##################################
## ##
## LVM (Logical Volume Manager) ##
## ##
##################################
PV (Physical Volume) : 물리볼륨
VG (Volume Group) : 전체이름
LV (Logical Volume) : 가상볼륨
-- 순서 --
1. 물리 하드 추가
2. fdisk 로 파티션 분할
3. 물리볼륨 생성
4. 볼륨그룹 생성
5. LV생성
6. 파일시스템 생성 (포맷)
7. 마운트
8. 확인
1. 물리 하드 추가
- /dev/sdb /dev/sdc /dev/sdd
실습용으로 2GB 3개를 추가한다.
CentOS가 부트되어있다면 재부팅해주자.
부팅이 완료되었다면 인식이 제대로 되었는지 확인
ls -l /dev/sd?
--> /dev/sda는 CentOS 설치된 Disk | /dev/sdb , /dev/sdc , /dev/sdd 3개는 새로 추가한 Disk
2. fdisk 로 파티션 분할
- 3개의 물리 하드를 파티션을 8e(Linux LVM)로 분할한다.
# fdisk /dev/sdb
n -> p -> 1 -> 엔터 -> 엔터 -> t -> 8e -> p -> w
# fdisk /dev/sdc
n -> p -> 1 -> 엔터 -> 엔터 -> t -> 8e -> p -> w
# fdisk /dev/sdd
n -> p -> 1 -> 엔터 -> 엔터 -> t -> 8e -> p -> w
-> OS가 설치되어있는 a 제외하고 b , c , d 모두 진행해준다.
3. 물리볼륨 생성
# pvcreate /dev/sdb1
# pvcreate /dev/sdc1
# pvcreate /dev/sdd1
4. 볼륨그룹 생성
# vgcreate MYVG /dev/sdb1 /dev/sdc1 /dev/sdd1
5. LV생성
# lvcreate -L 18000M -n TEST1 MYVG
# lvcreate -L 6000M -n TEST2 MYVG
6. 파일시스템 생성 (포맷)
# mkfs.ext3 /dev/mapper/MYVG-TEST1
# mkfs.ext3 /dev/mapper/MYVG-TEST2
7. 마운트
# mkdir /data
# mount /dev/mapper/MYVG-TEST1 /data
# mkdir /data2
# mount /dev/mapper/MYVG-TEST2 /data2
8. 확인
# df
# mount
# pvdisplay
# vgdisplay
# lvdisplay
# umount /data
# umount /data2
# lvremove /dev/mapper/MYVG-TEST1
# lvremove /dev/mapper/MYVG-TEST2
# vgdisplay
# vgremove MYVG
# pvdisplay
# pvremove /dev/sdd1
# pvdisplay
================================================
LAB> 아래 조건에 맞는 LVM을 생성하시오.
--> 해보길
o PV 설정 :
/dev/sdb1 /dev/sdc1 /dev/sdd1
# pvcreate /dev/sdb1 /dev/sdc1 /dev/sdd1
o VG 설정 :
INFOSECURITY : /dev/sdb1 /dev/sdd1
INFOSECURITY2 : /dev/sdc1
# vgcreate INFOSECURITY /dev/sdb1 /dev/sdd1
# vgcreate INFOSECURITY2 /dev/sdc1
o LV 설정 :
INFOSECURITY : data1 (10G) data2(6G)
INFOSECURITY2 : data1 (8G)
# lvcreate -L 10000m -n data1 INFOSECURITY
# lvcreate -L 6000m -n data2 INFOSECURITY
# lvcreate -L 8000m -n data1 INFOSECURITY2
o 마운트 설정 :
# df
:
:
/dev/mapper/INFOSECURITY-data1 /data
/dev/mapper/INFOSECURITY-data2 /data2
/dev/mapper/INFOSECURITY2-data1 /data3
# mke2fs -j /dev/mapper/INFOSECURITY-data1
# mke2fs -j /dev/mapper/INFOSECURITY-data2
# mke2fs -j /dev/mapper/INFOSECURITY2-data1
# mkdir /data3
# mount /dev/mapper/INFOSECURITY-data1 /data
# mount /dev/mapper/INFOSECURITY-data2 /data2
# mount /dev/mapper/INFOSECURITY2-data1 /data3
# lvdisplay
# vgdisplay
# pvdisplay
# pvscan
# vgscan
# lvscan
o /etc/fstab 수정 (자동마운트)
# vi /etc/fstab
-- /etc/fstab --
:
/dev/mapper/INFOSECURITY-data1 /data ext3 defaults 1 1
/dev/mapper/INFOSECURITY-data2 /data2 ext3 defaults 1 1
/dev/mapper/INFOSECURITY2-data1 /data3 ext3 defaults 1 1
-- /etc/fstab --
================================================
rsync 데몬을 이용한 백업
- 포트를 하나 열어야 한다.
rsync + ssh 이용한 백업
- 포트를 열지 않고 ssh 의 포트를 이용한다.
======================================================
LAB> rsync를 이용해서 백업하기
조건 : system cron 을 이용한다.
1. /etc/crontab 에 등록
2. 백업스크립트 작성
1. /etc/crontab 에 등록
# vi /etc/crontab
-- /etc/crontab --
:
:
30 04 * * * root /root/bin/rsyncbackup.sh <-- 추가
-- /etc/crontab --
2. 백업스크립트 작성
# cd ~/bin <-- /root/bin 와 동일
# install /dev/null rsyncbackup.sh
# vi rsyncbackup.sh
-- rsyncbackup.sh --
#!/bin/sh
today=$( date +%Y%m%d )
if [ ! -d /backup/$today ]
then
echo mkdir -m 700 -p /backup/$today
fi
for dir in etc home
do
echo "-- /${dir} backup start --"
echo rsync -az /${dir} /backup/$today
echo "-- /${dir} backup stop --"
echo ""
done
-- rsyncbackup.sh --
- 스크립트 테스트
# ./rsyncbackup.sh
mkdir -m 700 -p /backup/20140414
rsync -az /etc /backup/20140414
rsync -az /home /backup/20140414
정상 작동하니 rsyncbackup.sh 수정
명령어 앞에 echo 제거
# date 041504292014.50
# ls /backup/20140415
etc/ home/
You have new mail in /var/spool/mail/root
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 8 messages 8 new
>N 1 logwatch@localhost.l Thu Mar 27 11:45 41/1527 "Logwatch for localhost.l"
N 2 logwatch@localhost.l Mon Mar 31 10:13 41/1527 "Logwatch for localhost.l"
N 3 logwatch@localhost.l Fri Apr 11 04:02 41/1527 "Logwatch for localhost.l"
N 4 logwatch@localhost.l Sat Apr 12 04:02 41/1527 "Logwatch for localhost.l"
N 5 logwatch@localhost.l Thu Apr 10 12:12 115/3193 "Logwatch for localhost.l"
N 6 root@localhost.local Thu Apr 10 12:12 25/1387 "Anacron job for 'localho"
N 7 root@localhost.local Fri Apr 11 11:19 24/968 "Cron <root@localhost> da"
N 8 root@localhost.local Tue Apr 15 04:30 27/1035 "Cron <root@localhost> /r"
& 8
From root@localhost.localdomain Tue Apr 15 04:30:24 2014
Date: Tue, 15 Apr 2014 04:30:02 +0900
From: root@localhost.localdomain (Cron Daemon)
To: root@localhost.localdomain
Subject: Cron <root@localhost> /root/bin/rsyncbackup.sh
Content-Type: text/plain; charset=ANSI_X3.4-1968
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
-- /etc backup start --
-- /etc backup stop --
-- /home backup start --
-- /home backup stop --
& quit
======================================================
[root@www ~]# groupadd -g 5000 project
[root@www ~]# groupadd -g 5000 project
groupadd: GID 5000 is not unique
[root@www ~]# groupadd -g 6000 project
[root@www ~]# useradd -g project user1
[root@www ~]# useradd -G project user2
[root@www ~]# tail -2 /etc/passwd
user1:x:5001:6000::/home/user1:/bin/bash
user2:x:5002:5002::/home/user2:/bin/bash
[root@www ~]# tail -2 /etc/group
project:x:6000:user2
user2:x:5002:
[root@www ~]# install -m 070 -g project -d /project
[root@www ~]# ls -ld /project
d---rwx--- 2 root project 4096 May 16 19:30 /project
[root@www ~]# su - user1
[user1@www ~]$ cd /project/
[user1@www project]$ id
uid=5001(user1) gid=6000(project) groups=6000(project)
[user1@www project]$ touch user1.txt
[user1@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:30 user1.txt
[user1@www project]$ rm -f ~/.bash_logout
[user1@www project]$ exit
logout
[root@www ~]# su - user2
[user2@www ~]$ cd /project
[user2@www project]$ id
uid=5002(user2) gid=5002(user2) groups=5002(user2),6000(project)
[user2@www project]$ touch user2.txt
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:30 user1.txt
-rw-rw-r-- 1 user2 user2 0 May 16 19:31 user2.txt
[user2@www project]$ rm -f ~/.bash_logout
[user2@www project]$ exit
logout
[root@www ~]# chmod g+s /project
[root@www ~]# ls -ld /project
d---rws--- 2 root project 4096 May 16 19:31 /project
[root@www ~]# su - user1
[user1@www ~]$ cd /project/
[user1@www project]$ touch user1-2.txt
[user1@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:32 user1-2.txt
-rw-r--r-- 1 user1 project 0 May 16 19:30 user1.txt
-rw-rw-r-- 1 user2 user2 0 May 16 19:31 user2.txt
[user1@www project]$ exit
logout
[root@www ~]# su - user2
[user2@www ~]$ cd /project
[user2@www project]$ touch user2-2.txt
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:32 user1-2.txt
-rw-r--r-- 1 user1 project 0 May 16 19:30 user1.txt
-rw-rw-r-- 1 user2 project 0 May 16 19:33 user2-2.txt
-rw-rw-r-- 1 user2 user2 0 May 16 19:31 user2.txt
[user2@www project]$ rm -f *
[user2@www project]$ ls
[user2@www project]$ exit
logout
디렉터리인 /project 권한에 그룹쪽에 s가 추가된다면 디렉터리에서
만드는 모든 파일은 project 그룹으로 만들어 진다.
[root@www ~]# su - user1
[user1@www ~]$ cd /project/
[user1@www project]$ touch user1.txt
[user1@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:34 user1.txt
[user1@www project]$ exit
logout
[root@www ~]# su - user2
[user2@www ~]$ cd /project/
[user2@www project]$ touch user2.txt
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:34 user1.txt
-rw-rw-r-- 1 user2 project 0 May 16 19:34 user2.txt
[user2@www project]$ exit
logout
[root@www ~]# chmod o+t /project -c
mode of `/project' changed to 3070 (---rws--T)
[root@www ~]# su - user2
[user2@www ~]$ cd /project
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:34 user1.txt
-rw-rw-r-- 1 user2 project 0 May 16 19:34 user2.txt
[user2@www project]$ ls -ld
d---rws--T 2 root project 4096 May 16 19:34 .
[user2@www project]$ rm -f *
rm: cannot remove `user1.txt': Operation not permitted
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:34 user1.txt
[user2@www project]$ exit
logout
--> /project 디렉터리에 t를 주면 그 디렉터리에서 삭제는 자신이 만든 파일만 삭제가 가능하다.
[root@www ~]# chmod 2070 /project/ -c
mode of `/project/' changed to 2070 (---rws---)
[root@www ~]# su - user1
[user1@www ~]$ cd /project/
[user1@www project]$ ls
user1.txt
[user1@www project]$ rm -f *
[user1@www project]$ touch 1.txt
[user1@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:38 1.txt
[user1@www project]$ exit
logout
[root@www ~]# su - user2
[user2@www ~]$ cd /project/
[user2@www project]$ touch 2.txt
[user2@www project]$ ls -l
total 0
-rw-r--r-- 1 user1 project 0 May 16 19:38 1.txt
-rw-rw-r-- 1 user2 project 0 May 16 19:38 2.txt
[user2@www project]$ rm -f *
[user2@www project]$ ls -l
total 0
# pwunconv
# ls /etc/shadow-
/etc/shadow-
# ls /etc/shadow
ls: /etc/shadow: No such file or directory
# grep ^root /etc/passwd
root:$1$aS54qKLb$XvXudj.7yb3spjDz1jdSQ0:0:0:root:/root:/bin/bash
# pwconv
# grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash
# ls -l /etc/shadow
-r-------- 1 root root 1246 Mar 31 20:14 /etc/shadow
# awk /^root/ /etc/group
root:x:0:root
# head /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
# tail -3 /etc/passwd
unixuser:x:504:504::/home/unixuser:/bin/bash
user1:x:505:505::/home/user1:/bin/bash
user2:x:506:506::/home/user2:/bin/bash
# useradd user3
Creating mailbox file: File exists
# tail -3 /etc/passwd
user1:x:505:505::/home/user1:/bin/bash
user2:x:506:506::/home/user2:/bin/bash
user3:x:507:507::/home/user3:/bin/bash
# useradd user4
# tail -3 /etc/passwd
user2:x:506:506::/home/user2:/bin/bash
user3:x:507:507::/home/user3:/bin/bash
user4:x:508:508::/home/user4:/bin/bash
# useradd -u 1000 user5
# tail -3 /etc/passwd
user3:x:507:507::/home/user3:/bin/bash
user4:x:508:508::/home/user4:/bin/bash
user5:x:1000:1000::/home/user5:/bin/bash
# useradd user6
# tail -5 /etc/passwd
user2:x:506:506::/home/user2:/bin/bash
user3:x:507:507::/home/user3:/bin/bash
user4:x:508:508::/home/user4:/bin/bash
user5:x:1000:1000::/home/user5:/bin/bash
user6:x:1001:1001::/home/user6:/bin/bash
useradd로 사용자 만들때 uid는 가장 높은 숫자부터 +1 된다.
# chmod o-x /usr -c
mode of `/usr' changed to 0754 (rwxr-xr--)
# chmod o+x /usr -c
mode of `/usr' changed to 0755 (rwxr-xr-x)
# chmod o-x /usr/bin -c
mode of `/usr/bin' changed to 0754 (rwxr-xr--)
# chmod o+x /usr/bin -c
mode of `/usr/bin' changed to 0755 (rwxr-xr-x)
# chmod o-x /usr/bin/head -c
mode of `/usr/bin/head' changed to 0754 (rwxr-xr--)
# chmod o+x /usr/bin/head -c
mode of `/usr/bin/head' changed to 0755 (rwxr-xr-x)
# chmod o-x /etc -c
mode of `/etc' changed to 0750 (rwxr-x---)
# chmod o+x /etc -c
mode of `/etc' changed to 0751 (rwxr-x--x)
# chmod o-r /etc/passwd -c
mode of `/etc/passwd' changed to 0640 (rw-r-----)
# chmod o+r /etc/passwd -c
mode of `/etc/passwd' changed to 0644 (rw-r--r--)
$ ls -l /usr/bin/head
-rwxr-xr-x 1 root root 31788 Jul 22 2011 /usr/bin/head
$
$ ls -l /usr/bin/head
-rwxr-xr-x 1 root root 31788 Jul 22 20
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
$ head -2 /etc/passwd
-bash: /usr/bin/head: Permission denied
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
$ head -2 /etc/passwd
-bash: /usr/bin/head: Permission denied
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
$ head -2 /etc/passwd
-bash: /usr/bin/head: Permission denied
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
$ head -2 /etc/passwd
head: cannot open `/etc/passwd' for reading: Permission denied
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
$ head -2 /etc/passwd
head: cannot open `/etc/passwd' for reading: Permission denied
$ head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin