CentOS – 第 2 頁 – 頭城國小資訊組

2017 年 8 月 10 日

在 CentOS 7.x 上建立 docker 環境

1. 安裝 docker
# yum install docker

2. 開機啟動及啟動 docker 服務
# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# systemctl start docker.service

3. 查看 docker 版本資訊
# docker -v
Docker version 1.12.6, build 96d83a5/1.12.6

# docker version
Client:
Version:         1.12.6
API version:     1.24
Package version: docker-common-1.12.6-11.el7.centos.x86_64
Go version:      go1.7.4
Git commit:      96d83a5/1.12.6
Built:           Tue Mar 7 09:23:34 2017
OS/Arch:         linux/amd64

Server:
Version:         1.12.6
API version:     1.24
Package version: docker-common-1.12.6-11.el7.centos.x86_64
Go version:      go1.7.4
Git commit:      96d83a5/1.12.6
Built:           Tue Mar 7 09:23:34 2017
OS/Arch:         linux/amd64[@more@]
4. 搜尋 FreeBSD & Arch Linux 映像檔
# docker search freebsd
INDEX       NAME                                           DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/lexaguskov/freebsd                   FreeBSD operating system                        9
docker.io   docker.io/auchida/freebsd                      FreeBSD docker image from distribution arc…   4                    [OK]
docker.io   docker.io/egypcio/freebsd                      FreeBSD Containers (12.0, 11.0, 10.x, or 9.3)   4
docker.io   docker.io/kazuyoshi/freebsd-minimal                                                            4
docker.io   docker.io/amontalban/freebsd                   FreeBSD Images for Docker.                      3                    [OK]
docker.io   docker.io/roobixx/docker-dg                    DansGuardian is an award winning Open Sour…   2                    [OK]
docker.io   docker.io/vongrippen/freebsd                   FreeBSD with pkg installed                      1
docker.io   docker.io/alexcrichton/port-prebuilt-freebsd                                                   0
docker.io   docker.io/bbabich/docker-mfi-controller        UBNT mfi-controller FreeBSD w/ZFS Docker S…   0                    [OK]
docker.io   docker.io/catskillmts/freebsdminimal                                                           0
docker.io   docker.io/danielstaleiny/freebsd                                                               0
docker.io   docker.io/jamesandariese/go-freebsd-386                                                        0                    [OK]
docker.io   docker.io/jamesandariese/go-freebsd-amd64                                                      0                    [OK]
docker.io   docker.io/jamesandariese/go-freebsd-arm                                                        0                    [OK]
docker.io   docker.io/japaric/i686-unknown-freebsd                                                         0
docker.io   docker.io/japaric/x86_64-unknown-freebsd                                                       0
docker.io   docker.io/mattboll/freebsd                     testing freebsd images                          0
docker.io   docker.io/ptomulik/freebsd                     FreeBSD base images                             0
docker.io   docker.io/ptomulik/freebsd-ports               FreeBSD images with ports preinstalled          0
docker.io   docker.io/qlkao/freebsd                                                                        0
docker.io   docker.io/rustci/rustci-x86_64-freebsd                                                         0
docker.io   docker.io/siffland/freebsd-memcached           FreeBSD memcached docker                        0
docker.io   docker.io/supsup5642/freebsd_ubuntu                                                            0
docker.io   docker.io/tunisiano187/docker-freebsd          FreeBSD template automated                      0                    [OK]

# docker search archlinux
INDEX       NAME                                     DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/base/archlinux                 Basic ArchLinux installation                    212                  [OK]
docker.io   docker.io/finalduty/archlinux            A minimal Arch Linux base image for Docker…   17                   [OK]
docker.io   docker.io/logankoester/archlinux         A fully updated Arch Linux base image buil…   8                    [OK]
docker.io   docker.io/derjudge/archlinux                                                             7                    [OK]
docker.io   docker.io/greyltc/archlinux              Baseline Arch Linux image with an open, tr…   5                    [OK]
docker.io   docker.io/archlinuxjp/archlinux          The latest Arch Linux Docker image              4                    [OK]
docker.io   docker.io/thedcg/tl-archlinux            tl-archlinux                                    2                    [OK]
docker.io   docker.io/archlinuxjp/archlinux-min      The mini Arch Linux Docker image                1                    [OK]
docker.io   docker.io/archlinuxjp/archlinux-yaourt   + Yaourt to base image                          1                    [OK]
docker.io   docker.io/finalduty/archlinux-base       Personalised ArchLinux image                    1                    [OK]
docker.io   docker.io/obedmr/archlinux               ArchLinux Base Image                            1                    [OK]
docker.io   docker.io/opamp/archlinux                my archlinux base image with yaourt             1                    [OK]
docker.io   docker.io/ac1965/archlinux               A minimum environment of ArchLinux with Do…   0                    [OK]
docker.io   docker.io/admiringworm/archlinux         Archlinux base image based on pritunl/arch…   0                    [OK]
docker.io   docker.io/alekzonder/archlinux           fresh archlinux image every day                 0                    [OK]
docker.io   docker.io/alekzonder/archlinux-yaourt    fresh archlinux with yaourt tool for build…   0                    [OK]
docker.io   docker.io/archlinuxjp/archlinux-test     test image                                      0                    [OK]
docker.io   docker.io/colajam93/archlinux            Arch Linux Dockerfile for my testing / pac…   0                    [OK]
docker.io   docker.io/desiato/build-archlinux        archlinux-bootstrap builder                     0                    [OK]
docker.io   docker.io/freenas/archlinux              Simple Arch Linux interactive container         0                    [OK]
docker.io   docker.io/jackus/archlinux               Archlinux updated on build                      0                    [OK]
docker.io   docker.io/masm/archlinux                 A fully updated Arch Linux base image buil…   0                    [OK]
docker.io   docker.io/oblique/archlinux-pacaur       ArchLinux + pacaur                              0                    [OK]
docker.io   docker.io/smartentry/archlinux           archlinux with smartentry                       0                    [OK]
docker.io   docker.io/soem/archlinux                 Archlinux Minimal installation                  0                    [OK]

