首页 php下载 php教程 电脑软件 手机软件 手机游戏 单机游戏 资讯文章 专题下载 标签合集

1.07: System Administration



Certification Objective 1.07: System Administration
认证目的 1.07: 系统管理

Most system administration tasks require root or superuser privileges.

 You should already be familiar with a number of basic Linux system administration commands and files.
 你应该已经熟悉一些基本的 Linux 系统管理指令和文件。

 Standard user files are stored in /etc/skel.
 标准的使用者文件被储存在 /etc/skel。

 Daemons are processes that run in the background and run various Linux services.
 Internet中用于邮件收发的后台程序是在后台作业运行,而且提供各种不同的 Linux 服务的程序。

 cron is a special daemon that can run scripts when you want.
 当你想要的时候, cron 是能运行脚本的一个特别的新进程。

 It's especially useful for setting up backup jobs in the middle of the night.

 Logging is a key part of monitoring Linux and any services that you choose to run.
 砍伐原木是监听 Linux 和任何的服务一个主要部份你选择运行。


Generally in Linux, a system administrator does everything possible as a normal user.
通常在 Linux ,一个系统系统管理师做当做一个正常的使用者是可能的每件事物。

 It's a good practice to use superuser privileges only when absolutely necessary.

 But one time where it's appropriate is during the Red Hat exams.

 Good administrators will return to being normal users when they're done with their tasks.

 Mistakes as the root user can disable your Linux system.
 作为根使用者的错误能使你的 Linux 系统失去能力。

There are two basic ways to make this work:

su The superuser command, su, prompts you for the root password before logging you in with root privileges.
su 超级使用者指令,su, 在登录你之前为根口令[字] 促使你在与根特权。

 A variation, su -c, sets up root privileges for one specific command.
 一种变化, su-c,为一个特定的指令建立根特权。

 Many Red Hat GUI utilities are set up to prompt for the root password before they can be started.
 在他们能被启动之前,许多红帽图形用户接口公用程式被建立为根口令[字] 促使。

 One more variation, su - root, sets up root privileges with the root user PATH.
 另外一个变化, su- 根,用根使用者路径建立根特权。

 (Remember to have a space on both sides of the dash in this command.)

sudo The sudo command allows users listed in /etc/sudoers to run administrative commands.
sudo sudo 指令允许使用者列出在 /etc/sudoers 运行管理的指令。

 You can configure /etc/sudoers to set limits on the root privileges given to a specific user.
 你能配置 /etc/sudoers 在给一个特定的使用者的根特权上设定限度。

However, Red Hat Enterprise Linux provides some features that make working as root somewhat safer.
然而,红帽企业 Linux 提供更安全地当做根略微制造工作的一些功能。

 For example, logins using the ftp and telnet commands to remote computers are disabled by default.
 举例来说,使用对遥远的计算机的 ftp 和远端登入指令的登录预先设定地被无效。

 Exam Watch  On the RHCE and RHCT exams, time is of the essence.
 考试在 RHCE 上看和 RHCT 考试, 时间是本质。

 In general, I recommend that you don't bother logging in as a regular user during these exams.
 大体上, 我推荐你不烦扰砍伐原木在当做一个一般的使用者在这些考试期间。

 It's faster to log in as the root user.

 You don't have to remember to invoke the su or sudo commands, and you gain the advantages of a more liberal PATH variable.
 你不一定要记得去启动 su 或者 sudo 指令,而且你得到比较自由主义路径变数的利益。

 While you just save a few seconds with each command, that time can add up.


Basic configuration files for individual users are available in the /etc/skel directory.
个别的使用者的基本配置文件在那 /etc/skel 目录中是可得的。

 This directory includes a number of hidden files.

 For a full list, run the ls -a /etc/skel command.
 对于一个完整的列表,运行 ls -a /etc/skel 指令。

 If you want all future users to get specific files in their home directories, include them here.

