The Technology Magazine.

Full width home advertisement

Android

Linux

Post Page Advertisement [Top]

SOLARIS QUICK REFERENCE





SOLARIS




QUICK  REFERENCE






# Uname –a à  Gives all details about the system

# Uname –m  à  Displays H/W platform (sun4u)

# Uname –p à Machine processor architecture (sparc or i386)

# uname –i  à  Machine model architecture (SUNW, Ultra 5_10)

# uname –X  à  Detailed description

# mkdir –p /data/dir  à  Creates directory and sub directory in one shot

# rmdir –r /data  à  Deletes the directory and all its subdirectory and files

# cp –r /data /data1  à  It copies the directory

# echo $MANPATH

   : /usr/local/samba/man:

# echo $PATH  à  Shows environmental path

   /usr/sbin:/usr/bin



Grep Command Options



-i   à  Searches for both upper & lower case characters

-l   à  Lists the names of files with matching lines

-n  à  Proceeds each line with the relative line number in the file

-v  à  Inverts the search to display lines that do not match the pattern

-w à  Searches for the expression as a complete word.



# find /kris –name file1  à  Searches for file file1 in /kris directory

# find /ris –name file1 –exec ls –l {} \;  à  Search and display

# find /kris –type f –size 0 –exec ls –l {} \;  à Search for the file with size 0

# find /kris –user user1  à  Shows file used by user ‘user1’



$ PATH=$PATH:/usr/ccs/bin:/usr/ucb:  à  It will get appended to the existing path



# ln –s <source filename> <destination filename>  à  Creating symbolic link

# ln <source filename> <destination filename>  à  Creating hard link





Unix File Permission



r – 4, w – 2, x – 1

_rw_ r_ _ r_ _  (644)  à  Default file permission

drwx r_x r_x  (755)  à  Default directory permission



O G O  à  Permission categories



# ls –n /var/adm

   drwxrwxr_x  5 4 4    512  nov 15 14:55  file1



5 - No of hard link to the file or directory

4 – The UID of the owner

4 – The GID of the group

512 – Size

# chmod –R 755 <directory name>  à  For inherit permission













VI Editor



Inserting and Appending Text



a          -           Append text after the cursor

A         -           Appends text at the end of the line

i           -           Inserts text before the cursor

I           -           Inserts text at the beginning of the line

o          -           Opens a new line below the cursor

O         -           Opens a new line above the cursor

:r <filename>   Inserts text from another file into the current file





Key Sequence for the VI Editor



n, left arrow or backspace       Left one characters

j or down arrow                       Down one line

k or up arrow                           Up one line

l, right arrow or spacebar         Right one character

w                     Forward one word

b                      Back one word

e                      To the end of the current word

$                      To the end of the line

0 (zero)            To the beginning of the line

^                      To the first non whitespace character on the line

Return             Down to the beginning of the next line

G                     Goes to the last line of the file

1G                   Goes to the first line of the file

:n                     Goes to the line n

nG                   Goes to the line n

Ctrl F               Pages forward one screen

Ctrl D              Scroll down one half screen

Ctrl B               Pages back one screen

Ctrl U              Scrolls up one half screen

Ctrl L               Refreshes the screen





Editing files using the VI editing commands



R                      Overwrites or replace characters to the right of the cursor

C                      Changes or overwrites characters to the end of the line

s                       Substitute a string for a character at the cursor

x                      Deletes a character at the cursor

dw                   Deletes a word or part of the word to the right of the cursor

dd                    Dletes the line containing the cursor

D                     Deletes the line from the cursor to the right end of the line

:n,nd                Deletes the line n through n





Using the Text Changing Commands



u                      Undoes the previous command

U                     Undoes all changes to the current line

.                       Repeats the previous command





Search and Replace Command



/string             Searches forward for the string

?string              Searches backward for the string

n                      Searches the next occurrence of the string

N                     Searches for the previous occurrence of the string

:%s/old/new/g           Searches for the old string and replace it with the new string globally





Using the text copying and Text Pasting Commands



yy                     Yanks a copy of a line

p                      Puts yanked or deleted text under the line containing the cursor

P                      Puts yanked or deleted text before the line containing the cursor

:n,n co n          Copies lines n through n and puts them after line n

:n,n m n           Moves lines n through n to line n





File Archives



# tar –cvf bkp.tar file1 file2  à  Will archive file1 & file2

# tar –tvf bkp.tar  à Shows the table of content

# tar –xvf bkp.tar  à  It extracts file from the tar archive



# jar –cvf bkp.tar

# jar –tvf bkp.jar

# jar –xvf bkp.jar



# compress bkp.tar  à  To compress tar archive

# ls

   bkp.tar.z

# uncompress bkp.tar.z  à  To uncompress tar archive



# gzip bkp.tar  à  To create gzip file

   bkp.tar.gz

# gunzip bkp.tar.gz  à  To extract the tar archive by gunzip

   bkp.tar



# zip out.zip bkp.tar  à  To create zip archive

# unzip out.zip  à  To extract the zip archive

 

Module – 1  à  Introducing the Solaris OE Directory Hirerarchy



/bin     Symbolic link to /usr/bin contains binary files of standard system commands

/kernel            Platform independent lodable kernel modules

/platform Platform dependable lodable kernel modules

/sbin    Single user bin directory contains essential executables

/usr     Contains programs, scripts and libraries that are used by all system users

            Unix System Resources

/var     Directory of varying files, includes temporary, logging, or status files



/dev/cua   Dial out device files for UUCP & PPP

/dev/dsk   Block disk devices                        /dev/rdsk   Raw disk devices

/dev/pts    Psuedo terminal devices    /dev/md     Metadisk devices

/dev/term  Serial devices                    /dev/sound  Audio device files

/dev/rmt   Raw magnetic tape devices



/etc/cron.d  Config info for cron utility          /etc/default   Default info for various prog.

/etc/inet      Config files - network services    /etc/init.d      Scripts to stop & start services

/etc/lp                   Config info for printer                  /etc/nfs              Config info for NFS server logging

/etc/rc#.d    Scripts for various run levels      /etc/skel  Default shell initialization files



/usr/bin       Standard system command         /usr/sbin   System administration commands

/usr/kernel  Platform independent lodable kernel module



devfsadm – Solaris 8 & 9

drvconfig – Solaris 2.x through 2.7







Module – 2  à 



Disk Slices



0 /     1 swap     2 Entire Disk     5 /opt     6 /usr     7 /export/home



/dev – Logical Device Names     /devices – Physical Device Names



/etc/path_to_inst  à  For each device, the system records its physical and instance name



# prtconf  à  Shows system information including memory size



# devfsadm  à  Will search and configure new devices added.

# devfsadm –c disk

# devfsadm –i <driver name>

# devfsadm –v  à  To print changes made to the /dev and /devices directory

# devfsadm –c  à  To invoke cleanup routines that remove unreferenced symbolic links for devices





# format

Format> label  à  To store partition details.

Format> fdisk  à  To create partitions

Format> verify à  Display partition details

Format> partition  à  To get into partition menu

Format> save  à  Saving new disk and partition :/etc/format.dat

Partition> 0  à  Change 0 partition

            select    à  Select a predefined table

            modify à  Modify a predefined partition table

            name    à  Name the current table

            print     à  Displays the current table

            label     à  Write partition map and label to the disk



# prtvtoc /dev/rdsk/c1t0d0s2  à  To view disk table

# prtvtoc /dev/rdsk/c1d0s2 > /in  à  To save disk partition details to /in file



# fmthard –s /in /dev/rdsk/c1d0s2  à  To load partition detail from file to disk









Module – 3  à  Managing the Solaris OE File System





ufs – Unix FS               hsfs – High Sierra FS               pcfs – PC FS for DOS FAT32 FS

udfs – Universal Disk Format FS                                nfs   -  Network FS

Pseudo FS – Memory based FS           tmpfs               swapfs             procfs              mntfs



VTOC present in the first sector in the raw disk area.

VTOC  -  512 sector

Boot Block  -  1-15 sector

Super Block  -  16-31

First Cylinder Group  -  32





Creating File Systems



# newfs /dev/rdsk/c1d0s0  à  Creating FS



# newfs –i 16384 /dev/rdsk/c1d0s0  à  Creating FS with data block size 16KB



# mount /dev/dsk/c1d0s0 /p1  à  Mounting partition in /p1 directory



# fstyp –v /dev/rdsk/c1d0s0 | grep minfree

 minfree 6%  à  To know the reserved disk space



# tunefs –m 2 /dev/rdsk/c1d0s0  à  This will reduce the reserved space to 2%



# umount /p1  à  To umount a partition.



à Never run the fsck command on a mounted FS. The /, /usr and /var FS should have the fsck command run on them on single user mode



# fsck /dev/rdsk/c0td0s7  à  To check the FS in interactive mode



# fsck –o f,p /dev/rdsk/c0t0d0s7  à  f – forces  p – preen or Non interactive mode



# fsck –y /dev/rdsk/c0t0d0s7  à  It answers that to all questions we said yes with –y option



# newfs –N /dev/rdsk/c0t0d0s7  à  To view the locations of alternative backup superblocks



# fsck –o b=32 /dev/rdsk/c0t0d0s7  à  Will retrieve the corrupted partition.

# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32  à  It will corrupt the partition



# df  à  Shows disk detail in blocks

# df –k (in KB)

# df –h  à  Displays disk allocation in MB & GB

# df –e  à  Points only the number of files free



# du –k  à  Displays disk use in KB

# du –s  à  Displays only the summary in 512 bytes blocks. Using the s and k options together shows summary in KB

# du –h /opt  à  Shows the disk usage by the directory



# quot –a  à  Reports on all mounted file systems

# quot –f  à  Include the number of files

# quot –h /export/home  à  Shows disk usage userwise in the particular directory







Module – 4  à  Mounts & Unmounts





# mount  à  Lists all of the mounted FS in the /etc/mnttab file



VFSTAB  à  Virtual File System Tab  /etc/vfstab

device to mount   device to fsck   mount point   FS type   fsck pass   mount at boot   mount options



à /etc/mnttab file is an mntfs file that provides read-only info about mounted FS on the local host



à The /etc/vfstab file lists all the FS to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run FS



# mount /dev/dsk/c0t0d0s7 /export/home



Mount Options : read/write, setuid, intr, nologging and largefiles, xattr and onerror.



# mount –o option,option,… device_name mount_point

# mount -o ro /dev/dsk/c0d0s7 /p3  à  Mount the partition read only.

# mount –o ro,nosuid /dev/dsk/c0t0d0s7 /export/home  à  Prohibit execution of setuid pgm.



In solaris 2GB is the large file limit. Use of nolargefiles option fails if the FS to be mounted contains large files.



# mount -o nolargefiles,noatime /dev/dsk/c0d0s7 /p3

nolargefiles  à  Won’t allow large files in this partition

noatime  à   Modification time stamp won’t get updated.



# mountall  à  Mounted local FS listed in the /etc/vfstab file

# mountall –l  à  If any FS has entry in the fsck pass field as – or 0 then it will get mounted without fsck checking. Otherwise fsck carried out before mounting



# fstype /dev/rdsk/c0t0d0s7  à  To know the FS type



# mount –F hsfs –o ro /dev/dsk/c0t6d0s0 /cdrom  à  To mount CD-Drive

# mount –F pcfs /dev/diskette /pcfs



# umount /export/home  or  umount /dev/dsk/c0t0d0s7

# umountall  à  Will unmount local FS listed in /etc/mnttab except /, /usr, /proc, /dev/fd, /var, /var/run & /tmp

# umountall –l  à  To verify the FS listed in the /etc/mnttab



# fuser –c /p3  à  Will show the process running on the partition

# fuser –ck /p3  à  Will kill the user processes



# umount –f /p3  à  Force the partition to unmount



# TERM=sun

# export TERM  à  Executes this 2 command to enable the VI editor to work properly



# ps –ef | grep vold

Vold is the daemon taking care of auto mounting CD-Rom.



# volcheck  à  Will check any media present in CD-Rom or Floppy drive



# /floppy/floppy0  à  Floppy get mounted here automatically

# /cdrom/cdrom0  à  CD-Rom get mounted here automatically



# /etc/init.d/volmgt stop (or) start



# eject cdrom  à  Will eject the CD-Rom if the vold is running



# fdformat –t dos /dev/rdiskette  à  To format a floppy with DOS mode



# fdformat  à  To format the floppy in Solaris Format.







Module – 5  à  Installation





Solaris 9 OE Installation and Upgrade options



Solaris suninstall program

Solaris Web Start Installation software

Custom Jumpstart procedure

Solaris Web Start Flash Installation

Standard upgrade

Solaris Live Upgrade method



# grep METACLUSTER /var/sadm/system/admin/.clustertoc  à To know cluster config



# cat /var/sadm/system/admin/CLUSTER  à  To know the installed cluster config

   CLUSTER=SUNWCXall



Module – 6  à  Package Administrtaion



/var/sadm/install/contents file has all the details about installed packages.



