docker deploying privatized images

VM network configuration

  1. Edit - Network Editor
  2. VMNet8 configuration

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-aee5kscm-1632631029403) (C: \ users \ KIF \ appdata \ roaming \ typora \ user images \ image-20201014171414609. PNG)]

  1. Network drive configuration

    [the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-ssg1xror-1632631029407) (C: \ users \ KIF \ appdata \ roaming \ typora \ user images \ image-20201014171546058. PNG)]

  2. Select vmnet8 for virtual machine network card

  3. Modify the CentOS configuration file in the virtual machine

    #Modify the CentOS configuration file in the virtual machine
    
    cd /etc/sysconfig/network-scripts
    
    #Modify configuration file vim ifcfg-ens33
    
    TYPE="Ethernet"
    PROXY_METHOD="none"
    BROWSER_ONLY="no"
    BOOTPROTO="dhcp"
    DEFROUTE="yes"
    IPV4_FAILURE_FATAL="no"
    IPV6INIT="yes"
    IPV6_AUTOCONF="yes"
    IPV6_DEFROUTE="yes"
    IPV6_FAILURE_FATAL="no"
    IPV6_ADDR_GEN_MODE="stable-privacy"
    NAME="ens33"
    UUID="cc62cca3-e1cc-4333-90fe-a5ca53af9458"
    DEVICE="ens33"
    ONBOOT="yes"
    BOOTPROTO="static"
    IPADDR="192.168.80.100" 
    NETMASK="255.255.255.0"
    GATEWAY="192.168.80.1"
    DNS1="8.8.8.8"
    
    
    

6. Restart the network

#Turn off firewall

systemctl disable firewalld
systemctl stop firewalld

systemctl restart network.service

#View network port
ifconfig
#Test network
ping www.baidu.com

Mount partition

View current disk status
df -h
View partition status
fdisk -l
Partition the newly added disk:
fdisk /dev/sda

m

p

n

p

p

w

Restart the virtual machine and format the new partition

# reboot

Initialize the partition you just created

# pvcreate /dev/sda4

format partition

mkfs.ext4 /dev/sda4

mount

mount /dev/sda4 /data

mv /var/lib/docker /data/docker

ln -s /data/docker /var/lib/docker

df -h

##docker installation

#Download Dcoker's dependent environment
yum -y install yum-utils device-mapper-persistent-data lvm2

#Specify Docker image source
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#Install Docker
yum makecache fastyum -y install docker-ce

yum install docker-ce -y


#Start Docker and test
#After the installation is successful, you need to start it manually, set it to startup, and test Docker
#Start docker service
systemctl start docker
#Set automatic startup
systemctl enable docker

#docker image
http://hub.daocloud.io/

##docker image operation

#Pull the image from the central warehouse to the local docker pull Image name[:tag]#
docker pull daocloud.io/library/tomcat:8.5.15-jre8
#View the locally installed image information, including ID, name, version, update time and size
docker images
#The image will occupy disk space and can be deleted manually. The identification can be obtained by viewing
docker rmi Identification of the mirror
#If the image can be transmitted through the hard disk for network reasons, although it is not standardized, it is effective, but the image name and version exported in this way are null,Manual modification required#Export local mirror
docker save 2984dc2e4fe3 > /data/iso/kif.tar
#Over 4G
cat kif.tar | split -b 2G - kif.tar.

sz kif.tar.a*

Combined use spilt Split file 
   # cat kif.tar.aa  kif.tar.ab  kif.tar.ac >>kif.tar

#Load local image file docker load -i image file
#Modify image file
docker tag image id New image name: version

##docker container operation

#View all containers
docker ps -a
#Delete all containers
docker rm $(docker ps -qa)

#Create container container name port mapping -d for background running image name: tag | image id

docker run  --name test -p 5000:8080 -d image_name:image_tag|images_id
docker run  --name test -p 5000:8080 -itd  7e /bin/bash

docker run  --name lnmmrps -p 80:80 -p 6379:6379 -p 27017:27017 -p 3306:3306 -p 9000:9000 -p 8022:22  -itd  298 /bin/bash


