Harvey Mei

Good acts are better than good intentions.

7月 012022
 

通过增加工时的方式压缩任务工期

加班工时会分摊在工作日的工时中,并体现在单个任务“工期”的缩短上。(工时增加,工期减少)

工作日的加班,应体现在单个任务的“实际开始时间”、“实际完成时间”和任务条形图上。(工期减少,任务条形图长度变短)
非工作日的加班,应体现在单个任务的“实际开始时间”、“实际完成时间”和任务条形图上。(工期减少,任务条形图长度未变化或变长(周末两天))

项目计划完成时间:7月25日
项目计划压缩工期:1个工作日


加班计划:任务3安排周六加班1个工作日


如果加班是因为应对任务的逾期风险而实施的,加班后按时完成的,则不体现在加班工时上。加班后仍未按时完成的(实际逾期),体现在任务“实际完成时间”上。

6月 302022
 

单个任务需要分阶段执行时的任务分拆设置

适用于任务在开始执行并首次更新进度后存在暂停执行后继续执行的情况。

基线开始时间:6月27日
基线完成时间:7月5日
工期:7个工作日
实际开始时间:6月27日
当前任务进度:20%

该任务在7月28日起暂停执行,执行任务分拆操作。(工期不变,任务进度百分比按实际比例可能跨拆分后任务条形图)


该任务再次开始执行时,应拖动剩余部分任务条形图至实际开始日期(6月30日)处,已反映后续任务的实际开始时间。(工期不变)


拖动剩余部分任务条形图中进度条形图未覆盖部分至实际开始日期(6月30日)处。(工期改变)

6月 302022
 

已设置基线的已开始任务在变更基线后的影响

设置基线
基线开始时间:7月5日
基线完成时间:7月11日
工期:5个工作日

设置基线后更新任务
实际开始时间:6月28日
完成百分比:30%

变更基线后(计划变更后再次设置基线)
基线开始时间:6月28日(取自任务当前“开始时间”)
基线完成时间:7月11日(任务当前未完成,即未设置实际完成时间,该基线完成时间取自当前“完成时间”)

工期:5个工作日(不变)

整体变化:

1,当前基线条形图变长。
2,当前任务条形图以设置新基线的时间点为界被截断,分别对齐当前”开始时间“和当前”完成时间“。

6月 152022
 

Java Web服务以系统非特权用户deployer运行

查看特定系统命令的默认访问控制权限列表

[deployer@s4 ~]$ cd /usr/bin/
[deployer@s4 bin]$ getfacl curl wget scp sftp telnet
# file: curl
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# file: wget
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# file: scp
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# file: sftp
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# file: telnet
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

[deployer@s4 bin]$

禁用用户deployer对特定命令的访问

[root@s4 ~]# cd /usr/bin/
[root@s4 bin]# setfacl -m u:deployer:--- curl wget scp sftp telnet
[root@s4 bin]# getfacl curl wget scp sftp telnet
# file: curl
# owner: root
# group: root
user::rwx
user:deployer:---
group::r-x
mask::r-x
other::r-x

# file: wget
# owner: root
# group: root
user::rwx
user:deployer:---
group::r-x
mask::r-x
other::r-x

# file: scp
# owner: root
# group: root
user::rwx
user:deployer:---
group::r-x
mask::r-x
other::r-x

# file: sftp
# owner: root
# group: root
user::rwx
user:deployer:---
group::r-x
mask::r-x
other::r-x

# file: telnet
# owner: root
# group: root
user::rwx
user:deployer:---
group::r-x
mask::r-x
other::r-x

[root@s4 bin]#

使用非特权用deployer执行特定命令的错误提示

[deployer@s4 bin]$ curl
-bash: /usr/bin/curl: Permission denied
[deployer@s4 bin]$ wget
-bash: /usr/bin/wget: Permission denied
[deployer@s4 bin]$ scp
-bash: /usr/bin/scp: Permission denied
[deployer@s4 bin]$ sftp
-bash: /usr/bin/sftp: Permission denied
[deployer@s4 bin]$ telnet
-bash: /usr/bin/telnet: Permission denied
[deployer@s4 bin]$

其他可选命令

chmod chown chgrp
3月 302022
 

系统环境为Fedora 35版本,当采用Fedora 36版本时,会因openssl 3.0导致make时产生兼容性提示信息。

[root@compiler httpd-2.4.53]# ./configure --help
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking ...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local/apache2]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

By default, `make install' will install all the files in
`/usr/local/apache2/bin', `/usr/local/apache2/lib' etc.  You can specify
an installation prefix other than `/usr/local/apache2' using `--prefix',
for instance `--prefix=$HOME'.

For better control, use the options below.

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --sbindir=DIR           system admin executables [EPREFIX/sbin]
  --libexecdir=DIR        program executables [EPREFIX/libexec]
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
  --infodir=DIR           info documentation [DATAROOTDIR/info]
  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
  --mandir=DIR            man documentation [DATAROOTDIR/man]
  --docdir=DIR            documentation root [DATAROOTDIR/doc/PACKAGE]
  --htmldir=DIR           html documentation [DOCDIR]
  --dvidir=DIR            dvi documentation [DOCDIR]
  --pdfdir=DIR            pdf documentation [DOCDIR]
  --psdir=DIR             ps documentation [DOCDIR]

System types:
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
  --target=TARGET   configure for building compilers for TARGET [HOST]

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --enable-layout=LAYOUT
  --enable-dtrace         Enable DTrace probes
  --enable-hook-probes    Enable APR hook probes
  --enable-exception-hook Enable fatal exception hook
  --enable-load-all-modules
                          Load all modules
  --enable-maintainer-mode
                          Turn on debugging and compile time warnings and load
                          all compiled modules
  --enable-debugger-mode  Turn on debugging and compile time warnings and turn
                          off optimization
  --enable-pie            Build httpd as a Position Independent Executable
  --enable-modules=MODULE-LIST
                          Space-separated list of modules to enable | "all" |
                          "most" | "few" | "none" | "reallyall"
  --enable-mods-shared=MODULE-LIST
                          Space-separated list of shared modules to enable |
                          "all" | "most" | "few" | "reallyall"
  --enable-mods-static=MODULE-LIST
                          Space-separated list of static modules to enable |
                          "all" | "most" | "few" | "reallyall"
  --disable-authn-file    file-based authentication control
  --enable-authn-dbm      DBM-based authentication control
  --enable-authn-anon     anonymous user authentication control
  --enable-authn-dbd      SQL-based authentication control
  --enable-authn-socache  Cached authentication control
  --disable-authn-core    core authentication module
  --disable-authz-host    host-based authorization control
  --disable-authz-groupfile
                          'require group' authorization control
  --disable-authz-user    'require user' authorization control
  --enable-authz-dbm      DBM-based authorization control
  --enable-authz-owner    'require file-owner' authorization control
  --enable-authz-dbd      SQL based authorization and Login/Session support
  --disable-authz-core    core authorization provider vector module
  --enable-authnz-ldap    LDAP based authentication
  --enable-authnz-fcgi    FastCGI authorizer-based authentication and
                          authorization
  --disable-access-compat mod_access compatibility
  --disable-auth-basic    basic authentication
  --enable-auth-form      form authentication
  --enable-auth-digest    RFC2617 Digest authentication
  --enable-allowmethods   restrict allowed HTTP methods
  --enable-isapi          isapi extension support
  --enable-file-cache     File cache
  --enable-cache          dynamic file caching. At least one storage
                          management module (e.g. mod_cache_disk) is also
                          necessary.
  --enable-cache-disk     disk caching module
  --enable-cache-socache  shared object caching module
  --enable-socache-shmcb  shmcb small object cache provider
  --enable-socache-dbm    dbm small object cache provider
  --enable-socache-memcache
                          memcache small object cache provider
  --enable-socache-redis  redis small object cache provider
  --enable-socache-dc     distcache small object cache provider
  --enable-so             DSO capability. This module will be automatically
                          enabled unless you build all modules statically.
  --enable-watchdog       Watchdog module
  --enable-macro          Define and use macros in configuration files
  --enable-dbd            Apache DBD Framework
  --enable-bucketeer      buckets manipulation filter. Useful only for
                          developers and testing purposes.
  --enable-dumpio         I/O dump filter
  --enable-echo           ECHO server
  --enable-example-hooks  Example hook callback handler module
  --enable-case-filter    Example uppercase conversion filter
  --enable-case-filter-in Example uppercase conversion input filter
  --enable-example-ipc    Example of shared memory and mutex usage
  --enable-buffer         Filter Buffering
  --enable-data           RFC2397 data encoder
  --enable-ratelimit      Output Bandwidth Limiting
  --disable-reqtimeout    Limit time waiting for request from client
  --enable-ext-filter     external filter module
  --enable-request        Request Body Filtering
  --enable-include        Server Side Includes
  --disable-filter        Smart Filtering
  --enable-reflector      Reflect request through the output filter stack
  --enable-substitute     response content rewrite-like filtering
  --enable-sed            filter request and/or response bodies through sed
  --disable-charset-lite  character set translation. Enabled by default only
                          on EBCDIC systems.
  --enable-charset-lite   character set translation. Enabled by default only
                          on EBCDIC systems.
  --enable-deflate        Deflate transfer encoding support
  --enable-xml2enc        i18n support for markup filters
  --enable-proxy-html     Fix HTML Links in a Reverse Proxy
  --enable-brotli         Brotli compression support
  --enable-http           HTTP protocol handling. The http module is a basic
                          one that enables the server to function as an HTTP
                          server. It is only useful to disable it if you want
                          to use another protocol module instead. Don't
                          disable this module unless you are really sure what
                          you are doing. Note: This module will always be
                          linked statically.
  --disable-mime          mapping of file-extension to MIME. Disabling this
                          module is normally not recommended.
  --enable-ldap           LDAP caching and connection pooling services
  --disable-log-config    logging configuration. You won't be able to log
                          requests to the server without this module.
  --enable-log-debug      configurable debug logging
  --enable-log-forensic   forensic logging
  --enable-logio          input and output logging
  --enable-lua            Apache Lua Framework
  --enable-luajit         Enable LuaJit Support
  --disable-env           clearing/setting of ENV vars
  --enable-mime-magic     automagically determining MIME type
  --enable-cern-meta      CERN-type meta files
  --enable-expires        Expires header control
  --disable-headers       HTTP header control
  --enable-ident          RFC 1413 identity check
  --enable-usertrack      user-session tracking
  --enable-unique-id      per-request unique ids
  --disable-setenvif      basing ENV vars on headers