5. 下載
# docker pull docker.io/egypcio/freebsd
Using default tag: latest
Trying to pull repository docker.io/egypcio/freebsd …
latest: Pulling from docker.io/egypcio/freebsd

a3ed95caeb02: Pull complete
14a15dd57b8b: Pull complete
Digest: sha256:02f6c33382982db829ba63a52ed2467145c290f71f83ae5d8b304c274f809bbd

# docker pull docker.io/base/archlinux
Using default tag: latest
Trying to pull repository docker.io/base/archlinux …
latest: Pulling from docker.io/base/archlinux
ae06c652a19e: Pull complete
dd332190f0f1: Pull complete
3e401a3e6fe9: Pull complete
Digest: sha256:fe0829b6d78fd834a5300a84c559eab9cfe2056fe3c54b5418984ea374075506

6. 已下載安裝的映像檔
# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
docker.io/base/archlinux    latest              ef9803580a16        16 hours ago        563.4 MB
docker.io/egypcio/freebsd   latest              8f539b0870b1        6 months ago        331.3 MB

7. 在容器中執行命令
# docker run docker.io/base/archlinux ls -l
total 4
lrwxrwxrwx   1 root root    7 Dec 5 23:43 bin -> usr/bin
drwxr-xr-x   2 root root    6 Dec 5 23:43 boot
drwxr-xr-x   5 root root 360 Apr 1 03:44 dev
drwxr-xr-x 27 root root 4096 Apr 1 03:44 etc
drwxr-xr-x   2 root root    6 Dec 5 23:43 home
lrwxrwxrwx   1 root root    7 Dec 5 23:43 lib -> usr/lib
lrwxrwxrwx   1 root root    7 Dec 5 23:43 lib64 -> usr/lib
drwxr-xr-x   2 root root    6 Dec 5 23:43 mnt
drwxr-xr-x   2 root root    6 Dec 5 23:43 opt
dr-xr-xr-x 187 root root    0 Apr 1 03:44 proc
drwxr-x—   3 root root   20 Mar 31 11:21 root
drwxr-xr-x   4 root root   33 Apr 1 03:44 run
lrwxrwxrwx   1 root root    7 Dec 5 23:43 sbin -> usr/bin
drwxr-xr-x   4 root root   29 Mar 31 11:21 srv
dr-xr-xr-x 13 root root    0 Apr 1 03:15 sys
drwxrwxrwt   2 root root    6 Mar 31 11:21 tmp
drwxr-xr-x   8 root root 105 Mar 31 11:21 usr
drwxr-xr-x 12 root root 160 Mar 31 11:22 var

當使用 docker run 來建立容器時，Docker 在後台會進行下列的工作：

檢查本地端是否存在指定的映像檔，如果不存在就從公有的倉庫下載
利用映像檔建立並啟動一個容器
分配一個檔案系統，並在唯讀的映像檔層外面掛載一層可讀寫層
從 Host 主機設定的網路橋接介面中橋接一個虛擬埠到容器之中
從位址 Pool 中設定一個 IP 位址給容器
執行使用者指定的應用程式
執行完畢後容器終止

8. 進入 Arch Linux 容器
-t 讓 Docker 分配一個虛擬終端機(pseudo-tty) 並綁定到容器的標準輸入上
-i 讓容器的標準輸入保持打開
[root@docker ~]# docker run -t -i docker.io/base/archlinux /bin/bash
[root@a3ae68c6ee14 /]# pacman -Syy
:: Synchronizing package databases…
core                     124.3 KiB   302K/s 00:00 [######################] 100%
extra                   1678.7 KiB 2.65M/s 00:01 [######################] 100%
community                  3.8 MiB 4.42M/s 00:01 [######################] 100%

[root@a3ae68c6ee14 /]# pacman -S vim
resolving dependencies…
looking for conflicting packages…

Packages (3) gpm-1.20.7-7 vim-runtime-8.0.0427-1 vim-8.0.0427-1

Total Download Size: 6.53 MiB
Total Installed Size: 29.65 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages…
gpm-1.20.7-7-x86_64      127.5 KiB   310K/s 00:00 [######################] 100%
vim-runtime-8.0.042…     5.2 MiB 4.48M/s 00:01 [######################] 100%
vim-8.0.0427-1-x86_64   1247.8 KiB 5.25M/s 00:00 [######################] 100%
(3/3) checking keys in keyring                     [######################] 100%
(3/3) checking package integrity                   [######################] 100%
(3/3) loading package files                        [######################] 100%
(3/3) checking for file conflicts                  [######################] 100%
(3/3) checking available disk space                [######################] 100%
:: Processing package changes…
(1/3) installing vim-runtime                       [######################] 100%
(2/3) installing gpm                               [######################] 100%
(3/3) installing vim                               [######################] 100%
Optional dependencies for vim
    python2: Python 2 language support
    python: Python 3 language support
    ruby: Ruby language support
    lua: Lua language support
    perl: Perl language support [installed]
    tcl: Tcl language support
:: Running post-transaction hooks…
(1/1) Arming ConditionNeedsUpdate…

9. 退出 exit 或 Ctrl+D
[root@a3ae68c6ee14 /]# exit
exit
[root@docker ~]#

10. 二者使用的核心是相同的
# docker run docker.io/base/archlinux uname -a
Linux dfa510f8be80 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 GNU/Linux
# uname -a
Linux docker.test.ilc.edu.tw 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

11.儲存映像檔到本地端
# docker save -o archlinux.tar docker.io/base/archlinux
# ls -l *.tar
-rw——-. 1 root root 584920064 4月 1 12:12 archlinux.tar

12. 載入本地端映像檔
# docker load –input archlinux.tar
或
# docker load < archlinux.tar

13. 移除映像檔
# docker rmi docker.io/egypcio/freebsd:latest
Untagged: docker.io/egypcio/freebsd:latest
Untagged: docker.io/egypcio/freebsd@sha256:02f6c33382982db829ba63a52ed2467145c290f71f83ae5d8b304c274f809bbd
Deleted: sha256:8f539b0870b1ec6c1552172da492201166440a6f6199a0cd9208820cd377d03a
Deleted: sha256:c92b5d0f8475d3bb10df0bc5e8092da839777747e3653f3cf1cb63b33f17a3ff
Deleted: sha256:474999c372aa6b14e7b8e2afdcab83e2f89b783b243f87d2bbfa9b1a7346962b
Deleted: sha256:7800f80a93336d416612f372faa5f69eb67b353ce6ae9535fa0848f8784c74b1
Deleted: sha256:170b376f64fb30995c140276be3d71dfb256b308d86183ca3b22aa93a79ad548
Deleted: sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef

# docker run -i -d -t docker.io/base/archlinux /bin/bash2332c0ada7596a74cafa5ea4fca41f37259c9cfa6a762a207ec7b313a743e37a

# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2332c0ada759 docker.io/base/archlinux “/bin/bash” About a minute ago Up About a minute agitated_yalow

# docker attach agitated_yalow
[root@2332c0ada759 /]#

2017 年 7 月 29 日2021 年 3 月 18 日

VMware ESXi – 系統設定備份與回復 – CentOS 7

如果要備份或回復 VMware ESXi 的設定，可以安裝 VMware vSphere Command Line Interface。
1. 登入 VMware 官方網站下載 VMware vSphere Command Line Interface
     1 – For Windows
     2 – For Linux x86_64
     3 – For Linux x86

[@more@]參考網頁：
vmware-vsphere-cli-centos7.sh · GitHub
The Pain and Fury of vmware-cli on CentOS 7 | Morgajel.net
Install vCLI 6 on CentOS 7 – vSphere SDK for Perl
[VMware] 在 CentOS7 上安裝 VMware vSphere CLI (vcli) 操作 VM @ 亂打一通的心情日記 :: 痞客邦 PIXNET ::
在 CentOS7 上安裝 VMware vSphere CLI (vcli) – IT閱讀

2. 安裝必備套件
# yum install epel-release
# yum update
# yum install openssl-devel cpan perl-Devel-StackTrace perl-Class-Data-Inheritable perl-Convert-ASN1 perl-Crypt-OpenSSL-RSA perl-Exception-Class perl-Archive-Zip perl-Try-Tiny perl-Crypt-SSLeay perl-XML-SAX perl-XML-NamespaceSupport perl-libxml-perl perl-XML-LibXML perl-Socket6 perl-IO-Socket-INET6 libuuid-devel perl-Crypt-OpenSSL-X509 perl-Path-Class perl-Class-MethodMaker perl-Data-UUID perl-Data-Dump perl-SOAP-Lite perl-Net-INET6Glue

# PERL_MM_USE_DEFAULT=1 cpan install BINGOS/ExtUtils-MakeMaker-6.96.tar.gz LEONT/Module-Build-0.4205.tar.gz GBARR/libnet-1.22.tar.gz GAAS/libwww-perl-5.837.tar.gz PERLER/UUID-Random-0.04.tar.gz

3. 解壓縮
# tar xvzf VMware-vSphere-CLI-6.5.0-4566394.x86_64.tar.gz

4. 切換目錄
# cd vmware-vsphere-cli-distrib

5. 進行安裝
# ./vmware-install.pl –prefix=/opt/vmwarecli EULA_AGREED=yes –default
Creating a new vSphere CLI installer database using the tar4 format.

Installing vSphere CLI 6.5.0 build-4566394 for Linux.

This vSphere CLI installer includes precompiled Perl modules for RHEL.
Answering yes will install the precompiled modules, and answering no will
install from CPAN.
Do you want to install precompiled Perl modules for RHEL?
[yes]

Please wait while copying vSphere CLI files…

The installation of vSphere CLI 6.5.0 build-4566394 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking the following command:
“/opt/vmwarecli/bin/vmware-uninstall-vSphere-CLI.pl”.

This installer has successfully installed both vSphere CLI and the vSphere SDK
for Perl.

The following Perl modules were found on the system but may be too old to work
with vSphere CLI:

Devel::StackTrace 1.31 or newer
MIME::Base64 3.14 or newer
Try::Tiny 0.22 or newer
LWP 6.15 or newer
Socket6 0.23 or newer
IO::Socket::INET6 2.71 or newer
Net::HTTP 6.09 or newer

Enjoy,

–the VMware team

6. 程式安裝路徑
# ls -l /opt/vmwarecli/bin/vicfg-*
-r-xr-xr-x. 1 root root 9632 3月 28 19:23 /opt/vmwarecli/bin/vicfg-advcfg
-r-xr-xr-x. 1 root root 11645 3月 28 19:23 /opt/vmwarecli/bin/vicfg-authconfig
-r-xr-xr-x. 1 root root 8920 3月 28 19:23 /opt/vmwarecli/bin/vicfg-cfgbackup
-r-xr-xr-x. 1 root root 9140 3月 28 19:23 /opt/vmwarecli/bin/vicfg-dns
-r-xr-xr-x. 1 root root 12580 3月 28 19:23 /opt/vmwarecli/bin/vicfg-dumppart
-r-xr-xr-x. 1 root root 16564 3月 28 19:23 /opt/vmwarecli/bin/vicfg-hostops
-r-xr-xr-x. 1 root root 24199 3月 28 19:23 /opt/vmwarecli/bin/vicfg-ipsec
-r-xr-xr-x. 1 root root 76696 3月 28 19:23 /opt/vmwarecli/bin/vicfg-iscsi
-r-xr-xr-x. 1 root root 6872 3月 28 19:23 /opt/vmwarecli/bin/vicfg-module
-r-xr-xr-x. 1 root root 20543 3月 28 19:23 /opt/vmwarecli/bin/vicfg-mpath
-r-xr-xr-x. 1 root root 17871 3月 28 19:23 /opt/vmwarecli/bin/vicfg-mpath35
-r-xr-xr-x. 1 root root 8314 3月 28 19:23 /opt/vmwarecli/bin/vicfg-nas
-r-xr-xr-x. 1 root root 9364 3月 28 19:23 /opt/vmwarecli/bin/vicfg-nics
-r-xr-xr-x. 1 root root 7144 3月 28 19:23 /opt/vmwarecli/bin/vicfg-ntp
-r-xr-xr-x. 1 root root 2874 3月 28 19:23 /opt/vmwarecli/bin/vicfg-rescan
-r-xr-xr-x. 1 root root 13481 3月 28 19:23 /opt/vmwarecli/bin/vicfg-route
-r-xr-xr-x. 1 root root 21745 3月 28 19:23 /opt/vmwarecli/bin/vicfg-scsidevs
-r-xr-xr-x. 1 root root 12387 3月 28 19:23 /opt/vmwarecli/bin/vicfg-snmp
-r-xr-xr-x. 1 root root 5643 3月 28 19:23 /opt/vmwarecli/bin/vicfg-syslog
-r-xr-xr-x. 1 root root 22531 3月 28 19:23 /opt/vmwarecli/bin/vicfg-user
-r-xr-xr-x. 1 root root 26398 3月 28 19:23 /opt/vmwarecli/bin/vicfg-vmknic
-r-xr-xr-x. 1 root root 13010 3月 28 19:23 /opt/vmwarecli/bin/vicfg-volume
-r-xr-xr-x. 1 root root 36078 3月 28 19:23 /opt/vmwarecli/bin/vicfg-vswitch

