solaris admin

7/30/2019 Solaris Admin

1/256

Solaris System Administration 1

INTRODUCTION

TOUNIX


2/256


Primarly influenced by Multics

First version of UNIX developed by Ken Thompson in 1969 on

DEC PDP for business, scientific and industrial users

Originally written in Assembly language for PDP-7

Transportability facilitated by Thompson in B Language

B modified by Richie as C Language

Thompson and others wrote Unix in C in 1980 to be able to port

on any computer


3/256


FEATURES OF UNIX

Multitasking

Multiuser

On line help

Communication and Electronic mail


4/256


FEATURES OF UNIX CONTINUES...

Available on micros, minis and mainframes

Hierarchical file system

Library of application software


5/256


SYSTEM CONCEPTS


6/256


UNIX

KERNEL

SHELL

APPLICATION SOFTWARE

Kernel

Shell

Applications


7/256


KERNEL is the heart of the UNIX operating system. It is nextto the hardware. It is responsible for scheluing tasks and

managing data storage

SHELL is the command interpreter. It is an interfacce between

the user and the kernel.

APPLICATION SOFTWARE are the specific capabilities

added on to the operating system


8/256


BOURNEprompt - ($)

-> DEFAULT SHELL

Cprompt - (%)

-> HAS SYNTAXSIMILAR TO C LANGUAGE

KORNprompt - ($)

-> BOURNE + ALIASING,HISTORY, ETC.

SHELLS


9/256


FILE SYSTEM STRUCTURE(Hierarchical Inverted-Tree Structure)

lib sbin bin

USR OPT

dsk tty

DEV ETC

ssa1 ssa2

home

EXPORT

genunix

KERNEL VAR

/ (ROOT)


10/256


COMMON TERMS USED

HOST

HOST NAME

IP ADDRESS

SERVER

CLIENT

NETWORK

DAEMON

MULTITASKING

MULTIUSER

DISTIBUTED PROCESSING


11/256


SYSTEM RUN LEVELS

Objectives :

Change Run Levels

Shutdown & Booting Commands

Reboot


12/256


Changing Run Levels

Init Command

e.g.

init 6

will reboot the System todefault run level


13/256


Boot Command

boot -[options]

devicenames cdrom

net

disk

Options -a for interactive boot

-s for booting to single

user

-r to reconfigure system


14/256


Shutdown Command

shutdown [-y] [-g seconds] (-init state)[message]

yes Grace period(60 sec) Init levels(0,1,5,6)

warning

e.g. shutdown -y -g 0 -I 0

will immediately shutdown the system to level 0


15/256


Other Boot/Reboot Commands

halt

poweroff

reboot

Not Recommended


16/256


OPEN BOOT PROM(OBP)


17/256


OPEN BOOT PROM

Resident firmware that provides basic hardwaretesting & initialization prior to booting.

It is used for testing & initializing systemhardware

determines the configuration

boots the operating system

provides interactive debugging facilities


18/256


SYSTEM

BOARD

BOOT

PROMCustom

Driver

ID - PROM

Third Party Sbus Card

Sbus


19/256


BOOT PROM VERSIONS

1.x (ORIGINAL SPARC BOOT PROM)

2.x (FIRST OPEN BOOT PROM)

3.x (OBP WITH DOWNLOADABLE FIRMWARE)


20/256


BASIC OBP COMMANDS

banner

boot help

printenv

setenv

set-defaults

devalias

probe scsi probe - scsi - all

probe - ide

reset


21/256


CHANGING DEFAULT BOOT - DEVICE

ok setenv boot - device = NET

ok reset

ok boot


22/256


CREATING CUSTOM DEVICE ALIASES

nvalias

nvunalias


23/256


EEPROM COMMAND

Lists eeprom settings

Changes need not be followed by

reset


24/256


STOP KEY

stop - a key sequence

puts system into obp command mode.

Use sync to synchronize file systems.

stop - n

starts/boots the system with default

values.


25/256


SOLARIS INSTALLATION


26/256


CDE Demos

CDE DT

BUILDER

CDE Man pages

SOFTWARE GROUPINGS

CDE

developer s/w

CDE

CONFIGURATION

CLUSTERS

SOFTWARE

CLUSTERS

PACKAGE


27/256


ENTIRE DISTRIBUTION

ENTIRE

DISTRIBUTIONPLUS OEM DRIVERS

DEVELOPER

END USER

CORE

O

P

T

I

O

NS

HARDWARE REQUIREMENTS


28/256


HARDWARE REQUIREMENTS

FOR SOLARIS 7 INSTALLATION

SPARC / INTEL SYSTEM

1.05 GB HDD SPACE

64 MB RAM

CD-ROM DRIVE or INSTALL SERVER


29/256


SYSTEM INFORMATION

HOST NAME

IP ADDRESS

NAME SERVICE SUBNET

GEOGRAPHIC LOCATION

TIME ZONE INFORMATION

ROOT PASSWORD


30/256


INSTALLATION TYPES

UPGRADE INITIAL

(F resh I nstal lation)I ni tial Precautions

Notify Users

Backup Files

Shutdown System


31/256


LOG OF INSTALLATION

/var/sadm/install_ data/install_log


32/256


SOLARIS BOOT PROCESS


33/256


PROM executes POST

Determines Boot device (eg. Disk,net,CD-ROM)

Reads Boot Block ( Sector 1- 15)

PROM loads Bootblk Program

Bootblk loads (ufsboot) program

ufsboot loads 32-bit/64-bit kernel

Loads kernel Modes

Reads \etc\system file

Kernel initialized and starts init process

Init process starts and run control scripts

BOOTS

PROM Phase

BOOT Programphase

Kernel

Initialization

phase

/sbin/init

phase


34/256


KERNEL

consists of a two piece static core (unix &genunix) and loadable modules.

LOADABLE MODULES

is a device driver which is loadedwhen device is accessed.

KERNEL STRUCTURE


35/256


KERNEL STRUCTUREResides in /platform/uname-m/kernel/unix

KERNEL

drv

Sched

exec

Strmod

fs

Sys

genunix

misc

/etc/system file


36/256


/etc/system file

moddir - modifies search path for kernel modules.

rootdev - determines alternate root device.

exclude - modules to be excluded even if referenced.

forceload - modules loaded forcibly at boot time.

Can be customized to change kernel configuration process

Overrides default value using variable = value

eg. set -pt-cnt =100

set npty = 100 - sets pseudo-ttys to 100.

