文档总结16-linux中磁盘管理，LVM与SELINUX

一、 磁盘管理

1.磁盘分区概念

要掌握磁盘的分区，需要掌握MBR、扩展分区、逻辑分区的概念。一个是放置该硬盘的信息区，称之为主引导记录(MBR，Main Boot Record)，一个是实际文件数据放置的地方.其中，MBR是整个硬盘最重要的区域，一旦MBR物理实体损坏时，则该硬盘就差不多报废了，一般来说，MBR有512个字节，且可以分为两个部分。
第一部分有446个字节，用于存放引导代码，即bootloader。第二部分有64个字节，用于存放磁盘分区表.其中，每个分区的信息需要用16个字节来记录。因此，一个硬盘最多可以有4个分区，这4个分区称之为主分区和扩展分区(extended)。
重点说明的是，扩展分区只能有一个且不能直接使用，还需要将其划分为逻辑分区才行，由于MBR仅能保存4个分区的数据信息，如果超过4个，系统允许在额外的硬盘空间存放另一份磁盘分区信息，这就是扩展分区.若将硬盘分成3P+E，则E实际上是告诉系统，磁盘分区表在另外的那份分区表，即扩展分区其实是指向正确的额外分区表.本身扩展分区不能直接使用，还需要额外将扩展分区分成逻辑分区才能使用，因此，用户通过扩展分区就可以使用5个以上的分区了。
(1)实际上，不建议用户将硬盘分为4个主分区，这是因为，假如一个20GB的硬盘，若4个主分区占据了15GB的空间，则剩下的5GB空间完全不能使用，因为已经没有多余的分区表可以记录这些空间了。
(2)考虑到磁盘的连续性，一般建议将扩展分区放在最后面的柱面内。
(3)理论上允许一个硬盘只有1个主分区，其它空间都分配给扩展分区。

2.新建分区

1).查看所有分区信息

[root@desktop ~]# fdisk -lDisk /dev/vda: 10.7 GB, 10737418240 bytes, 20971520 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk label type: dosDisk identifier: 0x00013f3e   Device Boot      Start         End      Blocks   Id  System/dev/vda1   *        2048    20970332    10484142+  83  LinuxDisk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk label type: dosDisk identifier: 0x09ee18d7   Device Boot      Start         End      Blocks   Id  System/dev/vdb1            2048     1026047      512000   8e  Linux LVMDisk /dev/mapper/vg0-vo: 520 MB, 520093696 bytes, 1015808 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytes

2).分区划分

[root@desktop ~]# fdisk /dev/vdbWelcome to fdisk (util-linux 2.23.2).Changes will remain in memory only, until you decide to write them.Be careful before using the write command.Command (m for help): nPartition type:   p   primary (0 primary, 0 extended, 4 free)   e   extendedSelect (default p): Using default response pPartition number (1-4, default 1): First sector (2048-20971519, default 2048): Using default value 2048Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +2GPartition 1 of type Linux and of size 2 GiB is setCommand (m for help): wqThe partition table has been altered!......Syncing disks.

3).同步分区表

[root@desktop ~]# partprobe Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.

4).格式化

分区需要格式化后才可使用，ext格式可将磁盘划分为索引区inode和存储区block

 [root@desktop ~]# mkfs.ext2 /dev/vdb2mke2fs 1.42.9 (28-Dec-2013)Filesystem label=OS type: LinuxBlock size=4096 (log=2)......Writing superblocks and filesystem accounting information: done [root@desktop ~]# blkid/dev/vda1: UUID="9bf6b9f7-92ad-441b-848e-0257cbb883d1" TYPE="xfs" /dev/vdb1: UUID="SIaPf4-OdHu-OzAW-NlQG-vZ3D-X8ZO-1FK3Ih" TYPE="LVM2_member" /dev/vdb2: UUID="a54dc61e-b296-4abf-afb4-70698dca3580" TYPE="ext2" 

5).command命令

command 命令 注释 Command m 帮助 a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition ##删除分区 g create a new empty GPT partition table G create an IRIX (SGI) partition table l list known partition types ##列出系统可用的分区类型 m print this menu n add a new partition ##新建分区 o create a new empty DOS partition table p print the partition table ##显示分区 q quit without saving changes ##推出 s create a new empty Sun disklabel t change a partition’s system id ##修改分区功能id u change display/entry units v verify the partition table w write table to disk and exit ##保存更改到分区表中 x extra functionality (experts only)

3.swap分区

swap分区可保存内存中不常用的程序，等到那些程序要运行时，再从Swap分区中恢复保存的数据到内存中。

1).建立swap分区

[root@desktop ~]# fdisk /dev/vdbCommand (m for help): nPartition type:   p   primary (2 primary, 0 extended, 2 free)   e   extendedSelect (default p): Using default response pPartition number (3,4, default 3): ......Command (m for help): tPartition number (1-3, default 3): 3Hex code (type L to list all codes): 82Changed type of partition 'Linux' to 'Linux swap / Solaris'Command (m for help): wqThe partition table has been altered!......[root@desktop ~]# partprobe Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.[root@desktop ~]# mkswap /dev/vdb3          ##格式化Setting up swapspace version 1, size = 4194300 KiBno label, UUID=32b2a90d-303a-4ce4-8611-f16506c8ebe0[root@desktop ~]# blkid/dev/vda1: UUID="9bf6b9f7-92ad-441b-848e-0257cbb883d1" TYPE="xfs" ....../dev/vdb3: UUID="32b2a90d-303a-4ce4-8611-f16506c8ebe0" TYPE="swap" 

2).激活

<临时激活>

[root@desktop ~]# swapon -a /dev/vdb3 [root@desktop ~]# swapon -sFilename                Type        Size    Used    Priority/dev/vdb3                               partition   4194300 0   -1

<永久激活>

[root@desktop ~]# vim /etc/fstab UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 /     xfs     defaults        1 1/dev/vdb3                               swap    swap    defaults        0 0[root@desktop ~]# init 6[root@desktop ~]# swapon -sFilename                Type        Size    Used    Priority/dev/vdb3                               partition   4194300 0   -1

4.磁盘加密

1).为磁盘加密

[root@desktop ~]# cryptsetup luksFormat /dev/vdb2WARNING!========This will overwrite data on /dev/vdb2 irrevocably.Are you sure? (Type uppercase yes): YESEnter passphrase: Verify passphrase: [root@desktop ~]# cryptsetup open /dev/vdb2 westosEnter passphrase for /dev/vdb2: [root@desktop ~]# ll /dev/mapper/westos lrwxrwxrwx 1 root root 7 Nov  9 07:23 /dev/mapper/westos -> ../dm-1[root@desktop ~]# mkfs.xfs /dev/mapper/westos meta-data=/dev/mapper/westos     isize=256    agcount=4, agsize=130944 blks......[root@desktop ~]# mount /dev/mapper/westos /mnt/[root@desktop ~]# dfFilesystem         1K-blocks    Used Available Use% Mounted on/dev/vda1           10473900 3154160   7319740  31% //dev/mapper/westos   2084864   32928   2051936   2% /mnt[root@desktop ~]# cd /mnt/[root@desktop mnt]# touch file{1..10}[root@desktop mnt]# lsfile1  file10  file2  file3  file4  file5  file6  file7  file8  file9[root@desktop mnt]# cd ..[root@desktop /]# umount /dev/mapper/westos [root@desktop /]# dfFilesystem         1K-blocks    Used Available Use% Mounted on/dev/vda1           10473900 3154040   7319860  31% /[root@desktop /]# cryptsetup close westos

2).开机自动登陆挂载

[root@desktop ~]# vim /etc/fstab UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 /      xfs     defaults        1 1/dev/vdb3                                swap    swap    defaults        0 0/dev/mapper/westos                       /mnt    xfs     defaults        0 0 [root@desktop ~]# vim /etc/crypttab westos  /dev/vdb2       /root/lukspsfile[root@desktop ~]# vim /root/lukspsfilewestos123[root@desktop ~]# chmod 600 /root/lukspsfile [root@desktop ~]# cryptsetup luksAddKey /dev/vdb2 /root/lukspsfileEnter any passphrase:[root@desktop ~]# init 6[root@desktop ~]# dfFilesystem         1K-blocks    Used Available Use% Mounted on/dev/vda1           10473900 3150456   7323444  31% /devtmpfs              927072       0    927072   0% /devtmpfs                 942660      80    942580   1% /dev/shmtmpfs                 942660   17036    925624   2% /runtmpfs                 942660       0    942660   0% /sys/fs/cgroup/dev/mapper/westos   2084864   32928   2051936   2% /mnt

3).加密清除

[root@desktop ~]# vim /etc/fstab [root@desktop ~]# >/etc/crypttab [root@desktop ~]# rm -fr /root/lukspsfile [root@desktop ~]# umount /mnt/[root@desktop ~]# cryptsetup close westos[root@desktop ~]# mkfs.ext4 /dev/vdb2mke2fs 1.42.9 (28-Dec-2013)......Writing superblocks and filesystem accounting information: done 

二、LVM

Logical Volume Manager（逻辑卷管理）的简写，它是Linux环境下对磁盘分区进行管理的一种机制，可在物理分区之上建立逻辑卷，实现用户在无需停机的情况下可以方便地调整各个分区大小。

1.新建逻辑卷

1).更改分区标签为LVM

[root@server ~]# fdisk /dev/vdbWelcome to fdisk (util-linux 2.23.2).Changes will remain in memory only, until you decide to write them.Be careful before using the write command.Command (m for help): tPartition number (1-3, default 3): Hex code (type L to list all codes): 8eChanged type of partition 'Linux' to 'Linux LVM'......Command (m for help): pDisk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk label type: dosDisk identifier: 0x09ee18d7   Device Boot      Start         End      Blocks   Id  System/dev/vdb1            2048     4196351     2097152   8e  Linux LVM/dev/vdb2         4196352     8390655     2097152   8e  Linux LVM/dev/vdb3         8390656    12584959     2097152   8e  Linux LVM

2).生成物理卷与物理卷组

[root@server ~]# pvcreate /dev/vdb{2,3}  Physical volume "/dev/vdb2" successfully created  Physical volume "/dev/vdb3" successfully created[root@server ~]# pvs  PV         VG   Fmt  Attr PSize PFree  /dev/vdb2       lvm2 a--  2.00g 2.00g  /dev/vdb3       lvm2 a--  2.00g 2.00g[root@server ~]# vgcreate vg0 /dev/vdb{2,3}  Volume group "vg0" successfully created[root@server ~]# vgs  VG   #PV #LV #SN Attr   VSize VFree  vg0    2   0   0 wz--n- 3.99g 3.99g

3).生成逻辑卷

[root@server ~]# lvcreate -L 1G -n lv0 vg0  Logical volume "lv0" created[root@server ~]# lvs  LV   VG   Attr       LSize Pool Origin Data%  Move Log Cpy%Sync Convert  lv0  vg0  -wi-a----- 1.00g 

4).格式化与挂载

[root@server ~]# mkfs.xfs /dev/vg0/lv0 meta-data=/dev/vg0/lv0           isize=256    agcount=4, agsize=65536 blks......[root@server ~]# ll /dev/vg0/lv0 lrwxrwxrwx. 1 root root 7 Nov  9 08:52 /dev/vg0/lv0 -> ../dm-0[root@server ~]# mkdir /lv[root@server ~]# mount /dev/vg0/lv0 /lv/[root@server ~]# dfFilesystem          1K-blocks    Used Available Use% Mounted on/dev/vda1            10473900 3129392   7344508  30% //dev/mapper/vg0-lv0   1038336   32928   1005408   4% /lv

5).扩展内容

[root@server ~]# resize2fs /dev/vg0/lv0 1500Mresize2fs 1.42.9 (28-Dec-2013)Filesystem at /dev/vg0/lv0 is mounted on /mnt; on-line resizing requiredold_desc_blocks = 1, new_desc_blocks = 1The filesystem on /dev/vg0/lv0 is now 384000 blocks long.[root@server ~]# df -hFilesystem           Size  Used Avail Use% Mounted on/dev/vda1             10G  3.0G  7.1G  30% //dev/mapper/vg0-lv0  1.5G  3.0M  1.4G   1% /lv\

6).缩减内容与设备

[root@server ~]# umount /lv/[root@server ~]# e2fsck -f /dev/vg0/lv0 e2fsck 1.42.9 (28-Dec-2013)Pass 1: Checking inodes, blocks, and sizes......[root@server ~]# resize2fs /dev/vg0/lv0 1024Mresize2fs 1.42.9 (28-Dec-2013)Resizing the filesystem on /dev/vg0/lv0 to 262144 (4k) blocks.The filesystem on /dev/vg0/lv0 is now 262144 blocks long.[root@server ~]# mount /dev/mapper/vg0-lv0 /lv/[root@server ~]# df -hFilesystem           Size  Used Avail Use% Mounted on/dev/vda1             10G  3.0G  7.1G  30% //dev/mapper/vg0-lv0  944M  5.1M  872M   1% /lv[root@server ~]# mount /dev/mapper/vg0-lv0 /lv/[root@server ~]# df -hFilesystem           Size  Used Avail Use% Mounted on/dev/vda1             10G  3.0G  7.1G  30% /devtmpfs             906M     0  906M   0% /devtmpfs                921M   80K  921M   1% /dev/shmtmpfs                921M   21M  901M   3% /runtmpfs                921M     0  921M   0% /sys/fs/cgroup/dev/mapper/vg0-lv0  944M  5.1M  872M   1% /lv[root@server ~]# lvreduce -L 1G /dev/vg0/lv0   WARNING: Reducing active and open logical volume to 1.00 GiB  THIS MAY DESTROY YOUR DATA (filesystem etc.)Do you really want to reduce lv0? [y/n]: y  Reducing logical volume lv0 to 1.00 GiB  Logical volume lv0 successfully resized

2.删除LVM

1).取消挂载，清除逻辑卷lv

[root@server ~]# umount /lv/[root@server ~]# lvremove /dev/vg0/lv0 Do you really want to remove active logical volume lv0? [y/n]: y  Logical volume "lv0" successfully removed[root@server ~]# lvs

2).清除物理卷组vg与物理卷pv

[root@server ~]# vgremove vg0   Volume group "vg0" successfully removed[root@server ~]# vgs  No volume groups found[root@server ~]# pvremove /dev/vdb{2,3}  Labels on physical volume "/dev/vdb2" successfully wiped  Labels on physical volume "/dev/vdb3" successfully wiped[root@server ~]# pvs

3).清除分区

[root@server ~]# fdisk /dev/vdbCommand (m for help): dPartition number (1-3, default 3): 3Partition 3 is deletedCommand (m for help): dPartition number (1,2, default 2): 2Partition 2 is deletedCommand (m for help): wq[root@server ~]# partprobe Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.

三、SELINUX

SELinux是一种基于 域-类型 模型（domain-type）的强制访问控制（MAC）安全系统，它由NSA编写并设计成内核模块包含到内核中，相应的某些安全相关的应用也被打了SELinux的补丁，最后还有一个相应的安全策略。任何程序对其资源享有完全的控制权。假设某个程序打算把含有潜在重要信息的文件扔到/tmp目录下，那么在DAC情况下没人能阻止他。SELinux提供了比传统的UNIX权限更好的访问控制。

<示例>

在内核防火墙开启时，移动桌面上的html文件到html发布目录/var/www/html

[root@server ~]# echo hello > westos.html[root@server ~]# lsanaconda-ks.cfg  Documents  Music     Public     VideosDesktop          Downloads  Pictures  Templates  westos.html[root@server ~]# mv westos.html /var/www/html/[root@server ~]# getenforce Enforcing

由于文件与正常发布目录下的标签不同 ，更改标签后，刷新网页即可访问内容

[root@server ~]# cd /var/www/html/[root@server html]# echo hello>westos1.html[root@server html]# ls -Z-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 westos1.html-rw-r--r--. root root unconfined_u:object_r:admin_home_t:s0 westos.html[root@server html]# chcon -t httpd_sys_content_t westos.html [root@server html]# ls -Z-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 westos1.html-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 westos.html