# ls -l /opt/vmwarecli/bin/vm*
-r-xr-xr-x. 1 root root 40411 3月 28 19:23 /opt/vmwarecli/bin/vmkfstools
-r-xr-xr-x. 1 root root 59908 3月 28 19:23 /opt/vmwarecli/bin/vmware-cmd
-r-xr-xr-x. 1 root root 128151 3月 28 19:23 /opt/vmwarecli/bin/vmware-uninstall-vSphere-CLI.pl

7. 進行備份
–server Server’IP
-s 備份設定
# /opt/vmwarecli/bin/vicfg-cfgbackup –server 192.168.1.234 -s /root/esx.cfg
Enter username: root
Enter password:
Saving firmware configuration to /root/esx.cfg …

8. 還原設定值，ESXi Server 會重新啟動
# /opt/vmwarecli/bin/vicfg-cfgbackup –server 192.168.1.234 -l /root/esx.cfg
Enter username: root
Enter password:
The restore operation will reboot the host.
Type ‘yes’ to continue:
yes
Uploading config bundle to configBundle.tgz …
Performing restore …
系統重新開機

9. 指令用法
# /opt/vmwarecli/bin/vicfg-cfgbackup –help
Synopsis: /opt/vmwarecli/bin/vicfg-cfgbackup OPTIONS [<backupfile>]

Command-specific options:
   –force
    -f
        Force the restore of the configuration.
   –load
    -l
        Restore configuration onto the host
   –quiet
    -q
        Do not prompt for user confirmation.
   –reset
    -r
        Resets host, restore to factory settings.
   –save
    -s
        Backup the host configuration.

2017 年 6 月 23 日

OpenNMS CentOS 7 客製化安裝光碟

利用時間完成，採手動的方式來進行後續的設定工作
在 /root 目錄下放置 README 檔案，說明設定的步驟！

# cat /root/README
# 底下請以 root 身份執行
# Java 設定
# /opt/opennms/bin/runjava -s
#
# PostgreSQL Server初始化資料庫
# /usr/bin/postgresql-setup initdb
# sed -i ‘/^host/s/…..$/md5/’ /var/lib/pgsql/data/pg_hba.conf[@more@]#
# 重新啟動 PostgreSQL Server
# systemctl enable postgresql.service
# systemctl restart postgresql.service
#
# PostgreSQL Server 資料庫設定帳號及密碼
# sudo -u postgres psql -c “CREATE USER opennms WITH PASSWORD ‘密碼’;”
# sudo -u postgres psql -c “CREATE DATABASE opennms;”
# sudo -u postgres psql -c “GRANT ALL PRIVILEGES ON DATABASE opennms to opennms;”
#
# OpenNMS 資料庫帳號及密碼設定
# sed -i -e ‘s/password=”opennms”/password=”密碼”/’ -e ‘s/password=””/password=”密碼”/’ -e ‘s/user-name=”postgres”/user-name=”opennms”/’ /opt/opennms/etc/opennms-datasources.xml
#
# 初始化 OpenNMS
# /opt/opennms/bin/install -dis
#
# RRD 設定
# sed -i ‘/MultithreadedJniRrdStrategy/s/^#org/org/’ /opt/opennms/etc/rrd-configuration.properties
# sed -i ‘/rrd2/s/^#opennms/opennms/’ /opt/opennms/etc/rrd-configuration.properties
# sed -i ‘/rrd2/s/^#org/org/’ /opt/opennms/etc/rrd-configuration.properties
#
# OpenNMS 啟動並設定開機時啟動
# systemctl enable opennms.service
# systemctl start opennms.service

執行紅字部分的指令

如果碰到 SELinux 的問題，可以先試著關掉！
# sed -i ‘s/^(SELINUX=).*$/1”disabled/’ /etc/selinux/config
# sync;sync;sync;reboot

如果要取消 OpenNMS 自動更新
# sed -i ‘/gpgcheck/aenable=0’ /etc/yum.repos.d/opennms-repo-stable-rhel7.repo
反之
# sed -i ‘s/enable=0/enable=1/’ /etc/yum.repos.d/opennms-repo-stable-rhel7.repo

2017 年 6 月 21 日

在 CentOS 7.x 上安裝 PostgreSQL Server

從剛開始學 GNU/Linux 用的就是 MySQL，一直到後來的 MariaDB，很少使用的 PostgreSQL，印象中只有 OpenNMS 才有特別使用到。

1. 安裝 PostgreSQL Server
# yum install postgresql-server postgresql-contrib

2. 初始化 PostgreSQL 資料庫
# /usr/bin/postgresql-setup initdb
Initializing database … OK[@more@]
3. 修改認證設定檔 /var/lib/pgsql/data/pg_hba.conf
# sed -i ‘/^local/s/peer$/md5/’ /var/lib/pgsql/data/pg_hba.conf
# sed -i ‘/^host/s/…..$/md5/’ /var/lib/pgsql/data/pg_hba.conf
# egrep ‘^local|^host’ /var/lib/pgsql/data/pg_hba.conf
local   all             all                                     md5
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

4. 啟動 PostgreSQL Server
# systemctl start postgresql.service
# systemctl enable postgresql.service

