Linux系统管理与配置-课后习题参考答案 李饶

模块11.3模块练习BCAC模块22.1.7综合实训参考代码（1）mkdir/root/mytestecho“hello_linux”>>/root/mytest/file1.txttail-10/etc/passwd>>/root/mytest/file2.txtcp/etc/passwd/root/mytest/file3.txt然后使用vim编辑器打开file3.txt，修改第十行内容。touch/root/mytest/file{1..100}使用vim打开file3.txt，在命令行模式下使用：%s/root/xyz/gmkdir-p/root/mytest/linux/example1head-10/usr/share/dict/words>>/root/mytest/linux/example1/file1cat/usr/share/dict/words|wc-lcat/usr/share/dict/words|wc-c2.2.5综合实训参考代码（1）useradd-u2024talusa（2）#创建用户组sharegrp，GID为40000groupadd-g40000sharegrp#创建用户natasha，附加组为sharegrpuseradd-Gsharegrpnatasha#创建用户harry，附加组为sharegrpuseradd-Gsharegrpharry#创建用户sarah，不可登录（指定shell为nologin）useradd-s/sbin/nologinsarah#设置三个用户的密码为"redhat"echo'natasha:redhat'|chpasswdecho'harry:redhat'|chpasswdecho'sarah:redhat'|chpasswd（3）#备份原文件cp/etc/security/pwquality.conf/etc/security/pwquality.conf.bak#设置至少一个小写字母sed-i's/^#\?*lcredit=.*/lcredit=-1/'/etc/security/pwquality.conf#至少一个大写字母sed-i's/^#\?*ucredit=.*/ucredit=-1/'/etc/security/pwquality.conf#至少一个数字sed-i's/^#\?*dcredit=.*/dcredit=-1/'/etc/security/pwquality.conf#至少一个特殊字符sed-i's/^#\?*ocredit=.*/ocredit=-1/'/etc/security/pwquality.conf#（可选）设置最小密码长度，如8位sed-i's/^#\?*minlen=.*/minlen=8/'/etc/security/pwquality.conf#设置新用户的默认密码最大有效期sed-i's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS90/'/etc/login.defs#对已创建的natasha、harry、sarah应用90天有效期chage-M90natashachage-M90harrychage-M90sarah2.3.4综合实训（1）mkdir-p/redhat/sharechgrpsharegrp/redhat/sharechmod2770/redhat/share(2)cp/etc/fstab/var/tmp/useraddnatasha2>/dev/nulluseraddharry2>/dev/nullsetfacl-mu:natasha:rw-/var/tmp/fstabsetfacl-mu:harry:---/var/tmp/fstab(3)mkdir/root/web_datatouch/root/web_data/file{1..200}chmod777/root/web_data/file*(4)echo"umask0226">>~/.bashrcsource~/.bashrc2.4.3综合实训（1）nmcliconnectionaddtypeethernetcon-namestaticifnameeth0ipv4.addresses60/24ipv4.gatewayipv4.dnsipv4.methodmanualnmcliconnectionupstaticnmcliconnectionmodifystaticconnection.autoconnectyes（2）#备份原文件cp/etc/hosts/etc/hosts.bak#添加记录echo"60">>/etc/hosts2.5.3综合实训（1）略。（2）yuminstallhttpd-y（3）参考实践练习实验一。2.6模块练习选择题：BDCCCAADDA填空题：读、写、执行/etc/passwd，/etc/group2755,644RPM包/dev/null&>/dev/null管道/etc/yum.repos.d/.repo3.2.5综合实训（1）#设置默认区域为publicfirewall-cmd--set-default-zone=public#移除当前区域中所有已有的服务/端口（清空）firewall-cmd--zone=public--remove-service={ssh,dhcpv6-client,cockpit}--permanent#放行http和https对所有地址firewall-cmd--zone=public--add-service=http--add-service=https--permanent#仅对指定IP开放ssh(端口22)firewall-cmd--zone=public--add-rich-rule='rulefamily="ipv4"sourceaddress=""servicename="ssh"accept'--permanent#重新加载使规则生效firewall-cmd--reload（2）#查看sshd服务状态及进程号（找到主进程PID）systemctlstatussshd|head-5#查看当前nice值ps-opid,ni,comm-p$PID#提高优先级10级（降低nice值10）renice-n-10-p$PID#再次确认nice值已改变ps-opid,ni,comm-p$PID（3）firewall-cmd--permanent--add-service=http--add-service=httpsfirewall-cmd--reload（4）#备份配置文件cp/etc/ssh/sshd_config/etc/ssh/sshd_config.bak#修改端口（假定原来有#Port22或Port22）sed-i's/^#\?Port.