BradChesney79's questions

http://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php

这个 2017 教程使用 hdb olcDatabase——现代安装默认为 mdb。

我的步骤是：http ://www.rjsystems.nl/en/2100-d6-kerberos-openldap-provider.php#cncf

更改 2.1.1

# 2.1.1
dn: olcDatabase={1}hdb,cn=config
changetype: modify
delete: olcAccess
olcAccess: {2}to *
  by self write
  by dn="cn=admin,dc=example,dc=com" write
  by * read

首先，我知道我使用的 OpenLDAP 版本默认为 mdb——但是，这个简单的更改是不够的。

我知道 dn: olcDatabase={1}hdb,cn=config 需要修改以获得匹配。我认为当您没有登录到 OpenLDAP 机器本身时，这会删除管理员权限。但是，我还不够聪明，无法理解如何构造一个好的搜索字符串，甚至将它拆开。我只是还没有摸透它。

我确实学会了如何转储我的配置树。

root@auth:~/ldap# slapcat -n 0
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 4233e57c-461f-103b-823a-eddba7c2a4d6
creatorsName: cn=config
createTimestamp: 20210510210556Z
olcLogLevel: stats
entryCSN: 20210510211216.057315Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20210510211216Z

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
structuralObjectClass: olcModuleList
entryUUID: 42344030-461f-103b-8242-eddba7c2a4d6
creatorsName: cn=admin,cn=config
createTimestamp: 20210510210556Z
entryCSN: 20210510210556.957974Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20210510210556Z

...

dn: olcBackend={0}mdb,cn=config
objectClass: olcBackendConfig
olcBackend: {0}mdb
structuralObjectClass: olcBackendConfig
entryUUID: 423454b2-461f-103b-8243-eddba7c2a4d6
creatorsName: cn=admin,cn=config
createTimestamp: 20210510210556Z
entryCSN: 20210510210556.958497Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20210510210556Z

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
structuralObjectClass: olcDatabaseConfig
entryUUID: 4233e996-461f-103b-823b-eddba7c2a4d6
creatorsName: cn=config
createTimestamp: 20210510210556Z
entryCSN: 20210510210556.955757Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210510210556Z

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: 4233ef9a-461f-103b-823c-eddba7c2a4d6
creatorsName: cn=config
createTimestamp: 20210510210556Z
entryCSN: 20210510210556.955910Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20210510210556Z

dn: olcDatabase={1}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {1}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=bradchesney,dc=net
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non
 e
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=bradchesney,dc=net
olcRootPW:: e1NTSEF9aGdrUVFacXpaMHBaTkVIYjVvalZwbEswQ1o5cWxsaXA=
olcDbCheckpoint: 512 30
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq
olcDbMaxSize: 1073741824
structuralObjectClass: olcMdbConfig
entryUUID: 423457f0-461f-103b-8244-eddba7c2a4d6
creatorsName: cn=admin,cn=config
createTimestamp: 20210510210556Z
entryCSN: 20210510210556.958581Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20210510210556Z

但是，现在呢？

我的猜测是我需要以某种方式连接到 olcDatabase——在我的 config.ldif slapcat 转储中存在几次并删除这些条目。我的解释是，它就像 HTML 中的类——你结合搜索类，直到你提炼到你想要的元素的不同子集。这可能是一个错误的观点。

我每周只有几天每天真正使用服务器几个小时。

它是一个备份服务器，它向客户端请求备份数据。

该部分已得到处理，它通过预定的魔术包唤醒并执行其操作。这都很好。我可以唤醒它以在计划外使用它，这也很好。

我怎么让它知道网络有一段时间没有被使用并让自己进入睡眠状态？我想要记录的网络流量是 SSH、SFTP、rsync 和来自 Canonical 的更新。所有其他流量只是我不在乎的喋喋不休。

