Beruflich Dokumente
Kultur Dokumente
Acknowledgements
I can no other answer make, but, thanks, and thanks to my well wisher, evergreen admiring
personality Mr. T. Gurubalan, Sun Microsystems Inc, who influenced, crafted, guided, cooked me
to taste Sun.
Words cannot convey my gratitude, you can have no idea how much it means to me. It’s
stunning. Special Thanks to My Trainees, who fueled me to explore more heights technically.
Raja, Aravindh, Sathish, Senthil, Hari Krishnan, Murali, Raman, Rakesh, Prabakar, Md.Mukram,
Manikandan, Ibrahim, Ravi,Prabhu, Shyam, Abbas, Kamal.
Raja – kindle, always inspiring me to go little far on extra miles in all aspects.
Sources are always precious and unavailable, additional thanks to Hari Krishnan on his
consistent work of collecting the resource, with great fuss.
Last but not the least, I would thank all persons behind lights from the bottom of my heart, but
for you all my heart has no bottom. Thanks! Thanks! Thanks!
# pwd
Present working directory
Displays the location where the user is currently working
# ls
to list the contents of the directory
similar to dir command in DOS
# ls -p
will display / and end of every directory
# ls -l
# ls -lh
Displays the size of the file or directory with human readable format
# ls -t
Displays the files and directory based on the time stamp.
# mkdir
to create a directory
It creates the parent directory /ims/solaris along with the directory delhi.
# cat - to view the contents of the file, create a file, appending the contents to the file
# cat -n <file_name>
will display the contents of the line with line number (only temp)
eg: # cd /ims/solaris
will move to the location /ims/solaris
# echo $SHELL
To know the parent shell of the user
# echo $?
will say the status of the exection of the command
# clear
to clear the screen
NOTE:
In BASH shell:
ctrl+l = to clear the screen
# ls -a
will display all the files and directories along with hidden file &
dir
# ls -R
to see the contents of dir along with its sub-dir and files
R - recurrsive
# date
To view the date and time
# cal
will display the current month of the current year
# cal 2009
will display the cal of 2009
# cal 14 1987
will display the 10th month of 1987
# hostname
To view the name of the host
# ifconfig -a
to view the ip address of the machine
# which - displays the location of the command script from where it is running
# wall - used to broadcast the message to all the users who are currenlty logged in.
syn: # wall
type the message
# write - used to send a message only to the particular user who is currently logged in
syn: # wc <file_name>
eg: # wc new
where
l = displays the number of lines in the specified file
w = displays the number of words in the specified file
c = displays the number of characters in the specified file
# cat -n <file_name>
will display the contents of the file along with the line number
# cp rose /Desktop/jack
will copy the contents of the file named rose to the location /Desktop with the file name as jack
# cp rose /Desktop/
will copy the contents of the file named rose to the location /Desktop with the same file name.
# cp -r <source_dir> <destination>
where
-r = recurrsive
To copy all the files and sub-directories inside a directory
# mv jack rock
will rename the file jack as rock in the current location
# mv jack /Desktop/rock
will move the file jack to the location /Desktop with the file name as rock.
NOTE: Source file "jack" will not be present after moving
# history
will display the commands executed in the particular shell
# history -c
to clear the history
# alias c=clear
this is only temp
c will perform the function of clear command
both c and clear command will work
alias work only with bash shell
Note:
Arrow keys work with BASH shell and NOT with Bourne shell.
# bc = binary calculator
# fg n
to bring the process to the fore ground
where n is the number of the process that is dispalyed whist executing the command bg.
Daemons:
Is the system process that run at the background.
# ls | grep rose
this command will look for the dir or file named rose under the current location and display the
same if it is present in the present working directory
To search a particular word from the file and to display the name of the file having the search
keyword.
# cat > new
hai
good
have a nice day
bash-3.00# cp new old
bash-3.00# grep -l hai new
new
bash-3.00# grep -l hai /opt/test/
bash-3.00# grep -l hai /opt/test/*
/opt/test/new
/opt/test/old
bash-3.00# cat > jack
jack
rose
bash-3.00# grep -l hai /opt/test/*
/opt/test/new
/opt/test/old
# ls --help
will provide the options for ls command to work with
ls can be replaced with any command
# man - will provide the help mannual about the commands, its syntax, options and its functions
# man ls
# rm -rf <dir-name>
# rm -rf delhi
will remove the contents of the directory named delhi and delete the directory delhi.
where
-r = recurrsive
-f = forcefully
-i = interactive
# domainname - to view the information about, to which domain or network the host belongs to
and to assign the domianname
# domainname <name>
will assign the domain name
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 10 of 145
# arch
will display the arch of the machine
# uname -m
display the arch
# uname -n
display the host name
# uname -X
will provide the info about the hostname, arch, operating system installed, kernel id
# cat /etc/release
will provide the info about the version or release of the operating system installed
# more <file_name>
# more /etc/passwd
to view the contents of the file in pagewise
# less <file-name>
# less /etc/passwd
to view the contents of the file in pagewise
# head -n <file-name>
# head -4 /etc/passwd
to view the first 4 lines of the specified file
# tail -n <file-name>
# tail -5 /etc/passwd
to view the last 5 lines of the specified file
# compress <file-name>
# compress passwd1
to compress the file
the file extension is .Z
# uncompress <file-name>.Z
# uncompress passwd1.Z
to uncompress the file
it's mandatory to use the file extension
# zcat <file-name>.Z
# zcat passwd1.Z
to view the contents of the compressed file without uncompressing
# gzip <file-name>
# gzip passwd2
to zip the file
the file extension is .gz
# gunzip <file-name>.gz
# gunzip passwd2.gz
to unzip the file
# bzip2 <file-name>
# bzip2 passwd3
to zip the file
file extension is .bz2
# bunzip2 <file-name>.bz2
to unzip the file
# strings <file_name>
will display only the contents of the file by omitting the unwanted spaces
Editors
1. vi
2. vim - vi improved
3. emac
4. pico
5. gedit - graphical editor - works only with graphics
VI - Editor
MISC:
f10 - to maximize the screen
f9 - to minimize the screen
ctrl+esc aut - to open the terminal
a - applications
u - utilities
t - terminal
# vi -R <file-name>
# vi -R new
to open the file as Read Only
# vi -x <file-name>
# vi -x rose
will prompt for the key/password.
the contents of the file will be encrypted
the contents cannot be seen by cat or vi editor.
the contents can be seen only by inserting the option -x with vi editor and by providing the
password.
even the source file is copied to another location, the password is applicable for the destination
file also.m
Directory Structure
/ = root
/bin = binaries. Both root user and non-root user executable comands
resides here. It's symbolic link or soft link to /usr/bin.
Hence the informations under /bin and /usr/bin remains same.
/sbin = It has the root user accessible commands. These commands are
available when /usr/bin is NOT mounted. It contains many system
administrative commands and utilities.
/proc - process directory. This directory stores current process related information. Every process
has its own sub-directory in /proc.
/lost+found - will be empty and is created at the time of creating a file system.
/system/contract - Used by SMF to track processes that compose a service. A file system used for
creating, controlling & observing contracts, which are relationships between processes & syste
resources. ( This directory can be seen in Sun Solaris 10)
Links:
Hard link:
1. Both the source file and the destination file will have the same contents.
2. Any number of links can be created
3. Both the source file and the destination linked file will have the same inode numbers.
4. If the source file is removed or deleted unfortunately still the datas can be assessed from the
destination.
5. When hard links are created, link counts will be increased. And if the hard links are removed
or deleted, link count decreases automatically.
6. Permissionship on the source file will have the impact on the destination file permissionship.
7. # ln <source_file> <destination_file.
Eg: # ln /4students/jai /new
8. The size of the files (both source and destination) remains same.
NOTE:
Only to the regaular files and directories its possible to store the datas.
To the device files (character device and special character block device) it's not possible to store
the data.
- = to a regaular file
d = to a directory
l = to soft or symbolic link
c = character special device
b = block device
# ls -l /dev/dsk
Will display the default symbolic links created in that dir.
# ls -l /devices
will dispaly the default device files
DISK ADMINISTRATION
NOTE:
In the case of swap memory:
If RAM < 2gb = Double the size of physical memory
If RAM is between 2gb and 8gb = 75% of physical memory
If RAM > 8gb = 50% of physical memory
Naming conventions:
1. Logical Name
2. Physical Name
3. Instance Name
Logical Name:
ON SUN HARDWARE : SPARC - Sacalar Processor ARCH
c#t#d#s#
c = controller
t = target
d = disk
s = slice
# = number
ON X-86 HARDWARE:
Targets will not be shown.
Hence
c#d#s#
It's possible to create 7 slices.
But will have 0 - 9
slice 8 and 9 = holds the boot loaders.
Note:
1. The devices performing input/output operations need device driver files.
Eg: Hard disk, printer...
2. The devices not performing input/output operations do not need device driver files.
Eg: Communication devices Hub, Router, Switch.
Since these devices going to transmit only the datas and not any other operations, they do not
need the device driver files.
Instance Name:
dad = direct access device (Only for IDE)
sd = scsi disk drive
Instance name are generated by the Kernel to each hardware.
cmdk = common disk
/etc/path_to_inst
1. This file has the information about the physical device name and their corresponding instance
name.
2. This file will be with the permission r--r--r-- (444)
3. This file is NOT recommended to edit.
# prtconf
This command provides the following informations:
1. physical memory size
2. Arch of the system
3. Machine model
4. What are the devices connected to the system along with the driver
# format
This is a utility which provides the following
1. How many hard disk drives are attached and recongnised by the OS.
2. Physical name and logical name of the disk
3. Volume name assigned to each disk
# echo | format
will also the above mentioned information
# format
command has two tires.
format>
where we can view only the disk drive infomation
partition>
to create, delete, modify the slices.
format> help
will provide the help, list out the commands that can be used in format tire.
format> verify
will list out the partition layout of the current disk drive selected.
Output:
Primary label contents:
Here,
part = the slice number
It varies from 0 to 7.
Cylinders:
Shows the starting point and the end point of the each slice.
Size:
shows how much of size is assigned or created to the slice
Blocks:
Shows the size of the disk in blocks.
format>disk
will list out the hard disk drives recognised by the operating system.
Will also provide the option to choose the next disk drive
But by default it selects the current disk.
format>p
format>partition
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 20 of 145
partition> help
will provide the help, commands that can be used in partition menu.
partition> print
pratition> p
will print the layout out the current disk drive.
Output is similar to the format> verify.
partition> q
to quit from parittion menu and move to format>
format> q
to quit from format utility.
format> l
format> label
partition> l
partition> label
To save the newly created/modified/deleted slices inforation to the operating system.
partition> 5
Part Tag Flag Cylinders Size Blocks
5 unassigned wm 2456 - 2741 501.48MB (286/0/0) 1027026
Note:
1. labeling the disk after creation/moidifcation/deletion of the slices is mandatory.
2. saving the changes done to the partition table is optional.
To create a partition:
1. Print the partition table and make sure about the available cylinders.
Avoid overlapping and wasting of the cylinders whilst creating the slices.
OUTPUT:
partition> p
Current partition table (unnamed):
Total disk cylinders available: 4924 + 2 (reserved cylinders)
partition> 5
Part Tag Flag Cylinders Size Blocks
5 unassigned wm 0 0 (0/0/0) 0
Here,
1. we have seen the partition table
2. Determined the starting point of the cylinders
3. Slice is defined in terms of size (gb)
Note:
Slice sizes can be defined in terms of clinders, gb, mb.
for eg:
Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 2g (in terms of gb)
Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 2048m (in terms of mb)
Enter partition size[0b, 0c, 2456e, 0.00mb, 0.00gb]: 3400e (in terms of cylinders)
partition> modify
Note:
1. This option is used only for the disk drives which is not having any mounted slices
2. This option CANNOT be used for the disk drive which is having Operating System.
FREE HOG:
When using the format utility and change the size of the disk slices, a temporary slice is
automatically designate that expands & shrinks to accomodate the slice resizing operations. This
temporary slice is refered to as the free hog & it represents the unused disk space on the disk
drive.
partition> name
will prompt for a table name with 8 characters
format> save
NOTE:
1. Before using this option, it's mandatory to name the partition table at the partition menu.
2. By default the save option will save the updated partition table information to the file
./format.dat
3. The location can be changed and the file name can be anything.
4. After doing updations, we can save the changes to the same file. This file will be updated and
not over written.
format>volname
will prompt for the disk name
NOTE:
format> volname
will assign name to the disk drive
partition> name
will assign the name to the partition table.
format> !cmd
partition> !cmd
eg:
format> !clear
partition> !ls
this is used to run the shell commands without quitting from the format utility.
format> current
Current Disk = c0t12d0: 5student
<SEAGATE-ST39103LCSUN9.0G-034A cyl 4924 alt 2 hd 27 sec 133>
/pci@1f,4000/scsi@3/sd@c,0
format> type
will provide the information about the disks supported.
format>fdisk
this option is used to delete the partitions of windows using Solaris.
