You are on page 1of 563

Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT


SYSTEM ADMINISTRATION – I & II

Training Material

Solaris Operating Environment System Administration I & II Page 1 of 563


Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT


SYSTEM ADMINISTRATION - 1

INDEX

Chap. Starting
Chapter Name
No Page No

ƒ Introducing the Solaris Operating System


1 4
ƒ Installing the Solaris Operating Environment on a Standalone System

ƒ Administration of Software Packages


2 19
ƒ Managing Software Patches

3 Systems Security 52

4 The Boot PROM 97

5 Adding Users 125

6 Device Configuration 150

7 Disks, Slices, and Format 170

8 The Solaris Operating Environment UFS File System 193

9 Mounting File System 208

10 Directory Hierarchy 232

11 Maintaining File Systems 248

12 Scheduling Process Control 263

13 System Boot Process 274

14 Backup and Recovery 300

Solaris Operating Environment System Administration I & II Page 2 of 563


Solaris SA 1 & 2 - Training Material

SOLARIS - OPERATING ENVIRONMENT


SYSTEM ADMINISTRATION - II

INDEX

Chap. Starting
Chapter Name
No Page No

15 Introducing Disk Management. 320

16 Introducing the Solaris Network Environment. 329

17 Solaris Operating Environment syslog. 350

18 Solaris Pseudo File Systems and Swap Space. 369

19 NFS. 392

20 AutoFS. 422

21 Cache FS. 438

22 Naming Services Overview. 454

23 NIS. 474

24 JumpStart™-Automatic Installation. 517

*****

Solaris Operating Environment System Administration I & II Page 3 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 1

INTRODUCING THE SOLARIS OPERATING SYSTEM


ENVIRONMENT SYSTEM ADMINISTRATION

Roles of the system Administrator


‰ The system administrator is responsible for the smooth operation of day-to-day,
activities on each system. The scope and variety of tasks that a Solaris Operating
Environment system administrator performs have been placed into the following two
course categories:

‰ The first category encompasses all the major skills and activities required to
administer a standalone system and are covered in this course: SA-238 Solaris
Operating Environment System Administration I

‰ The second category includes those skills and activities required to successfully
administer a basic client/server configuration and are covered in the course: SA-288
Solaris Operating Environment System Administration II

Solaris Operating Environment System Administration I & II Page 4 of 563


Solaris SA 1 & 2 - Training Material

System Administration Terms

The following list defines some common system administration terms

‰ Host – Another word for a computer system

‰ Host Name – A unique name given to a computer system by the system administrator
to distinguish from other hosts on the network. The command uname – displays the
assigned host name.

‰ Internet (IP) address - A number that represents the host address and the network
address, for example: 192.134.117.25. A host's IP address identifies where a host is on
the Internet, which allows network traffic to be directed to that host. This software
address is placed in the /etc/inet/hosts file.

‰ Ethernet address -A host's unique hardware address. A number displayed as 12


hexadecimal digits. For example, 08:00:20:1c:54:7e. This address is stored in the
NVRAM (nonvolatile random access memory) chip.

‰ Server - A host that provides one or more services to hosts on a network.

‰ Client - A host that uses services, provided by the

Note - Servers and clients are two types of hosts in a distributed computing environment.

Solaris Operating Environment System Administration I & II Page 5 of 563


Solaris SA 1 & 2 - Training Material

INSTALLING THE SOLARIS OPERATING


ENVIRONMENT ON A STANDALONE SYSTEM

Objectives

Upon completion of this module, you should be able to:

• State the different installation methods available for the Solaris Operating
Environment software

• Explain the hardware requirements for a Solaris Operating Environment


installation

• Identify the different Solaris Operating Environment soft-ware CD-ROM


editions

• List the five Solaris Software Groups

• Demonstrate how to install the Solaris Operating Environment software on


a networked, standalone system, using Solaris™ Web Start

Solaris Operating Environment System Administration I & II Page 6 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Installation Options

You can install the Solaris software on a system using one of the following
installation options

• Solaris Web Start 3.0 Installation - Provides a graphical user interface-


based, Java technology-powered software application that guides you
through the installation of the Solaris Operating Environment and other
software on a single system from a local or remote CD-ROM drive.

• Solaris Interactive Installation Program-Provides a graphical user Interface


that guides you step-by-step through installing the Solaris Operating
Environment software, 'this installation program does not enable you to
install all the additional software, as with Solaris Web Start, it installs only
the Solaris Operating Environment software.

• Solaris Installation Over the Network - Provides the capability to install


the Solaris Operating environment software on a large number of systems
that do not have -a local CD-ROM drive. This eliminates the need to insert
the Solaris Operating Environment software CD-ROM on every system.
You can install these systems from the remote Solaris Operating
Environment software CD images, which have been copied to an install
server system's hard drive.

• Solaris JumpStart Installation - Provides the capability to automatically


install the Solaris Operating Environment software on a new system only,
by inserting the CD labeled Solaris •Software 1 of 2 SPARC Platform
Edition or Intel Platform Edition into the CD-ROM drive and turning on
the system. The software components installed are specified by a default
profile that is selected based on the model and disk size of the system.

Solaris Operating Environment System Administration I & II Page 7 of 563


Solaris SA 1 & 2 - Training Material

• Solaris Custom JumpStart Installation - A type of installation in which the


Solaris Operating Environment software is automatically installed on a
system based on a user-defined profile. You can customize profiles for
different types of users and systems, and this is the most cost-effective
option for installing the Solaris Operating Environment software in a large
enterprise. Provides hands off installation across the network based on a
central configured server. .

Note - This module describes how to install the Solaris Operating


Environment software on a single system with Solaris Web Start, Sun's
graphical wizard, Java technology-powered software installation
application.

Solaris Operating Environment System Administration I & II Page 8 of 563


Solaris SA 1 & 2 - Training Material

Hardware Requirements of a Solaris Operating Environment


Installation

A desktop Solaris Operating Environment installation requires:

• A SPARC-based or an Intel-based system

• 64 Mbytes of memory

• 2.3 Gbytes of disk space

• Access to a CD-ROM drive

Solaris Operating Environment System Administration I & II Page 9 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment installation CD-ROM


The content of each CD-ROM in the Solaris Operating Environment Media kit
is as follows:

The Solaris Operating Environment SPARC Platform Edition CD-ROM

• Solaris Installation English SPARC Platform Edition

• Solaris Software CD 1 of 2 SPARC Platform Edition

• Solaris Software CD 2 of 2 SPARC Platform Edition

• Solaris Documentation CD (English SPARC/Intel Platform Edition)

International Versions of the Solaris Operating Environment

International versions of Solaris contain:

• Solaris Installation Multilingual CD SPARC Platform Edition

• Solaris Software CD 1 of 2 SPARC Platform Edition

• Solaris Software CD 2 of 2 SPARC Platform Edition

• Solaris Languages CD - SPARC Platform Edition or Intel Platform Edition

International versions also include a two CD-ROM set labeled:

• Solaris -Documentation European SPARC/Intel Platform Edition, which


contains English, French, German, Italian, Spanish, and Swedish
documentation.

• Solaris Documentation Asian SPARC/Intel Platform Edition, which


contains Simplified and Traditional Chinese, Japanese, and Korean
documentation.

Solaris Operating Environment System Administration I & II Page 10 of 563


Solaris SA 1 & 2 - Training Material

Intel Versions of the Solaris. Operating Environment


An equivalent CD-ROM set is included with the Solaris Intel Platform
Edition, plus a diskette labeled Solaris Device Configuration Assistant Intel
Platform Edition.

Choosing the Correct CD for Your Installation Requirements

The following describes which CD-ROM is required when installing Solaris


using the different installation methods:

• Solaris Web Start uses the following CD-ROM set:

¾ Solaris Installation

¾ Solaris Software 1 of 2

¾ Solaris. Software 2 of 2

All the other installation methods described earlier use the Solaris Software 1 of 2 and-Solaris
Software 2 of 2 CD-ROM set.

Solaris Operating Environment System Administration I & II Page 11 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Arrangement


The Solaris Operating Environment software delivered on the Solaris
Software CD-ROM set

1 of 2 and 2 of 2 are organized into three types of components:

• Software Packages

• Software Clusters

• Cluster Configurations

Cluster Configuration Software Cluster Software Packages

Figure 14-1 Solaris Operating Environment Software Components

Software Packages

A software package contains a group of files and directories in a category of


related software (for example, system or application) and software installation
scripts

Solaris Operating Environment System Administration I & II Page 12 of 563


Solaris SA 1 & 2 - Training Material

Software Clusters
During the software installation process, logical collections of software
packages are grouped into software clusters, For example, the CDE software
cluster includes the following packages:

SUNWdtbas SUNWdthed SUNWdtmad SUNWeudhr


SUNWdtbas SUNWdthev SUNWdtrme SUNWeudhs
SUNWdtdem SUNWdticn SUNWdtwn SUNWeudis
SUNWdtdm SUNWdtim SUNWeudba SUNWeudlg
SUNWdtdst SUNWdtinc SUNWudbd SUNWmfman
SUNWdthe SUNWdtma SUNWeudda

Some software clusters can contain only one software package.

Cluster Configuration

The cluster configurations are referred to during the installation process as the
Solaris Software Groups. There are currently five software groups available,
which include:

• Entire Solaris Software Group Plus OEM -SUNWCXall

• Entire Solaris Software Group – SUNWCall

• Developer Solaris Software Group - SUNWCprog

• End User Solaris Software Group - SUNWCusr

• Core Solaris Software Group - SUNWCreq

Solaris Operating Environment System Administration I & II Page 13 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Software Groups

Figure 14-2 Solaris Operating Environment Software Groups

Core

Core is a software group that contains the minimum software required to boot
and run the Solaris Operating Environment on a system. It includes some
networking software and the drivers required to run the Common Desktop
Environment (CDE) or Open Windows desktop. It does not include the CDE
or Open Windows software.

End User System Support

The End User System Support is a software group that contains the Core software group plus the recommended
software for an end user, including Open Windows or CDE and DeskSet software.

Note - Approximate disk space requirement for End User is 1.6 Gbytes.

Solaris Operating Environment System Administration I & II Page 14 of 563


Solaris SA 1 & 2 - Training Material

Developer System Support


The Developer System Support is a software group that contains the End User System Support software
group plus the libraries, Include files, man pages, and programming, tools for developing software.

Note - Approximate disk space requirement for Developer is 1.9 Gbytes.

Entire Distribution

The Entire Distribution is a. software group that contains the entire Solaris
Operating Environment software release.

Note — approximate disk space requirement for Entire Distribution is 2.3


Gbytes.

Entire Distribution Plus OEM Support

The Entire Distribution plus OEM Support is a software group that contains
the entire Solaris Operating Environment software release, plus additional
hardware support for Original Equipment Manufactures (OEMs). This
software group is recommended when, installing the Solaris Operating
Environment software on SPARC-based servers.

Note - Approximate disk space requirement for Entire Distribution plus OEM
is 2.4 Gbytes.

Solaris Operating Environment System Administration I & II Page 15 of 563


Solaris SA 1 & 2 - Training Material

Planning an Installation on a Standalone System

The following installation procedures describe how to run Solaris Web Start to
install the Solaris Operating Environment software on a networked, standalone
system from a local CD-ROM drive.

You can run Solaris Web Start in either of two ways:

• Graphical User Interface (GUI) - This requires a local or remote CD-ROM


drive or network connection, frame buffer, keyboard, and monitor.

• Command Line Interface (CLI) - This requires a local or remote CD-ROM


drive or network connection, keyboard, and monitor.

If Solaris Web Start detects a frame buffer for the system, it uses the GUI, if it
does not it uses the CLI. The content and sequence of instructions in both are
generally the same.

Note - You can select the Solaris Web Start's upgrade option during
installation if the system is currently running Solaris Operating Environment
software. However, if the system is currently running the Solaris 2.5.1 or
Solaris 2.6 Operating Environments, you must run an Interactive Installation
to perform a Solaris Operating Environment upgrade.

Solaris Operating Environment System Administration I & II Page 16 of 563


Solaris SA 1 & 2 - Training Material

Pre-Installation Information
Before installing the Solaris Operating Environment software on a networked
standalone system, you must provide the following information:

• Host name - A unique, commonly short name for the system. You can use
the command uname –n command to determine the host name on an
existing system.

• Host IP address - A software address representing the host address and


network address.

• Name service type - Determine if the networked system is to be included


in one of the following types of name service domains: NIS, NIS+, other,
or none.

• Subnet mask - Determine if the networked system is to be included in a


particular subnet. The subnets mask is stored in the /etc/netmask file.

Note - A subnet is used to partition network traffic. Segmenting network


traffic over many different subnets increases bandwidth to each host.

• Geographic location and time zone - A specific region where the system
physically resides.

• Root password - A password assigned to root to gain access and root


privileges on the system.

• Language - Determine the language to be used to install the Solaris


Operating Environment. Use the CD labeled:

* Solaris Installation English SPARC Platform Edition - All prompts,


messages, and other installation information is displayed in English
only.

Solaris Operating Environment System Administration I & II Page 17 of 563


Solaris SA 1 & 2 - Training Material

* Solaris Installation Multilingual SPARC Platform Edition - Select a


language in which to display prompts, messages, and other installation
information:

• Simplified Chinese
• Traditional Chinese
• English
• French
• German
• Italian
• Japanese
• Korean
• Spanish
• Swedish

The last step in the pre-installation process is to make sure the following
Solaris CD-ROM, set is available:

• Solaris Installation English SPARC Platform Edition or Solaris Installation


Multilingual SPARC Platform Edition.

• Solaris Software 1 of 2 SPARC Platform Editions and Solaris Software 2


of 2 SPARC Platform Editions.

• Solaris Languages SPARC Platform Edition (if using the Multilingual


CD).

Note - Before a software installation, always back up any modifications or


data that exist in the previous version of the Solaris Operating Environment,
and restore them after the installation is complete.

Solaris Operating Environment System Administration I & II Page 18 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 2

ADMINISTRATION OF SOFTWARE PACKAGES

Objectives
Upon completion, of this module, you should be able to:

• Describe a software package

• View software package information, using the pkginfo command

• Add a software package from the Solaris Software CD-ROM using the
pkgadd. Command

• Verify the attributes and content of a software package using the pkgchk
command

• Remove a software package installed on the disk using the pkgrm


command

• View, add, and remove software packages using the admintool

• Add and remove a software package from a spool directory using the
pkgadd and pkgrm

Solaris Operating Environment System Administration I & II Page 19 of 563


Solaris SA 1 & 2 - Training Material

Software Packages
Software administration involves adding and removing software from systems.
Sun and its third-party vendors deliver products in a form called a software
package.

