Linux 笔记

What does "{} ;" mean in the find command?

If you run find with exec, {} expands to the filename of each file or directory found with find (so that ls in your example gets every found filename as an argument - note that it calls ls or whatever other command you specify once for each file found).

Semicolon ; ends the command executed by exec. It needs to be escaped with \ so that the shell you run find inside does not treat it as its own special character, but rather passes it to find.

See this article for some more details.

---

Also, find provides some optimization with exec cmd {} + - when run like that, find appends found files to the end of the command rather than invoking it once per file (so that the command is run only once, if possible).

The difference in behavior (if not in efficiency) is easily noticeable if run with ls, e.g.

find ~ -iname '*.jpg' -exec ls {} \;
# vs
find ~ -iname '*.jpg' -exec ls {} +

Assuming you have some jpg files (with short enough paths), the result is one line per file in first case and standard ls behavior of displaying files in columns for the latter.

What is the difference of cp -p and cp -a in UNIX?

With the -p option, the copy has the same modification time, the same access time, and the same permissions as the original. It also has the same owner and group as the original, if the user doing the copy has the permission to create such files.

The -a option means -R and -p, plus a few other preservation options. It attempts to make a copy that's as close to the original as possible: same directory tree, same file types, same contents, same metadata (times, permissions, extended attributes, etc.).

What is the chroot command used for when resetting a password in RHEL/CentOS 7?

You're talking about the procedure to reset a lost root password. This is needed only when the root password is lost and there is no sudo root access or similar available.

At boot, the bootloader (usually GRUB) loads 2 files: the kernel and the initramfs (also known as initrd) file. The initramfs file contains a minimal filesystem that includes any tools and kernel modules required to activate the real root filesystem, its disk controller(s) and other features necessary to activate it (e.g. any combination of: LVM, disk encryption, multipathing and/or software RAID).

The rd.break boot option tells the boot sequence to stop while the system is still using initramfs, but the real root filesystem is already mounted at /sysroot. Normally the next step would be a pivot_root operation to switch /sysroot into a real root filesystem, start executing stuff from there and then remove the initramfs from memory.

By stopping within the initramfs we gain access to the emergency shell. But the initramfs has a very limited number of commands available, and editing the initramfs's /etc/passwd file would achieve nothing as the entire initramfs gets replaced by the real root filesystem anyway.

The root filesystem is initially mounted in read-only mode in order to allow filesystem checking. The first step is to remount it read-write, to allow the password change to stick.

The chroot /sysroot command means: "start a new shell in such a way that for that shell the /sysroot directory will appear as /." Within that chrooted shell, /etc/passwd and /etc/shadow will refer to the real password files in the real root filesystem, and /bin/passwd will be the same command you'll use when the system is running normally. Since this chrooted shell was started from the emergency shell, you already have full root access, and you can use the passwd command to set a new password for anyone without being asked for the old one first - including setting a new root password.

Once the procedure is complete, the first exit command will exit the chrooted shell and return you to the initial emergency shell, which still sees the real root filesystem as /sysroot. The second exit command will return control to the boot scripts, which usually trigger a reboot whenever emergency shell has been used.

Was this the sort of explanation you needed?

What is chroot Linux sys call and How to Control It: Sandbox with Seccomp | by Seifeddine Rajhi | Medium --- 什么是 chroot Linux sys 调用以及如何控制它：使用 Seccomp 的沙盒 |由 Seifeddine Rajhi |中等