document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'LCTT/master'

Browse Source
This commit is contained in:
KayGuoWhu 2013-12-06 15:47:11 +08:00
commit a5c25cdaed
14 changed files with 738 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
translated/How To Display And Set Hostname in Linux.md → published/How To Display And Set Hostname in Linux.md
View File

@ -31,12 +31,11 @@ Hostname是在你第一次安装Linux的时候设置。其中有一个步骤Linu
$ hostname
dev-machine
你**需要使用root权限**,或者同样的权限来设置/修改你计算机的主机名。#标识证明你是root用户。上述命令把你的计算机主机名设置成为**dev-machine**。如果你没有收到任何报错信息那么你的hostname已经改变了。再一次使用hostname命令检查看看结果。
你**需要使用root权限**,或者等同root的权限来设置/修改你计算机的主机名。#标识证明你是root用户。上述命令把你的计算机主机名设置成为**dev-machine**。如果你没有收到任何报错信息那么你的hostname已经改变了。再一次使用hostname命令检查看看结果。
使用hostname命令设置你的hostname **不是永久的** 。当你重启你的计算机,你的设定将会失效。 **为了永久改变** 你必须手动修改hostname配置文件。
**On Debian / Ubuntu based Linux**
**基于Linux 的 Debian / Ubuntu**
**Debian / Ubuntu系的Linux**
你可以在 **/etc/hostname** 和 **/etc/hosts** 文件夹中找到这个文件
@ -55,8 +54,7 @@ Hostname是在你第一次安装Linux的时候设置。其中有一个步骤Linu
你将会发现不用重启你的linux它就即刻生效。
**On RedHat / CentOS based Linux**
**基于Linux的 RedHat / CentOS**
**RedHat / CentOS系的Linux**
你可以在 **/etc/hosts** 和 **/etc/sysconfig/networks** 文件夹中找到这个文件。
@ -67,7 +65,7 @@ Hostname是在你第一次安装Linux的时候设置。其中有一个步骤Linu
127.0.0.1 localhost.localdomain localhost dev-machine
::localhost 127.0.0.1
/etc/sysconfig/network
**/etc/sysconfig/network**
NETWORKING=yes
NETWORKING_IPV6=no
@ -82,7 +80,7 @@ Hostname是在你第一次安装Linux的时候设置。其中有一个步骤Linu
在本篇文章dnsdomainname命令的结果是 **bris.co.id**
如果你看见结果是 (**none**),那么你的机器**没有配置FQDNFully Qualified Domain Name 完全符合标准的域名)** 。Dnsdomainname命令摘取来自**/etc/hosts**文件的信息。你应该配置它为完全符合标准的域名格式。接下来一个简单的例子:
如果你看见结果是 (**none**)那么你的机器**没有配置FQDNFully Qualified Domain Name 完全符合标准的域名)** 。dnsdomainname命令摘取来自**/etc/hosts**文件的信息。你应该配置它为FQDN格式。下面是一个简单的例子:
**/etc/hosts**
@ -99,9 +97,9 @@ Hostname是在你第一次安装Linux的时候设置。其中有一个步骤Linu
Result: h_aliases=dev-machine
Result: h_addr_list=192.168.0.104
### 如何显示hostname更多细节信息###
### 如何显示hostname更多细节信息###
Hostname命令可以使用多个参数和一些别名如dnsdomainname命令。这些参数在每日操作中是有用的。下面这些命令的结果是基于**/etc/hosts**的上述配置。
Hostname命令可以使用多个参数和一些别名,比如dnsdomainname命令就是它的一个别名。这些参数在每日操作中是有用的。下面这些命令的结果是基于**/etc/hosts**的上述配置。
**显示IP地址**
@ -126,7 +124,7 @@ Hostname命令可以使用多个参数和一些别名如dnsdomainname命令
**显示细节信息**
所有的参数包括上述信息,都可以通过使用参数**-v 和 -d** 来概括。让我们来看一个例子。
所有的参数包括上述信息,都可以通过使用参数**-v****-d** 来概括。让我们来看一个例子。
$ hostname -v -d
gethostname()=dev-machine.bris.co.id

1
translated/Play A Crossword Game With Adobe’s Leaked Passwords.md → published/Play A Crossword Game With Adobe’s Leaked Passwords.md
View File

@ -11,6 +11,7 @@
不久前Adobe公司成了网络攻击者的目标。Adobe公司的安全团队发现了一起针对Adobe公司内部网络的复杂攻击攻击获取了Adobe公司的客户信息并盗取了数个Adobe公司产品的源代码。根据Adobe公司官方博客上的安全告示攻击者盗取了Adobe用户的账户ID以及登录密码。但是Adobe公司的安全团队并不认为与账户关联的信用卡信息或者资金账户信息会一并被盗取。
你可以点击[这儿][3]阅读更多相关的安全公告。
--------------------------------------------------------------------------------
via: http://www.unixmen.com/play-crossword-game-adobes-leaked-passwords/

14
translated/SBackup--A Simple Backup Solution For Your Linux Desktop.md → published/SBackup--A Simple Backup Solution For Your Linux Desktop.md
View File

@ -62,19 +62,19 @@ SBackup 可在 Ubuntu、Linux Mint 和 Debian 的默认仓库中获得,所以
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/Simple-Backup-Suite_001.jpg)
### General ###
#### General选项卡 ####
在 General 选项内你可以选择多久进行一次完整备份默认是7天。每7天 SBackup 将会进行一次完整的备份。你也可以选择备份的压缩格式。
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/Simple-Backup-Suite_0021.jpg)
### Include ###
#### Include选项卡 ####
这个选项不需要解释太多,你可以添加 SBackup 要备份的文件或目录。这里可以选择备份单独的文件或者完整的目录我删除了所有的目录仅仅保留了“Resume”
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/Simple-Backup-Suite_0031.jpg)
### Exclude ###
#### Exclude选项卡 ####
如同 Include 选项,我们可以选择备份时排除的文档和目录,只需要选择要排除的文档和目录的路径即可。在默认配置下,/media, /var/run/, /var/cache/, /var/spool/ 和 /vat/tmp/ 目录均被排除
@ -92,7 +92,7 @@ SBackup 可在 Ubuntu、Linux Mint 和 Debian 的默认仓库中获得,所以
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/Simple-Backup-Suite_0071.jpg)
### Destination ###
#### Destination选项卡 ####
在这里你可以选择备份存放的路径,正如我之前提到的,你可以把备份的文档或文件夹存放在硬盘或者远程的 FTP 或 NAS。这里我将把备份保存在 /home/sk/My Backup 目录下。
@ -100,7 +100,7 @@ SBackup 可在 Ubuntu、Linux Mint 和 Debian 的默认仓库中获得,所以
**提示:** 在备份前确认目录有足够的空间保存备份文件
### Schedule ###
#### Schedule选项卡 ####
在这个选项中,你可以设定具体的备份时间。点击 **Simple** 选项,可以按每小时、每日、每周、每月来设置你的计划备份时间。
@ -114,13 +114,13 @@ SBackup 可在 Ubuntu、Linux Mint 和 Debian 的默认仓库中获得,所以
lrwxrwxrwx 1 root root 33 Nov 8 15:34 /etc/cron.daily/sbackup -> /usr/share/sbackup/sbackup-launch
### Purging ###
#### Purging选项卡 ####
在这个选项里可以删除超过一定时间的备份文件。在默认配置下超过30天的备份文件将被删除。
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/Simple-Backup-Suite_0111.jpg)
### Report ###
#### Report选项卡 ####
Report 是最后一个选项卡在这里你可以设置接收备份完成通知的邮箱。输入你的邮箱ID、SMTP服务地址、邮箱用户名、密码后点击 Test mail settings。需要留意的是在测试邮箱设置前点击工具栏中的Save Configuration按钮保存你的配置。

1
sources/10 basic examples of linux netstat command.md
View File

@ -1,3 +1,4 @@
[this is bazz2]
10 basic examples of linux netstat command
================================================================================
### Netstat ###

1
sources/CentOS 6.5 desktop installation guide with screenshots.md
View File

@ -1,3 +1,4 @@
Vic020的WC
CentOS 6.5 desktop installation guide with screenshots
================================================================================
### CentOS 6.5 released ###

23
sources/GCC 4.9 Is Now In Bug-Fixes-Only Stage 3 Mode.md
View File

@ -1,23 +0,0 @@
Vic020走起
GCC 4.9 Is Now In Bug-Fixes-Only Stage 3 Mode
================================================================================
[GCC 4.9][1] with [its many new features][2] is aiming for a release in the first half of 2014. As of this morning the GCC code-base will not accept new features as it's under a big-fixing-only flag.
Richard Biener announced this morning that trunk is now in stage three, so that after eight months of allowing features into GCC for the 4.9 release, nothing new will be permitted unless an exception is granted by the release managers. Stage 3 allows for general bug-fixing work to be completed while in about two months it will go into the Stage 4 mode of only allowing documentation and regression fixes.
At the moment there are 63 P1 regressions (the most severe regression) for GCC 4.9 followed by 136 P2 regressions, 14 P3 regressions, 88 P4 regressions, and 60 P5 regressions. Not until the 63 regressions of the P1 state have been zeroed out will GCC 4.9 move closer to being released. The GCC 4.9.0 release will likely come some time around Q2'2014.
This morning's GCC 4.9.0 status report can be found on the [GCC mailing list][3]. GCC 4.9 will be a very nice compiler update and competition to next month's release of [LLVM 3.4][4].
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=news_item&px=MTUyMjk
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.phoronix.com/scan.php?page=search&q=GCC+4.9
[2]:http://www.phoronix.com/scan.php?page=news_item&px=MTUxNzQ
[3]:http://gcc.gnu.org/ml/gcc/2013-11/msg00435.html
[4]:http://www.phoronix.com/scan.php?page=search&q=LLVM+3.4

