解决WSL中使用NTFS分区的权限问题

2020-04-30

当使用WSL的过程中访问WSL系统以外目录时候出现一些奇奇怪怪问题通常就是WSL对于NTFS分区的目录权限问题。

使用 mount -l 查看，可能长这样

[root@wsl] mount -l
rootfs on / type lxfs (rw,noatime)
none on /dev type tmpfs (rw,noatime,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
devpts on /dev/pts type devpts (rw,nosuid,noexec,noatime,gid=5,mode=620)
none on /run type tmpfs (rw,nosuid,noexec,noatime,mode=755)
none on /run/lock type tmpfs (rw,nosuid,nodev,noexec,noatime)
none on /run/shm type tmpfs (rw,nosuid,nodev,noatime)
none on /run/user type tmpfs (rw,nosuid,nodev,noexec,noatime,mode=755)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
C:\ on /mnt/c type drvfs (rw,noatime,uid=0,gid=0,case=off)
D:\ on /mnt/d type drvfs (rw,noatime,uid=0,gid=0,case=off)

可以看到 C:\ 和 D:\ 加载状况是这样的。这种情况下代表所有目录均以root权限进行访问。在使用ssh或git等工具的时候有可能会因为一些权限问题导致意外情况发生。

解决办法很简单，通过DrvFs让WSL可以支持NTFS分区增加文件metadata信息：

挂载配置

echo '[automount]
enabled = true
root = /mnt/
options = "metadata,umask=22,fmask=11"
mountFsTab = false' > /etc/wsl.conf

在PowerShell中重启WSL服务

Restart-Service LxssManager

使用 firewall 配置端口转发

2018-03-30

开启NAT转发

firewall-cmd --permanent --zone=public --add-masquerade

本机到本机

firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=8080
firewall-cmd --permanent --zone=public --add-service=http

本机到其他机器

firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.168.0.2
firewall-cmd --permanent --zone=public --add-port=80/tcp

重新加载应用

firewall-cmd --reload

只允许指定IP连入指定端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.2" port protocol="tcp" port="80" accept'

只允许指定IP段连入指定端口范围

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port protocol="tcp" port="80-8080" accept'

Linux 常用网络优化

# 发送 KeepAlive 消息的间隔 1200=2分钟
sysctl -w net.ipv4.tcp_keepalive_time=1200
# IP端口重用
sysctl -w net.ipv4.tcp_tw_reuse=1

使用 iptables 配置端口转发

2018-03-29

配置

sysctl -w net.ipv4.ip_forward=1 # 启用IP转发功能
sysctl -p # 立即生效
echo "net.ipv4.ip_forward=1" >> /usr/lib/sysctl.d/50-default.conf
iptables -t nat -A POSTROUTING -j MASQUERADE

添加端口转发脚本 portforward.sh

#!/bin/bash
# $1=listen port
# $2=connect address and port example:111.111.111.111:2222
iptables -t nat -A PREROUTING -p tcp -i eno1 --dport $1 -j DNAT --to $2

想要添加端口的时候只要这么用就好

./portforward.sh 22 111.111.111.111:22

Ubuntu安装最新版本nodejs

2018-03-29

指定版本，通常用于安装LTS版本。比如当前最新LTS版本是8

sudo curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -

Linux里面查看登录日志，并统计次数和排序，查看尝试破解密码的IP

2015-01-06

仅需一条命令

grep "Failed password for root" /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr | more

结果类似下面这样：

 4377 103.41.124.18
 4368 103.41.124.65
 3900 62.210.178.226
 2214 103.41.124.33
  409 62.210.142.105
  404 115.231.222.45
  152 122.225.97.91
   95 122.225.109.205
   81 109.195.69.233
   42 74.52.105.154
   21 87.106.184.62
   21 87.106.1.211
   21 82.165.154.23
   21 69.64.64.62
   21 67.226.156.239
   21 61.40.192.52
   21 60.213.190.98
   21 27.251.179.130
   21 222.77.190.33
   21 211.172.219.251
   21 210.249.105.10
   15 220.194.46.36
   12 203.184.128.106
    1 60.190.71.52
    1 193.104.41.58

这样我们就可以很清楚的了解有谁在尝试破解我们的密码了，之后做个相关安全策略就可以简单防治了

Linux里Git出现fatal: Unable to find remote helper for 'https'的解决方案

2014-12-30

在Linux内源码编译安装的Git如果出现了 “Unable to find remote helper for ‘https’” 错误，则说明编译的时候没有发现系统有openssl开发包。

解决办法就是在编译之前安装相关的开发包就可以了。

在CentOS系统中使用下面命令来安装

yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel

CentOS安装GO编译环境

2014-11-01

我们这里使用源码编译安装，直接按顺序执行下列命令就可以成功(我都是假设已经有root权限的情况下，所以执行之前请确认自己已有root权限)：

yum install -y mercurial gcc-c++ gcc
mkdir /usr/local
cd /usr/local
hg clone -r release https://go.googlecode.com/hg/ go
cd /usr/local/go/src
chmox +x all.bash
./all.bash
mkdir /root/go
export GOROOT=/usr/local/go
export GOPATH=/root/go
export GOBIN=/usr/local/go/bin
export GOOS=linux
export PATH=.:$PATH:/usr/local/go/bin

现在应该已经可以执行go命令测试了：

[root@root]# go version
go version go1.3.3 linux/amd64

如果想要每次进入bash时都拥有go环境，则需要新建一个文件：/etc/profile.d/go.sh 并写入以下内容

export GOROOT=/usr/local/go
export GOPATH=/root/go
export GOBIN=/usr/local/go/bin
export GOOS=linux
export PATH=.:$PATH:/usr/local/go/bin

现在随时都可以执行go命令了。

让CentOS的yum命令可以直接安装最新的nginx

2014-10-31

添加nginx的repo

echo '[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/x86_64
gpgcheck=0
enabled=1' > /etc/yum.repos.d/nginx.repo

安装

yum update
yum install nginx

是不是直接安装了最新版的nginx呢 ( ͡° ͜ʖ ͡°)

解决yum安装 openssl-devel时产生的Multilib version problems found错误

2014-06-29

今天给一台CentOS系统安装openssl-devel时，出现了如下信息：

[root@centos]# yum install -y openssl-devel
Loaded plugins: fastestmirror, security
Repository updates is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssl-devel.x86_64 0:1.0.1e-16.el6_5.14 will be installed
--> Processing Dependency: krb5-devel for package: openssl-devel-1.0.1e-16.el6_5.14.x86_64
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.10.3-15.el6_5.1 will be installed
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.10.3-15.el6_5.1.x86_64
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.4-4.el6 will be installed
---> Package libcom_err-devel.x86_64 0:1.41.12-18.el6 will be installed
---> Package libselinux-devel.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Running transaction check
---> Package libselinux.i686 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libc.so.6(GLIBC_2.8) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2(GLIBC_2.3) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed
--> Running transaction check
---> Package glibc.i686 0:2.12-1.132.el6_5.2 will be installed
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.132.el6_5.2.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.132.el6_5.2.i686
--> Running transaction check
---> Package nss-softokn-freebl.i686 0:3.14.3-10.el6_5 will be installed
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1\. You have an upgrade for libselinux which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of libselinux of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude libselinux.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2\. You have multiple architectures of libselinux installed, but
            yum can only see an upgrade for one of those arcitectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3\. You have duplicate versions of libselinux installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: libselinux-2.0.94-5.3.el6_4.1.i686 != libselinux-2.0.94-5.3.0.1.el6.centos.plus.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

最后在一个日文的网站上找到了解决办法：

yum install --enablerepo=centosplus openssl-devel

参考：http://blog.urban-theory.net/2014/06/16/openssl-devel-install-fails-on-centos-with-docker

一句话经验

2014-04-08

当内核加载失败时，使用以下命令查看出错记录，可以帮助找到问题所在：

dmesg | tail -n 30

逃避虽然可耻但有用

少壮不努力，一生在内地