  --disable-version       determining httpd version in config files
  --enable-remoteip       translate header contents to an apparent client
                          remote_ip
  --enable-proxy          Apache proxy module
  --enable-proxy-connect  Apache proxy CONNECT module. Requires
                          --enable-proxy.
  --enable-proxy-ftp      Apache proxy FTP module. Requires --enable-proxy.
  --enable-proxy-http     Apache proxy HTTP module. Requires --enable-proxy.
  --enable-proxy-fcgi     Apache proxy FastCGI module. Requires
                          --enable-proxy.
  --enable-proxy-scgi     Apache proxy SCGI module. Requires --enable-proxy.
  --enable-proxy-uwsgi    Apache proxy UWSGI module. Requires --enable-proxy.
  --enable-proxy-fdpass   Apache proxy to Unix Daemon Socket module. Requires
                          --enable-proxy.
  --enable-proxy-wstunnel Apache proxy Websocket Tunnel module. Requires
                          --enable-proxy.
  --enable-proxy-ajp      Apache proxy AJP module. Requires --enable-proxy.
  --enable-proxy-balancer Apache proxy BALANCER module. Requires
                          --enable-proxy.
  --enable-proxy-express  mass reverse-proxy module. Requires --enable-proxy.
  --enable-proxy-hcheck   reverse-proxy health-check module. Requires
                          --enable-proxy and --enable-watchdog.
  --enable-session        session module
  --enable-session-cookie session cookie module
  --enable-session-crypto session crypto module
  --enable-session-dbd    session dbd module
  --enable-slotmem-shm    slotmem provider that uses shared memory
  --enable-slotmem-plain  slotmem provider that uses plain memory
  --enable-ssl            SSL/TLS support (mod_ssl)
  --enable-ssl-staticlib-deps
                          link mod_ssl with dependencies of OpenSSL's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-ssl.
  --enable-optional-hook-export
                          example optional hook exporter
  --enable-optional-hook-import
                          example optional hook importer
  --enable-optional-fn-import
                          example optional function importer
  --enable-optional-fn-export
                          example optional function exporter
  --enable-dialup         rate limits static files to dialup modem speeds
  --enable-static-support Build a statically linked version of the support
                          binaries
  --enable-static-htpasswd
                          Build a statically linked version of htpasswd
  --enable-static-htdigest
                          Build a statically linked version of htdigest
  --enable-static-rotatelogs
                          Build a statically linked version of rotatelogs
  --enable-static-logresolve
                          Build a statically linked version of logresolve
  --enable-static-htdbm   Build a statically linked version of htdbm
  --enable-static-ab      Build a statically linked version of ab
  --enable-static-checkgid
                          Build a statically linked version of checkgid
  --enable-static-htcacheclean
                          Build a statically linked version of htcacheclean
  --enable-static-httxt2dbm
                          Build a statically linked version of httxt2dbm
  --enable-static-fcgistarter
                          Build a statically linked version of fcgistarter
  --enable-http2          HTTP/2 protocol handling in addition to HTTP
                          protocol handling. Implemented by mod_http2. This
                          module requires a libnghttp2 installation. See
                          --with-nghttp2 on how to manage non-standard
                          locations. This module is usually linked shared and
                          requires loading.
  --enable-nghttp2-staticlib-deps
                          link mod_http2 with dependencies of libnghttp2's
                          static libraries (as indicated by "pkg-config
                          --static"). Must be specified in addition to
                          --enable-http2.
  --enable-proxy-http2    HTTP/2 proxy module. This module requires a
                          libnghttp2 installation. See --with-nghttp2 on how
                          to manage non-standard locations. Also requires
                          --enable-proxy.
  --enable-md             Managed Domain handling
  --enable-jansson-staticlib-deps
                          link mod_md with dependencies of libjansson's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-md.
  --enable-curl-staticlib-deps
                          link mod_md with dependencies of libcurl's static
                          libraries (as indicated by "pkg-config --static").
                          Must be specified in addition to --enable-md.
  --enable-lbmethod-byrequests
                          Apache proxy Load balancing by request counting
  --enable-lbmethod-bytraffic
                          Apache proxy Load balancing by traffic counting
  --enable-lbmethod-bybusyness
                          Apache proxy Load balancing by busyness
  --enable-lbmethod-heartbeat
                          Apache proxy Load balancing from Heartbeats
  --enable-tls            TLS protocol handling using rustls. Implemented by
                          mod_tls. This module requires a librustls
                          installation. See --with-rustls on how to manage
                          non-standard locations. This module is usually
                          linked shared and requires loading.
  --enable-mpms-shared=MPM-LIST
                          Space-separated list of MPM modules to enable for
                          dynamic loading. MPM-LIST=list | "all"
  --enable-unixd          unix specific support
  --enable-privileges     Per-virtualhost Unix UserIDs and enhanced security
                          for Solaris
  --enable-systemd        Systemd support
  --enable-heartbeat      Generates Heartbeats
  --enable-heartmonitor   Collects Heartbeats
  --enable-dav            WebDAV protocol handling. --enable-dav also enables
                          mod_dav_fs
  --disable-status        process/thread monitoring
  --disable-autoindex     directory listing
  --enable-asis           as-is filetypes
  --enable-info           server information
  --enable-suexec         set uid and gid for spawned processes
  --enable-cgid           CGI scripts. Enabled by default with threaded MPMs
  --enable-cgi            CGI scripts. Enabled by default with non-threaded
                          MPMs
  --enable-dav-fs         DAV provider for the filesystem. --enable-dav also
                          enables mod_dav_fs.
  --enable-dav-lock       DAV provider for generic locking
  --enable-vhost-alias    mass virtual hosting module
  --enable-negotiation    content negotiation
  --disable-dir           directory request handling
  --enable-imagemap       server-side imagemaps
  --enable-actions        Action triggering on requests
  --enable-speling        correct common URL misspellings
  --enable-userdir        mapping of requests to user-specific directories
  --disable-alias         mapping of requests to different filesystem parts
  --enable-rewrite        rule based URL manipulation
  --enable-suexec-capabilities
                          Use Linux capability bits not setuid root suexec
  --enable-v4-mapped      Allow IPv6 sockets to handle IPv4 connections

