Solaris 10 Part 1

SSUUNN SSOOLLAARRIISS 1100 OOSS

Sun Solaris 10 Operating System Page 2 of 145

Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan

Acknowledgements

I can no other answer make, but, thanks, and thanks to my well wisher, evergreen admiring personality Mr. T. Gurubalan, Sun Microsystems Inc, who influenced, crafted, guided, cooked me to taste Sun. Words cannot convey my gratitude, you can have no idea how much it means to me. It’s stunning. Special Thanks to My Trainees, who fueled me to explore more heights technically. Raja, Aravindh, Sathish, Senthil, Hari Krishnan, Murali, Raman, Rakesh, Prabakar, Md.Mukram, Manikandan, Ibrahim, Ravi,Prabhu, Shyam, Abbas, Kamal. Aravindh - induced me to script this valuable document. Raja – kindle, always inspiring me to go little far on extra miles in all aspects.

Sources are always precious and unavailable, additional thanks to Hari Krishnan on his consistent work of collecting the resource, with great fuss.

Last but not the least, I would thank all persons behind lights from the bottom of my heart, but for you all my heart has no bottom. Thanks! Thanks! Thanks!

Fingered by: Manickam Kamalakkannan # 103, Housing Unit

Rajagopalapuram Periyar Nagar

Pudukkottai – 62203 Tamil Nadu

Mail: [email protected] [email protected]

Mobile: + 91-99946 11237 Blog: solaris-unlimited.blogspot.com



Solaris Certified System Administrator - SCSA SCSA - Part 1 - 310-200 1. Directory Hirearchy 2. Disk Administration 3. File System 4. Performing mounts & umounts 5. Installation of Solaris Operating System 6. Package Administration 7. Patch Administration 8. Process mointoring & Scheduling process 9. Performing system security 10. OBP 11. Boot up & shutdown procedures 12. User & Group Administration 13. Printer Administration 14. Performing Offline backup & restore 15. Performing Online backup (snapshot) & restore 16. Service Management Facility - SMF SCSA PART -2: 310-202 1. Introduction to network interfaces 2. Client & server model 3. SMC - Solaris Management Console 4. Swap configuration 5. Crash,core & dump configuration 6. NFS - Network File System 7. Autofs 8. NIS - Network Information Service/System 9. Jumpstart Installation 10. Flash Installation 11. RBAC - Role Based Access Control 12. ACL - Access Control List 13. SDS/SVM - Solaris Solstice Disk Suite/Solaris Volume Manager 14. System messaging 15. Zone Adminstration



Basic Unix commands # pwd Present working directory Displays the location where the user is currently working # ls to list the contents of the directory similar to dir command in DOS # ls -p will display / and end of every directory # ls -l d r-x r-x r-x 6 root root 512 Jun 7 21:45 vol A B C D E F G H J K where A = specifies the name is a file or a directory if d = directroy - = file B = Permissionship for the owner of a file or dir C = Permissionship for the group of a file or dir D = Permissionship for the other E = Specifies the link count F = Owner of the file or directory G = Specifies the group to which the file or directory belongs H = Size of the file or directory J = Date and time of creation K = Name of the file or directory # ls -lh Displays the size of the file or directory with human readable format # ls -t Displays the files and directory based on the time stamp. # mkdir to create a directory syn: # mkdir <dir_name> eg: # mkdir jai syn: # mkdir -p <path_of_the_dir>



eg: # mkdir -p /ims/solaris/delhi It creates the parent directory /ims/solaris along with the directory delhi. # cat - to view the contents of the file, create a file, appending the contents to the file syn: # cat <file_name> eg: # cat > hai will create the file named hai in the current directory syn: # cat <path_of_the_file> eg: # cat /ims/solaris/delhi/new will create a file named new under the above mentioned location. syn: # cat >> <file_name> eg: # cat >> hai # cat >> /ims/solaris/delhi/new To append the contents to the file syn: # cat <file_name> eg: # cat hai To view the contents of the file # cat -n <file_name> will display the contents of the line with line number (only temp) # cat -n > <file_name> eg: # cat -n > jack will create a new file named "jack" along with the line number # cd - to chage the directory eg: # cd /ims/solaris will move to the location /ims/solaris # echo $SHELL To know the parent shell of the user # echo $? will say the status of the exection of the command # clear to clear the screen NOTE: In BASH shell: ctrl+l = to clear the screen



# ls -a will display all the files and directories along with hidden file & dir # ls -R to see the contents of dir along with its sub-dir and files R - recurrsive # date To view the date and time # cal will display the current month of the current year # cal 2009 will display the cal of 2009 # cal 14 1987 will display the 10th month of 1987 # hostname To view the name of the host SYN: # hostname <host_name> eg: # hostname sun will assign the hostname as sun, but temp. # ifconfig -a to view the ip address of the machine # which - displays the location of the command script from where it is running syn: # which <command> eg: # which ls # wall - used to broadcast the message to all the users who are currenlty logged in. syn: # wall type the message ctrl+d = to save the message # write - used to send a message only to the particular user who is currently logged in syn: # write "user_login_name" eg: # write "shiva" # wc = to count the number of words, lines, characters in a file syn: # wc <file_name> eg: # wc new syn # wc -lwc <file_name> eg: # wc -lwc new



where l = displays the number of lines in the specified file w = displays the number of words in the specified file c = displays the number of characters in the specified file # cat -n <file_name> will display the contents of the file along with the line number # cp - to copy a file or a directory syn: # cp <source_file> <destination_file> eg: # cp rose jack here the contents of the file named rose is copied to new file named jack in the same location # cp rose /Desktop/jack will copy the contents of the file named rose to the location /Desktop with the file name as jack # cp rose /Desktop/ will copy the contents of the file named rose to the location /Desktop with the same file name. # cp -r <source_dir> <destination> where -r = recurrsive To copy all the files and sub-directories inside a directory # mv - to rename or move or to cut and paste the file or directory # mv jack rock will rename the file jack as rock in the current location # mv jack /Desktop/rock will move the file jack to the location /Desktop with the file name as rock. NOTE: Source file "jack" will not be present after moving No option is required to move a directory Only with bash shell: ctrl+l = to clear the screen ctrl+c = to terminate the process crtl+z = to run the process at the background crtl+a = to bring the cursor at the begining of the command crtl+e = to bring the cursor to the end of the command crtl+r = to search the command in the history !n = to execute the nth command. will be working only if the list of commands available in the history. # history will display the commands executed in the particular shell



# history -c to clear the history # alias - to assign the shortname to a command # alias c=clear this is only temp c will perform the function of clear command both c and clear command will work alias work only with bash shell To change the shell: # sh - to change to bourne shell # bash - to change to bash (bourne against shell) # csh - to change to 'c' shell # ksh - to change to korn shell # tcsh - to change to tc shell # zsh - to chage to 'z' shell To come out of the shell: # exit # ctrl+d Note: Arrow keys work with BASH shell and NOT with Bourne shell. Default shell for Sun Solaris = Bourne (sh) Default shell for Red Hat Linux = Bash (bash) # bc = binary calculator # bg = to view the process running at the back ground # fg n to bring the process to the fore ground where n is the number of the process that is dispalyed whist executing the command bg. Daemons: Is the system process that run at the background. # grep - to search a key word # ls | grep rose this command will look for the dir or file named rose under the current location and display the same if it is present in the present working directory # grep <keyword> <file-name> # grep one rose will search for the keyword 'one' in the file named rose and will display the same # grep -i one rose will search for the keyword 'one' by ignoring the case and will display the same



# grep -v one rose will dispaly all the lines and words expect 'one' from the file rose. # grep -h good rose jai will look for the word 'good' in miltiple files named rose and jai respectively. To search a particular word from the file and to display the name of the file having the search keyword. # cat > new hai good have a nice day bash-3.00# cp new old bash-3.00# grep -l hai new new bash-3.00# grep -l hai /opt/test/ bash-3.00# grep -l hai /opt/test/* /opt/test/new /opt/test/old bash-3.00# cat > jack jack rose bash-3.00# grep -l hai /opt/test/* /opt/test/new /opt/test/old # ls --help will provide the options for ls command to work with ls can be replaced with any command # man - will provide the help mannual about the commands, its syntax, options and its functions # man ls # rm - to remove the file # rm <file-name> # rm rose/Documents to remove or to delete the file named rose # rmdir - to remove or delete the directory # rmdir <dir-nam/Documentse> # rmdir delhi will remove the directory name delhi only if it is empty # rm -rf <dir-name> # rm -rf delhi will remove the contents of the directory named delhi and delete the directory delhi. where -r = recurrsive -f = forcefully -i = interactive # domainname - to view the information about, to which domain or network the host belongs to and to assign the domianname # domainname <name> will assign the domain name



# arch will display the arch of the machine # uname -m display the arch # uname -n display the host name # uname -X will provide the info about the hostname, arch, operating system installed, kernel id # cat /etc/release will provide the info about the version or release of the operating system installed # more <file_name> # more /etc/passwd to view the contents of the file in pagewise # less <file-name> # less /etc/passwd to view the contents of the file in pagewise # head -n <file-name> # head -4 /etc/passwd to view the first 4 lines of the specified file # tail -n <file-name> # tail -5 /etc/passwd to view the last 5 lines of the specified file # compress <file-name> # compress passwd1 to compress the file the file extension is .Z # uncompress <file-name>.Z # uncompress passwd1.Z to uncompress the file it's mandatory to use the file extension # zcat <file-name>.Z # zcat passwd1.Z to view the contents of the compressed file without uncompressing # gzip <file-name> # gzip passwd2 to zip the file the file extension is .gz # gunzip <file-name>.gz # gunzip passwd2.gz to unzip the file



# bzip2 <file-name> # bzip2 passwd3 to zip the file file extension is .bz2 # bunzip2 <file-name>.bz2 to unzip the file # tar - Tape ARchieve # tar -cvf <file-name>.tar <source-file> # tar -cvf one.tar passwd6 here -c = to create the archieve -v = verbose (detail) mode -f = forcefully here a tar file named one.tar is created from the source file passwd6 # tar xvf <file-name>.tar # tar xvf one.tar will extract the file to the current location here -x = to extract # strings <file_name> will display only the contents of the file by omitting the unwanted spaces



Editors 1. vi 2. vim - vi improved 3. emac 4. pico 5. gedit - graphical editor - works only with graphics VI - Editor # vi - is one of the powerful editor used to create a file, edit a file, view the contents of the file esc+i - to insert the characters to the file esc+A - to bring the cursor to the end of the line and to add the contents to the line esc+$ - to bring the cursor to the end of the line esc+G - to bring the cursor to the end of the file esc+x - to delete a single character esc+dw - to delete a single word esc+dd - to delete a line esc:n - to move the cursor to the nth line esc:10 - to move the cursor to the 10th line esc+O - to create a empty line above the cursor esc+o - to create a empty line below the cursor esc/<keyword> - to search the keyword esc:set nu - to set the line number esc:set nonu - to remove the line number esc+R - to replace the number of characters esc+r - to replace a single character esc:n,md - to delete number of lines where n = starting line to be deleted m = end line to be deleted d = delete the lines esc:w - to save/write and go back to the location esc:q - to quit without saving the contents to the file esc:wq - to save and quit from the file esc:wq! - to save and quit from the file forcefully esc+h - to move the cursor to the left side esc+l - to move the cursor to the right side esc+k - to move the cursor upward esc+j - to move the cursor downward esc+J - to joinin the line esc+yy - to copy the line esc+p - to paste the line esc+nyy - to copy n number of lines esc+5yy - to copy 5 number of lines from the cursor esc:nd - to delete the nth line esc:3d - to delete the 3rd line esc+I - to bring the cursor to the beginning of the line esc+u - undo operation esc:wq <file-name> - to save the contents to another file



esc:wq /Destop/vieditor - will save the contents to file named /Desktop/vieditor MISC: f10 - to maximize the screen f9 - to minimize the screen ctrl+esc aut - to open the terminal a - applications u - utilities t - terminal ctrl++ = to maximize the size of the characters crtl+- = to minimize the size of the characters crtl+N = to open a new terminal crtl+T = to open a new terminal in the same # vi -R <file-name> # vi -R new to open the file as Read Only # vi -x <file-name> # vi -x rose will prompt for the key/password. the contents of the file will be encrypted the contents cannot be seen by cat or vi editor. the contents can be seen only by inserting the option -x with vi editor and by providing the password. even the source file is copied to another location, the password is applicable for the destination file also.m



Directory Structure / = root / = It's the home directory of the root user. /bin = binaries. Both root user and non-root user executable comands resides here. It's symbolic link or soft link to /usr/bin. Hence the informations under /bin and /usr/bin remains same. /sbin = It has the root user accessible commands. These commands are available when /usr/bin is NOT mounted. It contains many system administrative commands and utilities. /usr = Unix System Resource /usr/bin = binaries. Executables that can be executed by both root user and non-root user. /usr/ccs = 'C' compling programs /usr/include = Header files for 'C' programs /usr/dt = CDE programs and files /usr/java = java programs and its libraries /usr/tmp = symbolic link to /var/tmp /usr/opt = Configuration information for optional packages /usr/sadm - system administration files and directories /dev - provides logical information about the devices connected to the system /dev/dsk = Is a block device. A block device is a device with a file system. /dev/rdsk = Is a raw disk. A device without the file system. NOTE: 1. The entries to the /dev/dsk and /dev/rdsk remains same. 2. The entries is dependent on the hardware specification. /dev/sound - sound driver inforamation /dev/term - provides information on the serial ports /dev/pts - provides information on the pseudo terminals /dev/swap - information on default swap device /dev/md - Solaris Volume Manager meta device information /dev/rmt - raw magnetic tapes /devices - provides information about the physical devices. All the logical devices (/dev/dsk and /dev/rdsk) are linked with the physical device. /etc - holds the system configuration /etc/hosts - a file having the information about the host names and ip-addresses of the systems connected in the same network. /etc/motd - Message Of The Day The contents of this file will be dispalyed for every user at the time of login. /etc/issue - The contents of the this file will be displayed to all before login to the system. /etc/default - is a directory which holds the number of default parameters of the system



/export/home - default location for creating a user's home directory it's shared directory. /home - used to mount the home directories's of remote server. /opt - is optional, is the location to install the 3rd party softwares. /mnt - is the optional directory to tempary mounts /var - its important for system adminstrators will have the logs of the system /proc - process directory. This directory stores current process related information. Every process has its own sub-directory in /proc. /tmp - this is a buffer, a temp directory /lost+found - will be empty and is created at the time of creating a file system. /system/contract - Used by SMF to track processes that compose a service. A file system used for creating, controlling & observing contracts, which are relationships between processes & syste resources. ( This directory can be seen in Sun Solaris 10) /lib - library modules /kernel - is independent of hardware. Core of the operating system. (genunix) will have the initial booting modules. /platform - is dependent on hardware and will be loaded followed by /kernel NOTE: SEEN ONLY AT X-86 HARDWARE: /boot - will provide the information about the boot loaders, will provide the provision to choose the operating system (if more than one operating system is installed). Links: 1. Links are of two types. 2. a. Hard link b. Soft link or symbolic link Hard link: 1. Both the source file and the destination file will have the same contents. 2. Any number of links can be created 3. Both the source file and the destination linked file will have the same inode numbers. 4. If the source file is removed or deleted unfortunately still the datas can be assessed from the destination. 5. When hard links are created, link counts will be increased. And if the hard links are removed or deleted, link count decreases automatically. 6. Permissionship on the source file will have the impact on the destination file permissionship. 7. # ln <source_file> <destination_file. Eg: # ln /4students/jai /new 8. The size of the files (both source and destination) remains same.



Soft or Symbolic link: 1. Both the source file and the destination file will have the same contents. 2. But the inode number of the source file and destination file will be different. 3. The permissionship of the soft link destination will be differ from the source file. 4. Link count will not be increased nor decreased. 5. If the source file is deleted, contents cannot be seen from the destination file. 6. Size of the file will be equal to the number of the characters of the file name 7. # ln -s <source_file> <destination_file> Eg: # ln -s /4students/jai /soft NOTE: Only to the regaular files and directories its possible to store the datas. To the device files (character device and special character block device) it's not possible to store the data. - = to a regaular file d = to a directory l = to soft or symbolic link c = character special device b = block device # ls -l /dev/dsk Will display the default symbolic links created in that dir. # ls -l /devices will dispaly the default device files



DISK ADMINISTRATION NOTE: In the case of swap memory: If RAM < 2gb = Double the size of physical memory If RAM is between 2gb and 8gb = 75% of physical memory If RAM > 8gb = 50% of physical memory Naming conventions: 1. Logical Name 2. Physical Name 3. Instance Name Logical Name: ON SUN HARDWARE : SPARC - Sacalar Processor ARCH c#t#d#s# c = controller t = target d = disk s = slice # = number These logical names are linked to physical devices. For eg: c0t3d0s5 In SPARC, it's possible to create 7 slices per disk drive. 0 to 7, where slice-2 cannot be used nor created. ON X-86 HARDWARE: Targets will not be shown. Hence c#d#s# It's possible to create 7 slices. But will have 0 - 9 slice 8 and 9 = holds the boot loaders. Physical Device Name: Physical device name is seen in /devices dir. Physical devices will be followed with the Instance name. Using physical name it's possible to understand the type of the disk drive connected. For eg IDE or SCSI. Note: 1. The devices performing input/output operations need device driver files. Eg: Hard disk, printer... 2. The devices not performing input/output operations do not need device driver files. Eg: Communication devices Hub, Router, Switch. Since these devices going to transmit only the datas and not any other operations, they do not need the device driver files.



Instance Name: dad = direct access device (Only for IDE) sd = scsi disk drive Instance name are generated by the Kernel to each hardware. cmdk = common disk /etc/path_to_inst 1. This file has the information about the physical device name and their corresponding instance name. 2. This file will be with the permission r--r--r-- (444) 3. This file is NOT recommended to edit. # prtconf This command provides the following informations: 1. physical memory size 2. Arch of the system 3. Machine model 4. What are the devices connected to the system along with the driver # prtconf | grep -v not will display only the attached devices to the system. # format This is a utility which provides the following 1. How many hard disk drives are attached and recongnised by the OS. 2. Physical name and logical name of the disk 3. Volume name assigned to each disk To skip the utility: Ctrl+c # echo | format will also the above mentioned information # format command has two tires. format> where we can view only the disk drive infomation partition> to create, delete, modify the slices. format> help will provide the help, list out the commands that can be used in format tire. format> verify will list out the partition layout of the current disk drive selected.



Output: Primary label contents: Volume name = < > ascii name = <SEAGATE-ST39103LCSUN9.0G-034A cyl 4924 alt 2 hd 27 sec 133> pcyl = 4926 ncyl = 4924 acyl = 2 nhead = 27 nsect = 133 Part Tag Flag Cylinders Size Blocks 0 root wm 294 - 3484 5.46GB (3191/0/0) 11458881 1 swap wu 20 - 293 480.44MB (274/0/0) 983934 2 backup wm 0 - 4923 8.43GB (4924/0/0) 17682084 3 unassigned wm 3485 - 4069 1.00GB (585/0/0) 2100735 4 unassigned wm 0 0 (0/0/0) 0 5 unassigned wm 0 0 (0/0/0) 0 6 unassigned wm 0 0 (0/0/0) 0 7 unassigned wm 0 0 (0/0/0) 0 Here, part = the slice number It varies from 0 to 7. Tag = a name given to the slice Only permitted names can be assinged. Permitted Names: root, swap, backup, unassigned, home, usr, var, stand, alternates, boot, reserved NOTE: Tag names can be repeated. Flag = defines the status of the slice wu = write mountable wu = write unmountable rm = read mountable ru = read unmountable Always swap slice will be wu. By default all other slices are wm. Cylinders: Shows the starting point and the end point of the each slice. Size: shows how much of size is assigned or created to the slice Blocks: Shows the size of the disk in blocks. format>disk will list out the hard disk drives recognised by the operating system. Will also provide the option to choose the next disk drive But by default it selects the current disk. format>p format>partition



will move from the first tire to the second. partition> help will provide the help, commands that can be used in partition menu. partition> print pratition> p will print the layout out the current disk drive. Output is similar to the format> verify. partition> q to quit from parittion menu and move to format> format> q to quit from format utility. format> l format> label partition> l partition> label To save the newly created/modified/deleted slices inforation to the operating system. To delete the partition: for eg: slice 5 OUTPUT: partition> 5 Part Tag Flag Cylinders Size Blocks 5 unassigned wm 2456 - 2741 501.48MB (286/0/0) 1027026 Enter partition id tag[unassigned]: Enter partition permission flags[wm]: Enter new starting cyl[2456]: Enter partition size[1027026b, 286c, 2741e, 501.48mb, 0.49gb]: 0 partition> l Ready to label disk, continue? y Here, the partition size has to be given as 0. i.e starting point is 2456 and the ending point is 2456+0. So, the slice is deleted. To make the changes to come into effect, label it. Note: 1. labeling the disk after creation/moidifcation/deletion of the slices is mandatory. 2. saving the changes done to the partition table is optional. To create a partition: 1. Print the partition table and make sure about the available cylinders. Avoid overlapping and wasting of the cylinders whilst creating the slices.



OUTPUT: partition> p Current partition table (unnamed): Total disk cylinders available: 4924 + 2 (reserved cylinders) Part Tag Flag Cylinders Size Blocks 0 alternates wm 585 - 1000 729.42MB (416/0/0) 1493856 1 unassigned wu 1001 - 2169 2.00GB (1169/0/0) 4197879 2 backup wm 0 - 4923 8.43GB (4924/0/0) 17682084 3 unassigned wm 0 0 (0/0/0) 0 4 unassigned wm 2170 - 2455 501.48MB (286/0/0) 1027026 5 unassigned wm 0 0 (0/0/0) 0 6 unassigned wm 0 0 (0/0/0) 0 7 unassigned wm 0 - 584 1.00GB (585/0/0) 2100735 partition> 5 Part Tag Flag Cylinders Size Blocks 5 unassigned wm 0 0 (0/0/0) 0 Enter partition id tag[unassigned]: Enter partition permission flags[wm]: Enter new starting cyl[0]: 2456 Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 2g partition> l Ready to label disk, continue? y Here, 1. we have seen the partition table 2. Determined the starting point of the cylinders 3. Slice is defined in terms of size (gb) Note: Slice sizes can be defined in terms of clinders, gb, mb. for eg: Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 2g (in terms of gb) Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 2048m (in terms of mb) Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 3400e (in terms of cylinders) partition> modify Note: 1. This option is used only for the disk drives which is not having any mounted slices 2. This option CANNOT be used for the disk drive which is having Operating System. FREE HOG: When using the format utility and change the size of the disk slices, a temporary slice is automatically designate that expands & shrinks to accomodate the slice resizing operations. This temporary slice is refered to as the free hog & it represents the unused disk space on the disk drive. partition> name will prompt for a table name with 8 characters



format> save NOTE: 1. Before using this option, it's mandatory to name the partition table at the partition menu. 2. By default the save option will save the updated partition table information to the file ./format.dat 3. The location can be changed and the file name can be anything. 4. After doing updations, we can save the changes to the same file. This file will be updated and not over written. format>volname will prompt for the disk name NOTE: format> volname will assign name to the disk drive partition> name will assign the name to the partition table. format> !cmd partition> !cmd eg: format> !clear partition> !ls this is used to run the shell commands without quitting from the format utility. format> current Current Disk = c0t12d0: 5student <SEAGATE-ST39103LCSUN9.0G-034A cyl 4924 alt 2 hd 27 sec 133> /pci@1f,4000/scsi@3/sd@c,0 will provide the information about the current disk drive. format> type will provide the information about the disks supported. Only with X-86 hardware: format>fdisk this option is used to delete the partitions of windows using Solaris. Output truncated: # prtvtoc /dev/dsk/c0t0d0s2 * /dev/dsk/c0t0d0s2 partition map * * Dimensions: * 512 bytes/sector * 248 sectors/track * 19 tracks/cylinder * 4712 sectors/cylinder * 7508 cylinders * 7506 accessible cylinders * * Flags:



* 1: unmountable * 10: read-only * * Unallocated space: * First Sector Last * Sector Count Sector * 18433344 16934928 35368271 * * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory 0 2 00 0 18433344 18433343 # prtvtoc prints the Volume Table Of Contents Following informations will be provided: 1. disk (volume name) 2. disk information, about the sectors, tracks. cylinders.. 3. the created slices inforation along with the flags Re-labling a disk: # prtvtoc /dev/dsk/c0t0d0s0 > /var/tmp/test_disk0 Redirecting the output of # prtvtoc to the file /var/tmp/test_disk0 # fmthard -s /var/tmp/test_disk0 /dev/rdsk/c0t10d0s2 Copying the VTOC of disk c0t0d0 to new disk c0t10d0s2 # fmthard this command is used to create/copy the layout of one disk drive to another. NOTE: # fmthard command can be used only if both the source disk and the destination disk drive geometry remains same. Reconfiguring the disk: It can be achieve by 3 ways 1. At OK prompt OK boot -r will boot the system and reconfigure, identifies the newly connected disks. 2. # touch /reconfiure Create a file named "reconfigure" under root. # init 6 Restart the system Now, when the system restarts, the newly connected disks will be identified. NOTE: Once the system is rebooted, the reconfigured file will be removed automatically. 3. # devfsadm -Cv



will be applicable when the system supports hot pluggable disk drives. here -C = to clear and create a new list of newly identified disk drives -v = verbose. detailed output



FILE SYSTEM Mainly classified into 3 types 1. Disk Based file system 2. Pseudo file system 3. Distributed file system 1. Disk based file system: ufs = unix file system. Default file system for Sun Solaris NOTE: The default file system for Linux is ext2, ext3. hsfs = high sierra file system used by optical media. both cdrom and dvd Note: In the case of linux-iso9660 pcfs - personal computer file system which supports dos udfs - universal disk file system for re-writable optical media IN SOLARIS 10 zfs - zetta byte file system. 4 bit = 1 nibble 8 bit = 1 byte 1024 byte = 1 killo byte 1024 kb = 1 mega byte 1024 mb = 1 giga byte 1024 gb = 1 terra byte 1024 tb = 1 penta byte 1024 pb = 1 exa byste 1024 hb = zetta byte 256 quadrillion zetta bytes. Distributed file system: NFS - Network file system Used to access the shared resources. Pseudo file system: Pseudo means false. swapfs - swap file system tmpfs = temp file system, used by /tmp directory procfs = process file system, used by /proc directory mntfs = mount file system fdfs = file descriptor file system, used by the devices VTOC = Volume Table Of contents Resides at Track 0, Sector 0 Occupies 512 bytes



Boot block (bootblk): It's similar to bsl (boot strap loader) Resides between Track 0, sector 1 to Track 0, sector 15 In X-86 it's said to be as GRUB (Grand Unified Boot Loader) Will be active only at the root disk Primary super block: Resides between Track 0 , sector 16 to Track 0, sector 31 It occupies 16 sectrors Providies the information about the data blocks, inodes and more. Secondary backup block: It always starts and occupies Track 0, sector 32. Backup super blocks will be created at the time of file system creation At the time of file creation, number of backup super blocks will be created Cylinder group blocks: provides the information about the cylinder per groups free data block, size available, number of inodes and more. # newfs This command is used to create a new file system. When this command is invoked to create a new file system, it refers to the file /etc/default/fs OUTPUT: # cat /etc/default/fs LOCAL=ufs This file will have the above mentioned entry and hence only ufs file system will be created by default. # newfs command at the time of creation will provide the following information: 1. where the slice was mounted earlier, 2. geometry of the slice 3. secondary backup blocks OUTPUT: # newfs /dev/rdsk/c0t12d0s0 newfs: /dev/rdsk/c0t12d0s0 last mounted as /mnt/sone newfs: construct a new file system /dev/rdsk/c0t12d0s0: (y/n)? y Warning: 5166 sector(s) in last cylinder unallocated /dev/rdsk/c0t12d0s0: 1027026 sectors in 168 cylinders of 48 tracks, 128 sectors 501.5MB in 13 cyl groups (13 c/g, 39.00MB/g, 18624 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32, 80032, 160032, 240032, 320032, 400032, 480032, 560032, 640032, 720032, 800032, 880032, 960032 # newfs -N /dev/dsk/c0t12d0s0 Will not create the file system, instead display the information about the geomerty of the disk slice and the super backup blocks, if file system is created. # newfs -T /dev/rdsk/c0t12d0s0 will create a file system that can support terrabyte.



# newfs -m 1 /dev/rdsk/c0t12d0s0 will create the file system, with the minfree value as 1% Minfree: A certain % of space is reserved for every slices. To know : OUTPUT: # fstyp -v /dev/dsk/c0t12d0s0 | grep -i min minfree 10% maxbpg 2048 optim time To change the minfree value: # tunefs -m 1 /dev/dsk/c0t12d0s0 minimum percentage of free space changes from 10% to 1% # fsck file system check It can be done in two ways 1. Non-interactive - only at the time of booting 2. Interactive - at any time NOTE: Before running # fsck, it's recommended to unmount the slice OUTPUT: # fsck -y -o b=160032 /dev/dsk/c0t12d0s0 Alternate super block location: 160032. ** /dev/rdsk/c0t12d0s0 ** Last Mounted on ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3a - Check Connectivity ** Phase 3b - Verify Shadows/ACLs ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cylinder Groups UPDATE STANDARD SUPERBLOCK? yes 2 files, 9 used, 483015 free (15 frags, 60375 blocks, 0.0% fragmentation) ***** FILE SYSTEM WAS MODIFIED ***** Where -o = to specify the option b = to specify the block number -y = to confirm "yes" NOTE: fsck command will check file system consistency, inode consistency, cylinder groups consistency.



# df -h will provide 1. what are the devices mounted 2. Whenre it is mounted 3. what is the total size of the slice 4. how much of space is used 5. how much of available space 6. space utilized in % Where -h = to view the information in human readable format. # du -h /<dir> # du -h /mnt/sone will provide how much of space is occupied by each file and directory where -h = human readable format # quot -h /dev/dsk/c0t12d0s0 /dev/rdsk/c0t12d0s0: 9 root will show the ownership.



PERFORMING MOUNTING AND UNMOUNTING OPERATION Mounting is the process of getting ready to access the newly created slices. Mounting can be done only if the slice is having the file system. To mount a device mount point is essential. By default only one device can be mounted at a single mount mount. # mount This command can be used only by the root user. This provides the information about what are the devices mounted along with its property. This will show both the permanent and temp mounted devices information along with the newtwork mounted informations. Output truncated: # mount / on /dev/dsk/c2t0d0s0 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=1d80008 on Sat Jul 18 20:05:48 2009 /devices on /devices read/write/setuid/devices/dev=4b80000 on Sat Jul 18 20:05:36 2009 /system/contract on ctfs read/write/setuid/devices/dev=4bc0001 on Sat Jul 18 20:05:36 2009 /proc on proc read/write/setuid/devices/dev=4c00000 on Sat Jul 18 20:05:36 2009 /etc/mnttab on mnttab read/write/setuid/devices/dev=4c40001 on Sat Jul 18 20:05:36 2009 /etc/svc/volatile on swap read/write/setuid/devices/xattr/dev=4c80001 on Sat Jul 18 20:05:36 2009 /system/object on objfs read/write/setuid/devices/dev=4cc0001 on Sat Jul 18 20:05:36 2009/usr on /dev/dsk/c2t0d0s3 read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=1d8000b on Sat Jul 18 20:05:49 2009 /platform/sun4u-us3/lib/libc_psr.so.1 on /platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1 read/write/setuid/devices/dev=1d80008 on Sat Jul 18 20:05:44 2009 /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 on /platform/sun4u-us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1 read/write/setuid/devices/dev=1d80008 on Sat Jul 18 20:05:45 2009 /dev/fd on fd read/write/setuid/devices/dev=4e80001 on Sat Jul 18 20:05:49 2009 # df -h will also provide the information about the device currenlty mounted. This command can be used by the non-root users. To know the file system type of the slice # fstyp <logical_device_name> OUTPUT: eg: # fstyp /dev/dsk/c2t1d0s0 ufs This shows the type of the file system created on the slice



/etc/mnttab 1. is non-editable file even by the root user 2. this file can be updated by executing the command "#mount" 3. has the information about the currenlty mounted slices 4. provides the information about the device mounted, mount point of the device, how it's mounted (state - ro/rw, nosuid, intr/nointr, largefiles/noloargefiles,xattr, on error=panic/unmount/lock), type of the file system. 5. While mounting the slice we can provide the following options: ro = read only rw = read & write (Default) nosuid = will not support the suid file scripts. By default it's supported intr = accepts the keyboard intrupts (Default) nointr = will not support largefiles = will support the file size more than 2gb (Default) nolargefile = will not support the files with more file size. xattr = extreme attributes, to provide compatability with unix flavors. on error = three actions can be performed panic = displays the message (Default) lock = will lock the slice from performing any actions unmount = will unmount the slice forcefully. Ouptput truncated: # cat /etc/mnttab /dev/dsk/c2t0d0s0 / ufs rw,intr,largefiles,logging,xattr,onerror=panic,dev=1d80008 1247927748 /devices /devices devfs dev=4b80000 1247927736 ctfs /system/contract ctfs dev=4bc0001 1247927736 proc /proc proc dev=4c00000 1247927736 mnttab /etc/mnttab mntfs dev=4c40001 1247927736 swap /etc/svc/volatile tmpfs xattr,dev=4c80001 1247927736 objfs /system/object objfs dev=4cc0001 1247927736 /dev/dsk/c2t0d0s3 /usr ufs rw,intr,largefiles,logging,xattr,onerror=panic,dev=1d8000b 1247927749 /platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1 /platform/sun4u-us3/lib/libc_psr.so.1 lofs dev=1d80008 1247927744 To mount the device : # mount <device> <mount_point> Eg: # mount /dev/dsk/c2t0d0s6 /six6 Example to mount slice with manually with different options: # mount -o ro,nolargefiles,nosuid /dev/dsk/c2t1d0s1 /mnt/slice1 To check: # tail -1 /etc/mnttab /dev/dsk/c2t1d0s1 /mnt/slice1 ufs ro,nosuid,intr,nolargefiles,logging,xattr,onerror=panic,dev=1d80001 1247930672



where -o = to specify the options NOTE: If the properties of the mounted slice has to be changed, then the slice has to be unmounted and want to be mounted once again. By default, the # mount command mounts the slice having the ufs file system. This is b'coz: # cat /etc/default/fs LOCAl=ufs /etc/vfstab 1. This file is editable file, by the root user. 2. Will have the entries of the devices that has to mounted permanently, even after reboots. 3. At the time of booting only this file will be checked. 4. The entries to this file and /etc/mnttab differs. OUTPUT: # cat /etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # fd - /dev/fd fd - no - /proc - /proc proc - no - /dev/dsk/c2t0d0s1 - - swap - no - /dev/dsk/c2t0d0s0 /dev/rdsk/c2t0d0s0 / ufs 1 no - /dev/dsk/c2t0d0s3 /dev/rdsk/c2t0d0s3 /usr ufs 1 no - /dev/dsk/c2t0d0s4 /dev/rdsk/c2t0d0s4 /var ufs 1 no - /dev/dsk/c2t0d0s7 /dev/rdsk/c2t0d0s7 /export/home ufs 2 yes -/devices - /devices devfs - no - ctfs - /system/contract ctfs - no - objfs - /system/object objfs - no - swap - /tmp tmpfs - yes - 5. Will have number of fields a. device to mount = logical name of the device that has to be mounted b. device to fsck = logical name of the raw device is specified to check the file system consistency to check the integrity c. mount point = to where the slice has to be mounted d. Fs type = to specify the file system of the slice to be mounted e. fsck pass = to assign the priority f. mount at boot = either "yes" or "no" only if the option is "yes" the slice will be mounted after reboot g. mount options = to specify the options of the slice while mounting, for eg: ro, nosuid... NOTE: /, /usr, /var will have the option mount at boot = no



but, before reading this file entry, those slices will be mounted by running a script. Hence these above 3 were execetption. # mountall # umountall will mount all /unmoutall the slices which have the option mount at boot = yes Note: 1. After making updations to the file /etc/vfstab we can make the slice available by a. # mountall b. # mount <mount_point> Eg: # mount /fiv To umount the device: # umount <mount_point> or # umount <logical_device_name> Eg: # umount /mnt/slice0 # umount /dev/dsk/c2t0d0s0 NOTE: Before unmounting make sure, we are away from the mount point. To know which user is using the mount point: # fuser -cu <mount_point> Eg: # fuser -cu /fiv will display which user is using the specified mount point. # fuser -ck <mount_point> Eg: # fuser -ck /fiv will kill all the process related with the specified mount point. Then it's possible to umount the slice normally. # umount -f <mount_point> # umount -f <logical_device_name> Eg: # umount -f /fiv # umount -f /dev/dsk/c2t0d0s5 will forcefull umount the device. where -f = forcefully To mount the cdrom: Can be performed by 2 methods. 1. mounting the device manually 2. mounting the device using volume management.



To mount the device using volume management: # /etc/init.d/volmgt start - To start the service # /etc/init.d/volmgt stop - To stop the service NOTE: Once if the device (cdrom) is mounted using volume magement, its possible to eject the media, before unmounting. The above command will check the configuration file /etc/vold.conf /etc/vold.conf - Volume Management Configuration file which holds the actions to tbe performed. vold - is the daemon which will be running at the background while the volume management process is started. /etc/rmmount.conf - is the configuration file for the removable media. NOTE: 1. Volume management (VOLD) features automatic detection of the CD-ROM. However, it does not detect the presence of diskette that has been inserted in the drive untill volcheck command is run, This command instructs the vold daemon to check the diskettte drive for any inserted media. Volme management can mount ufs, pcfs, hsfs & udfs file system. To determine the file system: # mount # cat /etc/default/fs # cat /etc/vfstab # cat /etc/dfs/dfstypes # fstyp /dev/dsk/c2t1d0s7 To mount the cdrom manually: First determine the logical name of the device: # iostat -En - will provide the information about the removable media where it is connected. For eg: to which controller, target. # iostat -en - will provide the above information, along with the hardware and software errors. # mount -F <file_system> -o <options> <device_name> <mount_point> Eg: # mount -F hsfs -o ro /dev/dsk/c2t6d0s0 /mnt/cdrom This mount the cdrom manually. Only after umounting the device, it's possible to eject the media. To mount the network resource: # mount -F <file_system> <source-ip/host-name:/<shared-resource> <mount_point> Eg: # mount -F nfs 192.168.0.100:/source /current



INSTALLING THE SUN SOLARIS SOFTWARE Can install the Sun Solaris Operating System by 1. cd or dvd 2. Jumpstart 3. Flash 4. NFS 5. WLAN NOTE: 1. To invoke graphics, mouse has to attached to the system 2. Requires 512 Mb of physical memory (Sun Solaris-10) Sun Solaris Cluster Software Group: Cluster = is a collection a. Reduced Networking Support Software Group - SUNWCrnet b. Core System Support Software Group - SUNWCreq c. End User Solaris Software Group - SUNWCuser d. Developer Solairs Software Group - SUNWCprog e. Entire Solaris Software Group - SUNWCall f. Entire Solaris Software Group with OEM - SUNWCXall SUNWC = Stanford University Network Worldwide Cluster # cat /var/sadm/README this file provides the information about the old software release, install log files and new software release. OUTPUT: # cat /var/sadm/softinfo/INST_RELEASE OS=Solaris VERSION=10 REV=0 # cat /var/sadm/install_data/install_log provides number of informations it also provides the information about the Sun Solaris Software Cluster Group installed. OUTPUT: # cat /var/sadm/system/admin/CLUSTER CLUSTER=SUNWCall will only provide the information about the Sun Solaris Software Cluster Group installed.



PACKAGE ADMINISTRATION

# pkgadd = to install/add the packages # pkgrm = to remove the packages # pkginfo = to gather the information about the installed packages # pkgchk = to check the installed packages to the system # pkgtrans = to create a package cluster NOTE: The format of the packge in Sun Solaris is DATASTREAM. # pkginfo will provide all the installed, both completely installed and partially installed packes. Displays the information about the packages in 3 coloumns. Output trucnated: # pkginfo | more system CADP160 Adaptec Ultra160 SCSI Host Adapter Driver system HPFC Agilent Fibre Channel HBA Driver system NCRos86r NCR Platform Support, OS Functionality (Root) system SK98sol SysKonnect SK-NET Gigabit Ethernet Adapter SK-98xx system SKfp SysKonnect PCI-FDDI Host Adapter system SUNW1251f Russian 1251 fonts system SUNW1394 Sun IEEE1394 Framework system SUNW1394h Sun IEEE1394 Framework Header Files ALE SUNW5xmft Traditional Chinese (BIG5) X Windows Platform minimum required Fonts Package system SUNWGlib GLIB - Library of useful routines for C programming system SUNWGtkr GTK - The GIMP Toolkit (Root) system SUNWGtku GTK - The GIMP Toolkit (Usr) GNOME2 SUNWPython The Python interpreter, libraries and utilities 1st coloumn = provide the information about the category to which the package belongs too. There are 4 categories available: System, application, CTL (Complex Text Layout), ALE (Alternate Language Environment) 2nd coloumn = provide the information about the name of the package 3rd coloumn = provide the short description of the package # pkginfo -p provides ONLY the PARTIALLY installed packages



# pkginfo -l <packge_name> for eg: OUTPUT: # pkginfo -l SUNWbash PKGINST: SUNWbash NAME: GNU Bourne-Again shell (bash) CATEGORY: system ARCH: i386 VERSION: 11.10.0,REV=2005.01.08.01.09 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: GNU Bourne-Again shell (bash) version 3.0 PSTAMP: sfw10-x20050108013321 INSTDATE: Jul 22 2009 14:37 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 3 installed pathnames 2 shared pathnames 2 directories 1 executables 1197 blocks used (approx) will provide the following informations: a. name of the package b. arch of the system to which the package is installed c. category of the package d. base dir to which the package is installed e. how of disk space it's approximately occupied f. when the specified package is installed # pkginfo | wc -l will list out how many packages is installed to the system # cat /var/sadm/install/contents Provide the information about the packages installed to the system # cd /var/sadm/pkg Provide what are the packages installed to the system To install a package: Let's consider the OS cd/dvd is mounted under /mnt/cdrom # pkgadd -d <path_of_the_package> <package_name> # pkgadd -d . <package_name> # pkgadd -d /mnt/cdrom/Solaris_10/Product SUNWbash To install a specified package # cd /mnt/cdrom/Solaris_10/Product # pkgadd -d . SUNWbash To install the specified package from the current location # pkgadd -d /mnt/cdrom/Solaris_10/Product -s SUNWbash will copy the pacakge to the default spool directory. Location of the default spool directory = /var/spool/pkg



# pkgadd -d /mnt/cdrom/Solaris_10/Product -s /pkg_bkp SUNWbash will copy the specified packaged to the customised location (/pkg_bkp) # pkgrm <package_name> For eg: # pkgrm SUNWbash to remove the specified package Package cluster: Package cluster is a collection of packages. # pkgtrans -s <source_of_the_pkg_dir> <name_of_pkg_cluster> <pkg1,pkg2,pkg3> for eg: # pkgtrans -s /mnt/cdrom/Solaris_10/Product /test.pkg SUNWbash SUNWman will combine the packages and form a software cluster named test.pkg under / NOTE: Name of the cluster can be anything. To install a package using a software cluster: # cd / # pkgadd test.pkg It'll prompt for the number of package to be installed. #pkgchk <pkg_name> # pkgchk SUNWbash if the package is installed, nothing will be shown as a output. But if the package is NOT installed, a error report will be generated OUTPUT: # pkgchk -v SUNWbash /usr /usr/bin /usr/bin/bash will provide the information about the specified package installed path names, executable file and directory. # pkgchk -l SUNWbash will display the detailed list about the file names associated with the specified package Output truncated: # pkgchk -l SUNWman | more Pathname: /usr/man Type: symbolic link Source of link: ./share/man Referenced by the following packages: SUNWdoc SUNWman Current status: installed Pathname: /usr/share Type: directory Expected mode: 0755 Expected owner: root



Expected group: sys Referenced by the following packages: SUNWocfd SUNWcsu SUNWjdmk-base SUNWesu SUNWTiff SUNWjpg SUNWgnome-base-libs-shareSUNWgnome-config-shareSUNWgnome-vfs-shareSUNWgnome-libs-share SUNWgnome-help-viewer-shareSUNWcacaort SUNWbrg SUNWj5rt SUNWswmt SUNWscpu SUNWdtdst SUNWgnome-panel-shareSUNWswupcl SUNWocf SUNWxwsvr SUNWjato SUNWpdas SUNWscgui SUNWgnome-terminal-share # pkgchk -p <file_name> will provide the information about when the file is modified. OUTPUT: # pkgchk -p /etc/shadow ERROR: /etc/shadow modtime <11/09/06 10:18:10 PM> expected <07/20/09 11:20:32 AM> actual file size <296> expected <703> actual file cksum <20180> expected <48117> actual OUTPUT: # pkgchk -l -p /etc/shadow Pathname: /etc/shadow Type: editted file Expected mode: 0400 Expected owner: root Expected group: sys Referenced by the following packages: SUNWcsr Current status: installed will provide a. name of the package the specified file is associated with b. permissionship of the file c. ownership and group of the file d. status of the package Points to remember: # pkginfo -p -l where -p = provide the partially installed packages -l = provide the detailed information about the packages installed # pkgadd -d to specify the source directory of the package



# pkgtrans -s to specify the source directory of the package # pkgchk -v <pacage_name> to provide the information about the files the specified file is assicated with. # pkgchk -p <file_name> -p = to specify the path will provide the information about the modified time of the file # pkgchk -l -p <file_name> -l = to privide the detailed information about the file specified -p = to specify the path of the file



Patch Administration In earlier versions of Solaris OE the format of the patch is .tar But the newer releases from Solaris 8 the format of the patch is .zip NOTE: Before installing a patch, it's recommended to check whether patch going to be installed is a right patch to fix the problem. It's recommended to have a backup of the installed OS. Since the patch is going to directly interact with the kernel (os), the above option is recommended. The patches informations will be stored to the location /var/sadm/patch # showrev -p # pathchadd -p will display the information about the currenlty installed patches. Patches can be downloaded from the site sunsolve.sun.com It can be downloaded through http or by ftp as a anonymous user. Patches normally come with numbers 105050-01.zip A B A = is called as the base code B = is the revision number of the patch. To install a patch: 1. Unzip the downloaded patch. 2. # patchadd <patch_number> # patchadd 105050-01 NOTE: Before installing a patch, soon after unzipping the patch, A README file will be extracted. It's recommended to read that file. That file will provide the information about, which problem will be fixed by installing the patch, pre-requestie to install the patch. # patchadd -d <patch_number> # patchadd -d 105050-01 will NOT save the patch to the disk. Once the system is rebooted, the information will be vanished. # patchrm <patch_number> # patchrm 105050-01 To remove the installed patch. NOTE: # smpatch command can also be used to install the patch.



OBP – Open Boot PROM

OBP - Open Boot PROM BootPROM init 0 all the above are same OBP is a firmware. It can be compared with X-86 bios. NOTE: - The possible values of the boot-device parameter include only the following disk, net and cdrom - Stop key have the impace/effect on OBP only - Can only control the POST only by using the Sun keyboard - Sun can replace the NVRAM with the same host id and ehternet address

- Stop+A kay sequence can cause Solaris OS file system corruption which can be difficult to repair.

# kbd -t displays the keyboard type OK prompt / OBP - OpenBoot PROM / Boot PROM Monitor Mode / init 0 Ok nvramrc NVRAMRC contents are displayed OK banner displays the system information, inclusing the physical memory, processor, obp version and the system model. Ok oem-logo? If true, displays customized oem logo specified by oem-logo ok boot net - install Jumpstart boot. Boot off the network jumpstart server and install/upgrade the operating system. [NOTE: There is a space both before and after the -. The â€“ serves as a place holder argument for the command.] Ok boot -a Ask me. Interactive mode prompts for the names of the boot files. [Helpful if you need to boot off an alternate /etc/system file after kernel unable modifications.]



Ok boot -r Reconfigure boot. Boot and search for all attached devices, then build device entries for anything which does not already exist. Useful when new devices are added to the system. Ok boot -s Single user. Boots the system to run level 1. Ok boot -v Verbose boot. Show good debugging information. Ok boot -V Verbose boot. Show a little debugging information. Ok .enet-addr Displays the enternet address Ok .version Display version and date of the boot PROM (pritconf â€“V in a shell when booted) Ok .speed Display processor and bus speeds Ok sync Call the operating system to write information to hard disk drive Ok firmware-version Displays major/minor CPU firmware Ok reset Reset entire system [similar to performing a power cycle] Ok reset-all Reset entire system [similar t performing a power cycle] Ok set-defaults Reset all the PROM settings to the factory settings Ok eject Ejects the drive Ok eject cdrom Ok test device Test the specified device Ok test net Test the primary network controller Ok test-all Test all devices available with the self-test capability Ok test scsi Test the primary SCSI controller



Ok watch-net Monitors network broadcast packets for default interace . for a good packet X for a bad packet Ok watch-net-all Monitors network broadcast packets for all the interfaces Obdiag Invokes an optional interactive menu tool which lists all self-test methods available on a system; provides commands to run self test. (More for servers and very machine specific. Reference the specific hardware manual for the machine to get additional information on running obdiag. Ok nvedit Enter the NVRAMRC editor. If data remains in the temporary buffer from a previous nvedit session, resume editing those previous contents. IF not, read the contents of NVRAMC into the temporary and begin editing it. NVRAMRC [nvedit] Editor Commands: Control-b = Moves backward one character. Escape b = Moves backward one word. Control-f = Moves forward one character. Escape f = Moves forward one word. Control-a = Moves backward to beginning of line. Control-e = Moves forward to the end of the line. Control-n = Moves to the next line of the script edit buffer. Control-p = Moves to the previous line of the script edit buffer. Return (Enter) = Inserts a new line at the cursor position and advances to the next line. Control-o = Inserts a new line at the cursor position and stays on the current line. Control-k = Erases from the cursor position to the end of the line, storing the erased characters in a save buffer. If at the end of the line joins t he next line to the current. Delete = Erases the previous character. Backspace = Erases the previous character. Control-h = Erases the previous character. Escape h = Erases from beginning of word to just before the cursor, storing erased characters in the save buffer. Control-w = Erases from beginning of word to just before the cursor, storing erased characters in a save buffer. Control-d = Erases the next character. Escape d = Erases from the cursor to the end of the word, storing the erased characters in a save buffer. Control-u = Erases the entire line, storing the erased characters in a save buffer. Control-y = Inserts the contents of the save buffer before the cursor. Control-q = Quotes the next character (allows you to insert control chars) Control-r = Retypes the line. Control-l = Displays the entire contents of the editing buffer. Control-c = Exits the script editor, returning to the OpenBoot command interpreter. The temporary buffer is preserved, but is not written back to the script. (Use nvstore to write it back.)



Ok show-devs Display list of installed and probed devices Ok show-pci-devs Display all PCI devices Ok show-disks Display a list of known disks in format for use in creating device alias. Ok show-tapes Display a list of know tape device drives conneced to the system Command hold down the keys/keys during the power-on sequence: Stop-A Abort Stop-D Enter detailed diagnostic mode Stop-N Reset NVRAM content to default values Setting Security Variables: Not recommended to do practice or implement. The NVRAM security variables control the set of operations users are allowed to perform from the OpenBoot PROM user interface and can be set with the following: OK setenv security-password password Sets the PROM security password to what is specified in the password filed. This password must be between zero and eight characters [any characters after eight are ignored] and the passwords takes effect immediately â€“ no reset is required. Once set, if we enter an incorrect password there is a delay of around 10 seconds, before we are able to try again and the security-#badlogins counter is incremented. The password is never shown as we type it or with the printenv. OK printenv security-mode Displays the current mode for the PROM security OK setenv security-mode mode Where mode can be 1.none a.No password is required b.Default 2.command a.All commands expect for boot and go require password 3.full a.All commands expect for go require the password



Caution: We must set our security password before setting the security mode. [The password is blank by default, but if already set by someone, we wonâ€™t know what it is and will not be able to disable it] If we forgot the security password, we may not be able to use our system and must call the vendor for a replacement of a PROM. Ok printenv security-#badlogins Display the number of failed security password attempts Ok setenv security-#badlogins number Reset the security-#badlogins counter. This counter keeps track of the nuber of failed security password attempts. Changing the power-on banner: The banner information seen from the power-on can be modified with the oem-banner and oem-banner? Configuration settings. By default the banner shows information like processor type, speed, PROM revision, memory, hosted and the Ethernet address. Ok banner Display the power-on banner Ok setenv oem-banner string Set the power-on banner to the string Ok setenv oem-banner? True Activate the custom banner Ok setenv oem-banner? False Restore the original system power-on banner OK devalias - to view the alias name assigned to the physical device at the Boot PROM monitor mode OK nvalias <alias_name> <physical_device_name_along_with_LUN> - to assign the alias name to the physical device for eg: OK nvalias cdrom /pci@8,700000/scsi@6/sd@6,0:f To assign the alias name to the cdrom. To remove the alias name: OK nvunalias <alias_name>



eg: OK nvunalias cdrom OK sifting <part_of_the_command> eg: OK sifting bo it'll act simialr to grep command and search for the keyword 'bo" at OK prompt To search/probe for the devices: OK probe-scsi OK probe-scsi-all OK probe-ide OK go will resume back to the OS, shell, if we have used stop-A key sequence. # eeprom - can be used by root user only. - can be used while the system is in the running state - is used to change the environmental variables of OK prompt while the system is in the running state. - this will have a impact once the system is restarted - will dispaly only the currently assinged values NOTE: where as, OK printenv - will display the currently assinged values and the default parameter that can be assinged. If auto-boot? false at the OK prompt, then, whenever the system is rebooted, OK boot command has to be executed. whereas auto-boot? ture then the system boots from the default device automatically NOTE: - stop keys will function irrespective of the user account. i.e stop keys are independent. If the machine is at OK prompt, the machine is NOT running, so user account will have no impact. - It's not recommended to use stop+A to move to Ok prompt, since it'll abort the process running. - To move to OK prompt, execute # init 0



To disable the stop+A sequence: 1. Edit the file /etc/default/kbd Output (Only relevant lines are displayed): # Uncomment the following line to disable keyboard or serial device # abort sequences: KEYBOARD_ABORT=disable 2. # kbd -i - to initiate the changes done To enable: 1. Edit the file /etc/default/kbd Output (Only relevant lines are displayed): # Uncomment the following line to disable keyboard or serial device # abort sequences: #KEYBOARD_ABORT=disable 2. # kbd -i to initate This is permanent. To enable or disable only for the current session: # kbd -a enable # kbd -a disable



Bootup & Shutdown Procedures Solaris - Run levels init - to initate the runlevels S or s = System maintenance mode 1 = Single user mode (No network support will be available, only text mode is available) 2 = Multi user mode without NFS support (Only text mode is available) 3 = Default run level. Multi user mode with NFS support in GUI mode 4 = Un used 5 = To shutdown the system 6 = To restart the system 0 = OK prompt mode/OBP mode/BootPROM mode/Forth monitor mode Additional information: Linux - Run levels S or s = System maintenance mode 0 = To shut down the system 1 = Single user mode 2 = Multi user without NFS support in Text mode 3 = Multi user with NFS support in Text mode 4 = Un used 5 = Default run level. Multi user with NFS support in GUI 6 = To restart the system Short comparison: Disk administration: Solaris Linux # format # fdisk -l Displays the disk availabilty Displays the disks & partitions availability /dev/(r)dsk/c#t#d#s# /dev/hda,/dev/hdb,/dev/sda,/dev/sdb # mount /dev/dsk/c#t#d#s# /mnt/slice # mount /dev/hda# /mnt/new # mount -F hsfs /dev/dsk/c#t#d#s# /mnt/cdrom # mount -t iso9660 /dev/cdrom /mnt/cdrom File system: ufs ext3 # newfs /dev/rdsk/c#t#d#s# # mkfs -t ext3 /dev/hda# Mounts & Unmounts: /etc/mnttab /etc/mtab /etc/vfstab /etc/fstab



Package administation: # pkgadd <package> # rpm -ivh <package> # pkginfo # rpm -qa # pkgrm <package_name> # rpm -e <package_name> Process monitoring: # prstat # top # free uptime,last,who,w = works with both Backup & restore: # ufsdump # dump # ufsrestore # restore Linux Directory structure: / = root /root = root's home directory /home = non-root user's home directory /etc = system configuration directory /dev = logical disk drive informations /mnt = optional directory to mount the devices /opt = optional directory to install 3rd party softwares /usr = unix system resource /var = system logs /media = default mount point for optical media (RHEL5 - Red Hat Enterprise Linux 5) /selinux = security enhanced linux ( Seen in RHEL 5) /lib = library modules /bin = non root user executable binaries /sbin = root user executable binaries /proc = provides system hardware information & generate the pid's /lost+found = used at the time of fsck /boot = have the boot loader information Solaris bootup & shutdown procedures: To shutdown the system: # init 5 # shutdown -g 90 -i 5 Where -g = to specify the grace period -i = to inform the system to move the specified runlevel # poweroff To restart the system: # init 6 # shutdown -g 30 -i 6 # reboot



Bootup phases: 1. Boot PROM phase: a. PROM runs POST (Power On Self Test). It checks whether all the devices recives the proper power supply. If not received messages will displayed at the console b. Identifies the first boot device or boot device c. Reads the bootblk from the secondary storage d. Loads the bootbld from the secondary storage to physical memory 2. Boot Program phase: a. Bootblk loads secondary boot program (ufsboot) b. Kernel identifies the hardware spec - 32 bit or 64 bit, X86/sparc and so on Has two part in it Unix - Independent of hardware Genunix - Dependent of hardware 3. Kernel Initialization phase: a. Reads the entry from the file /etc/system Note: This file is recommended NOT to edit b. Kernel initates itself 4. Init phase: a. Kernel starts the /etc/init It has the the services that has to be started at the time of boot /etc/init.d/ list out the number of services that start at the time of boot /etc/inittab Reads this file to identify, in which run level the system has to be started After reading the entry of the file accordingly, b. It starts rc Scripts rc = run control scripts Output truncated: # ls /etc/init.d 1 boot.server imq mipagent samba PRESERVE cachefs.daemon init.dmi mkdtab sendmail README deallocate init.sma ncakmod slpd acct devlinks init.snmpdx ncalogd swupboots OUTPUT: # cat /etc/inittab # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # The /etc/inittab file controls the configuration of init(1M); for more # information refer to init(1M) and inittab(4). It is no longer # necessary to edit inittab(4) directly; administrators should use the # Solaris Service Management Facility (SMF) to define services instead. # Refer to smf(5) and the System Administration Guide for more # information on SMF. #



# For modifying parameters passed to ttymon, use svccfg(1m) to modify # the SMF repository. For example: # # # svccfg # svc:> select system/console-login # svc:/system/console-login> setprop ttymon/terminal_type = "xterm" # svc:/system/console-login> exit # #ident "@(#)inittab 1.41 04/12/14 SMI" ap::sysinit:/sbin/autopush -f /etc/iu.ap sp::sysinit:/sbin/soconfig -f /etc/sock2path smf::sysinit:/lib/svc/bin/svc.startd >/dev/msglog 2<>/dev/msglog </dev/consol e p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 -g0 >/dev/msglog 2<>/dev/msglog Every run level has their own rc scripts dir. /etc/rc#.d/ has the number of services that has to be started/killed when the particular run level invokes For eg: OUTPUT: # ls /etc/rc2.d/ K03samba K27boot.server S42ncakmod S81dodatadm.udaplt K05appserv README S47pppd S89PRESERVE K06mipagent S10lu S70uucp S94ncalogd K15imq S20sysetup S72autoinstall S98deallocate K16apache S40llc2 S73cachefs.daemon The scripts starts with "S" will be started The scripts starts with "K" will killed The services will be started in sequence. This happens in the earlier versions till Solaris 9 But in the case of Solairs-10 SMF - Service Management Faciltiy take care of starting/killing the sevices parallely at the time of boot, which reduces the boot time. # who -r will provide the following information a. current run level b. date & time of the last run level change c. number of times at this runlevel since the last rebppt d. previous run level OUTPUT: # who -r . run-level 3 Aug 12 12:22 3 0 S Note: # init q



# /etc/telinit q will re-read the /etc/inittab file To shutdown/restart: /etc/telinit 5 = to shutdown the system /etc/telinit 6 = to restart the system To change the run level: # init 2 #/etc/telinit 2 /etc/telinit = is executeable file Output: # file /etc/telinit /etc/telinit: ELF 32-bit LSB executable 80386 Version 1, dynamically linked, stripped



BOOT LOADER - GRUB GRUB - GRand Unified Bootloader Grub is stored to the /boot directory. Seen only on the X86 arch machines. Provides the option to interact with the system to choose an operating system to work in case of more than one operating system is installed. Terminology: 1. Boot Loader: eg: Grub - solaris, linux (very popular boot loader) Lilo - Linux Loader Boot.ini - windows Always the boot loader will be residing at the starting location of the disk which is having the operating system. Note: GRUB can be compared with bootblk in Sparc arch. The boot loader is the first software program that runs after you turn on a system. This program begins the boot process. 2. Boot archive: A boot archive is a collection of critical files that is used to boot the solaris os. Two boot archives are maintained by the system a. Primary boot archive - Used to boot the Solaris OS on the system b. Solaris Fail Safe - Used for recovery when the primary boot archive is damaged.

On X86 based systems, the miniroot is copied to the system to be used as failsafe boot archive.

3. Grub edit menu: Located under /boot/grub Name of the file = menu.lst Can be edited by the root user, and edtions will have the impact only on the next reboot. This menu.lst file (boot menu file) lists the operating systems taht are installed on a system. Note: 1. If we install an operating system other than the Solaris OS, we must modify/edit the /boot/menu.lst file manually to include the new installed OS instance. Adding this entry will provide the option on next reboot. 2. The default OS is usually the first entry that is displayed in the grub menu. Eg: Entry from the file /boot/grub/menu.lst



Output displayed in only relevant to the topic: bash-3.00# bootadm list-menu The location for the active GRUB menu is: /boot/grub/menu.lst default 0 timeout 10 0 Solaris 10 11/06 s10x_u3wos_10 X86 1 Solaris failsafe From the above output, The default option is 0 -> Solaris 10 11/06 s10x_u3wos_10 X86 The default sec, that the grub menu displayed to the user is 10 sec. To make the grub menu displayed untill, the option is choosen, edit the /boot/grub/menu.lst file OUTPUT: # vi /boot/grub/menu.lst # default menu entry to boot default -1 This makes the grub to be displayed out of time. Output from the file /boot/grub/menu.lst - Only relevant information is displayed #---------- ADDED BY BOOTADM - DO NOT EDIT ---------- title Solaris 10 11/06 s10x_u3wos_10 X86 root (hd0,0,a) kernel /platform/i86pc/multiboot module /platform/i86pc/boot_archive #---------------------END BOOTADM-------------------- #---------- ADDED BY BOOTADM - DO NOT EDIT ---------- title Solaris failsafe root (hd0,0,a) kernel /boot/multiboot kernel/unix -s module /boot/x86.miniroot-safe Here, Once the default option is selected, i.e 0, then, the menu.lst will read the following, root (hd0,0,a) 1 2 3 where 1 = First hard disk drive. (In the case of second disk drive hd1) 2 = First partition (bootable partition) 3 = First slice Precedence of before and after grub:



ON -> BIOS -> GRUB (Stage1 & stage2) -> OS kernel (Multi-boot,boot-archive-unix) -> sched (PID:0) -> init (PID:1) -> SMF (PID:7)-> Invokes the services. This is how the Grub boots. stage1 = installed on the first sector of the solaris fdisk partition stage2 = installed in a reserved area in the solaris fdisk partition. Is the core image of the GRUB. menu.lst = is typically located to /boot/grub directory. GRUB stage2 file reads the menu.lst file. How to boot the system to single usermode from grub: 1. Once the grub screen is displayed, use arrow keys to select, then press 'e' to edit accordingly. For instance 0 Solaris 10 11/06 s10x_u3wos_10 X86 1 Solaris failsafe if we choose 0, then pressed 'e' then, root (hd0,0,a) kernel /platform/i86pc/multiboot module /platform/i86pc/boot_archive now choose the second line and edit as, To boot the system in single user mode from the grub menu: kernel /platform/i86pc/multiboot -s now press, 'esc' followed by 'b' to boot the system in single user mode. Similarly, to boot the system in reconfiguration mode, edit as kernel /platform/i86pc/multiboot -r can be compared with sparc: OK boot -r To boot the system with milestone options: kernel /platform/i86pc/multiboot -m milestone=single-user can be compared with sparc: OK boot -m milestone=single-user To boot the system in verbose mode: kernel /platform/i86pc/multiboot -m verbose



To boot the system in interactive mode: kernel /platform/i86pc/multiboot -a can be compared with sparc: OK boot -a Properties of Failsafe boot archive: 1. Is self sufficient 2. Can boot on its own 3. Is created by default during installation on the OS 4. Requires no maintenance Contents of the primary boot-archive/failsafe boot archive: 1. All of the kernel modules, driver.conf files, plus a few configuration files located to /etc directory. The kernel reads the file in the boot archive before the root / file system is mounted. After the root / file system is mounted, the kernel discards the boot archive form the memory. Output: bash-3.00# bootadm list-archive etc/rtc_config etc/system etc/name_to_major etc/driver_aliases etc/name_to_sysnum etc/dacf.conf etc/driver_classes etc/path_to_inst etc/mach etc/devices/devid_cache etc/devices/mdi_scsi_vhci_cache etc/devices/mdi_ib_cache kernel platform/i86pc/biosint platform/i86pc/kernel boot/solaris.xpm boot/solaris/bootenv.rc boot/solaris/devicedb/master boot/acpi/tables list the archive files related to boot.



Output: # cat /boot/solaris/bootenv.rc # Copyright 2005 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)bootenv.rc 1.32 05/09/01 SMI" # # bootenv.rc -- boot "environment variables" # setprop kbd-type US-English setprop ata-dma-enabled 1 setprop atapi-cd-dma-enabled 0 setprop ttyb-rts-dtr-off false setprop ttyb-ignore-cd true setprop ttya-rts-dtr-off false setprop ttya-ignore-cd true setprop ttyb-mode 9600,8,n,1,- setprop ttya-mode 9600,8,n,1,- setprop lba-access-ok 1 setprop prealloc-chunk-size 0x2000 setprop bootpath /pci@0,0/pci-ide@5/ide@0/cmdk@0,0:a setprop console 'text' Will provide the boot path of the physical device, from which the opearting system is loaded.



SMF – Service Management Facility

SMF - Service Management Facility an important feature of Sun Solaris 10 0S. Runs with the daemon: svc.startd with the process id-7 Features of SMF includes, 1.Provides service management via service configuration database [list of services and their various supported methods]. 2.Proves legacy rc script support [old programs will work]. 3.Facilitates service dependencies 4.Permits automatic restarts of failed and/or stopped service. 5.Provides service status information [0nline/offline, dependencies] 6.Causes each defined service to log individually to : /var/svc/log 7.Defines a Fault Management Resource Identifier [FMRI]. FMRI provide categories of services

a.network b.milestone

8.Can load mutually exclusive services in parallel. 9.SMF support multiple instances of services. SMF checks the services on the following category: 1. application 2. network 3. devices 4. system 5. platform 6. site 7. milestone Status of the SMF: Degraded: The service instance is enabled, but is running at a limited capacity Disabled -> Services are not enabled and not running Disabled: The service instance is not enabled and is not running. Legacy_run - > the services are not controlled by SMF Legacy_run: The legacy service is not managed by SMF, but can be observed. This state is only used by legacy services that are started with RC scripts Maintenance -> this state needs rootsâ€™s interrogation. In this case the services has to be make available manually Maintenance: The service instances has encountered an error that must be resolved by the administrator



Offline -> Services are enabled but not running Offline: The service instance is enabled; the service is not yet running or available to run. Online -> Services are enabled and its running Online: The service instance is enabled and has successfully started. Uninitialized: This state is the initial state for all services before their configuration has been read. 3-primary SMF utilities: 1. # svcs - Lists services and provides additional information 2. # svcadm - Service administration utility,

Permits interaction with services, including state transitions 3. # svccfg - Service configuration Permits interaction with service configuration database svc.startd - Is the default service manage/restarter inetadm - Is the default, delegated service restarter for INETD daemon Monitoring the services: # svcs -a -a option will display all services, including disabled services. Output truncated: # svcs -a STATE STIME FMRI legacy_run 14:42:55 lrc:/etc/rcS_d/S50sk98sol legacy_run 14:42:59 lrc:/etc/rc2_d/S10lu legacy_run 14:42:59 lrc:/etc/rc2_d/S20sysetup legacy_run 14:42:59 lrc:/etc/rc2_d/S40llc2 . . . disabled 14:42:57 svc:/network/rexec:default disabled 14:42:57 svc:/network/shell:default disabled 14:42:57 svc:/network/shell:kshell disabled 14:42:57 svc:/network/talk:default online 14:42:49 svc:/system/svc/restarter:default online 14:42:50 svc:/system/installupdates:default online 14:42:50 svc:/network/pfil:default online 14:42:50 svc:/milestone/name-services:default online 14:42:50 svc:/network/loopback:default online 14:42:50 svc:/system/filesystem/root:default



# svcs List out that are the services running (online), status of the service, FMRI Output truncated: # svcs STATE STIME FMRI legacy_run 14:42:55 lrc:/etc/rcS_d/S50sk98sol legacy_run 14:42:59 lrc:/etc/rc2_d/S10lu legacy_run 14:42:59 lrc:/etc/rc2_d/S20sysetup legacy_run 14:42:59 lrc:/etc/rc2_d/S40llc2 legacy_run 14:42:59 lrc:/etc/rc2_d/S42ncakmod legacy_run 14:42:59 lrc:/etc/rc2_d/S47pppd legacy_run 14:42:59 lrc:/etc/rc2_d/S70uucp legacy_run 14:42:59 lrc:/etc/rc2_d/S72autoinstall . . . online 14:42:49 svc:/system/svc/restarter:default online 14:42:50 svc:/system/installupdates:default online 14:42:50 svc:/network/pfil:default # svcs -l -l option will give detailed information about a service, includes the FMRI, status of the service, bane if the service, when it was started. Eg: svcs -l network # svcs -l <FMRI> Eg: # svcs -l telnet Output: # svcs -l telnet bash-3.00# svcs -l telnet fmri svc:/network/telnet:default name Telnet server enabled true state online next_state none state_time Mon Aug 24 14:42:57 2009 restarter svc:/network/inetd:default # svcs -d -d option lists the services or service instances upon which the given service instance depents. Eg: svcs -d milestone/network:default svcs -d milestone/multi_user svcs -d network/inetd



Output truncated: bash-3.00# svcs -d milestone/multi-user STATE STIME FMRI disabled 14:42:50 svc:/network/ntp:default disabled 14:42:50 svc:/system/auditd:default disabled 14:42:50 svc:/system/mdmonitor:default disabled 14:42:50 svc:/system/rcap:default online 14:42:50 svc:/milestone/name-services:default online 14:42:52 svc:/system/name-service-cache:default online 14:42:52 svc:/system/rmtmpfiles:default online 14:42:53 svc:/system/power:default # svcs -D -D option will display the other services depends on a given service. eg: svcs -D milestone/multi-user Output: bash-3.00# svcs -D milestone/multi-user STATE STIME FMRI disabled 14:42:50 svc:/network/dhcp-server:default disabled 14:42:50 svc:/application/management/common-agent-container-1:default online 14:43:05 svc:/milestone/multi-user-server:default online 14:43:28 svc:/system/webconsole:console # svcs -p -p option is to view the processes associated with a service instance. eg: svcs -p svc:/network/inetd:default. Output: bash-3.00# svcs -p network/inetd:default STATE STIME FMRI online 14:42:56 svc:/network/inetd:default 14:42:56 288 inetd # svcs -x If a service fails for some reason and can not be restarted, you can list the service using the â€“x option. Output: bash-3.00# svcs -x telnet svc:/network/telnet:default (Telnet server) State: online since Mon Aug 24 14:42:57 2009 See: in.telnetd(1M) See: telnetd(1M) Impact: None.



Service Administration: [using svcadm] # svcadm - manipulate service instances # svcadm enable <FMRI> Starts the service Eg: # svcadm enable telnet # svcadm disable <FMRI> Disables the service eg: # svcadm diable telnet # svcadm enable -t <FMRI> Starts the service temp, for this session. When restarted the service will no longer available Eg: # svcadm enable -t telnet Output: bash-3.00# svcadm disable -t telnet bash-3.00# svcs -l telnet fmri svc:/network/telnet:default name Telnet server enabled false (temporary) state disabled next_state none state_time Mon Aug 24 16:44:23 2009 restarter svc:/network/inetd:default # svcadm enable -s <FMRI> Will start all the instance that is associated with specified FMRI # eg: # svcadm enable -s telnet # svcadm restart <FMRI> To re-read the changes performed to the configuration file. # svcadm -v refresh <FMRI> To re-read the changes performed to the configuration file. NOTE: milestone/single-user => run level S of previous versions of Solaris milestone/multi-user => run level 2 of previous version of Solaris milestone/multi-user-server => run level 3 of previous versions of Solaris. Note: 1. The svc.stard daemon can obtain information about the services from the repositry. This was previously the responsibilty of init process. 2. svc.stard daemon takes on the role of starting the appropritae process for the achieved run level.



3. A corrupt repositry prevents the system from booting. 4. Configuration information about the services and system is stored to /etc/svc/repository.db To restore when the SMF repository is corrupted: # cd /lib/svc/bin # ./restore_repositry To work with svccfg configuration of smf: Output truncated: bash-3.00# svccfg svc:> select network svc:/milestone/network> select telnet svc:/network/telnet> listprop general framework general/entity_stability astring Unstable general/restarter fmri svc:/network/inetd:default inetd framework inetd/endpoint_type astring stream inetd/isrpc boolean false inetd/name astring telnet inetd/proto astring tcp6 inetd/stability astring Evolving inetd/wait boolean false

Service Administration: [using inetadm] # inetadm - observe or configure inetd-controlled services 1.INETD is a super-server which proxies connection to servers. 2.INETD services are traditionally defined in /etc/inetd.conf 3.inetadm permits control of key/value or ns of services ame/value pair /etc/svc - directory have the informations about the smf services and its repository database. /etc/svc/repository.db will have the data base about the services. It is used to check the integrity of the services. # inetconv - convert inetd.conf entries into smf service manifests, import them into SMF repository



# inetadm - Displays what are the services that are controlled by â€œinetdâ€ # inetadm -l <FMRI> Displays detailed information about the FMRI specified. Eg: # inetadm â€“l telnet # inetadm -d <FMRI> To disable the specified service Eg: # inetadm -d telnet # inetadm -e <FMRI> To enable the specified service Eg: # inetadm â€“e telnet # inetadm -p Displays the global setttings # inetadm -l telnet Output: bash-3.00# inetadm -l telnet SCOPE NAME=VALUE name="telnet" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.telnetd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=TRUE Note: The scope values cannot be changed. To change the default value: # inetadm -M tcp_trace=TRUE Output: bash-3.00# inetadm -M tcp_trace=TRUE bash-3.00# inetadm -l telnet SCOPE NAME=VALUE name="telnet" endpoint_type="stream"



proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.telnetd" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=TRUE default tcp_wrappers=TRUE # netservices open 1. Will open or enable all the network related services 2. Needs the system to be restarted. Output: bash-3.00# netservices open restarting syslogd restarting sendmail restarting wbem bash-3.00# cd /var/svc/profile/ bash-3.00# ls -l generic.xml lrwxrwxrwx 1 root root 18 Aug 24 16:59 generic.xml -> ./generic_open.xml To check: # svcs -a | grep ftp Output: bash-3.00# svcs -a | grep ftp online 16:47:14 svc:/network/ftp:default # netservices limited 1. Will disable all ther services except ssh. 2. Need the system to be restarted Output: bash-3.00# netservices limited restarting syslogd restarting sendmail restarting wbem dtlogin needs to be restarted. Restart now? [Y] n dtlogin not restarted. Restart it to put it in local-mode. bash-3.00# cd /var/svc/profile/ bash-3.00# ls -l generic.xml lrwxrwxrwx 1 root root 25 Aug 24 17:02 generic.xml -> ./generic_limited_net.xml



To check: # svcs -a | grep ftp disabled 17:02:01 svc:/network/ftp:default But, # svcs -a | grep ssh online 14:42:58 svc:/network/ssh:default



File permissions r= read w=write x=execute u = owner of the file g = group o = others a = all + = to add the permissionship - = to remove the permissionship = = to assign the permissionship # chmod To change the file and directory permissionship # chown To change the ownership of the files and directories # chgrp To change the group of the files and directories # chmod 777 dir1 ABC A = defines the permissionship for the user/owner B = defines the permissionship for the group C = defines the permissionship for others or # chmod a+rwx dir1 This command will assign or add the following permissionship rwx = owner of the directory rwx = group permission to which the dir/file belong to rwx = other permission # chmod 644 file1 # chmod u+rw,g+r,o+r fil2 This command assign the permission as follows: rw- = owner of the file/dir r-- = group permission to which the dir/file belong to r-- = other permission Note: 1. # chown and # chgrp commands can be used only by the root user. # chown shivan dir1 Here ownership of the dir/file named "dir1" is changed to shivan. Here the ownership changed only to the parent directory. # chown -R shivan dir



The owneship will be changed to the parent directory and for the sub-directories and files inside the dir "dir1" -R = recurrsive # chgrp admin dir1 Here the group has been changed to "admin" for the directory "dir1" The group is changed only to the parent directory # chgrp -R admin dir1 will change the group to the parent directory and all its sub-directories and files. # chown hari:admin dir2 will change the ownership and group for the directory "dir2". Only the parent directory "dir2" ownership and group is changed. # chown -R hari:admin dir2 will change the ownership and group for the parent directory "dir2" and its sub-directories and files. Advanced file permissionship: 1. SETUID - set user id - 4 2. SETGID - set group id - 2 3. STICKY BIT - 1 To give SUID,SGID, Sticky bit - 7 Setuid: 1. When the SUID is assigned to a file, all the users who are accessing the file become the owner of the file at that moment. 2. SUID will be effective for a script file. A good example for the SUID is # passwd command OUTPUT: # ls -l /usr/bin | grep passwd -r-sr-sr-x 1 root sys 22620 Jan 23 2005 passwd # chmod 4644 one To assign the SUID to the file "onw" with the default permission SUID will have the impact on in the user's/owner's EXECUTIION area. s => indicates EXECUTION permission is ENABLED S => indicates EXECUTION pemission is DISABLED NOTE: This is applicable for SGID too. OUTPUT: # chmod 4644 one -rwSr--r-- 1 root root 0 Jul 23 14:44 one



OUTPUT: # chmod 4744 one -rwsr--r-- 1 root root 0 Jul 23 14:44 one SGID: 1. SGID will be effective for a directory 2. If SGID permission is assigned to a directory, then the files and sub-dir created under the parent dir (dir impletemented with SGID) will be inheriting the group of the parent directory. Assign the SGID for the dir two OUTPUT: # chmod 2644 two drwxr-sr-x 2 root root 512 Jul 23 14:48 two Sticky bit: 1. It'll be effective for a directory. 2. If a directory is with impletemented with sticky bit, every user in that system has the right to create a file/directory inside that dir (provided with permission), but only the owner of the file can delete the file. Note: This can be override by root user. OUTPUT: # chmod 1777 three drwxrwxrwt 2 root root 512 Jul 23 14:52 three NOTE: Used to identify what are the files/dir that are having SGID permission. Output truncated: # find /-user root -perm -2000 /usr/bin/mail /usr/bin/mailx /usr/bin/passwd /usr/bin/write /usr/lib/sendmail /usr/openwin/bin/Xprt /usr/openwin/bin/lbxproxy /usr/platform/i86pc/sbin/eeprom /usr/sbin/amd64/prtconf



Used to identify what are the files/dir that are having SUID permission. Output truncated: # find /-user root -perm -4000 /usr/bin/amd64/newtask /usr/bin/amd64/uptime /usr/bin/amd64/w /usr/bin/i86/newtask /usr/bin/i86/uptime /usr/bin/i86/w /usr/bin/at /usr/bin/atq Used to identify what are the files/dir that are having Sticky bit permission # find /-user root -perm -1000



USER & GROUP ADMINISTRATION

The important files includes: /etc/passwd - holds the information about the user account or user properties /etc/shadow - holds the information about the user's password and password aging information /etc/group - holds the information about the group and it's properties /etc/skel - a directory from where the default user properties will be inherited. /etc/passwd thiyagu:x:517:1: :/export/home/thiyagu:/bin/sh A B C D E F G A - specifies the user's login name B - refer to the file /etc/shadow C - user's unique user id D - user's primary group id E - comment about the user F - user's home directory G - parent shell of the user defined by the root Commands: # useradd - to create the user account # userdel - to delete the user account # usermod - to modify the user account # groupadd - to create the group account # groupdel - to delete the group account # groupmod - to modify the group account When the # useradd command is executed, the following 2 files will be updated. 1. /etc/passwd 2. /etc/shadow To create a simple user account: # useradd -d /export/home/che -m che This command will create the user named che with the home directory /export/home Output from the file /etc/passwd: che:x:522:1::/export/home/che:/bin/sh Output from the file /etc/shadow: che:*LK*::::::: Note: Whenever the user is created, that user account will be "locked" intially untill password to the user is defined.



To assign the password to the user: # passwd <user_name> # passwd che Output from the file /etc/shadow: che:o39wAwzjt0BjE:14449:::::: # useradd -m -d <home_dir_path> -u <uid> -g <gid> -c <comment> -s <shell> -G <GID> login_name where -m = to create the home directory and provide the ownership of the dir to the newly created user account -d = to specify the home directory path -u = to specify the unique user id of the user -g = to specify the primary group id or group name to which the user belongs too -c = to specify the comment about the user -s = to specify the parent shell -G = to specify the secondary group id or group name to which the user belongs too login_name = user's login name Note: An user should be a member of 1 primary group and can be member of 15 secondary groups. eg: # useradd -u 5001 -d /export/home/us -s /bin/bash -m -g sun -c "basketball" -G 507,509,510 jordan here, the user account is created with the following properties login name = jordan user uid = 5001 home directory path = /export/home/us parenth shell = bash primary group = sun secondary group(s) = 507,509,510 (tech,linux,windows ref: /etc/group) comment = basketball To duplicate the user id to another user: # useradd -d /export/home/karl_marx -g sales -G windows,linux,sun -c "proxy" -m -s /bin/bash -u 0 -o karl here -o - is used to duplicate the user id to another user Note:

1. DO NOT duplicate the user id of root (0) to any other user, if it happens, then, security breech will happen.

2. We can also assign root priviledges to user through Authorization. Ref: RBAC-Topic



# useradd -m -d /export/home/kobe -g windows -G sun,sales,linux -c "test" -s /bin/bash -k /etc/skel_basketball kobe -k - to specify the customized path of the skel dir Note: .profile file under /etc/skel have a impact when the user login to the system. Hence some scripts can also be added to that. # useradd -D will provide the information about the default property and options of the users to be created. OUTPUT: # useradd -D group=other,1 project=default,3 basedir=/home skel=/etc/skel shell=/bin/sh inactive=0 expire= auths= profiles= roles= limitpriv= defaultpriv= lock_after_retries= # passwd -d <user_name> # passwd -d shiva will remove the password and assign "blank" password to the user OUTPUT: # grep shiva /etc/shadow shiva::14452:::::: # passwd -w <warning_days> -n <minmum_days> -x <maximum> <login_name> # passwd -w 40 -n 30 -x 60 shiva OUTPUT: shiva::14452:30:60:40::: # useradd -m -d /export/home/sithan -e 12312009 sithan here -e = to specify the expire date to the user account. Date will be specified with the mmddyyyy format OUTPUT: sithan:pmk2TEdOcjhXo:14452:40:50:30: :14609: A B C D E F G H where A = login name of the user account B = encypted password for the user C = no of days logged in. (Calculated from 1 jan 1970) D = password minimun age (not to change password until 40 days) E = password maximum age ( have to change the password after 50 days) F = a warning will be displayed to the user after 30 days to change password G = number of inactive days H = expire days



/etc/security/policy.conf this file is responsible for genereating the encrypted password to any user. This file will have number of cryptographic algorithm to be followed while generating a password to any user. eg: 1, 2a, md5 Output truncated: # crypt(3c) Algorithms Configuration # # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to # be used for new passwords. This is enforced only in crypt_gensalt(3c). # CRYPT_ALGORITHMS_ALLOW=1,2a,md5 /etc/defult/passwd will provide number of informations related to the password security policy 1. defines the length of the password 2. default minumum password age 3. default maximum password age 4. maintaining the history of the password 5. name check (login name cannnot be used as the password) 6. dict word ( dictionary word cannot be used a password) 7. alphpa numeric,special characters to password Note: 1. Normally the password security policy is not enforced(commented). It can be enabled. 2. If the useraccounts are created through CLI, password security policy can be override. Output truncated: Contents to the file /etc/default/passwd MAXWEEKS= MINWEEKS= PASSLENGTH=6 #NAMECHECK=NO #HISTORY=0 #MINDIFF=3 #MINALPHA=2 #MINNONALPHA=1 #MINUPPER=0 #MINLOWER=0 #MAXREPEATS=0 #MINSPECIAL=0 #MINDIGIT=0 #WHITESPACE=YES #DICTIONLIST= #DICTIONDBDIR=/var/passwd



# passwd -l <login_name> # passwd -l tom will lock the user account Note: Eventhough the user has the password the account is locked. OUTPUT: tom:*LK*QK7lo.vinkpQs:14452:::::: # passwd -u <login_name> # passwd -u tom To unlock the user account OUTPUT: tom:QK7lo.vinkpQs:14452:::::: To delete the user account: # userdel <login_name> # userdel tom This command will only delete the user account and the dir,files created by the user and his/her home dir is NOT deleted. # userdel -r <login_name> # userdel -r tom Will delete the user account along with the user's home dir.

ASSINGNING THE PASSWORD TO A GROUP Step:1 # groupadd solaris this command creates a group named `solaris` Step 2.A : # useradd -m -d /export/home/shiva -g solaris -s /bin/bash shiva # passwd shiva these above commands creates the user account shiva belongs to the group solaris & assign the password to them. Step 2.B: # useradd -m -d /export/home/lingesh -s /bin/bash lingesh # passwd lingesh these commands creates & assings the password to the user account lingesh Step 3: As a root user or as any user create a file. Here let’s create a file with the root user account # mkdir /new # cd /new # cat > one # ls -l this will display the default permission ship and the group the owner (here root) belongs to. # chmod 664 one This command will change the permission ship to file 'one'



# chgrp Solaris one this command will change the group to 'Solaris' for the file 'one' Step 4: To assign the password to a group a. Copy the second field (encrypted password) of any user account from the file /etc/shadow b. Paste the same to the second field of the file /etc/group Step 5: To check a. Login as the user (shiva - who belongs to solaris group) and make the changes to the file. It'll change. b. Login as the other user (lingesh - who DOESNT belong to solarsi group) and try to make the changes to the file. We'll be prompted with "permission denied" To avoid this login to the solaris group c. # newgrp solaris this command will prompt for the password of the group Solaris and allows to take the group permission ship. NOTE: When the user is login to the group the shell changes. How to duplicate the user id to another newly creating user ? Step 1: For eg: # useradd -m -d /export/home/redhat -s /bin/bash -g admin -u 3000 redhat # passwd redhat this command will create the user account with the following login name: redhat home dir/base dir : /export/home/redhat user id : 3000 primary group : admin shell: bash # useradd -m -d /export/home/suse -s /bin/ksh -g solaris -u 3000 -o suse # passwd suse this command will create the user account with the following login name: suse home dir/base dir : /export/home/suse user id : 3000 NOTE: Duplicated using the option -o primary group: solaris shell: korn NOTE: DONOT duplicate the root id to any user, if happens it leads to security breech. MISC : 1. # /usr/ucb/vipw -> opens the /etc/passwd file in the text layout. works only in the init level 3 User friendly to edit the file 2. # pwck => checks the entry of the file /etc/passwd and if any errors it'll be displayed



3. # grpck => checks the entry of the file /etc/group and if any errors it'll be displayed 4. # echo $? => provides the info status on the command executed if its 0 -> command is executed successfuly if other than 0 -> its shows error occurance To add multiple user's to multiple group: /etc/group file has to be edited /etc/group Example entry to the file unix:Hsba96iR2vYXI:116:root,bhutia A B C D where A - group name B - encypted password to the group Note: Password to the group can be copied from /etc/shadow file. No command is used to assign the password to the group. C - group id D - group members. Note: Only secondary group member names can be seen in the file To modify the user login name: # usermod -l <new-name> <old-name> # usermod -l rose jack will change the login name jack to rose. Note: The file ownership will be changed accordingly but the home directory will be owned by the old owner. Which will restrict to create any files in the home dir, hence the permissionship & ownership has to be changed. /usr/sadm/defadduser this file have the entries of the default parameters of the useradd command # useradd -D reads the entry fromt this file This file entries can be customized.



OUTPUT: # cat /usr/sadm/defadduser # Default values for useradd. Changed Tue Jul 28 04:28:53 2009 defgroup=1 defgname=other defparent=/home defskel=/etc/skel defshell=/bin/sh definact=0 defexpire= defauthorization= defrole= defprofile= defproj=3 defprojname=default deflimitpriv= defdefaultpriv= deflock_after_retries= # id <login_name> # id bryant will provide the information about the user's id and their primary group along with id. OUTPUT: $ id bryant uid=1028(bryant) gid=110(sun) # id -a <login_name> # id -a bryant will provide the information about the user's id, primary group id and name, secondary group id and names OUTPUT: $ id -a bryant uid=1028(bryant) gid=110(sun) groups=110(sun) # finger -m <login_name> # finger <login_name> # finger bryant # finger -m bryant will provide the informations about the user's home dir, parent shell, when they logged in. OUTPUT: $ finger bryant Login name: bryant In real life: test Directory: /export/home/kobe Shell: /bin/bash Never logged in. No unread mail No Plan.



To add a group: # groupadd <group_name> # groupadd sun # groupadd -g 1000 linux to create a group with the specified id 1000 # groupadd -g 1000 -o redhat To create a group with duplicate id 1000. # groups # groups <user_name> will provide the information about to which group the user belong to. OUTPUT: # groups scbose other According to this ouptput, the user scbose belongs only to the group other. # listusers will display the information about the user's available in the system. Output truncated: # listusers castro che hari karl lenin noaccess No Access User nobody NFS Anonymous Access User nobody4 SunOS 4.x NFS Anonymous Access User rosan rose scbose # listusers -g <group_name> Will display the user's belong the specified group # listusers -g other OUTPUT: # listusers -g sun new old test # pwconv installs and updates /etc/shadow with information from /etc/passwd



Performance monitoring # w will list out the following informations 1. who is logged in to the system 2. where they have logged in 3. when they have logged in 4. what they are doing 5. how much time they were idle 6. cpu utilization for each user's process OUTPUT: # w 4:37pm up 2:41, 3 users, load average: 0.04, 0.05, 0.04 User tty login@ idle JCPU PCPU what root console 1:57pm 2:40 /usr/bin/gnome-session root pts/3 3:05pm 3 3 w che pts/4 4:37pm -bash # users will list out who are the user's logged to the system OUTPUT: # users root root che # who will listout 1. who is logged into the system 2. where they have logged in 3. when they logged in 4. from where they have logged in (in the case of remote) OUTPUT: # who root console Jul 29 13:57 (:0) root pts/3 Jul 29 15:05 (:0.0) che pts/4 Jul 29 16:37 (192.168.0.157) # whodo will listout out the information about 1. who are logged and what are they doing 2. what process they are doing 3. the process id of the process OUTPUT: # whodo Wed Jul 29 16:41:11 IST 2009 sunfire103 console root 13:57



? 628 0:00 Xsession pts/2 700 0:00 sdt_shell pts/2 710 0:00 bash pts/2 737 0:00 Xsession2.jds pts/2 740 0:00 gnome-session pts/2 792 0:00 xscreensaver pts/2 787 0:06 gconfd-2 pts/2 790 0:00 gnome-keyring-d ? 706 0:00 dsdm pts/3 root 15:05 ? 1878 0:03 gnome-terminal ? 1879 0:00 gnome-pty-helpe pts/3 1881 0:00 bash pts/3 2205 0:00 whodo pts/4 che 16:37 pts/4 2191 0:00 bash # logins -p will display who are the user's who don't have password. OUTPUT: # logins -p che 2004 other 1 new 2013 other 1 old 2014 other 1 # rusers will list out who are the remote users logged to the syste # rusers -l <ip_name_of_the_system> #rusers -l 192.168.0.252 # vmstat will display the virtual memory status # pagesize will display the page size of the system OUTPUT: # pagesize 4096 Note: In case of x86 systems page size = 4096 In case of sparc systems page size = 8192 # last will display the informations of the system reboot and boot time It'll read the entry from the file /var/wtmp will also provide the information about who is currently logged in to the system



Output truncated: # last che pts/4 192.168.0.157 Wed Jul 29 16:37 still logged in che pts/4 192.168.0.157 Wed Jul 29 16:34 - 16:35 (00:00) root pts/4 :0.0 Wed Jul 29 15:31 - 15:36 (00:05) root pts/3 :0.0 Wed Jul 29 15:05 still logged in root pts/4 :0.0 Wed Jul 29 15:03 - 15:04 (00:00) root pts/3 :0.0 Wed Jul 29 15:01 - 15:05 (00:04) root pts/3 :0.0 Wed Jul 29 14:59 - 15:00 (00:01) root pts/3 :0.0 Wed Jul 29 14:52 - 14:55 (00:03) root pts/3 :0.0 Wed Jul 29 13:59 - 14:46 (00:46) root console :0 Wed Jul 29 13:57 still logged in reboot system boot Wed Jul 29 13:56 reboot system down Wed Jul 29 13:54 root pts/4 :0.0 Wed Jul 29 12:34 - 13:54 (01:19) che pts/6 solaris Wed Jul 29 12:21 - 13:54 (01:33) root pts/5 :0.0 Wed Jul 29 12:03 - 12:23 (00:19) # last -n 5 reboot will display last 5 times reboot OUTPUT: # last -n 5 reboot reboot system boot Wed Jul 29 13:56 reboot system down Wed Jul 29 13:54 reboot system boot Wed Jul 29 10:02 reboot system down Tue Jul 28 20:02 reboot system boot Tue Jul 28 18:10 # uptime will display 1. the status of how many hours the system is in running state 2. how many users are logged to the system 3. cpu load average OUTPUT: # uptime 4:53pm up 2:56, 3 users, load average: 0.07, 0.08, 0.06 # /usr/ucb/whoami will dispaly the effective user, who is currently working # who am i will display the real user, who directly login to the system OUTPUT: # /usr/ucb/whoami root bash-3.00# su - che Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -bash-3.00$ /usr/ucb/whoami



che -bash-3.00$ who am i root pts/3 Jul 30 11:35 (:0.0) -bash-3.00$ Here, che is the user logged in thorugh "su". He is the effective user where as root is the real user, who direclty logged to the system. # su <user_name> # su che will permit the user's to switch as another user, but cannot take the ownership of the switch user's home directory. Note: 1. When root user is trying to switch as any user's system will not prompt for any password. 2. If any non-root user is trying to switch as any other user then the system will prompt for the password Output: # su che bash-3.00$ pwd / bash-3.00$ touch one two three touch: two cannot create touch: three cannot create # su - <user_name> # su - che will switch user along with the home directory Output: # su - che Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -bash-3.00$ pwd /export/home/che The switch user's log (SULOG) will be stored to the file /var/adm/sulog Output truncated: # cat /var/adm/sulog | more SU 07/13 23:59 + pts/1 root-client1 SU 07/14 00:26 + pts/1 root-client1 SU 07/14 00:37 + pts/1 root-client1 SU 07/14 00:42 + pts/1 root-root SU 07/14 00:42 + pts/1 root-client1 SU 07/14 01:06 + pts/4 root-client1 SU 07/14 01:06 + pts/4 root-client1 SU 07/30 11:48 - pts/3 root-castro SU 07/30 11:48 - pts/3 root-castro



Here this file will provide the following information: SU = Switch User Date & Time = when they logged in + = implies the sucessful event login - = implies the failure even login pts = terminal where they tried to login user who executed the command. as which user to login This file will be updated automatically,whenever the "su" command is executed /var/adm/loginlog: 1. This file will not be available by default 2. Has to be created mannualy 3. Has to be owned by "sys' group 4. This file logs/records the 5 consecutive failure logins of any user 5. Permission of the file is 600 # touch /var/adm/loginlog # chmod 600 /var/adm/loginlog # chgrp sys /var/adm/loginlog Output truncated: # cat /var/adm/loginlog scbose:/dev/pts/11:Wed Jul 29 00:08:56 2009 scbose:/dev/pts/11:Wed Jul 29 00:09:05 2009 scbose:/dev/pts/11:Wed Jul 29 00:09:14 2009 scbose:/dev/pts/11:Wed Jul 29 00:09:23 2009 mpandey:/dev/pts/11:Wed Jul 29 00:10:12 2009 mpandey:/dev/pts/11:Wed Jul 29 00:10:29 2009 mpandey:/dev/pts/11:Wed Jul 29 00:10:40 2009 mpandey:/dev/pts/11:Wed Jul 29 00:10:51 2009 mpandey:/dev/pts/11:Wed Jul 29 00:10:59 2009 hari:/dev/pts/4:Wed Jul 29 10:55:36 2009 hari:/dev/pts/4:Wed Jul 29 10:55:49 2009 hari:/dev/pts/4:Wed Jul 29 10:56:01 2009 # /usr/dt/bin/sdtprocess & 1. will invoke a pop-up menu 2. & - to indiacate the shell can be used to do another task Will provide number of information: 1. process id of every process 2. Owner of the process 3. Cpu utilization to the process 4. Memory utilization to the process 5. What process is running by every user 6. When the process was stated It will also provide filter options to choose for a particular user. Note: This command can be used only in the graphical environment.



# prstat will provide/update the following informations 1. process id of every process 2. Owner of the process 3. Cpu utilization to the process 4. Memory utilization to the process 5. What process is running by every user 6. When the process was stated It will also provide filter options to choose for a particular user. Output trucnated: # prstat PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 509 root 38M 40M sleep 42 0 0:02:09 4.4% Xorg/1 790 root 53M 16M sleep 49 0 0:00:01 0.1% gnome-terminal/2 780 root 47M 9880K sleep 59 0 0:00:04 0.1% mixer_applet2/1 796 root 64M 27M sleep 59 0 0:00:07 0.1% gedit/1 712 root 12M 9904K sleep 59 0 0:00:02 0.0% gconfd-2/1 776 root 48M 11M sleep 59 0 0:00:01 0.0% clock-applet/1 761 root 54M 17M sleep 59 0 0:00:01 0.0% gnome-panel/1 # prstat -U <user_name> # prstat -U che will display only the process running by the user che OUTPUT: # prstat -U che PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 986 che 2456K 1636K sleep 49 0 0:00:00 0.0% bash/1 # prstat -t will display the summary of the process OUTPUT: # prstat -t NPROC USERNAME SIZE RSS MEMORY TIME CPU 65 root 945M 348M 17% 0:02:53 8.0% 1 noaccess 175M 92M 4.5% 0:00:12 0.0% 1 che 2456K 1636K 0.1% 0:00:00 0.0% 1 lp 2644K 1076K 0.0% 0:00:00 0.0% 1 smmsp 6644K 1432K 0.1% 0:00:00 0.0% 2 daemon 6216K 3080K 0.1% 0:00:00 0.0% Note: The process id of sched = 0 The process id of init = 1 The process id of svc.startd (SMF) = 7 9 = starts the svc.configd deamon related to SMF - start the services configuration deamon



# netstat is used to monitor the network status 1. List connections of all protocol & address to and from the machine. Address families include: a. INET - ipv4 b. INET6 - ipv6 c. UNIX - Unix domain Sockets (Solaris/BSD/Linux/HP-UX/IBM-AIX/etc) Protocols include: TCP, IP, ICMP (which controls ping, echo), IGMP, RAWIP, UDP (DHCP, TFTP) 2. Lists routing table 3. Lists DHCP status for various interfaces 4. Lists net-to-media table. Network to MAC table # netstat usage: OUTPUT: # netstat TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED Where 1 => hostname of the sender 2 => port/protocol 3 => hostname of the receiver / remote 4 => port/protocol of remote Note: 1. # cat /etc/services Displays the well known port number and their corresponding services 2. Hostname is displayed while using the # netstat command can be possible only of the /etc/hosts file is having the entry of the ip-address and corresponding hostname [resolve]. This file will be indirectly checked. When issuing the # netstat command it will read the file /etc/nsswith.conf and this file redirect to read the file /etc/hosts [provided the entry is made]. 4.Sockets are found only for TCP connections [connection oriented]. 5.Sockets are NOT found for UDP connections since they are connection less. 6.No need to remember all the ports, just ‘grep’ from /etc/services. Eg: # grep syslog /etc/services # netstat –a a.Shows the state of all packets b.All routing table entries / all interfaces, both physical & logical c.Returns ALL protocols for ALL address families [TCP/UDP/UNIX].



OUTPUT: #netstat -a UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ------- *.route Idle *.sunrpc Idle *.* Unbound *.32771 Idle [Output truncated] # netstat –n a.Shows network addresses as numbers. Normally # netstat displays addresses as symbols. b.It disables name resolution of hosts and ports and hence displays the ip-address. TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- 192.168.0.100.23 192.168.0.19.32961 49640 0 49640 0 ESTABLISHED 192.168.0.100.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED 127.0.0.1.32923 127.0.0.1.32879 49152 0 49152 0 ESTABLISHED [Output truncated] # netstat –i a.Returns the state of the physical interfaces. Pay attention to errors/collisions/queue whilst troubleshooting. b.When combined with ‘-a’ options displays report on logical interfaces. Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue lo0 8232 loopback localhost 131536 0 131536 0 0 0 hme0 1500 accel1 accel1 186731 0 189733 0 0 0 NOTE: mtu - Maximum Transmission Unit In general the loopback address mtu will be high. # netstat –m a.Show the STREAMS memory [How much TCP packets is working on the system] streams allocation: cumulative allocation current maximum total failures streams 300 336 2463 0 queues 742 756 5539 0 mblk 488 1778 192771 0 dblk 489 2009 1062735 0 linkblk 7 169 8 0 syncq 17 50 77 0 qband 2 127 2 0 917 Kbytes allocated for streams data



# netstat –p Returns net-to-media information [MAC/layer-2 information] i.e., to arp table. Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 192.168.0.5 255.255.255.255 00:16:41:ef:d5:ff hme0 accel1 255.255.255.255 SP 08:00:20:c4:a2:fb hme0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 # netstat –P <protocol> Returns active sockets for specified protocol Eg: # netstat –P tcp Note: 1.Protocols should be specified with small letters 2.The following protocols are only allowed ip|ipv6|icmp|icmpv6|tcp|udp|rawip|raw|igmp TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED accel1.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED localhost.32923 localhost.32879 49152 0 49152 0 ESTABLISHED [Output truncated] # netstat –r a.Returns routing table b.Normally, only interface, host, network & default routes are displayed c.Combined with ‘-a’ option, all routes will be displayed, including cache. Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 accel1 U 1 19 hme0 224.0.0.0 accel1 U 1 0 hme0 localhost localhost UH 47 133672 lo0 # netstat –D Returns DNCP configuration [includes releases/renewal etc] # netstat –an –f [inet|inet|6|unix] -f => allows to specify the family address Eg: # netstat –an –f inet Displays only ipv4 information



UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ------- *.520 Idle *.111 Idle *.* Unbound *.32771 Idle *.* Unbound [Output truncated] # ps -ef will list out what are the process running Output truncated: # ps -ef UID PID PPID C STIME TTY TIME CMD root 0 0 0 11:31:55 ? 0:51 sched root 1 0 0 11:32:02 ? 0:00 /sbin/init root 2 0 0 11:32:02 ? 0:00 pageout root 3 0 0 11:32:02 ? 0:03 fsflush daemon 191 1 0 11:32:10 ? 0:00 /usr/sbin/rpcbind root 7 1 0 11:32:04 ? 0:01 /lib/svc/bin/svc.startd root 9 1 0 11:32:04 ? 0:02 /lib/svc/bin/svc.configd root 126 1 0 11:32:08 ? 0:00 /usr/lib/picl/picld To kill the process: # kill <process_id> # pkill <process_id> # kill 3753 # pkill 3753 will kill the process specified



Performing system security

FTP IMPLEMENTATION: Wu – ftpd => Washington University ftpd daemon 1. FTPD binds to TCP port 21 and is running by default. 2. SMF controls FTP service configuration. 3. # svcs –a l ftp Displays the status of the ftp service. 4. # pkginfo –l | grep ftp* Displays the detailed information about ftp service. 5. # pkginfo –x | grep ftp* Displays package information a. ftpcount, ftpwho [displays the connected users & process information] b. ftpconfig – utility is used to setup anonymous/guest ftp c. SUNWftpr – includes 1. /etc/ftpd ftpaccess – primary configuration file for wu-ftpd ftphost – allow/deny access to users from hosts ftpservers – allows root to define virtual hosts ftpusers – users listed are NOT permitted(denied)to access the server via ftp ftpconversions – facilitates tar, compress, gzip support Note: By default root user is denied to use ftp. wu –ftp daemon supports 2 types of ftp connections 1. PORT – Active ftp a. Client -> TCP:21 [Server-Control-Connection] b. Client executes ‘ls’ -> results in server initiating a connection back to the client usually on TCP:20 [ftp-data] 2. PASU – Passive ftp a. Client -> TCP:21 [Server-Control-Connection] b. Client executes ‘ls’ -> results in server opening a high port and instructing the client to source (initiate) a connection to a server. c. Client sources data connection to high port on server. # ftpcount Shows current number of users in each ftp server class -v Displays the user counts for ftp server classes defined in virtual host [ftpaccess] -V Display program copyright and version information then terminate OUTPUT: # ftpcount Service class realusers - 1 users (no maximum) Service class guestusers - 0 users (no maximum) Service class anonusers - 0 users (no maximum)



# ftpwho Shows current process information for each ftp server user 1. It’ll display which user is logged in along with the process id 2. Status of the user will be displayed 3. Will also display the password given by the anonymous user OUTPUT: # ftpwho Service class realusers: bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd: 192.168.0.157: bhagat: IDLE - 1 users (no maximum) Service class guestusers: - 0 users (no maximum) Service class anonusers: - 0 users (no maximum) Here, a real user named - bhagat is logged through ftp Note: Login time via ftp is defined in the file /etc/ftpd/ftpaccess Time out in seconds. Anonymous ftp configuration: # ftpconfig Setup anonymous ftp Note: 1. If the /var/ftp dir does’nt exist, this above command will create and update the dir for anonymouns ftp. 2. This can also be achieved by using GUI web browser to check the anonymous login using ftp. # mkdir /var/ftp # ftpconfig -d /var/ftp # ftpconfig /var/ftp # cd /var/ftp # ls –l or # ftpconfig /var/pub At location bar of the web browser: ftp://192.168.0.100 1. Will by default show the anonymous user



Ftpd – class support: Facilitates the grouping of users for the purpose of assigning directives 3- default classes: 1. Real users: a. Can login using shell [ssh/telnet] b. Can browse the entire directory 2. Guest users: a. Are temporary users 3. Anonymous user: a. General public for download capability All the 3 default classes is defined to the file /etc/ftpd/ftpaccess Restart the ftp service # svcadm restart ftp Note: Guest users are similar to real users, except guest users are jailed/chrooted. Denying Anonymous User account: FTP SERVER FIRE2 192.168.0.100 # mkdir /ftp_anonymous bash-3.00# ftpconfig -d /ftp_anonymous/ Updating directory /ftp_anonymous/ bash-3.00# ls /ftp_anonymous/ bin dev etc lib pub usr bash-3.00# ftpconfig /ftp_anonymous/ Updating directory /ftp_anonymous/ bash-3.00# svcs -a |grep ftp disabled 14:40:42 svc:/network/ftp:default bash-3.00# svcadm enable ftp bash-3.00# svcs -a |grep ftp online 15:24:31 svc:/network/ftp:default bash-3.00# ftpwho Service class realusers: - 0 users (no maximum) Service class guestusers: - 0 users (no maximum) Service class anonusers: ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1: anonymous/anonymous"gmail.com: IDLE 1 users (no maximum) given denied access in ftpusers in Server machine # vi /etc/ftpd/ftpusers



"/etc/ftpd/ftpusers" 18 lines, 193 characters # ident "@(#)ftpusers 1.5 04/02/20 SMI" # # List of users denied access to the FTP server, see ftpusers(4). # daemon bin sys adm lp uucp nuucp smmsp listen gdm webservd nobody noaccess nobody4 anonymous # ftpwho Service class realusers: - 0 users (no maximum) Service class guestusers: - 0 users (no maximum) Service class anonusers: - 0 users (no maximum) FTP CLIENT # ftp 192.168.0.100 Connected to 192.168.0.100. 220 fire2 FTP server ready. Name (192.168.0.100:root): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230-The response 'anonymous"gmail.com' is not valid 230-Next time please use your e-mail address as your password 230- for example: [email protected] 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" is current directory. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. bin dev etc lib pub usr 226 Transfer complete. 30 bytes received in 5.8e-05 seconds (508.94 Kbytes/s) ftp> cd pub



250 CWD command successful. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. new 226 Transfer complete. 5 bytes received in 2.9e-05 seconds (170.78 Kbytes/s) ftp> cat new ?Invalid command ftp> bye 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this session was 927 bytes in 2 transfers. 221-Thank you for using the FTP service on fire2. 221 Goodbye. Anonymous user disabled in ftpusers: # ftp 192.168.0100 bash-3.00# ftp 192.168.0.100 Connected to 192.168.0.100. 220 fire2 FTP server ready. Name (192.168.0.100:root): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530 Login incorrect. Login failed.



PROCESS SHCEDULING

# at => executes the command only once every user has the right to execute the at command syn: # at <time> eg: # at 1030 at OUTPUT: # at 13:10 at> mkdir -p /mnt/pen/root/test at> <EOT> commands will be executed using /usr/bin/bash job 1249026000.a at Fri Jul 31 13:10:00 2009 Options with at command: # at now # at now +2hour # at now +30min # at now next week # at 12pm sunday # at 12pm aug 31 # atrm <jobid>.a # atrm 1249026000.a # at -r 1249026000.a to remove the scheduled tasks. # atq will provide the info abt the scheduled task along with their id. OUTPUT: # atq Rank Execution Date Owner Job Queue Job Name 1st Jul 31, 2009 13:10 root 1249026000.a a stdin # at -l will provide the info abt the job id and the user who scheduled the process OUTPUT: # at -l user = root 1249026000.a Fri Jul 31 13:10:00 2009 /var/spool/cron/atjobs Is the directory which holds the information about the scheduled tasks and it's id # ls /var/spool/cron/atjobs will listout the jobs in schedule.



OUTPUT: # ls /var/spool/cron/atjobs/ 1249026000.a It's possible to read the what are the tasks shceduled by using cat command: Output truncated: ( At the end of the file we can see the tasks scheduled) # cat /var/spool/cron/atjobs/1249026000.a cd / umask 22 mkdir -p /mnt/pen/root/test /etc/cron.d/at.deny this file will have the login name of the users who are denied to use the at command. Here default system user's are listed. OUTPUT: # cat /etc/cron.d/at.deny daemon bin nuucp listen nobody noaccess /etc/cron.d/at.allow this file will not be present by default. this file has to be created mannualy this file holds the login name of the users who are having the permission to access the at command. Note: 1. In general system will check for the /etc/cron.d/at.allow file first and then moves to the file /etc/cron.d/at.deny. 2. If a user is given entry to both the files, then he is permitted to use the commands (in both at,crontab) /var/cron/log this file logs the at command shceduling In the case of crond We have the file /etc/crond.d/cron.deny OUTPUT: # cat /etc/cron.d/cron.deny daemon bin nuucp listen nobody noaccess



The file /etc/cron.d/cron.allow will not exist, it needed it can be created. Note: The function of the files remains same at at.allow and at.deny # cron => will execute the process recurssively it has number of fileds 1. minute filed - 0 to 59 2. hour filed - 0 to 23 3. day of month - 1 to 31 4. month filed - 1 to 12 5. day of the week - 0 to 6 NOTE: 0 = sunday 1 = monday respectively 6. command field => what command has to be executed * => on every month/day # crontab -l will list out what are the tasks scheduled in the system # crontab -l <user_name> # crontab -l che will list out what are the tasks scheduled only by the user che. # crontab -e to edit or to add the schedules to the crond.



Performing system security

Note: By default the Telnet service to the root is dened, and rest users are permitted to login through telnet. This function is defined in the file /etc/default/login Output: (Partially added relevant to the topic) # vi /etc/default/login # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # CONSOLE=/dev/console 1. By default the file entry will be CONSOLE=/dev/console And this entry denies the root access through telnet. 2. To make the root user to access through telnet the file has to be edited as, #CONSOLE=/dev/console This entry will allow the root user to access through telent 3. To deny the root user to login to the local system (console) The file has to be edited as, CONSOLE= This entry will restrict root user to login to the local system. To view the status of the telnet service: (Solaris - 10) # svcs -a | grep telnet OUTPUT: # svcs -a | grep telnet online 12:03:15 svc:/network/telnet:default To disable the telnet service to the local system: # svcadm disable network/telnet or # svcadm disable svc:/network/telnet:default or # svcadm disable telnet OUTPUT: # svcadm disable network/telnet # svcs -a | grep telnet disabled 12:32:46 svc:/network/telnet:default



To enable telnet: # svcadm enable telnet or # svcadm enable network/telnet #svcadm enable svc:/network/telnet:default OUTPUT: # svcadm enable telnet # svcs -a | grep telnet online 12:34:58 svc:/network/telnet:default Output: (Partial output relevant to the topic) # cat /etc/default/login # PASSREQ determines if login requires a password. # PASSREQ=YES Determines whether password is required at time of login Output: (Partial output relevant to the topic) # cat /etc/default/login # TIMEOUT sets the number of seconds (between 0 and 900) to wait before # abandoning a login session. # TIMEOUT=300 While login throug telnet, the login prompt will be displayed to 300 sec. It can be decreased. Output: (Partial output relevant to the topic) Determines number of retries if the password is wrogly typed. # cat /etc/default/login # RETRIES determines the number of failed logins that will be # allowed before login exits. Default is 5 and maximum is 15. # If account locking is configured (user_attr(4)/policy.conf(4)) # for a local user's account (passwd(4)/shadow(4)), that account # will be locked if failed logins equals or exceeds RETRIES. # #RETRIES=5



Output: (Partial output relevant to the topic) # vi /etc/default/telnetd # Suppress the telnet banner by supplying a null definition. # BANNER="Only if u r authenticated, login to the system " Can edit the message, this will be displayed at the time of telnet login.



PRINTER CONFIGURATION

# printmgr & => This above command opens a menu => Printer configuration can be menu driven NOTE: 1. Before configuring the printer make sure about the compatablity with the sun microsystems. 2. Check the make and the type 3. The port to which the printer is connected physically. Once the menu is opened, 1. Enable the "confirm actions" from the main menu 2. Select the newly attached printer a. give the printer name ( can be any name ) b. description can also be anything c. choose the correct port (here we have choosen /dev/pts/7 for our eg. In thiscase if we want to specify the port choose " other') d. select the type of the printer e. select -> the banner options if required or never print banner f. user access list -> by default every user is given the right to sent the request to the printer. If we want to restrict,add the specific users from the user list. g. apply the changes # lp <file_name> eg: # lp check_printer will the print the file named "check_printer" to the default printer # lpstat -d displays which is activated as the default printer if we have configured more than one printer # lpstat -p displays status of all the printers that are configured to the system # lpadmin -d <printer_name> eg: # lpadmin -d hp will activate "hp" as the default printer if we had configured more than one printer. # reject <printer_name> eg: # reject hp this command will reject the requests to the printer named "hp" ie.. hp printer will not accept the requests from any user including the root. Note: In the above case, printer is physically connected, activated but the request will not be fulfilled or not accepted.



OUTPUT: # reject 5stars_bkp destination "5stars_bkp" will no longer accept requests # lp -d 5stars_bkp /etc/shadow 5stars_bkp: requests are not being accepted # accept 5stars_bkp destination "5stars_bkp" now accepting requests # lp -d 5stars_bkp /etc/shadow request id is 5stars_bkp-12 (1 file(s)) # lpstat -d system default destination: 5stars # lpstat -p printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available. printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available. # lpadmin -d 5stars_bkp # lpstat -p printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available. printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available. # lpstat -d system default destination: 5stars_bkp # accept <printer_name> eg: # accept hp this command will start sending the request to the printer named "hp" In other words printer starts printing the desired output. # disable <printer_name> eg: # disable hp this command will disable the printer. In other words printer is not activated. # enable <printer_name> eg: # enable hp will activate/enable the printer specified. /var/lp/logs/requests -> provides the information on the print logs which inclues 1. which user given the print request 2. date & time of the request 3. size of the file 4. user id, group id 5. file name 6. location of the file # lpq provide the information about the request in the queue.



Backup & Restore 1. slice 4 and slice 5 with 1 gb each 2. Slice 6 and slice 7 with 2 gb each Now, we are going to mount slice 4 under /mnt/source. Lets add some data to the slice. Since we are discussing about OFFLINE backup, lets umount the slice4. Here let us consider slice6 as the backup media. It should be a COMPLETE backup since its our first time. # ufsdump <level_of_the_backup>uf <back_media> <slice_to_be_backedup> # ufsdump 0uf /dev/rdsk/c1d0s6 /dev/dsk/c1d0s4 Here 0 = level of the backup (Complete backup) u = to update the information about the backup on the file /etc/dumpdates f = to specify the device /dev/rdsk/c1d0s6 = backup media where the backed up informations are stored /dev/dsk/c1d0s4 = is the slice which is having the datas to be backed up OUTPUT: # ufsdump 0uf /dev/rdsk/c1d0s6 /dev/dsk/c1d0s4 DUMP: Date of this level 0 dump: Tue Aug 04 23:08:33 2009 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rdsk/c1d0s4 to /dev/rdsk/c1d0s6. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Writing 32 Kilobyte records DUMP: Estimated 16560 blocks (8.09MB). DUMP: Dumping (Pass III) [directories] DUMP: Dumping (Pass IV) [regular files] DUMP: 16446 blocks (8.03MB) on 1 volume at 48370 KB/sec DUMP: DUMP IS DONE DUMP: Level 0 dump on Tue Aug 04 23:08:33 2009 OUTPUT: # cat /etc/dumpdates /dev/rdsk/c1d0s3 0 Mon Aug 3 12:32:52 2009 /dev/rdsk/c1d0s3 1 Mon Aug 3 12:41:49 2009 /dev/rdsk/c1d0s4 0 Tue Aug 4 23:08:33 2009 From this file we can understand, c1d0s3 had been completely (0) backed up on Aug 3 12:32 c1d0s3 had been incremental backup (1) on Aug 3 12:41 Now lets mount the slice4 once again at the same mount point.



Do some updates to the created file and create some new file or directory at the mount point. Then unmount the slice4 Since we are going to discuss on incremental backup, specify the level of the backup whilst backuping. # ufsdump <level_of_the_backup>uf <backup_media> <device_to_be_backedup> # ufsdump 1uf /dev/rdsk/c1d0s7 /dev/dsk/c1d0s4 here 1 = specifies the level of backup (Incremental) Only the updated informations is backed up u = update the file /etc/dumpdates f = specifies the device /dev/rdsk/c1d0s7 = is the backup media /dev/dsk/c1d0s4 = the slice having the data # ufsdump 0S /dev/dsk/c1d0s4 will display how much of space is required to take a complete backup. OUTPUT: # ufsdump 0S /dev/dsk/c1d0s4 8478720 # ufsdump 1S /dev/dsk/c1d0s4 will display how much of sapce is required for incremental level(1) backup. How to restore the data? Note: 1. Backup media need not to be have the file system. 2. Only after resotring the COMPLETE backup, incremental backup can be done. 3. However selected files and directories can also be restored. 4. After restoring a file named "restoresysmtable" will be created at the restored point. It is not readale and not recommended to delete this file. This file will be used while restoring the incremental backup. 5. Restore can be done at any point. # ufsrestore rf <backuped_device> # ufsrestore rf /dev/rdsk/c1d0s6 where r = specifies recurssively. will restore all the files and directories that is backed up to the media /dev/rdsk/c1d0s6 f = specifies the device # ufsresotre -if /dev/rdsk/c1d0s6 i = interactive Can be possible to know what are the files and directories are backed up and can be listed out. Is possible to restore the selected files.



# ufsrestore -if /dev/rdsk/c1d0s6 Now the prompt will be changed. ufsrestore> ufsrestore>ls will list out what are the files and directories that are backed up the media (/dev/rdsk/c1d0s6)

Online backup or Snapshot

# fssnap -F <filesystem> -o bs=<any-dir> <mount_point> Snapshot or online backup is used to take a snapshot of the mounted slice. # fssnap -F ufs -o bs=/var/tmp /mnt/source here -F = specifies the filesystem -o = to specify the options bs = backing store. which will hold only the updates of the snapshot /var/tmp = backing store directory /mnt/source = mount point or the source to be snapshoted. This command will create a virtual snap device as follows /dev/fssnap/0 OUTPUT: # fssnap -F ufs -o bs=/var/tmp /backing_store /dev/fssnap/0 Note: This virtual device (/dev/fssnap/0) can be mounted as READ ONLY. Hence the virtual device can be mounted as read only # mount -o ro /dev/dsk/fssnap/0 /mnt/virtual Then to make a backup of the virtaul device, # ufsdump 0uf /dev/rdsk/c1d0s7 /dev/fssnap/0 here 0 = complete backup. level of the backup u = to update the file /etc/dumpdates f = to specify the device /dev/rdsk/c1d0s7 = backup media /dev/fssnap/0 = device to be backed up # fssanp -i will display the informations about the snap devices available in the system and their corresponding source.