我想将以下伪代码作为 cron 脚本放入......每 15 分钟左右检查一次。我不担心添加 cron 功能，我对此充满信心。

if [ lastSignificantNetworkActivity > 3h ] { hibernate }

我可能有 X->Y 问题。我只想让我的服务器在通常的 18 小时内处于低功耗保存到磁盘状态，否则它什么也不做。我认为网络活动是一个很好的测试指标。我愿意接受更发达和更强大的解决方案或固有的服务器属性来检查是否存在。

（我不确定每天的电源循环是否会比 ZFS 整天运行数据完整性检查的持续磨损更糟……只是不确定。）

我认为这是我出错的地方——但我不确定这是否真的是问题所在，即使是，我也不知道该怎么办。

nl80211：无法配置驱动程序模式

nl80211：deinit ifname=wlp6s0 disabled_11b_rates=0

nl80211：删除监控接口：refcount=0

nl80211: 移除信标 (ifindex=8)

netlink：操作状态：ifindex=8 链接模式=0（内核控制），操作状态=6（IF_OPER_UP）

nl80211 驱动程序初始化失败。

我已经通过使用不太理想的配置排除了它在物理上不起作用 - 我看到它出现在我的笔记本电脑上可用的互联网连接列表中并已连接 - 无线 g 速度为 54mbps。我希望我会制作该配置的 .bak 文件，但我没有。即使我这样做了，我也在使用 802.11ac 硬件，因为我希望它运行得更快。

是的，我可以买现成的东西，那会很棒。网络不是我的核心技能。构建基于 x86 的路由器可以很好地分散生活需求，一种爱好，而且大部分时间都很有趣。但是，我又被卡住了，我不知道这次如何进行。

我会在下面发布大量您可能甚至不需要的东西......我很高兴发布任何其他可以帮助您帮助我的东西。感谢您花时间阅读我的问题。再次感谢。

这是使用 wlp6s0.conf 文件启动 hostapd 服务的结果，该文件提供了 WLE900VX 802.11ac 卡的详细信息：

root@gate:/etc/hostapd# service hostapd stop && echo "==================================================================" && hostapd -dddddB /etc/hostapd/wlp6s0.conf

==================================================================
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/wlp6s0.conf
ctrl_interface_group=0
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
rfkill: initial event: idx=1 type=1 op=0 soft=0 hard=0
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Supported cipher 00-0f-ac:6
nl80211: Using driver-based off-channel TX
nl80211: interface wlp6s0 in phy phy0
nl80211: Set mode ifindex 8 iftype 3 (AP)
nl80211: Setup AP(wlp6s0) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0x558ab92af100
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) 
nl_handle=0x558ab92af100 match=
nl80211: Register frame command failed (type=176): ret=-114 (Operation already in progress)
nl80211: Register frame match - hexdump(len=0): [NULL]
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlp6s0 disabled_11b_rates=0
nl80211: Remove monitor interface: refcount=0
nl80211: Remove beacon (ifindex=8)
netlink: Operstate: ifindex=8 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211 driver initialization failed.
hostapd_interface_deinit_free(0x558ab92ae710)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0x558ab92ae710)
wlp6s0: interface state UNINITIALIZED->DISABLED
hostapd_bss_deinit: deinit bss wlp6s0
wlp6s0: AP-DISABLED 
hostapd_cleanup(hapd=0x558ab92af900 (wlp6s0))
hostapd_free_hapd_data: Interface wlp6s0 wasn't started
hostapd_interface_deinit_free: driver=(nil) drv_priv=(nil) -> 
hapd_deinit
hostapd_interface_free(0x558ab92ae710)
hostapd_interface_free: free hapd 0x558ab92af900
hostapd_cleanup_iface(0x558ab92ae710)
hostapd_cleanup_iface_partial(0x558ab92ae710)
hostapd_cleanup_iface: free iface=0x558ab92ae710

我在这里定义了一些接口：

root@gate:/etc/network# tail -n1000 interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules

# The primary network interface
auto enp7s0
iface enp7s0 inet dhcp

# Wireless interfaces
auto wlp1s0
iface wlp1s0 inet static
  address 192.168.1.220
  netmask 255.255.255.0

auto wlp6s0
iface wlp6s0 inet static
  address 192.168.1.230
  netmask 255.255.255.0

这是 ifconfig 的输出：

root@gate:/etc/hostapd# ifconfig

enp7s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.1.103  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::d250:99ff:fe5c:3a18  prefixlen 64  scopeid 0x20<link>
    ether d0:50:99:5c:3a:18  txqueuelen 1000  (Ethernet)
    RX packets 8900  bytes 7106294 (6.7 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 1484  bytes 183661 (179.3 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1  (Local Loopback)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 0  bytes 0 (0.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp1s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    inet 192.168.1.220  netmask 255.255.255.0  broadcast 192.168.1.255
    ether e4:ce:8f:52:2a:23  txqueuelen 1000  (Ethernet)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 0  bytes 0 (0.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp6s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    inet 192.168.1.230  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::6f0:21ff:fe18:4a2  prefixlen 64  scopeid 0x20<link>
    ether 04:f0:21:18:04:a2  txqueuelen 1000  (Ethernet)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 12  bytes 1144 (1.1 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

我认为我的 hostapd.conf 风格的 wlp6s0.conf 文件是相关的：

root@gate:/etc/hostapd# tail -n1000 wlp6s0.conf

interface=wlp6s0
driver=nl80211
hw_mode=a
channel=0
ssid=q2900mac

auth_algs=1

wmm_enabled=1

ieee80211d=1
country_code=US

wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=TKIP
wpa_passphrase=password

ieee80211n=1

ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CK-40][LDPC][MAX-AMSDU-3839]

ieee80211ac=1

vht_capab=[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP7][TX-ANTENNA-PATTERN][RX-ANTENNA-PATTERN]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42


