Become Linux Administrator
Preamble:
In Linux system management, the files below / etc are undoubtedly accompanied by extremely important roles in this article.
In the chapter, you will introduce the use of each file under / etc, and the application of the relevant instructions, I hope I can be
Help it for System Administrator.
In particular, in this article, some files still have not mentioned, because these files are
Not a 120th description, you can finish! Such as /rc.d, INITTAB is best to
Let's talk, because these involve bootstrapping, it is definitely not three words. Anyone who has this
File of species, there will be a chance to introduce you ...
This article :
/ etc / dir_colors: Settings with LS, the colors used in a variety of different file types, but cannot be used
The PIPE re-directed output, otherwise there is no color. It can be very good by the contents of the file.
Easy to understand, such as default's Directory is blue, with executable file
Limited is green, and the compressed file is red ... These can be used according to personal preferences.
Change. This file is clear, you can see it, you can see it.
In terms of color composition, we often use RGB three primary ingredients to combine each
Different colors. Bits of R, G, B are 0 or 1 three value combinations
This truth is shallow, but if we know more about R, G, and B weighted values are
1, 2, 4, then don't use the book to check the color ... Choose your own color
It is often done to replace the preset palette.
/ etc / hostname: Record the complete hostname and Domain Name, this file is required to hostname
The occasion will be used, such as /etc/rc.d/rc.m, etc. ...
/ etc / networking: yes, how can it be used, how will it be changed? Will use the use of the Internet
Well? The answer is negative.
/ ETC / X11: LINK to / VAR / X11 / LIB / X11
/etc/at.deny: In this file, you can record those people who cannot use the AT command to do some Later Job.
If At.deny is empty, and at. allow does not exist. That is every
People can use AT this command.
/etc/at.allow: Relative to at.deny, this file records those people can use this instruction
At this instruction, I think it is in doubt that you should refer to this.
The usage will be, which will be more flexible on the implementation of the work.
At. Deny and at.allow, At. AT will go to At.Atow, if there is a remember
If you record some people, only these people can use the AT instructions, but if
At.Allow does not exist, then AT will go to At. Deny, not
People in at.deny can use this command! Specially, it is, AT
The execution time may not be as expected, such as clearing a file, you call it
7:02 Execute it, but it will wait until 7:05 is executed, because crred is every five points.
When I went to see if there is Job in the queue of the AT. Of course, you can also
Change to Check every minute, but there seems to be no big meaning unless you have time
The accuracy requires very strict, otherwise there should be no need to move it. You can go see
/ var / spool / cron / crontabs / root is detailed, every five minutes Run
Atrun, so the execution of the AT command can be seen as one unit every five minutes.
/ var / spool / atjobs: When you use AT to schedule a job, the system will
Your current environment variables and work to be implemented with AT
Copy a file into this directory.
/ var / spool / atspool: Some messages obtained after using the AT command will be recorded here. Maybe the command pass for AT to be executed
Error message back, or transmits a message to perform success.
/etc/csh.cshrc:
/etc/csh.login: These two files should be very familiar! It is often seen in .cshrc and .login,
However, everyone usually only notes with their own directory has these two files, but
/ ETC also has these two files, but the two of these two files under / ETC
They are all by system administrator in maintain, general user should not have
The power is changed. By the way, the system will go to the two files under / ETC first, then
Plus the settings of the two files in HOME Directory. Of course, there is .login
There are also .logout, .logout can write some messages, or execute some commands,
After you get the logout, .logout will be executed.
/ etc / disktab: (Disk Parameter Table) If you have some parameters for the PASS disk machine
To kernel (usually your hard disk is quite strange, you need pass cylinders,
Heads, sectors gave Kernel to the arrival, or the SCSI's hard disk is sometimes
Sometimes some parameters will be used) The parameters will be recorded here.
/ etc / exports: This file records you wants to give the file system for others, this is a typical NFS
The archive exists in the system, TCP / IP for OS / 2 To use NetWork File System
To make your own FileSystem let others mount, this archive is also indispensable?
.
For example, my Domain name is dorm10.nctu.edu.tw, I want to
I / USR's FileSystem open to the house of people, then I am in Exports
To write this:
/ usr * .dorm10.nctu.edu.tw (ro)
Then, in /etc/rc.d/rc.inet2, find the following paragraph, these paragraphs
There is a #, now, in accordance with the following content, take it off.