OUTPUT: # fssnap -i 0 /backing_store # fssnap -i /dev/fssnap/0 0 /backing_store will provide the information about which mount point is backed up # fssnap -d <snap_device> # fssnap -d /dev/fssnap/0 To delete the specified snap device. Note: Restoring the data is as similar to normal offline backup. Taking a backup of a root slice: NOTE: 1. Enter into the system maintenance mode 2. Then check the destination size of the tape/disk 3. Proceed with the backup. # ufsdump 0uf /dev/rdsk/c1d0s6 /dev/dsk/c1d0s0 here, slice6 is taken as backup device which has nearly 4gb of space Restoring the root backup 1. Boot from the cd 2. DONOT mount the root slice (ie s0) 3. Create the file system for the root slice 4. Mount the root slice in /a dir 5. Move to the /a dir 6. restore the backedup information 7. a. install the bootblk in the case of SPARC b. install the grub in the case of X86/X64 8. restart the system. # cd / # newfs /dev/rdsk/c1d0s0 # mount /dev/dsk/c1d0s0 /a # cd /a # ufsrestore rvf /dev/rdsk/c1d0s6 # rm restoresysmtable # cd /usr/platform/ùname -m`/lib/fs/ufs # installboot bootblk /dev/rdsk/c1t1d0s0 -> SPARC # installgrub -fm /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c1d0s0 -> X86/X64 arch where -f => suppresses interaction when overwriting the master boot record -m => installs GRUB stage1 on the master boot sector interactively # cd / # umount /a # init 6



SCSA PART -2: 310-202 1. Introduction to network interfaces 2. Client & server model 3. SMC - Solaris Management Console 4. Swap configuration 5. Crash,core & dump configuration 6. NFS - Network File System 7. Autofs 8. NIS - Network Information Service/System 9. Jumpstart Installation 10. Flash Installation 11. RBAC - Role Based Access Control 12. ACL - Access Control List 13. SDS/SVM - Solaris Solstice Disk Suite/Solaris Volume Manager 14. System messaging 15. Zone Adminstration



Configuring, Controlling & Monitoring the network interfaces To identify the instance name of the intercace: # grep network /etc/path_to_inst This will display the output only in the case of SPARC-Sun hardware # dladm show-dev will also display the instance name and status of the interface OUTPUT: # dladm show-dev nge0 link: up speed: 100 Mbps duplex: full nge1 link: unknown speed: 0 Mbps duplex: unknown bge0 link: unknown speed: 0 Mbps duplex: unknown bge1 link: unknown speed: 0 Mbps duplex: unknown Note: nge - Nvidia Gigabit ethernet bge - Boradcam Gigabit ethernet rtls - Real Tek ethernet hme - happy meal ethernet qfe - quad fast ethernet To view the mac address: OK banner # ifconfig -a # ifconfig -a will provide the following a. ipaddress of the machine b. mac address of the machine c. status flag of the interface d. instance name of the interface e. broadcast id OUTPUT: # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.0.145 netmask ff000000 broadcast 192.255.255.255



ether 0:1b:24:5b:d8:d5 To assign the ipaddress to the interface: 1. Make sure the interface is plumbed. Plumbing will make the kernel to recoginize the interface # ifconfig bge1 plumb To update the kernel OUTPUT: # ifconfig bge1 plumb #ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 bge1: flags=1000802<BROADCAST,MULTICAST,IPv4> mtu 1500 index 4 inet 0.0.0.0 netmask 0 ether 0:1b:24:5b:d8:d5 # ifconfig bge1 unplumb # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 # ifconfig bge1 192.168.0.100 up To assign the ip to the bge1 interface and set the status as up. OUTPUT: # ifconfig bge1 192.168.0.100 up # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.0.100 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d5



# ifconfig bge1 down To logically down the specified interface OUTPUT: # ifconfig bge1 down # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 bge1: flags=1000802<BROADCAST,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.0.100 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d5 To make the interface up once again. It's not necessary to specify the ip OUTPUT: # ifconfig bge1 up # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.0.100 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d5 To view the mac & ip of the particular interface: OUTPUT: # ifconfig bge1 bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 4 inet 192.168.0.100 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d5 Note: # ifconfig 1. is used to assign and view the ipaddress of the system 2. Ip address assigned using ifconfig command will persists only for the current session. Once if the system is restarted, the ip address assinged to the interface will be vanished. To assign the ip address permanently to the interface:



Edit the file /etc/hotname.XXn where XXn - logical name of the interface For eg: # cat > /etc/hostname.nge0 192.168.0.120 Save this file. This file may have the hostname of the system or the ip. To assign virtual ip to the interface: WTD: 1. Plumb the interface 2. Asssign the ip to the interface 3. Create a file /etc/hostname.XXn and add entry to the file HTD: 1. # ifconfig nge0:1 plumb 2. # ifconfig nge0:1 192.168.0.170 up 3. # cat > /etc/hostname.nge0:1 192.168.0.170 Ctrl+d => to save OUTPUT: # ifconfig nge0:1 plumb # ifconfig nge0:1 192.168.0.170 up # cat > /etc/hostname.nge0:1 # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.0.170 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d5 nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255 ether 0:1b:24:5b:d8:d6 nge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 10.0.0.10 netmask ffc00000 broadcast 10.63.255.255 To assign broadcast id if it's subnetted: # ifconfig nge0:1 10.0.0.10/10 up OUTPUT: # ifconfig nge0:1 10.0.0.10 up # ifconfig nge0:1 nge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 10.0.0.10 netmask ff000000 broadcast 10.255.255.255



# ifconfig nge0:1 10.0.0.10/10 up # ifconfig nge0:1 nge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 inet 10.0.0.10 netmask ffc00000 broadcast 10.63.255.255 Now, we can host the difference in the broadcast id /etc/hosts /etc/inet/hosts 1. Both the files are linked. 2. Both the files have the same entries 3. File is used to resolve the ip with the name locally in the network Note: It's not necessay that all /etc/hosts file in the network should be mapped correctly. OUTPUT: # cat /etc/hosts # Internet host table # 127.0.0.1 localhost 192.168.0.120 accel loghost 192.168.0.170 bge1 192.168.0.121 virtual1 192.168.0.122 virtual2 # cat /etc/inet/hosts # Internet host table # 127.0.0.1 localhost 192.168.0.120 accel loghost 192.168.0.170 bge1 192.168.0.121 virtual1 192.168.0.122 virtual2 /etc/nodename This file will have the nodename. This file will be reffered at the time of every boot/reboot and accordingly the hostname will be taken. # hostname <new_name> For eg: # hostname aita will change the host name only for the current session, once the system is rebooted, the hostname will not exit. To make the hostname permanent, edit the file /etc/nodename # cat > /etc/nodename



accel /etc/services /etc/inet/services Both files are linked Will provide the information about the services & corresponding static port numbers Output truncated: # cat /etc/services #ident "@(#)services 1.32 01/11/21 SMI" # # # Copyright (c) 1999-2001 by Sun Microsystems, Inc. # All rights reserved. # # Network services, Internet style # tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp # cat /etc/inet/services #ident "@(#)services 1.32 01/11/21 SMI" # # # Copyright (c) 1999-2001 by Sun Microsystems, Inc. # All rights reserved. # # Network services, Internet style # tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp # sys-unconfig - undo a system's configuration sys-unconfig does the following: - Don't run this command Saves current /etc/inet/hosts file information in /etc/inet/hosts.saved. If the current /etc/vfstab file contains NFS mount entries, saves the /etc/vfstab file to /etc/vfstab.orig. Restores the default /etc/inet/hosts file.



Removes the default hostname in /etc/hostname. interface files for all interfaces configured when this command is run. To determine which interfaces are configured, run the command 'ifconfig-a'. The /etc/hostname.interface files corresponding to all of the interfaces listed in the resulting output, with the exception of the loopback interface (lo0), will removed. Removes the default domainname in /etc/defaultdomain. Restores the timezone to PST8PDT in /etc/TIMEZONE. Disables the Network Information Service (NIS) and Network Information Service Plus (NIS+) if either NIS or NIS+ was configured. Removes the file /etc/inet/netmasks. Removes the file /etc/defaultrouter. Removes the password set for root in /etc/shadow. # snoop is used to monitor the network between particular machine, on a specified interface Generally this snoop command without any options will monitor to all the interface of the system Output truncated: # snoop fire1 -> accel TELNET C port=32890 accel -> fire1 TELNET R port=32890 basic_commands fire1 -> accel TELNET C port=32890 solaris-remote -> (broadcast) ARP C Who is 192.168.0.1, 192.168.0.1 ? solaris-remote -> (broadcast) ARP C Who is 192.168.0.1, 192.168.0.1 ? solaris-remote -> virtual1 TELNET C port=32869 l virtual1 -> solaris-remote TELNET R port=32869 l solaris-remote -> virtual1 TELNET C port=32869 solaris-remote -> virtual1 TELNET C port=32869 s virtual1 -> solaris-remote TELNET R port=32869 s solaris-remote -> virtual1 TELNET C port=32869 solaris-remote -> virtual1 TELNET C port=32869 virtual1 -> solaris-remote TELNET R port=32869 virtual1 -> solaris-remote TELNET R port=32869 Desktop day # snoop -d <interface> will monitor only to the specified interface For eg: # snoop -d nge0 Output truncated: # snoop -d nge0 Using device /dev/nge0 (promiscuous mode) fire1 -> accel TELNET C port=32890 accel -> fire1 TELNET R port=32890 ^C fire1 -> accel TELNET C port=32890



accel -> fire1 TELNET R port=32890 \r\n-bash-3.00# fire1 -> accel TELNET C port=32890 fire1 -> accel TELNET C port=32890 c accel -> fire1 TELNET R port=32890 c fire1 -> accel TELNET C port=32890 # snoop -D -d nge0 where -D = used to monitor the dropped packet information -d = used to monitor for the specified interface Output tuncated: #snoop -D -d nge0 fire1 -> 224.0.0.22 drops: 0 IGMP v3 membership report fire1 -> 192.168.0.255 drops: 0 RIP C (1 destinations) fire1 -> 224.0.0.2 drops: 0 ICMP Router solicitation fire1 -> 224.0.0.22 drops: 0 IGMP v3 membership report fire1 -> 192.168.0.255 drops: 0 RIP C (1 destinations) fire1 -> 224.0.0.2 drops: 0 ICMP Router solicitation 100.0.0.2 -> (broadcast) drops: 0 ARP C Who is 100.0.0.2, 100.0.0.2 ? fire1 -> 224.0.0.2 drops: 0 ICMP Router solicitation fire1 -> 224.0.0.2 drops: 0 ICMP Router solicitation fire1 -> 224.0.0.22 drops: 0 IGMP v3 membership report fire1 -> 224.0.0.22 drops: 0 IGMP v3 membership report fire1 -> (broadcast) drops: 0 ARP C Who is 192.168.0.120, accel ? accel -> fire1 drops: 0 ARP R 192.168.0.120, accel is 0:1b:24:5b:d8:d6 fire1 -> accel drops: 0 TELNET C port=32890 accel -> fire1 drops: 0 TELNET R port=32890 fire1 -> accel drops: 0 TELNET C port=32890 swap -l\r\0s\3swassssss accel -> fire1 drops: 0 TELNET R port=32890 ^Cswap -l\r\nsswasssss fire1 -> accel drops: 0 TELNET C port=32890 accel -> fire1 drops: 0 TELNET R port=32890 \r\n\r\n-bash-3.00# # snoop -S -d nge0 -S = to monitor the size of the packets Output truncated: Using device /dev/nge0 (promiscuous mode) fire1 -> accel length: 60 TELNET C port=32891 \33[A accel -> fire1 length: 67 TELNET R port=32891 cd /class_doc fire1 -> accel length: 60 TELNET C port=32891 fire1 -> accel length: 60 TELNET C port=32891 \33[D accel -> fire1 length: 55 TELNET R port=32891 fire1 -> accel length: 60 TELNET C port=32891 fire1 -> accel length: 60 TELNET C port=32891 \33[D accel -> fire1 length: 55 TELNET R port=32891 fire1 -> accel length: 60 TELNET C port=32891 fire1 -> accel length: 60 TELNET C port=32891 \33[D accel -> fire1 length: 55 TELNET R port=32891 fire1 -> accel length: 60 TELNET C port=32891 fire1 -> accel length: 60 TELNET C port=32891 \33[D



# snoop -a To gather the audio # snoop accel fire1 will monitor the transmission only between the specified machine Output truncated: # snoop accel fire1 Using device /dev/nge0 (promiscuous mode) fire1 -> accel TELNET C port=32891 s accel -> fire1 TELNET R port=32891 s fire1 -> accel TELNET C port=32891 fire1 -> accel TELNET C port=32891 i accel -> fire1 TELNET R port=32891 i fire1 -> accel TELNET C port=32891 fire1 -> accel TELNET C port=32891 c accel -> fire1 TELNET R port=32891 c fire1 -> accel TELNET C port=32891 fire1 -> accel TELNET C port=32891 _ accel -> fire1 TELNET R port=32891 _ fire1 -> accel TELNET C port=32891 fire1 -> accel TELNET C port=32891 c accel -> fire1 TELNET R port=32891 c fire1 -> accel TELNET C port=32891 fire1 -> accel TELNET C port=32891 o accel -> fire1 TELNET R port=32891 o # snoop -V Displays the information in verbose summary mode Output truncated: # snoop -V -d nge0 Using device /dev/nge0 (promiscuous mode) ________________________________ fire1 -> accel ETHER Type=0800 (IP), size = 60 bytes fire1 -> accel IP D=192.168.0.120 S=192.168.0.150 LEN=43, ID=4610, TOS=0x0, TTL=64 fire1 -> accel TCP D=23 S=32891 Push Ack=2427569954 Seq=1197333170 Len=3 Win=49640 fire1 -> accel TELNET C port=32891 \33[A ________________________________ accel -> fire1 ETHER Type=0800 (IP), size = 85 bytes accel -> fire1 IP D=192.168.0.150 S=192.168.0.120 LEN=71, ID=20202, TOS=0x0, TTL=60 accel -> fire1 TCP D=32891 S=23 Push Ack=1197333173 Seq=2427569954 Len=31 Win=49639 accel -> fire1 TELNET R port=32891 cat basic_commands__ # snoop -v Displays the detailed information Output truncated:



IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 124 bytes IP: Identification = 30333 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 1 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 39f3 IP: Source address = 100.0.0.2, 100.0.0.2 IP: Destination address = 100.255.255.255, 100.255.255.255 IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 32768 UDP: Destination port = 111 (Sun RPC) UDP: Length = 104 UDP: Checksum = 9376 UDP: RPC: ----- SUN RPC Header ----- # snoop -o /Desktop/snoop_test -d nge0 This command will redirect the output of the command the specified file OUTPUT: # snoop -o /Desktop/snoop_test -d nge0 Using device /dev/nge0 (promiscuous mode) 78 # snoop -i /Desktop/snoot_test Used to read the entries of the file Note: Format of the file is different, hence we used # snoop -i to read the entries of the file. OUTPUT: # file /Desktop/snoop_test /Desktop/snoop_test: Snoop capture file - version 2



Swap configuration

Swap is a virtual space added from hard disk drive to the physical memory to increse the system performance. In Solaris, swap space can be added either permantly or temp. At the same time, the swap space can be a file or a dedicated slice. By default the swap slice will be slice1. # swap -s Will display the summary of the swap space totally allocated, used and free. OUTPUT: # swap -s total: 263440k bytes allocated + 42452k reserved = 305892k used, 23162412k available # swap -l will display the information about the swap files, slices along the size in blocks. OUTPUT: # swap -l swapfile dev swaplo blocks free /dev/dsk/c1d0s1 102,1 8 42700760 42700760 /swap_file - 8 1023992 1023992 # mkfile <size> <name_of_the_file> will create a file with the specified size. Note: Whenever a file is created with defined size using #mkfile command, the file will be with Sticky bit permission by default. Eg: # mkfile 200m /swap_file1 Will create a new file named 'swap_file' with size 200mb. OUTPUT: # mkfile 200m /swap_file # ls -lh / | grep swap_file -rw------T 1 root root 200M Aug 14 12:32 swap_file1 To add the file to swap memory: # swap -a <file_name> Eg: # swap -a /swap_file1 To check:Output:



# swap -l /dev/dsk/c1d0s1 102,1 8 42700760 42700760 /swap_file - 8 1023992 1023992 /swap_file1 - 8 409592 409592 To delete: # swap -d <file_name> Will remove the file from the swap memory Eg: # swap -d /swap_file1 To check: Output: # swap -d /swap_file1 # swap -l swapfile dev swaplo blocks free /dev/dsk/c1d0s1 102,1 8 42700760 42700760 /swap_file - 8 1023992 1023992 To add a slice to the swap memory: 1. Create slice using format utility 2. Create the file system for the slice 3. Add the slice to the swap memory by # swap -a For eg: # swap -a /dev/dsk/c1d0s5 To make the swap file & slice permanently available edit the file /etc/vfstab Eg: # cat /etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # fd - /dev/fd fd - no - /proc - /proc proc - no - /dev/dsk/c1d0s0 /dev/rdsk/c1d0s0 / ufs 1 no - /dev/dsk/c1d0s1 - - swap - no - /swap_file - - swap - no - /swap_file1 - - swap - no - /devices - /devices devfs - no - ctfs - /system/contract ctfs - no - objfs - /system/object objfs - no - swap - /tmp tmpfs - yes - # pagesize will display the pagesize NOTE: By default X86 = 4096 Sparc = 8192



OUTPUT: # pagesize 4096

Solaris Management Console: smc # smc & will open a Graphical tool to do adiministration task The following tasks can be performed through smc. Storage Disks, Mounts and Shares, and Enhanced Storage Tools Devices and Hardware Serial Ports Terminal Launches a terminal window System Status Processes, Log viewer, System Information, and Performance System configuration Users, Projects, Computer and Networks, and Patches Services Scheduled Jobs To start/stop the smc : To determine if the SMC server is running: # etc/init.d/init.wbem status To start the SMC server: # /etc/init.d/init.wbem start To stop the SMC server: # /etc/init.d/init.wbem stop



Crash/Core & Dump Administration CRASH DUMP: OS generates a crash dump by writing some of the contents of the Physcial memory to a pre-determined dump device, which must be a local disk slice. /var/crash/ùname -n`/vmcore.x where x = integer indentifying the dump /var/crash/ùname -n`/unix.x NOTE: Within the crash dump directory a file named bounds is created. The bounds file holds a number that is used as a suffix for the next dump to be saved. The configuration file for crash dump is /etc/dumpadm.conf 1. This file is not recommened to edit 2. This file provides the following information a. which slice is dedicated for dump By default swap slice (slice-1) is dedicated for this purpose. b. Provides the information about dumpadm or crash is enabled or disbaled. c. What contents has to be dumpded. By default Kernel contents will be dumpded. d. displays the save core directory. # dumpadm This command reads the file /etc/dumpadm.conf and the output will be displayed accordingly. Eg output is given for kind ref: OUTPUT: Dump content: kernel pages Dump device: /dev/dsk/c0d1s1 Savecore directory: /var/crash/server Savecore enabled: yes # dumpadm -d /dev/dsk/c0d1s5 Will change the default (/dev/dsk/c0d1s1) dumpdevice to /dev/dsk/c0d1s5 OUTPUT: Dump content: kernel pages Dump device: /dev/dsk/c0d1s5 (dedicated)



Savecore directory: /var/crash/server Savecore enabled: yes Here the dumpdevice is changed. OUTPUT: # dumpadm -n will disable the save core. Dump content: kernel pages Dump device: /dev/dsk/c0d1s5 (dedicated) Savecore directory: /var/crash/server Savecore enabled: no Here save core is disabled. OUTPUT: # dumpadm -y will enable the save core. Dump content: kernel pages Dump device: /dev/dsk/c0d1s5 (dedicated) Savecore directory: /var/crash/server Savecore enabled: yes Here save core is enabled. NOTE: 1. save core is by default enabled. Only if the save core is enabled dumpadm will dump the contents to the device specified. 2. # dumpadm command updates the file /etc/dumpadm.conf and hence the configuration remains permanent. # dumpadm -s /var/crash/Unix This command change the save core directory. OUTPUT: Dump content: kernel pages Dump device: /dev/dsk/c0d1s5 (dedicated) Savecore directory: /var/crash/Unix/ Savecore enabled: yes Here savecore directory is changed. # dumpadm -c all This will ask the system to dump all the pages from the physical memory. The default dump contents is kernel pages. OUTPUT: Dump content: all pages Dump device: /dev/dsk/c0d1s5 (dedicated)



Savecore directory: /var/crash/Unix/ Savecore enabled: yes Here the default dump content is changed to "all pages" Coreadm: When a process terminates abnormally it typically produces a core file. 1. A core file is a point-in-time copy of RAM allocated to a process. 2. The copy is written to a more permanent medium - hard disk drive. 3. A core file is also a disk copy of the address space of a process at a certain point-in-time. 4. A core file will have the following information: a. task name b. task owner c. priority at the time of execution. 5. OS generated 2 possible copies of core file based on the configuration. a. GLOBAL CORE FILE: i. created mode is 600 ii. owned by super-user iii. non-priviledged users are not permitted to examine b. ORDINARY PER_PROCESS CORE FILE: i. created mode is 600 11. Owned by the owner of the process NOTE: If the directory defined in the global core file does not exist, it has to be created manually. The configuation file is /etc/coreadm.conf This file is not recommended to edit. But the updations to the file can be performed by using the command # coreadm # coreadm reads the entries of the file /etc/coreadm.conf and the configuration is displayed. coreadm pattterns: %m = machine name %n = system known name %p = process-id %t = decimal value %u = effective user %z = which process executes %g = effictive group id %f = execuitable file name -d = disable -e = enable # coreadm option argument



MISC: 1. Troubleshooting informations will be available at # cat /lib/svc/share/README 2. To mount the read only slice as read/write: # mount -o rw,remount / 3. To view the realse of the operating system: # cat /etc/release Solaris 10 11/06 s10x_u3wos_10 X86 Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 14 November 2006 # cat /var/sadm/softinfo/INST_RELEASE OS=Solaris VERSION=10 REV=0 To assign the gateway: # route add default <ip> eg: # route add default 192.168.0.150 To view the assigned gateway: # netstat -r OUTPUT: Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 accel U 1 20 nge0 192.168.0.0 virtual1 U 1 0 nge0:1 192.168.0.0 virtual2 U 1 0 nge0:2 192.168.0.0 bge1 U 1 0 bge1 224.0.0.0 accel U 1 0 nge0 default 192.168.0.150 UG 1 0 localhost localhost UH 4 1110 lo0 OUTPUT: # netstat -rn Routing Table: IPv4



Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 192.168.0.120 U 1 20 nge0 192.168.0.0 192.168.0.121 U 1 0 nge0:1 192.168.0.0 192.168.0.122 U 1 0 nge0:2 192.168.0.0 192.168.0.170 U 1 0 bge1 224.0.0.0 192.168.0.120 U 1 0 nge0 default 192.168.0.150 UG 1 0 127.0.0.1 127.0.0.1 UH 4 1110 lo0 U - Indicates route is up. G - Route is to a gateway. To configure DHCP in Solaris-10: Client side configuration: # touch /etc/dhcp.nge0 where nge0 = name of the physical interface # touch /etc/hostname.nge0 # touch /etc/notrouter # cp /dev/null /etc/defaultrounter # cp /etc/nsswitch.dns /etc/nsswitch.conf # cp /dev/null /etc/resolv.conf # ifconfig -a # vi /etc/resolv.conf nameserver 192.163.0.1 # svcadm restart physical # svcadm restart network or # touch /etc/dhcp.nge0 # touch /etc/hostname.nge0 # ifconfig nge0 dhcp drop # ifconfig nge0 dhcp start # ifconfig nge0 dhcp status # ifconfig nge0 dhcp release To gather the processor staus: # psrinfo OUTPUT: bash-3.00# psrinfo 0 on-line since 08/18/2009 12:43:45 1 on-line since 08/18/2009 12:43:54 To bring the processor off-line: # psradm -f <processor-id> eg:



# psradm -f 1 OUTPUT: bash-3.00# psradm -f 1 bash-3.00# psrinfo 0 on-line since 08/18/2009 12:43:45 1 off-line since 08/18/2009 16:19:39 To bring back the processor on-line: # psradm -n <processor-id> Eg: # psradm -n 1 OUTPUT: bash-3.00# psradm -n 1 bash-3.00# psrinfo 0 on-line since 08/18/2009 12:43:45 1 on-line since 08/18/2009 16:21:50



ACL = Access Control List # setfacl = to assign, modify the acl permissions to the file/directory # getfacl = to view the acl entries assinged to a file/directory Note: A file "new" is created and ACL is assigned to the file # getfacl new # getfacl -a new Will display the ACL & other permissions to specified file Note: Output of above commands remains same. OUTPUT: bash-3.00# getfacl new # file: new # owner: root # group: root user::rwx user:che:rwx #effective:rwx group::rw- #effective:rw- group:sun:rw- #effective:rw- mask:rwx other:r-- bash-3.00# getfacl -a new # file: new # owner: root # group: root user::rwx user:che:rwx #effective:rwx group::rw- #effective:rw- group:sun:rw- #effective:rw- mask:rwx other:r-- # getfacl -d new will display only the owner/group of the file specified OUTPUT: bash-3.00# getfacl -d new



# file: new # owner: root # group: root Syntax: # setfacl -s u::<perm>,g::<perm>,o:<perm>,m:<perm>,u:<name>:<perm>,g:name:<perm> <name_of_file_dir> where u = user g = group o = other m = ACL mask Note: u,g,o can be replaced with user, group,others respectively m can be replaced with mask Here first u,g refers the owner of the file and the group the file/dir belongs to. for eg: # setfacl -s u::rwx,g::rw-,o:r--,m:rwx,u:che:rwx,g:sun:rw- new -s = to substitue OUTPUT: bash-3.00# setfacl -s u::rwx,g::rw-,o:r--,m:rwx,u:che:rwx,g:sun:rw- new bash-3.00# getfacl new # file: new # owner: root # group: root user::rwx user:che:rwx #effective:rwx group::rw- #effective:rw- group:sun:rw- #effective:rw- mask:rwx other:r-- # setfacl -m u::rwx,g::rw-,o:r--,m:rwx,u:castro:rwx,g:admin:rw- new -m = to modify OUTPUT: bash-3.00# setfacl -m u::rwx,g::rw-,o:r--,m:rwx,u:castro:rwx,g:admin:rw- new bash-3.00# getfacl new # file: new # owner: root # group: root user::rwx user:che:rwx #effective:rwx user:castro:rwx #effective:rwx



group::rw- #effective:rw- group:sun:rw- #effective:rw- group:admin:rw- #effective:rw- mask:rwx other:r-- To get the ACL entries of one file/dir to another file/dir # getfacl new | setfacl -f - old # getfacl old OUTPUT: bash-3.00# getfacl new | setfacl -f - old bash-3.00# getfacl old # file: old # owner: root # group: root user::rwx user:che:rwx #effective:rwx user:castro:rwx #effective:rwx group::rw- #effective:rw- group:sun:rw- #effective:rw- group:admin:rw- #effective:rw- mask:rwx other:r--



NFS - Network File System

- Comes under the distributed file system - Used or enables computers of different arch running different Operating system - Work with heterogeneous environment.(For eg: Can integrate with Linux) Advantages of NFS: - allows multiple computers to use the same files, because all users on the network can access the same data (based on the permission). - reduces storage costs by sharing applications on computers instead of allocating local disk space for each user - provides data reliability & consistency - reduces system administration Note: 1. In Solaris-10 NFS version 4 is used by default. 2. Version related checks are applied whenever a clinet host attempts to access a server's file share. 3. NFSv4 provides firewall support since it uses a well known port -2049 NFS server files: 1. /etc/dfs/dfstab - list the locally pemanently shared resources at boot time - editable file by the root user Output: ( Along with manually added shares) bash-3.00# cat /etc/dfs/dfstab # Place share(1M) commands here for automatic execution # on entering init state 3. # # Issue the command 'svcadm enable network/nfs/server' to # run the NFS daemon processes and the share commands, after adding # the very first entry to this file. # # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource] # .e.g, # share -F nfs -o rw=engineering -d "home dirs" /export/home2 share -F nfs -o rw /export/home share -F nfs /share share -F nfs -o ro /nfs/share_test share -F nfs -o rw=natra,ro=solaris -d "test" /source/open share -F nfs -o rw=natra,ro=192.168.0.0/32 /unix_share



2. /etc/dfs/sharetab - Not recommended to edit - File will be updated through "share" , "shareall" , "unshare", "unshareall"

commands - lists the locally and currently shared resources in the system Output: (With manuallu edited entries) bash-3.00# cat /etc/dfs/sharetab /Desktop/ppt - nfs rw /export/home - nfs rw /share - nfs rw /nfs/share_test - nfs ro /source/open - nfs rw=natra,ro=solaris test /unix_share - nfs rw=natra,ro=192.168.0.0/32 3. /etc/dfs/fstypes - lists the default file system types for remote file systems. Output: bash-3.00# cat /etc/dfs/fstypes nfs NFS Utilities autofs AUTOFS Utilities cachefs CACHEFS Utilities Here, nfs - used to share the resources across the network autofs - used to mount the shared resource at client side on demand cachefs - used to sync the updations performed to the shared resouce. (This is responsible for maintaining the reliability & consistencty) 4. /etc/rmtab - lists file systems remotely mounted by NFS clients. - do not edit this file Output: bash-3.00# cat /etc/rmtab solaris:/nfs/share_test 5. /etc/nfs/nfslog.conf - lists information defining the location of configuration logs used for NFS server

logging Output:



bash-3.00# cat /etc/nfs/nfslog.conf #ident "@(#)nfslog.conf 1.5 99/02/21 SMI" # # Copyright (c) 1999 by Sun Microsystems, Inc. # All rights reserved. # # NFS server log configuration file. # # <tag> [ defaultdir=<dir_path> ] \ # [ log=<logfile_path> ] [ fhtable=<table_path> ] \ # [ buffer=<bufferfile_path> ] [ logformat=basic|extended ] # global defaultdir=/var/nfs \ log=nfslog fhtable=fhtable buffer=nfslog_workbuffer 6. /etc/default/nfslogd - list configuration information describing the behaviour of the nfslogd daemon

for NFS v2 and v3. Output: bash-3.00# cat /etc/default/nfslogd # #ident "@(#)nfslogd.dfl 1.8 99/02/27 SMI" # # Copyright (c) 1999 by Sun Microsystems, Inc. # All rights reserved. # # Specify the maximum number of logs to preserve. # # MAX_LOGS_PRESERVE=10 # Minimum size buffer should reach before processing. # # MIN_PROCESSING_SIZE=524288 # Number of seconds the daemon should sleep waiting for more work. # # IDLE_TIME=300 # CYCLE_FREQUENCY specifies the frequency (in hours) with which the # log buffers should be cycled. # # CYCLE_FREQUENCY=24 # Use UMASK for the creation of logs and file handle mapping tables. # # UMASK=0137 7. /etc/default/nfs - contains parameter values for NFS protocols & NFS daemons.



Output: (Only selected parameters is displayed) #NFSD_MAX_CONNECTIONS= NFSD_LISTEN_BACKLOG=32 #NFS_CLIENT_VERSMIN=2 8. /etc/nfssec.conf - to enable the necessary security mode. - can be performed through # nfssec Output: bash-3.00# cat /etc/nfssec.conf # #ident "@(#)nfssec.conf 1.11 01/09/30 SMI" # # The NFS Security Service Configuration File. # # Each entry is of the form: # # <NFS_security_mode_name> <NFS_security_mode_number> \ # <GSS_mechanism_name> <GSS_quality_of_protection> <GSS_services> # # # The "-" in <GSS_mechanism_name> signifies that this is not a GSS mechanism. # A string entry in <GSS_mechanism_name> is required for using RPCSEC_GSS # services. <GSS_quality_of_protection> and <GSS_services> are optional. # White space is not an acceptable value. # # default security mode is defined at the end. It should be one of # the flavor numbers defined above it. # none 0 - - - # AUTH_NONE sys 1 - - - # AUTH_SYS dh 3 - - - # AUTH_DH # # Uncomment the following lines to use Kerberos V5 with NFS # #krb5 390003 kerberos_v5 default - # RPCSEC_GSS #krb5i 390004 kerberos_v5 default integrity # RPCSEC_GSS #krb5p 390005 kerberos_v5 default privacy # RPCSEC_GSS default 1 - - - # default is AUTH_SYS Note: 1. If the svc:/network/nfs/server service does not find any 'share' commands in the /etc/dfs/dfstab tile, it does not start the NFS server daemons. 2. The features provided by mountd daemon and lockd daemons are integrated into NFS v4 protocol.



3. In NFSv2 and NFSv3, the mount protocol is implemented by the seperated mountd daemon which did not use an assigned, well-knwon port number, which is very hard to use NFS through firewall. 4. nfsd and mountd daemons are started if there is an entry (uncommented) share statement in the system's /etc/dfs/dfstab file. 5. Manually create /var/nfs/public directory before starting nfs server logging. (Pls do ref the file /etc/nfs/nfslog.conf) 4.b. /etc/rmtab - contains a table of file systems remotely mounted by NFS clients - after a client successfully completes a NFS mount request, the mountd

daemon on the server makes an entry in the /etc/rmtab file - file also contains a line entry fo each remotely mounted directory that has been successfully unmounted, except that the mounted daemon replacces the first character in the entry with (#) character. Output: bash-3.00# cat /etc/rmtab solaris:/nfs/share_test To start/stop the nfs-server: Solaris-10: To start/enable: bash-3.00# svcadm enable nfs/server bash-3.00# svcadm -v enable nfs/server svc:/network/nfs/server:default enabled. To stop/disable bash-3.00# svcadm disable nfs/server bash-3.00# svcadm -v disable nfs/server svc:/network/nfs/server:default disabled. Earlier vesrsions of Solaris: /etc/init.d/nfs.server start - to start the service /etc/init.d/nfs.server stop - to stop the service NFS server side daemons: 1. statd 2. lockd 3. mountd



4. nfsmapid 5. nfslogd NFS client side daemons: 1. statd - works with the lockd daemon to provide crash recovery functions for the lock Manager 2. lockd - supports record-locking operation ofn NFS files 3. nfs4cbd- NFSv4 call back daemon Note: mountd and lockd daemon runs on both server and client. Daemons & it's purposes: 1. mountd: - NOT available in NFSv4 - available in NFSv2 and NFSv3 - mountd daemon is integrated with NFSv4 protocol by default - handles file system mount requests from remote systeds and provides access

control - started by: svc:/network/nfs/server service. Steps involved: 1. mountd daemon checks the /etc/dfs/sharetab file to determine whether a particular file or directory is shared and whether the requesting client has perission to access the shared resources. 2. when NFS client issues an NFS mount request, the mount command of the client contact the mountd daemon on the server. The mountd daemon provides service. 2. nfsd daemon: - handles client file system requests - started by: svc:/network/nfs/server - only root user can start the nfsd daemon - when a client process attempts to access a remote file resource, the nfsd daemon on NFS server receives the request and then performs the requested operation. 3. statd daemon: - works with the lockd daemon to provide crash recovery functions for the lock

manager - server's statd daemon tracks the cients that are holding locks on an NFS

server. When the NFS server reboots after a crash, the statd daemon on the server contacts the statd daemon on client, which informs lockd daemon to reclaim any locks on the server.

- not used in NFSv4 - started by: svc:/network/nfs/status service



4. lockd daemon: - intergrated with NFSv4 - supports record locking operations on NFS files - started bu: svc:/network/nfs/lockmgr 5. nfslogd daemon: - provides operational logging for NFSv2 and NFSv3 - NFS logging is enabled, when the share is made available - for all file systems for which logging is enable, the NFS kernel module records

all operations in a buffer file - operations are performed based on the config file /etc/default/nfslogd - started by: svc:/network/nfs/server service 6. nfsmapid: - implemented in NFSv4 - maps owner and group indentification that both the NFSv4 client & server user - started by: svc:/network/nfs/mapid - no interface to the daemon, but the parameters can be assinged to the file

/etc/default/nfs Commands: # share - makes a local directory on an NFS server available for mounting - also displays the contents of the file /etc/dfs/sharetab syn: # share displays the shared contents in the local system Output: bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" To share the resouces using # share command: Note: Sharing done through # share command will be available for current session and will not exist after reboots. # share -F <file_sys> <directory> - will share the specified directory without any Access list to all the clients in the network. - will update the file /etc/dfs/sharetab For eg: # share -F nfs /data_share Output: bash-3.00# mkdir /data_share



bash-3.00# share -F nfs /data_share bash-3.00# cat /etc/dfs/sharetab /export/home - nfs rw /share - nfs rw /nfs/share_test - nfs ro /source/open - nfs rw=natra,ro=solaris test /unix_share - nfs rw=natra,ro=192.168.0.0/32 /data_share - nfs rw Options-1: # share -F nfs -d "Comment-description" /data_share here -F = specifies the file system -d = description or comment about the shared directory Output: bash-3.00# share -F nfs -d "Comment-description" /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share rw "Comment-description" Options-2: # share -F nfs -d "comment" -o rw=solaris,ro=fire2 /data_share here -o = specifies the option ro = read only to the listed clients rw = read write to the listed clients # share -F nfs -d "comment" -o rw=solaris,ro=fire2:192.168.0.14 /data_share Note: Clients name or ip can be given, seperated by , (commas) or by : (semi-colon) Output: bash-3.00# share -F nfs -d "comment" -o rw=solaris,ro=fire1 /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share rw=solaris,ro=fire1 "comment"



bash-3.00# share -F nfs -d "comment" -o rw=solaris,ro=fire1:192.168.0.14 /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share rw=solaris,ro=fire1:192.168.0.14 "comment" Option-3: # share -F nfs -d "comment" -o root=solaris,rw=fire2,ro=192.168.0.14 /data_share Output: # share -F nfs -d "comment" -o root=solaris,rw=fire2,ro=192.168.0.14 /data_share bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share root=solaris,rw=fire2,ro=192.168.0.14 "comment" here root=<client_name_or_ip> root=solaris - informs the client that the root user on the specified client system or systems can perform super-user priviledge requests on the shared resource Option-4: # share -F nfs -d "comment" -o [email protected].* /data_share Output: bash-3.00# share -F nfs -d "comment" -o [email protected].* /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share [email protected].* "comment" To share to resouce to the specified network Option-5: # share -F nfs -d "comment" -o ro=aita.com /data_share



Output: bash-3.00# share -F nfs -d "comment" -o ro=aita.com /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share ro=aita.com "comment" To share the resource only for that domain. 2. # unshare - makes a previously available directory unavilable for client side mount

operations # unshare /data_share Output: bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share rw "Comment-description" bash-3.00# unshare /data_share/ bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" 3. # shareall - reads & executes shared statements from the file /etc/dfs/dfstab NOTE: All the above discussed share options can be edited to the file /etc/dfs/dfstab and the syntax remains same. Output: bash-3.00# shareall bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 ""



NOTE: Few entries from the /etc/dfs/dfstab share -F nfs -o rw /export/home share -F nfs /share share -F nfs -o ro /nfs/share_test share -F nfs -o rw=natra,ro=solaris -d "test" /source/open share -F nfs -o rw=natra,ro=192.168.0.0/32 /unix_share 4. # unshareall - makes previously shared resoures unavailable Output: bash-3.00# share - /export/home rw "" - /share rw "" - /nfs/share_test ro "" - /source/open rw=natra,ro=solaris "test" - /unix_share rw=natra,ro=192.168.0.0/32 "" - /data_share rw "Comment-description" bash-3.00# unshareall bash-3.00# share bash-3.00# 5. # dfshares - lists available shared resources from the remote/local NFS server # dfshares 192.168.0.252 Output: bash-3.00# dfshares 192.168.0.252 RESOURCE SERVER ACCESS TRANSPORT 192.168.0.252:/export/home 192.168.0.252 - - # dfmounts - displays a list of NFS server directories that are currently mounted at the clients - reads the entry from the file /etc/rmtab At client side: To make the resource permanently available edit the file /etc/vfstab. eg entry from the client: fire2:/nfs/share_test - /mnt/point3 nfs - yes ro,nosuid fire2:/share - /mnt/point1 nfs - yes -



Autofs Autofs

- It's a clinet side sevice to make the shared resource available at the client side - On demand.

- Autofs file is initialized by /lib/svc/automount script /lib/svc/method/svc_autofs script starts the autofs daemon. NOTE: automountd deamon is completely independent from the automount command. Because of this seperation, we can add/modify/delete map information without having to stop and start the automountd daemon process. Autofs types: 1. Master map 2. Direct map 3. Indirect map 4. Special map Master map: 1. Lists the other maps used for establishing the autofs file system. 2. The automount command reads this map at boot time. /etc/auto_master is the configuration file which have the list of direct & indirectly automounted resources. Output: (With default entry to the file /etc/auto_master) # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "@(#)auto_master 1.8 03/04/28 SMI" # # Master map for automounter # +auto_master /net -hosts -nosuid,browse /home auto_home -nobrowse Direct map: Lists the mount points as ABSOLUTE PATH names. This map explicitly indicates the mount point on the client. Usually /usr/share/man directory is a good example for direct mapping. /- mount point is a pointer that informs the automount facility that full path names are defined in the file specified by MAP_NAME (for eg: here its /etc/direct_map).



NOTE: 1. /- is NOT an entry in the default master map file (/etc/auto_master) 2. The automount facility by default automatically searched for all map related file in /etc directory. Output: ( After adding a manual entry to the file) # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "@(#)auto_master 1.8 03/04/28 SMI" # # Master map for automounter # +auto_master /net -hosts -nosuid,browse /home auto_home -nobrowse /- direct /- /direct Note-1: Here 1. "direct" is the file name that has to be resided under /etc/ dir. It's mandatory. This file will have the absolute path of the shared resource & mount point at the

client. 2. This file has to be manually created. 3. The name of the file can be anything. Output: The entry to the file /etc/direct bash-3.00# cat /etc/direct /usr/share/man 192.168.0.150:/usr/share/man Note-2: Here 1. "/direct" is the file name that is residing under / directory. If the direct maping file is NOT residing under /etc dir, the full path of the file

has tobe specified. 2. This file will have the absolute path of the shared resources & mount point at the client. 3. Again the name of the file can be anything Output: They entry of the file /direct bash-3.00# cat /direct



/usr/share/man 192.168.0.150:/usr/share/man Indirect map: Are simplest and most useful autofs. Lists the mount points are relative path names. This map uses a relative path to establish the mount point on the client. /export/home - is a good example for indirect map while implementing NIS. An indrect map uses a key substitute value to establish the association between a mount point on the client and a directory on the server. Indirect map are useful for accessing specific filesystems, such as home directories, from anywhere in the network. Special map: Provides access to NFS service by using their host names. By default special maps are enabled. /net directory is a good example for special map. This directory has the list of the hosts connected in the network. Once if we open the dir with the name of the host, this displays the shared resources of that specified host. It's similar to the network neighbourhood in windows. Output: bash-3.00# cd /net bash-3.00# ls fire1 localhost loghost natra solaris sunfire2 bash-3.00# cd fire1 bash-3.00# ls usr NOTE: + symbol at the beginning of the +auto_master line in the /etc/auto_master file directs the automountd daemon to look at the NIS, NIS+ or LDAP databases before it reads the rest of the map. If this line is commented out, only the local files are searched unless the /etc/nsswitch.conf files specifies that NIS, NIS+ or LDAP should be searched. auto_home This maps provide the mechanism to allow users to access their centrally localted $HOME directories -hosts map Provides access to all resources shared by NFS servers. The server are mounted below the /net/hostname directory, or if only the server's ip-address is known, bleow the /net/ipaddress directory. The server does not have to be listed in the hosts database for this mechanism to work.



To view the status of the autofs: Output: bash-3.00# svcs -a | grep autofs online 11:51:59 svc:/system/filesystem/autofs:default To start/stop the autofs: # svcadm enable svc:/system/filesystem/autofs:default - to start # svcadm disable svc:/system/filesystem/autofs:default - to stop EG: for Direct Maps: SERVER SIDE configuration: For sharing the man pages from the server 192.168.1.51 to clients. 1. Edit the file /etc/dfs/dfstab share -F nfs -o ro /usr/share/man 2. Save the file CLIENT SIDE configuration: 1. Edit the file /etc/auto_master /- direct_map 2. Save the file 3. Create a file /etc/direct_map file with the following contents edit: # vi /etc/direct_map /usr/share/man 192.168.1.51:/usr/share/man 4. Save the file 5. Make sure autofs service is running # svcs -a | grep autofs Start the service if its offline. # svcadm enable autofs 6. Then automount the shared resources. # automount -v



here -v = provides the detailed information about the automounted resources. Output: bash-3.00# automount -v automount: /usr/share/man mounted automount: no unmounts