ctrl_interface=/var/run/wlp6s0
ctrl_interface_group=0

这种情况与 iw 列表中的信息一起使用：

root@gate:/etc/hostapd# iw list

Wiphy phy0
    max # scan SSIDs: 16
    max scan IEs length: 195 bytes
    max # sched scan SSIDs: 0
    max # match sets: 0
    max # scan plans: 1
    max scan plan interval: -1
    max scan plan iterations: 0
    Retry short limit: 7
    Retry long limit: 4
    Coverage class: 0 (up to 0m)
    Device supports RSN-IBSS.
    Device supports AP-side u-APSD.
    Supported Ciphers:
            * WEP40 (00-0f-ac:1)
            * WEP104 (00-0f-ac:5)
            * TKIP (00-0f-ac:2)
            * CCMP-128 (00-0f-ac:4)
            * CMAC (00-0f-ac:6)
    Available Antennas: TX 0x7 RX 0x7
    Configured Antennas: TX 0x7 RX 0x7
    Supported interface modes:
             * managed
             * AP
             * AP/VLAN
             * monitor
             * mesh point
    Band 1:
            Capabilities: 0x19ef
                    RX LDPC
                    HT20/HT40
                    SM Power Save disabled
                    RX HT20 SGI
                    RX HT40 SGI
                    TX STBC
                    RX STBC 1-stream
                    Max AMSDU length: 7935 bytes
                    DSSS/CCK HT40
            Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
            Minimum RX AMPDU time spacing: 8 usec (0x06)
            HT TX/RX MCS rate indexes supported: 0-23
            Bitrates (non-HT):
                    * 1.0 Mbps
                    * 2.0 Mbps (short preamble supported)
                    * 5.5 Mbps (short preamble supported)
                    * 11.0 Mbps (short preamble supported)
                    * 6.0 Mbps
                    * 9.0 Mbps
                    * 12.0 Mbps
                    * 18.0 Mbps
                    * 24.0 Mbps
                    * 36.0 Mbps
                    * 48.0 Mbps
                    * 54.0 Mbps
            Frequencies:
                    * 2412 MHz [1] (30.0 dBm)
                    * 2417 MHz [2] (30.0 dBm)
                    * 2422 MHz [3] (30.0 dBm)
                    * 2427 MHz [4] (30.0 dBm)
                    * 2432 MHz [5] (30.0 dBm)
                    * 2437 MHz [6] (30.0 dBm)
                    * 2442 MHz [7] (30.0 dBm)
                    * 2447 MHz [8] (30.0 dBm)
                    * 2452 MHz [9] (30.0 dBm)
                    * 2457 MHz [10] (30.0 dBm)
                    * 2462 MHz [11] (30.0 dBm)
                    * 2467 MHz [12] (disabled)
                    * 2472 MHz [13] (disabled)
                    * 2484 MHz [14] (disabled)
    Band 2:
            Capabilities: 0x19ef
                    RX LDPC
                    HT20/HT40
                    SM Power Save disabled
                    RX HT20 SGI
                    RX HT40 SGI
                    TX STBC
                    RX STBC 1-stream
                    Max AMSDU length: 7935 bytes
                    DSSS/CCK HT40
            Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
            Minimum RX AMPDU time spacing: 8 usec (0x06)
            HT TX/RX MCS rate indexes supported: 0-23
            VHT Capabilities (0x338001b2):
                    Max MPDU length: 11454
                    Supported Channel Width: neither 160 nor 80+80
                    RX LDPC
                    short GI (80 MHz)
                    TX STBC
                    RX antenna pattern consistency
                    TX antenna pattern consistency
            VHT RX MCS set:
                    1 streams: MCS 0-9
                    2 streams: MCS 0-9
                    3 streams: MCS 0-9
                    4 streams: not supported
                    5 streams: not supported
                    6 streams: not supported
                    7 streams: not supported
                    8 streams: not supported
            VHT RX highest supported: 0 Mbps
            VHT TX MCS set:
                    1 streams: MCS 0-9
                    2 streams: MCS 0-9
                    3 streams: MCS 0-9
                    4 streams: not supported
                    5 streams: not supported
                    6 streams: not supported
                    7 streams: not supported
                    8 streams: not supported
            VHT TX highest supported: 0 Mbps
            Bitrates (non-HT):
                    * 6.0 Mbps
                    * 9.0 Mbps
                    * 12.0 Mbps
                    * 18.0 Mbps
                    * 24.0 Mbps
                    * 36.0 Mbps
                    * 48.0 Mbps
                    * 54.0 Mbps
            Frequencies:
                    * 5180 MHz [36] (23.0 dBm)
                    * 5200 MHz [40] (23.0 dBm)
                    * 5220 MHz [44] (23.0 dBm)
                    * 5240 MHz [48] (23.0 dBm)
                    * 5260 MHz [52] (23.0 dBm) (no IR, radar detection)
                    * 5280 MHz [56] (23.0 dBm) (no IR, radar detection)
                    * 5300 MHz [60] (23.0 dBm) (no IR, radar detection)
                    * 5320 MHz [64] (23.0 dBm) (no IR, radar detection)
                    * 5500 MHz [100] (23.0 dBm) (no IR, radar detection)
                    * 5520 MHz [104] (23.0 dBm) (no IR, radar detection)
                    * 5540 MHz [108] (23.0 dBm) (no IR, radar detection)
                    * 5560 MHz [112] (23.0 dBm) (no IR, radar detection)