#Enter the inside of the container
docker exec -it container id /bin/bash

#Restart container
docker restart container id
#Start and stop containers
docker start container id 
#Stop the specified container (you need to stop the container before deleting the container)
docker stop container id
#Stop all containers
docker stop $(docker ps -qa)
#Delete specified container
docker rm container id
#Delete all containers
docker rm $(docker ps -qa)


#Make image

docker commit 46 kif/lnmmrps:v2.0


##Port mapping

view map

iptables -t nat -vnL
iptables -t nat -vnL DOCKER --line-number

Add mapping

iptables -t nat -A DOCKER -p tcp --dport 8081 -j DNAT --to-destination 172.17.0.2:80

delete mapping

iptables -t nat -D DOCKER 3

Remote ssh

yum install openssh-server -y

ssh-keygen -q -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''    
ssh-keygen -q -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_ed25519_key  -N '' 
modify /etc/ssh/sshd_config

UsePrivilegeSeparation sandbox is changed to UsePrivilegeSeparation no. the comment is turned on

passwd root

##Add user

useradd -m kif

passwd kif

kif

kif

##nginx dependent package installation

yum install gcc gcc-c++ openssl-devel pcre pcre-devel zlib zlib-devel -y
yum -y install gcc automake autoconf libtool make
yum install lrzsz -y
yum install net-tools -y
yum -y install vim* 
yum install wget -y

Installing nginx

#Enter src directory
cd /usr/local/src/

#Import nginx installation package
rz

#decompression
tar -zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1

#to configure
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre
#compile
make
#install
make install

#Enter nginx installation directory
cd /usr/local/nginx

cd sbin
#function
./nginx

#Restart service
./nginx -s reload

ps -ef | grep nginx


###Turn off Nginx

Gracefully close Nginx*

kill -QUIT main pid

Do not accept new requests. Close after all existing user requests are completed

Quick close Nginx

kill -TERM main pid

kill main pid

Restart service

./nginx -s reload

# -t to check the configuration file, you can check for syntax errors, but not logical errors
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf -t

##View network

netstat -nltp

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-obhw5nfa-1632631029411) (C: \ users \ KIF \ appdata \ roaming \ typora user images \ image-20200924171008828. PNG)]

Detailed explanation of Nginx configuration file

nginx.conf structure

  • Basic configuration
  • events
  • http

Basic configuration

##worker the user who runs the process
user nobody;   

#The number of worker processes configured is usually equal to the number of CPUs
worker_processes 1;

#Configure global error log and type [debug | info | notice | warn error crit] default error left - > right log level high - > low
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;

pid logs/nginx.pid;   #Storing process pid files

###Events configuration

events{
	#Configure the number of connections per worker process
	#Upper limit 65535
	worker_connections 1024; 

}

Http configuration

Configure the http server,

http{
    #Configuring which multimedia types nginx supports can be viewed in conf/mime.types
    include mime.types;

    #The default file type is stream type, which can be understood as supporting any type
    default_type application/octet-stream;

    #Configure log format
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
	#Configure the access.log log and storage path, and use the main log mode defined above
    access_log  logs/access.log  main;
	
	#Enable efficient file transfer mode
    sendfile        on;
    
    #Prevent network congestion
    tcp_nopush     on;

    #keepalive_timeout  0;
    
    #Long connection timeout in seconds
    keepalive_timeout  65;

	#Turn on gzip compressed output
    gzip  on;
    
   server {
        listen       80;#monitor
        server_name  localhost;

        #charset koi8-r;#Configure character set

        #access_log  logs/host.access.log  main;#Access log
		
		#Request interception
        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        
        #Exact match
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

}

Main applications of Nginx

###Static site deployment

Nginx is an HTTP web server, which can return static files (such as HTML, pictures, etc.) on the server to the browser client through HTTP protocol