The term package to the method for distributing and installing software
products to systems where the products, will be used. In its simplest form, a
package is a collection of files and directories

Note - All the required software packages are installed automatically during
the Solaris Software installation process.

Software packages contain:

• Files that describe the package and the amount of disk space required.

• The actual software files to be installed on the system.

• Scripts that are run when the package is added and removed.

The tools for viewing, adding and removing software from a workstation after
the Solaris software is installed on a system include:

• Package administration commands - pkgadd, pkgrm, pkginfo, and pkgchk

• The admintool utility - A graphical front-end to the pkgadd and pkgrm


commands

Solaris Operating Environment System Administration I & II Page 20 of 563


Solaris SA 1 & 2 - Training Material

The pkginfo Command

You use the pkginfo command to display information about the software
packages that have been installed on the local systems disk.

Command format

pkginfo [ -d [ device | pathname ] ] [ -1 ] pkg_name

For example:

# pkginfo | more
<some output omitted>
application SUNWAxg Solaris XGL 3 .3 Answer Book
application SUNWaadm Solaris System Administrator Collection
system SUNWab2m Solaris Documentation Server Lookup
system SUNWab2r Solaris Documentation Server
system SUNWab2s Solaris Documentation Server
system SUNWab2u Solaris Documentation Server
application SUNWabda Sun ultra 5/10 Hardware AnswerBook
application SUNWabe Solaris User Collection
application SUNWabsdk Solaris Software Developer Collection

The columns of information that are displayed are described below.

CATEGORY Is the package category, such as application, system,


ALE, or CTL.

PKGINST Is the software package name; if it begins with SUNW,


it is a Sun Microsystems product; otherwise, it
represents a third-party package.

NAME Is a brief description of the software product.

Displaying Detailed Information for All Packages.

To view all the available information about the software packages, use the
pkginfo command with the option:

# pkginfo -l | more

Solaris Operating Environment System Administration I & II Page 21 of 563


Solaris SA 1 & 2 - Training Material

Displaying Detailed Information for a Specific Package

To view information for a specific software package, specify us name on the


command line, for example:

# pkginfo -1 SUNman

PKGINST: SUNWman
NAME: On-line Manual Pages
CATEGORY: system
ARCH sparc
VERSION: 41.0,REV=31
BASEDIR: /usr
VENDOR: Sun Microsystems, Inc.
DESC: System Reference Manual Pages
PSTAMP: tinkertoymOS133331
INSTRELEASE: May 19 2000 16:50
HOTLINE: Please contact your local service provider
STATUS completely Installed
FILES: 6420 installed pathnames
3 shared pathnames
74 directories
73925 blocks used (approx)

The last line (73925 blocks used (approx), identifies the size of the package. A
block is a 512-byte disk block. The blocks used number defines how much
space is needed on the disk to install this package.

To determine how many packages are currently installed on disk, use the
following command:

# pkginfo | wc -1

Displaying Information for Software Packages on CD-ROM


By default, the pkginfo command is used to access information about
packages that have been installed on disk.

Solaris Operating Environment System Administration I & II Page 22 of 563


Solaris SA 1 & 2 - Training Material

Displaying Detailed Information for All Packages on CD-ROM


To display information about software packages that resides on the Solaris
Software CD-ROM (or other release media), use the pkginfo command with
the -d option. This option defines the device on which the software packages
reside.

# pkginfo -d /cdrom/
0/s0/Solaris_x/Product | more

Displaying Detailed Information for Selected Package on CD-ROM

# pkginfo -d /cdrom/cdrom0/s0/Solaris_10/Product -1 SUNWaudio


PKGINST: SUNWaudio
NAKE: Audio applications
CATEGORY: system
ARCH: spare
VERSION: 3.6.20.REV=1.1999.12.03
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: Audio binaries
PSTAMP: dtbuild38sl9991204142646
INSTDATE: May 19 2000 16:35
HOTLINE: Please contact your local service provider.
STATUS: spooled
FILES: 5 spooled pathnames
2 directories
3 executables
4 package information files
681 blocks used (approx)

Solaris Operating Environment System Administration I & II Page 23 of 563


Solaris SA 1 & 2 - Training Material

The pkgrm Command


When a software package is removed from the system, the pkgrm command
and deletes all files associated with that package unless those files are also
shared with other packages.

The command asks for confirmation to continue and might warn about
possible package dependencies. If package dependencies do exist, it will again
ask for confirmation to continue with the package removal process.

Command Format

Pkgrm pkg__name

For example:

# pkgrm SUSWaudio

The following package is currently installed:

SUNWaudio Audio applications


(spare) 3.6.4,REV=1.98.12.03

Do you want to remove this package? y

## Removing installed package instance <SUNWaudio>


## Verifying package dependencies.

WARNING:
The <SUNWolrte> package depends on the package
Currently being removed.

WARNING:
The <SUNWolaud> package depends on the package
Currently being removed.

WARNING:
The <SUNWoldcv> package depends on the package
Currently being removed.

WARNING:
The <SUNWxwkey> package depends on the package
Currently being removed.

Dependency checking failed.

Do you want to continue with the removal of this package [y,n,?,q] y

Solaris Operating Environment System Administration I & II Page 24 of 563


Solaris SA 1 & 2 - Training Material

Note - The message filename <shared pathname not removed> is displayed


if a file is shared by two or more packages. It is removed only when the last
package it is shared with removed

Solaris Operating Environment System Administration I & II Page 25 of 563


Solaris SA 1 & 2 - Training Material

The pkgadd Command


When a software package is added, the pkadd command uncompresses and copies files from

the installation media to the local system’s disk. This command will ask for confirmation to

continue with package add process.

Command Format

Pkgadd [-d [device | pathname ] ] pkg_name

For example:

# pkgadd –d /cdrom/cdrom0/s0/solaris_10/Product SUNWaudio

processing packages instance <SUNWaudio> from


</cdrom/sol_10_sparc/s0/Solaris_10/Product>

Audio applications
(sparc) 3.6.4, REV=1. 98.12.03
copyright 1999 Sun Microsystems, INC. All rights reserved.
Using </> as the package base director.
## processing package information.
## Processing system information.
2 package pathnames are already properly installed
## Verifying package dependencies.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

This package contains scripts, which will be executed with super-user permission during the process of

installing these packages.

Do you want to continue with the installation of <SUNWaudio> [ y, n, ?] y

Installing Audio applications as <SUNWaudio>

## Installing part 1 of 1.

Solaris Operating Environment System Administration I & II Page 26 of 563


Solaris SA 1 & 2 - Training Material

Installation of <SUNWaudio> was successful.

Solaris Operating Environment System Administration I & II Page 27 of 563


Solaris SA 1 & 2 - Training Material

The pkgchk Command

The pkgchk command checks installation completeness pathname, file contents, and file

attributes of a package.

Command Format

Pakgchk [ options ] [-p path …] [pkg_name]

The following example checks the contents and attributes of a software package currently

installed on the system.

# pkgchk SUNWaudio

Note – If the pkgchk command does not display a message, it indicates that the package was

installed successfully.

To list the file contained in a software package, type

# pkgchk –v SUNWaudio

To check any file to determine if its content and attributes have changed since
it was installed with its software package, type:

# pkgchk –p /etc/ passwd


ERROR: /etc/passwd
File size <414> expected <3391> actual
File cksum <3439> expected <17254> actual

The original /etc/passwd file has changed in size since the initial Solaris
Operating Environment software installation. This is indicated by the

Solaris Operating Environment System Administration I & II Page 28 of 563


Solaris SA 1 & 2 - Training Material

differences in file size and checksum. The checksum is used to validate


transported data.

Solaris Operating Environment System Administration I & II Page 29 of 563


Solaris SA 1 & 2 - Training Material

The /var/sadm/Install/contents File

The /var/sadm/install/contents file is a complete record of all the software


packages installed on the local system disk. It references every file belonging
to every software package, and the configuration of products installed can be
viewed.

# more /var/sadm/install/contents

The pkgadd command update the contents file whenever new packages are
installed.

The pkgrm command uses the contents file to determine where files for a
software package are located on the system. Once a package is removed,
pkgrm updates the contents file. This file can be queried to determine if a
particular file has been installed on the system disk:

Solaris Operating Environment System Administration I & II Page 30 of 563


Solaris SA 1 & 2 - Training Material

Identifying the Directory Location of a Command

Use the grep command to search the /var/sadm/install/contents file to


determine if a particular file was installed, and the directory where it is
located. For or example, verify that the command showrev is installed on the
system disk.

# grep showrev /var/sadm/install/contents


/usr/bin/showrev f none 0755 root sys 30116 42078 943863705 SUNWadmc
/usr/share/man/smanlm/showrev.lm f none 0444 bin bin 6398 62569 943312114 SUNWman

Search the Solaris Operating Environment CD-ROM for Command Information

Use the grep command to search for the showrev command on the distribution
media. Instead of searching the contents file on the system disk, in this
example the information for the showrev command is contained in the pkgmap
file.

Every software package contained, on the distribution media has its own
pkgmap, which contains a content list of each package.

# grep showrev /cdrom/cdrom0/s0/Solaris_10/Product/*/pkgmap


/cdrom/sol_10_sparc/s0/Solaris_10/Product/SUNWadmc/pkgmap:l f none
usr/bin/showrev 0755 root sys 31276 44676 938676470

Solaris Operating Environment System Administration I & II Page 31 of 563


Solaris SA 1 & 2 - Training Material

Using a Spool Directory


For convenience, frequently installed software packages can be copied from
the Solaris Software CD-ROM to a spool directory on the system.

The pkgadd command, by default, looks in the /var/spool/pkg directory for


any packages specified on the command line.

Copying packages from the CD-ROM into spool directory is not the same as
installing the packages on disk.

To copy a package into the /var/spool/pkg directory:

# pkgadd -d /cdrom/cdrom0/s0/Solaris 10/Product -s spool SUNWaudio


Transferring <SUNWaudio> package instance

The -s option with the keyword spool copies the package into the /var/spool/pkg
directory by default.

Spooling Packages

You can specify a different directory location using the -s option. In this example, a
new directory is created, and then pkgadd is instructed to copy the package into the
new spool directory.

# mkdir /export/pkgs
# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product -s /export/pkgs SUNWaudio Transferring
<SUNWaudio> package instance
# ls /export/pkgs
SUNWaudio

Removing Packages from the Spool Directory


You remove software packages from a spool directory using the pkgrm
command with the -s option.

# pkgrm -s spool SUNWaudio


# pkgrm -s /export/pkgs SUNWaudio

Solaris Operating Environment System Administration I & II Page 32 of 563


Solaris SA 1 & 2 - Training Material

Package Administration Summary

The following section summarizes the tasks involved in package


administration.

Package Command Summary

Table 15-1 summarizes the commands used for package administration.

Table 15-1 Package Administration

Command Name Description

Pkginfo Lists packages installed on the system or


available on distribution media.
pkgadd Installs packages,
pkgrm Removes packages.
pkgchk Verifies the attributes and contents of the
path names belonging to packages.

Package Administration File and Directory Summary

Table 15-2 describes a list of the files and directories used with package
administration.

Table 15-2 Files and Directories

File or Directory Description

/var/sadm/install/contents Software package/map of the entire


system.

/opt/pkgname Preferred location for the installation of


unbundled packages.

/opt/pkgname/bin or /opt/bin Preferred location for the executable files


of unbundled packages.

/var/opt/pkgname or Preferred location for log files of


/etc/opt/pkgname unbundled package.

Solaris Operating Environment System Administration I & II Page 33 of 563


Solaris SA 1 & 2 - Training Material

MANAGING SOFTWARE PATCHES

Objective

Upon completion of this module, you should be able to:

• List the locations to access patches

• Explain how to access patches from the World Wide Web and
anonymous ftp

• Describe the different patch formats

• Prepare a patch for installation

• Install a patch using the patchadd command

• Demonstrate how to verify what patches are currently installed

• Remove a patch-using the patchrm command

Solaris Operating Environment System Administration I & II Page 34 of 563


Solaris SA 1 & 2 - Training Material

Patch Administration

The administration of patches involves installing or removing Solaris


Operating environment patches from a running Solaris Operating
Environment.

A patch contains a collection of files and directories that replace existing files
and directories that are preventing proper execution of the software. Some
patches contain product enhancements.

A patch is distributed as a directory that is identified by a unique number. The


number assigned to a patch includes the patch base code first, a hyphen, and a
number that represents the patch revision number.

For example, a patch directory named 101945-02, indicates that 101945 is the
base code, and 02 is the revision number.

Solaris Operating Environment System Administration I & II Page 35 of 563


Solaris SA 1 & 2 - Training Material

Patch Distribution
Sub customers have access to a general set of security patches and other
recommended patches through the World Wide Web or anonymous ftp.

Sun customers who have a Sun Services SM contract, have access to the
Sunsolve database of patches and patch information, such as technical white
papers, the Symptom and Resolution database, and more. These are available
using the World Wide Web or anonymous ftp.

A SunService customer can request to receive the Patch Update CD-ROMs,


winch are released every six to eight weeks.

Solaris Operating Environment System Administration I & II Page 36 of 563


Solaris SA 1 & 2 - Training Material

World Wide Web Patch Access

To access patches on the World Wide Web site, the workstation has to be:

• Able to access the Internet

• Capable of running Web browsing software, such as Netscape

To access patches using the World Wide Web, use the following URLs:

http://sunsolve.sun.com United States


http://sunsolve.sun,com.au Australia
http://sunsolve.sun.fr France
http://sunsolve.sun.de Germany
http://sunsolve.sun.co.jp Japan
http://sunsolve.sun.se Sweden
http://sunsolve.sun.ch Switzerland
http://sunsolve.sun.co.uk United Kingdom

Or use the following URL, and navigate to the SunSolve patch database from the
Support entry.

http://www.sun.com

From the Sun Microsystems home page, click on the Sales and Service button and
navigate to the SunSolve patch database.

The patch databases for publicly available patches are labeled "Public patch access."

The patch database for the comprehensive set of patches and patch information
available to contract customers is labeled "Contract customer patch access." The
customer's assigned Sun Service password is required to access this database.

Solaris Operating Environment System Administration I & II Page 37 of 563


Solaris SA 1 & 2 - Training Material

An Additional URL for patch Access


The University of North (Carolina maintains a public patch site, as a
cooperative venture between Sun Microsystems. Inc and the university.

Publicly available patches can be accessed by using the URL:

http://metalab.unc.edu/pub/sun-info/sun-patches/

Solaris Operating Environment System Administration I & II Page 38 of 563


Solaris SA 1 & 2 - Training Material

Anonymous ftp Patch Access


To access patches using anonymous ftp, the workstation must be:

• Able to access the Internet

• Capable of running the ftp program

To access patches using ftp, use the ftp command to connect to:

sunsolve.sun.com

When ftp prompts for a login, enter anonymous as the login name.
When prompted for the password, enter your complete email address

After the connection is complete, the publicly available patches are located in
the /pub/patches directory.

An Additional ftp Site for Patch Access


Publicly available patches can also be accessed by connecting to:

http://metalab.unc.edu/pub/sun-info/sun-patches/

This site is also maintained by the University of North Carolina.

The ftp Patch Access Procedure

The ftp utility has many commands; however, only a few are necessary for
moving files from system to system. You can locate and copy patches to the
local system with a few basic ftp commands.

The following example shows the procedure for changing to the /tmp directory
on the local system, connecting to the remote ftp site, locating a patch and its
README file in the /pub/patches directory, and transferring (copying) both
files to the local systems directory.

Note - To transfer patches, change the ftp transfer mode to binary, by typing
bin at the ftp prompt.

Solaris Operating Environment System Administration I & II Page 39 of 563


Solaris SA 1 & 2 - Training Material

For example:
# cd /tmp
# ftp sunsolve. sun.com
Name (sunsolve.sun. com: root): anonymous

331
331 Welcome to the SunSolve Online FTP server.
331-
331-Public users .may log in as anonymous.
331-
331 Contract customers should use the following 2-tier login procedure:
331
331-At the first login prompt sunsolve
331 passwd: sunmicro
331-
331-At the second login prompt: <sunsolve login name> /<sunsolve passwd>
331 example: myssID/mypasswd
331
331 Public users may log in as anonymous; contract customers
331- Should use the standard sunsolve login and password,
331- Followed by their susolve account/password when prompted.
331-
331- Sunsolve6 FTP serve (Version wu-2.6.0(3) Wed Jan 5 15:02: 27 MST 2000) ready.
331- Guest login ok, send your complete e-mail address as password.
Password:
<output omitted>
230 Guest login ok, access restrictions apply.
ftp> bin
200 Type set to I.
ftp> cd /pub/patches
ftp> Is 108277*
108277-01.zip
108277. readme
ftp> mget 108277*
mget 108277-01.zip? Y.
mget 108277.readme? Y
ftp> cd .
ftp> Is
ftp> bye
cd. / tmp ; 1s
108277-01.zip,
108271. readme

Solaris Operating Environment System Administration I & II Page 40 of 563


Solaris SA 1 & 2 - Training Material

Downloading Patches
When patches are downloaded to the local system, the patches must be placed
in a temporary directory to prepare them for installation. The directory most
often used is the /var/tmp directory.

The most common reason for patch installation failure is directory


permission/ownership problems. The /var/tmp directory is open to all and
eliminates any of these types of problems.

Solaris Operating Environment System Administration I & II Page 41 of 563


Solaris SA 1 & 2 - Training Material

Patch informational Documents


There are important summary documents that list all recommended patches for
every version of the operating system, including a detailed list of all patches
for each operating system release.

Table 16-1 Patch Documents

Patch Document Contents

Solaris10.PatchReport A summary of all recommended patches for the


Solaris Operating Environment release.

10_Recornmended.zip A patch cluster containing all the recommended


patches for the Solaris Operating Environment release.

8_Recororaended README Instructions for how to install the recommended


patches for the Solaris Operating Environment.

Start with the Patch Report document first. This report is divided into several
different categories regarding information about all patches for a Solaris OS
Release.

Listing Patch Documents Using ftp

The following example demonstrates how to use ftp to locate the Patch Report
using a wildcard file search. Once found; the document is copied to a directory
on the local system. For example :)

# cd /var/tmp
# ftp sunsolve. sun. com
<output omitted> ftp> cd /pub/patches
ftp> Is *8.PatchReport
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
Solaris10 Patch Report
Solaris10_x86 Patch Report
226 Transfer complete,
remote: * 10* PatchReport
48 bytes received in 0.00035 seconds (1.4e+02 Kbytes/s)
ftp> get Solaris10.PatchReport
ftp> bye

Solaris Operating Environment System Administration I & II Page 42 of 563


Solaris SA 1 & 2 - Training Material

The Soiaris8.PatchReport can then be read to determine what patch number(s)


may need to be retrieved for installation on the system.

Tide: Solaris Patch Report Update as of 17/Apr/00


=============================================================
Report Notes Section:
This report is generated to provide a summary list of patches released and available from Sun
Microsystems for the listed product. There are updates of this report twice each month.
<output truncated>...
=============================================================
Quick Reference Section:
=============================================================
New Patches Released Since Last Report:
----------------------------------------------------
This is the first Report.
Update Revs Released Since Last Report;
----------------------------------------------------
This is the first Report.

Solaris Recommended Patches:


-----------------------------------------------------
(No Official Recommended List At This Time)

Solaris Patches Contains- Security Fixes:


-----------------------------------------------------------
Solaris Patches Containing y; 00:
------------------------------------------------
Solaris Obsolete Patches:
--------------------------------------------
Solaris Complete Listing of Released Patches:
Total Patches: 30
Total Bug fixes: 59
SunOS Released Patch List:
=============================================================
Patch-ID* 108504-03
Synopsis: SunOS 5.8: Elite3D AFB Graphics Patch
Build is fixed with this patch: 4234045 4294963 4300089 4303885 4308125
Changes incorporated in this version: 4303865 4308725
Date: Kax/16/00

Patch-ID* 1-08605-03
Synopsis: SunOS 5.8: Creator 8 FFB Graphics Patch
BugId's fixed with this patch: 4234015 4294953 4303885 4308725
Changes incorporated in this version: 4303685 4308725
Date: Kar/16/CO

Patch-ID= 103609-01
Synopsis: SunOS 5.8: Buttons/Dials Patch
BugID is fixed with this patch: 4299526 <output truncated>…
Figure 16-2 Sample Solaris S Patch Report

Solaris Operating Environment System Administration I & II Page 43 of 563


Solaris SA 1 & 2 - Training Material

Note - No, all patches available from Sun Microsystems need to be installed. It
is only necessary to install the Recommended Patches, Security Patches, and
those required to fix problems specific to your site.

The /var/sadm/patch Directory

Historical information about all patches currently installed on a system is


stored in /var/sadm/patch directory. For example:

# ls / var/sadm/patch.
107558-05 107594-04 107630-01 107663-01 107683-01
107696-01 107817-01 107582-01 107612-06. 107640-03

You should never modify or delete this directory. If you damage this directory,
you can make it impossible to add or remove patches, add new software, or
upgrade the Solaris Operating Environment without having to first reload the
entire system software.

Solaris Operating Environment System Administration I & II Page 44 of 563


Solaris SA 1 & 2 - Training Material

Patch Formats
Patches come in three different formats depending on the Solaris version and
where the patch had been retrieved. For example:

• The Solaris and Solaris 9 Operating Environment patches are in zip


format, for example: 105050-01 .zip.

Note - Some patches that fix applications on the Solaris Operating


Environment can be in the tar. z format.

• The Solaris 2.6 (and earlier) Operating Environment patches are


compressed tar files in a tar.Z format, for example: 104040-01.tar.Z.

• The Solaris 2.6 (and earlier) Patch Update CD-ROM contains patches that
are gzip compressed tar files, for example: 112340- 01. tear. gz

Preparing Patches for Installation

For the Solaris 5.x and Solaris 9 Operating Environments, use the unzip
command to extract the patch files.

# /usr/bin/unzip 105050-01.zip

For Solaris 2.6 Operating Environment patches use the zcat command to
uncompress the patch files and the tar command to create the patch directories.

# /usr/bin/zcat 104040-01. tar .z | tar xvf

For the Solaris 2.6 Operating Environment patches retrieved from the Patch
Update CD-ROM, use the gzcat command to uncompress and create patch
directories.

Solaris Operating Environment System Administration I & II Page 45 of 563


Solaris SA 1 & 2 - Training Material

The patchadd and patchrm Commands


You have two commands available for managing patches:

• patchadd - Used to install unpacked patches to the Solaris Operating


Environment.

• patchrm-Used to remove patches installed on the Solaris


Operating Environment.

Solaris Operating Environment System Administration I & II Page 46 of 563


Solaris SA 1 & 2 - Training Material

Installing a Patch
When a patch is installed, patchadd calls the pkgadd command to install the
patch packages.

Patch installation procedure differs depending on the current version of the


Solaris Operating Environment software installed on the system.

The examples below describe the procedure for patch installation on Pre-
Solaris 2.6 Operating Environment, and those systems currently Installed with
Solaris 2.6 and above, (for example, the Solaris 5.x or Solaris 9 Operating
Environments).

Both examples assume the patch to be installed exists in the /var/tmp directory
and has been prepared, or extracted for installation.
Installing a Patch in the Solaris 2.6 Operating Environment and Later Versions

For the Solaris 2.6 and above Operating Environments, use the patchadd
command. The following shows how to install a patch using the patchadd
command.

#cd /tmp
# patchadd 105050-01

Checking installed patches...


Verifying sufficient file system capacity (dry run method)
Installing patch packages...

Patch number 105050-01 has been successfully installed.


See /var/sadm/patch/105050-01/log for details.

Patch packages installed:


SUNWhea

Solaris Operating Environment System Administration I & II Page 47 of 563


Solaris SA 1 & 2 - Training Material

Figure 16-4 illustrates those components of the /var/sadm directory that are update4d during
the installation of patch 105050-01

var

sadm

pkg patch

105050-01
SUNWcsu. SUNWhea

README.105050-01 log
pkginfo save

pkginfo save

(Updated
by patch) 105050-01

undo.Z

Figure 16-4 Updated /var/sadm directories

Installing a Patch in a Pre-Solaris 2.6 Operating Environment

Before the Solaris 2.6 Operating Environment, the patchadd command was not
available in the Solaris Operating Environment. Instead, each patch contained
an install patch program.

The following shows the steps needed to install a patch on a system.

# cd /tmp/102301-01
# ls

Install. info SUNWcsu backoucpatch


README.102 301 -01 SUNWscpu installpatch

Solaris Operating Environment System Administration I & II Page 48 of 563


Solaris SA 1 & 2 - Training Material

# ./installpatch

Checking installed packages and patches....


Generating list of files to be patched. . .
Verifying sufficient file system capacity (exhaustive
Method) .

Installing patch packages....

Patch number 102301-01 has been successfully installed.


See /var/sadm/patch/102301-01/log for details

Patch packages installed:


SUNWcsu
SUNWscpu

Caution - Both patchadd and installpatch have a -d option available that


instructs the commands not to save copies of the flies being updated or
replaced in the /var/sadm/patch directory. This is often used to save disk space
over time. However, it also prevents being able to back out or remove-a patch
from the system.

Solaris Operating Environment System Administration I & II Page 49 of 563


Solaris SA 1 & 2 - Training Material

Removing a Patch
When you remove a patch, the patchrm command restores all files that were
modified or replaced by that patch, unless:

• The patch was installed with patchadd -d (which instructs patchadd not to
save copies of files being updated or replaced).

• The patch is required by another patch

• The patch has been obsoleted by a later patch

The patchrm command calls pkgadd to restore packages that were saved from
the initial patch installation.

Removing a Patch from the Solaris 2.6 and Later Opera


ting Environments
For the Solaris 2.6 and above Operating Environments, use the patchrm
command. The following shows how to remove a patch using the patchrm
command.

# patchrm 106793-01

Checking installed packages and patches...

Backing out patch 106193-01...

Patch 106793-01 has been backed out.


Removing a Patch from the Pre-Solaris2.6 Operating Environments

Before the Solaris 2.6 Operating -Environment, the patchrm command was not
available. Instead, each patch contained a backoutpatch program.

# cd /var/sadm/patch/102301-01
# ./backoutpatch. 102301-01

Solaris Operating Environment System Administration I & II Page 50 of 563


Solaris SA 1 & 2 - Training Material

Checking Current Patch Status


Before installing patches, you should know about patches that have been
previously installed on a system.

There are two commands available that provide useful information about
currently installed patches.

# showrev -p
Patch: 106793-01 Obsoletes: Requires: Incompatibles:
Packages: SUNWhea

# patchadd -p

Patch: 106793-01 Obsoletes: Requires: Incompatibles:

Packages: SUNWhea

Solaris Operating Environment System Administration I & II Page 51 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER – 2
Objectives
SYSTEM SECURITY

Upon completion of this module, you should be able to:

‰ Create the /var/adm/loginlog file to save failed login attempts

‰ Monitor system usage with the commands finger, last, and rusers

‰ Use the su command to become the root user or another user on the system

‰ Modify the /etc/default/login file to restrict root access

‰ Use the commands id and groups to identify users and their group memberships

‰ Change a file's owner or a file's group using the commands chown and chgrp,

respectively

‰ Explain how the special permissions setuid, setgid, and the Sticky Bit can affect

system security

‰ Create, modify, and delete access control lists (ACLs) on. files

‰ Control remote login access by maintaining three basic network files: /etc/hosts.equiv,

$HOME/. rhosts, and /etc/ ftpusers

Solaris Operating Environment System Administration I & II Page 52 of 563


Solaris SA 1 & 2 - Training Material

Managing System Security Overview


Two important responsibilities of the system administrator are controlling access and
securing data on a system. The Solaris operating environment provides some standard
Security features for controlling access by unauthorized users and for protecting files on local
and remote systems.

Some basic steps that you should take to manage security at the user, file, system, and
network level include:

‰ Maintaining password and login control

‰ Monitoring system usage

‰ Restricting access to data contained in files

‰ Tracking root logins

‰ Monitoring setuid programs

‰ Controlling remote access on the network

Solaris Operating Environment System Administration I & II Page 53 of 563


Solaris SA 1 & 2 - Training Material

Managing Login and Access Control


All accounts on the system must have a password. Any account without a password
allows unauthorized access to the local host and to the entire network.

