RHCE_pdf下載下傳: 下載下傳位址
兩台虛拟機,請認準機器再做。
本域是domainX.example.com,172.25.X.0/24;敵對域my133t.org,172.26.X.0/24
***************開始練習前先運作,預備環境(考試時無需做這個)
練習準備lab teamdesk setup , desktop上做,建立eno1和eno2網卡
練習準備lab teambridge setup, server上做,建立eno1和eno2網卡
練習準備lab storageshares setup , server和desktop都需要做,将機器加入域,能作krb5p
考試準備工作:
一次性放開本域的所有通路(server,desktop)
firewall-cmd --permanent --list-all
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address="172.25.16.0/24" accept'
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# firewall-cmd --list-all
rich rules:
rule family="ipv4" source address="172.25.16.0/24" accept
如遇到阻止需求,明确reject即可。
正式答題:
1.配置 SELinux(server,desktop)
SELinux 必須在兩個系統server 和 desktop中運作于 Enforcing 模式
[[email protected] ~]# setenforce 1
[[email protected] ~]# vim /etc/selinux/config
SELINUX=enforcing
在兩個虛機都做
2.配置SSH通路(server,desktop)
按以下要求配置SSH通路:
使用者能夠從域 domainX.example.com内的用戶端通過SSH遠端通路您的兩個虛拟機系統,在域 my133t.org 内的用戶端不能通路您的兩個虛拟機系統
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address="172.26.16.0/24" service name="ssh" reject'
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# firewall-cmd --list-all
rich rules:
rule family="ipv4" source address="172.26.16.0/24" service name="ssh" reject
在兩個虛機都做
3.自定義使用者環境(server,desktop)
在系統 server 和 desktop上建立自定義指令名為 qstat 此自定義指令将執行以下指令:
/bin/ps -Ao pid,tt,user,fname,rsz
此指令對系統中所有使用者有效。
[[email protected] ~]# vim /etc/bashrc
末尾加 alias qstat='/bin/ps -Ao pid,tt,user,fname,rsz'
[[email protected] ~]# . /etc/bashrc
[[email protected] ~]# qstat
在兩個虛機都做
4.配置端口轉發
在系統 server 配置端口轉發, 要求如下:
在 172.25.X.0/24 網絡中的系統, 通路 server 的本地端口 5423 将被轉發到80
此設定必須永久有效
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address="172.25.16.0/24" forward-port port=5423 protocol=tcp to-port=80'
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]# firewall-cmd --list-all
rule family="ipv4" source address="172.25.16.0/24" forward-port port="5423" protocol="tcp" to-port="80"
5.配置聚合鍊路(server,desktop)
在 server.domainX.example.com 和 desktop.domainX.example.com之間按以下要求配置一個鍊路:
此鍊路使用接口 eno1 和 eno2
此鍊路在一個接口失效時仍然能工作
此鍊路在 server 使用下面的位址 172.16.X.25/255.255.255.0
此鍊路在 desktop 使用下面的位址 172.16.X.35/255.255.255.0
此鍊路在系統重新開機之後依然保持正常狀态
[server]
[[email protected] ~]# nmcli con show --active
NAME UUID TYPE DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[[email protected] ~]# nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}'
[[email protected] ~]# nmcli con modify team0 ipv4.method manual ipv4.addresses "172.16.16.25/24"
[[email protected] ~]# nmcli con add type team-slave con-name team0-port1 ifname eno1 master team0
[[email protected] ~]# nmcli con add type team-slave con-name team0-port2 ifname eno2 master team0
[[email protected] ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eno2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eno1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eno1
[[email protected] ~]#
[desktop]
desktop端隻改變ip其他相同。
6.配置IPv6位址(server,desktop)
在您的考試系統上配置接口 eth0 使用下列IPv6位址:
server 上的位址應該是 200e:ac18::e0a/64
desktop 上的位址應該是 200e:ac18::e14/64
兩個系統必須能與網絡 200e:ac18/64 内的系統通信。
位址必須在重新開機後依舊生效。
兩個系統必須保持目前的IPv4位址并能通信。
[[email protected] ~]# nmcli con modify "System eth0" ipv6.method manual ipv6.addresses '200e:ac16::e0a/64'
[[email protected] ~]# nmcli con down "System eth0"; nmcli con up "System eth0"
