I.

Ngi dng v nhm - Ngi dng trong h thng s c lu ti trong file cu hnh # vi /etc/passwd
Id = 0 l id ca ngi dng cao nht, nu i id ca ngi dng khc cng l 0=> ngi dng tr thnh root.

- Ngi dng truy cp file h thng lu pass c m ha # vi /etc/shadow

root:$1$EDEYEBjj$8wE5RcVj6G1H3WjVBjbCM/:15822:0:99999:7::: +root: tn ngi dng +$1$EDEYEBjj$8wE5RcVj6G1H3WjVBjbCM: mt khu c m ha +15822:s ngy t khi h thng c to ra ti by gi +0:s ngy ti thiu i mt khu gia 2 ln gn nht +99999:s ngy yu cu i mt khu/1 ln +7:trc khi h thng ht hn warning trc 7 ngy cho ngi dng bit +:: tng ng :0: s ngy cho php user block, ht hn user. +:: trng trng, cha quy nh.

- File lu danh sch ngi dng trong nhm #vi /etc/group

root:x:0: users:x:100: +users: tn group +x: mt khu group b m ha +100: id group +:: danh sch ngi dng thuc group

#vi /etc/gshadow
Test:!!::user1,root. +!!: mt khu cha c t passwd bao gi.

- To 1 ngi dng v t pass cho ngi dng mi #useradd user1 #passwd

- To 1 group mi #groupadd quantri - t passwd cho group #gpasswd quantri

Changing the password for group quantri New Password: Re-enter new password:

- File default cho useradd #vi /etc/default/useradd

# useradd defaults file GROUP=100 HOME=/home //mc nh file /home/tennguoidung INACTIVE=-1 // EXPIRE= //khng bao gi ht hn SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes

Tham gia nhm #newgrp tn_nhom //chuyn nhm - Thm 1 ngi dng vo nhm #gpasswd a user_name group_name
-

II.

Quyn truy xut chun v ACL - Gi s /public l th mc dng cho mi ngi cng ty, hy thit lp sao cho bt k ai thuc nhm bt k no cng c kh nng c file v chuyn vo trong th mc ny, nhng ch c ngi dng trong nhm quantri mi c th ghi vo file trong th mc ny. #mkdir /public #chmod 777 /public #groupadd quantri # setfacl -m u::rx,g::rx,o::rx,g:quantri:rwx,m:rwx /public //-m la chn cho cc file/th mc xt acl
# file: public # owner: root # group: root user::r-x group::r-x group:quantri:rwx mask::rwx other::r-x

#setfacl -d -m u::rx,g::rx,o::rx,g:quantri:rwx,m:rwx /public //-d la chn cho cc file/th mc to ra s c default Note: Quyn ca ngi dng s and vi mask Nu ngi dng group::quantri:rwx, mask: r-x => group:quantri:r-x #getfacl //xem acl
user::r-x group::r-x group:quantri:rwx mask::rwx other::r-x default:user::r-x default:group::r-x default:group:quantri:rwx default:mask::rwx default:other::r-x

1. Trc khi to th mc, ta dng lnh umask xc nh quyn no s c tt i (masked off) khi to th mc. $ umask 027 Vi lnh trn th owner c tt c cc quyn truy xut (read, write, execute) (0), quyn write s b disabled vi owning group (2), tt c cc quyn dnh cho user other th disabled (7).

2.

$ mkdir mydir Sau khi to th mc mydir vi cc quyn c thit lp bng umask, ta dng lnh sau y kim tra cc quyn c gn ng hay khng: $ ls dl mydir drwxr-x--- hungtx suse mydir 2. Kim tra trng thi khi to ca ACL: $ getfacl mydir //exm acl ca th mc mydir # file: mydir # owner: hungtx # group: suse user::rwx group::r-x other::--Output ca lnh getfacl cho thy vic nh x chnh xc gia ACL entry v Permission Bit c trnh by phn trn. Ba dng u tin cho ta bit tn, owner v owning group ca th mc. Ba dng tip theo cha ba ACL entry owner, owning group,v other. Ta s thay i ACL bng vic gn quyn read, write, execute n user hero v group suse2. $ setfacl m user:hero:rwx, group:suse2:rwx mydir Option m (modify) dng thay i ACL, cc argument theo sau l cc ACL entry c thay i (cch nhau bi du ,), phn cui cng l tn th mc cn thay i. Xem kt qu sau khi thay i: $ getfacl mydir

