linux 例行性命令
1 at 一次性命令用的不多了
2 crontab 重复性命令
个人对这个感觉了解的比较多了,主要了解下数据流重定向的问题来看
*/5 * * * * root /usr/local/ping.sh > /dev/null 2>&1
>/dev/null 含义是把标准输出重定向到/dev/null,其实就是屏蔽标准输出。
2>&1 是把标准错误重定向到标准输出 [2代表标准错误stderr,1代表标准输出stdout,把&理解成取地址即可]
结合起来就是屏蔽所有输出信息。
linux 程序与资源管理
一登录的时候就下达的bash shell命令 有pid
列出目前属于你自己的登录相关信息
[root@changda cron]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1652 1650 0 75 0 - 16524 wait pts/0 00:00:00 bash
4 R 0 8113 1652 0 77 0 - 15890 - pts/0 00:00:00 ps
注意: ps命令的ppid即父pid与bash的pid相同,说明ps是bash的子程序
ps -lA 可看到 bash的ppid与sshd的pid相同,说明bash是sshd的子程序
5 S 701 1912 1910 0 75 0 - 23081 - ? 00:00:00 sshd
0 S 701 1913 1912 0 76 0 - 16524 - pts/2 00:00:00 bash
ps aux 显示当前在内存中的程序
.
.
.
root 20381 0.0 0.3 92496 3548 ? Ss 08:58 0:00 sshd: root@pts/0
root 20383 0.0 0.1 66128 1616 pts/0 Ss+ 08:58 0:00 -bash
root 20401 0.0 0.3 92320 3364 ? Ss 08:58 0:00 sshd: vbird1 [priv]
vbird1 20403 0.0 0.1 92320 1764 ? S 08:58 0:00 sshd: vbird1@pts/1
vbird1 20404 0.0 0.1 66128 1592 pts/1 Ss 08:58 0:00 -bash
root 20420 0.0 0.3 92320 3364 ? Ss 08:58 0:00 sshd: quser1 [priv]
quser1 20422 0.0 0.1 92320 1744 ? S 08:58 0:00 sshd: quser1@pts/2
quser1 20423 0.0 0.1 66128 1572 pts/2 Ss+ 08:58 0:00 -bash
root 20603 0.0 0.1 74532 1412 pts/0 T 09:51 0:00 vi sh1.sh
vbird1 20611 0.0 0.3 96468 3092 pts/1 T< 09:52 0:00 vim mytouch
vbird1 20761 0.0 0.0 65652 1012 pts/1 R+ 10:06 0:00 ps aux
[root@changda cron]# ps -axjf #类似输出
1598 1650 1650 1650 ? -1 Ss 0 0:00 \_ sshd: root@pts/0
1650 1652 1652 1652 pts/0 8219 Ss 0 0:00 | \_ -bash
1652 8219 8219 1652 pts/0 8219 R+ 0 0:00 | \_ ps -axjf
1598 1672 1672 1672 ? -1 Ss 0 0:00 \_ sshd: vbird1 [priv]
1672 1674 1672 1672 ? -1 S 500 0:00 | \_ sshd: vbird1@pts/1
1674 1675 1675 1675 pts/1 1675 Ss+ 500 0:00 | \_ -bash
1598 1910 1910 1910 ? -1 Ss 0 0:00 \_ sshd: quser1 [priv] 父root
1910 1912 1910 1910 ? -1 S 701 0:00 | \_ sshd: quser1@pts/2 子quser1程序
1912 1913 1913 1913 pts/2 1913 Ss+ 701 0:00 | \_ -bash sshd的子程序
1913 8020 8020 1913 pts/2 1913 T 701 0:00 | \_ vim aa.php bash的子程序
1598 8217 8217 8217 ? -1 Ss 0 0:00 \_ sshd: root [priv]
8217 8218 8217 8217 ? -1 S 74 0:00 \_ sshd: root [net]
pstree -Aup 属于root的默认不显示用户名
crond(1627)
|-events/0(5)
|-gpm(1614)
|-iscsid(1191)
|-iscsid(1192)
|-iscsiuio(1186)-+-{iscsiuio}(1187)
| `-{iscsiuio}(1189)
-sshd(1598)-+-sshd(1650)---bash(1652)---pstree(8588)
| |-sshd(1672)---sshd(1674,vbird1)---bash(1675)
| |-sshd(1910)---sshd(1912,quser1)---bash(1913)---vim(8020)
| `-sshd(8586)---sshd(8587,sshd)
killall -9 command
killall -9 mysqld 会发现杀死后又会重新开启一个mysqld进程这是因为父进程没有杀死
-mysqld_safe(1298)---mysqld(13163)---{mysqld}(13165)
杀死父进程
killall -9 mysqld_safe
再杀子进程
killall -9 mysqld
这样即可杀掉mysqld这个进程了
free
root@test-month:/etc/cron.monthly# free -t
total used free shared buffers cached
Mem: 2048576 1829052 219524 484 64460 1544060
-/+ buffers/cache: 220532 1828044
Swap: 0 0 0
Total: 2048576 1829052 219524
uname
root@test-month:/etc/cron.monthly# uname -r
4.4.0-34-generic
root@test-month:/etc/cron.monthly# uname -a
Linux test-month 4.4.0-34-generic #53~14.04.1-Ubuntu SMP Wed Jul 27 16:56:40 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
root@test-month:/etc/cron.monthly# uname -s
Linux
root@test-month:/etc/cron.monthly# uname -m
x86_64
root@test-month:/etc/cron.monthly# uname -p
x86_64
root@test-month:/etc/cron.monthly# uname -i
x86_64
root@test-month:/etc/cron.monthly# uptime
09:02:11 up 29 days, 23:40, 1 user, load average: 0.00, 0.00, 0.00
netstat 用法
常用 netstat -an|grep ESTABLISHED
root@test-month:~# netstat -t [TCP的封包]
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 test-month:http 108.162.222.176:23593 ESTABLISHED
tcp 0 0 test-month:http 162.158.6.85:37203 TIME_WAIT
tcp 0 0 test-month:http 172.68.11.216:27347 ESTABLISHED
tcp 0 0 test-month:http 172.68.11.87:23700 ESTABLISHED
tcp 0 0 test-month:http 162.158.6.85:17829 TIME_WAIT
tcp 0 0 test-month:http 172.68.11.224:16760 TIME_WAIT
tcp 0 216 test-month:ssh 180.175.177.122:24290 ESTABLISHED
tcp 0 0 test-month:http 162.158.179.165:33217 TIME_WAIT
root@test-month:~# netstat -u [UDP的封包]
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
root@test-month:~# netstat -l [正在监听的服务]
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
root@test-month:~# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1330/nginx.conf
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1262/sshd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 13606/mysqld
tcp6 0 0 :::22 :::* LISTEN 1262/sshd
输出开机自检信息
root@test-month:~# dmesg |more
root@test-month:~# renice -10 29021
29021 (process ID) old priority -5, new priority -10
root@test-month:~# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 28965 28909 0 80 0 - 5747 wait pts/2 00:00:00 bash
4 T 0 29021 28965 0 70 -10 - 10341 signal pts/2 00:00:00 vi
0 R 0 29272 28965 0 80 0 - 2565 - pts/2 00:00:00 ps
关于程序的执行顺序
其实每个工作都会进入到 CPU 的工作排程当中,并等待 CPU 来执行,
而 CPU 会根据每个工作的优先执行序 (priority)
来判断谁比较重要, 所以某个工作就可能会比较优先被执行完毕啦
也就是说,linux系统中每个process都会拥有一个所谓的优先权(priority),利用该属性让cpu判断哪个工作是比较重要的,哪个工作在一群工作当中会优先执行,从而让系统资源分配的更加合理
可以用ps观察程序的优先级
[root@changda ~]# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 20383 20381 0 75 0 - 16532 wait pts/0 00:00:00 bash
4 R 0 20585 20383 0 77 0 - 15890 - pts/0 00:00:00 ps
PRI就是priority的简写,NI是nice的简写,这两个东西在一起才进行PRI的判断,PRI越小代表越优先执行,不过PRI是系统产生的,其值 并不是固定不变的,我们可以通过操作NI即Nice的值来改变PRI
PRI(new)=PRI(old)+nice(nice可正,可负)
注意事项:
1. 一般使用者的Nice值为0~19 即只能增大
2. root可用的Nice值为-20~19
3. 一般使用都可将nice的值越调越高
4. 一般使用都仅能调整属于自己的程序的nice值
针对第4点测试一下:vibrd1登录用vi,root这边也vi打开一个文件
sshd(1598)─┬─sshd(20381)───bash(20383)───vi(20603)
│ ├─sshd(20401)───sshd(20403,vbird1)───bash(20404)─┬─pstree(20636)
│ │ └─vim(20611)
│ └─sshd(20420)───sshd(20422,quser1)───bash(20423)
如上,pid为20603的是root的vi命令,vibrd1修改root的nice报错如下
[vbird1@changda tmp]$ renice -n 5 20603
renice: 5: setpriority: Operation not permitted
renice: 20603: setpriority: Operation not permitted
而在root这边修改vbird1的nice如下
初始状态
[vbird1@changda tmp]$ ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
0 S 500 20404 20403 0 75 0 - 16532 wait pts/1 00:00:00 bash
0 T 500 20611 20404 0 75 0 - 24117 finish pts/1 00:00:00 vim
0 R 500 20672 20404 0 78 0 - 15890 - pts/1 00:00:00 ps
root这边修改vbird1的vi的nice值
[root@changda tmp]# renice -5 20611
20611: old priority 0, new priority -5
可见被改变了
[vbird1@changda tmp]$ ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
0 S 500 20404 20403 0 75 0 - 16532 wait pts/1 00:00:00 bash
0 T 500 20611 20404 0 71 -5 - 24117 finish pts/1 00:00:00 vim
0 R 500 20676 20404 0 77 0 - 15890 - pts/1 00:00:00 ps
修改父pid的nice值子Pid也跟着改变 即nice的值在父程序-->子程序之间传递
root@test-month:~# renice 18 28965
28965 (process ID) old priority 0, new priority 18
root@test-month:~# ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 28965 28909 0 98 18 - 5747 wait pts/2 00:00:00 bash
4 T 0 29021 28965 0 70 -10 - 10341 signal pts/2 00:00:00 vi
0 R 0 29444 28965 0 98 18 - 2565 - pts/2 00:00:00 ps
关于SUID/SGID/Sticky Bit
SUID到底是怎么工作的,下面来演示一下
1. Set UID的权限设定值,仅对binary file有效
2. 程序操作都必须要拥有该binary file的可执行权限(x)
3. 当程序操作者执行具有SUID的binary file时,该binary file所触发的程序中,该程序的有效使用者为该Binary File的拥有者
如passwd这个binary file档
[root@changda ~]# ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 27936 Aug 11 2010 /usr/bin/passwd
当vibrd1在passwd更新密码的时候,root这边执行passwd -pu
─sshd(1598)─┬─sshd(20381)───bash(20383)───pstree(20563)
│ ├─sshd(20401)───sshd(20403,vbird1)───bash(20404)───passwd(20559,root)#这里显示了实际上是root
│ ├─sshd(20420)───sshd(20422,quser1)───bash(20423)
│ └─sshd(20560)───sshd(20561,sshd)
/proc/*所代表的意义
程序运行在内存中,然后会写到/proc/*下边,下边来看下/proc/*所代表的意义
/proc/pci 等于lspci
root@deal:~# lspci
00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II]
