You are on page 1of 271

TRUNG TM TIN HC - I HC KHOA HC T NHIN TP.

HCM
227 Nguyn Vn C - Qun 5 TP. H Ch Minh
Tel: 8351056 Fax 8324466 Email: ttth@hcmuns.edu.vn
M ti liu: DT_NCM_MG_HDGD_QTMLX
Phin bn 1.2 Thng 4/2006



HNG DN GING DY

CHNGTRNHKTHUTVIN
Ngnh MNG & PHN CNG
Hc phn IV

CHNG CH
QUN TR MNG LINUX

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 2/271

MC LC
MC LC ...................................................................................................................... 2
MC TIU ................................................................................................................... 11
I TNG HC VIN................................................................................................ 11
PHN B BI GING.................................................................................................. 11
BI 1 Gii Thiu H iu Hnh Linux........................................................................ 13
Tm tt ...................................................................................................................... 13
I. Vi dng lch s v Linux ................................................................................ 14
II. Lch s pht trin ca Linux............................................................................ 15
III. Nhng u im ca Linux............................................................................... 16
III.1. Kh nng tng thch vi cc h m..................................................................... 16
III.2. H tr ng dng..................................................................................................... 16
III.3. Li ch cho gii chuyn nghip in ton............................................................... 16
IV. Khuyt im ca Linux.................................................................................... 16
IV.1. H tr k thut........................................................................................................ 16
IV.2. phn cng .............................................................................................................. 17
V. Kin trc ca h iu hnh Linux.................................................................... 17
V.1. Ht nhn (Kernel) ................................................................................................... 17
V.2. Shell ....................................................................................................................... 18
V.3. Cc tin ch ............................................................................................................ 18
V.4. Chng trnh ng dng.......................................................................................... 18
VI. Cc c tnh c bn ca Linux......................................................................... 18
VI.1. a tin trnh............................................................................................................ 18
VI.2. Tc cao.............................................................................................................. 18
VI.3. B nh o............................................................................................................... 19
VI.4. S dng chung th vin......................................................................................... 19
VI.5. S dng cc chng trnh x l vn bn............................................................... 19
VI.6. S dng giao din ca s...................................................................................... 19
VI.7. Network Information Service (NIS) ......................................................................... 19
VI.8. Lp lch hot ng chng trnh, ng dng........................................................... 19
VI.9. Cc tin ch sao lu d liu ................................................................................... 20
VI.10. H tr nhiu ngn ng lp trnh. ............................................................................ 20
BI 2 Ci t H iu Hnh Linux ............................................................................ 21
Tm tt ...................................................................................................................... 21
I. Yu cu phn cng.......................................................................................... 22
II. a cng v phn vng a trong Linux.......................................................... 22
III. Qun l a v partition trong Linux ............................................................ 22
IV. Khi ng chng trnh ci t....................................................................... 23
IV.1. Boot t CD-ROM.................................................................................................... 23
IV.2. Boot t a khi ng Windows ............................................................................. 23
IV.3. Boot t a mm khi ng Linux .......................................................................... 23
V. Cc bc ci t h iu hnh Linux .............................................................. 24
V.1. Chn phng thc ci t ..................................................................................... 24
V.2. Chn ch ci t ............................................................................................... 24
V.3. Chn ngn ng hin th trong qu trnh ci t ...................................................... 24
V.4. Cu hnh bn phm................................................................................................. 25
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 3/271

V.5. Chn cu hnh mouse ............................................................................................ 25
V.6. La chn loi mn hnh.......................................................................................... 25
V.7. La chn loi ci t .............................................................................................. 26
V.8. Chia Partition.......................................................................................................... 27
V.9. La chn Automatically partition ............................................................................ 27
V.10. Chia Partition bng Disk Druid ............................................................................... 28
V.11. Ci t chng trnh Boot Loader.......................................................................... 29
V.12. Cu hnh mng....................................................................................................... 30
V.13. Cu hnh Firewall ................................................................................................... 31
V.14. Chn ngn ng h tr trong Linux ......................................................................... 31
V.15. Cu hnh khu vc a l ca h thng.................................................................... 31
V.16. t mt khu cho ngi qun tr............................................................................ 32
V.17. Cu hnh chng thc ............................................................................................. 32
V.18. Chn cc chng trnh v Package ci t ........................................................... 33
V.19. nh dng filesystem v tin hnh ci t .............................................................. 34
VI. Cu hnh thit b.............................................................................................. 34
VI.1. B nh (RAM) ........................................................................................................ 34
VI.2. V tr lu tr ti nguyn........................................................................................... 34
VI.3. H tr USB............................................................................................................. 35
VI.4. Network Card ......................................................................................................... 35
VI.5. Ci t modem....................................................................................................... 35
VI.6. Ci t v cu hnh my in..................................................................................... 36
VII. S dng h thng............................................................................................ 37
VII.1. ng nhp.............................................................................................................. 37
VII.2. Mt s lnh c bn................................................................................................. 38
VII.3. S dng tr gip man ............................................................................................ 38
VIII. Khi ng h thng......................................................................................... 39
VIII.1. Cc bc khi ng h thng:............................................................................... 39
IX. Shutdown v Reboot h thng ....................................................................... 41
X. S dng runlevel ............................................................................................. 41
XI. Phc hi mt khu cho user qun tr .............................................................. 41
XII. Tm hiu boot loader ....................................................................................... 42
XII.1. GRUB boot loader .................................................................................................. 42
XII.2. LILO boot loader..................................................................................................... 44
BI 3 H Thng Tp Tin............................................................................................. 46
Tm tt ...................................................................................................................... 46
I. Cu trc h thng tp tin................................................................................ 47
I.1. Loi tp tin.................................................................................................................. 48
I.2. Lin kt tp tin............................................................................................................ 48
II. Cu trc cy th mc ...................................................................................... 49
III. Cc thao tc trn h thng tp tin v a ....................................................... 51
III.1. Mount v umount mt h thng tp tin................................................................... 51
III.2. nh dng filesystem.............................................................................................. 53
III.3. Qun l dung lng a.......................................................................................... 53
III.4. Duy tr h thng tp tin vi lnh fsck...................................................................... 54
IV. Cc thao tc trn tp tin v th mc ............................................................. 54
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 4/271

IV.1. Thao tc trn th mc ............................................................................................ 54
IV.2. Tp tin .................................................................................................................... 56
IV.3. Cc tp tin chun trong Linux................................................................................. 58
IV.4. ng ng (Pipe)................................................................................................... 60
IV.5. Lnh tee ................................................................................................................. 60
V. Lu tr tp tin/th mc ................................................................................. 60
V.1. Lnh gzip/gunzip .................................................................................................... 60
V.2. Lnh tar .................................................................................................................. 60
VI. Bo mt h thng tp tin ................................................................................ 61
VI.1. Quyn hn.............................................................................................................. 61
VI.2. Lnh chmd, chown, chgrp ...................................................................................... 63
Bi 4 Ci t Phn Mm............................................................................................ 65
Tm tt ...................................................................................................................... 65
I. Chng trnh RPM........................................................................................... 66
II. c tnh ca RPM............................................................................................ 66
III. Lnh rpm......................................................................................................... 66
III.1. Ci t phn mm bng rpm.................................................................................. 66
III.2. Loi b phn mm ci t trong h thng......................................................... 67
III.3. Nng cp phn mm.............................................................................................. 68
III.4. Truy vn cc phn mm......................................................................................... 68
III.5. Kim tra cc tp tin ci t ................................................................................ 69
III.6. Ci t phn mm file ngun *.tar, *.tgz................................................................. 69
Bi 5 Gii Thiu Cc Trnh Tin ch ........................................................................... 71
Tm tt ...................................................................................................................... 71
I. Trnh son tho vi ........................................................................................... 72
I.1. Mt s hm lnh ca vi .............................................................................................. 72
I.2. Chuyn ch lnh sang ch son tho.............................................................. 72
I.3. Chuyn ch son tho sang ch lnh.............................................................. 72
II. Trnh tin tch mail .......................................................................................... 74
III. Tin ch to a mm boot............................................................................... 75
IV. Trnh tin ch setup ......................................................................................... 75
V. Trnh tin ch fdisk .......................................................................................... 76
VI. Trnh tin ch iptraf ......................................................................................... 77
VII. Trnh tin ch lynx ........................................................................................... 77
VIII. Trnh tin ch mc ............................................................................................. 78
Bi 6 Qun Tr Ngi Dng V Nhm........................................................................ 79
Tm tt ...................................................................................................................... 79
I. Superuser ........................................................................................................ 80
II. Thng tin ca User .......................................................................................... 80
II.1. Tp tin /etc/passwd .................................................................................................... 80
II.2. Username v UserID.................................................................................................. 81
II.3. Mt khu ngi dng................................................................................................. 82
II.4. Group ID..................................................................................................................... 82
II.5. Home directory........................................................................................................... 82
III. Qun l ngi dng......................................................................................... 82
III.1. To ti khon ngi dng ...................................................................................... 82
III.2. Thay i thng tin ca ti khon ............................................................................ 83
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 5/271

III.3. Tm kha ti khon ngi dng ............................................................................ 84
III.4. Hy ti khon ......................................................................................................... 84
IV. Nhm ngi dng ........................................................................................... 84
IV.1. To nhm............................................................................................................... 84
IV.2. Thm ngi dng vo nhm.................................................................................. 84
IV.3. Hy nhm............................................................................................................... 85
IV.4. Xem thng tin v user v group ............................................................................ 85
BI 7 Qun L Ti Nguyn a Cng......................................................................... 86
Tm tt ...................................................................................................................... 86
I. Gii thiu QUOTA ............................................................................................ 87
II. Thit lp Quota................................................................................................ 87
II.1. Chnh sa tp tin /etc/fstab ........................................................................................ 87
II.2. Thc hin quotacheck................................................................................................ 88
II.3. Phn b quota............................................................................................................ 88
III. Kim tra v thng k hn nghch................................................................... 89
IV. Thay i Grace Periods ................................................................................... 89
BI 08 Cu Hnh Mng............................................................................................... 90
Tm tt ...................................................................................................................... 90
I. t tn my..................................................................................................... 91
II. Cu hnh a ch IP cho NIC ............................................................................ 91
II.1. Xem a ch IP............................................................................................................ 91
II.2. Thay i a ch IP...................................................................................................... 91
II.3. To nhiu a ch IP trn card mng .......................................................................... 92
II.4. Lnh netstat................................................................................................................ 93
III. Thay i default gateway................................................................................ 94
III.1. M t ng i (route) thng qua script file ........................................................... 94
III.2. Xa route trong bng nh tuyn............................................................................ 95
IV. Truy cp t xa ................................................................................................. 95
IV.1. xinetd...................................................................................................................... 95
IV.2. Tp tin /etc/services ............................................................................................... 96
IV.3. Khi ng xinetd .................................................................................................... 97
V. Telnet .............................................................................................................. 97
V.1. Khi nim telnet...................................................................................................... 97
V.2. Ci t .................................................................................................................... 97
V.3. Cu hnh................................................................................................................. 98
V.4. Bo mt dch v telnet ............................................................................................ 99
VI. Secure Remote Access SSH (Secure Shell) ................................................ 100
VI.1. Ci t SSH Server trn Server Linux.................................................................. 100
VI.2. S dng SSH Client trn Linux ............................................................................ 100
VI.3. Qun tr h thng Linux thng qua SSH client for Windows:................................ 100
VII. Dynamic Host Configuration Protocol........................................................... 101
VII.1. Mt s c im cn lu trn DHCP Server ..................................................... 101
VII.2. u im ca vic s dng DHCP........................................................................ 101
VII.3. Cu hnh DHCP Server ........................................................................................ 101
VII.4. Khi ng dch v DHCP: .................................................................................... 102
BI 9 SAMBA............................................................................................................ 103
Tm tt .................................................................................................................... 103
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 6/271

I. Ci t SAMBA............................................................................................... 104
II. Khi ng dch v SAMBA............................................................................. 104
III. Cu hnh Samba Server................................................................................. 104
III.1. on [global] ........................................................................................................ 105
III.2. on [homes] ....................................................................................................... 105
III.3. Chia s my in dng SMB.................................................................................... 106
III.4. Chia s th mc ................................................................................................... 106
IV. S dng SAMBA SWAT.................................................................................. 106
IV.1. Tp tin cu hnh SAMBA SWAT.......................................................................... 106
IV.2. Truy xut SWAT t Internet Explorer ................................................................... 107
IV.3. Cu hnh SAMBA SWAT...................................................................................... 108
V. Khi ng Samba Server............................................................................... 108
VI. S dng SMB client ....................................................................................... 108
VII. Mount th mc chia s.................................................................................. 109
VIII. Mount t ng ti nguyn t SMB Server .................................................... 109
IX. M ho mt khu........................................................................................... 110
BI 10 Network File System.................................................................................... 111
Tm tt .................................................................................................................... 111
I. Tng quan v qu trnh hot ng ca NFS.................................................. 112
I.1. Mt s lut chung khi cu hnh NFS ........................................................................ 112
I.2. Mt s khi nim chnh v NFS ............................................................................... 112
II. Ci t NFS.................................................................................................... 112
III. Cu hnh NFS................................................................................................. 113
III.1. Cu hnh NFS Server ........................................................................................... 113
III.2. Cu hnh NFS Client ............................................................................................ 114
III.3. Kch hot file /etc/exports ..................................................................................... 115
III.4. Troubleshooting NFS Server ................................................................................ 115
BI 11 LP TRNH SHELL TRN LINUX................................................................... 117
Tm tt .................................................................................................................... 117
I. Gii thiu v SHELL V Lp Trnh SHELL....................................................... 118
I.1. Gii thiu v Shell .................................................................................................... 118
I.2. Lp cu hnh mi trng ng nhp........................................................................ 119
II. Mc ch v ngha ca vic lp trnh Shell ................................................. 121
III. iu khin Shell t dng lnh....................................................................... 121
IV. iu khin tp tin lnh.................................................................................. 122
V. C php ngn ng Shell ................................................................................ 123
V.1. Ghi ch, nh shell thc thi, thot chng trnh ................................................... 123
V.2. S dng bin........................................................................................................ 124
V.3. Lnh kim tra........................................................................................................ 126
V.4. Biu thc tnh ton expr ....................................................................................... 127
V.5. Kt ni lnh, khi lnh v ly gi tr ca lnh ....................................................... 128
V.6. Cu trc r nhnh If.............................................................................................. 128
V.7. Cu trc la chn Case ....................................................................................... 130
V.8. Cu trc lp.......................................................................................................... 130
V.9. Lnh break, continue, exit .................................................................................... 132
V.10. Cc lnh khc....................................................................................................... 133
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 7/271

V.11. Hm(function) ....................................................................................................... 133
BI 12 Qun L Tin Trnh....................................................................................... 135
Tm tt .................................................................................................................... 135
I. nh ngha..................................................................................................... 136
II. Xem thng tin tin trnh................................................................................ 137
III. Tin trnh tin cnh(foreground process)..................................................... 138
IV. Tin trnh hu cnh(background process).................................................... 138
V. Tm dng v nh thc tin trnh................................................................ 138
VI. Hy mt tin trnh......................................................................................... 139
VII. Chng trnh lp lch at ................................................................................ 139
VIII. Chng trnh lp lch batch........................................................................... 140
IX. Chng trnh lp lch crontab ....................................................................... 140
BI 13 Domain Name System ................................................................................. 142
Tm tt .................................................................................................................... 142
I. Gii thiu v DNS .......................................................................................... 143
II. Cch phn b d liu qun l domain name................................................. 146
III. C ch phn gii tn...................................................................................... 146
III.1. Phn gii tn thnh IP.......................................................................................... 146
III.2. Phn gii IP thnh tn my tnh ........................................................................... 147
IV. S khc nhau gia domain name v zone .................................................... 148
V. Fully Qualified Domain Name (FQDN) .......................................................... 149
VI. Phn loi Domain Name Server .................................................................... 149
VI.1. Primary Name Server ........................................................................................... 149
VI.2. Secondary Name Server ...................................................................................... 149
VI.3. Caching Name Server .......................................................................................... 149
VII. S y quyn(Delegating Subdomains) ......................................................... 150
VIII. Resource Record (RR)................................................................................... 150
VIII.1. SOA(Start of Authority)......................................................................................... 150
VIII.2. NS (Name Server) ................................................................................................ 151
VIII.3. A (Address) v CNAME (Canonical Name).......................................................... 152
VIII.4. MX (Mail Exchange) ............................................................................................. 152
VIII.5. PTR (Pointer) ....................................................................................................... 153
IX. Hot ng ca Name Server trong Linux...................................................... 153
X. Ci t BIND.................................................................................................. 153
X.1. Mt s file cu hnh quan trng............................................................................ 154
X.2. Cu hnh............................................................................................................... 154
XI. Kim tra hot ng ca DNS......................................................................... 157
XII. Cu hnh Secondary Name Server................................................................. 158
XIII. Mt s quy c.............................................................................................. 158
XIV. Cu hnh s y quyn cho cc min con....................................................... 160
BI 13 File Transfer Protocol .................................................................................. 161
Tm tt .................................................................................................................... 161
I. Gii thiu v FTP ........................................................................................... 162
I.1. Giao thc FTP.......................................................................................................... 162
II. Chng trnh FTP Server............................................................................... 165
III. Chng trnh FTP client ................................................................................ 166
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 8/271

IV. Gii thiu VsFTP............................................................................................ 168
IV.1. Nhng tp tin c ci t lin quan n vsftpd ................................................. 168
IV.2. Khi ng v dng vsftpd.................................................................................... 168
IV.3. Mt s thng s cu hnh mc nh ..................................................................... 168
IV.4. Nhng ty chn cu hnh vsftpd .......................................................................... 169
V. Cu hnh Virtual FTP Server .......................................................................... 171
V.1. Logging................................................................................................................. 171
V.2. Network ................................................................................................................ 171
BI 14 WEB SERVER................................................................................................ 172
Tm tt .................................................................................................................... 172
I. Gii thiu v Web Server .............................................................................. 173
I.1. Giao thc HTTP....................................................................................................... 173
I.2. Web Server v cch hot ng................................................................................ 174
I.3. Web client................................................................................................................. 175
I.4. Web ng................................................................................................................. 175
II. Gii thiu Apache.......................................................................................... 175
II.1. Ci t Apache......................................................................................................... 176
II.2. Tm dng v khi ng li Apache ......................................................................... 176
II.3. S chng thc, cp php, iu khin vic truy cp................................................. 176
II.4. iu khin truy cp................................................................................................... 179
II.5. Kho st log file trn apache.................................................................................... 180
III. Cu hnh Web Server..................................................................................... 181
III.1. nh ngha v ServerName.................................................................................. 181
III.2. Th mc Webroot v mt s thng tin cn thit................................................... 182
III.3. Cu hnh mng..................................................................................................... 183
III.4. Alias...................................................................................................................... 184
III.5. UserDir ................................................................................................................. 184
III.6. VirtualHost ............................................................................................................ 185
BI 15 MAIL SERVER............................................................................................... 188
Tm tt .................................................................................................................... 188
I. Nhng giao thc mail ................................................................................... 189
I.1. SMTP(Simple Mail Transfer Protocol)...................................................................... 189
I.2. Post Office Protocol.................................................................................................. 191
II. Gii thiu v h thng mail ........................................................................... 193
II.1. Mail gateway ............................................................................................................ 193
II.2. Mail Host .................................................................................................................. 193
II.3. Mail Server ............................................................................................................... 194
II.4. Mail Client................................................................................................................. 194
II.5. Mt s s h thng mail thng dng................................................................ 194
III. Nhng chng trnh mail v mt s khi nim ............................................ 195
III.1. Mail User Agent (MUA)......................................................................................... 195
III.2. Mail Transfer Agent (MTA) ................................................................................... 195
III.3. Mailbox ................................................................................................................. 195
III.4. Hng i (queue) ................................................................................................. 196
III.5. Alias...................................................................................................................... 196
IV. DNS v Sendmail ........................................................................................... 200
V. Nhng tp tin cu hnh Sendmail ................................................................. 201
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 9/271

V.1. Tp tin /etc/sendmail.cf ........................................................................................ 201
V.2. Macro ................................................................................................................... 202
V.3. Sendmail macro ................................................................................................... 203
V.4. Ty chn (Option)................................................................................................. 203
V.5. nh ngha cc mailer........................................................................................... 204
V.6. Rule...................................................................................................................... 204
V.7. Rule set ................................................................................................................ 205
VI. Tp tin /etc/aliases....................................................................................... 206
VII. Cu hnh Mail Server vi Sendmail ............................................................... 206
VIII. Mt s file cu hnh trong sendmail.............................................................. 207
VIII.1. File /etc/mail/access ............................................................................................. 207
VIII.2. File /etc/mail/local-host-names............................................................................. 207
VIII.3. File /etc/mail/virtusertable..................................................................................... 208
VIII.4. File /etc/mail/mailertable....................................................................................... 208
VIII.5. File /etc/mail/domaintable..................................................................................... 209
IX. Cu hnh POP Mail Server ............................................................................. 209
X. Ci t v cu hnh Webmail - Openwebmail ............................................... 209
X.1. Ci t v cu hnh Open Webmail...................................................................... 210
X.2. Ci t Open Webmail t Source code................................................................ 211
BI 16 PROXY SERVER............................................................................................ 215
Tm tt .................................................................................................................... 215
I. Firewall.......................................................................................................... 216
I.1. Gii thiu v Firewall................................................................................................ 216
I.2. Nhng chnh sch Firewall....................................................................................... 216
I.3. Cc loi Firewall v cch hot ng......................................................................... 217
II. Squid Proxy ................................................................................................... 219
II.1. Gii thiu Squid........................................................................................................ 219
II.2. Nhng giao thc h tr trn Squid .......................................................................... 219
II.3. Trao i cache.......................................................................................................... 219
II.4. Ci t Squid Proxy.................................................................................................. 219
II.5. Cu hnh................................................................................................................... 220
II.6. Khi ng Squid....................................................................................................... 223
BI 17 Linux Security............................................................................................. 224
Tm tt .................................................................................................................... 224
I. Log File.......................................................................................................... 225
II. Gii hn user ................................................................................................. 225
III. Network security........................................................................................... 225
III.1. Host Based security ............................................................................................. 225
III.2. Port based security............................................................................................... 226
BI 18 Webmin....................................................................................................... 239
Tm tt .................................................................................................................... 239
I. Gii thiu Webmin ........................................................................................ 240
II. Ci t Webmin............................................................................................. 240
II.1. Ci t t file nh phn ............................................................................................. 240
II.2. Ci t Webmin t file ngun *.tar.gz ...................................................................... 240
III. Cu hnh Webmin.......................................................................................... 241
III.1. ng nhp vo Webmin Server ........................................................................... 241
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 10/271

III.2. Cu hnh Webmin................................................................................................. 241
III.3. Cu hnh Webmin qua Web Browser ................................................................... 242
III.4. Qun l Webmin User .......................................................................................... 245
III.5. Webmin cho Users(Usermin) ............................................................................... 245
III.6. S dng Usermin ................................................................................................. 246
III.7. Cu hnh h thng qua Webmin........................................................................... 248
III.8. Cu hnh Server v Daemon................................................................................ 249
III.9. Cu hnh mng thng qua Webmin...................................................................... 250
III.10. Cu hnh Hardware trn Webmin......................................................................... 251
III.11. Linux Cluster trn Webmin ................................................................................... 252
III.12. Cc thnh phn khc(Others) trn Webmin......................................................... 253
THI CUI HC PHN.......................................................................................... 254
I. Cu trc thi............................................................................................... 254
II. thi mu..................................................................................................... 256
II.1. thi mu cui mn - H iu Hnh Linux............................................................. 256
II.2. thi cui mn - Dch V Mng Linux..................................................................... 258
THI CUI HC PHN.......................................................................................... 260
I. Mu thi l thuyt...................................................................................... 260
II. Mu thi thc hnh.................................................................................... 267
THI KIM TRA CHUYN MN GIO VIN........................................................... 269

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 11/271

MC TIU
Sau khi hon thnh kha hc, hc vin s c kh nng:
Ci t v s dng h iu hnh Linux (phin bn mi nht ca RedHat) v thc thi c
cc thao tc to tp tin, th mc, qun l ngi dng, cp quyn hn s dng ti nguyn,
son tho vn bn bng cc cng c, chia s ti nguyn thng qua dch v Samba, t
hn ngch gii hn s dng ti nguyn a cng.
Cu hnh v qun tr cc dch v mng trn h thng Linux nh: DNS, FTP, WEB, MAIL,
PROXY.
Thit lp mt s c ch bo mt h thng Linux thng qua cc cng c nh: iptables,
tcp_wrappers,
T chc h thng cho php ngi dng c th lm vic t xa qua Web, SSH, Telnet,
SFTP s dng cc cng c nh: Webmin, Usermin, OpenSSH, TELNET.
I TNG HC VIN
Hc sinh, sinh vin, k s CNTT, nhng nhn vin qun tr mng (c quan, x nghip) mun b
sung kin thc qun tr mng trn mi trng Linux.
PHN B BI GING
Thi lng: 96LT + 120TH

STT Bi hc S tit LT S tit TH
1 Gii thiu v Linux 3
2 Ci t h iu hnh RedHat Linux 5 5
3 Qun l h thng tp tin 8 10
4 Ci t phn mm 3 5
5 Gii thiu cc trnh tin ch 4 5
6 Qun tr ngi dng 5 5
7 Qun l ti nguyn a cng 3 5
8 Cu hnh mng 5 10
9 SAMBA 4 5
10 NFS 3 5
11 Lp trnh Shell trn Linux 5 5
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 12/271

12 Qun l tin trnh 5 5
13 Dch v DNS 5 10
14 Dch v FTP 5 5
15 Dch v Web 5 5
16 Dch v Mail 8 10
17 Dch v Proxy 5 5
18 Linux Security 10 10
19 Webmin 5 5
20 n tp 5
Tng s tit 96 120
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 13/271

BI 1
Gii Thiu H iu Hnh Linux

Tm tt
L thuyt: 3 tit - thc hnh: 0 tit
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc ny gii thiu
s lc v lch s pht
trin, kin trc ca
Linux, u v nhc
im ca Linux so vi
cc h iu hnh khc.
I. Vi dng v lch s Linux.
II. Lch s pht trin ca Linux.
III. Nhng u im ca Linux.
IV. khuyt im ca Linux.



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 14/271

I. Vi dng lch s v Linux
Gia nm 1960, AT & T Bell Laboratories v mt s trung tm khc tham gia vo mt c gng
nhm to ra mt h iu hnh mi c t tn l Multics (Multiplexed Information and
Computing Service). n nm 1969, chng trnh Multics b bi b v l mt d n qu nhiu
tham vng v do khng kh thi. Thm ch nhiu yu cu i vi Multics thi n nay vn
cha c c trn cc Unix mi nht. Nhng Ken Thompson, Dennis Richie v mt s ng
nghip ca Bell Labs khng b cuc. Thay v xy dng mt h iu hnh lm nhiu vic mt
lc nh Multics, h quyt nh pht trin mt h iu hnh n gin ch lm tt mt cng vic l
chy chng trnh (run program). H iu hnh s c rt nhiu cc cng c (tool) nh, n gin,
gn nh (compact) v ch lm tt mt cng vic. Bng cch kt hp nhiu cng c li vi nhau,
h s c mt chng trnh thc hin mt cng vic phc tp. cng l cch thc ngi lp
trnh vit ra chng trnh. Vo nm 1973, s dng ngn ng C ca Richie. Thompson vit li
ton b h iu hnh Unix v y l mt thay i quan trng ca Unix. Do , Unix t ch l mt
h iu hnh cho mt my PDP-xx tr thnh h iu hnh ca cc my khc vi mt c gng ti
thiu chuyn i. Khong 1977 bn quyn ca UNIX c gii phng v h iu hnh UNIX
tr thnh mt thng phm. Hai dng UNIX: System V ca AT&T, Novell v Berkeley Software
Distribution (BSD) ca i hc Berkeley.
- System V: Cc phin bn UNIX cui cng do AT&T xut bn l System III v mt vi pht
hnh (releases) ca System V. Hai bn pht hnh gn y ca System V l Release 3.2
(SVR 3.2) v Release 4.2 (SVR 4.2). Phin bn SVR 4.2 l ph bin nht t my PC cho ti
my tnh ln.
- BSD: T 1970 Computer Science Research Group ca University of California ti Berkelry
(UCB) xut bn nhiu phin bn UNIX, c bit n di tn Berkeley Software
Distribution, hay BSD. Ci tin ca PDP-11 c gi l 1BSD v 2BSD. Tr gip cho cc
my tnh ca Digital Equipment Corporation VAX c a vo trong 3BSD. Pht trin ca
VAX c tip tc vi 4.0BSD, 4.1BSD, 4.2BSD v 4.3BSD.
- Trc 1992, UNIX l tn thuc s hu ca AT&T. t 1992, khi AT&T bn b phn Unix cho
Novell, tn Unix thuc s hu ca X/Open foundation. Tt c cc h iu hnh tha mn mt
s yu cu u c th gi l Unix. Ngoi ra, Institute of Electrical and Electronic Engineers
(IEEE) thit lp chun An Industry-Recognized Operating System Interface Standard
based on the UNIX Operating System. Kt qu cho ra i POSIX.1 (cho giao din C) v
POSIX.2 (cho h thng lnh trn Unix). Tm li, vn chun ha UNIX vn cn rt xa kt
qu cui cng. Nhng y l qu trnh cn thit c li cho s pht trin ca ngnh tin hc ni
chung v s sng cn ca h iu hnh UNIX ni ring.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 15/271



II. Lch s pht trin ca Linux
- Nm 1991, Linus Torvalds, sinh vin ca i hc Tng hp Helsinki Phn Lan bt u xem
xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu cch to ra mt h iu
hnh Unix chy trn my PC vi b vi x l Intel 80386.
- Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix v d nh ca
mnh v Linux.
- 1/1992, Linus cho ra version 0.02 vi shell v trnh bin dch C. Linux khng cn Minix na
bin dch li h iu hnh ca mnh. Linus t tn h iu hnh ca mnh l Linux.
- 1994, phin bn chnh thc 1.0 c pht hnh.
- Linux l mt h iu hnh dng UNIX (Unix-like Operating System) chy trn my PC vi b
iu khin trung tm (CPU) Intel 80386 tr ln, hay cc b vi x l trung tm tng thch
AMD, Cyrix. Linux ngy nay cn c th chy trn cc my Macintosh hoc SUN Space. Linux
tha mn chun POSIX.1.
- Linux c vit li ton b t con s khng, tc l khng s dng mt dng lnh no ca
Unix trnh vn bn quyn ca Unix. Tuy nhin, hot ng ca Linux hon ton da
trn nguyn tc ca h iu hnh Unix. V vy, nu mt ngi nm c Linux th s nm
c UNIX. Nn ch rng gia cc Unix s khc nhau cng khng km g gia Unix v
Linux.
- Linux l h iu hnh phn pht min ph, pht trin trn mng Internet, ta Unix v c s
dng trn my tnh c nhn (PCs). Linux pht trin nhanh chng v tr nn ph bin trong
thi gian ngn. N nhanh chng c nhiu ngi s dng v mt trong nhng l do l
khng phi tr tin bn quyn. Mi ngi c th d dng download t Internet hay mua ti
cc hiu bn CD.
- Linux l h iu hnh c hiu nng cao, trong tt c cc my tnh c cu hnh cao hay thp.
H iu hnh ny h tr cc my tnh s dng 32 cng nh 64 bit v rt nhiu phn mm
khc nhau.
- Qu trnh pht trin ca Linux c tng tc bi s gip ca chng trnh GNU (GNUs
Not Unix). l chng trnh pht trin cc Unix c kh nng chy trn nhiu nn tng khc
nhau. n hm nay, cui 2001, phin bn mi nht ca Linux kernel l 2.6.11.3, c kh nng
iu khin cc my a b vi x l v rt nhiu cc tnh nng khc.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 16/271

III. Nhng u im ca Linux
Trong s nhng h iu hnh thng dng ngy nay, Linux l h iu hnh min ph c s
dng rng ri nht. Vi cc PC IBM, Linux cung cp mt h thng y vi nhng chc nng
a nhim (multitasking) v a ngi dng (multiuser) lp sn, tn dng c sc mnh x l ca
my 386 v cao hn.
Linux c sn b giao thc TCP/IP gip bn d dng kt ni Internet. Linux cng c Xfree86 cung
cp cho bn mt giao din ha GUI y . Nhng phn ny bn khng cn phi mt tin
mua ch cn ti xung t Internet.
III.1. Kh nng tng thch vi cc h m
Kh nng tng thch ca mt h iu hnh gip bn chuyn n t mt nn ny sang mt nn
khc m vn hot ng tt. Trc kia UNIX ch hot ng trn mt nn duy nht, l my in
ton mini DEC PDP-7. Hin nay, UNIX chy c trn bt k nn no, t my tnh xch tay cho
n nhng my tnh ln dng mainframe. Nh tnh tng thch ny, cc my in ton chy
UNIX trn nhiu nn khc nhau c th lin lc vi nhau mt cch chnh xc v hu hiu vi
nhng loi nn khc.
III.2. H tr ng dng
Hin nay, Linux c hng nghn ng dng, bao gm cc chng trnh bo biu, c s d liu, x
l vn bn... Ngoi ra, Linux cng c hng lot tr chi gii tr trn nn vn bn hoc ha.
III.3. Li ch cho gii chuyn nghip in ton
n vi Linux, gii in ton s c hng lot cng c pht trin chng trnh, bao gm cc b
bin dch cho nhiu ngn ng lp trnh hng u hin nay, chng hn nh C, C++, ...
IV. Khuyt im ca Linux
IV.1. H tr k thut
C l iu tr ngi nht ca Linux l khng c mt cng ty no chu trch nhim pht trin h
iu hnh Linux ny. Nu c iu g trc trc, bn khng th gi min ph cho mt b phn h tr
k thut no c.
Thiu ngun tr gip k thut khng ch i vi Linux m c vi nhng ng dng Linux. Mc d,
hin c vi chng trnh mang tnh thng mi dnh cho Linux, song a phn li l chng trnh
min ph do mt nhm nh bin son ri a ln mng cho c th gii s dng chung.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 17/271

IV.2. phn cng
Mt iu bt tin na l thc s Linux khng d ci t v rt nhiu thnh phn khng tng
thch vi mt vi phn cng no . Cc nh pht trin Linux l nhhg ngi sng ri rc trn
hnh tinh ny, do khng th c mt chng trnh c m bo cht lng nh thng l. Cc
nh pht trin cm thy chng trnh ca mnh dng c l tung ra cho mi ngi cng xi ch
khng c mt thi gian th nghim chng trnh. Hn na, cc phn cng m Linux h tr ty
thuc vo loi my mc m cc nh pht trin s dng khi son tho on m. Chnh v th m
Linux khng th chy trn tt c mi nn phn cng ca PC hin nay.
V. Kin trc ca h iu hnh Linux

V.1. Ht nhn (Kernel)
L trung tm iu khin ca h iu hnh Linux, cha cc m ngun iu khin hot ng ca
ton b h thng. Ht nhn c pht trin khng ngng, thng c 2 phin bn mi nht, mt
bn dng pht trin mi nht v mt bn n nh mi nht. Kernel c thit k theo dng
modul, do vy kch thc tht s ca Kernel rt nh. Chng ch ti nhng b phn cn thit ln
b nh, cc b phn khc s c ti ln nu c yu cu s dng. Nh vy so vi cc h iu
hnh khc Linux khng s dng lng ph b nh nh khng ti mi th ln m khng cn quan
tm n c s dng khng.
Kernel c xem l tri tim ca h iu hnh Linux, ban u pht trin cho cc CPU Intel 80386.
im mnh ca loi CPU ny l kh nng qun l b nh. Kernel ca Linux c th truy xut ti
ton b tnh nng phn cng ca my. Yu cu ca cc chng trnh cn rt nhiu b nh, trong
khi h thng c t b nh, h iu hnh s dng khng gian a hon i (swap space) lu tr
cc d liu x l ca chng trnh. Swap space cho php ghi cc trang ca b nh xut cc v tr
dnh sn trong a v xem n nh phn m rng ca vng nh chnh. Bn cnh s dng swap
space, Linux cn h tr cc c tnh sau :
- Bo v vng nh gia cc tin trnh, iu ny khng cho php mt tin trnh lm tt ton b
h thng.
- Ch ti cc chng trnh khi c yu cu.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 18/271

V.2. Shell
Shell cung cp tp lnh cho ngi dng thao tc vi kernel thc hin cng vic. Shell c cc
lnh t ngi dng v x l. Ngoi ra shell cn cung cp mt s c tnh khc nh : chuyn
hng xut nhp, ngn ng lnh to cc tp tin lnh tng t tp tin bat trong DOS.
C nhiu loi shell c dng trong Linux. im quan trng phn bit cc shell vi nhau l b
lnh ca mi shell. V d, C shell th s dng cc lnh tng t ngn ng C, Bourne Shell th
dng ngn ng lnh khc.
Shell s dng chnh trong Linux l GNU Bourne Again Shell (bash). Shell ny l shell pht trin
t Bourne Shell, l shell s dng chnh trong cc h thng Unix, vi nhiu tnh nng mi nh :
iu khin cc tin trnh, cc lnh history, tn tp tin di
V.3. Cc tin ch
Cc tin ch c ngi dng thng xuyn s dng. N dng cho nhiu th nh thao tc tp
tin, a, nn, sao lu tp tin Tin ch trong Linux c th l cc lnh thao tc hay cc chng
trnh giao din ha. Hu ht cc tin ch dng trong Linux l sn phm ca chng trnh GNU.
Linux c sn rt nhiu tin ch nh trnh bin dch, trnh g li, son vn bn Tin ch c th
c s dng bi ngi dng hoc h thng. Mt s tin ch c xem l chun trong h thng
Linux nh passwd, ls, ps, vi
V.4. Chng trnh ng dng
Khc vi cc tin ch, cc ng dng nh chng trnh word, h qun tr c s d liu ... l cc
chng trnh c phc tp ln v c cc nh sn xut vit ra.
VI. Cc c tnh c bn ca Linux
Linux h tr cc tnh nng c bn thng thy trong cc h iu hnh Unix v nhiu tnh nng
khc m khng h iu hnh no c c. Linux cung cp mi trng pht trin mt cch y
bao gm cc th vin chun, cc cng c lp trnh, trnh bin dch, debug nh bn mong i
cc h iu hnh Unix khc. H thng Linux tri hn cc h thng khc trn nhiu mt, m ngi
dng quan tm nh s pht trin, tc , d s dng v c bit l s pht trin v h tr mng.
Mt s c im ca Linux chng ta cn quan tm :
VI.1. a tin trnh
L c tnh cho php ngi dng thc hin nhiu tin trnh ng thi. V d bn va in, va son
vn bn, va nghe nhc cng mt lc. My tnh s dng ch mt CPU nhng x l ng thi
nhiu tin trnh cng lc. Thc cht l ti mt thi im CPU ch x l c mt mnh lnh, vic
thc hin cng lc nhiu cng vic l gi to bng cch lm vic xen k v chuyn i trong thi
gian nhanh. Do ngi dng c ng l thc hin ng thi.
VI.2. Tc cao
H iu hnh Linux c bit n nh mt h iu hnh c tc x l cao, bi v n thao tc
rt hiu qu n ti nguyn nh : b nh, a
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 19/271

VI.3. B nh o
Khi h thng s dng qu nhiu chng trnh ln dn n khng b nh chnh (RAM) hot
ng. Trong trng hp , Linux dng b nh t a l partition swap. H thng s a cc
chng trnh hoc d liu no cha c yu cu truy xut xung vng swap ny, khi c nhu cu
th h thng chun ln li b nh chnh.
VI.4. S dng chung th vin
H thng Linux c rt nhiu th vin dng chung cho nhiu ng dng. iu ny s gip h thng
tit kim c ti nguyn cng nh thi gian x l.
VI.5. S dng cc chng trnh x l vn bn
Chng trnh x l vn bn l mt trong nhng chng trnh rt cn thit i vi ngi s dng.
Linux cung cp nhiu chng trnh cho php ngi dng thao tc vi vn bn nh vi, emacs,
nroff
VI.6. S dng giao din ca s
Giao din ca s dng H thng X Window, c giao din nh h iu hnh Windows. Vi h
thng ny ngi dng rt thun tin khi lm vic trn h thng. X window System hay cn gi tt
l X c pht trin ti vin Massachusetts Institute of Technology. N c pht trin to ra
mi trng lm vic khng ph thuc phn cng. X chy di dng client server. H thng X
window hot ng qua hai b phn :
- Phn server cn gi l X server
- Phn client c gi l X window manager hay desktop environment.
X server s dng trong hu ht cc bn phn phi ca Linux l Xfree86. Client s dng thng l
KDE (K Desktop Environment) v GNOME (GNU Network Object Model Environment)
Dich v Samba s dng ti ngun a, my in vi Windows. Tn Samba xut pht t giao thc
Server Message Block (SMB) m Windows s dng chia s tp tin v my in. Samba l
chng trnh s dng giao thc SMB chy trn Linux. S dng Samba bn c th chia s tp tin
v my in vi cc my Windows
VI.7. Network Information Service (NIS)
Dch v NIS cho php chia s cc tp tin password v group trn mng. NIS l mt h thng c
s d liu dng client-server, cha cc thng tin ca ngi dng v dng chng thc ngi
dng. NIS xut pht t hng Sun Microsystems vi tn l Yellow Pages.
VI.8. Lp lch hot ng chng trnh, ng dng
Chng trnh lp lch trong Linux xc nh cc ng dng, script thc thi theo mt s sp xp ca
ngi dng nh: at, cron, batch.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 20/271

VI.9. Cc tin ch sao lu d liu
Linux cung cp cc tin ch nh tar, cpio v dd sao lu v backup d liu. RedHat Linux cn
cung cp tin ch Backup and Restore System Unix (BRU) cho php t ng backup d liu theo
lch.
VI.10. H tr nhiu ngn ng lp trnh.
Linux cung cp mt mi trng lp trnh Unix y bao gm cc th vin chun, cc cng c
lp trnh, trnh bin dch, chng trnh debug chng trnh m bn c th tm thy trong cc h
iu hnh Unix khc. Ngn ng ch yu s dng trong cc h iu hnh Unix l C v C++. Linux
dng trnh bin dch cho C v C++ l gcc, chng trnh bin dch ny rt mnh, h tr nhiu tnh
nng. Ngoi C, Linux cng cung cp cc trnh bin dch, thng dch cho cc ngn ng khc nh
Pascal, Fortran, Java

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 21/271

BI 2
Ci t H iu Hnh Linux
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
them
Gii thiu cho hc vin
cch ci t h iu
hnh Linux, ci t cc
thit b, tm hiu
nguyn l hot ng,
chng trnh khi
ng h iu hnh
Linux.
I. Yu cu phn cng.
II. a cng v phn vng a
trong Linux.
III. Qun l a v partition trong
Linux.
IV. Khi ng chng trnh ci t.
V. Cc bc ci t h iu hnh
Linux.
VI. Cu hnh thit b.
VII. S dng h thng.
VIII. Khi ng h thng.
IX. Shutdown v Reboot h thng.
X. S dng runlevel.
XI. Phc hi mt khu cho user
qun tr.
XII. Tm hiu boot loader.
Bi tp 02
(sch bi
tp)





Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 22/271

I. Yu cu phn cng
Linux khng i hi my c cu hnh mnh. Tuy nhin nu phn cng c cu hnh thp qu th c
th khng chy c XWindow hay cc ng dng c sn. Cu hnh ti thiu nn dng:
- CPU : Pentium MMX tr ln.
- RAM : 64 MB tr ln cho Text mode, 192MB cho mode Graphics.
- a cng: Dung lng a cn ph thuc vo loi ci t.
+ Custom Installation (minimum): 520MB.
+ Server (minimum): 870MB.
+ Personal Desktop: 1.9GB.
+ Workstation: 2.4GB.
+ Custom Installation (everything): 5.3GB.
- 2M cho card mn hnh nu mun s dng mode ha.
II. a cng v phn vng a trong Linux
a cng c phn ra nhiu vng khc nhau gi l partition. Mi partition s dng mt h thng
tp tin v lu tr d liu. Mi a bn ch chia c ti a 4 partition chnh (primary). Gii hn
nh vy l do Master Boot Record ca a ch ghi ti a 4 ch mc ti 4 partition.
to nhiu partition lu tr d liu ( hn 4) ngi ta dng partition m rng (extended
partition). Thc ra partition m rng cng l primary partition nhng cho php to cc partition
con c gi l logical partition trong n.
III. Qun l a v partition trong Linux
Linux s dng c ch truy xut a thng qua tp tin. Mi a c gn vi mt tp tin trong
th mc /dev/. K hiu a fd cho mm, hd cho cng, sd dnh cho SCSI. K t a, b, c ,
gn thm vo xc nh cc a khc nhau cng loi.
K t m t a Physical block devices(Cc
thit b lu tr)
Hda Primary Master
Hdb Primary Slave
Hdc Secondary Master
Hdd Secondary Slave
Sda First SCSI disk
Sdb Second SCSI disk
V d :
cng th nht hda, cng th 2 hdb xc nh cc partition trong a ngi ta dng cc s
i km. Theo qui nh partition chnh v m rng c gn s t 1 4. Cc logical partition c
gn cc gi tr t 5 tr i.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 23/271


Nh hnh v trn l cc partition ca cng th nht hda: c 2 partition chnh k hiu l hda1 v
hda2, mt partititon m rng l hda3. Trong partition m rng hda3 c 2 partition logic c k
hiu l hda6 v hda5. Trong Linux bt buc phi c ti thiu 2 partition sau:
- Partition chnh cha th mc gc (/) v ht nhn ( gi l Linux Native partition)
- Partition swap c dng lm khng gian hon i d liu khi vng nh chnh c s dng
ht. Kch thc ca phn swap s dng ty thuc h thng mnh s dng nhiu hay t ng
dng. Thng thng th kch thc vng swap bng kch thc b nh chnh.
IV. Khi ng chng trnh ci t
IV.1. Boot t CD-ROM
Nu my bn c CD-ROM, bn hy khi ng my tnh, chnh li BIOS th t boot u tin l
CD-ROM v a a ci t vo CD.
IV.2. Boot t a khi ng Windows
BIOS ca my bn khng h tr boot c t CD, bn c th khi ng t a khi ng DOS.
Sau khi khi ng, a CD ci t vo CD-ROM. Gi s CD ca bn l E:. Bc k bn
thc hin.
Cd Dosutils Autoboot
IV.3. Boot t a mm khi ng Linux
CD ci t Linux c cha tp tin image gip khi ng ci t Linux t a mm. Trn RedHat
Linux 7.x Image ny lu trong th mc: <cdrom_write>\images\bootnet.img.
Trn RedHat 9.0 v Fedora core th tp tin <cdrom_write>\images\bootdisk.img
bung tp tin image ny ra a mm chng ta dng chng trnh rawrite c trong th mc
dosultils ca a ci t. Trn mi trng Windows:
<cdrom_write>\dosutils\rawrite
Enter disk image soure file name : ..\bootnet.img
Enter the target disk device : A
Please insert formatted diskette into device A: and press ENTER -- : enter
Trn mi trng Linux ta c th dng lnh:
#dd if=/mnt/cdrom/images/<image_name> of=/dev/fd0
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 24/271

V. Cc bc ci t h iu hnh Linux
V.1. Chn phng thc ci t
Ngun ci t t :
- CD-Rom: C th khi ng t CD-ROM hoc khi ng bng a mm boot.
- a cng: Cn s dng a mm boot(dng lnh dd hoc mkbootdisk to a mm boot).
- NFS image: S dng a khi ng mng. Kt ni ti NFS sever.
- FTP: S dng a khi ng mng. Ci trc tip qua kt ni FTP.
- HTTP: S dng a khi ng mng. Ci trc tip qua kt ni HTTP.
V.2. Chn ch ci t

Chng ta c th chn cc ch :
- Linux text: Chng H iu Hnh Linux t di ch text(Text mode).
- [Enter] : Chng H iu Hnh Linux t di ch ha(Graphical mode)
V.3. Chn ngn ng hin th trong qu trnh ci t

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 25/271

Chn ngn ng English ri chn Next
V.4. Cu hnh bn phm

Chn loi bn phm ca mnh, chn Next
V.5. Chn cu hnh mouse

Chn loi Mouse ph hp vi mouse ca mnh. Khi chn lu cng gn mouse l serial hay
PS/2, chn Next.
V.6. La chn loi mn hnh
Thng thng ti bc ny h iu hnh s t ng nhn ng loi mn hnh hin th nu khng
th ta phi cu hnh li mn hnh hin th trong hp thoi bn phi.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 26/271


Chn Next.
V.7. La chn loi ci t

Mt s loi ci t thng dng:
- Workstation: Ci t h iu hnh phc v cho cng vic ca mt my trm.
- Server: Ci t h iu hnh phc v cho my ch.
- Custom:c th tch hp cc ty chn trn mt cch ty .
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 27/271

V.8. Chia Partition

- Automatically partition.: cho php h thng t ng phn vng a hp l ci h iu
hnh(thng thng theo cch ny th h thng s to ra hai phn vng: /boot, /, swap)
- Manually partition with Disk Druid: Chia partition bng tin ch Disk Druid. y l cch
chia partition di dng ha d dng.
- Nu ta l ngi mi hc cch ci t th nn la chn Automatically partition.
V.9. La chn Automatically partition

- Remove all Linux partitions on this system: khi ta mun loi b tt c cc Linux partition
c sn trong h thng.
- Remove all partitions on this system: khi ta mun loi b tt c cc partition c sn trong
h thng.
- Keep all partitions and use existing free space: khi ta mun gi li tt c cc partition c
sn v ch s dng khng gian trng cn li phn chia phn vng.
- Ty theo tng yu cu ring m ta c th la chn cc yu cu trn cho ph hp, sau
chn Next
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 28/271


V.10. Chia Partition bng Disk Druid
Trong bc 8 ta chn Manually partition with Disk Druid thc hin phn chia phn vng s
dng tin ch Disk Druid.
Disk Druid hin th cc partition ca a di ch ha pha trn. Bn c th chn tng
partition thao tc.
Chi tit cc partition gm kch thc, loi h thng tp tin, th mc c mount vo c m t
trong hnh sau:

- New: To mt partition mi, ch nh tn phn vng(mount point), loi filesystem(ext3) v
kch thc(size) tnh bng MByte(ty chn).
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 29/271


- Edit: Thay i li cc tham s ca phn vng c chn.
- Delete: Xa phn vng c chn.
- Reset: Phc hi li trng thi a nh trc khi thao thc.
- Make RAID: S dng vi RAID (Redundant Array of Independent Disks) khi ta c t nht 3
a cng.
V.11. Ci t chng trnh Boot Loader
Boot Loader l chng trnh cho php bn chn cc h iu hnh khi ng qua menu. Khi
chng ta chn, th chng xc nh cc tp tin cn thit khi ng h iu hnh v giao quyn
iu khin li cho h iu hnh. Boot Loader c th c ci vo Master Boot record hoc vo
sector u tin ca partition.

Linux cho php bn s dng chng trnh Boot Loader l GRUB hoc LILO. C 2 Boot Loader
u c th h tr qun l nhiu h iu hnh trn mt h thng.
- Bn chn ci Boot Loader vo Master Boot Record (MBR) khi cha c chng trnh Boot
Loader no (V d nh ca Windows) c ci, hoc bn chc chn chng boot loader ca
bn c th khi ng c cc h iu hnh khc trong my ca mnh. Khi ci ln MBR th
cc chng trnh Boot Loader trc s b thay th bng Boot Loader mi.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 30/271

- Chn ci Boot loader vo sector u tin ca partition ci t khi bn c chng trnh
Boot Loader ti MBR v khng mun thay th n. Trong trng hp ny, chng trnh Boot
Loader kia nm quyn iu khin trc v tr n chng trnh Boot Loader ca Linux khi c
yu cu khi ng h iu hnh ny.
- Bn khng ci chng trnh Boot loader, khi bn phi s dng a mm boot khi
ng h iu hnh.
- Ta c th t mt khu cho boot loader thng qua nt Change password.
V.12. Cu hnh mng

Configure using DHCP: Bn c th chn cu hnh TCP/IP ng qua dch v DHCP hoc cu
hnh c th. Khi cu hnh c th, bn phi nhp nhng thng s cu hnh mng trong mc chn
edit:

- IP Address: Ch nh a ch IP ca host ci t.
- Netmask Address: subnet mask cho a ch IP trn.
Active on boot: Card mng c kch hot khi h iu hnh khi ng.
Host name: Nu bn c tn dns y th khai bo tn y . Trong trng hp bn khng kt
ni vo mng, bn cng t tn cho my thng qua mc manually. Nu khng tn no c in
vo th gi tr mc nhin s dng l localhost
Miscellaneous Settings: ch nh a ch gateway v Primary DNS, v mt s thng s khc.
Cc trng khng c gi tr th cc trng khng c s dng trong h thng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 31/271

V.13. Cu hnh Firewall
Trong Linux c tch hp Firewall bo v h thng chng li mt s truy xut bt hp php t
bn ngoi. Ta chn Enable Firewall, sau chn loi dch v cn cho php bn ngoi truy cp
vo Firewall.

V.14. Chn ngn ng h tr trong Linux

Bn c th ci t v s dng nhiu ngn ng trong Linux. C th chn ngn ng mc
nh(English(USA)) v cc ngn ng khc s dng.
V.15. Cu hnh khu vc a l ca h thng
Cc v tr chia theo chu lc. Vit Nam l Asia/Saigon, ta c th chn mc ny mt cch d
dng thng qua vic nh v chut ti ng v tr trn bng .
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 32/271


V.16. t mt khu cho ngi qun tr
Trn Linux ngi qun tr thng c gi l ngi root. Mt khu ca user root bt buc c
chiu di ti thiu ca password l 6 k t. Bn nn t password gm c k t, s v cc k t
c bit m bo an ton. Lu password phn bit ch hoa v thng. Bn phi nh vo 2
ln, khi dng ch bn di xut hin Root password accepted th c.