# grep showrev /var/sadm/install/contents  à  Will show whether showrev package is installed or not



à /var/sadm/pkg directory maintains a record of all installed packages



# pkginfo | more  à  Will show all installed packages

# pkginfo –l SUNWman  à  Shows information about SUNWman package

# pkginfo –d /cdrom/cdrom0/s0/Solaris_9/Product | more  à To view info about pkg in CD



# pkgadd –d /cdrom/cdrom0/Solaris_9/Product SUNWxip  à 



# pkgchk SUNWman  à  If the pkgchk command doesn’t display a message, it indicates the package was installed successfully

# pkgchk –v SUNWzip  à  To list the files contained in a software package

# pkgchk –p /etc/shadow  à  To determine if the contents and attributes of a file have changed since it was installed with its software package

# pkgchk –l SUNWman  à  Lists info about selected diles that make up a package



# pkgrm SUNWzip  à  Will remove the SUNWzip package





# pkgadd –d /cdrom/cdrom0/Solaris_9/Product –s spool SUNWzip

It will dump the SUNWzip package to /var/spool/pkg folder. Alternate path can be given instead of spool like /pkg etc.,



# pkgrm –s spool SUNWman  à  Will delete the dumped SUNWman package from spool directory



# admintool &  à  Tool (GUI) used to add users, printers, groups, softwares etc.,

# prodreg &  à  Tool (GUI) to view installed packages as well as to install & uninstall packages.



Module – 7  à  Managing Software Patches



Solaris9/PatchReport  A summary of all patches for the solaris 9 OE release

9_Recommended.README   Instruction for how to intall the recommended patch.



# showrev –p  (or)  # patchadd –p  à  Will show installed patches



à  /var/sadm/patch  -  Info about all patches that are currently installed.



Patch Name  6 digit number-revision number (117753-01)



# /usr/bin/zcat 105050-01.tar.z | tar xvf -



# cd /var/tmp

# patchadd 105050-01  à  Will add patch



à When you remove a patch, the patchrm command restores all files that were modified or replaced by that patch, unless

à The patch was installed with the patchadd –d option (Which instructs the patchadd command not to save copies of files being updated or replaced)

à The patch is required by the another patch

à The patch has been obsoleted by a later patch



# patchrm 105050-01  à  Will remove patch



Installing Patch Cluster

# cd 9_Recommended

# ./install_cluster



à  /var/sadm/install_data/Solaris_9_Recommended_log





Module – 8  à  Executing Boot PROM Commands





# /usr/platform/’uname –m’/sbin/prtdiag –v  à  To know the OpenBoot version



Stop+D  à  Press this keys when system power is turned ON to switch to diagnostic mode

                    This key sequence is not available on a serial port terminal

Stop+N  à  Press while the system is turned ON to set the NVRAM parameters to default

Stop+A  à  To get into boot PROM



à  /etc/default/kbd  -  Remove the comment for the line KEYBOARD_ABORT=disable to
                                    turn off Stop+A function inside OS. Then issue the command kbd –I





ok  go  à  To comeout of PROM prompt



ok  banner  à  Shows system configuration



ok  printenv  à   Shows all variables



ok  reset-all  à  Will save the changes and clear the buffer & reboot the system



ok  .registers  à  Displays the contents of the registers



ok  show-devs  à  Shows all device with physical path

ok  devalias  à  Shows currently available devices



à In sparc if we change values. There is no option to come out without saving.



ok  probe-ide  à  Shows ide details  and device connected

ok  probe-scsi  à  Shows scsi details and device connected

ok  probe-scsi-all  à  Identifies devices on all all SCSI buses

ok  probe-fcal-all  à  Identifies devices on all fibre channel loops



ok  nvalias <alias name> /pci@if,......................

ok  nvunalias <alias name>  à  To delete alias name



ok  show-disks  à  Desplays and allows a selection of device paths

ok  show-ttys

ok  show-displays

ok  show-nets

ok  show-tapes



ok  help  à  Shows list of help

ok  help floppy eject

ok  test  à  Runs self-test on specified systems



ok  sync  à  Manually attempts to flush memory and synchronize FS



ok  boot  à  Boot the system

ok  boot –r  à  Detect new devices (Reconfiguration boot)

ok  boot –s  à  Single user mode

ok  boot –v  à  Verbose mode – boot the system and shows the background details

ok  boot –a  à  Interactive mode. Prompt user for user input for all the process at boot time

ok  boot –rv (or) –sv



ok  printenv auto-boot?

      auto-boot?=false

ok  printenv boot-device  à  To know the variable details

      boot-device=disk

ok  setenv auto-boot? True  à  To change value to true for “auto-boot?” variable

      auto-boot?=true

ok  printenv diag-switch?

      Diag-switch?=false

ok  setenv diag-switch? True



ok  set-defaults  à  Reset all settings to factory default

ok  setenv boot-device disk cdrom net

ok  set-default boot-device  à  Will reset the default value of boot-device variable



ok  power-off  à  Will switch off the system immediately





Inside OS




# eeprom  à  Equivalent to printenv

# eeprom auto-boot

   Auto-boot?=true

# eeprom auto-boot?=false

# eeprom diag-switch?=true



Module – 9  à  Performing Boot and Shutdown Procedures





Run Levels




0        à  ok mode
s or S   Solaris OE single user mode with critical FS mounted

1        à  Single user administrative state with access to all FS available

2        à  Multiuser can access the system . All sys daemons are running except NFS

3        à  Multiuser operations with NFS & N/W resource available

4        à  Reserved

5        à  Poweroff

6        à  Reboot



# who –r  à  Shows current run level





Boot Sequence




  1. Boot PROM phase
  2. Boot program phase
  3. Kernel initialization phase
  4. init phase


/etc/inittab  à  id(S3)   rstat(3)   action(wait) Contains details about init levels



/etc/vfstab  /etc/inittab  /etc/system  à  Important Files



/etc/system  à  moddir   root device and root FS config   exclude   forceload   set



à  Always make a copy of /etc/system file before you edit the same. In case of problem , issue the interactive boot command : boot –a. When prompting for system file. Enter the path of backup file for /dev/null for a null configuration file.



/etc/init.d  à  Directory contains many process or services like volume management



/sbin  à  Each run level has an associated rc scripts located in this directory (eg /sbin/rc0)

The RC scripts rc0, rc5 & rc6 are hard linked to each other. Run control scripts
are located in /etc/init.d directory and these files are hard-linked to corresponding run control sctipts in the .etc.rc#.d directories.





Creating New Run Control Scripts




Create the script in the /etc/init.d directory and create links in the appropriate /etc/rc#.d directory for the run level in which the service is to be started and stop.



# vi /etc/init.d/filename

# chmod 744 /etc/init.d/filename

# chgrp sys /etc/init.d/filename

# cd /etc/init.d

# ln filename /etc/rc#.d/S##filename

# ln filename /etc/rc#.d/K##filename

# /etc/init.d/filename start  à  To test the filename



# init 2  à  Switch the run level to 2



# shutdown  à  Will moves to maintenance mode

# shutdown –y –g300 –i6 “The system is being rebooted” à  Reboots after 300 seconds.
                                                                                                   Default is 60 sec

# shutdown –i0 (or) i5 (or) –i6



# halt  à  Shutdown the system immediately to ok prompt

# poweroff  à  Equivalent to init5

# reboot  à  Equivalent to init6  à  These 3 commands won’t ececute rc0 kill scripts.



Module – 10  à  Performing User Administration





/etc/passwd  à  7 fields   loginID:x:UID:GID:comment:home_dir:login_shell



0 - 99 UID  à  Reserved system user accounts

100 – 60000  à  UID for users range

0  à  Root

60001  à  Reserved for the nobody account

60002  à  Reserved for noaccess account  à  To generate error message

65534  à  nobody4   The anoynomous user account



/etc/shadow  à  9 fields   loginID:password:lastchg:min:max:warn:inactive:expire:reserved

/etc/group  à  groupname:group-pwd:GID:user-list



/etc/default/passwd  à  Set values for the following parameters MAXWEEKS   MINWEEKS  
                                       PASSLENGTH(valid entries are 6,7 & 8)   WARNWEEKS



1970  –->  V4

1986  à  Sun released first OS (sunos1.0)



# useradd –u <UID> –g <GID> –G GID,GID,.. –d /export/home/user300 –m –s /bin/ksh –c “Regular User” user300

# passwd user300

# useradd –d /export/home/user305 –m user305

# useradd user306



# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-l newloginname] loginname

# usermod –l <new user name> –d /export/home/<new user name> –m <old user>

# usermod –u <UID> user301  à  Change uid to 905

# usermod –s /bin/csh user301



# userdel user301  à  Delete the user account not the home dir

# userdel –r user301  à  Delete user id & home dir



# groupadd [-g gid [-o]] groupname

# groupadd –g <GID> <groupname>

# groupmod [-g gid [-o]] [-n name] groupname

# groupmod –n <newgrpname> <oldgrpname>

# groupmod –g 400 class  à  Change GID to 400 for the group class



# groupdel group1



/etc/profile  à  The Bourne, Korn and BASH shells execute this initialization file

/etc/.login  à  The C shell looks for and executes this initialization file during logon.

There are no default global initialization files for the Z or TC shells



Bourne   /etc/profile   $HOME/.profile   /bin/sh    /etc/skel/local.profile

Korn       /etc/profile   $HOME/.profile   /bin/ksh  /etc/skel/local.profile

                                    $HOME/.kshrc

C             /etc/.login     $HOME/.cshrc     /bin/csh  /etc/skel/local.cshrc

                                    $HOME/.login                   /etc/skell/local.login





Setting Environment Variables




Bourne or Korn shell               VARIABLE=value; export VARIABLE

                                                For example: PS1=”$HOSTNAME”; export PS1



C                                              setenv variable value

                                                For example: setenv LPDEST laserprinter





# id user301  à  Shows UID of the user & primary group

# id –a user301  à  Shows secondary group details also



# groups user300  à  Shows the users groups



# chown –R <username>:grpname <directory>



# pwconv  à  To sync passwd and shadow files.



/etc/skel  à  Template files get copied once user id is created.



à By default /etc/skel/.profile file don’t have any content.





Profile Order




/etc/motd file  à  Message of the day

/etc/profile

/$HOME/.profile









Module – 11  à  Performing System Security





# who  à  List of users currently logged in to the local system. The command refers 
                  /var/adm/utmpx to obtain information

# who –m  à  Info about only the current terminal window



# rusers -l  à  Displays a list of the users logged in on local and remote hosts.



# finger –m usera  à  Displays info about the user and host name of user login session



# last  à  Displays a record of all logins and logouts (/var/adm/wtmpx)

# last –n 5 reboot  à  To view the last five system reboot times only





Recording Failed Login Attempts




# touch /var/adm/loginlog  à  File to log incorrect login. If a user tries to login 5 times  
                                                 (default) with wrong password a entry is created here.

# chown root:sys /var/adm/loginlog

# chmod 600 /var/adm/loginlog





# /usr/ucb/whoami  à  Current login name

# who am i  à  Login name of the original user





Monitoring su Attempts




/etc/default/su  à  File monitoring su login info

 


CONSOLE VARIABLE


# CONSOLE=/dev/console  à  Remove the comment (#) symbol. So that root can login
                                                    remotely by su command.

SULOG VARIABLE


SULOG=/var/adm/sulog  à  Specifies the file location of the log file





Controlling System Access




# /etc/default/login file



CONSOLE=/dev/console  à  This line should be commented to login as root from remote system



PASSREQ=YES  à  Enforces that each user should have password to login





/etc/ftpd/ftpusers  à  Lists names of users prohibited from connecting to system through FTP

/etc/ftpusers  à  Solaris 8



/etc/hosts.equiv & $HOME/.rhosts  à  Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhosts

hostname

hostname username

+



If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user



/etc/inetd.conf  à  File used to control all services



# svcadm disable (or) enable ftp (or) telnet  à  in solaris 10



# rsh 140.40.40.151

# rcp 140.40.40.151:/test/file1 .  à  To copy remote system file to local

# rcp $HOME:/file1 140.40.40.151:/tmp  à  To copy local files to remote system



# chown user2 file7  à  To change owner of a file

# chown –R user2 dir4  à  To change ownership for folder and all its subfolders

# chown user3:class file7  à  Changing both the individual and group ownership in one shot



# chgrp class file4  à  To change the group ownership of a file or directory





Setuid Permission on Executable Files




When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.

# ls –l /usr/bin/su

   _ rs r_xr_x  1  root  sys  ………….

The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use



# chmod 4555 <executable_file>  à  To set setuid permission on  a executable.

# find / -perm –4000  à  To search for setuid files





Setgid Permission on Executable Files




When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group

# ls –l /usr/bin/write

   _ r _ r_sr_x  1  root  ………….  à Displays as “s” in the group’s execute field



# chmod 2555 <executable_file>

# chmod g+s <shared_directory>  à  To set setgid for a directory

# find / -perm –2000  à  To search for setgid files





Sticky Bit Permission on Public Directories




If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.



