定制微型linux实现基于帐号密码登录、提供ssh服务,提供Nginx服务(下)
9.为自己定制的linux提供ssh服务
9.1编译安装dropbear-2014.63
# tar -xf dropbear-2014.63.tar.bz2
# cd dropbear-2014.63
# ./configure
# make PROGRAMS="dropbear dbclient dropbearkey scp"
# make PROGRAMS="dropbear dbclient dropbearkey scp" install
9.2使用cpcommand.sh脚本移植dropbear
9.3手动移植认证时所需的名称解析框架(nsswitch)
# cp -d /lib/libnss_files* /mnt/sysroot/lib/
# mkdir /mnt/sysroot/usr/lib
# cp -d /usr/lib/libnss_files.so /mnt/sysroot/usr/lib/
9.4提供名称解析框架所需的配置文件
# vim /mnt/sysroot/etc/nsswitch.conf # # /etc/nsswitch.conf # passwd: files shadow: files group: files #hosts: db files nisplus nis dns hosts: files dns
9.5为目标机提供安全shell
# vim etc/shells /bin/bash 上面已经已经移植bash /bin/sh /bin/hush /bin/ash /bin/
9.6为目标机提供dropbearkey和运行dropbear所需的目录
# mkdir etc/dropbear
# dropbearkey -t dss -f etc/dropbear/dropbear_dss_host_key
# dropbearkey -t rsa -s 2048 -f etc/dropbear/dropbear_rsa_host_key
# mkdir var/run
9.7开机自动挂载远程虚拟终端设备文件以及所需要的目录
在系统初始化脚本中添加如下一行,是目标系统启动时创建/dev/pts目录
mkdir /dev/pts
在目标机中的fstab添加如下一行
devpts /dev/pts devpts defaults 0 0
9.8使dropbea开机能够自动启动服务,关机自动关闭服务
# cd /mnt/sysroot/etc
1.创建运行dropbear服务时所需要的目录
# mkdir rc.d/init.d
# mkdir -pv var/lock/subsys
2.为dropbear提供服务脚本
#!/bin/bash
#
# description: dropbear ssh daemon
# chkconfig: 2345 66 33
#
dsskey=/etc/dropbear/dropbear_dss_host_key
rsakey=/etc/dropbear/dropbear_rsa_host_key
lockfile=/var/lock/subsys/dropbear
pidfile=/var/run/dropbear.pid
dropbear=/usr/local/sbin/dropbear
dropbearkey=/usr/local/bin/dropbearkey
[ -r /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/dropbear ] && . /etc/sysconfig/dropbear
keysize=${keysize:-1024}
port=${port:-22}
gendsskey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the dss key: "
$dropbearkey -t dss -f $dsskey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
genrsakey() {
[ -d /etc/dropbear ] || mkdir /etc/dropbear
echo -n "Starting generate the rsa key: "
$dropbearkey -t rsa -s $keysize -f $rsakey &> /dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
success
echo
return 0
else
failure
echo
return 1
fi
}
start() {
[ -e $dsskey ] || gendsskey
[ -e $rsakey ] || genrsakey
if [ -e $lockfile ]; then
echo -n "dropbear daemon is already running: "
success
echo
exit 0
fi
echo -n "Starting dropbear: "
daemon --pidfile="$pidfile" $dropbear -p $port -d $dsskey -r $rsakey
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch $lockfile
return 0
else
rm -f $lockfile $pidfile
return 1
fi
}
stop() {
if [ ! -e $lockfile ]; then
echo -n "dropbear service is stopped: "
success
echo
exit 1
fi
echo -n "Stopping dropbear daemon: "
killproc dropbear
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
rm -f $lockfile $pidfile
return 0
else
return 1
fi
}
status() {
if [ -e $lockfile ]; then
echo "dropbear is running..."
else
echo "dropbear is stopped..."
fi
}
usage() {
echo "Usage: dropbear {start|stop|restart|status|gendsskey|genrsakey}"
}
case $1 in
start)
start ;;
stop)
stop ;;
restart)
stop
start
;;
status)
status
;;
gendsskey)
gendsskey
;;
genrsakey)
genrsakey
;;
*)
usage
;;
esac
3.给dropbear脚本可执行权限
# chmod +x rc.d/init.d/dropbear
4.复制宿主机中的functions至目标磁盘
# cp /etc/rc.d/init.d/functions rc.d/init.d/
5.创建连接文件以便于开机自动启动,关机自动停止
# cd rc.d/
# ln -sv init.d/dropbear dropbear.start
# ln -sv init.d/dropbear dropbear.stop
6.编辑为目标提供的rc.sysinit,在最后一行添加如下代码,使其开机后自动启动服务
#vim rc.sysinit
/etc/rc.d/*.start start
7.编辑rc.sysdown使其能够关机之前自动关闭服务
# vim rc.sysdown
#!/bin/bash
#
sync
sleep 3
sync
/etc/rc.d/*.stop stop
/bin/umount -a -r
poweroff
8.在inittab中将最后一行改为如下行
# vim ../inittab
::shutdown:/etc/rc.d/rc.sysdown
9.9成功移植dropbear,并能够提供ssh服务
10.移植Nginx,提供web服务
10.1编译安装Nginx-1.5.9
编译安装Nginx
# groupadd -r nginx
# useradd -r -g nginx -s /bin/nologin nginx
# tar -xf nginx-1.5.9.tar.gz
# cd nginx-1.5.9
# ./configure
--prefix=/usr/local/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx/nginx.pid
--lock-path=/var/lock/nginx.lock
--user=nginx --group=nginx
--group=nginx
--without-http_rewrite_module
--without-pcre --without-http_geo_module
--without-http_uwsgi_module
--without-http_fastcgi_module
--without-http_scgi_module
--without-http_memcached_module
# make && make install
# /usr/local/nginx/sbin/nginx
# ss -ntl | grep ":80"
LISTEN 0 128 *:80 *:*
10.2宿主机完成编译安装,并成功启动
10.3移植Nginx到目标机中
1为Nginx提供属主和属组,使其能正常启动
grep "^nginx" /etc/passwd >> passwd
#grep "^nginx" /etc/group >> group
# grep "^nginx" /etc/shadow >> shadow
2自定以脚本移植nginx
# bash /study/cpcommand.sh
Enter a available Command OR quit (quit):/usr/local/nginx/sbin/nginx
Copy /usr/local/nginx/sbin/nginx Successful!!!
Copy /lib/libpthread.so.0 Successful!!!
LibFile Exist! .....Enter Again!
Copy /usr/lib/libcrypto.so.10 Successful!!!
LibFile Exist! .....Enter Again!
LibFile Exist! .....Enter Again!
LibFile Exist! .....Enter Again!
LibFile Exist! .....Enter Again!
LibFile Exist! .....Enter Again!
Enter a available Command OR quit (quit):quit
quit wait 1 second.....
3.将nginx的配置文件移植目标系统
# cp -r /etc/nginx /mnt/sysroot/etc/
4.为属主机提供web服务的根目录和测试页
mkdir /mnt/sysroot/usr/local/html
# vim /mnt/sysroot/usr/local/index.html
<h1> Tiny Linux </h1>
5.为宿主机提供服务启动脚本
# vim /mnt/sysroot/etc/rc.d/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile: /var/run/nginx.pid
# Source function library.
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
6.给服务脚本提供可执行权限
# chmod +x /mnt/sysroot/etc/rc.d/init.d/nginx
7.使Nginx能够开机自动启动,关机自动关闭
# cd /mnt/sysroot/etc/rc.d
# ln -sv init.d/nginx nginx.start
# ln -sv init.d/nginx nginx.stop
8.创建启动nginx所需要的目录
# mkdir /mnt/sysroot/var/log/nginx
# mkdir /mnt/sysroot/usr/local/logs
10.4多执行几次sync然后关闭宿主机然进行测试
将目标标机的根文件系统重新挂载为读写(如果使其开机自动启动则修改目标机中的fstab)
# mount -o remount,rw /
# /usr/local/sbin/nginx
nginx已然启动 -bash-4.1# netstat -antl Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 232 172.16.19.10:22 172.16.19.254:49889 ESTABLISHED
11验证每一个用户新建立的连接
# bash /study/cpcommand.sh Enter a available Command OR quit (quit):xauth Copy xauth Successful!!! Copy /usr/lib/libXau.so.6Successful!!! Copy /usr/lib/libXext.so.6Successful!!! Copy /usr/lib/libXmuu.so.1Successful!!! Copy /usr/lib/libX11.so.6Successful!!! LibFile Exist! .....Enter Again! Copy /usr/lib/libxcb.so.1Successful!!! LibFile Exist! .....Enter Again! LibFile Exist! .....Enter Again! Enter a available Command OR quit (q # mkdir /mnt/sysroot/usr/bin/X11 cp /mnt/sysroot/usr/bin/xauth /mnt/sysroot/usr/bin/X11
12为新定制系统提供提示符,显示连接到当前系统的IP
在目标机的根目录下提供.bash_profile文件
# vi .bash_profile export PS1='[\u@`ifconfig | grep 'inet' | head -1 | cut -d: -f2 | cut -d" " -f1` \W]\$ ' export PATH=/sbin:/usr/sbin:/usr/loacl/bin:/usr/local/sbin:$PATH
命令移植脚本
#!/bin/bash
#
# Input the command that need copying
Input_Command(){
while true;do
read -p "Enter a available Command OR quit (quit):" command
[ "$command" == "quit" ] && echo -e "\033[31m quit wait 1 second.....\033[0m" && sleep 1 && exit 0
if which $command &>/dev/null ;then
break
else
echo -e "\033[31m Command is wrong \033[0m"
continue
fi
done
}
#Copying command to destion directory
CopyCommand(){
Dir=/mnt/sysroot
[ -d $Dir ] || mkdir $Dir
Filename=`which --skip-alias $command`
FDir=`dirname $Filename`
[ -d ${Dir}$FDir ] || mkdir -p ${Dir}$FDir
#echo "Filename:$Filename"
if [ -e ${Dir}$Filename ];then
echo -e "\033[32m Commomd Exist! .....Enter Again!\033[0m"
return 2
fi
if cp -i $Filename ${Dir}$FDir ;then
echo -e "\033[32m Copy $command Successful!!!\033[0m"
fi
}
#Copying Lib of depedenting on command to destion directory
CopyLib(){
Input_Command
CopyCommand
for i in `ldd $Filename | grep -o "[[:space:]]\{1,\}/[^[:space:]]*"` ;do
LDir=`dirname $i`
[ -d ${Dir}$LDir ] || mkdir -p ${Dir}$LDir
if [ -e ${Dir}$i ];then
echo -e "\033[32m LibFile Exist! .....Enter Again!\033[0m"
continue
fi
if cp -i $i ${Dir}$LDir ;then
echo -e "\033[32m Copy $i Successful!!!\033[0m"
fi
done
}
main(){
while true;do
CopyLib
done
}
main
新定制的微型linux系统能正常运行,并能启用虚拟终端,够实现多用户基于用户帐号和密码登录,
并能够提供ssh服务和web服务,该系统可以自行添加应用程序以及所需的服务。
总结:
当使用make menuconfig 定制linux统时,如果出现与系统配置相关的错误时,修改.config文件不会生效,必须使用make clean 或make mrproper清除编译生成的文件,重新编译内核。
在定制自己的linux系统时出现了很多问题,一下是自己解决问题过程(我的系统编译环境是32位,使用的AMDP6100的cpu):
1.在启动新定制的微型linux系统时,出现如下错误VFS:Cannot open root device “sda2” or unkonwn-block(0,0):errpr -6
Kernel panic - not syncing:VFS:Unable to mount root fs on unknown-block(0,0)时,开始我
修改grub配置文件,发现不是grub配置文件的问题,最后通过网上查找资料,找到是编译时的问题,然后重新进行编译执行make menuconfig时选择则选择以下两个选项就能上面的解决问
Device Drivers --->[*] Fusion MPT device support ---><*> Fusion MPT ScsiHost drivers for SPI
Device Drivers --->[*] Fusion MPT device support ---><*> Fusion MPT misc device (ioctl) driver
2.当系统出现Filesystem with huge files cannot be mounted rdwr without config_lbdaf错误时
只需要在执行make menuconfig选择-*- Enable the block layer --->[*] Support for large (2TB+) block devices and files
选样就能解决问题
转载于:https://blog.51cto.com/openlinuxfly/1391878
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