V.17. Cu hnh chng thc

Nu bn khng s dng password mng c th b qua cu hnh ny nhng vn s ch chn
mc nhin (chn Enable MD5 passwords v Enable shadow passwords)
Enable MD5 passwords: cho php password s dng ti 256 k t thay v ch ti 8 k t
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 33/271

Enable shadow passwords: cung cp c ch lu tr password an ton. Password c lu tr
trong tp tin /etc/shadow v ch c root mi c c.
Enable NIS: cho php mt nhm my trong mt NIS domain s dng chung tp tin passwd v
group. Chn cc tham s sau :
+ NIS domain: Xc nh NIS domain m my ny tham gia
+ Use broadcast to find NIS server: Cho php s dng thng ip qung b tm NIS
server.
+ NIS Server : Xc nh NIS server.
+ Enable LDAP: H thng ca bn s dng LDAP cho mt vi hoc tt c cc php
chng thc.
+ LDAP Server : Xc nh LDAP server (dng a ch IP)
+ LDAP Base DN: cho php tm kim thng tin ngi dng da trn DN(Distinguished
Name)
+ Use TLS (Transport Layer Security) lookups: ty chn ny cho php LDAP gi tn
ngi dng v password m ha ti LDAP server trc khi chng thc.
Enable Kerberos: l h thng cung cp cc dch v chng thc trn mng. Cc la chn :
+ Realm: cho php bn truy xut ti mng s dng Kerberos.
+ KDC: cho php bn truy xut ti Key Distribution Center (KDC).
+ Admin Server: cho php bn truy xut ti server chy kadmin
+ Enable SMB Authentication: Ci PAM dng mt Samba server chng thc cho cc
client.
+ SMB Server: Xc nh samba server m cc my trm kt ni ti chng thc.
+ SMB Workgroup: Xc nh workgroup m samba server c cu hnh tham gia.
V.18. Chn cc chng trnh v Package ci t
Bn chn cc chng trnh cn ci t, nu ta chn everything l ci tt c cc chng trnh,
chn Minimal l ch ci mt s chng trnh hoc phn mm thng dng.
Nu bn nm r cc package cn thit cho cc chng trnh mnh mong mun th chn Select
individual packages. Ta c th chn Details chn chi tit cc thnh phn trong tng phn
mm hoc nhm cc cng c.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 34/271


V.19. nh dng filesystem v tin hnh ci t

VI. Cu hnh thit b
VI.1. B nh (RAM)
System RAM c BIOS nhn bit khi khi ng, Linux kernel c kh nng nhn bit c tt c
cc loi RAM(EDO, DRAM, SDRAM, DDRAM).
VI.2. V tr lu tr ti nguyn
cho php cc thit b phn cng trong my tnh c th giao tip trc tip vi ti nguyn h
thng, c bit l CPU th h thng s nh v di dng lines v channels cho mi thit b nh:
IRQ(interrupt Request Lines), Input/Output Address and Direct Memory Access channels(DMA).
- IRQ cho php thit b yu cu CPU time, IRQ c gi tr t 0 ->15
- IO address ch nh a ch trong b nh, CPU s giao tip vi thit b bng cch c v ghi
b nh trn a ch ny.
- DMA cho php thit b truy xut b nh h thng nh ghi v x l d liu m khng cn truy
xut CPU.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 35/271

Kernel lu tr thng tin ti nguyn ny trong th mc /proc, cc tp tin ta cn quan tm:
+ /proc/dma
+ /proc/interrupt
+ /proc/ioports
+ /proc/pci
Tuy nhin ta c th s dng cc cng c lspci, dmesg c th xem thng tin IRQ, I/O, DMA...
Thit b I/O port IRQ
/dev/ttyS0 0x03F8 4
/dev/ttyS0 0x02F8 3
/dev/lp0 0x378 7
/dev/lp1 0x278 5
Soundcard 0x220
Ethernet
card
0x300 10
Ethernet
card
0x340 9
Ta c th cu hnh cc thng tin trn bng cch thay i thng tin trong tp tin /etc/modules.conf
VI.3. H tr USB
Hu ht cc phin bn linux sau ny c kh nng nhn bit (Detect) USB device, mt khi USB
c cm vo USB port th n c USB controller iu khin, Linux h tr rt nhiu USB
controller (ta c th tham kho trong ti liu USB howto), thit b USB c Linux kernel nhn
bit qua tp tin /dev/sda1
VI.4. Network Card
Kernel ca linux h tr hu ht NIC, xem chi tit thng tin hin ti ca card mng ta s dng
cc lnh sau y: Dmesg, lspci, /proc/interrupts, /sbin/lsmod, /etc/modules.conf
VI.5. Ci t modem
Trong phn ny ta tm hiu cch ci t Serial modem, ta tm hiu cc serial port c nhn bit
trn Linux
Dos Linux
COM1 /dev/ttyS0
COM2 /dev/ttyS1
COM3 /dev/ttyS2
Sau y l mt s bc ci t serial modem:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 36/271

+ Bc 1: Dng lnh setserial scan serial device.
+ Bc 2: Dng lnh ls s /dev/ttyS1 /dev/modem
+ Bc 3: cu hnh Dial profile thng qua cng c wvdial cung cp script wvdialconfig
ta scan nhng thng tin cn thit cho modem v ghi vo file /etc/wvdial.conf (trong
phn ny ta ch quan tm v vn ci t modem cho nn y l mt bc tham
kho thm)
VI.6. Ci t v cu hnh my in
Trc khi ci t my in ta cn ci thm package system-config-printer-0.6.98-1(Fedora Core).
Sau ta dng lnh #system-config-printer

Chn New ci t my in

t tn Printer v chn Queue Type

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 37/271


Chn Queue Driver ch nh loi my in

VII. S dng h thng
VII.1. ng nhp
Linux l h iu hnh a ngi dng, ti mt thi im nhiu ngi c th cng s dng h
thng lm vic. Mi ngi dng c mt ti khon trong h thng. Ti khon ny dng qun
l v phn bit cc ngi dng vi nhau.
s dng h thng, trc ht bn phi ng nhp vo. Khi bn kt ni ti my th mn hnh
hin th dng
+ Login :
+ Password:
C 2 dng du nhc lnh:
+ Dng $ dng cho ngi dng thng.
+ Dng # dng cho ngi dng qun tr (root).
Khi login vo h thng, chng ta thy du nhc lnh xut hin c dng:
[tn-ng-nhp@tn-my th-mc-hin-hnh]du-nhc-lnh
V d:
[root@server root]#
- T du nhc lnh ta c th s dng lnh theo c php nh sau: Tn-lnh [ty-chn] [tham-
s]
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 38/271

+ Ty chn c dng: <k-t>
+ Nu c nhiu ty chn th ta dng du khong trng lm du ngn cch hoc kt
hp nhiu ty chn
V d :
[root@server root]#ls a l /etc
- Linux cho php chng ta kt hp nhiu la chn ch dng mt du - . Nh v d trn ta c th
dng lnh ls al /etc thay cho ls a l /etc
- Chuyn sang user khc: ang lm vic chng ta c th chuyn sang ngi dng khc m
khng phi logout ra. Trong trng hp ny bn dng lnh su.
+ $su [tn-user] : chuyn sang user mi
- Nu tn-user khng c th mc nh l chuyn qua root
- Thng thng khi chng ta chuyn sang user khc th bin mi trng ca h thng vn gi
nguyn theo user c. s dng bin mi trng ca user mi chng ta dng thm tham s
- trong lnh su.
V d: #su [user]
VII.2. Mt s lnh c bn
Tn lnh ngha
date Hin th ngy gi h thng
who Cho bit cc ngi dng ang ng nhp vo
h thng
tty Xc nh tp tin tty m mnh ang login vo.
cal Lch
finger Hin th cc thng tin ca cc ngi dng nh
h tn, a ch
chfn Thay i thng tin ca ngi dng
head Xem ni dung tp tin t u tp tin
tail Xem ni dung t cui tp tin
hostname Xem, i tn my
passwd i mt khu cho user
VII.3. S dng tr gip man
Trong MS DOS bit c php hay ngha ca mt lnh chng ta hay dng gip ca lnh
bng cch nh tham s /? vo pha sau lnh, cn Windows c b Help cho php bn tm kim
cc thng tin lin quan n mt vn no . Linux cung cp cho bn mt h thng th vin
gip bn tm cc thng tin theo t kha bn nhp vo. D khng c giao din bng Window,
nhng cc ti liu gip ny rt c ch i vi ngi s dng c bit khi s dng cc lnh.
Cc bn s bit cc lnh trong Linux s dng rt nhiu ty chn m chng ta khng th nh ht
c, Linux cung cp trnh tr gip man
$man [t-kha]
V d: Tm kim cc thng tin v lnh ls
$man ls
Bn dng php iu khin ln, xung xem trang man. Nu mun xem tng trang dng phm
space. thot khi man: chn phm q
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 39/271

Man phn d liu mnh lu tr thnh nhng on (session) khc nhau vi cc ch khc nhau
l
Session Tn ch ngha
1 User command cc lnh thng thng ca
h iu hnh
2 system call cc hm th vin kernel ca
h thng
3 subroutines cc hm th vin lp trnh
4 devices cc hm truy xut tp tin v
x l thit b
5 File format cc hm nh dng tp tin
6 games cc hm lin quan n tr
chi
7 Miscell cc hm khc
8 Sys. admin cc hm qun tr h thng
Xc nh c th thng tin ca mt ch no, chng ta dng lnh man nh sau:
$man [session] [t-kha]
V d : man 3 printf :Xem cc thng tin v hm prinf dng trong lp trnh
Nu chng ta khng xc nh session th session mc nhin l 1
VIII. Khi ng h thng
VIII.1. Cc bc khi ng h thng:
- Bc 1: Khi mt my PC bt u khi ng, b vi x l s tm n cui vng b nh h
thng ca BIOS v thc hin cc ch th .
- Bc 2: BIOS s kim tra h thng, tm v kim tra cc thit b v tm kim a cha trnh
khi ng. Thng thng, BIOS s kim tra a mm, hoc CDROM xem c th khi ng
t chng c khng, ri n a cng. Th t ca vic kim tra cc a ph thuc vo
cc cu hnh trong BIOS.
- Bc 3: Khi kim tra a cng, BIOS s tm n MBR v np vo vng nh hot ng
chuyn quyn iu khin cho n.
- Bc 4: MBR cha cc ch dn cho bit cch np trnh qun l khi ng GRUB/LILO cho
Linux hay NTLDR cho Windows NT/2000. MBR sau khi np trnh qun l khi ng, s
chuyn quyn iu khin cho trnh qun l khi ng.
- Bc 5: Boot loader tm kim boot partition v c thng tin cu hnh trong file grub.conf
hoc lilo.conf v hin th Operating Systems kernel c sn trong h thng cho php chng
ta la chn OS kernel boot.
V d v grub.conf
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Fedora Core (2.6.8-1.521)
root (hd0,0)
kernel /vmlinuz-2.6.8-1.521 ro root=LABEL=/
initrd /initrd-2.6.8-1.521.img
title Windows 2000
rootnoverify (hd0,1)
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 40/271

chainloader +1
- Bc 6: Sau khi chn kernel boot trong file cu hnh ca boot loader, h thng t ng load
chng trnh /sbin/init s kim tra h thng tp tin (file system check) sau c file
/etc/inittab xc nh mc hot ng(runlevel). Cc Linux runlevel
Mode/runlevel Th mc lu
script
file(Directory)
M t mode hot ng
0 /etc/rc.d/rc0.d L mc shutdown h
thng(halt)
1 /etc/rc.d/rc1.d Ch dnh cho mt ngi
dng thng dng sa
li h thng tp tin.(cn gi
l single user mode)
2 /etc/rc.d/rc2.d Khng s dng(user-
definable)
3 /etc/rc.d/rc3.d S dng cho nhiu ngi
dng nhng ch giao tip
di dng Text(Full multi-
user mode no GUI
interface)
4 /etc/rc.d/rc4.d Khng s dng(user-
definable)
5 /etc/rc.d/rc5.d S dng cho nhiu ngi
dng v c th cung cp
giao tip ha.(Full
multiuser mode )
6 /etc/rc.d/rc6.d Mc reboot h thng
- Bc 7: Sau khi xc nh runlevel(thng qua bin initdefault), chng trnh /sbin/init s thc
thi cc file startup script c t trong cc th mc con ca th mc /etc/rc.d. Script s
dng runlevel 0->6 xc th mc cha file script ch nh cho tng runlevel nh:
/etc/rc.d/rc0.d -> /etc/rc.d/rc6.d. Ta tham kho mt s file script trong th mc /etc/rc.d/rc3.d/
K01yum K50snmptrapd S09isdn S40snortd
S90mysql
K05innd K50tux S10network S44acpid
S90xfs
K05saslauthd K50vsftpd S12syslog S55cups
S95anacron
K15postgresql K54dovecot S13irqbalance
S55named S95atd
K20nfs K70aep1000 S13portmap S55sshd
S97messagebus
K24irda K70bcm5820 S14nfslock
S56rawdevices S97rhnsd
K25squid K74ntpd S20random S56xinetd
S99local
K34yppasswdd K74ypserv S24pcmcia
S78mysqld S99webmin
K35smb K74ypxfrd S25netfs S80sendmail
K35vncserver K92iptables S26apmd S85gpm
K35winbind S00microcode_ctl S28autofs
S85httpd
K50snmpd S05kudzu S40smartd S90crond
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 41/271

Ta cn lu tn tp tin bt u bng t kha S c ngha rng tp tin ny s c thc thi lc
khi ng h thng, ngc li tp tin bt u bng t kha K ngha rng tp tin c thc
thi khi h thng shutdown, s theo sau cc t kha S v K ch nh trnh t khi ng cc
script, k tip l tn file script cho tng dch v .
- Bc 8: Nu nh bc 4 runlevel 3 c chn la th h thng s chy chng trnh
login yu cu ng nhp cho tng user trc khi s dng h thng, nu runlevel 5 c
chn la th h thng s load X terminal GUI application yu cu ng nhp cho tng
user.
IX. Shutdown v Reboot h thng
- shutdown h thng ta thc hin mt trong cc cch sau:
+ [root@server root]# init 0
+ [root@server root]# shutdown -hy t (shutdown h thng sau khong thi gian t giy)
+ [root@server root]# halt
+ [root@server root]# poweroff
- reboot h thng ta c th thc hin mt trong cc cch sau:
+ [root@server root]# init 6
+ [root@server root]# reboot
+ [root@server root]# shutdown ry 10 (ch nh 10 pht sau h thng s reboot h
thng)
X. S dng runlevel
Chuyn i runlevel: Runlevel c hiu l cc mc hot ng ca h thng,
chuyn i cc mc hot ng ny ta dng lnh init #runlevel_number. V d ta
mun chuyn sang mc 1 ta dng lnh init 1 lc ny du nhc shell ca h thng
dng bash-2.05b#, ta c th dng lnh startx chuyn sang runlevel 5 (tng
ng vi lnh init 5). t runlevel mc nh cho h thng ta dng trnh tin ch mc
hiu chnh thng s runlevel X(0->6)
id:X:initdefault:
XI. Phc hi mt khu cho user qun tr
Trong trng hp ta mt mt khu ca user qun tr(root user), lc c nhiu cch phc hi
mt khu cho user ny:
+ Ta c th dng lnh a mm khi ng (ta c th dng lnh mkbootdisk hoc dd
to a ny,)
+ Da vo boot loader LILO hoc GRUB(ta ch s dng cch ny trong trng hp ta
c th edit c boot loader khi khi ng, nu khng ta phi dng cch 1)
Ta thc hin in hnh cch 2(da vo grub boot loader) nh sau:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 42/271

+ Khi ng my.
+ Khi GRUB Screen hin th ta chn phm e edit boot loader(nu ta c t mt khu
cho GRUB th nhp mt khu vo).

+ Chn mc kernel /boot. Sau bm phm e edit mc ny v thm t kha -s
vo runlevel 1 sau bm phm enter

+ Sau khi thc thi bc 3 ta bm phm b boot h thng vo runlevel 1 v thc hin
lnh passwd thay i mt khu ca user root.

+ dng lnh init 6 reboot h thng.
XII. Tm hiu boot loader
XII.1. GRUB boot loader
XII.1.1 Tng quan
GRUB l trnh khi ng my tnh, n c nhim v ti nhn v khi ng h thng Linux cng
nh mt s h iu hnh khc: FreeBSD, NetBSD, OpenBSD, GNU HURD, DOS, Windows 95,
98, Me, NT, 2000 v XP...
Nm 1995, Erich Boley thit k GRUB. Nm 1999, Gordon Matzigkeit v Yoshinori K. Okuji k
tha GRUB thnh gi phn mm GNU chnh thc.
- GRUB h tr nhiu h iu hnh bng cch khi ng trc tip nhn h iu hnh hoc
bng cch np chui (chain-loading).
- GRUB h tr nhiu h thng tp tin: BSD FFS, DOS FAT16 v FAT32, Minix fs, Linux ext2fs
v ext3fs, ReiserFS, JSF, XFS, v VSTa fs.
- GRUB cung cp giao din dng lnh linh hot ln giao din thc n, ng thi cng h tr
tp tin cu hnh.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 43/271

XII.1.2 Tp tin cu hnh
on th nht: m t cc ch th tng qut nh:
+ H iu hnh mc nh (default)
+ Thi gian ch i ngi dng nhp d liu trc khi thc hin lnh mc nh
(timeout=10), tnh bng giy.
+ Ta cng c th chn mu hin th trnh n (color green/black light-gray/blue)
on th hai: cho bit cc thng s khi ng h Linux:
+ Tiu trn trnh n l Red Hat Linux (title)
+ H iu hnh ny s khi ng t partition u tin ca a th nht / (hda0,0:
a th nht, partition th nht). V cn phi mount partition ny trc.
+ Tp tin vmlinuz ang c cha trong th mc root v filesystem root ang nm trn
partition th nm ca a cng th nht (/dev/hdc5)
+ Dng lnh boot nhc phi np ngay h iu hnh c khai bo trn.
on th ba: cho bit cc thng s v h iu hnh th hai ang c ci t trong h thng.
+ Tiu l Windows
+ H iu hnh ang chim partition th nht ca a th hai (hda1,0). C iu vi
lnh rootnoverify, GRUB khng cn ch kim tra xem partition ny c c mount
hay khng.
+ Cu lnh chainloader + 1 s dng +1 lm tn tp tin cn khi ng nh mt mc
xch trong tin trnh: +1 c ngha l sector th nht ca partition ang xt
+ Bn c th dng lnh man grub.conf tm hiu thm v tp tin cu hnh ny.
+ Lu : T GRUB mun chuyn sang LILO thc hin cc bc sau:
+ Trong th mc /etc c tp tin lilo.conf.anaconda. T tp tin ny copy thnh tp tin
lilo.conf
+ Thc thi lnh lilo
XII.1.3 Bo mt cho GRUB
Dng tnh nng mt khu ca GRUB ch cho php ngi qun tr dng cc hot ng tng
tc (nh bin tp mc thc n v vo giao din dng lnh). s dng tnh nng ny, cn
chy lnh password trong tp tin cu hnh: password --md5 <PASSWORD>
Khi GRUB khng cho php iu khin tng tc no (<e> v <c>), cho n khi g phm <p>
v nhp ng mt khu. Tu chn --md5 cho GRUB bit rng PASSWORD nh dng MD5.
Nu khng s dng tu chn ny, GRUB cho rng PASSWORD dng vn bn thun tu.
XII.1.4 Khi ng GRUB t ntldr
- Ci GRUB ln sector khi ng ca mt phn vng (chng hn nh /boot, /dev/hda2).
- Chp sector khi ng vo a mm hoc mt h thng tp tin trn a cng, th d cho
a mm (sau khi c gn ti /mnt/floppy):
dd if=/dev/hda2 of=/mnt/floppy/bootsect.lnx bs=512 count=1
- Tn ca tp tin bootsect.lnx phi theo quy nh 8.3 ntldr c th nhn din c.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 44/271

- Khi ng li Windows v chp tp tin bootsect.lnx vo th mc gc trn a C:
- Thay i thuc tnh ch-c ca tp tin C:\boot.ini, nu cn, bng Windows Explorer hoc
bng dng lnh (C:\attrib -s -r c:\boot.ini, v sau khi thc hin xong C:\attrib +s +r c:\boot.ini).
M tp tin boot.ini bng mt trnh bin tp, chng hn nh Notepad, thm dng
c:\bootsect.lnx="Linux" vo tp tin .
[bootloader]
timeout=5
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operatingsystems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional"/fastdetect
c:\bootsect.lnx="Linux"
Mi khi thay i sector khi ng dng to bootsect.lnx, cn phi cp nht bn mi ca tp tin
ny.
XII.2. LILO boot loader
LILO l mt boot manager nm trn gi chung vi cc bn pht hnh Red Hat, v l boot
manager mc nh cho Red Hat 7.1 tr v trc.
XII.2.1 Thit lp cu hnh LILO.
LILO c thng tin cha trong tp tin cu hnh /etc/lilo.conf bit xem h thng my bn c
nhng h iu hnh no, v cc thng tin khi ng nm u. LILO c lp cu hnh khi
ng mt on thng tin trong tp tin /etc/lilo.conf cho tng h iu hnh. Sau y l v d v tp
tin /etc/lilo.conf
on 1:
- Boot=/dev/hda
- Map=/boot/map
- Install=/boot/boot.b
- Prompt
- Timeout=50
- Message=/boot/message
- Lba32
- Default=linux
on 2:
- Image=/boot/vmlinuz-2.4.0-0.43.6
- Label=linux
- Initrd=/boot/initrd-2.4.0-0.43.6.img
- Read-only
- Root=/dev/hda5
on 3:
- Other=/dev/hda1
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 45/271

- Label=dos
on th nht:
+ Cho bit LILO cn xem xt vo MBR (boot=/dev/hda1)
+ Kim tra tp tin map
+ N cn cho bit LILO c th ci t mt tp tin c bit (/boot/boot.b) nh l mt
sector khi ng mi
+ Thi gian ch trc khi np h iu hnh mc nh (default=xxx) c khai bo thng
qua dng timeout=50 (5 giy) thi gian tnh bng 1/10 ca gi tr.
+ Np thng tin trong qu trnh khi ng t tp tin /boot/message
+ Dng LBA32 cho bit cu hnh ca a cng: cho bit a cng ca bn h tr LBA32,
thng thng dng ny c gi tr linear (bn khng nn i li dng ny nu bn
khng hiu r a cng ca bn, bn c th tm hiu a cng ca bn c h tr
LBA32 hay khng bng cch xem trong BIOS)
on th hai:
+ Cung cp thng tin khi ng cho h iu hnh linux
+ Dng image bo cho LILO bit v tr ca kernel Linux
+ Dng label hin din c 2 on cho bit tn ca h iu hnh no s xut hin ti
trnh n khi ng ca LILO.
+ Dng root xc nh v tr root file system ca Linux
on th ba: Dng other cho bit partition ca mt h iu hnh na ang hda1 ca a
cng.
Lu : T LILO mun chuyn sang GRUB thc hin ci t nh sau:
#/sbin/grub-install [tn__a]
V d: #/sbin/grub-install /dev/had

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 46/271

BI 3
H Thng Tp Tin
Tm tt
L thuyt: 8 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc ny gii thiu
cc khi nim c bn
v h thng tp tin,
cu trc h thng tp
tin, cc loi tp tin
c h tr trn linux,
cch to v qun l
cc h thng tp tin,
s dng cc lnh lin
quan n h thng tp
tin, th mc.
I. Cu trc h thng tp tin.
II. Cu trc cy th mc.
III. Cc thao tc trn h thng tp
tin v a.
IV. Cc thao tc trn tp tin v th
mc.
V. Lu tr tp tin/th mc.
VI. Bo mt h thng tp tin.
Bi tp 3.1
(sch bi
tp - H
thng tp
tin)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 47/271

I. Cu trc h thng tp tin
- Mi h iu hnh c cch t chc lu tr d liu ring. mc vt l, a c nh dng t
cc thnh phn sector, track, cylinder. mc logic, mi h thng s dng cu trc ring, c
th dng ch mc hay phn cp c th xc nh c d liu t mc logic ti mc vt l.
Cch t chc nh vy gi l h thng tp tin (file system).
- Chng hn nh Windows s dng h thng tp tin FAT16, FAT32, WinNT s dng NTFS
tng cng bo mt h thng tp tin.
- H thng tp tin l mt phn c bn ca h iu hnh Linux.
- Mt h thng tp tin l thit b m n c nh dng lu tr tp tin v th mc.
- H thng tp tin Linux bao gm: a mm, CD-ROM, nhng partition ca a cng. Nhng
h thng tp tin thng c to trong qu trnh ci t h iu hnh. Nhng bn cng c
th thay i cu trc h thng tp tin khi thm thit b hay chnh sa nhng partition tn
ti. Nh vy, vic bit v hiu cu trc h thng tp tin trong Linux tht l quan trng.
- Linux h tr rt nhiu loi h thng tp tin nh: ext2, ext3, MS-DOS, proc. H thng tp tin
c bn ca Linux l ext2 v ext3 (hin ti l ext3). H thng tp tin ny cho php t tn tp
tin ti a 256 k t v kch thc ti a l 4terabytes. MS-DOS dng truy cp trc tip
nhng tp tin MS-DOS. Bn cnh , Linux cn h tr vfat cho php t tn tp tin di i
vi nhng tp tin MS-DOS v nhng partition FAT32. Proc l mt h thng tp tin o (/proc)
ngha l khng dnh dung lng a phn phi cho n. Ngoi ra cn c nhng h thng tp
tin khc nh iso9660, UMSDOS, Network File System (NFS).
- Cc thnh phn ca h thng tp tin:
+ Superblock
+ Inode
+ Storageblock
Super Block: l mt cu trc c to ti v tr bt u h thng tp tin. N lu tr thng tin v
h thng tp tin nh: Thng tin v block-size, free block, thi gian gn kt(mount) cui cng ca
tp tin
Inode (256 byte): Lu nhng thng tin v nhng tp tin v th mc c to ra trong h thng
tp tin. Nhng chng khng lu tn tp tin v th mc thc s. Mi tp tin to ra s c phn
b mt inode lu thng tin sau:
+ Loi tp tin v quyn hn truy cp tp tin
+ Ngi s hu tp tin.
+ Kch thc ca tp tin v s hard link n tp tin.
+ Ngy v thi gian chnh sa tp tin ln cui cng.
+ V tr lu ni dung tp tin trong h thng tp tin.
Storageblock: L vng lu d liu thc s ca tp tin v th mc. N chia thnh nhng Data
Block. D liu lu tr vo a trong cc data block. Mi block thng cha 1024 byte. Ngay khi
tp tin ch c 1 k t th cng phi cp pht 1 block lu n. Khng c k t kt thc tp tin.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 48/271

+ Data Block ca tp tin thng thng lu inode ca tp tin v ni dung ca tp tin
+ Data Block ca th mc lu danh sch nhng entry bao gm inode number, tn ca
tp tin v nhng th mc con.
I.1. Loi tp tin.
Trong linux tp tin dng cho vic lu tr d liu. N bao gm c th mc v cc thit b lu tr.
Mt tp tin d liu, hay mt th mc u c xem l tp tin. Khi nim tp tin cn m rng dng
cho cc thit b nh my in, a cng ngay c b nh chnh cng c coi nh l mt tp tin,
cc tp tin trong linux c chia ra lm 3 loi chnh:
- Tp tin cha d liu bnh thng
- Th mc
- Tp tin thit b
Tp tin d liu: y l tp tin theo nh ngha truyn thng, n l d liu lu tr trn cc thit b
lu tr nh a cng, CD-ROM Bn c th a bt c d liu no vo tp tin ny nh on
source chng trnh, tp tin vn bn hay tp tin thc thi dng m my, cc lnh ca Linux cng
nh tt c cc tp tin c to ra bi ngi dng.
Tp tin th mc: Th mc khng cha d liu, m ch cha cc thng tin ca nhng tp tin v
th mc con trong n. Th mc cha hai trng ca mt tp tin l tn tp tin v inode number.

Tp tin thit b :H thng Unix v Linux xem cc thit b nh l cc tp tin. Ra vo d liu trn cc
tp tin ny chnh l ra vo d liu cho thit b. V d khi chng ta mun chp d liu ra a A: th
s chp vo tp tin /dev/fd0 hoc khi chng ta thc hin vic in th d liu vo my in c a
vo tp tin tng ng cho my in.
I.2. Lin kt tp tin
Link (Lin kt) mt lin kt, hiu theo cch n gin nht, l to ra mt tn tp tin th hai cho
mt tp tin. V d, bn c mt tp tin /usr/lib/testfile v mun c mt tp tin ging nh vy trong
th mc /usr/tim, bn khng cn phi copy n m ch cn to mt lin kt vi lnh sau:
#ln /usr/bill/testfile /usr/tim/testfile
C php ca lnh ln:
$ln <ngun> <ch>
L do c bn ca vic to lin kt l nhn tp tin ln nhiu ln. Trong v d trn, c hai tp tin
chnh l mt. Do , nu c bt k s thay i no trn mt tp tin s nh hng ngay n tp tin
cn li.
Hard Link: l mt lin kt trong cng h thng tp tin vi hai inode entry tng ng tr n cng
mt ni dung vt l (cng inode number v chng tr n cng d liu). Nu bn mun thy iu
ny, dng lnh sau:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 49/271

$ ls -i testfile
14253 testfile
Sau to mt lin kt c mt tn khc v hin th thng tin ca inode entry.
$ ln testfile test2
$ ls -i testfile test2
14253 testfile 14253 test2
C hai tp tin u c inode number ging nhau
Symbolic Link: L mt lin kt khc m khng s dng inode entry cho vic lin kt. Bn s
dng lin kt ny khi mun to ra nhng driver thit b, nh /dev/modem thay cho /dev/cua1. Ty
chn s ca lnh ln cho php to ra mt symbolic link.
V d:
$ ls -i bigfile
6253 bigfile
$ ln -s bigfile anotherfile
$ ls -i bigfile anotherfile
6253 bigfile 8358 anotherfile
Nh bn thy, ni dung inode number ca cc tp tin khc nhau. Lit k mt th mc s thy
symbolic link:
lrwxrwxrwx 1 root root 6 Sep 16:35 anotherfile -> bigfile
-rw-rw-r-- 1 root root 2 Sep 17:23 bigfile
Lu : khi xa tp tin gc, ni dung ca tp tin hard link khng b nh hng nhng ni dung tp
tin symbolic link khng xem c.
II. Cu trc cy th mc

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 50/271

H thng tp tin Linux c cu trc nh hnh v trn. Trong Linux khng c khi nim a nh
trong Windows, tt c cc tp tin th mc bt u t th mc gc (/). Linux s dng du . ch
th mc hin hnh v du .. ch th mc cha ca th mc hin hnh.

Nh hnh v trn th mc gc c mount vo partition th nht, /usr c mount vo partition
th 2... Nhng d liu ghi vo th mc /home s ghi vo partition th 3. Tng t, d liu ca
th mc /usr/local ghi v partition 4, d liu ca th mc /usr khng phi th mc con /usr/local
th ghi vo partion 2.
Linux s dng cc tp tin ch n cc partition trn a vt l. Nhng tp tin ny l nhng tp tin
thit b, nm trong th mc /dev. Tp cc tp tin ny c dng u tin l k t xc nh loi a
nh: a mm l fd, a cng l hd, a scsi l sd tip theo l s th t a: a th nht
dng k hiu a, th 2 k hiu l b v sau cng l s th t partition.
V d: tp tin ch n cc thit b :
+ mm th nht : /dev/fd0
+ partition th nht ca a cng u tin : /dev/hda1
+ partition th 3 ca a cng th 2 : /dev/hdb3.
Cc th mc c bn trn Linux
Th mc Chc nng
/bin,
/sbin
Cha cc tp tin nh phn h tr cho vic boot v
thc thi cc lnh cn thit.
/boot Cha linux kernel, file nh h tr load h iu hnh
/lib Cha cc th vin chia s cho cc tp tin nh phn
trong th mc /bin v /sbin, cha kernel module.
/usr/local Cha cc th vin, cc phn mm chia s cho cc
my khc trong mng.
/tmp Cha cc file tm
/dev Cha cc tp tin thit b(nh CDROM, floppy), v mt
s file c bit khc.
/etc Cha cc tp tin cu hnh h thng
/home Cha cc th mc lu tr home directory ca ngi
dng
/root Lu tr home directory cho user root
/usr Lu tr tp tin ca cc chng trnh c ci t
trong h thng.
/var Lu tr log file, hng i ca cc chng trnh ng
dng, mailbox ca ngi dng.
/mnt Cha cc mount point ca cc thit b c mount
vo trong h thng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 51/271

/proc Lu tr thng tin v kernel
Cc th mc c th s dng lm mount point cho cc thit b ring: nh: /boot, /home, /root, /tmp,
/usr, /usr/local, /opt, /var.
III. Cc thao tc trn h thng tp tin v a
III.1. Mount v umount mt h thng tp tin
Mun mount mt h thng tp tin vo cy th mc, bn phi c mt partition vt l nh CD-ROM,
a mm...V mt iu kin na l th mc m bn mun mount(mount point) vo phi l th
mc c tht. N phi c trc khi mount mt h thng tp tin.
Lu : mun bit th mc hin hnh ang h thng tp tin no, bn dng lnh df. Lnh ny s
hin th h thng tp tin v khong trng cn li trn a.
III.1.1 Mount h thng tp tin c tnh tng tc
mount mt h thng tp tin, bn dng lnh mount theo c php sau:
#mount <tn-thit-b> <im-mount>
Trong : Tn-thit-b: l thit b vt l nh /dev/cdrom (CD-ROM), /dev/fd0 (a mm), /dev/hda1
...im-mount: l v tr th mc, trong cy th mc, m bn mun mount vo
Mt s ty chn ca lnh mount:
+ -f: lm cho tt c mi th u hin ra nh tht, song n ch gy ra ng tc gi.
+ -v: ch chi tit, cung cp thm thng tin v nhng g mount nh thc hin.
+ -w: mount h thng tp tin vi quyn c v ghi.
+ -r: mount h thng tp tin ch c quyn c m thi.
+ -t loi: xc nh li h thng tp tin ang c mount. Nhng loi hp l l minux,
ext2, ext3, msdos, hpfs, proc, nfs, umsdos, iso9660, vfat.
+ -a: mount tt c nhng h thng tp tin c khai bo trong /etc/fstab.
+ -o remount <fs> ch nh vic mount li 1 filesystem no .
V d:
mount cdrom:
#mount /dev/cdrom
mount mt h thng tp tin:
#mount /dev/hda6 /usr
remount filesystem.
#mount o remount /home
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 52/271

III.1.2 Mount mt h thng tp tin khi khi ng
Mt khi lm vic n nh, thng th Linux s dng mt s h thng tp tin hay dng v t khi
thay i. Do , bn c th xc nh danh sch cc h thng tp tin no Linux cn phi mount khi
khi ng v cn phi umount khi ng tt. Cc h thng tp tin ny c lit k trong tp tin cu
hnh /etc/fstab.
Tp tin /etc/fstab lit k cc h thng tp tin cn c mount theo tng dng, mi dng mt h
thng tp tin. Nhng trng trong mi dng phn cch nhau bng khong trng hoc khong tab.
Cc field M t
H thng tp
tin
Xc nh thit b hoc h thng tp tin
cn mount
Mount point Xc nh im mount cho h thng tp
tin. i vi cc h thng tp tin c bit
nh swap, bn dng ch none, c tc
dng lm cho tp tin swap hot ng nh
nhn vo cy th mc khng thy.
Type Ch ra loi h thng tp tin nh msdos,
vfat, iso9660, ext2...
Mount
options
Danh sch cc ty chn c ngn cch
nhau bi du phy
Dump
frequency
Xc nh khong thi gian lnh dump
sao chp (backup) h thng tp tin. Nu
trng ny trng, dump s gi nh rng
h thng tp tin ny khng cn backup.
Pass number Khai bo cho lnh fsck bit th t kim
tra cc h thng tp tin khi khi ng h
thng. H thng tp tin gc (/) phi c
gi tr1. Tt c h thng tp tin khc phi
c gi tr 2. Nu khng khai bo, khi khi
ng, my s khng kim tra tnh nht
thng ca h thng tp tin.
Nh vy, khi mun mount cc h thng tp tin lc khi ng, bn nn s dng tp tin /etc/fstab
thay v dng lnh mount.
Sau y l v d v tp tin /etc/fstab:

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 53/271

III.1.3 Umount mt h thng tp tin
Sau khi lm quen vi vic gn nhng h thng tp tin vo cy th mc Linux. K n, bn c th
tho mt h thng tp bng lnh umount. Bn cn umount mt h thng tp tin v nhiu l do
nh: kim tra hay sa cha h thng tp tin vi lnh fsck; khi gp vn v mng; umount a
mm hay CD-ROM...Lnh umount c 3 dng:
+ #umount thit-b <im-mount>
+ #umount -a
+ #umount -t loi-fs
Lu : lnh umount khng umount nhng h thng tp tin ang s dng.
V d:
#cd /mnt
#umount /mnt
Lc ny my s bo li l h thng tp tin ang bn(busy). Do , mun umount /mnt bn phi di
chuyn n mt th mc khc v mt h thng tp tin khc
III.2. nh dng filesystem
Dng lnh mkfs nh dng cho mi h thng tp tin(ext2, ext3,)
C php lnh:
#mkfs t <fstype> <filesystem>
V d: mkfs t ext2 /dev/hda1 (tng ng vi lnh mkfs.ext2 /dev/hda1 )
III.3. Qun l dung lng a
qun l v theo di dung lng a ta c th s dng nhiu cch khc nhau, thng thng ta
dng hai lnh df v fdisk. C php lnh:
df <option>, fdisk <option> <parameters>
V d:
Theo di cc thng tin v file system c mount trong h thng.
Lit k file system trong h thng:

In theo dng (MB,GB)

Lit k cc partition trong h thng
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 54/271


Ta c th tham kho chi tit thng tin v hai lnh trn ta dng lnh man df
III.4. Duy tr h thng tp tin vi lnh fsck
Ngi qun tr h thng chu trch nhim duy tr tnh nht qun ca cc h thng tp tin. Cng
vic thng lm l thnh thong kim tra xem c tp tin no hng khng. Linux s t ng kim
tra h thng tp tin lc khi ng nu chng c gi tr ln hn 0 v c xc nh trong trng
pass number ca tp tin /etc/fstab. thc hin nhng cng vic trn, ngi qun tr dng lnh
fsck(file system check), C php nh sau:
#fsck [ty-chn] h-thng-tp-tin
Bng sau y m t cc ty chn:
Ty
chn
M t
-A Duyt khp tp tin /etc/fstab v c gng kim tra
tt c cc h thng tp tin ch trong mt ln duyt.
Nu chn A, bn khng cn ch ra h thng
tp tin.
-V Ch chi tit. Cho bit lnh fsck ang lm g.
-t loai-fs Xc nh loi h thng tp tin cn kim tra
-a T ng sa cha nhng hng hc trong h thng
tp tin m khng cn hi
-l Lit k tt c cc tn tp tin trong h thng tp tin
-r Hi trc khi sa cha h thng tp tin
-s Lit k cc superblock trc khi kim tra h
thng tp tin.
IV. Cc thao tc trn tp tin v th mc
IV.1. Thao tc trn th mc
IV.1.1 ng dn tng i v tuyt i
ng dn trong Linux s dng l du / thay cho du \ c s dng trong Windows.
xc nh mt tp tin hay th mc chng ta dng ng dn tuyt i hay tng i. ng
dn tuyt i l ng dn y i t th mc gc (/) ca cy th mc. V d : /home/hv,
/usr/local/vd.txt
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 55/271

Trong mt s trng hp s dng cc tp tin v th mc l con ca th mc mnh ang lm vic,
lc chng ta s dng ng dn tng i. ng dn tng i c tnh t th mc hin
hnh. V d chng ta ang th mc /home/hv khi g lnh cat test.txt l chng ta xem tp tin
test.txt trong th mc /home/hv.
Linux dng k hiu . ch th mc hin hnh v k hiu .. ch th mc cha ca th mc hin
hnh. V d th mc hin hnh l /usr/bin, ng dn ../local tng ng /usr/local
Chng trnh thc thi trong Linux c 2 dng chnh l tp tin lnh v tp tin binary. Tp tin lnh l
tp tin lu cc lnh ca shell tng t tp tin bat trong DOS. Cn tp tin binary cha m my
tng t tp tin .exe hoc .com trong Windows. Trong Linux tn tp tin khng c khi nim m
rng. Ngi ta thng s dng phn m rng ni ln tnh cht, ngha ca tp tin ch khng
xc nh chng trnh thc thi tp tin. V d .txt ch tp tin dng text, .conf ch tp tin cu hnh.
Tp tin mun thc thi c th phi gn quyn thc thi(x).
Khi thc thi chng trnh phi xc nh ng dn chnh xc hoc s dng ng dn trong
bin mi trng PATH. Do vy, mun thc thi tp tin trong th mc hin hnh phi dng ./tn-file
IV.1.2 Lnh pwd
Lnh pwd cho php xc nh v tr th mc hin hnh.
V d :
[natan@netcom bin]$ pwd
/usr/local/bin
IV.1.3 Lnh cd
Lnh cd cho php thay i th mc.
C php:
$cd [th-mc]
th-mc: l ni cn di chuyn vo.
V d: $cd /etc
IV.1.4 Lnh ls
Lnh ls cho php lit k ni dung th mc.
C php: ls [ty chn] [th mc]
ls x hin th trn nhiu ct.
ls l hin th chi tit cc thng tin ca tp tin.
ls a hin th tt c cc tp tin k c tp tin n.
V d: $ ls l /etc
-rw-r--r-- 1 root root 920 Jun 25 2001 im_palette-small.pal
-rw-r--r-- 1 root root 224 Jun 25 2001 im_palette-tiny.pal
-rw-r--r-- 1 root root 5464 Jun 25 2001 imrc
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 56/271

-rw-r--r-- 1 root root 10326 Apr 12 08:42 info-dir
lrwxrwxrwx 1 root root 11 Apr 12 07:52 init.d -> rc.d/init.d
ngha cc ct t tri sang phi
+ Ct 1: k t u tin : - ch tp tin bnh thng, d ch th mc, l ch link v pha sau c
du -> ch ti tp tin tht.
+ Cc k t cn li ch quyn truy xut
+ Ct th 2: Ch s lin kt n tp tin ny.
+ Ct th 3, 4 : Ngi s hu v nhm s hu
+ Ct th 5 : Kch thc tp tin, th mc
+ Ct th 6 : Ch ngy gi sa cha cui cng
+ Ct th 7 : Tn tp tin, th mc
Bn mun xem thng tin 1 hay nhiu tp tin c th dng
$ls -l tp-tin1 tp-tin2
IV.1.5 Lnh mkdir
Lnh mkdir cho php to th mc.
C php:
$mkdir [ty-chn] [th-mc]
V d: $mkdir /home/web
IV.1.6 Lnh rmdir
Lnh cho php xa th mc rng
C php:
$rmdir [ty-chn] [th-mc]
V d: $rmdir /home/web
IV.2. Tp tin
IV.2.1 Lnh cat
Lnh cat dng hin th ni dung ca tp tin dng vn bn. xem tp tin chng ta chn tn tp
tin lm tham s.
C php:
$cat [tn-tp-tin]
V d: $cat myfile
Lnh cat cn cho php bn xem nhiu tp tin cng lc
$cat file1 file2
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 57/271

Cat cng c dng to v son tho vn bn dng text. Trong trng hp ny chng ta s
dng du > hay >> i theo sau. Nu tp tin cn to tn ti, du > s xa ni dung ca tp tin
v ghi ni dung mi vo, du >> s ghi ni ni dung mi vo sau ni dung c ca tp tin.
$cat > <tn-tp-tin> [Enter]
> Cc-dng-d-liu-ca-tp tin
>
[Ctrl-d :kt thc}
IV.2.2 Lnh more
Lnh more cho php xem ni dung tp tin theo tng trang mn hnh.
C php:
$more [tn-tp-tin]
V d:
$more /etc/passwd
IV.2.3 Lnh cp
Lnh cp cho php sao chp tp tin
C php:
$cp <tp-tin-ngun> <tp-tin-ch>
V d: $cp /etc/passwd /root/passwd
IV.2.4 Lnh mv
Lnh mv cho php thay i tn tp tin v di chuyn v tr ca tp tin
C php:
$mv <tn-tp-tin-c> < tn-tp-tin-mi>
V d: $cp /etc/passwd /root/pwd
IV.2.5 Lnh rm
Lnh rm cho php xa tp tin, th mc.
C php:
$rm [ty-chn] [tn-tp-tin/thmc]
Cc ty chn hay dng:
-r : xa th mc v tt c cc tp tin v th mc con
-l : xc nhn li trc khi xa
IV.2.6 Lnh find
Cho php tm kim tp tin tha mn iu kin.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 58/271

C php:
#find [ng-dn] [biu-thc-tm-kim]
o ng-dn: l ng dn th mc tm kim
o biu-thc-tm-kim : tm cc tp tin hp vi iu kin tm .
Tm 1 tp tin xc nh :
#find [th-mc] name [tn-tp-tin] print
Ngoi ra, bn c th s dng nhng k hiu sau:
* : vit tt cho mt nhm k t
? : vit tt cho mt k t
C th s dng man c cc la chn tm kim y hn
IV.2.7 Lnh grep
Lnh grep cho php tm kim mt chui no trong ni dung tp tin.
C php :
#grep [biu-thc-tm-kim] [tn-tp-tin]
Tm trong tp tin c tn [tn-tp-tin] nhng d liu tha mn [biu-thc-tm-kim]
V d : grep nva /etc/passwd
Tm kim trong tp tin /etc/passwd v hin th cc dng c xut hin chui nvan.
IV.2.8 Lnh touch
L lnh h tr vic to v thay i ni dung tp tin
C php : touch <option> file
V d: #touch file1.txt file2.txt (to hai tp tin file1.txt v file2.txt)
IV.2.9 Lnh dd
Sao chp v chuyn i file.
V d:
dd if=/mnt/cdrom/images/boot.img of=/dev/fd0
(if l input file, of l output file)
IV.3. Cc tp tin chun trong Linux
Khi khi ng chng trnh Linux, n giao tip vi ngi dng qua vic hin th thng tin ra mn
hnh. Thng tin hin th mn hnh c th l d liu ca chng trnh hay li pht sinh khi c li
xy ra. Ngi dng giao tip vi chng trnh qua cc k t g vo bn phm. Lung d liu vo
t bn phm gi l nhp chun. Lung d liu ra mn hnh gi l xut chun cn lung d liu
thng bo li l li chun.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 59/271

Trong Linux, cc lung giao tip chun c xem nh cc tp tin d liu v c nh s theo
th t: Tp tin nhp (file input) chun l 0, tp tin xut (file output) chun l 1 v tp tin li chun
l 2. Cc s ny c gi l tp tin m t (file descriptor).
S dng chng trnh cat son tho, chng ta g:
$ cat > filename
<nhp ni dung cho tp tin>
<Ctrl-d>.
Tt c cc d liu chng ta a vo t bn phm c xem l tp tin nhp chun. Dng lnh ls
bn s nhn c d liu ra mn hnh, l tp tin xut chun chun.
Mt thng bo li xut hin mn hnh khi chng ta g lnh sai hoc truy xut vo cc tp tin hay
th mc khng c quyn chnh l tp tin li chun. V d nh bn g lnh listn th s xut hin li
invalid command.
IV.3.1 Chuyn hng (redirection)
Chuyn tip l hnh thc thay i lung d liu ca cc nhp, xut v li chun. Khi s dng
chuyn tip, nhp chun c th nhn d liu t tp tin thay v bn phm, xut v li chun c th
xut ra tp tin hay my in...
C 3 loi chuyn hng:
+ Chuyn hng nhp(Input redirection)
+ Chuyn hng xut(Output redirection)
+ chuyn hng li(Error redirection)
IV.3.2 Chuyn hng nhp:
Theo qui c th cc lnh ly d liu t thit b nhp chun(bn phm). lnh ly d liu t tp
tin chng ta dng k hiu < :
C php:
$lnh < tp_tin
Du < ch hng chuyn d liu.
V d $cat < abc.txt hoc $cat 0< abc.txt
IV.3.3 Chuyn hng xut:
Kt qu ca cc lnh thng thng c hin th trn mn hnh. xut kt qu ny ra tp tin
bn dng du >
C php: $lnh > tp-tin
V d: Lit k ni dung th mc v chuyn kt qu ra tp tin
$ls l > tm.txt
chn thm d liu vo cui tp tin tn ti bn dng du >> thay cho du >
C php: $lnh >> tp-tin
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 60/271

V d: $cat a.txt >> sum.txt
IV.4. ng ng (Pipe)
Pipe l cn gi l truyn thng. N l cch truyn d liu s dng kt hp 2 chuyn tip. Pipe s
dng kt xut ca mt chng trnh lm d liu nhp cho mt chng trnh khc.
V d: $ls l | more
Kt qu ca lnh ls khng xut ra mn hnh m chuyn cho lnh more x l nh d liu u vo.
IV.5. Lnh tee
Hot ng chuyn tip v ng ng l c im ca h iu hnh UNIX. Tuy nhin bn cng c
th s dng 1 lnh ca Linux lm vic ny. l lnh tee, n s gim bt cc kt qu gin
tip ca chui ng ng.
V d: $sort baocao | tee baocaostt | lp
u tin lnh tee gi nhp chun ca n n xut chun ca n, trong trng hp ny gi xut
ca sort n nhp ca lp. Th hai tee sao chp 1 bn nhp chun vo tp tin baocaostt.
V. Lu tr tp tin/th mc
V.1. Lnh gzip/gunzip
gzip dng nn tp tin, cn gunzip dng gii nn cc tp tin nn. C php ca gzip v
gunzip nh sau:
$gzip [ty-chn] [tn-tp-tin]
$gunzip [ty-chn] [tn-tp-tin]
gzip to tp tin nn vi phn m rng .gz
Cc ty chn dng cho gunzip v gzip:
-c Chun cc thng tin ra mn hnh
-d Gii nn, gzip d tng ng gunzip
-h Hin th gip .
V d:
#gzip /etc/passwd
#gunzip /etc/passwd.gz
V.2. Lnh tar
Lnh ny dng gom v bung nhng tp tin/th mc. N s to ra mt tp tin c phn m rng
.tar
C php: #tar [ty-chn] [tp-tin-ch] [tp-tin-ngun/th-mc-ngun ...]
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 61/271

Trong :
+ cvf : gom tp tin/ th mc
+ xvf : bung tp tin / th mc
+ tp-tin-ch: tp tin .tar s c to ra.
+ tp-tin-ngun/th-mc-ngun: nhng tp tin v th mc cn gom.
V d:
#tar cvf /home/backup.tar /etc/passwd /etc/group
#tar xvf /home/backup.tar
VI. Bo mt h thng tp tin
VI.1. Quyn hn
Do Linux l mt h iu hnh a nhim (multitasking) v a ngi dng (multiuser), nhiu ngi
c th cng s dng mt my Linux v mt ngi c th cho chy nhiu chng trnh khc nhau.
C hai vn ln c t ra: quyn s hu cc d liu trn a v phn chia ti nguyn h
thng nh CPU, RAM gia cc tin trnh (process).
Tt c cc tp tin v th mc ca Linux u c ngi s hu v quyn truy cp. Bn c th thay
i cc tnh cht ny i vi tp tin hay th mc. Quyn ca tp tin cn cho php xc nh tp tin
c phi l mt chng trnh (application) hay khng (khc vi MSDOS v MSWindows xc nh
tnh cht ny qua phn m rng ca tn tp tin). V d vi lnh ls l:
-rw-rr 1 fido users 163 Dec 7 14 : 31 myfile
Ct u ch ra quyn hn truy cp ca tp tin, v d trn, cc k t rw-rr biu th quyn truy
cp ca tp tin myfile. Linux cho php ngi s dng xc nh cc quyn c (read), vit (write)
v thc thi (execute) cho tng i tng. C 3 dng i tng
+ Ngi s hu (the owner)
+ Nhm s hu (the group owner)
+ Ngi khc (other users hay everyone else).
Quyn c cho php bn c ni dung ca tp tin. i vi th mc, quyn c cho php bn di
chuyn vo th mc v xem ni dung ca th mc.
Quyn vit cho php bn thay i ni dung hay xo tp tin. i vi th mc, quyn vit cho php
bn to ra, xa hay thay i tn cc tp tin trong th mc khng ph thuc vo quyn c th ca
tp tin trong th mc. Nh vy, quyn vit ca th mc s v hiu ha cc quyn truy cp ca
tp tin trong th mc v bn c phi tnh cht ny.
Quyn thc thi cho php bn gi chng trnh ln b nh bng cch nhp t bn phm tn ca
tp tin. i vi th mc, bn ch c th vo th mc bi lnh cd nu bn c quyn thc thi vi
th mc.
-rw-rr 1 fido users 163 Dec 7 14 : 31 myfile
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 62/271

K t u tin ca quyn l k t - cho bit l mt tp tin bnh thng. Nu k t d thay th
cho du - th myfile l mt th mc. Ngoi ra cn c c cho thit b ngoi vi dng k t (nh bn
phm), b cho thit b ngoi vi dng block (nh a cng).
Chn k t tip theo chia thnh 3 nhm, cho php xc nh quyn ca 3 nhm: ngi s hu
(owner), nhm s hu(group) v nhng ngi cn li (other). Mi cp ba ny cho php xc nh
quyn c, vit v thc thi theo th t k trn. Quyn c vit tt l r v tr u, quyn vit vit
tt bng w v tr th hai v v tr th ba l quyn thc thi k hiu bng ch x. Nu mt quyn
khng c cho th ti v tr s c k t -.
K t r w x r w x r w X
Loi
tp tin
Owner group owner other users
Trong trng hp ca tp tin myfile, ngi s hu c quyn rw tc l c v vit. Nhm s hu
v nhng ngi cn li ch c quyn c tp tin (read-only). Bn cnh , bn cn bit myfile
khng phi l mt chng trnh.
Song song vi cch k hiu miu t bng k t trn, quyn hn truy cp cn c th biu din
di dng 3 s. Quyn hn cho tng loi ngi dng s dng mt s c 3 bit tng ng cho 3
quyn read, write v excute. Theo nu cp quyn th bit l 1, ngc li l 0. Gi tr nh phn
ca s 3 bit ny xc nh cc quyn cho nhm ngi .
Bit 2 bit 1 bit 0
read write excute
V d:
ch c quyn c : 100 c gi tr l 4
c quyn c v thc thi : 101 c gi tr l 5
Theo cch tnh s thp phn, bn cng c th xc nh s quyn hn bng cch tnh tng gi tr
ca cc quyn. Theo quy nh trn ta c gi tr tng ng nh sau:
Quyn Gi tr
Read permission 4
Write permission 2
Execute permission 1
V d: Nu c quyn read v excute th s ca quyn l : 4+1 =5
read , write v excute : 4+2+1=7
T hp ca 3 quyn trn c gi tr t 0 n 7.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 63/271