# ls –ld /tmp

   drwxrwxrwt  6  root  sys  ……  à  Displays as “t” in the execute field for other.



# chmod 1777 <public_directory>

# find / -type d –perm –1000  à  To search for sticky bit directory







Module – 12  à  Configuring Printer Services





/etc/lp  à  Directory contains a hierarchy of LP server configuration directories and files

/var/spool/lp  à  Directory contains a list of current requests that are in the print queue.

/var/lp.logs  à  On going history of print requests

/var/lp/logs/requests  à  Completed print request job

$HOME/.printers file to set default printer (_default printername)

/etc/printers.conf  à  Contains entry for printers



# lpadmin –p printerB –c <classname>  à  Creating and adding printer class

# lpadmin –p printerD –c bldg2  à  Adding printerD to bldg2 class

# accept <classname>  à  To queuing print request

# lpstat –t  à  To check the status of the new printer class

# lp –d <classname> myfile  à  To print myfile to printer class



# lpadmin –d printername (or) printer_classname  à  To set it as default

# lpstat –d  à  To check the system’s default printer

# lpadmin –d bldg2  à  To change the default printer

# lpadmin –x printername  à  To remove a client’s printer configuration



# /usr/sadm/admin/bin/printmgr &  à  Print Manager



Removing a Server’s Printer Configuration




# reject printerD  à  Stop queuing print requests

# disable printerD  à  Stop the printer

# lpadmin –x printerD  à  Delete the printer config from the /etc/lp/printers and
                                            /etc/printers.conf



# /usr/lib/lpsched  à  Print services started

# /etc/init.d/lp start  à  Starting by script

# /usr/lib/lpshut  à  Stop print services

# /etc/init.d/lp stop  à  Stopping by script

Module – 13  à  Using Print Commands






# /usr/bin/lp filename  à  Print to default printer

# /usr/bin/lp –d printername filename

# /usr/ucb/lpr filename

# /usr/ucb/lpr –p printername filename



LP Print Service Administration Command




# /usr/sbin/accept printerD  à  Permits print requests to be queued

# /usr/sbin/reject –r “Replacing cartridge” printerD à  Stop queuing print requests

# /usr/bin/enable printerD à  Activates the specified printers

# /usr/bin/disable  à  Deactivates the specified printers

# lpmove printerC printerA à  Moves print requests from one printerC to printerA

# lpstat –o  à  Viewing print queue

# lpstat –a printerA  à  To check whether it accepting print jobs

# lpmove printerC –32 printerC –33 printerA  à  Moving individual print requests

Module – 14  à  Controlling System Processes





# /usr/dt/bin/sdtprocess &  à  GUI tool for process monitoring



# prstat  à  Displays info about active process (5 sec refresh interval)



Options for prstat command




-c  à. Continuously prints new reports below previous reports

-n nproc  à  Restricts the number of output lines

-p pidlist  à  Reports only on process that have PID

-t  à  Reports total usage summary for each users

-u euidlist  à  Reports only processes that have an EUID in the given list

-U uidlist  à  Reports only processes that have a real UID in the given list



# kill –signal PID

# pkill –signal process



# pgrep –l mail  à  To know PID

# pkill sendmail  à  To kill sendmail process



# ps –e | grep mail  à  To know PID

# kill 314  à  To kill mail process



# kill signal PID PID PID

# pkill signal process process



Default signal is 15



1          SIGHUP          Hnagup            à  Stop & start with the same pid

2          SIGNT                        Interrupt          à 

9          SIGKILL         Kill                  à  Kill forcibly

15        SIGTERM       Terminate        à  Kill properly





# pkill -1 (or) –HUP sendmail

# kill –SIGTERM (or) -15 <pid>

# kill –SIGKILL (or) -9 <pid>

# kill –SIGHUP  (or) -1 (or) –HUP <pid>



# renice –n -10 195  à  To change priority

-20  à  Highest priority for a process

0  à  Neutral priority

+20  à  Least priority



# psrinfo  à  shows how long the system is running



#  ps –e  à  Shows all system process

# ps –ef  à  Default process details with command or service name

# ps –ef | grep cron  à  To view specific process



# at 9:00 pm

at> find /export/home/user2 –name core rm {} \;

at> Ctrl+D

# at now

at> banner “welcome” > /dev/pts/4

at> ctrl+d

#



# at –l 1016078400.a  à  Reports jobs schedule



# atq  à  Shows the at jobs queue



# ls –l /var/spool/cron/atjobs  à  Directory contains the at jobs



# at –r 1016078400.a  à  To remove the at job



/etc/cron.d/at.deny  à  We can add username to this file to deny access to at jobs

/etc/cron.d/at.allow  à  We can add username to this file to allow access to at jobs

If neither file at.allow & at.deny file does not exist only the root user can use the at command.



Crontab File Format


0-59     0-23     1-31     1-12     1-7       <command>

Min      Hour    Date    Month  Days



# crontab –l  à  View content of user crontab file

# crontab –e  à  Editing the file

   30 17 * * 5 /usr/bin/banner “Time to go!” > /dev/console



# crontab –r  username  à  Remove a crontab file



/etc/cron.d/cron.deny  à  Users in this file will deny access to use crontab command

/etc/cron.d/cron.allow  à  Users in this file will allow access to use crontab command



If we type only crontab as the command. It will go to process so if we press Ctrl+c then it won’t save the file but existing data will be present. When we press Ctrl+D then all the content will get deleted.



# crontab /root_cron  à  To use a backup file for cron jobs.



# /etc/init.d/cron stop (or) start



# /var/spool/cron/crontabs  à  Directory where users crontab schedule files are getting stored.



# /var/spool/cron/atjobs  à  Directory where AT jobs get saved



# svcadm enable (or) disable cron



Module – 15  à  Performing File System Backups





/dev/rmt/#hn  à  h – Tape Density (l,m,h,c,u)   n – no rewind



mt –f tape-device-name command count

mt status  à  Displays status info about the drive

mt offline  à  Rewind the tape and if appropriate takes the drive unit offline

mt rewind  à  Rewinds the tape

mt fsf count  à  Moves the tape forward count records



# mt –f /dev/rmt/0n fsf 2  à  Positions the tape at the beginning of the third tape record



Level 0 Monthly

M         T          W         Th        F

3          4          5          6          2

3          4          5          6          2

3          4          5          6          2



/etc/dumpdates  à  Each line shows the FS that was backed up and the level of the last backup. Also shows the date, and the time of the backup

(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005



When an incremental backup is performed the ufsdump command consults the /etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdump command copies to the backup media all of the files that were modified or added since the date of that lower-level backup. When the backup is complete, the /etc/dumpdates file records a new wntry that describes this backup. The new entry replaces the entry for the previous backup at that level



Options for the ufsdump command




0-9              Backup levels

v          Verify, After the tape is written for any discrepancies occur

s           Size estimate

l           Autoload, you use this option with an autoloading tape drive

o          Offline, When the backup is complete. Takes offline, rewinds, and if possible eject

u          Updates the /etc/dumpdates file

n          Notify. Sends messages to the logged-in users terminals who are member of sys group

f device Specify the device



Tape Backup




Become root user, switch to single user mode, and unmount the FS

# /usr/sbin/shutdown –y –g300 “System is being shutdown for backup”

# umount /export/home

# fsck /dev/rdsk/c0t0d0s7

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7

Remote Backups



To perform remote backups across the network, the system with tape drive must have an entry in its /.rhosts file for every system that uses the tape drive



# ufsdump 0uf host2:/dev/rmt/0 /export/home

Module – 16  à  Performing File System restores




The ufsrestore command copies files to the disk, relative to the current working directory from backup tapes that were created by the ufsdump command.



Options for the ufsrestore Command




t           Lists the table of the backup media

r           Restores the entire FS from the backup media

x file1 file2      Restores only the files named on the command line

i           Invokes an interactive restore

v          Specifies verbose mode. Displays details of the restore operation on the screen

f device            Specifies the tape drive name



restoresymtable  à  System creates this file when you restore an entire FS. The ufsrestore command uses this file for check=printing or passing information between incremental restores. You can remove this file when the restore is complete.



Restoring the /opt FS




# newfa /dev/rdsk/c0t0d0s5

# mount /dev/dsk/c0t0d0s5 /opt

# cd /opt

# ufsrestore rf /dev/rmt/0

# rm restoresymtable

# cd /

# umount /opt

# fsck /dev/rdsk/c0t0d0s5

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s5



Always restore a FS by starting with the level 0 backup tape, continue with the next lower level tape and continue through the highest level tape.



Restoring /usr FS




ok boot cdrom –s

# newfs /dev/rdsk/c0t0d0s6

# mount /dev/dsk/c0t0d0s6 /a

# cd /a

# ufsrestore rf /dev/rmt/0

# rm restoresymtable

# cd /

# umount /a

# fsck /dev/rdsk/c0t0d0s6

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s6

# init 6



Performing a special case Recovery of the /(root) FS




ok boot cdrom -s

# newfs /dev/rdsk/c0t0d0s0

# mount /dev/dsk/c0t0d0s0 /a

# cd /a

# ufsrestore rf /dev/rmt/0

# rm restoresymtable

# cd /usr/platform/’uname –m’/lib/fs/ufs

# installboot bookblk /dev/rdsk/c0t0d0s0

# cd /

# umount /a

# fsck /dev/rdsk/c0t0d0s0

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s0

# init 6



Invoking an Interactive Restore




# cd /var/tmp

# ufsrestore ivf /dev/rmt/0

ufsrestore> ls  à  Display the contents of the directory structure on the backup tape

ufsrestore> cd directory1

ufsrestore> ls

ufsrestore> add file1 file2  à  Add the files you want to be restore to the extraction list

ufsrestore> delete file1  à  to delete a file from the extraction list

ufsrestore> marked  à  To view the marked extraction files

ufsrestore> extract  à  To restore the selected files from the backup tape



The ufsrestore command has to find the selected files. If you used more than one type for the backup, first insert the tape with the highest volume number and type the appropriate number at this point.



Set directory mde, owner, and times

Set owner/mode for ‘.’?[yn] n  à  Answering y sets ownership and permission of the temp
                                                        directory to those of the directory structure on the tape



ufsrestore> quit



Move/copy the restored files to their original or permanent directory and delete from the temp directory



Performing an Incremental Restore




Always start with the last volume and towards the first. The system uses info in the restoresymtable file to restore incremental backups on top of the latest full backup.



# more /etc/dumpdates | grep c0t0d0s7

# newfs /dev/rdsk/c0t0d0s7

# mount /dev/dsk/c0t0d0s7 /export/home

# cd /export/home

# ufsrestore rvf /dev/rmt/0

Load the next lower level tape into the tape drive and issue the following command

# ufsrestore rvf /dev/rmt/0



Alternate Steps (5 & 6)



# ufsrestore iv /dev/rmt/0

ufsrestore> ls

ufsrestore> add *

ufsrestore> extract

ufsrestore> q



Load the next tape and perform the below operation

# ufsrestore iv

ufsrestore> ls

ufsrestore> add*

ufsrestore> extract

ufsrestore> q





Module – 17  à  Backup up a Mounted FS with a UFS Snapshot




/usr/sbin/fssnap –F FsType –V –o special-options(s) mount-point | special



Options for the fssnap command




-d         Deletes the snapshots associated with the given FS. If –o unlink option was used
            when you built the snapshot, the backing store file is deleted together otherwise it has
            to be deleted manually

-F FsType        Specifies the FS type to be used

-i          Displays the state of an FSType snapshot

-v         Echos the complete command line, but does not execute the command

-o         Enables you to use special options. Such as the location & size of bs file



# fssnap –F ufs –o bs=backing_store_path /file_system

# fssnap –F ufs –o bs=/var/tmp /export/home

   /dev/fssnap/0



backing store file  à  The snapshot subsystem saves FS data in this file. The fssnap command creates the backing-store file and two read-only virtual devices. The block virtual device, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device, /dev/rfssnap/0.



You can limit the size of the backing-store file by using the –o maxsize=n option.

If the backing-store file runs out of disk space, the system automatically deleted the ufs snapshot.