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-included-apr     Use bundled copies of APR/APR-Util
  --with-apr=PATH         prefix for installed APR or the full path to
                             apr-config
  --with-apr-util=PATH    prefix for installed APU or the full path to
                             apu-config
  --with-pcre=PATH        Use external PCRE library
  --with-port=PORT        Port on which to listen (default is 80)
  --with-sslport=SSLPORT  Port on which to securelisten (default is 443)
  --with-distcache=PATH   Distcache installation directory
  --with-z=PATH           use a specific zlib library
  --with-libxml2=PATH     location for libxml2
  --with-brotli=PATH      Brotli installation directory
  --with-lua=PATH         Path to the Lua installation prefix
  --with-ssl=PATH         OpenSSL installation directory
  --with-nghttp2=PATH     nghttp2 installation directory
  --with-jansson=PATH     jansson installation directory
  --with-curl=PATH        curl installation directory
  --with-rustls=PATH      rustls installation directory
  --with-mpm=MPM          Choose the process model for Apache to use by
                          default. MPM={event|worker|prefork|winnt} This will
                          be statically linked as the only available MPM
                          unless --enable-mpms-shared is also specified.
  --with-module=module-type:module-file
                          Enable module-file in the modules/
                          directory.
  --with-program-name     alternate executable name
  --with-suexec-bin       Path to suexec binary
  --with-suexec-caller    User allowed to call SuExec
  --with-suexec-userdir   User subdirectory
  --with-suexec-docroot   SuExec root directory
  --with-suexec-uidmin    Minimal allowed UID
  --with-suexec-gidmin    Minimal allowed GID
  --with-suexec-logfile   Set the logfile
  --with-suexec-syslog    Use syslog for suexec logging
  --with-suexec-safepath  Set the safepath
  --with-suexec-umask     umask for suexec'd process