5. 開啟防火牆設定
# firewall-cmd –permanent –add-service=postgresql
# firewall-cmd –reload
或
# iptables -A INPUT -p tcp –syn -m state –state NEW –dport 5432 -j ACCEPT

2017 年 6 月 20 日2021 年 3 月 18 日

解決安裝 Cacti 1.0.x 版時出現的一些 SQL Server 提示訊息

在 CentOS 7.x 上安裝 Cacti 1.0.x 版時，會出現一堆紅色的提示訊息

雖然按 Next 還是可以跳過，但還是花了一些時間，把它們通通都去除了！[@more@]解決方式：
1. 安裝 MariaDB SQL 10.x 版，可以參考頭城國小資訊組 | 安裝 MariaDB SQL Sever 10.x。
2. 備份原設定檔
# cp /etc/my.cnf.d/client.cnf /etc/my.cnf.d/client.cnf.$(date +%F)
# cp /etc/my.cnf.d/server.cnf /etc/my.cnf.d/server.cnf.$(date +%F)
# cp /etc/my.cnf.d/mysql-clients.cnf cp /etc/my.cnf.d/mysql-clients.cnf.$(date +%F)

3. 參考了以下的網頁：
Optimize my.cnf with MariaDB | cPanel Forums
How to improve InnoDB performance by 55%

其實也不懂，反正只是把上面提示的值加大而已！

# sed -i ‘/[client]/adefault-character-set=utf8mb4’ /etc/my.cnf.d/client.cnf

# sed -i ‘/[mysqld]/acollation-server=utf8mb4_unicode_ci’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/acharacter-set-server=utf8mb4’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/amax_heap_table_size=128M’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/amax_allowed_packet=32M’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/atmp_table_size=128M’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/ajoin_buffer_size=128M’ /etc/my.cnf.d/server.cnf
# sed -i ‘/[mysqld]/ainnodb_buffer_pool_size = 512M’ /etc/my.cnf.d/server.cnf

# sed -i ‘/innodb_lock_wait_timeout/askip-innodb_doublewrite’ /etc/my.cnf.d/mysql-clients.cnf
# sed -i ‘/innodb_lock_wait_timeout/ainnodb_read_io_threads=64’ /etc/my.cnf.d/mysql-clients.cnf
# sed -i ‘/innodb_lock_wait_timeout/ainnodb_write_io_threads=32’ /etc/my.cnf.d/mysql-clients.cnf
# sed -i ‘/innodb_lock_wait_timeout/ainnodb_additional_mem_pool_size=96M’ /etc/my.cnf.d/mysql-clients.cnf
# sed -i ‘/innodb_lock_wait_timeout/asinnodb_flush_log_at_timeout=5’ /etc/my.cnf.d/mysql-clients.cnf

4. 重新啟動 MariaDB SQL Server
# systemctl restart mariadb

5. 檢查成果

2017 年 6 月 18 日2021 年 3 月 18 日

OpenNMS – Apache Cassandra 安裝與 Newts 設定 – CentOS

參考網頁：
OpenNMS Installation Guide

根據官方網站上的解釋：
Newts 是基於 Apache Cassandra 的時間序列資料儲存，是一個持久性的策略，可以用來取代 JRobin 或是 RRDtool。

在 CentOS 7.x 下安裝
1. 新增 DataStax 套件庫設定檔
# vim /etc/yum.repos.d/datastax.repo
[datastax]
name = “DataStax Repo for Apache Cassandra”
baseurl = https://rpm.datastax.com/community
enabled = 1
gpgcheck = 1

2. 安裝 GPG Key
# rpm –import https://rpm.datastax.com/rpm/repo_key

3. 更新套件庫
# yum update[@more@]4. 安裝 Cassandra 3.0.x package
# yum install dsc30

5. 啟動 Cassandra 服務
# systemctl enable cassandra
cassandra.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig cassandra on
# systemctl start cassandra

6. 設定 OpenNMS Horizon
# cp /opt/opennms/etc/opennms.properties /opt/opennms/etc/opennms.properties.$(date +%F)
將 false 改為 true
# sed -i ‘/rrd.storeByForeignSource/s/false/true/’ /opt/opennms/etc/opennms.properties
取消前面的註解，並將 rrd 改為 newts
# sed -i ‘/^#org.opennms.timeseries/s/#org.opennms.timeseries.strategy=rrd/org.opennms.timeseries.strategy=newts/’ /opt/opennms/etc/opennms.properties
取消前面的註解
# sed -i ‘/newts.config.hostname/s/^#org/org/’ /opt/opennms/etc/opennms.properties
# sed -i ‘/keyspace/s/^#org/org/’ /opt/opennms/etc/opennms.properties
# sed -i ‘/9042/s/^#org/org/’ /opt/opennms/etc/opennms.properties

7. 初始化 newts
# /opt/opennms/bin/newts init

8. 進行驗證
# cqlsh 127.0.0.1 9042
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.0.9 | CQL spec 3.4.0 | Native protocol v4]
Use HELP for help.
cqlsh> use newts;
cqlsh:newts> describe table terms;

CREATE TABLE newts.terms (
    context text,
    field text,
    value text,
    resource text,
    PRIMARY KEY ((context, field, value), resource)
) WITH CLUSTERING ORDER BY (resource ASC)
    AND bloom_filter_fp_chance = 0.01
    AND caching = {‘keys’: ‘ALL’, ‘rows_per_partition’: ‘NONE’}
    AND comment = ”
    AND compaction = {‘class’: ‘org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy’, ‘max_threshold’: ’32’, ‘min_threshold’: ‘4’}
    AND compression = {‘chunk_length_in_kb’: ’64’, ‘class’: ‘org.apache.cassandra.io.compress.LZ4Compressor’}
    AND crc_check_chance = 1.0
    AND dclocal_read_repair_chance = 0.1
    AND default_time_to_live = 0
    AND gc_grace_seconds = 864000
    AND max_index_interval = 2048
    AND memtable_flush_period_in_ms = 0
    AND min_index_interval = 128
    AND read_repair_chance = 0.0
    AND speculative_retry = ’99PERCENTILE’;

cqlsh:newts> describe table samples;

