principles of unix system management solaris 8 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Principles of Unix System Management - Solaris 8 PowerPoint Presentation
Download Presentation
Principles of Unix System Management - Solaris 8

Loading in 2 Seconds...

play fullscreen
1 / 186

Principles of Unix System Management - Solaris 8 - PowerPoint PPT Presentation

  • Uploaded on

Principles of Unix System Management - Solaris 8. Randy Marchany VA Tech Computing Center Blacksburg, VA 24060 540-231-9523 email: System Administration Duties. 1. Installing System Patches 2. Making System Checklists 3. Editing system configuration files

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Principles of Unix System Management - Solaris 8

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
principles of unix system management solaris 8

Principles of Unix System Management - Solaris 8

Randy Marchany

VA Tech Computing Center

Blacksburg, VA 24060



Copyright 1999, Marchany

system administration duties
System Administration Duties

1. Installing System Patches

2. Making System Checklists

3. Editing system configuration files

4. Keeping track of SUID/SGID programs

5. Recording device file permissions

6. Keep track of world, group writable files, directories

7. Record encrypted checksum of all system binaries

8. Verify password strength for system, user accounts

9. Expiring inactive accounts

10. Restrict root access to the system console

Copyright 1999, Marchany

system administration duties3
System Administration Duties

11. Allow no guest accounts, no multiple users/account, 1 user/account

12. Disable r-commands

13. Monitor NFS usage using nfsstat, nfswatch. Check /etc/exports

14. Monitor NIS system usage

15. Monitor modem file device permissions

16. Disable UUCP or verify the computer hangs up the phone correctly

17. Install the LATEST version of Sendmail (8.9.x)

18. Disable tftp services

19 Verify FTP client and server configurations

20. Setup an email alias for the FTP account

Copyright 1999, Marchany

system administration duties4
System Administration Duties

21. Set correct system-wide umask

22. Allow no .rhost, .netrc files

23. Verify backup/restore procedures

24. Check sticky bit file permissions

25. Check cron and at job files for completeness

26. Enable system accounting, system auditing functions

27. Check system-wide path definitions

28. Install tools: portsentry, logcheck, TCPWrappers, tripwire,lsof, CIS

Security Benchmark document

29. Check for IP forwarding in the kernel

30. Check X Windows security

Copyright 1999, Marchany

sysadmin tricks hints
SysAdmin Tricks/Hints

1. Get a good idea of what is normal activity on your system. Use

Unix performance command/scripts to monitor your system. Check

user login times to get a feel for what is normal activity for a user.

2. Obtain checklists at irregular intervals. Never do your monitoring at

regular intervals. Store the checklists offline.

3. Remember that 1 megabyte doesn't necessarily equal 1 megabyte.

gigabyte gigabyte

Real math tells us 1Mb = 2**20= 1,048,576 bytes

1Gb = 2**30= 1,073,741,824 bytes BUT

to vendors, 1MB = 1,000,000 bytes and 1GB= 1,000,000,000 bytes.

So, you may not be missing space. A vendor 1Gb disk gives you

only 93.1% of expected capacity. Cute vendor trick!

Copyright 1999, Marchany

sysadmin tricks hints6
SysAdmin Tricks/Hints

4. Monitor your disk space.

Why are we concerned?

Because hackers can hide data in hidden dirs and this is one way

to see if your usage totals add up.

5. System Things to Remember

- keep hard copy logs in a secure place with limited access.

Be able to account for their whereabouts EXACTLY.

- restrict root access

- Do your backups and checklists

- log internet activity by using TCP wrappers

- Keep accurate physical network/system maps/contact people

- Publicize problems AND solutions. Security through ignorance can

backfire on you.

- Educate your user community.

- Install all relevant security patches, OS revision patches asap.

- Limit physical access to the machines if possible.

Copyright 1999, Marchany

sysadmin tricks hints7
SysAdmin Tricks/Hints

6. Some free third party system management tools to get:

perl - language for scanning text files, extracting data from them and

formatting reports. Written by Larry Wall.

top - provides continuous, customizable display of system process

status. Written by Phil LeFebvre.

lsof - finds out who has open files on a FS that prevent you from

dismounting the FS.

nfswatch - dynamically charts NFS traffic on a host. Written by Dave


tcpdump - packet monitoring program for displaying packets to/from

a system.

Copyright 1999, Marchany

sysadmin tricks hints8
SysAdmin Tricks/Hints

More Tools (cont'd)

Tripwire - system auditing package that runs a series of checks for

basic system security. Written by Dan Farmer.

Crack - very powerful password cracking program that works on

Unix systems that don't have shadow password files.

Written by Alec Muffet.

7. Useful Unix commands

In addtion to commands like: find, ls, diff, last, lastcomm, ps, vmstat,

iostat, su and the above mentioned tools, the 'strings' command is

a useful tool to examine binary files for ascii strings.

Copyright 1999, Marchany

steps for workstation configuration
Steps for Workstation Configuration

- General steps to set up your workstation systems

1. MAIL - install correct versions of on the server and clients.

The config files should reflect the mail environment at your site.

2. NIS - define the servers and clients. Do NOT make the NIS domain name

the same as your Internet domain name.

3. NFS - define the servers and clients.

4. Userids - Make sure all UID, GID values are unique across your ENTIRE

network. Use Kerberos for more secure control. Use PID for UID

value if possible. Require your users to get a PID first.

5. Encryption - Kerberize/ssh/PGP login, passwd, ftp, any application

programs. Define the Kerberos/SSH master, slave and client


6. NTP - install NTP daemon on all machines to synchronize system clocks.

Copyright 1999, Marchany

steps for workstation configuration10
Steps for Workstation Configuration

7. Install TCP wrappers - decide on the level of monitoring/restriction that

is appropriate for your site.

8. SYSLOGS - modify syslog.conf files on machines to log what you want and

route the logs to some central machine.

9. UNIX Software Consortiums - The CC maintains Unix software consortiums

(Site Licenses) that provide you with OS

and compilers for “free” to you. Check for more information.

10. Printer configuration - Best to use HP network printers. Use the JetAdmin

utility (provided free by HP) to manage these


11. Third Party Software - install software in common areas.

12. License Software - install FLEXLM clients/server code.

Copyright 1999, Marchany

high level checklist i
High Level Checklist - I

1. Major Areas to consider

- System Checklist

- Superuser Access

- Login/password/user administration

- Monitoring suid/sgid programs

- System/User file/directory permissions

2. Hardware Inventory

- Record serial numbers of all systems, peripherals, network interfaces,

personnel access privileges.

- Bootable tapes/CD? A set for each system and where are they stored?

- Is an install server available? Where is it? Where is the boot server?

Copyright 1999, Marchany

high level checklist ii
High Level Checklist - II

3. Software Inventory

- get kernel information

- list system software products that are installed on the system (pkginfo)

- list system configuration information (sysdef, prtconf, sysinfo)

- list machine name, node name, OS release, OS version (uname -a)

- list the machine architecture

- list all the hardware the OS thinks is connected to the system (prtconf, sysinfo)

- list NFS status

- list inet services available on each machine (/etc/inetd.conf)

- list host table entries (/etc/hosts)

- list nameserver entries (/etc/resolv.conf)

- list network status (netstat -a, netstat -nr)

- list user/group definitions (/etc/group)

- list passwd information (/etc/passwd, /etc/shadow)

- list shadow passwd information (/etc/shadow)

- search for /etc/hosts.equiv, /.rhosts, /etc/hosts.lpd

- determine what internet services are provided (/etc/inetd.conf, /etc/services)

Copyright 1999, Marchany

high level checklist iii
High Level Checklist - III

- Software Inventory (cont'd)

- NFS/NIS subsystems - active? server? client? (ps -ef |grep nisd)

- what directories are exported? What directories are mounted? (/etc/dfs/dfstab)

which ones come up at boot? (/etc/vfstab)

- what systems are exporting directories (showmount -e)

- what is the NIS domain name? (domainname, /etc/domainname)

4. Superuser access

- list of users who have root access

- su command audited?

- crontab file permissions?

- can root login directly?

- where is the sulog?

- what users have root privileges?

Copyright 1999, Marchany

high level checklist iv
High Level Checklist - IV

5. Login/password/user administration

- what are the default password characteristics? Length? TTL? (/etc/default/*)

- How do you handle initial passwords?

- review passwd, shadow passwd files

- NIS? If so, check master passwd file. This could defeat shadow passwd.

- Idle timeout feature enabled?

- what is the adduser procedure? audit trail?

- what is the removeuser procedure? audit trail? file removal? NIS db?

- is the system running Kerberos?

- when was the last login for a user?

6. SUID/SGID programs

- review all suid/sgid programs owned by root, daemon, bin or the groups

bin, kmem, mail.

- compare against initial checklist

- minimum permission: 511

- maintain updated list of ALL suid/sgid programs

Copyright 1999, Marchany

high level checklist v
High Level Checklist - V

6. System/user file/directory permissions

- system dir permissions should be minimum: 755

- system dirs used by root should be owned by root

- UUCP, cron table, syslogs, system source code should be closed

to general users.

- monitor checksums for: login, su, passwd, cu, crypt, tip, rlogin

- check device file permissions for disk, tape, network, ttys. Check

device ownership

- search for hidden directories, check all hidden files (.files)

- find all writable directories

- check user home dirs for minimum permissions: 710. Check .login,

.profile permissions

- what is the default umask?

- what are default X setup commands?

- find all unowned files

- check all 'at' jobs owned by root and verify their function

- restrict r-command usage

Copyright 1999, Marchany

high level checklist vi
High Level Checklist - VI

7. General Steps

- - check /etc/host minimum permission: 660

- Eliminate .netrc files

- verify active inetd services. Actively monitor or restrict rshd, rlogind,

tftpd, rlogin, rcp, rsh, tftp, trpt.

- use netstat -p tcp to check for failed network connections

- enable logging on ftp accesses (in addition to TCP wrappers)

- set permission of exported directories to be as limited as possible

- OS audit tools in place? what are the audit classes? where is the

audit log?

- create checklist of all files in the system on a periodic basis.

- monitor any attempt to change IFS in .profile or .login files

- use 'strings' command to check any suspicious files. Use it to check

dbms files.

- Are syslogs routed to a central machine? Are syslogs archived?

Copyright 1999, Marchany

high level checklist vii
High Level Checklist - VII

- General Information (Cont'd)

- is NTP running on the machine? where are the config files?

- what are the Incident Response Team duties? who's on it?

- are NFS netgroups used? how are they organized? who maintains


- NIS mail aliases? how often are they monitored?

Copyright 1999, Marchany

boot shutdown overview
Boot/Shutdown Overview
  • When to boot
    • After installing new HW
    • powerfail
  • Shutdown commands: init, shutdown
  • Servers
    • Use shutdown command. It notifies users.
  • Systems
    • Use init or shutdown to do a clean shutdown

Copyright 1999, Marchany

solaris 8 installation i
Solaris 8 Installation I
  • Preparing to Install
    • Determine System Type
      • OS Server - typically an NIS or NFS server
      • Standalone - has local disks (standard)
    • Determine Required HW
      • 32MB RAM, 500MB disk
    • How much of Solaris do you want to install
      • Core - min. software needed to run the OS
      • End User - Core+Openwindows
      • Developer - EndUser+lib, man pages.
      • Entire - the whole thing. Recommended.

Copyright 1999, Marchany

solaris 8 installation ii
Solaris 8 Installation II
  • 3 Types of Installation
    • JumpStart - basic factory install. Not recommended because the default partition sizes are too small.
    • Interactive - You boot and configure the system. GUI menus guide you thru the whole process. Recommended .
    • Custom JumpStart - You boot and identify what type of system you have. The boot server loads a predefined version of the OS. Recommended for lab environments.
  • You can set up a single system to be a Boot/Install Server. This speeds up installation times (20 minutes). The Boot server must be on the same subnet as the target. The Install Server doesn’t have to be. A single system can be a Boot and Install server.

Copyright 1999, Marchany

solaris 8 installation iii
Solaris 8 Installation III
  • Need to know this before installation
    • hostname - use fully qualified if not in NIS mode
    • network connectivity - primary network i/f, IP addr.
    • Type of Name service to be used -
      • NIS, NIS+, other (DNS) - use DNS to resolve hostname not NIS.
    • domain name - NIS domain name
    • DNS server IP addr., IP host name
    • Subnet mask, netmask, time zone,
    • Which software group to install? End user, Developer, Entire, entire + OEM support. Recommend last one since you can always remove software later.

Copyright 1999, Marchany

solaris 8 installation iv
Solaris 8 Installation IV
  • More Need to know stuff
    • What disks to install Solaris?
    • Auto-layout the FS? No, since the defaults are never big enough. Lay them out manually.
    • Preserve existing data? Recommend initial installation. Backup/restore system specific stuff.
    • Accept the FS layout
    • Mount remote FS? Can do this later.
    • Reboot after installation? Also, pick the root password.
  • Sample Custom Jumpstart Installation
    • Sample site: 2 subnets, 1 in the CC, 1 in EE
    • The CC has the install/boot server, EE has a boot server

Copyright 1999, Marchany

solaris 8 installation v
Solaris 8 Installation V
  • Create a JumpStart Dir
    • holds the JumpStart installation files. Copy the template from the Solaris installation CD.
    • cp -r /export/Solaris_2.6/Misc/jumpstart_sample /jumpstart
  • Share the JumpStart Dir
  • Create the CC profile
    • Create /jumpstart/cc_profile. Specify in this file the install_type, system_type, partitioning, cluster and swap FS
    • Create /jumpstart/ee_profile with similar info.
  • Edit /jumpstart/rules
    • specify the subnet and rules file that applies to it

Copyright 1999, Marchany

solaris 8 installation vi
Solaris 8 Installation VI
  • Execute the check script to verify rules syntax
    • cd /jumpstart
    • ./check
    • check creates a rules.ok file.
  • Setup the CC systems for installation
    • Setup the install server to download the appropriate OS
    • cd /export/install
    • ./add_install_client -c server:/jumpstart host_cc sun4c
  • Setup the CE systems for installation
    • ./add_install_client -c server:/jumpstart host_ee sun4c
  • Boot the systems and install the OS
    • from the OK prompt, enter: boot net - install

Copyright 1999, Marchany

solaris patch administration
Solaris Patch Administration
  • Sun releases patches regularly
  • You MUST maintain current patch levels. Review Solaris Patch Report available from Sunsolve.
  • Determine Patch Status:
      • showrev -p shows all applied patches
      • pkgparam pkgid PATCHLIST shows patches applied to the package pkgid

Copyright 1999, Marchany

solaris patch administration26
Solaris Patch Administration
  • Use the patchadd, patchrm commands to install or remove patches
  • These commands replace installpatch, backoutpatch commands
  • They cannot be used for Solaris 1 systems

Copyright 1999, Marchany

solaris patch administration27
Solaris Patch Administration
  • Patches are available from
  • Hackers read the Patch Reports. You must install the recommended and security patches!

Copyright 1999, Marchany

solaris 8 sys unconfig
Solaris 8 - sys-unconfig
  • Use when you need to change the host name of the machine.
  • Use when you move a machines from one building to another.
  • It wipes out all of the pertinent host/TCP/IP control files
  • It restore the system to the out-of-box state BUT it does NOT affect any user data files! It only modifies the TCP/IP pertinent files.
  • Run the command, it will shutdown the system when it’s finished.
  • You’ll be asked to re-enter the new TCP/IP info at the next reboot.

Copyright 1999, Marchany

solaris software administration
Solaris Software Administration
  • Installing, removing software from standalone systems, servers
  • Software is delivered in packages.
    • A collection of files/dirs in a defined format
    • Format: Application Binary Interface (ABI), a supplement to the System V Interface Definition
  • Pkgadd, pkgrm commands add/remove packages
  • Pkginfo commands lists the software installed on the system
  • Admintool is the GUI I/F
  • Adding a Package
    • Pkgadd uncompresses, copies files from the installation source to a local system disk
    • Log info is stored in /var/sadm

Copyright 1999, Marchany

solaris software administration30
Solaris Software Administration
  • Package Naming Convention - Sun products begin with SUNW, 3rd party packages use their own prefix (hpnp)
  • Most Sun software packages tell where they are installed
    • Example: SUNWvolr is installed in /. The “r” stands for root. SUNWvolu is installed in /usr
  • Best way to determine where it’s installed
    • Look in the SUNW_PKGTYPE parm which is set in the package’s pkginfo file
  • Some Sun Packages (compilers) install in /opt
  • Always use pkgrm to remove software
  • Set up a spool directory if you want to install from it.
    • Pkgadd -d device -s spooldir pkgid …….

Copyright 1999, Marchany

solaris 8 boot process
Solaris 8 - Boot Process
  • The Boot Process
    • BOOT PROM Phase
      • Runs self-test diagnostics
      • Loads the bootblk program. This program loads the secondary boot program located in the ufs on the default boot device.
      • Loads the ufsboot program which loads the kernel
      • Kernel is initialized
      • Loads modules needed to mount /
    • INIT Phase
      • Kernel starts the init process
      • The init process starts the rc scripts

Copyright 1999, Marchany

solaris 8 boot process32
Solaris 8 Boot Process
  • Run Levels Determine System State
      • 0 - halt state
      • 6 - reboot
      • 3 - all system services w/networking
      • 1 - single user
  • 3 types of boot
      • Interactive - you tell it where/which type
      • Reconfiguration - after adding/deleting HW
      • Recovery - hung system

Copyright 1999, Marchany

solaris 8 boot process33
Solaris 8 Boot Process
  • System Run Levels (who -r)
    • AKA init state, tells what services/resources are available to users
    • 0 - shutdown state, safe to power off system
    • 1 - single user, the term you issued this command becomes the system console
    • 2 - multiuser - all services except NFS server, syslog
    • 3 - multiuser - normal run state, all services available
    • 4 - alternate multiuser - N/A
    • 5 - power-down state, - like 0 but will power off automatically
    • 6 - reboot - go to level 0 then level 3 or whatever level is the default in /etc/inittab
    • S, s - single-user

Copyright 1999, Marchany

solaris 8 etc inittab
Solaris 8 - /etc/inittab
  • /etc/inittab contains a list of processes to start , monitor or restart whenever the system boots or changes run levels.
  • Format: ID:Run-level:ACTION:PROCESS
    • ID - unique identifies for the entry
    • RUN-level - run level the system must be to run the process
    • ACTION - keyword defines how the process is to be run
      • Initdefault - first process to run
      • Sysinit - special initializations that must be run before logins
      • Powerfail - run process only during powerfail cycle
      • Wait - wait for process to finish before starting next one
      • Respawn - restart it if it’s not there. OW, continue
    • PROCESS - the actual command to execute

Copyright 1999, Marchany

solaris 8 run level 3
Solaris 8 - Run Level 3
  • What Happens When Moving to Run Level 3
    • Init is started. /etc/default/init contains the environment variables.
    • Init reads /etc/inittab to find the initdefault entry and run it
    • Init reads /etc/inittab to run any processes that have sysinit in the the action field. Any initializations that need to be run before users login are run now.
    • Init read /etc/inittab to run any processes that have 3 in the rstate field.
    • Commands that can be run at run level 3
      • /usr/sbin/shutdown - run only if init has received the powerfail signal
      • /sbin/rc2 - defines the TZ, starts standard system processes, moves to run level 2
      • /sbin/rc3 - starts NFS resource sharing
      • /usr/lib/saf/sac -t 30 - starts port monitors, UUCP network access
      • /usr/lib/saf/ttymon - starts the ttymon process that monitors the console for login attempts. Restarted if it fails.

Copyright 1999, Marchany

solaris 8 run level scripts
Solaris 8 - Run Level Scripts
  • Each run level has a set of scripts in /sbin. (rc0, rc1, rc2, rc3, rc5, rc6, rcS.
  • For each /sbin/rcX script, there’s an /etc/rcX.d directory that contains the scripts used in that run level. /etc/init.d files are linked to the corresponding /etc/rcX.d dirs.
  • Scripts are run in ascii sort order. Names are of form: KXXname or SXXname where xx is the numeric order the process is run and S denotes a process startup script, K denotes a process kill script.
  • Adding an RC script
    • Add the script to /etc/init.d - cp FN /etc/init.d
    • Create links to appropriate /etc/rcX.d - cd /etc/init.d; ln FN /etc/rc2.d/SxxFN; ln FN /etc/rcn.d/KxxFN
  • Removing an RC Script
    • Cd /etc/rcX.d; mv FN .FN

Copyright 1999, Marchany

solaris 8 rc script actions
Solaris 8 - RC Script Actions
  • /sbin/rc0 - /etc/rc0.d
    • Stops system services, daemons
    • Terminates all running processes
    • Unmounts all filesystems
  • /sbin/rc1 - /etc/rc1.d
    • Same as /sbin/rc0
    • Brings the system up to single-user mode
  • /sbin/rc2 - /etc/rc2.d
    • Mounts all local FS
    • Enables disk quotas if 1 FS was mounted w/quota option
    • Saves vi temp files in /usr/preserve
    • Removes any files in /tmp
    • Rebuilds device entries for reconfiguration boot
    • Configures system accounting

Copyright 1999, Marchany

solaris 8 rc script actions38
Solaris 8 - RC Script Actions
  • /sbin/rc2
    • Configures the default router
    • Sets NIS domain and ifconfig netmask
    • Reboots the system from install media or boot server if either /.PREINSTAL or /AUTOINSTALL files exis
    • Starts inetd, rpcbind, named
    • Starts Kerberos client, kerbd
    • Starts either NIS (ypbind) or NIS+(rpc.nisd)
    • Starts keyserv, statd, lockd, xntpd, utmpd
    • Mounts all NFS entries
    • Starts ncsd (name service cache daemon)
    • Starts automount, cron, LP, sendmail, utmpd, vold

Copyright 1999, Marchany

solaris 8 rc script duties
Solaris 8 - RC Script Duties
  • /sbin/rc3 - /etc/rc3.d
    • Clean up sharetab
    • Start nfsd
    • Start mountd
    • If the system is a boot server, starts rarpd, rpc, bootparamd, rpld
    • Starts snmpdx
  • /sbin/rc5 - /etc/rc0.d
    • Kills the printer and syslog daemons
    • Unmounts local and NFS FS
    • Stops NFS server and client processes
    • Stops NIS, RPC and cron services
    • Kills all active processes and initiates an interactive boot

Copyright 1999, Marchany

solaris 8 rc script actions40
Solaris 8 - RC Script Actions
  • /sbin/rc6 - /etc/rc0.d
    • Runs the /etc/rc0.d/K* scripts to stop system processes
    • Kills all active processes
    • Unmounts all FS
    • Runs the initdefault entries in /etc/inittab
  • /sbin/rcS - /etc/rcS.d
    • Set up a minimum network
    • Mount /usr
    • set the system name
    • Mounts /proc and /dev/fd
    • rebuilds the device entries for reconfig boots
    • Mounts FS needed for single user mode

Copyright 1999, Marchany

solaris 8 boot process41
Solaris 8 Boot Process
  • Reconfiguration Boot
    • Adding new devices (tape drives, disk drives, etc.)
      • Su
      • Add the device driver
        • Load driver CD/tape
        • Pkgadd -d devicename package-name
    • Touch /reconfigure
      • If you don’t do this, use the boot -r console command
    • Shutdown the system
      • Shutdown -i0 -gX -y
    • Determine the SCSI address of connected devices
      • Ok> probe-scsi-all
      • Make sure you have an available SCSI address
    • Install new device with proper SCSI address set

Copyright 1999, Marchany

solaris 8 reconfig boot
Solaris 8 - Reconfig Boot
  • Adding a Peripheral
  • Power up all peripherals. Power up the CPU unit last
  • From the OK prompt, enter: probe-scsi-all
  • If ok, enter: boot -r or boot (if you created /reconfigure)
  • Adding a disk drive\
    • System Disk - contains / and /usr
    • If damaged, two ways to recover
      • Reinstall entire OS from CD
      • Replace system disk and restore from backups

Copyright 1999, Marchany

solaris 2 5 boot process
Solaris 2.5 Boot Process
  • Using the Boot Prom
    • Use STOP-A keys to get boot prompt
          • 2 types of prompt (OK, >). Use the ‘n’ command to get the OK prompt
    • How to find out the PROM release level
      • banner
    • Changing the Default Boot Device
      • probe-scsi-all prints all SCSI device #’s
      • setenv boot-device disk[n]
      • printenv boot-device to verify the change
      • reset saves the new information

Copyright 1999, Marchany

solaris 8 boot process44
Solaris 8 Boot Process
  • Run Level 3 (normal) Boot
    • boot
  • Single User Boot
    • boot -s
    • Must enter root password to complete boot
  • Interactive Boot
    • boot -a
      • Need to know the kernel FN, kernel dir, kernel config file, root file device name

Copyright 1999, Marchany

solaris 8 boot process45
Solaris 8 Boot Process
  • Recovery Boot
    • Use when critical file (/etc/passwd) dies
    • Must use Solaris Install CD
    • Mount the CD then: boot cdrom -s
    • mount the problem disk: mount <dev> /a
    • cd /a/<problem dir>
    • Set term type: export TERM=sun
    • Remove the invalid entry
    • cd / ; umount /a; init 6

Copyright 1999, Marchany

solaris 8 shutdown
Solaris 8 - Shutdown
  • Shutdown commands
    • /usr/sbin/shutdown, init (0 1 2 3 6 S s), reboot, halt
  • Rebooting the system
    • /usr/sbin/shutdown -i6 -gX -y
  • Shutdown the system
    • init 0
    • /usr/sbin/shutdown -i0 -gX -y

Copyright 1999, Marchany

solaris 8 disks i
Solaris 8 Disks I
  • format Utility
    • main tool for maintaining, partitioning disks
      • Searches for all attached disk drives
      • Analyzes, repairs, formats, partitions, labels disks
      • When to use?
        • Display partition info, partition a disk
        • Adding a drive to the system
  • prtvtoc command
      • use to read the disk label. This contains partition information.