310
sources/Linux shell tips and tricks.md Normal file
View File

@ -0,0 +1,310 @@
Linux shell tips and tricks
================================================================================
Im using Linux shell (Bash) on daily basis, but I often forgot some useful command or shell tip. Yes, I can remember commands, but I cant say that if I used it just once for specific task. Then I started to write Linux shell tips in text file on my Dropbox account and now I decided to share that. This list will be updated over time. Also keep in mind that for some tips you will need to install additional software on your Linux distribution.
Check if remote port is open with bash:
echo >/dev/tcp/8.8.8.8/53 && echo "open"
Suspend process:
Ctrl + z
Move process to foreground:
fg
Generate random hex number where n is number of characters:
openssl rand -hex n
Execute commands from a file in the current shell:
source /home/user/file.name
Substring for first 5 characters:
${variable:0:5}
SSH debug mode:
ssh -vvv user@ip_address
SSH with pem key:
ssh user@ip_address -i key.pem
Get complete directory listing to local directory with wget:
wget -r --no-parent --reject "index.html*" http://hostname/ -P /home/user/dirs
Create multiple directories:
mkdir -p /home/user/{test,test1,test2}
List processes tree with child processes:
ps axwef
Create war file:
jar -cvf name.war file
Test disk write speed:
dd if=/dev/zero of=/tmp/output.img bs=8k count=256k conv=fdatasync; rm -rf /tmp/output.img
Test disk read speed:
hdparm -Tt /dev/sda
Get md5 hash from text:
echo -n "text" | md5sum
Check xml syntax:
xmllint --noout file.xml
Extract tar.gz in new directory:
tar zxvf package.tar.gz -C new_dir
Get HTTP headers with curl:
curl -I http://www.example.com
Modify timestamp of some file or directory (YYMMDDhhmm):
touch -t 0712250000 file
Download from ftp using wget:
wget -m ftp://username:password@hostname
Generate random password (16 char long in this case):
LANG=c < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;
Quickly create a backup of a file:
cp some_file_name{,.bkp}
Access Windows share:
smbclient -U "DOMAIN\user" //dc.domain.com/share/test/dir
Run command from history (here at line 100):
!100
Unzip to directory:
unzip package_name.zip -d dir_name
Multiline text (CTRL + d to exit):
cat > test.txt
Create empty file or empty existing one:
> test.txt
Update date from Ubuntu NTP server:
ntpdate ntp.ubuntu.com
netstat show all tcp4 listening ports:
netstat -lnt4 | awk '{print $4}' | cut -f2 -d: | grep -o '[0-9]*'
Convert image from qcow2 to raw:
qemu-img convert -f qcow2 -O raw precise-server-cloudimg-amd64-disk1.img \
precise-server-cloudimg-amd64-disk1.raw
Run command repeatedly, displaying it's output (default every two seconds):
watch ps -ef
List all users:
getent passwd
Mount root in read/write mode:
mount -o remount,rw /
Mount a directory (for cases when symlinking will not work):
mount --bind /source /destination
Send dynamic update to DNS server:
nsupdate < <EOF
update add $HOST 86400 A $IP
send
EOF
Recursively grep all directories:
grep -r "some_text" /path/to/dir
List ten largest open files:
lsof / | awk '{ if($7 > 1048576) print $7/1048576 "MB "$9 }' | sort -n -u | tail
Show free RAM in MB:
free -m | grep cache | awk '/[0-9]/{ print $4" MB" }'
Open Vim and jump to end of file:
vim + some_file_name
Git clone specific branch (master):
git clone git@github.com:name/app.git -b master
Git switch to another branch (develop):
git checkout develop
Git delete branch (myfeature):
git branch -d myfeature
Git delete remote branch:
git push origin :branchName
Git push new branch to remote:
git push -u origin mynewfeature
Print out the last cat command from history:
!cat:p
Run your last cat command from history:
!cat
Find all empty subdirectories in /home/user:
find /home/user -maxdepth 1 -type d -empty
Get all from line 50 to 60 in test.txt:
< test.txt sed -n '50,60p'
Run last command (if it was: mkdir /root/test, below will run: sudo mkdir /root/test):
sudo !!
Create temporary RAM filesystem - ramdisk (first create /tmpram directory):
mount -t tmpfs tmpfs /tmpram -o size=512m
Grep whole words:
grep -w "name" test.txt
Append text to a file that requires raised privileges:
echo "some text" | sudo tee -a /path/file
List all supported kill signals:
kill -l
Generate random password (16 characters long in this case):
openssl rand -base64 16
Do not log last session in bash history:
kill -9 $$
Scan network to find open port:
nmap -p 8081 172.20.0.0/16
Set git email:
git config --global user.email "me@example.com"
To sync with master if you have unpublished commits:
git pull --rebase origin master
Move all files with "txt" in name to /home/user:
find -iname "*txt*" -exec mv -v {} /home/user \;
Put the file lines side by side:
paste test.txt test1.txt
Progress bar in shell:
pv data.log
Send the data to server with netcat:
echo "hosts.sampleHost 10 `date +%s`" | nc 192.168.200.2 3000
Convert tabs to spaces:
expand test.txt > test1.txt
Skip bash history:
< <space>>cmd
Go to the previous working directory:
cd -
Split large tar.gz archive (100MB each) and put it back:
split b 100m /path/to/large/archive /path/to/output/files
cat files* > archive
Get HTTP status code with curl:
curl -sL -w "%{http_code}\\n" www.example.com -o /dev/null
When Ctrl + c not works:
Ctrl + \
Get file owner:
stat -c %U file.txt
List block devices:
lsblk -f
Find files with trailing spaces:
find . -type f -exec egrep -l " +$" "{}" \;
Find files with tabs indentation:
find . -type f -exec egrep -l $'\t' "{}" \;
Print horizontal line with "=":
printf '%100s\n' | tr ' ' =
**UPDATE: November 25, 2013**
--------------------------------------------------------------------------------
via: http://www.techbar.me/linux-shell-tips/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

4
sources/Setup FTP Server On openSUSE 13.1.md
View File

@ -1,3 +1,5 @@
translating by zsJacky
Setup FTP Server On openSUSE 13.1
================================================================================
**vsftpd** (**V**ery **S**ecure **F**ile **T**ransport **P**rotocol **D**aemon) is a secure, fast FTP server for Unix/Linux systems. In this how-to article, let us see how to setup a basic FTP server using vsftpd on openSUSE 13.1.
@ -182,7 +184,7 @@ Thats it for now. Your FTP server is ready to use. Enjoy!
via: http://www.unixmen.com/setup-ftp-server-opensuse-13-1/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
译者:[zsJacky](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

221
sources/Setup a jailed shell with jailkit on ubuntu.md
View File

@ -1,221 +0,0 @@
我不入监狱  谁入监狱
Setup a jailed shell with jailkit on ubuntu
================================================================================
### Jailed Shell and Jailkit ###
A jailed shell is a kind of limited shell that provides the user with a very real looking shell but does not allow him to mess with/view/modify any parts of the real file systems. The file system inside the shell is different from the actual file system of the underlying system. Such a functionality is achived through chroot and finds many kinds of applications. For example to setup a linux shell for users to just "play with". Or run some program with full functionality but in a limited environment and so on.
In this tutorial we are going to talk about setting up a jailed shell quickly with jailkit on ubuntu. Jailkit is helper program that allows to quickly setup a jailed shell, jail users inside it, and configure programs to run from the jailed environment.
Jailkit can be downloaded from [http://olivier.sessink.nl/jailkit/][1]
We have already discussed about installing jailkit on ubuntu so check out that post.
### Setup jailed shell ###
#### 1. Setup the jail environment ####
There needs to be a directory where the whole jail environment will be setup. Lets do it in /opt/jail. This can be whatever.
$ sudo mkdir /opt/jail
Root should own this directory. So chown it out.
$ sudo chown root:root /opt/jail
#### 2. Setup the programs to make available inside the jail ####
All the programs that need to be available in the jail need to be copied inside it using the jk_init command.
Example
$ sudo jk_init -v /jail basicshell
$ sudo jk_init -v /jail editors
$ sudo jk_init -v /jail extendedshell
$ sudo jk_init -v /jail netutils
$ sudo jk_init -v /jail ssh
$ sudo jk_init -v /jail sftp
$ sudo jk_init -v /jail jk_lsh
Or at one go
$ sudo jk_init -v /opt/jail netutils basicshell jk_lsh openvpn ssh sftp
The names like basicshell , editors , netutils are groups that contain multiple programs. Each group is a set of executable files, libraries etc to be copied into the shell. For example, the section **basicshell** provides many programs like bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep etc in the jail.
For a complete list of sections that can be setup, have a look at /etc/jailkit/jk_init.ini.
jk_lsh (Jailkit limited shell) - is an important section, and must be added.
#### 3. Create the user who will be jailed ####
Need a user to put inside the jail. Lets create one
$ sudo adduser robber
Adding user `robber' ...
Adding new group `robber' (1005) ...
Adding new user `robber' (1006) with group `robber' ...
Creating home directory `/home/robber' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for robber
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
Note that this is a normal user who is created in the actual filesystem and not inside the jail.
In the next step this user shall be imprisoned inside the jail.
At this point if you take a look at /etc/passwd you get to see an entry at the end that looks like this
robber:x:1006:1005:,,,:/home/robber:/bin/bash
This is our new user and the last part /bin/bash indicates that the user has a normal shell access on the system, if he logs in.
#### 4. Jail the user ####
Now its time to put the user inside the jail.
$ sudo jk_jailuser -m -j /opt/jail/ robber
By doing this the user robber has now been jailed.
Now if you take a look at /etc/passwd the last entry would look like this
robber:x:1006:1005:,,,:/opt/jail/./home/robber:/usr/sbin/jk_chrootsh
Note that the last 2 parts that indicate the home user and the shell type have changed. The home directory of the user is now inside the jail environment at /opt/jail. The shell of the user is now a special program called jk_chrootsh that will provide the jailed shell.
It is this particular shell called jk_chrootsh that takes the user inside the jail, everytime he logs onto the system.
The jail setup by now is nearly done. But if you try to connect to id from ssh, it will fail like this :
$ ssh robber@localhost
robber@localhost's password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-25-generic x86_64)
* Documentation: https://help.ubuntu.com/
13 packages can be updated.
0 updates are security updates.
*** /dev/sda7 will be checked for errors at next reboot ***
*** /dev/sda8 will be checked for errors at next reboot ***
Last login: Sat Jun 23 12:45:13 2012 from localhost
Connection to localhost closed.
$
The connection shall close. This happens because the user actually has a limited shell.
#### 5. Give bash shell to user inside the jail ####
The next important thing to do is to give the user a proper bash shell, but inside the jail.
Open the following file
/opt/jail/etc/passwd
Its the password file inside the jail. It would look somewhat like this
root:x:0:0:root:/root:/bin/bash
robber:x:1006:1005:,,,:/home/robber:/usr/sbin/jk_lsh
Change the /usr/sbin/jk_lsh to /bin/bash
root:x:0:0:root:/root:/bin/bash
robber:x:1006:1005:,,,:/home/robber:/bin/bash
Save the file and exit.
#### 6. Login to the jail ####
So now its time to login into the jail again
$ ssh robber@localhost
robber@localhost's password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-25-generic x86_64)
* Documentation: https://help.ubuntu.com/
13 packages can be updated.
0 updates are security updates.
*** /dev/sda7 will be checked for errors at next reboot ***
*** /dev/sda8 will be checked for errors at next reboot ***
Last login: Sat Jun 23 12:46:01 2012 from localhost
bash: groups: command not found
I have no name!@desktop:~$
The jail says 'I have no name!' , ha ha. Now we have a fully functional bash shell but inside the jail.
Now check the environment by moving around. The root / of the jailed environment is /opt/jail of the real file system. But its only we who knows that, not the jailed user.
I have no name!@desktop:~$ cd /
I have no name!@desktop:/$ ls
bin dev etc home lib lib64 run usr var
I have no name!@desktop:/$
Also only the commands that were copied via jk_cp sections will be available in this jail.
If the login fails, then check /var/log/auth.log for error messages.
Now try running some network command like wget or anything similar.
$ wget http://www.google.com/
If you get an error like this :
$ wget http://www.google.com/
--2012-06-23 12:56:43-- http://www.google.com/
Resolving www.google.com (www.google.com)... failed: Name or service not known.
wget: unable to resolve host address `www.google.com'
Fix it by running the following 2 commands :
$ sudo jk_cp -v -j /opt/jail /lib/x86_64-linux-gnu/libnss_files.so.2
$ sudo jk_cp -v -j /opt/jail /lib/x86_64-linux-gnu/libnss_dns.so.2
The exact location of the libnss_files.so and libnss_dns.so can vary so check.
### Running programs or services in the jail ###
Now the setup is complete. Jails are useful to run programs or services in a restricted/secure environments. To launch a program or daemon inside the jail use the **jk_chrootlaunch** command.
$ sudo jk_chrootlaunch -j /opt/jail -u robber -x /some/command/in/jail
The jk_chrootlaunch utility can be used to launch a particular process inside the jail environment with privileges of the specified user. If the daemon fails to start, check /var/log/syslog for error messages.
To run the program inside the jail, the program must first be fully copied inside the jail using the jk_cp command.
jk_cp - a utility to copy files including permissions and libraries into a jail
For further reading about various jailkit commands, check the documentation at [http://olivier.sessink.nl/jailkit/][1]
--------------------------------------------------------------------------------
via: http://www.binarytides.com/setup-jailed-shell-jailkit-ubuntu/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://olivier.sessink.nl/jailkit/
[2]:
[3]:
[4]:
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]:

62
sources/Vim is your new IDE.md Normal file
View File

@ -0,0 +1,62 @@
翻译中 by小眼儿
Vim is your new IDE
================================================================================
**Kill all the GUIs. Mouse is your enemy. Keyboard is your only friend.**
What happens when you combine Vim with the terminal multiplexer Tmux? You have the perfect coding environment. Here are some recommendations I've collected in the past years. Now I can happily fire up my working environment running Vim, some local servers and tests, in no time.
### Programming Tmux ###
- [Tmux Crash Course][1] is nice introduction on how to start using Tmux.
- [My tmux.conf dotfile][2] has a customized statusbar and an improved color scheme to optimize readability. And a must have: **remap the prefix** from `Ctrl+b` to `Ctrl+a`.
- [Bootstrap your IDE][3] is as easy as writing a simple bash script. This is an example on how you can write a `.sh` file to run own environment programmatically.
### Vim Plugins ###
- [Vundle][4], the plugin manager for Vim, allows you to keep track of all your plugins in your `.vimrc`. Install, update and delete all your script with a single keystroke. Uh, did I tell you that you can also **search** for plugins directly from VIM? This extension is a must have.
- [Syntastic][5] checks that your syntax is correct. It's an indispensable tool to avoid stupid errors while writing code. It really **speeds up** your coding.
- [Supertab][6] Supertab is a vim plugin which allows you to use `<Tab>` for all your insert completion needs. It searches for all the strings in the current context, and suggests to the user all the matching ones. Speed is not the only benefit from the plugin, it helps avoiding a lot of misspelled names when writing code. Check out the section **User contribution** in this list for an alternative to `Supertab`.
- [Ack][7] is a replacement for 99% of the uses of grep. It's nicely integrated with Vim so the user can search through his/her project files, and the results are shown in a split window. Check out the section **User contribution** in this list for an alternative to `Ack`.
- [CtrlP][8] is an extremely fast full path fuzzy file, buffer, mru, tag... finder for Vim. Written in `VimL`.
- [NERDTree][9] allows you to explore your filesystem and to open files and directories. It presents the filesystem to you in the form of a tree which you manipulate with the keyboard. It also allows you to perform simple filesystem operations.
- [Sparkup][10] lets you write HTML code faster. Write HTML in a **CSS-like syntax**, and let Sparkup handle the **expansion to full HTML** code. Check out the section **User contribution** in this list for an alternative to `Sparkup`.
### Extra tips ###
- [Vimux][11] allows you to interact with Tmux from Vim. Run tests, build scripts and tasks without leaving Vim.
- [Auto installing Vundle][12] adding some lines of `VimL` to `.vimrc` config file. Every time you run Vim from a new environment, it will install Vundle and all the related Bundles. This is extremely useful when you are copying your Vim config file to a fresh installation, or to a new server.
- [A success story][13] of a developer who said goodbye to his trusty **MacBook Pro** and started coding on an iPad + Linode, in da cloud.
### Users contribution ###
- [YouCompleteMe][14], suggested by the nice redditor hnasarat. It take some extra effort to install, but provides an incredibly powerful semantic completions for many language (C, Ruby, Python, PHP and more).
- [Ag][15], suggested by *gckjk* (Reddit knows it better!). It's `ack` on steroids. 3 to 5 times faster, it ignores file patterns from your `.gitignore` and `.hgignore` (even `.agignore` if you have special needs).
- [Emmet][16], suggested by *damnated*, another nice redditor. An alternative to `Sparkup`, but with a nice plus, it's super easy and fast to wrap strings with tags. Check out the video for an example.
- [Unite][17], suggested by basetta, is an alternative to some of the plugins I listed. You can do file searching (like `CtrlP`), content searching (using `ack` or `ag`), move around the yank history and switch between buffers. All integrated in a single plugin.
--------------------------------------------------------------------------------
via: http://devcharm.com/pages/18-vim-is-your-new-ide
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://robots.thoughtbot.com/a-tmux-crash-course
[2]:https://github.com/vrde/dotfiles/blob/master/.tmux.conf
[3]:https://gist.github.com/vrde/7398199
[4]:https://github.com/gmarik/vundle
[5]:https://github.com/scrooloose/syntastic
[6]:https://github.com/ervandew/supertab
[7]:https://github.com/mileszs/ack.vim
[8]:http://kien.github.io/ctrlp.vim/
[9]:https://github.com/scrooloose/nerdtree
[10]:https://github.com/rstacruz/sparkup
[11]:https://github.com/benmills/vimux
[12]:http://www.erikzaadi.com/2012/03/19/auto-installing-vundle-from-your-vimrc/
[13]:http://www.linuxjournal.com/content/swap-your-laptop-ipad-linode
[14]:https://github.com/Valloric/YouCompleteMe
[15]:https://github.com/ggreer/the_silver_searcher
[16]:http://mattn.github.io/emmet-vim/
[17]:https://github.com/Shougo/unite.vim

69
sources/10 Lesser Known Effective Linux Commands – Part IV.md → translated/10 Lesser Known Effective Linux Commands – Part IV.md
View File

@ -1,6 +1,7 @@
10 Lesser Known Effective Linux Commands Part IV
10个鲜为人知的Linux命令(4)
================================================================================
Continuing the **Lesser Known** series, this fourth article of the series will let you know some useful **funny** and **animated** commands. Here we go into the practical session, without much theory.
继续我们的"鲜为人知"系列,本系列的第四篇会让你了解一些**有趣** 又 **动态**的命令。这里我们进入实际的教程,没有很多理论。
![](http://www.tecmint.com/wp-content/uploads/2013/11/10-Lesser-Known-Effective-Commands-.png)
@ -8,17 +9,17 @@ Continuing the **Lesser Known** series, this fourth article of the series will l
- [10 Lesser Known Linux Commands Part 2][2]
- [10 Lesser Known Commands for Linux Part 3][3]
In the fourth article of this series which includes few other lesser known Linux commands, worth knowing. Might be youre already aware of these commands, no doubt youre an experienced Linux user and loves exploration.
本系列的第四篇包含了另外的鲜为人知的Linux命令这些值得去了解。也许你已经知道了这些命令毫无疑问你是一个有经验的Linux用户并且乐于探索。
### 32. strace Command ###
The **strace** is a debugging tool which is used primarily for troubleshooting purpose in Linux. It might not be installed by default in your system and you may need to **apt** or **yum** the required package.
**strace**是一个调试工具并被主要用于Linux的故障排除。它可能在你的系统内没有默认安装你可能需要**apt** 或者 **yum**安装所需要的包。
Trace a command execution using strace command:
使用strace命令追踪一个命令的执行。
root@tecmint [~]# strace pwd
#### Sample Output ####
#### 示例输出 ####
execve("/bin/pwd", ["pwd"], [/* 29 vars */]) = 0
brk(0) = 0x728000
@ -40,56 +41,56 @@ Trace a command execution using strace command:
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29b0de6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f29b0de5000
....
**strace**命令接收大量的参数和选项请参考man页来获取详细信息。
The **strace** command accepts a lot of arguments and have many options. Refer to man page for detailed information.
### 33. disown -a && exit 命令 ###
### 33. disown -a && exit Command ###
大多数系统管理员使用[screen 命令][4]来控制运行在终端后台的作业。让我们假设一下如果你有一个长期运行的作业并想要将它从终端中**分离**你可以用screen命令来这么做。但是如果你不知道如何使用screen那么disown可以用来救急。
Most of the system administrators use [screen command][4] to control jobs running in the terminal background. Lets say if you having a long running job and want to **detach** from the terminal, you use screen command to do it. But what if you dont know how to use screen, here comes disown command to rescue.
disown命令可以在后台持续运行作业即使你关闭了终端会话。disown命令的语法是:
The disown command is used to run the jobs continuously in the background even after you closing the terminal session. The syntax of the disown command is:
root@tecmint [~]# Command; disown -a && exit
To detach again the long running job in the terminal, use the **jobs** command to find the job number and then use disown **%n** where **n** is the job number. To verify actually the job is running use **ps** or [top command][5]. The **nohup** command is an alternative to the disown command.
为了在终端中再次分离长期运行的作业,使用**jobs**命令来找出作业号接着使用disown **%n**,这里的**%n**是作业号。为了验证作业确实在运行,使用**ps** 或者 [top 命令][5]。**nohup**命令也是一个disown命令的替代品。
### 34. getconf LONG_BIT Command ###
### 34. getconf LONG_BIT 命令 ###
The above command shows your machine architecture if it is **32** bit or **64** bit?
上面的命令能显示你的机器架构是**32** bit 或者 **64**?
root@tecmint [~]# getconf LONG_BIT
32
- [Download Linux Command Line Cheat Sheet][5]
- [下载Linux命令备忘单][5]
### 35. Display Date on the Terminal ###
### 35. 终端上显示日期 ###
The below command is a combination of several commands, better say it a script. For a person working at shell or terminal, without GUI seeing current system date is tedious job. You have to type **date** command to check todays date.
下面的命令是几个命令的集合确切地说是一个脚本。对于在shell或者终端下工作的人来说没有GUI界面看到当前系统日期是一个乏味的工作。你可以用**date**‘命令查看今天的日期。
Just execute the below command on you prompt and see the **date** and **time** on the above right corner of terminal.
只要在提示符后输入如下的命令你就会在终端的右上角看到**日期**和**时间**。
root@tecmint [~]# while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &
![Show Date in Terminal](http://www.tecmint.com/wp-content/uploads/2013/11/Date.jpg)
![在终端下显示日期](http://www.tecmint.com/wp-content/uploads/2013/11/Date.jpg)
### 36. convert Command ###
### 36. convert 命令 ###
While writing tutorial, I usually need to produce output, many a times in image format. The above command combination does this for me. Say I need the output of tree command (for **/etc/x11** directory) in image format. What I did at terminal was:
在写教程的时候我经常需要生成输出很多时候是图片格式。上面的命令集合并不适合我。假设我需要tree命令的图片格式的输出(对 **/etc/x11** 目录 )。
root@tecmint:/etc/X11# tree | convert label:@- /home/avi/tree.png
The output of the above command can be seen at the specified location (here, home directory of mine) with the file name specified as **tree.png**.
上面命令的输出可以在一个特定的位置(这里是我的家目录)下看到,文件名是**tree.png**。
### 37. watch -t -n1 “date +%T|figlet” ###
Remember our description of “**figlet**” command in our earlier article “[20 Funny Commands of Linux][7]”. This command was very cool, this time we will be pipelining **figlet** to show animated digital clock in the terminal.
记住“**figlet**”命令在我们早期的文章“[20 Funny Commands of Linux][7]”中的描述。这个命令非常酷,这次我们会通过管道输出到‘**figlet**‘而在终端上显示一个动画电子钟。
Just check-out yourself, remember you must have **figlet** installed on the system, do **apt** or **yum** to install the required package.
你自己检查一下,记住你必须已经在系统上安装了**figlet**,用**apt** 或者 **yum**安装所需要的包。
root@tecmint [~]# watch -t -n1 "date +%T|figlet"
#### Sample Output ####
#### 示例输出 ####
_ ___ ____ ___ _____ _ _ Fri Nov 29 10:29:34 GMT
/ |/ _ \ _|___ \ / _ \ _|___ /| || |
@ -97,9 +98,9 @@ Just check-out yourself, remember you must have **figlet** installed on the syst
| | |_| |_ / __/ \__, |_ ___) |__ _|
|_|\___/(_)_____| /_/(_)____/ |_|
### 38. host and dig Commands ###
### 38. host and dig 命令 ###
Although “**host**” and “**dig**” command is not that much lesser known, still not very frequently used. The host command is **DNS** lookup utility.
虽然“**host**” 和 “**dig**”命令不那么鲜为人知但是仍并不常被使用。host命令是**DNS**查询工具。
root@tecmint [~]# host www.google.com
@ -119,17 +120,17 @@ Although “**host**” and “**dig**” command is not that much lesser known,
;; Got answer:
;; ->>HEADER<
### 39. dstat Command ###
### 39. dstat 命令 ###
The **dstat** is a versatile tool, that generates statistics relating to system resource. By default your system might not have **dstat** installed. Do a **apt** or **yum** to install **dstat** before using this very colorful and description system resource generator.
**dstat**是一个多用的工具,它会依据系统资源生成统计。默认上你的系统可能没有安装‘**dstat**‘。在使用这个多彩的描述系统信息的生成器前使用**apt** 或者 **yum**来安装。
root@tecmint [~]# dstat
![dstat command](http://www.tecmint.com/wp-content/uploads/2013/11/dstat.jpeg)
![dstat 命令](http://www.tecmint.com/wp-content/uploads/2013/11/dstat.jpeg)
### 40. bind -p Command ###
### 40. bind -p 命令 ###
The **bind -p** command will show all the shortcuts available for **BASH** shell.
**bind -p**‘会显示所有的**BASH** shell可用的快捷方式。
root@tecmint [~]# bind -p
@ -160,19 +161,19 @@ The **bind -p** command will show all the shortcuts available for **BASH**
### 41. touch /forcefsck ###
The above command will create an empty folder '**forcefsck**', under root directory. This will force Linux System to check the file system on the very next boot.
下面的命令会在root目录下创建一个空的文件夹'**forcefsck**'。这会强制Linux系统在下次启动时检查文件系统。
root@tecmint [~]# touch /forcefsck
hats all for Now. You People are loving these **Lesser Known Commands** and hence we are continuing the series, the next article of this series will be available very soon.
今天这些就是全部。因为你们爱‘**鲜为人知的命令** ,因此我们将继续这个系列,本系列的下一篇文章将很快发布。
Till then stay tuned and connected to **Tecmint**. Dont forget to give your valuable feedback in our comment section. Do a favor to us, Like and share us and help us spread.
不要走开继续关注**Tecmint**。不要忘记在评论栏里留下你们有价值的反馈。帮我们一个忙,喜爱、分享我们的文章,并帮我们传播。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/10-lesser-known-effective-linux-commands-part-iv/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

28
translated/GCC 4.9 Is Now In Bug-Fixes-Only Stage 3 Mode.md Normal file
View File

@ -0,0 +1,28 @@
GCC 4.9现在处于修复BUG的第3阶段
================================================================================
[GCC 4.9][1]将拥有很多[新功能][2]将定于2014年上半年发布。早先的GCC代码基础将不会支持新的功能因为它是一个大修复的标记。
Richard Biener今早宣称分支已经发展到了阶段三因此在之后的八月将这些功能融入4.9版本除非发布经理授权的异常发生不然毫无变化。阶段三只允许一般BUG的修复工作将在2个月内完成而到达只允许文档和回归的阶段四。
目前GCC4.9有63 P1 回归最严重的回归其次是136 P2回归14 P3回归88 P4 回归 以及 60 P5回归。直到63回归的P1阶段被清零GCC4.9才会被关闭去发布。GCC 4.9.0 发布版将可能在2014第二季度左右到来
早先的GCC 4.9.0状态报告可以在[GCC mailing list][3]中被找到。GCC 4.9将会是一个美好的编译器更新,并会挑战下个月发布的[LLVM3.4][4]。
--------------------------------------------------------------------------------
via: http://www.phoronix.com/scan.php?page=news_item&px=MTUyMjk
译者:[Vic___](http://blog.csdn.net/Vic___) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.phoronix.com/scan.php?page=search&q=GCC+4.9
[2]:http://www.phoronix.com/scan.php?page=news_item&px=MTUxNzQ
[3]:http://gcc.gnu.org/ml/gcc/2013-11/msg00435.html
[4]:http://www.phoronix.com/scan.php?page=search&q=LLVM+3.4

34
sources/Install Oracle Java 7 in Elementary OS ‘Luna’ Via PPA.md → translated/Install Oracle Java 7 in Elementary OS ‘Luna’ Via PPA.md
View File

@ -1,15 +1,13 @@
(translating by whatever1992)
Install Oracle Java 7 in Elementary OS Luna Via PPA
使用PPA在Elementary OS 'Luna'上安装Oracle Java 7
================================================================================
**Question**: How can I install Oracle Java 7 in Elemetary OS Luna?
**问题**: 我该如何在 Elemetary OS Luna 上安装Oracle Java 7
**Answer**: To install Java 7 in Elementary OS Luna follow the steps below:
**回答**: 在 Elementary OS Luna 安装 Java 7 的步骤如下:
由于Elementary OS是基于Ubuntu所以我们允许使用具有多种Java包的**WEPUD8 PPA**。
Since Elementary OS is Ubuntu based we are at liberty to use **WEPUD8 PPA** which has various Java packages in it.
1. 打开终端。
1. Open Terminal.
2. Run the command below to add Java PPA to your repository:
2. 运行以下指令添加Java的PPA到你的软件仓:
$ sudo add-apt-repository ppa:webupd8team/java
@ -19,7 +17,7 @@ Since Elementary OS is Ubuntu based we are at liberty to use **WEPUD8 PPA** whic
More info: https://launchpad.net/~webupd8team/+archive/java
Press [ENTER] to continue or ctrl-c to cancel adding it
3. Press ENTER to continue
3. 按回车继续
gpg: keyring `/tmp/tmpB5WwDG/secring.gpg' created
gpg: keyring `/tmp/tmpB5WwDG/pubring.gpg' created
@ -30,11 +28,11 @@ Since Elementary OS is Ubuntu based we are at liberty to use **WEPUD8 PPA** whic
gpg: imported: 1 (RSA: 1)
OK
4. Now update your system
4. 现在更新你的系统
$ sudo apt-get update
5. Install Java 7 by running the command below:
5. 运行以下命令安装Java 7:
$ sudo apt-get install oracle-java7-installer
@ -60,21 +58,21 @@ Since Elementary OS is Ubuntu based we are at liberty to use **WEPUD8 PPA** whic
After this operation, 473 kB of additional disk space will be used.
Do you want to continue [Y/n]?
6. Type **Y** for Yes and Press enter to continue installation.
6. 输入代表Yes的**Y**以及回车键继续安装。
7. During the installation, you need to agree to the license to continue. Select **OK**.
7. 在安装过程中,你需要同意条款才能继续。选择**OK**。
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/JDK-ask1.png)
8. Then Select **Yes** to continue.
8. 然后选择**Yes**继续。
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/JDK-ask2.png)
9. Now relax for the packages to be downloaded and installed automatically:
9. 现在请等待安装包的下载与自动安装:
![](http://180016988.r.cdn77.net/wp-content/uploads/2013/11/JDK-Downloading.png)
7. Installation has been completed successfully. You can now check the version of Java from the Terminal:
10. 安装完成。你可以在终端上查看Java版本:
$ java -version
java version "1.7.0_45"
@ -85,6 +83,6 @@ Since Elementary OS is Ubuntu based we are at liberty to use **WEPUD8 PPA** whic
via: http://www.unixmen.com/install-oracle-java-7-elementary-os-luna-via-ppa/
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
译者:[whatever1992](https://github.com/whatever1992) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

266
translated/Setup a jailed shell with jailkit on ubuntu.md Normal file
View File

@ -0,0 +1,266 @@
在Ubuntu下用jailkit建立一个被监禁的Shell
================================================================================
### Jailkit和jailed Shell ###
监狱性的shell是一类限制性的shell提供给用户非常真实的Shell模样但是不允许它查看和修改真正的文件系统。Shell内的文件系统不同于底层的文件系统。这种功能是通过chroot和其他多种程序实现的。举例来说建立一个用户的linux shell可能仅仅为了玩耍。或者在一个限定的环境里运行一些程序的所有功能等。
在这个教程里我们将会探讨在Ubuntu下用jailkit建立一个监禁的shell。Jailkit是辅助程序允许快速的建立一个监禁的shell监禁的用户在受监禁的环境里配置程序并运行。
Jailkit can be downloaded from [http://olivier.sessink.nl/jailkit/][1]
我们已经谈论过关于在Ubuntu下安装jailkit如果有不懂多看看那篇文章。
### 配置jailed Shell ###
#### 配置jail环境 ####
我们需要建立一个目录来存放所有jail环境的配置。这不是重点我们可以创建个/opt/jail的目录。
$ sudo mkdir /opt/jail
这个目录应为Root所有。所以用chown。
$ sudo chown root:root /opt/jail
#### 2. 设置在jail中可用的程序 ####
任何程序想要在jail中执行则必须用jk_init命令拷贝到目录中。
例如:
$ sudo jk_init -v /jail basicshell
$ sudo jk_init -v /jail editors
$ sudo jk_init -v /jail extendedshell
$ sudo jk_init -v /jail netutils
$ sudo jk_init -v /jail ssh
$ sudo jk_init -v /jail sftp
$ sudo jk_init -v /jail jk_lsh
或一次性解决:
$ sudo jk_init -v /opt/jail netutils basicshell jk_lsh openvpn ssh sftp
像basicshell, editors, netutils是一些组名其中包含多个程序。复制到jail shell中的每个组都是可执行文件,库文件等的集合。比如**basicshell**就在jail提供有bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep等程序。
完整的程序列表设置,你可以在/etc/jailkit/jk_init.ini中查看。
jk_lsh (Jailkit limited shell) - is an important section, and must be added.
#### 3. 创建将被监禁的用户 ####
需要将用户放入jail里。可以先创建一个
$ sudo adduser robber
Adding user `robber' ...
Adding new group `robber' (1005) ...
Adding new user `robber' (1006) with group `robber' ...
Creating home directory `/home/robber' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for robber
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
注意:目前创建的是一个活动在文件系统中的普通用户并没有添加到jail中。
在下一步这个用户会被监禁在jail里。
这时候如果你查看/etc/passwd文件你会在文件最后看到跟下面差不多的一个条目。
robber:x:1006:1005:,,,:/home/robber:/bin/bash
这是我们新创建的用户,最后部分的/bin/bash指示了这个用户如果登入了那么它可以在系统上正常的Shell访问
#### 4. 监禁用户 ####
现在是时候将用户监禁在jail中
$ sudo jk_jailuser -m -j /opt/jail/ robber
执行上列命令后用户robber将会被监禁。
如果你现在再观察/etc/passwd文件会发现类似下面的最后条目。
robber:x:1006:1005:,,,:/opt/jail/./home/robber:/usr/sbin/jk_chrootsh
注意:最后两部分表明用户主目录和shell类型已经被改变了。现在用户的主目录在/opt/jail(jail环境)中。用户的Shell是一个名叫jk_chrootsh的特殊程序会提供jailed Shell。
jk_chrootsh这是个特殊的shell每当用户登入系统时它都会将用户放入jail中。
到目前为止jail配置已经几乎完成了。但是如果你试图用ssh连接那么注定会失败,像这样:
$ ssh robber@localhost
robber@localhost's password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-25-generic x86_64)
* Documentation: https://help.ubuntu.com/
13 packages can be updated.
0 updates are security updates.
*** /dev/sda7 will be checked for errors at next reboot ***
*** /dev/sda8 will be checked for errors at next reboot ***
Last login: Sat Jun 23 12:45:13 2012 from localhost
Connection to localhost closed.
$
连接会立马关闭这意味着用户已经活动在一个受限制的shell中。
#### 5. 给在jail中的用户Bash Shell ####
下个重要的事情是给用户一个正确的bash shell但是他却在jail中。
打开下面的文件
/opt/jail/etc/passwd
这是个jail中的password文件。类似如下
root:x:0:0:root:/root:/bin/bash
robber:x:1006:1005:,,,:/home/robber:/usr/sbin/jk_lsh
将/usr/sbin/jk_lsh改为/bin/bash
root:x:0:0:root:/root:/bin/bash
robber:x:1006:1005:,,,:/home/robber:/bin/bash
保存文件并退出。
#### 6. 登入jail ####
现在让我们再次登入jail
$ ssh robber@localhost
robber@localhost's password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-25-generic x86_64)
* Documentation: https://help.ubuntu.com/
13 packages can be updated.
0 updates are security updates.
*** /dev/sda7 will be checked for errors at next reboot ***
*** /dev/sda8 will be checked for errors at next reboot ***
Last login: Sat Jun 23 12:46:01 2012 from localhost
bash: groups: command not found
I have no name!@desktop:~$
jail说'I have no name!'哈哈。现在我们在jail中有个完整功能的bash shell。
现在通过操作检查环境。jail中的root /实际就是真实文件系统中的/opt/jail.但这只有我们自己知道jail用户并不知情。
I have no name!@desktop:~$ cd /
I have no name!@desktop:/$ ls
bin dev etc home lib lib64 run usr var
I have no name!@desktop:/$
也只有我们通过jk_cp拷贝到jail中的命令能使用。
如果登入失败,请检查一下/var/log/auth.log的错误信息。
现在尝试运行一些网络命令类似wget的命令。
$ wget http://www.google.com/
如果你获得类似的错误提示:
$ wget http://www.google.com/
--2012-06-23 12:56:43-- http://www.google.com/
Resolving www.google.com (www.google.com)... failed: Name or service not known.
wget: unable to resolve host address `www.google.com'
你可以通过运行下列两条命令来解决这个问题:
$ sudo jk_cp -v -j /opt/jail /lib/x86_64-linux-gnu/libnss_files.so.2
$ sudo jk_cp -v -j /opt/jail /lib/x86_64-linux-gnu/libnss_dns.so.2
这样才能正确的定位到libnss_files.so和libnss_dns.so
### 在jail中运行程序或服务  ###
此时此刻配置已经完成了。Jails可以在限制/安全的环境里运行程序或服务。用**jk_chrootlaunch**命令在jail中启动一个程序或守护进程。
$ sudo jk_chrootlaunch -j /opt/jail -u robber -x /some/command/in/jail
jk_chrootlaunch工具可以在jail环境中启动一个特殊的进程同时指定用户特权。如果守护进程启动失败请检查/var/log/syslog/错误信息。
在jail中运行程序之前该程序必须已经用jk_cp命令复制到jail中。
jk_cp - 将文件包括权限信息和库文件复制到jail的工具 
进一步阅读有关其他jailkit命令信息可以阅读文档[http://olivier.sessink.nl/jailkit/][1]
--------------------------------------------------------------------------------
via: http://www.binarytides.com/setup-jailed-shell-jailkit-ubuntu/
译者:[Luoxcat](https://github.com/Luoxcat) 校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://olivier.sessink.nl/jailkit/
[2]:
[3]:
[4]:
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]: