首页 > 代码库 > homework week04
homework week04
本周作业内容:
1、复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其它用户均没有任何访问权限。
# 复制/etc/skel目录为/home/tuser1 [root@captain ~]# cp -vr /etc/skel/ /home/tuser1 `/etc/skel/‘ -> `/home/tuser1‘ `/etc/skel/.bash_profile‘ -> `/home/tuser1/.bash_profile‘ `/etc/skel/.bashrc‘ -> `/home/tuser1/.bashrc‘ `/etc/skel/.bash_logout‘ -> `/home/tuser1/.bash_logout‘ `/etc/skel/.gnome2‘ -> `/home/tuser1/.gnome2‘ # 查看/home/tuser1目录及子目录、文件权限 [root@captain ~]# ll -aR /home/tuser1/ /home/tuser1/: total 24 drwxr-xr-x. 3 root root 4096 Aug 27 16:22 . drwxr-xr-x. 21 root root 4096 Aug 27 16:22 .. -rw-r--r--. 1 root root 18 Aug 27 16:22 .bash_logout -rw-r--r--. 1 root root 176 Aug 27 16:22 .bash_profile -rw-r--r--. 1 root root 124 Aug 27 16:22 .bashrc drwxr-xr-x. 2 root root 4096 Aug 27 16:22 .gnome2 /home/tuser1/.gnome2: total 8 drwxr-xr-x. 2 root root 4096 Aug 27 16:22 . drwxr-xr-x. 3 root root 4096 Aug 27 16:22 .. # 设置目录、子目录及文件的目录,其他用户权限 [root@captain ~]# chmod -R g=-,o=- /home/tuser1/ # 查看权限设置后的/home/tuser1权限信息 [root@captain ~]# ll -aR /home/tuser1/ /home/tuser1/: total 24 drwx------. 3 root root 4096 Aug 27 16:22 . drwxr-xr-x. 21 root root 4096 Aug 27 16:22 .. -rw-------. 1 root root 18 Aug 27 16:22 .bash_logout -rw-------. 1 root root 176 Aug 27 16:22 .bash_profile -rw-------. 1 root root 124 Aug 27 16:22 .bashrc drwx------. 2 root root 4096 Aug 27 16:22 .gnome2 /home/tuser1/.gnome2: total 8 drwx------. 2 root root 4096 Aug 27 16:22 . drwx------. 3 root root 4096 Aug 27 16:22 .. # 测试root组用户访问权限 [captain@captain ~]$ id captain uid=3006(captain) gid=0(root) groups=0(root) [captain@captain ~]$ ls /home/tuser1/ ls: cannot open directory /home/tuser1/: Permission denied [captain@captain ~]$ cd /home/tuser1/ -bash: cd: /home/tuser1/: Permission denied # 测试其他组用户访问权限 [slackware@captain ~]$ id slackware uid=2002(slackware) gid=2016(distro) groups=2016(distro),2017(peguin),2018(admins) [slackware@captain ~]$ ls /home/tuser1/ ls: cannot open directory /home/tuser1/: Permission denied [slackware@captain ~]$ cd /home/tuser1/ /home/tuser1/: Permission denied.
2、编辑/etc/group文件,添加组hadoop。
[root@captain ~]# cat /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon ...ommited... test1:x:3005: hadoop::1001: #添加hadoop组 # 检查group文件完整性 [root@captain ~]# grpck -r no matching group file entry in /etc/gshadow add group ‘hadoop‘ in /etc/gshadow? No grpck: no changes [root@captain ~]# echo $? 2 #grpck退出码 0 success 1 invalid command syntax 2 one or more bad group entries 3 can′t open group files 4 can′t lock group files 5 can′t update group files
3、手动编辑/etc/passwd文件新增一行,添加用户hadoop,其基本组ID为hadoop组的id号;其家目录为/home/hadoop。
[root@captain ~]# cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin ...ommited... hadoop:x:1001:1001::/home/hadoop:/bin/bash # 检查passwd文件完整性 [root@captain shell]# pwck -r user ‘adm‘: directory ‘/var/adm‘ does not exist user ‘uucp‘: directory ‘/var/spool/uucp‘ does not exist user ‘gopher‘: directory ‘/var/gopher‘ does not exist user ‘saslauth‘: directory ‘/var/empty/saslauth‘ does not exist user ‘oprofile‘: directory ‘/home/oprofile‘ does not exist user ‘MySQL‘: directory ‘/home/MySQL‘ does not exist no matching password file entry in /etc/shadow add user ‘hadoop‘ in /etc/shadow? No pwck: no changes [root@captain shell]# echo $? 2 # pwck退出码 0 success 1 invalid command syntax 2 one or more bad password entries 3 can′t open password files 4 can′t lock password files 5 can′t update password files 6 can′t sort password files # 正常切换到hadoop用户 [root@captain ~]# su - hadoop [hadoop@captain ~]$ id uid=1001(hadoop) gid=1001(hadoop) groups=1001(hadoop) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
4、复制/etc/skel目录为/home/hadoop,要求修改hadoop目录的属组和其它用户没有任何访问权限。
[root@captain ~]# cp -rv /etc/skel/ /home/hadoop `/etc/skel/‘ -> `/home/hadoop‘ `/etc/skel/.bash_profile‘ -> `/home/hadoop/.bash_profile‘ `/etc/skel/.bashrc‘ -> `/home/hadoop/.bashrc‘ `/etc/skel/.bash_logout‘ -> `/home/hadoop/.bash_logout‘ `/etc/skel/.gnome2‘ -> `/home/hadoop/.gnome2‘ # 设置权限 [root@captain ~]# chmod g=-,o=- /home/hadoop/ [root@captain ~]# su - captain # 测试root组用户访问权限 [captain@captain ~]$ ll /home/hadoop/ ls: cannot open directory /home/hadoop/: Permission denied [captain@captain ~]$ cd /home/hadoop/ -bash: cd: /home/hadoop/: Permission denied # 测试其他组用户访问权限 [root@captain ~]# su - slackware [slackware@captain ~]$ ll /home/hadoop/ ls: cannot open directory /home/hadoop/: Permission denied [slackware@captain ~]$ cd /home/hadoop/ /home/hadoop/: Permission denied.
5、修改/home/hadoop目录及其内部所有文件的属主为hadoop,属组为hadoop。
[root@captain ~]# ls -alR /home/hadoop/ /home/hadoop/: total 24 drwx------. 3 root root 4096 Aug 27 17:31 . drwxr-xr-x. 22 root root 4096 Aug 27 17:31 .. -rw-r--r--. 1 root root 18 Aug 27 17:31 .bash_logout -rw-r--r--. 1 root root 176 Aug 27 17:31 .bash_profile -rw-r--r--. 1 root root 124 Aug 27 17:31 .bashrc drwxr-xr-x. 2 root root 4096 Aug 27 17:31 .gnome2 /home/hadoop/.gnome2: total 8 drwxr-xr-x. 2 root root 4096 Aug 27 17:31 . drwx------. 3 root root 4096 Aug 27 17:31 .. # 修改从属关系 [root@captain ~]# chown -R hadoop:hadoop /home/hadoop/ [root@captain ~]# ls -alR /home/hadoop/ /home/hadoop/: total 24 drwx------. 3 hadoop hadoop 4096 Aug 27 17:31 . drwxr-xr-x. 22 root root 4096 Aug 27 17:31 .. -rw-r--r--. 1 hadoop hadoop 18 Aug 27 17:31 .bash_logout -rw-r--r--. 1 hadoop hadoop 176 Aug 27 17:31 .bash_profile -rw-r--r--. 1 hadoop hadoop 124 Aug 27 17:31 .bashrc drwxr-xr-x. 2 hadoop hadoop 4096 Aug 27 17:31 .gnome2 /home/hadoop/.gnome2: total 8 drwxr-xr-x. 2 hadoop hadoop 4096 Aug 27 17:31 . drwx------. 3 hadoop hadoop 4096 Aug 27 17:31 ..
6、显示/proc/meminfo文件中以大写或小写S开头的行;用两种方式;
#方式一 [root@captain ~]# egrep ‘^(s|S)‘ /proc/meminfo SwapCached: 0 kB SwapTotal: 2097148 kB SwapFree: 2097148 kB Shmem: 236 kB Slab: 93592 kB SReclaimable: 34212 kB SUnreclaim: 59380 kB #方式二 [root@captain ~]# egrep ‘^[sS]‘ /proc/meminfo SwapCached: 0 kB SwapTotal: 2097148 kB SwapFree: 2097148 kB Shmem: 236 kB Slab: 93680 kB SReclaimable: 34368 kB SUnreclaim: 59312 kB
7、显示/etc/passwd文件中其默认shell为非/sbin/nologin的用户;
[root@captain ~]# grep -v ‘/sbin/nologin$‘ /etc/passwd |> awk -F":" ‘BEGIN{printf("username\tshell\n")}> {printf("%-15s%s\n",$1,$NF)}‘ username shell root /bin/bash sync /bin/sync shutdown /sbin/shutdown halt /sbin/halt mongod /bin/false oracle /bin/bash icheck /bin/bash mysql /bin/false mageia /bin/bash slackware /bin/tcsh openstack /bin/bash testuser /bin/bash test1 /bin/bash captain /bin/bash hadoop /bin/bash
8、显示/etc/passwd文件中其默认shell为/bin/bash的用户;
[root@captain ~]# grep ‘/bin/bash$‘ /etc/passwd |> awk -F":" ‘BEGIN{printf("username\tshell\n")}> {printf("%-15s%s\n",$1,$NF)}‘ username shell root /bin/bash oracle /bin/bash icheck /bin/bash mageia /bin/bash openstack /bin/bash testuser /bin/bash test1 /bin/bash captain /bin/bash hadoop /bin/bash
9、找出/etc/passwd文件中的一位数或两位数;
[hadoop@captain ~]$ grep -wo ‘[0-9]\{1,2\}‘ /etc/passwd 0 0 1 1 2 2 3 4 4 7 5 0 6 0 7 0 8 12 10 14 11 0 12 13 30 14 50 99 99 81 81 69 69 32 32 29 29 68 68 38 38 76 89 89 74 74 72 72 16 16 48 48 25 25 27 27 0
10、显示/boot/grub/grub.conf中以至少一个空白字符开头的行;
[root@captain ~]# grep -E ‘^[[:space:]]+‘ /boot/grub/grub.conf root (hd0,0) kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet vga=0x340 initrd /initramfs-2.6.32-504.el6.x86_64.img
11、显示/etc/rc.d/rc.sysinit文件中以#开头,后面跟至少一个空白字符,而后又有至少一个非空白字符的行;
[root@captain ~]# grep -E ‘^#[[:space:]]+[^[:space:]]+‘ /etc/rc.d/rc.sysinit # /etc/rc.d/rc.sysinit - run once at boot time # Taken in part from Miquel van Smoorenburg‘s bcheckrc. # Check SELinux status # Print a text banner. # Only read this once. # Initialize hardware # Set default affinity # Load other user-defined modules # Load modules (for backward compatibility with VARs) # Configure kernel parameters # Set the hostname. # Sync waiting for storage. # Device mapper & related initialization # Start any MD RAID arrays that haven‘t been started yet # Remount the root filesystem read-write. # Clean up SELinux labels # If relabeling, relabel mount points. # Mount all other filesystems (except for NFS and /proc, which is already # mounted). Contrary to standard usage, # filesystems are NOT unmounted in single user mode. # The ‘no‘ applies to all listed filesystem types. See mount(8). # Update quotas if necessary # Check to see if a full relabel is needed # Initialize pseudo-random number generator # Configure machine if necessary. # Clean out /. # Do we need (w|u)tmpx files? We don‘t set them up, but the sysadmin might... # Clean up /var. # Clean up utmp/wtmp # Clean up various /tmp bits # Make ICE directory # Start up swapping. # Set up binfmt_misc # Boot time profiles. Yes, this should be somewhere else. # Now that we have all of our basic modules loaded and the kernel going, # let‘s dump the syslog ring somewhere so we can find it later # create the crash indicator flag to warn on crashes, offer fsck with timeout # Let rhgb know that we‘re leaving rc.sysinit
12、打出netstat -tan命令执行结果中以‘LISTEN’,后或跟空白字符结尾的行;
[root@captain ~]# netstat -tan | grep -e ‘LISTEN[[:space:]]*$‘ tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:54031 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN tcp 0 0 :::54920 :::* LISTEN tcp 0 0 :::111 :::* LISTEN
13、添加用户bash, testbash, basher, nologin (此一个用户的shell为/sbin/nologin),而后找出当前系统上其用户名和默认shell相同的用户的信息;
# 添加用户 [root@captain ~]# useradd bash [root@captain ~]# useradd testbash [root@captain ~]# useradd basher [root@captain ~]# useradd -s /sbin/nologin nologin # 获取用户名和默认shell相同的用户的信息 [root@captain shell]# for username in bash testbash basher nologin > do > sh getuserinfo.sh $username #getuserinfo.sh脚本在上一周作业中 > done basic information for last login user: bash current user: bash, uid: 3007 group name: bash, gid: 3007 ------------------------ user home: /home/bash ------------------------ user shell: /bin/bash ------------------------ password expiry information: Password expires : never Account expires : never Maximum number of days between password change : 99999 basic information for last login user: testbash current user: testbash, uid: 3008 group name: testbash, gid: 3008 ------------------------ user home: /home/testbash ------------------------ user shell: /bin/bash ------------------------ password expiry information: Password expires : never Account expires : never Maximum number of days between password change : 99999 basic information for last login user: basher current user: basher, uid: 3009 group name: basher, gid: 3009 ------------------------ user home: /home/basher ------------------------ user shell: /bin/bash ------------------------ password expiry information: Password expires : never Account expires : never Maximum number of days between password change : 99999 basic information for last login user: nologin current user: nologin, uid: 3010 group name: nologin, gid: 3010 ------------------------ user home: /home/nologin ------------------------ login shell is: /sbin/nologin, but can not login in ------------------------ password expiry information: Password expires : never Account expires : never Maximum number of days between password change : 99999
本文出自 “睿宝宝的半熟芝士” 博客,谢绝转载!
homework week04