The next time you create a regular user, check that person's home directory.
下回,你产生一个一般的使用者, 检查人的家目录。

 For example, if you just created a user named elizabeth, run the ls -a /home/elizabeth command.
 举例来说,如果你刚刚创造了一个使用者命名了 elizabeth, 运行 ls -a /home/elizabeth 指令。

 Compare the results to the previous command on the /etc/skel directory.
 在那 /etc/skel 目录上比较结果和早先的指令。


A daemon is a process that runs in the background.

 It is resident in your computer's RAM and watches for signals before it goes into action.

 For example, a network daemon such as httpd, the Linux Web server known as Apache, waits for a request from a browser before it actually serves a Web page.
举例来说, 网络精灵,像是 httpd, Linux 在它实际上服务一个网页之前,知道如阿帕切族的网站伺服器, 等候来自一个浏览器的一个请求。

Daemons are often configured to start automatically when you start Linux.
Internet中用于邮件收发的后台程序时常配置成自动地启动当你启动 Linux 的时候。

 This process is documented at various runlevels in the /etc/rc.d directory.
 这一程序在那 /etc/ rc.d 目录中的各种不同的 runlevels 被证明。

 Alternatively, you can use a tool such as ntsysv to identify and manage the daemons that are started at various Linux runlevels.
 二者择一地, 你能使用一工具如此的当做 ntsysv 识别并且处理在各种不同的 Linux runlevels 被启动的精灵。

 This is discussed in more detail in Chapter 4.
 这在第 4 章更详细地被讨论。

Network Service Daemons
网络服务 Internet中用于邮件收发的后台程序

Networks don't always work.

 Sometimes you need to restart a network daemon to implement a configuration change.

 Red Hat Enterprise Linux provides an easy way to control network service daemons through the scripts in /etc/rc.d/init.d.
 红帽企业 Linux 提供一个容易的方法经过脚本控制网络服务精灵在 /etc/ rc.d/init.d。

 This directory includes scripts that can control installed Linux network services (and more) for everything from the Network File System (NFS) to sendmail.
 这一个目录包括能控制为来自发送邮件的网络文件系统 (NFS) 的每件事物安装 Linux 网络服务 (和更多) 的脚本。

 The actual daemon itself is usually located in the /sbin or /usr/sbin directory.
 真实的精灵本身通常位于那 /sbin 或 /usr/sbin 目录。

With these scripts, it's easy to start, stop, status, reload, or restart a network daemon.
藉由这些脚本,启动,停止很容易,状态,再装货, 或重新开始一个网络精灵。

 This is useful to implement or test changes that you make to a specific configuration file.

 For example, if you make a change to the Apache Web server configuration file in /etc/httpd/conf/httpd.conf, you can implement the change right away with the /etc/rc.d/init.d/httpd reload command.

 举例来说, 如果你作一个变化给阿帕切族网站伺服器配置文件在 /etc/ httpd/conf/httpd.conf, 你能立刻以那 /etc/ rc.d/init.d/httpd 实现变化再装货指令。

 Other switches to these scripts allow you to stop, start, or status these services.
 其他的开关至这些脚本让你停止, 开始、或状态这些服务。

 Network service management is discussed in more detail in Chapter 9.
 网络服务管理在第 9 章更详细地被讨论。

 Exam Watch  In Red Hat Enterprise Linux, a simpler way to reload or restart a service in the /etc/rc.d/init.d directory is with the service command.
 考试在红帽企业看 Linux, 一个较简单的方法在那 /etc/rc.d/ init.d 目录中再装货或者重新开始一个服务与服务指令。

 For example, to restart the httpd service, you could run the service httpd restart command.
 举例来说, 重新开始 httpd 服务, 你可以提供服务 httpd 重始指令。


Perhaps the most important daemon is cron, which can be used to execute a command or a series of commands in a script, on a schedule.
在一种时间表上,也许最重要的精灵是 cron,能被用在一个脚本中运行一个指令或一系列的指令。

 Red Hat Enterprise Linux already includes a series of scripts that are executed by cron on committed schedules in the /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly directories.
 红帽企业 Linux 已经包括在那 /etc/ cron.hourly 的犯时间表上被 cron 运行的一系列的脚本, /etc/ cron.daily, /etc/ cron.weekly, 和 /etc/ cron.monthly 目录。