The pwconv Command

The pwconv command creates and updates the /etc/shadow file with information from the
/etc/passwd file.

It is the pwconv command that relies on the special value of 'x' in the password field of
/etc/passwd The 'x' indicates that the password for the user already exists in the /etc/shadow
file.

If the /etc/shadow file does not exist, pwconv creates with the information from /etc/passwd.

If the /etc/shadow file does exist, the following tasks are performed:

‰ Entries that are in the /etc/passwd file and not in the /etc/shadow file are added to the
shadow file.
‰ Entries that are in the /etc/shadow file and not in the
/etc/passwd file are removed from the shadow file.

Recording Failed Login Attempts

When a user logs in to a system, locally or remotely, from the command line only, the login
program consults the /etc/passwd and /etc/shadow file to authenticate the user by verifying
the user name and password entered

If the user provides a login ID name from the /etc/passwd file and the correct password for
that login name, the login program grants access to the system

It the user name is not in the /etc/passwd file or the password is not correct for the user name,
the login program denies access to the system

Solaris Operating Environment System Administration I & II Page 54 of 563


Solaris SA 1 & 2 - Training Material

You can save failed login attempts to a file, which is a useful tool for determining if attempts
are being made to break into a system.

You can record failed login attempts can be recorded in the file /var/adm/loginlog

By default, the loginlog file does not exist. To enable logging, you must create this file with
read and write permissions for root only.

# touch /var/adm/loginlog

All failed login activity is written to this file automatically after five failed attempts.

The loginlog contains one entry for each of the failed attempts. Each entry contains the user's
login name, TTY device, and time of the failed attempt.

If there are fewer than five failed attempts, no activity is logged to this file.

Solaris Operating Environment System Administration I & II Page 55 of 563


Solaris SA 1 & 2 - Training Material

Monitoring System Access


All systems should be monitored routinely for unauthorized user access. Use the who
command. to see who is on the system. It looks in the /var/adm/utmpx file to obtain
this information.

The who command displays a list of users currently logged on to the local system, with their login name,

login device (TTY port), login date and time, and the elapsed time since last activity. If a user is logged on

remotely, the remote hostname for that user is displayed.

Displaying Users on the System

To display the users who are currently on the system, execute the who command:

# who
user2 console May 24 10:17 (:0)
User5 pts/3 May 24 17:36 (:0.0)
user9 pts/7 May 24 08:21 (:0.0)

Login Device Types

The second field displayed by the who command defines the user's login device, which can
be one of the following:

‰ console - The device used to display system boot and error messages.

‰ pts -The pseudo device that represents a login or window session without a physical
device. Remote logins are represented by this type of device,

‰ term - A device physically connected to a serial port, such as a terminal or a modem,

Solaris Operating Environment System Administration I & II Page 56 of 563


Solaris SA 1 & 2 - Training Material

Displaying User Information


To display detailed information about users either locally or remotely, use the finger
command.

Command Formal

finger -m username

finger -m username@remotehostname

-m - Match arguments only on username (not first or last name).

The finger command displays the user's login name, home directory path, login time, login
device name, data contained in the comment field of the /etc/passwd file (usually the user's
full name), login shell, and the name of the host if logged in remotely.

Displaying User Information

To display user information, execute the following:

# finger user9
Login name: user9 In real life: user9's Account
Directory: /home/user9 Shell: /bin/ksh
On since Apr 14 08:57:37 on console from : 0
No unread mail
No. Plan.

If a user creates the standard ASCII files .plan or .projects in their home directories,
the content of those files is shown as part of the output of the finger command.

Those files are traditionally used to outline a user's current plans or projects, and must
be created with file access permissions set to 644 (rw-r--r--).

Solaris Operating Environment System Administration I & II Page 57 of 563


Solaris SA 1 & 2 - Training Material

Displaying a Record of Login Activity


Use the last command to display a record of all logins and logouts with the most
recent activity at the top of the output. It looks in the /var/adm/wtmpx file, which
records all logins and logouts.

Each entry includes user name, the login device, host logged in from, date and time
logged in, time of log out, and total login time in hours and minutes, including entries
for system reboot times.

The following is an example of the last command:

# last
userl pts/4 hostl Fri Dec 18 10:24 - 11:00 (00:36)
user9 pts/7 hostl Tue Dec 8 09:39 - 09:49 (00:10)
userS pts/12 hostl Thu Dec 3 15:16 - 15:18 (00:02)
reboot system boot Wed Dec 2 08:44
root console :0 Tue Dec 1 15:12 - 15:12 (00:00)
userS pus/3 hostl Tue Dec 1 16:13 - 16:39 (00:26)

The last command can also display information about an individual user, for example:

# last user9

user9 pts/7 hostl Tue Dec 8 09:39 - 09:49 (00:10)

To view system reboot times only, execute the following command:

# last reboot

reboot system boot Fri Feb 11 10:15


reboot system boot Wed Jan 26 14:58
reboot system boot Mon Jan 3 16:30

Solaris Operating Environment System Administration I & II Page 58 of 563


Solaris SA 1 & 2 - Training Material

Displaying Users on Remote Systems


The rusers command produces output similar to the who command but displays users
logged in on remote hosts. The list is displayed in the order the responses are received
from the hosts — displaying the user's name and the host's name.

A remote host responds only to the rusers command, if its rpc. rusersd daemon is
enabled. It is the network server daemon that returns the list of users on the remote
hosts.

Command Format

rusers [ -1 ]

The rusers -1 command displays a list of login names of users who are logged in on
remote systems, along with the name of the system a user is logged into, the TTY port
(login device), the month, date, login time, and idle time. If the user is not idle, no
time is displayed in the last field. .

For example:

# rusers -1

userS remotehostl :pts/4 Feb 22 11:48 27 (:0)


root remotehostl:console Feb 22 09:31 28:10 (:0)
user4 remotehost5:pts/12 Feb 22 8:00 1:43 (:0)
user6 remotehost2:console Feb 22 13:41 9 (:0)

Solaris Operating Environment System Administration I & II Page 59 of 563


Solaris SA 1 & 2 - Training Material

Accessing root Privileges


As the system administrator, you should log in only to the root account to perform
administration tasks. You should avoid performing routine work as root.

This helps protect the system from unauthorized access, as it reduces the likelihood
that the system will be left unattended with root logged in. Also, critical mistakes are
less likely to occur if routine work is done as a regular system user.

You can become root on a system by either:

‰ Logging in directly as root, and supplying the root password.


‰ Logging in as a regular user, then invoke the su command and supply the root
password.

You should log in under a regular user account, then become root by using the su
command, to access system files or run administration commands.

Using the su Command to Become another User

The su command allows a user to become another user, without logging off the system.
.

Command Format

su [ - ] [ username ]

To use su, you must supply the appropriate password unless the user is already root. The root
user can run su without passwords.

If the password is correct, su creates a new shell process, as specified in the shell field of that
user's /etc/passwd file entry

The su (dash) option specifies a complete login. It changes the user's work environment to
what would be expected if the user had logged in directly as that specified user.

Solaris Operating Environment System Administration I & II Page 60 of 563


Solaris SA 1 & 2 - Training Material

Effective User ID and Effective Group ID


When you run the su command, the effective user ID (EUID) and the effective group
ID (EGID) are changed to the new user to whom you have switched.

Access to files and directories is determined by the value of the EUID and EGID for
the switched user, rather than the UID and GID of the user who originally logged in to
the system.

Note - This is important because file and directory access is determined based on the value of
the EUID and EGID of the user that you have become.

Using the whoami Command

The whoami command displays the switched user's effective current user ID.

Displaying the Effective Current Username

For example, userl is logged into the system under that login name. This user then runs the su
command to become root and enters the root password. The whoami command displays the
user's effective user ID.

$ su
password: (type in the root password)
# whoami
root
#

Solaris Operating Environment System Administration I & II Page 61 of 563


Solaris SA 1 & 2 - Training Material

Using the su Command to Become root


To use the su command io become root:

1. Log in directly (from the login window) as a regular user. For example: userl

2. At the shell prompt, in a terminal window, type su and press Return. Type the root
password and press Return.
$ su
Password:

3. To display the original login, type the command whoami and press Return.
# who am i
userl pts/11 Apr 25 15:45 (:0.0)

4. To determine the login name of the user switched to, type whoami and press Return.
# whoami
root

5. To determine where the user is currently located, type pwd and press Return. The
Location is the original user's home directory.
# pwd

6. To exit the root session and return to the original user, type exit and press Return.
# exit
$

In the default system configuration, root login is restricted to the console. This means that
you cannot remotely log in to a system as root. To remotely log in to a host, you must log in
as a regular user and then run the su command to become root.

Solaris Operating Environment System Administration I & II Page 62 of 563


Solaris SA 1 & 2 - Training Material

To switch a another user and have that user environment:

At the shell prompt, type su with the dash (-) option, the name of the user to become,
and press return. Type the password for the user account and press return fro example:

S su – user2
Password

Determine the login name of the user switched to by typing whoamin and pressing
return.

S whoami
User2

Determine where the user is indicated, type pwd and press Return the location is the
new user home directory.

Pwd

Display the login name of the user originally logged in as by typing whoami and
pressing return.

Who am I

User1 pts/4 app 25 15:55 (:0.0)

To return to the original user status and home directory, type the following command
and press return.

Exit

Solaris Operating Environment System Administration I & II Page 63 of 563


Solaris SA 1 & 2 - Training Material

The sysadmin Group


Any user who is a member of the sysadmin group (GID 14) can run admintool for the
purpose of managing local system files and functions, such as adding and removing users,
groups, software, printers, and serial devices.

If you have not added any user to this group then only root can run the admintool utility.

Note - Members of the sysadmin group can also invoke Solstice Adminsuite™, a Solaris
Operating Environment server product used to locally or remotely manage important system
files and functions.

Solaris Operating Environment System Administration I & II Page 64 of 563


Solaris SA 1 & 2 - Training Material

Managing User Access


Located in the /etc/default directory are three system files root can modify to monitor
who is using the su command; restrict root access; and set up system-wide password
aging for every user who logs in to the system.

‰ The /etc/default/su file controls how su attempts are logged.


‰ The /etc/default/login file can be set to restrict root access.
‰ The /etc/default/password file can be set up to enforce system-wide password aging.

Solaris Operating Environment System Administration I & II Page 65 of 563


Solaris SA 1 & 2 - Training Material

Monitoring su Attempts

For security reasons, you must monitor who has been using the su command,
especially those user's who are trying to gain root, access on the system. You can set
this using the /etc/default/su file.

The following is the content of the /etc/default/su file.

#ident "@#su.dfl 1.6 93/08/14 SKI" /* SVr4.0 1.2 */

#SULOG determines the location of the file used to log all su attempts ft
#
SULOG=/var/adm/sulog

#CONSOLE determines whether attempts to su to root should be logged


#to the named device
#
#CONSOLE=/dev/console

# PATH sets the initial shell PATH variable


#
#PATH=/usr/bin:

# SUPATH sets the initial shell PATH variable for root


#
#SUPATH=/usr/sbin: /usr/bin

#SYSLOG determines whether the syslog(3) LOG_AUTH facility should be


#used to log all su attempts. LOG_NOTICE 'messages are generated for
#su's to root, LOG_INFO messages are generated for su's to other
#users, and LOG_CRIT messages are generated for failed su attempts.
#
SYSLOG=YES

The CONSOLE Variable

The CONSOLE variable, by default, is ignored because of the preceding comment (#)
symbol. Therefore, all attempt are logged to the console regardless of success or family

Solaris Operating Environment System Administration I & II Page 66 of 563


Solaris SA 1 & 2 - Training Material

By removing the comment symbol, the value of the CONSOLE variable is defined for
/dev/console and all successful su attempts to become root are logged to the console.
The /var/adm/sulog file contains only unsuccessful attempts.

Feb 2 11:20:07 hostl su: ‘su root’ succeeded for userl on /dev/pts/4 SU 02/02 11:20 +
pts/4 userl-root

The SULOG Variable

The SULOG variable specifies the name of the file in which all su attempts to switch to
another user are logged. If undefined, su logging is turned off.

The entries in this file include the date and time the command was issued, whether it was
successful (shown by the + symbol for success or the - symbol for failure), the device from
which the command was issued, and finally the name of the user and the switched identity.

For example:

# more /var/adm/sulog
SU 10/20 14:50 + console root-sys
SU 10/20 16:55 + pts/2 user3-root
SU 11/05 11:21 - pts/3 root-userl

Solaris Operating Environment System Administration I & II Page 67 of 563


Solaris SA 1 & 2 - Training Material

Restricting root Access


The /etc/default/login file gives you the ability to protect the root-account on a system by
restricting root access to a specific device.

The following shows (he content of the /etc/default/login file.

# ident "@ (#) login, dfl 1.8 96/10/18 SMI" /* SVr4.0 1.1.1.1 */'
#
# Set the TZ environment variable of the shell.
# TIMEZONE=EST5EDT
#
# ULIMIT sets t-.h-- file size limit for the login. Units are disk blocks.
# The default of zero means no limit.
# ULIMIT=0
#
# If CONSOLE is set, root can only login on that device.
# Comment this line out to allow remote login by root.
#
CONSOLE=/dev/ console
#
# PASSREQ determines if login requires a password.
PASSREQ=YES
#
# ALTSHELL determines if the SHELL environment variable should be set
ALTSHELL=YES
#
#PATH sets the initial shell PATH variable
#PATH=/usr/bin:
#
# SUPATK sets the initial shell PATH variable for root
# SUPATH=/usr/sbin: /usr/bin
#
# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
# TIMEOUT=300
#
# UMASK sets the initial shell file creation mode mask. See umask(1)
# UMASK=022
# SYSLOG determines whether syslog(3) LOG_AUTH facility should in
# used to log all root logins at level LOG_NOTICE and multiple failed
# login attempts at LOG_CRIT.
SYSLOG_YES

Solaris Operating Environment System Administration I & II Page 68 of 563


Solaris SA 1 & 2 - Training Material

The CONSOLE Variable


You can set the CONSOLE variable to specify one of three possible conditions for restricting
root logins:

‰ If the variable is defined as CONSOLE=/dev/console, root login only at the system


console. Any attempt to login as root from any other device generates the error
message:

# rlogin hostl
Not on system console
Connection closed.

‰ If the variable is not defined, root can log in to the system from any device either
across the network, through a modem, or using an attached terminal.

