使用SUSE Linux的朋友們,如果您不小心忘了root密碼時,可以採取以下的補救方法:
1. 在boot options輸入 init=/bin/sh:
2. 此時如果直接以passwd嘗試修改的話,系統會報錯:
3. 原因是/此時為read-only,請將它remount成read-write,再次執行passwd,即可成功修改root password:
Thursday, May 29, 2008
Tuesday, May 27, 2008
Bind view
透過bind view的功能,我們可以讓DNS Server見人說人話,見鬼說鬼話囉~怎麼說呢?比如說公司中Internet/Intranet的DNS名稱解析都是用同一台,但我不想讓Internet上的machine可以查詢到我內部的hostname時,此時透過bind view的功能,看是誰來查詢,並回應相關的結果。
整個named.conf的架構舉例如下:
22 view "intranet" {
23 match-clients {"192.168.1.0/24";};
24 zone "." IN {
25 type hint;
26 file "named.root";
27 };
28
29 zone "localdomain." IN {
30 type master;
31 file "localdomain.zone";
32 allow-update { none; };
33 };
34
35 zone "localhost." IN {
36 type master;
37 file "localhost.zone";
38 allow-update { none; };
39 };
40
41 zone "0.0.127.in-addr.arpa." IN {
42 type master;
43 file "named.local";
44 allow-update { none; };
45 };
46
47 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
48 type master;
49 file "named.ip6.local";
50 allow-update { none; };
51 };
52
53 zone "255.in-addr.arpa." IN {
54 type master;
55 file "named.broadcast";
56 allow-update { none; };
57 };
58
59 zone "0.in-addr.arpa." IN {
60 type master;
61 file "named.zero";
62 allow-update { none; };
63 };
64
65 zone "example.com" {
66 type master;
67 file "example.com.zone";
68 };
69 };
70
71
72 view "internet" {
73 match-clients {"!192.168.1.0/24";};
74 zone "." IN {
75 type hint;
76 file "named.root";
77 };
78
79 zone "localdomain." IN {
80 type master;
81 file "localdomain.zone";
82 allow-update { none; };
83 };
84
85 zone "localhost." IN {
86 type master;
87 file "localhost.zone";
88 allow-update { none; };
89 };
90
91 zone "0.0.127.in-addr.arpa." IN {
92 type master;
93 file "named.local";
94 allow-update { none; };
95 };
96
97 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
98 type master;
99 file "named.ip6.local";
100 allow-update { none; };
101 };
102
103 zone "255.in-addr.arpa." IN {
104 type master;
105 file "named.broadcast";
106 allow-update { none; };
107 };
108
109 zone "0.in-addr.arpa." IN {
110 type master;
111 file "named.zero";
112 allow-update { none; };
113 };
114 };
115
116 include "/etc/rndc.key";
其實就是多了
view "internet" {
match-clients {"!192.168.1.0/24";};
};
與
view "intranet" {
match-clients {"192.168.1.0/24";};
};
在這兩個區域內設定相關的zone/zone file就可以了。
整個named.conf的架構舉例如下:
22 view "intranet" {
23 match-clients {"192.168.1.0/24";};
24 zone "." IN {
25 type hint;
26 file "named.root";
27 };
28
29 zone "localdomain." IN {
30 type master;
31 file "localdomain.zone";
32 allow-update { none; };
33 };
34
35 zone "localhost." IN {
36 type master;
37 file "localhost.zone";
38 allow-update { none; };
39 };
40
41 zone "0.0.127.in-addr.arpa." IN {
42 type master;
43 file "named.local";
44 allow-update { none; };
45 };
46
47 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
48 type master;
49 file "named.ip6.local";
50 allow-update { none; };
51 };
52
53 zone "255.in-addr.arpa." IN {
54 type master;
55 file "named.broadcast";
56 allow-update { none; };
57 };
58
59 zone "0.in-addr.arpa." IN {
60 type master;
61 file "named.zero";
62 allow-update { none; };
63 };
64
65 zone "example.com" {
66 type master;
67 file "example.com.zone";
68 };
69 };
70
71
72 view "internet" {
73 match-clients {"!192.168.1.0/24";};
74 zone "." IN {
75 type hint;
76 file "named.root";
77 };
78
79 zone "localdomain." IN {
80 type master;
81 file "localdomain.zone";
82 allow-update { none; };
83 };
84
85 zone "localhost." IN {
86 type master;
87 file "localhost.zone";
88 allow-update { none; };
89 };
90
91 zone "0.0.127.in-addr.arpa." IN {
92 type master;
93 file "named.local";
94 allow-update { none; };
95 };
96
97 zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." IN {
98 type master;
99 file "named.ip6.local";
100 allow-update { none; };
101 };
102
103 zone "255.in-addr.arpa." IN {
104 type master;
105 file "named.broadcast";
106 allow-update { none; };
107 };
108
109 zone "0.in-addr.arpa." IN {
110 type master;
111 file "named.zero";
112 allow-update { none; };
113 };
114 };
115
116 include "/etc/rndc.key";
其實就是多了
view "internet" {
match-clients {"!192.168.1.0/24";};
};
與
view "intranet" {
match-clients {"192.168.1.0/24";};
};
在這兩個區域內設定相關的zone/zone file就可以了。
Monday, May 26, 2008
Check user mailbox
以往測end user有沒有收到信時,總是習慣切到此使用者執行mail看看有沒有收到信件,今天發現了兩個方法可以不用這麼地麻煩的切換到此使用者,方法如下:
[root@vir1 ~]# mail -u lawrence
Mail version 8.1 6/6/93. Type ? for help.