System crontab

The easiest way to set up your own cron jobs is through the crontab file, which can be managed through the crontab command.
建立你自己的 cron 作业的最容易的方法经过 crontab 文件,能被处理过 crontab 指令。

 Users can edit their own crontab files with the crontab -e command;
 使用者能用 crontab-e 的指令编辑他们自己的 crontab 文件;

 the root user can configure the crontab for a specific user with the crontab -u username -e command.
 根使用者能配置有着 crontab-u 的使用者名称 -e 的指令的一个特定的使用者的 crontab 。

The general format for a crontab file can be found in the /etc/crontab script, which is used to run the scripts in the aforementioned schedule-related directories.
给 crontab 文件的一般格式能在那 /etc/crontab 脚本,被用在上述的时间表讲的目录中运行脚本中被发现。

 A typical crontab entry from that file is 42 4 1 * * root run-parts /etc/cron.monthly Five schedule fields appear on the left-hand side of each crontab entry: minute, hour, day of month, month, and day of week.
 来自那一个文件的一个典型的 crontab 项目是4241** 根运行-部份 /etc/ cron.monthly 五在每 crontab 项目的左手边上排程栏位出现: 分钟、小时,星期的月、月和日子的日子。

 The preceding line is executed at 4:42 A.M. on the first of every month, no matter what day of the week it is.
前述的线在早上 4:42 在第一个上被运行每个月, 没有物质星期几星期它是。

Backup and Restore

Hard drives include spinning disks and magnetic media.

 These are mechanical parts.

 By definition, all mechanical hard drives will eventually fail.

 If you're administering a Linux system with multiple users, you do not want to have to hear the complaints of people who know that their data is more important than yours, because you'll know that they are right.
 如果你正在和多个使用者管理一个 Linux 系统,因为你将会知道他们是正确的,所以你不想要必须听到知道的人的诉苦那他们的数据比你的更重要。

 Configuring backups involves a number of strategic choices that go beyond Linux.
 配置备份包括超越 Linux 的一些策略的选择。

Using full backups, you can back up the entire drive;

 using incremental backups, you back up just the data that has changed since the last backup.
 使用逐渐增加的备份, 你向后地在只是自从最后一个备份以后就已经改变的数据上面。

 A wide variety of media are available for backups, including tape drives, writable CD/DVDs, and other hard drives in various RAID configurations.
 各式各样的介质可用来备份,在各种不同的袭击配置中包括磁带机,可令状的 CD/数字化视频光和其他的硬式磁盘机。

 You can back up data locally or over a network.

 Linux includes a number of quality tools for backups.
 Linux 为备份包括一些性质工具。

It's common to back up through a network to a dedicated backup server.

 Since you're transferring at least substantial portions of a hard drive during a backup, backups can degrade network performance for other users.

 So it is best to perform backups when few people are using your Linux system, which in most cases is during the middle of the night.
 因此当少数人正在使用你的 Linux 系统,在大部份的情形下在夜晚的中央期间的时候,执行备份最好。

 For this reason, it's a common practice to automate backups using the previously discussed cron daemon.
 对于这理由, 它有一个常见的做法使用先前讨论的 cron 精灵自动化备份。

Tape Backups

Using magnetic tape in Linux depends on the ftape system, using 'tarballs' to group directories into single compressed backup files.
在 Linux 使用磁带仰赖 ftape 系统,使用 'tarballs' 聚集目录进入独身者被压缩的备份申请。

 Once it is mounted, it's easy to test a tape drive; just use the mt -f /dev/tapedevice command to status, rewind, or eject the tape.
 一经它被安装,测试一个磁带机很容易; 仅仅使用 mt-f/dev/tapedevice 对状态,重绕的指令, 或逐放磁带。

 If it's a SCSI tape drive, use the st command instead.
 如果它是一个小型电脑标准介面磁带机,改为使用 st 指令。

Unlike when using regular media, you don't mount a tape; you can actually use switches with the tar command to write or restore directly from the tape device.
不像当使用一般的介质,你不安装一个磁带; 你能实际上和焦油指令一起使用开关写或者直接地从磁带装置修复。

 Just cite the appropriate /dev/tapedevice in the command.
 仅仅引证指令的适当的 /dev/tapedevice 。

 Just make sure you can also restore from the backup you've made.