Configure location

location /ace{

	root /opt/www;
	index login.html; 

}

login.html is placed in / opt/www/ace

load balancing

Hardware load balancing

F5, convinced, Array

Advantages: professional support from manufacturers, stable performance

Disadvantages: expensive

Software load balancing

Nginx,LVS,HAProxy

Advantages: free and open source, low cost

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
	#load balancing 
	upstream www.kif.com{
	
		server 192.168.0.137:8081 weight=3;
		server 192.168.0.137:8084 weight=1;
	
	}

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }
        
        #New interception
        location /myweb{

            proxy_pass http://www.kif.com;

        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }


    }

Load balancing strategy

  • Polling (default)
  • Weights (distributed proportionally) are suitable for machines with inconsistent performance
  • ip_ Hash (allocated according to the hash value of IP, each client will access a back-end server, which can solve the problem of session loss)
  • Minimum connection

At present, there are problems in the four methods

  • Polling, weight, minimum connection will lose session
  • ip_hash is prone to peak concentration
  • In the future, there will be ways to solve the problems of polling, weight and minimum connection loss

Polling (default):

upstream www.kif.com{

server 192.168.0.137:8081;
server 192.168.0.137:8084;

}

weight

upstream www.kif.com{

server 192.168.0.137:8081 weight=3;
server 192.168.0.137:8084 weight=1;

}

hash ip

upstream www.kif.com{

ip_hash;
server 192.168.0.137:8081;
server 192.168.0.137:8084;

}

Minimum connection

upstream www.kif.com{

	least_conn;
	server 192.168.0.137:8081;
	server 192.168.0.137:8084;

}

Load balancing backup server

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-sf6tlhyw-163231029414) (C: \ users \ KIF \ appdata \ roaming \ typora \ typora user images \ image-2020070616222905. PNG)]

All non backup machines and down machines adopt backup servers, which are mainly used for updating and upgrading

upstream www.kif.com{

server 192.168.0.137:8081;
server 192.168.0.137:8084 backup;

}

Static proxy

  • location interception (regular expression extension)
  • location interception (regular expression folder name) recommendation

location interception (regular expression folder name)

    location ~ .*/(css|js|img|images|image) {
        root   /opt/static;
        
    }

Dynamic and static separation

Load balancing of main Nginx dynamic resources

Master Nginx as static agent

Load balancing in the static agent of main Nginx

Static resource Nginx as static proxy

##linux file right

frequently-used linux File permissions:
444 r–r--r–
600 rw-------
644 rw-r–r--
666 rw-rw-rw-
700 rwx------
744 rwxr–r--
755 rwxr-xr-x
777 rwxrwxrwx
From left to right, 1-3 digits represent the permissions of the file owner, 4-6 digits represent the permissions of the same group of users, and 7-9 digits represent the permissions of other users.
The specific permissions are represented by numbers, and the read permissions are equal to 4, represented by r; The write permission is equal to 2, represented by w; The permission to execute is equal to 1, represented by x;
Through the combination of 4, 2 and 1, the following permissions are obtained: 0 (no permission); 4 (read permission); 5 (4 + 1 | read + execute); 6 (4 + 2 | read + Write); 7 (4 + 2 + 1 | read + Write + execute)
Take 755 as an example:
1-3 bits 7 equals 4 + 2 + 1, rwx and the owner has read, write and execute permissions;
4-6 bits 5 equals 4 + 1 + 0, r-x. users in the same group have read and execute permissions but no write permissions;
7-9 bit 5, the same as above, is also r-x. other users have read and execute permissions, but do not have write permissions.

rwx authority number interpretation
chmod can also use numbers to indicate permissions, such as chmod 777 file
Syntax: chmod abc file
Where a, B and C are each a number, indicating the permissions of User, Group and Other respectively.
r=4,w=2,x=1
To rwx attribute, 4 + 2 + 1 = 7;
To rw- attribute, 4 + 2 = 6;
To r-x attribute, 4 + 1 = 7.
example:
chmod a=rwx file
and
chmod 777 file
Same effect
chmod ug=rwx,o=x file
and
chmod 771 file
Same effect
If chmod 4755 filename is used, the program can have root permission

php dependency package installation

yum -y install libxml2-devel libjpeg-devel libpng-devel freetype-devel curl-devel openssl-devel

php installation

cd /usr/local/src/
rz
tar -zxvf php-7.1.29.tar.gz
cd php-7.1.29

./configure \
--prefix=/usr/local/php7 \
--with-config-file-path=/usr/local/php7/etc \
--with-curl \
--with-jpeg-dir \
--with-freetype-dir \
--with-gd \
--with-gettext \
--with-iconv-dir \
--with-mhash \
--with-libxml-dir \
--with-mysqli=mysqlnd \
--with-openssl \
--with-pdo-mysql=mysqlnd \
--with-pear \
--with-png-dir \
--with-xmlrpc \
--with-zlib \
--with-pdo-mysql \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-fpm \
--enable-bcmath \
--enable-inline-optimization \
--enable-gd-native-ttf \
--enable-mbregex \
--enable-mbstring \
--enable-opcache \
--enable-pcntl \
--enable-shmop \
--enable-soap \
--enable-sockets \
--enable-sysvsem \
--enable-xml \
--enable-zip \
--enable-mysqlnd \
--enable-maintainer-zts \
--enable-ftp \
--with-mrypt \
--enable-fileinfo \
--disable-rpath

make && make install

#Copy profile:

#Php-fpm.conf PHP FPM related configuration files

cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf

cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf

#php.ini default php configuration file

cp /usr/local/src/php-7.1.29/php.ini-development  /usr/local/php7/etc/php.ini


#Add startup service:

cp /usr/local/src/php-7.1.29/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm

#Add environment variable:

echo
'PATH=/usr/local/php7/bin:$PATH' >> /etc/profile

#Close php:

  killall php-fpm


#Start php:
/etc/init.d/php-fpm start
#perhaps
systemctl start php-fpm

php user name and user group modification

Modify the php configuration file at www.conf

vi /usr/local/php/etc/php-fpm.d/www.conf

Modify nginx to the user name of the current system as follows:

; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
 user = kif
 group = kif

##php and nginx connection
To modify the nginx configuration file:

location ~ .*\.(php)?$
{
expires -1s;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;

}

redis database installation:

1,tar -zxvf redis-5.0.3.tar.gz
2, cd redis-5.0.3
make PREFIX=/usr/local/redis install

3,cp redis.conf /usr/local/redis/bin/

4. Modify the configuration file to support background startup

daemonize yes

Start:

cd /usr/local/redis/bin/

./redis-server ./redis.conf

close:

killall ./redis-server

Install redis extension:

cd /usr/local/src/

rz

yum install -y unzip zip
unzip phpredis-php7.zip

cd phpredis-php7

/usr/local/php7/bin/phpize

If there is no configure command, autoconfig is not installed

yum -y install autoconf
After installation, delete the previously extracted, re extract and run phpize

Configuration:. / configure -- with PHP config = / usr / local / php7 / bin / PHP config
Compile and install make & & make install

Check ls /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/

Add a module to the php configuration file:

extension=redis.so

Restart reids

To install mongodb database:

cd /usr/local/src/

rz

tar -zxvf mongodb-linux-x86_64-rhel62-3.6.5.tgz

mv mongodb-linux-x86_64-rhel62-3.6.5 /usr/local/mongodb

Create data store directory and log directory

cd /usr/local/mongodb

mkdir data

mkdir logs

cd bin/

vim mongodb.conf

dbpath=/usr/local/mongodb/data
logpath=/usr/local/mongodb/logs/mongodb.log
port=27017
fork=true
auth=true
bind_ip=0.0.0.0
logappend=true