Take backup before editing .


37/256


SYSTEM RUN LEVELS&

INITIALIZATION FILES


38/256


SYSTEM RUN LEVELS

0

PROM monitor Run level1 Single user mode

Used for performing Administrative tasks.

2

Multi-user mode (no resources shared).3 Multi-user mode (resources shared).

4 Not used.

5 Halt.

6 Reboot.

S,s Single user mode with user logins disabled.


39/256


/etc/inittab

S3 : 3 : wait : |sbin|rc3 >/dev/console 2 < > |dev|console

idrstate

actionCommand to execute

init process and /etc/inittab


40/256


init process and /etc/inittab

init process Set initdefault to level 3.

Run entries with sysinit in Action field.

Run entries with 3 in rstate field.

/etc/inittab


41/256


Contains scripts to start /stop

daemons/services.

Scripts starting with alphabet k.

Scripts starting with alphabet s starts

process/services eg. S71 inetinit

/etc/rc#.d


42/256


/etc/init.d

Contain run control scripts HARD

LINKED to start/ kill scripts in /etc/rc#.d

eg. Sendmail nfs.server etc

Services can be started/stopped in

running system eg. /etc/init.d/nfs.server start


43/256


DISK CONFIGURATION

&

PARTITIONING


44/256


LOGICAL DISK DEVICE NAMES

The /dev directory

The rdsk or dsk subdirectory

Controller number

Target number

Disk number

Slice number

/dev /[r] dsk /c n tn dn sn

VTOC - Volume Table Of Contents


45/256


VTOC - Volume Table Of Contents

Slice 0

Slice 1

Slice 2 VTOC (sector 0)

Disk Geometry - Describes the no. of heads , sectors andcylinders.

Partition Tables - Describes the slices on the disk.

Volume Names - Identifies the disk device (optionally assigned by the system

administrator.)

Slice Tags - name the standard mount points for each of the slices.

Slice Flags - Label whether each slice is writeable and mountable.

Displaying a Disks VTOC


46/256


Displaying a Disk s VTOC# prtvtoc /dev/rdsk/c0t0d0s0* /dev/rdsk/c0t0d0s0 partition map

** Dimensions* 5 12 bytes/sector* 80 sectors/track* 9 tracks/cylijnder* 720 sectors/cylinder* 2500 cylinders* 1151 accessible cylinders** Flags :* 1: unmountable* 10: readonly** First Sector Last

* Partition Tag Flags Sector Count Sector Mount Directory* 0 2 00 0 41040 41039 /* 1 3 01 41040 205200 246239* 2 5 00 0 828720 828719* 5 6 00 246240 20880 267119 /opt* 6 4 00 267120 561560 828719 /usr

PARTITIONING DISK


47/256


PARTITIONING DISK

partition> 0

Part Tag Flag Cylinders Size Blocks

0 root wm 0 - 41 14.77mb (42/0/0)

Enter Partition id tag[root] : Enter Partition Permission Flags[wm] :

Enter new starting cylinder[0] :

Enter Partition size[30132b, 42c, 14.77mb] : 16mb

Disk BlocksCylinders

Mbytes

Wh t M k P titi I t Fil S t


48/256


What Makes a Partition Into a File System

Super Block

Super Block

CPU Memory

Slice 6

Updated Every 30

seconds

Slice 1

Slice 0

Loaded into memory

at boot time

Super Blocks

(16 sectors)

Disk label

(1 sector)

Boot Blocks

(15 sectors)


49/256


Creating a New File System

# newfs /dev/rdsk /c0t1d0s0

newfs : construct a new file system /dev/rdsk/c0t1d0s0: (y.n) ? Y

/dev/rdsk/c0t1s0d0 : 28188 sectors in 87 cylinders of 9 tracks, 36

sectors

15.5MB in 3 cyl groups (16 c/g, 5.90MB/g, 2688 i/g )

super-blocks backups (for fsck -F ufs -o b= #) at :

32, 11632, 23232,

BACKGROUND STRUCTURES


50/256


BACKGROUND STRUCTURES

Created by

the newfs

command

VTOCBoot block

Super block

Backup Superblock

Cylinder group block

Inode table

Data block(s)

Backup super block


Inode table

Data block(s)

Backup Superblock

Cylinder group blockInode table

Super Block & Cylinder Group Block


51/256


Super Block & Cylinder Group BlockSuper Block Super Block clean flag. Number of cylinder groups

Number of data blocks. Number of fragments in data block. Size of data block. Size of a fragment. Number of tracks in a cylinder. Number of sectors in a track.

Number of sectors per cylinder. Number of cylinders in the partition.

Cylinder Group Block

Number of cylinders.

Number of data blocks.

Position of the last used data block. Number of free data blocks and their locations.

Position of the last used fragment.

Number of free fragments.

File inodes


52/256


File inodes

Permissions Links

and other Information

0

1

2

34

5

6

7

8910

11

12

13

inode Data blocks

Indirect blocks

2048 data

blocks

2048 datablocks

Indirect block

2048 addresses

Double indirect block

2048 addresses


53/256


FILE SYSTEMS STRUCTURE


54/256


FILE SYSTEM

Collection of files & directories used tostore & organize information

Collection of control structures & data

blocks of a partitionFile Systems

ufs hsfs pcfs NFS psuedo

Disk -basedNetwork based Cachefs etc.

Label0


55/256


Boot Block

Superblock

Backup superblock


Inode table

Data Blocks

Second Cylinder

group

First Cylinder

Group

1-15

16-31

32

47


56/256


CYLINDER GROUPS

Cylinder Group Blocks

Inode tables

Data blocks


57/256


Inodes

Direct Pointers

Indirect Pointers

single indirect

double indirect

triple indirect


58/256


The fsck utility

The fsck program is run when a system

boots

The fsck program runs in two modes :