......
......
......
# Start the sun rpc portmapper.
IF [-f $ {net} /rpc.portmap]
THEN
echo -n "portmap"
$ {Net} /rpc.portmap
Fi
......
......
......
# # Start The Various Sun RPC Servers.
IF [-f $ {net} /rpc.portmap]
THEN
# IF [-f $ {net} /rpc.ugiddd]
# THEN
# Echo -n "ugidd"
# $ {Net} /rpc.ugidd -d
# Fi
IF [-f $ {net} /rpc.mountd]
THEN
echo -n "mountd"
$ {Net} /rpc.mountd
Fi
IF [-f $ {net} /rpc.nfsd]
THEN
echo -n "nfsd"
$ {Net} /rpc.nfsd
Fi
# # Fire Up The PC-NFS DAEMON (S).
IF [-f $ {net} /rpc.pcnfsd]
THEN
echo -n "pcnfsd"
$ {Net} /rpc.pcnfsd $ {lpspool}
Fi
# IF [-f $ {net} /rpc.bwnfsd]
# THEN
# Echo -n "bwnfsd" # $ {net} /rpc.bwnfsd $ {lpspool}
# Fi
Fi
echo
# DONE!
In the client end, you can use like:
mount -vt nfs rebel.dorm10.nctu.edu.tw:/oss / tmp
Hang the Server / USR to the Client side / TMP
/ etc / fastboot: This file is generated by Shutdown -f, -f means "fastboot"
After re-reboot, the system will check if this file exists to decide
Do you want Run Fsck.
/ etc / fdprm: floopy disk parameter table. Under normal circumstances, unless
You have a soft disc of a strange format, or you want to make a disc can not conform to the general format.
/ etc / noLogin: You may be strange, my / etc is not this file under this Directory?
That's right, it usually does not exist, usually see this file, that means the system
Summary Shutdown, because the system wants Shutdown, naturally do not want someone
Login came in, so when we executed Shutdown, NOLOGIN files automatically
Shotdown Message is placed inside, in fact, when we are
When Login, the system will check that there is this file, if there is, then print
The message in this file is not letting you login.
NOLOGIN may also be manufactured for some reason, such as the system in Maintain
I don't want someone to live in the time being. No matter how nologin exists, you can't login.
/ etc / fstab: Record FileSystem to Mount to Mount, this file is quite important! You can
Find / SBIN / MOUNT -AVT NONFS in /etc/rc.d/rc.s, when executed
When this column, MOUNT automatically uses the file system in accordance with the records in / etc / fstab.
Come on MOUNT. Below is a quite typical □ case. If you start, you want to automatically
Mount some filesystems, don't wait until the power is turned on, then manually MOUNT,
These FileSystems and related information are written in this file, it is a good choice. In the file format
Aspect, there are six fields in each column, but the two columns are often omitted, so we only see
There are four fields. Other two columns are DUMP-FREQ and PASS-NUMBER, respectively.
DUMP-FREQ preset value is 0; Pass-number is where FSCK will refer to,
The number can be 0, 1, 2 ... 1 means that this FileSystem will be first fed by Fsck Check.
2 tables, the bass ...
# To hang the archive system hanging there in the archive system format reading and writing
/ DEV / HDB2 SWAP SWAP DEFAULTS
/ dev / hdb1 / ext2 Defaults
/ DEV / SBPCD / MNT / CDROM ISO9660 RO
/ DEV / HDA1 / MNT / DOSC MSDOS RW
/ dev / hda5 / mnt / dosd msdos rw
/ dev / hda6 / mnt / dose msdos rw
None / Proc Proc Defaults
/ etc / ftpusers: This file records those people can't check the system, and the preset is root, uucpnews. These are for SECURITY considerations, you can join here
User IDs that cannot come in in FTP.
/ etc / gateways: As the name suggests, this file records some Gateway's Information
The format of this archive is as follows:
When ROUTED starts, it will read / etc / gateway this file. If a Gateway
If you don't do Routing Information, it will be marked as Passive.
If there is a exchange of routing information (there is Run Routed on this machine)
The keyword is indicated as an active net or host means that Route is to the network.