CD Backups
CD 备份

Backups to CDs are made in a similar fashion, using 'iso' files instead of tarballs.
到 CD 的备份在一种相似的流行被做,使用 'iso' 文件而非 tarballs 。

 The mkisofs -J -r -T -o /tmp/backhome.iso /home command can consolidate regular users' home directories from /home onto a single file.
 mkisofs J-r-T-o/tmp/backhome.iso/家指令能联合一般的使用者的家目录从 /家在一个文件之上。

 You can then record this file onto the CD with a command such as:
 然后你能在 CD 之上以一个指令,像是 : 记录这一个文件

# cdrecord -v speed=2 dev=0,0,0 /tmp/backhome.iso

You can then store the CD and later restore the files from it just by mounting it as you would any regular CD.
然后你能储存 CD 而且稍后仅仅藉着装它修复来自它的文件当你会任何的一般 CD。

Hard Drive (RAID) Backups
硬式磁盘机 (冗余阵列磁盘机) 备份

Hard drive-based backups are based on the system known as the Redundant Array of Independent Disks, or RAID, which is covered in more detail in Chapter 5.
以硬式磁盘机为基础的备份以已知的系统为基础作为独立磁盘, 或袭击的多余行列,在第 5 章更详细地被复盖。

 There are several versions of RAID that can automatically restore data once you've replaced a broken hard disk.


The tar command was originally developed for archiving data to tape drives.

 However, it's commonly used today for collecting a series of files, especially from a directory.
 然而,它普遍为收集一系列的文件今天用了, 尤其从一个目录。

 For example, the following command backs up the information from the /home directory in the home.tar.gz file:
 举例来说,下列的指令备存来自 home.tar.gz 文件的那 /家目录的信息:

# tar czvf home.tar.gz /home

This is one of the few commands that does not require a dash in front of the switch.

 This particular command creates (c) an archive, compresses (z) it, in verbose (v) mode, with the filename (f) that follows.
在冗长模式 (v) 模态中,藉由跟随的档名 (f),这个特别的指令产生 (c) 一个档案库,压缩 (z) 它。

 Alternatively, you can extract (x) from that file with the following command:

 二者择一地,你能从那一个文件以下列的指令吸取 (x):

# tar xzvf home.tar.gz /home

gzip and bzip2

The gzip and bzip2 commands are similar-they compress and decompress files, using different algorithms.
gzip 和 bzip 2个指令是相似的-他们压缩并且解压缩文件,使用不同的运算法则。

 If you wanted to compress a big picture file, you could do so with one of the following commands:

# gzip big.jpg
# bzip2 big.jpg

It adds a .gz or a .bz2 extension. You can uncompress from these files with the -d switch:
它增加一。gz 或一。bz 2个扩充。 你能从这些文件解压缩与那 -d 开关:

# gzip -d big.jpg.gz
# bzip2 -d big.jpg.bz2

System Log File Management

Log files are controlled by the syslogd daemon and organized in the /etc/syslog.conf file.
纪录文件被 syslogd 精灵控制而且在那 /etc/ syslog.conf 文件中被组织。

 It is important to use log files to understand the behavior of your Linux system; deviations may be a sign of problems with recently installed service or a security breach.
 使用纪录文件了解你的 Linux 系统的性态很重要; 偏向可能是最近被安装服务或一个安全[性] 违背的号讯的问题的。

 Basic log files are organized in the /var/log directory.
 基本的纪录文件在那 /var/log 目录中被组织。

 For more information on system logs, see Chapter 10.
 对于关于系统日志的较多资讯,见第 10 章。
相关阅读 更多