Non-Interactive mode

interactive mode


59/256


checked by the fsck utility

Superblock summary information

cylinder group block

inode information

file system data block information

directory information


60/256


fsck Output The following is the fsck program when no inconsistencies

were discovered:# fsck /dev/rdsk/c0t3d0s7

**last mounted on /export/home

**Phase 1 - check blocks and sizes

**Phase2 - check pathnames

**Phase3 - check connectivity

**Phase4 - check Reference counts

**Phase5 - check Cyl groups2 files,9 used, 21606 free


61/256


MONITORING FILE SYSTEM

df du quota

df-k

capacity/usageof f i le system

display disk usage

du -a /usr

(in blocks)

disk usage by a user

quot [-af] f i lesystem

all f i lesystems and

no. of f i les


62/256


63/256


ALTERNATIVE SUPERBLOCKS

If superblock is corrupted, run fsck to use a

backup superblock

Locate the backup superblock at offset 32 of

file system Use newfs -N to locate backup superblocks


64/256


MOUNTING FILES

The process by which separate file systems

are attached to the file-system hierarchy(file tree structure)

/etc/vfstab Manual mounting(from the command line)


65/256


EXAMPLE MOUNT COMMANDS

to mount a file system manually

# mount /dev/dsk/c0t3d0s7 /export/home

to enable UFS logging

# mount -o logging /dev/dsk/c0t3s6 /usr

to mount a file system with largefiles disabled

#mount -o nolargefiles /dev/dsk/c0t3d0s7 /export/home

to mount a file system using the content of the /etc/vfstabfile

#mount /export/home

/etc/vfstab file


66/256


/etc/vfstab file The /etc/vfstab virtual file system table provides default entries for mounting

file system at boot time. The format of the file is one record per line,seven

fields per record with a dash(-) indicating a null value for a field.#device device mount fs fsck mount mount#to mount to fsck point type pass at boot ops

#dev/dsk/c1d0s2 /dev/rdsk/c1d0s2 /usr ufs 1 yes -

/proc - /proc proc - no -

fd - /dev/fd fd - no -

swap - /tmp tmpfs - yes -

/dev/dsk/c0t3d0s0 /dev/rdsk/c0t3d0s0 / ufs 1 no -

/dev/dsk/c0t3dos6 /dev/rdsk/c0t3d0s6 /usr ufs 1 no logging

/dev/dsk/c0t3d0s3 /dev/rdsk/c0t3d0s3 /export ufs 5 yes logging/dev/dsk/c0t3d0s7 /dev/rdsk/c0t3d0s7 /export/home ufs 5 yes logging

/dev/dsk/c0t3d0s5 /dev/rdsk/c0t3d0s5 /opt ufs 8 yes logging

/dev/dsk/c0t3d0s1 - - - swap - no

-

mountall commands


67/256


mountall commands

mountall -l

Mounts all local filesystems

mountall -r

Mounts all remote filesystems

umountall commands


68/256


umountall commands

umountall -l

Unmounts all local filesystems

umountall -r

Unmounts all remote filesystems

MOUNTING DIFFERENT TYPES OF


69/256


FILESYSTEMS

Create a mount point

#mkdir /pcfs

specify the file system tape

# mount -F pcfs /dev/diskette /pcfs

#mount -F hsfs -o ro /dev/dsk/c0t6d0s0/cdrom

HOW FILE SYSTEM TYPE IS


70/256


HOW FILE SYSTEM TYPE IS

DETERMINED

/etc/vfstab file

/etc/default/fs and /etc/dfs/fstypes files

S C ACC SS


71/256


NFS CLIENT ACCESS

Using the dfshares and mount commands

determine NFS file system availability from a server

#dfshares sun

mount a remote resource

# mount -f nfs -o ro sun:/usr/share/man /usr/share/man

unmount a remote resource# umount /usr/share/man


72/256


BASIC UTILITIES

(EDITORS)


73/256


ed (Line Editor)

vi (Visual Editor)


74/256


PACKAGE ADMINISTRATION


75/256


Objectives

Information of Installed Packages

Adding New Packages

Deleting Packages

Checking Consistencies

Spooling Packages


76/256


PACKAGE CONTENTS

Description Of Package

Description Of Relationships To Target System e.g. Disk space requi red

Files To Be Installed

Pre & Post Installation Scripts



77/256



COMMANDS ADMINTOOL

pkginfopkgrm

pkgchk

pkgadd

PKGINFO


78/256


Display Software Package Information

Command Format

pkginfo [-d [device | pathname]] [-l] pkg_name

Device where

S/W resides

Displays

Detailed

Information

Name OfPackage

EXAMPLE


79/256


Application SUNWAxg Solaris XGL 3.3 AnswerBook

Solaris Documentation ServerSUNWab 2uSystem

b) Checking S/W packages on CD

Category System Name Name of Package

pkginfo -d /cdrom/cdrom0/s0/solaris_2.7/product |more

a) pkginfo | more

EXAMPLE


80/256


pkgrm

pkgrm

warns about possible packagedependencies

a shared file is removed only when last ofsharing package is removed

pkgadd


81/256


pkgadd

Checks Package & System Information

Verifies Package Requirements

Verifies Disk Space Requirements

Checks For Package Conflicts

Starts the Installation

Adds packages Spooling Packages

pkgadd -d package name

Stages in Package addition

PACKAGE SPOOLING


82/256


PACKAGE SPOOLING

Copying Package Without Installing it Package -d -s spool

Default Spool Directory is /var/spool/pkg

e.g. pkgadd -d /cdrom/cdrom0/s0/solaris_2.7/product

-s spool SUNWaudio

OR

pkgadd -d /cdrom/cdrom0/s0/solaris_2.7/product

-s /export/spool_dir SUNWaudio

PKGCHK


83/256


Compares various attributes & contents of package

pkgchk [ -p [path1] [path2] ]

e.g. pkgchk SUNWaudio

Important Files/Directories


84/256


/opt/pkgname - Preferred location for

unbundled Packages /opt/pkgname/bin

OR Preferred location for

/opt/bin executables/var/opt/pkgname

OR log files of packages

/etc/opt/pkgname /var/sadm/install/contents - package map of entire

system


85/256


PATCH ADMINISTRATION

OBJECTIVES


86/256


OBJECTIVES

Obtain Patch Information

Verify Current Patches Installed

Install Patches

Remove Patches

PATCH NUMBERING


87/256


www.sunsolve.com www.sun.com

metalab.unc.edu

PATCH DISTRIBUTION

WWW FTP Server CDROM

for SunServiceCustomer

(revision number)

1011945-34

PATCH FORMATS


88/256


PATCH FORMATS

zip Files (.z) compressed

tar

gzip files

# Extracted using

zcat path.z | tar xvf

# Extracted using

tar xvf

# Extracted using

gzip utility

(www.gzip.org)

IMPORTANT


89/256


Never modify/edit contents of files in

/var/sadm/patch

/var/sadm/patch has historical information of

patches installed on system.

PATCH VERIFICATION


90/256


PATCH VERIFICATION

showrev -p or patchadd -p

displays complete patch information like

incompatibles , packages etc.

PATCH REMOVAL

patchrm


91/256


USER ADMINISTRATION

OBJECTIVES


92/256


OBJECTIVES

Use admintool to create new groups & users

setup password aging/locking

useradd/usermod/userdel commands

ADMINTOOL


93/256


ADMINTOOL

GUI utility to maintain system databases

for

users groups

hosts

printers serial ports

software

useradd command


94/256


Creates new user account

new login remains locked until password

command is used

Options:

-comment e.g -c trainee

-d e.g -d /home/trainee -e e.g -e 10/6/99

-f e.g -f 10

-g e.g -g other

-u e.g -u 100

-s e.g -s /bin/sh

-o allows duplication of uid

usermod command


95/256


usermod command

Modifies a existing user account

e.g

usermod -g other -d /export/home/trainee -m -l guest trainee

group New directory

moves users directory

to new location

New loginname

userdel command


96/256


userdel command

Deletes user account

userdel [-r] login

removes users home directory

System initialization files for users


97/256


System initialization files for users

Initialization files contains a series of commands that are executed

when a shell is started

Customize the environment for that shell

Shell System(Read first)

User(Read second/third)

Template/etc/ skel

Bourne /etc/profile $HOME/.profile Local.profile

Korn /etc/profile $HOME/.profilethen$HOME/.login

Local.profile

C /etc/profile $HOME/ .cshrcthen $HOME/.login

Local.profile

dtprofile File


98/256


.dtprofile File

is used by CDE users

resides in users home directory

is created the first time a user logs in

/etc/profile Script


99/256


/etc/profile Script

exports environment variables

exports PATH

sets TERM

displays /etc/motd

sets default permissions checks for mail

/etc/skel directory


100/256


/etc/skel directory

skel

Local .profile.profile

Local .login

Local .cshrc

Rereading the initializing files


101/256


Rereading the initializing files

Bourne and korn shells

$ cd

$ . ./.profile$ . ./.kshrc

C shell

% source ~/.login

% source ~/.cshrc


102/256


SYSTEM SECURITY

OBJECTIVES


103/256


OBJECTIVES

Security Overview of files

Superuser Account

Effective user ids & group ids

Administrating File Ownerships

Monitoring System Access

SECURITY IN SOLARIS


104/256


SECURITY IN SOLARIS

Password authentication

File access permissions

ACLs

SECURITY FILES


105/256


SECURITY FILES

/etc/password

/etc/shadow

/etc/password


106/256


/etc/password

Contains entry for each system user

Contains the following information:

login ID username

x placeholder for password

UID number used by system to

recognize the user

GID number representing users

primary group

comment

home directory

login shell

/etc/shadow


107/256


Contains encrypted password

login ID password(Encrypted form)

lastchg - no. of days between last password change and 1 Jan

1970

min- minimum no of days between password change

max

warn

inactive

expire

/etc/group


108/256


/etc/group

Defines all system groups a user belongs to

fields :

groupname

password

GID

userlist

SUPERUSER ACCOUNT


109/256


SUPERUSER ACCOUNT

Performs administrative tasks shutting down system

backing up & restoring file systems

mounting & unmounting file resources

user management etc.

password aging should be enabled

password should be changed frequently

id command


110/256


id command

Identifies user

id -a

displays uid ; name ; gids of groups.

su command


111/256


su command

Used to change to other users A/C

su -

provides the environment of user

all su attempts are logged in /var/adm/sulog

Administrating File Ownership


112/256


Administrating File Ownership

chown chgrp

(changes file ownership) (changes group name of

file)

e.g. e.g.

chown user1 chgrp grp1 file1

or

chown -R dir1or

chown -R user:grp1 dir1

/etc/default directory


113/256


/etc/default directory

passwd login su

controls system-wide restricting logging su

password aging super user access attempts

variables: variables:

-MAXWEEKS -PASSREQ-MINWEEKS -CONSOLE

-PASSLENGTH

Monitoring System Access


114/256


who finger last sulog

who -u displays detailed login & logout /var/adm/suloguser a/c information information


115/256


PROCESS CONTROL

OBJECTIVES


116/256


ps command

kill command & options

pgrep & pkill

at / crontab commands

structure of crontab file & process scheduling

Process Status


117/256


Lists processes currently running on system

options -e :- information of all processes

-f :- full listing

-u :- processes of particular users

ps

The kill command


118/256


Command format

kill [-signal] PID(s)

Signals 44 signals

SIGTERM,signal 15,is default signal sent

Process termination# kill 1400

pgrep pkilldisplays process id kills the process


119/256


displays process id kills the process

of process matching pattern matching pattern

Usage

pgrep [-options] pattern

pkill [-options] pattern

Options-u :- matching UID

-f :- a regular expression

-t :- matching the terminal-G :- matching GID number

e.g pkill -U user1 mails

Process Manager


120/256


g

Tools( CDE option)

find process

proctool

at command


121/256


Executes a command or script at a specified time

/etc/cron.d/at.deny:-identifies users who cannot

use at command

USAGE:

at [-m] [-r job] time [date]

send mail removes a

to user previouslyon completion scheduled jobs

Running commands at specified time


122/256


Running commands at specified time

Displaying the crontab file :

crontab -l

using root crontab file

/etc/cron.d/logchecker

/usr/lib/newsyslog

controlling crontab access /etc/cron.d/cron.allow

/etc/cron.d/cron.deny

User access to CRON


123/256


By default the cron.deny file prohibits crontabuse from the following system users: daemon

bin

smtp nuucp

listen

nobody

noaccess

The cron.allow file does not exist by default

The crontab file format


124/256


The crontab file consists of entries with six fields in each

entry. The fields are separated by spaces or tabs.

10 3 * * 0 /usr/lib/newsyslog

The day of week field,values 0-6 .0 is sunday

The day of month field,values 1-31

The month field,values 1-12

The hour field,values between 0-23

The minute field,values between 0 and 59

The command field

How to edit a users crontab file


125/256


Set the editor variable to specify the editor to use

Edit the crontab file using crontab -e

View the current crontab file using crontab -l


126/256


ADVANCED FILE PERMISSIONS

FILE PERMISSIONS REVIEWED


127/256


The Octal Mode

Octal mode is based on the base eight numbering system(0-

7 are the available numerals).

Each permission has an octal value as follows:

Octal Values Permissions

4 Read

2 Write

1 Execute

The octal values for the permissions set are :


128/256


Octal Value Permissions

7 r w x6 r w -5 r - x4 r - -3 - w x2 - w -1 - - x

0 - - -

umask filter


129/256


Determine the default permissions for files

and directories

Assigns permissions during the creation ofnew files and directories

Displays your umask

$ umask

022

Enables users to set their own umask value

Changing the umask value In the current shell


130/256


$ umask 027

$ umask027

PERMANENTLY CHANGING umask

$ vi .profile

# @(#)local.profile 1.4 93/09/15 SMI

#

stty istrip

Path=.:/usr/bin:/usr/usb:/etc

export PATH

umask 027

ACCESS CONTROL LISTS(ACLS)


131/256


Provides greater control over file

permissions

Provides traditional UNIX file protection

and more

setfaclcommand


132/256


Syntax

setfacl [options] acl_entry filename1 [filename2...]

Options

-m Creates or modifies an ACL

-s Replaces the entire ACL with new ACL-d Deletes ACL entries

-r Recalculates ACL permissions

acl_entry Is an ACL entryfilename Is a file or directory which contains the

ACL entries

EXAMPLES


133/256


Adding read/write permissions for ssa20

$ setfacl -m user:ssa20:6 ch3.doc

Checking if a file has an ACL$ ls -l ch3.doc

-rwxr-----+ 1 william sysadmin 163 Nov 11 11:12

Deleting an ACL entry$ setfacl -d user:ssa20:6 ch3.doc

getfacl command


134/256


Used to verify that an ACL was set on the file

SYNTAX

getfacl [options] filename1 [filename2]

OPTIONS

-a displays the file name,owner,group, and

ACL entries for the specified file or directory

-d displays the file name,owner,group and

default ACL entries for the specified directory

setuid and setgid


135/256


These special permissions enable you to control the

modification of files and create shared directories executable programs

directories

setuid and setgid permissions

e.g.

$ ls -l /bin/passwd /etc/shadow

-r-sr-sr-x 3 root sys 99640 sep 1 1998 /bin/passwd

-r-------- 1 root sys 493 Apr 12 16:13 /etc/shadow

Using setuid and setgid permissions


136/256


Setting setuid and getuid permissions

numeric or symbolic notation

controlling modification of files

e.g.

#chmod 4755 setuid_program

#chmod 2755 setgid_program

creating shared directories#chmod g+s some-directory

The STICKY bit Determining the characteristics of a directory with set sticky bit


137/256


Determining the characteristics of a directory with set sticky bit

identifying sticky permission

$ ls -ld /var/tmp

drwxrwxrwxt 2 sys sys 512 may 26 11:02 /var/tmp

setting the sticky permission

# chmod 1777 project

# ls -ld project

drwxrwxrwxt 2 root other 512 nov 15 14:30 project

#chmod a=rwxt project

$ ls -ld projectdrwxrwxrwxt 2 root other 512 nov 15 4:30 project


138/256


DEVICE ADMINISTRATION

Logical device Name


139/256


Used by system administrator to reference

devices

These names are symbolically linked to

their corresponding physical device name

The logical names are located in the /devdirectory and are created at the time when

the physical names are created

SCSI h t d t

System boardt0

scsi ctlr

t1

scsi ctlr

t6

scsi ctlr


140/256


SCSI host adapter

c0

fas0

scsi ctlr

d0 d1 d2

s0

s1

s5

s6

s0

s6

/dev/dsk/c0t0d0s0

/dev/dsk/c0t0d0s1 /dev/dsk/c0t0d0s5

/dev/dsk/c0t0d0s6

/dev/dsk/c0t0d0s0

/dev/dsk/c0t0d0s6

DEVICE

NAMING

CONVENTIONS

/dev/[r]dsk/c# t# d# s#


141/256


Controller number

Target number

Logical unit number

Slice number

PHYSICAL DEVICE NAMES


142/256


Devices

psuedo

pci

PCI

fdthree se sddad

ide

Devices directory structure

Device Instances


143/256


Kernels abbreviation for a device

dmesg displays instance names

Instance disk is an abbreviation for the

physical device name

e.g. /dev/sd0 represents an instance of a HDD.

BSD NAMES


144/256


located in the /dev directory

used for backward compatibility

# ls -l /dev/sd0a

lrwxrwxrwx 1 root root 12 oct 20 16:05 /dev/sd0a dsk/c0t3d0s0

dmesg command


145/256


Identifies the devices connected to the system

uses instance names and physical device names

stores output in a buffer(get overwritten)

The /etc/path_to_inst fileThe following is from the /etc/path to inst file on an ultra 1 system using


146/256


The following is from the /etc/path_to_inst file on an ultra 1 system using

one SCSI controller :

/sbus@1f,0 0 sbus

/sbus@1f,0/espdma@e,84000 0 dma

/sbus@1f,0/espdma@e,84000/esp@e,88000 0 esp

/sbus@1f,0/espdma@e,84000/esp@e,88000/sd@3,0 3 sd

/sbus@1f,0/espdma@e,84000/esp@e,88000/sd@2,0 2 sd /sbus@1f,0/espdma@e,84000/esp@e,88000/sd@1,0 1 sd

/sbus@1f,0/espdma@e,84000/esp@e,88000/st@3,0 3 st



/sbus@1f,0/espdma@e,84000/esp@e,88000/st@1,0 1 stses

/sbus@1f,0/espdma@e,84000/esp@e,88000/ses@0,0 0

ses


147/256

RECONFIGURING DEVICES


148/256


To add new devices

1. Create a /reconfigure file.

2. Set the SCSI target number.

3. Connect the new disk to the system.

4. Turn on the power.

5. Boot the system.


149/256


SOLARIS NETWORKING

IP ADDRESSING


150/256


Class A Class B Class C

very large networks large networks Small/Mid size Network

(upto 16 million) (upto 65000) (upto 254)

1-127 128-191 192-223

NETWORKING FILES


151/256


/etc/inet/hosts or /etc/hosts

/etc/nodename

/etc/hostname.hme0

/etc/inet/hosts


152/256


Stores ip addresses for host names

linked to /etc/hosts

network entry 127 is reserved for local host

network number

network entry with keyword loghostidentifies IP address of host

/etc/hostname.hme0


153/256


identifies ethernet interface to beconfigured at boot up

contains hostname or its ip address

/etc/nodename

contains system host name

REMOTE ACCESS


154/256


Files Commands

/etc/hosts.equiv$home/.rhosts

rlogin

rsh

rcp

/etc/hosts.equiv


155/256


Identifies remote machines as trusted hosts

does not exist by default

e.g.