Road or to a specific machine. Name1 is the name of the local network or the local machine.
This name is available / etc / hosts or / etc / networks Symbolic Host
Name2 is a message that will be sent to Gateway's Name or IP Address.
/ etc / group: like / etc / passwd lists all the users in the system, / etc / group
Define all Group Name and related messages in the system.
Format is: group_name: Passwd: GID: user_list
Such as: Author :: 200: jhhsu, emotion, passion
The above example represents jhsu, emotion, and passes belongs to the author of this.
Usually the passwd column is blank, indicating that you don't have a password. Or put one *
The following is also a typical example:
Root :: 0: root, jhsu
bin :: 1: root, bin, daemon
Daemon :: 2: root, bin, daemon
Sys :: 3: root, bin, adm
ADM :: 4: root, adm, daemon
TTY :: 5:
Disk :: 6: root, ADM
LP :: 7: LP
MEM :: 8:
KMEM :: 9:
Wheel :: 10: root, jhsu
Shadow :: 11: root
Mail :: 12: Mail
News :: 13: News
UUCP :: 14: UUCP
MAN :: 15: Man
Users :: 100: Games
Bbs: *: 99: BBS, BBSUSER, BBSROOT
Of course! This file can only be written for Superuser, a superUser
Use GroupAdd, GroupDel, GroupMod to manage / etc / group this file,
It is also possible to manually manage. The following is the usage of these three instructions:
GroupAdd [-g gid [-o]] group_name
Groupdel group_name
Groupmod [-g gid [-o]] [-n new_group_name] group_name
/ etc / hosts: This file records the mapping of IP address to Hostname. If we want to put
CCSUN21.CSIE.NCTU.EDU.TW Takes an individual name: OldStock
Then we can write the following narrative in this archive:
140.113.17.151 OldStock
As a result, we will telnet OldStock equal to Telnet
140.113.17.151
In this file, there will be two columns, one is loopback, this is to detect the purpose
And the other is Local Host, which is your own machine ./etc/hosts.equiv: You can set some Remote Machine, and from these Remote
Machine uses RSH or RLogin to connect to Local Machine
Don't enter your password
The same thing can also be seen in .rhosts. For example, in CCSUN22.CSIE
.nctu.edu.tw on your Home Directory build a .rhosts file,
The content inside is as follows:
Rebel.dorm10.nctu.edu.tw jhsu
Whenever you use RSH or RLogin to use RSH or RLogin on Rebel.dorm 10.nctu.edu.TW
CCSUN22.CSIE.NCTU.EDU.TW, you do not need to enter a password
RSH -L jhsu ccsun22.csie.nctu.edu.tw <- no password
However, this thing is best not to set up, mainly with HOSTS,
It will not cause trouble on Security.
/etc/hosts.deny: Setting those Remote Hosts can not use inetd
/etc/hosts.allow: Sets those Remote Hosts can use inetd
As for inetd, there are those services, you can go see /etc/inetd.conf
It can be seen very clear from the inside.
If you take a comparison of Close practices, you can write in Hosts.deny.
All: ALL
But this, as long as it is not from localhost, it is probably
Playing, so we also need to add it in Hosts.allow for timely.
Access's hosts, such as:
All: 140.113.17. <- Just from 140.113.17.x can be access
All: 140.113.4.
All: 140.113.6.
/etc/hosts.lpd: Record the hosts of Access Printer. If a Printer can be on the network
Many hosts shared, the PrintCap file must have to describe the complete network
Road setting information. In the case of comparative control, there are two conditions must be in line with first,
Local Machine must be in Remote Machine /etc/hosts.eqiuv,
Or, in Remote Machine's /etc/hosts.lpd, the second, make
The user must have a Remote Machine account.
/etc/inetd.pid: inetd process ID
/ etc / issue: This file is recorded for the login prompt to echo's Message, especially to note
Meaning /etc/rc.d/rc.s
If there is no Mark, if there is no Mark, it will be changed every time it is turned on.
