Merge branch 'master' of github.com:LCTT/TranslateProject

This commit is contained in:
qhwdw 2017-12-04 23:03:03 +08:00
commit f5a793f759
5 changed files with 317 additions and 461 deletions

View File

@ -0,0 +1,134 @@
Photon 也许能成为你最喜爱的容器操作系统
============================================================
![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS")
>Phonton OS 专注于容器,是一个非常出色的平台。 —— Jack Wallen
容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。
更重要的是,容器喜欢 Linux反之亦然。不需要太多时间和麻烦你就可以启动一台 Linux 服务器,运行[Docker][14],然后部署容器。但是,哪种 Linux 发行版最适合部署容器呢?我们的选择很多。你可以使用标准的 Ubuntu 服务器平台(更容易安装 Docker 并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。
[Photon][15] 就是这样的一个发行版。这个特殊的版本是由 [VMware][16] 于 2005 年创建的,它包含了 Docker 的守护进程,并可与容器框架(如 Mesos 和 Kubernetes 一起使用。Photon 经过优化可与 [VMware vSphere][17] 协同工作,而且可用于裸机、[Microsoft Azure][18]、 [Google Compute Engine][19]、 [Amazon Elastic Compute Cloud][20] 或者 [VirtualBox][21] 等。
Photon 通过只安装 Docker 守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有 300MB。但这足以让 Linux 的运行一切正常。除此之外Photon 的主要特点还有:
* 内核为性能而调整。
* 内核根据[内核自防护项目][6]KSPP进行了加固。
* 所有安装的软件包都根据加固的安全标识来构建。
* 操作系统在信任验证后启动。
* Photon 的管理进程可以管理防火墙、网络、软件包,和远程登录在 Photon 机器上的用户。
* 支持持久卷。
* [Project Lightwave][7] 整合。
* 及时的安全补丁与更新。
Photon 可以通过 [ISO 镜像][22]、[OVA][23]、[Amazon Machine Image][24]、[Google Compute Engine 镜像][25] 和 [Azure VHD][26] 安装使用。现在我将向您展示如何使用 ISO 镜像在 VirtualBox 上安装 Photon。整个安装过程大概需要五分钟在最后您将有一台随时可以部署容器的虚拟机。
### 创建虚拟机
在部署第一台容器之前,您必须先创建一台虚拟机并安装 Photon。为此打开 VirtualBox 并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为 Photon 提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在 VirtualBox 主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。
在“网络”窗口图1你需要在“连接”的下拉窗口中选择桥接。这可以确保您的 Photon 服务与您的网络相连。完成更改后,单击确定。
![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings")
*图 1 更改 Photon 在 VirtualBox 中的网络设置。[经许可使用][1]*
从左侧的导航选择您的 Photon 虚拟机,点击启动。系统会提示您去加载 ISO 镜像。当您完成之后Photon 安装程序将会启动并提示您按回车后开始安装。安装过程基于 ncurses没有 GUI但它非常简单。
接下来图2系统会询问您是要最小化安装完整安装还是安装 OSTree 服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。
![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon")
*图 2 选择您的安装类型。[经许可使用][2]*
在下一个窗口,选择您要安装 Photon 的磁盘。由于我们将其安装在虚拟机因此只有一块磁盘会被列出图3。选择“自动”按下回车。然后安装程序会让您输入并验证管理员密码。在这之后镜像开始安装在您的磁盘上并在不到 5 分钟的时间内结束。
![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type")
*图 3 选择安装 Photon 的硬盘。[经许可使用][3]*
安装完成后,重启虚拟机并使用安装时创建的用户 root 和它的密码登录。一切就绪,你准备好开始工作了。
在开始使用 Docker 之前,您需要更新一下 Photon。Photon 使用 `yum` 软件包管理器,因此在以 root 用户登录后输入命令 `yum update`。如果有任何可用更新则会询问您是否确认图4
![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating")
*图 4 更新 Photon。[经许可使用][4]*
### 用法
正如我所说的Photon 提供了部署容器甚至创建 Kubernetes 集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动 Docker 守护进程。为此,执行以下命令:
```
systemctl start docker
systemctl enable docker
```
现在我们需要创建一个标准用户,以便我们可以不用 root 去运行 `docker` 命令。为此,执行以下命令:
```
useradd -m USERNAME
passwd USERNAME
```
其中 “USERNAME” 是我们新增的用户的名称。
接下来,我们需要将这个新用户添加到 “docker” 组,执行命令:
```
usermod -a -G docker USERNAME
```
其中 “USERNAME” 是刚刚创建的用户的名称。
注销 root 用户并切换为新增的用户。现在,您已经可以不必使用 `sudo` 命令或者切换到 root 用户来使用 `docker` 命令了。从 Docker Hub 中取出一个镜像开始部署容器吧。
### 一个优秀的容器平台
在专注于容器方面Photon 毫无疑问是一个出色的平台。请注意Photon 是一个开源项目,因此没有任何付费支持。如果您对 Photon 有任何的问题,请移步 Photon 项目的 GitHub 下的 [Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对 Photon 感兴趣,您也可以在该项目的官方 [GitHub][28]中找到源码。
尝试一下 Photon 吧,看看它是否能够使得 Docker 容器和 Kubernetes 集群的部署更加容易。
欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][29]。
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os
作者:[JACK WALLEN][a]
译者:[KeyLD](https://github.com/KeyLd)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/jlwallen
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/licenses/category/used-permission
[3]:https://www.linux.com/licenses/category/used-permission
[4]:https://www.linux.com/licenses/category/used-permission
[5]:https://www.linux.com/licenses/category/creative-commons-zero
[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
[7]:http://vmware.github.io/lightwave/
[8]:https://www.linux.com/files/images/photon0jpg
[9]:https://www.linux.com/files/images/photon1jpg
[10]:https://www.linux.com/files/images/photon2jpg
[11]:https://www.linux.com/files/images/photon3jpg
[12]:https://www.linux.com/files/images/photon-linuxjpg
[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux
[14]:https://www.docker.com/
[15]:https://vmware.github.io/photon/
[16]:https://www.vmware.com/
[17]:https://www.vmware.com/products/vsphere.html
[18]:https://azure.microsoft.com/
[19]:https://cloud.google.com/compute/
[20]:https://aws.amazon.com/ec2/
[21]:https://www.virtualbox.org/
[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[27]:https://github.com/vmware/photon/issues
[28]:https://github.com/vmware/photon
[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

View File

@ -1,146 +0,0 @@
Photon Could Be Your New Favorite Container OS
============================================================
![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS")
Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay
Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and theyre easier to update and reuse.
Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution  one geared specifically for the purpose of deploying containers.
One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21].
Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are:
* Kernel tuned for performance.
* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP).
* All installed packages are built with hardened security flags.
* Operating system boots with validated trust.
* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines.
* Support for persistent volumes.
* [Project Lightwave][7] integration.
* Timely security patches and updates.
Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. Ill show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, youll have a virtual machine, ready to deploy containers.
### Creating the virtual machine
Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once youve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation).
In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once youve made that change, click OK.
### [photon_0.jpg][8]
![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings")
Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1]
Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once youve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but its incredibly simple.
In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter.
### [photon_1.jpg][9]
![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type")
Figure 2: Selecting your installation type.[Used with permission][2]
In the next window, select the disk that will house Photon. Since were installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once youve done that, the installation will begin and finish in less than five minutes.
### [photon_2.jpg][10]
![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon")
Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3]
Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working.
Before you begin using Docker on Photon, youll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, youll be asked to okay the process (Figure 4).
### [photon_3.jpg][11]
![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating")
Figure 4: Updating Photon.[Used with permission][4]
Usage
As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things youll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands:
```
systemctl start docker
systemctl enable docker
```
Now we need to create a standard user, so were not running the docker command as root. To do this, issue the following commands:
```
useradd -m USERNAME
passwd USERNAME
```
Where USERNAME is the name of the user to add.
Next we need to add the new user to the  _docker_ group with the command:
```
usermod -a -G docker USERNAME
```
Where USERNAME is the name of the user just created.
Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers.
### An outstanding container platform
Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Projects Github page][27], where you can read and post about issues. And if youre interested in forking Photon, youll find the source code on the projects [official Github page][28].
Give Photon a try and see if it doesnt make deploying Docker containers and/or Kubernetes clusters significantly easier.
_Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._
--------------------------------------------------------------------------------
via: 网址
作者:[ JACK WALLEN][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/jlwallen
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/licenses/category/used-permission
[3]:https://www.linux.com/licenses/category/used-permission
[4]:https://www.linux.com/licenses/category/used-permission
[5]:https://www.linux.com/licenses/category/creative-commons-zero
[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
[7]:http://vmware.github.io/lightwave/
[8]:https://www.linux.com/files/images/photon0jpg
[9]:https://www.linux.com/files/images/photon1jpg
[10]:https://www.linux.com/files/images/photon2jpg
[11]:https://www.linux.com/files/images/photon3jpg
[12]:https://www.linux.com/files/images/photon-linuxjpg
[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux
[14]:https://www.docker.com/
[15]:https://vmware.github.io/photon/
[16]:https://www.vmware.com/
[17]:https://www.vmware.com/products/vsphere.html
[18]:https://azure.microsoft.com/
[19]:https://cloud.google.com/compute/
[20]:https://aws.amazon.com/ec2/
[21]:https://www.virtualbox.org/
[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[27]:https://github.com/vmware/photon/issues
[28]:https://github.com/vmware/photon
[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

View File

@ -1,168 +0,0 @@
translating---imquanquan
How to Manage Users with Groups in Linux
============================================================
### [group-of-people-1645356_1920.jpg][1]
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV)
Learn how to work with users, via groups and access control lists in this tutorial.
[Creative Commons Zero][4]
Pixabay
When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs).
Well start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We wont touch on the basics of users, as the focus on this article is about groups.
For the purpose of this piece, Im going to assume the following:
You need to create two users with usernames:
* olivia
* nathan
You need to create two groups:
* readers
* editors
Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs.
Ill be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesnt make use of sudo. If this is the case, youll have to first su to the root user to issue the commands that require sudo in the demonstrations.
### Creating the users
The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords.
The first thing we do is create the users. To do this, issue the commands:
```
sudo useradd -m olivia
sudo useradd -m nathan
```
Next each user must have a password. To add passwords into the mix, youd issue the following commands:
```
sudo passwd olivia
sudo passwd nathan
```
Thats it, your users are created.
### Creating groups and adding users
Now were going to create the groups readers and editors and then add users to them. The commands to create our groups are:
```
addgroup readers
addgroup editors
```
### [groups_1.jpg][2]
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB)
Figure 1: Our new groups ready to be used.
[Used with permission][5]
With our groups created, we need to add our users. Well add user nathan to group readers with the command:
```
sudo usermod -a -G readers nathan
```
```
sudo usermod -a -G editors olivia
```
### Giving groups permissions to directories
Lets say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command:
```
sudo chown -R :readers /READERS
```
```
sudo chmod -R g-w /READERS
```
```
sudo chmod -R o-x /READERS
```
Lets say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary:
```
sudo chown -R :editors /EDITORS
sudo chmod -R g+w /EDITORS
sudo chmod -R o-x /EDITORS
```
The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy.
### Using access control lists
Now, lets get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders.
The structure of this command looks like this:
```
setfacl OPTION X:NAME:Y /DIRECTORY
```
```
sudo setfacl -m g:readers:rx -R /DATA
```
To give members of the editors group read/write permissions (while retaining read permissions for the readers group), wed issue the command;
```
sudo setfacl -m g:editors:rwx -R /DATA
```
### All the control you need
And there you have it. You can now add members to groups and control those groups access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands:
* man usradd
* man addgroup
* man usermod
* man sefacl
* man chown
* man chmod
Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX.
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux
作者:[Jack Wallen ]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.linux.com/files/images/group-people-16453561920jpg
[2]:https://www.linux.com/files/images/groups1jpg
[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
[4]:https://www.linux.com/licenses/category/creative-commons-zero
[5]:https://www.linux.com/licenses/category/used-permission

View File

@ -1,147 +0,0 @@
Photon也许能成为你最喜爱的容器操作系统
============================================================
![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS")
Phonton OS专注于容器是一个非常出色的平台。 —— Jack Wallen
容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。
更重要的是容器喜欢Linux反之亦然。不需要太多时间和麻烦你就可以启动一台Linux服务器运行[Docker][14]再是部署容器。但是哪种Linux发行版最适合部署容器呢我们的选择很多。你可以使用标准的Ubuntu服务器平台更容易安装Docker并部署容器或者是更轻量级的发行版 —— 专门用于部署容器。
[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的它包含了Docker的守护进程并与容器框架如Mesos和Kubernetes一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。
Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外Photon的主要特点还有
* 内核调整为性能模式。
* 内核根据[内核自防护项目][6](KSPP)进行了加固。
* 所有安装的软件包都根据加固的安全标识来构建。
* 操作系统在信任验证后启动。
* Photon管理进程管理防火墙网络软件包和远程登录在Photon机子上的用户。
* 支持持久卷。
* [Project Lightwave][7] 整合。
* 及时的安全补丁与更新。
Photon可以通过[ISO][22][OVA][23][Amazon Machine Image][24][Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟在最后您将有一台随时可以部署容器的虚拟机。
### 创建虚拟机
在部署第一台容器之前您必须先创建一台虚拟机并安装Photon。为此打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置根据您的容器将需要的用途为Photon提供必要的资源。在创建好虚拟机后您所需要做的第一件事就是更改配置。选择新建的虚拟机在VirtualBox主窗口的左侧面板中然后单击“设置”。在弹出的窗口中点击“网络”在左侧的导航中
在“网络”窗口图1你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后单击确定。
### [photon_0.jpg][8]
![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings")
图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1]
从左侧的导航选择您的Photon虚拟机点击启动。系统会提示您去加载IOS镜像。当您完成之后Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses没有GUI但它非常简单。
接下来图2系统会询问您是要最小化安装完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项然后按回车继续。
### [photon_1.jpg][9]
![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon")
图 2: 选择您的安装类型.[经许可使用][2]
在下一个窗口选择您要安装Photon的磁盘。由于我们将其安装在虚拟机因此只有一块磁盘会被列出图3。选择“自动”按下回车。然后安装程序会让您输入并验证管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。
### [photon_2.jpg][]
![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type")
图 3: 选择安装Photon的硬盘.[经许可使用][3]
安装完成后重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪你准备好开始工作了。
在开始使用Docker之前您需要更新一下Photon。Photon使用 _yum_ 软件包管理器因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新则会询问您是否确认图4
### [photon_3.jpg][11]
![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating")
图 4: 更新 Photon.[经许可使用][4]
用法
正如我所说的Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是在使用之前还要做一些事情。首先要启动Docker守护进程。为此执行以下命令
```
systemctl start docker
systemctl enable docker
```
现在我们需要创建一个标准用户因此我们没有以root去运行docker命令。为此执行以下命令
```
useradd -m USERNAME
passwd USERNAME
```
其中USERNAME是我们新增的用户的名称。
接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令:
```
usermod -a -G docker USERNAME
```
其中USERNAME是刚刚创建的用户的名称。
注销root用户并切换为新增的用户。现在您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。
### 一个优秀的容器平台
在专注于容器方面Photon毫无疑问是一个出色的平台。请注意Photon是一个开源项目因此没有任何付费支持。如果您对Photon有任何的问题请移步Photon项目的Github下的[Issues][27]那里可以供您阅读相关问题或者提交您的问题。如果您对Photon感兴趣您也可以在项目的官方[Github][28]中找到源码。
尝试一下Photon吧看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。
欲了解Linux的更多信息可以通过学习Linux基金会和edX的免费课程[“Linux 入门”][29]。
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new-favorite-container-os
作者:[JACK WALLEN][a]
译者:[KeyLD](https://github.com/KeyLd)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/jlwallen
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/licenses/category/used-permission
[3]:https://www.linux.com/licenses/category/used-permission
[4]:https://www.linux.com/licenses/category/used-permission
[5]:https://www.linux.com/licenses/category/creative-commons-zero
[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
[7]:http://vmware.github.io/lightwave/
[8]:https://www.linux.com/files/images/photon0jpg
[9]:https://www.linux.com/files/images/photon1jpg
[10]:https://www.linux.com/files/images/photon2jpg
[11]:https://www.linux.com/files/images/photon3jpg
[12]:https://www.linux.com/files/images/photon-linuxjpg
[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux
[14]:https://www.docker.com/
[15]:https://vmware.github.io/photon/
[16]:https://www.vmware.com/
[17]:https://www.vmware.com/products/vsphere.html
[18]:https://azure.microsoft.com/
[19]:https://cloud.google.com/compute/
[20]:https://aws.amazon.com/ec2/
[21]:https://www.virtualbox.org/
[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS
[27]:https://github.com/vmware/photon/issues
[28]:https://github.com/vmware/photon
[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux

View File

@ -0,0 +1,183 @@
如何在 Linux 系统中用用户组来管理用户
============================================================
### [group-of-people-1645356_1920.jpg][1]
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV)
在本教程中了解如何通过用户组和访问控制表ACL来管理用户。
[创意共享协议][4]
当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表ACL来管理用户。
我们将从简单的用户开始逐渐深入到复杂的访问控制表ACL。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。
为了达到演示的目的,我将假设:
你需要用下面两个用户名新建两个用户:
* olivia
* nathan
你需要新建以下两个用户组:
* readers
* editors
olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。
我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。
### 创建用户
我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。
```
sudo useradd -m olivia
sudo useradd -m nathan
```
我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。
之后,我们可以用以下命令给他们设置密码:
```
sudo passwd olivia
sudo passwd nathan
```
就这样,我们创建了两个用户。
### 创建用户组并添加用户
现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是:
```
addgroup readers
addgroup editors
```
(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果)
### [groups_1.jpg][2]
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB)
图一:我们可以使用刚创建的新用户组了。
[Used with permission][5]
创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组:
```
sudo usermod -a -G readers nathan
```
用以下命令将 olivia 添加到 editors 用户组:
```
sudo usermod -a -G editors olivia
```
现在我们已经准备好用用户组来管理用户了。
### 给用户组授予目录的权限
假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组:
```
sudo chown -R :readers /READERS
```
接下来,执行以下命令收回目录所属用户组的写入权限:
```
sudo chmod -R g-w /READERS
```
然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件):
```
sudo chmod -R o-x /READERS
```
这时候只有目录的所有者root和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。
假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的:
```
sudo chown -R :editors /EDITORS
sudo chmod -R g+w /EDITORS
sudo chmod -R o-x /EDITORS
```
此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。
使用这个方法的问题在于你一次只能操作一个组和一个目录而已。这时候访问控制表ACL就可以派得上用场了。
### 使用访问控制表ACL
现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表ACL
这个命令的结构如下:
```
setfacl OPTION X:NAME:Y /DIRECTORY
```
其中 OPTION 是可选选项X 可以是 u用户或者是 g 用户组NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改modify。因此我们给 readers 用户组添加读取权限的命令是:
```
sudo setfacl -m g:readers:rx -R /DATA
```
现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。
为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令:
```
sudo setfacl -m g:editors:rwx -R /DATA
```
上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。
### 更多的权限控制
使用访问控制表ACL你可以实现你所需的权限控制。你可以实现将用户添加到用户组并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息可以执行下列的命令
* man usradd
* man addgroup
* man usermod
* man sefacl
* man chown
* man chmod
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux
作者:[Jack Wallen ]
译者:[imquanquan](https://github.com/imquanquan)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.linux.com/files/images/group-people-16453561920jpg
[2]:https://www.linux.com/files/images/groups1jpg
[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
[4]:https://www.linux.com/licenses/category/creative-commons-zero
[5]:https://www.linux.com/licenses/category/used-permission