LibCat » Книги » Компьютеры и интернет » ОС и Сети » Chris Tyler - Fedora Linux

Chris Tyler - Fedora Linux

Здесь есть возможность читать онлайн «Chris Tyler - Fedora Linux» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Год выпуска: 2006, ISBN: 2006, Издательство: O'Reilly, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Читать книгу

Название:
Fedora Linux
Автор:
Chris Tyler
Издательство:
O'Reilly
Жанр:
ОС и Сети / на английском языке
Год:
2006
ISBN:
978-0-596-52682-5
Рейтинг книги:
5 / 5. Голосов: 1
Избранное:

Добавить в избранное
Отзывы:
Написать комментарий
Ваша оценка:
- 100
- 1
- 2
- 3
- 4
- 5

Fedora Linux: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Fedora Linux»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

"Neither a "Starting Linux" book nor a dry reference manual, this book has a lot to offer to those coming to Fedora from other operating systems or distros." -- Behdad Esfahbod, Fedora developer This book will get you up to speed quickly on Fedora Linux, a securely-designed Linux distribution that includes a massive selection of free software packages. Fedora is hardened out-of-the-box, it's easy to install, and extensively customizable - and this book shows you how to make Fedora work for you.
Fedora Linux: A Complete Guide to Red Hat's Community Distribution In this book, you'll learn how to:
 Install Fedora and perform basic administrative tasks
 Configure the KDE and GNOME desktops
 Get power management working on your notebook computer and hop on a wired or wireless network
 Find, install, and update any of the thousands of packages available for Fedora
 Perform backups, increase reliability with RAID, and manage your disks with logical volumes
 Set up a server with file sharing, DNS, DHCP, email, a Web server, and more
 Work with Fedora's security features including SELinux, PAM, and Access Control Lists (ACLs)
Whether you are running the stable version of Fedora Core or bleeding-edge Rawhide releases, this book has something for every level of user. The modular, lab-based approach not only shows you how things work - but also explains why--and provides you with the answers you need to get up and running with Fedora Linux.

Fedora Linux — читать онлайн бесплатно полную книгу (весь текст) целиком

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Fedora Linux», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема

Шрифт:

↓

↑

Сбросить

Интервал:

↓

↑

Закладка:

Сделать

drwxr-xr-x root root system_u:object_r:etc_t alchemist

-rw-r--r-- root root system_u:object_r:etc_aliases_t aliases

-rw-r----- root smmsp system_u:object_r:etc_aliases_t aliases.db

drwxr-xr-x root root system_u:object_r:etc_t alsa

drwxr-xr-x root root system_u:object_r:etc_t alternatives

-rw-r--r-- root root system_u:object_r:etc_t anacrontab

-rw------- root root system_u:object_r:etc_t at.deny

-rw-r--r-- root root system_u:object_r:automount_etc_t auto.master

-rw-r--r-- root root system_u:object_r:automount_etc_t auto.misc

-rwxr-xr-x root root system_u:object_r:automount_etc_t auto.net

-rwxr-xr-x root root system_u:object_r:automount_etc_t auto.smb

...(Lines snipped)...

The context label displayed on each line contains the text system_u:object_r: followed by the file type assigned to the file. In the output above, the aliases file has been given the file type etc_aliases_t (which is unique to that file), indicating that the SELinux policy treats that file specially.

All file types end in _t for easy identification.

Files contained in your home directory are usually given the type user_home_t . The default policy will not permit web pages in ~/public_html to be accessed through the web server, even if the httpd_enable_homedirs boolean is turned on, unless the files being shared have the type httpd_sys_content_t . To change file contexts, use the chcon command:

$ chcon -R -t httpd_sys_content_t ~/public_html

The -R option causes chcon to recursively change the context of directories within ~/public_html , and -t httpd_sys_content_t sets the file type.

The file context types most commonly used with chcon are shown in Table 8-2 .

Table 8-2. Common nondefault file context types

Type	Description	Examples
httpd_sys_content_t	Files that may be served by httpd	Web pages, graphics, CSS files, client-side ECMAScript/JavaScript
httpd_sys_script_exec_t	CGI scripts that may be executed by httpd	Web scripts written in any external scripting language (e.g., scripts written in Perl when you are not using mod_perl )
httpd_unconfined_script_exec_t	CGI scripts that will not be constrained by SELinux	Dangerous!but may be required for some complex CGI scripts
httpd_sys_script_ro_t	Datafiles that may be read (but not written) by CGI scripts	Static CGI script datafiles
httpd_sys_script_ra_t	Datafiles that may be read and appended (but not overwritten or truncated) by CGI scripts	Script logfiles, guestbooks, nonrevisable order queues, survey and quiz records
httpd_sys_script_rw_t	Datafiles that may be read/written by CGI scripts	User profiles, session status, and other CGI datafiles
samba_share_t	Enables sharing of the file by Samba (not required for home directories)	Group Samba shares
public_content_t	Enables sharing of the file (read only) by Samba, httpd , NFS, and rsync	Files shared by multiple servers
public_content_rw_t	Enables sharing of the file (read/write) by Samba, httpd , FTP, and rsync	Files shared and updatable through multiple servers

A file label that has been changed manually may be changed back to the default value during a relabeling (discussed in the next section).

For example, if you have created the /var/samba directory and are using it for Samba group shares, it will need to be labeled with the type samba_share_t :

# chcon -R -t samba_share_t /var/samba

To make that the default context label for /var/samba , edit /etc/selinux/targeted/contexts/files/file_contexts.local to contain this line:

/var/samba(/.*)? system_u:object_r:samba_share_t

The first field contains a regular expression specifying that this entry will match any filename starting with /var/samba . The context label in the second field (which must include the system_u:object_r: portion) configures the default label for files that match the regular expression.

8.2.1.4. Relabeling the system

Some caution is in order: you may end up with a system where many file labels are wrong if you update your SELinux policy, mount your filesystems without SELinux support enabled (perhaps during rescue mode), or go wild with chcon . To relabel your system, you should create the empty file /.autorelabel and then boot the system:

# touch /.autorelabel

# shutdown -r now

During system startup, your files will be relabeled to default values, except for files labeled with a type listed in /etc/selinux/targeted/contexts/customizable_types . The relabeling operation will typically take a few minutes on a desktop system or small server, and could take much longer on a large server or very old computer.

8.2.1.5. Viewing and interpreting SELinux messages

SELinux policy messages are sent to syslog and usually end up in /var/log/messages . To find them among the other messages, search for the string avc :

# grep avc: /var/log/messages

May 2 16:32:56 laptop3 kernel: audit(1146601976.667:289): avc:

denied { getattr } for pid=23807 comm="httpd" name="public_html" dev=dm-1

ino=192237 scontext=user_u:system_r:httpd_t:s0

tcontext=user_u:object_r:user_home_t:s0 tclass=dir

Here we see that an access request was denied between a subject with an scontext of user_u:system_r:httpd_t:s0 and a tcontext of user_u:object_r:user_home_t:s0 for the tclass dir (a filesystem directory). The additional fields provide a bit more information: the attempted operation was getattr (get attributes), the process ID of the subject was 23807, the command executing was httpd , the directory name was public_html , the storage device was dm-1 , and the inode number was 192237.

The fact that the storage device name starts with dm (which stands for device mapper ) indicates that the directory is stored in a logical volume. You can find the device number from a detailed listing of the device node:

$ ls -l /dev/dm-1

brw-r----- 1 root disk 253, 1 Apr 29 08:57 /dev/dm-1

The output indicates that the device number is 253, 1 . Compare this with the device nodes in /dev/mapper :

$ ls -l /dev/mapper

total 0

crw------- 1 root root 10, 63 Apr 29 08:57 control

brw-rw---- 1 root disk 253, 1 Apr 29 08:57 main-home

brw-rw---- 1 root disk 253, 3 Apr 29 08:57 main-remote

brw-rw---- 1 root disk 253, 0 Apr 29 08:57 main-root

brw-rw---- 1 root disk 253, 4 Apr 29 08:57 main-test

brw-rw---- 1 root disk 253, 2 Apr 29 08:57 main-var

According to this output, /dev/dm-1 corresponds to /dev/mapper/main-home , which refers to the logical volume home within the volume group main . The mount command shows the mount point for this volume: