an enhanced version of the who command |
2. File access authority management
There are three types of file or directory access permissions: readable (readable), writable (writable) and executable (executable).
Different users can have different access rights to the same file.
- Owner permissions u
- Group permissions g
- Other user (others) permissions The
The above operation is that I used ls to list the detailed information of each file, first showing the total size; then the first field shows the file permissions, and then the number of file connections, owner, group, size , Last modification time, file name, etc. It is worth mentioning the file permissions (10 bits in total):
| Field | meaning |
|---|---|
| 1 | file type |
| 2-4 | Owner permissions |
| 5-7 | Group permissions |
| 8-10 | Other user (others) permissions |
- file type:
| letter | meaning |
|---|---|
| d | table of Contents |
| l | link |
| c | Character device |
| b | Block device |
| s | socket file |
| p | Command pipeline |
| - | Normal file |
- file permission:
| letter | meaning |
|---|---|
| r | The actual content of the readable file |
| w | Editable to add and modify file content |
| x | Executable file |
- Directory permissions:
| letter | meaning |
|---|---|
| r | List of readable directory structures |
| w | Can change the directory structure |
| x | You can go cdto this directory to make it a working directory |
SUID (Set UID): The x permission bit of the file owner appears s
SGID (Set GID): The x permission bit of the file group user appears s
SBIT (Sticky Bit): The x permission bit of other users appears t.
• SUID is located at the x position of the owner, corresponding to u+s
• SGID is located at the x position of the belonging group, corresponding to g+s
• SBIT is located at the x position of other users, corresponding to o+t
SUID and SGID are only used for executable files. SUID indicates that the executor has the authority of the file owner for the program when the program is executed; SGID indicates that the executor has the authority of the user group to which the file belongs to the program when the program is executed.
SBIT is only valid for directories, meaning that when users create files or directories in this directory, only themselves and the root user have the right to delete files.
such as:
‐rwsr‐xr‐x. 1 root root 31K 2月 22 2012 /usr/bin/passwd
‐r‐xr‐sr‐x 1 root tty 15K 7月 19 2011 /usr/bin/wall
drwxrwxrwt. 40 root root 148K 10月 13 11:01 /tmp
第一个:其他用户拥有x权限,执行该程序时,短暂获取该程序的拥有者root的权限rws。作用是让本来没有相应权限的用户在运行这个程序时,可以访问该用户没有权限访问的资源。
第二个:其他用户拥有x权限,执行该程序时,短暂获取该程序的组用户tty的权限rs。
第三个:属主root用户具有rwx权限,属组root具有rwx权限,其他用户具有rwt的权限。亦即,所有用户具有该文件夹的可读可写可cd权限,同时只有root用户、该目录下的文件所有者和目录所有者具有删除对应用户的文件及子文件夹的权限。
文件权限设置:
chmod u+s binary_file
chmod g+s binary_file
chmod o+t folder
chmod u+r file1.txt 增加属主可读权限
chmod g+r file1.txt 增加属组可读权限
chmod o+r file1.txt 增加其他用户的可读权限
chmod a+r file1.txt 增加所有用户的可读权限
chmod +x file1.txt 增加所有用户的可执行权限
chmod u‐r file1.txt 去掉属主的可读权限
chmod 777 file1.txt #看下面
权限字母与数字
| 字母 | 数字 |
|---|---|
r |
二进制表示为100,十进制为4 |
w |
二进制表示为010,十进制为2 |
x |
二进制表示为001,十进制为1 |
--- |
0 |
r-- |
4 |
-w- |
2 |
--x |
1 |
-wx |
3 |
r-x |
5 |
rw- |
6 |
rwx |
7 |
3、进程管理
进程(process)是指执行中程序的一个实例(instance)。
进程分类:
- (1).交互进程:由shell启动的进程
- (2).批处理进程:与终端没有联系,是进程序列
- (3).守护进程:在后台持续运行的进程
UNIX支持多进程。每个进程仅容许在一个极短的期间执行(几微秒的时间片time slice),之后会暂时搁置,让其他等待中的进程执行。通过调度器( scheduler)负责进程的执行。
- 进程会被指定优先级,利用
nice和renice命令调整进程的优先级。 - 平均负载(load average)给出了系统运行总负载量的一个平均值(单位时间内的可运行进程个数)。
平均负载有三个值:第一个为1分钟内的平均值;第二个为5分钟内的平均值;第三个为15分钟内的平均值。平均负载越高,表明系统工作负荷越高,此时响应可能会陷入停滞状态。
启动进程
-
手动启动
• 用户在终端输入命令,就直接启动了一个进程。
• 用户输入命令可以启动一个前台进程,前台进程控制着标准输入和输出, shell暂时挂起,命令执行完后回到shell。如ls。 后台进程命令如:
• ls &。后台进程在后台运行,终端可继续运行其他命令。
出现的数字是进程的编号 -
调度启动
• 在指定时间运行命令,调度启动命令如at、 batch、crontab
步骤1:在终端输入at 时间 后回车
步骤2:每行输入一条命令
步骤3:所有命令输入完毕后按cltr+D结束。
| 命令 | 含义 |
|---|---|
at -l/atq |
查看调度启动命令启动的调度进程列表,亦即作业列表 |
at time -f xx.sh |
对文件使用调度启动 |
at -d/ atrm |
用于删除指定的命令序列 |
batch |
用于低优先级运行作业,该命令与at命令的功能几乎完全一样,唯一的区别在于at是在指定时间执行指定命令;而batch是在系统负载较低,资源比较空闲的时候执行指定命令 |
cron |
可以让 crontab 安装的文件中的命令集每分钟执行一次,而前面的 at 和 batch 命令只使得命令集在规定时间执行一次 |
ps |
进程命令 |
kill PID |
杀死进程 |
at调度启动命令的其他时间格式
• at 5:30pm
• at 17:30
• at 17:30 today
• at now +5 hours
• at now +300 minutes
• at 17:3012.2.15
• at 17:302/12/15
• at 17:30 Feb12
调度启动 crontab命令
crontab调用命令的语法为:
crontab [‐u<user>] <file> #提交作业文件
crontab [‐u<user>] {
‐l|‐r|‐e} #显示(‐l)、删除(‐r)和修改(‐e)作业文件
# [‐u<user>]为可选的用户名参数,默认为用户自己(不带此参数)。
在crontab源文件中,前5个域指定命令被执行的时间,最后一个域是要被执行的命令。每个域之间使用空格或者指标符分割。格式如下:
<minute> <hour> <day-of-month> <month-of-year> <day-of-week> <commands>
关于每个域的说明如下:
| 名称 | 含义 | 合法值 |
|---|---|---|
| minute | 分钟 | 00-59 |
| hour | 小时 | 00-23 |
| day-of-month | 一个月的第几天 | 01-31 |
| month-of-year | 一年的第几个月 | 01-12 |
| day-of-week | 一周的星期几 | 0-6 |
| commands | 命令 |
如:
5,15,25,35,45,55 16,17,18 * * * command
# 每天下午的456点的5、15、25、35、45、55分执行命令
0 15 * * 1,3,5 shutdown -r now
# 每周一、三、五下午3:00系统进入维护状态,重新启动系统
进程查看命令ps
ps(process)用于查看linux系统所有用户进程,
• 包括当前用户、 root用户、伪用户等。
• ps命令格式:ps [选项]
• ‐e显示所有进程 ‐r显示当前终端运行进程
• ‐h不显示标题 ‐x显示所有进程不区分终端
• ‐l详细格式显示 ‐u以用户为主的格式显示进程
• ‐a显示所有终端上的进程,包括其他用户进程
其中:
| 字段 | 含义 |
|---|---|
| USER | 用户名 |
| PID | 进程ID |
| %CPU | 进程使用的CPU时间比例 |
| %MEM | 进程使用的内存占可用内存的比例 |
| VSZ | 进程在内存中的大小以kB为单位 |
| RSS | 进程在未换出时占用的物理内存 |
| TTY | 进程启动时的终端设备 |
| STAT | 代表当前进程状态的双字符状态码。 |
关于状态:
| 字母 | 含义 |
|---|---|
| < | 该进程运行在高优先级上 |
| N | 该进程运行在低优先级上 |
| L | 该进程有页面锁定在内存中 |
| s | 该进程是控制进程 |
| S | 进程处于休眠 |
| R | 进程正在运行 |
| Z | 僵尸进程 |
| T | 进程停止 |
| l | 该进程是多线程的 |
| + | 该进程运行在前台 |
4、系统监视
| 命令 | 含义 |
|---|---|
| top | 实时监视系统的资源 按ctrl+Z或q键退出top |
| free ‐m | 以MB为单位查看内存使用情况 |
| df ‐h | 以MB和GB为单位查看磁盘空间 |
其中:
| 字段 | 含义 |
|---|---|
| PID | 进程ID |
| USER | 进程属主的名字 |
| PR | 进程优先级 |
| NI | 进程的谦让度值 |
| VIRT | 进程占用的虚拟内存总量 |
| RES | 进程占用的物理内存总量 |
| SHR | 进程和其他进程共享的内存总量 |
| S | Process state (D stands for interrupted sleep state, R stands for running state, S stands for sleep state, T stands for tracking state or stop state, Z stands for rigid state) |
| %CPU | The proportion of CPU time used by the process |
| %MEM | The ratio of the memory used by the process to the available memory. |
| TIME+ | The total amount of CPU time from the start of the process to the current time |
| COMMAND | Started program name |
Two, operating skills
1. Log in to the root account on ubuntu
Ubuntu's default root password is random, that is, there is a new root password every time you boot. You can enter the command sudo passwd in the terminal, and then enter the password of the current user, enter. After that, the terminal will prompt for a new password and confirm it. The password at this time is the new root password. After the modification is successful, enter the command su root, and then enter the new password.
2. At executes the file and outputs to the file
st1: edit .sh file
st2: submit job
at 16:25 today -f ./test.sh
st3: View the job and show that it has been completed
at -l
st4: view results
cat result.txt
3. The crontab command