Start mongodb service:

cd /usr/local/mongodb/bin

./mongod --config /usr/local/mongodb/bin/mongodb.conf

Start the client: cd /usr/local/mongodb/bin

./mongo

Create user

use admin
switched to db admin
db.createUser( {user: "root",pwd: "Camkoon1603",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]});

To install the mongodb extension:

cd /usr/local/src/

rz

tar -zxvf mongodb-linux-x86_64-rhel62-3.6.5.tgz

cd mongodb-1.6.0

/usr/local/php7/bin/phpize

Configuration:. / configure -- with PHP config = / usr / local / php7 / bin / PHP config

Compile and install make & & make install

Check ls /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/

Add a module to the php configuration file:

extension=mongodb.so

Install mysql

yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers libevent libevent-devel libcurl libcurl-devel net-tools
yum -y install libmcrypt libmcrypt-devel libaio

yum -y install numactl.x86_64

cd /usr/local/src/

rz

tar -zxvf mysql-5.7.24-linux-glibc2.12-x86_64.tar.gz

groupadd mysql

The useradd -r -g mysql mysql #useradd -r parameter indicates that the mysql user is a system user and cannot be used to log in to the system

mv mysql-5.7.24-linux-glibc2.12-x86_64 /usr/local/mysql

Create my in / usr/local/mysql-5.7.28/support-files directory_ default.cnf

# vim my_default.cnf

[mysqld]

#Set mysql installation directory
basedir =/usr/local/mysql-5.7.28
#Set the data storage directory of mysql database
datadir = /usr/local/mysql-5.7.28/data
#Set port
port = 3306

socket = /tmp/mysql.sock
#Set character set
character-set-server=utf8
#Log storage directory
log-error = /usr/local/mysql-5.7.28/data/mysqld.log
pid-file = /usr/local/mysql-5.7.28/data/mysqld.pid
#Allow time type data to be zero (remove NO_ZERO_IN_DATE,NO_ZERO_DATE)
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
#ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

[mysqld]

basedir =/usr/local/mysql

datadir = /usr/local/mysql/data

port = 3306

socket = /tmp/mysql.sock

character-set-server=utf8

log-error = /usr/local/mysql/data/mysqld.log
pid-file = /usr/local/mysql/data/mysqld.pid

sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Copy, overwrite, yes

# cp my_default.cnf /etc/my.cnf

 ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/

View log after initialization

cat /usr/local/mysql/data/mysqld.log. The temporary password is in the blue box

Put the startup script in the startup initialization directory

cp support-files/mysql.server /etc/init.d/mysql

mysql start

service mysql start

Enter mysql and change the password

cd /usr/local/mysql

./bin/mysql -u root -p

mysql> set password=password('123456');

mysql> grant all privileges on . to root@'%' identified by '123456';

mysql> flush privileges;

Add remote access

mysql> use mysql;

mysql> update user set host='%' where user = 'root';

mysql> flush privileges;

If there is an error when changing: ERROR 1062 (23000): Duplicate entry '% - root' for key 'PRIMARY', first query whether it has been changed, and then refresh.

Restart mysql to take effect

service mysql restart

##mysql extension

git clone https://github.com/php/pecl-database-mysql mysql --recursive
cd mysql
/usr/local/php7/bin/phpize
./configure --with-php-config=/usr/local/php7/bin/php-config
 make && make install
 ls /usr/local/php7/lib/php/extensions/no-debug-zts-20160303/
 
 
 extension = mysql.so

##Uninstall and compile the installed software

#Installation directory of rm -rf software
Note: when uninstalling a compiled and installed software, you must stop first

User operation

1. Create a group

groupadd test

Add a test group

2. Modify group

groupmod -n test2 test

Change the name of the test group to test2

3. Delete group

groupdel test2

Delete group test2

4. View * * * * group

a) , view the groups of the currently logged in user and the groups of apacheuser APAC

1, Group operation

1. Create a group

groupadd test

Add a test group

2. Modify group

groupmod -n test2 test

Change the name of the test group to test2

3. Delete group

groupdel test2

Delete group test2

4. View * * * * group

a) , view the groups of the currently logged in user and the groups of the Apache user

b) , view all groups cat /etc/group

c) , some linux systems do not have / etc/group files. At this time, see the following method

cat /etc/passwd |awk -F [:] '{print $4}' |sort|uniq | getent group |awk -F [:] '{print $1}'

A command used here is getent. You can find group information through group ID. if this command is not available, it will be difficult to find all groups in the system

2, User operation

1. Add users

View copy print?

[root@krlcgcms01 mytest]# useradd –help

Usage: useradd [options] LOGIN

Options:

-b, –base-dir BASE_DIR sets the basic path as the user's login directory

-c. – comment COMMENT comment on the user

-d, –home-dir HOME_DIR sets the user's login directory

-D. – defaults change settings

-e, –expiredate EXPIRE_DATE sets the validity period of the user

-f. – inactive invalidate the password after the user expires

-g. – gid GROUP enables users to belong to only one group

-G. – groups GROUPS enables users to join a group

-h. – help help

-k, –skel SKEL_DIR specifies a different Skel directory

-K. – key KEY=VALUE overwrite the / etc/login.defs configuration file

-m. – create home automatically creates the login directory

-l. Do not add users to the lastlog file

-M. Do not automatically create login directory

-r. Establish system account

-o. – non unique allows users to have the same UID

-p. – password PASSWORD uses an encrypted password for new users

-s. – shell SHELL when logging in

-u. – uid UID specifies a UID for the new user

-Z, –selinux-user SEUSER use a specific SEUSER for the SELinux user mapping

[root@krlcgcms01 mytest]# useradd --help

Usage: useradd [options] LOGIN

Options:

-b, --base-dir BASE_DIR sets the basic path as the user's login directory

-c. -- comment comment comment on the user

-d, --home-dir HOME_DIR sets the user's login directory

-D. -- defaults change settings

-e, --expiredate EXPIRE_DATE sets the validity period of the user

-f. -- inactive invalidate the password after the user expires

-g. -- GID group enables users to belong to only one group

-G. -- groups groups enables users to join a group

-h. -- help help

-k, --skel SKEL_DIR specifies a different Skel directory

-K. -- key key = value overwrite / etc/login.defs configuration file

-m. -- create home automatically creates the login directory

-l. Do not add users to the lastlog file

-M. Do not automatically create login directory

-r. Establish system account

-o. -- non unique allows users to have the same UID

-p. -- password password uses an encrypted password for new users

-s. -- shell shell when logging in

-u. -- UID uid specifies a UID for the new user

-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mappinguseradd test

passwd test

One thing to note about adding user test is that after adding a user to useradd, don't forget to set his password, otherwise he can't log in.

2. Modify user

usermod -d /home/test -G test2 test

Change the login directory of the test user to / home/test and join the test2 group. Note that this is big G.

gpasswd -a test test2 add user test to test2 group

gpasswd -d test test2 moves the user test out of the test2 group

3. Delete user

userdel test

Delete test user

4. View * * * * users

a) , view the currently logged in user

[root@krlcgcms01 ~]# w

[root@krlcgcms01 ~]# who

b) , view your user name

[root@krlcgcms01 ~]# whoami

c) , view individual user information

[root@krlcgcms01 ~]# finger apacheuser

[root@krlcgcms01 ~]# id apacheuser

d) , view the login records of * * * * users

[ root@krlcgcms01 ~]#Last view the user record of successful login

[ root@krlcgcms01 ~]#Lastb view user records with unsuccessful login

e) , view all users

[root@krlcgcms01 ~]# cut -d : -f 1 /etc/passwd

[root@krlcgcms01 ~]# cat /etc/passwd |awk -F : '{print $1}'

Tags: Linux CentOS Docker

Posted on Sun, 26 Sep 2021 00:00:43 -0400 by ziv