# file: mydir # owner: hungtx # group: suse user::rwx user:hero:rwx group::r-w group:suse2:rwx mask::rwx other::--
chmod 777 filename: Cp quyn truy cp y cho mi i tng ngi dng. chmod 775 filename: Cp quyn truy cp y cho ch h thng v nhm qun tr, i tng ngi dng ch c quyn c (read) v chy (execute) file. chmod 755 dirname: Cp quyn truy cp y cho ch h thng, ch cho php nhm qun tr v i tng ngi dng c v chy cc file trong th mc. chmod 700 filename: Ch cp quyn truy cp y cho ch h thng v chn truy cp vi mi i tng khc. chmod 500 dirname: Khng cho php nhm qun tr v ngi dng truy cp vo file trong th mc, ng thi gii hn quyn ch h thng ch c v chy trnh xa v thay i cc file trong th mc ny. chmod 660 filename: Cho php ch h thng v nhm qun tr c, sa, xa v ghi d liu vo file, nhng khng phn quyn truy cp cho nhng ngi dng kh

Thay i ch s hu
#chown <user> <file> V d: chown pnkhang data #chown <user>:<group> <file> (c th s dng du . thay cho :) V d: chown pnkhang:develop data #chown root:taivu /share/taivu Thay i nhm s hu #chgrp group file V d: chgrp admin data Ghi ch: Ch c root mi c quyn thay i ch s hu Ch s hu c quyn thay i nhm s hu nu anh ta thuc v nhm s hu mi Thay i quyn truy cp S dng lnh: #chmod <u|g|o|a><+|-|=><r|w|x> <tn file> V d: chmod u+x data (hay chmod u=x data) chmod o-r data

chmod g=u data S dng h bt phn Quyn = read + write + execue Vi read = 4, write = 2, execute = 1 - r-- r--x r-x

III.

Phn vng a v Quota 1. Phn vng a - Phn vng a sdb #fdisk /dev/sdb #......... - nh dng cho phn vng #mkfs t ext4 /dev/sdb1 2. nh x * nh x bng nhn: gn nhn cho phn vng LABEL - Thit t nhn cho phn vng #vi /etc/fstab
/dev/sdb1 /public ext4 defaults 00

#mount a #vi /etc/fstab

LABEL=SDB1 /public ext4 defaults 00

#mount a - Hin th nhn thit b #e2label /dev/sdb1

SDB1

- Thay i nhn cho phn vng #e2lable /dev/sdb1 DDD - Thit t cho phn vng a #tun2fs -L SDB1 /dev/sdb1

*nh x bng nhn: gn nhn cho phn vng UUID

- Thit t UUID ngu nhin cho phn vng # tune2fs -U random /dev/sdb1
tune2fs 1.41.12 (17-May-2010)

- Kim tra UUID ca phn vng: #tune2fs -l /dev/sdb1 |grep UUID

Filesystem UUID: 75633354-7992-4434-a24b-6b6f000299b1

#vi /etc/fstab
UUID=eba33d6f-8323-48ec-b819-4452e28b19c9 ext4 defaults 00 /public

#mount -a #umount /dev/sdb1 //g b a c mount #df h //xem dung lng a 3. Quota #mount //xem cu hnh file
/dev/sda2 on / type ext4 (rw) /dev/sdb1 on /public type ext4 (rw,acl) // c mount, cha t quota(userquota,grpquota). #vi /etc/fstab //file cu hnh mount, thm usrquota, grpquota /dev/sdb1 /public ext4 defaults,acl,usrquota,grpquota

00

#mount a //mount li #mount //xem li file cu hnh

/dev/sdb1 on /public type ext4 (rw,usrquota,grpquota) Nu ko hin usrquota,grpquota th #umount /dev/sdb1/ #df h #vi /etc/fstab /sa li file c thm usrquota, grpquota #mount a

Hoc #vi /etc/mtab

dev/sda2 / ext4 rw 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 /dev/sdb1 /public ext4 rw,usrquota,grpquota 0 0 -

t quota cho ngi dng th cn lm nh sau:

To 2 file aquota.user, aquota.group #touch aquota.user #touch aquota.group

Cp quyn cho php ghi ln 2 tp tin ny. #chmod 600 aquota.user #chmod 600 aquota.group #mount -o remount /ten_file - Kim tra quota co ti khon #quotacheck -u /dev/sdb1 # quotacheck -g /dev/sdb1 #ls /public //xem danh sch folder aquota.group aquota.user lost+found -