+ 0 or ---: Khng c quyn
+ 1 or --x: execute
+ 2 or -w-: write-only (race)
+ 3 or -wr: write v execute
+ 4 or r--: read-only
+ 5 or r-x: read v execute
+ 6 or rw-: read v write
+ 7 or rwx: read, write v execute
Nh vy khi cp quyn trn mt tp tin/th mc, bn c th dng s thp phn gm 3 con s. S
u tin miu t quyn ca s hu, s th hai cho nhm v s th ba cho nhng ngi cn li.
V d: Mt tp tin vi quyn 751 c ngha l s hu c quyn read, write v execute bng
4+2+1=7. Nhm c quyn read v execute bng 4+1=5 v nhng ngi cn li c quyn execute
bng 1.
Ch : Ngi s dng c quyn c th c quyn copy tp tin. Khi , tp tin sao chp s thuc
s hu ngi lm copy. V d minh ha sau:
$ ls -l /etc/passwd
-rw-r--r-- 1 root root 1113 Oct 13 12 : 30 /etc/passwd
$ cp /etc/passwd ./
$ ls -l passwd
-rw-r--r-- 1 ndhung admin 1113 Oct 15 10 : 37 passwd
VI.2. Lnh chmd, chown, chgrp
VI.2.1 Lnh chmod
y l lnh c s dng rt ph bin, dng cp php quyn hn truy cp ca tp tin hay th
mc. Ch c ch s hu v superuser mi c quyn thc hin cc lnh ny.
C php ca lnh: $chmod [nhm-ngi-dng] [thao-tc] [quyn-hn] [tn-tp-tin].
Nhm-ngi-dng Thao tc Quyn
u user + : thm quyn r read
g group - : xa quyn w write
o others = : gn ngang quyn x excute
a all
Mt s v d : gn quyn trn tp tin myfile
Gn thm quyn write cho group : $ chmod g+w myfile
Xa quyn read trn group v others : $ chmod go-w myfile
Cp quyn x cho mi ngi:
$ chmod ugo+x myfile hoc
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 64/271

$chmod a+x myfile hoc
$ chmod +x myfile
y l cch thay i tng i v kt qu cui cng ph thuc vo quyn c trc m lnh
ny khng lin quan n. Trn quan im bo mt h thng, cch thay i tuyt i dn n t sai
st hn. Thay i quyn truy cp ca mt th mc cng c thc hin ging nh i vi mt
tp tin. Ch l nu bn khng c quyn thc hin (execute) i vi mt th mc, bn khng th
cd vo th mc . Mi ngi s dng c quyn vit vo th mc u c quyn xa tp tin trong
th mc , khng ph thuc vo quyn ca ngi i vi cc tp tin trong th mc. V vy,
a s cc th mc c quyn drwxr-xr-x. Nh vy ch c ngi s hu ca th mc mi c quyn
to v xa tp tin trong th mc. Ngoi ra, th mc cn c mt quyn c bit, l cho php
mi ngi u c quyn to tp tin trong th mc, mi ngi u c quyn thay i ni dung tp
tin trong th mc, nhng ch c ngi to ra mi c quyn xa tp tin. l dng sticky bit cho
th mc. Th mc /tmp thng c sticky bit bt ln.
drwxrwxrwt 7 root root 16384 Oct 21 15:33 tmp
Ta thy ch t, cui cng trong nhm cc quyn, th hin cho sticky bit ca /tmp. c sticky bit,
ta s dng lnh: chmod 1????????? tn_th_mc.
Ngoi cch gn quyn trn, chng ta cng c th gn quyn trc tip thng qua 3 ch s xc
nh quyn nh sau : $chmod [gi-tr-quyn] [tn-tp-tin]
V d: Cp quyn cho tp tin myfile
Quyn Lnh
-wrxr-xr-x $chmod 755 myfile
-r-xr--r -- $chmod 522 myfile
-rwxrwxrwx $chmod 777 myfile
Phng php thay i tuyt i ny c mt s u im v n l cch nh quyn tuyt i, kt
qu cui cng khng ph thuc vo quyn truy cp trc ca tp tin. ng thi, d ni thay
quyn tp tin thnh 755 th d hn l thay quyn tp tin thnh read-write-excute, read-excute,
read-excute
VI.2.2 Lnh chown
Lnh chown dng thay i ngi s hu trn tp tin, th mc
C php: $chown [tn-user:tn-nhm] [tn-tp-tin/th-mc]
$chown R [tn-user:tn-nhm] [th-mc]
Dng lnh cui cng vi ty chn R (recursive) cho php thay i ngi s hu ca th mc
<tn_th_mc> v tt c cc th mc con ca n. iu ny cng ng vi lnh chmod, chgrp.
VI.2.3 Lnh chgrp
Lnh chgrp dng thay i nhm s hu ca mt tp tin, th mc
C php: $chgrp [nhm-s-hu] [tn-tp-tin/th-mc]
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 65/271

Bi 4
Ci t Phn Mm
Tm tt
L thuyt: 3 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
them
Gii thiu hc vin c
ch ci t, t chc,
qun l phn mm trn
mi trng Linux
I. Chng trnh RPM
II. c tnh ca RPM
III. Lnh rpm
Bi tp 4.1
(Sch bi
tp Ci
t phn
mm)



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 66/271

I. Chng trnh RPM
RedHat Package Manager (RPM) l h thng qun l package (gi phn mm) c Linux h tr
cho ngi dng. N cung cp cho ngi dng nhiu tnh nng duy tr h thng ca mnh.
Ngi dng c th ci t, xa hoc nng cp cc package trc tip bng lnh. RPM c mt c
s d liu cha cc thng tin ca cc package ci v cc tp tin ca chng, nh vy RPM cho
php bn truy vn cc thng tin, cng nh xc thc cc package trong h thng. Nu bn s
dng XWindow, c th dng chng trnh KDE-PRM hoc Gnome-RPM thay thay cho vic s
dng lnh.
Trong qu trnh nng cp package, RPM thao thc trn tp tin cu hnh rt cn thn, do vy m
bn khng bao gi b mt cc la chn trc ca mnh. Trn phng din cc nh pht trin,
n cho php cc nh pht trin ng gi chng trnh ngun ca phn mm thnh cc package
dng ngun hoc binary a ti ngi dng.
II. c tnh ca RPM
hiu r hn c tnh s dng ca RPM, chng ta xem xt cc mc ch ca vic xy dng
RPM.
- Kh nng nng cp phn mm: Vi RPM bn c th nng cp cc thnh phn ring bit
ca h thng m khng cn phi ci li. Khi c mt phin bn mi ca h iu hnh da trn
RPM (nh RedHat Linux chng hn) th bn khng phi ci li h thng m ch cn nng cp
thi. RPM cho php nng cp h thng mt cch t ng, thng minh. Cc tp tin cu hnh
c gn gi cn thn qua cc ln nng cp, v th bn khng s thay i cc tu chn sn
c ca h thng c nng cp.
- Truy vn thng tin hiu qu: RPM cng c thit k cho mc ch truy vn cc thng tin
v cc package trong h thng. Bn c th tm kim thng tin cc package hoc cc tp tin
ci t trong ton b c s d liu. Bn cng c th hi tp tin c th thuc v package no
v n u. Package RPM c cc tp tin cha cc thng tin rt hu ch v package ny v
ni dung ca package. Cc tp tin ny cho php ngi dng tm kim thng tin d dng
trong mt package ring l.
- Thm tra h thng (System Verification): Mt c tnh rt mnh ca RPM l cho php bn
thm tra li cc package. Nu bn nghi ng mt tp tin no b xa hay b thay th trong
package, bn c th kim tra li rt d dng. Bn cn phi ch n cc du hiu bt bnh
thng ca h thng, nn kim tra v ci li nu cn thit.
III. Lnh rpm
Lu rng bn phi thc hin rpm vi ngi dng qun tr (root). RPM c 5 ch thc hin l
ci t (installing), xa (uninstalling), nng cp (upgrading), truy vn (querying) v thm tra
(verifying).
III.1. Ci t phn mm bng rpm
Package RPM thng cha cc tp tin ging nh foo-1.0-1.i386.rpm Tn tp tin ny bao gm tn
package (foo), phin bn (1.0), s hiu phin bn (1), kin trc s dng (i386). Lnh ci t :
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 67/271

# rpm ivh tn-tp-tinRPM
V d:
#rmp ivh foo-1.0-1.i386.rpm
foo #################################
Mt s trng hp li khi ci t.
o Package ci ri.
o Xung t vi tp tin c tn ti.
o Package ph thuc vo package khc.
V d: package c ci t trc
# rpm -ivh foo-1.0-1.i386.rpm
foo package foo-1.0-1 is already installed
Nu bn mun ci chng ln package ci ri dng lnh thm tham s --replacepkgs
#rpm ivh -replacepkgs tn-tp-tin-package
V d:
# rpm -ivh --replacepkgs foo-1.0-1.i386.rpm
V d: xung t vi tp tin c tn ti
# rpm -ivh foo-1.0-1.i386.rpm
foo /usr/bin/foo conflicts with file from bar-1.0-1
b qua li ny, bn c th ci ln bng cch s dng ty chn --replacefiles.
# rpm -ivh --replacefiles foo-1.0-1.i386.rpm
V d: Package ph thuc vo package khc
# rpm -ivh foo-1.0-1.i386.rpm
failed dependencies:
bar is needed by foo-1.0-1
Gii quyt trng hp ny bn phi ci cc package c yu cu. Nu bn mun tip tc ci
m khng ci cc package khc th dng ty chn --nodeps. Tuy nhin lc ny c th package
ca bn ci c th chy khng tt.
III.2. Loi b phn mm ci t trong h thng
Xa package th n gin hn ci. Lnh xa.
# rpm -e tn-package
Lu l khi xa chng ta dng tn-package ch khng dng tn tp tin RPM.
V d:
# rpm -e foo
removing these packages would break dependencies:
foo is needed by bar-1.0-1
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 68/271

Nu mun xa cc package b qua cc li, bn dng thm tham s --nodeps. Tuy nhin y
khng phi l kin hay, v nu chng trnh bn xa c lin quan n chng trnh khc. Khi
chng trnh ny s hot ng khng c.
III.3. Nng cp phn mm
Upgrade cng tng t nh ci t mi.
# rpm Uvh tn-tp-tinRPM
V d:
# rpm -Uvh foo-2.0-1.i386.rpm
foo ####################################
Khi upgrade RPM s xa cc phin bn c ca package. bn c th dng lnh ny ci t, khi
s khng c phin bn c no b xa i.
Khi RPM t ng nng cp vi tp tin cu hnh, bn thy chng thng xut hin mt thng bo
nh sau : saving /etc/foo.conf as /etc/foo.conf.rpmsave. iu ny c ngha l khi tp tin cu hnh
ca phin bn c khng tng thch vi phin bn mi th chng lu li v to tp tin cu hnh
mi. Nng cp thc s l s kt hp gia Uninstall v Install. V th khi upgrade cng thng
xy ra cc li nh khi Install v Uninstall v thm mt li na l khi bn upgrade vi phin bn c
hn.
# rpm -Uvh foo-1.0-1.i386.rpm
foo package foo-2.0-1 (which is newer) is already installed
Trong trng hp ny bn thm tham s --oldpackage
# rpm -Uvh --oldpackage foo-1.0-1.i386.rpm
foo ####################################
III.4. Truy vn cc phn mm
truy vn thng tin t c s d liu ca nhng package ci t bn dng.
# rpm -q tn-package
V d:
# rpm -q foo
foo-2.0-1 //kt qu truy vn
Thay v xc nh tn package, bn c th s dng thm mt s tham s khc kt hp vi -q
xc nh package m bn mun truy vn, chng c gi l Package Specification Options
+ -a : Truy vn tt c cc package.
+ -f <tp-tin>: Truy vn nhng package cha tp-tin. Khi xc nh tp tin bn phi ch r
ng dn (v d : /usr/bin/ls)
+ -p <tn-tp-tin-package> : Truy vn package tn-tp-tin-package
C mt s cch xc nh nhng thng tin hin th v package. Sau y l cc ty chn s dng
xc nh loi thng tin cn tm kim. Chng c gi l Information Selection Options
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 69/271

+ -i : xc nh cc thng tin v package bao gm : tn, m t, phin bn, kch thc,
ngy to, ngy ci t, nh sn xut
+ -l : Hin th nhng tp tin trong package.
+ -s : Hin th trng thi ca cc tp tin trong package.
+ -d : hin th danh sch tp tin ti liu cho package ( v d man, README, info file )
+ --c : hin th danh sch tp tin cu hnh.
III.5. Kim tra cc tp tin ci t
Kim tra xem tp tin ci t vi cc tp tin gc ca package. Cc thng tin dng kim tra l :
kch thc, MD5 checksum, quyn hn, loi tp tin, ngi s hu, nhm s hu tp tin.
+ rpm V tn-package :Kim tra tt c cc tp tin trong package.
+ rpm vf tn-file : Kim tra tp tin tn-file
+ rpm Va :Kim tra tt c cc package ci.
+ rpm Vp tn-tp-tin-RPM :Kim tra mt package vi tp tin package xc nh, thng
s dng trong trng hp c s d liu ca RPM b hng.
Khi kim tra nu khng c li th khng c hin th, nu khng th s thng bo ra. nh dng ca
dng thng bo gm 8 k t v tn tp tin. Mi k t biu din cho kt qu ca vic so snh mt
thuc tnh ca tp tin vi thuc tnh lu trong c s d liu RPM. Du chm (.) ngha l kim
tra xong. Nhng k t i din cho cc li kim tra.
+ 5 MD5 checksum
+ S kch thc tp tin
+ L lin kt mm
+ T - thi gian cp nht tp tin
+ D - thit b
+ U ngi s hu
+ G nhm s hu
+ M - quyn truy xut v loi tp tin.
+ ? khng tm thy tp tin
III.6. Ci t phn mm file ngun *.tar, *.tgz
Ngoi cc phn mm c ng gi dng file nh phn(file *.rpm) cn c cc phn mm c
cung cp dng file source code nh: *.tar hoc *.tgz. Thng thng ci t phn mm ny ta
cn phi da vo tr gip ca file gip trong tng chng trnh hoc phn mm, cc
file(README or INSTALL,) ny nm trong cc th mc con ca th mc sau khi ta dng lnh tar
gii nn source. thc hin vic ci t ny ta thng lm cc bc sau:
Bc 1: Gii nn file tar.
V d:
[root@bigboy tmp]# tar -xvzf linux-software-1.3.1.tar.gz
linux-software-1.3.1/
linux-software-1.3.1/plugins-scripts/
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 70/271

...
...
linux-software-1.3.1/linux-software-plugins.spec
[root@bigboy tmp]#
To cc th mc con cha cc file ci t
[root@bigboy tmp]# ls
linux-software-1.3.1 linux-software-1.3.1.tar.gz
[root@bigboy tmp]#

Bc 2: Chuyn vo th mc con v tham kho cc file INSTALL, README.
V d:
[root@bigboy tmp]# cd linux-software-1.3.1
[root@bigboy linux-software-1.3.1]# ls
COPYING install-sh missing plugins
depcomp LEGAL mkinstalldirs plugins-scripts
FAQ lib linux-software.spec README
Helper.pm Makefile.am linux-software.spec.in REQUIREMENTS
INSTALL Makefile.in NEWS subst.in
[root@bigboy linux-software-1.3.1]#

Bc 3: Sau ta da vo ch dn trong file (INSTALL, README) ci t phn mm.

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 71/271

Bi 5
Gii Thiu Cc Trnh Tin ch
Tm tt
L thuyt: 4 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu cc trnh
tin ch, cng c c
s dng ph bin trn
m trng Unix/Linux,
tr gip cho hc vin
s dng t chc v
qun tr h thng hiu
qu hn.

I. Trnh son tho vi
II. Trnh tin tch mail
III. To a mm boot
IV. Trnh tin ch setup
V. Trnh tin ch fdisk
VI. Trnh tin ch iptraf
VII. Trnh tin ch lynx
VIII. Trnh tin ch mc
Bi tp 5.1
(sch bi
tp Trnh
tinh ch)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 72/271

I. Trnh son tho vi
Vim l chng trnh son tho chun trn cc h iu hnh Unix. N l chng trnh son tho
trc quan, hot ng di 2 ch : Ch lnh (command mode) v ch son tho (input
mode). son tho tp tin mi hoc xem hay sa cha tp tin c bn dng lnh:
$vi [tn-tp-tin]
Khi thc hin, vi s hin ln mn hnh son tho ch lnh. ch lnh, ch c th s
dng cc phm thc hin cc thao tc nh: Dch chuyn con tr, lu d liu, m tp tin
miDo , bn khng th son tho vn bn. Nu mun son tho vn bn, bn phi chuyn
t ch lnh sang ch son tho. Ch son tho gip bn s dng bn phm son ni
dung vn bn.
I.1. Mt s hm lnh ca vi
- vi tp tin --> bt u dng 1
- vi +n tp tin --> bt u dng n
- vi +/pattern --> bt u pattern
- vi -r tp tin --> phc hi tp tin sau khi h thng treo
I.2. Chuyn ch lnh sang ch son tho
Di y l nhm lnh chuyn sang ch son tho. Ty theo yu cu m bn s dng hp
l.
- i trc du con tr
- I trc k t u tin trn dng
- a sau du con tr
- A sau k t u tin trn dng
- o di dng hin ti
- O trn dng hin ti
- r thay th 1 k t hin hnh
- R thay th cho n khi nhn <ESC>
I.3. Chuyn ch son tho sang ch lnh
Dng phm ESC (escape), sau s dng cc nhm lnh thch hp sau:
I.3.1 Nhm lnh di chuyn con tr
- h sang tri mt khong trng
- e sang phi mt khong trng
- <space> - nt -
- w sang phi 1 t
- b sang tri 1 t
- k ln mt dng
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 73/271

- j xung mt dng
- <return> - nt -
- ) cui cu
- ( u cu
- } u on vn
- { cui on vn
- ^-w n k t u tin chn vo
- ^-u cun ln 1/2 mn hnh
- ^-d ko xung 1/2 mn hnh
- ^-z ko xung 1 mn hnh
- ^-b ko ln 1 mn hnh
Lu : du ^ vit tt cho phm Ctrl
I.3.2 Nhm lnh xa
- Dw 1 t
- do n u dng
- d$ cui dng
- 3dw 3 t
- dd dng hin hnh
- 5dd 5 dng
- x xa 1 k t
I.3.3 Nhm lnh thay th
- cw Thay th 1 t
- 3cw Thay th 3 t
- cc Dng hin hnh
- 5cc 5 dng
I.3.4 Nhm lnh tm kim
- */and T k tip ca and
- *?and T kt thc l and
- */nThe Tm dng k bt u bng The
- n Lp li ln d tm sau cng
I.3.5 Nhm lnh tm kim v thay th
- :s/text1/text2/g Thay text1 thnh text2
- :1,$s/tp tin/th mc Thay tp tin bng th mc t hng 1 n cui.
- :g/one/s//1/g Thay th one bng 1
I.3.6 Copy and paste
- copy ta dng lnh y v paste dng lnh p
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 74/271

- y$ : copy t v tr hin ti ca cursor n cui dng.
- yy : copy ton b dng ti v tr cursor.
- 3yy : copy ba dng lin tip.
I.3.7 Undo
Thao tc undo cho php chng ta hy thao tc hin ti v quay v thao tc trc , trong vi thc
hin bng phm u.
I.3.8 Thao tc trn tp tin
- :w ghi vo tp tin
- :x lu v thot khi ch son tho
- :wq lu v thot khi ch son tho
- : w <filename> lu vo tp tin mi
- :q thot nu khng c thay i ni dung tp tin
- :q! thot khng lu nu c thay i tp tin
- :r m tp tin c .
II. Trnh tin tch mail
Trnh tin ch ny do Linux cung cp h tr cho vic gi v nhn mail.
$mail
Lnh ny s hin th ni dung cc mail trong mailbox theo th t vo trc ra sau. Sau khi hin
th mi mail s hin ln du ? ch lnh ca ngi s dng. cc thao tc c bn sau:
- newline Hin th mail k, nu khng cn th thot khi lnh.
- + ging nh newline
- p In thng bo
- s [tp tin] lu mail vo tp tin khc hoc mailbox
- w [tp tin] ging nh s nhng khng lu u thng bo
- d xa mail
- q thot khi tin ch
- x thot khi tin ch m khng thay i mail
- ! [lnh] thc hin [lnh] Unix
Gi mail: a vo lnh mail vi a ch ca ngi s dng. V d :
$ mail dung@fibi.hcm.vn
<ni dung>
^-D
Mail s c gi cho ngi s dng c tn l dung cng ty fibi vng hcm.vn. C th cng mt
lc gi mt thng bo cho nhiu ngi
$ mail dung@fibi.hcm.vn trung@fibi.hanoi.vn
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 75/271

Nhn mail : Khi login vo h thng nu c th h thng s thng bo You have mail khi c
th nh $mail nhn mail. Tng t ta c th dng cc tin ch nh: sendmail, pine thng qua
tr gip man.
III. Tin ch to a mm boot
Ta c th s dng lnh mkbootdisk to a mm khi ng h thng. Cc bc thc hin nh
sau:
- ng nhp vo h thng bng user root.
- Xem phin bng kernel ca Linux dng lnh ls /lib/modules/ hoc lnh uname r (trong v d
ny Linux kernel l 2.2.12-20).
- S dng lnh /sbin/mkbootdisk 2.2.12-20 t du nhc shell
- a a mm vo a khi c h thng yu cu (Insert a disk in /dev/fd0. Any information
on the disk will be lost.)
IV. Trnh tin ch setup
L trnh tin ch h tr ci t thit b, filesystem, thit lp cu hnh mng, dch v h thng, t
du nhc lnh ta enter vo lnh setup, dialog chn cng c s c hin th.

Ta c th dng chng trnh ny ci t thng cu hnh TCP/IP cho h thng, t giao din
trn ta chn item Network Configuration -> Run Tool

Sau khi ta chn Yes thc hin qu trnh cu hnh thch hp
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 76/271


Sau ta chn Ok -> Exit. C th dng lnh /etc/init.d/network restart cp nht li cc thng
s mng.
V. Trnh tin ch fdisk
L trnh tin ch cho php qun l a cng nh: to mi, xem thng tin v xa cc parttition
trong h thng. C php lnh:
#fdisk <device_name>
Trong <device_name> c th l /dev/hda hoc /dev/sda. Sau y l mt s lnh fdisk c bn.
Lnh Gii thch
P Lit k danh sch cc parttition
table
N To mi 1 parttition
D Xa parttition
Q Thot khi trnh tin ch
W To mi parttition
A Thit lp boot parttition
T Thay i system parttition ID
L Lit k loi partition (bao gm
ID)
Sau y l mt s bc to mi mt parttition vi dung lng 384M
Bc thc hin Gii thch
# fdisk /dev/hdb Khi to tin
ch fdisk
thao tc ln
Parttition
/dev/hdb
Command (m for help): p
Disk /dev/hdb: 64 heads, 63 sectors, 621
cylinders
Units = cylinders of 4032 * 512 bytes

Lit k danh
sch cc
partition trong
h thng.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-621, default
1):<RETURN>
Using default value 1
Last cylinder or +size or +sizeM or
+sizeK (1-621, default 621): +384M

To mi mt
primary
partition vi
kch thc
384MB
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 77/271

Command (m for help): p
Device Boot Start End Blocks Id
System
/dev/hdb1 1 196 395104
83 Linux

Xem thng tin
partition mi
va to

Lu : Sau khi ta dng fdisk to mt partition mi th ta phi reboot li h thng v dng lnh
mkfs t ext3 <filesystem> nh dng li partition trc khi s dng.
VI. Trnh tin ch iptraf
L trnh tin ch h tr vic theo di v gim st cc traffic trn mng, lu rng ta phi ci
chng trnh ny t a CDROM bng lnh rpm ivh iptraf...rpm
Sau y l mt s mn hnh minh ha cho vic s dng tin ch iptraf theo di lu
lng mng. T du nhc lnh enter vo lnh iptraf.

Tn tin ch Gii thch
IP traffic monitor Theo di ip trafic v TCP
connection
General interface
statistics
Xem cc thng tin tng qut
trn cc interface
Detailed interface
statistics
Xem thng tin chi tit trn tng
interface (tng s byte gi,
tng s byte nhn, ...)
Statistical breakdown ... Thng k cc packet b hy b
trn cc interface do mt s s
c mng
LAN station monitor Thng k thng tin t my
mng gi vo my ni b.
Filters... Cho php thit lp b lc thng
tin da theo cc giao thc
mng TCP/UDP...
Configure... Cu hnh cc thng s cho
trnh tin ch iptraf
VII. Trnh tin ch lynx
Lynx l mt trong nhng trnh duyt Web c giao din text. Lynx cho php ngi dng c th s
dng truy xut Web qua giao din text thay v s dng giao din ha ca XWindows. Lynx
c th s dng trong console, terminal hoc xterm. C php lnh lynx:
#lynx <URL>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 78/271

V d: #lynx webmail.tatavietnam.vn

Ta c th tham kho mn hnh chnh ca trnh duyt Web Browser xem tr gip:
V d: chn phm g duyt trang Web khc, phm o hiu chnh ty chn, phm p in thng
tin ra my in....
VIII. Trnh tin ch mc
GNU Midnight Commander l chng trnh qun l v thao tc trn file v th mc c s
dng trn Unix/Linux, s dng ta phi ci package mc, sau dng lnh mc kch hot
chng trnh, mc c kh nng cung cp tnh nng truyn file thng qua ftp v ssh.


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 79/271

Bi 6
Qun Tr Ngi Dng V Nhm
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu c ch t
chc v qun tr ngi
dng trn Linux.
I. Superuser
II. Thng tin ca User
III. Qun l ngi dng
IV. Nhm ngi dng
Bi tp 6.1
(tham kho
Sch bi
tp)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 80/271

I. Superuser
Trong h thng Linux, ti khon root c quyn cao nht c s dng bi ngi qun tr. S
dng quyn root chng ta thy rt thoi mi v chng ta c th thc hin cc thao tc m khng
phi lo lng g n vn quyn truy cp v root c quyn cao nht trong h thng. Tuy nhin, khi
h thng b s c do mt li lm no , chng ta mi thy s nguy him khi lm vic vi quyn
root, do vy chng ta ch s dng ti khon ny vo cc mc ch cu hnh, bo tr h thng ch
khng nn s dng vo mc ch hng ngy. Bn cn to cc ti khon (account) cho ngi s
dng thng sm nht c th c (u tin l cho bn thn bn). Vi nhng server quan trng
v c nhiu dch v khc nhau, bn c th to ra cc superuser thch hp cho tng dch v
trnh dng root cho cc cng tc ny. V d nh superuser cho cng tc backup ch cn chc
nng c (read-only) m khng cn chc nng ghi.
Ti khon root ny c quyn hn rt ln nn n l mc tiu m cc k xu mun chim ot,
chng ta s dng ti khon root phi cn thn, khng s dng ba bi trn qua telnet hay kt ni
t xa m khng c cng c kt ni an ton.
Trong Linux, chng ta c th to ti khon c tn khc nhng c quyn ca root, bng cch to
user c UserID bng 0. Cn phn bit bn ang login nh root hay ngi s dng thng thng
qua du nhc ca shell.
login: natan
Password:****
[natan@NetGroup natan]$ su -
Password: ****
[root@NetGroup /root]#
Dng th t vi du $ cho thy bn ang kt ni nh mt ngi s dng thng (natan). Dng
cui cng vi du # cho thy bn ang thc hin cc lnh vi root. Lnh su user_name cho php
bn thay i login di mt ti khon khc (user_name) m khng phi logout ri login tr li.
II. Thng tin ca User
Mi ngi mun ng nhp v s dng h thng Linux u cn c 1 ti khon. Vic to v qun
l ti khon l vn quan trng m ngi qun tr phi thc hin. Tr ti khon root, cc ti
khon khc do ngi qun tr to ra.
Mi ti khon ngi dng phi c mt tn s dng (username) v mt khu (password) ring.
Tp tin /etc/passwd l tp tin cha cc thng tin v ti khon ngi dng ca h thng.
II.1. Tp tin /etc/passwd
Tp tin /etc/passwd ng vai tr sng cn i vi mt h thng Unix/Linux. Mi ngi u c th
c c tp tin ny nhng ch c root mi c quyn thay i n. Tp tin /etc/passwd c lu
di dng vn bn nh hu ht cc tp tin cu hnh khc ca Linux. Chng ta th xem qua ni
dung ca tp tin passwd:
root:x:0:0:root:/root:/bin/bash
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 81/271

bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:
news:x:9:13:news:/var/spool/news:
ftp:x:14:50:FTP User:/var/ftp:
nobody:x:99:99:Nobody:/:
nscd:x:28:28:NSCD Daemon:/:/bin/false
mailnull:x:47:47::/var/spool/mqueue:/dev/null
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/bin/false
xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false
nthung:x:525:526:nguyen tien hung:/home/nthung:/bin/bash
natan:x:526:527::/home/natan:/bin/bash
Mi ti khon c lu trong mt dng gm 7 ct:
- Ct 1 : Tn ngi s dng.
- Ct 2 : M lin quan n mt khu ca ti khon v x i vi Linux. Linux lu m ny trong
mt tp tin khc /etc/shadow m ch c root mi c quyn c.
- Ct 3:4 : M nh danh ti khon (user ID) v m nh danh nhm (group ID).
- Ct 5 : Tn y ca ngi s dng. Mt s phn mm ph password s dng d liu ca
ct ny th on password.
- Ct 6 : th mc c nhn. (Home Directory)
- Ct 7 : Chng trnh s chy u tin sau khi ngi dng ng nhp vo h thng.
Dng u tin ca tp tin /etc/passwd m t thng tin cho user root (ch l tt c nhng ti
khon c user_ID = 0 u l root), tip theo l cc ti khon khc ca h thng (y l cc ti
khon khng c tht v khng th login vo h thng), cui cng l cc ti khon ngi dng
thng.
II.2. Username v UserID
Tn ngi dng l chui k t xc nh duy nht mt ngi dng, ngi dng s dng tn ny
khi ng nhp cng nh truy xut ti nguyn, trong Linux tn ngi dng c s phn bit gia
ch hoa v thng. Thng thng, tn ngi dng thng s dng ch thng. d dng
trong vic qun l ngi dng, ngoi tn ngi dng Linux cn s dng khi nim nh danh
ngi dng (user _ID). Mi ngi dng c mt con s nh danh ring.
Linux s dng s nh danh kim sot hot ng ca ngi dng. Theo qui nh chung,
nhng ngi dng c nh danh l 0 l ngi dng qun tr (root). Cc s nh danh t 1- 99 s
dng cho cc ti khon h thng, nh danh ca ngi dng bnh thng s dng gi tr bt u
t 100.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 82/271

II.3. Mt khu ngi dng
Mi ngi dng c mt mt khu ring s dng ti khon ca mnh. Mi ngi u c quyn
i mt khu ca chnh mnh. Ngi qun tr th c th i mt khu ca nhng ngi khc.
Unix truyn thng lu cc thng tin lin quan ti mt khu ngi dng trong tp tin /etc/passwd.
Tuy nhin, mi ngi dng u c c tp tin ny do mt s yu cu cho hot ng bnh
thng ca h thng (nh chuyn User ID thnh tn khi hin th trong lnh ls chng hn) v nhn
chung cc ngi dng t mt khu yu do hu ht cc phin bn Unix mi u lu mt
khu(c m ha) thc s trong mt tp tin khc /etc/shadow v ch c root c quyn c
tp tin ny.
Ch : Theo cch xy dng m ha mt khu, ch c 2 cch ph mt khu l vt cn (brute force)
v on. Phng php vt cn, theo tnh ton cht ch, l khng th thc hin ni v i hi thi
gian tnh ton qu ln, cn on th ch tm ra nhng mt khu ngn, hoc yu, v d nh
nhng t tm thy trong t in nh god, darling
II.4. Group ID
Khi nim Group ID nh danh nhm ca ngi dng, thng qua Group ID ny gip ta c th
xc nh ngi dng thuc nhm no, thng thng trn Linux GID c mc nh to ra khi
ta to mt user v c gi tr >= 500.
II.5. Home directory
Khi ngi dng login vo h thng c t lm vic ti th mc c nhn ca mnh. Thng th
mi ngi c mt th mc c nhn ring, ngi dng c ton quyn trn , n dng cha
d liu c nhn v cc thng tin h thng cho hot ng ca ngi dng nh bin mi trng,
script khi ng, profile khi s dng X window Home directory ca ngi dng thng l
/home; cho root l /root. Tuy nhin chng ta cng c th t vo v tr khc thng qua lnh
useradd hoc usermod
III. Qun l ngi dng
III.1. To ti khon ngi dng
to mt ti khon, bn c th s dng lnh useradd, c php lnh useradd nh sau:
#useradd [-c li_m_t_v_ngi_dng] [-d th_mc_c_nhn] [-m] [-g nhm_ca_ngi_dng]
[tn_ti_khon]
Lu : Tham s m c s dng to th mc c nhn nu n cha tn ti. V ch c root
c php s dng lnh ny.
V d:
# useradd c Nguyen van B nvb
Dng lnh passwd <username> t mt khu cho ti khon.
# passwd nvb
Changing password for user nvb
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 83/271

New UNIX password: ****
Retype new UNIX password: ****
passwd: all authentication tokens updated successfully
V vn an ninh cho my Linux v s an ton ca ton h thng mng, vic chn ng
password l rt quan trng. Mt password gi l tt nu:
- C di ti thiu 6 k t.
- Phi hp gia ch thng, ch hoa, s v cc k t c bit.
- Khng lin quan n tn tui, ngy sinh ca bn v ngi thn.
Trong v d trn, bn to ti khon ngi dng v khng quan tm g n nhm (group) ca
ngi dng. S thun li nu bn nhm nhiu ngi dng c cng mt chc nng v cng chia
s nhau d liu vo chung mt nhm. Mc nh khi bn to mt ti khon, Linux s to cho mi
ti khon mt nhm, tn nhm trng vi tn ti khon. c tp tin /etc/passwd ta thy:
nvb:x:1013:1013::/home/nvb:/bin/bash
nvb c user_ID 1012 v thuc nhm 1013.
Xem tp tin /etc/group ta thy:
# more /etc/group
root:x:0:root

users:x:100:

nvb:x:1013:
Bn c th kt np ti khon nvb vo nhm users bng cch thay s 1013 bng 100, l group_ID
ca nhm users. Ta c th dng lnh useradd d xem cc thng s mc nh khi ta to ti
khon ngi dng (cc thng tin ny c lu trong th mc /etc/default/useradd):
# useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
III.2. Thay i thng tin ca ti khon
Bn c th thay i li thng tin ti khon t tp tin /etc/passwd hoc dng lnh usermod. C
php ca lnh usermod:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 84/271

#usermod [-c m_t_thng_tin_ngi_dng] [-d th_mc_c_nhn] [-m] [-g
nhm_ca_ngi_dng] [tn_ti_khon].
V d: Cho ti khon nvb vo nhm admin
#usermod g admin nvb
III.3. Tm kha ti khon ngi dng
tm thi kha ti khon trong h thng ta c th dng nhiu cch:
Kha (locking) M kha (unlock)
passwd l <username> passwd u
usermod L <username> usermod U
Ta c tm kha ti khon bng cch chnh sa tp tin /etc/shadow v thay th t kha x bng t
kha * hoc c gn /bin/false vo shell mc nh ca user trong file /etc/passwd
III.4. Hy ti khon
Lnh userdel dng xa mt ti khon. Ngoi ra, bn cng c th xa mt ti khon bng cch
xa i dng d liu tng ng vi ti khon trong tp tin /etc/passwd. C php ca lnh:
#userdel <option> [username]
V d xa ti khon nvb (dng ty chn r xa ton b thng tin lin quan ti user ) :
#userdel r nvb
IV. Nhm ngi dng
Thit lp nhng ngi dng c chung mt s c im no hay c chung quyn hn trn ti
nguyn vo chung mt nhm. Mi nhm c mt tn ring v mt nh danh nhm, mt nhm c
th c nhiu ngi dng v ngi dng c th l thnh vin ca nhiu nhm khc nhau. Tuy
nhin ti mt thi im, mt ngi dng ch c th l thnh vin ca mt nhm duy nht.
Thng tin v nhm lu ti tp tin /etc/group. Mi dng nh ngha mt nhm, cc trng trn dng
cch nhau bng du :
<tn-nhm>:<password-ca-nhm>:<nh-danh-nhm:cc-user-thuc-nhm>
IV.1. To nhm
Chng ta c th chnh sa trc tip trong tp tin /etc/group hoc dng lnh groupadd. C php
ca lnh:
#groupadd [tn-nhm]
IV.2. Thm ngi dng vo nhm
Chng ta c th sa t tp tin /etc/group, cc tn ti khon ngi dng cch nhau bng du ;.
Mt cch khc l cho tng ngi dng vo nhm bng lnh:
#usermod g [tn-nhm tn-ti-khon]
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 85/271

Hay sa thng tin ti khon trc tip trong tp tin /etc/passwd thng qua vic chnh sa li nh
danh nhm trong dng khai bo ti khon ngi dng.
IV.3. Hy nhm
Ta c th xa trc tip nhm trong tp tin /etc/group hay dng lnh:
#groupdel [ tn-nhm]
IV.4. Xem thng tin v user v group
Ta c th dng lnh groups hoc id xem thng tin v mt ti khon hay mt nhm no
trong h thng, c php lnh:
#id <option> <username>
V d: Ta mun xem groupID ca mt user tdnhon ta dng lnh:
#id g tdnhon
Ta c th xem tn nhm ca mt user no ta dng lnh groups <username>
V d:
[root@server root]# groups root
root : root bin daemon sys adm disk wheel


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 86/271

BI 7
Qun L Ti Nguyn a Cng
Tm tt
L thuyt: 3 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu c ch thit
lp hn ngch gii
hn ti nguyn a cho
ngi dng.
I. Gii thiu QUOTA
II. Thit lp QUOTA
III. Kim tra v thng k hn nghch
IV. Thay i Grace Periods
Bi tp 7.1
(sch bi
tp)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 87/271

I. Gii thiu QUOTA
Mt cng c tt nht qun l ti nguyn a cng l quota. Quota c dng hin th vic
s dng v gii hn a cng i vi ngi dng. Khng phi p dng quota cho tt c nhng h
thng tp tin. Ch c nhng h thng tp tin no cn thit chng ta mi dng quota (v d nh
/home - /home phi l mt partition). Khi c gi, quota s c tp tin /etc/fstab v kim tra
nhng tp tin h thng trong tp tin ny. gip cho vic gii hn c hiu qu, trc khi cu
hnh bn cn hiu nhng khi nim sau:
- Gii hn cng(Hard Limit): nh ngha dung lng a cng ti a m ngi dng c th
s dng. Nu ngi dng c tnh lu nhng thng tin vo th nhng thng tin trc c
th b xa v y ln dn. Vic gii hn ny tht mnh m v cn thit i vi mt s ngi
dng.
- Gii hn mm(Soft Limit): nh ngha dung lng a cng ti a m ngi dng c th s
dng. Tuy nhin, khng ging nh gii hn cng, gii hn mm cho php ngi dng s
dng vt qu dung lng cho php trong mt khong thi gian no . Thi gian ny c
xc nh trc v gi l thi gian gia hn (grace period). Khi ngi dng vt qu dung
lng cho php, h s nhn mt li cnh bo trc. Mt kin hay l bn cu hnh gii hn
mm nh hn gii hn cng, v cu hnh khi ngi dng vt qu dung lng cho php h
thng s gi mt li cnh bo trc khi cho php ngi dng lu d liu.
- Thi gian gia hn(Grace Period): L thi gian cho php ngi dng vt qu dung lng
a cng c cp php trong gii hn mm.
II. Thit lp Quota
Qu trnh thit lp quota s tri qua nhng bc sau:
- Chnh sa tp tin /etc/fstab.
- Thc hin quotacheck.
- Phn b quota.
II.1. Chnh sa tp tin /etc/fstab
M tp tin /etc/fstab thm mt s thng s gii hn usrquota (cho ngi dng), grpquota(cho
nhm). V d file /etc/fstab:
/ dev/ md0 / ext 3 def aul t s 1 1
LABEL=/ boot / boot ext 3 def aul t s 1 2
none / dev/ pt s devpt s gi d=5, mode=620 0 0
LABEL=/ home / home ext 3 ef aul t s, usrquota,grpquota 1 2
none / pr oc pr oc def aul t s 0 0
none / dev/ shm t mpf s def aul t s 0 0
/ dev/ md1 swap swap def aul t s 0 0
Trong v d trn, ta t cu hnh hn ngch trn h thng tp tin /home cho c ngi dng v
nhm bng cch thm cc ty chn usrquota,grpquota (Trong usrquota t hn ngch cho
user v grpquota s dng cho nhm).
Sau ta to cc tp tin lu tr thng tin cu hnh cho user(aquota.user), cho
nhm(aquota.group) trong th mc /home v t quyn hn ln hai tp tin ny.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 88/271

#touch aquota.user
#chmod 600 aquota.user
#touch aquota.group
#chmod 600 aquota.group
Sau ta phi reboot li h thng remount li file system /home thng qua lnh init 6.
II.2. Thc hin quotacheck
Sau khi cp php quota v gn kt li h thng tp tin, h thng by gi c kh nng lm vic
quota. Tuy nhin, nhng h thng tp tin ny cng cha thc s sn sng, cho nn chng ta cn
dng quotacheck. Lnh quotacheck s kim tra nhng h thng tp tin c cu hnh quota v
xy dng li bng s dng a hin hnh.
#quotacheck avug
Nhng ty chn:
+ -a : kim tra tt c nhng h thng tp tin cu hnh quota.
+ -v : Hin th thng tin trng thi khi kim tra.
+ -u : kim tra quota ca ngi dng.
+ -g : kim tra quota ca nhm.
II.3. Phn b quota
Ngi qun tr h thng s thit lp quota cho ngi dng trong tp tin c tn aquota.user nm
trong h thng tp tin m chng ta mun cu hnh quota. Tng t, chng ta cng s thit lp
quota cho nhm trong tp tin aquota.group.
#edquota <option> <username>
Bn c th iu khin lnh quota mt cch hiu qu vi nhng ty chn sau:
+ -g chnh sa quota cho nhm
+ -p sao chp quota ca mt ngi dng cho mt ngi dng khc
+ -u chnh sa quota cho ngi dng(mc nh ca lnh)
+ -t chnh sa thi gian ca gii hn mm.
V d: #edquota u hv
Disk quotas for user mp3user (uid 503):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 24 0 0 7 0 0
- Blocks: Dung lng(block) user ang s dng
- Inodes: S lng file user ang s dng.
- Soft Limit: Dung lng gii hn mm (blocks/inodes), thng thng kch thc ny phi <=
kch thc gii hn cng. Nu user s dng qu dung lng ny th quota s cp mt
khong thi gian(grace periods). Khi Soft Limit bng 0 c ngha gii hn ny khng s dng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 89/271

- Hard Limit: Dung lng gii hn cng (blocks/inodes)
- Sau ta chn phm i edit cc thng s trn cho ph hp, sau chn phm Esc v chn
:x
Sau khi thit lp quota, bn phi khi ng quota ln bng lnh quotaon /dev/hda3
- Vi ty chn a ca lnh quotaon s kim tra tt c nhng h thng tp tin
- Lnh quotaoff th c tnh nng ngc li, tm ngng quota trn h thng tp tin.
III. Kim tra v thng k hn nghch
Ngi dng c th dng lnh quota v xem hn nghch, c php ca lnh:
#quota [ty_chn] [ngi_dng] [nhm]
Nhng ty chn ca lnh quota.
+ -g hin th quota ca nhm m ngi dng ny l mt thnh vin.
+ -q ch hin th nhng h thng tp tin c thit lp quota.
+ -u hin th quota ca ngi dng.
Ngoi ra ta c th s dng quotastats, repquota xem mt s thng tin thng k v hn
ngch.
V d:
# repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
------------------------------------------------------
root 52696 0 0 1015 0 0
...
...
...
mp3user 24 0 0 7 0 0

IV. Thay i Grace Periods
Ta c th dng lnh edquota t thay i grace periods cho filesystem, n v thi gian ny c
th seconds, minutes, hours, days, weeks, and months. thay i thng s ny sau khi ta dng
lnh edquota t ta dng i nhp gi tr (7days nu ta mun t 7 ngy) grace periods v dng :x
lu.
V d:
# edquota t
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
Filesystem Block grace period Inode grace period
/dev/hda3 7days 7days



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 90/271


BI 08
Cu Hnh Mng
Tm tt
L thuyt: 5 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu mt s thao
tc cu hnh mng,
cc phng thc qun
tr mng t xa, cu
hnh DHCP cp
pht a ch IP ng
cho my trm.
I. t tn my
II. Cu hnh a ch IP cho NIC
III. Lnh netstat
IV. Thay i default gateway
VI. Dch v Telnet.
VII. Secure Remote Access SSH
(Secure Shell).
VIII. Dynamic Host Configuration
Protocol.

Bi tp 8.1
(sch bi
tp.)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 91/271

I. t tn my
Lnh hostname dng xem v cu hnh tn my tnh. Khi ta dng lnh hostname khng km
theo tham s, iu ny c ngha l ta mun xem tn my ca h thng.
Tuy nhin ta cng c th dng lnh hostname <hostname> t tn my cho h thng ni b,
tn my s c thay i mt khi user logoff v logon tr li. lnh hostname ch t tn my tm
thi, khi h thng reboot li th tn my s tr v tn c trc . Thng tin v tn my tnh c
lu trong tp tin /etc/hosts bao gm cc thng tin sau:
a ch ip <tn my>
Nu ta mun thay i tn my c nh v s c lu li sau khi h thng reboot, ta s thay i
thng s HOSTNAME=<hostname> trong tp tin /etc/sysconfig/network m t thng tin v ng
mng:
NETWORKING=yes
HOSTNAME=Server
II. Cu hnh a ch IP cho NIC
II.1. Xem a ch IP
Xem thng tin a ch IP ca PC ta dng lnh ifconfig, lnh ny c s dng trn Unix/Linux.
eth0 l tn ca card mng trong, lo l tn ca loopback interface. V d sau ta dng lnh ifconfig
a xem thng tin cu hnh mng trn card mng.
# ifconfig a
eth0 Link encap:Ethernet HWaddr 00:0C:29:6D:F0:3D
inet addr:172.29.14.150 Bcast:172.29.14.159
Mask:255.255.255.224
inet6 addr: fe80::20c:29ff:fe6d:f03d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:6622 errors:0 dropped:0 overruns:0 frame:0
TX packets:1425 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:793321 (774.7 Kb) TX bytes:240320 (234.6 Kb)
Interrupt:10 Base address:0x1080
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:76 errors:0 dropped:0 overruns:0 frame:0
TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8974 (8.7 Kb) TX bytes:8974 (8.7 Kb)
II.2. Thay i a ch IP
Ta c nhiu cch thay i a ch IP ca PC trn Linux, sau y l ba cch c bn nht:
- Cch 1: Dng lnh ifconfig <interface_name> <IP_address> netmask <netmask_address>
up
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 92/271

V d :
[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Ch : Khi dng lnh ny thay i a ch IP th h thng lu tr tm thi thng tin cu hnh ny
trong b nh v s b mt khi h thng reboot li, cho thng tin ny c th c lu gi li sau
khi reboot h thng th ta phi thm lnh trn vo tp tin /etc/rc.local.
- Cch 2: Ta c th thay i thng tin cu hnh mng trc tip trong file /etc/sysconfig/network-
scripts/ifcfg-eth0(ta c th dng chng trnh mc edit file ny)
Gn a ch IP tnh(tham kho file ifcfg-eth0 )
# Advanced Micro Devices [AMD]|79c970 [PCnet32
LANCE]
DEVICE=eth0
BOOTPROTO=static
BROADCAST=172.29.14.159
HWADDR=00:0C:29:6D:F0:3D
IPADDR=172.29.14.150
NETMASK=255.255.255.224
NETWORK=172.29.14.128
ONBOOT=yes
TYPE=Ethernet

Gn a ch IP ng(tham kho file ifcfg-eth0)
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
Sau ta dng lnh:
# ifdown eth0
# ifup eth0
Cch 3: Ta dng trnh tin ch setup cu hnh(tham kho trnh tin ch setup trong bi hc
Trnh Tin ch)
II.3. To nhiu a ch IP trn card mng
Thng thng phng thc to nhiu a ch IP trn card mng c gi l IP alias. Alias ny
phi c tn dng: parent-interface-name:X , trong X l ch s ca interface th cp
(subinterface number). to Alias IP ta dng hai cch sau:
Cch 1:
- Bc 1: m bo rng tn interface tht phi tn ti, v kim tra cc IP Alias trong h thng
c tn ti hay khng.
- Bc 2:To Virtual interface dng lnh ifconfig:
# ifconfig ifcfg-eth0:0 192.168.1.99 netmask 255.255.255.0 up
Hoc to mt tn file /etc/sysconfig/network-scripts/ifcfg-eth0:0 t file /etc/sysconfig/network-
scripts/ifcfg-eth0 sau ta thay i thng tin a ch trong file ny.
- Bc 3: Bt v tt alias interface thng qua lnh ifconfig
# ifup eth0:0
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 93/271

# ifdown eth0:0
Hoc dng lnh /etc/init.d/network restart
- Bc 4: Kim tra thng tin cu hnh alias interface dng lnh ifconfig:
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:6D:F0:3D
inet addr:172.29.14.150 Bcast:172.29.14.159 Mask:255.255.255.224
inet6 addr: fe80::20c:29ff:fe6d:f03d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7137 errors:0 dropped:0 overruns:0 frame:0
TX packets:1641 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:848367 (828.4 Kb) TX bytes:265688 (259.4 Kb)
Interrupt:10 Base address:0x1080
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:6D:F0:3D
inet addr:172.29.15.150 Bcast:172.29.15.159 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7137 errors:0 dropped:0 overruns:0 frame:0
TX packets:1641 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:848367 (828.4 Kb) TX bytes:265688 (259.4 Kb)
Interrupt:10 Base address:0x1080
Cch 2:
- To tp tin parent-interface-name:X bng cch copy file /etc/sysconfig/network-scripts/ifcfg-
eth0 thnh file /etc/sysconfig/network-scripts/ifcfg-eth0:X (trong X l s th t ca
subinterface).
- Thay i thng tin cu hnh mng trong file ifcfg-eth0:X (cc thng tin in m l thng tin bt
buc ta phi thay i)
DEVICE=eth0:0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.29.14.151
NETMASK=255.255.255.224
GATEWAY=172.29.129
- Dng lnh service network restart
II.4. Lnh netstat
kim tra trng thi ca tt c cc card mng ta dng lnh:
#netstat in
V d:
#netstat in
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis
queue
le0 1500 172.16.0.0 172.16.12.2 1547 1 1127 0 135
0
lo0 1536 127.0.0.0 127.0.0.1 133 0 133 0 0
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 94/271

0


Ngoi ra ta cn c th dng lnh netstat rn xem bng routing table ca router (nu trong
trng hp h thng ca ta ng vai tr l router mm)
V d:
# netstat rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.29.15.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0
172.29.14.128 0.0.0.0 255.255.255.224 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
1.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
0.0.0.0 172.29.14.129 0.0.0.0 UG 0 0 0 eth0
III. Thay i default gateway
Vic ch nh a ch default gateway cho h thng l cng vic rt quan trng v default gateway
chnh l cu ni quan trng gip cho h thng ni b c th giao tip vi h thng bn ngoi v
ngc li, vic t a ch ny ty thuc vo tng h thng c th m ta c a ch default
gateway thch hp, t a ch default gateway trn Linux ta c th dng lnh route. Thng qua
lnh ny ta cng c th m t, cp nht cc con ng i h tr vic xy dng bng nh tuyn
trn router. Ta ch nh a ch 172.29.14.150 l default gateway cho h thng ni b, ta c th
dng lnh sau:
# route add default gw 172.29.14.150
Ta c th dng lnh route add ch nh nhiu default gateway:
# route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 eth0
hoc ta c th dng option host ch nh cho host:
# route add -host 10.0.0.1 gw 192.168.1.254 eth0
III.1. M t ng i (route) thng qua script file
Thng thng khi ta m t cc route cho bng routing table cho h thng khi ta mun trin khai
h thng ni b nh 1 router mm th ta dng file /etc/sysconfig/static-routes hoc c th dng
lnh cc route add trong file /etc/rc.d/rc.local, tuy nhin ta c th lm cch khc bng cch dng
to script file sau: /etc/sysconfig/network-scripts/route-*interface_name, trong interfacename
chnh l tn outgoing interface. C php ca file ny nh sau:
Destination/prefix_mask via gateway
Trong v d sau ta thm ng mng 10.0.0.0 v bng nh tuyn.
[root@bigboy tmp]# netstat nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@bigboy tmp]#
[root@bigboy tmp]# ./ifup-routes eth0 (->thc thi interface )
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 95/271

[root@bigboy tmp]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.0.0.0 192.168.1.254 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@bigboy tmp]#

III.2. Xa route trong bng nh tuyn
xa ng i(route) trong bng nh tuyn ta dng lnh route del
# route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.1.254 eth0
IV. Truy cp t xa
Khi cu hnh h thng kt ni vo mng, my ch s cung cp mt s dch v Internet. Thng
thng mi dch v Internet gn lin vi mt daemon v thc hin trong ch background.
Nhng daemon ny hot ng bng cch lin kt n mt cng no v sau i nhng yu
cu kt ni c gi n t chng trnh client. Khi mt kt ni xy ra n s to ra mt tin trnh
con m nhim kt ni ny v tip tc lng nghe nhng yu cu kt ni khc. Nu nh h thng
c qu nhiu daemon s lm tng x l ca CPU. khc phc iu ny, Linux to ra mt super-
server gi l Xinetd.
IV.1. xinetd
Mi dch v Internet u gn lin vi mt cng chng hn nh: smtp 25, pop3 110, dns 53...
Vic phn b ny do mt t chc qui nh.
Xinetd l mt Internet server daemon. Xinetd qun l tp trung tt c cc dch v Internet. Xinetd
qun l mi dch v tng ng vi mt cng(port). Xinetd lng nghe v khi nhn c mt yu
cu kt ni t cc chng trnh client, n s a yu cu n dch v tng ng x l. V sau
, Xinetd vn tip tc lng nghe nhng yu cu kt ni khc. Khi h iu hnh c khi ng,
Xinetd c khi to ngay lc ny bi script /etc/rc.d/init.d/xinetd. Khi Xinetd c khi to, n
s c thng tin t tp tin cu hnh /etc/xinetd.conf v s dn n th mc /etc/xinetd - ni lu tt
c nhng dch v m Xinetd qun l. Trong th mc /etc/xinetd, thng tin cu hnh ca mi ch
v c lu trong mt tp tin c tn trng vi tn dch v . Ni dung tp tin ca dch v telnet
c th nh sau:
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 96/271

server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
Nhng thuc tnh trong tp tin bao gm :
Tn ngha
Disable Tm nh ch dch v ny. C 2 gi tr: yes, no
Flags
Socket_type Loi socket. Trong trng hp ny l stream,
stream l mt loi socket cho nhng kt ni
connection-oriented chng hn nh TCP
Wait Thng ch lin quan n nhng kt ni c
loi socket l datagram. Gi tr ca n c th
l nowait, iu ny c ngha l xinetd s tip
tc nhn v x l nhng yu cu khc trong
lc x l kt ni ny. Hoc c th l wait
ngha l ti mt thi im xinetd ch c th x
l mt kt ni ti mt cng ch nh.
User Ch ra user chy dch v ny. Thng thng
l root.
Server Ch ra ng dn y n ni qun l dch
v
IV.2. Tp tin /etc/services
Khi xinetd c khi to n s truy cp n tp tin /etc/services tm cng tng ng vi tng
dch v. Ni dung ca tp tin ny nh sau:
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
systat 11/udp users
daytime 13/tcp
daytime 13/udp
qotd 17/tcp quote
qotd 17/udp quote
msp 18/tcp# message send protocol
msp 18/udp# message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp-data 20/udp
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 97/271

# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
telnet 23/udp
# 24 - private mail system
smtp 25/tcp mail
smtp 25/udp mail
time 37/tcp timserver
time 37/udp timserver
rlp 39/tcp resource # resource location
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
nameserver 42/udp name # IEN 116
Mi dng trong tp tin m t cho mt dch v, bao gm nhng ct sau:
- Ct 1: tn ca dch v.
- Ct 2: s cng v giao thc m dch v ny hot ng.
- Ct 3: danh sch nhng tn gi khc ca dch v ny.
IV.3. Khi ng xinetd
Sau khi chnh sa tp tin cu hnh ca tng dch v trong th mc /etc/xinetd, ta thc hin lnh
sau c li ni dung ca tp tin cu hnh :
/etc/rc.d/init.d/xinetd restart
V. Telnet
V.1. Khi nim telnet
V mt l do no ngi dng khng th ngi trc tip trn my Linux lm vic. Dch v telnet
h tr cho ngi dng trong vn lm vic t xa, . Nhng m bo tnh bo mt cho h
thng, mt iu cnh bo l chng ta khng nn lm vic t xa bng telnet m nn lm vic trc
tip ti my Linux.
V.2. Ci t
Thng thng khi ci t Linux, dch v telnet c ci sn. Nu cha ci bn c th ci
telnet server t packet bng dng lnh sau :
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 98/271

rpm i telnet-server-0.17-20.i386.rpm
V.3. Cu hnh
C nhiu cch cu hnh telnet server, sau y l hai cch cu hnh c bn nht:
- Cch 1: Da vo tp tin cu hnh, Khi ci t xong trong th mc /etc/xinetd.d s xut hin
tp tin telnet. Tp tin ny lu nhng thng tin cu hnh v dch v telnet.
service telnet
{
disable = yes
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
Nu disable l no th TELNET server c khi ng, ngc li nu disable l yes th TELNET
server khng c khi ng. Sau khi chnh sa tp tin cu hnh trn ta start, stop bng lnh :
/etc/rc.d/init.d/xinetd restart
Hoc dng lnh:
# service xinetd restart
- Cch 2: Cu hnh telnet Server bng dng lnh: chkconfig telnet on
Kim tra telnet thng qua lnh:
#netstat-a|grep telnet
tcp 0 0 *:telnet *:* LISTEN
Kim tra telnet c c t nh dch v h thng:
# chkconfig --list | grep telnet
telnet: on
Dng telnet server:
# chkconfig telnet off



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 99/271

V.4. Bo mt dch v telnet
1. Cho php telnet server hot ng trn tcp port khc
Nh ta bit telnet traffic khng c m ha do nu ta cho telnet server hot ng trn tcp
port 23 th khng c an ton v th ta c th t telnet server hot ng trn tcp port khc 23.
lm iu ny ta thc hin cc bc sau:
- Bc 1. M tp tin /etc/services v thm dng.
# Local services
stelnet 7777/tcp # "secure" telnet
- Bc 2. Chp file telnet thnh file stelnet.
# cp /etc/xinetd.d/telnet /etc/xinetd.d/stelnet
- Bc 3. Thay i mt s thng tin trong file file /etc/xinetd.d/stelnet
service stelnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
port = 7777
}
- Bc 4. Kch hot stelnet thng qua lnh chkconfig
# chkconfig stelnet on
- Bc 5. Kim tra hot ng stelnet thng qua lnh netstat.
# netstat -an | grep 777
tcp 0 0 0.0.0.0:7777 0.0.0.0:* LISTEN
Ta c th logon vo stelnet Server thng qua lnh:
# telnet 192.168.1.100 7777
2 .Cho php mt s a ch truy xut telnet.
Ta hiu chnh mt s thng s sau::
service telnet
{
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 100/271

flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
only_from = 192.168.1.100 127.0.0.1 192.168.1.200
}
VI. Secure Remote Access SSH (Secure Shell)
C rt nhiu ngi mun bit mt khu ca ngi dng root xm nhp vo h thng nhm
mc ch ph hoi h thng hay tm kim nhng thng tin no . Chng trnh telnet trong
Linux cho php ngi dng ng nhp vo h thng Linux t xa, nh n c khuyt im ca
chng trnh ny l tn ngi dng v mt khu gi qua mng khng c m ha. Do , n
rt d b nhng ngi khc nm gi v s l mi nguy him cho h thng. Phn mm Secure
Remote Access l mt s h tr mi ca Linux nhm khc phc nhc im ca telnet. N cho
php bn ng nhp vo h thng Linux t xa v mt khu s c m ha. V th, SSH an ton
hn nhiu so vi telnet.
VI.1. Ci t SSH Server trn Server Linux
Dng lnh rpm ci package openssh-server. *.rpm
rpm ivh openssh-server.*.rpm
Tp tin cu hnh /etc/ssh/sshd_config v /etc/ssh/ssh_config. start hay stop server dng lnh
sau:
/etc/init.d/sshd start/stop/restart
VI.2. S dng SSH Client trn Linux
Trn client(Linux hoc Unix) dng lnh ssh login vo server. C php ca lnh:
$ssh [ty_chn] [tn/IP_my] [ty_chn] [lnh]
V d: $ssh [l ] <tn_user> <ssh_address>
VI.3. Qun tr h thng Linux thng qua SSH client for Windows:
SSH client for Windows c thit k cho php ngi dng c th s dng/qun tr Unix/Linux
t h iu hnh Windows. Ta c th download phn mm ny t site:
http://www.ssh.com/support/downloads/. Phn mm ny h tr cho ngi dng c th lm vic t
xa, cung cp dch v sftp.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 101/271


Mn hnh SSH Client for Windows
VII. Dynamic Host Configuration Protocol
DHCP l mt dch v hu ch trong vic qun tr nhng mng ln hay mng c nhng ngi
dng di ng. DHCP Server l my cp pht a ch IP cho nhng my tnh khc trong mng,
DHCP client l cc my nhn a ch IP v nhng thng tin v mng khc t DHCP Server.
VII.1. Mt s c im cn lu trn DHCP Server
- Phi c mt a ch IP tnh.
- Khng phi l mt DHCP client.
- Cp pht a ch IP cho nhng my tnh trong mt khong a ch IP m ngi qun tr
nh ngha.
- C th cung cp a ch default gateway, DNS server, tn domain v NetBIOS name server
cho my tnh.
- Khng c hai my nhn cng a ch IP.
- a ch IP cp cho DHCP client s c lm mi khi my tnh khi ng li.
VII.2. u im ca vic s dng DHCP
Ngi qun tr khng cn t a ch IP cho tng my tnh trong mng
Ngi qun tr khng cn cung cp thng tin cho tng my iu ny tit kim c thi gian v
mt s chi ph khc.
VII.3. Cu hnh DHCP Server
cu hnh DHCP server bn cn phi ci package dhcpd.*.rpm ny trong a CD Linux.
Ci t DHCP bng lnh: #rpm ivh dhcpd.*.rpm
hon thnh vic cu hnh DHCP bn cn phi to ra tp tin cu hnh /etc/dhcpd.conf v chnh
sa tp tin ny. V d v ni dung cu hnh chnh ca tp tin dhcpd.conf
ddns-update-style interim;
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 102/271

default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1,
192.168.1.2;
option domain-name "example.com";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
}

Tp tin /var/lib/dhcp/dhcpd.leases. Tp tin ny c s dng bi daemon dhcpd lu nhng
thng tin v cc a ch IP c cp pht
VII.4. Khi ng dch v DHCP:
Sau khi thit lp nhng tp tin cu hnh, ta cn khi ng dch v bng lnh sau:
#/etc/init.d/dhcpd start

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 103/271

BI 9
SAMBA
Tm tt
L thuyt: 4 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu c ch chia
s ti nguyn trn h
thng Linux thng qua
dch v SAMBA.
I. Ci t SAMBA
II. Khi ng dch v SAMBA
III. Cu hnh Samba Server
IV. S dng SAMBA SWAT
V. Khi ng Samba Server
VI. S dng SMB client
VII. Mount th mc chia s
VIII. Mount t ng ti nguyn t
SMB Server
IX. M ho mt khu

Bi tp 9.1
(sch bi tp)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 104/271

Samba l chng trnh tin ch h tr vic chia s ti nguyn t h thng Linux vi cc h thng
khc(Linux, Windows), n h tr tnh nng gia nhp(join) Linux vi Windows nh gia nhp Linux
vo PDC trn Windows, gia nhp vo Windows Workgroup,
B Samba gm nhiu thnh phn. Daemon mang tn smbd cung cp dch v in n v tp tin. Tp
tin cu hnh ca Daemon ny l smb.conf, cn daemon nmbd th h tr dch v tn NETBIOS,
cho php cc my tnh khc truy cp v s dng cc ti nguyn c cp bi my ch Samba
Trnh smbclient, mt thnh phn khc ca b Samba, hot ng nh mt client bnh thng
ging nh ftp. Trnh tin ch ny dng khi bn truy cp nhng ti nguyn trn cc server tng
thch khc.
I. Ci t SAMBA
Bn c th ci t Samba trong qu trnh ci Linux hoc ci sau bng tin ch RPM, cc b ny
c tch hp vo Fedora CD, cc file ny bao gm:
- system-config-samba-1.2.15-0.fc2.1 ; h tr cu hnh trn giao din Xwindows
- samba-3.0.7-2.FC2 ; package chnh ca SAMBA.
- samba-client-3.0.7-2.FC2 ; package cho SAMBA Client.
- samba-common-3.0.7-2.FC2 ; h tr cc th vin cho SAMBA.
- samba-swat-3.0.7-2.FC2 ; h tr cu hnh SAMBA qua Web.
II. Khi ng dch v SAMBA
Bn c th khi ng dch v samba ti thi im boot ca h thng chkconfig.
# chkconfig smb on
Ta c th start/stop/restart samba thng qua lnh:
# service smb restart
kim tra samba c hot ng trong h thng hay khng
# pgrep smb
III. Cu hnh Samba Server
Tp tin cu hnh /etc/samba/smb.conf. y l mt tp tin c dng text. Cc thnh phn trong file
cu hnh:
Thnh phn Gii thch
[global] Cha cc tham s cu hnh
chung ca samba server.
[printers] Cha cc tham s s dng
cho vic cu hnh my in.
[homes] Ch nh SMB chia s th mc
home directory ca user.
[netlogon] Chia s logon script.
[profile] Chia s profile.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 105/271

III.1. on [global]
on ny kim sot tt c tham s cu hnh chung ca server smb. on ny cng cung cp gi
tr mc nh cho nhng on khc:
[global]
workgroup = LINUX ; ch ra nhm m my ny s tham gia
server string = Samba Server ;
hosts allow = 192.168.1. 192.168.2. 127. ; host c php truy xut n samba.
Guest account = pcguest ; cung cp username cho mt account khch trn server ca bn.
Account ny nhn din nhng user no c dng cc dch v samba dnh cho khch
Log file = /var/log/samba/smb.%m ; xc nh v tr tp tin log ca tng client truy cp samba.
Max log size = 50 ; kch thc ti a ca mt tp tin log (tnh bng kb)
encrypt passwords = yes ; cn hay khng cn m ho password khi ng nhp vo my ch
Samba. Mi password gi t Windows 9x u m ho. Do , nu ta chn no th my ch
samba s khng chp nhn s ng nhp ca bt k user no. Nu gi tr l yes th ch c cc
user c password trong tp tin /etc/samba/password l c th thy my ch Samba.
smb passwd file = /etc/samba/smbpasswd ; tp tin lu tr nhng user c php truy cp
n server smb. Mt s bin cn tham kho:
Tn bin M t gi tr
%S

Tn ca dch v hin hnh,
nu c
%P

Th mc gc ca dch v hin
hnh, nu c
%u tn user ca dch v hin hnh
%g tn ca nhm chnh ca %u
%U tn phin lm vic ca user
%G tn ca nhm chnh ca %U
%H th mc gc ca user
%v phin bn ca Samba
%h tn ca host m Samba ang
chy
%m tn NETBIOS ca my khch
%L tn NETBIOS ca my ch
%M tn Internet ca my khch
%I a ch IP ca my khch
%T ngy v gi hin hnh
%a kin trc ca my t xa. Ch c
mt s my c nhn din l
Win9x, WinNT, Win2k
III.2. on [homes]
Mc nh SMB chia s home ca tng ngi dng trong h thng cho php cc user c th
truy xut vo home directory ca mnh t my trm.
[homes]
comment = Home Directories ;
path = %H ;
read only = no ;
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 106/271

valid users = %S ; Ch nh tn user c php truy xut,
nu ta cho php group ta dng c php @group_name.
browseable = no ;
writeable = yes ;
create mask = 0750 ;

III.3. Chia s my in dng SMB
chia s my in, ta m t on [printers] trong file /etc/smb.conf
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = no
writable = no
printable = yes ; cho php in
create mask = 0700
III.4. Chia s th mc
Sau khi lp cu hnh mc nh cho server Samba, bn c th to ra nhiu th mc dng chung,
v quyt nh xem c nhn no, hoc group no c php s dng chng.
[dirshare]
comment =chia s th mc
path = /usr/local/share
valid users = hv1
browseable = yes
public = no
writable = yes
on trn to ra mt th mc chia s mang tn dirshare. ng dn n th mc ny l
/usr/local/share. V public l no nn ch c user hv1 c truy cp n th mc ny.
IV. S dng SAMBA SWAT
Swat l mt cng c cho php bn c th cu hnh SAMBA qua giao din Web. Nu ta
mun s dng cng c ny th ta phi ci thm package samba-swat-3.0.7-2.FC2.rpm (trong
Fedora Core).
IV.1. Tp tin cu hnh SAMBA SWAT
Trc khi cu hnh SAMBA-SWAT ta cn thit lp mt s thng s
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 107/271

disable = no
only_from = 172.29.14.149 localhost
Trong file /etc/xinetd.d/swat khi ng dch v SWAT v cho php cc host no c quyn truy
xut SAMBA SWAT qua Web.
service swat
{
disable = no
port = 901
socket_type = stream
wait = no
only_from = 172.29.14.149 localhost
user = root
server = /usr/sbin/swat
log_on_failure += USERID
}
IV.2. Truy xut SWAT t Internet Explorer
T IE ta truy xut SMB SWAT thng qua a ch http://172.29.14.150:901, Sau ta ch nh
username(root nu ta mun qun l SMB), v mt khu ng nhp:

Mn hnh ng nhp
Sau khi ng nhp thnh cng

Giao din Samba SWAT
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 108/271

IV.3. Cu hnh SAMBA SWAT
Thnh
phn
Gii thch

Cung cp cc ti liu tham
kho v samba.

Qun l thng tin cu hnh.

Qun l ti nguyn chia s

Qun l vic chia s my in

Qun l Server Type, Wins v
mt s tham s khc.

Qun l trng thi ca SAMBA,
theo di cc connection...

Xem cc thng tin cu hnh
trong file smb.conf

Qun l mt khu

V. Khi ng Samba Server
Server Samba gm 2 daemon smbd v nmbd. khi ng samba server ta dng script sau:
/etc/init.d/smb {start | stop | restart | status}
VI. S dng SMB client
T du nhc lnh ca shell ta s dng smbclient truy xut th mc chia s trn SMB Server
theo c php sau: Smbclient <//SMB_ServerName/Sharename> <option> <username>
V d:
[root@nhon xinetd.d]# smbclient //nhon/data -U hv
Password: ****
Domain=[NHON] OS=[Unix] Server=[Samba 3.0.7-2.FC2]
smb: \>
T du nhc lnh ny, bn c th ra bt k lnh no c lit k Bng sau thc thi c ch
download/upload t ti nguyn chia s:
Lnh Tham s M t
? hoc help [Lnh] xem gip ca lnh
! [lnh dng
shell]
thc thi lnh shell hoc a user
v du nhc shell
Cd [Th mc] Chuyn v th mc trn server
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 109/271

Lcd [Th mc] Chuyn v th mc my cc b
Del [Cc tp tin] Xa tp tin
Dir hoc ls [Cc tp tin] Lit k cc tp tin c chn
Exit hoc
quit
Khng c Thot khi chng trnh
smbclient
Get [tp tin][tn cc
b]
Sao chp tp tin trn my server
v my cc b. Nu tn cc b
khng ch ra s ly tn tp tin c
trn my server
Mget [cc tp tin] Sao chp tt c cc tp tin c
xc nh vo my cc b.
Md hoc
mkdir
[th mc] To th mc trn my server
Rd hoc
rmdir
[th mc] Xa th mc trn my server.
Put [tp tin] Sao chp tp tin t my cc b
vo my server
Mput [cc tp tin] Sao chp tt c tp tin t my
cc b vo my server
Print [tp tin] In tp tin trn my server
Queue Khng c Lit k tt c cc cng vic in n
ang xp hng ch trn my
server
VII. Mount th mc chia s
Ta c th nh x mt th mc chia s trn SAMBA Server vo a cc b thng qua
lnh smbmount. C php lnh:
[root@bigboy tmp]# mount -t smbfs o username=username,password=password
winclient/cdrom /mnt/cdrom
V d:
[root@nhon xinetd.d]# smbmount //nhon/data /mnt/smb -o username=hv,password=hv
VIII. Mount t ng ti nguyn t SMB Server
t ng mount mt ti nguyn chia s ta thc hin cc bc sau:
- Bc 1: To mt th mc mount point (v d /mnt/smb)
- Bc 2: m t dng sau y vo file /etc/fstab
//SMB_Server/share_name /mnt/smb smbfs credentials=/etc/cred 0 0
- Bc 3: To file /etc/cred m t thng tin username v mt khu.
username = <username>
password = <password>
- Bc 4: Dng lnh mount a update file /etc/fstab v kim tra.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 110/271

IX. M ho mt khu
Mc nh giao thc SMB ca Microsoft s dng password khng m ha (plain text). Tuy nhin,
Windows 2K (SP 3 tr ln) yu cu password m ha. Do , hoc l bn chnh li Registry ca
Windows s dng password khng m ha. Lc ny, bn phi chnh Registry ca tt c cc
my Windows. iu ny tht bt tin v c nguy c em li mt s xung t v rt c th sai st
hoc l bn cu hnh li Samba chp nhn password m ho. Bn cn lm theo cc bc sau:
- Bc 1: To mt tp tin mt khu ring cho Samba. T tp tin /etc/passwd c sn, to mt
tp tin mi bng cch dng lnh:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
vi mksmbpasswd l mt script ci sn trong h thng
- Bc 2: Dng lnh:
chmod 600 /etc/samba/smbpasswd
ch cp quyn c v ghi cho root
- Bc 3: Ngi dng cha c s dng samba khi ngi dng cha c cp
password v ghi vo tp tin trn. Bn dng lnh di y cp password cho user
smbpasswd <username>
vi username l nh danh ca ngi dng
- Bc 4: Chnh li tp tin smb.conf nh sau:
encrypt password = yes
smb passwd file = /etc/samba/smbpasswd
Khi ng li dch v samba dng lnh /etc/init.d/smb restart.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 111/271


BI 10
Network File System
Tm tt
L thuyt: 3 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu dch v NFS
thc thi c ch nh
x ti nguyn chia s
thnh filesystem cc
b.
I. Tng quan v qu trnh hot ng
ca NFS
II. Ci t NFS
III. Cu hnh NFS

Bi tp 10.1
(sch bi
tp)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 112/271

I. Tng quan v qu trnh hot ng ca NFS
NFS l dch v h tr c ch chia s ti nguyn gia cc my ch Linux. NFS c pht trin
cho php h thng ni b c th truy xut mt th mc trn h thng my khc bng cch mount
n vo h thng tp tin cc b, ngi qun tr trn NFS Server ch cn xut (export) cc th mc
cung cp cho cc NFS Client s dng.
I.1. Mt s lut chung khi cu hnh NFS
- Export cc th mc con ca th mc /.
- Khng xut nhng th mc con ca nhng th mc cha c export trc .
- Ch c export h thng tp tin cc b.
I.2. Mt s khi nim chnh v NFS
- Virtual filesystem (VFS) interface: l mt k thut t ng chuyn hng tt c cc truy
xut n NFS-mount file mt cch thng sut trn Remote Server. VFS gip bin i yu cu
nh dng file ph hp trn NFS Server.
- Stateless Operation: l nhng chng trnh c v ghi file trn h thng tp tin cc b da
vo h thng theo di v ghi nhn v tr c d liu thng qua con tr a ch pointer. Khi
NFS Server khng cn hot ng (hoc b li) th NFS Client s thit lp li gi tr cho pointer
l 0 v NFS Client c th pht hin (detect) khi NFS Server hot ng tr li.
- Caching: trn NFS Client lu li mt s d liu cn thit vo h thng cc b, iu ny
lm gim lu lng truy xut trn NFS Server.
- NFS Background Mounting: NFS Client s dng RPC mount file trn remote server, nu
Remote Server khng tn ti th ta c th dng lnh mount t ty chn bg ch nh
khong thi gian i trong 1 tun.
- Hard and Soft Mounts: Hard mount c ngha rng qu trnh mount file s lun lun c
tin hnh trn foreground hoc background m bo tnh thng nht d liu. Soft mount
l qu trnh s dng RPC mount remote file system, mt khi RPC b li v lp li nhiu ln
dn ti hot ng ca NFS b fail dn ti s thng nht d liu khng c m bo.
- NFS Versions: NFS hin ti c 3 phin bng 2, 3, and 4. i vi Version 2 h tr kch thc
ti 4GB, b gii hn 8 KB trong mi ln c v ghi d liu. NFS Version 3 h tr kch thc
file ti 264 1 bytes, c kh nng iu chnh kch thc vic c/ghi d liu gia NFS Client
v NFS Server. NFS Version 4 tng t nh NFS Version 3 nhng c tch hp thm mt
s tnh nng nh lock file v mout file c c tch hp vo NFS Daemon v c thc
hin mt cch c lp.
- Cc NFS Daemons quan trng nh: Portmap l Daemon quan trng qun l kt ni cho ng
dng, Portmap listen trn TCP port 111, ngoi ra cn c NFS Daemon, NFSLOCK Daemon,
NETFS Daemon.
II. Ci t NFS
NFS c ci t mc nh trn Redhat Linux, mc nh NFS c hot ng khi h thng khi
ng, ta c th dng mt s lnh sau y kim tra NFS c ci t trong h thng:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 113/271

# rpm -qa | grep nfs
redhat-config-nfs-1.1.3-1 ; kt qu hin th
nfs-utils-1.0.1-3.9 ; kt qu hin th
# rpm -q portmap
portmap-4.0-57 ; kt qu hin th
III. Cu hnh NFS
III.1. Cu hnh NFS Server
C hai NFS Server v NFS Client u phi ci NFS package. Trn NFS Server cn phi c cc
daemon portmap, nfs, and nfslock, sau ta tin hnh cu hnh NFS trong file /etc/exports
#/etc/exports
- Dng 1: /data/files *(ro,sync)
- Dng 2: /home 192.168.1.0/24(rw,sync)
- Dng 3: /data/test *.my-site.com(rw,sync)
- Dng4: /data/database 192.168.1.203/32(rw,sync)
Gii thch mt s v d v cu hnh NFS trn file /etc/exports
- Dng 1: Ch c c trn /data/files t bt k mng no.
- Dng 2: Read/Write trn th mc /home t tt c cc my trn mng 192.168.1.0
- Dng 3: Read/Write trn th mc /data/test t tt c cc my trong min my-site.com
- Dng 4: Read/Write trn th mc /data/database t my 192.168.1.203
Sau khi ta cu hnh xong ta phi reactive li NFS server cp nht li thng tin cu hnh.
III.1.1 Khi ng NFS Server:
t tnh nng h thng cho cc dch v:
# chkconfig --level 35 nfs on
# chkconfig --level 35 nfslock on
# chkconfig --level 35 portmap on
Khi to cc dch v lin quan.
#service portmap start
#service nfs start
# service nfslock start
III.1.2 Kim tra hot ng NFS
Ta c th dng lnh rpcinfo kim tra danh sch cc portmapper c ng k trn host.
# rpcinfo -p localhost
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 114/271

program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1024 nlockmgr
100021 3 udp 1024 nlockmgr
100021 4 udp 1024 nlockmgr
100005 1 udp 1042 mountd
100005 1 tcp 2342 mountd
100005 2 udp 1042 mountd
100005 2 tcp 2342 mountd
100005 3 udp 1042 mountd
100005 3 tcp 2342 mountd
III.2. Cu hnh NFS Client
Cu hnh mount NFS t ng thng qua file /etc/fstab ta thc hin cc bc sau:
- Bc 1. Khi cu hnh NFS Client ta phi khi ng NFS.
# chkconfig --level 35 netfs on
# chkconfig --level 35 nfslock on
# chkconfig --level 35 portmap on
#service portmap start
# service netfs start
# service nfslock start
Kim tra hot ng ca NFS
# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32768 status
100021 1 udp 32769 nlockmgr
100021 3 udp 32769 nlockmgr
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 115/271

100021 4 udp 32769 nlockmgr
100021 1 tcp 32769 nlockmgr
100021 3 tcp 32769 nlockmgr
100021 4 tcp 32769 nlockmgr
391002 2 tcp 32770 sgi_fam
- Bc 2. Mount mt ti nguyn t NFS Server bng cch dng /etc/fstab
MountPoint Type Options Dump FSCK
192.168.1.100:/data/files /mnt/nfs nfs soft,nfsvers=2 0 0
- Bc 3. Thc hin lnh mount a thc thi file /etc/fstab
# mkdir /mnt/nfs
# mount a ; cp nht li file exports
# ls /mnt/nfs
ISO ISO-RedHat kickstart RedHat
Mount NFS file thng qua lnh:
# mount -t nfs 192.168.1.100:/data/files /mnt/nfs
# ls /mnt/nfs
ISO ISO-RedHat kickstart RedHat
III.3. Kch hot file /etc/exports
Khi ta thay i cu hnh trong file /etc/exports th ta phi restart li NFS.
# exportfs -a
Export ch c entry mi trong file /etc/exports dng lnh
# exportfs -r
Xa hay thay i mt th mc chia s qua NFS ta phi umount th mc bng lnh umount
sau sa i li tp tin /etc/fstab, sau tin hnh reload li NFS bng lnh exportfs ua.
# umount /mnt/nfs
# exportfs -ua
# exportfs a
III.4. Troubleshooting NFS Server
theo di v x l cc s c trn NFS ta thc hin mt s lnh sau:
- Lit k cc export directory:
#showmount -a
- Lit k cc mounting file system
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 116/271

#df -F nfs
- Thng k li trn NFS
#nfsstat s
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 117/271

BI 11
LP TRNH SHELL TRN LINUX
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu cc chng
trnh SHELL ph bin
trn Linux, c im
ca cc chng trnh
SHELL, lp trnh shell
script t ng ha
thao tc qun tr.
I. Gii thiu v SHELL V Lp
Trnh SHELL
II. Mc ch v ngha ca vic lp
trnh Shell
III. iu khin Shell t dng lnh
IV. iu khin tp tin lnh
V. C php ngn ng Shell
Bi tp 11.1
(Sch bi
tp)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 118/271

I. Gii thiu v SHELL V Lp Trnh SHELL
I.1. Gii thiu v Shell
Shell l chng trnh lun c thc thi khi chng ta ng nhp h thng. N l chng trnh
cho php chng ta tng tc vi h thng. Hin ti c nhiu shell c sn trong h thng.
Shell cung cp cho ngi dng mt tp lnh ngi dng thao tc vi h thng. Khi ngi
dng thc hin lnh shell, shell s dch chng thnh cc li gi h thng v chuyn cho kernel x
l. Shell cng l mt trong cc ng dng m kernel qun l. Kernel chu trch nhim cp pht ti
nguyn duy tr cc tin trnh shell. Linux l h thng a ngi dng, khi mi ngi dng ng
nhp h thng, h s nhn c mt bn sao chp ca shell thao tc vi h thng.
I.1.1 Mt s c im ca shell
- X l tng tc ( Interative processing) : Ngi dng tng tc vi shell di dng i thoi
trc quan.
- Chy nn : Cc chng trnh trn shell c thi gian thc thi lu v chim t ti nguyn c th
cho php chy nn bn di trong khi ngi dng c th thc hin cc cng vic khc.
iu ny tng hiu qu s dng h thng.
- Chuyn hng (Redirection): C th linh hot chuyn i cc d liu ra vo chun v li.
- ng dn (pipe): Cho php thc hin nhiu lnh lin tip trong d liu ra ca lnh ny
c s dng nh d liu vo ca lnh kia.
- Tp tin lnh (shell script): To cc tp tin cha cc lnh lm vic theo trnh t. Cp quyn v
thc thi tp tin ny.
- Bin shell: shell h tr s dng cc bin lu tr cc thng tin iu khin hot ng.
- S dng li cc lnh thc hin ( history command). y l tnh nng rt c ch cho ngi
dng. thc hin li cc lnh mnh thc hin trc thay v phi g li.
- Cu trc lnh nh ngn ng lp trnh: Shell cho php s dng lnh nh ngn ng lp trnh,
bi n c th kt hp x l cc tc v phc tp.
- T ng hon tt tn tp tin, hoc lnh : Chng ta c th g phn u ca lnh hoc tp tin
sau dng <Tab> hon tt phn cn li.
- B danh cho lnh (command alias). Bn c th dng mt tn mi cho mt lnh. Sau s
dng tn ny thay th lnh : $alias dir=ls l. Lc ny ta s dng lnh dir dng nh ls l
I.1.2 Cc shell trong Linux.
Tn shell Lch s ra i
sh ( Bourne) Shell nguyn thy trong Unix
Csh, tcsh v zsh Shell s dng cu trc lnh ca ngn ng C
lm ngn ng script. Shell ny c to bi
Bill Joy, y l shell thng dng th 2 sau
bash
Bash Bash(bourne Again shell)l shell s dng
chnh trong Linux, ra i t d n GNU. Bash
c u im l m ngun m, c th download
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 119/271

t a ch http://www.gnu.org
Rc L shell m rng ca c shell vi nhiu tng
thch vi ngn ng C, ra i t d n GNU
Shell bash l shell mc nh trn Linux, ta c th dng lnh #echo xem tn shell s dng hin
ti ca h thng.
#echo $SHELL
I.2. Lp cu hnh mi trng ng nhp
Khi ngi dng ng nhp vo h thng, h s lm vic trong mi trng do Linux nh ngha
sn. Mi trng Linux cha cc thit lp v d liu c tnh nng kim tra phin lm vic ca bn
trong sut thi gian ng nhp. Tuy nhin, bn cng c th thay i nhng thit lp ny theo
ring ca mnh. Mi trng phin lm vic gm hai thnh phn:
- Thnh phn th nht gi l mi trng terminal iu khin terminal (chnh l mn hnh v
bn phm) ca bn.
- Thnh phn th hai gi l mi trng shell iu khin nhiu kha cnh khc nhau ca
shell, cng vi mi chng trnh bn thc hin.
I.2.1 Thit lp mi trng terminal
Thc ra phin ng nhp ca bn bao gm hai chng trnh ring bit nhng chy cng lc vi
nhau, to cho bn cm gic rng my ang phc v cho ring mnh. Mc d shell l chng trnh
nhn lnh v thi hnh, song trc khi shell nhn c lnh, tt c nhng g m bn g vo u
phi i qua mt trnh iu khin thit b gi l device driver. Driver kim sot terminal, nhn nhng
k t bn g vo ri sau quyt nh xem x l nh th no trc khi giao cho shell thng dch.
Tng t nh th, mi k t pht sinh t shell phi i ngang driver thit b trc khi n terminal.
Khi lm vic trn h thng Linux, chng trnh xem tt c cc thit b ni kt vi h thng u
nh nhau, mt s phm quan trng:
Phm M t
Interrupt nh ch thc hin mt chng trnh. Linux dng t hp phm
<Ctrl+C>.
Erase Xa k t cui cng trong vng m. l phm <Backspace>
Kill Xa ton b nhng g trong vng m trc khi chuyn sang shell hoc
chng trnh ng dng. Thng thng l phm <@>. Khng ging
nh trng hp bm phm dng, bn s khng thy hin ra du nhc
shell khi bm phm kill, bi v driver ch bn g tip vo.
End-of-line Bo cho driver bit bn g xong cc k t, v mun chng c
thng dch v chuyn sang shell hoc chng trnh. Linux s dng
phm <Enter>
End-of-file Bo cho shell thot ra v hin th du nhc ng nhp. K t cui tp tin
l <Ctrl+d>.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 120/271

I.2.2 Thit lp mi trng Shell
Khi ng nhp vo h thng, ngi dng s lm vic trong mi trng shell ca mnh do Linux
nh ngha trc. Trong mi trng shell gm nhiu bin. Khai bo mi bin c dng <BIN=gi-
tr>, ngha ca mt bin nh th no l ty bn ch nh. Tuy nhin, c mt s bin c
nh ngha sn. V d nh bin: TERM, PATH. Bng sau y lit k nhng bin mi trng ph
bin trong shell Bourne:
Bin M t
HOME=/home/ng-
nhp
HOME lp home directory ca bn.
ng-nhp l ID ng nhp. V d,
nu ID ng nhp ca bn l jack,
th HOME s l /home/jack
LOGNAME=ng-
nhp
My s t ng lp LOGNAME
bng ID ng nhp ca bn
PATH=ng-dn Ty chn ng-dn tr n danh
sch cc th mc m shell s duyt
qua tm lnh. V d, bn c th
lp ng dn nh sau:
PATH=/usr:/bin:/usr/local/bin
PS1=du-nhc PS1 l du nhc shell u tin
yu cu bn xc nh hnh dng ca
du nhc ring theo ca mnh. Nu
bn khng c thay i g du nhc
mc nh s l du $( cho ngi
dng khng phi l root). Bn c th
thay i, chng hn nh:
PS1=Enter Command >
PWD=th-mc Xc nh v tr ca bn trong h
thng tp tin
SHELL=shell SHELL xc nh shell m bn ang
s dng.
TERM=loi-terminal Kiu terminal bn dng
Lu : nu mun xc lp nhng bin mi trng, bn hy xc nh trong tp tin .bash_profile
(nu chy shell bash), trong tp tin .login (nu chy shell C) v trong tp tin .profile (nu chy
shell Bourne).
I.2.3 S dng cc bin Shell c bit
Bin HOME: lun xc nh home directory ca bn. Khi va ng nhp thnh cng, bn ngay
trong home directory.
- Mun tr v home directory ca mnh, bn ch cn g lnh cd.
- Bn c th dng bin HOME khi bin son shell script xc nh nhng tp tin trong home
directory.
- $HOME lun i din cho home directory ca bt k ai s dng lnh. Nu bn g lnh bng
$HOME th nhng ngi khc cng c th dng chung lnh.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 121/271

Bin PATH: Lit k cc th mc m shell s n tm nhng cu lnh. Shell tm cc th mc theo
th t lit k.
V d: Nu PATH=/bin:/usr/bin: Mi khi thng dch mt cu lnh, shell s tm trc tin trong th
mc /bin. Nu cha pht hin ra lnh cn tm, shell tip tc duyt sang th mc /usr/bin. Nu vn
cha c kt qu, shell li d sang th mc (th mc hin hnh). Chng ta nn xp tt c cc
shell script ca mnh vo mt th mc v ghi vo bin PATH. Nh th, sau ny cho d bn ang
th mc no th cng thc thi c nhng shell script .
Bin MAIL: Cha tn tp tin lu tr email ca bn. Mi khi nhn email, h thng s a vo tp
tin do bin MAIL xc nh. Nu bn c chng trnh thng bo mi khi c mail n, chng trnh
ny s lin h vi tp tin kt hp vi bin MAIL. Bin PS1: cha nhng chui k t m bn nhn
thy ti du nhc s khi.
Bin TERM: Dng nhn dng loi terminal. Nhng chng trnh no chy ch ton mn
hnh, v d nh vi, s tham kho bin TERM
Bin LOGNAME: Cha chui k t m h thng dng nhn dng ra user ng nhp. Bin ny
cn gip h thng bit bn l ch s hu cc tp tin v th mc, l ngi ra lnh chy mt s
chng trnh, v l tc gi ca email gi bng lnh write.
II. Mc ch v ngha ca vic lp trnh Shell
Shell l lp v bn ngoi ht nhn, l phn trung gian cho ngi dng thao tc vi ht nhn. Bn
rt quen thuc vi cc shell trong DOS nh command.com s dch cc lnh nh del, copy,
thnh nhng ngt cp thp ca h iu hnh DOS thc hin. Ngoi ra DOS cn cho chng ta
to cc tp tin .bat gm nhiu lnh thc hin trnh t. Shell trong DOS ni chung cn rt n gin
v khng s dng nhiu cc tc v h thng. Linux cung cp cc shell phong ph, uyn chuyn
hn. N cho php bn to nhng tp tin dng bat vi cu trc lp nh C, hay c th s dng
phi hp nhiu lnh shell vi nhau.
V d: bn c th kt hp lnh ls v more xem danh sch cc tp tin th mc theo tng trang.
ls l | more
Linux cho php kt hp d liu vo ra gia cc lnh vi nhau thng qua c ch chuyn tip
(redirect) v ng dn (pipe). Ngoi ra, Linux cho php s dng cc lnh c cu trc ging C nh
if, case, for y l im mnh ca shell trong Linux. Vi cc cu trc iu khin nh vy
chng ta x l c nhiu trng hp bng cch kt hp cc lnh shell vi cc iu kin x l.
Ngoi ra shell cn h tr ch ra vo d liu, tng tc cc bin mi trng.
Nhng chng trnh shell s gip ngi dng s dng v qun l h thng v dch v trn Linux.
V d nh khi ng hay ngng mt ng dng, bn c th vit mt on chng trnh shell thc
hin tc v ny. Chnh s a dng trong shell cho php ngi dng to ra chng trnh shell
qun l dch v h thng mt cch hiu qu.
III. iu khin Shell t dng lnh
Ngi dng c th s dng cc lnh shell t dng lnh. Khi ngi dng cha hon tt lnh th
shell hin th du > chng ta thm vo.
V d:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 122/271

$ if [ $file d ] ;
> echo ls $file
> else echo $file is not file
> fi
Chng ta s dng nhiu lnh trn mt dng cch nhau bng du chm phy (;)
V d:
cd /etc ; ls l
Bn ch cn g Enter th s thc hin cc lnh trn dng . iu bt tin nht khi s dng trn
dng lnh l kh nng sa cha li khi chng ta nhm ln. Do vy ngi ta thng ghi cc lnh
vo trong tp tin, ri cho n thc hin tun t. Tp tin cha cc lnh ny c gi l tp tin lnh
hay cc shell script.
IV. iu khin tp tin lnh
Tp tin lnh c th c thc thi theo 2 cch.
Cch 1: Bn gi shell v dng tp tin l tham s :
$ /bin/sh tn-tp-tin.
V d: $/bin/sh hello.
Cch 2: Bn s gi tp tin lnh t du nhc ca shell nh thc hin cc lnh thng thng. Theo
cch ny, trc ht bn phi cp quyn thc thi (excute) trn tp tin ny. Ty theo nhu cu s
dng tp tin lnh bn c th cp quyn cho ngi s hu, cho nhm s hu hay cho mi ngi.
Lnh cp quyn nh chng ta hc l chmod. Lnh cp cho mi ngi c quyn thc thi :
chmod +x <tn-tp-tin>
Ch cho ngi s hu thc thi :
chmod o+x tn-tp-tin
Chy tp tin lnh: Bn g lnh trong console ./ng-dn/tn-tp-tin hoc xc nh bin mi
trng PATH s dng th mc cha tp tin v g tn-tp-tin trong ca s console. Nu bn
ang lm vic ti th mc cha tp tin, bn c th chy bng lnh:
./tn-tp-tin
V d: Cp quyn v thc thi chng trnh hello :
$cd /home/hv/baitap
$chmod +x hello
$./ hello
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 123/271

Bn mun tp tin ny c th thc thi c t bt c ni u ch m ch cn g hello th bn s
t li bin mi trng PATH trong tp tin .bash_profile trong th mc home:
PATH=$PATH:/home/hv/baitap. Nu bn mun tp tin ny cho nhng ngi dng khc s dng
th bn chp n vo th mc /usr/local/bin. Bn nn nh cp quyn li cho tp tin ny nu bn
khng mun n b xa hay b sa cha . on lnh sau c ngha : Chp tp tin hello vo th
mc /usr/local/bin v chuyn quyn s hu tp tin cho root, cp cho root ton quyn trn tp tin
ny, nhng ngi khc ch c quyn c v thc thi.
$cp hello /usr/local/bin
$chown root /usr/local/bin/hello
$chgrp root /usr/local/bin/hello
$chmod u=rwx go=rx /usr/local/bin/hello
V. C php ngn ng Shell
Ngn ng Shell l dng ngn ng script, khng c uyn chuyn hay phc tp nh cc ngn
ng lp trnh chuyn nghip C, Pascal hay Java Chng trnh Shell c son tho di dng
vn bn (text) v khng c bin dch thnh tp tin binary nh cc ngn ng khc. Khi chy
chng trnh shell, shell s bin dch v thc thi. Trong Linux chng ta gp rt nhiu cc chng
trnh shell x l nhng cng vic rt hu hiu. L nh qun tr bn cn phi nm vng c php
ngn ng shell khng ch vit nhng on chng trnh m t ra cng hiu c cc script c
sn iu khin h thng ca mnh. Cc thnh phn trong ngn ng shell:
- Bin: kiu chui, tham s v bin mi trng.
- iu kin: kim tra lun l.
- Cc lnh iu khin: if, for, while, until, case.
- Hm.
- Cc lnh ni tr ca shell.
V.1. Ghi ch, nh shell thc thi, thot chng trnh
Dng ch thch s dng trong cc source chng trnh dng gii thch ngha cc lnh hoc
chc nng ca mt bin hay mt on chng trnh. Nhng dng ny khng c bin dch i
vi cc ngn ng lp trnh, v n khng c thc thi i vi chng trnh shell. Bt u mt
dng ch thch l du # .
V d: mt on chng trnh s dng dng ghi ch.
# Kim tra c tn ti tham s u tin
if test $1 z ; then
echo Khong co tham so
fi # kt thc if
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 124/271

Trng hp c bit sau du # l du ch th ! (#!) dng gii thch y chnh l dng lnh gi
shell thng dch cc lnh trong tp tin ny. Bn thng thy dng u tin trong cc chng
trnh shell l #! /bin/bash. iu ny c ngha l bn s dng shell bash thng dch lnh. Shell
chng ta chy c th xem l shell ph v chng c th thc thi cc lnh m khng lm bin i
cc bin mi trng ca shell chnh. C php chung ca ch th ny l :
#!shell-thc-thi
Nu chng ta khng khai bo th shell mc nhin trong Linux l bash. Cc h Unix khc th shell
mc nhin l sh. Ch th #! Cn dng chy cc chng trnh khc trc khi thc thi cc lnh
tip theo.
V.2. S dng bin
Bin dng trong chng trnh shell khng cn phi khai bo trc nh cc ngn ng C, Pascal,
... N s t ng khai bo khi ngi dng s dng ln u tin. Bin ch c th lu tr d liu
di dng chui d n c th cha s. Trong trng hp mun s dng gi tr bin nh l s th
phi c cc php bin i m bn s tm hiu trong phn sau. Mt vn m bn phi lu l
shell phn bit ch hoa v ch thng. V d hai bin tong v Tong l khc nhau.
V.2.1 Php gn gi tr cho bin
t gi tr mi cho bin chng ta s dng php gn.
C php:
Ten-bien=giatri
V d:
Ten=Hung
So=200
Gi tr c gn c th l hng, bin hoc biu thc.
Lu : L bn khng c dng du khong trng gia tn-bin=gi-tr
V d: ten =Hung l khng hp l
V.2.2 Ly gi tr ca bin
Mun ly gi tr ca bin chng ta thm du $ vo pha trc tn bin:
$tn-bin
V d:
tp=HaNoi
echo $tp
$tp s mang gi tr HaNoi.
V.2.3 Hin th gi tr ca bin ra mn hnh
Lnh echo dng hin th bin ra mn hnh. Ta c th dng mt trong 3:
echo Dng hin th
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 125/271

echo dng hin th
echo dng hin th
Nhng k t nm trong du c xem nh l hng chui. Tt c cc k t s hin th ht ra
mn hnh, k c cc k t c bit.
V d:
echo Gia tri cua bien la $bien
Kt qu hin th : Gia tri cua bien la $bien
Khc vi ngha ca du , du dng xc nh chui bao gm c cc k t hin th v cc
gi tr bin. Mun hin th cc k t c bit chng ta phi thm du \ vo trc v d:
echo ten=Dung
echo Su dung dau nhay kep
echo Gia tri bien la $ten
echo Ky hieu tien la \$
Kt qu hin th :
Su dung dau nhay kep
Gia tri bien la Dung
Ky hieu tien la $
V.2.4 Nhp gi tr cho bin t bn phm
C php: read <tn-bin>
Gp lnh ny chng trnh s i ngi dng nhp gi tr vo, khi d liu xong th n Enter.
Gi tr s c gn vo bin tn-bin.
V d:
echo Nhap vao ten cua ban
read ten
echo Ten vua nhap la $ten
Trong v d trn khi xut hin dng thng bo Nhap vao ten cua ban , ngi dng nhp vo tn
Nguyen Hung Dung thi kt qu hin th l Ten vua nhap la Nguyen Hung Dung
V.2.5 Bin mi trng
Bin mi trng l bin c nh ngha trc v mang gi tr mc nh khi shell khi ng. N
gip cc chng trnh cng nh h thng trong vic x l cc cng vic. Tn ca bin mi
trng thng l ch hoa phn bit vi cc tn bin do ngi dng t trong chng trnh.
Mt s bin mi trng thng dng:
Bin mi
trng
ngha
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 126/271

HOME Cha th mc home ca ngi
dng, l th mc s dng sau khi
ng nhp h thng
PATH Danh sch cc th mc tm kim
khi thc hin cc lnh
PS1 Du nhc hin th lnh, du # i
vi ngi dng root, du $ i vi
ngi dng thng.
PS2 Du nhc th cp thng l >
IFS Du phn cch cc trng trong
danh sch chui. Thng s dng
du khong trng, tab v xung
hng
PPID S ID ca tin trnh cha trong
SHELL
RANDOM S ngu nhin
SECONDS Thi gian lm vic tnh theo giy
V.2.6 Bin tham s
Khi gi cc lnh chng ta thng thm vo sau lnh cc tham s, cc tham s s l gi tr ca
cc bin tham s ca chng trnh.
V d cp sourc.txt dest.txt
Trong v d sourc.txt v dest.txt l hai tham s ca chng trnh cp. Thao tc vi cc bin tham
s t trong chng trnh chng ta s dng cc k hiu sau
K hiu bin ngha
$1, $2, $3 Gi tr cc bin tham s th nht, th 2.. tng ng vi cc tham s
t tri sang phi trong dng tham s.
$0 Tn tp tin lnh gi
$* Danh sch tham s y
$# Tng s tham s.
$$ S tin trnh m chng trnh ang hot ng
V.3. Lnh kim tra
Lnh test hoc du [ ] dng kim tra gi tr ng sai ca biu thc. Lnh test cho php kim tra
3 kiu di y.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 127/271

- Kim tra chui:
Php so snh

Kt qu
Chuoi1 = chuoi2 ng (true) nu 2 chui bng nhau
Chuoi1 != chuoi2 ng nu 2 chui khc nhau
-n chuoi ng nu chui chuoi khng rng
-z chuoi ng nu chui chuoi rng
- So snh ton hc:
Php so snh Kt qu
bieuthuc1 eq biethuc2 ng nu bieuthuc1 bng bieuthuc2
bieuthuc1 ne biethuc2 bieuthuc1 khng bng bieuthuc2
bieuthuc1 gt biethuc2 bieuthuc1 ln hn bieuthuc2
bieuthuc1 ge biethuc2 bieuthuc1 ln hn hoc bng bieuthuc2
bieuthuc1 lt biethuc2 bieuthuc1 nh hn bieuthuc2
bieuthuc1 le biethuc2 bieuthuc1 nh hn hoc bng bieuthuc2
- Kim tra tp tin
Php kim tra Kt qu
-d file ng nu tp tin l th mc
-e file tn ti trn a
-f file l tp tin thng thng
-g file c xc lp set-group-id trn file
-s file c kch thc >0
-u file c xc lp set-user-id
-r file cho php c
-w file c php ghi
-x file cho php thc thi
V.4. Biu thc tnh ton expr
Biu thc expr c s dng cho vic tnh ton. Cc gi tr trong biu thc c hiu l s
nguyn thay v l chui. N cng dng i chui thnh s. Biu thc expr c bao bc bi 2
du ` (Khng phi du nhy n, l du phm bn tri phm s 1-! ). Trong biu thc tnh ton
cc ton t v ton hng cch nhau bng khong trng. Cc php ton v php so snh expr
cho php:

| hoc = bng nhau
& v + cng
> ln hn - tr
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 128/271

< nh hn \* nhn
>= ln hn
hoc bng
/ chia
<= nh hn
hoc bng
% chia ly phn
d
!= khc nhau
V.5. Kt ni lnh, khi lnh v ly gi tr ca lnh
Shell cho php s dng php hoc (OR)v php v (AND) kt ni cc lnh.
V.5.1 Php v (AND)
C php ca php ton logic AND:
lnh _1 && lnh_2 && lnh_3
Cc lnh thc hin t tri sang phi cho n khi mt lnh c kt qu li. Kt qu cui cng ca
dy lnh ny l ng (true) nu tt c cc lnh u ng, ngc li l sai
V.5.2 Php hoc (OR)
C php ca php ton logic OR:
lnh _1 || lnh_2 || lnh_3
Cc lnh thc hin t tri sang phi cho n khi mt lnh c kt qu ng. Kt qu cui cng ca
dy lnh ny l ng (true) nu c t nht mt lnh l ng, ngc li l sai.
V.5.3 Khi lnh
Khi chng ta cn thc thi nhiu lnh lin tip nhau, c th dng khi lnh. Khi lnh nm gia 2
du { }
V.5.4 Ly gi tr ca mt lnh
Khi vit chng trnh nhiu khi chng ta ly kt qu ca lnh ny lm i s hay gi tr x l ca
lnh kia. Ta c th lm c iu ny bng cch s dng c php $(command). Khi dng
$(command), kt qu ca vic thc hin lnh command c tr v.
V.6. Cu trc r nhnh If
C php ca cu trc r nhnh if:
if <btdk > ; then
lenh1
else
lenh2
fi
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 129/271

Nu biu thc iu kin btdk l ng th cc lnh trong lenh1 s thc hin, ngc li(btdk khng
ng) th cc lnh trong lenh2 s c thc hin vi iu kin mnh else tn ti. Trong lenh1,
lenh2 c th mt hoc nhiu lnh.
V d: Nhp vo im ca mn hc, cho bit kt qu.
echo chuong trinh ket qua mon hoc
echo Nhap vao diem
read diem
if [ $diem ge 5 ] ; then
echo Dat
else
echo Hong
fi
C php ca if cn cho php bn s dng nhiu mnh so snh lin tip qua t kha elif nh
sau:
if <btdk1> ; then
lenh1
elif <btdk2> ; then
lenh2

elif <btdkn> ; then
lenh n
else
lenh_n+1
fi
V d: Nhp vo im cho bit xp loi :
echo Xep loai
echo Nhap vao diem
read diem
if test $diem -ge 8 ; then
echo Loai Gioi
elif test $diem ge 7 ; then
echo Loai Kha
elif test $diem ge 5 ; then
echo Loai TB
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 130/271

else
echo Loai Yeu
fi
V.7. Cu trc la chn Case
Dng case khi chng ta s dng gi tr ca mt biu thc r cc nhnh khc nhau. C php
ca cu trc la chn nh sau::
case <bien-bt> in
giatri11 [ |giatri12 ] ) lenh-th1 ;;
giatri21 [ |giatri22 ] ) lenh-th3 ;;
giatri31 [ |giatri32 ] ) lenh-th3 ;;

giatrin1 [ |giatrinn2 ] ) lenh-thn ;;
* ) lenh-thnn ;;
esac
Lnh case s kim tra bien-bt vi cc dng hay gi tr bn di, nu ng th thc hin cc lnh
trong mnh .
V d: ta s to menu la chn v cho php ngi dng chn chc nng thc hin. Nu bin
chn l 1 th lit k th mc hin hnh, 2 th cho bit ng dn th mc hin hnh, cc s khc
l khng hp l.
clear
echo
echo " Menu "
echo " 1. Liet ke thu muc hien hanh"
echo " 2. Cho biet duong dan thu muc hien hanh"
read chon
case $chon in
1) ls -l ;;
2) pwd ;;
*) echo Khong hop le ;;
esac
V.8. Cu trc lp
V.8.1 Vng lp For
Vng lp for s dng trong trng hp xc nh trc s ln lp. C php ca vng lp for:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 131/271

for <variable> in gi-tr-1 gi-tr-2 gi-tr-3
do
cc-lnh ;
done
Chng trnh c s ln s lp bng s gi tr pha sau t kho in, trong qu trnh lp bin
variable mang ln lc cc gi tr pha sau in
V d:
for gt in apple banana 34
do
echo $gt
done
Kt qu sau khi thc hin l :
apple
banana
34
V.8.2 Vng lp While
Lnh while s dng khi s ln lp khng xc nh trc. C php ca vng lp while:
while <iu-kin>
do
cc-lnh;
done
Vng lp c thc hin khi iu-kin cn ng.
V d:
echo An phim Y/y de tiep tuc
while [ $chon = y || $chon = Y ]
do
echo chao ban
read chon
done
V.8.3 Vng lp Until
S dng tng t nh while nhng iu kin lp ngc li, until s c lp t nht mt ln, iu
kin ng s thot ra khi vng lp.
C php :
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 132/271

until <iu-kin>
do
Lnh 1;
Lnh 2;

Lnh n
done
V d: Chng trnh s lp cho n khi n<=10
echo Nhap vao so n
read n
until [ $n lt 10 ]
do
echo n lon hon 10
n= `expr $n 1`
done
V.9. Lnh break, continue, exit
Lnh break cho php bn thot ra khi vng lp m khng cn kim tra iu kin lp. Lnh exit
th lm chng trnh thot ra v tr v du nhc lnh $
V d:
Nhp s n t i s dng lnh, tnh tng S =1+2+ ..+n
echo chuong trinh tinh tong
if [ -z $1 ]
echo tong <n>
exit 0
fi
s=0
i=1
while true
do
s=` expr $i + $s `
i=`expr $i + 1`
if [ i gt n ] ; then
break;
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 133/271

fi
done
echo $s
Lnh continue dng quay li vng lp k m khng cn thc hin cc lnh cn li.
V.10. Cc lnh khc
Lnh . dng thc thi mt script trong th mc hin hnh v gi nguyn cc thay i mi trng
m chng trnh tc ng sau khi thot khi chng trnh. Cch s dng:
./tn-script
Lnh exec. Dng thc thi mt chng trnh nh chy t dng lnh, s dng shell ph khc.
V d:
exec mc
Lnh export : dng chuyn gi tr bin sang cc shell khc s dng.
V.11. Hm(function)
Cng nh cc ngn ng lp trnh khc, shell cho php bn s dng hm. Hm l mt on
chng trnh con nm trong script chnh. N c th c gi li nhiu ln trong script chnh. C
php nh ngha hm:
tn-hm() {
cc-lnh-ca-hm.
}
V d:
chao()
{
echo hello
}
V.11.1 Gi hm v truyn tham s cho hm
gi hm thc hin ta s dng tn hm hoc c thm tham s i km:
tn-hm
tn-hm thamso-1 thamso-2
V.11.2 Ly gi tr ca hm
ly gi tr ca hm trong shell ta thc hin theo c php sau:
$( tn_ham )
V d:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 134/271

Conn_value=$( netstat an|grep :80|wc l )
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 135/271


BI 12
Qun L Tin Trnh
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu c ch
qun l v iu phi
tin trnh, thit lp lch
biu hot ng cho
cc chng trnh
trong h thng.
I. nh ngha
II. Xem thng tin tin trnh
III. Tin trnh tin cnh
(foreground process)
IV. Tin trnh hu cnh
(background process)
V. Tm dng v nh thc tin
trnh.
VI. Hy mt tin trnh
VII. Chng trnh lp lch at
VIII. Chng trnh lp lch batch
IX. Chng trnh lp lch crontab
Bi tp 1.1
(qun l tin
trnh)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 136/271

I. nh ngha
Bn c th kch hot mt chng trnh bng tn ca chng trnh y, hoc t cc tp tin c cha
lnh shell. Trong khi thc hin, chng trnh c th tng tc vi nhiu thnh phn khc ca h
thng. Chng trnh c th c v ghi vo tp tin, qun l thng tin trong RAM, hoc gi thng tin
n my in, modem hay nhng thit b khc.
Tin trnh l mt chng trnh n chy trn khng gian a ch o ca n, mt kha cnh no
, tin trnh hn chng trnh ch l bit s dng ti nguyn ca mt h thng ang chy,
trong khi chng trnh ch n thun l mt lot cc cu lnh. Mt chng trnh hay lnh c th
pht sinh ra nhiu tin trnh khc. Kho st lnh nroff man ps.1 | grep kill | more s sinh ra
3 tin trnh khc nhau. C 3 loi tin trnh chnh trn Linux:
- Tin trnh tng tc (Interactive processes ) : l tin trnh khi ng v qun l bi shell, k
c tin trnh forceground hoc background.
- Tin trnh thc hin theo l (Batch processes) : tin trnh khng gn lin n bn iu khin (
terminal ) v c nm trong hng i ln lt thc hin.
- Tin trnh n trn b nh (Daemon processes) : l cc tin trnh chy n bn di h thng
(background). Cc tin trnh ny thng c khi to - mt cch t ng - sau khi h thng
khi ng. a s cc chng trnh server cho cc dch v chy theo phng thc ny. y
l cc chng trnh sau khi c gi ln b nh, i (th ng) cc yu cu t cc chng
trnh khch (client) tr li sau cc cng xc nh (cng l khi nim gn lin vi giao thc
TCP/IP BSD socket). Hu ht cc dch v trn Internet nh Mail, Web, Domain Name
Service u c thi hnh theo nguyn tc ny. Cc chng trnh loi ny c gi l
cc chng trnh daemon v tn ca n thng kt thc bng k t d nh named, inerd
Mt tin trnh khi thc hin nu sinh ra nhiu tin trnh con c gi l tin trnh cha (Parent
Process). Khi tin trnh cha b dng th cc tin trnh con ca n cng b dng theo.
Mi tin trnh mang mt nh danh gi l PID (Process IDentification). Process Id l mt con s
ln hn 0 v l duy nht. H thng da vo cc PID ny qun l cc tin trnh. Khi khi ng,
Linux s thc hin mt tin trnh sn c trong h thng mang tn Init (V l tin trnh u tin
c thc hin nn PID=1). Sau tin trnh ny mi sinh ra cc tin trnh khc; cc tin trnh
khc c th sinh ra cc tin trnh khc na v c tip tc nh th to thnh cy phn cp cc tin
trnh (xem hnh cy tin trnh bn di). Nh vy, dng tin trnh Init ngha l dng ton b h
thng.
V d: Xem tin trnh trong h thng.
$pstree n -p
init(1)-+-keventd(2)
|-kapm-idled(3)
|-mdrecoveryd(9)
|-syslogd(629)
|-klogd(634)
|-rpc.statd(683)
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 137/271

|-apmd(795)
|-sshd(851)---sshd(1064)---bash(1065)---pstree(1492)
|-xinetd(884)
|-sendmail(924)
|-crond(961)
S trong du ( ) l ch s PID ca tin trnh.