# fssnap –F ufs –o bs=/var/tmp,maxsize=500m /export/home

# fssnap –I  à  Displays a list of all the current UFS snapshots on the system

0              /export/home

1              /usr

2              /database



# /usr/lib/fs/ufs/fssnap –I /export/home  à  Shows the details for the /export/home snapshot



Performing a backup of a UFS Snapshot




# mkdir –p /backups/home.bkp  à  Creating an empty directory

# mount –F ufs –o ro /dev/fssnap/0 /backups/home.bkp  à  Mounting the block virtual device

# cd /backups/home.bkp

# tar cvf /dev/rmt/0

(or)

# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0

# ufsrestore tf /dev/rmt/0  à  To verify

 






Performing an Incremental Backup of a UFS Snapshot




Use ufsdump with the N option to create an incremental UFS snapshot. Which writes the name of the device being backed up, rather than the name of the snapshot device to the /etc/dumpdates file



# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c1t0d0s0 /dev/rfssnap/0

# ufsrestore tf /dev/rmt/0  à  To verify



# fssnap –d /extra(Source FS)  à  To remove a snapshot

# rm /var/tmp/snapshot0



Restoring Data from a UFS Snapshot Backup




The backup created from a virtual device is a backup of the original FS when the UFS snapshot was taken. You can restore a UFS snapshot from a backup tape in the same manner as you would the backup of an original FS



# cd /usr

# ufsrestore if /dev/rmt/0

ufsrestore> add demo

ufsrestore> extract

ufsrestore> quit



Deleting a UFS Snapshot




# umount /dev/fssnap/0

# fssnap 0d /export/home

# rm /backing_store_file









Module – 1  à  Describing Interface Configuration





To know MAC Address of NIC Card



ok banner

# ifconfig –a

8:0:20:93:c9….  à  Sun manufacturing NIC card



Hme0  qfe0  eri0  leo0  Sun NIC card types



# ifconfig hme0 down  à  To down the NIC

# ifconfig hme0 up  à  To up the NIC



# ping –s 140.40.0.123  à  Continuous pinging



# snoop  à  To display incoming & outgoing packets. Press Ctrl+c to stop the snoop utility

# snoop IP1 IP2  à  To capture communication between two systems

# snoop –a dhcp  à  To turn on audible clicks for all network traffic related to a dhcp boot

# snoop –V  à  Summary verbose output

# snoop –v  à  Detailed verbose output

# snoop –o filename  à  Redirects the snoop utility output to filename in summary mode

# snoop –i filename  à  Displays packets that were previously captured in filename



/etc/hosts  à  Link file to /etc/inet/hosts

/etc/inet/hosts  à  Should contain IP & hostname

à 32 virtual interdace is possible

à Hme0:1  hmeo:2  …..  hme0:32



Configuring IPv4 Interfaces at Boot Time




/etc/rcS.d/S30network.sh  -  file



# cat /etc/hostname.hme0

   Sys41 (or) 192.168.30.41



# cat /etc/inet/hosts

192.168.30.41                    sys41



plumb  à  To sync the IP and the config files



Changing the System Hostname




/etc/nodename  à  File to change hostname

/etc/hostname.xxn

/etc/inet/hosts

/etc/net/tictls/hosts

/etc/net/ticots/hosts

/etc/net/ticotsord/hosts



The /etc/net/tic* directories contains a host file. These files contain config info for transport independent network services. If these files become corrupted, unpredictable results can occur.



# sys-unconfig  à  For total reconfiguration

Module – 2  à  Describing the Client Server Model





inetd  à  (Internet Service Daemon) Responsible for On-Demand services eg. Telnetd, ftpd

/etc/inetd.conf  à  Config file for inetd daemon



To turn-off a service, add a symbol to the beginning of the corresponding to that service in the /etc/inet.conf file, and send a HUP request.

# pkill –HUP inetd  à  Restarting the inetd services



/etc/inet/services  à  Services file

/etc/inet/protocols  à  Registered protocols are listed here



Network Ports  à  Well-known ports & ephemeral (short-lived) ports

Port Assignment  à  Central Authority (Well-known) & Dynamic Binding (ephemeral)



Central Authority Ports  à  0 – 1024

Dynamic Binding  à  1024 – 65000



Starting Services that use a Well-Known Port

  1. Services that start by default at system boot time (eg. Sendmail)
  2. Services start on-demand (eg. telnet)



Starting RPC Services

  1. Services that start by default at system boot time
  2. Services start on-demand



The rpcbind process (Daemon) associates RPC program numbers with port numbers. /etc/rc2.d/S71rpc script initializes the rpcbind service (port 111)

rpcbind  -  111 port number  -  Resposible for rpc services

/etc/rpc  à  Config file for rpc services



# grep rpcbind /etc/services

   sunrpc           111/udp          rpcbind

   sunrpc           111/tcp                       rpcbind



# rpcinfo –p  à  rpcbind information

   Prog No   Version   Protocol   Port   Service Name

# rpcinfo –d 1002(Prog No) 1(Version)  à  Deleting RPC service registration







Module – 3  à  Customizing the SMC





# /etc/init.d/init.wbem status (or) stop (or) start  à  SMC Service (port 898)

# smc  à  Starting the console

# smc edit  à  Starting the toolbox editor








Module – 4  à  Managing swap configuration





Virtual Memory = RAM + Disk Space

Swap Slice | Swap File | RAM  }  Swap Space



# swap –s  à  Summary of virtual swap space

# swap –l  à  Lists the details of systems physical swap (eg. Swap file)



Adding Swap Space




# vi /etc/vfstab

   /dev/dsk/c1t0d0s3 -           -           swap    -           no        -

# swap –a /dev/dsk/c1t0d0s3  à  To add swap space from HDD slice.



Adding  Swap File




# mkfile 20m /export/data/swapfile  à  Swap file allocation

# swap –a /export.data.swapfile

# swap –l  à  To list the details of the modified system swap space

# swap –s  à  List a summary of the modified system swap space

# vi /etc/vfstab

   /export/data/swapfile         -           -           swap    -           no        -



Removing Swap Space




# swap –d /dev/dsk/c1t0d0s3  à  Also remove entry from vfstab



Removing Swap File




# swap –d /export/data/swapfile

# rm /export/data/swapfile  à  Also remove entry from vfstab







Module – 5  à  Managing Crash Dumps & Core Files





When an OS has a fatal error, it generates a crash dump file (crash dump). When a process has a fatal error, it generates a core file.



If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs, the panic routine is executed. Where memory contents are copied to a disk partition defined as a dump device.



When an OS crashes, the savecore command is automatically executed during a boot. The savecore command retrieves the crash dump from the dump device and the writes the crash dump to a pair of files in your FS.

It places kernel core info in the /var/crash/nodename/vmcore.X file

It places name list info & table info in the /var/crash/nodename/unix.X file



By default, the dump device is a swap partition. The swap partition contains temp data, therefore permanent data is overwritten by the crash dump.





# dumpadm à  To view the current dump configuration

Dump Content : Kernel pages (or) Application Pages (or) All

Dump device : /dev/dsk/c0t0d0s1 (swap)

Savecore directory : /var/crash/host1

Savecore enabled : yes



# cat /etc/dumpadm.conf  à  Content of dumpadm command



Changing the Crash Dump configuration




/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-r root-dir] [-s savecore-dir]



-n         Modifies the dump config so it does not run the savecore command automatically on
reboot

-u         Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf

-y         Modifies the dump config so that the savecore command is run automatically on
reboot. This is default

-c content-type            The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currently executing process

-d dump-device           The dump device cab be an absolute path of swap

-m mink | minm | min% Creates a minfree file in the current savecore-dir

-r root-dir         Specifies an alternative root directory relative to which dumpadm
command should create files. The default root dir “/” is used.

-s savecore-dir To mention savefiles dir. The default is /var/crash/hostname





Managing Core File Behavior



A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy is written to a more permanent medium, such as a HDD. A core file is useful in analyzing why a particular program crashed.



When a core file occurs, the OS generated two possible copies of the core files, one copy known as the global core file and the other copy known as per process core file. All depends on options in effect. Global core file is created in mode 600 and is owned by the superuser. Ordinary per-process core files are created in mode 600 under the credentials of the process.



# coreadm  à  Displays the currnet core file config

global core file pattern :  à Identifies the name to use for core files placed in global directory

init core file pattern : core  à  Identified the default name that per-process core files must use

global core dumps : disabled  à  Indicates global core files are disabled

per-process core dumps : enabled

global setid core dumps : disabled

per-process setid core dumps : disabled

global core dump logging : disabled



# cat /etc/coreadm.conf  à  Content of coreadm command



You can enable or disable two configurable core file paths, per-process and global, separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each process that terminates abnormally produces two core files: One in the current working directory, and one in the /corefiles/core directory.



coreadm [-p pattern] [pid]……….   à  Users can run this command

coreadm [-g pattern] [-I pattern] [-d option……] [-e option…..]  à  only root user can run



-i pattern          Sets the per-process core file name pattern from init to pattern

-e option          Enables the specified core file option

global   Enables core dumps by using the global core pattern

process            Enables core dumps by using the per-process core pattern

global-setid      Enables setid core dump by using the global core pattern

proc-setid        Enables setid core dumps by using the per-process core pattern

log                   Generates a syslog (3) message when a user attempts to generate a
            global core file

-d option          Disables the specified core file option. See the –e option for possible options

-u                     Updates system-wide core file options from the config file /etc/coreadm.conf.

-g pattern         Sets the global core file name pattern to pattern. The pattern must start with a /

-p pattern         Sets the per-process core file name pattern to pattern.



Pattern options for the coreadm Command




%p       PID

%u       EUID

%g       EGID

%f        Executable file name

%n       System node name (uname –n)

%m      Machine hardware name (uname –m)

%t        The time in seconds since midnight jan 1 1970

%%      Literal %



# coreadm –p core.%f.%p $$  à  When executed from a users $HOME/.profile (or) .login file sets the core file name pattern for all processes run during the login session. The $$ variable is the PID of the currently running shell. The per-process core file name pattern is inherited by all child processes.



# coreadm –p $HOME/corefiles/%n.%f.%p $$  à  This command places all of the user’s core files into the corefiles subdirectory of users home directory, differentiated by the system node name.



# coreadm –g /var/core/core.%f.%p –e global  à  This sets system-wide parameters that add the executable filename and PID to the name of any core file that is created.

# coreadm  à  to verify that this parameter is now part of the core file configuration



# coreadm 278 5678  à  Search for the core dump file. Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs.





Module – 6  à  Configuring NFS



NFS Server Files




/etc/dfs/dfstab                       Lists the local resources to share at boot time

/etc/dfs/sharetab       Lists the local resources currently being shared.

/etc/dfs/fstypes          Lists the default FS types for remote FS

/etc/rmtab                  Lists FS remotely mounted by NFS clients

/etc/nfs/nfslog.conf   Lists info of the location of config logs used for NFS server logging

/etc/default/nfslogd   Lists config info describing the behavior of the nfslogd daemon





# cat /etc/dfs/dfstab

   share –F nfs –o ro /export.sys44_data



# cat /etc/dfs/sharetab

   /export/sys44_data  -           nfs       ro



# cat /etc/dfs/fstypes

   nfs NFS Utilities

   autofs AUTOFS Utilities

   cachefs CACHEFS Utilities



# cat /etc/rmtab

   sys42:/export/sys44-data

   #sys41:/usr/share/man

   #sys43:/export/sys44_data  à  The # entries are removed by the mountd daemon during a
                                                      system startup



NFS Server Daemons




To start the NFS server daemons or to specify the number of concurrent NFS requests that can be handled by the nfsd daemon, use the /etc/rc3.d/S15nfs.server script



mountd            Handles FS mount requests from remote systems, and provides access control

nfsd                 Handles client FS requests

statd                Works with the lockd daemon to provide crash recovery functions for the lock
                        manager

lockd               Supports record locking operations on NFS files

nfslogd             Provides operational logging



# /etc/init.d/nfs.server start  à  To start NFS server daemon

# /etc/init.d/nfs.server stop  à  To stop NFS server daemon



NFS Server Commands




# share  à  To share directory and also displays the contents of the /etc/dfs/sharetab file

# unshare /test  à  Unshare the share



# shareall  à  Shares all resources listed in the /etc/dfs/dfstab file

# unshareall /export/sys44_data  à  Unshare currently shared file resources listed in the
                                                       /etc/dfs/sharetab file



# dfshares  à  Displays currently shared resources by using the NFS dameon mountd

# dfshares 140.40.40.160  à  Lists available shared resources in remote system

# dfmounts  à  Displays a list of NFS resources that are currently mounted and client list

# dfmounts sys42  à  Displays NFS resources of sys42 that are currently mounted & clients



share [-F nfs] [-o options] [-d description] [pathname]



# share –o ro /export/sys44_data  à  By default resources available with RW. Access decision is based on a comparison of the UID of the client and the owner.



The Share Command Options




ro         Informs clients that the server accepts only read requests

rw        Allows the server to accept read and write requests from the client

root=client      Informs client that the root user on the specified client system or systems can
                        perform superuser-privileged requests on the share resource.

ro=access-list  Allows read requests from the specified access list

rw=access-list Allows RW requests from the specified access list



Access List Options




access-list=client:client           Allows access based on a colon-separated list of clients

access-list=@network             Allows access based on a network number (eg @192.168.100
                                                or a network name eg. @mynet.com). The network name must
                                                be defined in the /etc/networks file

access-list=.domain                 Allows access based on a DNS domain

access-list=netgroup_name     Allows access based on a config net group (NIS) or (NIS+)

anon=n                                    Sets n to be the effective user ID (EUID) of anonymous users.
                                                By default, anonumous users are given the EUID 6001-nobody
                                                user. If n is set to –1, access is denied.



# share –F nfs –o r0 direcctory  à  Restricts access to read-only access.

# share –F nfs –o r0,rw=client1 directory

à Restricts access to read-only, however, the NFS server accepts both read & write requests from the client client1



# share –F nfs –o root=client2 directory 
à  Allows the root user on the client named client2 to have superuser access to the NFS mounted resources



# share –F nfs –o ro,anon=0 directory

à  By setting the option anon=0, the EUID for access to shared resources by an anonymous user is set to 0. The access is also set to read only.



# share

-           /export/sys44_data     ro         “”





Managing the NFS Client




NFS Client Files




/etc/vfstab      Defines FS to be mounted locally

/etc/mnttab    Lists currently mounted FS including automounted directories.

/etc/dfs/fstypes Lists the default FS types for remote FS



NFS Client Daemons




The NFS client daemons are started using the /etc/rc2.d/S73nfs.client script



statd    Works with the lockd daemon to provide crash recovery functions

lockd   Supports record-locking operations on NFS files



/etc/init.d/nfs.client start (or) stop



NFS Client Commands




dfshares           Lists available shared resources from a remote or local NFS server

mount              Attach a file resource to a specified local mount point

umount            Unmounts a currently mounted file resources

mountall          Mounts all file resources or a specified group of file resources listed in the
                        /etc/vfstab file with a mount at boot value of yes

umountall        Unmounts all non-critical local and remote file resources

dfmounts         Displays a list of currently mounted NFS server directories



mount [-F nfs] [-o options] server:pathname mount-point



# mount sys44:/export/sys44_data /export/remote-data

# mount –o ro sys45,sys43,sys41:/multi_home_data /remote_shared_data

à When mounting a read-only remote resources, you can specify a comma separated list of sources for the remote resources. Which are then used as a list of failover resources



# umount /export/remote-data  à Unmounting remote FS from the client



# mountall –r  à  To limit the action of this command to remote file resources.

# umountall –r  à  To unmount all remote file systems



Mounting Remote Resources at Boot Time




Enter appropriate entries in the client’s /etc/vfstab file to mount the remote file resources at boot time.

# vi /etc/vfstab

   sys44:/export/sys44_data    -           /export/remote-data   nfs       -           yes       soft,bg



Mount Command Options




rw | ro Read/Write or read-only. The default is read/write

bg | fg Retry to mount in background or foreground. The default is to retry in the foreground soft | hard    Soft option reports an error on the request, and stop trying when retrans=n
                        reach. Whereas hard option prints a warning message and continue to try.
                        Default is hard mount

intr | nointr     Enables or disabled the use of KB interrupts to kill aprocess that hangs on a
                        hard-mounted FS. The default is intr.

suid | nosuid   Indicates whether to enable setuid execution. Default is setuid execution

timeo=n          Sets the timeout to n tenth of a second. The default timemout is 11, measures
                        in one-tenth of a second for UDP and 600 tenths of a second for TCP.

retry=n                        Sets the no of times to retry the mount operation. Default is 10,000 times

retrans=n         Sets the number of NFS retransmission to n. The default is 5 for UDP.







Enabling the NFS Server Logging




nfslogd daemon responsible for NFS logging



The /etc/nfs/nfslog.conf file defines the path, file names, and type of logging that the nfslogd daemon must use. There is a taq corresponding to each definition.



Eg. Of nfslog.conf file



# NFS server log configuration file



global defaultdir=/var/nfs \

            log=nfslog fhtable=fhtable buffer=nfslog_workbuffer

defaultdir=dir_path  à  Specifies the default parent directory

log=logfile_pat  à  Specifies relative or absolute path and the filename for the ASCII log file

fhtable=table_path  à  Specifies path and the filename for the file-handle-to-path DB file

buffer=buffer_path  à  Specifies path and the filename for the raw buffer file

log format=basic | extended  à  Specifies the format when creating user-redable log files





To easily identify the log files for different shared resources, place them in separate dir. For eg.



# cat /etc/nfs/nfslog.conf

global defaultdir=/var/nfs \

            log=nfslog fhtable=fhtable buffer=nfslog-workbuffer



public defaultdir=/var/nfs/public \

            log=nfslog fhtable=fhtable buffer=nfslog-workbuffer



Create the /var/nfs/public directory before starting NFS server logging



Specify a tag by entering the tag to use with the log=taq option in the /etc/dfs/dfstab file. Use the log option without specifying a taq, which mean use the default global tag

share –F nfs –o ro,log /export/sys44_date



/etc/default/nfslogd  à  The config info file controls the logging behavior of the nfslogd daemon.



Module – 7  à  Configuring AutoFS





The automount facility contains three components

The AutoFS FS

The automountd daemon

The automount command



The AutoFs map types



Master Map     The auto_master map associates a directory, also called a mount point, with a
                        map.

 Direct Map     Lists the mount points as absolute path names. This map explicitly indicates
                        the mount point on the client.

Indirect Map    Lists the mount points as relative path names. This map uses a relative path to
                        establish the mount point on the client.

Special             Provides access to NFS servers by using their host names





# cat /etc/auto_master

   +auto_master

   /net              -hosts               -nosuid,nobrowse

   /home          auto_home      -nobrowse

   /xfn              -xfn



Syntax

Mount point    map name(direct or indirect map)       mount options(similar to standard mount options. But nobrowse option is an AutoFS specific mount option



The plus(+) symbol at th beginning of the +auto_maser line directs the automountd daemon to look at the NIS, NIS+, or LDAP databases before it reads the rest of the map. If this line is commented out, only the local files are searched unless the /etc/nsswitch.conf file specifies that NIS, NIS+, or LDAP should be searched.



The two mount points for special maps are –hosts map & -xfn map

The –hosts map Provide access to all resources shared by NFS servers. The resources being shared by a server are mounted below the /net/hostname directory, or if only the server’s IP address is known below the /net/IPaddress directory. The server doesn’t have to be listed in the hosts database for this mechanism to work.



The –xfn map  Provides access to resources acailable through the Federated Naming Service (FNS). Resources associated with FNS mount below the /xfn directory





Direct Map



# cat /etc/auto_master

   .

   .

   /-      auto_direct      -ro



The /- mount point is a pointer that informs the automount facility that the full path names are defined in the file specified by map-name(the /etc/auto_direct file in this example)





# cat /etc/auto_direct

   # Super User created direct map for automounter

   /apps/frame             -ro,soft             server1:/export/framemaker

   /opt/local                -ro,soft             server2:/export/unbundled

   /usr/share/man       -ro,soft             server3,server4:/usr/share/man



Indirect Map



The /home entry defines a mount point for an indirect map. The map auto_home list relative path names only. The Solaris 2.6 through Solaris 9 OE support browsing of indirect maps and special maps with the –browse option. The –nobrowse option disables the browsing of indirect maps. The default option is –browse



# cat /etc/auto_home

   +auto_home

   steven           hosts5:/export/home/steven

   mary             mars:/export/home/marry



Reducing the auto_home map to a single line



*    server1:/export/home/&

The client remotely mont the /export/home/loginID directory from the NFS server server1 onto the local mount point /home/loginID. Wildcard character(*) to match any key. The substitution character (&) at the end of the location is replaced with the matched key field.



Run the automount command when making changes to the master map or creating a direct map to make the changes effective. You do not have to stop and restart the automountd daemon after making changes to existing entries in a direct map.



Automount [-t duration] [-v]

-t     Specifies a time in seconds, the FS remains mounted when not in use. Default is 600 sec.



When to run the automount command

Automount Map          Run if entry is added/deleted              Run if entry is modified

Master map                  yes                                                       yes

Direct map                  yes                                                       no

Indirect map                no                                                        no



# cat /etc/mnttab

   -hosts   /net   autofs   indirect,nosuid,ignore,nobrowse   dev=4300001|1008255810

   auto_home   ………….

   -xfn               ………….



# /etc/init.d/autofs start (or) stop



Module – 8 & 9 à  Solaris volume Mangement





metadb –a [-f] [-c n] [-l nnnn] disk_slice



-a         Adds a stale database replica

-f          Force the creation of the initial replica, even if no replica exist.

-c n      Specifies the number of replicas to add to the slice

-l nnnn Specifies the size of the new replica in blocks

disk_slice   Specifies the name of the disk_slice that will hold the replica



# metadb –a –f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1  à  To create metadb

# metadb  à  Reports the status of all replicas



RAID 0 Config



# metainit d10(name d0-dn) 3(total disk/slice) 1 c0t1d0s0 1 c0t1d0s1 1 c0t1d0s3

# newfs /dev/md/rdsk/d10



# metaclear d10  à  Delete the volume



# metainit d0(partition name) –p d10(volume name) 1000m  à  Creating partition



# metattach d0 999m  à  To increase partition size



# growfs –M /m1(mount point) /dev/md/rdsk/d0  à  To create FS for extra space added



# metattach d10(volume) c0t1d0s4  à   To increase space for volume





RAID 5 Config



# metainit d20 –r(raid 5 option) c0t1d0s0 c0t1d0s1 c0t1d0s3



# metadb –d –f c0t1d0s7  à  To delete metadb



RAID 1 Config



# metainit d10 –m d0  à  To create mirror

Then reboot

# metattach d10 d1  à  Attaching another disk to mirror



# metastat  à  To check the status of mirror disk





Building a Mirror of the Root (/) File System



metainit –f concat/stripe numstipes width components……

# metainit –f d0 1 1 c0t0d0s0

   d0 concat/stripe is setup



# metainit d1 1 1 c0t1d0s0

   d1 concat/stripe is setup





metainit mirror –m submirror [read_options] [write_options] [pass_num]



read_options

-g  à  Enables the geometric read option, which results in faster performance on sequential
            reads

-r  à  Directs all reads to th first submirror. Use this option, when the devices that comprise
            the first submirror are substantially faster than those of the second mirror.



You cannot use –r option with the –g option. If neither the –g nor –r options are specified, reads are made in a round-robin order from all submirros in the mirror. This process enables load balancing across the submirros.



write_options

S  à  Performs serial write to mirrors. The default setting for this option is parallel write

Pass_num  à  A number (0-9) at the end of an entry defining a mirror that determines the order in which that mirror is resynchronized during a reboot. The default is 1. If 0 used resync is skipped.
           

# metainit d10 –m d0

   d10 : Mirror is setup



# metaroot d10  à  Updates /etc/system file also /etc/vfstab



# grep md /etc/vfstab

   /dev/md/dsk/d10   /dev/md/rdsk/d10     /          ufs       1          no        -



The metaroot command also updates the /etc/system file to contain the forceload statement that loads the kernel modules that support the logical volumes.



# tail /etc/system

   forceload : misc/md_hotspares

   forceload : misc/md_sp

   forceload : misc/md_stripe

   forceload : misc/md_mirro

   forceload : drv/pcipsy

   .

   .

   .

   rootdev:/pseudo /md@0.10.blk



You must reboot the system before attaching the secondary submirror

# init 6

# metattach d10 d1

   d10: Submirror d1 is attached



# ls –l /dev/dsk/c1t0d0s4

Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................



ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:b

ok printenv boot-device

     boot-device=disk net

ok setenv boot-device disk backup_root net

     boot-device=disk backup_root net



ok boot backup_root  à  To test the secondary submirror

Unmirroring the Root (/) File System



# metastat d10  à  To verify that status of the mirror

# metadetach d10 d1  à  To make a one-way mirror

   d10: submirror d1 is detached

# metaroot /de/dsk/c0t0d0s0  à  To change entries in /etc/vfstab and /etc/system

# init 6

# metaclear –r d10  à  To clear the mirror and submirror. The –r deletes metadevices
   d10: Mirror is cleared

     d0:  Concat/Stripe is cleared

# metaclear d1

   d1: Concat/Stripe is cleared







Module -  10  à  ACL





entry-type:[UID or GID]:perm



Introducing ACL Commands



getfacl [-a] [-d] filename(s)  à Displays ACL entries for files

-a  à  Displays the filename, file owner, file group, and ACL entries for the specified file

-d  à  Displays the filename, file owner, file group, and default ACL entries

setfacl –m acl_entries filename  à  Creats or modify ACL entries on files

setfacl –s acl_entries filename  à  Substitute new ACL entries for old ACL entries

setfacl –d acl_entries filename  à  Deletes one or more ACL entries on files

setfacl –f acl_file filename  à  Specifies an ACL configuration file that contain ACL entries
                                                   to set on other files

setfacl –r filename  à  Recalculate the ACL mask baed on the ACL entries. When used with
                                      –m or –s option

$ ls –l

   _rw_r__r__+   1   userc   staf   0   Jan 2 13:40  file2  à  A plus sign appears for files
                                                                                              contains ACL permission



There are no effective permission listed for a file’s owner or “others’ users. However, the file’s group and any other specific users or groups present in the ACL list have effective permissions. When no ACL mask is specifically set o a file or directory, the ACL mask has the same permissions as the group permissions for that file or directory.