兩台都做,複制時注意修改ip;
7.配置本地郵件服務(server,desktop)
在系統server 和 desktop 上 配置郵件服務,滿足以下要求:
這些系統不接收外部發送來的郵件
在這些系統上本地發送的任何郵件都會自動路由到 classroom.example.com
從這些系統上發送的郵件顯示來自于 domainX.example.com
您可以通過發送郵件到本地使用者 ‘dave’ 來測試您的配置, 系統 classroom.example.com 已經配置把此使用者的郵件轉到下列URL http://classroom.example.com/received_mail/X
[[email protected] ~]# postconf -e "relayhost= classroom.example.com"
[[email protected] ~]# postconf -e "inet_interfaces=loopback-only"
[[email protected] ~]# postconf -e "mynetworks=127.0.0.0/8 [::1]/128"
[[email protected] ~]# postconf -e "myorigin= domainX.example.com"
[[email protected] ~]# postconf -e "mydestination="
[[email protected] ~]# postconf -e "local_transport=error: local delivery disabled"
[[email protected] ~]# systemctl restart postfix
[[email protected] ~]# systemctl enable postfix
[[email protected] ~]# mail -s "Hello" [email protected]
aaaaaaaaaaaaaaaaa
EOT [ctrl+D]
[[email protected] ~]#
兩台都做
8.通過 SMB 共享目錄
在server上配置SMB服務
您的 SMB 伺服器必須是 STAFF 工作組的一個成員
共享 /common 目錄 共享名必須為 common
隻有 domainX.example.com 域内的用戶端可以通路 common 共享
common 必須是可以浏覽的
使用者 andy 必須能夠讀取共享中的内容,如果需要的話,驗證的密碼是 sestiver
[server]
[[email protected] ~]# yum -y install samba samba-client
[[email protected] ~]# vim /etc/samba/smb.conf
workgroup = STAFF
hosts allow = 127. 172.25.16.
hosts deny = 172.26.16.
#============================ Share Definitions ==============================
[common]
path = /common
browseable = yes
read list = andy
[[email protected] ~]# mkdir /common
[[email protected] ~]# semanage fcontext -a -t samba_share_t '/common(/.*)?'
[[email protected] ~]# restorecon -vRF /common/
[[email protected] ~]# systemctl start nmb smb
[[email protected] ~]# systemctl enable nmb smb
[[email protected] ~]# useradd andy
[[email protected] ~]# smbpasswd -a andy
New SMB password:
Retype new SMB password:
Added user andy.
[[email protected] ~]# pdbedit -L
andy:1001:
[desktop]
[[email protected] ~]# yum install samba-client cifs-utils
[[email protected] ~]# smbclient -L //172.25.16.11
Sharename Type Comment
--------- ---- -------
common Disk
[[email protected] ~]# smbclient //172.25.16.11/common -U andy%sestiver
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
smb: \> ls
. D 0 Sun Oct 29 14:51:24 2017
.. D 0 Sun Oct 29 15:07:49 2017
40913 blocks of size 262144. 28568 blocks available
smb: \> quit
9.配置多使用者SMB 挂載
在server 共享通過SMB目錄 /miscellaneous 滿足以下要求:
共享名為 miscellaneous
共享目錄 miscellaneous 隻能被 domainX.example.com 域中的用戶端使用
共享目錄 miscellaneous 必須可以被浏覽
使用者 silene 必須能以讀的方式通路此共享, 通路密碼是 sestiver
使用者 akira 必須能以讀寫的方式通路此共享, 通路密碼是 sestiver
此共享永久挂載在 desktop.domainX.example.com 上的 /mnt/multi 目錄, 并使用使用者 silene 作為認證 任何使用者可以通過使用者 akira 來臨時擷取寫的權限
[server]
[[email protected] ~]# vim /etc/samba/smb.conf
[miscellaneous]
path = /miscellaneous
browseable = yes
read list = silene
write list = akira
[[email protected] ~]# mkdir /miscellaneous
[[email protected] ~]# chcon -R -t samba_share_t /miscellaneous/
[[email protected] ~]# chmod o+w /miscellaneous/
[[email protected] ~]# ll -d /miscellaneous/
drwxr-xrwx. 2 root root 6 Oct 29 15:07 /miscellaneous/
[[email protected] ~]# systemctl restart nmb smb
[[email protected] ~]# useradd silene
[[email protected] ~]# useradd akira
[[email protected] ~]# smbpasswd -a silene
New SMB password:
Retype new SMB password:
Added user silene.
[[email protected] ~]# smbpasswd -a akira
New SMB password:
Retype new SMB password:
Added user akira.
[[email protected] ~]# systemctl restart nmb smb
[[email protected] ~]#
[desktop]
[[email protected] ~]# touch a b c
[[email protected] ~]# smbclient //172.25.16.11/miscellaneous -U silene%sestiver
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> put a
NT_STATUS_ACCESS_DENIED opening remote file \a
smb: \> quit
[[email protected] ~]# smbclient //172.25.16.11/miscellaneous -U akira%sestiver
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> put a
putting file a as \a (0.0 kb/s) (average 0.0 kb/s)
smb: \> ls
. D 0 Sun Oct 29 15:25:29 2017
.. D 0 Sun Oct 29 15:07:49 2017
a A 0 Sun Oct 29 15:25:29 2017
40913 blocks of size 262144. 28568 blocks available
smb: \>quit
[[email protected] ~]# vim /etc/fstab
[[email protected] ~]# vim /etc/fstab
//172.25.16.11/miscellaneous /mnt/multi cifs credentials=/root/a.txt,multiuser,sec=ntlmssp 0 0
[[email protected] ~]# mkdir /mnt/multi
[[email protected] ~]# vim a.txt
username=silene
password=sestiver
username=akira
password=sestiver
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
//172.25.16.11/miscellaneous 10G 3.1G 7.0G 31% /mnt/multi
[[email protected] ~]# useradd aaa
[[email protected] ~]# useradd bbb
[[email protected] ~]# su - aaa
[[email protected] ~]$ cd /mnt/
[[email protected] mnt]$ ll
ls: cannot access multi: Permission denied
total 0
drwxr-xr-x. 2 root root 6 Oct 29 11:21 data
??????????? ? ? ? ? ? multi
[[email protected] mnt]$ cifscreds add server16 -u silene
Password:
[[email protected] mnt]$ ll
total 0
drwxr-xr-x. 2 root root 6 Oct 29 11:21 data
drwxr-xrwx. 2 root root 0 Oct 29 15:25 multi
[[email protected] mnt]$ cd multi/
[[email protected] multi]$ ls
a
[[email protected] multi]$ touch aaa
touch: cannot touch ‘aaa’: Permission denied
[[email protected] multi]$ exit
logout
[[email protected] ~]# su - bbb
[[email protected] ~]$ cd /mnt/
[[email protected] mnt]$ ll
ls: cannot access multi: Permission denied
total 0
drwxr-xr-x. 2 root root 6 Oct 29 11:21 data
??????????? ? ? ? ? ? multi
[[email protected] mnt]$ cifscreds add server16 -u akira
Password:
[[email protected] mnt]$ ll
total 0
drwxr-xr-x. 2 root root 6 Oct 29 11:21 data
drwxr-xrwx. 2 root root 0 Oct 29 15:25 multi
[[email protected] mnt]$ cd multi/
[[email protected] multi]$ touch aaa
[[email protected] multi]$ ll
total 0
-rwxr--r--. 1 aaa aaa 0 Oct 29 15:25 a
-rw-r--r--. 1 aaa aaa 0 Oct 29 15:55 aaa
[[email protected] multi]$
11.配置NFS服務
在 server 配置NFS服務,要求如下:
以隻讀的方式共享目錄 /public 同時隻能被 domainX.example.com 域中的系統通路
以讀寫的方式共享目錄 /protected 能被 domainX.example.com 域中的系統通路
通路 /protected 需要通過Kerberos安全加密, 您可以使用下面URL提供的密鑰 http://host.domainX.example.com/pub/materials/nfs_server.keytab.
目錄 /protected 應該包含名為 confidential 擁有人為deepak 的子目錄
域使用者 deepak 能以讀寫方式通路 /protected/confidential
***************練習準備lab storageshares setup,server和desktop都需要做
[[email protected] ~]# mkdir /public
[[email protected] ~]# mkdir -p /protected/confidential
[[email protected] ~]# vim /etc/exports
/public 172.25.16.0/24(ro)
/protected 172.25.16.0/24(rw,sec=krb5p)
[[email protected] ~]# exportfs -r
[[email protected] ~]# cd /protected/
[[email protected] protected]# ll
total 0
drwxr-xr-x. 2 root root 6 Oct 29 16:10 confidential
[[email protected] protected]# chown ldapuser16:root confidential/
[[email protected] protected]# ll
total 0
drwxr-xr-x. 2 ldapuser16 root 6 Oct 29 16:10 confidential
[[email protected] protected]# cd
[[email protected] ~]# vim /etc/sysconfig/nfs
RPCNFSDARGS="-V 4.2"
[[email protected] ~]# wget -O /etc/krb5.keytab http://172.25.254.254/pub/keytabs/server16.keytab
[[email protected] ~]# systemctl start nfs-server
[[email protected] ~]# systemctl start nfs-secure-server
[[email protected] ~]# systemctl enable nfs-server.service
[[email protected] ~]# systemctl enable nfs-secure-server.service
12.nfs用戶端
開機自動挂載
public /mnt/nfsmount
protected /mnt/nfssecure
[[email protected] ~]# wget -O /etc/krb5.keytab http://172.25.254.254/pub/keytabs/desktop16.keytab
[[email protected] ~]# vim /etc/fstab
172.25.16.11:/public /mnt/nfsmount nfs defaults 0 0
172.25.16.11:/protected /mnt/nfssecure nfs defaults,v4.2,sec=krb5p 0 0
[[email protected] ~]# systemctl start nfs-secure
[[email protected] ~]# systemctl enable nfs-secure.
[[email protected] ~]# mkdir /mnt/{nfsmount,nfssecure}
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
172.25.16.11:/public 10G 3.1G 7.0G 31% /mnt/nfsmount
172.25.16.11:/protected 10G 3.1G 7.0G 31% /mnt/nfssecure
[[email protected] ~]#
13.配置web站點
server 上配置一個站點 http://server.domainX.example.com 然後執行下述步驟:
從 http://172.25.254.254/content/rhce/web/station.html
下載下傳檔案,并且将檔案重命名為 index.html 不要修改此檔案的内容
将檔案 index.html 拷貝到您的 web 伺服器的 DocumentRoot 目錄下
來自于 domainX.example.com 域的用戶端可以通路此Web服務
來自于 my133t.org 域的用戶端拒絕通路此Web服務
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# wget -O index.html http://172.25.254.254/content/rhce/web/station.html
[[email protected] html]# ls
index.html
[[email protected] html]# cat index.html
stationX
[[email protected] html]# cd /usr/share/doc/httpd-2.4.6/
[[email protected] httpd-2.4.6]# ls
[[email protected] httpd-2.4.6]# cp httpd-vhosts.conf /etc/httpd/conf.d/13.conf
[[email protected] httpd-2.4.6]# cd /etc/httpd/conf.d
[[email protected] conf.d]# vim 13.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server16.example.com
</VirtualHost>
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl enable httpd.service
[[email protected] ~]# netstat -ntlp
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=172.26.16.0/24 service name="http" reject'
[[email protected] ~]# firewall-cmd --reload
[[email protected] ~]# firewall-cmd --list-all
[desktop]
[[email protected] ~]# firefox http://server16.example.com
[[email protected] ~]# curl http://server16.example.com
stationX
14 配置安全web服務
為站點 http://server.domainX.example.com 配置TLS加密 一個已簽名證書從 http://host.domainX.example.com/pub/materials/server.crt 擷取 此證書的密鑰從 http://host.domainX.example.com/pub/materials/server.key 擷取 此證書的簽名授權資訊從 http://host.domainX.example.com/pub/materials/domainX.crt 擷取
[server]
[[email protected] ~]# yum -y install mod_ssl
[[email protected] ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/var/www/html" (59)
ServerName www.example.com:443 (60)
SSLCertificateFile /etc/pki/tls/certs/server16.crt (100)
SSLCertificateKeyFile /etc/pki/tls/private/server16.key (107)
[[email protected] ~]# cd /etc/pki/tls/
[[email protected] tls]# ls
[[email protected] tls]# cd certs/
[[email protected] certs]# wget http://172.25.254.254/pub/tls/certs/server16.crt
[[email protected] certs]# cd ../private/
[[email protected] private]# wget http://172.25.254.254/pub/tls/private/server16.key
[[email protected] certs]# cd
[[email protected] ~]# systemctl restart httpd.service
[desktop]
[[email protected] ~]# firefox https://server16.example.com
[[email protected] ~]# curl -k https://server16.example.com
stationX
15.配置虛拟主機
在 server 上擴充您的 web 伺服器,為站點 http://www.domainX.example.com建立一個虛拟主機,然後執行下述步驟:
設定 DocumentRoot 為 /var/www/virtual
從 http://classroom.example.com/pub/materials/www.html
下載下傳檔案并重命名為 index.html 不要對檔案 index.html 的内容做任何修改
将檔案 index.html 放到虛拟主機的 DocumentRoot 目錄下
確定 andy 使用者能夠在 /var/www/virtual 目錄下建立檔案
注意:原始站點 http://server.domainX.example.com 必須仍然能夠通路, 名稱伺服器 rhmgr.domainX.example.com 提供對主機名 www.domainX.example.com 的域名解析
[server]
[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# ls
13.conf autoindex.conf README ssl.conf userdir.conf welcome.conf
[[email protected] conf.d]# cp 13.conf 15.conf
[[email protected] conf.d]# vim 15.conf
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www16.example.com
</VirtualHost>
[[email protected] conf.d]# cd /var/www/
[[email protected] www]# mkdir virtual
[[email protected] www]# setfacl -m u:andy:rwx virtual/
[[email protected] www]# setfacl -m d:u:andy:rwx virtual/
[[email protected] www]# cd virtual/
[[email protected] virtual]# wget -O index.html http://172.25.254.254/content/rhce/web/www.html
[[email protected] virtual]# cd
[[email protected] ~]# systemctl restart httpd.service
[desktop]
[[email protected] ~]# firefox http://www16.example.com
[[email protected] ~]# curl http://www16.example.com
wwwX
16 配置 web 内容的通路
在您的server 上的 web 伺服器的 DocumentRoot 目錄下 建立一個名為 secret 的目錄,要求如下:
從 http://classroom.example.com/pub/materials/private.html 下載下傳一個檔案副本到這個目錄,并且重命名為 index.html。
不要對這個檔案的内容做任何修改。
從 server 上,任何人都可以浏覽 secret 的内容, 但是從其它系統不能通路這個目錄的内容
[[email protected] ~]# mkdir /var/www/html/secret
[[email protected] ~]# mkdir /var/www/virtual/secret
[[email protected] ~]# cd /var/www/html/secret
[[email protected] secret]# wget -O index.html http://172.25.254.254/content/rhce/web/secret1.html
[[email protected] secret]# cd /var/www/virtual/secret
[[email protected] secret]# wget -O index.html http://172.25.254.254/content/rhce/web/secret2.html
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# vim 16.conf
<Directory /var/www/html/secret>
Require local
Require all denied
</Directory>
<Directory /var/www/virtual/secret>
Require local
Require all denied
</Directory>
[[email protected] conf.d]# httpd -t
[[email protected] conf.d]# cd
[[email protected] ~]# systemctl restart httpd.service
[[email protected] ~]# firefox http://server16.example.com/secret
[[email protected] ~]# curl http://server16.example.com/secret/
secret1/
[[email protected] ~]# firefox http://www16.example.com/secret
[[email protected] ~]# curl http://www16.example.com/secret/
secret2/
[desktop]
[[email protected] ~]# firefox http://server16.example.com/secret/
[[email protected] ~]# firefox http://www16.example.com/secret/
17 實作動态Web内容
