Saturday, January 19, 2013

SSH/EC2 && sudo/su


charlie@ubuntu:~/CS548$ ssh -i ~/CS548/XXXX.pem ec2-user@eXXXXXX.amazonaws.com


I got this error at the beginning.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0664 for 'CS548/ec2-glassfish-keypair.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: CS548/ec2-glassfish-keypair.pem
Permission denied (publickey).

Solution:
change the permission to access private key :
Only owner can read and write the private key:
chmod 600 /home/me/.ssh/id_rsa_targethost
chomod 600 ~/CS548/XXXX.pem
http://www.thinkplexx.com/learn/howto/security/ssh/fix-permissions-are-too-open-private-key-will-be-ignored

SSH - "provide secure remote login"
SSH(SecureShell)是目前比较可靠的为远程登录会话和其他网络服务提供安全性的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。通过SSH,可以把所有传输的数据进行加密,也能够防止DNS欺骗和IP欺骗。


后面会提示你私钥的文件名,放在哪,这些问题,选择默认就行了,中途会让你输入密码,这个你可得记住。这样你的用户目录下会多出一个隐藏的.ssh文件夹。可以使用ls-A来查看。里面还有两文件,一个是id_rsa(私钥),还有一个是id_rsa.pub(公钥)
这个私钥和公钥到底是什么概念?
简单说,公钥就是你的银行帐户,这个可能别人也知道,但只有手上有信用卡或是存折才能有资格去试帐户密码。所以这个信用卡和存折就是你的私钥。所以这个私钥得保存好。
也就是说,那个id_rsa文件你得保存好,可以弄到U盘上,随身带着。而id_rsa.pub得改成系统默认识别的authorized_keys并保存在.ssh文件夹下



15 Linux Yum Command Examples – Install, Uninstall, Update Packages

http://www.thegeekstuff.com/2011/08/yum-command-examples/

Installing, removing, and updating packages is a typical activity on Linux. Most of the Linux distributions provides some kind of package manager utility. For example, 
apt-get, dpkg, rpm, yum, etc.
On some Linux distributions, yum is the default package manager.
yum-security  http://linux.die.net/man/8/yum-security

Description

This plugin extends yum to allow lists and updates to be limited using security relevant criteria


sudo意思就是super-user do,让当前用户暂时以管理员的身份root来执行这条命令。
su是用来改变当前用户的,su root,就是将当前用户切换为root,用了su root之后,下面所有的命令就可以不用打sudo了,因为当前用户已经是管理员root了。
root 用户为根用户,也就是 系统管理员 拥有全部权限
一个用户只能拥有一个 GID ,但是还可以归属于其它附加群组

Those commands I used to initialize my instance in EC2:

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2012.09-release-notes/
[ec2-user@ip-10-195-17-79 ~]$ ls
[ec2-user@ip-10-195-17-79 ~]$ su root
Password: 
su: incorrect password
[ec2-user@ip-10-195-17-79 ~]$ sudo su -
[root@ip-10-195-17-79 ~]# ^C
[root@ip-10-195-17-79 ~]# 

[root@ip-10-195-17-79 ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/xvda1             8256952    966160   7206936  12% /
tmpfs                   304364         0    304364   0% /dev/shm

[root@ip-10-195-17-79 ~]# fdisk -l                             ----查看硬盘分区

Disk /dev/xvda1: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000


Disk /dev/xvdf: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

[root@ip-10-195-17-79 ~]# mkfs -t ext3 /dev/xvdf         
/*mkfs - build a Linux file system








-t fstype
Specifies the type of file system to be built. If not specified, the default file system type (currently ext2) is used.*/

mke2fs 1.42.3 (14-May-2012)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65536 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done


/*
Cat 有三大功能
1. 一次显示整个文件
$cat filename
2. 从键盘输入内容创建一个文件,该命令不能用来修改已经存在的文件
$cat >filename2
3. 把多个文件合并成一个文件
$cat filename1 filename2 > filename3
*/


/*
The fstab ( /etc/fstab ) (or file systems table) file is a system configuration file commonly found on Unix systems.

*/

[root@ip-10-195-17-79 ~]# cat /etc/fstab
#
LABEL=/     /           ext4    defaults,noatime  1   1
tmpfs       /dev/shm    tmpfs   defaults        0   0
devpts      /dev/pts    devpts  gid=5,mode=620  0   0
sysfs       /sys        sysfs   defaults        0   0
proc        /proc       proc    defaults        0   0
[root@ip-10-195-17-79 ~]# echo "/dev/xvdf /data ext3 noatime 0 0">>/etc/fstab
[root@ip-10-195-17-79 ~]# cat /etc/fstab  

 /* 

What is fstab and why it's useful >

http://www.tuxfiles.org/linuxhelp/fstab.html
*/
#
LABEL=/     /           ext4    defaults,noatime  1   1
tmpfs       /dev/shm    tmpfs   defaults        0   0
devpts      /dev/pts    devpts  gid=5,mode=620  0   0
sysfs       /sys        sysfs   defaults        0   0
proc        /proc       proc    defaults        0   0
/dev/xvdf /data ext3 noatime 0 0


/*mount command: 挂载文件系统*/

[root@ip-10-195-17-79 ~]# mount /data
[root@ip-10-195-17-79 ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/xvda1             8256952    966168   7206928  12% /
tmpfs                   304364         0    304364   0% /dev/shm
/dev/xvdf              1032088     34088    945572   4% /data

// Install postgresql:


[root@ip-10-195-17-79 ~]# sudo yum install postgresql postgresql-server postgresql-devel postgresql-contrib postgresql-docs

//initialize the software



[ec2-user@ip-10-195-17-79 ~]$ sudo rm -rf /data/lost+found
[ec2-user@ip-10-195-17-79 ~]$ chown -R postgres:postgres /data
chown: changing ownership of `/data': Operation not permitted
[ec2-user@ip-10-195-17-79 ~]$ sudo chown -R postgres:postgres /data
[ec2-user@ip-10-195-17-79 ~]$ sudo su -
[root@ip-10-195-17-79 ~]# su postgres -
bash-4.1$  /usr/bin/initdb -D /data
could not change directory to "/root"
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

fixing permissions on existing directory /data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 32MB
creating configuration files ... ok
creating template1 database in /data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating collations ... ok
creating conversions ... ok
creating dictionaries ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
loading PL/pgSQL server-side language ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /usr/bin/postgres -D /data
or
    /usr/bin/pg_ctl -D /data -l logfile start

bash-4.1$ 


bash-4.1$  wget -O postgresql.conf.1 http://www.cs.stevens.edu/~dduggan/Teaching/Scripts/ec2/postgresql.conf
--2013-01-20 20:03:00--  http://www.cs.stevens.edu/~dduggan/Teaching/Scripts/ec2/postgresql.conf
Resolving www.cs.stevens.edu... 155.246.89.84
Connecting to www.cs.stevens.edu|155.246.89.84|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16947 (17K) [text/plain]
Saving to: “postgresql.conf.1”

100%[===============================>] 16,947      --.-K/s   in 0.02s   

2013-01-20 20:03:01 (784 KB/s) - “postgresql.conf.1” saved [16947/16947]


Control the server


bash-4.1$ /usr/bin/pg_ctl start -D /data
server starting
bash-4.1$ /usr/bin/pg_ctl status -D /data
pg_ctl: server is running (PID: 2502)
/usr/bin/postgres "-D" "/data"

PostgreSQL - creating and dropping roles


http://articles.slicehost.com/2009/5/7/postgresql-creating-and-deleting-roles


----------------------------------------------------------------set up jdk--------------------------------------


/* solution for install java using wget
wget in linux
http://blog.kdecherf.com/2012/04/12/oracle-i-download-your-jdk-by-eating-magic-cookies/

*/

/* scp command - > copy file using ssh */


/*create a usrgroup and create a user */

No comments:

Post a Comment