$ getfacl file1  à  No ACL entries present

   file      : file1

   owner : userc

   group  : sysadmin

   user::rw_

   group::r__                 # effective:r__

   mask:r__

   other:r__



$ getfacl file2  à  Custom ACLentry present

   file      : file2

   owner : userc

   group  : sysadmin

   user::rw_

   user::usera:rwx          # effective:r__

   group::r__                 # effective:r__

   mask:r__

   other:r__



The effective permission shows which permissions are allowed. When you compute the intersection (a Boolean logical AND operation) of the ACL entry and the ACL mask.



$ setfacl –m u:userb:7 file2  à  Set special permission to userb(username)

$ getfacl file2

   file      : file2

   owner : userc

   group  : sysadmin

   user::rw_

   user::usera:rwx          # effective:r__

   user:userb:rwx          # effective:r__

   group::r__                 # effective:r__

   mask:r__

   other:r__



$ setfacl –d u:usera file2  à  Removing special permissions

$ getfacl file2

   file      : file2

   owner : userc

   group  : sysadmin

   user::rw_

   user:userb:rwx          # effective:r__

   group::r__                 # effective:r__

   mask:r__

   other:r__



setfacl –s u::perm,g::perm,o:perm,m:perm,[u:UID:perm],[g:GID:perm] filename

$ setfacl –s u::rwx,g::rw_,o:r__,m:rw_,u:usera:rwx file1

$ getfacl file1

   file      : file1

   owner : userc

   group  : sysadmin

   user::rwx

   user:usera:rwx           # effective:rw_

   group::rw_                # effective:rw_

   mask:rw_

   other:r__



$ setfacl –s u::7,g::6,0:4,m:6,u:usera:7 file2



$ setfacl –r –m u:usera:7 file1  à  Change the umask value as well as to the
                                                        user(Recalculating an ACL mask)

$ getfacl file1

   file      : file1

   owner : userc

   group  : sysadmin

   user::rwx

   user:usera:rwx           # effective:rwx

   group::rw_               

   mask:rwx

   other:r__



getfacl filename1 | setfacl –f – filename2

$ getfacl file1 | setfacl –f – file3  à  Copying an ACL List



You can set default ACL entries only on directories. You must set default ACL entries for the user, group, other, and ACL mask before you set a default ACL entry for an additional user of group.



$ pwd

   /export/home/userc

$ mkdir dir1

   drwxr_xr_x   2   userc   sysadmin   512   Apr 29 17:11 dir1

$ getfacl dir1

   # file:dir1

   # owner:userc

   # group:sysadmin

   user::rwx

   group::r_x     # effective:r_x

   mask:r_x

   other:r_x



$ setfacl –m d:u::rwx,d:g::r_x,d:o:r_x,d:m:r_x dir1

$ setfacl –m default:user:usera:rwx dir1

$ getfacl dir1

   # file:dir1

   # owner:userc

   # group:sysadmin

   user::rwx

   group::r_x     # effective:r_x

   mask:r_x

   other:r_x

   default:user:rwx

   default:user:usera:rwx

   default:group:r_x

   default:mask:r_x

   default:other:r_x



Effect of Default ACLs on New Subdirectories



When a directory contains a default ACL, the permissions granted to the user, group, and other categories for the directory represent the intersection of mode 777, which is the UNIX default for directories without umask influence.



When a subdirectory/file created, the permissions on the newly created subdirectory/file are generated according to the intersection between the default ACL entries and the permissions set initially during creation.



$ mkdir dir1/subdir1

$ ls –l dir1

   drwxr_xr_x+   2   userc   sysadmin  512  Apr 30 08:01 subdir1

$ getfacl dir1/subdir1

$ getfacl dir1/subdir1

   # file:dir1/subdir1

   # owner:userc

   # group:sysadmin

   user::rwx

   group::r_x     # effective:r_x

   mask:r_x

   other:r_x

   default:user:rwx

   default:user:usera:rwx

   default:group:r_x

   default:mask:r_x

   default:other:r_x



If default ACL entries changed for the dir1 it won’t affect the ACL of dir1/subdir1. But if we create new subdirectory the new ACL of the dir1 will get inherited.



$ setfacl –m d:group::rwx,d:group::rws,d:other:rwx,d:mask:rwx dir1

$ mkdir dir1/subdir2

$ getfacl dir1/subdir2

   user::rwx

   group::rwx    # effective:rwx

   mask:rwx

   other:rwx

   default:user::rwx

   default:user:usera:rwx

   default:group::rwx

   default:mask:rwx

   default:other:rwx

$ cd dir1/subdir2

$ touch filea

$ ls –l

   _rw_rw_rw_+  1  userc  sysadmin  0  Apr 30 13:34 filea

$ getfacl filea

   user::rw_

   user:usera:rwx           # effective:rw_

   group::rw_                # effective:rw_

   mask:rw_

   other:rw_



The permission granted to the user, group, and other categories for filea represents the intersection of mode 666(default for files without umask influence) with the default entries associated with the directory are set to rwx, the example of intersection is clear.



The mask value doesn’t exceed the permissions assigned to the group. Eventhough the /dir1/subdir2 directory lists rwx as the default mask value inherit only upto rw_. The entry for usera was applied as a standard ACL entry and not as a default entry, because only directory replicate default entries.





Module – 11  à  RBAC (Role Based Access Control)





/etc/user_attr  à  The extended user attributes database, which associates users and roles with
                             authorizations and right profiles in addition to the /etc/passwd, /etc/group,
                             and /etc/shadow files

/etc/security/prof_attr  à  The rights profile attributes database, which defines profiles, lists
                                           the profile’s assigned authorizations and any nested rights profiles,
                                           and identifies the associated help files.

/etc/security/exec_attr  à  The execution attributed database, which defines the privileged
                                            commands and scripts assigned to a profile.

/etc/security/auth_attr  à  The authorization attributes database, which defines authorizations
                                           and their attributes. This database also identifies the associated
                                           help file.

/etc/security/policy.conf  à  File provides system default authorizations for users





The /etc/user_attr Database




user:qualifier(reserved):res1(reserved):res2(reserved):attr



attr : An optional list of semicolon separated (;) key value pairs that describe the security attributes to be applied when the user runs commands.

type  à  Can be normal or role. A role is assumed after the user has logged in.

auths  à  Specifies a list of authorization chosen from names defined in the auth_attr DB

profiles  à  Specifies a list of profile names chosen from the /etc/security/prof_attr DB

roles  à  Specifies a list of role names defined in the same /etc/user_attr DB. Roles are
                indicated by setting the type value to role. Roles cannot be assigned to other roles.



sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer Management

johndoe::::type=normal;auth=solaris.system.date;roles=sysadmin





The /etc/security/prof_attr Database




profname:res1:res2:desc(description):attr



attr : The security attrinutes to apply to the object upon execution. You can specify zero or more key. The two valid keys are help and auths.



# grep ‘Printer Management’ /etc/security/prof_attr

   Printer Management:::manage Printers, daemns, \

……………………;auths=solaris.admin.printer.read, \



The Printer Management profile, which is defined in the /etc/security/prof_attr DB, is assigned to the sysadmin role in the /etc/user_attr DB.



The Printer management profile is defined in the prof_attr DB as having all authorizations, beginning with the solaris.admin.printer.string, assigned to it. These authorizations are defined in the /etc/security/auth_attr DB.

solaris.admin.printer.read:::view printer information::\







The /etc/security/exec_attr Database




name:policy:type:res1:res2:id:attr



name  à  Name of the profile

policy  à  The security policy associated with this entry. The suser (superuser policy model)
                   is the only valid policy entry.

type  à  The type of entity. Whose attributes are specified. The only valid type is cmd

id  à  a string identifying the entity. Command should have full path or a path with wildcard

attr  à  euid and uid   |   egid and gid



Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp





The /etc/security/auth_attr Database




You can assign authorization directly to users or roles in the /etc/user_attr DB. You can also assign authorizations to rights profiles, which are assigned to roles.



authname:res1:res2:short_desc:long_desc:attr



authname  à  A unique character string that identifies the authorization in the prefix.suffix[.] format.





The /etc/security/policy.conf file




This file lets you grant specific rights profiles and authorization to all users. Two types of entries in the file are

AUTHS_GRANTED=authorizations

PROFS_GRANTED=right_profiles



# cat policy.conf

   AUTHS_GRANTED=solaris.device.cdrw

   PROFS_GRANTED=Basic Solaris Users



# roleadd –m –d /export/home/tarback –m –c “Privileged tar backup role” –p “Media Backup, Media Restore” tarback

-A authorization and -p profile  à  Assign authorization and profiles respectively to the role.



# rolemod –A auth1,auth2 –p profile1,profile2 role1





Additional Commands Used to Perform RBAC Functions




auths                Displays authorizations for a user

makedbm         Makes a dbm file

nscd                 Identifies the name service. Useful for caching the 4 RBAC DB details

pam_roles        Identifies the role account management module for password authentication
                        module (PAM)

pfexec              Identifies the profile shells used to execute commands with attributes specifies
                        in exec_attr

policy.conf       Identifies the config file for the security policy. Lists granted authorization

profiles            Displays profiles for a specified user

roles                 Displays roles granted to a user

roleadd                        Adds a role account to the system

rolemod           Modifies the role’s account info in the system

roledel             Deletes a role’s account from the system





Example




Profile  à  Privilege to profile  à  Creating Role  à  Role to profile  à  Role to user



/etc/security/prof_attr  à  Contains profile details



Creating profile in prof_attr

uadd::Profile for user admin

init:::Profile for init process



/etc/security/exec_attr  à  Privilege to profile

uadd:suser:cmd:::/usr/sbin/useradd:euid=0

uadd:suser:cmd:::/usr/sbin/usermod:euid-0

init:suser:cmd:::/usr/sbin/init:euid=0

init:suser:cmd:::/usr/sbin/shutdown:euid=0





Creating Role

# roleadd –d /export/home/role1 –m role1

# passwd role1



Role to Profile

# rolemod –P uadd,init role1



Adding role to user

# usermod –R role1 user1



/etc/user_attr  à  Details about role & user to role



à Login as normal user

à Switch to role profile & use the privilege command



/etc/security/auth_attr  à  Authorization file  à  Config file for users & this roles







Module – 12  à  Performing Smartcard Authentication






# /usr/dt/bin/sdtsmartcardadmin &  à  To start smartcard console



ATR – Answer to reset Number  (unique)



# smartcard –c disable  à  Disabling smartcard operation

# smartcard –c admin  à  Display the current client and server configuration



# /etc/smartcard/opencard.properties  à  Config File







Module – 13  à  Configuring System Messaging





The syslog system messaging features track system activities and events. You can manually generate log messages by using the logger command. The syslog function, the syslogd daemon, and input from the /etc/syslog.conf file work together to facilitate system messaging for the solaris 9 OE.



The /etc/syslog.conf file




This file consists of two tab-separated fields: selector and action. The selector field has two components, a facility and a level written as facility.level. Facility represent categories of system processes that can generate messages. Levels represent the severity or importance of the message. The action field determines whether to send the message.



*.err /var/adm/messages à Error messages for all facilities are sent to the /var/adm/messages



Only use tabs as white space in the .etc.syslog.conf file. The Solaris OE accesses the /usr/include/sys/syslog.h file to determine the correct facility.level sequencing order.



Selector Fields (facility) Options




kern     Messages generated by the kernel

user      Messages generated by user processes and don’t have default priority for messages

daemon System daemon, such as the in.ftpd and the telnetd daemon

auth     The authorization system, including the login, su, and ttymon commands

syslog   Messages generated internally by the syslogd daemon

lpr        The line printer spooling system, such as the lpr and lpc commands

news    Files reserved for the USENET network news system

uucp    The UNIX to UNIX copy (uucp) system does not use the syslog function

cron     The cron and at facilities, including crontab, at, and cron

local0-7 Fields reserved for local use.

mark    The time when the message was last saved and produced by the syslogd daemon

*          All facilities, except the mark facility.



You can use the asterisk (*) to select all facilities (for eg. *.err); however, you cannot use * to select all levels of a facility (for eg. Kern.*)



The levels in descending order of severity

Selector Fields (level) Options


Level   Priority            Description



emerg   0          Panic conditions that are normally broadcast to all users

alert     1          Conditions that should be corrected immediately

crit       2          Warnings about critical conditions, such as hard device errors

err        3          Errors other than hard device errors

warning4          Warning messages

notice  5          Non-error conditions that might require special handling

info      6          Informational messages

debug   7          Messages that are normally used only when debugging a program

none    8          Messages are not sent from the indicated facility to the selected file



Not all levels of severity are implemented for all facilities in the same way.