Add quota cho ngi dng #edquota u user1 //add quota cho ngi dng #edquota -g quantri //add quota cho nhm #quotaon -u /dev/sdb1 // bt quota cho ngi dng #quotaon g /dev/sdb1 //bt quota cho nhm #edquota -u cuc
file system blocks soft hard inodes soft hard /dev/sda5 8 5000 5000 4 0 0

+filesystem: tn phn vng c t quota +Blocks:th hin dung lng cng m user ang s dng, thnh theo dv block, trng ny ko th sa bit kch thng phn vng a cng #dumpe2fs /dev/sdb1 |grep size
Soft: th hin dung lng cng ln nht m user c php dng. Ngi dng c th s dng tm thi vt qu gi tr ny nu nh Hard limit ln hn soft limit v ch trong thi gian c hn nh (grace periods tm dch l thi gian gia hn). Khi nu s dng qu dung lng c php trong gii hn thi gian quy nh bi tham s grace user ch b cnh bo. Nu vt qu gi tr grace m gi tr soft khng c t li, user s khng th s dng thm khng gian cng., Hard: th hin dung lng cng ln nht m user c php dng thng s ny ch c ngha khi tham s grade c s dng. N th hin rng user ch c th vt qu gi tr soft ch khng th vt qu gi tr hard (khi tham s grade c t).

+Inodes: s file m ngi dng dng, 4 file (tng t trn) Soft:soft limit do ngi dng t Hard:hard limit do ngi dng t
khi user nam khng th s dng dung lng cng qu 5MB, trong trng hp blocksize=1024. Tham s grace th hin khong thi gian m user c th s dng dung lng cng vt qu gi tr Soft limit, mc nh n thng l 7 ngy. Bn c th s dng cc n v thi gian nh: seconds, minutes, hours, days, weeks, v months. t gi tr cho tham s ny bng lnh: M:
$ edquota tu # chnh cho user c th b -u $ edquota tg # chnh cho group Filesystem Block grace period Inode grace period /dev/sdb5 7days 7days

#edquota p nam u minh //nhn bn quota

. Xem thng tin v quota xem thng tin quota bn dng lnh quota. V d xem thng tin quota ca user nam bn dng lnh M:
$ quota -u nam # user nam $ quota -g staff # nhm staff thng k thng tin quota v cc nhm v user bn dng $ repquota -au # theo ngi dng $ repquota -ag # theo nhm $ repquota -agu # tt c

Nu quotacheck: Cannot guess format from filename on /dev/md127. Please specify format on commandline. quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option. #quotacheck -F vfsv0 -afcvdugm #chmod 777 /public // quyn ghi cho tt c ngi dng #cd /public #su user1 #ll #quotaoff u /dev/sdb1 //tt quota

IV.

Soft RAID - S dng cng c qun l (mdadm) ni 3 phn vng mi li thnh 1 phn vng mi (/dev/md0) # mdadm --create /dev/md0 --level 5 --raid-devices 4 --sparedevices 0 /dev/sdb{5,6,7,8} #cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4] md0 : active raid5 sdb8[4] sdb7[2] sdb6[1] sdb5[0] 3538944 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UUU_] [========>............] recovery = 40.5% (479104/1179648) finish=0.7min speed=14506K/sec unused devices: <none> - nh dng phn vng mi theo chun ext3 v nh x vo th mc /raid

#mkfs t ext3 /dev/md1 #mount t ext3 /dev/md1 /raid #mount //xem thng tin raid va to
/dev/md1 on /raid type ext3 (rw)

#resize2fs /dev/md1 //xem dung lng RAID

resize2fs 1.41.12 (17-May-2010) The filesystem is already 2626048 blocks long. Nothing to do!

#mdadm S /dev/md1 //del RAID #umount /dev/md1 //Nu running process th umount thit b
mdadm: stopped /dev/md1

V.