Copyright 1999, Marchany

solaris 8 disks ii
Solaris 8 Disks II
  • 1 filesystem/partition unless you use the DiskSuite facility. Solaris calls disk partitions: disk slices.
  • Name Format: cXtYd0sZ
    • CX - disk controller X, tY - SCSI id Y, sZ - slice Z
  • Solaris numbers partitions rather than lettering them. 0-7 -> a-h
  • Default Partitions:
    • 0 - root Kernel, OS files/dirs
    • 1 - swap Solaris swap space
    • 2 - the whole disk, use in non-system
    • 3 - /export used for server systems

Copyright 1999, Marchany

solaris 8 disks iii
Solaris 8 Disks III
  • Default disk partitions (cont’d)
    • 4 - /export/swap - used for diskless clients
    • 5 - /opt - Solaris unbundled software
    • 6 - /usr - system executables
    • 7 - /home - user home dirs
  • Multiple disk configuration
    • split system disk from user/data disk
    • makes recovery simpler
    • can add multiple swap space to improve perf.

Copyright 1999, Marchany

solaris 8 disks iv
Solaris 8 Disks IV
  • Partition Fields
    • Number - partition/slice number
    • tag - usually FS name
    • flags - wm - writable & mountable - wu - writable & umountable (defines swap) - rm - R/O, mountable
    • Cylinders - start/end cylinder #
    • size - partition size in Mb
    • blocks - total # cyls, blocks in slice

Copyright 1999, Marchany

solaris 8 disks v
Solaris 8 Disks V
  • Administering disks
    • Identify the disk - format
    • Format the disk - format/select/format
    • Display partion/slice info - format/select/partition/print
    • Label the disk - format/select/type/select/label
    • Repair a disk - format/select/repair

Copyright 1999, Marchany

solaris 8 disks vi
Solaris 8 Disks VI
  • Some formatting tips
    • you must do a boot -r after adding any new HW so Solaris will recognize it for format.
    • Use format -M for extended, diagnostic messages
    • to label multiple disks with the same geometry (disk towers):
      • for i in X Y Z; do; prvtoc /dev/rdsk/XXX | fmhard -s - /dev/rdsk/cnt${i}d0s2; done

Copyright 1999, Marchany

solaris 8 disks viii
Solaris 8 Disks VIII
  • Adding a System or secondary disk
    • Connect the HW, boot -r or boot CDROM (system disk)
    • Partition the disk
    • Create FS
    • Restore FS
    • Install Boot Block (system disk)

Copyright 1999, Marchany

solaris 8 disks ix
Solaris 8 Disks IX
  • Connecting a System Disk
    • Remove damaged disk
    • Add new disk
    • boot cdrom -s (local CDROM boot, single user)
    • boot net -s (network boot, single user)
  • Connecting a Secondary Disk
    • Connect HW
    • boot -r

Copyright 1999, Marchany

solaris 8 disks x
Solaris 8 Disks X
  • How to install a boot block
    • good idea to have an alternate boot disk
    • /usr/sbin/installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/cNtNd0s0
      • Example: installboot /usr/platform/sun4u/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0
    • reboot the system
      • Init 6

Copyright 1999, Marchany

solaris 8 volume mgt
Solaris 8 Volume Mgt.
  • Volume Mgt daemon (vold) provides access to CDROM, Floppies under the /vol/dev mount point.
    • Diskettes: /vol/dev/[r]disketteX
    • CDROM: /vol/dev/[r]dsk/c0t6
      • CD Drive is at SCSI id 6 by default.
  • 2 Special Mount points
    • /cdrom
    • /floppy

Copyright 1999, Marchany

solaris 8 volume mgt57
Solaris 8 Volume Mgt.
  • 2 sets of symbolic links
    • File System Access
      • /floppy/floppy0->/floppy/name-> /vol/dev/diskette0/name
      • /cdrom/cdrom0->/cdrom/name-> /vol/dev/dsk/c0t6/CD-name
    • Raw Device Access
      • /vol/dev/aliases/floppy0-> /vol/dev/rdiskette0/name
      • /vol/dev/aliases/cdrom0-> /vol/dev/rdsk/c0t6/CD-name

Copyright 1999, Marchany

solaris 8 volume mgt58
Solaris 8 Volume Mgt.
  • Configuring Volume Mgt
    • Starting vold
      • Remove all CDROM, floppy disks
      • su
      • /etc/init.d/volmgt start
    • Stopping vold
      • su
      • /etc/init.d/volmgt stop

Copyright 1999, Marchany

solaris 8 volume mgt59
Solaris 8 Volume Mgt
  • Formatting/Using Floppies
    • General steps
      • Load unformatted Diskette
      • Format diskette
      • Add a UFS filesystem
      • Eject the diskette
  • Solaris 8 can format diskettes for Solaris or MS-DOS use.

Copyright 1999, Marchany

solaris 8 volume mgt60
Solaris 8 Volume Mgt
  • Formatting a UFS diskette
    • quit File Manager
    • Write-enable the diskette, load it
    • Enter: fdformat -v -U <options>
      • a series of dots show formatting progress
      • a series of V’s under the dots show verification.
    • Diskette is ready for tar, cpio or DOS
  • Creating the UFS
    • volcheck -v; newfs -v /vol/dev/aliases/floppy0; eject floppy; volcheck -v

Copyright 1999, Marchany

solaris 8 diskette summary
Solaris 8 - Diskette Summary

To Access Insert Find the Files In

Files on diskette diskette /vol/dev/aliases/floppy0

Enter: volcheck

Raw Data diskette /vol/dev/aliases/floppy0

Enter: volcheck

CD Files CD /cdrom/cdrom0

Copyright 1999, Marchany

solaris 8 ntp setup
Solaris 8 - NTP Setup
  • Steps
    • Create /etc/inet/ntp.conf
      • server version 3
    • /etc/init.d/xntpd start
  • You can add additional server lines in ntp.conf. is the other master timeserver on campus.
  • NTP is used to time stamp syslogs and any other applications that requires time synchronization

Copyright 1999, Marchany

solaris 8 dns setup
Solaris 8 DNS Setup
  • DNS
    • Edit /etc/nsswitch.conf, change the “hosts” field to “dns files”
    • Know what your local DNS server address is.
      • See
    • Create /etc/resolv.conf
      • add the following fields
        • domain
        • nameserver
        • nameserver
    • done

Copyright 1999, Marchany

solaris 8 sendmail setup
Solaris 8 Sendmail Setup
  • Solaris 8 ships with Sendmail 8.11.6
  • Use later versions available via anonymous ftp from
  • This kit contains the cf files, sendmail 8.11 binaries and install, backout scripts

Copyright 1999, Marchany

solaris 8 filesystems i
Solaris 8 Filesystems I

1. A Unix filesystem is a collections of directories and files.

2. Solaris supports 3 filesystem types: Disk-based, Network-based, pseudo.

3. Typical sysadmin filesystem duties include: making local/remote

filesystems available to users, connecting/configuring new disks and

making them available to the filesystem, designing/implementing a

filesystem backup schedule, checking/correcting filesystem damage.

4. Disk-based filesystem types:

UFS - Unix File System based on BSD fast file system in BSD 4.3.

Default filesystem type used by Solaris 2.3.

HSFS - CD-ROM filesystems: High Sierra, ISO9660 (official standard

version of High Sierra), ISO9660 with Rock Ridge extensions

which allow UFS structures (R/O) on a CD. 3rd party software

may be sent in one of these formats so ASK!

PCFS - PC file system allows R/W access to DOS diskettes.

Copyright 1999, Marchany

solaris 8 filesystems ii
Solaris 8 - Filesystems II

5. Network based filesystems use NFS (Network File System) protocols.

6. Pseudo Filesystems are virtual/memory based filesystems used by

Solaris and not by the sysadmin/users. Example: swap space.

7. TMPFS (TeMPorary File System) uses swap space to store temporary files.

This is defined by the /tmp filesystem. Files in here are NOT permanent and

are lost when the system is rebooted/shutdown. TRADEOFF: large /tmp

takes away from swap space that can be used by programs so you can

take a performance hit.

8. Process Filesystem (PROCFS) resides in memory and contains a list

of active processes in the /proc directory. Debuggers use this FS to

get info on a process. Do NOT delete this FS!

Copyright 1999, Marchany

solaris 8 filesystems iii
Solaris 8 - Filesystems III

1. Filesystem Administrative commands:

clri - clears inodes

df - display disk usage, free blocks and mounted filesystems.

ff - list file names and stats for a file system.

fsck - filesystem check and repair program.

fsdb - filesystem debugger.

fstyp - determines the FS type.

labelit - lists/provides labels for the FS when copied to tape. Used

by the 'volcopy' command only.

mkfs - make a new FS

mount - mount a FS to make it available to the users

mountall - mount all the FS listed in /etc/vfstab

ncheck - generate a list of path names with their inode numbers.

umount - unmount a FS. Makes it unavailable to users.

umountall - unmount the FS listed in /etc/vfstab.

volcopy - makes an image copy of a file system.

use man command for more info. To get info on a specific FS type:

man command_FStype EX: man mount_ufs

Copyright 1999, Marchany

solaris 8 filesystems iv
Solaris 8- Filesystems - IV

1. To find out FS type:

- look in FS Type field of /etc/vfstab

- look in /etc/default/fs to see default local FS type

- look in /etc/dfs/fstypes to see default remote FS type

- look in /etc/mnttab for mounted FS type info

- Enter: devnm <mount-point> and use the fstype <raw-devicename>

command (must be root to do this)

2. Default Solaris 8 FS( FS types):

/ - (UFS) the root directory. Critical system files (kernel /kernel/unix),

device drivers, boot programs.

/etc - (NFS) sysadmin configuration files. FS type is UFS if you select

STANDALONE or SERVER during Solaris 8 installation.

/usr - (UFS) system files/commands, directories that can be shared with

other users. Man pages are stored here.

/home - (NFS) user home directories. Can be UFS if you select SERVER or

STANDALONE during Solaris 8 installation.

Copyright 1999, Marchany

solaris 8 filesystems v
Solaris 8- Filesystems V

- Default Solaris 8 Filesystem, FS types (Cont'd)

/var - (UFS) contains system logs, accounting logs, vi backup files.

/opt - (NFS) default location of compilers, 3rd party software. Can


makes it too small so you should select CUSTOM INSTALL

to make a bigger one.

/tmp -(TMPFS) temporary files that are cleared on reboot.

/proc -(PROCFS) list of active processes on the system.

/, /usr are needed to run a system.

- More on UFS

- the default Solaris 8 FS

- can be up to 1 Tbyte in size but Solaris 8 does NOT provide 'striping'

to allow this. You need DiskSuite package to do this.

Individual files can be up to 2GB in size.

Copyright 1999, Marchany

solaris 8 filesystems vi
Solaris 8- Filesystems - VI

- UFS Planning and Strategies

1. Total size: 1 TByte if you use Online:Disksuite, otherwise as big as

the slice you allocated for it.

2. Maximum File Size: 2Gbyte

3. Maximum number of files: depends.... # of inodes determines this.

Default: 1 node / 2K of data. # of inodes

is defined by the -i option of 'mkfs'

4. Types of UFS Blocks:

boot block - has the boot information used by Solaris.

Superblock - has most of the FS to disk map info.

inodes - used to store all info (disk sector, etc.)

about a file except name.

Storage/data block - where the actual data resides.

Copyright 1999, Marchany

solaris 8 filesystems vii
Solaris 8- Filesystems VII

- UFS Planning/Strategies

1. Distribute the workload across I/O devices. Distribute /home, /swap

across drives as evenly as possible.

2. Keep projects/groups within the same filesystem.

3. Use as few FS per disk as possible. On the system drive, try to have

/, /usr and /swap only. /var is ok also. Of course, if you only have 1

drive .........

4. Default values for 'mkfs' command include:

default block size: 8Kb

default fragment size: 1Kb

default minimum free space: 10% of total disk capacity

Default # of inodes: 1 per 2Kb of disk space

Copyright 1999, Marchany

solaris 8 filesystems viii
Solaris 8- Filesystems VIII

- FS that are currently mounted are listed in /etc/mnttab

- FS that are mounted at boot are listed in /etc/vfstab. It has 7 fields:

Device to mount - block (/dev/dsk) device name or remote FS name

of format: Remote-server:remote-FS-name

Device to fsck - corresponding raw (/dev/rdsk) device name of 1st field

Mount Point - default mount point for the FS

FS Type - type of FS (UFS, NFS, PROCFS, etc.)

Fsck Pass - used by fsck command to determine the order in which to

check the FS on boot. A '-' means no check. NOTE: NFS

FS should have a "-' in this field. fsck can operate in parallel

so there can be multiple FS with the same pass #.

Automount? - automatically mount this FS on boot. NOT the automounter.

Mount Options - options for the mount command (RW, RO).

Copyright 1999, Marchany

solaris 8 filesystems ix
Solaris 8- Filesystems IX


1. you should create FS after:

- adding/replacing disk drives

- changing the partition map on a disk, Ex: making a FS larger

- Doing a full restore of the filesystems on the disk

- Changing other FS parameters (block size)

2. Disk must be formatted and partitioned (see 'format' command).

Syntax: newfs /dev/rdsk/device-name

3. To install boot block on a drive or make another drive an alternate boot


- select a FS to us as the bootable FS

- create it if necessary

- enter: installboot /usr/lib/fs/ufs/bootblk /dev/rdsk/device-name

Copyright 1999, Marchany

solaris 8 filesystems x
Solaris 8- Filesystems X
  • Determining a FS Type
    • df -k command
    • the FS field of /etc/vfstab
    • /etc/dfs/fstypes for remote files
    • grep <mount point> /etc/mnttab
    • devnm /<filesystem>
    • fstyp /dev/rdsk/<device name>

Copyright 1999, Marchany

solaris 8 filesystems xi
Solaris 8- Filesystems XI
  • Mount/Unmount FS
    • mount, mountall, umount, umountall
  • Mounting FS
    • mount <FS> will use info from /etc/vfstab
    • mount NFSserver:/<FS> <local mnt pt>
  • Unmounting FS
    • List & kill processes using the FS
      • fuser -c -u <mount-point> lists the process
      • fuser -c -k <mount-point> kills them

Copyright 1999, Marchany

solaris 8 swap space
Solaris 8 - Swap Space

1. Swap space partitions are used by the system when it doesn't have enough

memory to handle a current process. tmpfs FS stores files in memory and

allocates space in /tmp for swap. As you use space in /tmp, you take away swap.

2. Swap areas to be mounted at boot are defined in /etc/vfstab.

3. To look at existing swap space: swap -l OR swap -s (more useful)

4. To create additional swap space w/o reformatting the disk:

a. Create the file

- use: mkfile -v nnn[k|b|m] file name

ex: mkfile -v 1m /swap2

b. Make it available for use: swap -a filename

c. Verify it worked: swap -l

d. To make it available at boot, put an entry in /etc/vfstab BUT make sure

the FS the swap space is on is mounted first.

e. To remove swap space: swap -d filename

Copyright 1999, Marchany

solaris 8 crash dump setup
Solaris 8 - Crash Dump Setup
  • Steps
    • Create Crash Dump Directory
      • mkdir /var/adm/crash
      • cd /var/adm/crash
      • mkdir SYSTEM-NAME
    • Reserve space for crash dump files
      • Cd /var/adm/crash/SYSTEM-NAME
      • Create a file , minfree, that contains a number spcecifying the min free space that must be available for crash dumps. (in K)
        • Echo 500 > /var/adm/crash/dock/minfree
    • Enable /Disable crash dumps
      • Edit /etc/init.d/sysetup, uncomment lines that enable crash dumps, exit.
    • Examine crash dump files
      • usie (from or /usr/sbin/crash

Copyright 1999, Marchany

solaris 8 nfs i
Solaris 8 - NFS I

- Summary of NFS system management tasks

1. Start/stop NFS operation

2. Create CacheFS to improve NFS server performance

2. Sharing/unsharing (exporting FS) FS as necessary

3. Mounting/unmounting NFS directories as needed

4. Modifying administrative files (/etc/dfs/dfstab, /etc/auto_master)

5. Verifying network status

6. Diagnosing and fixing NFS problems

7. Set up automounter maps

- Summary of NFS related commands:

nfsstat, ping, netstat, pkginfo, share, shareall

Copyright 1999, Marchany

solaris 8 nfs ii
Solaris 8 - NFS II

-Setting up NFS Servers and Clients

1. Use 'pkginfo' command to make sure you have installed the following:

Remote Procedure Call (RPC) Utilities, Network Support Utilities,

TCP/IP Utilities, DFS Administration Utilities.

2. If you don't have them, install them using the 'pkgadd' command.

3. To START NFS server: sh /etc/init.d/nfs.server start

client: sh /etc/init.d/nfs_client start

NOTE: this is usually done automatically at boot by the RC scripts.

4. To STOP NFS server: sh /etc/init.d/nfs_server stop

client : sh /etc/init.d/nfs_client stop

5. Set up automatic sharing (export): edit /etc/dfs/dfstab, add entries, run

'shareall' command, verify by 'showmount -a' command.

6. Set up automatic mounting by placing entry in /etc/vfstab

Copyright 1999, Marchany

solaris 8 nfs iii
Solaris 8 - NFS III

- the 'share' command is used to make dirs available for NFS export.

Remember the unique UID/GID is important for security. Command options:

-o indicates more options follow

rw indicates R/W access to directory except those defined by ro=<hosts>

Can be of form rw=<hosts>. This is the DEFAULT condition.

ro indicates R/O access to the directory except those defined by rw=<hosts>

anon=uid - allows you to specify a uid for YOUR system that the CLIENT

systems root user (UID=0) will be when it's on your system.

This prevents a client root from getting your root access.

DEFAULT: client UID=0 -> server UID=60001 (nobody).

root=<hosts> - allows root on the listed hosts to BE root on your system.

NOT recommended.

Copyright 1999, Marchany

solaris 8 nfs iv
Solaris 8 - NFS IV

-Setup the Cache FS (Cache Filesystem

- general purpose FS to improve NFS server performance. Used

for heavy NFS loads, clients with slower links (PPP clients).

- the NFS server has the exported FS (Back FS).

- As the NFS clients access the Back FS, that piece is placed in

the client’s Cache FS. Initial request may be slower but later

ones will be faster.

- Steps

1. Create the Cache FS

cfsadmin -c <cache-dir>

2. Specify the FS to be mounted in the CacheFS

mount -F cachefs -o backfstype=fstype,

cachedir=cachedir[,options] <Back FS> <mnt-pt>

Copyright 1999, Marchany

solaris 8 nfs v
Solaris 8 - NFS V

3.Verify the mount worked: cachefsstat <mnt-pt>

4. Put entry in /etc/vfstab

- Specify cachefs for FS Type

- put options in the MOUNT OPTIONS field

5. Modifying a FS in the cache

- you must delete the cache, recreate it

mount FS; cfsadmin -d all <cacheFS>

cfsadmin -c <cache FS>;reboot

6. Display Cache FS info: cfsadmin -l <cache FS>

7. Deleting a Cache FS: cfsadmin -d <cache id> <cache-dir>

<cache id> is the last line of cfsadmin -l

8. Checking Cache FS Integrity: fsck -F cachefs <cache-dir>

Copyright 1999, Marchany

solaris 8 nfs vi
Solaris 8 - NFS VI

- NFS troubleshooting

1. Check to see if mountd daemon is running: ps -ef | grep mountd

2. Check to see if nfsd daemon is running: ps -ef | grep nfsd

3. If they're down, restart them from root:

/usr/lib/nfs/mountd OR /usr/lib/nfs/nfsd -a 8

4. To see if server is up: ping <server>

5. To see if server nfsd daemon is responding, enter from client:

/usr/sbin/rpcinfo -u <server> nfs

6. Check to see if server's mountd daemon is up:

/usr/sbin/rpcinfo -u <server> mountd

Copyright 1999, Marchany

solaris 8 automounter i
Solaris 8 - Automounter I

1. Accessing NFS dirs via mount uses system resources even if you're not

accessing anything in the NFS dirs. Automounter does the mount only

when needed and unmounts the NFS dir when they're not being used.

Good way to optimize the network resources.

2. Automounter does not use /etc/vfstab. It uses a series of 'maps' (direct or

indirect). The local root map is called: /etc/auto_master. If NIS is used,

information is in the MASTER map.

3. Three types of automount maps: master, indirect, direct

All are located in /etc.

4. Master map format:

mount-point map mount-options

| | |

| | Normal NFS mount options (ro, rw, nosuid, etc.)

| map name (can be indirect or direct)

where to mount the files in the map - full absolute path name.

Copyright 1999, Marchany

solaris 8 automounter ii
Solaris 8 - Automounter II

- Special cases for the mount point field

/- means use the mounts point in the map specified in the map field

/home means use /home as the local mount point for the entries in the

map called /etc/auto_home. This technique can be used to

automount home dirs in a lab situation.

/net tells automounter to look in the special map -hosts (NIS) and mount

ALL of the FS that are available for export by the machines in the map.

Easy but wasteful since it mounts ALL of the dirs and not just the one

you need.


-contains the entries that are to be mounted under the mount point.

- Special case: /etc/auto_home contains a list of users and where

their home dirs are located. When a user logs in on a machine,

automounter will mount their home dir. FORMAT:

username mount-options host:home-dir/&

Copyright 1999, Marchany

solaris 8 automounter iii
Solaris 8 - Automounter III


- simplest to use. Format is similar to /etc/vfstab.

mount-point mount-options host:dir-name

+map-name (NIS only)

- Special Case

- Multiple mounts. Example, consider the following direct map entry:

/usr/local -ro \

/bin ivy:/export/local/bin

/share dock:/export/local/share

/src -ro vtaix:/usr/local/src

This tells your system that /usr/local/bin is on machine ivy, /usr/local/share is

on machine dock and /usr/local/src is on machine vtaix. The 3 dirs are

mounted anytime a user does a 'cd' to the /usr/local tree. You may use this

scenario to access man pages on different machines.

Copyright 1999, Marchany

solaris 8 automounter iv
Solaris 8 - Automounter IV

- How does Automounter Navigate through the Maps?

- Maps are available locally or from NIS+ server.

- At Boot

- automount reads the master map,

/etc/auto_master and compares it with

the mount table, /etc/mnttab

- NOTE: it checks the server’s export list

only at mount time. Once the FS are

mounted, it doesn’t check with the server

until the server’s FS are mounted/umounted

so newly exported FS won’t be seen unless

the server does a remount.

Copyright 1999, Marchany

solaris 8 automounter v
Solaris 8 - Automounter V

The Automount Process

1. ping the server’s mount service

2. request the server’s export list, sorts them by path

name length so the mounting is done in order.

3. mounts the FS at the mount points specified in maps.

Other Info

1. Map entry: +mapname reads a map file from NIS

2. Order is determined by /etc/nsswitch.conf automount


Copyright 1999, Marchany

solaris 8 automounter vi
Solaris 8 - Automounter VI

Automount Map Maintenance

- local files: text editor

- NIS : make

- NIS+ : nistbladm

- Run automount command after 1) add/mod

auto_master, 2) add direct map

-How to modify the Master map

- Use nistbladm to make changes to map

- At each client, run automount command

Copyright 1999, Marchany

solaris 8 kernel mods
Solaris 8 - Kernel Mods
  • The Kernel config file is /etc/system
  • To display kernel parms
    • Use sysdef -i command
  • To modify a kernel parameter
    • su root
    • Edit /etc/system
      • Add line of form: set parm=value
      • Ex: set max_nprocs=500
    • Reboot the system

Copyright 1999, Marchany

solaris 8 kernel parameters
Solaris 8 - Kernel Parameters
  • Tunable UFS Parameters
    • Ufs_ninode - max size of the inode table (default= max_nprocs +16+maxusers+64)
    • Ncsize - # of dnlc (directory-name lookup cache) entries (default=max_nprocs+16+maxusers+64)
  • Tunable STREAMS Parameters
    • Nstrpush - max # of STREAMS pushes allowed (9)
    • Strmsgsz - max size for the STREAMS message a user can generate. 0=unlimited
    • Strctlsz - max size of the CTL part of a message
    • Strthresh - max size of dynamic memory the STREAMS subsytem can consume in bytes.
    • Sadcnt - # number of sad devices

Copyright 1999, Marchany

solaris 8 kernel parameters92
Solaris 8 - Kernel Parameters
  • Tunable Interprocess Communication (IPC) Parameters
    • Msginfo_msgmap - number of entries in the message map (100)
    • Msginfo_msgmax - max message size (2048)
    • Msginfo_msgmnb - max bytes on queue (4096)
    • Msginfo_msgmni - # of message queue identifiers (50)
    • Msginfo_msgssz - segment size of a message (8)
    • Msginfo_msgtql - # of system message headers (40)
    • Msgingo_msgseg - # of message segments
  • See answerbook for more info on tunable kernel parameters

Copyright 1999, Marchany

solaris 8 tcp ip i
Solaris 8 - TCP/IP I

TCP/IP Network Administration

1. Transmission Control Protocol/Internet Protocol (TCP/IP) are the network

communication protocols that are responsible for getting a packet of

of information from one host to another.

2. Unix Network administration involves setting up the standard network

config files. These files give the network daemons the info they need

to communicate to other Internet systems.

3. Generic Unix network administration commands:

netstat, ping, route, ps, ifconfig, snoop, nfsstat

4. TCP/IP related files:

/etc/hostname.leX, /etc/nodename.leX, /etc/defaultdomain, /etc/hosts,


Copyright 1999, Marchany

solaris 8 tcp ip ii
Solaris 8 - TCP/IP II


1. Hosts are defined by a hostname (your pick) and an IP address (from CNS).

Contact for your IP address. You can call it anything

you want BUT we STRONGLY suggest the following format:

| | | |

| | | mandatory. Signifies an Educational site

| | mandatory. Stands for Virginia Tech

| Optional but we suggest your dept. name (esm, cc, cs)

your machine name

2. CNS will supply you with the address of your router and subnet mask.

3. The init scripts that controls TCP/IP configuration/startup at boot is

/etc/rc2.d/S69inet, /etc/rc2.d/S71rpc, /etc/rc2.d/S72inetsvc

Copyright 1999, Marchany

solaris 8 tcp ip iii
Solaris 8 - TCP/IP III

4. Configure your hosts from the local files if you're not using NIS or NIS+.

If so, set up the network info on the NIS or NIS+ master.

- create /etc/nodename and put your host name in it.

- create /etc/hostname.<interface-name> and put either the IP address or

the hostname. <interface-name> is usually le0 for Sparcstations.

- put your hostname, IP address and aliases for your system in /etc/hosts.

Leave the entry alone. It is a special case for loopback test.

- put your domain name ( in /etc/defaultdomain.

- put the address of your default router (128.173.XX.1 where XX is your

building subnet number that is supplied by CNS) in /etc/defaultrouter.

General rule: Divide subnet field/4, truncate result, multiply by 4.

Example: IP address: -> 14/4=3.5, 3*4=12, address of


- put your subnet mask (255.255.25x.0) in /etc/netmasks.

Copyright 1999, Marchany

solaris 8 tcp ip iv
Solaris 8 - TCP/IP IV


1. /etc/hosts - contains the addres of host on our net. You should be using

the VT nameserver to resolve addresses so this file should

only have a loopback entry and one for your machine unless

3rd party software requires an entry.

2. /etc/nsswitch.conf - this files determines the search order for network

information. For non-NIS systems, change the hosts

entry from 'files' to 'dns files'. This tells the system

to query the VT nameserver (dns) first and then the local


3. /etc/netmasks - contains the list of network and netmasks. The net mask

determines which of the 32 bits apply to the network addr

and which ones apply to the host address. This number is

supplied to you by CNS.

Copyright 1999, Marchany

solaris 2 6 tcp ip v
Solaris 2. 6 - TCP/IP V

4. /etc/networks - maps network names to network numbers. Usually, no

need to modify this file since we use the nameserver.

5. /etc/ethers - maps host names to ethernet addresses. Only needed if

you use RARP for diskless machines.

6. /etc/protocols - list of the IP protocols running on the system. Created

at installation and not modified by you.

7. /etc/services - lists the TCP and UDP services and their port numbers.

Created at installation time and is only modified if you

install 3r party client/server software.

Copyright 1999, Marchany

solaris 2 6 tcp ip vi
Solaris 2. 6 - TCP/IP VI


1. Use 'netstat' command to get network information. Most frequently used

options are -s, -r, -i

netstat -s - displays per-protocol stats for TCP, UDP, ICMP and IP.

Check the error stats to see if there are problems.

netstat -i - displays I/O stats for each ethernet I/F connected to the system.

Excessive I/O errors could be a problem with the I/F. High

collision rates may be a CNS problem. Use with 'ping'

command to see if packets are leaving your system.

netstat -r - displays the IP routing table. The router directs packets

to/from your building's internal network.

2. The 'snoop' command can be used to capture network packets. BE

CAREFUL. This is a network 'sniffer' command and has a dark side.

Root users can run this but you must control root access.

Copyright 1999, Marchany

solaris 8 tcp ip vii
Solaris 8 - TCP/IP VII

4. Make sure the inetd daemon is running. Use:

ps -ef | grep inetd

to see if it is. If not, check your syslog to see any error messages and

restart it by running /etc/rc2.d/S69inet.

5. Use the 'ping' command to see if the network and remote system are up.

/usr/sbin/ping -s - continuallly sends packets to the target. Use this

to see if packets are being lost.

6. Use the 'ifconfig' command to check the ethernet I/F status.

ifconfig -a - gives the IIP address, netmask, broadcast,

and ethernet address for all of the ethernet

I/F connected to your system.

Copyright 1999, Marchany

solaris password file fields
Solaris Password File Fields
  • /etc/passwd
      • username - 2-8 chars
      • password - contains an X.
      • UID - user identification number
      • GID - group identification number
      • Comment - Full name of the user
      • Homedir - location of the user’s home directory
      • shell - default login shell

Copyright 1999, Marchany

solaris shadow password file
Solaris Shadow Password File
  • /etc/shadow
      • username - user name
      • password - encrypted password. LK - locked, NP - no password for the account
      • lastchg - # days between 1/1/70 and the last password change
      • min - min. # days between password changes
      • max - max. # days the password is valid
      • inactive - # days an account can be inactive before it’s locked.
      • expire - date account expires

Copyright 1999, Marchany

customizing user environment
Customizing User Environment
  • Sets up the user environment at login
    • Default User Environment Templates are: /etc/skel/local.login, /etc/skel/local.cshrc, /etc/skel/local.profile


Bourne $HOME/.profile Sets env. at login

C $HOME/.login “ “

$HOME/.cshrc Sets env. for all

shells after login

Korn $HOME/.profile Sets env. at login

Copyright 1999, Marchany

the user add process
The User Add Process
  • Customize User Initialization file in /etc/skel
  • Add groups
  • Set User Account Defaults
  • Add the User Account
  • Share the User Home Directory (option)
  • Mount the User Home Directory

Copyright 1999, Marchany

user maintenance process
User Maintenance Process
  • Modify a group
  • Delete a group
  • Modify a User Account
  • Delete a User Account
  • Disable a User Account
  • Change a User Password
  • Change User Password Aging

Copyright 1999, Marchany

solaris 8 setting up users i
Solaris 8 Setting Up Users - I

1. Default User Account Policy

- Must abide by the VT Acceptable Use policy (, handbooks)

- good idea to keep a form since sysadmins change frequently.

- Assign the user to a group

2. Usernames

- keep the same username across machines. Try for 1 username,

1 user rule. Some exceptions: syadmin accounts.

SUGGESTION: make the username the same as the PID.

- RULES: 2-8 letters/numerals with the first character being a letter.

At least 1 character must be lowercase, no underscores.

Copyright 1999, Marchany

solaris 8 setting up users ii
Solaris 8Setting up Users - II

3. UID - User IDentification code. This is how the OS identifies a user,

NOT by the username. Must be unique. See below.


- UID range: 0<UID<60000 but 0-99 are reserved for non general

users. ANY username with UID=0 is ROOT! UID 1 is reserved for

'daemon', UID 2 is reserved for 'bin'

- UID 60001 is reserved for the 'nobody' account (NFS,FTP).

UID 60002 is reserved for the 'noaccess' account.

- UID must be unique across campus to avoid NFS security

problem. One way to assure this is to require your users to get

a VT PID and use that PID number as the Unix UID on your system.

ADVANTAGE: no paperwork on your part since the CC has the PID

forms. Unique UID guaranteed across campus.

DISADVANTAGE: user has to do the footwork to get a PID first.

Copyright 1999, Marchany

solaris 8 setting up the user iii
Solaris 8 Setting Up the User - III

5. Before adding new users, check to make sure UIDs aren't in use.

(unless you use the PID=UID rule.....hint!)

6. Group ID (GID) should be unique also but you can't use the PID rule here.


- Range: 0<GID<60002

- GID 0 is root. GID 60001 is 'nobody', GID 60002 is 'noaccess'

- Customary range is 100-60000

- Default is GID 1 (other). Group name-GID map is /etc/group file.

7. User information is stored in:

- NIS+ tables: Password field, shadow field

- NIS maps: passwd map

- local /etc/files: /etc/passwd, /etc/shadow........most common


add/change/modify users.

Copyright 1999, Marchany

solaris 8 setting up the user iv
Solaris 8 Setting up the User - IV

-Setting up Groups

- info stored in NIS map (group), NIS+ table (Group) or /etc/group

- User must belong to at least 1 group but they can belong to 16 groups


- Use 'groups' command to see the group list for a user.

- Users can change to their other groups via the ' newgrp' command.

- FS access privileges are determined by the PRIMARY group.

- 3 fields in /etc/group:

Group Name, Group password, GID, member list

Group password is NOT used. If there is a password defined in this

field, newgrp will prompt the user for it BUT there's no utility to SET

the password. Go figure.....this is a relic from old Unix.

- Default group names: root, other, bin, sys, adm, uucp, mail, tty, lp,

nuucp, staff, daemon, nobody, noaccess.

Copyright 1999, Marchany

solaris 8 setting up the user v
Solaris 8 Setting up the User - V

- General steps BEFORE adding the user. Edit the system-wide user initialization

files. These files define environment variables, display the MOTD, sets the

default umask, etc. The MOTD is in /etc/motd.

1. su

2. Edit /etc/profile - system init file for bsh, ksh users

Edit /etc/.login - system init file for csh users. These files set system

wide environment variables and any other custom files. Good place

to put LM_LICENSE_FILE environment variable definition.

3. Edit /etc/skel/local.login, local.cshrc, local.profile to add any other

user specific information. USER ACCOUNT MANAGER (add user or

copy user) will prompt you for the Skeleton Path field. Enter: /etc/skel

to tell it where to get the user init files.

Copyright 1999, Marchany

solaris 8 setting up the user vi
Solaris 8 Setting up the User - VI

- More on Initialization files

Environment Variables - shell variables (like VMS logical names) that are

exported to all child processes. 2 ways to set them:

C-shell: setenv variable-name

B-shell, K-shell: VARIABLE-NAME=value; export VARIABLE-NAME

NOTE: csh uses lowercase; bsh, ksh uses upper case.

-Common Shell variables used in the init files (csh, uppercase them for

bsh and ksh):

arch - sets the user's system architecture (sun4, i386).

calendar - sets the path to the OW Calendar executables.

cdpath - used by the 'cd' command. This variable specifies a search list for

relative directories. Allows to you to specify relative names instead

of explicit names.

Copyright 1999, Marchany

solaris 8 setting up the user vii
Solaris 8 Setting up the User - VII

- More environment variables

deskset - sets the path to the OW Deskset executables

history - sets the command history (C-shell only). You can use command

recall features of C shell.

home - defines the user home directory

logname - defines the name of the user currently logged in.

Set by login program.

lpdest - sets the user's default printer.

mail - sets the path to the user's mailbox.

manpath - sets the path to the man pages. This is usually modified after a

compiler installation.

openwinhome - defines the path to the OW executables

path - defines the command search path. Order is important. Defined by

user .profile or .cshrc at login.

prompt - defines the shell prompt for csh.

PS1 - defines the shell prompt for bsh and ksh.

shell - sets the default shell used by make, vi and other commands.

term - defines the terminal type. Default is /usr/share/lib/terminfo.

Copyright 1999, Marchany

solaris user management
Solaris User Management
  • User Management Commands
  • TASK Environment Command

Add User NIS+ nistbladm


NIS useradd


None useradd

Modify User NIS+ nistbladm

NIS usermod


None usermod

Copyright 1999, Marchany

solaris user management113
Solaris User Management
  • User Management Commands
  • TASK Environment Command

Delete User NIS+ nistbladm


NIS userdel


None userdel

Set User NIS+ N/A NIS useradd -D

Defaults NIS useradd -D


None useradd -D

Copyright 1999, Marchany

solaris user management114
Solaris User Management
  • User Management Commands
  • TASK Environment Command

Disable User NIS+ nistbladm

NIS vipw


None vipw

Change User NIS+ nispasswd

Password NIS yppasswd

None passwd

Copyright 1999, Marchany

solaris user management115
Solaris User Management
  • User Management Commands
  • TASK Environment Command

Add a Group NIS+ nistbladm

NIS groupadd


None groupadd

Delete a Group NIS+ groupdel

NIS groupdel


None groupdel

Copyright 1999, Marchany

solaris user management116
Solaris User Management
  • User/Group Management Commands
  • TASK Environment Command

Find User NIS+ nismatch

NIS ypmatch

None grep

Add a Group NIS+ nispasswd

Password NIS yppasswd

None passwd

Copyright 1999, Marchany

solaris user management117
Solaris User Management
  • User Management Commands
  • TASK Environment Command

Disable User NIS+ nistbladm

NIS vipw


None vipw

Change User NIS+ nispasswd

Password NIS yppasswd

None passwd

Copyright 1999, Marchany

monitoring system log files
Monitoring System Log Files
  • Most are located in /var


/var/adm/aculog log of outgoing modem calls

/var/adm/admin.log Admintool log

/var/adm/lastlog history of last logins

/var/adm/messages General system log

/var/adm/pacct Per Process Accounting log

/var/adm/sa/* Sys. Accounting files

/var/adm/sulog SU command history

/var/log/syslog Mail log, TCP Wrapper log

/var/adm/utmp History of user logins

/var/adm/wtmp History of system logins

/var/cron/log /usr/sbin/cron logs

Copyright 1999, Marchany

some search hints
Some Search Hints
  • To find large files:
    • ls -s | sort -nr | more
    • find <dir> -size +nnn -print
  • To find old, inactive files:
    • Find <dir> -type f -mtime +<days> -print
  • To find core files:
    • find <dir> -name core -print

Copyright 1999, Marchany

solaris configuration files
Solaris Configuration Files
  • Found in /etc
    • /etc/resolv.conf - defines NS locations
    • /etc/nsswitch.conf - defines the search order for system DB (net or local)
    • /etc/inetd.conf - defines Internet services allowed on the system
    • /etc/syslog.conf - defines where the system logs reside

Copyright 1999, Marchany

system accounting
System Accounting
  • Programs that collect data about system usage
    • monitor system usage
    • Troubleshooting
    • monitor system performance
    • maintain some security
    • performs chargeback
  • Most programs are in /usr/adm/acct or /usr/lib/acct

Copyright 1999, Marchany

types of accounting
Types of Accounting
  • Daily Accounting data collected
    • Connect Accounting
        • length of time user was logged in
        • tty line usage
        • number of system reboots
    • Process Accounting
        • User UID, GID of those using the process
        • Start/End times of the process
        • CPU time for the process
        • Command name, memory used
        • tty line controlling the process

Copyright 1999, Marchany

types of accounting reports
Types of Accounting/Reports
    • Disk Accounting
      • User UID, GID
      • # of disk blocks used by the user
  • Daily Accounting Reports
    • Daily Report - line utilization by tty number
    • Daily Usage - system usage by UID
    • Daily Command Summary - system usage by command listed in descending order of memory
    • Last Login - last time each user logged in

Copyright 1999, Marchany

accounting quick reference
Accounting Quick Reference
  • Setting up Accounting
    • Install SUNWaccr, SUNWaccu packages
    • Install /etc/init.d/acct as the start script for run level 2
      • ln /etc/init.d/acct /etc/rc2.d/S22acct
    • Install same file as stop script for level 0
      • ln /etc/init.d/acct /etc/rc0.d/K22acct
    • Add entries for /usr/lib/acct/ckpacct, /usr/lib/acct/runacct, /usr/lib/acct/monacct to the end of /var/spool/cron/crontabs/adm

Copyright 1999, Marchany

accounting quick reference125
Accounting Quick Reference
  • Setting up Accounting
    • add entry for /usr/lib/acct/dodisk to the end of /var/spool/cron/crontabs/root
    • Edit /etc/acct/holidays to include national and local holidays

Copyright 1999, Marchany

solaris 8 security
Solaris 8 - Security
  • Use the checklists available at Sun Scholarpac WWW site
    • Two checklists that help you bring a system to a base level of security
    • Install TCP Wrappers, CRACK, lsof, Sun’s patchdiag tool, ssh and any other tools you deem fit for your environment.
  • Use the Solaris Security FAQ available from the net .

Copyright 1999, Marchany

solaris 8 security127
Solaris 8 Security
  • Securing Systems
    • Display user’s login status: logins -x -l <username>
    • Search for no passwords: logins -p
    • Save failed login attempts: touch /var/adm/loginlog chmod 600 loginlog chgrp sys loginlog
    • Restrict root login to console: vi /etc/default/login Uncomment CONSOLE line
    • Monitor su log: vi /etc/default/su Uncomment SULOG line
    • Display root console access: vi /etc/default/su Uncomment CONSOLE line

Copyright 1999, Marchany

solaris 8 security128
Solaris 8 Security
  • ACL (Access Control Lists)
    • Similar to AIX ACL. It allows you to be more flexible in defining your file access permissions.
    • You can deny write access to one group, allow it to another.
    • 2 commands: getfacl setfacl {-s -m -d]
    • A + in the perm field marks a file with an ACL. Use the getfacl command to look at the ACL
  • Setting an ACl
    • Example: set file ch2.doc with the following perms:
      • 740 with group ‘sysadmin’ having RW , ACL mask:RW
      • setfacl -s u::7,g::4,o:0,g:sysadmin:6,m:6 ch2.doc
  • Reading the ACL
    • getfacl ch2.doc

Copyright 1999, Marchany

solaris audit administration
Solaris Audit Administration
  • Allows sysadmins to detect potential security breaches
  • Look for suspicious patterns
  • This is system admin auditing not audit auditing...:-)
  • Can record events in an audit trail and analyze misuse by examining it.
  • Can eat up LOTS of disk space

Copyright 1999, Marchany

solaris auditing
Solaris Auditing
  • Enable Auditing: /usr/sbin/auditd
      • see audit_startup man page for more info
  • Audit Classes and Events
    • Auditable event - some system action defined in /etc/security/audit by name, event number, class and description
      • see audit_event(4) man page for more info
  • Audit Record
    • a single audited event stored in a log

Copyright 1999, Marchany

solaris auditing131
Solaris Auditing
  • Audit Flags (+/-flag Example: +exec
      • file_read, file_write, file_creation, file_deletion, file_close, process, network (bind, accept, connect), login_logout, application, exec, all
  • Flags are stored in an audit control file
  • Example
    • flags: lo, ad, -all
    • dir: /etc/security/audit/audit.log
      • this says audit all login/logout, admin ops and failures of any type are to be recorded.

Copyright 1999, Marchany

solaris auditing132
Solaris Auditing
  • Individual User Auditing: audit_user file
    • allows you to audit different actions for different users
    • 3 fields
      • username:always_audit:never_audit
  • Process Audit Characteristics
      • Process Preselection Mask: specifies whether events in each audit event class should generate audit records.

Copyright 1999, Marchany

solaris auditing133
Solaris Auditing
  • Process Audit Characteristics
      • Audit ID: assigned when a use logs in. The sysadmin can always trace back to a user.
      • Audit Session ID: same as above
      • Terminal ID: hostname and IP address followed by a unique # that ids the physical device the user use to login. Console = 0.
  • Audit Costs
      • Increased processing time
      • Analysis processing time
      • Disk storage costs

Copyright 1999, Marchany

solaris auditing134
Solaris Auditing
  • Strategies
    • Random audits of certain % of users
    • Real-time monitoring of audit data for unusual behaviors
    • Combining, compressing and reducing multiple audit logs, offline storage

Copyright 1999, Marchany

solaris auditing135
Solaris Auditing
  • To Configure Auditing
    • Format/partition disk for audit partitions
    • Create audit_control file entries for the audit filesystems
    • Define audit classes (audit_class(4)) in /etc/security/audit_class
    • Set up event-to-class mapping(audit_event(4)) in /etc/security/audit_event

Copyright 1999, Marchany

solaris auditing136
Solaris Auditing
  • To Configure Auditing
    • Determine how much auditing needs to be done
    • Determine which machines will be audit servers
    • Determing which audit classes will be system-wide
    • Decide on individual user auditing

Copyright 1999, Marchany

solaris auditing137
Solaris Auditing
  • Command Reference
    • allocate, audit, audit_startup, audit_warn, auditconfig, auditd, auditreduce, auditstat, bsmconv, bsmunconv, deallocate

Copyright 1999, Marchany

solaris nis or nis
Solaris NIS or NIS+?
  • Network Information Service (NIS)
      • Formerly Yellow Pages, it allows centralized mgt of common system/network DB such as password, host, NFS.
      • Anyone can become a member of an NIS domain allowing access to NIS DB.
  • NIS+
      • More secure because you define the client list.
      • You can selectively allow access to specific NIS+ tables. DISADV: Other vendors may not have NIS+ clients implemented yet.

Copyright 1999, Marchany

solaris nis nis concepts
Solaris NIS/NIS+ Concepts
  • NIS/NIS+ uses a set of master map/tables that contain common information for all members of the domain. This common information can be passwords, host table, ethernet address, automounter info, mail aliases, etc.
  • NIS/NIS+ files are stored in the following dirs
    • /usr/bin NIS+ user commands all
    • /usr/lib/nis NIS+ administrator commands all
    • /usr/sbin NIS+ daemons all
    • /usr/lib/ NIS+ shared libs all
    • /var/nis/data NIS+ server data files server
    • /var/nis NIS+ working files server
    • /var/nis Client info client

Copyright 1999, Marchany

solaris nis nis concepts140
Solaris NIS/NIS+ Concepts
  • NIS/NIS+ Principal are the clients that request NIS+ info. A client can be a machine or a userid.
  • NIS/NIS+ Credentials authenticate the Principal requesting the NIS+ info. USER credentials define a userid access rights. MACHINE credentials define a client machine’s access rights.
  • DES credentials simply use DES to encrypt the authorization key for a principle. LOCAL credentials are a map between a UID and their PRINCIPAL name. NIS+ uses LOCAL info to get the DES info for that Principal.

Copyright 1999, Marchany

solaris nis nis planning
Solaris NIS/NIS+ Planning
  • Plan your NIS/NIS+ layout
    • Determine your server specs: 1 root server/hierarchy, 1 master/domain in the heirarchy, I slave for each domain, Master disk requirements (15-20MB disk/1000 clients, determine the admin group and members
  • Prepare the NIS/NIS+ namespace
    • Pick NIS/NIS+ domain names, make sure this name is not easily guessed (NIS) and not related to anything.
    • Initialize the root server (nisserver)
  • Verify data in the /etc files is correct.
    • This data will be used to populate the NIS/NIS+ maps/tables..

Copyright 1999, Marchany

solaris nis nis planning142
Solaris NIS/NIS+ Planning
  • Populate the NIS/NIS+ maps/tables
    • Data is taken from existing /etc files or NIS maps (nispopulate). Create credentials for the root domain clients, administrator clients (nisgrpadm, nisping).
  • Set up the root domain clients (nisclient)
    • Slave servers must be set up as clients first
  • Enable slave servers ( rpc.nisd)
  • Set up root replicas (rpc.nisd, nisserver)
  • Set up non-root domains (rpc.nisd, nisserver)
    • Create any subdomains in the NIS/NIS+ namespace
  • Populate table (nispopulate)
  • Set up non-root domain clients (nisclient)

Copyright 1999, Marchany

solaris nis nis setup
Solaris NIS/NIS+ Setup
  • NIS/NIS+ Domain Setup Command Summary
  • Create Root master server
    • nisserver -r -d NEWDOMAIN.
    • nisserver -Y -r -r NEWDOMAIN.
  • Populate the root master tables from /etc files or NIS
    • nispopulate -F -p /files -d NEWDOMAIN.
  • Add additional users to NIS+ admin group
    • nisgrpadm -a admin.domain.USER/HOST.domain.
  • Make a checkpoint of the NIS+ DB
    • nisping -C domain.

Copyright 1999, Marchany

solaris nis nis setup144
Solaris NIS/NIS+ Setup
  • Initialize a new client machine
    • nisclient -i -d NEWDOMAIN. -h ROOTHOSTNAME
  • Initialize users as NIS+ clients
    • nisclient -u
  • Convert a client machine to server
    • rpc.nisd
    • rpc.nisd -Y
    • rpc.nisd -Y -B
  • Convert a server to a root replica
    • nisserver -R -d NEWDOMAIN. -h CLIENTNAME
  • Conver a server to nonroot master
    • nisserver -M -d NEWSUBDOMAIN.NEWDOMAIN. -h HOST

Copyright 1999, Marchany

solaris nis nis
Solaris NIS/NIS+
  • Prerequisites
    • Root host /etc/passwd must contain entries for you and every other admin, you must have a Root Domain Name, the Root Admin Group Name, the UIDs of all the admins.
  • Add Root Domain Name, make sure correct /etc/nisswitch.conf is used, clean out leftover NIS+ files or processes
    • domainname NEWDOMAIN
    • domainname > /etc/defaultdomain
    • more /etc/nsswitch.conf (search order is nisplus, files), if you make any changes, restart ncsd daemon - sh /etc/init.d/ncsd stop; sh /etc/init.d/ncsd start

Copyright 1999, Marchany

solaris nis nis root domain
Solaris NIS/NIS+ Root Domain
  • Restart keyserv daemon, clean leftover NIS stuff
    • ps -e |grep keyserv; kill -9 PID ; rm -f /etc/.rootkey;keyserv
    • ls /var/nis; rm -rf /var/nis/*; ps -ef |grep nis_cachemgr; kill -9 PID
    • Do the same for rpc.nisd and rpc.nispasswdd
  • Name the root domain admin group
    • setenv NIS_GROUP admin.NEWDOMAIN.
  • Create the root dir
    • nisinit -r
    • This creates the /var/nis tree

Copyright 1999, Marchany

solaris nis nis root domain147
Solaris NIS/NIS+ Root Domain
  • Start the NIS+ daemon
    • rpc.nisd -Y -B -S 0
    • Edit /etc/init.d/rpc, add -B to the EMULYP line. (NIS compatability only)
  • Verify root objects were created properly
    • ls -l /var/nis/data; nisls -l DOMAINNAME.; niscat -o DOMAINNAME.
  • Create Root Domain Subdirs
    • /usr/lib/nis/nissetup -Y
  • Create DES credentials for root master server
    • nisaddcred des
    • Root server requires DES creds so its request can be auth’d

Copyright 1999, Marchany

solaris nis nis root domain148
Solaris NIS/NIS+ Root Domain
  • Create the Root Domain admin group
    • nisgrpadm -c admin.NEWDOMAIN.
  • Add rootmaster to the Root Domain Admin group
    • nisgrpadm -a admin.NEWDOMAIN. HOSTNAME.
  • Update the root domain’s public keys
    • /usr/lib/nis/nisupdkeys NEWDOMAIN.
    • /usr/lib/nis/nisupdkeys org_dir.NEWDOMAIN.
    • /usr/lib/nis/nisupdkeys groups_dir.NEWDOMAIN.
  • Start the NIS+ cache manager
    • nis_cachemgr
  • Restart the NIS+ daemon
    • ps -e | grep rpc.nisd; kill -9 PID; rpc.nisd

Copyright 1999, Marchany

solaris nis nis root domain149
Solaris NIS/NIS+ Root Domain
  • Add your LOCAL credentials to the root domain
    • nisaddcred -p UID -P PRINCIPAL-NAME local
    • The PRINCIPAL-NAME is your userid+domainname - marchany.root.domain.
  • Add your DES credentials to the root domain
    • nisaddcred -p unix.UID@NEWDOMAIN. -P PRINCIPAL-NAME des
  • Add credentials for the other admins
  • Add yourself and other admins to the root domain admin group
    • nisgrpadm -a admin.NEWDOMAIN. PRINCIPAL-NAME

Copyright 1999, Marchany

solaris nis nis client setup
Solaris NIS/NIS+ Client Setup
  • Prequisites
    • The Admin must have valid DES creds, modify rights to the NIS+ cred table
    • The client must have an entry in /etc/hosts for the root server, a unique hostname
  • Create DES credentials for the client system
    • Login root master server.
    • where CLIENTNAME is the client hostname
  • Login client, assign new domain name, check /etc/nsswitch.conf, restart ncsd if needed, clean out old NIS+ files

Copyright 1999, Marchany

solaris nis nis client setup151
Solaris NIS/NIS+ Client Setup
  • Initialize the client
    • check the client’s /etc/hosts and make sure the root server entry is correct.
    • nisinit -c -H ROOTMASTERNAME
  • Kill and restart the keyserv daemon
  • Enter: keylogin -r
  • Reboot the client

Copyright 1999, Marchany

solaris 8 backup i
Solaris 8 - Backup I

- Filesystem Backup Strategies

1. MOST IMPORTANT: You have a REGULAR backup schedule and you

FOLLOW it!!!!!!!!!

2. Preparing to do backups:

- decide on frequency. Most common: 1 full backup monthly, weekly incr.

- know the name of the backup device (remote or local).

- know the type of drive (8mm, 4mm, etc.).

- 8mm or 4mm is more practical since disks have GB capacity.

- Forget QIC-150 format.

-know the names of the FS you want to backup.

-have a good estimate of the number of tapes you'll need.

Copyright 1999, Marchany

solaris 8 backup ii
Solaris 8 - Backup II


1. To find out FS Raw device name, look in /etc/vfstab under the 'device to

fsck' column. Use this name with the 'ufsdump' command.

2. Another way: if the FS is already mounted, enter: devnm <mount-point>

then substitute 'rdsk' for the 'dsk' part of the output.


1. Assuming there's a tape drive attached to the system, enter:

mt -f /dev/rmt/# status

where # is the unit number of the tape drive, typically 0 or 1.

2. To poll a system to locate all the tape drives connected to it, enter:

for drive in 0 1 2 3 4 5 6 7; do; mt -f /dev/rmt/$drive status; done; exit

Copyright 1999, Marchany

solaris 8 backup iii
Solaris 8 - Backup III


1. Enter: /usr/sbin/df -k <mountpoint>

2. Divide FS size by the tape capacity, e.g. 5GB for 8mm tape, to see how

many tapes are needed.

3. To see how many tapes will be needed before doing an INCREMENTAL

backup, enter:

ufsdump S backup-device Filesystem

The S option returns an estimate of the size in bytes. Divide this number

by the tape capacity to get an estimate of the number of tapes.

Copyright 1999, Marchany

solaris 8 backup iv
Solaris 8 - Backup IV

1. Backup commands: tar - good for single directory backups, not so

good handling tape errors, symlinks.

ufsdump - dumps the ENTIRE FS. Takes longer but

it gets everything according to the level.

2. ufsdump levels -

- the level number (0-9) tells the dump program to save everything that

was saved by a HIGHER level dump program. Level 0 is a FULL backup.

A level 5 dump will save all files saved by Levels 5-9 but NOT levels

0-4. Level 5 is typically used for incremental backups.


- shut down to single user: cd /; shutdown; halt then boot -s

- load a tape into the drive

- Enter: /usr/bin/ufsdump 0ucf /dev/rmt/unit# <FS Name>

- replace the tape as needed, label it and save it in a SECURE place.

- reboot the system

Copyright 1999, Marchany

solaris 8 backup v
Solaris 8 - Backup - V


- Shut the system down and reboot into single user mode.

- load the tape drive

- enter: ufsdump [1-9] /dev/rmt/unit# <FS Name>

- load tapes as needed


- Shutdown and reboot in single user mode

- Make sure the remote machine is up: Enter: rsh <hostname> cat /etc/motd

If you get a valid response, your system is in the remote system's

/.rhosts file. If not, you need to add your system name to the server's

/.rhosts file. NOTE: This is a SECURITY problem if left in all the time.

- Generic command format: ufsdump options host:device <FS name>

- You must add system name to server /.rhosts, system IP address to

server's /etc/hosts

- Look at 3rd party network backup software (Legato, Adstar)

Copyright 1999, Marchany

solaris 8 backup vi
Solaris 8 - Backup VI
  • Backup files
    • ufsdump 0ucf /dev/rmt/0 /home
  • Verify backup
    • ufsrestore tf /dev/rmt/0
  • Incremental Backup
    • ufsdump 5ucf /dev/rmt/0 /usr
  • Backup to Remote System
    • ufsdump 0ucf remote:/dev/rmt/0 /home

Copyright 1999, Marchany

solaris 8 restore i
Solaris 8 - Restore I


tar xvf tar-file OR ufsrestore <options> <device< <FS-to-restore>

1. If run from root, files are restored with the original owner, last modification,

and access permissions. If not, then the restored files belong to the UID that

is running the restore !!!! SECURE THE BACKUP TAPES!!!!


1. To restore an entire FS:

- you need the most recent level 0 backup tape and the most recent

incremental tape (for each level).

2. To find an individual file on the set of tapes:

- Find out the approximate date the file was lost.

- Work backward through your backup tape schedule from highest to

lowest level and most recent to least recent.

Copyright 1999, Marchany

solaris 8 restore ii
Solaris 8 - Restore II

- get the tape, load it in the drive

- enter: ufsrestore ta archive-name filename (for tape Archives)

ufsrestore tf device-name filename (for single tapes)


1. Shut down system. Replace the bad disk drive.

2. Boot single user from Solaris Installation CD.

3. Partition the disk using the format command

4. Make a new FS (newfs command), verify (fsck command) each partition

except swap.

5. Enter: mount /dev/dsk/cNtNdNsN /mnt

6. Enter: cd /mnt

7. Create the tape devices: tapes

8. Write-protect the tapes.

9. Restore the FS using level 0 then level X: ufsrestore rvf /dev/rmt/X

10. Remove the symbol table file: rm restoresymtable

11. Enter: cd /

12. Enter: umount /mnt; fsck /dev/rdsk/<device name>; init 6

13. Repeat steps 8-12 to restore /usr

Copyright 1999, Marchany

solaris 8 restore iii
Solaris 8 - Restore III

Restoring User files

Sun recommends restoring them to /tmp to make sure they’re ok and

then move them to the proper place.

1. su, load the proper backup tape on the drive.

2. Enter: cd /var/tmp (or whatever temporary space you want)

3. Enter: ufsrestore if /dev/rmt/<unit#>

4. Create a list of files to be restored by entering the following commands

at the 'restore> ' prompt.

- ls

- cd dir-name

- to add/remove a name to the list, enter: add <filename>

delete <filename>

- to keep original modes on the files, enter: setmodes

- When done creating the list, enter: extract

- Answer the prompts.

- you'll get a 'restore>' prompt when it's done. Enter: quit

5. Verify the files/dirs were restored using the ls command with the proper


6. Use the 'mv' command to move the files to the target.

Copyright 1999, Marchany

solaris 8 restore iv
Solaris 8 - Restore IV


1. su, load the tape.

2. Enter: cd /var/tmp

3. Enter: ufsrestore xf /dev/rmt/<unit#> filename

4. Enter: n

for the 'set owner/mode for '.'? [yn] prompt

5.When done, verify everything is ok using the 'ls' command.

6. Use the 'mv' command to move the file to its final resting place.

NOTE: you cannot use 'ufsrestore' to restore files from a set of tapes

created by the Solaris 1.x 'dump' command.

Copyright 1999, Marchany

solaris 8 disk use i
Solaris 8 - Disk Use I


1. Available disk space, use the 'df' command

2. Files & directories, use the 'ls', 'du', 'quot', 'find' commands

3. Overloaded FS

4. Quotas

5. Repairing bad disks

SYSTEM LOG FILES - /var/adm, /var/log

aculog - log of outgoing modem calls

admin.log - log of Admin_Tool utility

lastlog - history of last logins

messages - the general system log file

pacct - per process accounting info (if accounting is enabled)

sa - this directory contains system accounting files

sulog - history of su commands

utmp, wtmp - history of user, system logins

lp/logs - LP print service logs

/var/log/syslog* - mail logs, TCPwrapper logs

Copyright 1999, Marchany

solaris 8 disk use ii
Solaris 8 - Disk Use II

1. To find large files

- cd <dir>

- Enter: ls -s |sort -nr |more

- this give the files sorted by block size in reverse order

2. To find files that exceed a certain size NNN blocks

find <dir> -size +NNN -print

3. Finding large directories

du -s <dir> OR du -a <dir>

4. To find out who is using the most disk space

quot <FS name> OR quot -a <FS name>

Quotas must be enabled for this to work.

Copyright 1999, Marchany

solaris 2 5 disk use iii
Solaris 2.5 - Disk Use III


- two limits: hard, soft limits. Non-root users cannot exceed hard quota limit.

Users can exceed soft limits for a short period of time.

- Decide what FS will use quotas.


1. edit /etc/rc2.d/S01MOUNTFSYS, have it init quotas at boot time.

2. edit /etc/vfstab, add mount option 'rq' to the quota'd FS entry.

3. create /<FS name>/quotas file

4. use 'edquota' tool to set up the limits for the quotas.

5. Enable quotas with the 'quotaon' command.


1. edquota, quot, quota, quotaon, quotaoff, quotacheck, repquota

commands handle administration.

Copyright 1999, Marchany

solaris 2 5 disk quota i
Solaris 2.5 - Disk Quota I


1. edit /etc/rc2.d/S01MOUNTFSYS

- add following lines after the 'fi' line:

# Enable checking quota

echo -n 'checking quotas:' > /dev/console

/usr/sbin/quotacheck -a > /dev/console 2>&1

echo 'done' > /dev/console

/usr/sbin/quotaon -a

2. edit /etc/vfstab to activate quotas for the individual FS

- add 'rq' to the mount options field for the FS entry.

- Enter: cd /<FS name>

- Enter: touch quotas

- Enter: chmod 600 quotas

Copyright 1999, Marchany

solaris 2 5 disk quotas ii
Solaris 2.5 - Disk Quotas II

3. Change the default time limit for limits. Default soft limit time: 1 week.

The time limit applies to the entire FS.

- su

- enter: edquota -t

- 1 entry for each FS with a quotas file in it, time limit=0

means default. Change number with new number. Can be month, day,

hour, min, sec (ex: 1 day, 2 months)

4. Set up User Quotas

- enter: edquota <username>

- Change appropriate limits. Limits are in number of 1K blocks.

5. Once done for one user, you can replicate for others

- enter: edquota -p <username-with-quotas> <user-list>

Copyright 1999, Marchany

solaris 2 5 performance i
Solaris 2.5 - Performance I

- Monitoring Performance

1. General tools/commands: sar, sadc, vmstat, iostat, df, ps, Perfmeter,


2. General measure of system activity:

System Load Ave. - Ave # of processes in the kernel run Q during a

specified time interval.

3. Process is in the run Q if:

- not waiting for an external event ( echo character)

- not in a wait state

- not stopped via ctl-Z.

4. It's not very accurate because:

- it marks as runable all jobs waiting for Disk I/O (NFS also). SLA can

climb if the NFS servers are down because the NFS process is runable.

- doesn't account for scheduling priority.

Copyright 1999, Marchany

solaris 2 5 performance ii
Solaris 2.5 - Performance II

Performance Monitoring Commands

1. uptime - reports SLA for 1, 5, 15 minute intervals

SLA > 10 - may have an overworked CPU

4<SLA<7 - borderline

0<SLA<3 - OK

These measurements should taken over a period of time (1 day) and

averaged out to determine an overall SLA.

2. vmstat - reports virtual memory stats, shows CPU load, paging, etc.

Procs - # of procs in run queue (r), blocked (b), waiting for resources,

swapped (w), waiting for processing resources to finish.

Memory - currently available swap space (swap), free list size (free)

Page - Pages reclaimed (re), minor faults (mf), Kbytes paged in (pi),

Kbytes pages out (po), Kbytes freed (fr), short term memory

shortfall (de), pages scanned by clock algorithm (sr)

Copyright 1999, Marchany

solaris 2 5 performance iii
Solaris 2.5 - Performance III

vmstat output (cont'd)

Disk - # of disk ops/second

CPU - CPU usage times, user time (us), System time (sys), idle time (id).

These numbers are %.


Page stats are accrued from last report. It includes page-ins from process

starts. If po > 0 for numerous obs, then you may have memory problem.

if de > 0 then you have serious memory problem.

vmstat -s gives total system values since boot.

vmstat -S gives swapping stats in addition to paging stats.

vmstat -c gives cache flushing stats since boot.

Copyright 1999, Marchany

solaris 2 5 performance iv
Solaris 2.5 - Performance IV

iostat gives disk I/O stats.

iostat <interval> reports stats every <interval> seconds. The first line gives

stats since boot and each line after that gives the interval stats.

- each disk gives block/second (bps), transactions/second (tps) and

average service time in msec (serv).

- iostat -xtc gives extended disk stats for each disk:

r/s - reads/sec

w/s - writes/sec

Kr/s - Kbytes/sec

wait - average queue length

actv - average # of transactions being actively serviced

%w - % time the Q is not empty

%b - % time the disk is busy

Copyright 1999, Marchany

solaris 2 5 performance v
Solaris 2.5 - Performance V

Performance Meter (perfmeter)

- graphical display of the following usage parameters:

CPU, Ethernet packets/second, Jobs swapped/second, # of device

interrupts/second, Disk transfers/second, # of context switches/second,

ave. # of runable processes/minute, Ethernet collision/second.

- This commands gives you almost immediate feedback of system activity.


3 commands: sadc, sa1, sa2

sadc - periodically collects system data and saves it in a file (1 per day).

Data files are placed in /var/adm/sa/saXX where XX is the date. Should

be run at boot (/etc/init.d/perf) and periodically via cron file entry

which runs the sa1 command.

sa2 - invokes sar command and writes the ascii output to a file.

Copyright 1999, Marchany

solaris 2 5 performance vi
Solaris 2.5 - Performance VI


1. edit /etc/init.d/perf

- uncomment line that has 'sadc' in it.

2. edit /var/spool/cron/crontabs/sys

- uncomment lines that have 'sa1‘ in them.


sar -a - gives file access operations

sar -b - gives system buffer activity

sar -c - gives system call activity

sar -d - gives disk activity stats.

sar -g - gives page-out and free memory stats

sar -u - gives cpu utilization

sar -A - gives overall system performance stats

Copyright 1999, Marchany

vt scholarpac support
VT Scholarpac Support

1. VT is a member of the Sun Scholarpac Consortium. Primary contact

is Randy Marchany, 1-9523 ( Secondary

contact is Wanda Baber( Sun Sales rep

is Cole Clark ( See for info.

2. Scholarpac software is stored on This machine is the

Solaris license server, the Answerbook online library, a Solaris Patch

Archive as well as IMSL, Mathematica and Matlab server. Solaris

Compiler, Sparcworks software is available online from this system.

3. To access the license server:

- install the Sun license software on your machine.

- Create a local mount point for the license file directory, for example,


- NFS mount to your local

mount point.

- set the environment variable LM_LICENSE_FILE to point to the

/sun_license/licenses_combined file. Note that /sun_license was used

from the previous example.

- Test the connection by using the -xlicinfo option of a compiler command.

Copyright 1999, Marchany

make i
make - I
  • Make utility builds software kits by issuing the commands needed to build the software.
  • It uses dependencies to describe the software components.
    • C source program - test.c
    • cc -c test.c -> compile test.c, place object code in test.o
    • Test.o depends on test.c. If test.c changes, so does test.o
  • Make knows which files have been modified and figures out what files have to be updated.
  • If the components are newer than the whole, then the whole is rebuilt.

Copyright 1999, Marchany

make ii
Make - II
  • Makefile
    • Make looks for makefile(Makefile) for instructions
    • Sample line:
      • General format: TARGET: DEPENDS; COMMANDS
      • Test: test.c test1.c <TAB> cc -O -o test test.c test1.c
        • Means the target, Test, depends on test.c and test1.c. If either of these 2 files is modified then Test is rebuilt.
    • Makefile contains the commands needed to build a program
      • Separate dependency line for each component and target
      • Program: main.o sub1.o sub2.0 cc main.o sub1.o sub2.o -o Program
      • Main.o: main.c ; cc -O -c main.c
      • Sub1.o: sub1.c ; cc -O -c sub1.c
      • Sub2.o: sub2.c ; cc -O -c sub2.c

Copyright 1999, Marchany

using make to build freeware
Using Make to Build Freeware
  • Most Freeware (ssh, pgp) use make and configure scripts to build the software
  • General steps:
    • Setenv LM_LICENSE_FILE license-file
    • Set path=( $path /usr/ccs/bin /opt/SUNWspro/bin)
      • You may have to put /opt/SUNWspro/bin ahead of /usr/ucb
    • Cc -xlicinfo to verify compiler works
    • Cd src-tree
    • ./Configure
    • Make
    • Make install

Copyright 1999, Marchany

make iv
Make - IV

Copyright 1999, Marchany

ssh i

Copyright 1999, Marchany

ssh ii

Copyright 1999, Marchany

workstation config summary
Workstation Config Summary

Copyright 1999, Marchany

workstation config summary181
Workstation Config Summary

Copyright 1999, Marchany

workstation config summary182
Workstation Config Summary

Copyright 1999, Marchany

vt scholarpac support183
VT Scholarpac Support

4. has online Answerbooks for Solaris 8. Point your

browser to to get access.

5. To install Solaris Scholarpac Software, Compilers, Sparcworks:

- Option 1: get the CD from the CC by contacting Kathy Williams

(, install from CD and RETURN it.

- Option 2: install over the net from

- NFS mount

- For compilers, cd Compilers and run spro_install or spro_install_tool.

- For other packages, cd to the appropriate directory

- follow the installation prompts.

Copyright 1999, Marchany

what s up dock
What's Up, Dock?

1. is a software repository for a wide variety of platforms.

2. What's in the directories?

/3rdparty - Contains mathematica 3.0 installation kits for Sun, HP, IBM,

DEC, SGI. (RESTRICTED), CRACK, gzip/gunzip, lsof,

nfswatch, sas6.11, TCP wrapper code

/online_docs- Online documentation for HP-UX, IBM AIX and DEC

/scholarpac - Sun Compilers (Compilers), Solstice Backup (Backup_x.x.x),

CDE1.01, Disksuite 4.1, HP JetAdmin, Sun Patches

Copyright 1999, Marchany

what s up dock185

What’s Up Dock?

What's Up, Dock?


1. The VT Sun Users Group consists of the Sun System managers on

campus. The mailing list is at:

To become a member, contact Randy Marchany


This mailing list is reflected to the local newsgroup vt.sys.sun.

Other newsgroups: comp.sys.sun.admin,

comp.unix.admin, comp.unix.solaris,,

2. Sun Resources at

Located in the /pub/cc/Solaris directory. Contains:

-security checklist, some of the standard freeware tools

Copyright 1999, Marchany

  • My Personal Favorites:
    • SATAN, ISS
    • TCP Wrappers
    • Sniffers (IPTRACE, TCPDUMP)
    • CRACK
    • PHF_Trace

Copyright 1999, Marchany