Action Field  à  The action field defines where to forward the message. This field can have any one of the following entries



/filename         The targeted file

@host              The @sign denoted that messages must be forwarded to a remote host.
                        Messages are forwarded to the syslogd daemon on the remote host

user1, user2     The user1 and user2 entries receive messages if they are logged in

*                      All logged in users will receive messages



You must restart the syslogd daemon whenever you make any changes to /etc/syslog.conf file

# /etc/init.d/syslog stop (or) start

# pkill –HUP syslogd



à Syslogd started  à  It’s starting the M4 Macro Processor  à  M4 will read the /etc/syslog.conf file.





Configuring syslog Messaging




The inetd daemon uses the syslog command to record incoming network connection requests made by using TCP. You can modify the behavior of the inetd daemon to log TCP connections by using the syslogd daemon. The daemon facility and the notice message level are supported by inetd.

Use the –t option as an argument to the inetd daemon to enable tracing of TCP services. When you enable the trace option for the inetd daemon, it uses the daemon.notice to log the client’s IP address and TCP port number, and the name of the service. Add the –t option to the entry which activated the inetd daemon in the inetsvc script located in the /etc/init.d directory



# grep inetd /etc/init.d/inetsvc

   /usr/sbin/inetd –s –t  à  You must restart the inetd daemon for the new option to take effect



# grep daemon.notice /etc/syslog.conf

   *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages



Monitoring a syslog File in Real Time




The tail –f command holds the file open so that you can view messages being written to the file by the syslogd daemon.



# tail –f /var/adm/messages  à  Press Ctrl+c to exit





Adding One-Line Entries to a System Log File




logger [-i](logs PID) [-f file] [-p priority] [-t tag] [message]



# logger system rebooted  à  If the user.notice field is configured in the /etc/syslog.conf file, the message is logged to the file designated for the user.notice selector field



# logger –p user.err system rebooted  à  Changing the priority of the messages to user.err route the messages to the /var/adm/messages file as indicated in the /etc/syslog.conf file

# logger –i –p2 “crit”



/dev/sysmsg  à  Console

Module – 14  à  Using Name Services





Name Services  à  DNS, NIS, NIS+, LDAP



/etc/rc2.d/S72inetsvc script  à  Starts DNS during system boot.

/etc/rc2.d/S71rpc script  à  Starts NIS & NIS+ during system boot

/etc/rc2.d/S72directory script  à  Starts iPlanet Server during system boot.



Name Service Feature Summary


Feature                                    DNS                            NIS                  NIS+               LDAP_____        


Namespace                  Hierarchical                 Flat                  Hierarchical     Hierarchical



Data Storage                Files/Resoruce                        Two column    Multicolumn    Directories

                                    records                         maps                tables               (varied)



Server Types                Master/Cache/                        Master/           Root Master/   Master/

                                    Cache only/                 Slave                non-root mast. Consumer

                                    Forwarding                                          Replica           



Transport                     TCP/IP                       TCP/IP           TCP/IP           TCP/IP



Scale                            WAN                           LAN                LAN                WAN

_______________________________________________________________________



The name service switch file determines which services a system users to search for information and in which order the name services are searched. All Solaris OE systems uses the /etc/nsswitch.conf file as the name service switch file. The nsswitch.conf is loaded with the contents of a template file during the installation of the Solaris OE depending on the name service that is selected.



Name Service  Name   Service Template


Local Files                   /etc/nsswitch.files

DNS                            /etc/nsswitch.dns

NIS                              /etc/nsswitch.nis

NIS+                           /etc/nsswitch.nisplus

LDAP                          /etc/nsswitch.ldap



Configuring the Name Service Cache Daemo (nscd)



The nscd daemon is a process that provides a cache for the most common name service requests. The /etc/nscd.conf file controls the behavior of the nscd daemon. The nscd daemon provides caching for passwd, group, hosts, ipnodes, exec_attr, prof_attr and user_attr databases. Each line specifies either an attribute and a value or an attribute, a cache name, and a value.



# /etc/init.d.nscd stop (or) start



The getent command provides generic retrieval interface to search many name service database. As a system administrator, you can query name service information sources with tools, such as the

ypcat                NIS namespace

nslookup          DNS

ldaplist             LDAP

Bt these tools are not consulting nsswitch.conf file. Whereas getent command searches the information sources in the order in which they are configured in the name service switch file. So if there is any error in the file will be identified with this command.



getent database [key]…..

database  à  The name of the database to be examined. This name can be passwd, group, hosts, ipnodes, services, protocols, ethers, networkds, or netmasks.



# getent passwd lp

   lp:x:71:8:Line Printer Admin:/usr/spool/lp:



# getent group 10

   staff::10:



# getent hosts sys44

   192.168.38.44   sys44   loghost (loghost will be absent if the NIS is searched first)







Module – 15  à  Configuring Name Service Clients





Configuring a DNS Client


The client resolver code is controlled by the following files

/etc/resolv.conf  à  Contains directive to specify the scope of a query

/etc/nsswitch.conf  à  Contains the reference to DNS for the hosts entry



Configuring the DNS Client During Installation




à Select DNS à Give Domain Name à Enter IP Address à Enter search Domains à Confirm



Editing DNS Client Configuration Files




# vi /etc/resolv.conf

   domain digigeeks.com

   nameserver 140.40.40.152

   search digigeeks.com  à  List the local domain as the first argument to the search



Copying the /etc/nsswitch.dns File to the /etc/nsswitch.conf




# cp /etc/nsswitch.dns /etc/nsswitch.conf

# cat /etc/nsswitch.conf

   ………

   hosts files dns

   ……..



If you want to add DNS name resolution to a system currently running a name service, such as NIS or NIS+. You must place the dns keyword on the hosts line in the specific location, along with other keywords.



# cat /etc/nsswitch.conf

   …..

   hosts: nfs files dns

   …..

Setting up an LDAP Client




The LDAP server cannot be a client of itself. Getting this configuration to work properly requires changes to the LDAP server and the LDAP client. The ldap_cachemgr daemon is responsible for maintaining and updating the changes to the client profile information.



Configuring LDAP Client During Installation


à Select LDAP à Enter Domain Name à Enter Profile Name & Profile Server IP Address à Confirm



Initializing the Native LDAP Client




You execute the ldapclient command on the client system once to initiate the client as a native LDAP client. The ldapclient command creates two files in the ./var/ldap directory on the LDAP client. These files contain info that the LDAP client use when binding to and accessing LDAP data.

/var/ldap/ldap_client_cred  à  The proxy agent info that the client uses for LDAP authentication

/var/ldap/ldap_client_file  à  The config info from the client profile in the LDAP server DB



# ldapclient init –a proxy password=proxy –a proxy DN=cn=proxyagent, ou=profile, dc=suned.com, dc=sun –a domainname=suned.com 192.168.0.100



# ldapclient list



Copying the /etc/nsswitch.ldap to the /etc/nsswitch.conf




During LDAP client initialization the /etc/nsswitch.ldap file is copied over the /etc/nsswitch.conf file



# ldaplist  à  To list naming info from LDAP server



# ldapclient uninit  à  Unconfiguring LDAP Client







Module – 16  à  NIS Master Server Config






NIS maps are located in /var/yp/domainname directory(where domainname is the name of the NIS domain). There are two files (.pag and .dir files) for each map in this directory. Eg.

/var/yp/training/hosts.byname.pag file

/var/yp/training/hosts.byname.dir file

/var/yp/training/hosts.byaddr.pag file

/var/yp/training/hosts.byaddr.dir file



The syntax for the NIS map is map.key.pag and map.key.dir



Ypcat [-k] mname  à  To retrieve values from NIS name service map, mname can be either a
                                      map name or a map nickname

# ypcat hosts

  localhost        127.0.0.1         localhost

   sysprint         192.168.30.70 sysprint

   sys44            192.168.30.44 sys44               loghost



ypmatch [-k] value mname  à  Prints values associated with one or more keys from the NIS
                                                   name services map specified by the mname argument.

# ypmatch sys44 hosts

   sys44: 192.168.30.44           sys44   loghost

# ypmatch usera passwd

   usera:  usera:LojyTdiQev5i:3001:10::/export/home/usera:/bin/ksh



NIS Domain Contains


One NIS Master Server

NIS Slave Servers (Optional)

NIS Clients



The NIS Master Server




Contains the original /etc/ASCII files used to build the NIS maps

Contains the NIS maps generated from the ASCII files

Provides a single point-of control for the entire NIS domain



NIS Slave Servers




Do not contain the original /etc/ASCII files

Contains copied of the NIS maps copied from the NIS Master Server

Provides a a backup repository for NIS map information

Provides redundancy in case of server failure

Provides load sharing on large networks



NIS Clients




Do not contain original /etc/ASCII files

Do not contain any NIS maps

Bind to the master server or to a Slave Server to obtain access to the administrative file information contained in that server’s NIS maps

Dynamically rebind to another server in case of server failure

Make all appropriate system calls aware of NIS



NIS Processes




The main daemons involved in the running of an NIS domain are

The ypserv daemon  à  Responds to client information requests

The ypbind daemon  à  Client to server binding

The rpc.yppasswd daemon  à  Password change update in master server

The ypxfrd daemon  à  Push the map to slave servers (sync)

The rpc.ypupdated domain  à  Update NIS maps using the config stored in /var/yp/updates



The NIS Slave Server contains upserv and ypbind daemon



The NIS Clients contains only ypbind daemon



The three most common search orders are

Search files and then NIS

Search NIS and then files

Forward hosts lookup requests from NIS to DNS







Introducing NIS Security




The /var/yp/securenets file to restrict access to a single host or to a subnetwork, and using the passwd.adjunct file to limit access to the password information across the network.



The /var/yp/securenets File




If exist on an NIS server, the server only answers queries or supplies maps to hosts and networks whose IP Address exist in the file. The server must be part of the subnet to access itself.

# cat /var/yp/securenets

   # Two methods of giving access to a system. Using the netmask followed by the IP Address
   # or host keyword followed by the IP Address

   host  127.0.0.1

255.255.255.0                    150.10.1.0

   host  13.13.14.1

   host  13.13.14.2



If you modify entries in the /var/yp/securenets file. You must kill and restart the ypserv and ypxfrd daemons.

# /usr/lib/netsvc/yp/ypstop (or) ypstart



The passwd.adjunct File




Encrypted password are normally hidden from the user in the /etc/shadow file. With the default NIS configuration, however the encrypted password string is shown as part of passwd maps. This file prevents unauthorized users from seeing the encrypted passwords.

# ypmatch –k usera passwd

   usera:  usera:LojyTdiQev512:3001:10:/export/home/usera:/bin/ksh



The passwd.adjunct file contains the account name preceded by ## in the password field. Subsequent attempts to gain account ino, using the ypcat or ypmatch commands, returnds the password entry from the passwd adjunct file.

# ypmatch –k usera passwd

   usera:  usera:##usera:3001:10:/export/home/usera:/bin/ksh



Configuring NIS Domain




To locate the source file in another directory, modify the /var/yp/Makefile file:

Change the DIR=/etc line to DIR=Your choice

Change the PWDIR=/etc line to PWDIR=/your-choice



Before you make any modification to the /var/yp/Makefile, save a copy of the original Makefile file.



The NIS configuration script /usr/sbin/ypinit and the make utility generate NIS maps. The ypinit command reads the Makefile for source file locations, and converts ASCII scource files into NIS maps.The /etc/defaultdomain file sets the NIS domain name during system boot.



Important files on the NIS Master (Part 1)  à  hosts, passwd & shadow



Important files on the NIS Master (Part 2) 

The /var/yp/domainname directory is the repository for the NIS maps created by the ypinit script.

The /var/yp/binding/domainname directory contains the ypservers file where the names of NIS Master server and NIS Slave server are stored.



Important files on the NIS Master (Part 3)  à  The /usr/netsvc/yp directory contains the ypstop and ypstart commands that stop and start NIS services respectively



# /usr/sbin/ypinit –m  à  This command prompts for a list of other machies to become NIS
                                          slave servers.





Configuring the NIS Master Server




Core, End User or Developer software configuration cluster do not have all necessary files in the /usr/lib/netsvc/yp directory to allow a host to function as an NIS server.



1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. If necessary, modify the file

2. Enter the domainname command to set the local NIS domain

    # domainname classroom.central.sun.com

3. Create an /etc/defaultdomain file with the domain name

4. If the files do not already exist, use the touch command to create zero-length files.
    /etc/ethers, /etc/bootparams, /etc/locale, /etc/timezone, /etc/netgroup and /etc/netmasks.
    These files are necessary for the creation of the complete set of NIS maps.