$ cat /etc/hosts.equiv

hostname1 userlist

hostname2 userlist

$HOME/. rhosts


156/256


Does not exist by default

e.g$ cat $HOME/.rhosts

hostname1 -> all users of hostname1

hostname2 -> user1 of hostname2

rlogin


157/256


Logging in remotely

syntax :-

rlogin hostname [-l username]

Remote hostname

rsh


158/256


Running commands remotely

syntax :-

rsh [-l username] hostname

e.g.

rsh -l ssa1 venus ls - al /var/mail

rcp


159/256


Copying files across the network

rcp source-file hostname:destination file


160/256


NETWORK FILE SYSTEM&

MOUNTING

THE NFS FILE SYSTEM


161/256


Some benefits of NFS file system are :-

centralized files

common software

files appear to be local

NFS TERMINOLOGY


162/256


NFS SERVER -- An NFS file server designates

local file resources to be shared with other systems

on the network

NFS Client -- An NFS client machine mounts file

resources that are shared over a network and treats

the file systems if they were local

NFS server NFS ClientDaemons: Daemons:

mountd nfsd statd statd and lockd


163/256


mountd,nfsd,statd statd and lockd

and lockedFiles: Files:

/etc/dfs/dfstab /etc/vfstab and

/etc/dfs/sharetab /etc/mnttab

/etc/rmtab

Commands: Commands:

share,unshare, mount,umount,

shareall, mountall,

unshareall, umountall,

dfshares and dfmounts dfshares and dfmounts


164/256

The /etc/dfstab file


165/256


The /etc/dfs/dfstab file is read when

the system enters run level 3

root executes the shareall command

the /etc/init.d/nfs.server script runs

THE SHARE COMMAND


166/256


SYNTAX

share [-F Fstype] [-o options] [-d description]pathname

OPTIONS ro

rw

root = client

ro = access - list

rw = access - list

unshare command


167/256


Command Format

unshare [ -F nfs ] pathname

Options

-F nfs

pathname

shareall and unshareall commands


168/256


Command format

shareall [-F nfs]

unshareall [-F nfs]

NFS File Server configuration


169/256


Edit the /etc/dfs/dfstab file.

Start the server daemons

verify the intended sharing

The dfshares command


170/256


Command formatdfshares [-F nfs] [ host]

Examples

#dfsharesresource server access transportvenus:/usr/share/man venus - -

#dfshares marsresource server access transportmars:/export mars - -

The dfmounts command


171/256


Command format

dfmounts [-F nfs]

Example

# dfmounts

Resource Server Pathname CLIENTS- venus /usr/share/man earth,pluto

The mount command


172/256


Command formatmount [ -F ][ -o options] server : pathname mount_point

Options

-F nfs

-o options

server : pathname

mount_point

#mount venus:/usr/share/man /usr/share/man

Entries in /etc/vfstab file


173/256


To mount remote file systems at boot

#device device mount FS fsck mount mount

#to mount to fsck point type pass at boot options

venus:/usr/man - /usr/man nfs - yes soft.bg

The NFS Client Setup


174/256


Displays resources currently available from server

mounts the desired resources

setups automatic mounting of the resources

unmounts the resource when it is no longer needed


175/256


176/256


BACKUP & RESTORATION


177/256

UFSDUMPTO.. Argument For Example

Do a full 0 option


178/256


Do a full

backup

0 optionufsdump 0ucf /dev/rmt/0 /

Do an incremental

backup1-9 option ufsdump 9ucf /dev/rmt/0 /

backup individual

files

Specify a file or a

directoryufsdump ucf /dev/rmt/0/export/home/kryton

Specify a cartidge

tape-c option ufsdump 9ucf /dev/rmt/0/export/home/

Backup local filesystem to a remote

system tape drive

Remote systemdump file ufsdump oucf pluto : /dev/rmt/0/export/home


179/256

tar

tar & cpio


180/256


It copies files and directorie subtresss to a single tape

It is available on most UNIX operating systems

Public domain versions are readily available

It is not awrae of filesystems boundaries

The full path name length can not exceed 255 characters It does not copy empty directories or special files such as

device files

cpio It copies special files or filesystems those require multiple


181/256


It copies special files or filesystems those require multiple

tape volumes

It packs data onto tape more efficiently than tar

It skips over any bad sectors in atape while restoring

It provides options for writing files with different header

formats (tar, cdc, crc etc) for portability between different

system tapes

It creates multiple tape volumes

Copying All Files in Directory to a Tape (cpio)

The following example copies all the files in the directory


182/256


/export/home/kryten to the tape in the tape drive 0.

$ cd /export/home/kryten

$ ls | cpio -oc > /dev/rmt/0

8 blocks

$ cpio -civt < /dev/rmt/0drwxr-xr-x 2 kryten users 0 Jun 9 15:56 1998, letters

drwxr-xr-x 2 kryten users 0 Jun 9 15:56 1998, memos

drwxr-xr-x 2 kryten users 0 Jun 9 15:56 1998, reports

8 blocks$

How to Retrieve All Files From a Tape (cpio)

1. Change to the directory where you want to put the files.

2 Insert the tape into the tape drive


183/256


2. Insert the tape into the tape drive.

3. Copy all the files from the tape to the current directory using thecpio command.

$ cpio -icvd < /dev/rmt/n

- i Reads in the contents of the tape.- c specifies the cpio should read files in ASCII

character

- v Displays the files being retrieved in the format

similar to the output from the ls command.

- d Create directories as needed.< /dev/rmt/n Specifies the output file.

4. Verify the files copied by listing the contents of the current directory


184/256

How to Retrieve Files From a Tape (tar)

1. Change to the directory where you want to put the files.

2 Insert the tape into the tape drive


185/256


2. Insert the tape into the tape drive.

3. Retrieve files from the tape using the tar command.$ tar xvf /dev/rmt/n [filename ...]

x Indicates that files should be extracted from the

specified archive file. All of the files on the tape in the

specified drive are copied to the current directory.

v Displays the name of each file as it is archived.

f /dev/rmt/n Indicates the tape device containing the

archive.

filename Specifies a file to retrieve.