If you have your own settings, you must have Mark as follows:
#echo> / etc / Issue
#echo welcome to linux / bin / uname -a | / bin / cut -d -f3. >> / etc / ssue
#echo >> / etc / issu
#echo "/ bin / uname -a | / bin / cut -d -f1,3."> / etc / motd
/etc/klogd.pid: Klogd Process ID
/etc/ld.so.conf: Record some directory where Library is located
/ etc / magic: When you first look at this file, you may only see about it. This file seems to be some
The format of the file. Yes, this archive records many file format identification strings or methods.
What will this file be used there? Do you have this instruction used? File
The command format of the instruction is: file [-c] [-z] [-l] [-f namefile] [-M magicfile] file
This command is very interesting, it can tell you a format of a file, if it is a
TEXT file, or a shell script or dos executable, etc. ... and File
This instruction is to refer to / etc / magic's database. If you know a file
The identification word, and the original MAGIC is not recorded, then you can add the identification method to
In the database, or simply build your own database.
/ etc / motd: This file is very simple, it means message of the day, can write some
Message, and these Message will be displayed before the login shell.
Usually SYSTEM Administrator wants some messages to be inform User. And about each time
The problem will change, and it has been proposed in front / etc / issue, remember that MARK is good.
/ etc / mtab: Filesystems currently come up now, you can use the mount to see this instruction
The change in this file. As I am in the Mount 3.5 Inch Soft disc A, I see the MTAB
as follows :
/ DEV / HDB1 / EXT2 RW 0 0
/ DEV / HDA1 / MNT / DOSC MSDOS RW 0 0
/ DEV / HDA5 / MNT / DOSD MSDOS RW 0 0
/ DEV / HDA6 / MNT / DOSE MSDOS RW 0 0
None / Proc Proc RW 0 0
However, when I will use Mount -T MSDoS / DEV / FD0H1440 / MNT / DOSA.
3.5 Inch Soft Disk A Harming, MTAB becomes like the following:
/ DEV / HDB1 / EXT2 RW 0 0
/ DEV / HDA1 / MNT / DOSC MSDOS RW 0 0
/ DEV / HDA5 / MNT / DOSD MSDOS RW 0 0
/ DEV / HDA6 / MNT / DOSE MSDOS RW 0 0
None / Proc Proc RW 0 0
/ DEV / FD0H1440 / MNT / DOSA MSDOS RW 0 0 <- More this list!
So, you understand! / Etc / mtab is the FileSystem that records the current MOUNT
/ etc / mtools: This record is a parameter for / usr / bin / mtools reference.
What is MTOOLS? In short, it is a group of operations for MSDOS files.
The collection, the available commands can be, as follows:
Mattrib - Change MSDOS File Attribute Flags
MCD - Change MSDOS Directory
McOPY - COPY MSDOS FILES TO / FROM UNIX
MDEL - Delete an MSDOS file
Mdir - Display An MSDOS Directory
MFORMAT - Add An Msdos FileSystem to a low-level formatted diskette
MLabel - Make An Msdos Volume Label
MMD - Make an MSDOS Subdirectory
MRD - Remove An MSDOS Subdirectory
MREAD - Low Level Read (Copy) An MSDOS File to Unix
MREN - RENAME AN EXISTING MSDOS FILE
MTYPE - DISPLAY Contents of an MSDOS File
MWRITE - Low Level Write (Copy) a unix file to msdos
These are all Link to MTools / etc / named.boot: If you want to build Name Server, then this file is where you want to modify
Detailed situations can be seen when you look at Named Manual.
/etc/named.pid: named process ID
/ etc / networks: This file is a bit like this, all will use when boot.
Here you can define a subnet with its IP address information.
/ etc / nntpserver: This file records news Server, when we use Tin -R (Read news
When Remotely, this file will be referenced, or if this file does not exist.
If the environment variable NNTPSERVER, the server specified by NNTPSERVER will be used as to get
Get the server server. For example, you have to use 140.111.1.11 as a news.
Server, you can write in that / etc / nntpserver:
140.111.1.11
/ etc / noLogin: You may be strange, my / etc is not this file under this Directory?
That's right, it is usually not existed, if you see this file, that means the system is probably
To shutdown, because the system wants shutdown, naturally don't want someone again
Login came in, so when we executed Shutdown, NOLOGIN files automatically
Shotdown Message is placed inside, in fact, when we are
When Login, the system will check that there is no such file, if there is, then it will be printed
Messes in the file, then don't let you login. Nologin may also be
Some reason is made, for example, the system is temporarily not wanting to have login at Maintain.