在 server 上配置提供動态Web内容,要求如下:
動态内容由名為dynamic.domainX.example.com的虛拟主機提供 ###########教室練習請用webappX.example.com##########
虛拟主機偵聽在端口 8998
從 http://classroom.example.com/pub/materials/webapp.wsgi 下載下傳一個腳本,然後放在适當的位置, 無論如何不要求修改此檔案的内容
用戶端通路 http://dynamic.domainX.example.com:8998/ 時 應該接收到動态生成的web頁面
此 http://dynamic.domainX.example.com:8998/ 必須能被 domainX.example.com 域内的所有系統通路
[server]
[[email protected] ~]# yum install mod_wsgi
[[email protected] ~]# cd /etc/httpd/conf.d/
[[email protected] conf.d]# cp 13.conf 17.conf
[[email protected] conf.d]# vim 17.conf
Listen 8998
<VirtualHost *:8998>
DocumentRoot "/var/www/html"
ServerName server16.example.com
WSGIScriptAlias / /var/www/html/webapp.wsgi
</VirtualHost>
[[email protected] conf.d]# httpd -t
[[email protected] ~]# cd /var/www/html/
[[email protected] html]# wget http://172.25.254.254/content/rhce/web/webapp.wsgi
[[email protected] ~]# semanage port -l |grep http
[[email protected] ~]# semanage port -a -t http_port_t -p tcp 8998
[[email protected] ~]# systemctl restart httpd.service
[desktop]
[[email protected] ~]# firefox http://webapp16.example.com:8998
18 shell程式設計
檔案名/root/script
參數foo顯示bar,參數bar顯示foo,
沒有參數或錯誤顯示“/root/script foo|bar”錯誤資訊
[[email protected] ~]# vim /root/script
#!/bin/bash
if [ "$#" -eq 1 ]
then
if [ "$1" == "bar" ]
then
echo "foo"
elif [ "$1" == "foo" ]
then
echo "bar"
else
echo "/root/script foo|bar" >&2
fi
else
echo "/root/script foo|bar" >&2
fi
[[email protected] ~]# chmod a+x /root/script
[[email protected] ~]# ./script foo
bar
[[email protected] ~]# ./script bar
foo
[[email protected] ~]# ./script
/root/script foo|bar
19.建立一個添加使用者的腳本
在server上建立一個腳本,名為/root/mkusers,此腳本能實作為server建立本地使用者,并且這些使用者的使用者名來自一個包含使用者名清單的檔案。同時滿足下列要求:
此腳本要求提供一個參數,此參數就是包含使用者名清單的檔案
如果沒有提供參數,此腳本應該給出下面的提示資訊Usage:/root/mkusers filename然後退出并傳回相應的值。
如果提供一個不存在的檔案名,此腳本應該給出下面的提示資訊 Input file not found然後退出并傳回相應的值
建立的使用者登入shell是/bin/false
此腳本不需要為使用者設定密碼
您可以從下面的URL擷取使用者名清單作為測試用http://classroom.example.com/pub/materials/userlist
[[email protected] ~]# vim /root/mkusers
#!/bin/bash
if [ "$#" -ne 1 ]
then echo 'Usage:/root/mkusers filename' >&2
exit 1
elif [ -f $1 ]
then
for i in `cat $1`
do
useradd –s /bin/fales $i
done
else
echo 'Input file not found' >&2
exit 1
fi
[[email protected] ~]# chmod a+x /root/mkusers
20.配置iscsi伺服器
配置server提供一個iscsi服務磁盤名為iqn.2014-09.com.example.domain0:server,并符合下列要求:
服務端口為3260
使用iscsi_vol作其後端卷,其大小為3G
此服務隻能被desktop.domain0.example.com通路
需要先建立名字叫做iscsi_vol的邏輯卷。(分區至少3050M)
[server]
[[email protected] ~]# fdisk /dev/vdb
[[email protected] ~]# pvcreate /dev/vdb5
[[email protected] ~]# vgcreate vg0 /dev/vdb5
[[email protected] ~]# lvcreate -L 3G -n iscsi_vol vg0
[[email protected] ~]# lvs
[[email protected] ~]# yum install -y targetcli
[[email protected] ~]# systemctl start target
[[email protected] ~]# systemctl enable target.service
[[email protected] ~]# targetcli
/> /backstores/block create server16.disk1 /dev/vg0/iscsi_vol
/> /iscsi create iqn.2014-09.com.example.domain0:server16
/> /iscsi/iqn.2014-09.com.example.domain0:server16/tpg1/acls create iqn.2014-06.com.example:desktop16
/> iscsi/iqn.2014-09.com.example.domain0:server16/tpg1/luns create /backstores/block/server16.disk1
/> /iscsi/iqn.2014-09.com.example.domain0:server16/tpg1/portals create 172.25.16.11
/> saveconfig
/> exit
21 配置iscsi用戶端
配置desktop使其能連接配接在server的上提供的iqn.2014-09.com.example.domain2:server并符合下列要求:
塊裝置iSCSI上包含一個大小為1700 MiB的分區,并格式化為xfs
此分區挂載在/mnt/data上同時在系統啟動的期間自動挂載