II. Xem thng tin tin trnh
Cch n gin nht kim tra nhng tin trnh ang chy trong h thng l s dng lnh ps
(process status). Lnh ps c nhiu ty chn v ph thuc mt cch mc nh vo ngi ng
nhp vo h thng. C php lnh #ps <option>
Mt s ty chn ca lnh ps cn tham kho:
Tn lnh v ty
chn
Mc ch
ps ux Xem tt c cc tin trnh m user kch hot
ps T Xem nhng tin trnh c chy ti
terminal hin ti ca user.
ps aux Xem tt c cc tin trnh trong h thng
ps u username Xem tt c cc tin trnh ca user no
(c ch nh thng qua tham s
username)
V d: Lnh ps kt qu hin th nh sau:
PID TTY STAT TIME COMMAND
41 v01 S 0:00 bash
134 v01 R 0:00 ps
hin th tt c cc tin trnh, ta c th s dng lnh ps a. Bt c ngi dng no trong h
thng u c th thy tt c cc tin trnh, nhng ch c th iu khin c cc tin trnh do
mnh to ra. Tuy nhin, i vi super-user th c quyn iu khin tt c cc tin trnh trong h
thng. Lnh ps ax cho php hin th tt c cc tin trnh, k c nhng tin trnh khng gn vi
thit b u cui (tty). Chng ta c th coi cc tin trnh ang thc hin cng vi y dng lnh
khi to n bng lnh ps axl. Lnh man ps cho php coi cc tham s t chn khc ca lnh
ps.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 138/271

III. Tin trnh tin cnh(foreground process)
Khi thc hin mt chng trnh t du nhc shell ($ hoc #), chng trnh s thc hin v khng
xut hin du nhc cho n khi thc hin xong chng trnh. Do , chng ta khng th thc
hin cc cng vic khc trong khi chng trnh ny ang thc hin. Chng trnh hot ng nh
vy gi l chng trnh tin cnh. Chng ta th chy 1 chng trnh c thi gian thc hin lu
kim tra, v d lit k tt c cc th mc ca h thng bng lnh find / -name pro print. Thc
hin lnh V kt qu rt ln nn chng ta c th cho vo tp tin : find / -name pro print >
results.txt. Khi chng trnh chy bn phi ch rt lu cho n khi du nhc xut hin tr li.
IV. Tin trnh hu cnh(background process)
Tin trnh hu cnh l tin trnh sinh ra c lp vi tin trnh cha. Khi chy mt chng trnh
chim thi gian lu chng ta c th cho php chng chy ngm nh bn di v tip tc thc
hin cc cng vic khc. tin trnh chy di ch hu cnh chng ta thm du & vo sau
lnh thc hin chng trnh
V d: $ find / -name pro print > results.txt &
[1] 2489
Khi chy chng trnh h thng s xut hin du $ ngay lp tc, chng trnh ny thc
ang thc hin vi m s tin trnh l 2489 v t hu cnh [1], chng ta c th kim tra
chng trnh ny c hot ng khng bng lnh: ps aux | grep find. n gin hn chng ta
dng lnh jobs xem cc tin trnh ang c hu cnh:
$jobs
[1] + Running find / -name pro print > results.txt &
Dng trn cho bit c 1 tin trnh ang chy hu cnh. Khi thc hin xong chng trnh th mn
hnh xut hin cu thng bo:
[1] Done find / -name pro print.
Vic s dng cc tin trnh chy hu cnh gip cho chng a vo hot ng nhiu tin trnh
ng thi n thch hp vi chng trnh hot ng lin tc nh daemon.
V. Tm dng v nh thc tin trnh
Trong mt s trng hp khi ang chy chng trnh nhng thi gian thc hin qu lu v mun
a n vo hu cnh. Linux cho php chng ta a n tm dng v vo hu cnh bng phm
Ctrl-Z. Khi tin trnh ang chy nhn c tn hiu Ctrl-Z th n tm dng v chuyn vo hu
cnh, tr du nhc lnh li cho ngi dng. Chng ta c th xem tin trnh c trong hu cnh:
$ jobs
[1] + Stopped find / -name pro print > results.txt
Dng kt qu ca jobs cho thy tin trnh ny c trong hu cnh nhng khng c
thc hin v chng ta tm dng trc . cho tin trnh ang dng ti hu cnh hot ng
tr li ta dng lnh bg. Lnh ny yu cu tham s l s th t ca tin trnh hu cnh. Vi v d
trn ta cho chng trnh hot ng bng lnh: $bg 1
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 139/271

find / -name pro print > results.txt&
$ jobs
[1] + Running find / -name pro print > results.txt &
Khi a vo chy ti hu cnh chng ta thy dng lnh thc hin c thm du & vo cui.
Ngc li khi mun mt tin trnh ang chy hu cnh chuyn sang chy tin cnh chng ta
dng lnh: fg <s-tt-tin-trnh>.
$ fg 1
find / -name pro print > results.txt
VI. Hy mt tin trnh
Trong nhiu trng hp, mt tin trnh c th b treo, chng hn nh: Mt bn phm iu khin
khng tr li cc lnh t bn phm, mt chng trnh server cn nhn cu hnh mi, card mng
cn thay i a ch IP , khi chng ta phi dng (kill) tin trnh ang c vn . Linux c lnh
kill thc hin cng vic ny. Trc tin, bn cn phi bit PID ca tin trnh cn dng thng
qua lnh ps. Sau , ta s dng lnh:
#kill 9 PID-ca-tin-trnh
Tham s 9 l tn hiu dng tin trnh khng iu kin. Khng nn dng cc tin trnh m mnh
khng bit v c th lm treo my hoc nhng dch v khc. Mt tin trnh c th sinh ra cc tin
trnh con trong qu trnh hot ng ca mnh. Nu tin trnh cha b dng, cc tin trnh con cng
s dng theo, nhng khng tc th. V vy, phi i mt khong thi gian v sau kim tra li
xem tt c cc tin trnh con c dng ng hay khng. Trong mt s trng hp hn hu, tin
trnh c li nng khng dng c, bin php cui cng l khi ng li my.
Lu : Ch c ngi dng root mi c quyn dng tt c cc tin trnh, cn nhng ngi dng
khc ch c dng cc tin trnh do mnh to ra.
VII. Chng trnh lp lch at
Linux c cc lnh cho php thc hin cc tin trnh thi im nh trc thng qua lnh at.
Thi im thc hin tin trnh c nhp vo thng qua tham s ca lnh at. C php ca lnh
at nh sau:
$ at [time]
<cc lnh thc hin>
...
<Ctrl+D>
Sau khi bn kt thc lnh at, dng thng bo ging nh sau s hin ra mn hnh: job 756001.a
at Sat Dec 21 01:23:00 2000. Trong s 756001.a l s nhn dng cng vic (job number)
cho php tham chiu ti lch thc hin . Sau khi lp lch, nu mun hy b, ta c th s dng
lnh.
at r [job-number]
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 140/271

Lnh ny c th khc vi cc phin bn khc nhau. V d nh i vi RedHat 6.2, lnh xa mt
job l atrm job_number. Trong mi trng hp, xem manpage bit cc lnh v tham s c th.
Bn c th dng quy tc chuyn hng (redirect) lp trnh cho nhiu lng cng mt lc
at 10:59 < tp_lnh
Trong , tp_lnh l mt tp tin dng text c cc lnh. kim tra cc tin trnh m bn nhp
vo, dng lnh at l
VIII. Chng trnh lp lch batch
Khc vi lnh at l tin trnh c thc hin vo cc thi im do ngi s dng qui nh, lnh
batch cho php h thng t quyt nh khi no tin trnh c thc hin da trn mc ti ca h
thng. Thng thng, cc tin trnh batch c thi hnh khi mc ti ca h thng di 20%.
Nhng chng trnh nh in n, cp nht d liu ln rt thch hp vi kiu lnh ny. C php ca
lnh batch nh sau :
$ batch<Return>
lp/usr/sales/reports/*<Return>
<^D>
IX. Chng trnh lp lch crontab
Cc lnh at v batch cho php lp k hoch thc hin tin trnh mt ln. Linux cn cho php lp
k hoch c tnh cht chu k thng qua lnh cron (vit tt ca chronograph) v cc tp tin
crontabs. Chng trnh daemon cron (crond) c kch hot ngay t u vi khi ng ca h
thng. Khi khi ng, cron xem c cc tin trnh trong hng i nhp vo bi lnh at, sau xem
xt cc tp tin crontabs xem c cc tin trnh cn phi thc hin hay khng ri i ng. Cron s
thc dy mi pht kim tra xem c phi thc hin tin trnh no khng. Mi ngi dng trong
h thng u c th lp lch cc tin trnh s c thc hin bi cron. lm iu ny, bn cn
to mt tp tin vn bn theo c php ca cron nh sau:
Pht gi ngy_trong_thng thng_trong_nm ngy_trong_tun lnh
0 8 * * 1 /u/ sartin/bin/status_report
Cho php /u/sartin/bin/status_report c thc hin vo 8 gi 00 pht cc th hai. Mi dng
cha thi gian v lnh. Lnh s c cron thc hin ti thi im ghi trc trn cng dng .
Nm ct u lin quan ti thi gian c th thay th bng du * c ngha l vi mi. Cc gi tr
c th cho cc trng l:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 141/271

+ Pht ( 0 59 )
+ Gi ( 0 23 )
+ Ngy trong thng ( 1 31 )
+ Thng trong nm ( 1-12 )
+ Ngy trong tun ( 0 6, 0 is Sunday )
+ Lnh (rest of line)
Sau dng lnh crontab ci t tp tin lnh vo th mc /usr/spool/cron/crontabs. Mi ngi
dng s c mt tp tin crontab trng tn mnh (user name) luu tt c cc lnh cn thc hin
theo chu k trong th mc ny. C php s dng crontab:
Crontab <tntptinnh>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 142/271

BI 13
Domain Name System
Tm tt
L thuyt: 5 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Gii thiu c ch t
chc v qun l dch
v DNS trn mi
trng Linux
I. Gii thiu v DNS.
II. Cch phn b d liu qun l
domain name
III. C ch phn gii tn
IV. S khc nhau gia domain
name v zone
V. Fully Qualified Domain Name
(FQDN)
VI. Phn loi Domain Name Server
VII. S y quyn(Delegating
Subdomains)
VIII. Resource Record (RR)
IX. Hot ng ca Name Server
trong Linux
X. Ci t BIND
XI. Kim tra hot ng ca DNS
XII. Cu hnh Secondary Name
Server
XIII. Mt s quy c
XIV. Cu hnh s y quyn cho cc
min con
Bi tp
02.1 (Dch
v DNS)
Bi tp
02.2 (Dch
v DNS)

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 143/271

I. Gii thiu v DNS
Mi my tnh trong mng mun lin lc hay trao i thng tin, d liu cho nhau cn phi bit r
a ch IP ca nhau. Nu s lng my tnh nhiu th vic nh nhng a ch IP ny rt l kh
khn. Mi my tnh ngoi a ch IP ra cn c mt ci tn (computer name). i vi con ngi
vic nh nhng ci tn ny d sao cng d dng hn v chng c tnh trc quan v gi nh hn
a ch IP. V th, ngi ta ngh ra cch lm sao nh x a ch IP thnh tn my tnh.
Ban u do quy m mng ARPAnet (tin thn ca mng Internet) cn nh ch vi trm my, nn
ch c mt tp tin n HOSTS.TXT lu thng tin v nh x tn my thnh a ch IP. Trong tn
my ch l 1 chui vn bn khng phn cp (flat name). Tp tin ny c duy tr ti 1 my ch v
cc my ch khc lu gi bn sao ca n. Tuy nhin khi quy m mng ln hn, vic s dng tp
tin HOSTS.TXT c cc nhc im nh sau:
- Lu lng mng v my ch duy tr tp tin HOSTS.TXT b qu ti do hiu ng c chai.
- Xung t tn: Khng th c 2 my tnh c cng tn trong tp tin HOSTS.TXT . Tuy nhin do
tn my khng phn cp v khng c g m bo ngn chn vic to 2 tn trng nhau v
khng c c ch u quyn qun l tp tin nn c nguy c b xung t tn.
- Khng m bo s ton vn: vic duy tr 1 tp tin trn mng ln rt kh khn. V d nh khi
tp tin HOSTS.TXT va cp nht cha kp chuyn n my ch xa th c s thay i
a ch trn mng ri.
Tm li vic dng tp tin HOSTS.TXT khng ph hp cho mng ln v thiu c ch phn tn v
m rng. Do , dch v DNS ra i nhm khc phc cc nhc im ny. Ngi thit k cu
trc ca dch v DNS l Paul Mockapetris - USC's Information Sciences Institute, v cc khuyn
ngh RFC ca DNS l RFC 882 v 883, sau l RFC 1034 v 1035 cng vi 1 s RFC b sung
nh bo mt trn h thng DNS, cp nht ng cc bn ghi DNS
Lu : Hin ti trn cc my ch vn s dng c tp tin hosts.txt phn gii tn my tnh
thnh a ch IP (Trong Linux l /etc/hosts)
Dch v DNS hot ng theo m hnh Client - Server: phn Server gi l my ch phc v tn
nameserver, cn phn Client l trnh phn gii tn resolver. Nameserver cha cc thng tin
CSDL ca DNS, cn resolver n gin ch l cc hm th vin dng to cc truy vn (query)
v gi chng qua n name server. DNS c thi hnh nh mt giao thc tng Application trong
mng TCP/IP.
DNS l 1 CSDL phn tn. iu ny cho php ngi qun tr cc b qun l phn d liu ni b
thuc phm vi ca h, ng thi d liu ny cng d dng truy cp c trn ton b h thng
mng theo m hnh Client - Server. Hiu sut s dng dch v c tng cng thng qua c
ch nhn bn (replication) v lu tm (caching). Mt hostname trong domain l s kt hp gia
nhng t phn cch nhau bi du chm. V d hostname l server.t3h.com, trong server l
hostname v t3h.com l domain name. Domain name phn b theo c ch phn cp tng t
nh s phn cp ca h thng tp tin Unix/Linux.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 144/271




C s d liu(CSDL) ca DNS l mt cy o ngc. Mi nt trn cy cng li l gc ca 1 cy
con. Mi cy con l 1 phn vng con trong ton b CSDL DNS gi l 1 min (domain). Mi
domain c th phn chia thnh cc phn vng con nh hn gi l cc min con (subdomain). Mi
domain c 1 tn (domain name). Tn domain ch ra v tr ca n trong CSDL DNS. Trong DNS tn
min l chui tun t cc tn nhn ti nt i ngc ln nt gc ca cy v phn cch nhau bi
du chm. Tn nhn bn phi trong mi domain name c gi l top-level domain. Trong v d
trc server.t3h.com, vy com l top-level domain. Bng sau y lit k top-level domain.
Tn min M t
.com Cc t chc, cng ty thng mi
.org Cc t chc phi li nhun
.net Cc trung tm h tr v mng
.edu Cc t chc gio dc
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 145/271

.gov Cc t chc thuc chnh ph
.mil Cc t chc qun s
.int Cc t chc c thnh lp bi cc hip
c quc t
V s qu ti ca nhng domain name tn ti, do lm pht sinh nhng top-level domain
mi. Bng sau y lit k nhng top-level domain mi.
Tn min M t
.arts Nhng t chc lin quan n ngh
thut v kin trc
.nom Nhng a ch c nhn v gia nh
.rec Nhng t chc c tnh cht gii tr, th
thao
.firm Nhng t chc kinh doanh, thng
mi.
.info Nhng dch v lin quan n thng tin.
Bn cnh , mi nc cng c mt top-level domain. V d top-leveldomain ca Vit Nam l vn,
M l us... Mi nc khc nhau c c ch t chc phn cp domain khc nhau ty thuc vo mi
nc. V d v t chc domain ca Vit Nam:

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 146/271

II. Cch phn b d liu qun l domain name
Nhng root name server (.) qun l nhng top-level domain trn Internet. Tn my v a ch IP
ca nhng name server ny c cng b cho mi ngi bit v chng c lit k trong bng
sau. Nhng name server ny cng c th t khp ni trn th gii.
Tn my tnh a ch IP
H.ROOT-SERVERS.NET 128.63.2.53
B.ROOT-SERVERS.NET 128.9.0.107
C.ROOT-SERVERS.NET 192.33.4.12
D.ROOT-SERVERS.NET 128.8.10.90
E.ROOT-SERVERS.NET 192.203.230.10
I.ROOT-SERVERS.NET 192.36.148.17
F.ROOT-SERVERS.NET 192.5.5.241
F.ROOT-SERVERS.NET 39.13.229.241
G.ROOT-SERVERS.NET 192.112.88.4
A.ROOT-SERVERS.NET 198.41.0.4
Thng thng mt t chc c ng k mt hay nhiu domain name. Sau , mi t chc s
ci t mt hay nhiu name server v duy tr c s d liu cho tt c nhng my tnh trong
domain. Nhng name server ca t chc c ng k trn Internet. Mt trong nhng name
server ny c bit nh l Primary Name Server. Nhiu Secondary Name Server c dng
lm backup cho Primary Name Server. Trong trng hp Primary b li, Secondary c s
dng phn gii tn. Primary Name Server c th to ra nhng subdomain v y quyn nhng
subdomain ny cho nhng Name Server khc.
III. C ch phn gii tn
III.1. Phn gii tn thnh IP
Root name server : L my ch qun l cc nameserver mc top-level domain. Khi c truy vn
v mt tn min no th Root Name Server phi cung cp tn v a ch IP ca name server
qun l top-level domain (Thc t l hu ht cc root server cng chnh l my ch qun l top-
level domain) v n lt cc name server ca top-level domain cung cp danh sch cc name
server c quyn trn cc second-level domain m tn min ny thuc vo. C nh th n khi
no tm c my qun l tn min cn truy vn. Qua trn cho thy vai tr rt quan trng ca
root name server trong qu trnh phn gii tn min. Nu mi root name server trn mng Internet
khng lin lc c th mi yu cu phn gii u khng thc hin c. Hnh v di m t
qu trnh phn gii grigiri.gbrmpa.gov.au trn mng Internet.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 147/271


Client s gi yu cu cn phn gii a ch IP ca my tnh c tn girigiri.gbrmpa.gov.au n
name server cc b. Khi nhn yu cu t resolver, Nameserver cc b s phn tch tn ny v
xt xem tn min ny c do mnh qun l hay khng. Nu nh tn min do server cc b qun l,
n s tr li a ch IP ca tn my ngay cho resolver. Ngc li, server cc b s truy vn
n mt Root Name Server gn nht m n bit c. Root Name Server s tr li a ch IP ca
Name Server qun l min au. My ch name server cc b li hi tip name server qun l min
au v c tham chiu n my ch qun l min gov.au. My ch qun l gov.au ch dn my
name server cc b tham chiu n my ch qun l min gbrmpa.gov.au. Cui cng my name
server cc b truy vn my ch qun l min gbrmpa.gov.au v nhn c cu tr li. Cc loi
truy vn : truy vn c th 2 dng :
- Truy vn quy (recursive query) : Khi nameserver nhn c truy vn dng ny, n bt
buc phi tr v kt qu tm c hoc thng bo li nu nh truy vn ny khng phn gii
c. Nameserver khng th tham chiu truy vn n mt name server khc. Nameserver
c th gi truy vn dng quy hoc tng tc n nameserver khc nhng n phi thc
hin cho n khi no c kt qu mi thi.
- Truy vn tng tc: khi nameserver nhn c truy vn dng ny, n tr li cho resolver vi
thng tin tt nht m n c c vo thi im lc . Bn thn nameserver khng thc hin
bt c mt truy vn no thm. Thng tin tt nht tr v c th ly t d liu cc b (k c
cache). Trong trng hp nameserver khng tm thy trong d liu cc b n s tr v tn
min v a ch IP ca nameserver gn nht m n bit.
III.2. Phn gii IP thnh tn my tnh
nh x a ch IP thnh tn my tnh c dng din dch cc tp tin log cho d c hn. N
cn dng trong mt s trng hp chng thc trn h thng UNIX (kim tra cc tp tin .rhost hay
host.equiv). Trong khng gian tn min ni trn d liu -bao gm c a ch IP- c lp ch
mc theo tn min. Do vi mt tn min cho vic tm ra a ch IP kh d dng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 148/271

c th phn gii tn my tnh ca mt a ch IP, trong khng gian tn min ngi ta b sung
thm mt nhnh tn min m c lp ch mc theo a ch IP. Phn khng gian ny c tn min
l in-addr.arpa.
Mi nt trong min in-addr.arpa c mt tn nhn l ch s thp phn ca a ch IP. V d min in-
addr.arpa c th c 256 subdomain, tng ng vi 256 gi tr t 0 n 255 ca byte u tin
trong a ch IP. Trong mi subdomain li c 256 subdomain con na ng vi byte th hai. C
nh th v n byte th t c cc bn ghi cho bit tn min y ca cc my tnh hoc cc
mng c a ch IP tng ng.

Lu khi c tn min a ch IP s xut hin theo th t ngc. V d nu a ch IP ca my
winnie.corp.hp.com l 15.16.192.152, khi nh x vo min in-addr.arpa s l 152.192.16.15.in-
addr.arpa.
IV. S khc nhau gia domain name v zone
Mt min gm nhiu thc th nh hn gi l min con (subdomain). V d: min ca bao gm
nhiu min con nh ab.ca, on.ca, qc.ca,...(nh hnh v di). Bn c th y quyn mt s min
con cho nhng DNS Server khc qun l. Nhng min v min con m DNS Server c quyn
qun l gi l zone. Nh vy, mt Zone c th gm mt min, mt hay nhiu min con. Hnh sau
m t s khc nhau gia zone v domain.

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 149/271

V. Fully Qualified Domain Name (FQDN)
Mi nt trn cy c mt tn gi(khng cha du chm) di ti a 63 k t. Tn rng dnh ring
cho gc (root) cao nht v biu din bi du chm. Mt tn min y ca mt nt chnh l
chui tun t cc tn gi ca nt hin ti i ngc ln nt gc, mi tn gi cch nhau bi du
chm. Tn min c xut hin du chm sau cng c gi l tn tuyt i (absolute) khc vi tn
tng i l tn khng kt thc bng du chm. Tn tuyt i cng c xem l tn min y
c chng nhn (fully qualified domain name FQDN).
VI. Phn loi Domain Name Server
C nhiu loi Domain Name Server c t chc trn Internet. S phn loi ny ty thuc vo
nhim v m chng s m nhn. Tip theo sau y m t nhng loi Domain Name Server
VI.1. Primary Name Server
Mi min phi c mt Primary Name Server. Server ny c ng k trn Internet qun l
min. Mi ngi trn Internet u bit tn my tnh v a ch IP ca server ny. Ngi qun tr
DNS s t chc nhng tp tin CSDL trn Primary Name Server. Server ny c nhim v phn
gii tt c cc my trong min hay zone.
VI.2. Secondary Name Server
Mi min c mt Primary Name Server qun l CSDL ca min. Nu nh server ny tm
ngng hot ng v mt l do no th vic phn gii tn my tnh thnh a ch IP v ngc li
xem nh b gin on. Vic gin on ny lm nh hng rt ln n nhng t chc c nhu cu
trao i thng tin ra ngoi Internet cao. Nhm khc phc nhc im ny, nhng nh thit k
a ra mt Server d phng gi l Secondary(hay Slave) Name Server. Server ny c nhim v
sao lu tt c nhng d liu trn Primary Name Server v khi Primary Name Server b gin on
th n s m nhn vic phn gii tn my tnh thnh a ch IP v ngc li. Trong mt min c
th c mt hay nhiu Secondary Name Server. Theo mt chu k, Secondary s sao chp v cp
nht CSDL t Primary Name Server. Tn v a ch IP ca Secondary Name Server cng c
mi ngi trn Internet bit n.
VI.3. Caching Name Server
Caching Name Server c chc nng phn gii tn my trn nhng mng xa thng qua nhng
Name Server khc. N lu gi li nhng tn my c phn gii trc v c s dng
li nhng thng tin ny nhm mc ch:
- Lm tng tc phn gii bng cch s dng cache.
- Gim bt gnh nng phn gii tn my cho cc Name Server.
- Gim vic lu thng trn nhng mng ln.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 150/271

VII. S y quyn(Delegating Subdomains)

Mt trong cc mc tiu khi thit k h thng DNS l kh nng qun l phn tn thng qua c ch
u quyn (delegation). Trong mt min c th t chc thnh nhiu min con, mi min con c th
c u quyn cho mt t chc khc v t chc chu trch nhim duy tr thng tin trong min
con ny. Khi , min cha ch cn mt con tr tr n min con ny tham chiu khi c cc truy
vn. Khng phi mt min lun lun t chc min con v u quyn ton b cho cc min con
ny, c th ch c vi min con c y quyn. V d min hcmuns.edu.vn ca Trng HKHTN
chia mt s min con nh csc.hcmuns.edu.vn (Trung Tm Tin Hc), fit.hcmuns.edu.vn (Khoa
CNTT) hay math.hcmuns.edu.vn (Khoa Ton), nhng cc my ch phc v cho ton trng th
vn thuc vo min hcmuns.edu.vn.
VIII. Resource Record (RR)
VIII.1. SOA(Start of Authority)
Trong mi tp tin CSDL phi c mt v ch mt record SOA (start of authority). Record SOA ch ra
rng my ch Name Server l ni cung cp thng tin tin cy t d liu c trong zone. C php
ca record SOA:
[tn-min] IN SOA [tn-server-dns] [a-ch-email] (
serial number;
refresh number;
retry number;
experi number;
Time-to-live number)
V d: Khai bo record SOA:
t3h.com. IN SOA dnsserver.t3h.com. root.t3h.com. (
2005040401 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 151/271

86400 ) ; Minimum TTL of 1 day
Tn min t3h.com. nm ct u tin. T kho IN ch ra lp (class) d liu l Internet. C mt
s lp d liu khc ngoi Internet nhng mc nh l IN. Tn xut hin sau t kho SOA
(dnsserver.t3h.com.) l tn ca primary name server (primary master name server) cho zone ny.
Tn th hai (root.t3h.com.) l a ch e-mail ca ngi c trch nhim qun l d liu trong zone
(du . u tin c thay th cho du @"). Du ngoc cho php record SOA tri rng trn
nhiu dng. Cc d liu trong phn ny ch yu dng cho cc my Secondary Name Server.
- Serial : p dng cho mi d liu trong zone v l 1 s nguyn. Trong v d, gi tr ny bt
u t 1 nhng thng thng ngi ta s dng theo nh dng thi gian nh 1997102301.
nh dng ny theo kiu YYYYMMDDNN, trong YYYY l nm, MM l thng, DD l ngy
v NN s ln sa i d liu zone trong ngy. Bt k l theo nh dng no, lun lun phi
tng s ny ln mi ln sa i d liu zone. Khi my ch Secondary lin lc vi my ch
Primary, trc tin n s hi s serial. Nu s serial ca my Secondary nh hn s serial
ca my Primary tc l d liu zone trn Secondary c v sau my Secondary s sao
chp d liu mi t my Primary thay cho d liu ang c hin hnh.
- Refresh: Ch ra khong thi gian my ch Secondary kim tra d liu zone trn my Primary
cp nht nu cn. Trong v d trn th c mi 3 gi my ch Secondary s lin lc vi
my ch Primary cp nht d liu nu c. Gi tr ny thay i tu theo tn sut thay i
d liu trong zone.
- Retry: nu my ch Secondary khng kt ni c vi my ch Primary theo thi hn m t
trong refresh (v d my ch Primary b shutdown vo lc th my ch Secondary phi tm
cch kt ni li vi my ch Primary theo mt chu k thi gian m t trong retry. Thng
thng gi tr ny nh hn gi tr refresh.
- Expire: Nu sau khong thi gian ny m my ch Secondary khng kt ni c vi my
ch Primary th d liu zone trn my Secondary s b qu hn. Mt khi d liu trn
Secondary b qu hn th my ch ny s khng tr li mi truy vn v zone ny na. Gi tr
expire ny phi ln hn gi tr refresh v gi tr retry.
- TTL: Vit tt ca time to live. Gi tr ny p dng cho mi record trong zone v c nh
km trong thng tin tr li mt truy vn. Mc ch ca n l ch ra thi gian m cc my ch
name server khc cache li thng tin tr li. Vic cache thng tin tr li gip gim lu lng
truy vn DNS trn mng.
VIII.2. NS (Name Server)
Record tip theo cn c trong zone l NS (name server) record. Mi name server cho zone s c
mt NS record. C php khai bo:
[tn-domain] IN NS [DNS-Server_name]
V d: Record NS sau:
t3h.com. IN NS dnsserver.t3h.com.
t3h.com. IN NS server.t3h.com.
V d trn ch ra 2 nameserver qun l c s d liu cho min t3h.com
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 152/271

VIII.3. A (Address) v CNAME (Canonical Name)
Record A (Address) nh x tn my(hostname) vo a ch IP. Record CNAME (canonical name)
to tn b danh alias tr vo mt tn canonical. Tn canonical l tn host trong record A hoc li
tr vo 1 tn canonical khc.
C php record A:
[tn-my-tnh] IN A [a-ch-IP]
V d: S record A trong tp tin db.t3h
// Hostname nh x vo a ch IP tng ng
localhost.t3h.com. IN A 127.0.0.1
dnsserver.t3h.com. IN A 172.29.14.2
//Mt hostname nh x cho nhiu a ch IP
server.t3h.com. IN A 172.29.14.1
server.t3h.com. IN A 192.253.253.1
// Ch nh server.t3h.com. nh x v www.t3h.com.
server.t3h.com. IN CNAME www.t3h.com.
VIII.4. MX (Mail Exchange)
DNS dng record MX trong vic chuyn mail trn mng Internet. Ban u chc nng chuyn mail
da trn 2 record: record MD (mail destination) v record MF (mail forwarder) records. MD ch ra
ch cui cng ca mt thng ip mail c tn min c th. MF ch ra my ch trung gian s
chuyn tip mail n c my ch ch cui cng. Tuy nhin, vic t chc ny hot ng
khng tt. Do , chng c tch hp li thnh mt record l MX. Khi nhn c mail, trnh
chuyn mail (mailer) s da vo record MX quyt nh ng i ca mail. Record MX ch ra
mt mail exchanger cho mt min - mail exchanger l mt my ch x l (chuyn mail n
mailbox cc b hay lm gateway chuyn sang mt giao thc chuyn mail khc nh UUCP) hoc
chuyn tip mail n mt mail exchanger khc (trung gian) gn vi mnh nht n ti my ch
ch cui cng hn dng giao thc SMTP (Simple Mail Transfer Protocol). trnh vic gi mail
b lp li, record MX c thm 1 gi tr b sung ngoi tn min ca mail exchanger l 1 s th t
tham chiu. y l gi tr nguyn khng du 16-bit (0-65535) ch ra th t u tin ca cc mail
exchanger. C php record MX:
[tn-domain] IN MX [-u-tin] [tn-Mail-Server]
V d:
t3h.com. IN MX 10 mailserver.t3h.com.
Ch ra my ch mailserver.t3h.com l mt mail exchanger cho min t3h.com vi s th t tham
chiu 10.
Ch : Cc gi tr ny ch c ngha so snh vi nhau:
V d: khai bo min t3h.com c hai mail server qun l l listo.t3h.com v hep.t3h.com qun l.
t3h.com. IN MX 1 listo.t3h.com.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 153/271

t3h.com. IN MX 2 hep.t3h.com.
Trnh chuyn th mailer s th phn pht th n mail exchanger c s th t tham chiu nh
nht trc. Nu khng chuyn th c th mail exchanger vi gi tr k sau s c chn.
Trong trng hp c nhiu mail exchanger c cng s tham chiu th mailer s chn ngu nhin
gia chng.
VIII.5. PTR (Pointer)
Record PTR (pointer) dng nh x a ch IP thnh hostname. C php khai bo:
[a-ch-IP] IN PTR [tn-my-tnh]
V d cc record PTR cho cc host trong mng 192.249.249:
1.14.29.172.in-addr.arpa. IN PTR server.t3h.com.
2.14.29.172.in-addr.arpa. IN PTR dnsserver.t3h.com.
3.14.29.172.in-addr.arpa. IN PTR mailserver.t3h.com.
4.14.29.172.in-addr.arpa. IN PTR diehard.t3h.com.
IX. Hot ng ca Name Server trong Linux
DNS name server khi hot ng s pht sinh ra mt mt daemon c tn l named. Trong qu
trnh khi ng, named c cc tp tin d liu ri ch cc yu cu phn gii qua cng xc nh
trong tp tin /etc/services. Khi nhn c mt yu cu t resolver, u tin Named dng giao
thc UDP truy vn. Nu dng giao thc UDP phn gii khng c kt qu, sau named s
dng giao thc TCP. Mt s t im cn ghi nh trong qu trnh truy vn gia Client v Server.
- Truy vn t Client n Server s dng cng ngun l 1023, cng ch l 53.
- Server tr li truy vn v cho s dng cng ngun l 53, cng ch l ln hn 1023.
- Truy vn v tr li gia cc server s dng giao thc UDP cng ngun v ch u l 53, vi
TCP truy vn ca server s s dng cng > 1023.
X. Ci t BIND
Hu ht cc phin bn ca RedHat v Fedora Linux cung cp package BIND.*.rpm(i vi FC l
bind-9.2.3-13.*.rpm)Mt s package ca BIND(trong Fedora):
- bind-9.2.3-13 i.386.rpm : L package chnh ca DNS Server.
- bind-libs-9.2.3-13.386.rpm : Cung cp cc th vin tr gip cho DNS Server.
- bind-utils-9.2.3-13.386.rpm : Cung cp cc tin ch tch hp cho DNS Server.
- system-config-bind-2.0.2-5.386.rpm : Cung cp giao din cu hnh DNS Server trn mi
trng XWindows.
- caching-nameserver-7.2-12.386.rpm : L package cung cp cc file mu h tr cu hnh
Caching nameserver v cu hnh dch v DNS.
- caching-nameserver-ltsp-7.2-k12ltsp.5.3.0.386.rpm : L package cung cp cc file cu hnh
mu cho zone ltsp.
- bind-chroot-9.2.3-13.i386.rpm : l package cung cp mt s tnh nng bo mt mi gii
hn truy xut file cu hnh ca dch v DNS.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 154/271

Ta dng lnh rpm ivh ci t cc package trn.
X.1. Mt s file cu hnh quan trng
RedHat/Fedora BIND hot ng trong h thng di dng tin trnh named do user c tn named
lm ch s hu, tng tnh nng bo mt trong h thng Fedora, BIND cung cp thm
package bind-chroot-9.2.3-13.i386.rpm gii hn vic truy xut vo cc file cu hnh ca
named, khi ta ci chroot package th named xem th mc /var/named/chroot l th mc gc, cc
file /var/named/chroot/etc/named.conf l tp tin khai bo zone, /var/named/chroot/var/named/ l
th mc lu tr file c s d liu. Khi ta dng chroot th tt c cc file cu hnh named u c
a vo th mc /var/named/chroot. Nu ta khng s dng package ny ngha l ta loi b bind-
chroot-9.2.3-13.i386.rpm th cc file m t thng tin cu hnh DNS c lu ti:
- /etc/named.conf
- /var/named/
- /etc/rndc.key, /etc/rndc.conf l cc file h tr cho vn chng thc trong named.
X.2. Cu hnh
Trc khi cu hnh nhng Name Server chng ta cn phi tri qua nhng bc sau:
- To hoc m tp tin /etc/named.conf
- Cu hnh zone file (forward zone file, reverse zone file)
- Cu hnh DNS client
X.2.1 Cu hnh tp tin /etc/named.conf
Tp tin ny cha nhng thng tin quan trng c s dng bi daemon named khi daemon ny
khi ng. Ni dung ca tp tin ny nh sau:
options { ; Ch nh cc ty chn
directory "/var/named"; Th mc lu tr file c s d liu ca zone
forwarders {172.29.2.2;}; Ch nh truy vn quy ln server khi truy vn ra ngoi
};
// Khai bo caching zone name
zone "." {
type hint;
file "named.ca";
};
// Khai bo zone thun cc b localhost
zone "localhost" {
type master;
file "localhost.zone";
allow-update { none; };
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 155/271

};
// Khai bo zone nghch cc b localhost
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
allow-update { none; };
};
//khai bo zone thun cc b t3h.com
zone "t3h.com" {
type master;
file "named.hosts";
allow-query { any; };
};
//khai bo zone nghch cho zone t3h.com
zone "14.29.172.in-addr.arpa" {
type master;
file "named.rev";
allow-query { any; };
};
- Directory: Th mc lm vic ca Server. Bt k nhng ng dn khng tuyt i no u
nh x n th mc ny. C php: directory [tn-th-mc]
- forwarders: ch ra nhng a ch IP ca cc name server m n s gi yu cu truy vn khi
c nhu cu. C php: forwarders {[a-ch-IP;]...}; Nameserver cc b s truy vn Name
Server c a ch IP 172.29.2.2 khi c mt yu cu khng phn gii c.
V d:
options {
directory /var/named;
forwarders {172.29.2.2;};
};
- zone: nh ngha mt zone qun l CSDL cho min hay min con. C php khai bo:
zone [ten-mien] IN {
type master/slave/hint/stub;
[ masters [ port ip_port ] { ip_addr [key key_id]; [ ... ] }; ]
file path_name;
};
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 156/271

- type: ch ra loi name server:
- master: server c bn copy chnh c s d liu.
- Slave: server lu mt bn sao CSDL t master. Nu mt tp tin c ch ra n s sao chp
ton b zone master v.
- Stub: tng t nh slave nhng ch sao chp record NS t Master ch khng phi ton b
d liu.
- Hint: zone ch ra nhng root name server
- masters: ch ra a ch IP ca master name server (s dng trong khai bo secondary zone)
- file: tp tin nh ngha CSDL.
X.2.2 Cu hnh zone file
- To tp tin CSDL phn gii tn my tnh thnh a ch IP
- To tp tin CSDL phn gii tn a ch IP thnh tn my tnh
Sau y l tun t nhng bc:
Bc 1: To tp tin c s d liu chuyn i tn my tnh thnh a ch IP, Tp tin ny lu danh
sch tt c nhng my tnh trong min. N c dng phn gii tn my (hostname) thnh
a ch IP. Nhng record khc nh: CNAME, MX cng c nh ngha trong tp tin ny.
V d:
@ IN SOA dnsserver.t3h.com. root.t3h.com. (
2001112800;
10800;
1800;
36000;
86400)
IN NS dnsserver.t3h.com.
IN MX 0 mailserver.t3h.com.
dnsserver IN A 172.29.14.2
server IN A 172.29.14.1
mailserver IN A 172.29.14.3
www IN CNAME server.t3h.com.
Bc 2: To tp tin c s d liu chuyn i a ch IP thnh tn my tnh. Tp tin ny c s
dng phn gii a ch IP thnh tn my.
V d:
@ IN SOA dnsserver.t3h.com. root.t3h.com. (
2001112800;
10800;
1800;
3600000;
86400 )
IN NS dnsserver.t3h.com.
IN MX 0 mailserver.t3h.com.
2 IN PTR dnsserver.t3h.com.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 157/271

1 IN PTR server.t3h.com.
X.2.3 Cu hnh DNS Client
Cu hnh DNS Client nhm s dng cng c nslookup kim tra nhng Name Server va cu
hnh. Trong Linux, nhng thng s cu hnh DNS client c lu trong tp tin /etc/resolv.conf.
Tp tin /etc/resolv.conf dng quyt nh DNS Server c th cn phi truy vn v cch b sung
phn tn min cho phn tn ca my. Ni dung ca tp tin c dng sau:
nameserver [a-ch-IP-ca-Name-Server]
domain [tn-min]
Trong :
- nameserver: dng nh ngha my ch DNS m resolver s gi yu cu phn gii tn
hoc a ch IP khi c nhu cu. Sau t kho Name Server l a ch IP ca Name Server.
- domain: s c ni thm vo sau tn my tnh khi resolver gi yu cu n server.
V d: V ni dung tp tin /etc/resolver
nameserver 172.29.14.2
domain t3h.com
XI. Kim tra hot ng ca DNS
Khi hon thnh cc thao tc cn thit cu hnh cho my ch DNS, ta nn kim tra li khng
nh nhng cu hnh ny ng hay cn sai xt nhng im no. Mt cng c c lc gip
kim tra cu hnh dns l nslookup, hoc lnh host.
Lnh nslookup:
#nslookup
Default Server: dnsserver.t3h.com
Address: 172.29.14.2
>www.t3h.com
Server: dnsserver.t3h.com
Address: 172.29.14.2
Name: WebServer.t3h.com
Address: 172.29.14.41
Aliases: www.t3h.com
Kim tra cc record SOA, NS,MX ca min bng lnh:
>Set type=any
>domain_name
V d:
>set type=mx
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 158/271

>t3h.com
server: dnsserver.t3h.com
address: 172.29.14.2
dnsserver.t3h.com preference=0, mail exchanger=mailserver.t3h.com
t3h.com nameserver=dnsserver.t3h.com
dnsserver.t3h.com internet address=172.29.14.2
Lnh host
# host www.linuxhomenetworking.com
www.linuxhomenetworking.com has address 65.115.71.34
# host 65.115.71.34
34.71.115.65.in-addr.arpa domain name pointer 65-115-71-34.myisp.net.
XII. Cu hnh Secondary Name Server
Cu hnh Secondary Name Server tng t nh cu hnh Primary Name Server nhng c mt
s im khc sau:
- Khng to cc tp tin CSDL cho zone. Nhng tp tin ny s t ng c sao chp t
Primary Name Server v lu ti my mt bn.
- Trong tp tin /etc/named.conf thay th thuc tnh type l master thnh slave.
- Cung cp a ch IP ca Primary Name Server.
- V d:
zone "netlab.vnedu.net"{
type slave;
file "sec/netlab.vnedu.net";
masters{
172.29.9.199;
};
zone "29.29.192.in-addr.arpa"{
type slave;
file "named.rev";
masters {192.29.29.1;};
};
XIII. Mt s quy c
Ct th 2 trong khai bo zone ca tp tin /etc/named (zone t3h.com hay zone 14.29.172.in-
addr.arpa) c th gip ta mt s khai bo nhanh chng trong tp tin c s d liu nh sau :
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 159/271

dnsserver.t3h.com. IN A 172.29.14.2
C th vit l :
dnsserver IN A 172.29.14.2
Khai bo
2.14.29.172.in-addr.arpa. IN PTR dnsserver.t3h.com.
C th vit l :
2 IN PTR dnsserver.t3h.com.
Khai bo
@ IN SOA dnsserver.t3h.com. root.t3h.com. (
1; serial
10800 ; refresh after 3 hours
36000; retry after 1 hour
604800; expire after 1 week
86400) ; minimum TTL of 1 day
tng ng vi :
net.hcmuns.edu.vn. IN SOA

Nu ct u tin ca mt entry trong tp tin c s d liu l cc khong trng hay spacebar th
n s ly gi tr ct tng ng ca resource record ngay dng trn ca n.
V d :
webserver IN A 172.29.14.41
webserver IN A 172.29.14.42
C th vit l :
webserver IN A 172.29.14.41
IN A 172.29.14.42
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 160/271

XIV. Cu hnh s y quyn cho cc min con
com
vinamilk
honda
vn
Delegating domain Delegating domain
Nameserver
Nameserver
Nameserver

Thng thng min cha cung cp cc domain con cho min con di hnh thc y quyn cho
min con t qun l v t chc c s d liu cho min con(thut ng ny thng c gi l
delegation domain), hoc min cha to hosting domain cho min con (theo cch ny th min cha
phi t chc v qun l c s d liu cho min con ). Da vo s trn ta thc hin cc thao
tc c bn sau thc hin cng vic cung cp subdomain qua c ch y quyn cho cc
nameserver qun l c s d liu ca min con. Ti nameserver qun l c s d liu cho min
com.vn ta m cc thng tin sau thc hin c ch y quyn cho hai min con vinamilk.com.vn
v honda.com.vn cho hai server vinamilkserv, hondaserv qun l:
vinamilkserv IN A <ipaddress1>
vinamilk IN NS vinamilkserv.com.vn.
Trong ipaddress1 l a ch IP ca nameserver qun l c s d liu cho min
vinamilk.com.vn. Sau ta cn m t RR PTR cho vinamilkserv trong file m t c s d liu cho
zone nghch.
<host_id> IN PTR vinamilkserv.com.vn
Tng t ta c th y quyn min honda.com.vn cho hondaserv.
hondaserv IN A <ipaddress2>
honda IN NS hondaserv.com.vn.
Trong ipaddress2 l a ch IP ca nameserver qun l c s d liu cho min honda.com.vn.
Sau ta cn m t RR PTR cho hondaserv trong file m t c s d liu cho zone nghch.
<host_id> IN PTR hondaserv.com.vn
Lu : min con ta cn m t forwarders{ipaddress;} ln min cha min con nh
nameserver ca min cha phn gii tn min bn ngoi cho min con.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 161/271


BI 13
File Transfer Protocol
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu c
ch cu hnh v t
chc qun tr dch v
FTP
I. Gii thiu v FTP
II. Chng trnh FTP Server
III. Chng trnh FTP client
IV. Gii thiu VsFTP
V. Cu hnh Virtual FTP Server
Bi tp 3.1
(Dch v FTP)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 162/271

I. Gii thiu v FTP
I.1. Giao thc FTP
FTP l t vit tt ca File Transfer Protocol. Giao thc ny c xy dng da trn chun TCP,
FTP cung cp c ch truyn tin di dng file thng qua mng TCP/IP, FTP l 1 dch v c bit
v n dng n 2 cng: cng 20 dng truyn d liu (data port) v cng 21 dng truyn
lnh (command port).
I.1.1 Active FTP
ch ch ng (active), my khch FTP (FTP client) dng 1 cng ngu nhin khng dnh
ring (cng N > 1024) kt ni vo cng 21 ca FTP server. Sau , my khch lng nghe trn
cng N+1 v gi lnh PORT N+1 n FTP server. Tip theo, t cng d liu ca mnh, FTP
server s kt ni ngc li vo cng d liu ca client khai bo trc (tc l N+1), kha
cnh firewall, FTP Server h tr ch active cc knh truyn sau phi m:
- Cng 21 phi c m cho bt c ngun gi no ( client khi to kt ni)
- FTP server's port 21 to ports > 1024 (Server tr li v cng iu khin ca client)
- Cho kt ni t cng 20 ca FTP server n cc cng > 1024 (Server khi to kt ni vo
cng d liu ca client)
- Nhn kt ni hng n cng 20 ca FTP server t cc cng > 1024 (Client gi xc nhn
ACKs n cng data ca server)

S kt ni
- Bc 1, client khi to kt ni vo cng 21 ca server v gi lnh PORT 1027.
- Bc 2 server gi xc nhn ACK v cng lnh ca client.
- Bc 3 server khi to kt ni t cng 20 ca mnh n cng d liu m client khai bo
trc .
- Bc 4 client gi ACK phn hi cho server.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 163/271

Khi FTP Server hot ng ch ch ng, Client khng to kt ni tht s vo cng d liu
ca FTP server, m ch n gin l thng bo cho server bit rng n ang lng nghe trn cng
no v server phi kt ni ngc v client vo cng . Trn quan im firewall i vi my client
iu ny ging nh 1 h thng bn ngoi khi to kt ni vo h thng bn trong v iu ny
thng b ngn chn trn hu ht cc h thng Firewall.
V d: Phin lm vic active FTP:
Trong v d ny phin lm vic FTP khi to t my testbox1.slacksite.com (192.168.150.80),
dng chng trnh FTP client dng dng lnh, n my ch FTP testbox2.slacksite.com
(192.168.150.90). Cc dng c du --> ch ra cc lnh FTP gi n server v thng tin phn hi
t cc lnh ny. Cc thng tin ngi dng nhp vo di dng ch m.
Lu Khi lnh PORT c pht ra trn client c th hin 6 byte. 4 byte u l a ch IP
ca my client cn 2 byte sau l s cng. Gi tr cng uc tnh bng (byte_5*256) + byte_6, v
d ( (14*256) + 178) l 3762.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
I.1.2 Passive FTP
gii quyt vn l server phi to kt ni n client, mt phng thc kt ni FTP khc
c pht trin. Phng thc ny gi l FTP th ng (passive) hoc PASV (l lnh m client
gi cho server bo cho bit l n ang ch passive).
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 164/271

ch th ng, FTP client to kt ni n server, trnh vn Firewall lc kt ni n cng
ca my bn trong t server. Khi kt ni FTP c m, client s m 2 cng khng dnh ring N,
N+1 (N > 1024). Cng th nht dng lin lc vi cng 21 ca server, nhng thay v gi lnh
PORT v sau l server kt ni ngc v client, th lnh PASV c pht ra. Kt qu l server
s m 1 cng khng dnh ring bt k P (P > 1024) v gi lnh PORT P ngc v cho client..
Sau client s khi to kt ni t cng N+1 vo cng P trn server truyn d liu. theo quan
im Firewall trn server FTP, h tr FTP ch passive, cc knh truyn sau phi c m:
- Cng FTP 21 ca server nhn kt ni t bt k ngun no (cho client khi to kt ni)
- Cho php tr li t cng 21 FTP server n cng bt k trn 1024 (Server tr li cho cng
control ca client)
- Nhn kt ni trn cng FTP server > 1024 t bt c ngun no (Client to kt ni truyn
d liu n cng ngu nhin m server ch ra)
- Cho php tr li t cng FTP server > 1024 n cc cng > 1024 (Server gi xc nhn
ACKs n cng d liu ca client)

S kt ni Passive FTP
+ Bc 1, client kt ni vo cng lnh ca server v pht lnh PASV.
+ Bc 2 server tr li bng lnh PORT 2024, cho client bit cng 2024 ang m
nhn kt ni d liu.
+ Buc 3 client to kt ni truyn d liu t cng d liu ca n n cng d liu 2024
ca server.
+ Bc 4 l server tr li bng xc nhn ACK v cho cng d liu ca client.
Trong khi FTP ch th ng gii quyt c vn pha client th n li gy ra nhiu vn
khc pha server. Th nht l cho php my xa kt ni vo cng bt k > 1024 ca server.
iu ny kh nguy him tr khi FTP cho php m t dy cc cng >= 1024 m FTP server s
dng (v d WU-FTP Daemon). Vn th hai l mt s FTP client li khng h tr ch th
ng. V d tin ch FTP client m Solaris cung cp khng h tr FTP th ng. Khi cn phi
c thm trnh FTP client. Mt lu l hu ht cc trnh duyt Web ch h tr FTP th ng khi
truy cp FTP server theo ng dn URL ftp://.
V d phin lm vic passive FTP:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 165/271

Trong v d ny phin lm vic FTP khi to t my testbox1.slacksite.com (192.168.150.80),
dng chng trnh FTP client dng dng lnh, n my ch FTP testbox2.slacksite.com
(192.168.150.90), my ch Linux chy ProFTPd 1.2.2RC2. Cc dng c du --> ch ra cc lnh
FTP gi n server v thng tin phn hi t cc lnh ny. Cc thng tin ngi nhp vo di
dng ch m.
Lu : i vi FTP th ng, cng m lnh PORT m t chnh l cng s c m trn server.
Cn i vi FTP ch ng cng ny s c m client.
testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.
II. Chng trnh FTP Server
FTP Server l my ch lu gi nhng ti nguyn v h tr giao thc FTP giao tip vi nhng
my tnh khc cho php truyn d liu trn Internet. Mt s chng trnh ftp server s dng trn
Linux:
- Vsftpd
- Wu-ftpd
- PureFTPd
- ProFTPD
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 166/271

III. Chng trnh FTP client
L chng trnh giao tip vi FTP Server, hu ht cc h iu hnh u h tr ftp client, trn
linux hoc Windows m kt ni ti FTP Server ta dng lnh #ftp <ftp_address>. thit lp
mt phin giao dch, ta cn phi c a ch IP (hoc tn my tnh), mt ti khon (username,
password). Username m FTP h tr sn cho ngi dng m mt giao dch FTP c tn l
anonymous vi password rng. Sau y l mt v d v m mt phin giao dch n FTP Server:

Mt s tp lnh ca ftp client:
Tn
lnh
C php ngha
? hoc
lnh help
? [command] Hin th gip v
[command]
append append local-file [remote-file] Ghp mt file cc b
vi 1 file trn Server
ascii ASCII Ch nh kiu truyn file
l ascii (y l kiu
truyn mc nh).
binary binary Ch nh kiu truyn file
l binary(y l kiu
truyn mc nh).
bye bye Kt thc ftp session
cd cd remote-directory Thay i ng dn
th mc trn FTP
Server
delete delete remote-file Xa file trn FTP
Server
dir dir remote-directory Lit k danh sch file
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 167/271

get get remote-file [local-file] Download file t FTP
Server v my cc b
lcd lcd [directory] Thay i th mc trn
my cc b
ls ls [remote-directory] [local-file] Lit k cc tp tin v
th mc
mdelete mdelete remote-files [ ...] Xa nhiu file
mget mget remote-files [ ...] Download nhiu file
mkdir mkdir directory To th mc
put put local-file [remote-file] Upload tp tin
mput mput local-files [ ...] Upload nhiu tp tin
open open computer [port] Kt ni ti ftp server
prompt prompt Tt c ch confirm sau
mi ln download file
disconne
ct
disconnect Hy kt ni FTP
Pwd pwd Xem th mc hin ti
quit quit Thot khi ftp session
recv recv remote-file [local-file] Copy file t remote v
local
Rename rename filename newfilename Thay i tn file
rmdir rmdir directory Xa th mc
Send send local-file [remote-file] Copy file t local n
remote
User user user-name [password]
[account]
Chuyn i user khc

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 168/271

IV. Gii thiu VsFTP
Vsftpd l mt package mi gip cu hnh ftp server trong RedHat Linux 9. Vsftpd (Very Secure
FTP Daemon) c pht trin xoay quanh tnh nng nhanh, nh v an ton. VsFTP c kh
nng qun l s lng kt ni ln mt cch hiu qu v an ton.
IV.1. Nhng tp tin c ci t lin quan n vsftpd
Sau y lit k nhng tp tin v th mc thng c quan tm khi cu hnh vsftpd server:
- /etc/pam.d/vsftpd: Tp tin cu hnh PAM cho vsftpd. Tp tin ny nh ngha nhng yu cu
m ngi dng phi cung cp khi ng nhp vo ftp server.
- /etc/vsftpd/vsftpd.conf: tp tin cu hnh vsftpd server.
- /etc/vsftpd.ftpusers: lit k nhng ngi dng khng c login vo vsftpd. Mc nh danh
sch nhng ngi dng ny gm root, bin, daemon v nhng ngi dng khc
- /etc/vsftpd.user_list: tp tin ny c cu hnh cm hay cho php nhng ngi dng
c lit k truy cp ftp server. iu ny ph thuc vo ty chn userlist_deny c xt YES
hay NO trong tp tin vsftpd.conf. Nu nhng ngi dng lit k trong tp tin ny th
khng c xut hin trong vsftpd.ftpusers
- /var/ftp/: th mc cha nhng tp tin p ng cho vsftpd. N cng cha th mc pub cho
ngi dng anonymous. Th mc ny ch c th c, ch c root mi c kh nng ghi.
IV.2. Khi ng v dng vsftpd
Sau khi ci t phn mm VSFTPD hoc sau khi ta thay i cu hnh, ta phi tin hnh kch hot
dch v FTP. Qu trnh khi ng li s gip cho Daemon VSFTPD cp li cc thng s m ta
thay i, s dng lnh chkconfig vsftpd on t dch v FTP l system services. Mt s lnh
cn s dng khi ta mun khi ng li dch v FTP:
#service vsftpd start/stop/restart
Hoc s dng lnh
#/etc/init.d/vsftpd start/stop/restart
IV.3. Mt s thng s cu hnh mc nh
Mc nh dch v FTP s dng phn mm VSFTPD cho php ngi dng anonymous, ngi
dng cc b trong h thng c quyn login vo FTP Server, ch c user root v nhng user
khc c UID<100 khng c login.
- i vi anonymous c login vo FTP server v c th mc gc /var/ftp vi quyn truy xut
read (c v truy xut ti liu).
- i vi ngi dng cc b (localuser) c quyn login vo dch v FTP v c th mc FTP
root l /home/username (username l tn user login) vi quyn read, write.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 169/271

IV.4. Nhng ty chn cu hnh vsftpd
Tt c nhng cu hnh ca vsftpd c lu gi trong tp tin cu hnh /etc/vsftpd/vsftpd.conf. Mi
ty chn trong tp tin c nh dng sau: <ty chn>=<value>, nhng dng ch thch c nh
du #
Daemon:
- Listen: Khi n c gi tr YES th VSFTPD chy trong ch standalone. Thuc tnh ny
khng c xt vi listen_ipv6, gi tr mc nh l YES.
- Session_support: nu ty chn ny c gi tr l YES th vsftpd c gng qun l giao dch login
ca ngi dng ngang qua PAM (Pluggable Authentication Modules), gi tr mc nh l
YES.
ng nhp v iu khin truy cp:
- anonymous_enable: nu ty chn ny c gi tr l YES th ngi dng anonymous c
php login vo, gi tr mc nh YES
- banned_email_file: Nu ty chn deny_email_enable c xt l YES, ty chn ny ch ra
tp tin cha danh sch nhng password email ca anonymous khng cho php truy cp n
server, gi tr mc nh: /etc/vsftpd.banned_emails
- banner_file: ch ra tp tin text s c hin th khi kt ni n server c thit lp.
- cmds_allowed: ch ra danh sch nhng lnh ftp (phn cch nhau bi du phy) c cho
php bi ftp server. Tt c nhng lnh khc s b t chi.
- deny_email_enable: nu ty chn ny c gi tr l YES th ngi dng anonymous s dng
password c ch ra trong tp tin /etc/vsftpd.banned_emails b cm truy cp n server, gi
tr mc nh l NO
- ftpd_banner: nu ty chn ny c gi tr l YES th chui c ch ra trong ty chn ny s
hin th dng thong tin m t khi ngi dng thit lp kt ni vi server. Ty chn ny s ghi
ln banner_file. Mc nh vsftpd hin th banner chun.
- local_enable: nu ty chn ny c gi tr l YES th nhng ngi dng cc b c login vo
h thng.
- userlist_deny: c s dng khi ty chn userlist_enable c t l NO, tt c nhng
ngi dng cc b b cm truy cp tr nhng ngi dng c ch ra trong userlist_file. Bi
v nhng truy cp b cm trc khi client c yu cu nhp vo password, t ty chn ny
l NO ngn chn nhng ngi dng cc b gi password khng m ha trn mng, gi
tr mc nh l YES.
- userlist_enable: nu ty chn ny c gi tr l YES th nhng ngi dng c ch ra trong
tp tin trong userlist_file b cm truy cp. Bi v client b cm trc khi client nhp password,
ngi dng b ngn chn gi password khng m ha trn mng, mc nh l YES.
- userlist_file: ch ra tp tin lit k danh sch cc ngi dng, gi tr mc nh
/etc/vsftpd.user_list.
Ngi dng Anonymous:
- anon_mkdir_write_enable: nu ty chn ny c gi tr l YES v kt hp vi
write_enable=YES th ngi dng anonymous c php to th mc mi trong th mc
cha c quyn write, gi tr mc nh l NO
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 170/271

- anon_root: ch ra th mc vsftpd trao i khi ngi dng anonymous login vo
- anon_upload_enable: nu ty chn ny c gi tr l YES v cng vi write_enable=YES th
ngi dng anonymous c php upload tp tin trong th mc cha vi quyn ghi, gi tr
mc nh l NO
- anon_world_readable_only: nu ty chn ny c gi tr l YES th ngi dng anonymous
ch c php download nhng tp tin c quyn c, gi tr mc nh l YES
- ftp_username: ch ra ngi dng cc b c s dng cho anonymous ftp server. Home
directory c c ch ra trong tp tin /etc/passwd cho ngi dng l th mc gc ca
anonymous ftp server, gi tr mc nh l ftp
- no_anon_password: nu ty chn ny c gi tr l YES th ngi dng anonymous s khng
yu cu nhp password, gi tr mc nh l NO
Ngi dng cc b:
- Nhng ty chn lit k sau y s nh hng n cch truy cp ca ngi dng cc b n
server. s dng nhng ty chn ny, ty chn local_enable=YES
- local_enable: cho php ngi dng cc b truy cp n ftp server
- chmod_enable: cho php ngi dng c php thay i quyn hn trn tp tin, gi tr mc
nh l YES
- chroot_local_user: nu ty chn ny c gi tr l YES th ngi dng c th di chuyn n
home directory ca h sau khi login vo, gi tr mc nh l NO
- guest_enable: nu ty chn ny c gi tr l YES th ngi dng anonymous login vo nh
guest, m c ch ra trong guest_username, gi tr mc nh l NO
- guest_username: ch ra username ca ngi dng guest, gi tr mc nh l ftp
- local_root: Ch ra th mc vsftpd sau khi ngi dng cc b login vo
Th mc:
- dirlist_enable: Nu ty chn ny c gi tr l YES th cc ngi dng c php xem ni
dung ca th mc, gi tr mc nh l YES
- dirmessage_enable: Nu ty chn ny c gi tr l YES th mi khi ngi dng di chuyn vo
th mc s hin th ra mt thng ip c lu trong tp tin ch nh sn. Tp tin ny c
ch ra trong ty chn message_file v tn mc nh l .message. N c lu trong th mc
di chuyn vo.
- Message_file: ch ra tn ca tp tin message, Gi tr mc nh l .message
Truyn tp tin:
- Download _enable: nu ty chn ny c gi tr l YES th download c cho php, gi tr
mc nh l YES
- Chown_uploads: nu ty chn ny c gi tr l YES th tt c nhng tp tin c upload bi
ngi dng anonymous c s hu bi ngi dng c ch ra trong chown_username,
gi tr mc nh l YES
- chown_username: ch ra ngi s hu nhng tp tin c upload bi ngi dng
anonymous, gi tr mc nh l root
- write_enable: Cung cp quyn ghi cho ngi dng
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 171/271

Ngn chn host truy xut vo ftp server: FTP Server kt hp vi tcp_wrappers thc thi c ch
gii hn host truy xut vo FTP Server:
- Bc 1: t tcp_wrappers=YES trong file vsftpd.conf
- Bc 2: M t file thng tin cm host <x.y.z.t> trong file /etc/hosts.deny
vsftpd:<host_address>
V. Cu hnh Virtual FTP Server
To thm 1 Virtual IP address (v d a ch 1.2.3.4), chp tp tin /etc/vsftpd/vsftpd.conf
/etc/vsftpd/*.conf v thay i cc thng tin sau:
- listen=YES
- listen_address=1.2.3.4
- connect_from_port_20=YES
- anonymous_enable=YES
- anon_root=/srv/ftp/knusper
- ftpd_banner=Welcome to FTP at knusper.wiremonkeys.org. Behave!
Chnh sa file /etc/vsftpd/vsftpd.conf v thm ch dn listen_address=<a ch IP ban u>
Sau restart li dch v VSFTPD bng lnh /etc/init.d/vsftpd restart.
V.1. Logging
- dual_log_enable: nu ty chn ny c gi tr l YES v cng vi xferlog_enable=YES th
vsftpd s vit 2 tp tin ng thi l: mt log tng thch vi wu-ftpd c ch ra trong
xferlog_file v mt tp tin log chun vsftpd c ch ra trong vsftpd_log_file, gi tr mc nh
l NO
- xferlog_enable: nu ty chn ny c gi tr l YES th vsftpd ghi li nhng kt ni v thng tin
truyn tp tin vo tp tin log c ch ra trong ty chn vsftpd_log_file, gi tr mc nh l NO
- xferlog_file: ch ra tp tin log tng thch vi wu-ftpd, gi tr mc nh l /var/log/xferlog
- vsftpd_log_file: ch ra tp tin log vsftpd, gi tr mc nh l /var/log/vsftpd.log
V.2. Network
Nhng ty chn sau y phn nh cch vsftpd tng tc trong mng:
- accept_timeout: Ch ra lng thi gian mt client s dng ch passive thit lp kt ni,
gi tr mc nh l 60
- anon_max_rate: Ch ra tc truyn d liu ti a cho ngi dng anonymous. Tnh bng
byte/second, gi tr mc nh l 0 (khng gii hn tc truyn)
- connect_timeout: Ch ra lng thi gian mt client s dng ch active tr li cho qu
trnh kt ni d liu. Tnh bng giy, gi tr mc nh l 60
- data_connect_timeout: Ch ra khi lng thi gian truyn d liu ti a. Tnh bng giy. Khi
ht thi gian cho php kt ni t client s b ng, gi tr mc nh l 300
- max_clients: Ch ra s client ti a c th ng thi truy cp n server
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 172/271

BI 14
WEB SERVER
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.

Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu c
ch t chc cu hnh
Web server s dng
phn mm Apache
I. Gii thiu v Web Server.
II. Gii thiu Apache.
III. Cu hnh Web Server.
III. Cu hnh Webhosting.

Bi tp 4.1
(Dch v
Web)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 173/271

I. Gii thiu v Web Server
I.1. Giao thc HTTP
HTTP l mt giao thc cho php trnh duyt Web Browser v servers c th giao tip vi nhau.
N chun ho cc thao tc c bn m mt Web Server phi lm c.
HTTP bt u l 1 giao thc n gin ging nh vi cc giao thc chun khc trn Internet,
thng tin iu khin c truyn di dng vn bn th thng qua kt ni TCP. Do , kt ni
HTTP c th thay th bng cch dng lnh "telnet" chun.
V d:
> telnet www.extropia 80
GET /index.html HTTP/1.0
Cng 80 l cng mc nh dnh cho Web server "lng nghe" cc kt ni c gi n. p
ng lnh HTTP GET , Web server tr v cho client trang "index.html" thng qua phin lm vic
telnet ny, v sau ng kt ni. thng tin tr v di dng code HTML:
<HTML>
<HEAD>
<TITLE>eXtropia Homepage</TITLE>
</HEAD>

</HTML>
Giao thc ch thc thi n gin hai thao thc yu-cu/p-ng (request/response). Mt trong cc
thay i ln nht trong HTTP/1.1 l n h tr kt ni lu di (persistent connection).

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 174/271

Trong HTTP/1.0, mt kt ni phi c thit lp n server cho mi i tng m Browser mun
download. Nhiu trang Web c rt nhiu hnh nh, ngoi vic ti trang HTML c bn, browser
phi ly v mt s lng hnh nh. Nhiu ci trong chng thng l nh hoc ch n thun l
trang tr cho phn cn li ca trang HTML. Thit lp mt kt ni cho mi hnh nh tht l ph
phm, v s c nhiu gi thng tin mng s c lun chuyn gia Web browser v Web server
trc khi d liu nh c truyn v. Ngc li, m mt kt ni TCP truyn ti liu HTML v sau
mi hnh nh s truyn ni tip theo nh th s thun tin hn v qu trnh thit lp cc kt
ni TCP s c gim xung.
I.2. Web Server v cch hot ng
Ban u Web Server ch phc v cc ti liu HTML v hnh nh n gin. Tuy nhin, n thi
im hin ti n c th lm nhiu hn th. u tin xt Web server mc c bn, n ch
phc v cc ni dung tnh. Ngha l khi Web server nhn 1 yu cu t Web browser
:http://www.hcmuns.edu.vn/index.html, n s nh x ng dn ny (Uniform Resource Locator -
URL) thnh mt tp tin cc b trn my Web server. My ch sau s np tp tin ny t a v
a n thng qua mng n Web browser ca ngi dng. Web browser v web server s dng
giao thc HTTP trong qu trnh trao i d liu. Cc trang ti liu HTML l mt vn bn th (raw
text). Chng cha cc th nh dng (HTML tag).
V d:
<html>
<head> <title> WWW </title>
</head>
<body>
<p align=center>
<a href=http://www.hcmuns.edu.vn/><b>Trng i Hc Khoa Hc T Nhin TP.HCM
</b></a>
</b>
</p>
</body>
</html>
Trn c s phc v nhng trang web tnh n gin ny, ngy nay Web Server c pht trin
vi nhiu thng tin phc tp hn c chuyn gia Web Server v Web Browser, trong quan
trng nht c l l ni dung ng (dynamic content). Vi phin bn u tin, Web server hot
ng theo m hnh sau:
- Tip nhn cc yu cu t browsers.
- Trch ni dung t a .
- Chy cc chng trnh CGI .
- Truyn d liu ngc li cho client
- Chy cng nhanh cng tt.
iu ny s s thc hin tt i vi cc Web sites n gin, nhng server s bt u gp phi
vn khi c nhiu ngi truy cp hoc c qu nhiu trang web ng phi tn thi gian tnh
ton cho ra kt qu.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 175/271

V d:
Nu mt chng trnh CGI tn 30 giy sinh ra ni dung, trong thi gian ny Web server c th
s khng phc v cc trang khc na. Do vy, mc d m hnh ny hot ng c, nhng n
vn cn phi thit k li phc v c nhiu ngi trong cng 1 lc. Web server c xu hng
tn dng u im ca 2 phng php khc nhau gii quyt vn ny l: a tiu trnh (multi-
threading) hoc a tin trnh (multi-processing) hoc cc h lai gia multi-processing v multi-
threading.
I.3. Web client
L nhng chng trnh duyt Web pha ngi dng, nh Internet Explorer, Netscape
Communicator.., hin th nhng thng tin trang Web cho ngi dng. Web client s gi yu
cu n Web Server. Sau , i Web Server x l tr kt qu v cho web client hin th cho
ngi dng. Tt c mi yu cu u c x l bi Web Server.
I.4. Web ng
Mt trong cc ni dung ng (thng gi tt l Web ng) c bn l cc trang Web c to ra
p ng cc d liu nhp vo ca ngi dng trc tip hay gin tip.
Cch c in nht c dng ph bin nht cho vic to ni dung ng l s dng Common
Gateway Interface (CGI). C th l CGI nh ngha cch thc Web server chy mt chng trnh
cc b, sau nhn kt qu v tr v cho Web browser ca ngi dng gi yu cu.
Web browser thc s khng bit ni dung ca thng tin l ng, bi v CGI v c bn l mt giao
thc m rng ca Web Server. Hnh v sau minh ho khi Web browser yu cu mt trang Web
ng pht sinh t mt chng trnh CGI.

Mt giao thc m rng na ca HTTP l HyperText Transmission Protocol Secure (HTTPS) dng
bo mt cc cc thng tin nhy cm khi chuyn chng xuyn qua mng
II. Gii thiu Apache
Apache l mt phn mm c nhiu tnh nng mnh v linh hot dng lm Web Server .
- H tr y nhng giao thc HTTP trc y nh HTTP/1.1
- C th cu hnh v m rng vi nhng module ca cng ty th ba
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 176/271

- Cung cp source code y vi license khng hn ch.
- Chy trn nhiu h iu hnh nh Windows NT/9x, Netware 5.x, OS/2 v trn hu ht cc h
iu hnh Unix.
II.1. Ci t Apache
Ta ch cn ci t package httpd-2.0.40-21.i386.rpm (trn Fedora) trong h iu hnh Linux.
#rpm ivh httpd-2.0.40-21.i386.rpm
V tr ci t Apache trong mi trng Linux l /etc/httpd. Trong th mc ny lu gi nhng tp
tin cu hnh ca Apache
II.2. Tm dng v khi ng li Apache
tm dng hay khi ng li apache dng script sau:
# chkconfig httpd on
#/etc/init.d/httpd start/stop/restart
Hoc dng lnh :
# chkconfig httpd on
#service httpd restart
II.3. S chng thc, cp php, iu khin vic truy cp
Khi nhn mt yu cu truy cp ti nguyn, web server s x l nh th no tr kt qu v cho
client. Apache c nhng hng x l khc nhau nh chng thc, cp php v iu khin truy
cp.
II.3.1 Basic Authentication
i vi nhng thng tin cn bo mt, khi c yu cu truy xut thng tin ny, Web Server
phi chng thc nhng yu cu ny c hp l hay khng. Thng thng, thng tin chng thc
bao gm username v password.
+ Nu mt ti nguyn c bo v vi s chng thc. Apache s gi mt yu cu 401
Authentication thng bo cho ngi dng nhp vo username v password ca mnh.
Nhn c yu cu ny, client s tr li 401 n server trong c cha username
v password. Server s kim tra nhng thng s ny khi nhn c. Nu hp l
server s tr v nhng thng tin yu cu, ngc li n s tr v mt thng bo li.
+ Bi v giao thc HTTP l mt tiu chun khng ca ring ai v cng khng thuc mt
quc gia no, cho nn mi yu cu u c xem nh nhau.
+ Username v password bn cung cp ch c tc dng trong ln giao dch ca browser
vi server lc . Nu ln sau truy cp li website ny, bn phi nhp li username
v password.
+ Song song vi tr li 401, ton b thng tin s tr ngc li cho client. Trong nhng
trng hp ring bit, server s cp li cho client mt th chng thc bo v
website. Th ny c gi l realm hay l mt tn chng thc. Browser s lu li
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 177/271

username v password m bn cung cp cng vi realm. Nh th, nu truy cp
nhng ti nguyn khc m c cng realm, username v password th user khng cn
nhp tr li nhng thng tin chng thc. Thng thng, vic lu tr ny ch c tc
dng trong giao dch hin hnh ca browser. Nhng cng c mt vi browser cho
php bn lu chng mt cch c nh bn chng bao gi nhp li username v
password.
Cc bc cu hnh chng thc:
+ Bc 1: to tp tin password, cp quyn truy xut cho tp tin mt khu dng lnh
chmod 755 <tp_tin_mt_khu_c_to__bc_1>
+ Bc 2: cu hnh apache
+ Bc 3: to tp tin group (nu mun chng thc cho nhm)
Bc 1: To tp tin password dng lnh htpasswd, Cch s dng lnh htppaswd theo c php
nh sau:
#htpasswd -c <v_tr_tp_tin_password> <username>
V d:
# htpasswd -c /etc/httpd/conf/passwords rbowen
htpasswd s yu cu bn nhp password, v sau nhp li mt ln na.
New password: mypassword
Re-type new password: mypassword
+ Ty chn c s to mt tp tin password mi. Nu tp tin ny tn ti n s xa ni
dung c v ghi vo ni dung mi. Khi to thm mt ngi dng, tp tin password
tn ti bn khng cn dng ty chn c.
+ <v_tr_tp_tin_password>: thng thng n to ti th mc gc ca apache
Bc 2: Cu hnh s chng thc trn Apache:
<Directory /upload>
EnablePut On
AuthType Basic
AuthName Temporary
AuthUserFile /etc/httpd/conf/passwd
EnableDelete Off
umask 007
<Limit PUT>
require user rbowen sungo
</Limit>
</Directory>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 178/271

+ AuthType: khai bo loi authentication s s dng. Trong trng hp ny l Basic
+ AuthName: t tn cho s chng thc
+ AuthUserFile: v tr ca tp tin password
+ AuthGroupFile: v tr ca tp tin group
+ Require: nhng yu cu hp l c cho php truy cp ti nguyn.
Bc 3: To tp tin group: Nhm to iu kin thun li cho ngi qun tr trong vic qun l s
chng thc, Apache h tr thm tnh nng nhm ngi dng. Ngi qun tr c th to nhng
nhm ngi dng c php truy cp n ti nguyn, thm hay xa nhng thnh vin trong
group ngoi vic chnh sa li tp tin cu hnh apache v khi ng li apache. nh dng ca
tp tin group :
<tn nhm> : user1 user2 user3 user n
V d:
authors: rich daniel allan
Sau khi to tp tin nhm, bn cn cu hnh apache ch ra tp tin nhm ny bng nhng
directive sau :
<Directory /upload>
AuthType Basic
AuthName "Apache Admin Guide Authors"
AuthUserFile /etc/httpd/conf/passwords
AuthGroupFile /etc/httpd/conf/groups
Require group authors
</Directory>
II.3.2 Digest Authentication
Digest authentication cung cp mt phng php bo v ni dung web mt cch lun phin.
Digest authentication c cung cp bi module mod_auth_digest. Vi phng php ny tn
user v mt khu s khng c gi dng plain text m chng c m ha (thng qua thut
ton MD5)
Cu hnh: Tng t nh s chng thc c bn, cu hnh ny cng gm 2 hoc 3 bc sau:
- Bc 1: To file mt khu.
- Bc 2: Cu hnh /etc/httpd/conf/httpd.conf s dng file mt khu bc 1.
- Bc 3: To group file.
Bc 1: To tp tin password dng lnh htdigest c <v_ tr_tp_tin_password> realm
<username>
Bc 2: Cu hnh /etc/httpd/conf/httpd.conf s dng file mt khu
<Directory /upload>
AuthType Digest
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 179/271

AuthName "Private"
AuthDigestFile /usr/local/apache/passwd/digest
AuthDigestGroupFile /usr/local/apache/passwd/digest.groups
Require group admins
</Directory>
Bc 3: To tp tin nhm(bc ny ch thc hin khi ta mun chng thc cho nhm), Cu trc
ca tp tin nhm cng tng t nh tp tin nhm ca basic authentication.
admins: joy danne sue
II.4. iu khin truy cp
Ngoi vic bo mt ni dung ca website bng s chng thc (username v password), apache
cn gii hn vic truy cp ca ngi dng da trn nhng thng tin khc c cp trong
Access Control. S dng directive Allow/Deny cho php/cm vic truy cp ti nguyn da trn
tn my tnh hoc a ch IP.
Allow/Deny Directive:
C php khai bo Allow/Deny nh sau
Allow/Deny from [address]
+ Allow c ngha cho php cc host/network/domain truy xut vo Web server.
+ Deny c ngha cm cc host/network/domain truy xut vo Web server.
+ address l a ch IP/a ch ng mng hay tn my tnh, tn min.
V d:
Deny from 11.22.33.44
Deny from host.example.com
Deny from 192.101.205
Deny from exampleone.com example
Bn s dng Order kt hp gia Allow v Deny trong vic gii hn vic truy cp. Nu th t
ca Order l Deny, Allow th Deny c kim tra trc tin v bt k nhng client no khng ph
hp vi Deny hoc ph hp vi mt Allow th c php truy cp n server. Ngc li, nu th
t ca Order l Allow, Deny th Allow c kim tra trc v bt k client no khng ph hp vi
mt iu kin Allow hoc ph hp vi mt iu kin Deny th b cm truy cp n server.
V d v mt iu khin truy cp t gii hn nht.
<Directory "/usr/web">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 180/271

Satisfy directive:
- Satisfy directive c dng ch ra nhiu tiu chun cn phi c xem xt trong vic bo
mt ni dung website. Satisfy c 2 gi tr l all v any. Mc nh, Satisfy nhn gi tr all, iu
ny c ngha l nu nhiu tiu chun c ch ra th tt c nhng tiu chun ny phi tho
mn th ngi dng mi c php truy cp ti nguyn. Cn gi tr any c ngha l mt trong
nhng tiu chun ny hp l th user c php truy cp n ti nguyn.
- Mt ng dng ca vic s dng access control l gii hn, nhng ngi dng bn ngoi
mng khi truy cp ti nguyn cn phi c username v password cn tt c nhng my tnh
trong mng th khng cn.
<Directory /usr/local/apache/htdocs/sekrit>
AuthType Basic
AuthName intranet
AuthUserFile /etc/httpd/conf/users
AuthGroupFile /etc/httpd/conf/groups
Require group customers
Allow from internal.com
Satisfy any
</Directory>
II.5. Kho st log file trn apache
Apache c nhiu tp tin log khc nhau nhm ghi li nhng hot ng ca Web Server.
Sau y m t tnh nng ca tng tp tin.
File error_log:
L mt tp tin log quan trng nht. Tn v v tr ca n c xt trong ErrorLog directive.
ErrorLog l ni m httpd s gi nhng thng tin nhn dng v bt k nhng li no gp phi
trong qu trnh x l nhng yu cu. Tp tin ny chnh l ni m ta cn xem xt u tin khi gp
phi nhng li khi ng httpd hay nhng thao tc ca server, v n lu nhng thng tin chi tit
v nhng li v cch sa li. nh dng ca tp tin error_log khng b b buc. Ni dung ca file
error_log nh sau:
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration:
/export/home/live/ap/htdocs/test
Ct u tin ch ra ngy gi entry ny c to ra. Ct th 2 ch ra y l entry li. Ct th 3 cho
bit a ch IP ca client to ra li. Tip theo l message c ni dung ch ra rng server c cu
hnh t chi vic truy cp ca client. Tip theo l ng dn ca document m client cn truy
cp.Trong qu trnh kim tra, bn c th theo di error_log mt cch lin tc bng dng lnh sau:
#tail f /var/log/httpd/error_log
File access_log:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 181/271

Access_log l ni ghi li tt c nhng yu cu c x l bi server. V tr v ni dung ca
access log c iu khin bi CustomLog directive. Bn c th dng LogFormat directive trong
vic nh dng ni dung ca tp tin access_log. LogFormat ch ra nhng thng tin m server cn
theo di ghi li trong access log. theo di yu cu x l trn Web Server ta dng lnh:
#tail f /var/log/httpd/access_log
Lun chuyn log file:
Theo thi gian, thng tin lu trong cc tp tin log ln lm cho kch thc ca cc tp tin ny c
th vt qu 1MB. Tht l cn thit khi bn xa hoc di chuyn hay sao lu nhng tp tin log
ny mt cch lun phin v c chu k. Ta c th thc hin nh sau :
mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old
III. Cu hnh Web Server
Cc tp tin v th mc cu hnh ca Apache :
- /etc/httpd/conf: th mc lu gi cc tp tin cu hnh nh httpd.conf.
- /etc/httpd/modules : lu cc module ca Web Server.
- /etc/httpd/logs : lu cc tp tin log ca Apache.
- /var/www/html : lu cc trang Web.
- /var/www/cgi-bin : lu cc script s dng cho cc trang Web.
Tp tin cu hnh Apache c to thnh t nhiu ch dn (directive) khc nhau. Mi dng/mt
on l mt directive v phc v cho mt cu hnh ring bit. C nhng directive c nh hng
vi nhau. Nhng dng bt u bng du # l nhng dng ch thch.
III.1. nh ngha v ServerName
III.1.1 Ch nh mt s thng tin c bn
Cu hnh tn my tnh (hostname) ca server. N c dng trong vic to ra nhng URL
chuyn tip (redirection URL). Nu khng ch ra, server s c gng suy lun t a ch IP ca n.
Tuy nhin, iu ny c th khng tin cy hoc khng tr ra tn my tnh ng. C php khai bo:
ServerName <hostname>
V d:
ServerName www.soft.com
ServerAdmin:
a ch Email ca ngi qun tr h thng
C php :
ServerAdmin <a ch email>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 182/271

V d:
ServerAdmin root@soft.com
ServerType:
Qui nh cch np chng trnh. C hai cch :
+ inetd: chy t h thng.
+ standalone : chy t cc init level.
C php :
ServerType <inetd/standalone>
V d:
ServerType standalone
III.2. Th mc Webroot v mt s thng tin cn thit
Ch nh DocumentRoot: Cu hnh th mc gc lu tr ni dung ca Website. Web Server s
ly nhng tp tin trong th mc ny phc v cho yu cu ca client.
C php :
DocumentRoot <ng_dn_th_mc>
V d:
DocumentRoot /usr/web
Mt yu cu http://www.soft.com s c a vo trang web /usr/web/index.html
ServerRoot: V tr ci t web server.
C php:
ServerRoot <v_tr_th_mc_ci_t_apache>
Mc nh:
ServerRoot /usr/local/apache ( trong Linux l /etc/httpd )
Error log: Ch ra tp tin server ghi vo bt k nhng li no m n gp phi
C php:
ErrorLog <v_tr_tp_tin_log>
V d:
ErrorLog logs/error_log
Nu ng dn v tr khng c du / th v tr tp tin log lin quan n ServerRoot.
DirectoryIndex: Cc tp tin mc nh khi truy cp tn web site.
C php:
DirectoryIndex <danh_sch_cc_tp_tin>
V d:
DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.cgi
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 183/271

III.3. Cu hnh mng
MaxClients: Qui nh s yu cu ti a t cc client c th gi ng thi n server .
C php:
MaxClients <number>
V d:
MaxClients 256
Listen: Qui nh a ch IP hoc Cng m Apache nhn kt ni t Client.
C php:
Listen <Port/IP>
V d:
Listen 80
BindAddress: Qui nh a ch card mng chy Apache trn Server.
C php:
BindAddress <IP/*>
S dng du * c th s dng tt c cc a ch c trn my.
V d:
BindAddress 172.29.7.225
Mc nh l : BindAddress *
TimeOut: quy nh thi gian sng ca mt kt ni (c tnh bng giy).
C php:
TimeOut <time>
V d:
TimeOut 300
KeepAlive: cho php hoc khng cho php Client gi c nhiu yu cu da trn mt kt ni
vi Web Server.
C php:
KeepAlive <On/Off>
V d:
KeepAlive On
MaxKeepAliveRequests: s Request ti a trn mt kt ni (nu cho php nhiu Request trn
mt kt ni).
C php:
MaxKeepAliveRequests <s Request>
V d:
MaxKeepAliveRequests 100
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 184/271

KeepAliveTimeout: qui nh thi gian ch cho mt Request k tip t cng mt Client trn
cng mt kt ni (c tnh bng giy).
C php:
KeepAliveTimeout <time>
V d:
KeepAliveTimeout 15
III.4. Alias
Cung cp c ch nh x ng dn cc b (khng nm trong DocumentRoot) thnh ng dn
a ch URL.
C php:
Alias <ng_dn_http> <ng_dn_cc_b>
V d:
Alias /doc /usr/share/doc
Khi truy cp http://www.soft.com/doc s a vo /usr/share/doc
gii hn vic truy cp ca ngi dng ta c th kt hp vi Directory directive.
V d:
Alias /doc /usr/share/doc
<Directory /usr/share/doc>
AuthType Basic
AuthName intranet
AuthUserFile /etc/httpd/passwd
Require user hally tom
Allow from internal.com
</Directory>
III.5. UserDir
Cho php ngi dng to Home page ca user trn WebServer
Cu hnh:
<IfModule mod_userdir.c>
#UserDir disable
UserDir www ; th mc Web ca user.
</IfModule>
<Directory /home/*/www>

</Directory>
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 185/271

Trong th mc Home Directory ca ngi dng to th mc www. V d /home/nva/www. Khi
c php truy cp t Web Browser c dng: http://www.soft.com/~<tnUser>. V d:
http://www.soft.com/~nva.
Khi ngi dng c gng truy cp n th mc ca mnh c th gp mt message li Forbidden .
iu ny c th l quyn truy cp n home directory ca ngi dng b gii hn. Bn c th gii
hn li quyn truy cp home directory ca ngi dng vi nhng cu lnh nh sau:
chown jack /home/jack /home/jack/www
chmod 750 /home/jack /home/jack/www
III.6. VirtualHost
L tnh nng ca Apache gip ta duy tr nhiu hn mt web server trn mt my tnh. Nhiu tn
cng chia s mt a ch IP gi l named-based virtual hosting, v s dng nhng a ch IP khc
nhau cho tng domain gi l IP-based virtual hosting.
III.6.1 IP-based Virtual Host
VirtualHost da trn IP yu cu nhng server phi c mt a ch IP khc nhau cho mi
virtualhost da trn IP. Nh vy, mt my tnh phi c nhiu interface hay s dng c ch virtual
interface m nhng h iu hnh sau ny h tr. Nu my ca bn c mt a ch IP,
97.158.253.26, bn c th cu hnh mt a ch IP khc trn cng mt card mng nh sau:
ifconfig eth0:1 97.158.253.27 netmask 255.255.255.0 up
Sau ta m t thng tin cu hnh trong file httpd.conf
<VirtualHost *> ; VirtualHost default

DocumentRoot /tmp
ServerName www.domain

</VirtualHost>
<VirtualHost 97.158.253.26> ; VirtualHost cho site1

DocumentRoot /home/www/site1
ServerName www1.domain

</VirtualHost>
<VirtualHost 97.158.253.27>; VirtualHost cho site2

DocumentRoot /home/www/site2
ServerName www2.domain
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 186/271


</VirtualHost>
III.6.2 Named-based Virtual Hosts:
IP-based Virtual Host da vo a ch IP quyt nh Virtual Host no ng truy cp. V th,
bn cn phi c a ch IP khc nhau cho mi Virtual Host. Vi Named-based Virtual Host,
server da vo HTTP header ca client bit c hostname. S dng k thut ny, mt a
ch IP c th c nhiu tn my tnh khc nhau. Named-based Virtual Host rt n gin, bn ch
cn cu hnh DNS sao cho n phn gii mi tn my ng vi mt a ch IP v sau cu hnh
Apache t chc nhng web server cho nhng min khc nhau.
Cu hnh: Tham kho on cu hnh VirtualHost cho www.hcm.vn v www.tatavietnam.hcm.vn,
www.ntc.hcm.vn s dng chung mt IP 172.29.14.150
NameVirtualHost 172.29.14.150
#Virtualhost mc nh
<VirtualHost *>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /tmp
RewriteEngine on
RewriteLogLevel 0
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
<VirtualHost 172.29.14.150>#Virtualhost cho WebServer chnh
ServerAdmin webmaster@dummy-host.example.com
RewriteEngine on
RewriteLogLevel 0
DocumentRoot /var/www/html
ServerName www.hcm.vn
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
<VirtualHost 172.29.14.150>#virtualhost cho host Web Server
tatavietnam
ServerAdmin webmaster@dummy-host.example.com
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 187/271

DocumentRoot /webdata
RewriteEngine on
RewriteLogLevel 0
ServerName www.tatavietnam.hcm.vn
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
<VirtualHost 172.29.14.150>#virtualhost cho host Web Server ntc
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /ntc
RewriteEngine on
RewriteLogLevel 0
ServerName www.ntc.hcm.vn
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 188/271

BI 15
MAIL SERVER
Tm tt
L thuyt: 8 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu c
ch t chc v qun tr
h thng Mail. Cung
cp cho ngi dng
h thng c th s
dng E-mail thng qua
Mail POP Client v
Webmail.
I. Nhng giao thc mail
II. Gii thiu v h thng mail
III. Nhng chng trnh mail v mt
s khi nim
IV. DNS v Sendmail
V. Nhng tp tin cu hnh Sendmail
VI. Tp tin /etc/aliases
VII. Cu hnh Mail Server vi
Sendmail
VIII. Mt s file cu hnh trong
sendmail
IX. Cu hnh POP Mail Server
X. Ci t v cu hnh Webmail -
Openwebmail.
Bi tp 5.1
(Dch v
Mail)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 189/271

I. Nhng giao thc mail
H thng mail c xy dng da trn mt s giao thc sau: Simple Mail Transfer Protocol
(SMTP), Post Office Protocol (POP), Multipurpose Internet Mail Extensions (MIME) v Interactive
Mail Access Protocol (IMAP ), c nh trong RFC 1176 l mt giao thc quan trng c thit
k thay th POP, n cung cp nhiu c ch tm kim vn bn, phn tch message t xa m ta
khng tm thy trong POP. Trong phn ny ta ch qua tm ti ba giao thc SMTP, POP, MIME
trong h thng mail.
I.1. SMTP(Simple Mail Transfer Protocol)
SMTP l giao thc tin cy chu trch nhim phn pht mail. N chuyn mail t h thng mng
ny sang h thng mng khc, chuyn mail trong h thng mng ni b. Giao thc SMTP c
nh ngha trong RFC 821, SMTP l mt dch v tin cy, hng kt ni( connection-oriented)
c cung cp bi giao thc TCP(Transmission Control Protocol ), n s dng s hiu cng
(well-known port) 25. Sau y l danh sch cc tp lnh trong giao thc SMTP.
Tp lnh SMTP
Lnh C php chc nng
Hello HELO <sending-host> Lnh nhn din
SMTP
From MAIL FROM:<from-address> a ch ngi gi
Recipient RCPT TO:<to-address> a ch ngi
nhn
Data DATA Bt u gi
thng ip
Reset RSET Hu b thng
ip
Verify VRFY <string> Kim tra
username
Expand EXPN <string> M rng danh
sch mail
Help HELP [string] Yu cu gip
Quit QUIT Kt thc phin
giao dch SMTP
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 190/271

s dng cc lnh SMTP ta dng lnh telnet theo port 25 trn h thng xa sau gi mail
thng qua c ch dng lnh. K thut ny thnh thong cng c s dng kim tra h thng
SMTP server, nhng iu chnh yu y l chng ta s dng SMTP minh ho lm cch no
mail c gi qua cc h thng khc nhau. Trong v d sau minh ho qu trnh gi mail thng
qua c ch dng lnh SMTP ca Daniel trn my peanut.nuts.com ti almond.nuts.com ca
Tyler.
%telnet almond.nuts.com 25
Trying 172.16.12.1 ...
Connected to almond.nuts.com.
Escape character is '^]'
220 almond Sendmail 4.1/1.41 ready at Tue, 29 Mar 94 17:21:26
EST
helo peanut.nuts.com
250 almond Hello peanut.nuts.com, pleased to meet you
//a ch ngi gi
mail from:<daniel@peanut.nuts.com>
250 <daniel@peanut.nuts.com>... Sender ok
//a ch ngi nhn
rcpt to:<tyler@almond.nuts.com>
250 <tyler@almond.nuts.com>... Recipient ok
//bt u vit ni dung th.
data
354 Enter mail, end with "." on a line by itself
Hi Tyler!
.
250 Mail accepted
//thot ra khi phin giao dch
quit
221 almond delivering mail
Connection closed by foreign host.
Ngoi ra cn c mt s lnh khc nh: SEND, SOML, SAML, v TURN c nh trong RFC 821
l nhng cu lnh tu chn v khng c s dng thng xuyn.
Lnh HELP in ra tm tt cc lnh c thc thi. V d ta dng lnh HELP RSET ch nh cc
thng tin c yu cu khi s dng lnh RSET, Lnh VRFY v EXPN th hu dng hn nhng
n thng b kho v l do an ninh mng bi v n cung cp cho ngi dng chim dng bng
thng mng. V d lnh EXPN <admin> yu cu lit k ra danh sch a ch email nm trong
nhm mail admin. Lnh VRFY ly cc thng tin c nhn ca mt ti khon no , v d lnh
VRFY <mac>, mac l mt ti khon cc b. Trng hp ta dng lnh VRFY <jane>, jane l mt
b danh nm trong file /etc/aliases th gi tr tr v l a ch email c tm thy trong file aliases
ny.
SMTP l h thng phn pht mail trc tip t u n cui(t ni bt u phn pht cho n
trm phn pht cui cng), iu ny rt him khi s dng. hu ht h thng maik s dng giao
thc store and forward nh UUCP v X.400, hai giao thc ny di chuyn mail i qua mi hop, n
lu tr thng ip ti mi hop v sau chuyn ti h thng tip theo, thng ip c chuyn
tip cho ti khi n ti h thng phn pht cui cng.
Trong hnh sau minh ho c hai k thut store and forward v phn pht trc tip ti h thng
mail. a ch UUCP ch nh ng i m mail i qua ti ngi nhn, trong khi a ch mail
SMTP ng l h thng phn pht sau cng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 191/271


Phn pht trc tip(Direct delivery) cho php SMTP phn pht E-mail m khng da vo host
trung gian no. Nu nh SMTP phn pht b li th h thng cc b s thng bo cho ngi gi
hay n a mail vo hng i mail phn pht sau. Bt li ca vic phn pht trc tip(direct
delivery) l n yu cu hai h thng cung cp u cc thng tin iu khin mail, mt s h
thng khng th iu khin mail nh PCs cc h thng mobile nh laptops, nhng h thng ny
thng tt my vo cui ngy hay thng xuyn khng trc tuyn(offline). iu khin nhng
trng hp ny cn phi c h thng DNS c s dng chuyn thng ip ti my ch mail
thay cho h thng phn pht mail trc tip. Mail sau c chuyn t server ti my trm khi
my trm kt ni mng tr li(online), giao thc mng POP cho php thc hin chc nng ny.
I.2. Post Office Protocol
C hai phin bn ca POP c s dng rng ri l POP2, POP3. POP2 c nh ngha trong
RFC 937, POP3 c nh ngha trong RFC 1725. POP2 s dng 109 v POP3 s dng Port
110. Cc cu lnh trong hai giao thc ny khng ging nhau nhng chng cng thc hin chc
nng c bn l kim tra tn ng nhp v password ca user v chuyn mail ca ngi dng t
server ti h thng c mail cc b ca user. Trong khi tp lnh ca POP3 hon ton khc vi
tp lnh ca POP2.
Table 3.3: POP3 Commands
Lnh Chc nng
USER
username
Cho bit thng tin v username cn nhn mail
PASS
password
Password ca username cn nhn mail
STAT Hin th s thng ip cha c c tnh
bng bytes
RETR n Nhn thng ip th n
DELE n Xo thng ip th n
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 192/271

Table 3.3: POP3 Commands
Lnh Chc nng
LAST Hin th thng tin message cui cng.
LIST [n] Hin th kch thc ca thng ip th n
RSET Khng xo tt c thng ip, v quay li thng
ip u tin
TOP n l In ra cc HEADER v dng th n ca thng
ip
NOOP Khng lm g
QUIT Kt thc phin giao dch POP3
Mc d cc cu lnh ca POP3 v POP2 khc nhau nh chng cng thc hin mt chc nng,
sau y l v d v phin giao dch POP3 :
% telnet almond 110
Trying 172.16.12.1 ...
Connected to almond.nuts.com.
Escape character is '^]'.
+OK almond POP3 Server Process 3.3(1) at Mon 15-May-
95 4:48PM-EDT
user hunt
+OK User name (hunt) ok. Password, please.
pass Watts?Watt?
+OK 3 messages in folder NEWMAIL (V3.3 Rev B04)
stat
+OK 3 459
retr 1
+OK 146 octets
The full text of message 1
dele 1
+OK message # 1 deleted
retr 2
+OK 155 octets
The full text of message 2
dele 2
+OK message # 2 deleted
retr 3
+OK 158 octets
The full text of message 3
dele 3
+OK message # 3 deleted
quit
+OK POP3 almond Server exiting (0 NEWMAIL messages
left)
Connection closed by foreign host.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 193/271

II. Gii thiu v h thng mail
Nhng thnh phn trong mt h thng mail Mt h thng mail yu cu phi c t nht hai thnh
phn, n c th nh v trn hai h thng khc nhau hoc trn cng mt h thng, mail server v
mail client. Ngoi ra, n cn c nhng thnh phn khc nh Mail Host, Mail Gateway. S v
mt h thng email y a cc thnh phn:

II.1. Mail gateway
Mt mail gateway l my kt ni gia cc mng dng cc giao thc truyn thng khc nhau hoc
kt ni cc mng khc nhau dng chung giao thc. V d mt mail gateway c th kt ni mt
mng TCP/IP vi mt mng chy b giao thc Systems Network Architecture (SNA).
Mt mail gateway n gin nht dng kt ni 2 mng dng chung giao thc hoc mailer. Khi
mail gateway chuyn mail gia domain ni b v cc domain bn ngoi. Mail gateway cng
kt ni 2 mng dng mailer khc nhau nh hnh v di. Gateway gia 2 giao thc truyn khc
nhau:

II.2. Mail Host
Mt mail host l my gi vai tr my ch mail chnh trong h thng mng. N dng nh thnh
phn trung gian chuyn mail gia cc v tr khng kt ni trc tip c vi nhau.
Mail host phn gii a ch ngi nhn chuyn gia cc mail server hoc chuyn n mail
gateway.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 194/271

Mt v d v mail host l my trong mng cc b LAN c modem c thit lp lin kt PPP
hoc UUCP dung phone line . Mail host cng c th l my ch ng vai tr router gia mng ni
b v mng Internet.
II.3. Mail Server
Mail Server cha mailbox ca ngi dng. Mail Server nhn mail t mail client gi n v a
vo hng i gi n Mail Host. Mail Server nhn mail t Mail Host gi n v a vo
mailbox ca ngi dng. Ngi dng s dng NFS (Network File System) mount th mc
cha mailbox trn Mail Server c. Nu NFS khng c h tr th ngi dng phi login vo
Mail Server nhn th.
Trong trng hp Mail Client h tr POP/IMAP v trn Mail Server cng h tr POP/IMAP th
ngi dng c th c th bng POP/IMAP.
II.4. Mail Client
L nhng h thng m n cho php tp tin mail spool ca user c c thng qua c ch
mount ca NFS th mc /var/mail t mail hub, nu khng c th mc /var/mail th ta phi mount
t ng th mc /var/mail trong tp tin vfstab t server.
II.5. Mt s s h thng mail thng dng
II.5.1 H thng mail cc b
Cu hnh h thng mail n gin gm mt hoc nhiu trm lm vic kt ni vo mt Mail Server.
Tt c mail u chuyn cc b.

II.5.2 H thng mail cc b c kt ni t xa:
H thng mail trong mt mng nh gm mt mail server, mt mail host v mt mail gateway kt
ni vi h thng bn ngoi. Khng cn DNS server

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 195/271


II.5.3 H thng hai domain v mt gateway
Cu hnh di y gm 2 domain v mt mail gateway. Trong cu hnh ny mail server, mail
host, v mail gateway (hoc gateways) cho mi domain hot ng nh mt h thng c lp.
qun tr v phn phi mail cho 2 domain th dch v DNS buc phi c.

