Upload
vu-cong-duan
View
230
Download
1
Embed Size (px)
Citation preview
7/27/2019 Xy Dng H Thng Linux
1/178
TRNG I HC GIAO THNG VN TI TP. HCM
KHOA CNG NGH THNG TIN
V CNG DUN CN06011
NGUYN ANH TUN CN06112
TRIN KHAI CC DCH V MNGTRN H THNG LINUX
LUN VN TT NGHIP
GIO VIN HNG DN
Ths. L Quc Tun
NIN KHA 2006 - 2010
7/27/2019 Xy Dng H Thng Linux
2/178
GVHD: Ths.L Quc Tun
Mc lc
Mc lc......................................................................................................................2
Li m u................................................................................................................7
Chng 1. S lc v Linux......................................................................................8
1.1 Lch s.............................................................................................................8
1.2 Kin trc HH Linux:.....................................................................................9
1.2.1 Nhn (Kernel).........................................................................................10
1.2.2 Shell........................................................................................................11
1.2.3 Cc tin ch.............................................................................................121.2.4 Chng trnh ng dng...........................................................................12
1.3 Nhng im khc nhau gia Linux & Windows............................................12
1.3.1 n ngi dng a ngi dng...........................................................12
1.3.2 Monolithic Kernel v Micro Kernel........................................................13
1.3.3 GUI v Kernel.........................................................................................13
1.3.4 Registry v Text file...............................................................................13
Chng 2: Linux c bn..........................................................................................15
2.1 H thng th mc trong Linux.......................................................................15
2.1.1 Cc th mc h thng.............................................................................15
2.1.2 Cu trc tp tin........................................................................................17
2.2 Qun l ngi dng v nhm.........................................................................18
2.2.1 Xem thng tin ngi dng......................................................................18
2.2.2 Qun l ngi dng................................................................................21
2.2.3 Cc lnh v tp tin v th mc ...................................................................26
To th mc : mkdir .......................................................................................26
Xa 1 th mc : rmdir .....................................................................................26
Hin th thng tin tp tin th mc: ls option tn_file.......................................27
To tp tin .......................................................................................................28
Xem ni dung tp tin.......................................................................................28
Sao chp..........................................................................................................28Di chuyn.........................................................................................................28
SVTH: V Cng Dun Nguyn Anh Tun Trang 2
7/27/2019 Xy Dng H Thng Linux
3/178
GVHD: Ths.L Quc Tun
Xa tp tin : rm................................................................................................28
Xa th mc rng : rmdir................................................................................29
Xem th mc hin hnh: pwd..........................................................................29
Trnh son tho vi............................................................................................29
Lit k file trong th mc................................................................................30
Cc lnh iu khin truy cp tp tin v th mc..............................................30
2.2.4 Qun l a v qun l quota......................................................................32
S dng mount v unmount.............................................................................32
Cc lnh qun l a v phn vng..................................................................33
Gii hn khng gian a vi quota................................................................... 34Chng 3: Dynamic Host Configuration Protocol (DHCP).....................................38
3.1 DHCP l g?...................................................................................................38
3.1.1 u im ca DHCP................................................................................38
3.1.2 nh dng mt gi tin DHCP..................................................................40
3.2 Ci t DHCP................................................................................................44
3.3 Cu hnh DHCP server..................................................................................45
3.3.1 Cc khai bo...........................................................................................46
3.4 Kt lun.........................................................................................................48
Chng 4: Domain Name System (DNS)................................................................49
4.1 DNS l g?.....................................................................................................49
4.2 Ci t DNS...................................................................................................54
4.3 Cu hnh DNS server.....................................................................................54
4.4 Khi ng dch v.........................................................................................58
4.5 Cc cng c kim tra DNS.............................................................................58
4.6 Kt lun.........................................................................................................60
Chng 5: Bo mt Linux.......................................................................................61
Linux liu c bo mt?........................................................................................61
Gii thiu h thng Firewall dng Iptables..........................................................62
Cc thnh phn ca Iptables................................................................................64
M hnh x l trong iptables................................................................................66C php lnh iptables...........................................................................................70
SVTH: V Cng Dun Nguyn Anh Tun Trang 3
7/27/2019 Xy Dng H Thng Linux
4/178
GVHD: Ths.L Quc Tun
S dng lnh trong iptables.............................................................................70
C php lnh iptables.......................................................................................71
nh gi..........................................................................................................89
Chng 6: SecureShell (SSH).................................................................................90
6.1 Lch s...........................................................................................................90
6.2 SSH l g?......................................................................................................90
6.3 Tng quan v cc c im ca SSH.............................................................92
6.3.1 Tnh b mt (Privacy)..............................................................................92
6.3.2 Xc thc (authentication)........................................................................92
6.3.3 Vic cp giy php..................................................................................936.3.4 Chuyn tip hoc ng hm..................................................................94
6.3.5 Cch thc lm vic ca SSH...................................................................95
6.4 Tm hiu v Public Key Cryptography..........................................................97
6.4.1 Cc c im ca kha...........................................................................98
6.5 Ci t OpenSSH...........................................................................................98
6.5.1 File cu hnh SSHD................................................................................99
6.6 S dng OpenSSH.......................................................................................100
6.6.1 Secure Shell (SSH)...............................................................................100
6.6.2 To Secure Tunnel................................................................................101
6.6.3 Secure Copy (SCP)...............................................................................106
6.6.4 Secure FTP (SFTP)...............................................................................106
Chng 7: In n vi CUPS....................................................................................108
7.1 Gii thiu.....................................................................................................108
7.2 Ci t CUPS...............................................................................................108
7.3 Cu hnh my in........................................................................................... 110
7.3.1 S dng giao din.................................................................................110
7.3.2 S dng command line.........................................................................111
7.3 In t Windows.............................................................................................112
7.3.1 S dng CUPS......................................................................................112
7.3.2 S dung Samba.....................................................................................1137.4 In t Linux...................................................................................................114
SVTH: V Cng Dun Nguyn Anh Tun Trang 4
7/27/2019 Xy Dng H Thng Linux
5/178
GVHD: Ths.L Quc Tun
Chng 8: Samba..................................................................................................115
8.1 Gii thiu.....................................................................................................115
8.2 Ci t Samba..............................................................................................117
8.2.1 Cc kiu server Samba..........................................................................117
8.3 Cu hnh Samba...........................................................................................118
8.3.1 Cc thng s smb.conf..........................................................................120
8.3.2 Cc thng s phn [Global]..................................................................120
8.3.3 Cc thng s Domain............................................................................ 120
8.3.4 Cc thng s bo mt............................................................................121
8.3.5 Cc thng s my in..............................................................................1218.3.6 Cc thng s chia s..............................................................................122
8.3.7 Thm user vo Samba...........................................................................123
8.4 Truy cp ti nguyn chia s.........................................................................124
Chng 9: Network File System (NFS).................................................................130
9.1 Gii thiu cc dch v tp tin mng (Network File Services)......................130
9.1.1 Cc phin bn.......................................................................................131
9.1.2 Cc giao thc vn chuyn.....................................................................131
9.1.3 Cc thnh phn NFS.............................................................................131
9.2 Cu hnh server NFS....................................................................................132
9.3 Cu hnh trn client......................................................................................134
9.4 Mt vi lnh hu dng................................................................................. 137
9.4.1 Service nfs status..................................................................................137
9.4.2 Showmount option host........................................................................137
9.5 Kt lun.......................................................................................................138
Chng 10: Network Information System (NIS)...................................................139
10.1 Gii thiu...................................................................................................139
10.2 NIS lm vic nh th no?.........................................................................139
10.3 Thit lp NIS server...................................................................................140
10.3.1 Cu hnh NIS server............................................................................140
10.3.2 Khi ng NIS server.........................................................................14310.4 Thit lp NIS client....................................................................................145
SVTH: V Cng Dun Nguyn Anh Tun Trang 5
7/27/2019 Xy Dng H Thng Linux
6/178
GVHD: Ths.L Quc Tun
Chng 11: File Transfer Protocol (FTP)..............................................................147
Gii thiu...........................................................................................................147
Active FTP.....................................................................................................147
Passive FTP...................................................................................................148
Thit lp FTP server..........................................................................................150
Ci t VSFTPD............................................................................................150
Cu hnh vsftpd..............................................................................................150
Chng 12: Dch v Mail......................................................................................156
12.1 Mt vi khi nim......................................................................................156
12.2 Gii thiu v h thng mail........................................................................15812.3 Nhng giao thc mail................................................................................159
12.3.1 Simple Mail Transfer Protocol (SMTP)..............................................159
12.3.2 Post Office Protocol (POP).................................................................161
12.3.3 Internet Message Access Protocol (IMAP4).......................................162
12.4 Ci t Postfix............................................................................................164
12.4.1 Chun b..............................................................................................165
12.4.2 Ci t.................................................................................................165
12.4.3 Cu hnh tp tin main.cf......................................................................166
12.5 Ci t dovecot..........................................................................................170
12.6 Web Mail...................................................................................................176
12.6.1 Squirrelmail l g ?.............................................................................. 176
12.6.2 Ci t Squirrelmail............................................................................176
Ti liu tham kho.................................................................................................178
SVTH: V Cng Dun Nguyn Anh Tun Trang 6
7/27/2019 Xy Dng H Thng Linux
7/178
GVHD: Ths.L Quc Tun
Li m u
Hin nay ch chim mt t l khim tn nu so vi h iu hnh Windows.
Tuy nhin, trong nhng nm gn y h iu hnh Linux ang vn ln mt cch
mnh m, ngy cng h tr cc qun tr mng cng nh ngi dng tt hn. Ngoi
nhng tnh nng a dng, n nh hu ht cc bn Linux u min ph gp phn
khng nh trong vic ph cp cng ngh thng tin. c bit l trong t khng
hong kinh t ton cu, vic tit kim, gim chi ph trong doanh nghip tr nn cp
bch th vic chuyn sang s dng Linux tr thnh mt trong nhng u tin hng
u. l l do m chng em chn ti nghin cu trin khai cc dch v mngtrn Linux.
Trn tin, nhm chng em xin chn thnh cm n thy L Quc Tun tn
tnh ch bo, hng dn chng em hon thnh ti tt nghip ny.
Chng em xin gi n qu thy c khoa Cng Ngh Thng Tin lng bit n
su sc v ghi nhn s ch dn, ging dy, h tr v gip , cung cp nhng kin
thc qy bu, to mi iu kin thun li v gp trong sut qu trnh hc tp
cho sinh vin chng em thc hin ti tt nghip c thun li.
Chng em s s dng m hnh mng sau trin khai ti.
SVTH: V Cng Dun Nguyn Anh Tun Trang 7
7/27/2019 Xy Dng H Thng Linux
8/178
GVHD: Ths.L Quc Tun
Chng 1. S lc v Linux
1.1 Lch s
- Nm 1991, Linus Torvalds, sinh vin ca i hc Tng hp Helsinki Phn Lan
bt u xem xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu
cch to ra mt h iu hnh Unix chy trn my PC vi b vi x l Intel 80386.
- Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix v
d nh ca mnh v Linux.
- 1/1992, Linus cho ra version 0.02 vi shell v trnh bin dch C. Linux khng
cn Minix na bin dch li h iu hnh ca mnh. Linus t tn h iu hnhca mnh l Linux.
- 1994, phin bn chnh thc 1.0 c pht hnh.
- 1996, phin bn 2.0 ra i nh du s thay i ln trong cu trc kernel
- Tnh n thi im hin ti, phin bn n nh mi nht ca Linux kernel l
2.6.33.3.
Di y l 1 email Linus Torvalds vi thng trc khi cng b phin bn kernel
Linux u tin:From: [email protected] (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Message-ID:
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki
Hello everybody out there using minix -
I'm doing a (free) operating system (just a hobby, won't be big and
professional like gnu) for 386(486) AT clones. This has been brewing
since april, and is starting to get ready. I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).