‰ If the variable does not have a value assigned to it (for example CONSOLE=) then
root cannot log in from anywhere, not even the console, The only way to become root
on the system is to log in as a regular user and become root using the su command.

Solaris Operating Environment System Administration I & II Page 69 of 563


Solaris SA 1 & 2 - Training Material

Implementing System-Wide Password Aging


You can force every user on the system to change their password on a regular basis, without
having to set up individual password aging for each user in the /etc/shadow file.

This is done by modifying the /etc/default/passwd file. There are, three different variables in
the file: MAXWEEKS, MINWEEKS, and PASSLENGTH, as shown in the following sample
file.

# cat passrwd
# ident @ (#) passwd.dfl 1.3 92/07/14 SMI"
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6

The /etc/default/passwd File Variables

The following sections describe the /etc/default/passwd file variables.

The MAXWEEKS Variable.

The value set for the MAXWEEKS variable specifies the maximum number of weeks (seven-
day weeks) a password is valid before it must be changed for all regular users.

If there is no value set for this variable, which is the default setting, only users who have a
value for Max Change specified in the fourth field of the /etc/shadow file must change their
passwords at the specified number of days.

The MINWEEKS Variable

The value sot for the MINWEEKS variable specifies the minimum number of weeks between
password changes for all regular users.

If there is no value set for this variable, which is the default setting, only users who have a
value for Min Change specified in the fifth field of the /etc/shadow file are limited as to when
they can change their passwords.

Solaris Operating Environment System Administration I & II Page 70 of 563


Solaris SA 1 & 2 - Training Material

Note - The password aging entries in the /etc/shadow file take precedence over the
/etc/default/passwd file entries for individual users.

The PASSLENGTH Variable.

The PASSLENGTH variable specifies a minimum password length for all regular users
between the six and eight values. Numbers below six default to six character passwords, and
numbers above eight default to eight character passwords.

Solaris Operating Environment System Administration I & II Page 71 of 563


Solaris SA 1 & 2 - Training Material

Restricting Access to Data in Files


When you have established login restrictions, the next task is to control access to the data on
the systems. Of course, some users need to be allowed to read various files, other users need
permission to change and delete files, and there are some files that no user should be able to
access.

Users who need to share files should be put in a group.

Note - In general, you use file access permissions to determine what users or groups have
permission to read, modify, or delete files.

Solaris Operating Environment System Administration I & II Page 72 of 563


Solaris SA 1 & 2 - Training Material

Determining a User's Group Membership


The groups command display group memberships for the user.

For example, to see what groups you belong to, type the following command:

# groups
staff class

To list the groups to which a specific user belongs, use the groups command with the user's
name as an argument.

For example:

# groups user5
staff class sysadmin

Solaris Operating Environment System Administration I & II Page 73 of 563


Solaris SA 1 & 2 - Training Material

Identifying a User Account

You use the id command to further identify users by listing their UID, username, group ID,
and group name. This is useful information when troubleshooting file access problems for
users.

The id command returns the effective user ID and name. For example, if you logged in as
userl and then used su to become user4, the id command reports information for the user4
account.

Command Format

id [ options ] [ username ]

For example, to view your user account information:

$ id

uid 101(userl) gid=300(class)

To view ill the account information for a specific user, use the -a option:

$ id -a userl
uid=101(userl) gid=300(class) groups=14(sysadmin)

Solaris Operating Environment System Administration I & II Page 74 of 563


Solaris SA 1 & 2 - Training Material

Changing a File's Ownership with the chown Command


You might need to use the chown command to change the original owner of a file or
directory to another user on the system. By default, only root can change the
ownership of a file or directory.

Command Format

chown [ option(s) ] user_name filename(s)

or

chown [ option (s) ] UID filename (s)

Note - The username and the UID must exist in the /etc/passwd file.

Changing File Ownership

In this example, a user named userl created a file called file7.

# cd /export/home/user1
# ls -l file7

-rw-r—r— 1 userl staff 672 Jun 1 15:11 file7.


#

Use the chown command to give this file to a new user named user2 and verify the
new ownership.

# chown user2 file7

# ls -1 file7

-rw-r--r-- 1 user2 staff 672 Jun 1 15:12 file7

The file is now owned by user2. This file is still in the home directory of userl. The
users need to determine if the file should be moved to a new directory location.

Solaris Operating Environment System Administration I & II Page 75 of 563


Solaris SA 1 & 2 - Training Material

Changing Directory Ownership


In the next example, userl owns a directory called dir4.

# Is -Id dir4
drwxr-xr-x 8 userl staff 512 Apr .22 12:51 dir4
#

Use the chown command to give this directory and all of its contents (files and
subdirectories) to user2.

# chown -R user2 dir4


# ls -Id dir4
drwxr-xr-x 8 user2 staff 512 Jun 1 15:14 dir4
#

The -R option makes the chown command recursive. It descends through the directory and
any subdirectories setting the ownership UID as it moves through the directory hierarchy.

Changing User and Group Ownership Simultaneously

The chown command also gives the owner the ability to change both the ownership and
group membership of a file or directory at the same time.

# chown user3:class file2

Additionally, you can use the -R option to recursively descend a directory hierarchy,
changing ownership and group membership of the directory and its contents, simultaneously.

# chown -R user3: class dirl

Solaris Operating Environment System Administration I & II Page 76 of 563


Solaris SA 1 & 2 - Training Material

Changing a File's Ownership With the chgrp Command


The chgrp command can be used by root, or the file's owner, to change the group ownership
of files and directories to another group on the system.

However, the file owner must also belong to that new group.

Command Format

chgrp groupname filename(s) chgrp GID filename (s)

Note - The groupname and GID must exist in the /etc/group file.

For example, the file called file 4 currently belongs to a group named staff.

# Is -1 file*
-rw-r— r— 1 userl staff 874 Jun 1 15:08 file4
#

Use the chgrp command to give this file to a new group named class, and verify the
new group ownership.

# chgrp class file4


# Is -1 file*
-rw-r— r-- 1 userl class 874 Jun 1 15:09 file4

Now all users who are members of the group called class have shared access to this file.

Solaris Operating Environment System Administration I & II Page 77 of 563


Solaris SA 1 & 2 - Training Material

Special File Permissions


Three types of special permissions are available for executable files and public directories.
These include:

‰ setuid Permission

‰ setgid Permission

‰ Sticky Bit Permission

Solaris Operating Environment System Administration I & II Page 78 of 563


Solaris SA 1 & 2 - Training Material

The setuid Permission


When set-user identification (setuid) permission is set on an executable file, a user or process
that runs this executable file is granted access based on the owner of the file (usually root)
instead of the user who started the executable.

This allows a user to access files and directories that are normally accessible only by the
owner. Plus many executable programs must be run as root, sys, or bin to work properly.

For example:

-r-sr-xr-x 1 root sys 17156 Jan 5 17:03 /usr/bin/su

The setuid permission displays as an "s" in the owner's execute field.

Note - If a capital “S" appears, it simply indicates that the setuid bit is on and the execute bit
"x" is off or denied.

The root user and the owner can set the setuid permissions on an executable file using the
chmod command and the octal value 4000.

For example:

# chcnod 4555 executable_file

Except for those setuid executable files that exist by default in the Solaris Operating
Environment, the system administrator should disallow the use of setuid programs, or at least
restrict their use.

To search for files with setuid permissions and to display their full pathname, execute the
following command:

# find / -perm -4000

Solaris Operating Environment System Administration I & II Page 79 of 563


Solaris SA 1 & 2 - Training Material

The setgid Permission


The set-group identification (setgid) permission is similar to setuid, except that the effective
group ID of the user or the process is changed to the group owner of the file. Also, access is
granted based on the permissions assigned to that group.

For example, the mail program has a setgid permission used to read mail, or send mail to
other users.

-r-x—s—x 1 root mail 61288 Jan 5 16:57 /usr/bin/mail

The setgid permission displays as an "s" in the group execute field.

Note -If a lowercase letter "1." appears, it indicates that the setgid bit is on and the execute bit
is off or denied. This indicates that mandatory file and record locking occurs during access.

The root user and the owner can set setgid permissions on an executable file using the chmod
command and the octal value 2000.

For example:

# chmod 2555 executable_file

Shared Directories

The setgid permission is a useful feature for creating shared directories.

When a setgid permission is applied to a directory, files created in the directory belong to the
group to which the directory belongs.

For example, if a user has write permission in the directory and creates a file there, that file
belongs to the same group as the directory, and not the user's group.

To create a shared directory, you must set the setgid. bit using symbolic mode:
# chmod g+s shared_directory

Solaris Operating Environment System Administration I & II Page 80 of 563


Solaris SA 1 & 2 - Training Material

Searching for setgid Flies and Directories


To search for files with setgid permissions and display their full pathname, execute the
following command:

# find / -perm -2000

Solaris Operating Environment System Administration I & II Page 81 of 563


Solaris SA 1 & 2 - Training Material

The Sticky Bit Permission


The Sticky Bit is a special permission that protects the files within a publically writable
directory.

If the directory has the Sticky Bit set, a file can be deleted only by the owner of the file, the
owner of the directory, or by root. This prevents a user from deleting other users' files from
publicly writable directories. For example:
# Is -Id /tmp

drwxrwxrwt 6 root sys 719 May 31 03:30 /tmp

The Sticky Bit is displayed as the letter "t" in the execute field for other.

Note - If a capital “T" appears, it indicates that the Sticky Bit is on, however, the execute bit
is off or denied.

The root user and the owner can set the Sticky Bit permission on directories using the chmod
command and the octal value 1000.

For example:

# chmod 1777 public_directory

Searching for Directories with a Sticky Bit Permission

To search for directories with Sticky Bit permissions and display their full pathname, execute
the following command:

# find / -type d -perm -1000

Note - For more detailed information on the Sticky Bit, execute the following command:
man sticky

Solaris Operating Environment System Administration I & II Page 82 of 563


Solaris SA 1 & 2 - Training Material

Access Control Lists


Access Control Lists (ACLs) can provide greater control over file access permissions when
traditional file protection is not enough.

An ACL provides better file security by enabling you to define file permissions for the file
owner, file group, other, specific users and groups. ACLs also enable you to set default
permissions for each of these categories.

For example, if the system administrator wanted everyone in a particular group to be able to
read a file, you would simply give the group read permissions on that file.

However, what if the system administrator wanted only one person in that group to be able to
write to that file? ACLs can provide that level of file security, where traditional UNIX file
access protection cannot.

You should view ACLs as extensions to the standard UNIX file permissions.

The ACL information is stored and associated with each file or directory individually.

ACLs for a file or directory are set or viewed using the commands and options described in
Table 3-1.

Table 3-1 ACL Commands and Options

Command/Option Description

get facl filename (s) Displays ACL entries on afile(s).


setfacl options filename. Sets, adds, modifies, and deletes ACL
entries on a file(s).
setfacl -m acl_entries Creates or modifies ACL entries on files
setfacl -s acl_entries Removes old ACL entries on a file(s). and
replaces with new ACL entries.
set facl d acl_entries entries Deletes-one or more ACL entries on a
file(s)

Solaris Operating Environment System Administration I & II Page 83 of 563


Solaris SA 1 & 2 - Training Material

Table 3-1 ACL Commands and Options (Continued)

Command/Option Description

setfacl -f acl_file Specify an ACL configuration file


containing list of permissions to be set on other files.
acl_file is used an argument with this command only.

setfacl -r Recalculates permissions for the ACL


mask1
1. Permissions specified in the ACL mask are ignored and replaced by the maximum permissions needed to give access to any
additional user, owner group, and additional group entries in the ACL.

ACL Entries

Each ACL entry consists of the fields described in Table 3-2, which are separated by colons.

Table 3-2 ACL Entries

ACL Fields Description


entry- type Type of entry to set file permissions for owner, owner's group,
specific users, additional groups, or the ACL mask.

UID or GID The user's name or identification number (UTD).


The group's name or identification number (GID). .

perm Permissions set for entry-type. You can set


Permissions symbolically using r, w, x, and - or by using octal
values from 0 to 7.

The setfacl command uses these ACL entries to set permissions on tiles, for example:

‰ u[ser] : : perm - Sets the permissions for the tile owner.

‰ G[roup]perm – set the permissions for the owner’s group

Solaris Operating Environment System Administration I & II Page 84 of 563


Solaris SA 1 & 2 - Training Material

‰ o [ther] -perm - Sets the permissions for users other than the owner or members of the
owner's group.

‰ u[ser] :UID:permor u[ser] -usemame:perm - Sets the permissions for a specific user.
The username must exist in the /etc/passwd file.

‰ g[roup] :GID:perm or gtroup] –groupnaome:perm - Sets the permissions for a specific


group. The groupname must exist in the /etc/group file.

‰ m[ask] :perm - Sets the ACL mask. The mask entry indicates the maximum
permissions allowed for all users, except the owner, and for all groups. The mask is a
quick way to change permissions for all the users and groups.

Solaris Operating Environment System Administration I & II Page 85 of 563


Solaris SA 1 & 2 - Training Material

Adding and Modifying ACL Permissions on a File


You can use the setfacl -m command to add or modify ACL permissions on one or more of
the file's ACL entries.

Command Format

setfacl -m acl_entry,acl_entry filenamel [filename2 ...]

Examples of Modifying ACL Entries on a File

The following example creates an ACL entry on file. txt for user8 with permissions to read
and write the file...

# setfacl -m user:user8:6 file.txt


# getfacl file.txt
# file: file.txt
# owner: userl
# group: class
user::rwx
user: :user8:rw- # effective:r--
group::r- # effective :r--
mask:r--
other: ----

The next example modifies the permissions of the ACL mask to read and write.

# setfacl -m m:6 file.txt

# getfacl file.txt
# file: file.txt
# owner: userl
# group: class
user::rwx
user : :user8 :rw # effective :r--
group: : r- # effective : r—
mask: r—
other:---

Solaris Operating Environment System Administration I & II Page 86 of 563


Solaris SA 1 & 2 - Training Material

Determining if a file has an ACL


There are two ways to determine if a file has an ACL

‰ Using the getfacl command


‰ Using the Is -1 command

Using the ls -1 command on any file that has an ACL displays a plus (+) sign at the
end of the permission mode field. For example:

# Is -1 file.txt
-rwxr-------+ I userl class 167 Apr 18 11:13 file.txt

Note - If a file has no ACL entries for additional users or groups, the file is considered to be a
trivial ACL file and the + symbol is not displayed.