Output truncated:
# prtvtoc /dev/dsk/c0t0d0s2
* /dev/dsk/c0t0d0s2 partition map
*
* Dimensions:
* 512 bytes/sector
* 248 sectors/track
* 19 tracks/cylinder
* 4712 sectors/cylinder
* 7508 cylinders
* 7506 accessible cylinders
*
* Flags:
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 23 of 145
* 1: unmountable
* 10: read-only
*
* Unallocated space:
* First Sector Last
* Sector Count Sector
* 18433344 16934928 35368271
*
* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 2 00 0 18433344 18433343
# prtvtoc
prints the Volume Table Of Contents
Following informations will be provided:
1. disk (volume name)
2. disk information, about the sectors, tracks. cylinders..
3. the created slices inforation along with the flags
Re-labling a disk:
# fmthard
this command is used to create/copy the layout of one disk drive to another.
NOTE:
# fmthard
command can be used only if both the source disk and the destination disk drive geometry
remains same.
1. At OK prompt
OK boot -r
will boot the system and reconfigure, identifies the newly connected disks.
2. # touch /reconfiure
Create a file named "reconfigure" under root.
# init 6
Restart the system
Now, when the system restarts, the newly connected disks will be identified.
NOTE: Once the system is rebooted, the reconfigured file will be removed automatically.
3. # devfsadm -Cv
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 24 of 145
will be applicable when the system supports hot pluggable disk drives.
here
-C = to clear and create a new list of newly identified disk drives
-v = verbose. detailed output
FILE SYSTEM
IN SOLARIS 10
zfs - zetta byte file system.
4 bit = 1 nibble
8 bit = 1 byte
1024 byte = 1 killo byte
1024 kb = 1 mega byte
1024 mb = 1 giga byte
1024 gb = 1 terra byte
1024 tb = 1 penta byte
1024 pb = 1 exa byste
1024 hb = zetta byte
# newfs
This command is used to create a new file system.
When this command is invoked to create a new file system, it refers to the file
/etc/default/fs
OUTPUT:
# cat /etc/default/fs
LOCAL=ufs
This file will have the above mentioned entry and hence only ufs file system will be created by
default.
# newfs command at the time of creation will provide the following information:
1. where the slice was mounted earlier,
2. geometry of the slice
3. secondary backup blocks
OUTPUT:
# newfs /dev/rdsk/c0t12d0s0
newfs: /dev/rdsk/c0t12d0s0 last mounted as /mnt/sone
newfs: construct a new file system /dev/rdsk/c0t12d0s0: (y/n)? y
Warning: 5166 sector(s) in last cylinder unallocated
/dev/rdsk/c0t12d0s0: 1027026 sectors in 168 cylinders of 48 tracks, 128
sectors
501.5MB in 13 cyl groups (13 c/g, 39.00MB/g, 18624 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 80032, 160032, 240032, 320032, 400032, 480032, 560032, 640032, 720032,
800032, 880032, 960032
# newfs -N /dev/dsk/c0t12d0s0
Will not create the file system, instead display the information about the geomerty of the disk
slice and the super backup blocks, if file system is created.
# newfs -T /dev/rdsk/c0t12d0s0
will create a file system that can support terrabyte.
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 27 of 145
# newfs -m 1 /dev/rdsk/c0t12d0s0
will create the file system, with the minfree value as 1%
Minfree:
A certain % of space is reserved for every slices.
To know : OUTPUT:
# fstyp -v /dev/dsk/c0t12d0s0 | grep -i min
minfree 10% maxbpg 2048 optim time
# fsck
file system check
It can be done in two ways
1. Non-interactive - only at the time of booting
2. Interactive - at any time
NOTE:
Before running # fsck, it's recommended to unmount the slice
OUTPUT:
2 files, 9 used, 483015 free (15 frags, 60375 blocks, 0.0% fragmentation)
Where
-o = to specify the option
b = to specify the block number
-y = to confirm "yes"
NOTE:
fsck command will check file system consistency, inode consistency, cylinder groups consistency.
# df -h
will provide
1. what are the devices mounted
2. Whenre it is mounted
3. what is the total size of the slice
4. how much of space is used
5. how much of available space
6. space utilized in %
Where
-h = to view the information in human readable format.
# du -h /<dir>
# du -h /mnt/sone
will provide how much of space is occupied by each file and directory
where
-h = human readable format
# quot -h /dev/dsk/c0t12d0s0
/dev/rdsk/c0t12d0s0:
9 root
will show the ownership.
Mounting is the process of getting ready to access the newly created slices.
Mounting can be done only if the slice is having the file system.
To mount a device mount point is essential.
By default only one device can be mounted at a single mount mount.
# mount
This command can be used only by the root user.
This provides the information about what are the devices mounted along with its property.
This will show both the permanent and temp mounted devices information along with the
newtwork mounted informations.
Output truncated:
# mount
/ on /dev/dsk/c2t0d0s0
read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=1d8000
8 on Sat Jul 18 20:05:48 2009
/devices on /devices read/write/setuid/devices/dev=4b80000 on Sat Jul 18
20:05:36 2009
/system/contract on ctfs read/write/setuid/devices/dev=4bc0001 on Sat Jul 18
20:05:36 2009
/proc on proc read/write/setuid/devices/dev=4c00000 on Sat Jul 18 20:05:36 2009
/etc/mnttab on mnttab read/write/setuid/devices/dev=4c40001 on Sat Jul 18
20:05:36 2009
/etc/svc/volatile on swap read/write/setuid/devices/xattr/dev=4c80001 on Sat Jul
18 20:05:36 2009
/system/object on objfs read/write/setuid/devices/dev=4cc0001 on Sat Jul 18
20:05:36 2009/usr on /dev/dsk/c2t0d0s3
read/write/setuid/devices/intr/largefiles/logging/xattr/onerror=panic/dev=1d8000
b on Sat Jul 18 20:05:49 2009
/platform/sun4u-us3/lib/libc_psr.so.1 on /platform/sun4u-
us3/lib/libc_psr/libc_psr_hwcap1.so.1 read/write/setuid/devices/dev=1d80008 on
Sat Jul 18 20:05:44 2009
/platform/sun4u-us3/lib/sparcv9/libc_psr.so.1 on /platform/sun4u-
us3/lib/sparcv9/libc_psr/libc_psr_hwcap1.so.1
read/write/setuid/devices/dev=1d80008 on Sat Jul 18 20:05:45 2009
/dev/fd on fd read/write/setuid/devices/dev=4e80001 on Sat Jul 18 20:05:49 2009
# df -h
will also provide the information about the device currenlty mounted.
This command can be used by the non-root users.
# fstyp <logical_device_name>
OUTPUT:
eg: # fstyp /dev/dsk/c2t1d0s0
ufs
This shows the type of the file system created on the slice
/etc/mnttab
1. is non-editable file even by the root user
2. this file can be updated by executing the command "#mount"
3. has the information about the currenlty mounted slices
4. provides the information about the device mounted, mount point of the device, how it's
mounted (state - ro/rw, nosuid, intr/nointr, largefiles/noloargefiles,xattr, on
error=panic/unmount/lock), type of the file system.
5. While mounting the slice we can provide the following options:
ro = read only
rw = read & write (Default)
nosuid = will not support the suid file scripts. By default it's supported
largefiles = will support the file size more than 2gb (Default)
nolargefile = will not support the files with more file size.
Ouptput truncated:
# cat /etc/mnttab
/dev/dsk/c2t0d0s0 / ufs
rw,intr,largefiles,logging,xattr,onerror=panic,dev=1d80008 1247927748
/devices /devices devfs dev=4b80000 1247927736
ctfs /system/contract ctfs dev=4bc0001 1247927736
proc /proc proc dev=4c00000 1247927736
mnttab /etc/mnttab mntfs dev=4c40001 1247927736
swap /etc/svc/volatile tmpfs xattr,dev=4c80001 1247927736
objfs /system/object objfs dev=4cc0001 1247927736
/dev/dsk/c2t0d0s3 /usr ufs
rw,intr,largefiles,logging,xattr,onerror=panic,dev=1d8000b 1247927749
/platform/sun4u-us3/lib/libc_psr/libc_psr_hwcap1.so.1 /platform/sun4u-
us3/lib/libc_psr.so.1 lofs dev=1d80008 1247927744
To check:
# tail -1 /etc/mnttab
/dev/dsk/c2t1d0s1 /mnt/slice1 ufs
ro,nosuid,intr,nolargefiles,logging,xattr,onerror=panic,dev=1d80001
1247930672
where
-o = to specify the options
NOTE:
If the properties of the mounted slice has to be changed, then the slice has to be unmounted and
want to be mounted once again.
By default, the # mount command mounts the slice having the ufs file system. This is b'coz:
# cat /etc/default/fs
LOCAl=ufs
/etc/vfstab
1. This file is editable file, by the root user.
2. Will have the entries of the devices that has to mounted permanently, even after reboots.
3. At the time of booting only this file will be checked.
4. The entries to this file and /etc/mnttab differs.
OUTPUT:
# cat /etc/vfstab
#device device mount FS fsck mount mount
#to mount to fsck point type pass at boot options
#
fd - /dev/fd fd - no -
/proc - /proc proc - no -
/dev/dsk/c2t0d0s1 - - swap - no -
/dev/dsk/c2t0d0s0 /dev/rdsk/c2t0d0s0 / ufs 1 no
-
/dev/dsk/c2t0d0s3 /dev/rdsk/c2t0d0s3 /usr ufs 1 no
-
/dev/dsk/c2t0d0s4 /dev/rdsk/c2t0d0s4 /var ufs 1 no
-
/dev/dsk/c2t0d0s7 /dev/rdsk/c2t0d0s7 /export/home ufs 2
yes -/devices - /devices devfs - no -
ctfs - /system/contract ctfs - no -
objfs - /system/object objfs - no -
swap - /tmp tmpfs - yes -
NOTE:
/, /usr, /var
will have the option mount at boot = no
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 32 of 145
but, before reading this file entry, those slices will be mounted by running a script.
Hence these above 3 were execetption.
# mountall
# umountall
will mount all /unmoutall the slices which have the option mount at boot = yes
Note:
1. After making updations to the file /etc/vfstab
we can make the slice available by
a. # mountall
b. # mount <mount_point>
Eg: # mount /fiv
NOTE:
Before unmounting make sure, we are away from the mount point.
# umount -f <mount_point>
# umount -f <logical_device_name>
where
-f = forcefully
# /etc/init.d/volmgt stop
- To stop the service
NOTE:
Once if the device (cdrom) is mounted using volume magement, its possible to eject the media,
before unmounting.
vold - is the daemon which will be running at the background while the volume management
process is started.
/etc/rmmount.conf
- is the configuration file for the removable media.
NOTE:
1. Volume management (VOLD) features automatic detection of the CD-ROM. However, it does
not detect the presence of diskette that has been inserted in the drive untill volcheck command is
run, This command instructs the vold daemon to check the diskettte drive for any inserted media.
Volme management can mount ufs, pcfs, hsfs & udfs file system.
# iostat -en
- will provide the above information, along with the hardware and software errors.
NOTE:
1. To invoke graphics, mouse has to attached to the system
2. Requires 512 Mb of physical memory (Sun Solaris-10)
# cat /var/sadm/README
this file provides the information about the old software release, install log files and
new software release.
OUTPUT:
# cat /var/sadm/softinfo/INST_RELEASE
OS=Solaris
VERSION=10
REV=0
# cat /var/sadm/install_data/install_log
provides number of informations
it also provides the information about the Sun Solaris Software Cluster Group installed.
OUTPUT:
# cat /var/sadm/system/admin/CLUSTER
CLUSTER=SUNWCall
will only provide the information about the Sun Solaris Software Cluster Group installed.
PACKAGE ADMINISTRATION
NOTE:
The format of the packge in Sun Solaris is DATASTREAM.
# pkginfo
will provide all the installed, both completely installed and partially installed packes.
Displays the information about the packages in 3 coloumns.
Output trucnated:
# pkginfo | more
system CADP160 Adaptec Ultra160 SCSI Host Adapter
Driver
system HPFC Agilent Fibre Channel HBA Driver
system NCRos86r NCR Platform Support, OS
Functionality (Root)
system SK98sol SysKonnect SK-NET Gigabit Ethernet
Adapter SK-98xx
system SKfp SysKonnect PCI-FDDI Host Adapter
system SUNW1251f Russian 1251 fonts
system SUNW1394 Sun IEEE1394 Framework
system SUNW1394h Sun IEEE1394 Framework Header Files
ALE SUNW5xmft Traditional Chinese (BIG5) X
Windows Platform
minimum required Fonts Package
system SUNWGlib GLIB - Library of useful routines
for C programming
system SUNWGtkr GTK - The GIMP Toolkit (Root)
system SUNWGtku GTK - The GIMP Toolkit (Usr)
GNOME2 SUNWPython The Python interpreter, libraries
and utilities
1st coloumn = provide the information about the category to which the package belongs too.
There are 4 categories available:
System, application, CTL (Complex Text Layout), ALE (Alternate Language Environment)
2nd coloumn = provide the information about the name of the package
# pkginfo -p
provides ONLY the PARTIALLY installed packages
# pkginfo -l <packge_name>
# pkginfo -l SUNWbash
PKGINST: SUNWbash
NAME: GNU Bourne-Again shell (bash)
CATEGORY: system
ARCH: i386
VERSION: 11.10.0,REV=2005.01.08.01.09
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: GNU Bourne-Again shell (bash) version 3.0
PSTAMP: sfw10-x20050108013321
INSTDATE: Jul 22 2009 14:37
HOTLINE: Please contact your local service provider
STATUS: completely installed
FILES: 3 installed pathnames
2 shared pathnames
2 directories
1 executables
1197 blocks used (approx)
# pkginfo | wc -l
will list out how many packages is installed to the system
# cat /var/sadm/install/contents
Provide the information about the packages installed to the system
# cd /var/sadm/pkg
Provide what are the packages installed to the system
To install a package:
Let's consider the OS cd/dvd is mounted under /mnt/cdrom
# cd /mnt/cdrom/Solaris_10/Product
# pkgadd -d . SUNWbash
To install the specified package from the current location
# pkgrm <package_name>
For eg:
# pkgrm SUNWbash
to remove the specified package
Package cluster:
Package cluster is a collection of packages.
NOTE:
Name of the cluster can be anything.
#pkgchk <pkg_name>
# pkgchk SUNWbash
if the package is installed, nothing will be shown as a output.
But if the package is NOT installed, a error report will be generated
OUTPUT:
# pkgchk -v SUNWbash
/usr
/usr/bin
/usr/bin/bash
will provide the information about the specified package installed path names, executable file and
directory.
# pkgchk -l SUNWbash
will display the detailed list about the file names associated with the specified package
Output truncated:
# pkgchk -l SUNWman | more
Pathname: /usr/man
Type: symbolic link
Source of link: ./share/man
Referenced by the following packages:
SUNWdoc SUNWman
Current status: installed
Pathname: /usr/share
Type: directory
Expected mode: 0755
Expected owner: root
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 38 of 145
# pkgchk -p <file_name>
will provide the information about when the file is modified.
OUTPUT:
# pkgchk -p /etc/shadow
ERROR: /etc/shadow
modtime <11/09/06 10:18:10 PM> expected <07/20/09 11:20:32 AM> actual
file size <296> expected <703> actual
file cksum <20180> expected <48117> actual
OUTPUT:
# pkgchk -l -p /etc/shadow
Pathname: /etc/shadow
Type: editted file
Expected mode: 0400
Expected owner: root
Expected group: sys
Referenced by the following packages:
SUNWcsr
Current status: installed
will provide
a. name of the package the specified file is associated with
b. permissionship of the file
c. ownership and group of the file
d. status of the package
Points to remember:
# pkginfo -p
-l
where
-p = provide the partially installed packages
-l = provide the detailed information about the packages installed
# pkgadd -d
to specify the source directory of the package
# pkgtrans -s
to specify the source directory of the package
# pkgchk -v <pacage_name>
to provide the information about the files the specified file is assicated with.
# pkgchk -p <file_name>
-p = to specify the path
will provide the information about the modified time of the file
# pkgchk -l -p <file_name>
-l = to privide the detailed information about the file specified
-p = to specify the path of the file
Patch Administration
But the newer releases from Solaris 8 the format of the patch is .zip
NOTE:
Before installing a patch, it's recommended to check whether patch going to be installed is a right
patch to fix the problem.
It's recommended to have a backup of the installed OS. Since the patch is going to directly
interact with the kernel (os), the above option is recommended.
# showrev -p
# pathchadd -p
will display the information about the currenlty installed patches.
105050-01.zip
A B
A = is called as the base code
B = is the revision number of the patch.
To install a patch:
1. Unzip the downloaded patch.
2. # patchadd <patch_number>
# patchadd 105050-01
NOTE:
Before installing a patch, soon after unzipping the patch,
A README file will be extracted. It's recommended to read that file.
That file will provide the information about, which problem will be fixed by installing the patch,
pre-requestie to install the patch.
# patchadd -d <patch_number>
# patchadd -d 105050-01
will NOT save the patch to the disk. Once the system is rebooted, the information will be
vanished.
# patchrm <patch_number>
# patchrm 105050-01
To remove the installed patch.
NOTE:
# smpatch command can also be used to install the patch.
OBP is a firmware.
It can be compared with X-86 bios.
NOTE:
- Can only control the POST only by using the Sun keyboard
- Sun can replace the NVRAM with the same host id and ehternet address
- Stop+A kay sequence can cause Solaris OS file system corruption which can be
difficult to repair.
# kbd -t
displays the keyboard type
Ok nvramrc
NVRAMRC contents are displayed
OK banner
displays the system information, inclusing the physical memory, processor, obp version
and the system model.
Ok oem-logo?
If true, displays customized oem logo specified by oem-logo
Ok boot -a
Ask me. Interactive mode prompts for the names of the boot files.
[Helpful if you need to boot off an alternate /etc/system file after kernel unable modifications.]
Ok boot -r
Reconfigure boot. Boot and search for all attached devices, then build device entries for anything
which does not already exist. Useful when new devices are added to the system.
Ok boot -s
Single user. Boots the system to run level 1.
Ok boot -v
Verbose boot. Show good debugging information.
Ok boot -V
Verbose boot. Show a little debugging information.
Ok .enet-addr
Displays the enternet address
Ok .version
Display version and date of the boot PROM
(pritconf –V in a shell when booted)
Ok .speed
Display processor and bus speeds
Ok sync
Call the operating system to write information to hard disk drive
Ok firmware-version
Displays major/minor CPU firmware
Ok reset
Reset entire system [similar to performing a power cycle]
Ok reset-all
Reset entire system [similar t performing a power cycle]
Ok set-defaults
Reset all the PROM settings to the factory settings
Ok eject
Ejects the drive
Ok eject cdrom
Ok test device
Test the specified device
Ok test net
Test the primary network controller
Ok test-all
Test all devices available with the self-test capability
Ok test scsi
Test the primary SCSI controller
Ok watch-net
Monitors network broadcast packets for default interace
. for a good packet
X for a bad packet
Ok watch-net-all
Monitors network broadcast packets for all the interfaces
Obdiag
Invokes an optional interactive menu tool which lists all self-test methods available on a system;
provides commands to run self test. (More for servers and very machine specific. Reference the
specific hardware manual for the machine to get additional information on running obdiag.
Ok nvedit
Enter the NVRAMRC editor. If data remains in the temporary buffer from a previous nvedit
session, resume editing those previous contents. IF not, read the contents of NVRAMC into the
temporary and begin editing it.
Ok show-devs
Display list of installed and probed devices
Ok show-pci-devs
Display all PCI devices
Ok show-disks
Display a list of known disks in format for use in creating device alias.
Ok show-tapes
Display a list of know tape device drives conneced to the system
Stop-A Abort
Stop-D Enter detailed diagnostic mode
Stop-N Reset NVRAM content to default values
The NVRAM security variables control the set of operations users are allowed to perform from the
OpenBoot PROM user interface and can be set with the following:
Sets the PROM security password to what is specified in the password filed. This password must
be between zero and eight characters [any characters after eight are ignored] and the passwords
takes effect immediately – no reset is required. Once set, if we enter an incorrect password
there is a delay of around 10 seconds, before we are able to try again and the security-#badlogins
counter is incremented. The password is never shown as we type it or with the printenv.
OK printenv security-mode
2.command
a.All commands expect for boot and go require password
3.full
a.All commands expect for go require the password
Caution:
We must set our security password before setting the security mode. [The password is
blank by default, but if already set by someone, we won’t know what it is and will not be able
to disable it] If we forgot the security password, we may not be able to use our system and must
call the vendor for a replacement of a PROM.
Ok printenv security-#badlogins
Reset the security-#badlogins counter. This counter keeps track of the nuber of failed security
password attempts.
Ok banner
Display the power-on banner
OK devalias
- to view the alias name assigned to the physical device at the Boot PROM monitor mode
for eg:
eg:
OK nvunalias cdrom
OK sifting <part_of_the_command>
eg:
OK sifting bo
it'll act simialr to grep command and search for the keyword 'bo" at OK prompt
OK probe-scsi
OK probe-scsi-all
OK probe-ide
OK go
will resume back to the OS, shell, if we have used stop-A key sequence.
# eeprom
- can be used by root user only.
- can be used while the system is in the running state
- is used to change the environmental variables of OK prompt while
the system is in the running state.
- this will have a impact once the system is restarted
- will dispaly only the currently assinged values
NOTE:
where as, OK printenv
- will display the currently assinged values and the default parameter that can be
assinged.
If
auto-boot? false
at the OK prompt, then, whenever the system is rebooted, OK boot command has to be
executed.
whereas
auto-boot? ture
then the system boots from the default device automatically
NOTE:
- stop keys will function irrespective of the user account. i.e stop keys are independent.
If the machine is at OK prompt, the machine is NOT running, so user account will have no
impact.
- It's not recommended to use stop+A to move to Ok prompt, since it'll abort the process
running.
2. # kbd -i
- to initiate the changes done
To enable:
1. Edit the file /etc/default/kbd
2. # kbd -i
to initate
This is permanent.
Additional information:
Linux - Run levels
Short comparison:
Disk administration:
Solaris Linux
# format # fdisk -l
Displays the disk availabilty Displays the disks & partitions availability
/dev/(r)dsk/c#t#d#s# /dev/hda,/dev/hdb,/dev/sda,/dev/sdb
File system:
ufs ext3
# newfs /dev/rdsk/c#t#d#s# # mkfs -t ext3 /dev/hda#
/etc/mnttab /etc/mtab
/etc/vfstab /etc/fstab
Package administation:
Process monitoring:
# prstat # top
# free
uptime,last,who,w = works with both
# ufsdump # dump
# ufsrestore # restore
/ = root
/root = root's home directory
/home = non-root user's home directory
/etc = system configuration directory
/dev = logical disk drive informations
/mnt = optional directory to mount the devices
/opt = optional directory to install 3rd party softwares
/usr = unix system resource
/var = system logs
/media = default mount point for optical media (RHEL5 - Red Hat Enterprise Linux 5)
/selinux = security enhanced linux ( Seen in RHEL 5)
/lib = library modules
/bin = non root user executable binaries
/sbin = root user executable binaries
/proc = provides system hardware information & generate the pid's
/lost+found = used at the time of fsck
/boot = have the boot loader information
# init 5
# shutdown -g 90 -i 5
Where
-g = to specify the grace period
-i = to inform the system to move the specified runlevel
# poweroff
Bootup phases:
4. Init phase:
a. Kernel starts the /etc/init
It has the the services that has to be started at the time of boot
/etc/init.d/
list out the number of services that start at the time of boot
/etc/inittab
Reads this file to identify, in which run level the system has to be started
After reading the entry of the file
accordingly,
b. It starts rc Scripts
rc = run control scripts
Output truncated:
# ls /etc/init.d
1 boot.server imq mipagent samba
PRESERVE cachefs.daemon init.dmi mkdtab sendmail
README deallocate init.sma ncakmod slpd
acct devlinks init.snmpdx ncalogd swupboots
OUTPUT:
# cat /etc/inittab
For eg:
OUTPUT:
# ls /etc/rc2.d/
K03samba K27boot.server S42ncakmod S81dodatadm.udaplt
K05appserv README S47pppd S89PRESERVE
K06mipagent S10lu S70uucp S94ncalogd
K15imq S20sysetup S72autoinstall S98deallocate
K16apache S40llc2 S73cachefs.daemon
# who -r
will provide the following information
a. current run level
b. date & time of the last run level change
c. number of times at this runlevel since the last rebppt
d. previous run level
OUTPUT:
# who -r
. run-level 3 Aug 12 12:22 3 0 S
Note:
# init q
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 52 of 145
# /etc/telinit q
will re-read the /etc/inittab file
To shutdown/restart:
# init 2
#/etc/telinit 2
Output:
# file /etc/telinit
/etc/telinit: ELF 32-bit LSB executable 80386 Version 1, dynamically linked,
stripped
Terminology:
1. Boot Loader:
eg: Grub - solaris, linux (very popular boot loader)
Lilo - Linux Loader
Boot.ini - windows
Always the boot loader will be residing at the starting location of the disk which is having the
operating system.
Note:
GRUB can be compared with bootblk in Sparc arch.
The boot loader is the first software program that runs after you turn on a system. This program
begins the boot process.
2. Boot archive:
A boot archive is a collection of critical files that is used to boot the solaris os.
Two boot archives are maintained by the system
a. Primary boot archive - Used to boot the Solaris OS on the system
b. Solaris Fail Safe - Used for recovery when the primary boot archive is damaged.
On X86 based systems, the miniroot is copied to the system to be
used as failsafe boot archive.
Note:
1. If we install an operating system other than the Solaris OS, we must modify/edit the
/boot/menu.lst file manually to include the new installed OS instance. Adding this entry will
provide the option on next reboot.
2. The default OS is usually the first entry that is displayed in the grub menu.
To make the grub menu displayed untill, the option is choosen, edit the /boot/grub/menu.lst
file
OUTPUT:
# vi /boot/grub/menu.lst
# default menu entry to boot
default -1
Here,
Once the default option is selected, i.e 0, then, the menu.lst will read the following,
root (hd0,0,a)
1 2 3
where
1 = First hard disk drive. (In the case of second disk drive hd1)
2 = First partition (bootable partition)
3 = First slice
ON -> BIOS -> GRUB (Stage1 & stage2) -> OS kernel (Multi-boot,boot-archive-unix) -> sched
(PID:0) -> init (PID:1) -> SMF (PID:7)-> Invokes the services.
1. Once the grub screen is displayed, use arrow keys to select, then press 'e' to edit accordingly.
For instance
0 Solaris 10 11/06 s10x_u3wos_10 X86
1 Solaris failsafe
To boot the system in single user mode from the grub menu:
kernel /platform/i86pc/multiboot -s
now press, 'esc' followed by 'b' to boot the system in single user mode.
kernel /platform/i86pc/multiboot -r
kernel /platform/i86pc/multiboot -a
The kernel reads the file in the boot archive before the root / file system is mounted. After the
root / file system is mounted, the kernel discards the boot archive form the memory.
Output:
Output:
# cat /boot/solaris/bootenv.rc
Will provide the boot path of the physical device, from which the opearting system is loaded.
1.Provides service management via service configuration database [list of services and their
various supported methods].
2.Proves legacy rc script support [old programs will work].
3.Facilitates service dependencies
4.Permits automatic restarts of failed and/or stopped service.
5.Provides service status information [0nline/offline, dependencies]
6.Causes each defined service to log individually to : /var/svc/log
7.Defines a Fault Management Resource Identifier [FMRI].
FMRI provide categories of services
a.network
b.milestone
8.Can load mutually exclusive services in parallel.
9.SMF support multiple instances of services.
Maintenance -> this state needs roots’s interrogation. In this case the services has to be make
available manually
Maintenance: The service instances has encountered an error that must be resolved by the
administrator
Uninitialized: This state is the initial state for all services before their configuration has been
read.
# svcs -a
-a option will display all services, including disabled services.
Output truncated:
# svcs -a
STATE STIME FMRI
legacy_run 14:42:55 lrc:/etc/rcS_d/S50sk98sol
legacy_run 14:42:59 lrc:/etc/rc2_d/S10lu
legacy_run 14:42:59 lrc:/etc/rc2_d/S20sysetup
legacy_run 14:42:59 lrc:/etc/rc2_d/S40llc2
.
.
.
disabled 14:42:57 svc:/network/rexec:default
disabled 14:42:57 svc:/network/shell:default
disabled 14:42:57 svc:/network/shell:kshell
disabled 14:42:57 svc:/network/talk:default
online 14:42:49 svc:/system/svc/restarter:default
online 14:42:50 svc:/system/installupdates:default
online 14:42:50 svc:/network/pfil:default
online 14:42:50 svc:/milestone/name-services:default
online 14:42:50 svc:/network/loopback:default
online 14:42:50 svc:/system/filesystem/root:default
# svcs
List out that are the services running (online), status of the service, FMRI
Output truncated:
# svcs
STATE STIME FMRI
legacy_run 14:42:55 lrc:/etc/rcS_d/S50sk98sol
legacy_run 14:42:59 lrc:/etc/rc2_d/S10lu
legacy_run 14:42:59 lrc:/etc/rc2_d/S20sysetup
legacy_run 14:42:59 lrc:/etc/rc2_d/S40llc2
legacy_run 14:42:59 lrc:/etc/rc2_d/S42ncakmod
legacy_run 14:42:59 lrc:/etc/rc2_d/S47pppd
legacy_run 14:42:59 lrc:/etc/rc2_d/S70uucp
legacy_run 14:42:59 lrc:/etc/rc2_d/S72autoinstall
.
.
.
online 14:42:49 svc:/system/svc/restarter:default
online 14:42:50 svc:/system/installupdates:default
online 14:42:50 svc:/network/pfil:default
# svcs -l
-l option will give detailed information about a service, includes the FMRI, status of the
service,
bane if the service, when it was started.
Eg: svcs -l network
# svcs -l <FMRI>
Eg: # svcs -l telnet
Output:
# svcs -l telnet
bash-3.00# svcs -l telnet
fmri svc:/network/telnet:default
name Telnet server
enabled true
state online
next_state none
state_time Mon Aug 24 14:42:57 2009
restarter svc:/network/inetd:default
# svcs -d
-d option lists the services or service instances upon which the given service instance
depents.
Eg: svcs -d milestone/network:default
svcs -d milestone/multi_user
svcs -d network/inetd
Output truncated:
bash-3.00# svcs -d milestone/multi-user
STATE STIME FMRI
disabled 14:42:50 svc:/network/ntp:default
disabled 14:42:50 svc:/system/auditd:default
disabled 14:42:50 svc:/system/mdmonitor:default
disabled 14:42:50 svc:/system/rcap:default
online 14:42:50 svc:/milestone/name-services:default
online 14:42:52 svc:/system/name-service-cache:default
online 14:42:52 svc:/system/rmtmpfiles:default
online 14:42:53 svc:/system/power:default
# svcs -D
-D option will display the other services depends on a given service.
eg: svcs -D milestone/multi-user
Output:
bash-3.00# svcs -D milestone/multi-user
STATE STIME FMRI
disabled 14:42:50 svc:/network/dhcp-server:default
disabled 14:42:50 svc:/application/management/common-agent-container-
1:default
online 14:43:05 svc:/milestone/multi-user-server:default
online 14:43:28 svc:/system/webconsole:console
# svcs -p
-p option is to view the processes associated with a service instance.
eg: svcs -p svc:/network/inetd:default.
Output:
bash-3.00# svcs -p network/inetd:default
STATE STIME FMRI
online 14:42:56 svc:/network/inetd:default
14:42:56 288 inetd
# svcs -x
If a service fails for some reason and can not be restarted, you can list the service using
the –x option.
Output:
bash-3.00# svcs -x telnet
svc:/network/telnet:default (Telnet server)
State: online since Mon Aug 24 14:42:57 2009
See: in.telnetd(1M)
See: telnetd(1M)
Impact: None.
Output:
bash-3.00# svcadm disable -t telnet
bash-3.00# svcs -l telnet
fmri svc:/network/telnet:default
name Telnet server
enabled false (temporary)
state disabled
next_state none
state_time Mon Aug 24 16:44:23 2009
restarter svc:/network/inetd:default
NOTE:
Note:
1. The svc.stard daemon can obtain information about the services from the repositry. This was
previously the responsibilty of init process.
2. svc.stard daemon takes on the role of starting the appropritae process for the achieved run
level.
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 63 of 145
Output truncated:
bash-3.00# svccfg
svc:> select network
svc:/milestone/network> select telnet
svc:/network/telnet> listprop
general framework
general/entity_stability astring Unstable
general/restarter fmri svc:/network/inetd:default
inetd framework
inetd/endpoint_type astring stream
inetd/isrpc boolean false
inetd/name astring telnet
inetd/proto astring tcp6
inetd/stability astring Evolving
inetd/wait boolean false
/etc/svc - directory have the informations about the smf services and its repository database.
/etc/svc/repository.db
will have the data base about the services.
It is used to check the integrity of the services.
# inetconv - convert inetd.conf entries into smf service manifests, import them into
SMF repository
# inetadm - Displays what are the services that are controlled by “inetdâ€
# inetadm -l <FMRI>
Displays detailed information about the FMRI specified.
Eg: # inetadm –l telnet
# inetadm -d <FMRI>
To disable the specified service
Eg: # inetadm -d telnet
# inetadm -e <FMRI>
To enable the specified service
Eg: # inetadm –e telnet
# inetadm -p
Displays the global setttings
# inetadm -l telnet
Output:
bash-3.00# inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=TRUE
# inetadm -M tcp_trace=TRUE
Output:
bash-3.00# inetadm -M tcp_trace=TRUE
bash-3.00# inetadm -l telnet
SCOPE NAME=VALUE
name="telnet"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.telnetd"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=TRUE
default tcp_wrappers=TRUE
# netservices open
1. Will open or enable all the network related services
2. Needs the system to be restarted.
Output:
bash-3.00# netservices open
restarting syslogd
restarting sendmail
restarting wbem
bash-3.00# cd /var/svc/profile/
bash-3.00# ls -l generic.xml
lrwxrwxrwx 1 root root 18 Aug 24 16:59 generic.xml ->
./generic_open.xml
To check:
# svcs -a | grep ftp
Output:
bash-3.00# svcs -a | grep ftp
online 16:47:14 svc:/network/ftp:default
# netservices limited
1. Will disable all ther services except ssh.
2. Need the system to be restarted
Output:
bash-3.00# netservices limited
restarting syslogd
restarting sendmail
restarting wbem
dtlogin needs to be restarted. Restart now? [Y] n
dtlogin not restarted. Restart it to put it in local-mode.
bash-3.00# cd /var/svc/profile/
bash-3.00# ls -l generic.xml
lrwxrwxrwx 1 root root 25 Aug 24 17:02 generic.xml ->
./generic_limited_net.xml
To check:
# svcs -a | grep ftp
disabled 17:02:01 svc:/network/ftp:default
But,
# svcs -a | grep ssh
online 14:42:58 svc:/network/ssh:default
File permissions
r= read
w=write
x=execute
# chmod
To change the file and directory permissionship
# chown
To change the ownership of the files and directories
# chgrp
To change the group of the files and directories
Note:
1. # chown and
# chgrp
commands can be used only by the root user.
The owneship will be changed to the parent directory and for the sub-directories and files inside
the dir "dir1"
-R = recurrsive
Setuid:
1. When the SUID is assigned to a file, all the users who are accessing the file become the owner
of the file at that moment.
OUTPUT:
OUTPUT:
# chmod 4644 one
-rwSr--r-- 1 root root 0 Jul 23 14:44 one
OUTPUT:
SGID:
1. SGID will be effective for a directory
2. If SGID permission is assigned to a directory, then the files and sub-dir
created under the parent dir (dir impletemented with SGID) will be inheriting the group of the
parent directory.
OUTPUT:
Sticky bit:
1. It'll be effective for a directory.
2. If a directory is with impletemented with sticky bit, every user in that system has the right to
create a file/directory inside that dir (provided with permission), but only the owner of the file can
delete the file.
OUTPUT:
NOTE:
Used to identify what are the files/dir that are having SGID permission.
Output truncated:
# find /-user root -perm -2000
/usr/bin/mail
/usr/bin/mailx
/usr/bin/passwd
/usr/bin/write
/usr/lib/sendmail
/usr/openwin/bin/Xprt
/usr/openwin/bin/lbxproxy
/usr/platform/i86pc/sbin/eeprom
/usr/sbin/amd64/prtconf
Used to identify what are the files/dir that are having SUID permission.
Output truncated:
Used to identify what are the files/dir that are having Sticky bit permission
# find /-user root -perm -1000
/etc/shadow - holds the information about the user's password and password aging information
/etc/group - holds the information about the group and it's properties
/etc/skel - a directory from where the default user properties will be inherited.
/etc/passwd
thiyagu:x:517:1: :/export/home/thiyagu:/bin/sh
A B C D E F G
Commands:
When the # useradd command is executed, the following 2 files will be updated.
1. /etc/passwd
2. /etc/shadow
che:x:522:1::/export/home/che:/bin/sh
Note:
Whenever the user is created, that user account will be "locked" intially untill password to the
user is defined.
where
-m = to create the home directory and provide the ownership of the dir to the newly created user
account
-g = to specify the primary group id or group name to which the user belongs too
-G = to specify the secondary group id or group name to which the user belongs too
Note:
An user should be a member of 1 primary group and can be member of 15 secondary groups.
eg:
# useradd -u 5001 -d /export/home/us -s /bin/bash -m -g sun -c "basketball" -G 507,509,510
jordan
here
-o - is used to duplicate the user id to another user
Note:
1. DO NOT duplicate the user id of root (0) to any other user, if it happens, then, security
breech will happen.
2. We can also assign root priviledges to user through Authorization. Ref: RBAC-Topic
Note:
.profile file under /etc/skel
have a impact when the user login to the system.
Hence some scripts can also be added to that.
# useradd -D
will provide the information about the default property and options of the users to be created.
OUTPUT:
# useradd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
# passwd -d <user_name>
# passwd -d shiva
will remove the password and assign "blank" password to the user
OUTPUT:
OUTPUT:
shiva::14452:30:60:40:::
OUTPUT:
sithan:pmk2TEdOcjhXo:14452:40:50:30: :14609:
A B C D E F G H
where
A = login name of the user account
B = encypted password for the user
C = no of days logged in. (Calculated from 1 jan 1970)
D = password minimun age (not to change password until 40 days)
E = password maximum age ( have to change the password after 50 days)
F = a warning will be displayed to the user after 30 days to change password
G = number of inactive days
H = expire days
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 74 of 145
/etc/security/policy.conf
this file is responsible for genereating the encrypted password to any user.
This file will have number of cryptographic algorithm to be followed while generating a password
to any user.
eg: 1, 2a, md5
Output truncated:
# crypt(3c) Algorithms Configuration
#
# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
# be used for new passwords. This is enforced only in crypt_gensalt(3c).
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5
/etc/defult/passwd
will provide number of informations related to the password security policy
1. defines the length of the password
2. default minumum password age
3. default maximum password age
4. maintaining the history of the password
5. name check (login name cannnot be used as the password)
6. dict word ( dictionary word cannot be used a password)
7. alphpa numeric,special characters to password
Note:
1. Normally the password security policy is not enforced(commented). It can be enabled.
2. If the useraccounts are created through CLI, password security policy can be override.
Output truncated:
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6
#NAMECHECK=NO
#HISTORY=0
#MINDIFF=3
#MINALPHA=2
#MINNONALPHA=1
#MINUPPER=0
#MINLOWER=0
#MAXREPEATS=0
#MINSPECIAL=0
#MINDIGIT=0
#WHITESPACE=YES
#DICTIONLIST=
#DICTIONDBDIR=/var/passwd
# passwd -l <login_name>
# passwd -l tom
will lock the user account
Note:
Eventhough the user has the password the account is locked.
OUTPUT:
tom:*LK*QK7lo.vinkpQs:14452::::::
# passwd -u <login_name>
# passwd -u tom
To unlock the user account
OUTPUT:
tom:QK7lo.vinkpQs:14452::::::
# userdel -r <login_name>
# userdel -r tom
Will delete the user account along with the user's home dir.
Step 2.A :
# useradd -m -d /export/home/shiva -g solaris -s /bin/bash shiva
# passwd shiva
these above commands creates the user account shiva belongs to the group solaris & assign the
password to them.
Step 2.B:
# useradd -m -d /export/home/lingesh -s /bin/bash lingesh
# passwd lingesh
these commands creates & assings the password to the user account lingesh
Step 3:
As a root user or as any user create a file.
Here let’s create a file with the root user account
# mkdir /new
# cd /new
# cat > one
# ls -l
this will display the default permission ship and the group the owner (here root) belongs to.
# chmod 664 one
This command will change the permission ship to file 'one'
Step 4:
To assign the password to a group
a. Copy the second field (encrypted password) of any user account from the file /etc/shadow
b. Paste the same to the second field of the file /etc/group
Step 5: To check
a. Login as the user (shiva - who belongs to solaris group)
and make the changes to the file. It'll change.
b. Login as the other user (lingesh - who DOESNT belong to solarsi group)
and try to make the changes to the file.
We'll be prompted with "permission denied"
c. # newgrp solaris
this command will prompt for the password of the group Solaris
and allows to take the group permission ship.
NOTE: When the user is login to the group the shell changes.
NOTE: DONOT duplicate the root id to any user, if happens it leads to security breech.
MISC :
2. # pwck => checks the entry of the file /etc/passwd and if any errors
it'll be displayed
3. # grpck => checks the entry of the file /etc/group and if any errors it'll be displayed
/etc/group
unix:Hsba96iR2vYXI:116:root,bhutia
A B C D
where
A - group name
B - encypted password to the group
Note:
Password to the group can be copied from /etc/shadow file.
No command is used to assign the password to the group.
C - group id
D - group members.
Note:
Only secondary group member names can be seen in the file
Note:
The file ownership will be changed accordingly but the home directory will be owned by the old
owner.
Which will restrict to create any files in the home dir, hence the permissionship & ownership has
to be changed.
/usr/sadm/defadduser
this file have the entries of the default parameters of the useradd command
# useradd -D
reads the entry fromt this file
OUTPUT:
# cat /usr/sadm/defadduser
# Default values for useradd. Changed Tue Jul 28 04:28:53 2009
defgroup=1
defgname=other
defparent=/home
defskel=/etc/skel
defshell=/bin/sh
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
# id <login_name>
# id bryant
will provide the information about the user's id and their primary group along with id.
OUTPUT:
$ id bryant
uid=1028(bryant) gid=110(sun)
# id -a <login_name>
# id -a bryant
will provide the information about the user's id, primary group id and name, secondary group id
and names
OUTPUT:
$ id -a bryant
uid=1028(bryant) gid=110(sun) groups=110(sun)
# finger -m <login_name>
# finger <login_name>
# finger bryant
# finger -m bryant
will provide the informations about the user's home dir, parent shell, when they logged in.
OUTPUT:
$ finger bryant
Login name: bryant In real life: test
Directory: /export/home/kobe Shell: /bin/bash
Never logged in.
No unread mail
No Plan.
To add a group:
# groupadd <group_name>
# groupadd sun
# groups
# groups <user_name>
will provide the information about to which group the user belong to.
OUTPUT:
# groups scbose
other
According to this ouptput, the user scbose belongs only to the group other.
# listusers
will display the information about the user's available in the system.
Output truncated:
# listusers
castro
che
hari
karl
lenin
noaccess No Access User
nobody NFS Anonymous Access User
nobody4 SunOS 4.x NFS Anonymous Access User
rosan
rose
scbose
# listusers -g <group_name>
Will display the user's belong the specified group
# listusers -g other
OUTPUT:
# listusers -g sun
new
old
test
# pwconv
installs and updates /etc/shadow with information
from /etc/passwd
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 80 of 145
Performance monitoring
#w
will list out the following informations
1. who is logged in to the system
2. where they have logged in
3. when they have logged in
4. what they are doing
5. how much time they were idle
6. cpu utilization for each user's process
OUTPUT:
# w
4:37pm up 2:41, 3 users, load average: 0.04, 0.05, 0.04
User tty login@ idle JCPU PCPU what
root console 1:57pm 2:40 /usr/bin/gnome-session
root pts/3 3:05pm 3 3 w
che pts/4 4:37pm -bash
# users
will list out who are the user's logged to the system
OUTPUT:
# users
root root che
# who
will listout
1. who is logged into the system
2. where they have logged in
3. when they logged in
4. from where they have logged in (in the case of remote)
OUTPUT:
# who
root console Jul 29 13:57 (:0)
root pts/3 Jul 29 15:05 (:0.0)
che pts/4 Jul 29 16:37 (192.168.0.157)
# whodo
will listout out the information about
1. who are logged and what are they doing
2. what process they are doing
3. the process id of the process
OUTPUT:
# whodo
Wed Jul 29 16:41:11 IST 2009
sunfire103
# logins -p
will display who are the user's who don't have password.
OUTPUT:
# logins -p
che 2004 other 1
new 2013 other 1
old 2014 other 1
# rusers
will list out who are the remote users logged to the syste
# rusers -l <ip_name_of_the_system>
#rusers -l 192.168.0.252
# vmstat
will display the virtual memory status
# pagesize
will display the page size of the system
OUTPUT:
# pagesize
4096
Note:
In case of x86 systems page size = 4096
In case of sparc systems page size = 8192
# last
will display the informations of the system reboot and boot time
It'll read the entry from the file /var/wtmp
will also provide the information about who is currently logged in to the system
Output truncated:
# last
che pts/4 192.168.0.157 Wed Jul 29 16:37 still logged in
che pts/4 192.168.0.157 Wed Jul 29 16:34 - 16:35 (00:00)
root pts/4 :0.0 Wed Jul 29 15:31 - 15:36 (00:05)
root pts/3 :0.0 Wed Jul 29 15:05 still logged in
root pts/4 :0.0 Wed Jul 29 15:03 - 15:04 (00:00)
root pts/3 :0.0 Wed Jul 29 15:01 - 15:05 (00:04)
root pts/3 :0.0 Wed Jul 29 14:59 - 15:00 (00:01)
root pts/3 :0.0 Wed Jul 29 14:52 - 14:55 (00:03)
root pts/3 :0.0 Wed Jul 29 13:59 - 14:46 (00:46)
root console :0 Wed Jul 29 13:57 still logged in
reboot system boot Wed Jul 29 13:56
reboot system down Wed Jul 29 13:54
root pts/4 :0.0 Wed Jul 29 12:34 - 13:54 (01:19)
che pts/6 solaris Wed Jul 29 12:21 - 13:54 (01:33)
root pts/5 :0.0 Wed Jul 29 12:03 - 12:23 (00:19)
# last -n 5 reboot
will display last 5 times reboot
OUTPUT:
# last -n 5 reboot
reboot system boot Wed Jul 29 13:56
reboot system down Wed Jul 29 13:54
reboot system boot Wed Jul 29 10:02
reboot system down Tue Jul 28 20:02
reboot system boot Tue Jul 28 18:10
# uptime
will display
1. the status of how many hours the system is in running state
2. how many users are logged to the system
3. cpu load average
OUTPUT:
# uptime
4:53pm up 2:56, 3 users, load average: 0.07, 0.08, 0.06
# /usr/ucb/whoami
will dispaly the effective user, who is currently working
# who am i
will display the real user, who directly login to the system
OUTPUT:
# /usr/ucb/whoami
root
bash-3.00# su - che
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ /usr/ucb/whoami
che
-bash-3.00$ who am i
root pts/3 Jul 30 11:35 (:0.0)
-bash-3.00$
Here,
che is the user logged in thorugh "su".
He is the effective user
where as root is the real user, who direclty logged to the system.
# su <user_name>
# su che
will permit the user's to switch as another user, but cannot take the ownership of the
switch user's home directory.
Note:
1. When root user is trying to switch as any user's system will not prompt for any password.
2. If any non-root user is trying to switch as any other user then the system will prompt for the
password
Output:
# su che
bash-3.00$ pwd
/
bash-3.00$ touch one two three
touch: two cannot create
touch: three cannot create
# su - <user_name>
# su - che
will switch user along with the home directory
Output:
# su - che
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ pwd
/export/home/che
Output truncated:
/var/adm/loginlog:
1. This file will not be available by default
2. Has to be created mannualy
3. Has to be owned by "sys' group
4. This file logs/records the 5 consecutive failure logins of any user
5. Permission of the file is 600
# touch /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# chgrp sys /var/adm/loginlog
Output truncated:
# cat /var/adm/loginlog
scbose:/dev/pts/11:Wed Jul 29 00:08:56 2009
scbose:/dev/pts/11:Wed Jul 29 00:09:05 2009
scbose:/dev/pts/11:Wed Jul 29 00:09:14 2009
scbose:/dev/pts/11:Wed Jul 29 00:09:23 2009
mpandey:/dev/pts/11:Wed Jul 29 00:10:12 2009
mpandey:/dev/pts/11:Wed Jul 29 00:10:29 2009
mpandey:/dev/pts/11:Wed Jul 29 00:10:40 2009
mpandey:/dev/pts/11:Wed Jul 29 00:10:51 2009
mpandey:/dev/pts/11:Wed Jul 29 00:10:59 2009
hari:/dev/pts/4:Wed Jul 29 10:55:36 2009
hari:/dev/pts/4:Wed Jul 29 10:55:49 2009
hari:/dev/pts/4:Wed Jul 29 10:56:01 2009
# /usr/dt/bin/sdtprocess &
1. will invoke a pop-up menu
2. & - to indiacate the shell can be used to do another task
Note:
This command can be used only in the graphical environment.
# prstat
will provide/update the following informations
1. process id of every process
2. Owner of the process
3. Cpu utilization to the process
4. Memory utilization to the process
5. What process is running by every user
6. When the process was stated
Output trucnated:
# prstat
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
509 root 38M 40M sleep 42 0 0:02:09 4.4% Xorg/1
790 root 53M 16M sleep 49 0 0:00:01 0.1% gnome-terminal/2
780 root 47M 9880K sleep 59 0 0:00:04 0.1% mixer_applet2/1
796 root 64M 27M sleep 59 0 0:00:07 0.1% gedit/1
712 root 12M 9904K sleep 59 0 0:00:02 0.0% gconfd-2/1
776 root 48M 11M sleep 59 0 0:00:01 0.0% clock-applet/1
761 root 54M 17M sleep 59 0 0:00:01 0.0% gnome-panel/1
# prstat -U <user_name>
# prstat -U che
will display only the process running by the user che
OUTPUT:
# prstat -U che
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
986 che 2456K 1636K sleep 49 0 0:00:00 0.0% bash/1
# prstat -t
will display the summary of the process
OUTPUT:
# prstat -t
NPROC USERNAME SIZE RSS MEMORY TIME CPU
65 root 945M 348M 17% 0:02:53 8.0%
1 noaccess 175M 92M 4.5% 0:00:12 0.0%
1 che 2456K 1636K 0.1% 0:00:00 0.0%
1 lp 2644K 1076K 0.0% 0:00:00 0.0%
1 smmsp 6644K 1432K 0.1% 0:00:00 0.0%
2 daemon 6216K 3080K 0.1% 0:00:00 0.0%
Note:
# netstat
is used to monitor the network status
1. List connections of all protocol & address to and from the machine.
Address families include:
a. INET - ipv4
b. INET6 - ipv6
c. UNIX - Unix domain Sockets (Solaris/BSD/Linux/HP-UX/IBM-AIX/etc)
Protocols include:
TCP, IP, ICMP (which controls ping, echo), IGMP, RAWIP, UDP (DHCP, TFTP)
2. Lists routing table
3. Lists DHCP status for various interfaces
4. Lists net-to-media table. Network to MAC table
# netstat usage:
OUTPUT:
# netstat
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED
Where
1 => hostname of the sender
2 => port/protocol
3 => hostname of the receiver / remote
4 => port/protocol of remote
Note:
1. # cat /etc/services
Displays the well known port number and their corresponding services
2. Hostname is displayed while using the # netstat command can be possible only of the
/etc/hosts file is having the entry of the ip-address and corresponding hostname [resolve].
This file will be indirectly checked.
When issuing the # netstat command it will read the file /etc/nsswith.conf and this file redirect
to read the file /etc/hosts [provided the entry is made].
5.Sockets are NOT found for UDP connections since they are connection less.
6.No need to remember all the ports, just ‘grep’ from /etc/services.
Eg: # grep syslog /etc/services
# netstat –a
a.Shows the state of all packets
b.All routing table entries / all interfaces, both physical & logical
c.Returns ALL protocols for ALL address families [TCP/UDP/UNIX].
OUTPUT:
#netstat -a
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.route Idle
*.sunrpc Idle
*.* Unbound
*.32771 Idle
[Output truncated]
# netstat –n
a.Shows network addresses as numbers. Normally # netstat displays addresses as
symbols.
b.It disables name resolution of hosts and ports and hence displays the ip-address.
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
192.168.0.100.23 192.168.0.19.32961 49640 0 49640 0 ESTABLISHED
192.168.0.100.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED
127.0.0.1.32923 127.0.0.1.32879 49152 0 49152 0 ESTABLISHED
[Output truncated]
# netstat –i
a.Returns the state of the physical interfaces. Pay attention to
errors/collisions/queue whilst troubleshooting.
b.When combined with ‘-a’ options displays report on logical interfaces.
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 131536 0 131536 0 0 0
hme0 1500 accel1 accel1 186731 0 189733 0 0 0
NOTE:
mtu - Maximum Transmission Unit
In general the loopback address mtu will be high.
# netstat –m
a.Show the STREAMS memory
[How much TCP packets is working on the system]
streams allocation:
cumulative allocation
current maximum total failures
streams 300 336 2463 0
queues 742 756 5539 0
mblk 488 1778 192771 0
dblk 489 2009 1062735 0
linkblk 7 169 8 0
syncq 17 50 77 0
qband 2 127 2 0
# netstat –p
Returns net-to-media information
[MAC/layer-2 information] i.e., to arp table.
# netstat –P <protocol>
Returns active sockets for specified protocol
Note:
1.Protocols should be specified with small letters
2.The following protocols are only allowed ip|ipv6|icmp|icmpv6|tcp|udp|rawip|raw|igmp
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
accel1.telnet intel.32961 49640 0 49640 0 ESTABLISHED
accel1.32921 192.168.0.5.6000 500576 0 49640 0 ESTABLISHED
localhost.32923 localhost.32879 49152 0 49152 0 ESTABLISHED
[Output truncated]
# netstat –r
a.Returns routing table
b.Normally, only interface, host, network & default routes are displayed
c.Combined with ‘-a’ option, all routes will be displayed, including cache.
# netstat –D
Returns DNCP configuration [includes releases/renewal etc]
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
*.520 Idle
*.111 Idle
*.* Unbound
*.32771 Idle
*.* Unbound
[Output truncated]
# ps -ef
will list out what are the process running
Output truncated:
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 11:31:55 ? 0:51 sched
root 1 0 0 11:32:02 ? 0:00 /sbin/init
root 2 0 0 11:32:02 ? 0:00 pageout
root 3 0 0 11:32:02 ? 0:03 fsflush
daemon 191 1 0 11:32:10 ? 0:00 /usr/sbin/rpcbind
root 7 1 0 11:32:04 ? 0:01 /lib/svc/bin/svc.startd
root 9 1 0 11:32:04 ? 0:02 /lib/svc/bin/svc.configd
root 126 1 0 11:32:08 ? 0:00 /usr/lib/picl/picld
# kill <process_id>
# pkill <process_id>
# kill 3753
# pkill 3753
will kill the process specified
FTP IMPLEMENTATION:
Note:
By default root user is denied to use ftp.
# ftpcount
Shows current number of users in each ftp server class
-v Displays the user counts for ftp server classes defined in virtual host [ftpaccess]
-V Display program copyright and version information then terminate
OUTPUT:
# ftpcount
Service class realusers - 1 users (no maximum)
Service class guestusers - 0 users (no maximum)
Service class anonusers - 0 users (no maximum)
# ftpwho
Shows current process information for each ftp server user
1. It’ll display which user is logged in along with the process id
2. Status of the user will be displayed
3. Will also display the password given by the anonymous user
OUTPUT:
# ftpwho
Service class realusers:
bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd:
192.168.0.157: bhagat: IDLE
- 1 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)
Here,
a real user named - bhagat is logged through ftp
Note:
Login time via ftp is defined in the file /etc/ftpd/ftpaccess
Time out in seconds.
# ftpconfig
Setup anonymous ftp
Note:
1. If the /var/ftp dir does’nt exist, this above command will create and update the dir for
anonymouns ftp.
2. This can also be achieved by using GUI web browser to check the anonymous login using ftp.
# mkdir /var/ftp
# ftpconfig -d /var/ftp
# ftpconfig /var/ftp
# cd /var/ftp
# ls –l
or
# ftpconfig /var/pub
ftp://192.168.0.100
3- default classes:
1. Real users:
a. Can login using shell [ssh/telnet]
b. Can browse the entire directory
2. Guest users:
a. Are temporary users
3. Anonymous user:
a. General public for download capability
Note:
Guest users are similar to real users, except guest users are jailed/chrooted.
# mkdir /ftp_anonymous
bash-3.00# ftpconfig -d /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# ls /ftp_anonymous/
bin dev etc lib pub usr
bash-3.00# ftpconfig /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# svcs -a |grep ftp
disabled 14:40:42 svc:/network/ftp:default
bash-3.00# svcadm enable ftp
bash-3.00# svcs -a |grep ftp
online 15:24:31 svc:/network/ftp:default
bash-3.00# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1:
anonymous/anonymous"gmail.com: IDLE
1 users (no maximum)
# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)
FTP CLIENT
# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'anonymous"gmail.com' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe@fire1.network
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
dev
etc
lib
pub
usr
226 Transfer complete.
30 bytes received in 5.8e-05 seconds (508.94 Kbytes/s)
ftp> cd pub
# ftp 192.168.0100
PROCESS SHCEDULING
OUTPUT:
# at 13:10
at> mkdir -p /mnt/pen/root/test
at> <EOT>
commands will be executed using /usr/bin/bash
job 1249026000.a at Fri Jul 31 13:10:00 2009
# atrm <jobid>.a
# atrm 1249026000.a
# at -r 1249026000.a
to remove the scheduled tasks.
# atq
will provide the info abt the scheduled task along with their id.
OUTPUT:
# atq
Rank Execution Date Owner Job Queue Job Name
1st Jul 31, 2009 13:10 root 1249026000.a a stdin
# at -l
will provide the info abt the job id and the user who scheduled the process
OUTPUT:
# at -l
user = root 1249026000.a Fri Jul 31 13:10:00 2009
/var/spool/cron/atjobs
Is the directory which holds the information about the scheduled tasks and it's id
# ls /var/spool/cron/atjobs
will listout the jobs in schedule.
OUTPUT:
# ls /var/spool/cron/atjobs/
1249026000.a
It's possible to read the what are the tasks shceduled by using cat command:
Output truncated: ( At the end of the file we can see the tasks scheduled)
# cat /var/spool/cron/atjobs/1249026000.a
cd /
umask 22
mkdir -p /mnt/pen/root/test
/etc/cron.d/at.deny
this file will have the login name of the users who are denied to use the at command.
Here default system user's are listed.
OUTPUT:
# cat /etc/cron.d/at.deny
daemon
bin
nuucp
listen
nobody
noaccess
/etc/cron.d/at.allow
this file will not be present by default.
this file has to be created mannualy
this file holds the login name of the users who are having the permission to access the at
command.
Note:
1. In general system will check for the /etc/cron.d/at.allow file first and then moves to the file
/etc/cron.d/at.deny.
2. If a user is given entry to both the files, then he is permitted to use the commands (in both
at,crontab)
/var/cron/log
this file logs the at command shceduling
OUTPUT:
# cat /etc/cron.d/cron.deny
daemon
bin
nuucp
listen
nobody
noaccess
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 97 of 145
Note:
The function of the files remains same at at.allow and at.deny
NOTE:
0 = sunday
1 = monday
respectively
6. command field => what command has to be executed
# crontab -l
will list out what are the tasks scheduled in the system
# crontab -l <user_name>
# crontab -l che
will list out what are the tasks scheduled only by the user che.
# crontab -e
to edit or to add the schedules to the crond.
Note:
By default the Telnet service to the root is dened, and rest users are permitted to login through
telnet.
# vi /etc/default/login
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/console
1. By default
the file entry will be
CONSOLE=/dev/console
And this entry denies the root access through telnet.
This entry will allow the root user to access through telent
This entry will restrict root user to login to the local system.
OUTPUT:
OUTPUT:
To enable telnet:
# svcadm enable telnet
or
# svcadm enable network/telnet
OUTPUT:
# cat /etc/default/login
# cat /etc/default/login
# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
TIMEOUT=300
While login throug telnet, the login prompt will be displayed to 300 sec.
It can be decreased.
# vi /etc/default/telnetd
Can edit the message, this will be displayed at the time of telnet login.
PRINTER CONFIGURATION
# printmgr &
=> This above command opens a menu
=> Printer configuration can be menu driven
NOTE:
1. Before configuring the printer make sure about the compatablity with the sun microsystems.
2. Check the make and the type
3. The port to which the printer is connected physically.
# lp <file_name>
eg: # lp check_printer
will the print the file named "check_printer" to the default printer
# lpstat -d
displays which is activated as the default printer if we have configured more than one printer
# lpstat -p
displays status of all the printers that are configured to the system
# lpadmin -d <printer_name>
eg: # lpadmin -d hp
will activate "hp" as the default printer if we had configured more than one printer.
# reject <printer_name>
eg: # reject hp
this command will reject the requests to the printer named "hp"
ie.. hp printer will not accept the requests from any user including the root.
Note:
In the above case, printer is physically connected, activated but the request will not be fulfilled or
not accepted.
OUTPUT:
# reject 5stars_bkp
destination "5stars_bkp" will no longer accept requests
# lp -d 5stars_bkp /etc/shadow
5stars_bkp: requests are not being accepted
# accept 5stars_bkp
destination "5stars_bkp" now accepting requests
# lp -d 5stars_bkp /etc/shadow
request id is 5stars_bkp-12 (1 file(s))
# lpstat -d
system default destination: 5stars
# lpstat -p
printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available.
printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available.
# lpadmin -d 5stars_bkp
# lpstat -p
printer 5stars is idle. enabled since Fri Jul 31 16:34:22 2009. available.
printer 5stars_bkp is idle. enabled since Fri Jul 31 16:39:54 2009. available.
# lpstat -d
system default destination: 5stars_bkp
# accept <printer_name>
eg: # accept hp
this command will start sending the request to the printer named "hp"
In other words printer starts printing the desired output.
# disable <printer_name>
eg: # disable hp
this command will disable the printer. In other words printer is not activated.
# enable <printer_name>
eg: # enable hp
will activate/enable the printer specified.
/var/lp/logs/requests -> provides the information on the print logs which inclues
1. which user given the print request
2. date & time of the request
3. size of the file
4. user id, group id
5. file name
6. location of the file
# lpq
provide the information about the request in the queue.
OUTPUT:
OUTPUT:
# cat /etc/dumpdates
/dev/rdsk/c1d0s3 0 Mon Aug 3 12:32:52 2009
/dev/rdsk/c1d0s3 1 Mon Aug 3 12:41:49 2009
/dev/rdsk/c1d0s4 0 Tue Aug 4 23:08:33 2009
Now lets mount the slice4 once again at the same mount point.
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 104 of 145
Do some updates to the created file and create some new file or directory at the mount point.
Since we are going to discuss on incremental backup, specify the level of the backup whilst
backuping.
# ufsdump 0S /dev/dsk/c1d0s4
will display how much of space is required to take a complete backup.
OUTPUT:
# ufsdump 0S /dev/dsk/c1d0s4
8478720
# ufsdump 1S /dev/dsk/c1d0s4
will display how much of sapce is required for incremental level(1) backup.
Note:
1. Backup media need not to be have the file system.
2. Only after resotring the COMPLETE backup, incremental backup can be done.
3. However selected files and directories can also be restored.
4. After restoring a file named "restoresysmtable" will be created at the restored point.
It is not readale and not recommended to delete this file. This file will be used while restoring the
incremental backup.
5. Restore can be done at any point.
# ufsrestore rf <backuped_device>
# ufsrestore rf /dev/rdsk/c1d0s6
where
r = specifies recurssively. will restore all the files and directories
that is backed up to the media /dev/rdsk/c1d0s6
f = specifies the device
Can be possible to know what are the files and directories are backed up and can be listed out.
Is possible to restore the selected files.
ufsrestore>
ufsrestore>ls
will list out what are the files and directories that are backed up the media (/dev/rdsk/c1d0s6)
OUTPUT:
Note:
This virtual device (/dev/fssnap/0) can be mounted as READ ONLY.
Hence the virtual device can be mounted as read only
# mount -o ro /dev/dsk/fssnap/0 /mnt/virtual
# fssanp -i
will display the informations about the snap devices available in the system and their
corresponding source.
OUTPUT:
# fssnap -i
0 /backing_store
# fssnap -i /dev/fssnap/0
0 /backing_store
will provide the information about which mount point is backed up
# fssnap -d <snap_device>
# fssnap -d /dev/fssnap/0
To delete the specified snap device.
Note:
Restoring the data is as similar to normal offline backup.
NOTE:
1. Enter into the system maintenance mode
2. Then check the destination size of the tape/disk
3. Proceed with the backup.
# cd /
# newfs /dev/rdsk/c1d0s0
# mount /dev/dsk/c1d0s0 /a
# cd /a
# ufsrestore rvf /dev/rdsk/c1d0s6
# rm restoresysmtable
# cd /usr/platform/`uname -m`/lib/fs/ufs
# installboot bootblk /dev/rdsk/c1t1d0s0 -> SPARC
# installgrub -fm /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c1d0s0
-> X86/X64 arch
where
-f => suppresses interaction when overwriting the master boot record
-m => installs GRUB stage1 on the master boot sector interactively
# cd /
# umount /a
# init 6
# dladm show-dev
will also display the instance name and status of the interface
OUTPUT:
# dladm show-dev
nge0 link: up speed: 100 Mbps duplex: full
nge1 link: unknown speed: 0 Mbps duplex: unknown
bge0 link: unknown speed: 0 Mbps duplex: unknown
bge1 link: unknown speed: 0 Mbps duplex: unknown
Note:
nge - Nvidia Gigabit ethernet
bge - Boradcam Gigabit ethernet
rtls - Real Tek ethernet
hme - happy meal ethernet
qfe - quad fast ethernet
OK banner
# ifconfig -a
# ifconfig -a
will provide the following
a. ipaddress of the machine
b. mac address of the machine
c. status flag of the interface
d. instance name of the interface
e. broadcast id
OUTPUT:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
nge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.0.120 netmask ffffff00 broadcast 192.168.0.255
ether 0:1b:24:5b:d8:d6
bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.0.145 netmask ff000000 broadcast 192.255.255.255
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 109 of 145
ether 0:1b:24:5b:d8:d5
OUTPUT:
OUTPUT:
OUTPUT:
OUTPUT:
# ifconfig bge1 up
# ifconfig -a
OUTPUT:
# ifconfig bge1
bge1: flags=1000803<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 4
inet 192.168.0.100 netmask ffffff00 broadcast 192.168.0.255
ether 0:1b:24:5b:d8:d5
Note:
# ifconfig
1. is used to assign and view the ipaddress of the system
2. Ip address assigned using ifconfig command will persists only for the current session.
Once if the system is restarted, the ip address assinged to the interface will be vanished.
For eg:
# cat > /etc/hostname.nge0
192.168.0.120
WTD:
1. Plumb the interface
2. Asssign the ip to the interface
3. Create a file /etc/hostname.XXn and add entry to the file
HTD:
1. # ifconfig nge0:1 plumb
2. # ifconfig nge0:1 192.168.0.170 up
3. # cat > /etc/hostname.nge0:1
192.168.0.170
Ctrl+d => to save
OUTPUT:
OUTPUT:
/etc/hosts
/etc/inet/hosts
1. Both the files are linked.
2. Both the files have the same entries
3. File is used to resolve the ip with the name locally in the network
Note:
It's not necessay that all /etc/hosts file in the network should be mapped correctly.
OUTPUT:
# cat /etc/hosts
# cat /etc/inet/hosts
/etc/nodename
This file will have the nodename.
This file will be reffered at the time of every boot/reboot and accordingly the hostname will be
taken.
# hostname <new_name>
For eg:
# hostname aita
will change the host name only for the current session, once the system is rebooted, the
hostname will not exit.
accel
/etc/services
/etc/inet/services
Output truncated:
# cat /etc/services
# cat /etc/inet/services
If the current /etc/vfstab file contains NFS mount entries, saves the
/etc/vfstab file to /etc/vfstab.orig.
Removes the default hostname in /etc/hostname. interface files for all interfaces
configured when this command is run. To determine which interfaces are configured,
run the command 'ifconfig-a'. The /etc/hostname.interface files
corresponding to all of the interfaces listed in the resulting output, with the
exception of the loopback interface (lo0), will removed.
Disables the Network Information Service (NIS) and Network Information Service
Plus (NIS+) if either NIS or NIS+ was configured.
# snoop
is used to monitor the network between particular machine, on a specified interface
Generally this snoop command without any options will monitor to all the interface of the system
Output truncated:
# snoop
fire1 -> accel TELNET C port=32890
accel -> fire1 TELNET R port=32890 basic_commands
fire1 -> accel TELNET C port=32890
solaris-remote -> (broadcast) ARP C Who is 192.168.0.1, 192.168.0.1 ?
solaris-remote -> (broadcast) ARP C Who is 192.168.0.1, 192.168.0.1 ?
solaris-remote -> virtual1 TELNET C port=32869 l
virtual1 -> solaris-remote TELNET R port=32869 l
solaris-remote -> virtual1 TELNET C port=32869
solaris-remote -> virtual1 TELNET C port=32869 s
virtual1 -> solaris-remote TELNET R port=32869 s
solaris-remote -> virtual1 TELNET C port=32869
solaris-remote -> virtual1 TELNET C port=32869
virtual1 -> solaris-remote TELNET R port=32869
virtual1 -> solaris-remote TELNET R port=32869 Desktop day
# snoop -d <interface>
will monitor only to the specified interface
For eg:
# snoop -d nge0
Output truncated:
# snoop -d nge0
Using device /dev/nge0 (promiscuous mode)
fire1 -> accel TELNET C port=32890
accel -> fire1 TELNET R port=32890 ^C
fire1 -> accel TELNET C port=32890
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 115 of 145
# snoop -D -d nge0
where
-D = used to monitor the dropped packet information
-d = used to monitor for the specified interface
Output tuncated:
#snoop -D -d nge0
# snoop -S -d nge0
-S = to monitor the size of the packets
Output truncated:
# snoop -a
To gather the audio
Output truncated:
# snoop accel fire1
Using device /dev/nge0 (promiscuous mode)
fire1 -> accel TELNET C port=32891 s
accel -> fire1 TELNET R port=32891 s
fire1 -> accel TELNET C port=32891
fire1 -> accel TELNET C port=32891 i
accel -> fire1 TELNET R port=32891 i
fire1 -> accel TELNET C port=32891
fire1 -> accel TELNET C port=32891 c
accel -> fire1 TELNET R port=32891 c
fire1 -> accel TELNET C port=32891
fire1 -> accel TELNET C port=32891 _
accel -> fire1 TELNET R port=32891 _
fire1 -> accel TELNET C port=32891
fire1 -> accel TELNET C port=32891 c
accel -> fire1 TELNET R port=32891 c
fire1 -> accel TELNET C port=32891
fire1 -> accel TELNET C port=32891 o
accel -> fire1 TELNET R port=32891 o
# snoop -V
Displays the information in verbose summary mode
Output truncated:
# snoop -V -d nge0
Using device /dev/nge0 (promiscuous mode)
________________________________
fire1 -> accel ETHER Type=0800 (IP), size = 60 bytes
fire1 -> accel IP D=192.168.0.120 S=192.168.0.150 LEN=43,
ID=4610, TOS=0x0, TTL=64
fire1 -> accel TCP D=23 S=32891 Push Ack=2427569954 Seq=1197333170
Len=3 Win=49640
fire1 -> accel TELNET C port=32891 \33[A
________________________________
accel -> fire1 ETHER Type=0800 (IP), size = 85 bytes
accel -> fire1 IP D=192.168.0.150 S=192.168.0.120 LEN=71,
ID=20202, TOS=0x0, TTL=60
accel -> fire1 TCP D=32891 S=23 Push Ack=1197333173 Seq=2427569954
Len=31 Win=49639
accel -> fire1 TELNET R port=32891 cat basic_commands__
# snoop -v
Displays the detailed information
Output truncated:
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 117 of 145
OUTPUT:
# snoop -i /Desktop/snoot_test
Used to read the entries of the file
Note:
Format of the file is different, hence we used # snoop -i to read the entries of the file.
OUTPUT:
# file /Desktop/snoop_test
/Desktop/snoop_test: Snoop capture file - version 2
Swap configuration
Swap is a virtual space added from hard disk drive to the physical memory to increse
the system performance.
# swap -s
Will display the summary of the swap space totally allocated, used and free.
OUTPUT:
# swap -s
total: 263440k bytes allocated + 42452k reserved = 305892k used, 23162412k
available
# swap -l
will display the information about the swap files, slices along the size in blocks.
OUTPUT:
# swap -l
swapfile dev swaplo blocks free
/dev/dsk/c1d0s1 102,1 8 42700760 42700760
/swap_file - 8 1023992 1023992
Note:
Whenever a file is created with defined size using #mkfile command, the file will be with
Sticky bit permission by default.
Eg:
# mkfile 200m /swap_file1
Will create a new file named 'swap_file' with size 200mb.
OUTPUT:
To check:Output:
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 119 of 145
# swap -l
/dev/dsk/c1d0s1 102,1 8 42700760 42700760
/swap_file - 8 1023992 1023992
/swap_file1 - 8 409592 409592
To delete:
# swap -d <file_name>
Will remove the file from the swap memory
Eg:
# swap -d /swap_file1
To check: Output:
# swap -d /swap_file1
# swap -l
swapfile dev swaplo blocks free
/dev/dsk/c1d0s1 102,1 8 42700760 42700760
/swap_file - 8 1023992 1023992
For eg:
# swap -a /dev/dsk/c1d0s5
Eg:
# cat /etc/vfstab
# pagesize
will display the pagesize
NOTE:
By default X86 = 4096
Sparc = 8192
OUTPUT:
# pagesize
4096
# smc &
will open a Graphical tool to do adiministration task
The following tasks can be performed through smc.
Storage
Disks, Mounts and Shares, and Enhanced Storage Tools
System Status
Processes, Log viewer, System Information, and Performance
System configuration
Users, Projects, Computer and Networks, and Patches
Services
Scheduled Jobs
CRASH DUMP:
OS generates a crash dump by writing some of the contents of the Physcial memory to a pre-
determined dump device, which must be a local disk slice.
/var/crash/`uname -n`/vmcore.x
where
x = integer indentifying the dump
/var/crash/`uname -n`/unix.x
NOTE:
Within the crash dump directory a file named bounds is created. The bounds file holds a number
that is used as a suffix for the next dump to be saved.
# dumpadm
This command reads the file /etc/dumpadm.conf and the output will be displayed accordingly.
OUTPUT:
# dumpadm -d /dev/dsk/c0d1s5
Will change the default (/dev/dsk/c0d1s1) dumpdevice to /dev/dsk/c0d1s5
OUTPUT:
OUTPUT:
# dumpadm -n
will disable the save core.
Dump content: kernel pages
Dump device: /dev/dsk/c0d1s5 (dedicated)
Savecore directory: /var/crash/server
Savecore enabled: no
OUTPUT:
# dumpadm -y
will enable the save core.
Dump content: kernel pages
Dump device: /dev/dsk/c0d1s5 (dedicated)
Savecore directory: /var/crash/server
Savecore enabled: yes
NOTE:
1. save core is by default enabled.
Only if the save core is enabled dumpadm will dump the contents to the device specified.
2. # dumpadm
command updates the file /etc/dumpadm.conf
and hence the configuration remains permanent.
# dumpadm -s /var/crash/Unix
This command change the save core directory.
OUTPUT:
# dumpadm -c all
This will ask the system to dump all the pages from the physical memory.
The default dump contents is kernel pages.
OUTPUT:
Coreadm:
NOTE:
If the directory defined in the global core file does not exist, it has to be created manually.
# coreadm
reads the entries of the file /etc/coreadm.conf and the configuration is displayed.
coreadm pattterns:
%m = machine name
%n = system known name
%p = process-id
%t = decimal value
%u = effective user
%z = which process executes
%g = effictive group id
%f = execuitable file name
-d = disable
-e = enable
MISC:
1. Troubleshooting informations will be available at
# cat /lib/svc/share/README
# cat /var/sadm/softinfo/INST_RELEASE
OS=Solaris
VERSION=10
REV=0
eg:
# route add default 192.168.0.150
# netstat -r
OUTPUT:
OUTPUT:
# netstat -rn
G - Route is to a gateway.
# touch /etc/hostname.nge0
# touch /etc/notrouter
# cp /dev/null /etc/defaultrounter
# cp /etc/nsswitch.dns /etc/nsswitch.conf
# cp /dev/null /etc/resolv.conf
# ifconfig -a
# vi /etc/resolv.conf
nameserver 192.163.0.1
# svcadm restart physical
# svcadm restart network
or
# touch /etc/dhcp.nge0
# touch /etc/hostname.nge0
# ifconfig nge0 dhcp drop
# ifconfig nge0 dhcp start
# ifconfig nge0 dhcp status
# ifconfig nge0 dhcp release
OUTPUT:
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 on-line since 08/18/2009 12:43:54
eg:
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 126 of 145
# psradm -f 1
OUTPUT:
bash-3.00# psradm -f 1
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 off-line since 08/18/2009 16:19:39
Eg:
# psradm -n 1
OUTPUT:
bash-3.00# psradm -n 1
bash-3.00# psrinfo
0 on-line since 08/18/2009 12:43:45
1 on-line since 08/18/2009 16:21:50
Note:
A file "new" is created and ACL is assigned to the file
# getfacl new
# getfacl -a new
Will display the ACL & other permissions to specified file
Note:
Output of above commands remains same.
OUTPUT:
# file: new
# owner: root
# group: root
user::rwx
user:che:rwx #effective:rwx
group::rw- #effective:rw-
group:sun:rw- #effective:rw-
mask:rwx
other:r--
# file: new
# owner: root
# group: root
user::rwx
user:che:rwx #effective:rwx
group::rw- #effective:rw-
group:sun:rw- #effective:rw-
mask:rwx
other:r--
# getfacl -d new
will display only the owner/group of the file specified
OUTPUT:
# file: new
# owner: root
# group: root
Syntax:
# setfacl -s u::<perm>,g::<perm>,o:<perm>,m:<perm>,u:<name>:<perm>,g:name:<perm>
<name_of_file_dir>
where
u = user
g = group
o = other
m = ACL mask
Note:
u,g,o can be replaced with user, group,others respectively
m can be replaced with mask
Here
first
u,g refers the owner of the file and the group the file/dir belongs to.
for eg:
# setfacl -s u::rwx,g::rw-,o:r--,m:rwx,u:che:rwx,g:sun:rw- new
-s = to substitue
OUTPUT:
# file: new
# owner: root
# group: root
user::rwx
user:che:rwx #effective:rwx
group::rw- #effective:rw-
group:sun:rw- #effective:rw-
mask:rwx
other:r--
OUTPUT:
# file: new
# owner: root
# group: root
user::rwx
user:che:rwx #effective:rwx
user:castro:rwx #effective:rwx
group::rw- #effective:rw-
group:sun:rw- #effective:rw-
group:admin:rw- #effective:rw-
mask:rwx
other:r--
OUTPUT:
# file: old
# owner: root
# group: root
user::rwx
user:che:rwx #effective:rwx
user:castro:rwx #effective:rwx
group::rw- #effective:rw-
group:sun:rw- #effective:rw-
group:admin:rw- #effective:rw-
mask:rwx
other:r--
Advantages of NFS:
- allows multiple computers to use the same files, because all users on the network can access
the same data (based on the permission).
- reduces storage costs by sharing applications on computers instead of allocating local disk
space for each user
- provides data reliability & consistency
- reduces system administration
Note:
1. In Solaris-10 NFS version 4 is used by default.
2. Version related checks are applied whenever a clinet host attempts to access a server's file
share.
3. NFSv4 provides firewall support since it uses a well known port -2049
1. /etc/dfs/dfstab
- list the locally pemanently shared resources at boot time
- editable file by the root user
2. /etc/dfs/sharetab
- Not recommended to edit
- File will be updated through "share" , "shareall" , "unshare", "unshareall"
commands
- lists the locally and currently shared resources in the system
3. /etc/dfs/fstypes
- lists the default file system types for remote file systems.
Output:
Here,
nfs - used to share the resources across the network
autofs - used to mount the shared resource at client side on demand
cachefs - used to sync the updations performed to the shared resouce.
(This is responsible for maintaining the reliability & consistencty)
4. /etc/rmtab
- lists file systems remotely mounted by NFS clients.
- do not edit this file
Output:
5. /etc/nfs/nfslog.conf
- lists information defining the location of configuration logs used for NFS server
logging
Output:
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 132 of 145
global defaultdir=/var/nfs \
log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
6. /etc/default/nfslogd
- list configuration information describing the behaviour of the nfslogd daemon
for NFS v2 and v3.
Output:
# Number of seconds the daemon should sleep waiting for more work.
#
# IDLE_TIME=300
# Use UMASK for the creation of logs and file handle mapping tables.
#
# UMASK=0137
7. /etc/default/nfs
- contains parameter values for NFS protocols & NFS daemons.
#NFSD_MAX_CONNECTIONS=
NFSD_LISTEN_BACKLOG=32
#NFS_CLIENT_VERSMIN=2
8. /etc/nfssec.conf
- to enable the necessary security mode.
- can be performed through # nfssec
Output:
Note:
1. If the svc:/network/nfs/server service does not find any 'share' commands in the
/etc/dfs/dfstab tile, it does not start the NFS server daemons.
2. The features provided by mountd daemon and lockd daemons are integrated into NFS v4
protocol.
3. In NFSv2 and NFSv3, the mount protocol is implemented by the seperated mountd daemon
which did not use an assigned, well-knwon port number, which is very hard to use NFS through
firewall.
4. nfsd and mountd daemons are started if there is an entry (uncommented) share statement in
the system's /etc/dfs/dfstab file.
5. Manually create /var/nfs/public directory before starting nfs server logging. (Pls do ref the file
/etc/nfs/nfslog.conf)
4.b. /etc/rmtab
- contains a table of file systems remotely mounted by NFS clients
- after a client successfully completes a NFS mount request, the mountd
daemon on the server makes an
entry in the /etc/rmtab file
- file also contains a line entry fo each remotely mounted directory that has been
successfully unmounted, except that the mounted daemon replacces the first
character in the entry with (#) character.
Output:
Solaris-10:
To start/enable:
To stop/disable
4. nfsmapid
5. nfslogd
1. statd - works with the lockd daemon to provide crash recovery functions for the lock
Manager
Note: mountd and lockd daemon runs on both server and client.
1. mountd:
- NOT available in NFSv4
- available in NFSv2 and NFSv3
- mountd daemon is integrated with NFSv4 protocol by default
- handles file system mount requests from remote systeds and provides access
control
- started by: svc:/network/nfs/server service.
Steps involved:
1. mountd daemon checks the /etc/dfs/sharetab file to determine whether a particular file or
directory is shared and whether the requesting client has perission to access the shared
resources.
2. when NFS client issues an NFS mount request, the mount command of the client contact the
mountd daemon on the server. The mountd daemon provides service.
2. nfsd daemon:
- handles client file system requests
- started by: svc:/network/nfs/server
- only root user can start the nfsd daemon
- when a client process attempts to access a remote file resource, the nfsd
daemon on NFS server receives the request and then performs the requested
operation.
3. statd daemon:
- works with the lockd daemon to provide crash recovery functions for the lock
manager
- server's statd daemon tracks the cients that are holding locks on an NFS
server. When the NFS server reboots after a crash, the statd daemon on the server
contacts the statd daemon on client, which informs lockd daemon to reclaim any locks
on the server.
- not used in NFSv4
- started by: svc:/network/nfs/status service
4. lockd daemon:
- intergrated with NFSv4
- supports record locking operations on NFS files
- started bu: svc:/network/nfs/lockmgr
5. nfslogd daemon:
- provides operational logging for NFSv2 and NFSv3
- NFS logging is enabled, when the share is made available
- for all file systems for which logging is enable, the NFS kernel module records
all operations in a buffer file
- operations are performed based on the config file /etc/default/nfslogd
- started by: svc:/network/nfs/server service
6. nfsmapid:
- implemented in NFSv4
- maps owner and group indentification that both the NFSv4 client & server user
- started by: svc:/network/nfs/mapid
- no interface to the daemon, but the parameters can be assinged to the file
/etc/default/nfs
Commands:
# share
- makes a local directory on an NFS server available for mounting
- also displays the contents of the file /etc/dfs/sharetab
syn:
# share
displays the shared contents in the local system
Output:
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
For eg:
# share -F nfs /data_share
Output:
Options-1:
# share -F nfs -d "Comment-description" /data_share
here
-F = specifies the file system
-d = description or comment about the shared directory
Output:
Options-2:
# share -F nfs -d "comment" -o rw=solaris,ro=fire2 /data_share
here
-o = specifies the option
ro = read only to the listed clients
rw = read write to the listed clients
Note:
Clients name or ip can be given, seperated by , (commas) or by : (semi-colon)
Output:
Option-3:
Output:
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
- /data_share root=solaris,rw=fire2,ro=192.168.0.14 "comment"
here
root=<client_name_or_ip>
root=solaris
- informs the client that the root user on the specified client system or systems can
perform super-user
priviledge requests on the shared resource
Option-4:
Output:
Option-5:
# share -F nfs -d "comment" -o ro=aita.com /data_share
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 139 of 145
Output:
2. # unshare
- makes a previously available directory unavilable for client side mount
operations
# unshare /data_share
Output:
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
- /data_share rw "Comment-description"
bash-3.00# unshare /data_share/
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
3. # shareall
- reads & executes shared statements from the file /etc/dfs/dfstab
NOTE: All the above discussed share options can be edited to the file /etc/dfs/dfstab and the
syntax remains same.
Output:
bash-3.00# shareall
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
4. # unshareall
- makes previously shared resoures unavailable
Output:
bash-3.00# share
- /export/home rw ""
- /share rw ""
- /nfs/share_test ro ""
- /source/open rw=natra,ro=solaris "test"
- /unix_share rw=natra,ro=192.168.0.0/32 ""
- /data_share rw "Comment-description"
bash-3.00# unshareall
bash-3.00# share
bash-3.00#
5. # dfshares
- lists available shared resources from the remote/local NFS server
# dfshares 192.168.0.252
Output:
# dfmounts
- displays a list of NFS server directories that are currently mounted at the
clients
- reads the entry from the file /etc/rmtab
At client side:
Autofs
Autofs
- It's a clinet side sevice to make the shared resource available at the client side
- On demand.
- Autofs file is initialized by
/lib/svc/automount script
NOTE:
automountd deamon is completely independent from the automount command. Because of this
seperation, we can add/modify/delete map information without having to stop and start the
automountd daemon process.
Autofs types:
1. Master map
2. Direct map
3. Indirect map
4. Special map
Master map:
1. Lists the other maps used for establishing the autofs file system.
2. The automount command reads this map at boot time.
/etc/auto_master is the configuration file which have the list of direct & indirectly automounted
resources.
Direct map:
Lists the mount points as ABSOLUTE PATH names. This map explicitly indicates the mount point
on the client.
/- mount point is a pointer that informs the automount facility that full path names are defined
in the file specified by MAP_NAME (for eg: here its /etc/direct_map).
NOTE:
1. /- is NOT an entry in the default master map file (/etc/auto_master)
2. The automount facility by default automatically searched for all map related file in /etc
directory.
Note-1:
Here
1. "direct" is the file name that has to be resided under /etc/ dir.
It's mandatory.
This file will have the absolute path of the shared resource & mount point at the
client.
2. This file has to be manually created.
3. The name of the file can be anything.
Output:
Note-2:
Here
1. "/direct" is the file name that is residing under / directory.
If the direct maping file is NOT residing under /etc dir, the full path of the file
has tobe specified.
2. This file will have the absolute path of the shared resources & mount point at the
client.
3. Again the name of the file can be anything
Output:
/usr/share/man 192.168.0.150:/usr/share/man
Indirect map:
Are simplest and most useful autofs.
Lists the mount points are relative path names. This map uses a relative path to establish the
mount point on the client.
An indrect map uses a key substitute value to establish the association between a mount point
on the client and a directory on the server. Indirect map are useful for accessing specific
filesystems, such as home directories, from anywhere in the network.
Special map:
Provides access to NFS service by using their host names.
By default special maps are enabled.
/net directory is a good example for special map.
This directory has the list of the hosts connected in the network.
Once if we open the dir with the name of the host, this displays the shared resources of that
specified host.
It's similar to the network neighbourhood in windows.
Output:
bash-3.00# cd /net
bash-3.00# ls
fire1 localhost loghost natra solaris sunfire2
bash-3.00# cd fire1
bash-3.00# ls
usr
NOTE:
+ symbol at the beginning of the
+auto_master line in the /etc/auto_master file directs the automountd daemon to look at the
NIS, NIS+ or LDAP databases before it reads the rest of the map.
If this line is commented out, only the local files are searched
unless the /etc/nsswitch.conf files specifies that NIS, NIS+ or LDAP should be searched.
auto_home
This maps provide the mechanism to allow users to access their centrally localted $HOME
directories
-hosts map
Provides access to all resources shared by NFS servers. The server are mounted below the
/net/hostname directory, or if only the server's ip-address is known, bleow the /net/ipaddress
directory. The server does not have to be listed in the hosts database for this mechanism to work.
Sun Solaris 10 OS/Storage-SVM,VxVM/Cluster Manickam Kamalakkannan
Sun Solaris 10 Operating System Page 144 of 145
Output:
here
-v = provides the detailed information about the automounted resources.
Output:
bash-3.00# automount -v
automount: /usr/share/man mounted
automount: no unmounts