LVM Logical Volume manager

p n bi kim tra gia k 2) Thm 6 phn vng logic mi trong /dev/sdb mi phn vng c kch thc tha mn: - Ghp 4 phn vng thnh 1 thit b RAID chun 5 sau nh x t ng vo th mc /test/raid bng UUID. Kch thc nh x l 400MB. - Tng dung lng nh x = (1 1/n)*n* dung lng 1 Dung lng 1 l: ~130M #mdadm create /dev/md0 --level 5 --raid-devices 4 --spare-devices 0 /dev/sdb{5,6,7,8} #mkfs -t ext3 /dev/md0 //nh dng ext3 #mdadm --detail /dev/md0 //xem chi tit a # tune2fs -U random /dev/md0 //random UUID cho phn vng #tune2fs -l /dev/md0 | grep UUID // ly UUID
Filesystem UUID: 390f8196-3a66-459b-9df3-da8ab5c6a1e6 ext3 defaults 00

#vi /etc/fstab
/dev/md0 /test/raid

#mount a #vi /etc/fstab

UUID=def0906c-cb2d-4703-ae5c-c337f86c67b7/test/raid defaults 12 ext3

#mount a - Thit lp quota cho ngi dng test1 v nhm test1_grp trn th mc /test/raid nh sau: #useradd test1 #groupadd test1_grp

Ngi dng test1 c dng ti a 120MB (c th qu hn trong 14

ngy) v khng th dng vt qu gii hn 150MB trong bt k trng hp no. #vi /etc/fstab
UUID=def0906c-cb2d-4703-ae5c-c337f86c67b7 ext3 defaults,usrquota,grpquota 00 /test/raid

#touch /test/raid/aquota.user //to file t quota #touch /test/raid/aquota.group

#chmod 600 /test/raid/aquota.user #chmod 600 /test/raid/aquota.group #reboot //khi ng li my #ls /test/raid //xem danh sch folder
aquota.group aquota.user lost+found

#mount o remout /test/raid #quotacheck vagum //khi to bng quota Nu quotacheck: Cannot guess format from filename on /dev/md127. Please specify format on commandline. quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option. #quotacheck -F vfsv0 afcvdugm #chmod 777 /public // quyn ghi cho tt c ngi dng #cd /public #su user1 #edquota u test1 //t quota cho uers
file system blocks soft /dev/sda5 0 120 hard 150 inodes soft hard 0 0 0

#quotaon u /dev/md0 //bt quota #edquota t

FileSystem /dev/md0 Block grace period 14days Inode grace period 7days

#repquota /test/raid //xem thng tin quota. #quota u test1 //xem thng tin quota cho ngi dng test1

Nhm tes1_grp c to ti a 120000 file/th mc (c th qu hn

trong 5 ngy) v khng th dng vt qu gii hn 15000 file/th mc trong bt k trng hp no. //quota cho group #edquota g test1-grp

file system blocks soft /dev/sda5 0 0 0

hard 0

inodes soft hard 12000 15000

3) To nhm ngi dng thietke (nam, ngan, hoang, an, minh) //to group #groupadd thietke //to ngi dng #useradd nam #useradd ngan #useradd hoang #useradd an #useradd minh //thm ngi dng vo nhm #gpasswd -a nam thietke #gpasswd -a ngan thietke #gpasswd -a hoang thietke #gpasswd -a an thietke #gpasswd -a minh thietke ketoan (trang, hoa, lan, an) //to group #groupadd ketoan //to ngi dng #useradd trang #useradd hoa #useradd lan //thm ngi dng vo nhm #gpasswd -a trang ketoan #gpasswd -a ngan thietke #gpasswd -a hoa ketoan #gpasswd -a lan ketoan

- Thc hin: Thm ngi dng trang vo nhm root # gpasswd -a trang root # vi /etc/group //xem danh sch ngi dng v nhm. To th mc /mid-exam/private v thit lp quyn sao cho cc ngi dng phi l s hu hoc thuc nhm s hu ca th mc ny s khng c quyn g. # mkdir -p /mid-exam/private //to th mc #rpm q acl //kim tra tn ti acl hay cha #setfacl -m user::--- /mid-exam/private //xt quyn cho ngi dng khng c quyn g getfacl /mid-exam/priate
getfacl: Removing leading '/' from absolute path names # file: mid-exam/private # owner: root # group: root user::--group::r-x other::---

ng nhp bng ngi dng trang. Lm th no trang c th to c file trogn /mid-exam/private #su trang #setfacl -m u:trang:rwx,g::rwx /mid-exam/private getfacl /mid-exam/private
getfacl: Removing leading '/' from absolute path names # file: mid-exam/private # owner: root # group: root user::--user:trang:rwx group::rwx mask::rwx other::---

root@server1 [/]#/scripts/fixquotas force //nu quotacheck not found

1)