No matter how nologin is present, you can't login.
/ etc / passwd: Oh, this file is important. A system administrator originally learned
Often is the content of this archive! This file records the User that can be recognized, when
However, it also includes some non-human login names, but this is a special purpose. Inside the file
The format of the accommodation is as follows:
Login Name: Encrypted Password: Uid: GID: GCOS: Home Directory: Login Shell
(1) Login Name: In the login name, each login name must be unique.
And you can't exceed 8 words, generally, although login name can
Size mix, but usually use lowercase. By the way,
/ usr / lib / aliases This file, the content of this file can be modified
Mail uses more than 8 fifth files. For example, Mail
Jhsu @ dorm10 .nctu.edu.tw can become Mail
JIN-HWA-SHEU@dorm10.nctu.edu. TW.
(2) Encrypted password: This column is encoded password, when adding a new user
You should fill in this column *, change Password available passwd
This instruction. PASSWD This is a setuid directive,
About SETUID, SETGID, STICKIBIT, you can go
Refer to Books in Unix Security.
(3) Uid: User ID, every "person" is different, habits, 100 have been reserved before
Special User ID, and root is always 0.
(4) GID: Group ID, in comparative early system, one user can only be in a group
However, there is no such limit now.
(5) GCOS: This column basically does not have special format restrictions, you can write your full name home phone, address, etc ..., what to write, let although you can write
Pass, but if you use a comma, the system will treat it as a range. For example, JIN-HWA
Sheu, NCTU, 80317, (02) 1234123 These will be treated as Full Name,
Office, Home Phone. Finger This instruction will read this place.
CHFN can change this column.
(6) HOME DIRECTORY: This column is nothing, that is, record User HOME DIRECTORY.
You can return to Home Directory with CD or CD ~.
(7) Login Shell: Set the shell used by the user, the preset value is / bin / bash.
However, you can also change it yourself into CSH or TCSH, ZSH is also good.
If there is a Free version of the Korn Shell, you can use it. With Chsh
Change your login shell.
For SECURITY test, you can install shadow, file passwd file
It is completely used in the general user, and there is no way to read the Passwd file.
/ etc / profile: Profile This file is Bash this shell used, Profile is in Bash
It is like CSHRC to CSH. Similarly, Profile under / etc is also SA in the dimension
The protection, mainly in the galobal setting, and each User is
Your HOME DIRECTORY can have some people .profile
/ etc / protocols: If you write your own Protocol for some point, you must put
It is listed in this file so that inetd will manage some daemons to use it.
The format of each column of this file is as follows, of course, after #, the annotation:
Protolcol Name Portocol Number Aliases
IP 0 IP # Internet Protocol, Pseudo Protocol Number
ICMP 1 ICMP # Internet Control Message Protocol
IGMP 2 IGMP # Internet Group MultiCast Protocol
GGP 3 GGP # Gateway-Gateway Protocol
TCP 6 TCP # Transmission Control Protocol
PUP 12 Pup # Parc Universal Packet Protocol
UDP 17 UDP # User DataGram Protocol
IDP 22 IDP # Whatsthis?
Raw 255 RAW # RAW IP Interface
/ etc / psdatabase: This file is used by PSUPDATE, and the primary function of PSUPDATE is updated.
/ etc / psdatabase this file to meet the current kernel image system
Map file. General preset is / usr / src / linux / tools / zsystem.
/etc/resolv.conf: This record is recorded in the IP of Domain Name and Name Server of your machine.
Address, Name Server can join yourself, can be used in Jiaotong University
140.113.1.1 or 140.113.17.5, these two are Name Server.
Name Server does not have to come casually, otherwise, the following situation will happen:
CCSUN3.cc.nctu.edu.tw: host name lookup failure
Because there is no Name Server, ccsun3.cc.nctu.edu.tw
There is no way to interpret it, so there will be Host Name Lookup Failure
This message.
/ etc / rpc:
/ etc / securetty: If you want to use root login, it is actually limited, this file is
List the TTYS of root can login, if you get up every column Mark
Then there is no Terminal available for root login, so,
The following cases occur:
REBEL login: root
Root login refused on this terminal.
