Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Nächste ÜberarbeitungBeide Seiten der Revision | ||
content:serverbasics [2023/07/24 12:30] – [Raided LVM- Volumes] Daniel | content:serverbasics [2023/12/21 05:34] – [FACL: handle execute-bit with files and directories] Daniel | ||
---|---|---|---|
Zeile 2: | Zeile 2: | ||
These setting here are an advice to think about when setting up a new linux- machine (here on an opensuse distrubution, | These setting here are an advice to think about when setting up a new linux- machine (here on an opensuse distrubution, | ||
+ | |||
+ | ===== Subpages ===== | ||
+ | |||
+ | <catlist content: | ||
===== Mountpoints ===== | ===== Mountpoints ===== | ||
Zeile 17: | Zeile 21: | ||
The important part is metadata=1.0 - this format has especially designed to fit the needs of raid1 of fat/efi- systems. | The important part is metadata=1.0 - this format has especially designed to fit the needs of raid1 of fat/efi- systems. | ||
- | |||
==== LVM ==== | ==== LVM ==== | ||
Zeile 58: | Zeile 61: | ||
where i equals the number of devices with Data (not including parity- storage) | where i equals the number of devices with Data (not including parity- storage) | ||
- | |||
=== Useful Commands === | === Useful Commands === | ||
Zeile 86: | Zeile 88: | ||
</ | </ | ||
+ | == Resizing logical Volumes with mounted Filesystem == | ||
+ | |||
+ | can be done by e.g. | ||
+ | |||
+ | < | ||
+ | lvresize --size 20G / | ||
+ | |||
+ | </ | ||
==== Filesystem ==== | ==== Filesystem ==== | ||
Zeile 100: | Zeile 110: | ||
For **Databases** or files that need speed and __**are well backed up otherwise**__ | For **Databases** or files that need speed and __**are well backed up otherwise**__ | ||
- | |||
- | |||
=== Sources: === | === Sources: === | ||
Zeile 227: | Zeile 235: | ||
F… what??? Yes: facl is the tool to do so. with that tool you can very much expand the rights per directory an on every file in detail. It ist also possible to have multiple group- access definitions, | F… what??? Yes: facl is the tool to do so. with that tool you can very much expand the rights per directory an on every file in detail. It ist also possible to have multiple group- access definitions, | ||
- | So lets do some facl- work: | + | So lets do some facl- work |
+ | |||
+ | === FACL: get infos about settings === | ||
< | < | ||
Zeile 242: | Zeile 252: | ||
As you can see, that directory has been created quite insecure. There is only the above permission preventing everyone to read the informations in it. Creating a new file in it, would make it the same way insecure, as it would have been before. | As you can see, that directory has been created quite insecure. There is only the above permission preventing everyone to read the informations in it. Creating a new file in it, would make it the same way insecure, as it would have been before. | ||
+ | |||
+ | === FACL: set default permissions === | ||
But now lets set the mode to better fit our needs: | But now lets set the mode to better fit our needs: | ||
Zeile 261: | Zeile 273: | ||
Note, that we only changed the DEFAULT permissions to be more secure (d:). | Note, that we only changed the DEFAULT permissions to be more secure (d:). | ||
+ | |||
+ | === FACL: check new settings === | ||
Now lets again create a file there as we did before just in that - safe - directory. Also we can use getfacl on that file to check if it works: | Now lets again create a file there as we did before just in that - safe - directory. Also we can use getfacl on that file to check if it works: | ||
Zeile 313: | Zeile 327: | ||
Its up to you to decide if this is more usable or not. | Its up to you to decide if this is more usable or not. | ||
+ | |||
+ | === FACL: full ACL- Sytnax === | ||
+ | |||
+ | The full Syntax is: | ||
+ | |||
+ | < | ||
+ | [d[efault]: | ||
+ | | ||
+ | |||
+ | [d[efault]: | ||
+ | | ||
+ | |||
+ | [d[efault]: | ||
+ | | ||
+ | |||
+ | [d[efault]: | ||
+ | | ||
+ | |||
+ | </ | ||
+ | |||
+ | That means you can only set the defaults per user or per group and only files or directories at once. | ||
+ | |||
+ | |||
+ | === FACL: use in batch and recursively === | ||
+ | |||
+ | FACLs do also have good ways to be used for whole directories, | ||
+ | |||
+ | '' | ||
+ | |||
+ | -R, –recursive Apply operations to all files and directories recursively. This option cannot be mixed with `–restore' | ||
+ | |||
+ | === FACL: handle execute-bit with files and directories === | ||
+ | |||
+ | …it also allows for the use of the capital-x '' | ||
+ | |||
+ | so doing the following should work: | ||
+ | |||
+ | Set all Files AND the directories recursively to be readwriteable by user colleague and only give X to all Directories and only those Files, that already have x set: | ||
+ | |||
+ | '' | ||
+ | |||
+ | For setting the default permissions to be like that: | ||
+ | |||
+ | '' | ||
+ | |||
==== Last words ==== | ==== Last words ==== |