00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] (rev 01)
00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 03)
00:02.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04)
00:03.0 Ethernet controller: Red Hat, Inc Virtio network device
00:04.0 SCSI storage controller: Red Hat, Inc Virtio SCSI
00:05.0 SCSI storage controller: Red Hat, Inc Virtio block device
00:06.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon
fuser 使用 吊 [用在目录,档案,可执行文档]
fuser [-ki] [ -signal] file /dir
-k :找出这个档案/目录的pid,并试图以SIGKILL这个信号给这个pid[-9]
-i : 与k配合在结束这个pid之前会先询问使用者
-signal : -1 -15等,不加默认为-9
//centos 这里有两个pid,因为我有两个用户都登录到主机了,并且都在/tmp目录下
[root@changda tmp]# fuser .
.: 15035c 15582c
又用vbird1登入并到/tmp目录下
[root@changda tmp]# fuser .
.: 15035c 15056c 15582c
//ubuntu
root@deal:~# fuser .
/root: 8810c
# c 代表当前目录下
# e 代表可以被执行
# f 代表是一个开启的档案
# r 代表root directory
/ 根目录有好多进程呢
[root@changda tmp]# cd /
[root@changda /]# fuser .
.: 1rc 2rc 3rc 4rc 5rc
6rc 15rc 19rc 20rc 92rc 95rc 97rc 167rc
168rc 169rc 170rc 171rc 309rc 339rc 346rc 347rc
356rc 365rc 366rc 391rc 424rc 647rc
1018rc 1019rc 1102rc 1137rc 1143rc 1153rc 1160rc 1161rc
1162rc 1165rc 1168rc 1171rc 1186rc 1191rc 1192rc 1534rc
1537rc 1598rc 1614rc 1627r 1633rc 1634rc 1635rc 1636rc
1637rc 1638rc 15033rc 15035rc 15053rc 15055rc 15056r 15579rc 15581rc 15582r
c表示在当前目录下作业呢
[root@changda bin]# fuser /tmp
/tmp: 15056c 15582c
当vbird1登录并passwd的时候
[root@changda bin]# fuser /usr/bin/passwd
/usr/bin/passwd: 15853e
这时候是e喔,表示vird1这个帐户在执行passwd命令的,pid是15853
[root@changda bin]# ps aux|egrep '(15056|15582|15853)'
vbird1 15056 0.0 0.1 66128 1592 pts/3 Ss 11:41 0:00 -bash
quser1 15582 0.0 0.1 66128 1584 pts/0 Ss+ 14:03 0:00 -bash
root 15853 0.0 0.1 53232 1284 pts/3 S+ 15:16 0:00 passwd
root 15867 0.0 0.0 61228 744 pts/2 R+ 15:19 0:00 egrep (15056|15582|15853)
lsof的使用 吊的很 与fuser相反,lsof(list open files)是一个列出当前系统打开文件的工具
[到这里看详细的](http://www.cnblogs.com/ggjucheng/archive/2012/01/08/2316599.html)
显示tcp包连接的80端口打开的文件
root@test-month:/etc# lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1330 root 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 10910 www 3u IPv4 30679596 0t0 TCP test-month:http->162.158.234.42:25514 (ESTABLISHED)
nginx 10910 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 10910 www 7u IPv4 30679599 0t0 TCP test-month:http->141.101.96.36:29187 (ESTABLISHED)
nginx 10910 www 10u IPv4 30679603 0t0 TCP test-month:http->141.101.96.126:17968 (ESTABLISHED)
nginx 10910 www 11u IPv4 30679607 0t0 TCP test-month:http->162.158.178.179:13389 (ESTABLISHED)
nginx 10910 www 15u IPv4 30679610 0t0 TCP test-month:http->141.101.96.126:28771 (ESTABLISHED)
nginx 10910 www 16u IPv4 30679619 0t0 TCP test-month:http->162.158.234.18:11514 (ESTABLISHED)
nginx 10910 www 17u IPv4 30679622 0t0 TCP test-month:http->162.158.178.53:14404 (ESTABLISHED)
nginx 10910 www 18u IPv4 30679626 0t0 TCP test-month:http->108.162.219.162:10855 (ESTABLISHED)
nginx 10910 www 19u IPv4 30679629 0t0 TCP test-month:http->108.162.222.162:24457 (ESTABLISHED)
nginx 10910 www 20u IPv4 30679632 0t0 TCP test-month:http->cf-173-245-50-242.cloudflare.com:35142 (ESTABLISHED)
nginx 10910 www 21u IPv4 30679634 0t0 TCP test-month:http->162.158.69.245:29355 (ESTABLISHED)
nginx 10910 www 22u IPv4 30679638 0t0 TCP test-month:http->162.158.178.185:29636 (ESTABLISHED)
nginx 10910 www 23u IPv4 30679645 0t0 TCP test-month:http->108.162.245.108:24365 (ESTABLISHED)
nginx 10910 www 24u IPv4 30679652 0t0 TCP test-month:http->162.158.234.24:15113 (ESTABLISHED)
nginx 10910 www 25u IPv4 30679656 0t0 TCP test-month:http->162.158.179.24:34074 (ESTABLISHED)
nginx 10910 www 26u IPv4 30679660 0t0 TCP test-month:http->108.162.221.216:26152 (ESTABLISHED)
nginx 10910 www 27u IPv4 30679663 0t0 TCP test-month:http->108.162.237.186:27348 (ESTABLISHED)
nginx 10910 www 28u IPv4 30679671 0t0 TCP test-month:http->172.68.65.68:31043 (ESTABLISHED)
nginx 10910 www 29u IPv4 30679674 0t0 TCP test-month:http->162.158.95.27:35901 (ESTABLISHED)
nginx 10910 www 31u IPv4 30679677 0t0 TCP test-month:http->141.101.99.215:30114 (ESTABLISHED)
nginx 10911 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 10911 www 7u IPv4 30680687 0t0 TCP test-month:http->108.162.219.162:24891 (ESTABLISHED)
nginx 10911 www 18u IPv4 30679506 0t0 TCP test-month:http->108.162.219.162:18192 (ESTABLISHED)
以一个vbird1登录并vi mytouch文件
root这边执行 lsof -c vi
[root@changda tmp]# lsof -c vi
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
virtio-bl 339 root cwd DIR 253,1 4096 2 /
virtio-bl 339 root rtd DIR 253,1 4096 2 /
virtio-bl 339 root txt unknown /proc/339/exe
vim 16041 vbird1 cwd DIR 253,1 4096 13 /tmp
vim 16041 vbird1 rtd DIR 253,1 4096 2 /
vim 16041 vbird1 txt REG 253,1 2883000 533859 /usr/bin/vim
vim 16041 vbird1 mem REG 253,1 144776 539135 /lib64/ld-2.5.so
vim 16041 vbird1 mem REG 253,1 1726296 539136 /lib64/libc-2.5.so
vim 16041 vbird1 mem REG 253,1 23360 539137 /lib64/libdl-2.5.so
vim 16041 vbird1 mem REG 253,1 247496 520074 /lib64/libsepol.so.1
vim 16041 vbird1 mem REG 253,1 95464 539146 /lib64/libselinux.so.1
vim 16041 vbird1 mem REG 253,1 614992 539144 /lib64/libm-2.5.so
vim 16041 vbird1 mem REG 253,1 149968 539141 /lib64/libpthread-2.5.so
vim 16041 vbird1 mem REG 253,1 48600 539147 /lib64/libcrypt-2.5.so
vim 16041 vbird1 mem REG 253,1 380336 539074 /usr/lib64/libncurses.so.5.5
vim 16041 vbird1 mem REG 253,1 92816 539150 /lib64/libresolv-2.5.so
vim 16041 vbird1 mem REG 253,1 17888 520486 /lib64/libattr.so.1.1.0
vim 16041 vbird1 mem REG 253,1 27920 522253 /lib64/libacl.so.1.1.0
vim 16041 vbird1 mem REG 253,1 18152 539162 /lib64/libutil-2.5.so
vim 16041 vbird1 mem REG 253,1 114352 538810 /lib64/libnsl-2.5.so
vim 16041 vbird1 mem REG 253,1 25984 522255 /usr/lib64/libgpm.so.1.19.0
vim 16041 vbird1 mem REG 253,1 1262320 1031537 /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so
vim 16041 vbird1 mem REG 253,1 56462896 519681 /usr/lib/locale/locale-archive
vim 16041 vbird1 mem REG 253,1 53880 519702 /lib64/libnss_files-2.5.so
vim 16041 vbird1 0u CHR 136,3 0t0 5 /dev/pts/3
vim 16041 vbird1 1u CHR 136,3 0t0 5 /dev/pts/3
vim 16041 vbird1 2u CHR 136,3 0t0 5 /dev/pts/3
vim 16041 vbird1 4u REG 253,1 12288 7597 /tmp/.mytouch.swp
可见使用vi这个命令系统实际上是调用了很多模块来操作 .so 文件,就像写程序一样要调用其它模块的意思
lsof这个命令更强大,可以用来代替fuser的功能
[root@changda tmp]# fuser /usr/bin/passwd
/usr/bin/passwd: 16090e
[root@changda tmp]# lsof /usr/bin/passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
passwd 16090 root txt REG 253,1 27936 522398 /usr/bin/passwd
再看Pid为16090的进程打开了哪些文件
[root@changda tmp]# lsof -p 16090
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
passwd 16090 root cwd DIR 253,1 4096 13 /tmp
passwd 16090 root rtd DIR 253,1 4096 2 /
passwd 16090 root txt REG 253,1 27936 522398 /usr/bin/passwd
passwd 16090 root mem REG 253,1 144776 539135 /lib64/ld-2.5.so
passwd 16090 root mem REG 253,1 1726296 539136 /lib64/libc-2.5.so
passwd 16090 root mem REG 253,1 23360 539137 /lib64/libdl-2.5.so
passwd 16090 root mem REG 253,1 247496 520074 /lib64/libsepol.so.1
passwd 16090 root mem REG 253,1 95464 539146 /lib64/libselinux.so.1
passwd 16090 root mem REG 253,1 98920 539138 /lib64/libaudit.so.0.0.0
passwd 16090 root mem REG 253,1 149968 539141 /lib64/libpthread-2.5.so
passwd 16090 root mem REG 253,1 46800 539139 /lib64/libpam.so.0.81.5
passwd 16090 root mem REG 253,1 53448 539142 /lib64/librt-2.5.so
passwd 16090 root mem REG 253,1 48600 539147 /lib64/libcrypt-2.5.so
passwd 16090 root mem REG 253,1 34240 538089 /usr/lib64/libpopt.so.0.0.0
passwd 16090 root mem REG 253,1 647608 539143 /lib64/libglib-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 13520 520119 /lib64/libgmodule-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 262904 520115 /lib64/libgobject-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 13456 539140 /lib64/libpam_misc.so.0.81.2
passwd 16090 root mem REG 253,1 95408 539148 /usr/lib64/libuser.so.1.1.6
passwd 16090 root mem REG 253,1 114352 538810 /lib64/libnsl-2.5.so
passwd 16090 root mem REG 253,1 53880 519702 /lib64/libnss_files-2.5.so
passwd 16090 root mem REG 253,1 11504 533231 /lib64/security/pam_env.so
passwd 16090 root mem REG 253,1 48824 533270 /lib64/security/pam_unix.so
passwd 16090 root mem REG 253,1 40896 539109 /usr/lib64/libcrack.so.2.8.0
passwd 16090 root mem REG 253,1 12272 533263 /lib64/security/pam_succeed_if.so
passwd 16090 root mem REG 253,1 4040 533229 /lib64/security/pam_deny.so
passwd 16090 root mem REG 253,1 4416 533251 /lib64/security/pam_permit.so
passwd 16090 root mem REG 253,1 14024 533227 /lib64/security/pam_cracklib.so
passwd 16090 root 0u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 1u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 2u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 3u sock 0,5 0t0 188127 can't identify protocol
上边的执行结果跟下边一样
[root@changda tmp]# lsof -c passwd
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
passwd 16090 root cwd DIR 253,1 4096 13 /tmp
passwd 16090 root rtd DIR 253,1 4096 2 /
passwd 16090 root txt REG 253,1 27936 522398 /usr/bin/passwd
passwd 16090 root mem REG 253,1 144776 539135 /lib64/ld-2.5.so
passwd 16090 root mem REG 253,1 1726296 539136 /lib64/libc-2.5.so
passwd 16090 root mem REG 253,1 23360 539137 /lib64/libdl-2.5.so
passwd 16090 root mem REG 253,1 247496 520074 /lib64/libsepol.so.1
passwd 16090 root mem REG 253,1 95464 539146 /lib64/libselinux.so.1
passwd 16090 root mem REG 253,1 98920 539138 /lib64/libaudit.so.0.0.0
passwd 16090 root mem REG 253,1 149968 539141 /lib64/libpthread-2.5.so
passwd 16090 root mem REG 253,1 46800 539139 /lib64/libpam.so.0.81.5
passwd 16090 root mem REG 253,1 53448 539142 /lib64/librt-2.5.so
passwd 16090 root mem REG 253,1 48600 539147 /lib64/libcrypt-2.5.so
passwd 16090 root mem REG 253,1 34240 538089 /usr/lib64/libpopt.so.0.0.0
passwd 16090 root mem REG 253,1 647608 539143 /lib64/libglib-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 13520 520119 /lib64/libgmodule-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 262904 520115 /lib64/libgobject-2.0.so.0.1200.3
passwd 16090 root mem REG 253,1 13456 539140 /lib64/libpam_misc.so.0.81.2
passwd 16090 root mem REG 253,1 95408 539148 /usr/lib64/libuser.so.1.1.6
passwd 16090 root mem REG 253,1 114352 538810 /lib64/libnsl-2.5.so
passwd 16090 root mem REG 253,1 53880 519702 /lib64/libnss_files-2.5.so
passwd 16090 root mem REG 253,1 11504 533231 /lib64/security/pam_env.so
passwd 16090 root mem REG 253,1 48824 533270 /lib64/security/pam_unix.so
passwd 16090 root mem REG 253,1 40896 539109 /usr/lib64/libcrack.so.2.8.0
passwd 16090 root mem REG 253,1 12272 533263 /lib64/security/pam_succeed_if.so
passwd 16090 root mem REG 253,1 4040 533229 /lib64/security/pam_deny.so
passwd 16090 root mem REG 253,1 4416 533251 /lib64/security/pam_permit.so
passwd 16090 root mem REG 253,1 14024 533227 /lib64/security/pam_cracklib.so
passwd 16090 root 0u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 1u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 2u CHR 136,3 0t0 5 /dev/pts/3
passwd 16090 root 3u sock 0,5 0t0 188127 can't identify protocol
显示系统打开的端口
[root@changda tmp]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1598 root 3u IPv6 4215 0t0 TCP *:ssh (LISTEN)
sshd 1598 root 4u IPv4 4223 0t0 TCP *:ssh (LISTEN)
sshd 15033 root 3u IPv4 172582 0t0 TCP 198.199.103.232:ssh->116.247.96.94:6756 (ESTABLISHED)
sshd 15053 root 3u IPv4 172648 0t0 TCP 198.199.103.232:ssh->116.247.96.94:6757 (ESTABLISHED)
sshd 15055 vbird1 3u IPv4 172648 0t0 TCP 198.199.103.232:ssh->116.247.96.94:6757 (ESTABLISHED)
sshd 15579 root 3u IPv4 180142 0t0 TCP 198.199.103.232:ssh->116.247.96.94:8340 (ESTABLISHED)
sshd 15581 quser1 3u IPv4 180142 0t0 TCP 198.199.103.232:ssh->116.247.96.94:8340 (ESTABLISHED)
root@test-month:/tmp# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1262 root 3u IPv4 10990 0t0 TCP *:ssh (LISTEN)
sshd 1262 root 4u IPv6 10992 0t0 TCP *:ssh (LISTEN)
nginx 1330 root 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 11770 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 11771 www 3u IPv4 16934239 0t0 TCP test-month:http->162.158.58.151:30916 (ESTABLISHED)
nginx 11771 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 11771 www 7u IPv4 16934298 0t0 TCP test-month:http->199.27.133.122:30078 (ESTABLISHED)
nginx 11771 www 8u IPv4 16934481 0t0 TCP test-month:http->172.68.11.224:34794 (ESTABLISHED)
mysqld 13606 mysql 4u IPv4 15829614 0t0 TCP *:mysql (LISTEN)
sshd 28909 root 3u IPv4 16684100 0t0 TCP test-month:ssh->116.247.96.94:6758 (ESTABLISHED)
sshd 30779 root 3u IPv4 16932914 0t0 TCP test-month:ssh->116.31.116.17:35264 (ESTABLISHED)
sshd 30780 sshd 3u IPv4 16932914 0t0 TCP test-month:ssh->116.31.116.17:35264 (ESTABLISHED)
系统的80端口
root@deal:~# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/opt/lamp 1099 root 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12586 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12642 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12781 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12782 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12783 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12784 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12788 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12794 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12795 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
/opt/lamp 12823 nobody 4u IPv6 14912 0t0 TCP *:http (LISTEN)
查一下上边 /opt/lam...显示不全的
root@deal:~# ps aux|grep 12586
nobody 12586 0.2 1.4 360884 29344 ? S 16:41 0:01 /opt/lampp/bin/httpd -k start -E /opt/lampp/logs/error_log -DPHP
系统的22端口
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 878 root 3u IPv4 11997 0t0 TCP *:ssh (LISTEN)
sshd 878 root 4u IPv6 12000 0t0 TCP *:ssh (LISTEN)
sshd 8729 root 3u IPv4 2860248 0t0 TCP 104.131.8.62:ssh->116.247.96.94:8883 (ESTABLISHED)
sshd 12897 root 3u IPv4 2911014 0t0 TCP 104.131.8.62:ssh->202.109.143.47:distmp3 (ESTABLISHED)
sshd 12898 sshd 3u IPv4 2911014 0t0 TCP 104.131.8.62:ssh->202.109.143.47:distmp3 (ESTABLISHED)
sshd 12905 root 3u IPv4 2911174 0t0 TCP 104.131.8.62:ssh->202.109.143.100:1186 (ESTABLISHED)
sshd 12906 sshd 3u IPv4 2911174 0t0 TCP 104.131.8.62:ssh->202.109.143.100:1186 (ESTABLISHED)
sshd 12907 root 3u IPv4 2911197 0t0 TCP 104.131.8.62:ssh->213-240-107-228.adsl.highway.telekom.at:46111 (ESTABLISHED)
sshd 12908 sshd 3u IPv4 2911197 0t0 TCP 104.131.8.62:ssh->213-240-107-228.adsl.highway.telekom.at:46111 (ESTABLISHED)
root@test-month:/tmp# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1330 root 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 11770 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
nginx 11771 www 3u IPv4 16937142 0t0 TCP test-month:http->172.68.11.212:16986 (ESTABLISHED)
nginx 11771 www 6u IPv4 12574 0t0 TCP *:http (LISTEN)
3306端口
root@test-month:/tmp# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 13606 mysql 4u IPv4 15829614 0t0 TCP *:mysql (LISTEN)
pidof 的使用
//xampp下
root@deal:~# pidof httpd
13189 13187 13186 13185 13184 13183 13182 13181 13164 12586 1101 1099
//nginx下
root@test-month:/tmp# pidof php-fpm
12675 3150 1802 1786 1497 1496 1495 1494 1493 1492 1491 1490 1489 1488 1484
显示已打开的文档或装置
vbird1登录并编辑mytouch文档
[root@changda ~]# lsof |grep mytouch
vim 20458 vbird1 4u REG 253,1 12288 7597 /tmp/.mytouch.swp
linux开机流程与loader
linux 开机核心步骤
- 加载bios信息,并取得第一个开机装置代号[硬盘,USB,光驱..]
- 读取第一个开机装置的MBR的boot loader [grub等] 的开机信息
- 加载kernel操作系统的核心信息,kernel开始解压缩,加载到内存运行,并且尝试驱动硬盘装置.
- kernel执行init程序并取得run level信息
- init执行/etc/rc.d/rc.sysinit档案
- 启动核心的外挂模块 见配置文件 /etc/modprobe.conf
- init执行run level的shell scripts
- init执行/etc/rcd./rc.local 即自定义开机启动档
- 执行 /bin/login程序,并等待使用者登入
- 登入之后开始以shell控管主机
当我们由boot loader的管理而开始读取/boot/vmlinuz*后,内核会解压缩到内存当中,并且利用kernel的功能开始测试与驱动周边装置,如硬盘,cpu,网卡,声卡等.
在内核的加载过程中系统中会挂载根目录而已,而且是以只读的方式挂载的,此外,有时为了让某些功能可以用档案的方式来读取,因此,有些系统在开机的时候,会制作所谓的虚拟硬盘(RAM Disk)来辅助,那就是initrd与linuxrc的功用了.initrd非常常见,利用boot loader的功能,可以在加载核心的时候,一起加载initrd的映象档案 initrd.img-3.13.0-103-generic ,linux系统会主动的以initrd来进行虚拟硬盘的建置,并且利用linuxrc(包括在initrd的映象档内)这个程序的功能来进行模块的加载动作 如驱动程序 drivers
linuxrc主要特性有:
- 必须是linuxrc这个档名
- 必须放在initrd所建立的虚拟硬盘的最顶层目录
- 必须要可以被核心执行
在核心驱动周边硬件的工作完成之后,initrd所建立的虚拟磁盘就会被移除了,不过initrd是可有可无的,要看建立核心的时候的编译过程与角度.不过一般的linux distributions在建立核心的时候会一起建立这个initrd映象档,辅助开机的进行.
核心加载完成后系统主要就开始动作了,接下来系统执行第一支程序init
在核心加载后,系统就已经准备妥当了,等待程序的执行了.整个linux系统当中第一个执行的程序是init ,/sbin/init,ps aux|more看到的第一行显示的程序内容,pid为1. init所做的工作很多,除了利用设定档 /etc/inittab来取得开机的等级run level之外,还会经由这个run level来进行不同的开机服务项目的启动
linux的run level来规定系统使用不同的服务来启动,让linux使用不同的环境,依据有无网络与有无X window分为六级,在/etc/inittab中查看
- 0 halt 直接关机
- 1 single user mode(单人模式,系统出问题时维护用)
- 2 Multi-user,without NFS
- 3 Full multi-user mode (完整的有网络功能的纯文字机模式,常用)
- 4 unused 系统保留
- 5 X11 (与runlevel 3类似,用X window 常用 )
- 6 reboot 重新开机
init在取得runlevel后,inittab中第一行
si:sysinit:/etc/rc.d/rc.sysinit
表示系统加载各项服务之前要先做好整个系统环境,主要利用/etc/rc.d/rc.sysinit这个shell scripts来设定系统环境.注意不同的distributions可能名字不一样
大致上sysinit做以下几件事情
- 取得网络环境与主机类型
- 测试与挂载内存装置/proc入USB装置 /sys
- 决定是否启动SELinux
- 接口设备的侦测与PnP参数测试
- 使用都自定义模块的加载 /etc/sysconfig/modules/....
- 加载核心的相关设定
- 设定系统时间
- 设定raid与lvm等硬盘功能
- 以fsck检验磁盘档案系统
- 进行磁盘配额quota的转换
- 重新以可读写模式挂载系统分区
- 启动quota功能
- 启动系统随机数装置
- 清除开机过程的临时文件
- 将相关信息加载/var/log/dmesg档案中
sysinit在这个档案当中所进行的很多工作的预设设定档,其实都在 /etc/sysconfig,可以查看一下
这个时候系统模块与相关硬件信息初始化后,系统就已经顺利工作了
接下来就要启动系统所需要的各项服务,这个时候就根据我们在/etc/inittab里提到的run level设定值来决定启动服务项目了,比如runlevel为3,则在
/etc/rc3.d下边进行的工作如下:
root@test-month:/etc/init.d# cd ../rc3.d/
drwxr-xr-x 2 root root 4096 Aug 17 11:17 ./
drwxr-xr-x 91 root root 4096 Nov 25 16:37 ../
-rw-r--r-- 1 root root 677 Feb 17 2016 README
lrwxrwxrwx 1 root root 15 Aug 17 11:06 S20mysql -> ../init.d/mysql*
lrwxrwxrwx 1 root root 15 Aug 17 11:17 S20nginx -> ../init.d/nginx*
lrwxrwxrwx 1 root root 17 Aug 17 11:17 S20php-fpm -> ../init.d/php-fpm*
lrwxrwxrwx 1 root root 15 Aug 12 20:19 S20rsync -> ../init.d/rsync*
lrwxrwxrwx 1 root root 24 Aug 12 20:19 S20screen-cleanup -> ../init.d/screen-cleanup*
lrwxrwxrwx 1 root root 26 Aug 12 20:22 S45landscape-client -> ../init.d/landscape-client*
lrwxrwxrwx 1 root root 19 Aug 12 20:19 S70dns-clean -> ../init.d/dns-clean*
lrwxrwxrwx 1 root root 18 Aug 12 20:19 S70pppd-dns -> ../init.d/pppd-dns*
lrwxrwxrwx 1 root root 21 Aug 12 20:20 S99grub-common -> ../init.d/grub-common*
lrwxrwxrwx 1 root root 18 Aug 12 20:13 S99ondemand -> ../init.d/ondemand*
lrwxrwxrwx 1 root root 18 Aug 12 20:13 S99rc.local -> ../init.d/rc.local*
下来是加载使用都自定义启动的服务在 /etc/rc.d/rc.local当中
在完成系统所有的服务的启动后,接下来linux就会启动终端机或X Window等待使用者来登录了
关于模块加载的命令 /etc/modules.conf,核心为了应付硬件的更新,核心是以模块的方式加载drivers的(modules),这样就很方便扩展了
linux核心与模块存放的位置
- 核心 /boot/vmlinuz***
- 核心解压的RAM Disk /boot/initrd...
- 核心模块 /lib/modules/
uname -r/kernel - 核心原始码 /usr/src/linux-headers-3.13.0-103-generic类似
grub识别硬盘及加载kernel过程
grub一般安装在MBR或分区的super block中,grub识别硬盘的规则为
- 硬盘代号以()包起来
- 硬盘以hd表示,后边接数字,不管是什么类型硬盘,包括vda ssd固态硬盘
- 以搜寻顺序做硬盘编号,而不是按硬盘排线顺序
- 第一个搜寻的硬盘为0号,第二个为1号..
- 每个硬盘的第一个partition代号为0,依次类推
到/boot/grub下边研究一下 如 menu.lst ,
ls -l /boot
-rw-r--r-- 1 root root 1162712 Jul 15 2014 abi-3.13.0-32-generic
-rw-r--r-- 1 root root 1163858 Sep 4 2014 abi-3.13.0-36-generic
-rw-r--r-- 1 root root 1164489 Sep 23 2014 abi-3.13.0-37-generic
-rw-r--r-- 1 root root 165611 Jul 15 2014 config-3.13.0-32-generic
-rw-r--r-- 1 root root 165671 Sep 4 2014 config-3.13.0-36-generic
-rw-r--r-- 1 root root 165712 Sep 23 2014 config-3.13.0-37-generic
drwxr-xr-x 5 root root 4096 Oct 10 2014 grub/
-rw-r--r-- 1 root root 19287106 Jul 23 2014 initrd.img-3.13.0-32-generic
-rw-r--r-- 1 root root 19307642 Sep 25 2014 initrd.img-3.13.0-36-generic
-rw-r--r-- 1 root root 19307118 Oct 10 2014 initrd.img-3.13.0-37-generic
-rw-r--r-- 1 root root 176500 Mar 12 2014 memtest86+.bin
-rw-r--r-- 1 root root 178176 Mar 12 2014 memtest86+.elf
-rw-r--r-- 1 root root 178680 Mar 12 2014 memtest86+_multiboot.bin
-rw------- 1 root root 3381262 Jul 15 2014 System.map-3.13.0-32-generic
-rw------- 1 root root 3386479 Sep 4 2014 System.map-3.13.0-36-generic
-rw------- 1 root root 3386945 Sep 23 2014 System.map-3.13.0-37-generic
-rw------- 1 root root 5798112 Jul 15 2014 vmlinuz-3.13.0-32-generic
-rw------- 1 root root 5806848 Sep 4 2014 vmlinuz-3.13.0-36-generic
-rw------- 1 root root 5808832 Sep 23 2014 vmlinuz-3.13.0-37-generic
cd grub
drwxr-xr-x 5 root root 4096 Oct 10 2014 ./
drwxr-xr-x 3 root root 4096 Oct 10 2014 ../
drwxr-xr-x 2 root root 4096 Apr 17 2014 fonts/
-rw-r--r-- 1 root root 699 Apr 17 2014 gfxblacklist.txt
-r--r--r-- 1 root root 9550 Oct 10 2014 grub.cfg
-rw-r--r-- 1 root root 1024 Nov 17 19:17 grubenv
drwxr-xr-x 2 root root 12288 Jul 23 2014 i386-pc/
drwxr-xr-x 2 root root 4096 Jul 23 2014 locale/
-rw-r--r-- 1 root root 2405285 Jul 23 2014 unicode.pf2
尝试建立更新系统内核的东东见 ----> linux 内核升级攻略.md
再开一篇 ---->Linux鸟哥私房菜 笔记五
本文由 dealdot <dealdot#163.com> 创作, Full Stack Developer @ DeepBlue
本文最后编辑时间为: Apr 9, 2017 at 16:57 pm
转载请注明来源