4. Verify the files are copied by listing the contents of the currentdirectory.

$ ls -l

Retrieving Specified Files From theTape(cpio)

Th f ll i l t i ll th fil ith th ffi h t


186/256


The following example retrieves all the files with the suffix chapter

from the tape in drive 0.

$ cd /home/smith/book

$ cpio -icv *chapter < /dev/rmt/0

Boot.chapterDirectory.chapter

Install.chapter

Intro.chapter

31 blocks$ ls-l


187/256

Device Naming

B k l (S OS 4 )


188/256


/dev/rmt/XAbn

Berkeley(Sun OS 4.x)

Compatibility

Optional No-rewind

n no-rewind omit for rewind

Optional Densityl lowm mediumh highu ultrac compressed

Drive0

1234n

Displaying Tape Drive Status


189/256


$ mt -f /dev/rmt/0 statusArchive QIC-150 tape drive:

sense key (0x0) = No Additional Sense residual=0 retries=0

file no =0 block no=0

$ mt -f /dev/rmt/1 status

Exabyte EXB-8200 8mm tape drive:sense key(0x0) = No Additional Sense residual=0 retries=0

file no =0 block no=0

Rewinding a Magnetic Tape Cartridge$ mt -f /dev/rmt/1 rewind


190/256


191/256

netstat

Shows network status


192/256


Syntax netstat [-i][-p][-r] -I interface -P protocol

Options

-i shows state of the interface. -p shows ARP tables

-r Routing tables or static routes

-I shows states of a particular interface

-P statistics of a particular protocol

snoop Used for capturing & inspecting network packets.

Can only be run by supervisor


193/256


Can only be run by supervisor.

Displays contents of highest level protocol

e.g. Examine Broadcast packets

# snoop broadcastUsing device -d (promiscous mode)

mach 1 -- 128.50.255.255 RUSERS C

mach 5 -- 128.50.255.255 RUSERS C -v verbose can be used for detailed information


194/256

ping


195/256


Used to check network connectivity

Uses Icmp

Syntax :ping [-s] -I[internal] host

-s -- continuously sends data packets.

traceroute


196/256


Prints the route taken by ICMP packets to

reach a network host from another

Used to check fault on a network

Syntax :

#traceroute


197/256


LP PRINT SERVICES

PRINT SERVICE ARCHITECTURE


198/256


Client-server model Print server

Print client

Printing System Print service software

Sunsoft Print client software

Print filters Hardware


199/256

LP PRINT SERVICE DIRECTORIES

Directory Contents


200/256


Directory Contents

/usr/bin The LP print service user commands.

/etc/lp LP server configuration files.

/usr/share/lib The terminfo database directory.

/usr/sbin The LP print service administrationcommands.

/usr/lib/lp LP daemons, directories for binary files,and PostScriptfilters.

/var/lp/logs LP daemon logs/var/spool/lp Spooling directory for pending requests.


201/256


202/256

PRINTING ENVIRONMENT


203/256


Local Printer

Remote Printer

FINDING THE PRINTER


204/256


Determining the printer name The command-line interface

The users PRINTER orLPDEST

environmental variables for a default printer

_defaultin $%HOME/.printer

_defaultin/etc/printer.conf

_defaultin a network name services database

lp/lprLpsched

schedules

i t t

LOCAL PRINT MODEL


205/256


PRINTERDOCUMENT

lpsched

Selects printer/var/spool/lp/requests/system

/var/spool/lp/tmp/system

Filter request

Interface Program

print request

REMOTE PRINTING


206/256


inetd In.lpd lpsched

Spool area

To printer

CONFIGURING PRINT SERVICES


207/256


Setting up the printer

Setting up the print server

Setting up the print client

PRINT SERVER REQUIREMENTS


208/256


Minimum of 20-25 Mbytes in spoolingdirectory.

At least 32 Mbytes of RAM.

Enough swap space to augment RAM and

support print services.

lp command

Command Name Description


209/256


lp Sends file to a printerlpstat Displays print service status

cancel Cancels print requests

lpadmin Performs various administration tasks

accept Enables queuing of print requestsreject Prevents queuing of further print requests

lpmove Moves print requests

enable Enables printer to print requests

disable Disables printer from printing requests

lpstat command

Used to display a users print queue


210/256


Syntax : lpstat [-options]

-a Reports whether print destinations are accepting requests.

-d Displays the name of the default printer.

-o Displays the status of all output requests on printers.

-p Displays the idle or busy status and availability of allprinters.

-s Determines what printers are configured for the system on

which you are working. -t Displays all status information, the combined output of all

other options, plus the list of queued print requests.

PRINTER ADMINISTRATIONCOMMANDS

Designating a default destination


211/256


Designating a default destination

# lpadmin -d sparky

# lpstat -d

system default destination: sparky

Setting a user default printer variable (Bourne shell)

$ LPDEST=spock; export LPDEST

Setting a user default printer variable (C Shell)

venus %setenv LPDEST spock

TROBLESHOOTING A PRINTER

Check the status of the queues.


212/256


$ lpstat -o

Stop and restart daemons.

# /etc/init.d/lp stop

# /etc/init.d/lp start

Print services started.


213/256


JUMPSTART

INSTALLATIONS

NETWORK INSTALLATION

Servers Required


214/256


Install Server

Boot Server

Name Server

INSTALL SERVER

Creating Install Server


215/256


Sun System with CD ROM as install Server

Mount CD ROM Drive

Run setup_install_server

eg ./setup_install_server /export/install

BOOT SERVER

Creating Boot Server


216/256


Sun System with CD ROM as Boot Server

Mount CD ROM Drive

Run setup_install_server -b

eg ./setup_install_server -b /export/install

Boot server is only required if the install server is on

another subnet

ADDING CLIENTS

add_install_client


217/256


-c server:jumpstart_dir_path

-s install_server:install_dir_path

-e ethernet address

-p server:sysidcfg_path

host_name

platform_group

TASKS

Create Jump start directory on the server


218/256


Enable all clients to access that directory

Creating Profiles

Creating a rules file

Using check to validate the rules file

Creating a jumpstart directory

Create Jump start directory on the server


219/256


eg mkdir /jmpstart

Share this directory

eg add share -F nfs -o ro,anon=0 /jmpstart in

/etc/dfs/dfstab file followed by unshareall and

shareall

Creating a jumpstart directory

Copy the contents of auto_install_sample


220/256


directory from Solaris CD into the jumpstart

directory

eg cp -r auto_install_sample/* /jmpstart

Accessing jumpstart directoryTwo ways of making client access the jumpstart

directory


221/256


y

Using -c option of add_install_client command

everytime system is added for network installation

Editing the bootparams file and updating the name

service if required

eg * install_config=server:jumpstart_dir_path

What is a profile?

