RH413 Unit 3 Create File Systems

There are two major reasons for allocating fire systems separately: containment and mounting with more restrictive mount options.Containment reduces the impact a file systems has on the rest of the system if it fills up. For example, if a program has an error and creates several large temporary file in /tmp , it should not prevent system logging or keep users from saving files in their home directories.

Encryption at installation:

kickstart configuration:

part /home --fstype=ext4 --size=10000 --onpart=vda2 --encrypted --passphrase=PASSPHRARE

Encryption Post-installation:

  • Create a LVM:

pvcreate /dev/sdb1
vgcreate storage /dev/sdb1
Volume group "storage" successfully created
lvcreate -l 100%FREE -n luks-test storage
Tips:
we don’t need to create a file system.

  • Encrypt the block device and assign it a password:

cryptsetup luksFormat /dev/storage/luks-test
WARNING!
This will overwrite data on /dev/storage/luks-test irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

  • Unlock the encrypted volume and assign it a logical name:

    cryptsetup luksOpen /dev/storage/luks-test luks
    Enter passphrase for /dev/storage/luks-test:
    luks is the logical name.

  • Create a filesystem in the decrypted volume:

    mkfs.ext4 /dev/mapper/luks
    mke2fs 1.42.9 (28-Dec-2013)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    65152 inodes, 260608 blocks
    13030 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=268435456
    8 block groups
    32768 blocks per group, 32768 fragments per group
    8144 inodes per group
    Superblock backups stored on blocks:
    32768, 98304, 163840, 229376

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

  • Mount it:

    mkdir /mnt/luks
    mount /dev/mapper/luks /mnt/luks/

  • When finished, unmount the filesystem then lock the encrypted volume.

    cryptsetup luksClose luks

Persistently Mount Encrypted Partitions
  • Locate or generate a key file.This is a typically created with random data on the server and kept on a separate storage device.Make sure it is own by root and the mode is 600

dd if=/dev/urandom of=/root/luks.passwd bs=4096 count=1
chmod 600 /root/luks.passwd

  • Add the key file for LUKS using the following command:

    cryptsetup luksAddKey /dev/storage/luks-test /root/luks.passwd
    Enter any existing passphrase:

  • Create an /etc/crypttab entry for the volume./etc/crypttab contains a list of devices to be

unlocked during system root.
name /dev/vdaN /path/to/password/file
such as:
luks /dev/storage/luks-test /root/luks.passwd

1.name: Name device mapper will use for the device
2.the underlying “Locked” device
3.the absolute pathname to the password file used to unlock the device

  • Edit /etc/fstab
    /dev/mapper/name /mnt/xx ext4 defaults 1 2
    such as:
    /dev/mapper/luks /mnt/luks ext4 defaults 1 2

references:

cryptsetup(8) crypttab(5)

原文地址:http://blog.51cto.com/scantydd/2096416

时间: 2024-10-09 11:54:18

RH413 Unit 3 Create File Systems的相关文章

Mounting File Systems

1.Mounting File Systems Just creating a partition and putting a file system on it is not enough to start using it. To use a partition, you have to mount it as well. By mounting a partition (or better, the file system on it), you make its contents acc

Introducing Microsoft Sync Framework: Sync Services for File Systems

https://msdn.microsoft.com/en-us/sync/bb887623 Introduction to Microsoft Sync Framework File Synchronization Provider Introduction Microsoft Sync Framework is a comprehensive综合 synchronization同步 platform that enables collaboration合作 and offline scena

Log-structured File Systems

换到博客园排版有问题,原版在这里:http://xubenbenhit.github.io/LogStructureFileSystem.html Log-structured File Systems 2014-12-26 #system 先来扯淡,这篇博客讲的是LFS,之前写的硬盘与磁盘冗余阵列其实是第一篇,而这个应该算是第三篇,这中间差了一篇介绍文件系统的博客,原本打算今天回去之后一起写了,但是考虑到自己回家之后的效率不敢保证.故而先在实验室写完这个文章,而文件系统的资料全部在家. 1.

RMAN备份时报“ORA-19504: failed to create file”和“ORA-27038: created file already exists”

RMAN> run { 2> allocate channel ch00 type disk; 3> backup format '/dbbackup/db_%T' database; 4> release channel ch00; 5> } 报出以下错误: released channel: ch00 RMAN-00571: =========================================================== RMAN-00569: ==

create file遇到操作系统错误5拒绝访问

create file遇到操作系统错误5拒绝访问当用C#程序执行SQL创建一个数据库时出现错误:CREATE FILE 遇到操作系统错误 5(拒绝访问. 原因及解决方法如下:这是因为SQL Server的启动帐户(一般是system或某个操作系统管理员),对C盘没有创建文件的权限.运行services.msc,在服务管理器里找到SQL Server服务,然后看“登录”选项卡,选中本地用户并重启服务. 或者启动Sql server configuration Manager里面修改SQL Serv

CREATE FILE encountered operating system error 5(Access is denied.)

这篇博文主要演示"CREATE FILE encountered operating system error 5(Access is denied.)"错误如出现的原因(当然只是导致这个错误出现的一种场景而已)和如何解决这个问题以及一些不解的迷惑. 实验环境: 操作系统版本: Windows Server 2012 SP2 数据库的版本:Microsoft SQL Server 2014 - 12.0.2000.8 如下所示,SQL Server Database Services

织梦系统中出现DedeTag Engine Create File False提示原因及解决方法

今天更新网站时dedecms系统时,遇到一个问题:DedeTag Engine Create File False  出现这样的提示. 其实这也不算是什么错误,我个人觉得最重要的一点就是根目录下没有给写权限.当然,我用的是Linux系统.我直接给了777权限之后就可以了. 之后在网上看到了一些答案,也贴在这里.希望对有需要的朋友有所帮助. 第一种情况:站点.文件夹权限不足造成无法建立文件 这种情况的出现,一方面可能是Apache设置的读写权限较严格,另一方面原因可能是使用者通过服务器或FTP对一

df 命令no file systems processed

故障现象: 执行df -h以及df -i检查磁盘信息是,无法返回结果,报df : no file systems processed错误 原因分析: 在执行 df 命令时,会读取 /etc/mtab 文件中的挂载信息,才能获取到当前系统中的分区的挂载情况.而 /etc/mtab 文件是在 mount 挂载分区.umount 卸载分区等操作时动态更新的,同时它也与 /proc/mount 中的挂载信息相同.当 /etc/mtab 中的内容存在异常导致与 /proc/mount 不同步时,就会导致执

解决vsftp "上传 553 Could not create file"

这个问题只要: 1. setsebool -P ftpd_disable_trans 1 2. service vsftpd restart 太纠结了,呵呵 解决vsftp "上传 553 Could not create file"