*/Port2222/'/etc/ssh/sshd_config#在防火墙中永久放行新端口firewall-cmd--permanent--add-port=2222/tcp#可选：移除旧端口（建议确认2222能登录后再移除）#firewall-cmd--permanent--remove-port=22/tcpfirewall-cmd--reload3.3模块练习DADAACCCAC4.2.4综合实训（1）-（2）gdisk/dev/sdb#进入交互式界面Command(?forhelp):nPartitionnumber(1-128,default1):→直接回车（使用默认1）Firstsector(34-...,default=2048):→直接回车Lastsector,+/-sectorsor+/-size{...}:+10GHexcodeorGUID(Ltoshowcodes,8300):→直接回车（8300Linuxfilesystem）Command(?forhelp):nPartitionnumber(2-128,default2):→回车Firstsector(...,default=...):→回车（紧接上一个分区后）Lastsector,+/-sectors...:+20GHexcodeorGUID(8300):→回车（8300）Command(?forhelp):nPartitionnumber(3-128,default3):→回车Firstsector(...,default=...):→回车Lastsector,+/-sectors...:+2GHexcodeorGUID(8300):8200→输入8200（Linuxswap）Command(?forhelp):p#查看分区表，检查大小和类型Command(?forhelp):w#写入GPT表并退出partprobe/dev/sdb#XFS文件系统mkfs.xfs/dev/sdb1mkfs.xfs/dev/sdb2#交换分区mkswap/dev/sdb3mkdir-p/data/web/data/databasemount/dev/sdb1/data/webmount/dev/sdb2/data/database#启用交换分区swapon/dev/sdb3#获取UUID（推荐）blkid/dev/sdb1/dev/sdb2/dev/sdb3>>/etc/fstab#然后手动编辑/etc/fstab，按以下格式修改（替换实际UUID）：#UUID=xxx/data/webxfsdefaults00#UUID=xxx/data/databasexfsdefaults00#UUID=xxxswapswapdefaults00mount-adf-h|grep/dataswapon--show4.3.3综合实训分区过程略。#创建物理卷pvcreate/dev/sdb1/dev/sdb2#创建卷组，指定PE大小为16MBvgcreate-s16Mdatastore/dev/sdb1/dev/sdb2#查看卷组信息，确认PE大小和容量vgdisplaydatastore#创建逻辑卷，-l指定PE个数，-n指定名称lvcreate-l50-nmylvdatastore#格式化为XFS文件系统mkfs.xfs/dev/datastore/mylv#查看逻辑卷信息lvdisplay/dev/datastore/mylv#创建挂载点mkdir-p/database#临时挂载mount/dev/datastore/mylv/database#验证挂载df-h/database#获取逻辑卷UUID（推荐用于fstab）UUID=$(blkid-sUUID-ovalue/dev/datastore/mylv)echo"UUID=$UUID/databasexfsdefaults00">>/etc/fstab#测试fstab配置是否正确mount-apvdisplayvgdisplaydatastorelvdisplay/dev/datastore/mylvlsblk/dev/sdbdf-h/database4.4.3综合实训#查看新增硬盘lsblk#安装必要软件包dnfinstall-ymdadmlvm2#使用3块盘做RAID5，1块做热备盘mdadm--create/dev/md0--level=5--raid-devices=3\--spare-devices=1/dev/sdb/dev/sdc/dev/sdd/dev/sde#查看构建进度watch-n1cat/proc/mdstat#构建完成后查看详细信息mdadm--detail/dev/md0#创建物理卷pvcreate/dev/md0#创建卷组vg01vgcreatevg01/dev/md0#创建逻辑卷lv01，可使用全部剩余空间lvcreate-l100%FREE-nlv01vg01mkfs.ext4/dev/vg01/lv01#创建挂载点mkdir-p/data#临时挂载mount/dev/vg01/lv01/data#获取逻辑卷UUIDUUID=$(blkid-sUUID-ovalue/dev/vg01/lv01)#写入fstabecho"UUID=$UUID/dataext4defaults00">>/etc/fstab#测试挂载配置mount-adf-h/datamdadm--detail--scan>>/etc/mdadm.conf4.5模块练习1、选择题DCDBC填空题/dev/sdb3fdisk-l

或

lsblkMount扇区（Sector）df-hT5.1.4综合实训cat>/root/createusers.sh<<'EOF'#!/bin/bash#检查是否提供了参数if[$#-eq0];thenecho"Usage:/root/createusers"exit1fifile="$1"#检查文件是否存在且为普通文件if[!-f"$file"];thenecho"inputfilenotfound"exit1fi#按行读取文件（忽略空行和以#开头的注释行）whileIFS=read-rusername||[-n"$username"];do#去除前后空白username=$(echo"$username"|xargs)#跳过空行和注释[-z"$username"]&&continue[["$username"=~^#]]&&continue#检查用户是否已存在ifid"$username"&>/dev/null;thenecho"User$usernamealreadyexists,skipping."elseuseradd-s/bin/false-M"$username"&&echo"Createduser:$username"fidone<"$file"EOF5.2.4综合实训#!