                    * 5580 MHz [116] (23.0 dBm) (no IR, radar detection)
                    * 5600 MHz [120] (23.0 dBm) (no IR, radar detection)
                    * 5620 MHz [124] (23.0 dBm) (no IR, radar detection)
                    * 5640 MHz [128] (23.0 dBm) (no IR, radar detection)
                    * 5660 MHz [132] (23.0 dBm) (no IR, radar detection)
                    * 5680 MHz [136] (23.0 dBm) (no IR, radar detection)
                    * 5700 MHz [140] (23.0 dBm) (no IR, radar detection)
                    * 5720 MHz [144] (23.0 dBm) (radar detection)
                    * 5745 MHz [149] (30.0 dBm)
                    * 5765 MHz [153] (30.0 dBm)
                    * 5785 MHz [157] (30.0 dBm)
                    * 5805 MHz [161] (30.0 dBm)
                    * 5825 MHz [165] (30.0 dBm)
    Supported commands:
             * new_interface
             * set_interface
             * new_key
             * start_ap
             * new_station
             * new_mpath
             * set_mesh_config
             * set_bss
             * authenticate
             * associate
             * deauthenticate
             * disassociate
             * join_ibss
             * join_mesh
             * remain_on_channel
             * set_tx_bitrate_mask
             * frame
             * frame_wait_cancel
             * set_wiphy_netns
             * set_channel
             * set_wds_peer
             * probe_client
             * set_noack_map
             * register_beacons
             * start_p2p_device
             * set_mcast_rate
             * channel_switch
             * set_qos_map
             * connect
             * disconnect
    Supported TX frame types:
             * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
    Supported RX frame types:
             * IBSS: 0x40 0xb0 0xc0 0xd0
             * managed: 0x40 0xd0
             * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * mesh point: 0xb0 0xc0 0xd0
             * P2P-client: 0x40 0xd0
             * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * P2P-device: 0x40 0xd0
    software interface modes (can always be added):
             * AP/VLAN
             * monitor
    valid interface combinations:
             * #{ AP, mesh point } <= 8, #{ managed } <= 1,
               total <= 8, #channels <= 1, STA/AP BI must match
    HT Capability overrides:
             * MCS: ff ff ff ff ff ff ff ff ff ff
             * maximum A-MSDU length
             * supported channel width
             * short GI for 40 MHz
             * max A-MPDU length exponent
             * min MPDU start spacing
    Device supports TX status socket option.
    Device supports HT-IBSS.
    Device supports SAE with AUTHENTICATE command
    Device supports scan flush.
    Device supports AP scan.
    Device supports per-vif TX power setting
    Driver supports full state transitions for AP/GO clients
    Driver supports a userspace MPM
    Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
    Device supports static SMPS
    Device supports configuring vdev MAC-addr on create.
    Device supports VHT-IBSS.
Wiphy phy1
    max # scan SSIDs: 4
    max scan IEs length: 2257 bytes
    max # sched scan SSIDs: 0
    max # match sets: 0
    max # scan plans: 1
    max scan plan interval: -1
    max scan plan iterations: 0
    Retry short limit: 7
    Retry long limit: 4
    Coverage class: 0 (up to 0m)
    Device supports RSN-IBSS.
    Device supports AP-side u-APSD.
    Device supports T-DLS.
    Supported Ciphers:
            * WEP40 (00-0f-ac:1)
            * WEP104 (00-0f-ac:5)
            * TKIP (00-0f-ac:2)
            * CCMP-128 (00-0f-ac:4)
            * CCMP-256 (00-0f-ac:10)
            * GCMP-128 (00-0f-ac:8)
            * GCMP-256 (00-0f-ac:9)
            * CMAC (00-0f-ac:6)
            * CMAC-256 (00-0f-ac:13)
            * GMAC-128 (00-0f-ac:11)
            * GMAC-256 (00-0f-ac:12)
    Available Antennas: TX 0x7 RX 0x7
    Configured Antennas: TX 0x7 RX 0x7
    Supported interface modes:
             * IBSS
             * managed
             * AP
             * AP/VLAN
             * WDS
             * monitor
             * mesh point
             * P2P-client
             * P2P-GO
             * outside context of a BSS
    Band 1:
            Capabilities: 0x11ef
                    RX LDPC
                    HT20/HT40
                    SM Power Save disabled
                    RX HT20 SGI
                    RX HT40 SGI
                    TX STBC
                    RX STBC 1-stream
                    Max AMSDU length: 3839 bytes
                    DSSS/CCK HT40
            Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
            Minimum RX AMPDU time spacing: 8 usec (0x06)
            HT TX/RX MCS rate indexes supported: 0-23
            Bitrates (non-HT):
                    * 1.0 Mbps
                    * 2.0 Mbps (short preamble supported)
                    * 5.5 Mbps (short preamble supported)
                    * 11.0 Mbps (short preamble supported)
                    * 6.0 Mbps
                    * 9.0 Mbps
                    * 12.0 Mbps
                    * 18.0 Mbps
                    * 24.0 Mbps
                    * 36.0 Mbps
                    * 48.0 Mbps
                    * 54.0 Mbps
            Frequencies:
                    * 2412 MHz [1] (15.0 dBm)
                    * 2417 MHz [2] (15.0 dBm)
                    * 2422 MHz [3] (15.0 dBm)
                    * 2427 MHz [4] (15.0 dBm)
                    * 2432 MHz [5] (15.0 dBm)
                    * 2437 MHz [6] (15.0 dBm)
                    * 2442 MHz [7] (15.0 dBm)
                    * 2447 MHz [8] (15.0 dBm)
                    * 2452 MHz [9] (15.0 dBm)
                    * 2457 MHz [10] (15.0 dBm)
                    * 2462 MHz [11] (15.0 dBm)
                    * 2467 MHz [12] (disabled)
                    * 2472 MHz [13] (disabled)
                    * 2484 MHz [14] (disabled)
    Band 2:
            Capabilities: 0x11ef
                    RX LDPC
                    HT20/HT40
                    SM Power Save disabled
                    RX HT20 SGI
                    RX HT40 SGI
                    TX STBC
                    RX STBC 1-stream
                    Max AMSDU length: 3839 bytes
                    DSSS/CCK HT40
            Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
            Minimum RX AMPDU time spacing: 8 usec (0x06)
            HT TX/RX MCS rate indexes supported: 0-23
            Bitrates (non-HT):
                    * 6.0 Mbps
                    * 9.0 Mbps
                    * 12.0 Mbps
                    * 18.0 Mbps
                    * 24.0 Mbps
                    * 36.0 Mbps
                    * 48.0 Mbps
                    * 54.0 Mbps
            Frequencies:
                    * 5180 MHz [36] (15.0 dBm)
                    * 5200 MHz [40] (15.0 dBm) (no IR)
                    * 5220 MHz [44] (15.0 dBm) (no IR)
                    * 5240 MHz [48] (15.0 dBm) (no IR)
                    * 5260 MHz [52] (16.0 dBm) (no IR, radar detection)
                    * 5280 MHz [56] (16.0 dBm) (no IR, radar detection)
                    * 5300 MHz [60] (16.0 dBm) (no IR, radar detection)
                    * 5320 MHz [64] (16.0 dBm) (no IR, radar detection)
                    * 5500 MHz [100] (disabled)
                    * 5520 MHz [104] (disabled)
                    * 5540 MHz [108] (disabled)
                    * 5560 MHz [112] (disabled)
                    * 5580 MHz [116] (disabled)
                    * 5600 MHz [120] (disabled)
                    * 5620 MHz [124] (disabled)
                    * 5640 MHz [128] (disabled)
                    * 5660 MHz [132] (disabled)
                    * 5680 MHz [136] (disabled)
                    * 5700 MHz [140] (disabled)
                    * 5745 MHz [149] (20.0 dBm)
                    * 5765 MHz [153] (20.0 dBm) (no IR)
                    * 5785 MHz [157] (20.0 dBm) (no IR)
                    * 5805 MHz [161] (20.0 dBm) (no IR)
                    * 5825 MHz [165] (20.0 dBm) (no IR)
    Supported commands:
             * new_interface
             * set_interface
             * new_key
             * start_ap
             * new_station
             * new_mpath
             * set_mesh_config
             * set_bss
             * authenticate
             * associate
             * deauthenticate
             * disassociate
             * join_ibss
             * join_mesh
             * remain_on_channel
             * set_tx_bitrate_mask
             * frame
             * frame_wait_cancel
             * set_wiphy_netns
             * set_channel
             * set_wds_peer
             * tdls_mgmt
             * tdls_oper
             * probe_client
             * set_noack_map
             * register_beacons
             * start_p2p_device
             * set_mcast_rate
             * channel_switch
             * set_qos_map
             * connect
             * disconnect
    Supported TX frame types:
             * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
             * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
    Supported RX frame types:
             * IBSS: 0x40 0xb0 0xc0 0xd0
             * managed: 0x40 0xd0
             * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * mesh point: 0xb0 0xc0 0xd0
             * P2P-client: 0x40 0xd0
             * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
             * P2P-device: 0x40 0xd0
    software interface modes (can always be added):
             * AP/VLAN
             * monitor
    valid interface combinations:
             * #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
               total <= 2048, #channels <= 1, STA/AP BI must match
             * #{ WDS } <= 2048,
               total <= 2048, #channels <= 1, STA/AP BI must match
    HT Capability overrides:
             * MCS: ff ff ff ff ff ff ff ff ff ff
             * maximum A-MSDU length
             * supported channel width
             * short GI for 40 MHz
             * max A-MPDU length exponent
             * min MPDU start spacing
    Device supports TX status socket option.
    Device supports HT-IBSS.
    Device supports SAE with AUTHENTICATE command
    Device supports low priority scan.
    Device supports scan flush.
    Device supports AP scan.
    Device supports per-vif TX power setting
    P2P GO supports CT window setting
    Driver supports full state transitions for AP/GO clients
    Driver supports a userspace MPM
    Device supports active monitor (which will ACK incoming frames)
    Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
    Device supports configuring vdev MAC-addr on create.

我现在在操作系统级别做什么：

初始化后，更改为需要变量的用户并导出变量，然后还指定在配置文件中设置它们——或者在 root 的情况下在 /etc/environment (Debian) 中进行设置以说明持久性

我通过“echo >>”或“sed”直接对配置文件或主配置查找设置的目录执行了很多此操作。

为了我：

export MYVAR=foobar
echo "export MYVAR=foobar" >> /home/bradchesney79/.profile

第一个使环境变量在执行时可用，但在您注销时它将消失。将命令放入您的 .profile 将在您登录时为您创建它。

sed -i s/export MYVAR=.*/export MYVAR=barfoo/g /home/bradchesney79/.profile 

为你：

sudo -u brianchesney80 export HISVAR=something 
sudo -u brianchesney80 echo "HISVAR=something" >> /home/brianchesney80/.profile

给大家：

((Not fully certain how to export globally just yet))
sudo echo "OURVAR=fffoooooobbbaaarrr" >> /etc/environment

我不喜欢重启。但是，我没有看到任何方法可以为每个人启用此处设置的环境变量。

那么，想查看其他用户的环境变量吗？

sudo -u www-data printenv PATH
sudo -u www-data env

env 提供的一个简洁的列表还不够吗？尝试：

set > /tmp/setOutput.tmp

环境变量（Ubuntu）

环境和外壳变量

使环境变量对 PHP 可用：

值得注意的是，环境变量不能自然地用于守护进程的服务，因为它们传统上不是作为继承父环境变量的子进程启动的。请记住，这是出于非常充分的理由而设置的安全屏障（环境变量将被不加选择地共享不一定是一件好事。）。我的目标是有选择地使某些可测试的环境变量值可用，以便我的系统表现不同或设置正确的凭据并在变量中可用于应用程序 - 所有这些都通过配置脚本进行实例化，其中一些在重新启动之间保持不变。

阿帕奇

例子：

export PATH="/var/www:/var/www/html"

整洁的代码片段，您可以使用它检查 envvars 文件的有效性。

sh -n /etc/apache2/envvars && echo Syntax OK || echo FAIL

/etc/apache2（Debian）中有一些设置我想我可以在虚拟主机块中使用......

例子：

SetEnv SPECIAL_PATH /foo/bin

服务器虚拟主机配置块中的上述内容将使自定义环境变量通过 $_SERVER 或 TMR 在评论中提到的类似约定在某处可用。

Apache httpd mod_env

在 httpd.conf 文件和类似文件或 .htaccess 的其他地方，您可以通过重写规则设置环境变量。

RewriteRule someurl - [E=dbpass:swordfish]

Apache Rewrite 滥用......如果你必须，你必须我猜。我一般不喜欢 .htaccess 文件，也不喜欢重写。

NGINX

看来您可以利用lua NGINX 模块将环境变量插入服务器。这个其他模块也需要。

话虽如此，这主要集中在 PHP 上——如果你使用 nginx 和 PHP——也许看看下面的 PHP 部分，这可能是一个更好的解决方案。

env PATH;
http {
    ...
    server {
        location /path {
            set_by_lua $path 'return os.getenv("PATH")';
            ...
        }
    }
}

NGINX 邮件列表线程引发了可能性

关于完整使用 lua 的博客文章

PHP

get-cfg-var()将允许您检索 PHP 项目开发人员设置的值 - 以及您设置的任意值。以这种方式在全局范围内小心命名这些变量是值得小心的，并确保阅读用户提供的注释以了解一些自动修改。

例子：

php.ini

environment_type=dev
environment_host=AWS

随机脚本whatever.php

get_cfg_var('environment_type') // returns 'dev'
get_cfg_var('environment_host') // returns 'AWS'

在 php-fpm 池配置文件中，下面将通过 $_SERVER 或 TMR 在评论中幽默我提到的类似约定在某处提供自定义环境变量。

例子：

我的池.conf

env[FOO] = bar

随机脚本whatever.php

echo $_SERVER['FOO']; // returns 'bar'

概括

• 什么： 我正在寻求的最终结果是我可以编写脚本来建立服务器。由于 weaksauce，我有一个 ansible 包装器，并且运行的 bash 脚本比我想承认的要多。无论如何，我想在操作系统用户级别设置某些变量并让它们向下传播以帮助我或多或少地“匿名化”我的 Web 应用程序代码库。

• 原因： 好处是许多细节，如用于身份验证的 RSA 密钥（是的，它们适合环境变量）、密码和其他“秘密”不在代码库中——你已经移动了所有这些“秘密”到供应脚本，显然到使用低级访问控制的正在运行的服务器上。开发人员无需更改任何代码即可运行 Web 应用程序。可以检查和处理任何配置或偏差。一次编写，满怀信心地部署到任何地方，即使不相同，一切都非常相似。配置脚本会自动将用于连接到数据库的正确 DSN 用户、主机和密码放入环境变量中；那些引用环境变量的 PHP 变量只是从一开始就选择正确的值。

• 如何： 这是我的问题。如果您已经这样做了，您会采用哪些步骤和技术？

编辑：

tl;dr - 删除了一个有争议的供应想法，提炼成一个简洁的问题主题

我已经删除了关于检测主机和根据发现配置服务器的内容。有人强烈建议，这种配置服务器的方式可能是一个糟糕的策略，并且配置工具旨在声明设置，而不是目标主机在实例化时发现有关自身的事情并做出适当的反应。——而且，最重要的是，它仅次于手头的任务。我想了解更多关于存储环境变量中可能发生变化的细节的信息，这很棒。

- AnrDaemon 特别提到打破了最小意外原则。