CREATE TABLE newts.samples (
    context text,
    partition int,
    resource text,
    collected_at timestamp,
    metric_name text,
    attributes map<text, text>,
    value blob,
    PRIMARY KEY ((context, partition, resource), collected_at, metric_name)
) WITH CLUSTERING ORDER BY (collected_at ASC, metric_name ASC)
    AND bloom_filter_fp_chance = 0.01
    AND caching = {‘keys’: ‘ALL’, ‘rows_per_partition’: ‘NONE’}
    AND comment = ”
    AND compaction = {‘class’: ‘org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy’, ‘max_threshold’: ’32’, ‘min_threshold’: ‘4’}
    AND compression = {‘chunk_length_in_kb’: ’64’, ‘class’: ‘org.apache.cassandra.io.compress.LZ4Compressor’}
    AND crc_check_chance = 1.0
    AND dclocal_read_repair_chance = 0.1
    AND default_time_to_live = 0
    AND gc_grace_seconds = 864000
    AND max_index_interval = 2048
    AND memtable_flush_period_in_ms = 0
    AND min_index_interval = 128
    AND read_repair_chance = 0.0
    AND speculative_retry = ’99PERCENTILE’;

cqlsh:newts> quit

9. 重新啟動 OpenNMS
# systemctl restart opennms

2017 年 6 月 14 日2021 年 3 月 18 日

在 CentOS 7.x 上安裝 OpenNMS 19.x

參考網頁：
安裝 OpenNMS 17.0.0 on CentOS 7.0 @ Egg Chang 的部落格 :: 痞客邦 PIXNET ::
OpenNMS Installation Guide

主要是要研究是否有可能將 OpenNMS 直接整合在 CentOS 7 的安裝光碟之中！

安裝與設定 PostgreSQL Server
PostgreSQL Server 官方網站：https://www.postgresql.org
不使用 CentOS 7 內建套件庫版本，直接以官方網站上的最新版本來安裝
https://yum.postgresql.org/repopackages.php

2017.03.18 最新的穩定版本是 9.6

1. 下載 PostgreSQL 套件庫設定檔
# wget https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
# rpm -ivh pgdg-centos96-9.6-3.noarch.rpm[@more@]
2. 列出套件庫 pgdg96 可安裝的套件
# yum list available –disablerepo=* –enablerepo=pgdg96
# yum list available –disablerepo=* –enablerepo=pgdg96 | egrep ‘postgresql|pgadmin’
pgadmin3_96-debuginfo.x86_64             1.22.1-2.rhel7                   pgdg96
pgadmin3_96-docs.x86_64                  1.22.1-2.rhel7                   pgdg96
pgadmin4-v1.x86_64                       1.3-1.rhel7                      pgdg96
pgadmin4-v1-debuginfo.x86_64             1.3-1.rhel7                      pgdg96
pgadmin4-v1-docs.noarch                  1.3-1.rhel7                      pgdg96
pgadmin4-v1-web.noarch                   1.3-1.rhel7                      pgdg96
postgresql-jdbc.noarch                   42.0.0-1.rhel7                   pgdg96
postgresql-jdbc-javadoc.noarch           42.0.0-1.rhel7                   pgdg96
postgresql-unit96.x86_64                 2.0-1.rhel7                      pgdg96
postgresql-unit96-debuginfo.x86_64       2.0-1.rhel7                      pgdg96
postgresql96-debuginfo.x86_64            9.6.2-2PGDG.rhel7                pgdg96
postgresql96-devel.x86_64                9.6.2-2PGDG.rhel7                pgdg96
postgresql96-docs.x86_64                 9.6.2-2PGDG.rhel7                pgdg96
postgresql96-plperl.x86_64               9.6.2-2PGDG.rhel7                pgdg96
postgresql96-plpython.x86_64             9.6.2-2PGDG.rhel7                pgdg96
postgresql96-pltcl.x86_64                9.6.2-2PGDG.rhel7                pgdg96
postgresql96-tcl.x86_64                  2.1.1-1.rhel7                    pgdg96
postgresql96-tcl-debuginfo.x86_64        2.1.1-1.rhel7                    pgdg96
postgresql96-test.x86_64                 9.6.2-2PGDG.rhel7                pgdg96

3. 安裝 PostgreSQL Server
# yum install postgresql96 postgresql96-server postgresql96-contrib postgresql96-odbc postgresql96-libs pgadmin3_96

4. 啟動 PostgreSQL Server
# /usr/pgsql-9.6/bin/postgresql96-setup initdb
Initializing database … OK
# systemctl enable postgresql-9.6
Created symlink from /etc/systemd/system/multi-user.target.wants/postgresql-9.6.service to /usr/lib/systemd/system/postgresql-9.6.service.
# systemctl start postgresql-9.6

5. 修改 postgresql.conf 設定檔
# sed -i ‘s/^#listen/listen/’ /var/lib/pgsql/9.6/data/postgresql.conf

6. 修改 pg_hba.conf 設定檔
# sed -i ‘/^host/s/…..$/md5/’ /var/lib/pgsql/9.6/data/pg_hba.conf

7. 重新載入 PostgreSQL Server
# systemctl reload postgresql-9.6

安裝與設定 JDK
8. 下載 JDK
請到下方的 Oracle 官方網站下載：
http://www.oracle.com/technetwork/java/javase/downloads/index.html

9. 進行安裝
# rpm -ivh jdk-8u121-linux-x64.rpm
Preparing…                          ################################# [100%]
Updating / installing…
   1:jdk1.8.0_121-2000:1.8.0_121-fcs ################################# [100%]
Unpacking JAR files…
        tools.jar…
        plugin.jar…
        javaws.jar…
        deploy.jar…
        rt.jar…
        jsse.jar…
        charsets.jar…
        localedata.jar…

10. 設定 Java 環境變數
# cat << EOF > /etc/profile.d/java.sh
export JAVA_HOME=/usr/java/default
export PATH=$JAVA_HOME/bin:$PATH
EOF

# cat << EOF > /etc/profile.d/java.csh
set JAVA_HOME=/usr/java/default
set PATH=$JAVA_HOME/bin:$PATH
EOF

11. 讓設定生效
# . /etc/profile.d/java.sh

12. 下載 OpenNMS 套件庫及 GPG Key
# wget http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm
# wget http://yum.opennms.org/OPENNMS-GPG-KEY