I've currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I'll get something practical within a few months, and
I'd like to know what features most people would want. Any suggestions
are welcome, but I won't promise I'll implement them :-)
SVTH: V Cng Dun Nguyn Anh Tun Trang 8
7/27/2019 Xy Dng H Thng Linux
9/178
Shell ng dngTin ch
Kernel
Phn cng
Ngi dng
GVHD: Ths.L Quc Tun
Linus ([email protected])
PS. Yes - it's free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that's all I have :-(.
Judging from the post, 0.01 wasn't actually out yet, but it's close.
I'd guess the first version went out in the middle of September -91. I
got some responses to this (most by mail, which I haven't saved), and
I even got a few mails asking to be beta-testers for linux. After that
just a few general answers to quesions on the net:
1.2 Kin trc HH Linux:
SVTH: V Cng Dun Nguyn Anh Tun Trang 9
Hnh 1. Kin trc Linux
7/27/2019 Xy Dng H Thng Linux
10/178
GVHD: Ths.L Quc Tun
1.2.1 Nhn (Kernel)
L trung tm iu khin ca h iu hnh Linux, cha cc m ngun iu
khin hot ng ca ton b h thng. Ht nhn c pht trin khng ngng,
thng c 2 phin bn mi nht, mt bn dng pht trin mi nht v mt bn
n nh mi nht. Kernel c thit k theo dng modul, do vy kch thc
tht s ca Kernel rt nh. Chng ch ti nhng b phn cn thit ln b nh, cc b
phn khc s c ti ln nu c yu cu s dng. Nh vy so vi cc h iu hnh
khc Linux khng s dng lng ph b nh nh khng ti mi th ln m khng cn
quan tm n c s dng khng. Kernel c xem l tri tim ca h iu hnh Linux,
ban u pht trin cho cc CPU Intel 80386. im mnh ca loi CPU ny l kh
nng qun l b nh. Kernel ca Linux c th truy xut ti ton b tnh nng phn
cng ca my.
Phin bn kernel thay i theo quy c: A.B.C.D.
Trong :
- A: phin bn ca kernel - ch thay i khi c thay i rt ln v nh ngha
hoc trong code ca kernel. Ch c 2 ln xy ra s thay i phin bn kernell vo nm 1994 (version 1.0) v 1996 (version 2.0).
- B: thay i khi kernal c nhng thay i ln - vic thay i ca B tun theo
h thng nh s phin bn chn - l. S l cho phin bn ang pht trin, s
chn cho phin bn n nh.
V d: 2.6.x l phin bn n nh, 2.5.x l phin bn ang pht trin.
- C: thay i khi c nhng thay i nh, khng ng k trong kernel.
- D: thay i khi c bug nh hoc cc sercurity fix.
SVTH: V Cng Dun Nguyn Anh Tun Trang 10
7/27/2019 Xy Dng H Thng Linux
11/178
GVHD: Ths.L Quc Tun
1.2.2 Shell
L 1 trnh phin dch, cung cp tp lnh ngi dng thao tc vi h iu
hnh nhm thc hin cng vic ca mnh.
C nhiu loi shell c dng trong Linux. im quan trng phn bit cc shell
vi nhau l b lnh ca mi shell. V d, C shell (csh) s dng cc lnh tng t
ngn ng C, Bourne Shell th dng ngn ng lnh khc.
SVTH: V Cng Dun Nguyn Anh Tun Trang 11
Hnh 2. Tin trnh pht trin Linux kernel.
7/27/2019 Xy Dng H Thng Linux
12/178
GVHD: Ths.L Quc Tun
Shell s dng chnh trong Linux l GNU Bourne Again Shell (bash). Shell ny
Bourne Shell, l shell s dng chnh trong cc h thng Unix, vi nhiu tnh nng
mi nh : iu khin cc tin trnh, cc lnh history, tn tp tin di
1.2.3 Cc tin ch
Cc tin ch c ngi dng thng xuyn s dng. N dng cho nhiu th
nh thao tc tp tin, a, nn, sao lu tp tin, Tin ch trong Linux c th l cc
lnh thao tc hay cc chng trnh giao din ha. Hu ht cc tin ch dng trong
Linux l sn phm ca chng trnh GNU.
Linux c sn rt nhiu tin ch nh trnh bin dch, trnh g li, son vn bn.
Tin ch c th c s dng bi ngi dng hoc h thng. Mt s tin ch c
xem l chun trong h thng Linux nh passwd, ls, ps, vi
1.2.4 Chng trnh ng dng
Khc vi cc tin ch, cc ng dng nh chng trnh OpenOffice, h qun
tr c s d liu, mail, chat ... c cc cng ty vit v pht trin p ng nhu
cu phong ph ca ngi dng. V tt nhin hu ht chng min ph!
1.3 Nhng im khc nhau gia Linux & Windows
1.3.1 n ngi dng a ngi dng
Windows c thit k theo trit l mt my tnh, mt bn lm vic v mt
ngi s dng ca Bill Gates. Ngha l hai ngi khng th s dng Microsoft
Word trn cng mt my vo cng mt thi im hay ngn gn l single user
(mc d sau ny thut ng multitasking c s dng rng ri trn Windows 95,
nhng n thc s c dng trn UNIX t rt lu trc 1969!).
Ngc li, Linux li theo trit l ca UNIX. UNIX c pht trin vo nhng 60
ca th k 20 ti AT&T Bell Labs, v c s dng trn my PDP-7 dng chung
cho tt c cc phng ban. V th, UNIX c thit k cho php nhiu ngi dng
(multiple users) c th login vo my ch vo cng mt thi im.
SVTH: V Cng Dun Nguyn Anh Tun Trang 12
7/27/2019 Xy Dng H Thng Linux
13/178
GVHD: Ths.L Quc Tun
1.3.2 Monolithic Kernel v Micro Kernel
C hai dng kernel c s dng trn cc h iu hnh khc nhau: monolithic
kernel v micro-kernel. Monolithic kernel cung cp tt c cc dch v cho cc ng
dng m ngi dng cn, ngc li micro-kernel ch gi mt phn nh cc dch v
v cc module thc hin cc chc nng khc.
Hu ht cc bn phn phi Linux u chp nhn kin trc monolithic kernel
gii quyt mi li gi h thng v phn cng. Trong khi , Windows s dng dng
micro-kernel ch cung cp mt phn nh dch v cho vic qun l tin trnh, qun
l nhp/xut (I/O),
1.3.3 GUI v Kernel
Windows tch hp GUI vo h thng nhn di s chp nhn ca h thng
cho ra i n Macintosh ca Apple. iu ny gip h iu hnh v giao din
ngi dng mang tnh thng nht cao.
Mt khc, Linux gi hai thnh phn ny giao din ngi dng v h iu hnh
ring bit nhau. X Windows khi chy ging mt ng dng ngi dng (user-
level application); nu GUI v mt l do no b li, Linux s khng b v theoli , n n gin gi mn hnh Terminal ln bn tip tc thc hin cng vic
ca mnh (c im ny khc hon ton vi GUI ca Windows ni thng xuyn
xut hin mn hnh xanh nu c li h thng!).
Tnh nng quan trng nht ca X Windows l kh nng hin th mn hnh
qua mng trn mn hnh ca my trm khc. iu ny cho php nhiu ngi dng
truy cp vo cng mt my, cng chy OpenOffice vo cng mt thi im.
Ngoi ra, X Window cn phong ph s lng trnh qun l file m ph
bin nht hin nay l GNOME v KDE.
1.3.4 Registry v Text file
H iu hnh Windows s dng Registry gm hng ngn entry qun l tt c
cc thng tin v ngi dng, thng tin h thng, Vic qun l registry cc k kh
v nguy him. Bt k s thay i registry no cng c th gy ra li nguy him cho
h thng, thm ch phi ci li h iu hnh.
SVTH: V Cng Dun Nguyn Anh Tun Trang 13
7/27/2019 Xy Dng H Thng Linux
14/178
GVHD: Ths.L Quc Tun
Linux khng qun l h thng bng registry. iu ny em li c tin li ln
nhng tai ha tim n. Tin li ch cc file cu hnh hu ht c lu trong cc
file text v c t trong th mc /etc. Nh vy bn hon ton c th s dng mt
trnh son tho chnh sa file cu hnh mt cch d dng m khng phi hoa mt
tm kim nh trong Registry. Nhng file cu hnh ny him khi b thay i, hn na
n dng file text nn rt d dng xem khi cn thit. Thm ch c th vit script
c hoc chnh sa file cu hnh iu ny c bit hu dng cho cc qun tr
vin khi qun tr h thng server mt cch t ng.
Tai ha ch khng c bt k tiu chun no cho vic vit file cu hnh. Mi
ng dng c mt nh dng ring ca n, nhiu ng dng hin nay s dng cccng c ci t dng GUI, ngoi ra c th bn phi ci t ng dng thng qua
source code vi rt nhiu bc phi thc hin c th ci t ng dng mt cch
thnh cng.
SVTH: V Cng Dun Nguyn Anh Tun Trang 14
7/27/2019 Xy Dng H Thng Linux
15/178
root
sbin usr dev var etc home
sbin bin lib doc man
GVHD: Ths.L Quc Tun
Chng 2: Linux c bn
2.1 H thng th mc trong Linux
2.1.1 Cc th mc h thng
Trong Linux khng c khi nim a nh trong Windows, tt c cc tp tinth mc bt u t th mc gc (/).H thng th mc trong linux c biu dinnh sau:
H iu hnh Linux hnh thnh t nhiu th mc v tp tin khc nhau. Cc th
mc c th lp thnh nhiu file system khc nhau, ty vo cch ci t. Nhn chung,a phn h iu hnh nm hai file system: root file system (file system gc) c
k hiu l /, v mt file system khc c kt ni theo /usr.
Th mc Chc nng/root Th mc gc, bt u cu trc file/sbin Cha cc file h thng dng khi ng h thng/usr Cha cc file, cu lnh c h thng s dng, th mc ny
c chia thnh cc th mc con khc.
/dev Cha giao din cho cc thit b nh cdrom,my in./etc Cha cc tp tin tu bin ca c h thng. Nhng tp tin trong
ny iu khin c qu trnh khi ng my, qun l users, qun l
mng .../home Cha th mc gc ca ngi dng/var Cha cc file ng nhp h thng
Trong th mc /dev cha cc file c bit gi l device files (file thit b,
c h thng s dng chy cc phn cng. V d file /dev/cdrom s c thng
tin t cdrom. Khi t chc s dng phn cng theo cch ny, Linux lm cho vic
tng tc vi phn cng trng ging nh mt phn mm.
SVTH: V Cng Dun Nguyn Anh Tun Trang 15
7/27/2019 Xy Dng H Thng Linux
16/178
GVHD: Ths.L Quc Tun
Cc thit b thng dng cha trong th mc /dev
File thit b Chc nng
/dev/console Bn giao tip h thng, l mn hnh ni kt vt l vi h thng/dev/hd*
Giao din driver cho cc cng IDE. Thit b /dev/hda1 ch partition u tin trn cng had. Thit b /dev/had ch ton b cng hda.
/dev/sd*Giao din driver cho cc a SCSI. Nhng a v partition ny c cng quy cvi thit b IDE /dev/hd*.
/dev/fd* Driver thit b h tr a mm. a mm u tin l /dev/fd0, th hai l /dev/fd1.
/dev/st* Driver thit b cho cng bng t SCSI.
/dev/tty*
Driver cung cp nhiu loi thit b giao tip khc nhau cho user nhp liu. S d vittt l tty bi v trc kia cc terminal dng teletype u mc ni vi h iu hnh
UNIX. Vi Linux, nhng tp tin ny h tr cc thit b giao tip o, m bn c thtruy cp bng cch bm t cho n . Thit b giao tip o cho php nhiu user ngnhp cng lc.