"/var/mail/lawrence": 2 messages 1 new
1 MAILER-DAEMON@vir1.e Mon May 26 13:42 13/552 "DON'T DELETE THIS MES"
>N 2 root@vir1.example.co Mon May 26 17:35 20/714 "test1"
&
Message 2:
From root@vir1.example.com Mon May 26 17:35:49 2008
X-Original-To: qa@vir1.example.com
Delivered-To: qa@vir1.example.com
Date: Mon, 26 May 2008 17:35:48 +0800
From: root
To: qa@vir1.example.com
Subject: test1
CentOS release 5 (Final)
Kernel \r on an \m
or
[root@vir1 ~]# mail -f /var/spool/mail/lawrence
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/lawrence": 2 messages 1 new
1 MAILER-DAEMON@vir1.e Mon May 26 13:42 13/552 "DON'T DELETE THIS MES"
>N 2 root@vir1.example.co Mon May 26 17:35 20/714 "test1"
&
Message 2:
From root@vir1.example.com Mon May 26 17:35:49 2008
X-Original-To: qa@vir1.example.com
Delivered-To: qa@vir1.example.com
Date: Mon, 26 May 2008 17:35:48 +0800
From: root
To: qa@vir1.example.com
Subject: test1
CentOS release 5 (Final)
Kernel \r on an \m
[root@vir1 ~]# mail -u lawrence
Mail version 8.1 6/6/93. Type ? for help.
"/var/mail/lawrence": 2 messages 1 new
1 MAILER-DAEMON@vir1.e Mon May 26 13:42 13/552 "DON'T DELETE THIS MES"
>N 2 root@vir1.example.co Mon May 26 17:35 20/714 "test1"
&
Message 2:
From root@vir1.example.com Mon May 26 17:35:49 2008
X-Original-To: qa@vir1.example.com
Delivered-To: qa@vir1.example.com
Date: Mon, 26 May 2008 17:35:48 +0800
From: root
To: qa@vir1.example.com
Subject: test1
CentOS release 5 (Final)
Kernel \r on an \m
or
[root@vir1 ~]# mail -f /var/spool/mail/lawrence
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/lawrence": 2 messages 1 new
1 MAILER-DAEMON@vir1.e Mon May 26 13:42 13/552 "DON'T DELETE THIS MES"
>N 2 root@vir1.example.co Mon May 26 17:35 20/714 "test1"
&
Message 2:
From root@vir1.example.com Mon May 26 17:35:49 2008
X-Original-To: qa@vir1.example.com
Delivered-To: qa@vir1.example.com
Date: Mon, 26 May 2008 17:35:48 +0800
From: root
To: qa@vir1.example.com
Subject: test1
CentOS release 5 (Final)
Kernel \r on an \m
Wednesday, May 21, 2008
SSH Server allow authorized_keys only
帽客家裡目前總共有2台Linux machines與一台iBook,一台安裝CentOS5.1當作file server使用,而iBook與HP NB分別安裝Mac OSX10.4與Ubuntu7.10,透過rsync的方法將資料update至file server,由於都有使用key作為ssh認證的方法,於是乎想把透過password認證方式取消掉,透過以下的方法完成了需求:
#vi /etc/ssh/sshd_config
-> UsePAM no
-> PasswordAuthentication no
#service sshd restart
#vi /etc/ssh/sshd_config
-> UsePAM no
-> PasswordAuthentication no
#service sshd restart
Thursday, May 15, 2008
Fedora 9 available to download
前些日子出國,所以晚了些日子post到Blog上,有點想從Ubuntu轉回用Fedora,主要是因為我透過網路upgrade system時,Ubuntu 8.04在我的HP NB上運轉的很不順,3D桌面總是卡卡的,當然還有一些其它的問題,比如撥放rmvb時,超卡的根本無法看,只好用partimage recovery回7.10(好險升級前有backup),既然有備份了,那麼就安裝Fedora 9看看吧,事實上我還是使用Fedora/SUSE順手一點 :)
當然Ubuntu還是很棒的!是我目前感覺最親切的Linux distribution.
當然Ubuntu還是很棒的!是我目前感覺最親切的Linux distribution.
Subscribe to:
Posts (Atom)