5. Install and update Makefile file in the /var/yp directory.

6. Create or populate the /etc/locale file, and make an entry for each domain on your network
    using the following format

    domainname locale   eg. Classroom.central.sun.com en_us

7. Initialize the master server by using the local /etc files

    # ypinit –m à  Provide slave server names and Ctrl+D to save the details. Press n for
    “Terminate it on the first fatal error”

Note: If you have to restart the ypinit program, You are prompted to destroy the
          /var/yp/domainname directory. Answer Y

8. # /usr/lib/netsvc/yp/ypstart



Testing the NIS Service




$ ypcat hosts  à  Prints value from an NIS map

# ypmatch sys41 localhost hosts

192.168.30.41    sys41

   127.0.0.1  localhost  loghost

$ ypwhich  à  To identify the master server

   sys41



Configure the NIS Client




1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file

2. Edit the /etc/inet/hosts file to ensure NIS master and slave servers have been defined.

3. # domainname domainname  à  To set the local NIS domain

4. Create and populate the /etc/defaultdomain file with the domain name

5. # ypinit –c  à  To initialize the system as an NIS client

6. Enter the names of the NIS Master and all Slave Servers

7. # /usr/lib/netsvc/yp/ypstart

8. # ypwhich –m  à  To test the functionality







Configuring NIS Slave Server




Follow the client configuration steps and perform the below command

# ypinit –s master  à  Command to initialize the system as an NIS slave server. Where master is the name of the NIS master. Start the service and test the functionality



Updating the NIS Map




1. Updates the text files in your source directory (typically /etc, unless it was changed in the Makefile file)

2. # cd /var/yp   

3. # /usr/ccs/bin/make  à  Refresh the NIS database maps using the make utility



Updating NIS Password Map




If the NIS master is running the rpc.yppasswdd daemon, any client system can update the NIS password map by using the yppasswd or passwd commands.

1. Run the rpc.yppasswdd daemon on the NIS master server

    # /usr/lib/netsvc/yp/rpc.yppassed /$PWDIR/passwd –m passwd



Updating the NIS Slave Server Map




The following steps manually update the NIS timezone map on the master server and propagate all maps to the slave servers

1. Edit the source file on the NIS Master

    # vi /etc/timezone

2. Remake and push the NIS maps to slave servers

    # cd /var/yp; /usr/ccs/bin/make

3. If the push fails. Manually pull only the timezone map from the master server by
    performing the below command in Slave server

    # /usr/lib/netsvc/yp/ypxfr timezone.byname

    # ypinit –s nis_master  à  To pull all of the maps at once



Sometimes maps fail to propagate, and you must manually use the ypxfr command to retrieve new map information. You can use shell scripts to run cron jobs for automatic update. The Solaris OE provides several template scripts in the /usr/lib/netsvc/yp directory that you can use and modify to meet your local site requirement.



ypxfr_lperhour script  à  To sync NIS Slave Servers passwd map

ypxfr_lperday script  à  To sync NIS Slave Servers NIS maps for the group, protocols,
                                         networks, services, and upservers keys.

Ypxfr_2perday script  à  To sync NIS Slave servers nIS maps for the hosts, ethers, netfroups keys, and mail aliases.





Quick Reference




# domainname digit.com  à  Create domain name



# domainname > /etc/defaultdomain  à  Creating domainname file



# cp /etc/nsswitch.nis /etc/nsswitch.conf



# /var/yp/Makefie  à  Config file



Makefile 4 parts



1 – Declaration

2 – Details of centralization

3 – Coding for mapping

4 – Declaration of original path



# cd /var/yp



# ypinit –m  à  Initializing the master server

# ypinit –s  à  Initializing the slave server

# ypinit –c  à  Initializing the client

Ctrl+D  à  To save the file

Is this correct? [y/n] y

Non fatal error [y/n] n



à If there is any error follow the below procedure



# cd /etc

# touch ethers bootparams netgroup netmasks timezone

# cd /var/yp

# ypinit –m

# /usr/lib/netsvc/yp/ypstart  à  To start the daemons



# ypwhich  à  Shows the map server details

Solaris



# ypwhich –m  à  Full details of map



à A directory will be created with domain name



# cd /var/yp/digit.com  à  Contains all config file with .pag & .dir extensions



# ypcat <filename> to read the file



# ypcat –k passwd  à  With arguments print keys as well as values



# ypmatch –k root passwd





NFS Config



# vi /etc/dfs/dfstab

   share /export/home

   share /usr/man.orig



# /etc/init.d/nfs.server stop

# /etc/init.d/nfs.server start



# useradd –d /export/home/Chennai1 –m Chennai1

# useradd –d /export/home/Chennai2 –m chennai2



# passwd chennai1

# passwd Chennai2



à Remove the /export in the /etc/passed file for user chennai1 & chennai2. So the home dir is /home/chennai1





Autofs Config




# vi /etc/auto_master

   comment +auto_master to search in WW

   /home          auto_home      -nobrowse

   /                   auto_direct      -



# vi /etc/auto_direct

   /usr/share/man 140.40.40.151:/usr/share/man.orig



# vi /etc/auto_home

   comment +auto_home

   chennai1       140.40.40.151:/export/home/chennai1

   chennai2       140.40.40.151:/export/home/chennai2



# automount –v



# cd /var/yp



# /usr/ccs/bin/make  à  To update the map after any config change



à Include auto direct in Makefile in 2, 3, & 4 section



# /usr/lib/netsvc/yp/ypstop

#/usr/lib/netsvc/yp/ypstart





NIS Client Config




# domainname digit.com



# domainname > /etc/defaultdomain



# vi /etc/hosts

140.40.40.151                    Solaris



# cp /etc/nsswitch.nis /etc/nsswitch.conf

# ypnit –c

   Give master server name      Solaris



# /usr/lib/netsvc/yp/ypstart

   rpcbind done – client has only ypbind daemon



à Slave server has ypserve & ypbind daemon





NIS Slave Config




# ypinit –s Solaris (Master Server)



à Before configuring slave, client config should be done.

Module – 17  à  JumpStart



Four Main Services




Boot Services

Identification Services

Configuration Services

Installation Services



Implementing a Basic Jumpstart Server




1. Spool the OS image

2. Edit the sysidcfg file

3. Edit the rules and profile files

4. Run the check script

5. Run the add_install_client scripts

6. Boot the client





# cd /export

# mkdir config

# mkdir sol_dump

# cd /cdrom/cdrom0/s0/Solaris_9/Misc/Jumpstart_sample/

# cp –r * /export/config/

# cd /cdrom/cdrom0/s0/Solaris_8/Tools

# ./setup_install_server /export/home/sol_dump  à  Copying solaris dump to local directory

# cd /cdrom/cdrom0/Solaris_9/Tools/

# ./add_to_install_server /export/home/sol_dump  à  Appending 2nd CD content

# cd /etc



# vi ethers

   8:0:20:a6:aa:2b         ultra5 (hostname)



# vi /etc/hosts

140.40.40.154                    ultra5



# vi /etc/timezone

   Asia/Calcutta           ultra5



# cd /export/config/



# vi rules

   hostname   ultra5   -   host_class   finish_script



-          Pre Install script

host_class  à  Config details like partition

finish_script  à  Post install scripts





# vi host_class

   install_type   initial_install

   system_type  standalone

   partitioning   explicit

   Cluster          SUNWXall

   filesys           c0t0d0s0   10000   /

   filesys           c0t0d0s1   550       swap

   filesys           c0t0d0s7   free       /export/home



# vi finish_script

   touch /a/noaushutdown

   rm /a/etc/defaultdomain

   rm –r /a/var/yp/digit.com

   cp /a/etc/nsswitch.files /a/etc/nsswitch.conf



# vi sysidcfg  à  System identification & configuration. Timezone can also be given here

   security_policy=none

   name_service=none

   network_interface=primary [netmask=255.255.0.0 protocol_ipv6=no]

   timezone= Asia/Calcutta

   system_locale=en_US



à  Time zone are listed in the directory structure below the /usr/share/lib/zoneinfo directory.

à  Locales are listed in the /usr/lib/locale directory



# chmod 755 finish_script

# ./check  à  To check the config



# vi /etc/dfs/dfstab

   share –o anon=0 /export/home/sol_dump

   share –o anon=o /export/config



# cd /var/yp

# /usr/ccs/bin/Make

# cd /export/home/sol_dump/solaris_9/Tools

# ./add_install_client –c 140.40.40.151:/export/config –p 140.40.40.151:/export/config ultra5(hostname) sun4u

# update the NIS file with make command



From Client




ok boot net –install  à  Will search the network and start the installation automatically



à  Before a Jumpstart client can boot and obtain all of the NFS resourctes it requires, every directory listed as an argument to the add_install_client script must be shared by the server on which it resides.





Setting Up a Boot-Only Server




A boot server responds to RARP, TFTP, and bootparams requests from jumpstart clients and provides a boot image using the NFS service.

  1. Running the setup_install_server script with the –b option to spool a boot image from CD-Rom or DVD
  2. Running the add_install_client script with options and argument that shows a list of servers and the identification config, and installation services that they provide.



Executing the setup_install_server script


# mkdir /export/install

# cd /cdrom/cdrom0/s0/Solaris_9/Tools

# ./setup_install_server –b /export/install

Executing the add_install_client script


Before you run the script, update the hosts and ethers information for the jumpstart client



/etc/inet/hosts

192.10.10.4          client1



/etc/ethers

8:0:20:9c:88:5b           client1



The boot server must have entry in /etc/inet/hosts file for each server you specify while you run add_install_client script.

# cd /export/install/Solaris_9/Tools

# ./add_install_client –c server1:/export/config –p server1:/export/config client1 sun4u





Configuring NIS for Jumpstart Procedures




Configuring NIS to support jumpstart procedures involves editing files and running commands on the NIS master server in use. Info supplied in the sysidcfg file overrides any information you make available in NIS.



A change to any file that is represented by a map in an NIS domain requires that you complete the following steps on the NIS master server



# vi /etc/inet/hosts

   192.10.10.4  client1

# vi /etc/ethers

   8:0:20:88:5b client1

# vi locale

   client1          en_US

# cd /var/yp

# vi Makefile

1. Add the text after the existing *.time entries. Duplicate the timezone entry, and replace timezone with locale

Add/Append the word locale to the line beginning with the word all

Add the following line after the auto.home: autohometime entry

Locale:   locale.time

Save the file and exit the editor

# cd /var/yp

# /usr/ccs/bin/make

2. On any slave servers that exist in the NIS domain, run the ypxfr command to transfer the locale.byname map for the first time.

# /usr/bin/netsvc/yp/ypxfr locale.byname

3. On the NIS master server, again update the NIS maps by running the make command

# cd /var/yp

# /usr/ccs/bin/make



# vi /etc/timezone

   US/Mountain client1

   US/Mountain Central.sun.com

# cd /var/yp

# /usr/ccs/bin/make



# /vi /etc/netmasks

   192.9.200.0  255.255.255.0

# cd /var/yp

# /usr/ccs/bin/make



à  Each time you run the add_install_client script on a boot server to provide boot support for a jumpstart client, the script checks the /etc/nsswitch.conf file for the bootparams entry.



Begin Script

Profile

Finish Script



à  Use can use CD/DVD soruces as boot source instead of spooled Solaris OE Image. Also you can use a Flash source as an alternative installation service.



Identifying Log Files




Jumpstart clients retain the following log files during the installation process:

/tmp/begin.log

/tmp/finish.log

/tmp/install_log

/var/sadm/system/logs/sysidtool.log



Jumpstart clients retain a corresponding set of log files after the installation process completes and the system reboots

/var/sadm/system/logs/begin.log

/var/sadm/system/logs/finish.log

/var/sadm/system/logs/install_log

/var/sadm/system/logs/sysidtool.log







Module – 18  à  Flash






# flarcreate –n flash_archive –R / -C –x /flash /flash/flash_archive



flash_archive  à  Any name can be given

-R  à  To mention root path

-C  à  To compress the archive file

-x  à  To exclude folders while creating archive image

-t  à  Create an archive on a tape device



Administering a Flash Archive




flare –i archive  à  Retrievs info about the archive

flare –c archive  à  Combines the individual sections that make up an existing archive into a
                                 new archive

flare –s archive  à  Splits an archive into one file for each sections of the archive



/etc/ethers  à  Mac address and hostname

/etc/hosts  à  IP Address and hostname



# cd /export/config

# vi rules  à  Same as Jumpstart content

# vi host_class  à  Same as Jumpstart content except few options

   install_type flashinstall

   archive_location nfs 140.40.40.160:/flash/flash_archive

   partitioning

   ….

   ….

  





# vi finish_script  à  Same as Jumpstart content

# vi sysidcfg  à  Same as Jumpstart content

# ./check  à  To check the config

# cd /export/home/sol_dump/solaris_9/Tools

# ./add_install_client –c 140.40.40.160:/export/config –p 140.40.40.160:/export/config ultra5(hostname) sun4u



NFS Shares  à  /flash folder

                           /export/config folder

No comments:

Post a Comment

Dear visitor,
Please do not post spam. All comments will be moderated before approval.

Bottom Ad [Post Page]

| Designed by Techeia.com