/dev/pty*Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng
phin ng nhp qua Telnet.
/dev/ttyS*Cc cng giao din ni tip trn my bn. File /dev/ttyS0 tng ng COM1 ca MS-DOS. Nu bn s dng chut ni tip, th file /dev/mouse l mt lin kt tng trng,ni vi thit b ttyS tng ng (Chut ni kt vi thit b ny.)
/dev/cua* Cc thit b c bit gi ra ngoi dng vi modem
/dev/null
Mt thit b rt c bit, ch yu l mt l en. Tt c cc d liu ghi vo /dev/null
xem nh b mt vnh vin. Vic ny hu ch khi bn mun chy mt cu lnh v thtiu stdout hoc stderr. V nu /dev/null dng lm file nhp, bn s to ra mt file c di zero.
Tt c d liu trn cc partition c gn kt vo cy th mc, gi l mount.
Khi chng ta ghi d liu vo trong th mc tc l chng ta ghi d liu ln partition
m th mc gn kt vo.
Th mc /usr v cc th mc con rt quan trng cho h thng Linux, bi v
cha ng nhiu th mc trong c nhng chng trnh cn thit nht cho hthng. Nhng th mc cp di ca /usrcha cc gi phn mm ln m bn cit.
Cc th mc th cp quan trng trong file system /usr.
Th mc thcp
Chc nng
/usr/bin Lu nhiu file thi hnh ca h thng.
/usr/etc Lu nhiu file cu hnh h thng
/usr/includeTi y v trong nhiu th mc cp di ca /usr/include l ni lu tt c cc filekm theo b bin dch C. Nhng file header ny nh ngha cc hng v hm dng
SVTH: V Cng Dun Nguyn Anh Tun Trang 16
7/27/2019 Xy Dng H Thng Linux
17/178
GVHD: Ths.L Quc Tun
trong lp trnh bng C.
/usr/g++-include
Lu cc file km theo b bin dch C.
/usr/lib Cha cc th vin chng trnh s dng trong khi kt ni
/usr/share/manCha cc trang th cng cho chng trnh. Bn di /usr/share/man l nhiu thmc tng ng vi cc on trong trang man.
/dev/pty*Driver h tr terminal gi, dng cho vic ng nhp t xa, chng hn nh nhng
phin ng nhp qua Telnet.
/usr/srcCha cc th mc m ngun ca nhiu chng trnh trn h thng. Nu nhn cgi phn mm ch ci t, bn nn lu vo /usr/src/tn-gi trc khi ci t.
/usr/localDnh ring cho vic thit k hoc ty chnh cc ng dng cho ph hp vi hthng my bn. Nhn chung, hu ht phn mm dng ti ch c lu trong ccth mc cp di ca th mc ny
C s tng ng trong cu trc file v th mc ca linux v windown nh sau:
2.1.2 Cu trc tp tin
- Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc.H thng tp tin c bn ca Linux l ext2 v ext3 (hin ti l ext3). H thng tp tinny cho php t tn tp tin ti a 256 k t v kch thc ti a l 4terabytes. MS-DOS dng truy cp trc tip nhng tp tin MS-DOS. Bn cnh , Linux cn h
SVTH: V Cng Dun Nguyn Anh Tun Trang 17
7/27/2019 Xy Dng H Thng Linux
18/178
GVHD: Ths.L Quc Tun
tr vfat cho php t tn tp tin di i vi nhng tp tin MS-DOS v nhngpartition FAT32.
- Khi to 1 tp tin n s bao gm 3 phn :
o Super block
o Inode
o Storage block
- Super Block: l mt cu trc c to ti v tr bt u h thng tp tin. Nlu tr thng tin v h thng tp tin nh: Thng tin v block-size, free block, thigian gn kt(mount) cui cng ca tp tin.
- Inode (256 byte): Lu nhng thng tin v nhng tp tin v th mc c tora trong h thng tp tin. Nhng chng khng lu tn tp tin v th mc thc s.Mi tp tin to ra s c phn b mt inode lu thng tin sau:
o Loi tp tin v quyn hn truy cp tp tin
o Ngi s hu tp tin.
o Kch thc ca tp tin v s hard link n tp tin.
o Ngy v thi gian chnh sa tp tin ln cui cng.
o V tr lu ni dung tp tin trong h thng tp tin.
- Storageblock: L vng lu d liu thc s ca tp tin v th mc. N chiathnh nhng Data Block. D liu lu tr vo a trong cc data block. Mi blockthng cha 1024 byte. Ngay khi tp tin ch c 1 k t th cng phi cp pht 1
block lu n. Khng c k t kt thc tp tin. Data Block ca tp tin thngthng lu inode ca tp tin v ni dung ca tp tin Data Block ca th mc ludanh sch nhng entry bao gm inode number, tn ca tp tin v nhng th mc
con.
2.2 Qun l ngi dng v nhm
2.2.1 Xem thng tin ngi dng
Thng tin ngi dng c lu ch yu trong 3 file: /etc/passwd , /etc/shadow ,
/etc/group.
SVTH: V Cng Dun Nguyn Anh Tun Trang 18
7/27/2019 Xy Dng H Thng Linux
19/178
GVHD: Ths.L Quc Tun
Tp tin /etc/passwd
L ni cha ng thng tin d liu ti khon ngi dng trn linux di dng vnbn.
Cu trc file /etc/passwd :
- Xem file /etc/passwd
[root@server1 ~]# cat /etc/passwd
Khi s hin ln cc thng tin v user nh
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
Tp tin /etc/shadow
L ni cha mt khu c m ha ca cc ti khon.
- Cu trc file /etc/shadow :
SVTH: V Cng Dun Nguyn Anh Tun Trang 19
7/27/2019 Xy Dng H Thng Linux
20/178
GVHD: Ths.L Quc Tun
- Xem file /etc/shadow :
[root@server1 ~]# cat /etc/shadow
- Khi ta s quan st c cc ti khon vi mt kh b m ha
root:$1$m3MGmRC/$9NBZi2vWtpngNk.LXrMvn.:14761:0:99999:7:::
bin:*:14761:0:99999:7:::
daemon:*:14761:0:99999:7:::
xfs:!!:14761:0:99999:7:::
gdm:!!:14761:0:99999:7:::
- Khi quan st file shadow chng cn cho ta bit thm thng tin ti khon c b v hiu ha khng.Nu bt u bng * th ti khon b kha cn nu btu bng !! th n ch b tm kha thi.Ch khi no bt u bng $ th ti khon miht kha.
Tp tin /etc/groupNgoi cc tp tin cha thng tin v ti khon chng ta cn c gfile cha thng tin vnhm.
- Cu trc file /etc/group :
SVTH: V Cng Dun Nguyn Anh Tun Trang 20
7/27/2019 Xy Dng H Thng Linux
21/178
GVHD: Ths.L Quc Tun
- Xem file /etc/group :
[root@server1 ~]# cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
nat:x:500:
2.2.2 Qun l ngi dng
To ti khon ngi dng
Chng ta c th to 1 user bng cch thc hin c php lnh useradd optiontn_ti_khon.
- Vi cc option sau:
Ty chn M t
-d homedir Thit lp th mc home cho ngi dng mc nh khi to 1 ngi dngth s c to 1 th mc trong home/tn login
-e mm/dd/yy Thit lp ngy ht hn cho ngi dng
-f days Thit lp s ngy sau khi passwork ht hn s dng.
-g group Thit lp tn group m ngi dng l thnh vin.
-G group Thm ngi dng vo cc group.
SVTH: V Cng Dun Nguyn Anh Tun Trang 21
7/27/2019 Xy Dng H Thng Linux
22/178
GVHD: Ths.L Quc Tun
-m To th mc home cho ngi dng nu n khng c.
-M Khng to th mc home ca ngi dng.
-s shell Thit lp shell ca ngi dng.Mc nh l /bin/bash-u userid Mc nh ly s ID tip theo gn cho user.
[root@server1 ~]# useradd cn06
- Sau khi to ti khon xong chng ta c th ln lt kim tra cc file qun lngi dng nh:
o File /etc/passwd :cn06:x:501:501::/home/cn06:/bin/bash
o File /etc/shadow
cn06:!!:14840:0:99999:7:::
- Mc nh cc ti khon mi lp thng th ti khon ngi dng b disablecho ti khi bn t mt khu cho ti khon .
- Khi va to ti khon ta kim tra trong /etc/passwd :
cn06:x:501:501::/home/cn06:/bin/bash
- Khi to user m khng ch ra home directory th homedir mc nh nmtrong th mc home
- Hay trong /etc/shadow
cn06:!!:14840:0:99999:7:::
- Ta thy cn06:!! C ngha ti khon vn b tm kha do chng ta cha t mtkhu.
- Trong /etc/group :
cn06:x:501:
- Khi to 1 user m khng ch r userID th h thng t t userID>=500.
- Khi to user vi userID = 0 th n c quyn ngang vi root.
SVTH: V Cng Dun Nguyn Anh Tun Trang 22
7/27/2019 Xy Dng H Thng Linux
23/178
GVHD: Ths.L Quc Tun
t mt khu cho ti khon
- s dng c ti khon ta tin hnh t mt khu cho ti khon mi tovi lnh passwd
[root@server1 ~]# passwd cn06
Changing password for user cn06.
New UNIX password:
BAD PASSWORD: it is too simplistic/systematic
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
- Khi bn t mt khu qu n gin h thng s nhc nh bn bo mthn.Bn c th thay i mt khu nu thy n qu n gin hay cn thay i.Victhay i ging nh bn t mi mt khu.
Thay i thng tin ngi dng
- Vic ny cng rt cn thit khi qun tr mng lc ngi dng thay i.Bngcch s dng lnh usermod chng ta c th thay i thng tin ngi dng.Mun
bit r lnh ny chng ta dng lnh man usermod :
USERMOD(8) System Management Commands USERMOD(8)
NAME
usermod - modify a user account
SYNOPSIS
usermod [options] LOGIN
DESCRIPTIONThe usermod command modifies the system account files to reflect the
changes that are specified on the command line.
OPTIONS
The options which apply to the usermod command are:
-a, --append
Add the user to the supplemental group(s). Use only with -G option.
-c, --comment COMMENT
SVTH: V Cng Dun Nguyn Anh Tun Trang 23
7/27/2019 Xy Dng H Thng Linux
24/178
GVHD: Ths.L Quc Tun
The new value of the users password file comment field. It is
normally modified using the chfn(1) utility.
-d, --home HOME_DIR
The users new login directory. If the -m option is given the
contents of the current home directory will be moved to the new home
directory, which is created if it does not already exist.
-e, --expiredate EXPIRE_DATE
The date on which the user account will be disabled. The date is
specified in the format YYYY-MM-DD.
-f, --inactive INACTIVEThe number of days after a password expires until the account is
permanently disabled. A value of 0 disables the account as soon as
the password has expired, and a value of -1 disables the feature.
The default value is -1.
-g, --gid GROUP
:
- Nh thay i thng tin home directory ca user cn06 l home/userCNTT
[root@server1 ~]# usermod -d /home/userCNTT cn06
Xa ti khon ngi dng
- C php : userdel [-r] tn_ti_khon
- Vi r s dng khi mun xa lun th mc home ca ngi dng
root@server1 ~]# userdel r cn06
Kha v m kha ti khon ngi dng
- Kha user ta dng lnh : passwd l tn_ti_khon hoc c th dng lnhusermod
[root@server1 ~]# passwd -l cn06
Locking password for user cn06.
passwd: Success
SVTH: V Cng Dun Nguyn Anh Tun Trang 24
7/27/2019 Xy Dng H Thng Linux
25/178
GVHD: Ths.L Quc Tun
- m kha ta dng lnh : passwd u tn_tn_khon
[root@server1 ~]# passwd -u cn06
Unlocking password for user cn06.passwd: Success.
To nhm ngi dng
- Tng t vi ngi dng nhm ngi dng cng c cc lnh tng t.to 1 nhm ta dng lnh sau : groupadd option tn_nhm
- Vi cc tau chn sau :
Ty chn M t
-g gid Thit lp gid mi.Mc nh s chonk gid t ng.
-r Mc nh s c gn id ln hn 499 khi s dng ty chn nycho php thm vo system group thng ID nh hn 499
-f Khi s dng ty chn ny th h thng s khng bo li nu nh chnh tn nhm c trong h thng.
[root@server1 ~]# groupadd cntt
- Chng ta tin hnh kim tra trong file /etc/group :
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
..
cn06:x:501:
cntt:x:502:
Thay i thng tin nhm
- Dng lnh groupmod modify group vi 2 ty chn l:
i. g : GID (group ID)
ii. n : New group name
SVTH: V Cng Dun Nguyn Anh Tun Trang 25
7/27/2019 Xy Dng H Thng Linux
26/178
GVHD: Ths.L Quc Tun
- Thay i tn nhm
[root@server1 ~]# groupmod -n gtvt cntt
- Thay i gid ca nhm :
[root@server1 ~]# groupmod -g 112 gtvt
- Xa nhm
[root@server1 ~]# groupdel gtvt
2.2.3 Cc lnh v tp tin v th mc
To th mc : mkdir
C php : mkdir tn_th_ mc
V d to th mc c tn cn06
[root@server1 ~]# mkdir cno6
Khi 1 th mc c tn cn06 s c to ra trong th mc hin hnh:
Hnh 3: To th mc
Mun to th mc 1 th mc khc ta thm ng dn ti th mc
[root@server1 ~]# mkdir /root/cno6/cn06a
Xa 1 th mc : rmdir
C php : rmdir th_mc
[root@server1 ~]# rmdir /root/cno6/cn06a
V d xa th mc cn06a
Thay i th mc : cd ng_dn _ti_th_mc
V d : Chuyn n th mc cn06
SVTH: V Cng Dun Nguyn Anh Tun Trang 26
7/27/2019 Xy Dng H Thng Linux
27/178
GVHD: Ths.L Quc Tun
[root@server1 ~]# cd /root/cno6
C 1 s k hiu c bit nh :
cd ~ : Chuyn n th mc home. cd / : Chuyn n th mc root.
cd - : Chuyn n th mc trc ca bn.
cd .. : Chuyn n th mc cha ca th mc hin hnh.
[root@server1 cno6]# cd ~
[root@server1 ~]# cd -
/root/cno6
[root@server1 cno6]# cd ..
[root@server1 ~]#
Hin th thng tin tp tin th mc: ls option tn_file
- Vi cc ty chn nh sau :
Option ngha
-L Hin th danh sch tn cc file-l Hin th danh sch file : tn,kch thc, ngy to .-a Lit k tt c cc file bao gm c file n.-R Lit k tt c cc file k c trong th mc con.
- Xem danh sch cc file trong th mc gc
[root@server1 ~]# ls -l /
total 138
drwxr-xr-x 2 root root 4096 Aug 12 04:29 bin
drwxr-xr-x 4 root root 1024 Jun 1 07:43 boot
drwxr-xr-x 11 root root 4000 Aug 12 01:33 dev
drwxr-xr-x 91 root root 12288 Aug 20 09:07 etc
Lit k th mc :
[root@server1 ~]# ls -l /root/cno6/
total 16
-rw------- 1 root root 0 Aug 20 09:35 cn06a
-rw------- 1 root root 16 Aug 20 09:36 cn06b
SVTH: V Cng Dun Nguyn Anh Tun Trang 27
7/27/2019 Xy Dng H Thng Linux
28/178
GVHD: Ths.L Quc Tun
To tp tin
Dng lnh echo :
[root@server1 ~]# echo "luan van tot nghiep">/root/cn06/baocao.txt
- thm vo tp tin ny ta dng >>:
[root@server1 ~]# echo "mang may tinh" >>/root/cn06/baocao.txt
- Ngoi ra ta cng c th to tp tin rng vi lnh touch :
[root@server1 ~]# touch /root/cn06/baocaothu.txt
Xem ni dung tp tin- C nhiu lnh xem tp tin ta c th s dng nhiu lnh : cat,more,less,tail,
[root@server1 ~]# cat /root/cn06/baocao.txt
luan van tot nghiep
mang may tinh
Sao chp
- sao chp tp tin ta sng lnh cp
[root@server1 ~]# cp /root/cn06/baocao.txt /root/userCNTT/
- Chng ta c th sng k t ? v * copy nhiu tp tin v th mc.copy th mc ta c th dng ty chn R
[root@server1 ~]# cp -R /root/cn06/ /root/userCNTT/
Di chuyn
- di chuyn tp tin th mc ta s dng lnh mv
[root@server1 ~]# mv /root/cn06/baocao.txt /root/userCNTT/
- Tng t ta cng di chuyn th mcvi mv.Ta cng c th s dng ? v* di chuyn nhiu tp tin th mc.Ngoi ra vi lnh mv ta cng c th i tntp tin th mc.
[root@server1 ~]# mv /root/userCNTT/ /root/CNTT/
Xa tp tin : rm- Xa tp tin bo co th trong cn06
SVTH: V Cng Dun Nguyn Anh Tun Trang 28
7/27/2019 Xy Dng H Thng Linux
29/178
GVHD: Ths.L Quc Tun
[root@server1 ~]# rm /root/cn06/baocaothu.txt
rm: remove regular empty file `/root/cn06/baocaothu.txt'? y
- Nu mun xa m khng cn hi ta dng ty chn f[root@server1 ~]# rm -f /root/cn06/cn06a.txt
Xa th mc rng : rmdir
[root@server1 ~]# rmdir /root/totnghiep
[root@server1 ~]# rmdir /root/totnghiep
Xem th mc hin hnh: pwd
[root@server1 ~]# pwd
/root
Trnh son tho vi
- Vi l trnh son tho vn bn, bao gm 2 ch :
o Ch son vn bn (insert mode) thay i ni dung file
o Ch lnh (command mode) dng cc lnh thot, di chuyn con
tr, xa to 1 file ta dng c php sau :
#vi tn_tp_tin
[root@server ~]# vi cn06.txt
- Khi trnh son tha s xut hin :
- T ch ny ta c th nhn phm a bt u ni thm vn bn vo sau
con tr nhn ch i chn k t vo trc con tr. thot khi ch son thonhn ESC.
SVTH: V Cng Dun Nguyn Anh Tun Trang 29
7/27/2019 Xy Dng H Thng Linux
30/178
GVHD: Ths.L Quc Tun
- Chng ta c cc ch lnh :
o :q! Thot khng lu
o :w Lu
o :wq Lu v thot
o Dw Xa n cui 1 t t v tr con tr
o d$ Xa t v tr con tr ti cui dng
o x Xa k t ngay ti v tr con tr
o dd Xa nguyn dng ti v tr con tro ndd Xa n dng ti v tr con tr
o Y Copy dng cha con tr vo clipboard
Lit k file trong th mc
C php tng qut : #locate tn_file
[root@server ~]# locate ifconfig
/sbin/ifconfig
/usr/share/man/de/man8/ifconfig.8.gz
/usr/share/man/fr/man8/ifconfig.8.gz
/usr/share/man/man8/ifconfig.8.gz
/usr/share/man/pt/man8/ifconfig.8.gz
Cc lnh iu khin truy cp tp tin v th mc
- Trong linux quyn truy cp c chia lm 3 nhm l owner, group vothers.Vi 3 quyn l read(r), write(w) v execute (x) c gn cho mi nhm nh
bng sau :
Owner Group Others
rwx rwx rwx
- Quyn truy cp c th gn theo k t hoc s .
- Theo k t ta c bng sau :
r Nhng ai c quyn ny th c quyn m v c ni dung tp tin
SVTH: V Cng Dun Nguyn Anh Tun Trang 30
7/27/2019 Xy Dng H Thng Linux
31/178
GVHD: Ths.L Quc Tun
w Nhng ai c quyn ny th c quyn vit v c ni dung tp tin
x Nhng ai c quyn ny th c quyn thc thi vi tp tin hoc c vi thmc
- Trng hp gn theo s :
4 C quyn c
2 C quyn vit
1 C quyn thc thi
a. Thay i quyn truy cp vi chmod:
C php tng qut nh sau :
chmod [quyn truy cp] [tp tin hoc th mc]
Vi quyn truy cp ta c th cng dn cc quyn trn to quyn ln hn.
[root@server ~]# chmod 764 cn06.txt
o 7 = 4 + 2 + 1c quyn c vit v thc thi trn owner.
- 6o 6 = 4 + 2 c quyn c v vit trn group.
o 4 c quyn c trn others.
- Chng ta c th sem li quyn tp tin
[root@server ~]# ls -l cn06.txt
-rwxrw-r-- 1 root root 26 Sep 12 10:55 cn06.txt
b. Thay i quyn s hu tp tin hay th mc vi chown :
- C php tng qut :
chown [-R] [user:group] filename
- Ty chn R c s dng trong trng hp mun chuyn quyn s hu ivi th mc ch nh v tt c tp tin v th mc trong th mc .
- Chuyn quyn s hu cho user :
[root@server ~]# chown cn06 cn06.txt
SVTH: V Cng Dun Nguyn Anh Tun Trang 31
7/27/2019 Xy Dng H Thng Linux
32/178
GVHD: Ths.L Quc Tun
- Chuyn quyn s hu cho user v nhm user :
[root@server ~]# chown cn06:cntt cn06.txt
- Vi lnh ny ta chuyn quyn s hu tp tin cn06.txt cho ngi dngcn06 v nhm cntt.
- Chuyn quyn s hu cho user nh sau
[root@server ~]# chown cn06 test.txt
c. Thay i nhm s hu tp tin hay th mc vi chgrp :
- C php tng qut ;
chgrp [-R] [groupname] filename- Ty chn R s dng khi mun chuyn quyn s hu i vi th mc v tt
c th mc tp tin trong .
- Chuyn quyn s hu cho nhm ;
[root@server ~]# chgrp cntt cn06.txt
2.2.4 Qun l a v qun l quota
S dng mount v unmount
- Trong linux ch c th mc khng c khi nim a nn mun s dng thitb no nh USB hay cdrom th phi gn kt n vo th nc no c th sdng.
- S dng mount gn kt a.
- C php tng qut : mount t vfstype devicefile ng_dn_gn_kt
- Vi cc ty chn nh sau :
-t :Gn kt kiu h thng file trn thit b do vfstype quyt nh
Vfstype : Bao gm cc h thng file c bn sau :
Kiu M tAuto T ng xc nh h thng tp tinMsdos H thng tp tin trn Dos
ext3 H thng tp tin chun ca linuxVfat H thng tp tin b tr Windows
SVTH: V Cng Dun Nguyn Anh Tun Trang 32
7/27/2019 Xy Dng H Thng Linux
33/178
GVHD: Ths.L Quc Tun
95,98,MeNtfs nh dng NTFS ca windowsNfs nh dng file truy xut qua mngIso9660 nh dng h thng file cho cdrom
devicefile : ng dn ti thit b
V d : /dev/cdrom
mout a cdrom ta c th lm nh sau:
[root@server ~]# mount /dev/cdrom /mnt/
mount: block device /dev/cdrom is write-protected, mounting read-only
- S dng unmount g b gn kt a :
C php : unmount device/mountpoint
[root@server ~]# umount /mnt/
Cc lnh qun l a v phn vng
- K hiu cc a:
K hiu Thit b
hda Primary matter
hdb Primary slave
hdc Secondary master
hdd Secondary slave
sda First SCSI disk
sdb Second SCSI disk
- Cc phn vng :
K hiu Phn vng
hda1 Phn vng u tin trn a th nht
hda2 Phn vng th 2 trn a th nht
sdc3 Phn vng th 3 trn a SCSI
- Lnh fdisk : Hin th cc phn vng h thng .
SVTH: V Cng Dun Nguyn Anh Tun Trang 33
7/27/2019 Xy Dng H Thng Linux
34/178
GVHD: Ths.L Quc Tun
[root@server ~]# fdisk -l
Disk /dev/sda: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 6 48163+ 83 Linux
/dev/sda2 7 515 4088542+ 83 Linux
/dev/sda3 516 776 2096482+ 82 Linux swap/ Solaris
/dev/sda4 777 2610 14731605 5 Extended
/dev/sda5 777 2610 14731573+ 83 Linux
- Lnh du : Qun l dung lng a h thng ta dng
[root@server ~]# df -l
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 3960348 2273036 1482888 61% /
/dev/sda5 14270000 168192 13365232 2% /home
/dev/sda1 46633 10651 33574 25% /boot
tmpfs 517620 0 517620 0% /dev/shm
/dev/hdc 103324 103324 0 100%/media/VMware Tools
- Lnh du : Hin th dung lng file
o C php : du sh file
-s : Hin th tng dung lng file
-h : In ra kiu dung lng tng file nh
[root@server ~]# du -sh /etc/
149M /etc/
Gii hn khng gian a vi quota
- Vi mi trng lm vic a nhim, nhiu ngi dng nh Linux m bo
h thng lm vic th vic theo di thng tin s dng file system ca h thng cng
SVTH: V Cng Dun Nguyn Anh Tun Trang 34
7/27/2019 Xy Dng H Thng Linux
35/178
GVHD: Ths.L Quc Tun
nh vic t gii hn s dng file system ca h thng l rt cn thit t bit ivi h thng c dung lng a gii hn v s lng ngi dng.
- Quota l mt cng c cho php gii hn user/group s dng ti nguyn a
cng c tch hp sn trong Linux.
- File /etc/fstab l ni cu hnh nhng phn vng no c t ng mount voth mc khi h thng boot.
[root@server ~]# cat /etc/fstab
LABEL=/ / ext3defaults 1 1
LABEL=/home /home ext3
defaults 1 2
LABEL=/boot /boot ext3defaults 1 2
tmpfs /dev/shm tmpfsdefaults 0 0
devpts /dev/pts devptsgid=5,mode=620 0 0
sysfs /sys sysfsdefaults 0 0
proc /proc procdefaults 0 0
LABEL=SWAP-sda3 swap swap defaults0 0
- bt cng c disk quota cho th mc nh th mc /home bn cn khai bothm ty chn usrquota.
LABEL=/home /home ext3
defaults,usrquota 1 2
- m bo vic sa trn file fstab c hiu qu ta thc hin mount li thmc home.
[root@server ~]# mount -o remount /home
- S dng quotacheck to file quota ca ngi dng hoc nhm.
[root@server ~]# quotacheck avugm
quotacheck: Scanning /dev/sda5 [/home] quotacheck: Old group filenot found. Usage will not be substracted.
SVTH: V Cng Dun Nguyn Anh Tun Trang 35
7/27/2019 Xy Dng H Thng Linux
36/178
GVHD: Ths.L Quc Tun
Vi cc option sau :
Ty chn Chc nng-a Scan tt c h thng tp tin bt quota trong /etc/mtab
-v Hin th qu trnh trong khi scan-u Qut quota ca user -g Qut quota ca group-m Remount li he
- Sau khi chnh sa tp tin /etc/fstab chng ta cn to tp tin cu hnh chongi dng, nhm.Tp tin cho user c tn l aquota.user cn group l aquota.group.
- Khi ng quota bng lnh quotaon -a
[root@tuan data]# quotaon a
- Phn b quota cho user : edquota u cno6
- Mt s ty chnh ca lnh edquota
Ty chn Chc nng
-u Thit lp quota cho ngi dng.
-g Thit lp quota cho nhm ngi dng.
-p Sao chp quota ca user ch nh.-t Sa gii hn thi gian ca h thng tp tin.
[root@server ~]# edquota -u nat
Disk quotas for user cn06 (uid 500):
Filesystem blocks soft hardinodes soft hard
/dev/sda5 740 0 075 0 0
- Trong :
o blocks : S block user ang s dng ti thi im hin ti (1 block=1
kb)
o inodes : S file user ang s dng ti thi im hin ti.
- Chng ta c th chnh gii hn mm (soft) v gii hn cng (hard) cho
user.Chng ta c th chnh thng s ny theo block hay inode :
SVTH: V Cng Dun Nguyn Anh Tun Trang 36
7/27/2019 Xy Dng H Thng Linux
37/178
GVHD: Ths.L Quc Tun
o soft : Ngi dng s c cnh bo l ti gii hn mm khi s
dng ht s block hay inode nhng n vn tip tc c s dng thmcho ti khi ti gii hn cng.
o hard : Gii hn s block hay inode m ngi dng c th s dng.
- Nh gii hn dung lng mm l 9Mb v gii hn cng l 10Mb ta c ththit lp nh sau :
isk quotas for user cn06 (uid 500):
Filesystem blocks soft hardinodes soft hard
/dev/sda5 740 9000 10000
75 0 0
SVTH: V Cng Dun Nguyn Anh Tun Trang 37
7/27/2019 Xy Dng H Thng Linux
38/178
GVHD: Ths.L Quc Tun
Chng 3: Dynamic Host Configuration Protocol
(DHCP)
Trong chng ny, chng em s trnh by nhng kin thc c bn v DHCP, cng
nh cch trin khai DHCP trn my ch Linux, khi , cc host (Windows hoc
Linux) u c th gi yu cu n my ch DHCP xin cc thng s mng.
3.1 DHCP l g?
DHCP l mt trong nhng giao thc c bn v cng l quan trng nht khi qun tr
mng. DHCP chy trn my tnh server, lm c th s qun l t ng ho v tptrung ho ca cc a ch IP v s thit lp cu hnh TCP/IP cho cc mng host.
Vic s dng DHCP cp a ch IP t ng cho host trong mng thay v phi cu
hnh a ch IP cho tng my ring l bng a ch IP gip gim thiu rt nhiu thi
gian cu hnh Host cho ngi qun tr mng.
DHCP da vo giao thc BOOTP, trong DHCP s dng UDP port 67, BOOTP
server s dng UDP port 68.
DHCP h tr ba k thut cp a ch IP:
- T ng gn a ch IP vnh vin cho host.
- T ng gn a ch IP cho host nhng trong khong thi gian nht nh
(lease).
- Gn a ch th cng (cho php ngi qun tr gn a ch cho host bng tay).
3.1.1 u im ca DHCP
- Khc phc c tnh trng ng a ch IP v gim chi ph qun tr cho h
thng mng.
- Gip cho cc nh cung cp dch v (ISP) tit kim c s lng a ch IP
tht (public IP).
- Ph hp vi cc my tnh thng xuyn di chuyn qua li gia cc mng.
- Kt hp vi h thng mng khng dy (Wireless) cung cp cc im Hostpot
nh: nh ga, sn bay, trng hc,
SVTH: V Cng Dun Nguyn Anh Tun Trang 38
7/27/2019 Xy Dng H Thng Linux
39/178
GVHD: Ths.L Quc Tun
SVTH: V Cng Dun Nguyn Anh Tun Trang 39
7/27/2019 Xy Dng H Thng Linux
40/178
GVHD: Ths.L Quc Tun
3.1.2 nh dng mt gi tin DHCP
Hnh 4: nh dng gi tin DHCP
Trong :
Code ch r mt request hay reply
1: Request
2: ReplyHWtype a ch phn cng:
1: Ethernet
6: IEEE 802
Length Chiu di a ch phn cng (byte)
Hops Khi gi t client, n c gi tr l 0, c tng dn qua mi
Router (s dng DHCP Rely Agent).
Transaction ID Mt s ngu nhin dng so snh request vi hi p
SVTH: V Cng Dun Nguyn Anh Tun Trang 40
7/27/2019 Xy Dng H Thng Linux
41/178
GVHD: Ths.L Quc Tun
Seconds Thit lp bi client - thi gian cn li k t khi client bt
u qu trnh gi gi tin.
Client IP address Thit lp bi client, l a ch IP m n bit hoc 0.0.0.0
Your IP address Thit lp bi server nu client ip address l 0.0.0.0
Client hardware Thit lp bi client xc nhn a ch MAC ca n.
Cc loi gi tin DHCP
DHCPDISCOVER: client gi Broadcast tm DHCP server c trn mng.
DHCPOFFER: hi p gi DHCPDISCOVER ca server cho client ngh a
ch IP v cc thng s khc.DHCPREQUEST: gi tin t client v mt trong nhng l do sau:
- Yu cu cc thng s t DHCPOFFER ca mt server v t chi cc server
khc (nu c).
- Xc nhn a ch IP c cp sau khi h thng hoc mng thay i
- Yu cu m rng cho a ch IP xc nh
DHCPACK: mt thng bo t server cho client cng cc thng s (bao gm a ch
IP).
DHCPNACK: thng bo t chi ca server cho client (khi ht hn hoc a ch IP
c yu cu khng hp l).
DHCPDECLINE: gi tin c gi t client thng bo a ch m server ngh
c s dng.
DHCPINFORM: gi tin c gi t client cho bit c a ch IP v yu cu
thm nhng thng s khc t DHCP server.
SVTH: V Cng Dun Nguyn Anh Tun Trang 41
7/27/2019 Xy Dng H Thng Linux
42/178
GVHD: Ths.L Quc Tun
C ch cp ach IP ca DHCP:
Hnh 5: Cc bc cp a ch IP
Giao thc DHCP lm vic theo m hnh client/server. Theo , qu trnh tng tc
gia DHCP client v server din ra theo 4 bc sau y :
a. IP lease request
b. IP lease offer
c. IP lease selection
d. IP lease acknowledgementC th tm tt cc bc trn nh sau :
IP Lease Request
u tin, client s broadcast mt message tn l DHCPDISCOVER, v client lc
ny cha c a ch IP cho nn n s dng mt a ch source(ngun) l 0.0.0.0 v
cng v client khng bit a ch ca DHCP server nn n s gi n mt a ch
broadcast l 255.255.255.255. Lc ny gi tin DHCPDISCOVER ny s broadcast
SVTH: V Cng Dun Nguyn Anh Tun Trang 42
7/27/2019 Xy Dng H Thng Linux
43/178
GVHD: Ths.L Quc Tun
ln ton mng. Gi tin ny cng cha mt a ch MAC v tn ca my client
DHCP server c th bit c client no gi yu cu n.
IP Lease Offer
Nu c mt DHCP hp l (ngha l n c th cp a ch IP cho mt client) nhn
c gi tin DHCPDISCOVER ca client th n s tr li li bng mt gi tin
DHCPOFFER, gi tin ny i km theo nhng thng tin sau:
+ MAC address ca client.
+ Mt IP address cp cho (offer IP address).
+ Mt subnet mask.
+ Thi gian thu (mc nh l 8 ngy) .
+ a ch IP ca DHCP cp IP cho client ny.
Lc ny DHCP server s c gi li mt IP offer (cp) cho client n khng
cp cho DHCP client no khc.
DHCP client ch mt vi giy cho mt offer, nu n khng nhn mt offer n s
rebroadcast (broadcast gi DHCPDISCOVER) trong khong thi gian l 2-, 4-, 8-
v 16- giy, bao gm mt khong thi gian ngu nhin t 0 - 1000 mili giy.
Nu DHCP client khng nhn mt offer sau 4 ln yu cu, n s dng mt a chIP trong khong 169.254.0.1 n 169.254.255.254 (i vi cc client s dng cc
h iu hnh Windows) vi subnet mask l 255.255.0.0. N s s dng trong mt
s trong khong IP v vic s gip cc DHCP client trong mt mng khng
c DHCP server thy nhau. DHCP client tip tc c gng tm kim mt DHCP
server sau mi 5 pht.
SVTH: V Cng Dun Nguyn Anh Tun Trang 43
7/27/2019 Xy Dng H Thng Linux
44/178
GVHD: Ths.L Quc Tun
IP Lease Selection
DHCP client nhn c gi tin DHCPOFFER th n s phn hi broadcast limt gi DHCPREQUEST chp nhn ci offer . DHCPREQUEST bao gm
thng tin v DHCP server cp a ch cho n. Sau , tc c DHCP server khc s
rt li cc offer (trng hp ny l trong mng c nhiu hn 1 DHCP server) v s
gi li IP address cho cc yu cu xin IP address khc.
IP Lease Acknowledgement
DHCP server nhn c DHCPREQUEST s gi tr li DHCP client mt
DHCPACK cho bit l chp nhn cho DHCP client thu IP address .
Gi tin ny bao gm a ch IP v cc thng tin cu hnh khc (DNS server, WINS
server... ). Khi DHCP client nhn c DHCPACK l lc kt thc qu trnh .
3.2 Ci t DHCP
Quy c:Vic ci t cc ng dng hay cc cng c c th thc hin theo nhiu cch: thng qua
cc gi ci t, qua internet, qua cc trnh qun l phn mm tch hp sn trong mi h
iu hnh.
Tuy nhin, trong ti liu nghin cu ny, chng em thng nht ch ci t thng qua cc
gi phn mm i km theo a DVD h iu hnh. Tc l ci t qua command-line.
cu hnh DHCP server, ta cn ci t gi DHCP1
v m bo c kt ni vt lgia DHCP server v client. Nhng cng vic ti thiu m bo dch v DHCP
c cu hnh thnh cng:
- Firewall c cu hnh cho php cc gi tin DHCP.
- Cu hnh file /etc/dhcpd.conf.
- Dch v dhcpd c chy trn DHCP server.
1 Cc gi dch v nh DHCP, DNS trn Linux c qun l v pht trin bi t chc Internet Systems
Consortium. Thng tin thm ti http://www.isc.org/
SVTH: V Cng Dun Nguyn Anh Tun Trang 44
http://www.isc.org/http://www.isc.org/7/27/2019 Xy Dng H Thng Linux
45/178
GVHD: Ths.L Quc Tun
Trc ht, ta mount a DVD Fedora vo:
[root@server2 ~]#mount /dev/cdrom /mnt/
mount: block device /dev/sr0 is write-protected, mounting read-only
Ci t gi DHCP c sn trn a c mount:
[root@server2 ~]# rpm -ivh /mnt/Packages/dhcp-4.1.1-15.fc13.i686.rpm
Preparing...########################################### [100%]
1:dhcp########################################### [100%]
Lu :Ngoi gi dhcp ra, trn my ch cn cn thm gi dhclient (dhclient cung cp dch v cho
client truy vn DHCP server), nu khng s bo li khi khi ng dch v DHCP.
3.3 Cu hnh DHCP server
Cc file lin quan n dch v DHCP:
- File quan trng nht, tt nhin l file cu hnh DHCP: /etc/dhcpd.conf. Khi
ci t DHCP, ta c th tham kho file cu hnh mu ti
/usr/share/doc/dhcp-*/dhcpd.conf.sample.
- /etc/sysconfig/dhcpd : cho php truyn chnh xc cc ty chn command-line
ti dhcp daemon. V d, s dng ty chn hn ch interface no c
lng nghe cc DHCP request.- /var/lib/dhcpd/dhcpd.lease: lu tr tt c cc client ang thu a ch IP t
server.
Di y l file cu hnh mu:
ddns-update-style interim;
ignore client-updates;
subnet 172.16.1.0 netmask 255.255.255.0
{
SVTH: V Cng Dun Nguyn Anh Tun Trang 45
7/27/2019 Xy Dng H Thng Linux
46/178
GVHD: Ths.L Quc Tun
option routers 172.166.1.0;
option domain-name-servers 172.16.1.2;
option subnet-mask 255.255.255.0;
option domain-name "cn06.com";
range 172.16.1.10 172.16.1.100;
default-lease-time 21600;
max-lease-time 43200;
# Set name server to appear at a fixed address
host uclient {
#next-server ns1.cn06.com;
hardware ethernet 00:D0:B3:79:B5:35;
fixed-address 172.16.1.254;
}
}
3.3.1 Cc khai boGroup:
Mt vi host c chung mt vi tham s ring c th c hp thnh mt nhm ring
c chung cc khai bo Global v nhng tham s ring c khai bo trong Group.
Host:
c s dng p dng mt danh sch cc tham s cho mt host xc nh. Nhng
host ny vn ly nhng tham s global v nhng tham s ring trong phn khai bo
dnh cho host.
Subnet:
c s dng p dng cc tham s cho mt h thng khi h thng ny truy vn
DNS server yu cu cung cp a ch IP v cc thng tin khc.
Cc tham s:
Dns-update-style interim: kiu Dynamic DNS (DDNS) c s dng ni
chuyn vi DNS server. Mc nh l interim.
Option routers: a ch ca Default Gateway
SVTH: V Cng Dun Nguyn Anh Tun Trang 46
7/27/2019 Xy Dng H Thng Linux
47/178
GVHD: Ths.L Quc Tun
Option subnet-mask: ch cho client bit s dng subnet mask no.
Option domain-name-servers: danh sch DNS server c s dng trong mng
client c th truy vn ti.
Option domain-name: ni cho client bit n s tham gia vo domain no.
Range: dy a ch IP m client c th nhn c.
Default-lease-time: thi gian mc nh client c php thu a ch IP m client
khng cn phi request xin li IP.
Max-lease-time: thi gian ti a client c DHCP server cho thu a ch IP.
Server-name: cho client bit server no ang boot.
Fixed-address: thng c s dng vi khai bo Host, gn a ch IP c nhcho mt client vi mt Hardware c khai bo trc.
Hardware: thng c s dng vi khai bo Host ch r a ch MAC ca
client.
Cng vic cui cng l kim tra cu hnh v bt dch v DHCP chy cng h thng:
[root@server2 ~]# service dhcpd configtest
Syntax: OK
[admin@server2 ~]$ chkconfig dhcpd on
[root@server2 ~]# chkconfig --list dhcpd
dhcpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@server2 ~]# service dhcpd start
Trong :
Service dhcpd configtest: cu lnh ny gip kim tra vic cu hnh file dhcpd.conf ng hay cha.
Chkconfig dhcpd on:bt DHCP chy khi h thng ang boot.
Service dhcpd start | stop | restart: khi ng | tt | khi ng li dch v.
Vic DHCP server chy trn nn tng h iu hnh no khng quan trng, v th khi
kim tra trn mt my client Windows, nhng tham s c cu hnh trn DHCP
server hon ton c client chp nhn.
SVTH: V Cng Dun Nguyn Anh Tun Trang 47
7/27/2019 Xy Dng H Thng Linux
48/178
GVHD: Ths.L Quc Tun
Hnh 6. a ch IP trn client
3.4 Kt lun
DHCP cung cp gii php qun l v phn phi a ch IP cho cc client tp trung
gip cc client chy nhanh hn v dnh t thi gian nht cho vic khai bo cc tham
s cn thit cho client.
DHCP cung cp cho mt dy cc client rt nhiu thng tin nh a ch IP, domainname, DNS server, SMTP server, POP server, NTP server, hoc cung cp cho
tng client ring bit m khng cn cu hnh bng tay trn client .
SVTH: V Cng Dun Nguyn Anh Tun Trang 48
7/27/2019 Xy Dng H Thng Linux
49/178
GVHD: Ths.L Quc Tun
Chng 4: Domain Name System (DNS)
Trong chng ny, chng em s trnh by nhng kin thc c bn v DNS, cc
thng s nh m hnh phn cp, cc zone, cc ty chn khi trin khai DNS trn
my ch Linux.
4.1 DNS l g?
Ban u do quy m mng Arpanet cn nh, ch vi trm my, nn vic qun l tn
my kh n gin, v ch da vo tp tin n hosts.txt 2lu thng tin v nh x tn
my thnh a ch IP.
Tuy nhin vi s pht trin chng mt ca Internet, vic s dng a ch IP bng n,
s dng file hosts.txt ngy cng khng p ng c nhu cu v tn ti cc nhc
im sau:
- Lu lng mng v my ch duy tr file hosts.txt b qu ti do hiu ng C
chai
- Xung t tn: Khng th c 2 my tnh c cng tn trong file host.txt
- Khng m bo s ton vn : vic duy tr 1 file trn mng ln rt kh khn.T , mt khi nim mi c ra i nhm khc phc cc nhc im ca
hosts.txt ng thi p ng nhu cu pht trin ngy cng mnh m ca mng
Internet, l: Domain Name System (DNS).
Tuy nhin, trong cc mng nh khi vic qun l tn my khng qu phc tp v tn thi
gian, cng sc vn c th s dng tp tin hosts.txt ny.
Trn Windows, file ny nm ti: WINDOWS\system32\drivers\etc, cn Linux ti/etc/hosts
M hnh phn cp ca DNS
M hnh cy phn cp ca DNS kh ging vi rt nhiu k thut, h thng c s
dng trong mi trng mng (v d: h thng qun l file ca Linux,). Vic chia
h thng ra lm nhiu cp bc gip vic qun l tr nn d dng hn khi mi cp
bc c gii hn v chu trch nhim trc tip trong gii hn ca mnh.
2 Tp tin hosts.txt c duy tr bi Network Information Center (NIC) v phn phi qua FTP
SVTH: V Cng Dun Nguyn Anh Tun Trang 49
7/27/2019 Xy Dng H Thng Linux
50/178
GVHD: Ths.L Quc Tun
Hnh 7. M hnh phn cp DNS
V tr cao nht trong cy phn cp DNS l Root, Root Server3chu trch nhim
chnh trong vic ch r DNS server no chu trch nhim cho Top-level domain. T
root phn nhnh ra thnh nhiu top-level domain, ri t mi min ny li phn chia
ra nhiu nhnh gi l min con (subdomain). Tn domain ch ra v tr ca n trong
CSDL DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc
ln nt gc ca cy v phn cch nhau bi du chm.
Vic phn cp domain c th theo tn t chc hoc theo tn quc gia:
Tn min M t.aero Hng khng.com Cc t chc, cng ty.org Cc t chc phi li nhun.net Cc trung tm h tr mng.edu Cc t chc gio dc.gov Thuc chnh ph.mil Cc t chc qun s.vn Tn min thuc Vit Nam.jp Tn min thuc Nht bn.us Tn min thuc M
3Root server qun l cc nameserver mc top-level domain. Hin nay c 13 root server chu trch nhimtr li cc request trn ton th gii
SVTH: V Cng Dun Nguyn Anh Tun Trang 50
7/27/2019 Xy Dng H Thng Linux
51/178
GVHD: Ths.L Quc Tun
C ch phn gii tn
V d di y m t qu trnh phn gii tn grigiri.gbrmpa.gov.au sang a ch IP
thng qua cc DNS server trn Internet.
Hnh 8. C ch phn gii tn
Client s gi yu cu cn phn gii a ch IP ca my tnh c tn
girigiri.gbrmpa.gov.au n name server cc b. Khi nhn yu cu t resolver,Nameserver cc b s phn tch tn ny v xt xem tn min ny c do mnh qun
l hay khng. Nu nh tn min do server cc b qun l, n s tr li a ch IP
ca tn my ngay cho resolver. Ngc li, server cc b s truy vn n mt
Root Name Server gn nht m n bit c. Root Name Server s tr li a ch IP
ca Name Server qun l min au. My ch name server cc b li hi tip name
server qun l min au v c tham chiu n my ch qun l min gov.au. My
ch qun l gov.au ch dn my name server cc b tham chiu n my ch qun
l min gbrmpa.gov.au. Cui cng my name server cc b truy vn my ch qun
SVTH: V Cng Dun Nguyn Anh Tun Trang 51
7/27/2019 Xy Dng H Thng Linux
52/178
GVHD: Ths.L Quc Tun
l min gbrmpa.gov.au v nhn c cu tr li. Cc loi truy vn : truy vn c th
2 dng :
Truy vn quy (recursive query) : Khi nameserver nhn c truy
vn dng ny, n bt buc phi tr v kt qu tm c hoc thng bo li nu
nh truy vn ny khng phn gii c. Nameserver khng th tham chiu truy
vn n mt name server khc. Nameserver c th gi truy vn dng quy
hoc tng tc n nameserver khc nhng n phi thc hin cho n khi no c
kt qu mi thi.
Truy vn tng tc (interactive query): khi nameserver nhn c
truy vn dng ny, n tr li cho resolver vi thng tin tt nht m n c cvo thi im lc . Bn thn nameserver khng thc hin bt c mt truy vn
no thm. Thng tin tt nht tr v c th ly t d liu cc b (k c cache).
Trong trng hp nameserver khng tm thy trong d liu cc b n s tr v
tn min v a ch IP ca nameserver gn nht m n bit.
Phn gii IP thnh tn my:
nh x a ch IP thnh tn my tnh c dng din dch cc tp tin log
cho d c hn. N cn dng trong mt s trng hp chng thc trn h thng
UNIX (kim tra cc tp tin .rhost hay host.equiv). Trong khng gian tn min ni
trn d liu -bao gm c a ch IP- c lp ch mc theo tn min. Do vi
mt tn min cho vic tm ra a ch IP kh d dng.
c th phn gii tn my tnh ca mt a ch IP, trong khng gian tn
min ngi ta b sung thm mt nhnh tn min m c lp ch mc theo a ch
IP. Phn khng gian ny c tn min l in-addr.arpa.Mi nt trong min in-addr.arpa c mt tn nhn l ch s thp phn ca a
ch IP. V d min in-addr.arpa c th c 256 subdomain, tng ng vi 256 gi tr
t 0 n 255 ca byte u tin trong a ch IP. Trong mi subdomain li c 256
subdomain con na ng vi byte th hai. C nh th v n byte th t c cc bn
ghi cho bit tn min y ca cc my tnh hoc cc mng c a ch IP tng
ng.
SVTH: V Cng Dun Nguyn Anh Tun Trang 52
7/27/2019 Xy Dng H Thng Linux
53/178
GVHD: Ths.L Quc Tun
Lu khi c tn min a ch IP s xut hin theo th t ngc. V d nu
a ch IP ca my winnie.corp.hp.com l 15.16.192.152, khi nh x vo min in-
addr.arpa s l 152.192.16.15.in-addr.arpa.
Fully qualified domain names (FQDN)
Mi nt trn cy phn cp c mt tn gi, ring vi root c biu din bi
du chm (.). Khi , mt tn min y tn gi c vit ngc t di ln gc,
mi tn phn bit vi nhau bi du chm. Tn min c du chm xut hin sau cng
c gi l tn min tuyt i, hay tn min y c chng nhn (FQDN).
V d:
Tn min: mail.server1.cn06.com. l mt tn min FQDN
Lu :Thng thng ta khng cn g du chm ng sau mi tn min, nh vy l cha y ,
tuy nhin DNS resolver c th t ng thm du chm vo trc v sau tn min m ta
g (v d: server1.cn06.com s tr thnh.server1.cn06.com.).
Phn loi Domain Name Server:C ba loi Domain Name Server phc v phn gii tn min:
Primary Name Server:
Hay cn gi Master Server chu trch nhim chnh lu gi ton b thng
tin v cc zone. Mi min phi c mt Primary Name Server. Ngi qun tr DNS
s t chc nhng tp tin CSDL trn Primary Name Server. Server ny c nhim v
phn gii tt c cc my trong min hay zone.Secondary Name Server:
Hay cn gi l Slave Name Server - c s dng sao lu cho Primary
Name Server. C th c mt hay nhiu Secondary Name Server. Theo mt chu k,
Secondary s copy nhng file CSDL t Primay Name Server.
Caching Name Server:
SVTH: V Cng Dun Nguyn Anh Tun Trang 53
7/27/2019 Xy Dng H Thng Linux
54/178
GVHD: Ths.L Quc Tun
Cng l mt DNS server nhng khng c bt k file CSDL no. N c s
dng phn gii tn my trn nhng mng xa thng qua nhng Name Server
khc:
- Lm tng tc phn gii bng cch s dng Cache.
- Gim bt gnh nng phn gii tn my cho Name Server.
- Gim vic lu thng trn nhng mng ln.
4.2 Ci t DNS
Cc gi cn thit:
bind-9.7.0-9.P1.fc13.i686.rpm
bind-chroot-9.7.0-9.P1.fc13.i686.rpm
bind-libs-9.7.0-9.P1.fc13.i686.rpm
bind-utils-9.7.0-9.P1.fc13.i686.rpm
Cc file cu hnh:
Tp tin cu hnh chnh: named.conf
Tp tin phn gii thun: cn06.com.db, localhost.dbTp tin phn gii nghch: cn06.com.rev, 127.0.0.rev
Th mc lm vic:
/etc/: cha tp tin cu hnh chnh named.conf.
/var/named/: cha cc tp tin cu hnh phn gii thun v nghch.
Ch :Gi bind-chroot-9.7.0-9.P1.fc13.i686.rpm cho php ngi qun tr mng lm vic
vi cc tp tin cu hnh DNS an ton hn, bng cch ch to ra mt th mc m
ch c cc user c quyn ca root mi c php truy cp; v tt c cc tp tin
lin quan n DNS phi c lu vo th mc ny. l/var/named/chroot/etc/
cha tp tin named.conf; /var/named/chroot/var/named/- cha ton b tp tin
cu hnh.
4.3 Cu hnh DNS server
Vic ci t mt DNS server da trn nguyn tc cu hnh cc tp tin trn.
l nhng tp tin quan trng nht lin quan n cng vic ca mt DNS server.
SVTH: V Cng Dun Nguyn Anh Tun Trang 54
7/27/2019 Xy Dng H Thng Linux
55/178
GVHD: Ths.L Quc Tun
u tin ta s nh ngha Primary zone trong named.conf:
options {listen-on port 53 { any; };listen-on-v6 port 53 { any; };directory "/var/named";
dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";notify yes;};
zone "." in {type hint;file "root.hints";
};zone "cn06.com" {
type master;file "cn06.com.db";
};# Zone in-addr.arpa domain, cho cn06.com domain.zone "1.16.172.in-addr.arpa" {
type master;file "cn06.com.rev";
};
V d trn cho ta bit Name Server phc v cho domain cn06.com, cc tp tin c
s d liu root.hints, cn06.com.db, cn06.com.rev c lu tr trong /var/named/
- Zone . Khi cn s truy vn n tp tin root.hints 4 y l tp tin cha ccroot server chu trch nhim qun l ton b request trn ton th gii.
- Zone cn06.com: y l domain chnh m DNS server ca chng ta s qun
l. Khi cn n s truy vn n tp tin cn06.com.db cha cc tn phn gii
thun cho domain.
- Zone 1.16.172.in-addr.arpa: truy vn n cn06.com.rev cha tn phn gii
nghch ca domain.
- Cc ty chn trn cng cho php my ch chp nhn mi request t client
gi n port 53.
Lu :Type cho cc zone l master do y l Master server, ch tr khi ta cu hnh trn
secondary server th th type s l slave.
Cc Record: Mi record c nhng trng sau y:
4Tp tin root.hints c th tm ti: http://www.internic.net/zones/named.root
SVTH: V Cng Dun Nguyn Anh Tun Trang 55
http://www.internic.net/zones/named.roothttp://www.internic.net/zones/named.root7/27/2019 Xy Dng H Thng Linux
56/178
GVHD: Ths.L Quc Tun
Name - domain name hoc a ch IP.
TTL - Time to live.
Class - lun lun l IN cho Internet.
Type kiu Record.
Data mi kiu record c nhng kiu d liu khc nhau.
Cu hnh tp tin phn gii thun cn06.com.db:
$TTL 1W
@ IN SOA dns.cn06.com. root (
2009123100 ; serial
3H ; refresh (3 hours)
30M ; retry (30 minutes)
2W ; expiry (2 weeks)
1W) ; minimum (1 week)
IN NS server2.cn06.com.
IN MX 10 server3.cn06.com.
dns IN A 172.16.1.2 ; primary name
server
server1 IN A 172.16.1.1
server2 IN A 172.16.1.2
server3 IN A 172.16.1.3
server4 IN A 172.16.1.4
proxy IN CNAME server1
smtp IN CNAME server3 ;mail server
www IN CNAME server3 ;web server
ftp IN CNAME server3 ;ftp server
Tp tin phn gii nghch cn06.com.rev:$TTL 1W
@ IN SOA dns.cn06.com. root (
2009123100 ; serial
3H ; refresh (3 hours)
30M ; retry (30 minutes)
2W ; expiry (2 weeks)
1W) ; minimum (1 week)
IN NS dns.cn06.com.
1 IN PTR server1.cn06.com.
SVTH: V Cng Dun Nguyn Anh Tun Trang 56
7/27/2019 Xy Dng H Thng Linux
57/178
GVHD: Ths.L Quc Tun
2 IN PTR server2.cn06.com.
3 IN PTR smtp.cn06.com.
4 IN PTR 2k3.cn06.com.
ngha cc Resource Record DNS:
IN: cho name server bit y chnh l record Internet.
@: chnh l domain c khai bo trong named.conf. Nh v d trn,
domain l cn06.com., do vy mi hostname c khai bo sau ny khng cn ghi
y tn theo dng FQDN.
dns.cn06.com. l FQDN ca name server cho domain.
Root: a ch e-mail cho ngi qun tr domain. Ta c th thay bng tn khcv d nh admin.cn06.com. - a ch e-mail nh vy thiu du @, nhng thc ra n
c thay bi du chm. v a ch tht s l [email protected].
SOA (Start of Authority): Trong mi zone ch c duy nht mt record
SOA. SOA ch ra rng my ch Name Server l ni cung cp thng tin tin cy t d
liu c trong Zone.
Cc thng s c khai bo sau ch c tc dng khi trong domain c
secondary server:
Serial number: Khi mt Slave Nameserver kt ni vi Master Server ly
d liu, trc tin n s kim tra s Serial, nu s Serial ca master ln hn tc l
d liu ht hn s dng v n s load li d liu mi. v vy khi ta cp nht d
liu trn name server ta tng s serial. Thng thng nh dng theo thi gian
YYYYMMDDNN V d: 2010042401
Refresh number: khong thi gian m Slave bit phi kim tra li d liu ccn s dng c khng.
V d: 28800; Refresh sau 8 gi
Retry number: Nu Slave khng th kt ni vi Master Nameserver sau
mt khong thi gian Refresh th n s c gng kt ni li sau retry giy. Gi tr ny
nh hn gi tr Refresh.
V d: 14400; Retry sau 4 gi
Expiry number: nu Slave khng th kt ni vi Master server sau khong
thi gian Expire (giy) ny, th slave s khng tr li cho vng d liu khi c
SVTH: V Cng Dun Nguyn Anh Tun Trang 57
7/27/2019 Xy Dng H Thng Linux
58/178
GVHD: Ths.L Quc Tun
truy vn, v n cho rng d liu ny qu c. Gi tr ny phi ln hn gi tr
Refresh v Retry.
V d: 3600000; 1000 gi~ 42 ngy
Time-to-live number: thi gian d liu c lu trn Caching Server - gi
tr ny c dng cho tt c cc Resource Record trong c s d liu. Gi tr ny
cho nhng server khc Cache li d liu trong 1 khong thi gian nht nh TTL.
V d : 86400; TTL l 1 ngy
NS (Name Server): Record tip theo cn c trong Zone l NS Record. Mi
Name Server cho zone s c 1 NS record. Record ny xc nh tn cc server chu
trch nhim qun l cc record trong domain.A: nh x tn sang a ch IPv4.
AAAA: nh x tn sang a ch IPv6.
CNAME (Canonical Name): Record ny to tn b danh Alias tr vo mt
tn Canonical. Tn Canonical l tn host trong Record A hoc li tr vo 1 tn
Canonical khc.
MX (Mail Exchanger): DNS dng record MX thng bo cho cc site
khc mail server ca mnh.
PTR(Pointer): dng nh x a ch sang tn.
Nh vy chng ta hon thnh vic tm hiu cng nh ci t cc tp tin cu hnh
cho DNS.
Cng vic cui cng l kim tra v khi ng dch v.
4.4 Khi ng dch v
[root@server2 ~]# chkconfig named on
[root@server2 ~]# service named start
Starting named: [ OK ]
4.5 Cc cng c kim tra DNS
Host: truy vn tn cng nh a ch IP ca host, c th c nhiu ty chn m
rng kh nng ca lnh host, tuy nhin dng c bn nht:
[root@server2 ~]# host smtp.cn06.com
smtp.cn06.com is an alias for server3.cn06.com.
SVTH: V Cng Dun Nguyn Anh Tun Trang 58
7/27/2019 Xy Dng H Thng Linux
59/178
GVHD: Ths.L Quc Tun
server3.cn06.com has address 172.16.1.3
[root@server2 ~]# host 172.16.1.3
3.1.16.172.in-addr.arpa domain name pointer smtp.cn06.com.
Dig: dng thu thp thng tin v cc DNS server c trong domain
dig @server [tn domain] kiu truy vn (tn record: A, SOA,)
V d:
[root@server2 ~]# dig @server2 cn06.com A
; DiG 9.7.0-P1-RedHat-9.7.0-9.P1.fc13 @server2 cn06.comA; (1 server found)
;; global options: +cmd;; Got answer:;; ->>HEADER> 172.16.1.1Server: 127.0.0.1
Address: 127.0.0.1#53
1.1.16.172.in-addr.arpa name = server1.cn06.com.
Vic ci t DNS server trn h iu hnh no hon ton khng nh hng n vic
truy vn thng tin host.
SVTH: V Cng Dun Nguyn Anh Tun Trang 59
7/27/2019 Xy Dng H Thng Linux
60/178
GVHD: Ths.L Quc Tun
Hnh 9. Truy vn DNS trn Windows XP
4.6 Kt lun
Trong chng ny, chng em trnh by hiu bit c bn v dch v DNS cng
nh ci t, cu hnh DNS server trn h thng Linux thng qua gi BIND, cc
cng c hu hiu trong vic thu thp thng tin v hostname, a ch IP,
Mt iu cn phi nhc ti l BIND c pht trin v cp nht ti ww.isc.org.V l do bo mt, nn ci t cc gi BIND phin bn 9 tr ln.
SVTH: V Cng Dun Nguyn Anh Tun Trang 60
http://c/Users/DuanVu/AppData/Roaming/Microsoft/Word/ww.isc.orghttp://c/Users/DuanVu/AppData/Roaming/Microsoft/Word/ww.isc.org7/27/2019 Xy Dng H Thng Linux
61/178
GVHD: Ths.L Quc Tun
Chng 5: Bo mt Linux
Khi thit lp qun tr h thng, ngoi mc ch trin khai cc dch v, vn hnh h
thng mt cch trn tru v ti u ha h thng, cn mt vn rt quan trng cn
lu tm ti; l bo mt h thng. Nhim v quan trng trong vic trin khai bo
mt l:
- Bo v tnh ton vn (integrity) ca d liu, bo m s nht qun ca d liu
trong h thng. Cc bin php a ra ngn chn c vic thay i bt hp php
hoc ph hoi d liu.
- Bo v tnh b mt, gi cho thng tin khng b l ra ngoi.- Bo v tnh kh dng, tc l h thng lun sn sng thc hn yu cu truy nhp
thng tin ca ngi ding hp php.
- Bo v tnh ring t: m bo cho ngi s dng khai thc ti ngun ca h thng
theo ng chc nng, nhim v c phn cp, ngn chn c s truy nhp
thng tin bt hp php.
- Hn ch n mc ti a nhng cuc xm hi t c bn trong ln bn ngoi ti
h thng. Nht l trong mi trng hin nay, khi nhu cu truy cp Internet l khng
th thiu trong bt c c quan, t chc no.
C th c nhiu bin php c th trin khai trn mt h thng, nhng khng c bin
php no l hon ho c. Mi bin php u c nhng u/nhc im ring. Do ,
vic dng mt hay nhiu bin php ty thuc vo yu cu c th.
Linux liu c bo mt?
Cu tr li l khng5. Sau y l mt vi l do:
- Ging nh UNIX, Linux c ti u ha sao cho vic s dng thun tin nht v
th thit lp bo mt trong Linux khng d dng. Trit l ca Linux nhn mnh vo
vic d dng qun l v s dng d liu trong mi trng a ngi dng.
- Nu c trin khai cn thn, Linux s l h thng bo mt hiu qu. Khi truy cp
h thng, hoc bn l ngi dng c quyn hn rt hn ch, hoc bn l root. Ngoi
ra, vic thc thi SETUID, SELinux cng lm vic iu khin truy cp h thng an
5 Tr.709 - Linux Administration Handbook
SVTH: V Cng Dun Nguyn Anh Tun Trang 61
7/27/2019 Xy Dng H Thng Linux
62/178
GVHD: Ths.L Quc Tun
ton hn. Nhng trong hu ht trng hp nhng sai st nh trong bo mt vn c
th lm tn hi ton b h thng.
- Cc bn phn phi Linux hu ht c pht trin bi cng ng nhng lp trnh
vin ln - vi s chnh lch v kin thc cng nh kinh nghim rt ln. iu ny
lm nhng tnh nng c ng dng cho Linux c th tn ti nhng l hng bo
mt.
V cn mt iu cn lu tm na l: h thng cng bo mt bao nhiu, s thun tin
cho ngi dng cng gim by nhiu. iu ny c th biu din nh cng thc sau :
Trn Linux hin nay c rt nhiu chng trnh Firewall, tuy nhin Iptables c la
chn nhiu hn c. Di y l bng iu tra trn trang http://distrowatch.com
Tham kho thm ti:
http://distrowatch.com/dwres.php?resource=firewalls
Gii thiu h thng Firewall dng Iptables
Iptables l mt phn mm ngun m c s dng ph bin khi trin khai
Firewall trn h thng Linux. Iptables ch xut hin trn cc bn phn phi Linux t
SVTH: V Cng Dun Nguyn Anh Tun Trang 62
http://distrowatch.com/http://distrowatch.com/dwres.php?resource=firewallshttp://distrowatch.com/http://distrowatch.com/dwres.php?resource=firewalls7/27/2019 Xy Dng H Thng Linux
63/178
GVHD: Ths.L Quc Tun
phin bn nhn 2.4.x tr v sau. Thng thng, khi ci t cc bn phn phi Linux
nh Red Hat, Fedora (d n ngun m ca Red Hat), CentOS, Suse... th mc nh
Iptables c ci t sn. Tng la c xy dng trn iptables gm hai phn:
Netfiter v Iptables. Netfilter c nhim v lc gi tin mc IP. Netfilter lm vic
trc tip trong nhn nn c tc x l nhanh v khng lm gim tc h thng.
Iptables nm ngoi nhn chu trch nhim giao tip gia ngi dng v Netfilter,
dng y cc lut ca ngi dng cho Netfilter x l. Netfilter cng cc module
Firewall hot ng ti tng Kernel, st vi tng vt l (gm CPU, b nh v cc
thit b ngoi vi) cho tc cao, cn iptables hot ng tng Applications h tr
ngi dng qun l cc lut ca Firewall.
Hnh 10: M hnh h thng Firewall.
Iptables cn c bit n l mt Statefull Firewall. Statefull Firewall l mt
Firewall c kh nng theo du cc kt ni TCP hnh thnh. Kt ni TCP bao gm
mt chui cc gi tin cha thng tin v a ch ngun, a ch ch, cng ngun,
cng ch v mt s (sequence number) tp hp gi tin li m khng mt d liu.
Bng cch theo di header ca gi tin TCP, b lc statefull c th xc nh gi tinTCP nhn c c phi l mt phn ca kt ni to hay khng v quyt nh
xem chp nhn hay hy b gi tin . Trn nn tng Firewall dng phn mm
iptables th Statefull Firewall cn phi c hai thnh phn: Kernel Space (gm
Netfilter v cc module Firewall h tr bn trong Kernel) v User Space (gm
iptables dng khai thc cc module trn).
SVTH: V Cng Dun Nguyn Anh Tun Trang 63
7/27/2019 Xy Dng H Thng Linux
64/178
GVHD: Ths.L Quc Tun
Iptables c th lc gi tin da trn a ch, cng, giao thc, thi gian, trng
thi kt ni, c im ca thng tin trn gi tin. Tuy nhin, do hot ng tng
Transport trong m hnh TCP/IP, nn iptables ch c kh nng lc v gii hn da
trn gi tin, khng th can thip su vo tng Application nh gii hn bng thng
khi truy cp web hoc chng th rc. Mt im yu na l iptables khng tch hp
VPN nh nhng phn mm tng la thng c dng trn h thng Windows.
Ngoi tnh nng lc gi tin, iptables cn cung cp vi tnh nng khc nh
NAT (Network Address Translation) v rate limit. Rate limit rt hu ch trong vic
chng DoS (Denial of Service) nh SYN flood. Ngoi ra, iptables cn c kh nng
lc gi tin da trn a ch MAC, y l mt t im m phn ln cc tng latrn h thng Windows cha c tch hp. Mt tnh nng khng th thiu khi trin
khai Firewall trn iptables l ghi nhn s kin. Cng nh nhng phn mm tng
la khc, iptables h tr ghi nhn s kin vi ty chn LOG nhm theo di hot
ng vo ra Firewall ca cc gi tin.
Cc thnh phn ca Iptables
M hnh qun l iptables da trn cc bng (table) v cc tp lut (chain).Bng trong iptables gm ba loi bng: filter, nat v mangle. Tp lut l tp hp cc
lut dng x l gi tin. Tp lut trong iptables gm hai loi l tp lut dng sn
v tp lut t nh ngha. Tp lut dng sn bao gm cc tp lut nh: INPUT,
OUTPUT, FORWARD, PREROUTING, POSTROUTING, MASQUERADE. Tp
lut t nh ngha l nhng tp lut c ngi dng to ra. Thng thng,
Firewall hot ng hiu qu, t tnh bo mt cao, ngi ta thng xy dng nhiu
tp lut khc nhau chuyn x l cho mi tnh hung ring bit, km theo mi tp
lut l cc chnh sch bo mt chi tit hn i vi vic x l gi tin. Vic lm ny
gip cho vic qun l, gim st hot ng Firewall tr nn d dng, chuyn nghip
v an ton cao hn. Bn di y trnh by chi tit v cc thnh phn v chc
nng, cch dng cc thnh phn trong iptables.
Tn
bngChc nng
Cc tp lut
dng kmChc nng tp lut
SVTH: V Cng Dun Nguyn Anh Tun Trang 64
7/27/2019 Xy Dng H Thng Linux
65/178
GVHD: Ths.L Quc Tun
Filter Lc gi tin FORWARD Lc cc gi tin i vo trn mt cng
mng v ra trn mt cng mng khc
ca Firewall.INPUT Lc gi tin vo cng mng ca