/bin/bash#脚本：/shells/userAdd.sh#用法：userAdd<username>（需确保脚本可执行并位于PATH中）#功能：一键创建员工账号，包含系统登录、邮箱、Samba、网站认证#常量定义MAIL_DOMAIN=""#公司邮箱域名SAMBA_BASE="/srv/samba"#Samba共享根目录WEB_PASSWD_FILE="/etc/httpd/.htpasswd"#网站认证文件（Apachehtpasswd）DEFAULT_PASS="Company@2023"#初始密码，首次登录时强制修改（SMABA/网站同理）#检查参数if[$#-ne1];thenecho"Usage:$(basename$0)<username>"exit1fiUSERNAME="$1"#仅允许root执行if["$EUID"-ne0];thenecho"Pleaserunasroot."exit1fi#检查用户是否已存在ifid"$USERNAME"&>/dev/null;thenecho"Error:User$USERNAMEalreadyexists."exit2fiecho"=====开始创建员工账号：$USERNAME====="#1.创建系统用户（客户端账号即为系统账号本身）useradd-m-s/bin/bash"$USERNAME"echo"$USERNAME:$DEFAULT_PASS"|chpasswd#强制首次登录修改密码chage-d0"$USERNAME"echo"系统账号已创建，初始密码为：$DEFAULT_PASS"#2.配置公司邮箱（在/etc/aliases中添加，并生成Maildir）echo"${USERNAME}:${USERNAME}@localhost">>/etc/aliasesnewaliases#创建邮箱目录（若使用dovecot等）mkdir-p"/var/mail/${USERNAME}"chown"${USERNAME}:mail""/var/mail/${USERNAME}"chmod660"/var/mail/${USERNAME}"echo"邮箱地址：${USERNAME}@${MAIL_DOMAIN}"#3.配置Samba共享目录SAMBA_DIR="${SAMBA_BASE}/${USERNAME}"mkdir-p"$SAMBA_DIR"chown"${USERNAME}:smbgrp""$SAMBA_DIR"2>/dev/null||chown"${USERNAME}:users""$SAMBA_DIR"chmod750"$SAMBA_DIR"#将用户加入samba数据库并设置密码（需安装samba）ifcommand-vsmbpasswd&>/dev/null;then(echo"$DEFAULT_PASS";echo"$DEFAULT_PASS")|smbpasswd-s-a"$USERNAME"echo"Samba账号已创建，共享路径：$SAMBA_DIR"elseecho"警告：smbpasswd未安装，跳过Samba配置。"fi#4.配置网站账号（Apachehtpasswd）ifcommand-vhtpasswd&>/dev/null;thenhtpasswd-b"$WEB_PASSWD_FILE""$USERNAME""$DEFAULT_PASS"echo"网站认证账号已添加。"elseecho"警告：htpasswd未安装，跳过网站账号。"fiecho"=====账号$USERNAME创建完成====="echo"请通知员工使用初始密码$DEFAULT_PASS登录并修改。"5.3模块练习CAABBAAABC6.5模块练习CABCA7.1.3综合实训1、#1.安装Nginx和PHP-FPMdnfinstall-ynginxphpphp-fpm#2.创建网站根目录mkdir-p/mut/crypt#3.创建index.php内容cat>/mut/crypt/index.php<<'EOF'Welcometo2023ComputerNetworkApplicationcontest!EOF#4.调整目录权限（确保Nginx可读取）chown-Rnginx:nginx/mut/cryptchmod755/mut/crypt#5.创建配置文件/etc/nginx/conf.d/ispweb.confcat>/etc/nginx/conf.d/ispweb.conf<<'EOF'server{listen80;server_namelocalhost;root/mut/crypt;indexindex.phpindex.htmlindex.htm;#启用FastCGI解析PHP请求location~\.php${fastcgi_passunix:/run/php-fpm/www.sock;fastcgi_indexindex.php;fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;includefastcgi_params;}}EOF#6.语法检查并启动服务nginx-tsystemctlstartnginxsystemctlstartphp-fpmsystemctlenablenginxsystemctlenablephp-fpm2、#1.安装Nginx（如已安装可跳过）dnfinstall-ynginx#2.准备缓存目录并授权mkdir-p/var/cache/nginx/proxy_cachechown-Rnginx:nginx/var/cache/nginx#3.创建配置文件/etc/nginx/conf.d/proxy.confcat>/etc/nginx/conf.d/proxy.conf<<'EOF'#定义缓存路径（在http块中；若主配置已包含http块，这里可直接写server块）proxy_cache_path/var/cache/nginx/proxy_cachelevels=1:2keys_zone=webcache:10mmax_size=1ginactive=60muse_temp_path=off;server{listen80;server_name;#记录真实客户端IP（传递给后端）proxy_set_headerHost$host;proxy_set_headerX-Real-IP$remote_addr;proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;proxy_set_headerX-Forwarded-Proto$scheme;#静态页面缓存location/{proxy_passhttps://backend_server;#替换为实际后端服务器地址proxy_cachewebcache;proxy_cache_valid20030210m;proxy_cache_valid4041m;add_headerX-Proxy-Cache$upstream_cache_status;}}EOF#4.测试配置并重载nginx-tsystemctlreloadnginx#1.创建脚本目录mkdir-p/shells#2.编写监控脚本cat>/sh