[desktop]
[[email protected] ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-06.com.example:desktop16
[[email protected] ~]# iscsiadm -m discovery -t st -p server16.example.com
172.25.16.11:3260,1 iqn.2014-09.com.example.domain0:server16
[[email protected] ~]# systemctl restart iscsid
[[email protected] ~]# systemctl restart iscsi
[[email protected] ~]# systemctl enable iscsid
[[email protected] ~]# systemctl enable iscsi
[[email protected] ~]# iscsiadm -m discovery -t st -p server16.example.com
172.25.16.11:3260,1 iqn.2014-09.com.example.domain0:server16
[[email protected] ~]# iscsiadm -m node -T iqn.2014-09.com.example.domain0:server16
[[email protected] ~]# iscsiadm -m node -T iqn.2014-09.com.example.domain0:server16 -l
[[email protected] ~]# fdisk -l
Disk /dev/sda: 3221 MB, 3221225472 bytes, 6291456 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
[[email protected] ~]# fdsik /dev/sda (sda1 1700M)
[[email protected] ~]# mkfs.xfs /dev/sda1
[[email protected] ~]# blkid /dev/sda1
[[email protected] ~]# cp /etc/fstab .
[[email protected] ~]# blkid /dev/sda1 >> /etc/fstab
[[email protected] ~]# vim /etc/fstab
UUID="9471c035-d171-4c48-bc53-d877ef9bf001" /mnt/data xfs defaults,_netdev 0 0
[[email protected] ~]# mkdir /mnt/data
[[email protected] ~]# mount -a
[[email protected] ~]# df -h
/dev/sda1 1.7G 33M 1.7G 2% /mnt/data
22.配置一個資料庫
在server上建立一個MariaDB 資料庫,名為了Contacts,并符合以下條件:
資料庫應該包含來自資料庫複制的内容,複制檔案的URL為http://classroom.example.com/pub/materials/users.mdb
資料庫隻能被localhost通路
除了root使用者,此資料庫隻能被Luigi查詢。此使用者密碼為mishigs
root密碼mishings,同時不允許空密碼登入。
[[email protected] ~]# yum install mariadb-server
[[email protected] ~]# vim /etc/my.cnf
skip-networking=1 (2+)
[[email protected] ~]# systemctl start mariadb
[[email protected] ~]# systemctl enable mariadb.service
[[email protected] ~]# mysql
MariaDB [(none)]> \q
Bye
[[email protected] ~]# mysql_secure_installation
Enter current password for root (enter for none): [enter]
Set root password? [Y/n] y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
[[email protected] ~]# mysql -uroot -pmishings
MariaDB [(none)]> create database Contacts;
MariaDB [(none)]> grant select on Contacts.* [email protected] identified by 'mishigs';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
[[email protected] ~]# mysql -uLuigi -pmishigs
MariaDB [(none)]> exit
[[email protected] ~]# wget http://172.25.254.254/pub/materials/mariadb/mariadb.dump
[[email protected] ~]# file mariadb.dump
mariadb.dump: ASCII text
[[email protected] ~]# vim mariadb.dump
[[email protected] ~]# mysql -uroot -pmishings Contacts < mariadb.dump
[[email protected] ~]# mysql -uLuigi -pmishigs Contacts
MariaDB [Contacts]> show databases
MariaDB [Contacts]> \q
[[email protected] ~]#
23.資料庫中的資料查詢,填空
資料庫中有三張表,“User_Names User_Logins User_Contacts”
在密碼表當中查出密碼是forsook的使用者叫什麼名字
查出first name(看英文題)是Alan使用者住址在Cupertino的使用者個數
select User_Names.first_name from User_Names,User_Logins where User_Names.user_id=User_Logins.id and User_Logins.User_Pass="forsook";
或select user.name from user inner join infor on user.id=infor.id where infor.pass="tapacalaya";
select count(*) from User_Contacts,User_Names where User_Contacts.Location="Cupertino" and User_Names.first_name="Alan" and User_Contacts.id=User_Names.user_id;
或select count(*) from user inner join address on user.id=address.id where user.name="john" and address.addr="Washion";
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)