III. Nhng chng trnh mail v mt s khi nim
III.1. Mail User Agent (MUA)
MUA : l nhng chng trnh m ngi s dng dng c, son tho v gi mail.
III.2. Mail Transfer Agent (MTA)
MTA : l chng trnh chuyn th gia cc my Mail Hub. Sendmail l mt Mail Transfer Agent
(MTA) dng giao thc SMTP ng vai tr l mt SMTP Server lm nhim v nh tuyn trong
vic phn th . N nhn mail t nhng Mail User Agent (MUA) v nhng MTA khc, sau
chuyn mail n cc MTA trn my khc hay MTA trn my ca mnh. n khng ng vai tr
l mt trm phn th n cho ngi dng, ta phi dng mt chng trnh khc nh POP, IMAP
thc hin vic ny.
III.3. Mailbox
Mailbox l mt tp tin lu tr tt c cc mail ca ngi dng. Trn h thng Unix, khi ta thm
mt ti khon ngi dng vo h thng ng thi s to ra mt mailbox cho ngi dng .
Thng thng, tn ca mailbox trng vi tn ng nhp ca ngi dng. Tp tin ny t trong
th mc /var/spool/mail. Khi c mail gi n cho ngi dng, chng trnh x l mail ca server
cc b s phn phi mail ny vo mailbox tng ng. Trong tp tin mailbox, mi mail bt u
bng dng c t kho From v kt thc bng mt dng trng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 196/271

Khi ngi dng ng nhp vo h thng v s dng mail client nhn mail (hoc telnet trc
tip vo mailserver nhn ), POP Server s vo th mc /var/spool/mail ly mail t mailbox
chuyn cho ngi dng.
Thng thng, sau khi client nhn mail, cc mail trong mail box s b xa. Tuy nhin, ngi dng
cng c th yu cu gi li mail trn mailbox, iu ny thc hin nh vo mt ty chn ca mail
client.
III.4. Hng i (queue)
Cc mail gi i c th c chuyn i ngay hoc cng c th c chuyn vo hng i. C
nhiu nguyn nhn khin mt mail b gi li trong hng i :
- Khi mail tm thi cha th chuyn i c hoc c mt s a ch trong danh sch ngi
nhn cha th chuyn n c vo thi im hin ti.
- Khi ty chn cu hnh phn pht mail c gi tr l True, khi tt c cc mail u b gi li
cho n khi vic phn phi hon tt.
- Khi gi tr DeliverMode(d)bng queue-only hoc defer th tt c cc mail u b gi li trong
hng i.
- Khi s lng tin trnh phn phi b tc nghn vt qu gii hn quy nh bi ty chn
QueueLA(x).
III.5. Alias
Mt s vn phc tp thng gp trong qu trnh phn th l :
- Phn phi n cho cng mt ngi qua nhiu a ch khc nhau.
- Phn phi n nhiu ngi nhng qua cng mt a ch.
- Kt ni th vi mt tp tin lu tr hoc dng cho cc mc ch khc nhau.
- Lc th thng qua cc chng trnh hay cc script.
gii quyt cc vn trn ta phi s dng alias. l s thay th mt a ch ngi nhn
bng mt hay nhiu a ch khc. a ch dng thay th c th l mt ngi nhn, mt danh sch
ngi nhn, mt chng trnh, mt tp tin hay l s kt hp ca nhng loi ny.
Cc thng tin v alias lu trong tp tin aliases. Tp tin ny c sendmail xc nh qua 2 ty
chn trong tp tin cu hnh l ServiceSwitchFile v AliasFile. Ty chn th nht ch ra phng
thc tm kim cc alias(chng hn tm kim trong cc tp tin), ty chn th hai ch ra tp tin
aliases s c s dng.
III.5.1 Tp tin aliases
Cu trc ca tp tin ny l cc dng text. Cc dng trng, cc dng ch thch s b b qua khi
sendmail s dng tp tin ny. Cc dng bt u vi mt khong trng hoc mt khong tab c
xem l tip tc ca dng trn n. Tt c cc dng khc l cc dng m t cc alias. Mi dng
alias c dng nh sau :
Alias: local
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 197/271

Phn local t u dng l mt a ch ngi dng cc b, tip theo l du hai chm (c th
c cc khong trng gia). Nu khng c du hai chm th dng xem nh khng hp l .
Sau du hai chm l phn alias, c th l mt hoc nhiu a ch cch nhau bi du phy,
gia cc a ch c th c khong trng. a ch c th hiu l a ch email, tn mt chng trnh
x l mail, tn tp tin gn mail vo hoc tn ca mt tp tin cha cc a ch khc.
Phn local phi l mt user cc b. Khi sendmail c mt tn local, n s thc hin cc bc
chun ha v thm nh tn . Vic chun ha a ch thc hin bng cch tch ly phn a
ch, chuyn thnh k t thng ri vit li theo rule set 3 v 0 kim tra xem, vi a ch th
c th tm c trm phn phi cc b no khng .
V d: Mt dng alias c ni dung nh sau :
geogre : gw
Sau khi c chun ha v kim tra thy hp l , sendmail s lu li trong c s d liu ca n
thng tin nh sau :
geogre : gw
Khi c th n a ch ca geogre, sendmail vit li a ch theo rule set 3 v 0. Rule set 0
dng chn mt trm phn phi cc b . Ch trong trng hp chn c trm phn phi th
sendmail mi tm mt a ch trong tp tin aliases. Trong trng hp trn, a ch geogre s
c tm v thay th bng a ch gw. Sau sendmail nh du geogre v xem nh a ch ny
gii quyt xong , v thm a ch gw vo danh sch cc ngi nhn. Lc ny gw c xem
nh mt a ch mi v qu trnh chun ha li tip tc din ra. Qu trnh nh trn s din ra cho
n khi khng cn tm c mt a ch mi no na. Sendmail nh du a ch geogre thay v
xa hn l trnh trng hp cc a ch to thnh chu trnh :
geogre : gw
gw : geogre
Nu sendmail pht hin mt chu trnh nh vy, n s thi hi mail . Mt vn c th gp phi
khi to alias l vi cng mt tn ta li to nhiu dng alias.
V d:
staff : bob
staff : geogre
Hai dng ny s gy ra li trng tn v kt qu l dng u c th b b qua.Tuy nhin, vic ny
c th khc phc bng cch m t vo tp tin cu hnh dng ty chn sau:
OAliasFile=dbm:-A /etc/aliasdir/groups
Khi sendmail s t ng ni hai dng trn thnh :
staff : bob, geogre
III.5.2 Cc hnh thc phn phi th thng qua alias
Ta xt phn bn phi ca mt dng alias, phn ny gm c 4 dng nh sau:
- Local: user
- Local: /file
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 198/271

- Local: |program
- Local::incluse:list
Hnh thc local: user
user ch n mt tn, tn ny c th l ch n cui cng hoc c th l phn local ca mt alias
khc. Tuy nhin, nu user l cc b v trc user c du \ th cc alias tip theo ca user
s khng dng n, th s c chuyn n hp th ca user .
Hnh thc local: /file
Thay v phn th n hp th ca user, ta c th ch ra mt tp tin sendmail khi ni dung ca
th vo tip theo phn cui ca tp tin . y , file l tp tin vit th vo.
Hnh thc local:|program:
Mt hnh thc phn th khc na l chuyn th cho mt chng trnh x l khc. Program l
tn chng trnh , ta phi t n trong du ngoc kp(cng vi cc tham s nu c). Khi s
dng hnh thc ny ta nn t tham s cho program v khi sendmail thc hin vic phn th , n
s sp xp cc a ch li v s b ra cc a ch trng lp, lc ny tn program cng c xem l
mt a ch. Vn l nu ta dng mt chng trnh x l th cho nhiu ngi (nhiu dng
alias s dng cng tn program), khi nu khng c tham s cho mi chng sendmail s xem
nh cc a ch trng lp v ch gi li mt, kt qu l mt s ngi s khng nhn c th.
Hnh thc local::include:list: Hnh thc ny, th s c x l v gi n mt danh sch cc
ngi nhn.
III.5.3 Cc alias c bit
Cch vn hnh ca sendmail i hi phi c 2 alias c bit nh ngha trong tp tin aliases, l
Postmaster v MAILDER-DAEMON
Postmaster :
- Chun RFC822 yu cu mi site c 1 alias tn l postmaster. Cc mail gi n postmaster
c chuyn n cho ngi c kh nng gii quyt cc vn v mail. Nu postmaster
khng phi l mt alias hoc mt ngi thc s th sendmail s bo li.
- Trong trng hp mt site khng c mt ti khon thc s mang tn postmaster, bn phi
to mt alias mang tn . Alias ny phi ch n mt hay nhiu ngi thc, mc d n cng
c th ch n cc tp tin lu tr hoc mt chng trnh lc.
MAILDER-DEAMON :
Khi mt mail b li v tr li, a ch ca ngi gi thng bo li thng s ly bng gi tr ca
macro $n v gi tr thng l mailer-daemon. Ngi dng thng v tnh tr li li cc mail
thng bo li, do cn phi c mt alias cho mailer-daemon vi a ch chuyn th tip theo l
postmaster hoc null.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 199/271

III.5.4 Mailing list v forward
Sendmail c th ly danh sch a ch ngi nhn t tp tin aliases hoc t mt tp tin ngoi.
Mt mailing list l tn ca mt user m khi sendmail phn tch ra s tr thnh mt danh sch
ngi nhn. Cc mailing list c th l ni b (c ngi nhn u c trong tp tin alias) hoc
ngoi(danh sch ngi nhn c lit k trong cc tp tin ngoi), hoc c th l kt hp ca hai
loi trn.
Mailing list ni b:
Mt mailing list ni b l mt mc trong tp tin aliases vi phn bn phi c nhiu hn mt ngi
nhn. V d trong tp tin aliases c cc dng sau :
admin : bob, jim, phil
bob : \bob, /u/bob/admin/maillog
admin v bob chnh l 2 mailing list v n c phn tch ra thnh nhiu a ch ngi nhn.
Cc mailing list ni b c th tr nn rt phc tp khi c t chc trn din rng. Mt v d n
gin nh sau :
research : user1,user2
applications: user3, user4
admins: user5, user6
advertising: user7, user8
engineering:research, applications
frontoffice: admin, advertising
everyone: engineering,frontoffice
y, ch c 4 alias u tin (research, applications, admins, advertising) c phn tch thnh
nhng ngi nhn thc s. Ba dng k l s kt hp ca 4 alias trc . V dng cui l
bao hm tt c nhng ngi nhn. Khi s lng mailing list t v khng thng xuyn thay i, ta
c th qun l rt hiu qu bng tp tin aliases. Tuy nhin, khi s lng mailing list kh ln th
vic qun l tp tin aliases s rt kh khn. khc phc kh khn ny, cc mailing list s c
khai bo trong cc tp tin ngoi.
Cc mailing list dng INCLUDE:
K t :include: bn phi ca mt alias bo hiu cho sendmail bit l phi c danh sch ngi
nhn t mt tp tin ngoi. Ch th :include: c vit trong tp tin aliases nh sau :
Localname: :include:/path
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 200/271

Vi /path l ng dn tuyt i n tp tin lu danh sch ngi nhn. Nu /path l ng dn
gin tip th n phi tham chiu n th mc hng i ca sendmail. Trong trng hp sendmail
khng m c tp tin ny n s bo li v b qua tt c nhng ngi nhn c trong tp tin .
Sendmail c tp tin danh sch tng dng mt, cc dng trng hoc cc dng bt u bng k t
# s c b qua. Trn cng mt dng c th c nhiu a ch c phn cch nhau bi du
phy. Bn thn mi a ch c th l mt alias trong tp tin aliases hoc cc loi a ch khc nh
a ch ngi dng, tn chng trnh hoc tn tp tin. Ngoi ra, trong tp tin include c th cha
mt ch th :include khc. Vic c tp tin ngoi c iu khin bng ty chn TimeOut.fileopen
trong tp tin cu hnh. Ty chn ny qui nh thi gian ti a cho php m mt tp tin v bao
gm phn kim tra tnh an ton.
Sendmail kim tra tnh an ton mi khi m mt tp tin. Nu ngi dng lc l root th tt c
cc thnh phn ca ng dn cng s c kim tra. Trong lc kim tra cc thnh phn ca
ng dn, sendmail s in cc li cnh bo khi pht hin cc thnh phn ny c thuc tnh group
hoc world-writable. Sau khi m tp tin, sendmail chuyn ngi dng hin ti thnh ch s hu
ca tp tin . Khi , ngi dng s cung cp cc nh danh uid v gid ca ngi gi khi phn
phi th t hng i. Trong mt s trng hp sau, tp tin :include: s khng c phn phi
bi chng trnh hoc kt ni vo mt tp tin khc :
- Nu ngi s hu tp tin :include: c mt shell m shell khng c khai bo trong th
mc /etc/shells.
- Nu tp tin :include: c thuc tnh world-writable.
- Nu tp tin :include: c thuc tnh greoup-writable v ty chn UnsafeGroupWrites c t
gi tr True
Forwarder:
Chng trnh sendmail cho php mi ngi dng c mt tp tin lu danh sch cc a ch s
nhn mail ca mnh. Tp tin ny c ch nh trong ty chn ForwardPath(J), v n c tn l
.forward nm trong Home Directory ca ngi dng. Trong tp tin .forward ch ra a ch email
cn chuyn mail n.
V d: Ni dung tp tin .forward
nvan@yahoo.com
IV. DNS v Sendmail
DNS v Sendmail l 2 dch v c mi quan h mt thit vi nhau. Sendmail da vo dch v DNS
chuyn mail t mng bn trong ra bn ngoi v ngc li. Khi chuyn mail, Sendmail tm MX
record xc nh my ch no cn chuyn mail n. C php record MX:
[domain name] IN MX 0 [mail server]
V d:
t3h.com. IN MX 0 mailserver.t3h.com.
Mt a ch email thng c dng sau:
username@subdomainsubdomain2.subdomain1.top-level-domain.
Thnh phn bn phi du @ l a ch min. Tn min c th l mt t chc hoc mt vng a l
nao . N phn bit ch hoa v ch thng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 201/271

V. Nhng tp tin cu hnh Sendmail
Sendmail hot ng da trn nhiu tp tin cu hnh khc nhau. Hai tp tin thng thao tc nht
l /etc/aliases v /etc/sendmail.cf. Trong tp tin /etc/sendmail.cf l tp tin cu hnh chnh v
quan trng nht ca sendmail. Sendmail da vo tp tin cu hnh ny x l, phn phi mail
nhn c.
V.1. Tp tin /etc/sendmail.cf
Thng tin cu hnh trong tp tin sendmail.cf. Tp tin ny c cu trc dng text. Ni dung tp tin
c chia thnh 3 nhm thng tin cu hnh chnh:
- Nhm th nht l nhng tham s cu hnh mi trng hot ng ca sendmail. V d cc ty
chn nh: thi gian kt ni, thi gian ti a mt mail trong hng i v cc ng dn
n cc tp tin d liu lin quan cn dng khc.
- Nhm th hai l phn nh ngha cch hot ng ca sendmail nh sendmail nhn chuyn
mail cho min no ,
- Nhm th ba l phn m t cc rule set m ngi dng nh ngha li phng thc x l ca
sendmail nh : a ch ngi gi, ngi nhn v chn cc mailer x l. Tt c nhng rule set
ny u do ngi dng thit lp. C mt s rule set c ngha quan trng nh rule set 0, 1,
2, 3 v 4 s c gii thiu trong phn sau.
Trong tp tin sendmail.cf c nhng k hiu c t nhng thng tin nh sau:
T
kha
ngha C php
# T kho u
dng cho bit
dng ny l dng
ch thch
#[ch thch]
VD: # y l ch thch
M nh ngha mt
mailer(Mail
delivery agent)
Mname,field1=value1
Mprog,P=/bin/sh,FlsD,A=sh c -
$u
D nh ngha mt
macro
DXchuikt : nh ngha macro
X c gi tr l chuikt
(V d
Dxmailbox.hcmuns.edu.vn).
D{Tnmacro}gitr : nh ngha
mt macro tn di. Truy xut
macro ny bng ${Tnmacro}
(V d :
D{REMOTE}vnuhcm.edu.vn)
V nh ngha phin Vn (n l s version)
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 202/271

bn ca tp tin
cu hnh
R nh ngha mt
lut mi
Rlhs rhs ch thch.
(V d : R$+ $:$>22 gi rule set
22)
S Bt u mt rule
set mi
Snn
nn : tn rule set
(V d : S96)
C nh ngha mt
class macro
CXgitr1 gitr2 : nh ngha
mt class macro X vi cc gi tr
l gitri1, gitr2
(V d : Cwlocalhost myhost)
F nh ngha mt
class macro ly
gi tr t mt tp
tin
FX/path/filename : class macro
c tn X ly gi tr t tp tin
filename.
(V d : Fw/etc/mail/host_aliases
O Thit lp mt ty
chn
OXoption ccthams
(V d : OL9 #thit lp log level
l 9)
H nh ngha mt
dng header
H?mailerflag?name:template
(V d : H?F?From:$q
P Thit lp gi tr
u tin ca mail
ty theo loi mail
Pclass=nn
(V d : Pjunk=-100
V.2. Macro
C nhng gi tr ta dng lp li rt nhiu ln trong tp tin cu hnh sendmail.cf. thun li trong
vic s dng gi tr ny, nh tp trung v mt ch d dng chnh sa khi c mt thay i no
, bng cch nh ngha mt macro cho gi tr . Sau , bn s dng macro c nh
ngha ti nhiu v tr trong tp tin sendmail.cf mt cch d dng. Nh gii thiu trn, bn
dng k t c t D nh ngha mt macro.
V d:
DRvnuhcm.edu.vn
D{REMOTE}vnuhcm.edu.vn
Trong :
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 203/271

R v {REMOTE} l tn ca macro c nh ngha
vnuhcm.edu.vn l gi tr ca macro
class macro
Class macro cng tng t nh macro. Tuy nhin class macro khc macro c im l n c
th c nhiu gi tr cng mt lc. nh ngha mt class macro ta dng k t c t C
V d:
CW localhost vnuhcm.edu.vn
C{MY_NAMES} localhost vnuhcm.edu.vn
Trong W v {MY_NAMES} l tn class macro c nh ngha. Chng cng lc c 2 gi tr
localhost v vnuhcm.edu.vn. Mt s macro c sendmail nh ngha sn:
Tn
macro
M t
N Nhn dng li trong message ca ngi gi
V Phin bn ca sendmail
W Tn ngn ca my tnh(short hostname)
J Tn b danh ca my tnh (canonical
hostname)
M Tn min
K UUCP node name
B Ngy theo nh dng RFC1123
V.3. Sendmail macro
File macros ca sendmail c lu trong file /etc/mail/sendmail.mc, trong file ny cha cc ch
dn gip qun tr h thng mail. Mi ch dn ca sendmail.mc thng bt u bng t kha
DOMAIN, FEATURE, or OSTYPE, theo sau cc t kha ny l cc tham s.
V d:
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
Ta c th dng m4 dch t file sendmail.mc thnh file /etc/mail/sendmail.cf
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
V.4. Ty chn (Option)
Trong qu trnh cu hnh sendmail c rt nhiu ty chn m bn cn quan tm. Ty chn c
thit lp bng k t O u dng. Nu tn ty chn ch c mt k t th tn ny s ng lin sau
O v lin sau tn l gi tr ca ty chn. Ngc li nu l tn di, tn ny cch O ng mt
khong trng v gn gi tr cho ty chn bng du =.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 204/271

V d:
OA/etc/aliases #ch ng dn n tp tin aliases
O Timeout.queuereturn=5d # nu mail trong hng i qu 5 ngy, n s b tr li cho ngi
gi.
O QueueDirectory=/var/spool/mqueue #ch ng n th mc hng i
O Timeout.queuewarn=4h #sau 4 gi, nu mail cha chuyn i c th s c mt khuyn co
pht sinh.
V.5. nh ngha cc mailer
Mt mailer c th l mt MTA hoc l Mail Delivery Agent (trm phn th sau cng). Do cc mail
c th c phn n nhiu loi a ch khc nhau(a ch ngi dng, tp tin, chng trnh)
nn ta cn phi nh ngha cc mailer khc nhau lm nhng vic ny.
Vic nh ngha cc mailer l mt vn quan trng v rt cn thit v tt c cc mail cn phi
c chuyn n mt mailer no tip tc i n ngi nhn. Rule set 0 s m nhim vic
chn mt mailer tip theo chuyn mail. V d: mt mail gi cho mt user cc b s c
chuyn n mt mailer cc b t chuyn n hp th ca ngi dng. Ta c th nh
ngha mt mailer bng k t c t M. V d ta nh ngha mt mailer cc b nh sau :
Mlocal, P=/bin/mail, F=lsDFMfSn, S=10, R=20, A=mail d $u
Trong v d trn ta nh ngha mt mailer cc b c tn l local. Nhng thng s cho mailer bao
gm :
- T kha P= : ch ra ng dn n chng trnh s nhn v x l mail
- T kha F= : ch ra cc c ca sendmail dng cho mailer ny.
- T kho S=, R= : ch ra cc rule set s c dng vit li a ch ngi gi v ngi
nhn. Ty theo c im ca tng mailer m ta dng nhng rule set cho thch hp. Hai t
kha ny cng c th c dng vit li a ch trn b th (envelope) v trn header. Khi
ta c th dng S=21/31 cu hnh sendmail dng rule set 21 vit li a ch trn b
th v dng rule set 31 vit li a ch trn header
- T kha A= : dng gi cc tham s cho chng trnh x l mail
- Ngoi ra cn c t kha T= DNS/RFC822/SMTP : dng lit k 3 trng thng tin v
mailer. Trng th nht l loi MTA, y ta dng DNS tm a ch nn trng th nht
c gi tr l DNS. Trng th 2 l loi a ch ngi dng. Trng th 3 l loi thng ip li
s c pht sinh.
V.6. Rule
Rule l phn quan trng trong tp tin cu hnh sendmail.cf. Bn nh ngha mt rule nhm mc
ch vit li mt a ch ny thnh mt a ch khc. K t R c dng nh ngha mt rule.
V d:
RS+<@$*hcmussh.edu.vn.> S#relay$@mailhost-XHNV-22.local$:$1<@$2hcmussh.edu.vn>
Mi rule gm 3 phn, cc phn cch nhau mt hay nhiu tab:
Rlhs rhs comment
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 205/271

Trong :
Lhs gi l phn bn tri ca lut
Rhs gi l phn bn phi ca lut
Hot ng ca mt rule l: nu iu kin lhs tha th rhs s c thc hin, ngc li s b
qua rule v thc hin rule k tip.
V.7. Rule set
Mt tp hp cc rule to thnh mt rule set. K t S dng nh ngha mt rule set. Theo sau S
l mt con s phn bit gia cc rule set v mt rule set kt thc khi gp mt rule set khc.
Mi mt rule set c mt chc nng ring do ngi dng nh ngha. Tuy nhin t rule set 0 n
rule set 5 c sendmail nh ngha trc v chng c nhng chc nng c trng ca mnh.
Rule set Nhim v
0 Kim tra li v chn trm phn th
1 X l a ch ngi gi
2 X l a ch ngi nhn
3 X l trc tt c cc a ch cho
cc rule set khc c c.
4 Vit li a ch di dng bnh
thng (sau tt c nhng x l
rule set 3 v 96 )
5 Rewrite unaliased local users
Rule set 0
Rule set 0 c gi duy nht mt ln khi nhn c mail tch a ch mail thnh 3 phn sau
chn ra mail delivery agent, nh hnh sau :
Rule set 3


Rule set 0 phn gii mt triple
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 206/271

T rule set 1 n rule set 4 c chc nng thay i a ch ngi nhn v ngi gi phn
header, envelope thnh dng chun m sendmail c th s dng c v a ch c th vit
nhiu dng khc nhau nh:
From : address (Full Name and other comments)
From : Full Name <address>
Sau khi c s l bi rule set 3 a ch s c vit di dng chun (b ht full name, ghi ch
v cc du ngoc).

VI. Tp tin /etc/aliases
Tp tin /etc/aliases dng cu hnh alias cho ngi dng. C ngha l mt ngi dng c th
nhn mail vi mt tn b danh khc.
V d: Trong trng hp ta c mt ngi dng cc b l netadmin v ngi dng ny mun
nhn mail thng qua mt tn l quanly, bn s khai bo trong tp tin /etc/aliases nh sau :
quanly: netadmin
Sau thc thi lnh #newaliases
VII. Cu hnh Mail Server vi Sendmail
/etc/sendmail.cf l mt tp tin cu hnh chnh ca sendmail. Khi cu hnh Mail Server vi
sendmail, bn cn quan tm n mt vi tham s quan trng sau:
Cc tham s cn cu hnh Gii thch
Cwlocalhost vnuhcm.edu.vn Cu hnh sendmail
nhn mail cho min
vnuhcm.edu.vn
#Smart relay host
Dsvnuserv.vnuhcm.edu.vn
Cc mail s c
chuyn ln my
vnuserv.vnuhcm.edu.v
n gi i (relay host)
#maximum number of recipients
per SMTP envelope
Gii hn s ngi
nhn i vi mt mail
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 207/271

O MaxRecipientsPerMessage=50
#maximum message size
O MaxMessageSize=3000000
Gii hn kch thc
ti a ca mt mail
(tnh bng byte)
Ngoi ra ta phi cu hnh cho sendmail nhn chuyn mail cho min no bng cch khai bo
chng trong tp tin /etc/sendmail.cf. V d, bn mun chuyn mail cho min vnuhcm.edu.vn. Khi
, bn cu hnh tp tin /etc/mail/access nh sau:
vnuhcm.edu.vn RELAY
Dng khai bo ny nhm mc ch cho php cc client trong min vnuhcm.edu.vn c gi mail
thng qua mail server ny. Bn cnh , n cn c mc ch khc l chng relay ngha l nhng
mail no nm ngoi min ny s khng c mail server ny chuyn i. Sau khi chnh sa tp
tin /etc/aliases, bn cn phi chuyn tp tin t dng vn bn sang dng chun sendmail c th
c c bng lnh sau :
#makemap hash access < access
Khi cu hnh xong cc bc trn ta c th khi ng li sendmail bng mt trong nhng dng
lnh sau :
#chkconfig sendmail on
#/etc/rc.d/init.d/sendmail restart
VIII. Mt s file cu hnh trong sendmail
Thng thng cc file cu hnh ca sendmail c t trong th mc /etc/mail.
VIII.1. File /etc/mail/access
Ch nh cc sendmail s RELAY hoc REJECT cho host hoc network gi th qua mail server.
C php khai bo nh sau:
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.1.16 RELAY
my-site.com RELAY
abc@yahoo.com REJECT
Dng lnh #makemap hash access<acesss chun ha file access text thnh file access.db
VIII.2. File /etc/mail/local-host-names
File /etc/mail/local-host-names hay /etc/mail/sendmail.cw cho php ch nh danh sch cc host
v domain m Mail Server chu trch nhim qun l mail. C php khai bo file local-host-names:
my-site.com
another-site.com
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 208/271

Ta ch nh Mail Server qun l mail cho hai min my-site.com v other-site.com. tuy nhin ta cn
ch nh MX RR trong DNS thng bo cho cc Mail Server khc bit rng Mail Server no chu
trch nhim nhn mail cho min other-site.com.
another-site.com. IN MX 10 mail.my-site.com.
VIII.3. File /etc/mail/virtusertable
Ch nh tp hp cc ch dn c bn h tr cho cc vn nhn th. C php khai bo:
Dng 1: webmaster@another-site.com webmasters
Dng 2: @another-site.com marc
Dng 3: sales@my-site.com sales@another-site.com
Dng 4: paul@my-site.com paul
Dng 5: finance@my-site.com paul
Dng 6: @my-site.com error:nouser User unknown
ngha:
- Dng 1: Tt c cc mail ca webmaster@another-site.com s c gi vo local user:
webmasters
- Dng 2: Tt c cc mail gi vo min other-site.com s c chuyn vo local user: marc
- Dng 3: Tt c cc mail gi vo a ch sales@my-site.com s c gi ti sales@another-
site.com.
- Dng 4,5: Tt c cc mail gi vo mail paul@ my-site.com, finance@my-site.com, s chuyn
vo local user: paul.
- Dng 6: cc mail gi vo domain my-site.com s c thng bo li tr li ngi gi l
nouser User unknown
Dng lnh #makemap hash virtusertable<virtusertable chun ha file virtusertable text thnh
file virtusertable.db
VIII.4. File /etc/mail/mailertable
c s dng chuyn mail ti mt my mail server khc. C php ca file mailertable:
domain smtp:<mailer_address>
V d:
domain.com smtp:mail.newserver.com
domain2.com smtp:[mail.otherserver.com]
Hoc ta c th khai bo mailer nh sau:
.vlth.hcmuns.edu.vn relay:vlth-svr.hcmuns.edu.vn
csc-tata.hcmuns.edu.vn relay:[172.29.8.13]
Khi mail gi vo min csc-tata.hcmuns.edu.vn th mail server s chuyn cho my 172.29.8.13 x
l.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 209/271

Dng lnh #makemap hash mailertable<mailertable chun ha file mailertable text thnh file
mailertable.db
VIII.5. File /etc/mail/domaintable
Khai bo danh sch cc domain tng tng vi domain cc b. H tr trong vic thay i tn
min, khai bo hai hay nhiu tn min tr v cng mt mailbox. C php khai bo nh sau:
olddomain.com newdomain.com
Dng lnh #makemap hash domaintable<domaintable chun ha file domaintable text thnh
file domaintable.db
IX. Cu hnh POP Mail Server
C hai cch ci t POP Server:
Cch 1: Ta cn phi ci t gi tin imap-2002d-3.i386.rpm v trong package ny c cha POP
Server, trong cc a CDROM ca Fedora cha c package ny do ta phi download t site:
http://rpmfind.net. Khi ng POP Server ta dng lnh sau:
#chkconfig pop3 on
#service xinetd restart
Hoc sau khi ta ci t IMAP package xong ta dng lnh setup ->System Services -> IPOP3, sau
dng lnh #/etc/init.d/xinetd restart.
Cch 2: Ci t gi dovecot-0.99.10.5-0.FC2.rpm t CDROM Fedora Core 2, sau ta m file
cu hnh /etc/dovecot.conf thay i cc thng s sau:
protocols = imap imaps pop3 pop3s ; ch nh cc protocol s dng
imap_listen = * ; ch nh trng thi listen trn card mng cho IMAP
pop3_listen = * ; ch nh trng thi listen trn card mng cho POP3
sau thc thi lnh :
#chkconfig dovecot on
#service dovecot restart
X. Ci t v cu hnh Webmail - Openwebmail
Open Webmail l h thng Webmail da trn chng trnh Neomail version 1.14. Open Webmail
c thit k chy trn h thng Unix & Linux cung cp cho ngi dng s dng Mail qua
Web. Trn Linux ta c th download file *.rpm t a ch:
http://openwebmail.org/openwebmail/download/redhat/rpm/release/
http://openwebmail.org/openwebmail/download/redhat/rpm/packages/
Tuy nhin nu ta mun ci t Open Webmail t source code (*.tar.gz) t a ch:
http://openwebmail.org/openwebmail/download/release/
http://openwebmail.org/openwebmail/download/packages/
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 210/271

Ta c th vo Website sau xem tr gip v chng trnh:
http://openwebmail.org/openwebmail/help/en/index.html
X.1. Ci t v cu hnh Open Webmail
X.1.1 Ci t t file nh phn *.rpm
Bc 1: Ta dng lnh rpm ivh package*.rpm
i vi Fedora Core ta cn cc package sau:
- perl-Compress-Zlib-1.33-6.i386.rpm
- perl-suidperl-5.8.3-18.1.i386.rpm
- perl-Text-Iconv-1.2-fc1.i386.rpm
- openwebmail-2.51-1.i386.rpm
i vi phin bn trc ca Linux th ta cn tham kho thm Website
http://openwebmail.org/openwebmail/download/ bit r hn.
Bc 2: i vi Fedora Core yu cu phi c MIME-Base64-3.0 cho nn ta cn ci thm phn
mm ny:
- #tar xzvf MIME-Base64-3.00.tar.gz
- #cd MIME-Base64-3.00/
- #perl Makefile.PL
- #make
- #make install
Bc 3: Thc thi lnh # /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
Bc 4: Sau Open Webmail yu cu thay i thng tin trong file /var/www/cgi-
bin/openwebmail/etc/defaults/dbm.conf
dbm_ext .db
dbmopen_ext .db
dbmopen_haslock no
Bc 5: Thc thi li lnh # /var/www/cgi-bin/openwebmail/openwebmail-tool.pl --init
Bc 6: Truy cp vo a ch http://server/cgi-bin/openwebmail/openwebmail.pl truy xut vo
Webmail Server s dng
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 211/271


Bc 7: Login v s dng OpenWebmail

X.1.2 Mt s thng tin cu hnh c bn
Mi thng tin cu hnh ca Open Webmail nm trong file /var/www/cgi-
bin/openwebmail/etc/openwebmail.conf. Ta cn tham kho cc thng tin cu hnh sau:
releasedate 20050228 #ngy cui cp nht phin bn
domainnames hcm.vn #ch nh tn domain
auth_module auth_unix.pl
mailspooldir /var/spool/mail # ch nh spool mail cho user.
ow_cgidir /var/www/cgi-bin/openwebmail
ow_cgiurl /cgi-bin/openwebmail
ow_htmldir /var/www/data/openwebmail
ow_htmlurl /data/openwebmail
logfile /var/log/openwebmail.log
X.2. Ci t Open Webmail t Source code
Ta download phn mm sau t a ch http://openwebmail.org/openwebmail/download/packages/.
Apache Web server cho php thc thi chng trnh cgi.
- Perl 5.005 or later
- CGI.pm-3.05.tar.gz
- MIME-Base64-3.01.tar.gz
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 212/271

- libnet-1.19.tar.gz
- Digest-1.08.tar.gz
- Digest-MD5-2.33.tar.gz
- Text-Iconv-1.2.tar.gz
- libiconv-1.9.1.tar.gz (required nu h thng khng h tr iconv)
- openwebmail-2.51.tar.gz
Tuy nhin ta cn tham kho a ch sau cp nht thng tin cho hp l chn cc gi trn ti
a ch: http://openwebmail.org/openwebmail/doc/readme.txt. Sau khi ta download xong cc phn
mm trn ta thc hin cc bc nh sau:
Bc 1: Ci phn mm CGI.pm
cd /tmp
tar -zxvf CGI.pm-3.05.tar.gz
cd CGI.pm-3.05
perl Makefile.PL
make
make install
Bc 2: Ci phn mm MIME-Base64
cd /tmp
tar -zxvf MIME-Base64-3.01.tar.gz
cd MIME-Base64-3.01
perl Makefile.PL
make
make install
Bc 3: Ci phn mm libnet
cd /tmp
tar -zxvf libnet-1.19.tar.gz
cd libnet-1.19
perl Makefile.PL (ans 'no' if asked to update configuration)
make
make install
Bc 4: ci phn mm Text-Iconv-1.2
cd /tmp
tar -zxvf libiconv-1.9.1.tar.gz
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 213/271

cd libiconv-1.9.1
./configure
make
make install
cd /tmp
tar -zxvf Text-Iconv-1.2.tar.gz
cd Text-Iconv-1.2
perl Makefile.PL
make
make test
make install
Bc 5: ci t OPENWEBMAIL
Phin bn mi nht ca Open Webmail c cung cp ti Website:
http://openwebmail.org/openwebmail/
1. cd /var/www
tar -zxvBpf openwebmail-X.XX.tar.gz
mv data/openwebmail html/
rmdir data
2. cd /var/www/cgi-bin/openwebmail/etc
Thay i auth_unix.conf t defaults/auth_unix.conf
a. set passwdfile_encrypted to '/etc/shadow'
b set passwdmkdb to 'none'
Thay i openwebmail.conf
t mailspooldir thnh '/var/spool/mail'
t ow_htmldir thnh '/var/www/html/openwebmail'
t ow_cgidir thnh '/var/www/cgi-bin/openwebmail'
t spellcheck thnh /usr/bin/ispell -a -S -w "-" -d
@@@DICTIONARY@@@ -p @@@PDICNAME@@@'
3. Thm thng tin
/var/log/openwebmail.log {
postrotate
/usr/bin/killall -HUP syslogd
endscript
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 214/271

}
Ti file /etc/logrotate.d/syslog ghi nhn log ca openwebmail.log
4. Thc thi lnh /var/www/cgi-bin/openwebmail/openwebmail-tool.pl init
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 215/271

BI 16
PROXY SERVER
Tm tt
L thuyt: 5 tit - Thc hnh: 5 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu c
ch t chc v qun tr
dch v Proxy h
tr chia s kt ni
Internet v thit lp
chnh sch bo mt
cho h thng mng ni
b.
I. Gii thiu Firewall
II. Gii thiu Squid Proxy
II. Cu hnh Squid Proxy
Bi tp 6.1
(Dch v
Proxy)



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 216/271

I. Firewall
Internet l mt h thng m, l im mnh v cng l im yu ca n. Chnh im yu ny
lm gim kh nng bo mt thng tin ni b ca h thng. Nu ch l mng LAN th khng c vn
g, nhng khi kt ni Internet th pht sinh nhng vn ht sc quan trng trong vic
qun l cc ti nguyn qu gi - ngun thng tin - chng vic truy cp bt hp php trong khi vn
cho php ngi c y nhim s dng cc ngun thng tin m h c cp quyn, v phng
php chng r r thng tin trn cc mng truyn d liu cng cng (Public Data Communication
Network). Yu cu xy dng h thng an ninh ngy cng quan trng v nhng l do sau:
- Cc i th cnh tranh lun tm cch ly c mi thng tin ca nhau.
- Cc tay hacker tm cch xm nhp ph hoi h thng mng ni b
I.1. Gii thiu v Firewall
Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng ngn chn, hn ch
ha hon. Trong cng ngh thng tin, Firewall l mt k thut c tch hp vo h thng mng
chng li vic truy cp tri php, bo v cc ngun ti nguyn cng nh hn ch s xm nhp
vo h thng ca mt s thng tin khc khng mong mun. C th hn, c th hiu firewall l
mt c ch bo v gia mng tin tng (trusted network), v d mng intranet ni b, vi cc
mng khng tin tng m thng thng l Internet. V mt vt l, firewall bao gm mt hoc
nhiu h thng my ch kt ni vi b nh tuyn (router) hoc c chc nng router. V mt chc
nng, Firewall c nhim v:
- Tt c cc trao i d liu t trong ra ngoi v ngc li u phi thc hin thng qua
firewall.
- Ch c nhng trao i c cho php bi h thng mng ni b (trusted network) mi c
quyn lu thng qua firewall.
- Cc phn mm qun l an ninh chy trn h thng my ch bao gm :
Qun l xc thc (Authentication): c chc nng ngn cn truy cp tri php vo h thng mng
ni b. Mi ngi s dng mun truy cp hp l phi c mt ti khon (account) bao gm mt
tn ngi dng (username) v mt khu (password).
Qun l cp quyn (Authorization): cho php xc nh quyn s dng ti nguyn cng nh cc
ngun thng tin trn mng theo tng ngi, tng nhm ngi s dng.
Qun l k ton (Accounting Management): cho php ghi nhn tt c cc s kin xy ra lin quan
n vic truy cp v s dng ngun ti nguyn trn mng theo tng thi im (ngy/gi) v thi
gian truy cp i vi vng ti nguyn no c s dng hoc thay i b sung
I.2. Nhng chnh sch Firewall
Bc u tin trong vic cu hnh Firewall l thit lp cc chnh sch:
- Nhng dch v no cn ngn chn.
- Nhng host no cn phc v.
- Mi nhm cn truy xut nhng dch v no.
- Mi dch v s c bo v nh th no.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 217/271

I.3. Cc loi Firewall v cch hot ng
I.3.1 Packet filtering (B lc gi tin)
Loi Firewall ny thc hin vic kim tra s nhn dng a ch ca cc packet t cp php
cho chng lu thng hay ngn chn. Cc thng s c th lc c ca mt packet nh:
- a ch IP ni xut pht (source IP address).
- a ch IP ni nhn (destination IP address).
- Cng TCP ni xut pht (source TCP port).
- Cng TCP ni nhn (destination TCP port).
Loi Firewall ny cho php kim sot c kt ni vo my ch, kha vic truy cp vo h thng
mng ni b t nhng a ch khng cho php. Ngoi ra, n cn kim sot hiu sut s dng
nhng dch v ang hot ng trn h thng mng ni b thng qua cc cng TCP tng ng.
I.3.2 Application gateway
y l loi Firewall c thit k tng cng chc nng kim sot cc loi dch v da trn
nhng giao thc c cho php truy cp vo h thng mng. C ch hot ng ca n da trn
m hnh Proxy Service. Trong m hnh ny phi tn ti mt hay nhiu my tnh ng vai tr Proxy
Server. Mt ng dng trong mng ni b yu cu mt i tng no trn Internet, Proxy
Server s nhn yu cu ny v chuyn n server trn Internet. Khi server trn Internet tr li,
Proxy Server s nhn v chuyn ngc li cho ng dng gi yu cu. C ch lc ca packet
filtering kt hp vi c ch i din ca application gateway cung cp mt kh nng an ton v
uyn chuyn hn, c bit khi kim sot cc truy cp t bn ngoi.
V d: Mt h thng mng c chc nng packet filtering ngn chn cc kt ni bng TELNET vo
h thng ngoi tr mt my duy nht - TELNET application gateway l c php. Mt ngi
mun kt ni vo h thng bng TELNET phi qua cc bc sau:
- Thc hin telnet vo my ch bn trong cn truy cp.
- Gateway kim tra a ch IP ni xut pht ca ngi truy cp cho php hoc t chi.
- Ngi truy cp phi vt qua h thng kim tra xc thc.
- Proxy Service to mt kt ni Telnet gia gateway v my ch cn truy nhp.
- Proxy Service lin kt lu thng gia ngi truy cp v my ch trong mng ni b.
C ch b lc packet kt hp vi c ch proxy c nhc im l hin nay cc ng dng ang
pht trin rt nhanh, do nu cc proxy khng p ng kp cho cc ng dng, nguy c mt an
ton s tng ln.
Thng thng nhng phn mm Proxy Server hot ng nh mt gateway ni gia hai mng,
mng bn trong v mng bn ngoi.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 218/271


ng kt ni gia Proxy Server v Internet thng qua nh cung cp dch v Internet (Internet
Service Provider - ISP) c th chn mt trong cc cch sau:
- Dng modem analog: s dng giao thc SLIP/PPP kt ni vo ISP v truy cp Internet.
Dng dial-up th tc b gii hn, thng l 28.8 Kbps - 36.6 Kbps. Hin nay c modem
analog tc 56 Kbps nhng cha c th nghim nhiu. Phng php dng dial-up qua
modem analog thch hp cho cc t chc nh, ch c nhu cu s dng dch v Web v e-
mail.
- Dng ng ISDN: Dch v ISDN (Integrated Services Digital Network) kh ph bin
mt s nc tin tin. Dch v ny dng tn hiu s trn ng truyn nn khng cn modem
analog, cho php truyn c ting ni v d liu trn mt i dy. Cc knh thu bao ISDN
(ng truyn dn thng tin gia ngi s dng v mng) c th t tc t 64 Kbps n
138,24 Mbps. Dch v ISDN thch hp cho cc cng ty va v ln, yu cu bng thng ln
m vic dng modem analog khng p ng c.
Phn cng dng kt ni ty thuc vo vic ni kt trc tip Proxy Server vi Internet hoc
thng qua mt router. Dng dial-up i hi phi c modem analog, dng ISDN phi c b phi
ghp ISDN ci trn server.

Vic chn la cch kt ni v mt ISP thch hp ty thuc vo yu cu c th ca cng ty, v d
nh s ngi cn truy cp Internet, cc dch v v ng dng no c s dng, cc ng kt
ni v cch tnh cc m ISP c th cung cp.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 219/271

II. Squid Proxy
II.1. Gii thiu Squid
Squid l mt chng trnh internet proxy-caching c vai tr tip nhn cc yu cu t cc client v
chuyn cho Internet server thch hp. ng thi, n s lu ln a nhng d liu c tr v t
Internet server gi l caching. Chng trnh ny dng cu hnh Proxy Server. V vy u
im ca squid l khi mt d liu m c yu cu nhiu ln th Proxy Server s ly thng tin t
cache tr v cho client. iu ny lm cho tc truy xut Internet nhanh hn v tit kim bng
thng. Squid da trn nhng c t ca giao thc HTTP nn n ch l mt HTTP Proxy. Do
Squid ch c th l mt proxy cho nhng chng trnh m chng dng giao thc ny truy cp
Internet.
II.2. Nhng giao thc h tr trn Squid
Squid proxy h tr nhng giao thc sau:
- Proxying and caching of HTTP, FTP, and other URLs.
- Proxying for SSL.
- Cache hierarchies.
- ICP, HTCP, CARP, Cache Digests.
- Transparent caching.
- WCCP - Web Cache Communication Protocol (Squid v2.3 and above).
- Extensive access controls.
- HTTP server acceleration.
- SNMP.
- Caching of DNS lookups.
II.3. Trao i cache
Squid c kh nng chia s d liu gia nhng cache vi nhau. Vic chia s ny mang li nhng
li ch nh :
- User Base: nu s lng client truy cp Internet thng qua proxy cng nhiu th kh nng
mt i tng no c yu cu 2 ln s cao hn.
- Gim ti truy xut (Reduce load) cho ng truyn.
- Disk space: Nu bn chuyn cn bng gia cc cache vi nhau s trnh c vic sao li
d liu lu. Do dung lng a cng dnh cho vic lu tr cache s gim.
II.4. Ci t Squid Proxy
II.4.1 Cc th mc mc nh ca Squid
- /usr/local/squid: th mc ci t squid
- /usr/local/squid/bin: th mc lu binary squid v nhng tool c h tr.
- /usr/local/squid/cache: th mc lu nhng d liu c cache. y l th mc mc nh,
bn c th thay i v tr th mc ny.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 220/271

- /usr/local/squid/etc: nhng tp tin cu hnh squid nm trong th mc ny.
- /usr/local/squid/src: th mc lu source code squid c download t net.
II.4.2 Ci t squid t package rpm
- Khi ci t squid trong h iu hnh Linux, v tr cc th mc mc nh c nhng im khc
sau:
- /usr/sbin: Lu nhng th vin ca Squid .
- /etc/squid: Lu cc tp tin cu hnh squid.
- /var/log/squid: Lu cc tp tin log ca squid.
- Bn dng lnh sau ci squid:
- rpm i squid-version.i386.rpm
II.5. Cu hnh
II.5.1 Tp tin cu hnh
Tt c nhng tp tin cu hnh Squid c lu trong th mc /usr/local/squid/etc (Linux: /etc/squid
). Mt tp tin cu hnh quan trng nht quyt nh s hot ng ca Squid l squid.conf.Trong tp
tin cu hnh ny c 125 tag ty chn, nhng ch c mt s ty chn c cu hnh, v nhng
dng ch thch bt u bng du # . Bn ch cn thay i 8 ty chn c bn l squid hot ng
c. Nhng ty chn cn li bn c th tm hiu thm hiu r nhng tnh nng m Squid h
tr.
II.5.2 Nhng ty chn c bn
Bn cn phi thay i mt s ty chn c bn squid hot ng. Mc nh squid cm tt c
browser truy cp. Sau y l nhng miu t v cc ty chn ny.
http_port: cu hnh cng HTTP m squid s lng nghe nhng yu cu c gi n.
C php: http_port <cng>
Mc nh: http_port 3128. Ta thng thay i cng ny l 8080 v c khai bo nh sau:
http_port 8080
Nhng ty chn nh hng n cache:
Cache_mem ; Ch nh b nh thch hp cho cc i tng (In-Transit objects, Hot
Objects, Negative-Cached objects).
Cache_swap_low ; Ch nh kch thc thp nht ca cache object khi thay th (c tnh
bng % vi vng nh cache)
Cache_swap_high ; Ch nh kch thc cao nht ca cache object khi thay th (c tnh
bng % vi vng nh cache)
ng dn cc tp tin log v th mc cache:
Cache_dir: cu hnh th mc lu tr d liu c cache, Mc nh cache_dir c khai bo
nh sau:
cache_dir /usr/local/squid/cache 100 16 256
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 221/271

Th mc cache c kch thc mc nh l 100Mbps, 16 level-1 subdirectory ca th mc
/usr/local/squid/cache, level-2 subdirectory cho mi level-1.
Cache_access_log: Lu tr cc activity request ca client yu cu n proxy server truy xut
Web.
cache_access_log /var/log/squid/access.log
Cache_log: Lu tr cc thng tin chung v cache.
cache_log /var/log/squid/cache.log
Cache_store_log: Lu tr cc thng tin v i tng c cache trn proxy, thi gian lu tr,
Cache_effective_user, cache_effective_group: ngi dng v nhm c th thay i squid.
V d:
cache_effective_user squid
cache_effective_group squid
Access Control List v Access Control Operators:
Bn c th dng Access Control List v Access Control Operators ngn chn, gii hn vic
truy xut da vo tn min, a ch IP ch(IP ca my hoc mng). Mc nh, squid t chi phc
v tt c. V vy, bn phi cu hnh li tham s ny. C php nh ngha Access List dng tag acl.
acl aclname acltype string1 ..
acl aclname acltype "file" ...
V d: Mt s v d mu v acl
acl aclname src ip-address/netmask ... (clients IP address)
addr1-addr2/netmask ... (range of addresses)
acl aclname srcdomain .foo.com ... # reverse lookup, client IP
acl aclname dst ip-address/netmask ... (URL host's IP address)
acl aclname dstdomain .foo.com ... # Destination server from URL
acl aclname time [day-abbrevs] [h1:m1-h2:m2]
acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL
acl aclname port 80 70 21 ... 0-1024
acl aclname proto HTTP FTP ...
acl aclname method GET POST ...
Th (Tag) iu khin truy xut HTTP (du ! ch ph nh ca aclname)
http_access allow|deny [!]aclname ...
Th (Tag) iu khin truy xut cache_peer
cache_peer_access cache-host allow|deny [!]aclname ...
V D: Bn ch cho php mng 172.16.1.0/24 c dng proxy server bng t kha src trong acl
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 222/271

acl MyNetwork src 172.16.1.0/255.255.255.0
http_access allow MyNetwork.
http_access deny all
Bn cng c th cm cc my truy xut n nhng site khng c php (nhng site c ni
dung ph hp) bng t kha dstdomain trong acl,
V d:
acl BadDomain dstdomain yahoo.com
http_access deny BadDomain
http_access deny all
Nu danh sch cm truy xut n cc site di qu, bn c th lu chng vo mt tp tin dng vn
bn. Ni dung ca tp tin ny l danh sch cc a ch. V d nh sau:
acl BadDomain dstdomain /etc/squid/danhsachcam
http_access deny BadDomain
Theo nh v d trn, tp tin /etc/squid/danhsachcam lu cc a ch khng c php truy xut.
Cc a ch ny c ghi ln lt theo tng dng.
Nu c nhiu acl, ng vi mi acl phi c mt http_access. Xem v d minh ha sau:
acl MyNetwork src 172.16.1.0/255.255.255.0
acl BadDomain dstdomain www.yahoo.com
http_access deny BadDomain
http_access allow MyNetwork
http_access deny all
Nh vy cu hnh trn cho thy proxy server cm cc my truy xut n site www.yahoo.com v
ch c ng mng 172.16.1.0/32 l c php dng proxy. http_access deny all : cm tt c
ngoi nhng truy cp cn li.
Gii hn thi gian truy xut: ta dng acl type kiu l time, trong MTWHF tng ng l th
hai, th ba, th t, th nm, th su.
acl business_hours time MTWHF 9:00-17:00
http_access allow business_hours
Ch nh hostname cho Server: Visible_hostname <hostname> ch nh hostname cho
squid proxy.
Cache_peer: Nu proxy khng kt ni trc tip n internet (khng c a ch IP tht) hoc proxy
nm sau mt firewall th ta phi cu hnh proxy ny truy vn n proxy khc bng tham s:
cache_peer. C php ca cache_peer:
cache_peer hostname type http_port icp_port
type = 'parent','sibling' hoc multicast
V d: Cc trng thnh vin trong HQG khai bo nh sau:
cache_peer vnuserv.vnuhcm.edu.vn parent 8080 8082
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 223/271

Cu hnh trn cho thy, proxy s truy vn n proxy cha vnuserv.vnuhcm.edu.vn vi tham s
parent thng qua cng http_port l 8080 v icp_port l 8082.
Ngoi ra, trong cng mt mng nu c nhiu proxy, bn c th cu hnh cc proxy ny truy vn
ln nhau nh sau:
cache_peer proxy2.vnuhcm.edu.vn sibling 8080 8082
cache_peer proxy3.vnuhcm.edu.vn sibling 8080 8082
sibling: c ngha ch nh proxy khai bo l proxy ngang cp vi proxy hin ti.
II.6. Khi ng Squid
Sau khi ci t v cu hnh squid, bn phi to th mc cache - trc khi khi ng - squid
bng lnh: squid -z. Nu trong qu trnh to tp tin cache b li, bn ch n cc quyn truy
xut th mc cache c khai bo trong tham s cache_dir. C th th mc khng c quyn
c php ghi. Khi , bn phi thay i bng dng lnh sau:
chown squid:squid /var/spool/squid
chmod 770 /var/spool/squid
Sau khi to xong th mc cache, khi ng squid bng lnh :
/usr/local/squid/squid D&
Trong mi trng Linux, bn khng cn phi to cache. Khi khi ng bng script, n s t ng
to cache cho bn:
#chkconfig squid on
#/etc/init.d/squid start/stop/restart

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 224/271

BI 17
Linux Security
Tm tt
L thuyt: 10 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu cc
cng c h tr cch
thit lp Firewall trn
mi trng Linux nh:
iptables, tcp_wrappers.
S dng iptables
thc thi cc k thut
NAT, Routing.
I. Log File
II. Gii hn user
III. Network security
Bi tp 7.1
(Linux
security)











Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 225/271

I. Log File
Mt s file log chnh trong h thng:
- File /var/log/messages: Cha cc thng tin log ca h thng c daemon syslogd ghi nhn.
- File /var/log/secure : cha cc thng tin v login fail, add user,
- File /var/log/wtmp lu cc log v logon/reboot thnh cng vo h thng(ta c th s dng
last tool xem thng tin ny).
- File /var/run/utmp lu cc session hin ti ang logon vo h thng(ta c th dng lnh who,
w xem thng tin ny).
II. Gii hn user
Thng qua tp tin /etc/nologin, ta c th ngn chn vic login ca user trong h thng tr user
root.
Th mc /etc/security/ cho php ngi qun tr c th gii hn user CPU time, kch thc ti a
ca file, s kt ni vo h thng(file /etc/security/limits.conf).
/etc/security/access.conf gii hn vic login ca user v nhm t 1 v tr c th no .
Tham kho v c php ca file /etc/security/limits.conf
<Domain> <type> <item> <value>
Trong :
<domain> :username, groupname(s dng theo c php @groupname)
<type> : hard, soft.
<item>: core, data, fsize,(ta tham kho file /etc/security/limits.conf)
III. Network security
Linux phn chia Network security thnh hai loi chnh:
- Loi 1: host based security
- Loi 2: port based security
III.1. Host Based security
Tcp_wrappers cung cp host based access control list cho nhiu loi network services nh:
xinetd, sshd, portmap,
Tcp_wrappers cung cp hai file cu hnh /etc/hosts.allow v /etc/hosts.deny ngn chn hoc
cho php cc host request n cc dch v trong h thng. C php ca 2 file ny nh sau:
Service : hosts [EXCEPT] hosts
V d:
ALL: ALL EXCEPT .domain.com
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 226/271

III.2. Port based security
Linux kernel cho php thc thi chc nng packet filtering trong h thng thng qua cng c
iptables, ipchains.
III.2.1 Gii thiu v iptables
Iptables do Netfilter organization vit ra tng tnh nng bo mt trn h thng Linux. Iptables
cung cp cc tnh nng sau:
- Tch hp tt vi kernel ca Linux.
- C kh nng phn tch package hiu qu.
- Lc package da vo MAC v mt s c hiu trong TCP Header.
- Cung cp chi tit cc tu chn ghi nhn s kin h thng.
- Cung cp k thut NAT
- C kh nng ngn chn mt s c ch tn cng theo kiu t chi dch v(denial of service
(DoS) attacks)
III.2.2 Ci t iptables
Iptables c ci t mc nh trong h thng Linux, package ca Iptables l iptables-1.2.9-
1.0.i386.rpm, ta c th dung lnh rpm ci t package ny:
Rpm ivh iptables-1.2.9-1.0.i386.rpm
Khi ng iptables v xc nh trng thi ca iptables
Cho php iptables start vo thi im h thng khi ng:
#chkconfig iptables on
start/stop/restart dch v DNS:
#service iptables restart
Xc nh trng thi ca iptables
#service iptables status
III.2.3 C ch x l package trong iptables
Iptables s kim tra tt c cc package khi n i qua iptables host, qu trnh kim tra ny c
thc hin mt cch tun t t entries u tin n entry cui cng.
C ba loi bng trong iptables:
- Mangle table: chu trch nhim bin i quality of service bits trong TCP header. Thng
thng loi table ny c ng dng trong SOHO.
- Filter queue: chu trch nhim thit lp b lc packet(packet filtering), c ba loi built-in
chains c m t thc hin cc chnh sch v firewall (firewall policy rules).
+ Forward chain: Lc packets i qua firewall.
+ Input chain: Lc packets i vo firewall.
+ Output chain: Lc packets i ra firewall.
- NAT queue: thc thi chc nng NAT, cung cp hai loi build-in chains sau y:
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 227/271

+ Pre-routing chain: NATs packets khi destination address ca packet cn thay i (NAT
t ngoi vo trong ni b).
+ Post-routing chain: NATs packets khi source address ca packet cn thay i(NAT tr
trong ra ngoi)
Loi hng i
(Queue
Type)
Chc nng ca
hng i
(Queue
Function)
Thay i packet
trong hng i
(Packet
transformation
chain in Queue)
Chc nng ca Chain(Chain
Function)
Filter Packet filtering FORWARD Cho php packet chuyn qua firewall
(Filters packets to servers accessible
by another NIC on the firewall)
INPUT Filters packets cho nhng gi tin i
vo firewall (destined to the firewall)
OUTPUT Filters packets cho nhng gi tin i
ra firewall (originating from the
firewall)
Nat Network Address
Translation
PREROUTING Qu trnh NAT s thc hin trc
khi thc thi c ch routing. iu ny
thut li trong vic thay i a ch
ch(NAT trong ra ngoi) a ch
ch c th tng thch vi bng
nh tuyn ca firewall, khi cu hnh
ta c th dng t kho DNAT m
t cho k thut ny.
POSTROUTING Qu trnh NAT s thc hin sau qu
trnh nh tuyn. qu trnh ny ng
rng ta khng cn thay i a ch
ch ca packet, ta ch cn thay i
a ch ngun ca packet. K thut
ny c gi l NAT one-to-one
hoc many-to-one. (c gi l
source NAT, hoc SNAT)
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 228/271

Loi hng i
(Queue
Type)
Chc nng ca
hng i
(Queue
Function)
Thay i packet
trong hng i
(Packet
transformation
chain in Queue)
Chc nng ca Chain(Chain
Function)
OUTPUT Trong loi ny firewall thc hin qu
trnh NAT
Mangle Thay i TCP
header
PREROUTING
POSTROUTING
OUTPUT
INPUT
FORWARD
Thay i quality of service bits ca
TCP Header.

