| Date post: | 14-Apr-2018 |
| Category: |
Documents |
| Upload: | subhrajitm47 |
| View: | 220 times |
| Download: | 0 times |
of 59
7/29/2019 Ence
1/59
SOLARIS
# uname a Gives all details about the system
# uname m Displays H/W platform (sun4u)
# uname p Machine processor architecture (sparc or i386)
# uname i Machine model architecture (SUNW, Ultra 5_10)# uname X Detailed description
# mkdir p /data/dir Creates directory and sub directory in one shot
# rmdir r /data Deletes the directory and all its subdirectory and files
# cp r /data /data1 It copies the directory# echo $MANPATH
: /usr/local/samba/man:
# echo $PATH Shows environmental path/usr/sbin:/usr/bin
Grep Command Options
-i Searches for both upper & lower case characters
-l Lists the names of files with matching lines
-n Proceeds each line with the relative line number in the file
-v Inverts the search to display lines that do not match the pattern
-w Searches for the expression as a complete word.
# find /kris name file1 Searches for file file1 in /kris directory
# find /ris name file1 exec ls l {} \; Search and display
# find /kris type f size 0 exec ls l {} \;
Search for the file with size 0# find /kris user user1 Shows file used by user user1
$ PATH=$PATH:/usr/ccs/bin:/usr/ucb: It will get appended to the existing path
# ln s Creating symbolic link
# ln Creating hard link
Unix File Permission
r 4, w 2, x 1_rw_ r_ _ r_ _ (644) Default file permission
drwx r_x r_x (755) Default directory permission
O G O Permission categories
# ls n /var/admdrwxrwxr_x 5 4 4 512 nov 15 14:55 file1
5 - No of hard link to the file or directory
4 The UID of the owner4 The GID of the group512 Size
# chmod R 755 For inherit permission
7/29/2019 Ence
2/59
VI Editor
Inserting and Appending Text
a - Append text after the cursor A - Appends text at the end of the linei - Inserts text before the cursor I - Inserts text at the beginning of the lineo - Opens a new line below the cursor O - Opens a new line above the cursor :r Inserts text from another file into the current file
Key Sequence for the VI Editor
n, left arrow or backspace Left one charactersj or down arrow Down one linek or up arrow Up one linel, right arrow or spacebar Right one characterw Forward one word
b Back one worde To the end of the current word$ To the end of the line0 (zero) To the beginning of the line^ To the first non whitespace character on the lineReturn Down to the beginning of the next line
G Goes to the last line of the file1G Goes to the first line of the file:n Goes to the line nnG Goes to the line nCtrl F Pages forward one screenCtrl D Scroll down one half screenCtrl B Pages back one screenCtrl U Scrolls up one half screenCtrl L Refreshes the screen
Editing files using the VI editing commands
R Overwrites or replace characters to the right of the cursor C Changes or overwrites characters to the end of the lines Substitute a string for a character at the cursor x Deletes a character at the cursor dw Deletes a word or part of the word to the right of the cursordd Dletes the line containing the cursor D Deletes the line from the cursor to the right end of the line:n,nd Deletes the line n through n
Using the Text Changing Commands
u Undoes the previous command
7/29/2019 Ence
3/59
U Undoes all changes to the current line. Repeats the previous command
Search and Replace Command
/string Searches forward for the string?string Searches backward for the stringn Searches the next occurrence of the string
N Searches for the previous occurrence of the string:%s/old/new/g Searches for the old string and replace it with the new string globally
Using the text copying and Text Pasting Commands
yy Yanks a copy of a linep Puts yanked or deleted text under the line containing the cursorP Puts yanked or deleted text before the line containing the cursor:n,n co n Copies lines n through n and puts them after line n
:n,n m n Moves lines n through n to line n
File Archives
# tar cvf bkp.tar file1 file2 Will archive file1 & file2
# tar tvf bkp.tar Shows the table of content
# tar xvf bkp.tar It extracts file from the tar archive
# jar cvf bkp.tar# jar tvf bkp.jar
# jar xvf bkp.jar
# compress bkp.tar To compress tar archive# ls
bkp.tar.z
# uncompress bkp.tar.z To uncompress tar archive
# gzip bkp.tar To create gzip filebkp.tar.gz
# gunzip bkp.tar.gz To extract the tar archive by gunzip
bkp.tar
# zip out.zip bkp.tar To create zip archive
# unzip out.zip To extract the zip archive
Module 1 Introducing the Solaris OE Directory Hirerarchy/bin Symbolic link to /usr/bin contains binary files of standard system commands/kernel Platform independent lodable kernel modules/platform Platform dependable lodable kernel modules
/sbin Single user bin directory contains essential executables/usr Contains programs, scripts and libraries that are used by all system users
Unix System Resources/var Directory of varying files, includes temporary, logging, or status files
7/29/2019 Ence
4/59
/dev/cua Dial out device files for UUCP & PPP/dev/dsk Block disk devices /dev/rdsk Raw disk devices/dev/pts Psuedo terminal devices /dev/md Metadisk devices/dev/term Serial devices /dev/sound Audio device files/dev/rmt Raw magnetic tape devices
/etc/cron.d Config info for cron utility /etc/default Default info for various prog./etc/inet Config files - network services /etc/init.d Scripts to stop & start services/etc/lp Config info for printer /etc/nfs Config info for NFS server logging/etc/rc#.d Scripts for various run levels /etc/skel Default shell initialization files
/usr/bin Standard system command /usr/sbin System administration commands/usr/kernel Platform independent lodable kernel module
devfsadm Solaris 8 & 9drvconfig Solaris 2.x through 2.7
Module 2 Disk Slices
0 / 1 swap 2 Entire Disk 5 /opt 6 /usr 7 /export/home
/dev Logical Device Names /devices Physical Device Names
/etc/path_to_inst For each device, the system records its physical and instance name
# prtconf Shows system information including memory size
# devfsadm Will search and configure new devices added.# devfsadm c disk# devfsadm i
# devfsadm v To print changes made to the /dev and /devices directory
# devfsadm c To invoke cleanup routines that remove unreferenced symbolic links fordevices
# format
Format> label To store partition details.
Format> fdisk To create partitions
Format> verify Display partition details
Format> partition To get into partition menu
Format> save Saving new disk and partition :/etc/format.dat
Partition> 0 Change 0 partition
select Select a predefined table
modify Modify a predefined partition table
name
Name the current tableprint Displays the current table
label Write partition map and label to the disk
# prtvtoc /dev/rdsk/c1t0d0s2 To view disk table
7/29/2019 Ence
5/59
# prtvtoc /dev/rdsk/c1d0s2 > /in To save disk partition details to /in file
# fmthard s /in /dev/rdsk/c1d0s2 To load partition detail from file to disk
Module 3 Managing the Solaris OE File System
ufs Unix FS hsfs High Sierra FS pcfs PC FS for DOS FAT32 FSudfs Universal Disk Format FS nfs - Network FSPseudo FS Memory based FS tmpfs swapfs procfs mntfs
VTOC present in the first sector in the raw disk area.VTOC - 512 sectorBoot Block - 1-15 sectorSuper Block - 16-31First Cylinder Group - 32
Creating File Systems
# newfs /dev/rdsk/c1d0s0 Creating FS
# newfs i 16384 /dev/rdsk/c1d0s0 Creating FS with data block size 16KB
# mount /dev/dsk/c1d0s0 /p1 Mounting partition in /p1 directory
# fstyp v /dev/rdsk/c1d0s0 | grep minfree
minfree 6% To know the reserved disk space
# tunefs m 2 /dev/rdsk/c1d0s0 This will reduce the reserved space to 2%
# umount /p1 To umount a partition.
Never run the fsck command on a mounted FS. The /, /usr and /var FS should have thefsck command run on them on single user mode
# fsck /dev/rdsk/c0td0s7 To check the FS in interactive mode
# fsck o f,p /dev/rdsk/c0t0d0s7 f forces p preen or Non interactive mode
# fsck y /dev/rdsk/c0t0d0s7 It answers that to all questions we said yes with y option
# newfs N /dev/rdsk/c0t0d0s7 To view the locations of alternative backup superblocks
# fsck o b=32 /dev/rdsk/c0t0d0s7 Will retrieve the corrupted partition.
# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32 It will corrupt the partition
# df Shows disk detail in blocks# df k (in KB)
# df h Displays disk allocation in MB & GB
# df e Points only the number of files free
# du k Displays disk use in KB
# du s Displays only the summary in 512 bytes blocks. Using the s and k optionstogether shows summary in KB
7/29/2019 Ence
6/59
# du h /opt Shows the disk usage by the directory
# quot a Reports on all mounted file systems
# quot f Include the number of files
# quot h /export/home Shows disk usage userwise in the particular directory
Module 4 Mounts & Unmounts
# mount Lists all of the mounted FS in the /etc/mnttab file
VFSTAB Virtual File System Tab /etc/vfstabdevice to mount device to fsck mount point FS type fsck pass mount at boot mountoptions
/etc/mnttab file is an mntfs file that provides read-only info about mounted FS on thelocal host
The /etc/vfstab file lists all the FS to be automatically mounted at system boot time,with the exception of the /etc/mnttab and /var/run FS
# mount /dev/dsk/c0t0d0s7 /export/home
Mount Options : read/write, setuid, intr, nologging and largefiles, xattr and onerror.
# mount o option,option, device_name mount_point
# mount -o ro /dev/dsk/c0d0s7 /p3 Mount the partition read only.
# mount o ro,nosuid /dev/dsk/c0t0d0s7 /export/home Prohibit execution of setuid pgm.
In solaris 2GB is the large file limit. Use of nolargefiles option fails if the FS to be mountedcontains large files.
# mount -o nolargefiles,noatime /dev/dsk/c0d0s7 /p3
nolargefiles Wont allow large files in this partition
noatime Modification time stamp wont get updated.
# mountall Mounted local FS listed in the /etc/vfstab file
# mountall l If any FS has entry in the fsck pass field as or 0 then it will get mountedwithout fsck checking. Otherwise fsck carried out before mounting
# fstype /dev/rdsk/c0t0d0s7 To know the FS type
# mount F hsfs o ro /dev/dsk/c0t6d0s0 /cdrom To mount CD-Drive# mount F pcfs /dev/diskette /pcfs
# umount /export/home or umount /dev/dsk/c0t0d0s7
# umountall Will unmount local FS listed in /etc/mnttab except /, /usr, /proc, /dev/fd,/var, /var/run & /tmp
# umountall l To verify the FS listed in the /etc/mnttab
# fuser c /p3 Will show the process running on the partition
# fuser ck /p3 Will kill the user processes
7/29/2019 Ence
7/59
# umount f /p3 Force the partition to unmount
# TERM=sun
# export TERM Executes this 2 command to enable the VI editor to work properly
# ps ef | grep voldVold is the daemon taking care of auto mounting CD-Rom.
# volcheck Will check any media present in CD-Rom or Floppy drive
# /floppy/floppy0 Floppy get mounted here automatically
# /cdrom/cdrom0 CD-Rom get mounted here automatically
# /etc/init.d/volmgt stop (or) start
# eject cdrom Will eject the CD-Rom if the vold is running
# fdformat t dos /dev/rdiskette To format a floppy with DOS mode
# fdformat To format the floppy in Solaris Format.
Module 5 InstallationSolaris 9 OE Installation and Upgrade options
Solaris suninstall programSolaris Web Start Installation softwareCustom Jumpstart procedure
Solaris Web Start Flash InstallationStandard upgradeSolaris Live Upgrade method
# grep METACLUSTER /var/sadm/system/admin/.clustertoc To know cluster config
# cat /var/sadm/system/admin/CLUSTER To know the installed cluster configCLUSTER=SUNWCXall
Module 6 Package Administrtaion/var/sadm/install/contents file has all the details about installed packages.
# grep showrev /var/sadm/install/contents Will show whether showrev package isinstalled or not
/var/sadm/pkg directory maintains a record of all installed packages
# pkginfo | more Will show all installed packages
# pkginfo l SUNWman Shows information about SUNWman package
# pkginfo d /cdrom/cdrom0/s0/Solaris_9/Product | more To view info about pkg in CD
# pkgadd d /cdrom/cdrom0/Solaris_9/Product SUNWxip
7/29/2019 Ence
8/59
# pkgchk SUNWman If the pkgchk command doesnt display a message, it indicates thepackage was installed successfully
# pkgchk v SUNWzip To list the files contained in a software package
# pkgchk p /etc/shadow To determine if the contents and attributes of a file havechanged since it was installed with its software package
# pkgchk l SUNWman Lists info about selected diles that make up a package
# pkgrm SUNWzip Will remove the SUNWzip package
# pkgadd d /cdrom/cdrom0/Solaris_9/Product s spool SUNWzipIt will dump the SUNWzip package to /var/spool/pkg folder. Alternate path can be giveninstead of spool like /pkg etc.,
# pkgrm s spool SUNWman Will delete the dumped SUNWman package from spooldirectory
# admintool & Tool (GUI) used to add users, printers, groups, softwares etc.,
# prodreg & Tool (GUI) to view installed packages as well as to install & uninstallpackages.
Module 7 Managing Software Patches
Solaris9/PatchReport A summary of all patches for the solaris 9 OE release9_Recommended.README Instruction for how to intall the recommended patch.
# showrev p (or) # patchadd p Will show installed patches
/var/sadm/patch - Info about all patches that are currently installed.
Patch Name 6 digit number-revision number (117753-01)
# /usr/bin/zcat 105050-01.tar.z | tar xvf -
# cd /var/tmp
# patchadd 105050-01 Will add patch
When you remove a patch, the patchrm command restores all files that were modifiedor replaced by that patch, unless
The patch was installed with the patchadd d option (Which instructs the patchaddcommand not to save copies of files being updated or replaced)
The patch is required by the another patch
The patch has been obsoleted by a later patch
# patchrm 105050-01 Will remove patch
Installing Patch Cluster# cd 9_Recommended# ./install_cluster
/var/sadm/install_data/Solaris_9_Recommended_log
7/29/2019 Ence
9/59
Module 8 Executing Boot PROM Commands
# /usr/platform/uname m/sbin/prtdiag v To know the OpenBoot version
Stop+D
Press this keys when system power is turned ON to switch to diagnostic modeThis key sequence is not available on a serial port terminal
Stop+N Press while the system is turned ON to set the NVRAM parameters to default
Stop+A To get into boot PROM
/etc/default/kbd - Remove the comment for the line KEYBOARD_ABORT=disable toturn off Stop+A function inside OS. Then issue the command kbd I
ok go To comeout of PROM prompt
ok banner Shows system configuration
ok printenv Shows all variables
ok reset-all Will save the changes and clear the buffer & reboot the system
ok .registers Displays the contents of the registers
ok show-devs Shows all device with physical path
ok devalias Shows currently available devices
In sparc if we change values. There is no option to come out without saving.
ok probe-ide Shows ide details and device connected
ok probe-scsi Shows scsi details and device connected
ok probe-scsi-all Identifies devices on all all SCSI buses
ok probe-fcal-all Identifies devices on all fibre channel loops
ok nvalias /pci@if,......................
ok nvunalias To delete alias name
ok show-disks Desplays and allows a selection of device pathsok show-ttysok show-displaysok show-netsok show-tapes
ok help Shows list of helpok help floppy eject
ok test Runs self-test on specified systems
ok sync Manually attempts to flush memory and synchronize FS
ok boot Boot the system
ok boot r Detect new devices (Reconfiguration boot)
7/29/2019 Ence
10/59
ok boot s Single user mode
ok boot v Verbose mode boot the system and shows the background details
ok boot a Interactive mode. Prompt user for user input for all the process at boot timeok boot rv (or) sv
ok printenv auto-boot?auto-boot?=false
ok printenv boot-device
To know the variable detailsboot-device=disk
ok setenv auto-boot? True To change value to true for auto-boot? variableauto-boot?=true
ok printenv diag-switch?Diag-switch?=false
ok setenv diag-switch? True
ok set-defaults Reset all settings to factory defaultok setenv boot-device disk cdrom net
ok set-default boot-device Will reset the default value of boot-device variable
ok power-off Will switch off the system immediately
Inside OS
# eeprom Equivalent to printenv# eeprom auto-boot
Auto-boot?=true# eeprom auto-boot?=false
# eeprom diag-switch?=true
Module 9 Performing Boot and Shutdown Procedures
Run Levels
0 ok modes or S Solaris OE single user mode with critical FS mounted
1 Single user administrative state with access to all FS available2 Multiuser can access the system . All sys daemons are running except NFS
3 Multiuser operations with NFS & N/W resource available
4 Reserved
5 Poweroff
6 Reboot
# who r Shows current run level
Boot Sequence
1. Boot PROM phase2. Boot program phase3. Kernel initialization phase
7/29/2019 Ence
11/59
4. init phase
/etc/inittab id(S3) rstat(3) action(wait) Contains details about init levels
/etc/vfstab /etc/inittab /etc/system Important Files
/etc/system moddir root device and root FS config exclude forceload set
Always make a copy of /etc/system file before you edit the same. In case of problem ,issue the interactive boot command : boot a. When prompting for system file. Enter the pathof backup file for /dev/null for a null configuration file.
/etc/init.d Directory contains many process or services like volume management
/sbin Each run level has an associated rc scripts located in this directory (eg /sbin/rc0)The RC scripts rc0, rc5 & rc6 are hard linked to each other. Run control scriptsare located in /etc/init.d directory and these files are hard-linked to corresponding run controlsctipts in the .etc.rc#.d directories.
Creating New Run Control Scripts
Create the script in the /etc/init.d directory and create links in the appropriate /etc/rc#.ddirectory for the run level in which the service is to be started and stop.
# vi /etc/init.d/filename# chmod 744 /etc/init.d/filename# chgrp sys /etc/init.d/filename# cd /etc/init.d# ln filename /etc/rc#.d/S##filename# ln filename /etc/rc#.d/K##filename
# /etc/init.d/filename start To test the filename
# init 2 Switch the run level to 2
# shutdown Will moves to maintenance mode
# shutdown y g300 i6 The system is being rebooted Reboots after 300 seconds.Default is 60 sec
# shutdown i0 (or) i5 (or) i6
# halt Shutdown the system immediately to ok prompt
# poweroff Equivalent to init5
# reboot Equivalent to init6 These 3 commands wont ececute rc0 kill scripts.
Module 10 Performing User Administration
/etc/passwd
7 fields loginID:x:UID:GID:comment:home_dir:login_shell
0 - 99 UID Reserved system user accounts
100 60000 UID for users range
0 Root
7/29/2019 Ence
12/59
60001 Reserved for the nobody account
60002 Reserved for noaccess account To generate error message
65534 nobody4 The anoynomous user account
/etc/shadow 9 fields loginID:password:lastchg:min:max:warn:inactive:expire:reserved
/etc/group groupname:group-pwd:GID:user-list
/etc/default/passwd Set values for the following parameters MAXWEEKSMINWEEKS
PASSLENGTH(valid entries are 6,7 & 8) WARNWEEKS
1970 -> V4
1986 Sun released first OS (sunos1.0)
# useradd u g G GID,GID,.. d /export/home/user300 m s /bin/ksh cRegular User user300# passwd user300# useradd d /export/home/user305 m user305
# useradd user306
# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-lnewloginname] loginname# usermod l d /export/home/ m
# usermod u user301 Change uid to 905# usermod s /bin/csh user301
# userdel user301 Delete the user account not the home dir
# userdel r user301 Delete user id & home dir
# groupadd [-g gid [-o]] groupname# groupadd g # groupmod [-g gid [-o]] [-n name] groupname# groupmod n
# groupmod g 400 class Change GID to 400 for the group class
# groupdel group1
/etc/profile The Bourne, Korn and BASH shells execute this initialization file
/etc/.login The C shell looks for and executes this initialization file during logon.
There are no default global initialization files for the Z or TC shells
Bourne /etc/profile $HOME/.profile /bin/sh /etc/skel/local.profileKorn /etc/profile $HOME/.profile /bin/ksh /etc/skel/local.profile
$HOME/.kshrcC /etc/.login $HOME/.cshrc /bin/csh /etc/skel/local.cshrc
$HOME/.login /etc/skell/local.login
Setting Environment Variables
Bourne or Korn shell VARIABLE=value; export VARIABLEFor example: PS1=$HOSTNAME; export PS1
C setenv variable value
7/29/2019 Ence
13/59
For example: setenv LPDEST laserprinter
# id user301 Shows UID of the user & primary group
# id a user301 Shows secondary group details also
# groups user300 Shows the users groups
# chown R :grpname
# pwconv To sync passwd and shadow files.
/etc/skel Template files get copied once user id is created.
By default /etc/skel/.profile file dont have any content.
Profile Order
/etc/motd file Message of the day/etc/profile/$HOME/.profile
Module 11 Performing System Security
# who
List of users currently logged in to the local system. The command refers/var/adm/utmpx to obtain information
# who m Info about only the current terminal window
# rusers -l Displays a list of the users logged in on local and remote hosts.
# finger m usera Displays info about the user and host name of user login session
# last Displays a record of all logins and logouts (/var/adm/wtmpx)
# last n 5 reboot To view the last five system reboot times only
Recording Failed Login Attempts
# touch /var/adm/loginlog File to log incorrect login. If a user tries to login 5 times(default) with wrong password a entry is created here.
# chown root:sys /var/adm/loginlog# chmod 600 /var/adm/loginlog
# /usr/ucb/whoami Current login name
# who am i Login name of the original user
Monitoring su Attempts
7/29/2019 Ence
14/59
/etc/default/su File monitoring su login info
CONSOLE VARIABLE
# CONSOLE=/dev/console Remove the comment (#) symbol. So that root can loginremotely by su command.
SULOG VARIABLE
SULOG=/var/adm/sulog Specifies the file location of the log file
Controlling System Access
# /etc/default/login file
CONSOLE=/dev/console This line should be commented to login as root from remotesystem
PASSREQ=YES Enforces that each user should have password to login
/etc/ftpd/ftpusers Lists names of users prohibited from connecting to system through FTP
/etc/ftpusers Solaris 8
/etc/hosts.equiv & $HOME/.rhosts Files to determine if a remote user is allowed toaccess the local host, with the identity of a local user. This procedure first check/etc/hosts.equiv and then $HOME/.rhostshostnamehostname username+
If a uses local hosts /etc/hosts.equiv file contains the host name ofa a remote host, then allregular users of that remote host are trusted and do not need to supply a password to login tothe local host. Wherease the /rhosts file applies to a specific user
/etc/inetd.conf File used to control all services
# svcadm disable (or) enable ftp (or) telnet in solaris 10
# rsh 140.40.40.151
# rcp 140.40.40.151:/test/file1 . To copy remote system file to local
# rcp $HOME:/file1 140.40.40.151:/tmp To copy local files to remote system
# chown user2 file7 To change owner of a file
# chown R user2 dir4 To change ownership for folder and all its subfolders
# chown user3:class file7 Changing both the individual and group ownership in one shot
# chgrp class file4 To change the group ownership of a file or directory
Setuid Permission on Executable Files
When the setuid permission is set on an executable file, a user or process that runs thisexecutable file is granted access based on the owner of the file.# ls l /usr/bin/su
_ rs r_xr_x 1 root sys .
7/29/2019 Ence
15/59
The setuid permission displays as an s in the owners executable field. You should disallowthe use of setuid programs or at least restrict their use
# chmod 4555 To set setuid permission on a executable.
# find / -perm 4000 To search for setuid files
Setgid Permission on Executable Files
When the process runs, it runs as if it were a member of the same group in which the file is amember. Also access is granted based on the permission assigned to that group# ls l /usr/bin/write
_ r _ r_sr_x 1 root . Displays as s in the groups execute field
# chmod 2555
# chmod g+s To set setgid for a directory
# find / -perm 2000 To search for setgid files
Sticky Bit Permission on Public Directories
If the directory permission have the sticky bit set, a file can be deleted only by the owner ofthe file/directory or the root user.
# ls ld /tmp
drwxrwxrwt 6 root sys Displays as t in the execute field for other.
# chmod 1777
# find / -type d perm 1000 To search for sticky bit directory
Module 12 Configuring Printer Services
/etc/lp Directory contains a hierarchy of LP server configuration directories and files
/var/spool/lp Directory contains a list of current requests that are in the print queue.
/var/lp.logs On going history of print requests
/var/lp/logs/requests Completed print request job$HOME/.printers file to set default printer (_default printername)
/etc/printers.conf Contains entry for printers
# lpadmin p printerB c Creating and adding printer class
# lpadmin p printerD c bldg2
Adding printerD to bldg2 class# accept To queuing print request
# lpstat t To check the status of the new printer class
# lp d myfile To print myfile to printer class
7/29/2019 Ence
16/59
# lpadmin d printername (or) printer_classname To set it as default
# lpstat d To check the systems default printer
# lpadmin d bldg2 To change the default printer
# lpadmin x printername To remove a clients printer configuration
# /usr/sadm/admin/bin/printmgr & Print Manager
Removing a Servers Printer Configuration
# reject printerD Stop queuing print requests
# disable printerD Stop the printer
# lpadmin x printerD Delete the printer config from the /etc/lp/printers and/etc/printers.conf
# /usr/lib/lpsched Print services started
# /etc/init.d/lp start Starting by script
# /usr/lib/lpshut Stop print services
# /etc/init.d/lp stop
Stopping by script
Module 13 Using Print Commands
# /usr/bin/lp filename Print to default printer# /usr/bin/lp d printername filename# /usr/ucb/lpr filename# /usr/ucb/lpr p printername filename
LP Print Service Administration Command
# /usr/sbin/accept printerD Permits print requests to be queued
# /usr/sbin/reject r Replacing cartridge printerD Stop queuing print requests
# /usr/bin/enable printerD Activates the specified printers
# /usr/bin/disable Deactivates the specified printers
# lpmove printerC printerA Moves print requests from one printerC to printerA
# lpstat o Viewing print queue
# lpstat a printerA To check whether it accepting print jobs
# lpmove printerC 32 printerC 33 printerA Moving individual print requestsModule 14 Controlling System Processes
# /usr/dt/bin/sdtprocess & GUI tool for process monitoring
# prstat Displays info about active process (5 sec refresh interval)
Options for prstat command
-c . Continuously prints new reports below previous reports
-n nproc Restricts the number of output lines
-p pidlist Reports only on process that have PID
-t Reports total usage summary for each users
-u euidlist Reports only processes that have an EUID in the given list
7/29/2019 Ence
17/59
-U uidlist Reports only processes that have a real UID in the given list
# kill signal PID# pkill signal process
# pgrep l mail To know PID
# pkill sendmail To kill sendmail process
# ps e | grep mail To know PID
# kill 314 To kill mail process
# kill signal PID PID PID# pkill signal process process
Default signal is 15
1 SIGHUP Hnagup Stop & start with the same pid
2 SIGNT Interrupt
9 SIGKILL Kill Kill forcibly15 SIGTERM Terminate Kill properly
# pkill -1 (or) HUP sendmail# kill SIGTERM (or) -15 # kill SIGKILL (or) -9 # kill SIGHUP (or) -1 (or) HUP
# renice n -10 195 To change priority
-20 Highest priority for a process0 Neutral priority
+20 Least priority
# psrinfo shows how long the system is running
# ps e Shows all system process
# ps ef Default process details with command or service name
# ps ef | grep cron To view specific process
# at 9:00 pmat> find /export/home/user2 name core rm {} \;at> Ctrl+D# at nowat> banner welcome > /dev/pts/4at> ctrl+d#
# at l 1016078400.a Reports jobs schedule
# atq Shows the at jobs queue
# ls l /var/spool/cron/atjobs Directory contains the at jobs
# at r 1016078400.a To remove the at job
7/29/2019 Ence
18/59
/etc/cron.d/at.deny We can add username to this file to deny access to at jobs
/etc/cron.d/at.allow We can add username to this file to allow access to at jobsIf neither file at.allow & at.deny file does not exist only the root user can use the atcommand.
Crontab File Format0-59 0-23 1-31 1-12 1-7
Min Hour Date Month Days
# crontab l View content of user crontab file
# crontab e Editing the file30 17 * * 5 /usr/bin/banner Time to go! > /dev/console
# crontab r username Remove a crontab file
/etc/cron.d/cron.deny Users in this file will deny access to use crontab command
/etc/cron.d/cron.allow Users in this file will allow access to use crontab command
If we type only crontab as the command. It will go to process so if we press Ctrl+c then itwont save the file but existing data will be present. When we press Ctrl+D then all thecontent will get deleted.
# crontab /root_cron To use a backup file for cron jobs.# /etc/init.d/cron stop (or) start
# /var/spool/cron/crontabs Directory where users crontab schedule files are gettingstored.
# /var/spool/cron/atjobs Directory where AT jobs get saved
# svcadm enable (or) disable cron
Module 15 Performing File System Backups
/dev/rmt/#hn h Tape Density (l,m,h,c,u) n no rewind
mt f tape-device-name command count
mt status Displays status info about the drive
mt offline Rewind the tape and if appropriate takes the drive unit offline
mt rewind Rewinds the tape
mt fsf count Moves the tape forward count records
# mt f /dev/rmt/0n fsf 2 Positions the tape at the beginning of the third tape record
7/29/2019 Ence
19/59
Level 0 MonthlyM T W Th F3 4 5 6 23 4 5 6 23 4 5 6 2
/etc/dumpdates Each line shows the FS that was backed up and the level of the lastbackup. Also shows the date, and the time of the backup(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005
When an incremental backup is performed the ufsdump command consults the/etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdumpcommand copies to the backup media all of the files that were modified or added since thedate of that lower-level backup. When the backup is complete, the /etc/dumpdates file recordsa new wntry that describes this backup. The new entry replaces the entry for the previous
backup at that level
Options for the ufsdump command
0.9 Backup levelsv Verify, After the tape is written for any discrepancies occurs Size estimatel Autoload, you use this option with an autoloading tape driveo Offline, When the backup is complete. Takes offline, rewinds, and if possible ejectu Updates the /etc/dumpdates filen Notify. Sends messages to the logged-in users terminals who are member of sys groupf device Specify the device
Tape Backup
Become root user, switch to single user mode, and unmount the FS# /usr/sbin/shutdown y g300 System is being shutdown for backup# umount /export/home# fsck /dev/rdsk/c0t0d0s7# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7Remote Backups
To perform remote backups across the network, the system with tape drive must have anentry in its /.rhosts file for every system that uses the tape drive
# ufsdump 0uf host2:/dev/rmt/0 /export/home
Module 16 Performing File System restoresThe ufsrestore command copies files to the disk, relative to the current working directoryfrom backup tapes that were created by the ufsdump command.
Options for the ufsrestore Command
t Lists the table of the backup mediar Restores the entire FS from the backup mediax file1 file2 Restores only the files named on the command linei Invokes an interactive restorev Specifies verbose mode. Displays details of the restore operation on the screenf device Specifies the tape drive name
7/29/2019 Ence
20/59
restoresymtable System creates this file when you restore an entire FS. The ufsrestorecommand uses this file for check=printing or passing information between incrementalrestores. You can remove this file when the restore is complete.
Restoring the /opt FS
# newfa /dev/rdsk/c0t0d0s5# mount /dev/dsk/c0t0d0s5 /opt# cd /opt# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /# umount /opt# fsck /dev/rdsk/c0t0d0s5# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s5
Always restore a FS by starting with the level 0 backup tape, continue with the next lower
level tape and continue through the highest level tape.
Restoring /usr FS
ok boot cdrom s# newfs /dev/rdsk/c0t0d0s6# mount /dev/dsk/c0t0d0s6 /a# cd /a# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /
# umount /a# fsck /dev/rdsk/c0t0d0s6# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s6# init 6
Performing a special case Recovery of the /(root) FS
ok boot cdrom -s# newfs /dev/rdsk/c0t0d0s0# mount /dev/dsk/c0t0d0s0 /a# cd /a
# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /usr/platform/uname m/lib/fs/ufs# installboot bookblk /dev/rdsk/c0t0d0s0# cd /# umount /a# fsck /dev/rdsk/c0t0d0s0# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s0# init 6
Invoking an Interactive Restore
# cd /var/tmp# ufsrestore ivf /dev/rmt/0
ufsrestore> ls Display the contents of the directory structure on the backup tape
7/29/2019 Ence
21/59
ufsrestore> cd directory1ufsrestore> ls
ufsrestore> add file1 file2 Add the files you want to be restore to the extraction list
ufsrestore> delete file1 to delete a file from the extraction list
ufsrestore> marked To view the marked extraction files
ufsrestore> extract To restore the selected files from the backup tape
The ufsrestore command has to find the selected files. If you used more than one type for thebackup, first insert the tape with the highest volume number and type the appropriate numberat this point.
Set directory mde, owner, and times
Set owner/mode for .?[yn] n Answering y sets ownership and permission of the tempdirectory to those of the directory structure on the tape
ufsrestore> quit
Move/copy the restored files to their original or permanent directory and delete from the temp
directory
Performing an Incremental Restore
Always start with the last volume and towards the first. The system uses info in therestoresymtable file to restore incremental backups on top of the latest full backup.
# more /etc/dumpdates | grep c0t0d0s7# newfs /dev/rdsk/c0t0d0s7# mount /dev/dsk/c0t0d0s7 /export/home# cd /export/home
# ufsrestore rvf /dev/rmt/0Load the next lower level tape into the tape drive and issue the following command# ufsrestore rvf /dev/rmt/0
Alternate Steps (5 & 6)
# ufsrestore iv /dev/rmt/0ufsrestore> lsufsrestore> add *ufsrestore> extractufsrestore> q
Load the next tape and perform the below operation# ufsrestore ivufsrestore> lsufsrestore> add*ufsrestore> extractufsrestore> q
Module 17 Backup up a Mounted FS with a UFS Snapshot/usr/sbin/fssnap F FsType V o special-options(s) mount-point | special
Options for the fssnap command
7/29/2019 Ence
22/59
-d Deletes the snapshots associated with the given FS. If o unlink option was usedwhen you built the snapshot, the backing store file is deleted together otherwise it hasto be deleted manually
-F FsType Specifies the FS type to be used-i Displays the state of an FSType snapshot-v Echos the complete command line, but does not execute the command-o Enables you to use special options. Such as the location & size of bs file
# fssnap F ufs o bs=backing_store_path /file_system# fssnap F ufs o bs=/var/tmp /export/home
/dev/fssnap/0
backing store file The snapshot subsystem saves FS data in this file. The fssnapcommand creates the backing-store file and two read-only virtual devices. The block virtualdevice, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device,/dev/rfssnap/0.
You can limit the size of the backing-store file by using the o maxsize=n option.
If the backing-store file runs out of disk space, the system automatically deleted the ufssnapshot.
# fssnap F ufs o bs=/var/tmp,maxsize=500m /export/home
# fssnap I Displays a list of all the current UFS snapshots on the system0 /export/home1 /usr 2 /database
# /usr/lib/fs/ufs/fssnap I /export/home Shows the details for the /export/home snapshot
Performing a backup of a UFS Snapshot
# mkdir p /backups/home.bkp Creating an empty directory
# mount F ufs o ro /dev/fssnap/0 /backups/home.bkp Mounting the block virtualdevice# cd /backups/home.bkp# tar cvf /dev/rmt/0(or)# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 To verify
Performing an Incremental Backup of a UFS Snapshot
Use ufsdump with the N option to create an incremental UFS snapshot. Which writes thename of the device being backed up, rather than the name of the snapshot device to the/etc/dumpdates file
# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c1t0d0s0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 To verify
# fssnap d /extra(Source FS) To remove a snapshot# rm /var/tmp/snapshot0
7/29/2019 Ence
23/59
Restoring Data from a UFS Snapshot Backup
The backup created from a virtual device is a backup of the original FS when the UFSsnapshot was taken. You can restore a UFS snapshot from a backup tape in the same manneras you would the backup of an original FS
# cd /usr# ufsrestore if /dev/rmt/0ufsrestore> add demoufsrestore> extractufsrestore> quit
Deleting a UFS Snapshot
# umount /dev/fssnap/0# fssnap 0d /export/home# rm /backing_store_file
Module 1 Describing Interface Configuration
To know MAC Address of NIC Card
ok banner# ifconfig a
8:0:20:93:c9. Sun manufacturing NIC card
Hme0 qfe0 eri0 leo0 Sun NIC card types
# ifconfig hme0 down To down the NIC
7/29/2019 Ence
24/59
# ifconfig hme0 up To up the NIC
# ping s 140.40.0.123 Continuous pinging
# snoop To display incoming & outgoing packets. Press Ctrl+c to stop the snoop utility
# snoop IP1 IP2 To capture communication between two systems
# snoop a dhcp To turn on audible clicks for all network traffic related to a dhcp boot
# snoop V Summary verbose output# snoop v Detailed verbose output
# snoop o filename Redirects the snoop utility output to filename in summary mode
# snoop i filename Displays packets that were previously captured in filename
/etc/hosts Link file to /etc/inet/hosts
/etc/inet/hosts Should contain IP & hostname
32 virtual interdace is possible
Hme0:1 hmeo:2 .. hme0:32
Configuring IPv4 Interfaces at Boot Time
/etc/rcS.d/S30network.sh - file
# cat /etc/hostname.hme0Sys41 (or) 192.168.30.41
# cat /etc/inet/hosts192.168.30.41 sys41
plumb To sync the IP and the config files
Changing the System Hostname
/etc/nodename File to change hostname/etc/hostname.xxn/etc/inet/hosts/etc/net/tictls/hosts/etc/net/ticots/hosts/etc/net/ticotsord/hosts
The /etc/net/tic* directories contains a host file. These files contain config info for transportindependent network services. If these files become corrupted, unpredictable results canoccur.
# sys-unconfig For total reconfiguration
Module 2 Describing the Client Server Model
inetd (Internet Service Daemon) Responsible for On-Demand services eg. Telnetd, ftpd
/etc/inetd.conf Config file for inetd daemon
To turn-off a service, add a symbol to the beginning of the corresponding to that service inthe /etc/inet.conf file, and send a HUP request.
# pkill HUP inetd Restarting the inetd services
/etc/inet/services Services file
7/29/2019 Ence
25/59
/etc/inet/protocols Registered protocols are listed here
Network Ports Well-known ports & ephemeral (short-lived) ports
Port Assignment Central Authority (Well-known) & Dynamic Binding (ephemeral)
Central Authority Ports 0 1024
Dynamic Binding 1024 65000
Starting Services that use a Well-Known Port1. Services that start by default at system boot time (eg. Sendmail)2. Services start on-demand (eg. telnet)
Starting RPC Services1. Services that start by default at system boot time2. Services start on-demand
The rpcbind process (Daemon) associates RPC program numbers with port numbers./etc/rc2.d/S71rpc script initializes the rpcbind service (port 111)
rpcbind - 111 port number - Resposible for rpc services/etc/rpc Config file for rpc services
# grep rpcbind /etc/servicessunrpc 111/udp rpcbindsunrpc 111/tcp rpcbind
# rpcinfo p rpcbind informationProg No Version Protocol Port Service Name
# rpcinfo d 1002(Prog No) 1(Version) Deleting RPC service registration
Module 3 Customizing the SMC
# /etc/init.d/init.wbem status (or) stop (or) start SMC Service (port 898)
# smc Starting the console
# smc edit Starting the toolbox editor
http://hostname:898/toolboxes/smc/smc.tbx
Module 4 Managing swap configuration
Virtual Memory = RAM + Disk SpaceSwap Slice | Swap File | RAM } Swap Space
# swap s Summary of virtual swap space
# swap l Lists the details of systems physical swap (eg. Swap file)
http://hostname:898/toolboxes/smc/smc.tbxhttp://hostname:898/toolboxes/smc/smc.tbx7/29/2019 Ence
26/59
Adding Swap Space
# vi /etc/vfstab/dev/dsk/c1t0d0s3 - - swap - no -
# swap a /dev/dsk/c1t0d0s3 To add swap space from HDD slice.
Adding Swap File
# mkfile 20m /export/data/swapfile Swap file allocation# swap a /export.data.swapfile
# swap l To list the details of the modified system swap space
# swap s List a summary of the modified system swap space# vi /etc/vfstab
/export/data/swapfile - - swap - no -
Removing Swap Space
# swap d /dev/dsk/c1t0d0s3 Also remove entry from vfstab
Removing Swap File
# swap d /export/data/swapfile
# rm /export/data/swapfile Also remove entry from vfstab
Module 5 Managing Crash Dumps & Core Files
When an OS has a fatal error, it generates a crash dump file (crash dump). When a processhas a fatal error, it generates a core file.
If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs,the panic routine is executed. Where memory contents are copied to a disk partition definedas a dump device.
When an OS crashes, the savecore command is automatically executed during a boot. Thesavecore command retrieves the crash dump from the dump device and the writes the crashdump to a pair of files in your FS.
It places kernel core info in the /var/crash/nodename/vmcore.X fileIt places name list info & table info in the /var/crash/nodename/unix.X file
By default, the dump device is a swap partition. The swap partition contains temp data,therefore permanent data is overwritten by the crash dump.
# dumpadm To view the current dump configurationDump Content : Kernel pages (or) Application Pages (or) AllDump device : /dev/dsk/c0t0d0s1 (swap)Savecore directory : /var/crash/host1
Savecore enabled : yes
# cat /etc/dumpadm.conf Content of dumpadm command
7/29/2019 Ence
27/59
Changing the Crash Dump configuration
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-rroot-dir] [-s savecore-dir]
-n Modifies the dump config so it does not run the savecore command automatically onreboot
-u Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf-y Modifies the dump config so that the savecore command is run automatically on
reboot. This is default-c content-type The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currentlyexecuting process
-d dump-device The dump device cab be an absolute path of swap-m mink | minm | min% Creates a minfree file in the current savecore-dir-r root-dir Specifies an alternative root directory relative to which dumpadm
command should create files. The default root dir / is used.-s savecore-dirTo mention savefiles dir. The default is /var/crash/hostname
Managing Core File Behavior
A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy iswritten to a more permanent medium, such as a HDD. A core file is useful in analyzing why a
particular program crashed.
When a core file occurs, the OS generated two possible copies of the core files, one copyknown as the global core file and the other copy known as per process core file. All dependson options in effect. Global core file is created in mode 600 and is owned by the superuser.
Ordinary per-process core files are created in mode 600 under the credentials of the process.
# coreadm Displays the currnet core file config
global core file pattern : Identifies the name to use for core files placed in global directory
init core file pattern : core Identified the default name that per-process core files must use
global core dumps : disabled Indicates global core files are disabledper-process core dumps : enabledglobal setid core dumps : disabled
per-process setid core dumps : disabledglobal core dump logging : disabled
# cat /etc/coreadm.conf Content of coreadm command
You can enable or disable two configurable core file paths, per-process and global,separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each
process that terminates abnormally produces two core files: One in the current workingdirectory, and one in the /corefiles/core directory.
coreadm [-p pattern] [pid]. Users can run this command
coreadm [-g pattern] [-I pattern] [-d option] [-e option..] only root user can run
-i pattern Sets the per-process core file name pattern from init to pattern-e option Enables the specified core file option
global Enables core dumps by using the global core patternprocess Enables core dumps by using the per-process core patternglobal-setid Enables setid core dump by using the global core pattern
7/29/2019 Ence
28/59
proc-setid Enables setid core dumps by using the per-process core patternlog Generates a syslog (3) message when a user attempts to generate a
global core file-d option Disables the specified core file option. See the e option for possible options-u Updates system-wide core file options from the config file /etc/coreadm.conf.-g pattern Sets the global core file name pattern to pattern. The pattern must start with a /-p pattern Sets the per-process core file name pattern to pattern.
Pattern options for the coreadm Command
%p PID%u EUID%g EGID%f Executable file name%n System node name (uname n)%m Machine hardware name (uname m)%t The time in seconds since midnight jan 1 1970%% Literal %
# coreadm p core.%f.%p $$ When executed from a users $HOME/.profile (or) .loginfile sets the core file name pattern for all processes run during the login session. The $$variable is the PID of the currently running shell. The per-process core file name pattern isinherited by all child processes.
# coreadm p $HOME/corefiles/%n.%f.%p $$ This command places all of the userscore files into the corefiles subdirectory of users home directory, differentiated by the systemnode name.
# coreadm g /var/core/core.%f.%p e global This sets system-wide parameters that add
the executable filename and PID to the name of any core file that is created.# coreadm to verify that this parameter is now part of the core file configuration
# coreadm 278 5678 Search for the core dump file. Only the owner of a process or thesuperuser can query a process by using the coreadm command with a list of PIDs.
Module 6 Configuring NFSNFS Server Files
/etc/dfs/dfstab Lists the local resources to share at boot time/etc/dfs/sharetab Lists the local resources currently being shared./etc/dfs/fstypes Lists the default FS types for remote FS/etc/rmtab Lists FS remotely mounted by NFS clients
7/29/2019 Ence
29/59
/etc/nfs/nfslog.conf Lists info of the location of config logs used for NFS server logging/etc/default/nfslogd Lists config info describing the behavior of the nfslogd daemon
# cat /etc/dfs/dfstabshare F nfs o ro /export.sys44_data
# cat /etc/dfs/sharetab/export/sys44_data - nfs ro
# cat /etc/dfs/fstypesnfs NFS Utilitiesautofs AUTOFS Utilitiescachefs CACHEFS Utilities
# cat /etc/rmtabsys42:/export/sys44-data#sys41:/usr/share/man
#sys43:/export/sys44_data
The # entries are removed by the mountd daemon during asystem startup
NFS Server Daemons
To start the NFS server daemons or to specify the number of concurrent NFS requests thatcan be handled by the nfsd daemon, use the /etc/rc3.d/S15nfs.server script
mountd Handles FS mount requests from remote systems, and provides access controlnfsd Handles client FS requestsstatd Works with the lockd daemon to provide crash recovery functions for the lock
managerlockd Supports record locking operations on NFS filesnfslogd Provides operational logging
# /etc/init.d/nfs.server start To start NFS server daemon
# /etc/init.d/nfs.server stop To stop NFS server daemon
NFS Server Commands
# share To share directory and also displays the contents of the /etc/dfs/sharetab file
# unshare /test Unshare the share
# shareall Shares all resources listed in the /etc/dfs/dfstab file
# unshareall /export/sys44_data Unshare currently shared file resources listed in the/etc/dfs/sharetab file
# dfshares Displays currently shared resources by using the NFS dameon mountd
# dfshares 140.40.40.160 Lists available shared resources in remote system
# dfmounts Displays a list of NFS resources that are currently mounted and client list
# dfmounts sys42 Displays NFS resources of sys42 that are currently mounted & clients
share [-F nfs] [-o options] [-d description] [pathname]
# share o ro /export/sys44_data By default resources available with RW. Accessdecision is based on a comparison of the UID of the client and the owner.
7/29/2019 Ence
30/59
The Share Command Options
ro Informs clients that the server accepts only read requestsrw Allows the server to accept read and write requests from the clientroot=client Informs client that the root user on the specified client system or systems can
perform superuser-privileged requests on the share resource.ro=access-list Allows read requests from the specified access listrw=access-list Allows RW requests from the specified access list
Access List Options
access-list=client:client Allows access based on a colon-separated list of clientsaccess-list=@network Allows access based on a network number (eg @192.168.100
or a network name eg. @mynet.com). The network name mustbe defined in the /etc/networks file
access-list=.domain Allows access based on a DNS domainaccess-list=netgroup_name Allows access based on a config net group (NIS) or (NIS+)
anon=n Sets n to be the effective user ID (EUID) of anonymous users.By default, anonumous users are given the EUID 6001-nobodyuser. If n is set to 1, access is denied.
# share F nfs o r0 direcctory Restricts access to read-only access.# share F nfs o r0,rw=client1 directory
Restricts access to read-only, however, the NFS server accepts both read & write requestsfrom the client client1
# share F nfs o root=client2 directory
Allows the root user on the client named client2 to have superuser access to the NFS
mounted resources
# share F nfs o ro,anon=0 directory
By setting the option anon=0, the EUID for access to shared resources by an anonymoususer is set to 0. The access is also set to read only.
# share- /export/sys44_data ro
Managing the NFS Client
NFS Client Files
/etc/vfstab Defines FS to be mounted locally/etc/mnttab Lists currently mounted FS including automounted directories./etc/dfs/fstypes Lists the default FS types for remote FS
NFS Client Daemons
The NFS client daemons are started using the /etc/rc2.d/S73nfs.client script
statd Works with the lockd daemon to provide crash recovery functionslockd Supports record-locking operations on NFS files
/etc/init.d/nfs.client start (or) stop
mailto:access-list%3D@networkmailto:access-list%3D@network7/29/2019 Ence
31/59
NFS Client Commands
dfshares Lists available shared resources from a remote or local NFS servermount Attach a file resource to a specified local mount pointumount Unmounts a currently mounted file resourcesmountall Mounts all file resources or a specified group of file resources listed in the
/etc/vfstab file with a mount at boot value of yesumountall Unmounts all non-critical local and remote file resourcesdfmounts Displays a list of currently mounted NFS server directories
mount [-F nfs] [-o options] server:pathname mount-point
# mount sys44:/export/sys44_data /export/remote-data# mount o ro sys45,sys43,sys41:/multi_home_data /remote_shared_data
When mounting a read-only remote resources, you can specify a comma separated list ofsources for the remote resources. Which are then used as a list of failover resources
# umount /export/remote-data Unmounting remote FS from the client
# mountall r To limit the action of this command to remote file resources.
# umountall r To unmount all remote file systems
Mounting Remote Resources at Boot Time
Enter appropriate entries in the clients /etc/vfstab file to mount the remote file resources atboot time.# vi /etc/vfstab
sys44:/export/sys44_data - /export/remote-data nfs - yes soft,bg
Mount Command Options
rw | ro Read/Write or read-only. The default is read/writebg | fg Retry to mount in background or foreground. The default is to retry in the foregroundsoft | hard Soft option reports an error on the request, and stop trying when retrans=n
reach. Whereas hard option prints a warning message and continue to try.Default is hard mount
intr | nointr Enables or disabled the use of KB interrupts to kill aprocess that hangs on ahard-mounted FS. The default is intr.
suid | nosuid Indicates whether to enable setuid execution. Default is setuid executiontimeo=n Sets the timeout to n tenth of a second. The default timemout is 11, measures
in one-tenth of a second for UDP and 600 tenths of a second for TCP.retry=n Sets the no of times to retry the mount operation. Default is 10,000 timesretrans=n Sets the number of NFS retransmission to n. The default is 5 for UDP.
Enabling the NFS Server Logging
nfslogd daemon responsible for NFS logging
The /etc/nfs/nfslog.conf file defines the path, file names, and type of logging that the nfslogddaemon must use. There is a taq corresponding to each definition.
Eg. Of nfslog.conf file
7/29/2019 Ence
32/59
# NFS server log configuration file
global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
defaultdir=dir_path Specifies the default parent directory
log=logfile_pat Specifies relative or absolute path and the filename for the ASCII log file
fhtable=table_path
Specifies path and the filename for the file-handle-to-path DB filebuffer=buffer_path Specifies path and the filename for the raw buffer file
log format=basic | extended Specifies the format when creating user-redable log files
To easily identify the log files for different shared resources, place them in separate dir. Foreg.
# cat /etc/nfs/nfslog.confglobal defaultdir=/var/nfs \
log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
public defaultdir=/var/nfs/public \log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
Create the /var/nfs/public directory before starting NFS server logging
Specify a tag by entering the tag to use with the log=taq option in the /etc/dfs/dfstab file. Usethe log option without specifying a taq, which mean use the default global tagshare F nfs o ro,log /export/sys44_date
/etc/default/nfslogd The config info file controls the logging behavior of the nfslogddaemon.
Module 7 Configuring AutoFS
The automount facility contains three componentsThe AutoFS FSThe automountd daemonThe automount command
7/29/2019 Ence
33/59
The AutoFs map types
Master Map The auto_master map associates a directory, also called a mount point, with amap.
Direct Map Lists the mount points as absolute path names. This map explicitly indicatesthe mount point on the client.
Indirect Map Lists the mount points as relative path names. This map uses a relative path toestablish the mount point on the client.
Special Provides access to NFS servers by using their host names
# cat /etc/auto_master+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse/xfn -xfn
Syntax
Mount point map name(direct or indirect map) mount options(similar to standard mountoptions. But nobrowse option is an AutoFS specific mount option
The plus(+) symbol at th beginning of the +auto_maser line directs the automountd daemonto look at the NIS, NIS+, or LDAP databases before it reads the rest of the map. If this line iscommented out, only the local files are searched unless the /etc/nsswitch.conf file specifiesthat NIS, NIS+, or LDAP should be searched.
The two mount points for special maps are hosts map & -xfn mapThe hosts map Provide access to all resources shared by NFS servers. The resources beingshared by a server are mounted below the /net/hostname directory, or if only the servers IP
address is known below the /net/IPaddress directory. The server doesnt have to be listed inthe hosts database for this mechanism to work.
The xfn map Provides access to resources acailable through the Federated Naming Service(FNS). Resources associated with FNS mount below the /xfn directory
Direct Map
# cat /etc/auto_master.
./- auto_direct -ro
The /- mount point is a pointer that informs the automount facility that the full path names aredefined in the file specified by map-name(the /etc/auto_direct file in this example)
# cat /etc/auto_direct# Super User created direct map for automounter/apps/frame -ro,soft server1:/export/framemaker /opt/local -ro,soft server2:/export/unbundled
/usr/share/man -ro,soft server3,server4:/usr/share/man
Indirect Map
7/29/2019 Ence
34/59
The /home entry defines a mount point for an indirect map. The map auto_home list relativepath names only. The Solaris 2.6 through Solaris 9 OE support browsing of indirect maps andspecial maps with the browse option. The nobrowse option disables the browsing ofindirect maps. The default option is browse
# cat /etc/auto_home+auto_homesteven hosts5:/export/home/stevenmary mars:/export/home/marry
Reducing the auto_home map to a single line
* server1:/export/home/&The client remotely mont the /export/home/loginID directory from the NFS server server1onto the local mount point /home/loginID. Wildcard character(*) to match any key. Thesubstitution character (&) at the end of the location is replaced with the matched key field.
Run the automount command when making changes to the master map or creating a direct
map to make the changes effective. You do not have to stop and restart the automountddaemon after making changes to existing entries in a direct map.
Automount [-t duration] [-v]-t Specifies a time in seconds, the FS remains mounted when not in use. Default is 600 sec.
When to run the automount commandAutomount Map Run if entry is added/deleted Run if entry is modifiedMaster map yes yesDirect map yes noIndirect map no no
# cat /etc/mnttab-hosts /net autofs indirect,nosuid,ignore,nobrowse dev=4300001|1008255810auto_home .-xfn .
# /etc/init.d/autofs start (or) stop
Module 8 & 9 Solaris volume Mangement
metadb a [-f] [-c n] [-l nnnn] disk_slice
-a Adds a stale database replica-f Force the creation of the initial replica, even if no replica exist.-c n Specifies the number of replicas to add to the slice
7/29/2019 Ence
35/59
-l nnnn Specifies the size of the new replica in blocksdisk_slice Specifies the name of the disk_slice that will hold the replica
# metadb a f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 To create metadb
# metadb Reports the status of all replicas
RAID 0 Config
# metainit d10(name d0-dn) 3(total disk/slice) 1 c0t1d0s0 1 c0t1d0s1 1 c0t1d0s3# newfs /dev/md/rdsk/d10
# metaclear d10 Delete the volume
# metainit d0(partition name) p d10(volume name) 1000m Creating partition
# metattach d0 999m To increase partition size
# growfs M /m1(mount point) /dev/md/rdsk/d0 To create FS for extra space added
# metattach d10(volume) c0t1d0s4 To increase space for volume
RAID 5 Config
# metainit d20 r(raid 5 option) c0t1d0s0 c0t1d0s1 c0t1d0s3
# metadb d f c0t1d0s7 To delete metadb
RAID 1 Config
# metainit d10 m d0 To create mirrorThen reboot
# metattach d10 d1 Attaching another disk to mirror
# metastat To check the status of mirror disk
Building a Mirror of the Root (/) File System
metainit f concat/stripe numstipes width components# metainit f d0 1 1 c0t0d0s0
d0 concat/stripe is setup
# metainit d1 1 1 c0t1d0s0d1 concat/stripe is setup
metainit mirror m submirror [read_options] [write_options] [pass_num]
read_options
-g Enables the geometric read option, which results in faster performance on sequentialreads
-r Directs all reads to th first submirror. Use this option, when the devices that comprisethe first submirror are substantially faster than those of the second mirror.
7/29/2019 Ence
36/59
You cannot use r option with the g option. If neither the g nor r options are specified,reads are made in a round-robin order from all submirros in the mirror. This process enablesload balancing across the submirros.
write_options
S Performs serial write to mirrors. The default setting for this option is parallel write
Pass_num
A number (0-9) at the end of an entry defining a mirror that determines theorder in which that mirror is resynchronized during a reboot. The default is 1. If 0 usedresync is skipped.
# metainit d10 m d0d10 : Mirror is setup
# metaroot d10 Updates /etc/system file also /etc/vfstab
# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -
The metaroot command also updates the /etc/system file to contain the forceload statementthat loads the kernel modules that support the logical volumes.
# tail /etc/systemforceload : misc/md_hotsparesforceload : misc/md_spforceload : misc/md_stripeforceload : misc/md_mirroforceload : drv/pcipsy.
.
.rootdev:/pseudo /[email protected]
You must reboot the system before attaching the secondary submirror# init 6# metattach d10 d1
d10: Submirror d1 is attached# ls l /dev/dsk/c1t0d0s4Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................
ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:bok printenv boot-device
boot-device=disk netok setenv boot-device disk backup_root net
boot-device=disk backup_root net
ok boot backup_root To test the secondary submirrorUnmirroring the Root (/) File System
# metastat d10 To verify that status of the mirror# metadetach d10 d1 To make a one-way mirror
d10: submirror d1 is detached
# metaroot /de/dsk/c0t0d0s0 To change entries in /etc/vfstab and /etc/system# init 6
mailto:/[email protected]:/[email protected]7/29/2019 Ence
37/59
# metaclear r d10 To clear the mirror and submirror. The r deletes metadevicesd10: Mirror is cleared
d0: Concat/Stripe is cleared# metaclear d1
d1: Concat/Stripe is cleared
Module - 10 ACL
entry-type:[UID or GID]:perm
Introducing ACL Commands
getfacl [-a] [-d] filename(s) Displays ACL entries for files
-a Displays the filename, file owner, file group, and ACL entries for the specified file
-d Displays the filename, file owner, file group, and default ACL entries
setfacl m acl_entries filename Creats or modify ACL entries on filessetfacl s acl_entries filename Substitute new ACL entries for old ACL entries
setfacl d acl_entries filename Deletes one or more ACL entries on files
setfacl f acl_file filename Specifies an ACL configuration file that contain ACL entriesto set on other files
setfacl r filename Recalculate the ACL mask baed on the ACL entries. When used withm or s option
$ ls l
_rw_r__r__+ 1 userc staf 0 Jan 2 13:40 file2 A plus sign appears for filescontains ACL permission
There are no effective permission listed for a files owner or others users. However, thefiles group and any other specific users or groups present in the ACL list have effective
permissions. When no ACL mask is specifically set o a file or directory, the ACL mask hasthe same permissions as the group permissions for that file or directory.
$ getfacl file1 No ACL entries presentfile : file1owner : usercgroup : sysadminuser::rw_
group::r__ # effective:r__ mask:r__other:r__
$ getfacl file2 Custom ACLentry presentfile : file2owner : usercgroup : sysadminuser::rw_user::usera:rwx # effective:r__group::r__ # effective:r__ mask:r__other:r__
7/29/2019 Ence
38/59
The effective permission shows which permissions are allowed. When you compute theintersection (a Boolean logical AND operation) of the ACL entry and the ACL mask.
$ setfacl m u:userb:7 file2 Set special permission to userb(username)$ getfacl file2
file : file2owner : usercgroup : sysadminuser::rw_user::usera:rwx # effective:r__user:userb:rwx # effective:r__group::r__ # effective:r__ mask:r__other:r__
$ setfacl d u:usera file2 Removing special permissions$ getfacl file2
file : file2
owner : usercgroup : sysadminuser::rw_user:userb:rwx # effective:r__group::r__ # effective:r__ mask:r__other:r__
setfacl s u::perm,g::perm,o:perm,m:perm,[u:UID:perm],[g:GID:perm] filename$ setfacl s u::rwx,g::rw_,o:r__,m:rw_,u:usera:rwx file1$ getfacl file1
file : file1owner : usercgroup : sysadminuser::rwxuser:usera:rwx # effective:rw_group::rw_ # effective:rw_ mask:rw_other:r__
$ setfacl s u::7,g::6,0:4,m:6,u:usera:7 file2
$ setfacl r m u:usera:7 file1 Change the umask value as well as to theuser(Recalculating an ACL mask)
$ getfacl file1file : file1owner : usercgroup : sysadminuser::rwxuser:usera:rwx # effective:rwxgroup::rw_mask:rwx
other:r__
getfacl filename1 | setfacl f filename2
$ getfacl file1 | setfacl f file3 Copying an ACL List
7/29/2019 Ence
39/59
You can set default ACL entries only on directories. You must set default ACL entries for theuser, group, other, and ACL mask before you set a default ACL entry for an additional userof group.
$ pwd/export/home/userc
$ mkdir dir1drwxr_xr_x 2 userc sysadmin 512 Apr 29 17:11 dir1
$ getfacl dir1# file:dir1# owner:userc# group:sysadminuser::rwxgroup::r_x # effective:r_xmask:r_xother:r_x
$ setfacl m d:u::rwx,d:g::r_x,d:o:r_x,d:m:r_x dir1
$ setfacl m default:user:usera:rwx dir1$ getfacl dir1# file:dir1# owner:userc# group:sysadminuser::rwxgroup::r_x # effective:r_xmask:r_xother:r_xdefault:user:rwxdefault:user:usera:rwx
default:group:r_xdefault:mask:r_xdefault:other:r_x
Effect of Default ACLs on New Subdirectories
When a directory contains a default ACL, the permissions granted to the user, group, andother categories for the directory represent the intersection of mode 777, which is the UNIXdefault for directories without umask influence.
When a subdirectory/file created, the permissions on the newly created subdirectory/file are
generated according to the intersection between the default ACL entries and the permissionsset initially during creation.
$ mkdir dir1/subdir1$ ls l dir1
drwxr_xr_x+ 2 userc sysadmin 512 Apr 30 08:01 subdir1$ getfacl dir1/subdir1$ getfacl dir1/subdir1
# file:dir1/subdir1# owner:userc# group:sysadmin
user::rwxgroup::r_x # effective:r_xmask:r_xother:r_x
7/29/2019 Ence
40/59
default:user:rwxdefault:user:usera:rwxdefault:group:r_xdefault:mask:r_xdefault:other:r_x
If default ACL entries changed for the dir1 it wont affect the ACL of dir1/subdir1. But if wecreate new subdirectory the new ACL of the dir1 will get inherited.
$ setfacl m d:group::rwx,d:group::rws,d:other:rwx,d:mask:rwx dir1$ mkdir dir1/subdir2$ getfacl dir1/subdir2
user::rwxgroup::rwx # effective:rwxmask:rwxother:rwxdefault:user::rwxdefault:user:usera:rwx
default:group::rwxdefault:mask:rwxdefault:other:rwx
$ cd dir1/subdir2$ touch filea$ ls l
_rw_rw_rw_+ 1 userc sysadmin 0 Apr 30 13:34 filea$ getfacl filea
user::rw_user:usera:rwx # effective:rw_group::rw_ # effective:rw_
mask:rw_other:rw_
The permission granted to the user, group, and other categories for filea represents theintersection of mode 666(default for files without umask influence) with the default entriesassociated with the directory are set to rwx, the example of intersection is clear.
The mask value doesnt exceed the permissions assigned to the group. Eventhough the/dir1/subdir2 directory lists rwx as the default mask value inherit only upto rw_. The entry forusera was applied as a standard ACL entry and not as a default entry, because only directoryreplicate default entries.
Module 11 RBAC (Role Based Access Control)
/etc/user_attr The extended user attributes database, which associates users and roleswith
7/29/2019 Ence
41/59
authorizations and right profiles in addition to the /etc/passwd, /etc/group,and /etc/shadow files
/etc/security/prof_attr The rights profile attributes database, which defines profiles, liststhe profiles assigned authorizations and any nested rights profiles,
and identifies the associated help files.
/etc/security/exec_attr The execution attributed database, which defines the privileged
commands and scripts assigned to a profile./etc/security/auth_attr The authorization attributes database, which defines authorizations
and their attributes. This database also identifies the associatedhelp file.
/etc/security/policy.conf File provides system default authorizations for users
The /etc/user_attr Database
user:qualifier(reserved):res1(reserved):res2(reserved):attr
attr : An optional list of semicolon separated (;) key value pairs that describe the securityattributes to be applied when the user runs commands.
type Can be normal or role. A role is assumed after the user has logged in.
auths Specifies a list of authorization chosen from names defined in the auth_attr DB
profiles Specifies a list of profile names chosen from the /etc/security/prof_attr DB
roles Specifies a list of role names defined in the same /etc/user_attr DB. Roles areindicated by setting the type value to role. Roles cannot be assigned to other roles.
sysadmin::::type=role;profiles=Device Management,Filesystem Management,PrinterManagement
johndoe::::type=normal;auth=solaris.system.date;roles=sysadmin
The /etc/security/prof_attr Database
profname:res1:res2:desc(description):attr
attr : The security attrinutes to apply to the object upon execution. You can specify zero ormore key. The two valid keys are help and auths.
# grep Printer Management /etc/security/prof_attr Printer Management:::manage Printers, daemns, \;auths=solaris.admin.printer.read, \
The Printer Management profile, which is defined in the /etc/security/prof_attr DB, isassigned to the sysadmin role in the /etc/user_attr DB.
The Printer management profile is defined in the prof_attr DB as having all authorizations,beginning with the solaris.admin.printer.string, assigned to it. These authorizations aredefined in the /etc/security/auth_attr DB.solaris.admin.printer.read:::view printer information::\
The /etc/security/exec_attr Database
7/29/2019 Ence
42/59
name:policy:type:res1:res2:id:attr
name Name of the profile
policy The security policy associated with this entry. The suser (superuser policy model)is the only valid policy entry.
type The type of entity. Whose attributes are specified. The only valid type is cmd
id a string identifying the entity. Command should have full path or a path with wildcard
attr euid and uid | egid and gid
Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp
The /etc/security/auth_attr Database
You can assign authorization directly to users or roles in the /etc/user_attr DB. You can alsoassign authorizations to rights profiles, which are assigned to roles.
authname:res1:res2:short_desc:long_desc:attr
authname A unique character string that identifies the authorization in the prefix.suffix[.]format.
The /etc/security/policy.conf file
This file lets you grant specific rights profiles and authorization to all users. Two types ofentries in the file areAUTHS_GRANTED=authorizationsPROFS_GRANTED=right_profiles
# cat policy.confAUTHS_GRANTED=solaris.device.cdrwPROFS_GRANTED=Basic Solaris Users
# roleadd m d /export/home/tarback m c Privileged tar backup role p Media Backup,Media Restore tarback
-A authorization and -p profile Assign authorization and profiles respectively to the role.
# rolemod A auth1,auth2 p profile1,profile2 role1
Additional Commands Used to Perform RBAC Functions
auths Displays authorizations for a user makedbm Makes a dbm filenscd Identifies the name service. Useful for caching the 4 RBAC DB details
pam_roles Identifies the role account management module for password authenticationmodule (PAM)
pfexec Identifies the profile shells used to execute commands with attributes specifies
in exec_attrpolicy.conf Identifies the config file for the security policy. Lists granted authorizationprofiles Displays profiles for a specified userroles Displays roles granted to a user roleadd Adds a role account to the system
7/29/2019 Ence
43/59
rolemod Modifies the roles account info in the systemroledel Deletes a roles account from the system
Example
Profile Privilege to profile Creating Role Role to profile Role to user
/etc/security/prof_attr Contains profile details
Creating profile in prof_attruadd::Profile for user admininit:::Profile for init process
/etc/security/exec_attr Privilege to profileuadd:suser:cmd:::/usr/sbin/useradd:euid=0uadd:suser:cmd:::/usr/sbin/usermod:euid-0init:suser:cmd:::/usr/sbin/init:euid=0
init:suser:cmd:::/usr/sbin/shutdown:euid=0
Creating Role# roleadd d /export/home/role1 m role1# passwd role1
Role to Profile# rolemod P uadd,init role1
Adding role to user
# usermod R role1 user1
/etc/user_attr Details about role & user to role
Login as normal user
Switch to role profile & use the privilege command
/etc/security/auth_attr Authorization file Config file for users & this roles
Module 12 Performing Smartcard Authentication
# /usr/dt/bin/sdtsmartcardadmin & To start smartcard console
ATR Answer to reset Number (unique)
# smartcard c disable Disabling smartcard operation
# smartcard c admin Display the current client and server configuration
# /etc/smartcard/opencard.properties Config File
7/29/2019 Ence
44/59
Module 13 Configuring System Messaging
The syslog system messaging features track system activities and events. You can manuallygenerate log messages by using the logger command. The syslog function, the syslogddaemon, and input from the /etc/syslog.conf file work together to facilitate system messagingfor the solaris 9 OE.
The /etc/syslog.conf file
This file consists of two tab-separated fields: selector and action. The selector field has twocomponents, a facility and a level written as facility.level. Facility represent categories ofsystem processes that can generate messages. Levels represent the severity or importance ofthe message. The action field determines whether to send the message.
*.err /var/adm/messages Error messages for all facilities are sent to the /var/adm/messages
Only use tabs as white space in the .etc.syslog.conf file. The Solaris OE accesses the
/usr/include/sys/syslog.h file to determine the correct facility.level sequencing order.
Selector Fields (facility) Options
kern Messages generated by the kerneluser Messages generated by user processes and dont have default priority for messagesdaemon System daemon, such as the in.ftpd and the telnetd daemonauth The authorization system, including the login, su, and ttymon commandssyslog Messages generated internally by the syslogd daemonlpr The line printer spooling system, such as the lpr and lpc commandsnews Files reserved for the USENET network news system
uucp The UNIX to UNIX copy (uucp) system does not use the syslog functioncron The cron and at facilities, including crontab, at, and cronlocal0-7 Fields reserved for local use.mark The time when the message was last saved and produced by the syslogd daemon* All facilities, except the mark facility.
You can use the asterisk (*) to select all facilities (for eg. *.err); however, you cannot use * toselect all levels of a facility (for eg. Kern.*)
The levels in descending order of severitySelector Fields (level) Options
Level Priority Description
emerg 0 Panic conditions that are normally broadcast to all usersalert 1 Conditions that should be corrected immediatelycrit 2 Warnings about critical conditions, such as hard device errorserr 3 Errors other than hard device errorswarning4 Warning messagesnotice 5 Non-error conditions that might require special handlinginfo 6 Informational messagesdebug 7 Messages that are normally used only when debugging a programnone 8 Messages are not sent from the indicated facility to the selected file
Not all levels of severity are implemented for all facilities in the same way.
7/29/2019 Ence
45/59
Action Field The action field defines where to forward the message. This field can haveany one of the following entries
/filename The targeted file@host The @sign denoted that messages must be forwarded to a remote host.
Messages are forwarded to the syslogd daemon on the remote hostuser1, user2 The user1 and user2 entries receive messages if they are logged in* All logged in users will receive messages
You must restart the syslogd daemon whenever you make any changes to /etc/syslog.conf file# /etc/init.d/syslog stop (or) start# pkill HUP syslogd
Syslogd started Its starting the M4 Macro Processor M4 will read the/etc/syslog.conf file.
Configuring syslog Messaging
The inetd daemon uses the syslog command to record incoming network connection requestsmade by using TCP. You can modify the behavior of the inetd daemon to log TCPconnections by using the syslogd daemon. The daemon facility and the notice message levelare supported by inetd.Use the t option as an argument to the inetd daemon to enable tracing of TCP services.When you enable the trace option for the inetd daemon, it uses the daemon.notice to log theclients IP address and TCP port number, and the name of the service. Add the t option tothe entry which activated the inetd daemon in the inetsvc script located in the /etc/init.ddirectory
# grep inetd /etc/init.d/inetsvc/usr/sbin/inetd s t You must restart the inetd daemon for the new option to take effect
# grep daemon.notice /etc/syslog.conf*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
Monitoring a syslog File in Real Time
The tail f command holds the file open so that you can view messages being written to thefile by the syslogd daemon.
# tail f /var/adm/messages Press Ctrl+c to exit
Adding One-Line Entries to a System Log File
logger [-i](logs PID) [-f file] [-p priority] [-t tag] [message]
# logger system rebooted If the user.notice field is configured in the /etc/syslog.conf file,the message is logged to the file designated for the user.notice selector field
# logger p user.err system rebooted Changing the priority of the messages to user.errroute the messages to the /var/adm/messages file as indicated in the /etc/syslog.conf file# logger i p2 crit
/dev/sysmsg Console
7/29/2019 Ence
46/59
Module 14 Using Name Services
Name Services DNS, NIS, NIS+, LDAP
/etc/rc2.d/S72inetsvc script Starts DNS during system boot.
/etc/rc2.d/S71rpc script Starts NIS & NIS+ during system boot
/etc/rc2.d/S72directory script Starts iPlanet Server during system boot.
Name Service Feature SummaryFeature DNS NIS NIS+
LDAP_____Namespace Hierarchical Flat Hierarchical Hierarchical
Data Storage Files/Resoruce Two column Multicolumn Directoriesrecords maps tables (varied)
Server Types Master/Cache/ Master/ Root Master/ Master/
Cache only/ Slave non-root mast. Consumer Forwarding Replica
Transport TCP/IP TCP/IP TCP/IP TCP/IP
Scale WAN LAN LAN WAN_______________________________________________________________________
The name service switch file determines which services a system users to search forinformation and in which order the name services are searched. All Solaris OE systems usesthe /etc/nsswitch.conf file as the name service switch file. The nsswitch.conf is loaded with
the contents of a template file during the installation of the Solaris OE depending on the nameservice that is selected.
Name Service Name Service TemplateLocal Files /etc/nsswitch.filesDNS /etc/nsswitch.dns
NIS /etc/nsswitch.nisNIS+ /etc/nsswitch.nisplusLDAP /etc/nsswitch.ldap
Configuring the Name Service Cache Daemo (nscd)
The nscd daemon is a process that provides a cache for the most common name servicerequests. The /etc/nscd.conf file controls the behavior of the nscd daemon. The nscd daemon
provides caching for passwd, group, hosts, ipnodes, exec_attr, prof_attr and user_attrdatabases. Each line specifies either an attribute and a value or an attribute, a cache name,and a value.
# /etc/init.d.nscd stop (or) start
The getent command provides generic retrieval interface to search many name service
database. As a system administrator, you can query name service information sources withtools, such as theypcat NIS namespacenslookup DNSldaplist LDAP
7/29/2019 Ence
47/59
Bt these tools are not consulting nsswitch.conf file. Whereas getent command searches theinformation sources in the order in which they are configured in the name service switch file.So if there is any error in the file will be identified with this command.
getent database [key]..
database The name of the database to be examined. This name can be passwd, group,hosts, ipnodes, services, protocols, ethers, networkds, or netmasks.
# getent passwd lplp:x:71:8:Line Printer Admin:/usr/spool/lp:
# getent group 10staff::10:
# getent hosts sys44192.168.38.44 sys44 loghost (loghost will be absent if the NIS is searched first)
Module 15 Configuring Name Service Clients
Configuring a DNS ClientThe client resolver code is controlled by the following files
/etc/resolv.conf Contains directive to specify the scope of a query
/etc/nsswitch.conf Contains the reference to DNS for the hosts entry
Configuring the DNS Client During Installation
Select DNS Give Domain Name Enter IP Address Enter search DomainsConfirm
Editing DNS Client Configuration Files
# vi /etc/resolv.confdomain digigeeks.comnameserver 140.40.40.152
search digigeeks.com List the local domain as the first argument to the search
Copying the /etc/nsswitch.dns File to the /etc/nsswitch.conf
# cp /etc/nsswitch.dns /etc/nsswitch.conf# cat /etc/nsswitch.conf
hosts files dns..
If you want to add DNS name resolution to a system currently running a name service, suchas NIS or NIS+. You must place the dns keyword on the hosts line in the specific location,along with other keywords.
# cat /etc/nsswitch.conf..hosts: nfs files dns..
7/29/2019 Ence
48/59
Setting up an LDAP Client
The LDAP server cannot be a client of itself. Getting this configuration to work properlyrequires changes to the LDAP server and the LDAP client. The ldap_cachemgr daemon isresponsible for ma