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L if you have libraries in a
              nonstandard directory 
  LIBS        libraries to pass to the linker, e.g. -l
  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I if
              you have headers in a nonstandard directory 
  CPP         C preprocessor

Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.

Report bugs to the package provider.
[root@compiler httpd-2.4.53]# 
3月 302022
 

未指定编译参数时的默认静态编译模块

[root@compiler bin]# ./apachectl -l
Compiled in modules:
  core.c
  mod_so.c
  http_core.c
  event.c
[root@compiler bin]#

查看所有已加载的模块

[root@compiler bin]# ./apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_event_module (static)
 authn_file_module (shared)
 authn_core_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_core_module (shared)
 access_compat_module (shared)
 auth_basic_module (shared)
 reqtimeout_module (shared)
 filter_module (shared)
 mime_module (shared)
 log_config_module (shared)
 env_module (shared)
 headers_module (shared)
 setenvif_module (shared)
 version_module (shared)
 unixd_module (shared)
 status_module (shared)
 autoindex_module (shared)
 dir_module (shared)
 alias_module (shared)
[root@compiler bin]#

启用对dbd模块的静态编译

[root@compiler httpd-2.4.53]# ./configure --enable-dbd=static

查看已静态编译的模块

[root@compiler bin]# ./apachectl -l
Compiled in modules:
  core.c
  mod_so.c
  mod_dbd.c
  http_core.c
  event.c
[root@compiler bin]# 

查看所有已加载的模块

[root@compiler bin]# ./apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 dbd_module (static)
 http_module (static)
 mpm_event_module (static)
 authn_file_module (shared)
 authn_core_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_core_module (shared)
 access_compat_module (shared)
 auth_basic_module (shared)
 reqtimeout_module (shared)
 filter_module (shared)
 mime_module (shared)
 log_config_module (shared)
 env_module (shared)
 headers_module (shared)
 setenvif_module (shared)
 version_module (shared)
 unixd_module (shared)
 status_module (shared)
 autoindex_module (shared)
 dir_module (shared)
 alias_module (shared)
[root@compiler bin]#
3月 292022
 

已经是第二次对Vandyke公司的SecureCRT产品进行付费购买了,之前是单一的SecureCRT版本,这次使用原有的序列号,升级购买了三年期的SecureCRT+SecureFX版本。

付费是对软件及其开发者的支持与尊重,我会在自己力所能及的情况下,以实际行动去支持这些优秀的软件开发者和软件企业。

这既是对于软件开发者劳动价值认同的态度问题,也是基于系统工程师对系统管理软件安全性的一贯要求。