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 229/271


S lu chuyn packet trong iptables
III.2.4 Targets v Jumps
Targets l c ch hot ng trong iptables dng nhn din v kim tra packet.
Jump l c ch chuyn mt packet n mt target no x l thm mt s thao tc khc.
Danh sch cc target c xy dng sn trong iptables:
Target M t Nhng tu chn thng dng
ACCEPT iptables chp nhn chuyn data
n ch.

DROP Iptables block packet.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 230/271

Target M t Nhng tu chn thng dng
LOG Thng tin ca packet s gi vo
syslog daemon
iptables tip tc x l lut tip theo
trong bng m t lut.
Nu lut cui cng khng match th
s drop packet.
--log-prefix "string"

(iptables s ghi nhn li nhng
messages bt u bng chui
string).
REJECT Ngn chn packet v gi thng
bo cho sender.
--reject-with qualifier

(qualifier ch nh loi reject
message s c gi li cho ngi
gi. cc loi Qualifiers sau:
icmp-port-unreachable (default)
icmp-net-unreachable
icmp-host-unreachable
icmp-proto-unreachable
icmp-net-prohibited
icmp-host-prohibited
tcp-reset
echo-reply
DNAT Thay i a ch ch ca packet
(rewriting the destination IP
address of the packet)
--to-destination ipaddress

(iptables s thay th a ch ch
bng a ch ipaddress)
SNAT Thay i a ch ngun ca packet --to-source <address>[-
<address>][:<port>-<port>]

(Ch nh a ch ngun v port
ngun s c s dng)
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 231/271

Target M t Nhng tu chn thng dng
MASQUERADE

c s dng thc hin k
thut NAT ( gi mo a ch ngun
vi a ch ca firewall's interface)

[--to-ports <port>[-<port>]]

(Ch nh dy port ngun nh x vi
dy port ban u)

III.2.5 Thc thi lnh trong iptables
Bng m t v iptables command:
Iptables command
Switch
M t(Description)
-t <table> Ch nh bng cho iptables bao gm: filter,
nat, mangle tables.
-j <target> nhy n mt target chain khi packet
tho(ph hp) lut hin ti.
-A a lut vo cui iptables chain.
-F Xo tt c cc lut trong bng la chn
-p <protocol-type> M t cc protocol bao gm: icmp, tcp, udp,
and all
-s <ip-address> Ch nh source IP address
-d <ip-address> Ch nh destination IP address
-i <interface-name> Ch nh "input" interface nhn packet.
-o <interface-name> Ch nh "output" interface.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 232/271


V d:
Firewall chp nhn cho bt k TCP packet i vo interface eth0 n a ch 192.168.1.1
iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.1 -p TCP -j ACCEPT
t Firewall cho TCP packet ta tham kho bng m t sau:
Kho chuyn(Switch) M t(Description)
-p tcp --sport <port> TCP source port:
C th ch nh mt gi tr hoc mt dy gi tr
theo nh dng:
start-port-number:end-port-number
-p tcp --dport <port> TCP destination port
C th ch nh mt gi tr hoc mt dy gi tr
theo nh dng:
starting-port:ending-port
-p tcp --syn Nhn din TCP connection request mi

! --syn khng phi tcp connection request mi.
-p udp --sport <port> UDP source port
C th ch nh mt gi tr hoc mt dy gi tr
theo nh dng:
starting-port:ending-port
-p udp --dport <port> UDP destination port
C th ch nh mt gi tr hoc mt dy gi tr
theo nh dng:
starting-port:ending-port
V d:
Firewall chp nhn TCP packet c nh tuyn khi n i vo interface eth0 v i ra interface
eth1 n ch 192.168.1.58 vi port ngun bt u t 1024 ti 65535 v port ch 80.
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.58 -o eth1 -p TCP
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 233/271

--sport 1024:65535 --dport 80 -j ACCEPT
t Firewall cho ICMP packet ta tham kho bng m t sau:
--icmp-type M t
--icmp-type <type> M t hai loi echo-reply v echo-request
V d: Firewall cho php gi icmp echo-request v icmp echo-reply.
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
V d:
Ch nh s lng yu cu ph hp cho 1 n v thi gian theo nh dng(/second, /minute, /hour,
/day)
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -i eth0 -j ACCEPT
c im gii hn s lng connection ny ta s chng c cc c ch tn cng theo kiu nh
SYN flood attacks v mt s loi tn cng theo kiu tn cng denial of service attack. Mt s
thng s m rng khi m t lut:
Kho chuyn(switch) M t
-m multiport --sport <port, port>

M t nhiu dy sport phi cch nhau
bng du , v dng tu chn m
-m multiport --dport <port, port>

M t nhiu dy dport phi cch nhau
bng du , v dng tu chn m
-m multiport --ports <port, port>

M t dy port phi cch nhau bng du ,
v dng tu chn m
-m --state <state>

kim tra trng thi:
ESTABLISHED: thit lp connection
NEW: bt u thit lp connection
RELATED: thit lp connection th
hai(FTP data transfer, hoc ICMP error)
V d:
Firewall chp nhn TCP packet(m t trong dng 1) t bt k a ch no i vo interface eth0
n a ch 192.168.1.58 qua interface eth1, source port t 1024 ti 65535 v dest port l 80 v
443. Packet tr v(m t trong dng 2) cng c chp nhn t 192.168.1.58
iptables -A FORWARD -s 0/0 -i eth0 -d 192.168.1.58 -o eth1 -p TCP --sport 1024:65535 -m multiport
--dport 80,443 -j ACCEPT
iptables -A FORWARD -d 0/0 -o eth0 -s 192.168.1.58 -i eth1 -p TCP -m state --state ESTABLISHED -
j ACCEPT
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 234/271

III.2.6 S dng Chain t nh ngha
Thay v s dng cc chain c xy dng sn trong iptables, ta c th s dng User Defined
chains nh ngha mt chain name m t cho tt c protocol-type cho packet. Ta c th dng
User Defined Chains thay th chain di dng bng cch s dng chain chnh ch n nhiu chain
con.
V du:
iptables -A INPUT -i eth0 -d 206.229.110.2 -j fast-input-queue
iptables -A OUTPUT -o eth0 -s 206.229.110.2 -j fast-output-queue

iptables -A fast-input-queue -p icmp -j icmp-queue-in
iptables -A fast-output-queue -p icmp -j icmp-queue-out

iptables -A icmp-queue-out -p icmp --icmp-type echo-request
-m state --state NEW -j ACCEPT
iptables -A icmp-queue-in -p icmp --icmp-type echo-reply -j ACCEPT

Chain M t
INPUT Xy dng INPUT chain trong iptables
OUTPUT Xy dng OUTPUT chain trong iptables
fast-input-queue Input chain nhn din cc giao thc v
chuyn packet n protocol trong chain
fast-output-queue Output chain nhn din cc giao thc v
chuyn packet n protocol trong chain
icmp-queue-out Output cho ICMP
icmp-queue-in Input cho ICMP
III.2.7 Lu iptables script
Lnh service iptables save lu tr cu hnh iptables trong file /etc/sysconfig/iptables khi ta
khi ng li h thng th chng trnh iptables-restore s c file script ny v kch hot li
thng tin cu hnh. nh dng ca file ny nh sau:
# Generated by iptables-save v1.2.9 on Mon Nov 8 11:00:07 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [144:12748]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 235/271

-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Nov 8 11:00:07 2004
Trong Fedora ta c th dng lnh sau lu script file cho iptables, #lokkit lu cu hnh iptables
firewall vo trong file /etc/sysconfig/iptables
III.2.8 Phc hi script khi mt script file.
Ta c th thc hin cc lnh sau y phc hi script
# iptables-save > firewall-config
# cat firewall-config
# Generated by iptables-save v1.2.9 on Mon Nov 8 11:00:07 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [144:12748]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Nov 8 11:00:07 2004
Sau sa file firewall-config file, v np li iptables thng qua lnh iptables-restore
# iptables-restore < firewall-config
Cui cng ta dng lnh:
# service iptables save
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 236/271

III.2.9 Load kernel module cn cho iptables
ng dng iptables yu cu load mt s module sau:
- iptable_nat module cho NAT.
- ip_conntrack_ftp module cn cho FTP support
- ip_conntrack module theo di trng thi ca TCP connection.
- ip_nat_ftp module cn cho vic load FTP servers sau NAT firewall.
Nu /etc/sysconfig/iptables file khng h tr load cc module th ta s thm cc m t (statement)
sau vo /etc/rc.local file chy chng sau mi ln khi ng li h thng.
# File: /etc/rc.local
# Module to track the state of connections
modprobe ip_conntrack
# Load the iptables active FTP module, requires ip_conntrack
modprobe ip_conntrack_ftp
# Load iptables NAT module when required
modprobe iptable_nat
# Module required for active an FTP server using NAT
modprobe ip_nat_ftp
III.2.10 Mt s v d v firewall
V d 1:
Cho php truy xut DNS n Firewall:
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT
V d 2:
Cho php WWW v SSH truy xut ti Firewall
#---------------------------------------------------------------
# Allow previously established connections
# - Interface eth0 is the internet interface
#----------------------------------------------------------iptables -A OUTPUT -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
#----------------------------------------------------------
# Allow port 80 (www) and 22 (SSH) connections to the firewall
#----------------------------------------------------------
iptables -A INPUT -p tcp -i eth0 --dport 22 sport 1024:65535 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 -m state --state NEW -j ACCEPT

V d 3: Cho php Firewall truy xut Internet
#-------------------------------------------------------------
# Allow port 80 (www) and 443 (https) connections from the firewall
#-------------------------------------------------------------
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 237/271

iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp -m
multiport --dport 80,443 -m multiport --sport 1024:65535

#-------------------------------------------------------------
# Allow previously established connections
# - Interface eth0 is the internet interface
#-------------------------------------------------------------
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp

Nu ta mun tt c cc TCP traffic bt u t Firewall c chp nhn th ta b dng:
-m multiport --dport 80,443 -m multiport --sport 1024:65535
V d 4: Cho php mng ni b truy xut ti Firewall
# Allow all bidirectional traffic from your firewall to the
# protected network
# - Interface eth1 is the private network interface
#----------------------------------------------------------
iptables -A INPUT -j ACCEPT -p all -s 192.168.1.0/24 -i eth1
iptables -A OUTPUT -j ACCEPT -p all -d 192.168.1.0/24 -o eth1

III.2.11 Khc phc s c trn iptables
Kim tra Firewall Logs

Firewall Logs c ghi nhn vo /var/log/messages file
cho php iptables ghi log vo /var/log/messages ta phi cu hnh nh sau:
#---------------------------------------------------------------
# Log and drop all other packets to file /var/log/messages
# Without this we could be crawling around in the dark
#---------------------------------------------------------------

iptables -A OUTPUT -j LOG
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

Sau y l mt s v d v log output file
Firewall denies replies to DNS queries (UDP port 53) n server 192.168.1.102 trn home network.
Feb 23 20:33:50 bigboy kernel: IN=wlan0 OUT= MAC=00:06:25:09:69:80:00:a0:c5:e1:3e:88:08:00
SRC=192.42.93.30 DST=192.168.1.102 LEN=220 TOS=0x00 PREC=0x00 TTL=54 ID=30485
PROTO=UDP SPT=53 DPT=32820 LEN=200

Firewall denies Windows NetBIOS traffic (UDP port 138)

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 238/271

Feb 23 20:43:08 bigboy kernel: IN=wlan0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:06:25:09:6a:b5:08:00
SRC=192.168.1.100 DST=192.168.1.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=138 DPT=138 LEN=221

Firewall denies Network Time Protocol (NTP UDP port 123)

Feb 23 20:58:48 bigboy kernel: IN= OUT=wlan0 SRC=192.168.1.102 DST=207.200.81.113 LEN=76
TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56
III.2.12 iptables khng khi ng
Khi ta khi ng iptables th ta dng lnh /etc/init.d/iptables start, lc ny iptables gi iptables
startup script trong file /etc/sysconfig/iptables. Do nu file ny khng tn ti hoc b li th
iptables c th khng hot ng c.
Khi ta thay i cu hnh trn iptables th ta phi dng lnh service iptables save lu tr li cc
thng tin cu hnh sau mi tin hnh restart li iptables script file.
V d:
# service iptables start
# touch /etc/sysconfig/iptables
# chmod 600 /etc/sysconfig/iptables
# service iptables save


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 239/271

BI 18
Webmin
Tm tt
L thuyt: 10 tit - Thc hnh: 10 tit.
Mc tiu Cc mc chnh
Bi tp bt
buc
Bi tp lm
thm
Bi hc gii thiu cc
cng c h tr thao tc
lm vic v qun tr h
thng qua
Web nh Webmin,
Usermin

I. Gii thiu Webmin
I. Ci t Webmin
II. Cu hnh Webmin
Bi tp 8.1
(Webmin)


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 240/271

I. Gii thiu Webmin
L ng dng Web h tr cho cng tc qun tr h thng Unix/Linux qua Web, hu ht cc
chng trnh ng dng ca Webmin c Jamie Cameron pht trin. Thng qua Webmin ngi
dng c th logon vo h thng Unix/Linux thc hin cc thao tc qun tr h thng mt cch
bnh thng. Webmin cho php ngi qun tr c th:
- T chc ti khon ngi dng.
- T chc v ci t cc dch v nh: apache, DNS, Mail,
- Cp nht cc thng s cu hnh cho h thng.
- Cu hnh mng.
- Cu hnh hardware.
- Cu hnh Cluster.
- Thc thi lnh trn SHELL.
- Qun tr h thng t xa qua telnet/ssh.
- Qun l h thng tp tin v th mc.
II. Ci t Webmin
II.1. Ci t t file nh phn
Webmin c cung cp min ph ti Website http://www.webmin.com. Ta download package
webmin-1.190-1.noarch.rpm. sau thc hin lnh:
rpm -ivh webmin-1.190-1.noarch.rpm
Tham kho v output sau khi ci t Webmin.
warning: webmin-1.190-1.noarch.rpm: V3 DSA signature: NOKEY,
key ID 11f63c51
Preparing...
########################################### [100%]
Operating system is Redhat Linux Fedora 2
1:webmin
########################################### [100%]
Webmin install complete. You can now login to http://server:10000/
as root with your root password.

II.2. Ci t Webmin t file ngun *.tar.gz
# tar zxvf webmin-0.87.tar.gz
[root@delilah webmin-1.050]# ./setup.sh

Web server port (default 10000):
Login name (default admin): root
Login password:
Password again:
The Perl SSLeay library is not installed. SSL not available.
Start Webmin at boot time (y/n): n
Sau khi ci t hon tt Webmin ta truy xut Server theo a ch: http://delilah.swell:10000/
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 241/271

III. Cu hnh Webmin
III.1. ng nhp vo Webmin Server
Sau khi ci xong Webmin ta c th dng Web Browser truy xut vo Webmin Server
thng qua a ch http://server:10000/

Mn hnh ng nhp
Nhp username : root v mt khu tng ng logon vo h thng

Giao din Webmin
III.2. Cu hnh Webmin
Thay i mt khu cho Webmin Password bng dng lnh:
#/usr/libexec/webmin/changepass.pl /etc/webmin root 123456
Restart Webmin bng dng lnh:
#/etc/webmin/stop
#/etc/webmin/start

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 242/271

Tm hiu file cu hnh Webmin /etc/webmin/miniserv.conf cho php ta thay i mt s thng tin
cu hnh Webmin Server
#ch nh port number
port=10000
root=/usr/libexec/webmin
#ch nh Webmin Type
mimetypes=/usr/libexec/webmin/mime.types
addtype_cgi=internal/cgi
realm=Webmin Server
#ch nh logfile lu tr log cho Webmin
logfile=/var/webmin/miniserv.log
#lu tr error log
errorlog=/var/webmin/miniserv.error
#ch nh pid file
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=
ssl=1
#khai bo bin mi trng lu tr thng tin cu hnh Webmin
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=0
logout=/etc/webmin/logout-flag
#listen port
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
session=1
#ch file lu tr Webmin User
userfile=/etc/webmin/miniserv.users
keyfile=/etc/webmin/miniserv.pem
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
passdelay=1
preroot=mscstyle3
III.3. Cu hnh Webmin qua Web Browser
Sau khi ng nhp vo Webmin Server ta chn biu tng Webmin configuration
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 243/271


Cho php hay cm truy xut Webmin t host no trn mng thng qua IP Access Control.

Allow from all addresses: cho php tt c cc host khc truy xut Webmin.
Only allow from listed addresses: Ch cho php cc host trong ListBox mi c s dng
Webmin(ta c th m t a ch nh sau 172.29.1.0/255.255.255.0 ch nh cho network
address)
Deny from listed addresses: cho php tt c cc host khc c truy xut Webmin nhng cm
cc host nm trong ListBox.
Save: Lu tr li nhng g ta thay i.
Port and Addresses: Cho php hiu chnh Webmin hot ng trn a ch IP v Port, nu ta
mun Webmin hot ng trn cng khc th ta c th vo mc ny hiu chnh li cho ph hp.

Bind to IP address v Listen on port ch nh Webmin listen 10000 ti a ch IP(mc nh Webmin
listen port 10000 trn tt c cc IP ca Server)
Operating System and Environment: Ch nh loi h iu hnh v mt s ng dn chng
trnh

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 244/271


Index Page Options: hiu chnh mn hnh chnh ca thc n Webmin

Chn ngn ng s dng cho Webmin

Chn Webmin Themes hiu chnh giao din s dng cho Webmin nh icons, colours,
background, v cch trnh by Web page cho Webmin.


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 245/271

III.4. Qun l Webmin User

To Webmin User thng qua mc Create a new Webmin user.

Ta nhp username, password, v t mt s quyn hn cho User.
III.5. Webmin cho Users(Usermin)
Vi Webmin c s dng ch yu qun tr h thng. Usermin l mt cng c cung cp cho
user c th s dng h thng qua Web: Usermin c th cung cp cho user:
- s dng mail client qua Web(web-based mail client).
- Qun l Java file applet.
- Cu hnh SSH configuration v client modules
- GnuPG encryption and decryption.
- Mail forwarding.
- Changing passwords
- Cron jobs
- web-based command shell
- Ci t Usermin:
- Ci t bng file nh phn
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 246/271

Trc khi ci Usermin ta phi ci Authen-PAM Perl module
[root@server openwebmail]# rpm -ivh usermin-1.120-1.noarch.rpm
warning: usermin-1.120-1.noarch.rpm: V3 DSA signature:
NOKEY, key ID 11f63c51
Preparing...
########################################### [100%]
Operating system is Redhat Linux Fedora 2
1:usermin
########################################### [100%]
Usermin install complete. You can now login to
http://server:20000/
as any user on your system.
Ci t Usermin thng qua file .tar.gz
# cp usermin-0.6.tar.gz /usr/local
# cd /usr/local
# gunzip usermin-0.6.tar.gz
# tar xf usermin-0.6.tar
# cd usermin-0.6
# ./setup.sh
III.6. S dng Usermin
login vo Usermin Server ta s dng a ch http://server:20000/

Nhp username v password login vo h thng

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 247/271

: h tr cc thao tc v vic s dng mail cho User
(Sau y l v d v s dng Usermin c mail)

h tr user c th s dng command shell, logon script.

h tr cho user s dng mt s ng dng nh SQL, upload v download file

H tr cho user c th xem cu trc file, mount file, hiu chnh lnh,.


Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 248/271

III.7. Cu hnh h thng qua Webmin
Thng qua Webmin ta c th cu hnh cc thng tin trong h thng nh: shutdown/reboot, disk
quota, NFS, User/Groups.

Trong mn hnh trn l mt s cc biu tng ta c th s dng v cu hnh h thng tng
ng qua Webmin.
Cng c Chc nng
Backup Configuration Files H tr backup v restore thng
tin cu hnh h thng.
Bootup and Shutdown Cho php hiu chnh qu trnh
khi ng v dng dch v
Change Passwords Thay i mt khu cho tng
ngi dng.
Disk Quotas Thit lp hn ngch cho ngi
dng.
Disk and Network Filesystems H tr vic mount v umount
filesystem
Filesystem Backup Backup h thng tp tin
LDAP Users and Groups Qun l LDAP user v group
Log File Rotation H tr vic qun l v chuyn
i log file.
PAM Authentication H tr qun l cc thng tin
chng thc cho dch v h
thng.
Running Processes Theo di v qun l cc tin
trnh hot ng trong h thng
Scheduled Commands t lch biu thc thi lnh
Scheduled Cron Jobs Thit lp v qun l cron jobs
Security Sentries Thit lp mt s thng tin bo
mt h thng.
Software Packages H tr ci t, nng cp v
qun l phn mm.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 249/271

SysV Init Configuration To mt script thc thi cho
tng runlevel
System Documentation Tm kim mt s ti liu tr
gip c sn trong h thng.
System Logs Qun l system log file
Users and Groups Qun l ngi dng v nhm
III.8. Cu hnh Server v Daemon
Cng c Server trn Webmin cho php qun tr Server v mt s ng dng ang chy
trong h thng.

Giao din Server trn Webmin:
Cng c Chc nng
Apache Webserver Qun l v cu hnh
WebServer
BIND DNS Server Qun l v cu hnh DNS
Server
CVS Server Qun l version cho h thng
DHCP Server Qun l DHCP Server
Fetchmail Mail Retrieval H tr vic nhn mail t
remote mail server thng qua
mng TCP/IP
Frox FTP Proxy Cu hnh Frox FTP proxy
Jabber IM Server Thit lp v qun l IM Server
h tr cho ngi dng s
dng dch v Chat(one-to-one
chat, multi-user chat)
Majordomo List Manager Qun l Internet Mailing list
MySQL Database Server Qun l h qun tr c s d
liu MySQL.
OpenSLP Server Cu hnh my ch Service
Location Protocol h tr xc
nh s tn ti, v tr v cu
hnh dch v mng trong
enterprise networks
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 250/271

Postfix Configuration Cu hnh Postfix mail server
PostgreSQL Database Server Cu hnh h qun tr c s d
liu PostgreSQL Server
ProFTPD Server Cu hnh FTP server s dng
phn mm ProFTPD Server
Procmail Mail Filter Thit lp b lc th cho cc h
thng mail
QMail Configuration Cu hnh QMail Server
Read User Mail H tr vic c th cho ngi
dng trong h thng
SSH Server Thit lp Server SSH qun
tr h thng t xa
Samba Windows File Sharing Qun l SAMBA Service
Sendmail Configuration Cu hnh Sendmail lm Mail
Server
SpamAssassin Mail Filter Thit lp c ch chng spam
th
Squid Analysis Report
Generator
Theo di v qun l Internet
connection qua Proxy
Squid Proxy Server Cu hnh Proxy Server
WU-FTP Server Cu hnh FTP Server s dng
phn mm WU-FTP
Webalizer Logfile Analysis Qun l v theo di Web log
III.9. Cu hnh mng thng qua Webmin
Cng c Networking trn Webmin h tr qun l v cu hnh mng trn h thng Unix/Linux.


Cng c Chc nng
ADSL Client Cu hnh ADSL Client
Bandwidth Monitoring Qun l v theo di bng
thng s dng trn h thng
mng.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 251/271

Extended Internet Services Qun l v theo di Internet
Services
IPsec VPN Configuration Cu hnh IPsec VPN
Kerberos5 Cu hnh chng thc
Kerberos5
Linux Firewall Cu hnh Linux Firewall dng
IPtable
NFS Exports Export NFS Server
NIS Client and Server Cu hnh NIS Server
Network Configuration Cu hnh mng(thm card
mang, Ip address)
PPP Dialin Server Thit lp RAS Server
PPP Dialup Client Thit lp RAS Client
PPTP VPN Client Thit lp VPN Client
PPTP VPN Server Thit lp VPN Server
SSL Tunnels Thit lp ng ng SSL
Shorewall Firewall L mt high-level Security tool
h tr cu hnh Firewall trong
h thng.
idmapd daemon Cu hnh NFSV4 server v
client
III.10. Cu hnh Hardware trn Webmin
Cung cp mt s cng c h tr vic ci t qun l thng tin cu hnh phn cng trn h thng
Unix/Linux


Cng c Chc nng
CD Burner H tr ghi d liu vo
CDROM
GRUB Boot Loader Hiu chnh v cu hnh grub
loader
Linux Bootup Configuration Cu hnh Lilo boot loader
Linux RAID Thit lp RAID trn Linux
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 252/271

Logical Volume Management Qun l logic Volume
Partitions on Local Disks Qun l cc phn vng a
Printer Administration Qun l my in
SMART Drive Status Theo di SMART Drive
System Time Thit lp v qun l timer cho
h thng.
Voicemail Server Thit lp Voicemail Server
III.11. Linux Cluster trn Webmin
Clustering l mt cng ngh my ch vi kh nng chu li cao cung cp nhng tnh nng
nh: tnh sn sng v kh nng m rng. Cng ngh ny nhm cc server v ti nguyn chung
thnh mt h thng n c kh nng min dch li v tng hiu nng hot ng. Cc my trm
tng tc vi nhm cc server nh th nhm cc server ny l mt h thng n. Nu mt
server trong nhm b h, cc server khc s m trch phn vic ca n. Tham kho cc chc
nng cu hnh Linux Cluster.


Cng c Chc nng
Cluster Change Passwords Thay i mt khu trn Cluster
server
Cluster Copy Files Thc thi c ch sao chp file
gia cc cluster server
Cluster Cron Jobs To Cron Jobs cho cc cluster
server.
Cluster Shell Commands Thc thi Shell Commands trn
cluster server
Cluster Software Packages Qun l package trn cc
cluster server.
Cluster Users and Groups Qun l User v group trn
Cluster Server
Cluster Webmin Servers Qun l Cluster Webmin
Server
Configuration Engine Cu hnh mt engine cho
Cluster
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 253/271

Heartbeat Monitor Theo di ng b gia cc
server.
III.12. Cc thnh phn khc(Others) trn Webmin
Cc thnh phn Others trn Webmin h tr mt s tnh nng nh : Thc thi lnh trn Shell, iu
chnh lnh, Qun l file, bo v th mc Web,


Cng c Chc nng
Command Shell Cho php thc thi lnh
Custom Commands iu chnh v thm mt s
lnh mi trn Webmin
File Manager Qun l file
Perl Modules Qun l perl
Protected Web Directories Bo v th mc Web data
SSH/Telnet Login Login qua t xa bng SSH,
Telnet qua Web.
System and Server Status Qun l v theo di trng thi
ca Server.
Upload and Download Cho php upload v download
file.

Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 254/271

THI CUI HC PHN
I. Cu trc thi
Mn Cu trc thi
Hc phn IV:
H iu hnh
Linux
- Dch v mng
Linux
thi l thuyt
- Thi gian : 60 pht.
- im ti a : 4/10 im.
- Hnh thc thi : Trc Nghim
- Tng s cu : 45 Cu.
- im s chia u cho mi cu: 4/45 =0.089
- Tham kho ti liu : Th sinh khng c tham kho ti
liu.
Ni dung bao gm cc phn sau:
I. Gii thiu v Linux
II. Ci t Linux
III. Qun l h thng tp tin
IV. Ci t phn mm
V. Nhng lnh v tin ch
VI. Qun l user, group v bo mt
VII. Qun l ti nguyn a cng
VIII. Kt ni mng
IX. NFS
X. Samba
XI. Nhng cng c lp trnh v shell script
XII. Tin trnh
XIII. DNS v BIND
XIV. FTP Server - Vsftpd
XV. Web server - Apache
XVI. Mail Server Sendmail
XVII. Proxy Server - Squid
XVIII. Linux security
XIX. Webmin
Thc hnh
- Thi gian : 120 pht.
- im ti a : 6/10 im.
- Hnh thc thi : Thc hnh trc tip trn my.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 255/271

- Tham kho ti liu : Th sinh khng c tham kho ti
liu.
Ni dung bao gm cc phn sau:
- Cu 1 (0.5 im): c ni dung lin quan n h thng tp tin,
hay nhng lnh v tin ch, hay kt ni mng, hay ci t
phn mm, hay tin trnh, nfs.
- Cu 2 (0.5 im): c ni dung lin quan n vic qun l user
v group.
- Cu 3 (0.5 im): c ni dung lin quan n vic quyn hn.
- Cu 4 (1 im): c ni dung lin quan n qun l ti nguyn
a cng hay tin trnh hay samba.
- Cu 5 (1 im): lp trnh shell.
- Cu 6 (2,5 im): c ni dung l 1 trong nhng trng hp
sau:
+ Dch v DNS + Web server
+ Dch v DNS + FTP server
+ Dch v DNS + mail server
+ Dch vu DNS + proxy server
+ Linux Security



Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 256/271

II. thi mu
II.1. thi mu cui mn - H iu Hnh Linux
Thi :
H iu Hnh Linux
Thi gian: 120 pht
Ngy thi : ..../../..
(Hc vin khng c s dng ti liu)
Cu 1(1.)
Cu hnh h thng theo yu cu sau:
- Tn my tnh: ServerXX
- a ch IP: 172.168.10.100+XX
- Subnet Mask: 255.255.255.0
- Ch ci nhng phn mm cn thit.
Cu 2(1.5):
a) Xem trong h thng phn mm Sendmail hay khng? Nu khng hy ci t phn mm
ny. Sau cho bit v tr tt c cc tp tin ca phn mm sendmail(lu tr vo tp tin
/root/sendmailfile)
b) To mt tp tin ipaddress, ni dung tp tin ny ch ra cc cch cu hnh mng trn linux,
dng xem bng routing table v ghi kt qu vo cui tp tin ny.
c) To file backup *.tar cho th mc /etc, sau nn tp tin backup ny thnh file *.tar.gz
lu trong /home, trong th mc /home phc hi tp tin nn trn.
Cu 3(2)
a) To user v group theo yu cu:
Group admins gm cc user admin, admin1, admin2.
Group hocvien gm cc user hv01, hv02.
b) Cp quyn cho nhng user trong group admins c quyn qun tr h thng tng
ng vi user root.
c) To th mc /home/data. Sau cp quyn cho tt c nhng user ch c quyn read
trn th mc ny, ring nhng user trong group hocvien c quyn read, write v execute.
Cu 4(1)
Cu hnh Secondary IP address c a ch IP: 192.168.10.100+XX/24 cho card
mng, xem cu hnh card mng v xut vo tp tin /root/SECIP.
Cu 5(1)
Vit chng trnh kim tra(thng xuyn ) file no nm trong th mc /var/log/, nu
dung lng ca n ln hn 10Mbyte th xo i, nu n ln hn 5M th nn file ny li
thnh file *.gz.
Cu 6(2)
a) Ci t v cu hnh dch v Samba, chia s ti nguyn /usr/soft cho group hocviens c
quyn read, cc user trong nhm admins c ton quyn truy cp ti nguyn ny.
b) Khng cho php nhng my trong ng mng 172.168.11.0 truy cp ti nguyn ny.
c) V dung lng a cng trn server c hn cho nn Anh, Ch hy gii hn mi user ch
c quyn lu tr ti nguyn trn server l 5M.
Cu 7(1.5)
Dng mt trnh tin ch thch hp c sn trn linux thc hin cng vic sau:
a) Xo mt filesytem /thu c sn trong h thng
b) To mi mt filesystem vi dung lng 1000M.
c) nh dng filesystem ny theo kiu ext3 hoc Linux.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 257/271

d) Kt buc t ng (auto mount) vo mount point /soft cho php ngi dng c th s
dng filesystem ny khi logon vo h thng.
e) xem trng thi ca cc filesystem trong h thng, sau kt xut vo file
/root/filesystem.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 258/271

II.2. thi cui mn - Dch V Mng Linux
thi:
Mn : Linux Nng cao
Thi gian: 120 Pht
(hc vin khng c s dng ti liu )
XX l s my ang ngi
Bit rng m hnh kt ni mng ca Cng ty netXX nh sau:











LAN

a ch ng mng trong LAN:172.29.8.0/24
Tn domain: netXX.com.
Yu cu
Ci t RH_LINUX v cc PM sau: BIND, Apache, Samba, Sendmail.
1) Vit chng trnh cho cho bit tng s kt ni ang lng nghe(Listen) ti my cc b v tng
s kt ni ang ESTABLISHED ti port number 8080(1).
2) Cu hnh DNS server cho min netXX.com vi cc yu cu sau(2):
a) Primary name server l serverXX, cc my tnh cc b c th phn gii tn min ra ngoi
internet.
b) Hy to cc record cn thit (SOA, NS, A, CNAME, PTR) cho cc server theo nh s
trn trong cc zone file netXX.com v 8.29.172.in-addr.arpa dng cho phn gii tn thun
v nghch.
c) To MX chuyn mail cho domain chnh.
d) M t slave zone cho domain bn cnh.
3) T chc Web server cho netXX.com vi cc yu cu sau(2):
a) To th mc /data/www. t th mc gc ca Web server l th mc ny. To file HTML
index.html trong th mc gc ca server Web chnh gii thiu v netXX.com. t trang
index.html l trang ch ca Web site v to lin kt t index.html tr n dichvu.html (to
di). Dng Web browser ph hp truy cp vo kim tra a ch webserver cho
netXX.com nh: http://www.netXX.com
b) To th mc /webdata v to b danh (Alias) /data tr n th mc /data/webdata. V y l
th mc cha nhiu ti liu bo mt cho nn A/C ch cho php user net mi c quyn truy
cp vo ti nguyn ny.
c) To WebHosting (s dng NameBaseVirtualHost) cho hai a ch www.tma.netXX.com v
www.psv.netXX.com bit rng /webtma l webroot ca www.tma.netXX.com v th mc
/webpsv l webroot ca www.psv.netXX.com.
4) T chc mail server cho netXX.com vi cc yu cu sau(2):
a) Cu hnh nhn kt ni t mi a ch IP
ServerXX : DNS&Telnet ,
proxy: 172.29.8.200+XX
Server Web&FTP
172.29.8.200+XX
Server Mail 172 29 8 200+XX
ISP
DNS Svr 172.16.1.2
Mailsvr :172.16.2.4
PSTN
Server
Server
Server
Client
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 259/271

i) Domain cc b: netXX.com
ii) My ch smart host(mailgw) : 172.29.8.2
iii) Kch thc message ti a cho php : 3000KByte
b) To cc user cc account mail theo cc yu cu sau:
- ketoan(Nguyn Vn Nguyn, L Thanh Tng, Trn Th Thu Trang).
- giamdoc(V Th Thanh Thu, Th Phong).
- vanphong(Vn Thnh Nhn, Nguyn Th M L ).
- Kinhdoanh(V Th M Yn, Nguyn Hong Nh Nguyn B Phong, Th Phng).
- tiepthi(V Th Be Thu).
- nhanvien(ketoan, vanphong, kinh doanh, tiepthi).
- everyone(nhanvien, giamdoc).
c) Cu hnh mail offline cho min gnt.netXX.com, bit rng account(user: usernet,
password: net) chu trch nhim nhn mail cho min gnt.netXX.com ny.
d) Trong qu qun l dch v mail ta thy rng email: netuser@yahoo.com gi vo server
mail c cha nhiu virus. Bn hy ngn a ch mail ny.
5) T chc proxy server cho h thng cc b vi cc yu cu sau(2):
a) Cu hnh nhn kt ni http t cng 8080 v kt ni icp t cng 8082.
b) t cu hnh sao cho cc my tnh trong lp mng 172.29.8.0/255.255.255.0 c truy cp
Internet.
c) Khai bo proxy ngang hng cho vi my c a ch IP l 172.29.8.220 v proxy cha l
172.29.8.2.
d) Cho php kt ni my trm ch kt ni 10 connection.
e) Cm cc user truy cp vo cc a ch thuc domain yahoo.com v hackers.net.
f) Ch cho php cc host cc b s dng mng trong gi hnh chnh.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 260/271

THI CUI HC PHN
I. Mu thi l thuyt
THI CUI HC PHN IV
PHN L THUYT
Thi gian: 60 pht
(Hc vin khng c s dng ti liu.)
1) Ai l ngi u tin pht trin Linux?
a) Bill Gates
b) Linus Torvalds
c) Linus Tormalds
d) Linux Torvalds
2) Package no sau y c th c s dng thc hin chc nng web caching?
a) Squid
b) Apache
c) Qmail
d) Samba
3) Kernel ca h thng lu trong th mc no?
a) /data
b) /boot
c) /proc
d) /krnl
4) Tn ca tp tin cu hnh c s dng cu hnh dch v http l g?
a) http.conf
b) apache.cfg
c) httpd.conf
d) inet.cfg
5) Bn mun dng tin trnh inetd ngay tc th. N c m tin trnh l 15. Bn dng lnh no sau
y thc hin yu cu trn?
a) Kill -1 15
b) Kill -15 9
c) Kill -9 15
d) Kill -3 15
6) Trong my ch Linux c tin trnh sau:
a) Tin trnh tng tc (interactive processes)
b) Tin trnh thc hin theo l (Batch processes)
c) Tin trnh n trn b nh (Daemon processes)
d) Tt c cc cu trn
7) nh dng m rng no sau y l chun ca Linux?
a) .txt
b) .tar
c) .taz
d) .lnx
8) Trong tp tin /etc/named.conf, ti mun nh ngha mt zone cu hnh Primary Name
Server. Anh/Ch hy chn mt cu ng nht.
a) Zone t3h.com IN {
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 261/271

Type masters;
File t3h.com;
}
b) Zone t3h.com. IN {
Type master;
File t3h.com;
}
c) Zone t3h.com IN {
Type master;
File t3h.com;
}
d) Zone t3h.com IN {
Type master;
File t3h.com
}
9) Mc ch ca shell trong Linux
a) Gip cho ngi dng giao tip vi h iu hnh.
b) Shell c s dng bo v ti nguyn h thng.
c) Shell lu gi nhng user thng thng can thip vo h thng.
d) Tt c cc cu trn u sai.
10) H thng bn c mode mc nh l 666. Bn ch ra gi tr umask l 222, quyn truy cp mc
nh ca tp tin khi to ra l bao nhiu?
a) 444
b) 888
c) 222
d) 666
11) Lnh no sau y c dng to ngi dng c tn susie t du nhc lnh?
a) useradd susie
b) add susie
c) linuxconf add susie
d) addusers susie
12) Cu no sau y gip bn to password cho cho ngi dng c tn susie?
a) addpas susie
b) passwd susie
c) password susie
d) susie passwd
13) Hot ng ca mi dch v trong h thng gn lin vi mt/nhiu port. Trong nhng cu sau
y, cu no ng nht.
a) Web : 80; dns : 52; smtp :110; ftp : 20&21
b) Web : 80; dns : 52; smtp :110; ftp : 22&21
c) Web : 80; dns : 53; smtp :25; ftp : 20&21
d) Web : 80; dns : 53; smtp :110; ftp : 22&21
14) Tp tin thit b i din cho a mm trong Red Hat Linux l tp tin no?
a) /etc/fd0
b) /dev/flp
c) /dev/fl0
d) /dev/fd0
15) Lnh no sau y c dng to ra a boot mm?
a) mkdirdisk
b) mkbootdisk
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 262/271

c) mkbootable
d) mkbootdsk
16) Mun thay i th mc gc ca ftp server. Trong tp tin /etc/ftpaccess bn cu hnh nh sau:
a) Anonymous-root /var/ftpdata
b) Anonymous_root /var/ftpdata
c) Anonymousroot /var/ftpdata
d) Anonymous-root /var/ftpdata
17) V mt l do no , mt ngi dng mun chuyn nhng mail n a ch mail ca mnh sang
mt a ch khc. Khi , ngi qun tr sendmail s thc hin:
a) Trong tp tin alias nh ngha a ch mail mi.
b) Trong th mc /etc to tp tin .forward
c) Trong home directory ca user to tp tin forward
d) Trong home directory ca user to tp tin .forward
18) Lnh no sau y gip bn thay i ngi s hu ca tp tin?
a) change owner
b) file o
c) chown
d) change o
19) Lnh no sau y dng mount mt filesystem c tnh nng read-only?
a) mount
b) mount r
c) mount a
d) mount ro
20) Lnh no sau y c s dng hin th bng partition?
a) fdisk p
b) fdisk t
c) fdisk d
d) fdisk l
21) Nhng file cu hnh ca h thng lu trong th mc no?
a) /config
b) /lib
c) /etc
d) /var
22) RPM vit tt cho t no sau y?
a) RedHat Priority Module
b) Reduced Priority Module
c) RedHat Package Manager
d) RedHat Package Module
23) Bn nghi ng rng c mt tin trnh ang tm dng. Bn s dng lnh no sau y kim tra
iu ny?
a) Process
b) Pc
c) Jobs
d) Susp
24) Lnh no sau y cho php bn copy mt tp tin n mt v tr no nhng tn ti mt file
ging nh vy( ngoi vic thng bo bn phi ghi )
a) mv u
b) mv f
c) mv e
d) mv r
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 263/271

25) Cu trc ca lnh pipe no sau y ng? (lenh lpr dng in n)
a) man ls pipe lpr
b) man ls |
c) man pipe
d) man ls | lpr
26) Bn to mt account c tn jason. Group mc nh ca account ny?
a) everyone
b) domain users
c) jason
d) superuser
27) Bn mun lit k bng cron ca user1. bn lm iu ny nh th no?
a) Cron user1
b) Crontab u user1
c) Cron l user1
d) Crontab d user1
28) Loi ngi dng no lin quan n quyn hn ca mt file hay th mc trong Linux?
a) group
b) owner
c) others
d) a,b,c u ng
29) Shell mc nh ca Red Hat Linux l g?
a) Ksh
b) Sh
c) Bash
d) Csh
30) Cu nh ngha no sau y ng v access list trong squid?
a) acl mydomain srcdomain hcmuns.edu.vn
b) acl mydomain srcdomain 172.29.2.0/24
c) acl mydomain srcdomain 172.29.2.4
d) acl mydomain srcdomain .yahoo.com
31) Nhng partition logic c nh ngha t s my?
a) 1
b) 2
c) 6
d) 5
32) Ngi dng c th gi mail nhng khng th no nhn mail thng qua POP. C th xy ra li
no sau y?
a) Sendmail b li.
b) Sendmail cha c khi ng.
c) Cha ci POP server.
d) Do ng mng.
33) Khi lp trnh shell script, vi a v b l 2 bin s biu thc so snh no sau y ng?
a) [ $a eq $b ]
b) [ $a = $b ]
c) [$a = $b]
d) [ $a=$b ]
34) Mun cho php ti mt thi im ch c 100 kt ni ng thi n Web server. Bn cu hnh
nh sau:
a) Maxclient 100
b) Client 100
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 264/271

c) Clients 100
d) Maxclients 100
35) Khi cu hnh proxy server, bn khai bo http_port l 8081 th nhng browser khai bo port no
sau y c kh nng truy cp internet thng qua proxy
a) 8080
b) 80
c) 8081
d) khng khai bo port
36) Bn cu hnh chng thc nh sau:
<Directory /upload>
AuthType Basic
AuthName public
AuthUserFile /etc/httpd/conf/htpasswd
Require user hv1 hv2
</Directory>
ng hay sai?
a) ng
b) Sai
37) Nhng lnh hay tin ch no sau y dng thay i a ch IP ca my tnh (chn 3 cu
ng)
a) linuxconf
b) ifconfig
c) chnh s tp tin /etc/sysconfig/network-scripts/eth0
d) setup
38) Bn cu hnh web server nhng ch truy cp c theo a ch IP ch khng truy cp c theo
tn www.domain
a) li do web server
b) li do dns
c) li do browser
39) Trong Red Hat Linux 9, tp tin cu hnh dch c ftp l tp tin no sau y?
a) Vsftpd.conf
b) Ftpaccess
c) Ftpd.conf
d) Vfstpd.conf
40) Khi cu hnh web server bn khng cn nh ngha directive ServerName?
a) ng
b) Sai
41) Bn cu hnh quota trong file fstab ng, dng lnh quotacheck v cp quota cho user
nhng quota vn cha thc thi. Ti sao?
a) Cha khi ng li my tnh
b) Quota cha c bt ln
c) Kim tra li file fstab
d) Chy li lnh quotacheck
42) DNS cung cp vic chuyn i no sau y thnh a ch IP?
a) Tn NETBIOS
b) Hostname
c) MAC address
d) CNAME
43) Tp tin /etc/resolv.conf c cu hnh nh sau:
Domain csc.com.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 265/271

Nameserver 172.29.8.1
nh ngha trn ng sai
a) ng
b) Sai
44) Apache h tr virtual host da trn
a) Tn
b) a ch ip
c) tn v a ch IP
d) Khng c h tr virtual host
45) Bn mun lp lch mt cng vic s thc hin vo 2 gi ngy 1 thng 10. Lnh no sau y s
hon thnh iu ny?
a) At 2 4 1
b) At 4 1 2
c) At 2am April 1
d) At April 1 2am










Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 266/271


BNG TR LI
H tn hc vin: ...................................................
Lp : ......................................................................






































HC VIN CHN MC NG CHO MI CU V NH DU VO BNG TR LI

Chn ln u: B chn Chn li b
a b c d
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
a b c d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 267/271

II. Mu thi thc hnh
THI CUI HC PHN IV
PHN THC HNH
Thi gian: 120 pht
(Hc vin khng c s dng ti liu.)

Cu 1 (0,5 im)
a) Tm xem tp tin hosts nm u nhng kt qu khng xut ra mn hnh m xut vo
tp tin /home/hosts.
b) Chn ni dung tp tin /etc/sysconfig/network, /etc/sysconfig/network-scripts/ifcfg-eth0
vo sau ni dung tp tin /home/hosts
c) Copy cc tp tin /etc/passwd, /etc/shadow, /etc/sysconfig/network,
/etc/sysconfig/network-scripts/ifcfg-eth0 vo th mc /home
d) Backup tt c cc tp tin va copy trong th mc /home v tp tin /home/hosts thnh
tp tin c tn data.tar.gzip
Cu 2 (0,5 im)
a) To user v group theo yu cu :
o Group admin gm cc user admin1, admin2.
o Group hocvien gm cc user hv1, hv2.
b) Cp quyn cho nhng user trong group admin c quyn qun tr h thng tng ng
vi user root.
Cu 3 (1,5 im)
a) To th mc /home/pub. Sau cp quyn cho tt c nhng user ch c quyn read trn
th mc ny, ring nhng user trong group admin c quyn read, write v execute.
b) Cu hnh sao cho cc user c th truy cp n th mc /home/pub t Linux hay
windows.
Cu 5 (1 im) Vit chng trnh cho php to user nh sau thay v dng lnh useradd, passwd.
V d: ./taouser nvnguyen
New passwd :
Confirm passwd
Cu 6 (2,5 im)
Gi s bn c mt domain cscXX.edu (xx l s th t ca my . Bn c k hoch cu hnh
Web server.
a) Cu hnh DNS Server (Primary Name Server) cho domain cscXX.edu sao cho m
bo nhng yu cu cc dch v ra.
b) Cu hnh Web Server cho domain name cscXX.edu vi yu cu sau:
Thit k trang web ch cho domain cscXX.edu vi ni dung gii thiu v c
nhn ca mnh nh : H v Tn, Lop,
V tr lu tr website l /home/webdata
Thit k mt trang web c tn index.html vi ni dung ty lu trong th
mc /home/www/data.
Cu hnh web server sao cho ngi dng c th truy cp nhng trang web lu
trong th mc /home/www/data theo ng dn http://www.cscxx.edu/data vi
s chng thc ca user c username l local v password l local
Cu hnh website c nhn cho 2 user nvbinh v natan
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 268/271

c) Ngoi Web Site cho min chnh cscXX.edu. Ta c yu cu mun t chc mt web
hosting cho http://psv.cscXX.edu v http://fpt.cscXX.edu. Hy cu hnh theo yu cu
trn.
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 269/271

THI KIM TRA CHUYN MN GIO
VIN
THI KIM TRA CHUYN MN GIO VIN
Thi gian: ...................

1. Cch nh ngha mt a cng logic trong Linux c khc g so vi Windows.
2. Trong khi ci t Linux bn c th chia 2 primary partition c khng ? (My
khng c h iu hnh no trc). Nhng partition logic trong Linux c nh s
th t t my?
3. Cho bit cy th mc ca Linux. Th mc /etc dng lm g?
4. C my mc khi ng mt h iu hnh Linux?
5. Lit k nhng lnh lin quan n th mc v tp tin nh xa th mc, xa tp tin

6. Gi s th mc /var l mt partition ht dung lng. Nu tm tt cc bc
tng dung lng ca th mc /var m khng lm mt nhng d liu c.
7. Cho mt v d v cch s dng ca du chuyn hng, du ng ng (pipe).
8. Nhng user thng khng phi l root c th c tp tin /etc/shadow hay khng ?
9. Cho bit nhng lnh thng c s dng qun l user v group
10. Nu nhng bc c bn cu hnh quota
11. Bn c th chnh s a ch IP hay cu hnh mng theo nhng cch no?
12. Dng lnh hostname thay i tn my tnh. Khi khi ng li my th tn my
nh th no? Ngoi cch dng lnh bn cn cch no thay i tn my tnh?
13. Trnh by cc bc cu hnh mt DHCP Server.
14. Trong Linux c my loi tin trnh? a mt tin trnh t hu cnh sang tin
cng bn dng lnh g?
15. Bn mun hy mt tin trnh khng c iu kin, dng lnh g?
16. H samba gm nhng g? File cu hnh samba chia lm my phn. Mun chia s
mt th mc /public cho mi user ch c quyn read bn lm nh th no?
17. Dch v DNS dng lm g? C my loi DNS server
18. FQDN vit tt cho t no. Cho v d.
19. Mun cu hnh mt Pimary Name Server bn cn lm nhng bc no?
20. Cho bit trnh t phn gii tn webserver.csc.hcmuns.edu.vn.
21. Thuc tnh forward dng lm g?
22. C s d liu ca Secondary Name Server c t u. Da vo u m
Secondary cp nht thng tin khi Primary c s thay i. V n cp nht bao lu
mt ln.
23. Bn khi ng dch vu DNS v b bo li. Bn phi lm g sa li ny dch
v DNS khi ng c.
24. T mt my client bn dng tin ch nslookup kim tra vic phn gii tn my
tnh thnh a ch IP v ngc li, nhng khng phn gii c. Bn on xem c
th xy ra nhng li no?
25. Bn c bit trong RedHat Linux 9, cu hnh ftp server bn dng package c tn l
g?
26. Mun cho user anonymous c truy cp n ftp server v c upload v to
th mc trn server. Nhng thuc tnh chnh no trong file cu hnh gip bn thc
hin iu ny?
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 270/271

27. cu hnh mt apache web server hot ng mc c bn nht, bn quan tm
n nhng directive no?
28. cho php mi user trong mng c th to ra website c nhn ca mnh bn cn
phi lm g m bo user truy cp c.
29. C mt trang web no m khi user truy cp n i hi phi nhp vo
username v password hp l mi c xem ni dung. Trong apache bn lm
cch no thc hin yu cu ny
30. Bn c mt domain l csc.hcmuns.edu.vn. Bn mun t chc web server cho
domain ny. V ngoi ra bn mun t chc thm 2 domain
tata.csc.hcmuns.edu.vn v gnt.csc.hcmuns.edu.vn. Bn phi lm g p ng
nhu cu ny (Nu tm tt)
31. Trnh by cc bc cu hnh mt mail server cc b bng sendmail sao cho cc
user trong mng c th trao i mail qua li vi nhau.
32. My tnh ca bn khng c kt ni ra ngoi Internet nhng c kt ni n mt my
tnh khc c kt ni Internet. Bn lm cch no cu hnh my tnh ca mnh l
mt squid proxy server. (Lit k nhng thuc tnh trong file cu hnh m mnh s
s dng)
33. Vit mt shell script tnh din tnh ca mt hnh ch nht
Hng dn ging dy


Hc phn 4 - Chng ch qun tr mng Linux Trang 271/271

Phn lm bi ca gio vin:
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------

You might also like