rpm and kickstart
The RPM Way
will not have interactive events
Can be applied to all software, such as kernerl and other additional software can be in the form of rpm
No need to install the previous version to install the latter version
RPM Package manager
RPM components
local database /var /lib/rpm
rpm and related executables
package files
primary functions
install/remove
query
verify
build
installing and removing software
Primary RPM options:
install: rpm -i, --install If there is no old version, it will be installed. If there is an old version, it will be left at the same time New and old versions, usually used in kernel installation
upgrade: rpm -U, --upgrade will install if there is no old version, if there is an old version, it will delete the old version, install the new version, and use it to install the application software, the old version does not need to stay Or it will no longer be used. Some applications even allow only one version of
freshen to be left: rpm -F, --freshen If there is no old version, it will not be installed. If there is an old version, delete the old version and leave the new version. Generally used to update the existing system.
erase: rpm -e,–erase delete
output options: -v -h The matching option to display the installation progress
iostat need to install sysstat-5.0.5-1.i386.rpm
to support url, ftp installation such as: ftp:// http://
rpm -Uvh ftp://192.168 .0.254/pub/sysstat-5.0.5-i.i386.rpm
updating a kernel PRM
don't use rpm -U, rpm -F, the old version will be deleted, we are not sure that the new version can be used, it is recommended to keep the old version , After installing the new version, a kernel will be added in grub.conf, which means that the kernel can be updated using rpm.
RPM -Ivh Kernel -Version.arch.rpm
Boot New Kernel to Test
Revert to Old Kernel If Privems Arise
RPM -E Kernel -OldVERSION
RPM Queries
Installect Packa Ge Options:
RPM -QA Lists Installed Packages
RPM -QF FILENAME Shows Owning Package Show which package the file is installed
rpm -qf /bin/gzip
rpm -qi package_name general information package information
rpm -qi gzip
rpm -ql package_name lists files in package lists which files are included in the package
rpm -ql gzip
uninstalled package options:
rpm -qip package_file.i386.rpm displays the information of the package file that is not installed
rpm -qlp package_file.i386.rpm shows that it is not installed What files are included in the package file
rpm verification
installed rpm file verification
verifies whether the rpm package has been modified
rpm -Va verifies whether all installed files have been modified, compares it with the rpm database
rpm -V package_name verifies whether a certain file has been modified ,Compared with the rpm database
rpm -Vp package_file.i386.rpm Verify that a package is compared with the rpm package
signature verification BEFORE package install
can verify whether the file has been signed by redhat before installing the file
In fact, redhat will release the rpm package in Among them, sign a GPG signature
rpm --import RPM-GPG-KEY import gpg fingerprint file, record the signing data of each rpm file
rpm --qa gpg-pubkey check whether gpg has been imported successfully
rpm --checksig package_file.i386.rpm Query whether a certain rpm file has been signed by redhat
If you see OK, it has been signed.
other rpm utilities and features
rpm2cpio converts rpm files into cpio type files. Only root has permission to use rpm files. After conversion, it can be used by ordinary users. Conversion After the relatively large
rpm2cpio sysstat-5.0.5-1.i386.rpm > sysstat.cpio
can be imported using cpio -it < sysstat.cpio.
After execution, you can query which files are in cpio, which are stored in relative directories. Generally, we recommend creating a new folder and copying it to cpio -id < sysstat.cpio rpmdb-
redhat
to record rpm dependency suite
system -config-packages
automatic dependency resolution
How to automatically install dependent packages
1 Use the database of the software rpmdb-redhat
2 All dependent rpms must be placed in the same directory
3 Add –aid parameters
such as: rpm -ivh abc. rpm --aid
red hat network (RHN)
provides red hat e-paper
to warn us which packages need to be updated
red hat update agent
using kickstart to automate installtion using kickstart to automatically install redhat linux
To use kickstart automatic installation, you need to install this package
kickstart %packages
package to be installed
kickstart %pre %post
scripts to be executed before and after installation
The network installation server
must pass through the network, which can be through NFS, FTP, HTTP.
All redhat installation CDs must be copied to the server.
After setting up the network installation server, insert the first CD into the client to start, and copy ks.cfg to the floppy disk.
After starting, enter linux ks=floppy
user administration
user policy considerations
How many people will use it? Do you want to restrict event or location
passwords? How often does it need to be changed ? Whether to limit the
CPU and memory ? Whether to limit the hard
disk space ? File permissions rw-r–r– passwd user name after the x is removed, the user does not need a password for the next login, the shell is /sbin/nologin, then this user cannot log in to the system but can log in to the ftp of the machine
If the shell is /bin/false, this user can only send and receive mail.
adding a new user account
useradd username
system actually edits
/etc/passwd,/etc/shadow,/etc/group
create and populate home directory
set permission and ownership
set account password using passwd
/etc/skel default user/home file, The files are almost the same, the difference is that the ownership is different
Use newusers to create a large number of users, edit aaa, fill in
vi aaa according to the passwd format
user4 user4:503:503::/home/user4:/bin/bash
user5 user5:504:504:: /home/user4:/bin/bash
newusers aaa
When using newusers to create a user, only the home directory will be created and the content of the skel will not be copied.
User private groups (UPG)
When creating an account, create a private group with the same name for this account , and add this account to this private group. All the group permissions of the files created by this account will have this private group. Prevent the files added by this account from not belonging to any group.
group administration
entries added to /etc/group
groupadd
groupmod
groupdel
modifying /deleting accounts
modify user profile
modify /etc/passwd
use command usermod
to change user home
mkdir /home/test-6
chown test6:test6 /home/test-6
usermod -d /home/test-6 test6
followed by New home directory
usermod -G group1 test6 Add the user to other groups
usermod -g group2 test6 Change the user's main group
usermod -L test6 Lock the test6 account, actually change the /etc/shadow password field before adding it!
If so! !Indicates that the user has not set a password
usermod -U test6 Unlock and
delete the user
Manually edit /etc/passwd,/etc/shadow,/etc/group,/var/spool/mail/username
command mode userdel -r test6, use The userdel command will not delete the contents of the test6 group in /etc/group. You can use groupdel test6
password aging policies
. By default, the password will never expire
. For security reasons, you can force how often to change the password
Change /etc/login.defs to set the validity period of the default user password.
You can also use chage [option] user to change the password time-related parameters
chage -l user6 to view the account password information
chage -I 3 user6 lock the user account after a few days after the password expires, the default is - 1.
login shell scripts
/etc/profile
/etc/profile.d/*.sh
~/.bash_profile
~/.bashrc
/etc/bashrc
non-login shell scripts
~/.bashrc
/etc/bashrc
/etc/profile.d/*. sh
Switching account
syntax
su [-] [user]
su [-] [user] -c command If you only need to execute a certain command as a certain user, it
is allowed to temporarily switch to another account to work. By default, root
su
su is not specified -
[-] is to switch to a new user and open a login shell. If you do not add -, just switch to a new user and open a no login shell sudo so that ordinary users can execute
commands
that only root can execute
. The etc/sudoers file defines a specific account that can execute a specific command that only root can execute an
effective user id of 0
group id of root's group
/etc/sudoers When using sudo for an account that is not defined, it will notify root
vi sudoers read-only mode
visudo sudoers edit
network users
We can store user information centrally on a server on the network, including: UID, default shell, home directory, group memberships, and so on, which can be NIS or LDAP server vi
/ etc/nsswitch.conf
paaswd
shadow
group
authentication configuration
system-config-authentication GUI interface
If you add –nox after the command, the text interface will be opened.
The authconfig command directly uses the text interface.
Several authentication servers are supported:
(local files), NIS, LDAP, Hesiod, and Winbind
support authentication methods:
( NSS), Kerberos, LDAP, SMB, winbind (MS AD)
NIS configuration (configure NIS server to authenticate users)
Must install ypbind and ypserver and portmap RPMs
run system-config-authentication
enable NIS to provide user information
specify NIS server and NIS domain name
keep default authentication
what does this actually do?
four text-based configuration files are changed
/etc/sysconfig/network NISDOMAIN
/etc/yp.conf NIS server for NIS domain
/etc/nsswitch.conf use NIS
/etc/pam.d/system-auth shadow NIS
LDAP configuration
Must install nss-ldap and openldap RPMs
Run system-config-authentication
enable ldap to provide user information
specify server,the search base DN and TLS
enable LDAP to provide authentication
The purpose for using authentication tool
four text-based configuration files are changed
/etc/ldap.conf
/etc/openldap/ldap.conf
/etc/nsswitch.conf
/etc/pam.d/system-auth
file ownership
every file has both user and group “ownership”
a newly create file will be owned by:
the user who create it
the current primary group of that user
sgid directories may change this behavior
the chown command can be used by root to change ownership
linux file permission
access levels
u user
g group
o other
access modes
w write
r read
x execute
flags indicate access mode for each access level
file mods is a concise collective of flags’values expression
d directory
- file
sudi /sgid executables
By default, when a user executes an executable file, it will execute it as its own identity, but when SUID or SGID is set, the user will execute
the sticky bit as the user owner and the group it belongs to
. If the user is in a directory If there is write permission, then no matter what permissions are on the file, and no matter who the owner of the file is, the user can delete the file in the directory, but if the sticky permission is set on the directory, then in this The files in the directory can only be deleted by the owner of the file.
the setgid access mode
By default, the files created by the user in the directory will belong to the default group, but if the SGID permission is set on this directory , Then, the files created by the user in this directory will belong to the group default file permission to which this
directory
belongs
-system user's umask 002
files will have permission of 664
directories will have permissionm of 775
support user private groups
system user's umask 022
/etc/bashrc defines
a judgment statement for umask to judge whether the user is consistent with the group it belongs to, and the consistency is 022 , inconsistent 022
access control lists (ACLs)
Grant RWX access to files to multiple users or groups
ACLs can set permissions for a specific file or a specific directory for certain specific users or groups
vi fstab
LABEL=/ / ext3 default,acl 0 0
getfacl / opt Check the acl setting
setfacl of the directory Set acl
setfacl -mu:user1:rx /project1
Open r and x permissions for user1 on the project1 directory
printing and administration tools
CUPS Overview
common unix printing system
supports *.html *.pdf *.jpg ... and other formats
CUPS configuration files
/etc/cups/cupsd.conf
/etc/cups/printers.conf
lpadmin
system-config-printer
cups web interface form
CUPS queue management
system-config-printer
system-config-printer-tui
http:/ /localhost:631
cron
You can let the system do a certain job at a specified time
man crontab
man 5 crontab
blue is a group, red is a group, and the middle is the relationship of or
The crontab tasks connected by or between the date and the week
are executed in the background. For example, the echo command will not be displayed on the terminal. After execution, an email will be sent to root
controlling access to cron
/etc/cron. allow
/etc/cron.deny
restricts who can use cron
system crontab files
/etc/crontab
The crontab file in the system, the crontab used by the system exists in the above file.
02 4 * * * root run-parts /etc/cron.hourly
Execute all scripts in the /etc/cron.hourly directory as root
/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc /cron.monthly
system cron job: tmpwatch
/etc/cron.daily/tmpwatch
The system executes this scripts every day
man tmpwatch clears files that have not been accessed by the system for a long time
By default, tmpwatch will judge the atime of the file, check whether to clear this document.
system cron job: logrotate
/etc/cron.daily/logrotate Compress and mail the log files of the system.
You can set logrotate through /etc/logrotate.conf.
By default, the system log is compressed and backed up every week, and stored in /var/log/messages There are two services in the
system logging system responsible for recording the system log, syslogd is responsible for recording the log generated by the application program, and klogd is responsible for recording the log generated by the kernel
none<debug< info<notice<warning<error<critical<alert<emerg
none : Do not record the log
debug: debug information, the log generated when the system is debugging, does not belong to the error log, and does not need to be paid too much attention.
info: -General notification information, used to feedback the current status of the system to the current user.
notice : Reminder message, you need to check the program, and errors may occur if you ignore it.
warning: warning information, when a warning appears, your program may have a problem, but it does not affect the normal operation of the program, so deal with it as soon as possible to avoid service downtime.
error: error message, when this item appears, it has already been pointed out that there is a problem with the service, and the service cannot confirm whether it can run normally.
critical : Serious error message, the service has been down and may not be repaired.
alert : Alert information that requires immediate action. Not only is the service down, but it will also affect the normal operation of the system.
emerg: Emergency information, the system may not be available, if it cannot be resolved, please reinstall it.
syslogd and klogd judge whether to record and what level of log to record according to the settings in /etc/syslog.conf.
System logs are classified and stored in /var/log.
syslog configuration
/etc/syslog.conf
mail.* - /var/log /mailog "- is to store the mail log in the ram buffer now, and then store it to the hard disk after a certain amount. Usually, this method is used when the log file is very large. *.emerg * After any program generates an emerg level
log Displayed to all users, * represents all users
local7.* /var/log/boot.log records the log generated when the system boots.
If you want to transfer the log to other servers, modify /etc/syslog.conf
authpriv.* @ Server1
must also be set on server1 to accept logs from other servers
vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r -m 0"
tape drives
(DAT:digital autdio tape DDS:digital date storage DLT:digital linear open)
/dev/stN
If the system detects that there is a scsi tape device, it will be placed in the above directory.
/dev/[n]stN
does not automatically bring back the scsi tape device
man st
/FILES
/dev/st* : the auto-rewind SCSI tape devices
/dev/nst* : the non-rewind SCSI tape devices
man mt
mt controls the head of the tape drive
using tar
is used to package and compress a directory or file into a file
man tar
tar -czvf /var/home.tar.gz /home
tar -tf /var/home.tar.gz
tar xzf home.tar.gz
using dump /restore
dump can back up the ext2/3 format file system, that is, it can back up the entire partition.
Dump can be backed up at different levels.
A level 0, full backup, guarantees the entire file system is copied (but see also the -h option below). A level number above 0, incremental backup, tells dump to copy all files new or modified since the last dump of a lower level. The default level is 9
0 is a full backup, incremental backup backs up the data changed since the last backup, dump judges the last backup time according to levels, and backs up the latest data with a lower level than this time.
Usually 02143 is used for backup, in order to restore files easily.
dump -0 -u -f ~/backup /dev/sda1
-f is to specify where to backup, such as /dev/st0 (a tape drive), /dev/rsd1c (a floppy disk drive), an ordinary file, or - (the standard output)
The level of -u dump is recorded by /etc/dumpdates, and -u is to update the records in the dumplevel.
using cpio
can copy the content from the packaged file, that is, decompress the packaged file, or add content to the packaged file
-i Run in copy-in mode, copy-in mode is from a packaged Copy the content contained in a good file, that is, unpack a packaged file.
-o Run in copy-out mode, copy-out is to copy other answers into a large packaged file, that is, to package the file.
-t List which files are contained in a packaged archive.
find /test/ | cpio -o > test.cpio
Use cpio to package test files.
cpio -it < test.cpio
to view the content in
cpio cpio -id < test.cpio
to decompress the file, you must decompress it to a directory without the original file, that is to say, there is no folder with the same name.
remote backups
usrname@hostname:/path
tar -czvf root@example1:/var/home.tar.gz /home backs up the local home to the remote host
dump -0uf root@example1:/var/home.dump /home backs up the local home to the remote host
the X window system
Xorg: the X11 server, X is a protocol used to define the basic functions and communication methods of graphics.
X11 (binary code) is responsible for communicating with the underlying hardware input and output devices.
X Server
X Client
Xorg Server Configuration
Usually after the installation is complete, the system will automatically execute the setting tool of x server
in runlevel 3:system-config-display can start Xserver The setting tool
can use runlevel to determine runlevel
X window in runlevel 3
How to start X window in runlevel 3
startx
The system first judges whether there is ~/.xinitrc, if there is a setting in this file, then execute the script under /etc/X11/xinit/xinitrc.d/*; if not, execute the setting in /etc/X11/xinit/xinitrc Sure, there is no ~/.xinitrc by default. After the script is executed, check whether there is ~/.Xclients. If there is, execute the settings in it, and then execute the desktop settings. If not, execute Xclients
X window in runlevel 5
How to start X window in the environment of runlevel 5
How to use remote X Server services for remote x sessions
Use ssh -Y 192.168.8.100
[email protected]'s passwd:
last login:Thu Oct 20 16:39:50 2008 from ns.domain.com
[root@example ~]xterm #Input the graphical interface program to be used at the remote prompt character, such as xclock or xterm
advanced filesystem management
software RAID configuration
The raid5 xor operation gets a value.
Software RAID uses partitions to simulate hard disks to realize RAID.
Divide the hard disk into 2 partitions of the same size, labeled as fd, add 2 partitions to fdisk /dev/sdb
mdamd -C /dev/md0 -l 0 -n 2 /dev/sdb2 /dev/sdb3
cat /proc/mdstat
mke2fs -j /dev/md0
mkdir /raiddata
ls -l /raiddata
mount /dev/md0 /raiddata/
ls -l /raiddata/
df -h
software RAID recovery
mdamd /dev/md0 -f /dev/sdb2 Simulate onsdb2 broken
mdamd /dev/md0 -a /dev/sdb2 Add a new partition to rai.
Converting LVM1 to LVM2
Logical Volume Manager
PV—VG—similar format, get PE(Virtual Disk)—only after LV is divided to save data.
The advantage of using lvm is that it can dynamically expand lv
vgconvert -M2 vg0 Convert lvm1 to lvm2
creating logical volumes
to create a new one 2 partitions, change the partition type: 8e
w exit, prompt to restart to take effect, you can also use the partprobe command
pvcreate /dev/sdb5 #Convert the partition to PV
pvcreate /dev/sdb6 #Convert the partition to PV
vgcreate vg1 /dev/sdb5 /dev/sdb6 #Create vg1 lvcreate
-L 30M -n lv01 vg1 #Create a 30m named lv01 the lv.
ls -l /dev/vg1/
mke2fs -j /dev/vg1/lv01 #Format the logic volume corresponding to lv01
mkdir /lvmdata
ls -l /lvmdata
mount /dev/vg1/lv01 /lvmdata
vi /etc/fstab
resizing logincal volumes
Enlarge LV
lvextend -L +20M /dev/vg1/lv01
df -h
has not been formatted after enlargement, so use df -h to check whether lv01 is still 30M
ext2online /dev/vg1/lv01 #File system mounted in ext2online format
df - h
Enlarge VG
to create a new partition, modify partition type 8e, partprobe
pvcreate /dev/sdb7 #create pv
vgextend vg1 /dev/sdb7 #expand vg1
vgdisplay vg1 #use vgdisplay to check whether vg1 is enlarged
and delete VG
Delete lv first, delete lv first umount, umount /lvmdata
df -h
lvremove /dev/vg1/lv01 #delete lv01
vgremove vg1 #delete vg1
vgdisplay vg1 #prompt that vg1 does not exist, prove that vg1 has been deleted
the linux quota system
Disk quotas
Quotas can be used on each file system, and restrictions can be set according to users and groups.
Different parameters must be added when mounting the file system: usrquota grpquota
can limit the number of blocks (hard disk space) and the number of indoes (the number of files and directories created)
soft limit (temporarily exceeding the quota)
grace period (how long, the default is one week )
hard limit #grace period will become hard limit after the period.
Corresponding parameters must be added in fstab.
Add usrquota or grpquota after the directory that needs to be added to the quota.
vi /etc/fstab
mount -o remount /home
quotacheck -c / home #Scan the home directory and store the data here.
ls -l /home
directory has multiple aquota.user
quotaon /home
use user1 to log in
dd if=/dev/zero of=big bs=1M count=6
ls -lh
use root
edquota user1
to open user1 user quota configuration,
save and exit after modification
su - user1
quota
ls -lh
dd if=/dev/zero of=big1 bs=1M count=3
dd if=/dev/zero of=big2 bs=1M count=3 ls
-lh
edquota -p user1 user2
copy the configuration of user1 to user2 repquota
-a
troubleshooting Symptoms will only appear when the problem occurs, and it will not tell us where the problem is. Therefore, try to collect symptom information to define what is wrong with the system, and also define which functions in the system are normal. After collecting relevant information, it is possible to assume the problem What is the reason? We can check whether the problem is caused by this reason according to the log file. If you must modify the settings to eliminate the problem, it is best to back up the original file before modifying things to check: x (when there is a problem with the x window ) do not troubleshoot under runlevel 5
Restart and enter runlevel 3 and exclude
system-config-display to see if you can open the x setting tool. If not, the problem may be in the graphics card.
Use X -probeonly to check the graphics card. Use /etc/X11/xorg.conf configuration to test whether it can Start the x server, and record the log in /var/log/Xorg.0.log.
If there is no problem with the graphics card, check whether the /home and /tmp directories are full.
df -h /home
df -h /var
Check if the xfs service is started
service xfs status
things to check:networking
hostname resolution
dig hostname
ip configuration
ifconfig
default gateway
route -n
correct kernel modules for NIC
cat /etc/modprobe.conf
device activation Restart
ifdown eth0
ifup eth0
order of the boot process Troubleshooting process
bootloader configuration
GRUB
kernel
Is the kernel loaded correctly ? If a
panic
occurs when booting, it means that the root directory has not been successfully mounted.
Check /sbin/init and /etc/inittab
to check whether the root directory is damaged
. /etc/rc.d/rc.sysinit has not been successfully executed. If so,
it is possible that /bin/bash is damaged or /etc/fstab is incorrectly set. Check whether there is any problem with the scripts in the
/etc/rc.d/rc and /etc/rc.d/rc?.d/ directories filesystem corruption file system Faults are usually caused by abnormal shutdown First unmount the filesystem fsck -y For example, there is a problem with the /home system umount /home ls /home #The directory must be empty to confirm that /home is unmounted fsck -y /dev/sda2 #/home Corresponding to /dev/sda2 mount /dev/sda2 /home ls /home recovery run-level single user mode runlevel 1 How to enter: key a to modify the boot menu, ro root=LABLE/ 1 runlevel S How to enter: Welcome to red hat appears when booting enterprise linux es
press 'I' to enter interactive startup
will prompt one by one whether to start a certain service
runlevel emergency entry method: when the /etc/fstab setting is wrong, it will enter or the file system is damaged. In emergency mode, the command must use an absolute path to find
some /etc/rc.sysinit, that is, nologin mode
rescue mode
. When the file system where the root directory is located is damaged or the boot loader is damaged,
boot from CDROM
can use the first CD to boot. Or burn the boot.iso inside to the CD
or copy the diskboot.img inside to the USB key.
Use the above method to start before you can use the command to enter rescue mode.
Rescue mode will try to find the file system where the root directory is located and Mount the root directory to the /mnt/simage directory
to simulate when the MBR is damaged:
dd if=/dev/zero of=/dev/sda bs=446 count=1 #Destroy the MBR, only one cursor will appear after restarting to modify the
setup, Start with the CD-ROM, put in the first CD, enter
linux rescue at the boot: prompt
to try to find the root directory, and mount it to /mnt/sysimage
Follow the prompts to complete and enter sh-3.00#
Input grub-install /dev/sda
It will prompt that the command cannot be found. This is because dev is under the root directory, and the root directory is mounted to the /mnt/sysimage directory, so use the chroot /mnt/sysimage/ command to make the /mnt/sysimage directory the root directory and
then Use the command grub-install /dev/sda
exit #exit change root mechanism
exit #exit rescue mode
to simulate when the file system where the root directory is located has a problem:
the damage to the file system where the root directory is located does not necessarily mean that the file system is damaged. It may be that the system cannot find the root directory.
vi /etc/grub/grub.conf destroys the grub settings
, such as deleting the line kernel /boot/vmlinuz-2.6.18-8.el5 ro root=LABEL=/ rhgb quiet, so that the system cannot find the root directory when it is turned on