Once again, we have seen the unix security aspects, careful in this
A file lists the useful Terminal, allows users from MODEM or via the network
The other users of the road are not easy to get the power of superuser.
/ etc / service:
/ etc / shell: This file is simply simple, and it records the login shell that can be used.
One thing, that is, this file record will be referred to when using Chsh, only by columns.
These shell options will appear when the shell here is available here.
/ etc / sudoers: In one is not a very complex system, maybe a system administrator can
To manage all things. But one but the system is available, the system management work
It also became heavy, this time, Sudo sent it to the field, Sudo can let one
Ordinary USER turns into superuser, so that some of the system,
It can be assigned to these superUsers to reduce the burden.
Of course, it is not that each user can become superuser. So
/ etc / sudoers is to record those people can perform one with superUser
Some work, the format of this file is as follows:
Host Alias Section Format:
Host_Alias Hostalias = Host-List
Host_Alias :: = a keyword.
Hostalias :: = an Upper-case alias name.
Host-list :: = a comma Separated List of hosts.
Command Alias Section Format:
CMND_ALIAS CMNDALIAS = Cmnd-List
Cmnd_alias :: = a Keyword.
Cmndalias :: = an Upper-case alias name.
Cmnd-list :: = a comma Separated List Commands.
User Specification Format:
User Access_Group [: Access_Group] ...
Access_group :: = Host_TYPE = [OP] Cmnd_Type [, [OP] Cmnd_Type] ...
Host_type :: = a Lower-Case Host Name OR A Host Alias.
Cmnd_type :: = an command or a commnd alias.
Op :: = The logical '!' Not operator.
As is an extremely simple example: # cmnd alias specification
Cmnd_Alias shutdown = / sbin / halt, / sbin / shutdown
# User specification
Root all = all
Jhsu all = all
Emotion all = all,! Shutdown
In this example, jhsu can perform all commands all commands, Emotion except HALT
And ShutDown cannot be executed, and other root can execute the commands.
This file has a exclusive editor called Visudo to edit / etc / sudoer file
After editing this file, Jhsu can convert this command with sudo.bin into
Superuser is trying to do only superuser can do. And Sudo.bin
There is a record file, in /var/adm/sudo.log, which is recorded in when when
Sudo's instructions. By the way: Use the following command to capture those people
Cheng Superuser but is not successful ...
GREP "failed su" / var / adm / messages
/ etc / utmp: From UTMP you can know who is using the system now. When the user logout,
Init (very important process, there is time will be introduced for you) to put Logout
The user removes from / etc / utmp.
In fact, UTMP Each Record is a structure like this:
Struct utmp {
Short ut_type; / * type of login * /
PID_T UT_PID; / * PID of Process * /
CHAR UT_LINE [12]; / * DeviceName of TTY - "/ dev /" * /
Char ut_id [2]; / * init id or abbrev. TTYNAME * /
Time_t ut_time; / * logintime * /
CHAR UT_USER [8]; / * Username, Not Null-Term * /
Char ut_host [16]; / * Hostname for remote login * /
Long UT_ADDR; / * IP Addr of Remote Host * /
}
Understand this file, in turn to modify, you can make many interesting things ...: P
/ etc / wtmp: In short, WTMP is a login data base, and there are many instructions that will be used.
Set, like Last, SessReg, WHO, etc. ...
This archive format is roughly the same as UTMP, just a lot of shutdown and reboot.
Record, pointing to the system's Shutdown or Reboot, and an empty USER NAME
Point out in the relevant Terminal's logout. Also, unlike / etc / utmp,
/ etc / wtmp record is slowly attached, that is, this file will become
The bigger, although it is getting bigger, it will not be too fast, but one but to some level.
System Administrator should consider cutting out some. Below is Last this
Delivery content obtained:
BBS TTY1 TUE NOV 29 19:09 - 19:09 (00:00)
Root tty1 tue nov 29 19:08 - 19:09 (00:00) root tty1 tue nov 29 19:07 - 19:07 (00:00)
Runlevel ~ Tue Nov 29 19:07
Reboot ~ Tue Nov 29 19:07
/ etc / zprofile: link to / etc / profile
Transfer from: CCCA Training 86 Xianghua