13. 安裝設定檔及 GPG Ket
# rpm -ivh opennms-repo-stable-rhel7.noarch.rpm
# rpm –import OPENNMS-GPG-KEY

14. 更新套件庫
# yum update

15. 安裝 OpenNMS 套件
# yum install opennms opennms-docs mib2events grafana-opennms-plugin opennms-plugin-ticketer-centric opennms-remote-poller opennms-jmx-config-generator opennms-ncs opennms-plugins rrdtool jrrd2

16. 建立 PostgreSQL Server 管理者密碼
# su – postgres
$ psql -c “ALTER USER postgres WITH PASSWORD ‘YOUR-POSTGRES-PASSWORD’;”
ALTER ROLE

17. 建立使用者 opennms 和密碼
$ createuser -P opennms
Enter password for new role:
Enter it again:

18. 建立 OpenNMS 資料庫
$ createdb -O opennms opennms
$ psql -c “ALTER USER opennms WITH SUPERUSER;”
$ exit

19. 設定 OpenNMS 連線的帳號及密碼(123456 請替換成正確的密碼)
# sed -i -e ‘/password/s/password=”opennms”/password=”123456″/’ -e ‘/password/s/password=””/password=”YOUR-POSTGRES-PASSWORD“/’ /opt/opennms/etc/opennms-datasources.xml
<jdbc-data-source name=”opennms”
                    database-name=”opennms”
                    class-name=”org.postgresql.Driver”
                    url=”jdbc:postgresql://localhost:5432/opennms”
                    user-name=”opennms”
                    password=”123456″ />

<jdbc-data-source name=”opennms-admin”
                    database-name=”template1″
                    class-name=”org.postgresql.Driver”
                    url=”jdbc:postgresql://localhost:5432/template1″
                    user-name=”postgres”
                    password=”YOUR-POSTGRES-PASSWORD” />

20. 設定 OpenNMS
# /opt/opennms/bin/runjava -s
runjava: Looking for an appropriate JRE…
runjava: Checking for an appropriate JRE in JAVA_HOME…
runjava: skipping… JAVA_HOME not set
runjava: Checking JRE in user’s path: “/bin/java”…
runjava: found an appropriate JRE in user’s path: “/bin/java”
runjava: value of “/bin/java” stored in configuration file

21. 資料庫及系統 libraries 初始化
# /opt/opennms/bin/install -dis

22. 設定 rrdtool
# sed -i ‘/MultithreadedJniRrdStrategy/s/^#org/org/’ /opt/opennms/etc/rrd-configuration.properties
# sed -i ‘/rrd2/s/^#opennms/opennms/’ /opt/opennms/etc/rrd-configuration.properties
# sed -i ‘/rrd2/s/^#org/org/’ /opt/opennms/etc/rrd-configuration.properties

23. 鎖住資料庫權限
# su – postgres
$ psql -c “ALTER ROLE opennms NOSUPERUSER;”
$ psql -c “ALTER ROLE opennms NOCREATEDB;”
$ exit

24. 設定 Firewall
# firewall-cmd –permanent –add-port=8980/tcp
# firewall-cmd –reload

25. 關閉 OpenNMS 透過 yum 更新
# sed -i ‘/gpgcheck/aenabled=0’ /etc/yum.repos.d/opennms-repo-stable-rhel7.repo

26. 啟動 OpenNMS
# systemctl enable opennms.service
# systemctl start opennms.service

27. 開啟瀏覽器 http://Server’IP:8989，預設登入的帳號及密碼：admin / admin
第一次啟動或剛開機時，會耗費比較多的時間！

最後結論：沒有辦法全自動，因為 16~18 步驟要設定密碼，所以只能做成半自動的版本！

2017 年 6 月 12 日

判別 Linux 系統是不是在虛擬機器

方式很多種
以下針對 VMware 所架設的虛擬機器
1. 使用 lshw 指令
# yum install lshw
# lshw | grep -m 1 product
product: VMware Virtual Platform

2. 使用 lspci 指令
# yum install pciutils
# lspci | grep -m 1 System
00:07.7 System peripheral: VMware Virtual Machine Communication Interface (rev 10)

3. 使用 dmidecode 指令
# yum install dmidecode
# dmidecode | grep -m 1 Product
Product Name: VMware Virtual Platform[@more@]4. 使用 virt-what 指令
# yum install virt-what
# apt-get install virt-what
在 VMware
# virt-what
vmware
在 Proxmox
# virt-what
lxc
在 VirtualBox
# virt-what
virtualbox

2017 年 6 月 11 日2021 年 3 月 18 日

試用 OpenNMS Sans Effort

最近稍微研究了一下 OpenNMS，在網路上搜尋了一下，找到了 OpenNMS Sans Effort，是由法國人Samuel Mutel 基於 CentOS 所整合的客製化光碟，目前可以下載的最新版本是 4.0。

OpenNMS Sans Effort 官方網站：http://ose-distrib.sourceforge.net/index.html
可以參考的中文網站：
10分鐘架好免費網管軟體 | 技術專題 | iThome online
OSE(OpenNMS Sans Effort)：CentOS裝好，OpenNMS也就裝好了，真的！ – 樂多閱讀[@more@]底下在 VM 中試著安裝一下

1. 光碟開機畫面，可以選擇不同的安裝方式

2. 這裡選擇安裝 opennms

3. 確認資料會清除

4. 安裝語系選擇

5. 鍵盤選擇

6. 時區選擇

7. 設定 root 管理者密碼

8. 硬碟分割

9. 進行安裝

10. 安裝完成

系統安裝版本
# cat /etc/redhat-release
CentOS release 6.4 (Final)