Profile is a text file used as a template by the


222/256


custom jump start installation software

It defines how to install solaris software on a

system

It consists of one or more profile keywords and

their values

Requirements for profiles

The install_type profile keyword is required


223/256


Only one profile keyword can be on a line

Creating profile

Create a new file or edit one of the sample


224/256


profiles in the jumpstart directory

Profile keywords and their values are case

sensitive

profile should be owned by root and have

permissions equal to 644

Profile Examples

# Profile keywords profile values


225/256


install_type initial_install

system_type standalone

partitioning default

filesys any 60 swap

cluster SUNWCall

package SUNWman delete

Rules file

Rules file is a text file used to create the


226/256


rules.ok file

Rules file is a look-up table consisting of one

or more rules that define matches betweensystem attributes and profiles

Creating Rules file

Create a new file with name rules or edit the


227/256


existing rules file in jumpstart directory

Add a rule in the rules file for each group of

systems that need to be installed

The rules file must have at least one rule

Rule must have at least a rule keyword, a rule

value, and a corresponding profile

Syntax[!] rule_keyword rule_value [&& [!]


228/256


rule_keyword rule_value] begin profilefinish

! Symbol used to indicate negation

[] indicates an optional expression or field

rule_keyword - predefined keyword that

describes a general system attribute such as

host name or memory size

Syntax(Contd.) Rule_value- Value that provides the specific


229/256


system attribute for the corresponding rulekeyword

&& Symbol used to logically AND

begin - name of an optional bourne shell script

that can be executed before the installation

begins. If no begin script exists, enter a minus

sign(-) in this field

Syntax(Contd.) Profile- Name of text file used as a template


230/256


that defines how to install solaris on a system finish- Name of an optional bourne shell script

that can be executed after the installation

completes

Rule ExampleRule keyword and value begin script profile finish script

hostname noida-1 - prof1 -


231/256


memsize 16-32 && - prof2 -

arch sparc

any - genprof -

Rules file Rules file must have file name rules


232/256


Rules.ok file is a generated version of the rulesfile and is required by the jumpstart installation

software to match system to a profile

rule_value, begin and finish fields must have a

valid entry or a minus sign

Important rule keyword Hostname


233/256


karch

memsize

network

Check file Check script is used to validate the rule and


234/256


profile file. It does the following Checks the rule file for syntax

check the profile file for syntax

If no errors are found, check creates the rule.ok

file

./check -r file_name

Check file Check script is used to validate the rule and


235/256


profile file. It does the following Checks the rule file for syntax

check the profile file for syntax

If no errors are found, check creates the rule.ok

file

./check -r file_name


236/256


NIS+

What is NIS+? Network name service that stores information


237/256


such as workstation addresses, securityinformation, mail information, ethernet

interface information at a central location

where all workstations on a network can access

it

It uses client server model to store andaccess information

What is NIS+?

Each domain is supported by a set of servers


238/256


Prinicipal server is called the master server

Backup server is called replica server

Network information is stored in 16 standardNIS+ tables

Changes made to the NIS+ data on the master

server are automatically propagated to the replicas

Name Service Switch It controls how the client obtains network


239/256


information Switch is called nsswitch.conf and is stored

in the /etc directory

Nsswitch.conf file This file identifies a particular type of network

information, such as host, password and group,


240/256


, , p g p,

followed by one or more sources, such as NIS+

tabkes, dns or local /etc

This file is loaded in every workstations

/etc directory along with three template

versions viz nsswitch.nisplus, nsswitch.nis

and nsswitch.files

NIS+ Scripts Three NIS+ scripts are required to set up a

NIS+ namespace


241/256


p

nisserver

nispopulate

nisclient


242/256


Configuring NIS+

Setting up Root Servers Defaults used in root server


243/256


Security level 2(DES)

System information files(/etc) as the source of

name service information

admin.domainname is the default NIS+ group

Setting up Root Servers(Contd.) Set the superusers PATH variable to include

/usr/lib/nis


244/256


If using DES authentication, specify the diffie-

hellman key length eg nisauthconf dh640-0 des

Run nisserver to configure a root master server

nisserver -r -d nis_domainname

Populating NIS+ tables Check for no spurious entries in /etc files


245/256


Remove all dots and underscores in host names Better make copies of /etc files and populate

only the information you want to populate

Domain must have been configured and its

master server must be running

Run nispopulate -F -p /nis+files -d

domain_name

Setting up NIS+ Client Domain must have been configured and master

server must be running


246/256


Master server of the domains tables must be

populated

Log in as super user on the machine that is

going to become NIS client

Setting up NIS+ Client(Contd.) Specify the Diffie-Hellman key length

O h i h f h


247/256


On the master server type nisauthconf. Use theoutput of this as an argument to nisauthconf on

the client

Run nisclient on the client machine

nisclient -i -d domain_name -h root_server


248/256

Initializing NIS+ Client Users Run the following command on the client

machine


249/256


nisclient -u

NIS+ Servers Client machines can be changed into NIS+

servers of the following types


250/256


Root Replicas- to contain copies of the NIS+

tables that reside on the root master server

To be master servers of subdomains of the root

domain

To be replicas of master servers of subdomains

of the root domain

NIS+ Servers Run the following command on the client

machine


251/256


rpc.nisd

Root Replica The domain must have been configured and its

master server must be running


252/256


The tables of master server must be populated

rpc.nisd must be started on the replica server

Log in as root on the root master server

Root Replica Run the following command on the root master

server


253/256


nisserver -R -d domain_name -h client_name

Creating Subdomain The parent domain must have already been

configured and its master server must be


254/256


running

The parents domains tables must be populated

New client machine must have been initialized

rpc.nisd must be running on the client

Log in as root on the parent master server

Creating Subdomain Run the following command on the master

server


255/256


nisserver -M -d new_domain -h client_name

where client_name is the name of the client

machine that will become the root domain


256/256

solaris admin

Documents