套件庫
# ls -l
-rw-r–r–. 1 root root 1926 2013-02-25 16:57 CentOS-Base.repo
-rw-r–r–. 1 root root 638 2013-02-25 16:57 CentOS-Debuginfo.repo
-rw-r–r–. 1 root root 630 2013-02-25 16:57 CentOS-Media.repo
-rw-r–r–. 1 root root 3664 2013-02-25 16:57 CentOS-Vault.repo
-rw-r–r–. 1 root root 957 2012-11-05 11:52 epel.repo
-rw-r–r–. 1 root root 1056 2012-11-05 11:52 epel-testing.repo
-rw-r–r–. 1 root root 739 2013-03-20 22:24 mirrors-rpmforge
-rw-r–r–. 1 root root 717 2013-03-20 22:24 mirrors-rpmforge-extras
-rw-r–r–. 1 root root 728 2013-03-20 22:24 mirrors-rpmforge-testing
-rw-r–r–. 1 root root 1386 2012-01-23 03:09 OPENNMS-GPG-KEY
-rw-r–r–. 1 root root 418 2012-01-23 03:09 opennms-stable-rhel6.repo
-rw-r–r–. 1 root root 200 2012-05-18 21:24 ose-stable-rhel5.repo
-rw-r–r–. 1 root root 436 2011-08-22 19:28 pgdg-91-redhat.repo
-rw-r–r–. 1 root root 1128 2013-03-20 22:24 rpmforge.repo

SELinux 預設設定
# getenforce
Disabled

更新套件有問題
# yum update
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again

預設開啟的服務
# chkconfig –list | grep 3:開啟
auditd          0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
blk-availability        0:關閉 1:開啟 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
crond           0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
ip6tables       0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
iptables        0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
iscsi           0:關閉 1:關閉 2:關閉 3:開啟 4:開啟 5:開啟 6:關閉
iscsid          0:關閉 1:關閉 2:關閉 3:開啟 4:開啟 5:開啟 6:關閉
jexec           0:開啟 1:開啟 2:開啟 3:開啟 4:開啟 5:開啟 6:開啟
lvm2-monitor    0:關閉 1:開啟 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
netfs           0:關閉 1:關閉 2:關閉 3:開啟 4:開啟 5:開啟 6:關閉
network         0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
opennms         0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
postfix         0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
rsyslog         0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
sshd            0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
sysstat         0:關閉 1:開啟 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉
udev-post       0:關閉 1:開啟 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉

整體心得：
1. 因為版本有些舊，所以安裝起來可能會無法使用，即使更新到最新的 6.7 版。
2. 這個也是一片研究 RedHat / CentOS 自動安裝的好教材，如果有空的話，我會試著做一片看看！

2017 年 6 月 7 日2021 年 3 月 18 日

acl 權限

ACL 是 Access Control List 的縮寫，主要的目的在於解決 Linux 傳統只能以 owner,group,others 的 read,write,execute 來設定檔案或目錄的權限。。ACL 可以針對單一使用者，單一檔案或目錄來進行 r,w,x 的權限設定，使用彈性非常大，也更加靈活。
參考網頁：
鳥哥的 Linux 私房菜 — 第十三章、Linux 帳號管理與 ACL 權限設定

1. 新增三個測試帳號
# useradd usera -d /home/usera
# useradd userb -d /home/userb
# useradd userc -d /home/userc
# chmod 755 /home/user?

2. 切換帳號 usera
# su – usera

3. 建立測試檔案及目錄
$ touch acl_test_file
$ mkdir acl_test_dir
$ ll
drwxrwxr-x 2 usera usera 4096 Mar 12 23:24 acl_test_dir/
-rw-rw-r– 1 usera usera 0 Mar 12 23:21 acl_test_file
目錄 775 檔案是 664[@more@]
4. 設定檔案權限及查看
$ setfacl -m u:userb:rx acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userb:r-x
group::rw-
mask::rwx
other::r–

$ setfacl -m u:userb:x acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userb:–x
group::rw-
mask::rwx
other::r–

$ setfacl -m u:userb:r acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userb:r–
group::rw-
mask::rw-
other::r–

$ setfacl -m u:userb:r,u:userc:rwx acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userc:rwx
user:userb:r–
group::rw-
mask::rwx
other::r–

$ setfacl -m u:userb:—,u:userc:rwx acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userc:rwx
user:userb:—
group::rw-
mask::rwx
other::r–

userb 無法存取 acl_test_file
# su – userb
$ cat acl_test_file
cat: acl_test_file: Permission denied

userc 可以存取 acl_test_file
# su – userc
$ echo 1 > acl_test_file
$ cat acl_test_file
1

5. 設定群組
$ setfacl -m g:userc:rwx acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:testuser:rwx
user:userb:—
group::rw-
group:userb:rwx
mask::rwx
other::r–

6. 設定 mask
$ setfacl -m m:r acl_test_file
$ getfacl acl_test_file
# file: acl_test_file
# owner: usera
# group: usera
user::rw-
user:userc:rwx               #effective:r–
user:userb:—
group::rw-                      #effective:r–
group:userb:rwx                 #effective:r–
mask::r–
other::r–

雖然 userc 對 acl_test_file 有 rwx 權限，但和 mask 組合起來之後，只剩下 -r 權限
# su – userc
$ echo 234 > acl_test_file
-bash: acl_test_file: Permission denied
$ cat acl_test_file
1

7. 設定目錄
$ setfacl -m u:userb:rwx acl_test_dir
$ getfacl acl_test_dir
# file: acl_test_dir
# owner: usera
# group: usera
user::rwx
user:userb:rwx
group::rwx
mask::rwx
other::r-x

# su – userb
$ cd /home/usera/acl_test_dir
$ mkdir 123
$ getfacl 123
# file: 123
# owner: userb
# group: userb
user::rwx
group::rwx
other::r-x

只有一般的權限，沒有 acl 預設權限

$ setfacl -m d:u:userb:rx acl_test_dir
$ getfacl acl_test_dir
# file: acl_test_dir
# owner: usera
# group: usera
user::rwx
user:userb:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:userb:r-x
default:group::rwx
default:mask::rwx
default:other::r-x

# su – userb
$ cd /home/usera/acl_test_dir
$ mkdir 234
$ getfacl 234
# file: 234
# owner: userb
# group: userb
user::rwx
user:userb:r-x
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:userb:r-x
default:group::rwx
default:mask::rwx
default:other::r-x

$ ll
drwxrwxr-x 2 userb userb 4096 Mar 12 23:53 123/
drwxrwxr-x+ 2 userb userb 4096 Mar 12 23:59 234/