Solaris Operating Environment System Administration I & II Page 87 of 563


Solaris SA 1 & 2 - Training Material

Deleting an ACL Entry on a file


To delete an ACL entry from a file, use the setfacl -d command. An ACL entry can be one or
more comma-separated ACL entries without permissions. To delete an ACL, specify the
entry type and the UID (user name) or GID (group name).

You cannot delete the ACL entries for the file owner, file group owner, other, and the ACL
mask.

Command Format

setfacl -d ACL_entry filename (s)

or

setftcl -d ACL_entry,ACL_entry filename (s)

The following is an example of deleting an ACL entry.

# setfacl d u:user8 file.txt

Solaris Operating Environment System Administration I & II Page 88 of 563


Solaris SA 1 & 2 - Training Material

Replacing an Entire ACL on a File


To replace the entire ACL on a file, from the command line, you must specify at least
the basic set of user, group, other, and mask permissions and file name(s).

Command Formal

setfacl -s u: :perm,g: :perm, o:perm,m:perm, [u: UID-.perm] , [g:GID:perm] filename (s)

An Example of Setting an ACL on a File

The following example sets the file owner permissions to read and write, group permissions
to read only, and other permissions to none on file. text.

In addition, viser8 is given read/write permissions on the file, and the ACL mask is set to
read/write, which indicates that no user or group can have execute permissions on the file.

# setfacl -S user: :rw-,group: :r--,other:--,mask:rw-,user :user8:a /- file.txt

To verify which ACL entries were set on the file, use the getfacl command.

# getfacl file.txt
# file: file.txt
# owner: userl
# group: class
user::rw-
user:user8:rw- # effective:rw-
group::r-- # effective::
mask:rw-
other:--

Solaris Operating Environment System Administration I & II Page 89 of 563


Solaris SA 1 & 2 - Training Material

Another Example of Setting an ACL on a File


This next example sets the file owner permissions to read, write, and execute, group
permissions to read only, other permissions to none, and the ACL mask to read.

In addition, user8 is given read and write permissions; however, due to the ACL
mask, the effective permissions for user8 are read only.

# setfacl -s u::7,g::4,o:0,m:4,u:user8:7 file.txt

Verify which ACL entries were set on the file with the getfacl command.

# setfacl file.tact
# file: file.txt
# owner: userl
# group: class
user::rwx
user:user8:rwx # effective:r--
group::r-- # effective:r--
mask:r-
other:---

Solaris Operating Environment System Administration I & II Page 90 of 563


Solaris SA 1 & 2 - Training Material

Managing Remote Access Issues


The more access that is available over the network, the more beneficial it is for remote
system users. However, unrestrained access and sharing of data and resources will create
security problems.

A local host's remote security measures are generally based on being able to validate, limit, or
block operations from remote system users.

The three network files listed here provide certain schemes for handling basic security issues
involving remote user access of a local system.

‰ The/etc/hosts.equiv file

‰ The $HOME/ .rhosts file

‰ The /etc/ftpusers file

Solaris Operating Environment System Administration I & II Page 91 of 563


Solaris SA 1 & 2 - Training Material

The /etc/hosts. equiv and $HOME/. rhosts Files

Typically, when a remote user requests login access to a local host, the first file read
by the local host is its /etc/passwd file. An entry for that particular user in this file
enables that user to log in to the local host from a remote system. If a password is
associated with that account, then the remote user is required to supply this password
at login to gain system access.

When there is no entry in the local host's /etc/passwd file for the remote user, access is
denied.

The /etc/hosts. equiv and $HOME/ .rhosts files bypass this standard password-based authentication to

determine if a remote user should be allowed to access the local host, with the identity of local user.

These files provide a remote authentication procedure to make that determination.

This procedure first checks the /etc/hosts.equiv file and then checks the $HOME/
.rhosts file in the home directory of the local user who is requesting access. Based on
the information contained in these two files, (if they exist), determines if access is
granted or denied.

The /etc/hosts .equiv file applies to the entire system, while individual users can
maintain their own $HOME/ .rhosts files in their home directories.

Solaris Operating Environment System Administration I & II Page 92 of 563


Solaris SA 1 & 2 - Training Material

Entries in /etc/hosts . equivand $HOME / . rhosts

While the /etc/hosts.equiv and $HOME/.rhosts files have the same format; the same
entries in each file have different effects.

The general format is presented here. Explanations and examples of the meanings of
each type of entry are presented on the following pages.

‰ Both files are formatted as a list of one-line entries, which can contain the
following types of entries:

hostname

hostname username

Note - The host name(s) in the /etc/hosts.equiv and $HOME/ .rhosts files must be the official
name of the host, not one of its alias name(s).

‰ If only the hostname is used, then all users from the named host are trusted,
provided they are known to the local host.

‰ If both hostname and username are used, then only the named remote user from
the named remote host can access the local host.

‰ A single plus sign (+) character placed in the file indicates that every remote host
on the network is trusted by the local host. Enabling remote users to login from
anywhere on the network, with no passwords required.

Solaris Operating Environment System Administration I & II Page 93 of 563


Solaris SA 1 & 2 - Training Material

The /etc/hosts.equiv File

For regular users, the /etc/hosts.equiv file is used to identify remote hosts and remote
users who are considered trusted.

Note - The /etc/hosts.equiv file is not checked at all if the remote user requesting local
access is root.

If the local host has /etc/hosts.equiv file contains the host name of a remote host, then
all regular users of that remote host are trusted and do not need to supply a password
to log in to the local host. Provided that each remote user is known to the local host by
having an entry in the local /etc/passwd file; otherwise, access is denied.

This is particularly useful for sites where it is common for regular users to have
accounts on many different systems, eliminating the security risk of sending ASCII
passwords over the network.

The /etc/hosts.equiv file does not exist by default. It must be created if remote user
access is required en the local host.

The $HOME / . rhosts File

While the /etc/hosts.equiy file applies system-wide for non-root users, the .rhosts file
applies to a specific user.

All users, including root, can create and maintain their own. rhosts files in their home
directory.

For example, if you run an r login process from a remote host to gain root access to a
local host, it checks for a / .rhosts file in the root home directory on the local host.

If the remote host name is listed in the file, it is considered to be a trusted host and
remote user access, in this case root access, is granted on the local host.

The $HOME/.rhosts fie does not exist by default, you must creates at in the user's
home directory

Solaris Operating Environment System Administration I & II Page 94 of 563


Solaris SA 1 & 2 - Training Material

Restricting FTP Logins


The Solaris Operating Environment provides an ASCII file named /etc/ftpusers. The
ftpusers file is used to list the names of users who are prohibited from running an ftp
login on the system.

Each line entry in this file contains a login name for each restricted user, for example:

username

The FTP server in.ftpd daemon reads the ftpusers file, when an FTP session is
invoked. If the login name of the user matches one of the listed entries, it rejects the
login session and sends the "Login failed" error message.

By default, the ftpusers file has the following system account entries:

root
daemon
bin
sys
adm
IP
uucp
nuucp
listen
nobody
noaccess
nobody4

As with any user name that you can add, these entries must match the user account names
located in the /etc/passwd file.

Because the new default security policy in the Solaris Operating Environment is to disallow
remote root logins, the root entry is included in /etc/ftpusers.

If root login privileges are allowed by deleting the root, entry in /etc/ftpusers, ensure the etc
default login file reflects remote root login privileges.

Solaris Operating Environment System Administration I & II Page 95 of 563


Solaris SA 1 & 2 - Training Material

The /etc/shells File


The/etc/shells files contain a list of the shells on the system Applications, such as sendmail
and ftp, can use this file to determine whether a shell is valid.

This file does not exist by default.

Note - If this file does not exist, then getusershells (3c) uses its own list of shells.

By creating this file, each shell that you want to be recognized by the system, must have a
single line entry, consisting of the shell's path, relative to / (root).

For example:
# touch /etc/shells
/sbin/sh /bin/sh
/bin/ksh

While the /etc/ftpusers file prohibits ftp connections for a specific user, you can create an
/etc/shells file to allow ftp connections only to those users running shells that you have
defined in this file.

If an entry for a shell does not exist in this file, any user running the undefined shell is not
allowed ftp connections to the system.

Solaris Operating Environment System Administration I & II Page 96 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 4

THE BOOT PROM

Objectives

Upon completion of this module, you should be able to:

• Describe the main functions of the boot programmable read-only memory


(PROM) chip and NVRAM

• Explain the basic elements of POST and the purpose of the Stop key to control
POST

• Invoke some common boot PROM commands from the ok prompt to


customize how the system boots

• Use boot command options to boot a system in different situations

• Demonstrate how to display the device tree to list all the configured devices
using the show -devs command

• Use the probe- commands to identify what peripheral devices (disks, tape
drives, or CDROMs) are currently connected to the system

• Determine a system's default boot device using the devalias command.

• Create a custom device alias name for a new boot device using the nvalias or
nvedit commands

• Delete a custom device alias name with the nvunalias command.

• Use the eeprom command within the Solaris Operating environment to view
or change the values of NVRAM parameters

Solaris Operating Environment System Administration I & II Page 97 of 563


Solaris SA 1 & 2 - Training Material

The Boot PROM Concept


Each Sun system has a boot PROM chip. This 8-kbyte chip is typically located
on the same board as the CPU.

The main functions of the boot PROM are to test the system hardware and
boot the operating system.

The boot PROM firmware, referred to as the monitor program, controls the
operation of the system before the kernel is available. The boot PROM
firmware has the capabilities to perform system initialization at power on and
provide a user interface.

Note -The boot PROM does not understand the Solaris Operating
Environment file systems or files; it deals mainly with hardware devices.

Currently there are three generations of Sun boot PROMs. Each generation has
its own base revision number as described in the following list:

• 1.x- The original SPARC™ boot PROM


• 2.x- The first OpenBoot PROM (OBP)
• 3.x- The OpenBoot PROM with a flash update feature. You can update the
3.x firmware without having to replace the PROM chip.

Note - There is no OpenBoot PROM in the Intel environment.

The NVRAM Component

Another important hardware element in each Sun system is the NVRAM chip;
The NVRAM is 8-Kbytes of nonvolatile random access memory. This
pluggable chip is often located on the main system board.

Solaris Operating Environment System Administration I & II Page 98 of 563


Solaris SA 1 & 2 - Training Material

The NVRAM stores the Ethernet address, host ID, and the time-of-day (TOD)
clock. A single lithium battery within the NVRAM module provide battery
backup for the NVRAM and clock.

The NVRAM module also contains the EEPROM for the storage of user-
configurable parameters that have been changed or customized from the boot
PROM's default parameters settings. This gives you a certain level of
flexibility in configuring the system to behave in a particular manner for a
specific set of circumstances.

The user-interface commands and device aliases are stored in the NVRAM.

Note - The NVRAM chip has a yellow sticker with a bar code on it. Many
software packages that are licensed are based on the system host ID in
NVRAM. If the chip fails, Sun will replace it with a new chip containing the
same host ID and Ethernet address.

Figure 12-1 Basic Elements of the Boot PROM and NVRAM

Solaris Operating Environment System Administration I & II Page 99 of 563


Solaris SA 1 & 2 - Training Material

Power On Self Test (POST)


When a system's power is turned on, a low-level power on self-test (POST) is
initiated. This low-level POST code is stored in the boot PROM and is
designed to test the most basic functions of the system hardware.

At the successful completion of the low-level POST phase, the boot PROM
firmware takes control and performs the following Initialization sequence:

• Initializes the system

• Probes the memory and then the CPU

• Probes bus devices, interprets their drivers, and builds a device tree

• Installs the console

After system initialization, the banner displays on the, console and the high
level testing begins. When the high-level tests are finished, the system checks
parameters stored in the NVRAM to determine if and how to boot the
operating system.

The OpenBoot Goal

The overall goal of the OpenBoot Institute of Electrical and Electronics


Engineers, (IEEE) standard is to provide the capabilities to:
• Test and initialize system hardware

• Determine the systems hardware configuration

• Boot the operating system

• Provide interactive debugging facilities

• Enable the use of third-party devices

Solaris Operating Environment System Administration I & II Page 100 of 563


Solaris SA 1 & 2 - Training Material

Third party Device Configuration


All versions of the OpenBoot architecture allow a third-party board to identify
itself and load its own plug-in device driver. Each device identifies its type
and furnishes its plug-in device driver when requested by the OBP during the
system hardware configuration phase of the boot process.

Figure 12-2 Third-Party- Device Identification Process

Solaris Operating Environment System Administration I & II Page 101 of 563


Solaris SA 1 & 2 - Training Material

Basic Boot PROM Configurations


The following sections describe the basic BootPROM configurations.

Systems Containing a Single System Board

The following Sun systems are configured with only one system board, which
holds both the boot PROM and NVRAM chip.

• SPARCstation™ 4, 5,10, and 20

• Ultra™ 1, 2, 5,10, 30, 60, 80, 220, 250, 420, and 450

The Ultra systems use a re-programmable boot PROM called a flash PROM,
(or FPROM). This allows new boot program data to be loaded into the PROM
via software, instead of having to replace the chip. These updates are
distributed on CDROM,

Systems Containing Multiple System Boards

The following SUN systems are configured with multiple System boards.

• Enterprise 3X00

• Enterprise 4X00

• Enterprise 5X00

• Enterprise 6X00

Solaris Operating Environment System Administration I & II Page 102 of 563


Solaris SA 1 & 2 - Training Material

Systems containing multiple system boards have a special boot PROM and
NVRAM arrangement- These systems also have a clock board to oversee the
backplane communications.

Figure 12-3 NVRAM and Boot Prom in Multi-board Systems

Some characteristics of these particular systems are:

• The CPU located in the lowest card "cage slot becomes the Master "CPU
board.

¾ Each CPU board runs its own individual POST.


¾ The host ID and Ethernet address are on the Clock board and are
automatically downloaded to all CPU board NVRAMs when POST
is complete.

• PROM contents are verified by checksum comparisons.


¾ Clock board and all system boards are compared.
¾ Invalid PROM values can be manually rewritten and verified.
¾ If the PROM contents on the Clock board are found to be
different, it is reloaded with the contents from the Master CPU
board NVRAM.

• You can update the flash PROMs (FPROMs) to newer firmware versions
without replacing them. These updates arc distributed on CDROM.

Solaris Operating Environment System Administration I & II Page 103 of 563


Solaris SA 1 & 2 - Training Material

Controlling the POST Phase


The Stop key, located on the left side of the keyboard, is used to effect the
POST, phase.

• To skip the POST phase at power up, power on the system, while holding
down the Stop key.
• To run extensive POST diagnostics during power up using STOP-d

Power on the system while holding down the Stop key and the "d" key
simultaneously. This action sets the value of the parameter diag-switch? to
true. This also forces the system to boot from the parameter diag-device-Its
default value is usually set to net.

The firmware automatically switches to diagnostic mode to run extensive


POST diagnostics on the system hardware.

By default, the parameter diag-level defaults to the maximum, (max)


setting, this instructs POST to run all available tests.

By modifying the value of diag-level to the minimum (min) setting, POST


only runs an abbreviated set of tests, (in approximately half the time of the
maximum setting).

• To reset the NVRAM parameter settings to the default values:

If a system does not boot and the NVRAM settings are suspect, power on
the system while holding down the Stop key and the "n" key
simultaneously. Once the keyboard LED's (light emitting diodes') start to
flash, release the keys and the system continues to boot.

Halting the Solaris Operating Environment

To halt the Solaris Operating Environment to get to the PROM monitor


prompt, hold down the Stop key and the “a" key simultaneously. An ok
prompt displays on the screen indicating that the monitor program is
available.

Solaris Operating Environment System Administration I & II Page 104 of 563


Solaris SA 1 & 2 - Training Material

Warning - You should not interrupt the Solaris Operating Environment


because file systems can be corrupted. However, if a system is frozen, you can
use this method to reboot the system.

If the Solaris Operating Environment had been running before the Stop-a key
sequence, enter the reset command at the ok prompt to clear all buffers and
registers before entering any diagnostic commands.

Solaris Operating Environment System Administration I & II Page 105 of 563


Solaris SA 1 & 2 - Training Material

Basic Boot PROM Commands


The boot PROM monitor provides a user interface for invoking OpenBoot
commands, such as those listed below.

Note - The ok prompt indicates the Solaris Operating Environment is currently


not running.

The following are some commonly used commands:

• ok banner
• ok boot
• ok help
• ok printenv
• ok setenv
• ok reset
• ok set-defaults
• ok probe-ide
• ok probe-scsi
• ok probe-scsi-all

The banner Command

The banner command lists several lines of useful information about the
system, such as "the model name, amount of memory, host ID, Ethernet
address, and the boot PROM version number, (for example,
1.x, 2 .x, or 3 .x).

ok banner

Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz), Keyboard Present OpenBoot 3.11, 128
MB memory installed, Serial #11900965. Ethernet- addresses 8:0:20:b5:98:25, Host ID:
80b59825.

Solaris Operating Environment System Administration I & II Page 106 of 563


Solaris SA 1 & 2 - Training Material

The boot Command

You use the boot command to boot the Solaris Operating Environment from
the ok prompt.

This command has several options available for booting the system in
different situations.

Command-Format

Ok boot [device-name] – [options]

Entering the boot command at the ok prompt boots the system to multi-user
mode automatically. For example:

Ok boot

Options
The following list describes the options for the boot command:

• s-Boots the system to a single user mode and prompts for the root
password. For example:

ok boot –s

Note- To continue the process and bring the system to multiuser mode,
process the control – d keys.

• A – Boots the system interactively. This is useful if you need to make a


temporary change to the system file or the kernel. The boot program asks
you for the following information.

ok boot –a
Enter filename of the kernel (kernel / unix):
Enter default directory for modules (kernel; /usr / kernel):
Enter name of system file (etc / system):
Enter default root file system type (ufs):
Enter physical name of root device:
For example:

Solaris Operating Environment System Administration I & II Page 107 of 563


Solaris SA 1 & 2 - Training Material

ok help

Enter 'help command-name' or 'help category-name' for more help


(Use ONLY the first word of a category description)
Examples: help select -or- help line
Main categories are:

Repeated loops
Defining new commands
Numeric output
Radix (number base conversions)
Arithmetic
Memory access
Line editor
System and boot configuration parameters
Select I/O devices
Floppy eject
Power on reset
Diag (diagnostic routines)
Resume execution
File download and boot
nvramrc (making new commands permanent)
ok

Detailed Help

To view specific information for one of the main categories listed above, type the following:

• ok help line

• ok help system

• ok help diag

• ok help file

The printenv Command

You can use the printenv command to list all the NVRAM parameters. The
name of each parameter is displayed along with the values of its default setting
and current setting (if the parameter can be modified).

Solaris Operating Environment System Administration I & II Page 108 of 563


Solaris SA 1 & 2 - Training Material

(The following output is edited to fit the page.)

ok printerrv

Variable Name Value Default Value

tpe-link-test? true true


scsi-initiator-id 7 7
keyboard-click? false false
ttyb-rts-dtr-off false false
ttyb-ignore-cd true true
ttya-rts-dtr-off false false
ttya-ignore-cd true true
ttyb-mode 9600,8,n,l,- 9600,8,n,l,-
ttya-mode 9600,8,n,l,- 9600,8,n,l,-
pcia-probe-list 1,2,3,4 1,2,3,4
pcib-probe-list 1,2,3 1,2,3
diag-level max max
output-device screen screen,
input-device keyboard keyboard
boot-command boot boot
auto-boot? True true
diag-device net net
boot-device disk net disk net
local-mac-address? false false
screen-#columns 80 80
screen-#rows 4 34
use-nvramrc? false false
security-mode none
security-password
security-# badlogins 0
diag-switch? false false
ok

Solaris Operating Environment System Administration I & II Page 109 of 563


Solaris SA 1 & 2 - Training Material

You can also use the printenv command to display only a single parameter and
its values. For example, to display only the boot-device parameter:

ok printenv boot-device
boot-device = disk net

The possible values to boot-device include: disk, net, and cdrom.

Note - If an OBP parameter ends in a question mark (?), for example: auto-
boot? the parameter value is either true or false.

The setenv Command


You use the setenv command to change the current values assigned to
NVRAM parameters.

In this example, the auto-boot? parameter is changed from its default setting of
true to a new current value of false.

ok printenv auto-boot?
auto-boot? = true
ok
ok setenv auto-boot? false
auto-boot? = false
ok reset
Resetting

The reset command reads the changes to the environment variables.

The reset Command


The reset command halts the system, clears all buffers, registers the system,
and does one of the following:
• Reboots the system if the auto-boot? parameter is set to true
• Redisplays the ok prompt if the auto-boot? parameter is set to false

Solaris Operating Environment System Administration I & II Page 110 of 563


Solaris SA 1 & 2 - Training Material

The set-defaults Command

You use the set-defaults command to reset all parameters to their default
values. It affects only those parameters that have assigned default values.

ok set-defaults

Setting NVRAM parameters to default values.


ok

To reset only a specific parameter to its default value, use the set-default
command.

ok set-default parameter-name

For example:

ok set-default diag-level

Solaris Operating Environment System Administration I & II Page 111 of 563


Solaris SA 1 & 2 - Training Material

Device Tree

Sun hardware uses the concept of a device tree to organize devices that are
attached to the system.

The OpenBoot firmware builds the device tree from information gathered at
POST. The device tree is loaded into memory to be used by the kernel during
boot to identify all configured devices.

Each node in the device tree represents a device. Nodes with children usually
represent buses and their associated controllers. Their children are devices
connected to the buses or controllers.

A full device path begins with a slash (/) character, the root of the tree. Each
node name has the form name@address: arguments. Other than name, the rest
are optional and the format is device-dependent.

Solaris Operating Environment System Administration I & II Page 112 of 563


Solaris SA 1 & 2 - Training Material

PROM monitor level (ok prompt)

/
(root node level)

pci@1f, 0

pci@1f, 1
pci@1f, 1

ebus@1 network@1.1
Isptwo@4

ide@3

sd@3,0 st@4,0
disk@0,0 cdrom@2,0

SUNW, m64b@2

Figure 12-4 A Partial Device Tree for an Ultra 5/10

Solaris Operating Environment System Administration I & II Page 113 of 563


Solaris SA 1 & 2 - Training Material

To View Device Path Names


To see the entire device tree, use the show-devscommand.

ok show-devs
/SUNW,UltraSPARC-IIi@0,0
/pci@lf,0
/virtual-memory
/memory@0,10000000
/pci@lf,0/pci@l
/pci@lf,0/pci@l,l
/pci@lf,0/pci@l/pci@l
/pci@lf,0/pci@l/pci@l/SUNW,isptwo@4
/pci@lf,0/pci@l/pci@l/SUNW,hme@0,-l
/pci@lf,0/pci@l/pci@l/SUNW,isptwo@4/st
/pci@lf,0/pci@l/pci@l/SUNW,isptwo@4/sd
/pci@lf,0/pci@l.1/ide@3
/pci@lf,0/pci@l.1/sunw, m64B@2
/pci@lf,0/pci@l 1 /networks 1, 1
/pci@lf,0/pci@l /ebus@1
/pci@lf,0/pci.ei, l/ide@3/cdrom
/pci@lf,0/pci@l /ide@3/disk
/pci@lf,0/pci@l l/ebus@l/SUNW,CS4231@14,200000
/pci@lf,0/pci@l,l/ebus@i/flashprom@10,0
/pci@lf,0/pci@l,l/ebus@l/eeprom@14,0 /pci@lf, 0/pci@l,
l/ebus@l/fdthree(214,3023f0 /pci@lf,0/pci@l,l/ebus@l/ecpp@14,3043bc
/pci@lf,0/pci@l,1/ebus@1/su@14, 3062f8
/pci@lf,0/pci@l,1/ebus@1/su@14, 3083f8
/pci@lf,0/pci@l,l/ebus@l/se@14,400000
/pci@lf,0/pci@l,l/ebus@l/power@14,724000
/pci@lf,0/pci@l,l/ebus@l/axoxio@14,726000
<output truncated>
ok

Solaris Operating Environment System Administration I & II Page 114 of 563


Solaris SA 1 & 2 - Training Material

Boot Disk Device Path Example


The paths built in the device tree by the OpenBoot firmware will vary
depending on the system type and its device configuration.

Figure 12.5 shows a sample disk device path on an Ultra system with a PCI
bus.

/pci@1f ,0/pci@l,l/ide@3/dad&0,0

Beginning of
Device Path

Bus Devices
and Controllers
Disk
Device Type IDE Number
(IDE Disk) Address

Figure 12-5 Disk Device Path - Ultra System With PCI Bus

Figure 12-6 shows a sample disk device path on an Ultra System with a PCI-SCSI
bus.

/pci@lf, 0/pci@l/isptwp@-4/sd@3, 0

Beginning of
Device Path

Bus Devices
and Controllers
Disk
Device Type Target Number
(SCSI Disk) Address

Figure 12-6 Disk Device Path - Ultra System With PCI-SCSI Bus

Solaris Operating Environment System Administration I & II Page 115 of 563


Solaris SA 1 & 2 - Training Material

Using probe- Commands to Identify Devices


To identify the peripheral devices, such as disks, tape drives or CDROMs
currently connected to the system, use the OBP commands:

• probe-ide

• probe-scsi

• probe-scsi-all

Note - Use the probe -fcal OBP command to identify peripheral devices on systems containing the Fiber
Channel Arbitrated Loop (FC-AL) GBIC Gigabit Interface Converters.

Peripheral devices are connected to the System board by I/O (input/output)


buses.

You can configure Sun systems with a small computer system interface
(SCSI) bus or integrated drive electronics (IDE) bus.

A probe- Warning Message

Warning - The following warning message is displayed if you invoke the


probe- commands on Sun systems that contain a 3x boot PROM.

Shutting down the Solaris operating system abruptly with the stop –a
sequence, or with the halt command, creates a condition where running the
probe command hangs the system unless you run the reset-all command
first.

When Operating Environment has been running before the stop –a key
sequence, you must complete the following steps before using the price
commands, because these commands can cause the system to freeze.

Solaris Operating Environment System Administration I & II Page 116 of 563


Solaris SA 1 & 2 - Training Material

Note - if a probe- command causes a system to freeze, turn off the system and
then turn it back on by toggling the power switch located on the back of the
system unit.

1. At the ok prompt, set the NVRAM auto-boot? Parameter to false

ok setenv auto-boot? false

2. At the ok prompt, enter the reset command to clear all buffers and
registers before entering any diagnostic commands.

ok reset

The probe-scsi Command

The probe-scsi command, identifies the peripheral devices (disks, tape drives,
or CDROMs) attached to the on-board SCSI controller, by their target address.
For example:

Ok prob-scsi.
Target 3
Unit 0 Disk SEAGATE ST1480 SUN0424626600190016
Target 6
Unit 0 Removable Read only device SONY CDROM

The probe-scsi -all Command


The probe-scsi-all command identifies the peripheral devices attached to the
on-board SCSI controller and all peripheral devices attached to separate SBus
or PCI SCSI controllers.

ok probe-scsi-all
/pci@1f, 0/pci@1/pci@1/SUNW,insptwo@4
Target 3
Unit 0 Disk FUJITSUMAB3045S SUN4.2G1907
Target 4
Unit 0 Removable Tape EXABYTE EXB-8505SMBANSH20090

Solaris Operating Environment System Administration I & II Page 117 of 563


Solaris SA 1 & 2 - Training Material

The probe-ide Command

The probe-ide command identifies the peripheral devices, currently only disks
and CDROMs, attached to the on-board ide controller. This command does
not display target addresses, only device numbers.

For example:

ok probe-ide
Device 0 ( Primary Master )
ATA Model : ST 34342A

Device 1 (Primary Slave )


Not Present

Device 2 (Secondary Master)


Removable ATAPI Model : CRD-824.0B

Device 3 ( Secondary Slave )


Not Present

Solaris Operating Environment System Administration I & II Page 118 of 563


Solaris SA 1 & 2 - Training Material

Identifying the System's Boot Device

The system's boot device is set in the NVRAM as the boot-device parameter,
which is by default set to disk.

ok printenv boot-device
boot-device = disk net

To identify the current boot device for the system, use the devalias command.

ok devalias
screen /pcl@lf,0/pci@l,l/SUNW,m64B@2
net /pci@lf,0/pci@l,l/network£l,l
cdrorti /pci@lf ,0/pci@l,l/ide@3/cdrcsn@2,0: f
disk /pci@lf,0/pci@l,l/ide@3/disk@0,0
disk3 /pci@lf,0/pci@l,l/ide@3/disk@3,C
disk2 /pci@1f0/pci@l,l/ide@3/disk@2,0
disk! /pci@lf0/pci@l,l/ide&3/disk@l,0
diskO /pcieif,0/pciei,l/idee3/disk@0,0
ide /pcidlf,0/pci@l,l/ide@3
floppy /pci@lf ,0/pci@I,l/ebus<2l/fdthree
ttyb /pci@lf,0/pci@l,l/ebus@l/se:b
ttya /pci@lf, 0/pci@l,l/ebus@l/se:ci .
keyboard! /pci@lf,0/pci@l,l/ebus@l/su@14.3C83f8:forcemode
keyboard /pci&lf,0/pciei,l/ebus@l/su@14,3083f8
mouse /pci@lf,0/pci(?l,l/ebus@l/su@14,3062f8
name aliases

Device alias names are listed on the left side of the command output, and the
physical address of each device is shown on the right side of the output.

Device aliases are hard-coded into the OBP firmware, and they are easier to
remember and use than the physical device addresses.

The disk device alias identifies the default boot device for the system.

To boot the system from the default device simply type the boot command.

ok boot

Solaris Operating Environment System Administration I & II Page 119 of 563


Solaris SA 1 & 2 - Training Material

Creating Custom Device Aliases


You can boot from an external device. External devices do not, by default,
have built-in device aliases associated with them.

A portion of the NVRAM called NVRAMRC contains registers to hold


parameters and is also, reserved for storing new device alias names. The
NVRAMRC is effected by the commands nvalias, nvunalias, nvedit and the
parameter use-nvramrc?

The nvalias and nvunalias Commands

To create a new device alias name to access the newly attached external
device, use the command nvalias. .

To create a custom device alias name:

ok nvalias alias-name device-path

The effect of nvalias is to store this entire command line in the NVRAMRC.

To remove a custom device alias name:

ok nvunalias alias-name

The effect of nvunalias is to delete the alias name from NVRAMRC.

Using nvalias to Create Custom Device Aliases

The following procedure shows how to add a new boot device alias, called my
disk, and boot the system from this new boot device alias.

Using show-disks select the device path that relates to the disk to be used.
Using nvalias create a new device alias called mydisk.

ok show-disks

(select a disk from the list)


ok nvalias mydisk /pci@1f, 0/pci@l/pci@l/SUNW, isptvro(M/sd

To paste the device path, for the selected disk, on the command line press
Control-y.

Solaris Operating Environment System Administration I & II Page 120 of 563


Solaris SA 1 & 2 - Training Material

Note - A shortcut provided with the show-disks command enables you to


select a device and use the Control-y keys to copy the device path onto the
command line.

Set the boot-device parameter to the new value of mydisk, and boot the
system.

ok setenv boot-device mydisk


boot-device = mydisk
ok boot

Removing Custom Device Aliases

You use nvunalias to delete the alias name mydisk from NVRAMRC, and set
the boot-device to disk.

ok nvunalias mydisk
ok setenv boot-device disk
boot-device = disk
ok reset
Resetting ....

The nvedit Command

On Sun systems with PROM versions 1.x and 2.x the nvalias command might
not be available to create custom device alias names.

On these systems you use the nvedit command to edit the NVRAMRC
directly. The nvedit editor is a simple line editor that has a set of editing
commands and operates in a temporary buffer.

The following is a sample nvedit session:

ok setenv use-nvramrc? true


use-nvramrc?= true
ok nvedit
0: devalias my-disk /pci@-lf ,0/pci@l, l/ide@3/disk<k>,0
1: Control-c
ok nvstore
ok reset
Resetting .....
ok boot mydisk

Solaris Operating Environment System Administration I & II Page 121 of 563


Solaris SA 1 & 2 - Training Material

You use the nvstore 3 command, which is invoked after exiting nveditp to make permanent
changes to NVRAMRC.

The following lists some basic nvedit commands:

• ^C- Exits the editor


• ^U - Deletes the current line
• Delete - Erases the previous characters
• Return - Closes the current line, opens a new line
• ^B -Goes back one character
• ^F -Goes forward one character
• ^P-Goes back one line
• ^N-Goes forward one line

Solaris Operating Environment System Administration I & II Page 122 of 563


Solaris SA 1 & 2 - Training Material

Changing NVRAM Parameters with the eeprom Command


You use the /usr/sbin/eeprom command to view and change the NVRAM
parameters while the Solaris Operating Environment is running.

You should be aware of the following guidelines when using the eeprom
command:

• Only root can change the value of a parameter.

• Parameters with a trailing question mark must be enclosed in single quotes


when executed in the C shell.

• All changes are permanent There is no reset command to be run.

Examples
• To list all of the parameters with default and current values, type:

# eeprom
• To list a single parameter and its value, type:

# eeprom boot-device boot-device=disk


#

• To change the value of the default boot device, type:


# eeprom boot-device=disk2
#
• To change the value of the auto-boot? parameter, type:
# eeprom auto-boot?=true
auto-boot?=true
#

Solaris Operating Environment System Administration I & II Page 123 of 563


Solaris SA 1 & 2 - Training Material

Interrupting an Unresponsive System


When a system freezes, or stops responding to the keyboard, you must
Interrupt it. Interrupting the system stops the processor immediately and does
not allow for memory to be flushed, or file systems to be synchronized.

To interrupt an unresponsive system:

1. Attempt a remote login on the unresponsive system to locate and kill


the offending process.

2. Attempt to reboot the users system gracefully.

3. Hold down the Stop-a key sequence on the keyboard of the


unresponsive system. The system is placed at the ok prompt.

Note - If an ASCII: terminal is being used as the system, console, use the
Break sequence keys. .

4. Manually synchronize the file systems using the OBP sync command.

ok sync .

This command causes the system to create a crash dump of memory and then
reboot the system.

Solaris Operating Environment System Administration I & II Page 124 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER – 5

ADDING USERS

Objectives

Upon completion of this module, you should be able to:


‰ Create and manage user accounts on the local system using the admin tool utility
‰ Describe the format of the files /etc/passwd and /etc/shadow for securing login access
‰ Describe the format of the /etc/group file for maintaining shared and restricted access
to files and directories
‰ Add, modify, and delete user accounts on the local system with the commands
useradd, usermod, and userdel
‰ Add, modify, and delete group accounts for the local system with the commands
groupadd, groupmod, and groupdel
‰ Define the two different types of shell initialization files
‰ Describe the shell startup activities during login for the three main Solaris Operating
Environment
‰ List the shell initialization files used to set up a user's work environment at login
‰ Describe the purpose of the /etc/skel directory
‰ Modify initialization files to customize a user’s work environment.

Solaris Operating Environment System Administration I & II Page 125 of 563


Solaris SA 1 & 2 - Training Material

Setting Up User Accounts


An important system administration task is setting up user accounts for each user requiring
system access. Each user account consists of five main components:

‰ User name - A unique name a user enters to log in to a system, also called a login
name.
‰ Password - A combination of six to eight letters, numbers, or special characters that a
user must enter with the login name to gain access to a system.
‰ User's home directory - A directory the user is placed in after login, for creating and
storing files.
‰ User's login shell - The user's work environment is set up by the initialization files
defined by the user's login shell. There are six possible login shells in the Solaris
Operating Environment, which include the Bourne shell, Korn shell, C shell, Z shell,
BASH shell, and the TC shell.
‰ User initialization files - Shell scripts that determine how a user's work environment is
to be set up when the user logs in to a system.

Solaris Operating Environment System Administration I & II Page 126 of 563


Solaris SA 1 & 2 - Training Material

Managing User Account:


You can add, modify, and delete user accounts on the system using either command-line tools
or the graphical interface utility called admintool.

However, before you can add user accounts to the system, you must determine the following
information for each new user

‰ Login name - Each user's name must be unique and consist of two to eight letters
(A_Z, a-z) and numbers (0-9). The first character must be a letter, and at least one
character must be a lowercase fetter. User names cannot contain underscores or
spaces.
‰ User identification (UID) number - The user's unique numerical ID for the system.
UID numbers for regular users range from 100 to 60000. All UID numbers must be
unique.

Note - As of the Solaris 2.6 Operating Environment, the maximum value for a UID is
21474&3647. However, the UIDs over 60000 do not have full functionality and are
incompatible with some the Solaris Operating Environment features. So avoid using UIDs
over 60000 to be compatible with earlier versions of the operating system.

‰ Group identification (GID) number - The unique numerical ID of the group to which
the user belongs. Each GID number must be an integer between 100 to 60000.

Note - You can add a user to predefined groups of users listed in the /etc/group file.

‰ Comment - Identifies the user. Generally contains the full name of the user and
optional information such as a phone number or location.
‰ Home directory identifies the user’s home directory pathname
‰ Login Shell – Identifies the user’s login shell
‰ Password Aging Optical

Solaris Operating Environment System Administration I & II Page 127 of 563


Solaris SA 1 & 2 - Training Material

Managing User Accounts with admintool


The administration utility, admintool, enables system administrators to maintain and modify
local system files from the following categories:

‰ Users

‰ Groups

‰ Hosts

‰ Printers

‰ Serial ports

‰ Software

Note - You execute the admintool utility from the Common Desktop Environment (CDE) or
Open Windows™ environment.

To set up and manage user accounts with admintool, log in as root and run the following
command from, a terminal window in a CDE environment.

# admintool &

Solaris Operating Environment System Administration I & II Page 128 of 563


Solaris SA 1 & 2 - Training Material

Storing User and Group Account information


The Solaris Operating Environment stores user account and group account information in the
following system files:

‰ /etc/passwd
‰ /etc/shadow
‰ /etc/group

Authorized system users have login account entries in the /etc/passwd file.

All passwords are encrypted and maintained in a separate shadow file named /etc/shadow. To
further control user passwords, you can often enforce password aging, which is maintained in
the /etc/shadow file.

The /etc/group file defines the default system group accounts. You use this file to create new
group accounts or modify existing group accounts on the system.

Solaris Operating Environment System Administration I & II Page 129 of 563


Solaris SA 1 & 2 - Training Material

The /etc/passwd File


Due to the critical nature of the /etc/passwd file, you seldom, if ever, opens this file to edit it
directly. Instead, the file is maintained through the use of adminitool, or the command – line
tools: useradd, usermod, and userdel.

The following is a sample /etc/passwd file, containing initial system account entries:

Root:x:0:1:Super-User:/:/sbin/sh
Daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3: :/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line printer admin:/usr/spool/lp:
smtp:x:0:Mail daemon User:/:
Uucp:x:5:5:uucp Admin: usr/lib/uucp:
Nuucp:x:9:9UUCP Admin: /var/spool/uucppublic:/usr/lib/uucp/uucicio
Listen:x:37:4:Network Admin: usr/ner/net/nls:
Nobody:x:60001:60001: Nobody:/:
Noaccess:x:60002:60002: No Access User:/:
Nobody4:x:65534:65534:SunOS 4.x Nobody:/:

Each line entry in this file contain the following seven fields separated by colons:

loginID:x:UID:GID: Comment: home_directory:LOGIN_SHELL

‰ loginID-Represents the user's login name. It should be UNIQUE. The field is a string
of no more than eight characters consisting of numeric characters, period (.),
underscore (_), and (-). The first character must be a letter, and it must contain at least
one lowercase character
‰ Represents a placeholder for the user's encrypted password, which is kept in the
/etc/shadow file.
‰ UID Contains the UID used by the system to identity the user. UID numbers for users
range from 100 to 60000. Values 0 through 99 are reserved for system accounts UID
60001 is reserved for the nobody account UID 6002 is reserved for the noaccess
account duplicate UIDs are allowed but should be avoided. If two users have the same
UID, they have identical access to each users files

Solaris Operating Environment System Administration I & II Page 130 of 563


Solaris SA 1 & 2 - Training Material

‰ GID- Contains the GID used by the system to identify the user's primary group. GID
numbers for users range from 100 to 60000. (Those between 0 and 99 are reserved for
system accounts.)

‰ comment -Contains the user's full name.

‰ home_directory -Contains the full pathname to the user's home directory.

‰ login_shell-Defines the user's login shell, which can be /bin/sh, /bin/ksh, /bin/csh,
/bin/zsh, /bin/bash, or /bin/tcsh.

Default System Account Entries

Table 2-3 describes the default system account entries located in the /etc/passwd file.

Table 2-3 Default System Account Entries

User User ID Description


Name
root 0 Superuser account. Has almost no restrictions and overrides all
other logins, protections, and permissions; has access to the
entire system.

daemon 1 System account that controls background processing.

bin 2 Administrative account that owns most of the commands.

sys 3 Administrative account that owns many system files.

adm 71 Administrative account that owns certain administrative files.

smtp 0 Print service account that owns the object and spooled data
files for the printer.

The smtp mailer uses the Simple Mail Transfer Protocol


(SMTP) to transfer a message. SMTP is the standard mail
protocol used on the Internet.

Solaris Operating Environment System Administration I & II Page 131 of 563


Solaris SA 1 & 2 - Training Material

Table 2-3 [Default System Account Entries (Continued)

User User ID Description


Name
uucp 5 The uucp account that owns the object and spooled data files
for the UNIX-to-UNIX copy program (UUCP).

nuucp 6 The uucp account used by remote systems to login to the host
and start file transfers.

listen 37 Network listener account.

nobody 60001 Anonymous user account, assigned by an NFS server when an


unathorized root user makes a request. The nobody user
account is assigned to software processes that do not need any
special permissions.

noaccess 60002 Account assigned to a user or a process that needs access to a


system through some application without actually logging into
the system.

nobody4 65534 SunOS™ 4.0 or 4.1 version of the nobody account.

1. The nobody account is used for securing NFS resources. When a user is logged in as root
on an NFS client and attempts to access a remote file resource, the UID is changed from 0 to
the UID of nobody (60001); nobody gets the same access permissions as those defined for
everyone else.

Solaris Operating Environment System Administration I & II Page 132 of 563


Solaris SA 1 & 2 - Training Material

The /etc/shadow file


Due to the critical nature of the /etc/shadow file, you should never edit it directly. Instead,
you maintain the file's fields using admintool or the commands useradd, usermod, or passwd.
The /etc/shadow file can be read only by a user with root permission.

The following is an example of the /etc/shadow file containing its initial system account
entries:

root:LXeoktCoMtwZN:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445: : : : : :
smtp:NP:6445::::::
uucp: NP : 6445 ::::::
nuucp: NP:6445::::::
listen : * LK* ::::::
nobody:NP:6445 ::::::
noaccess :NP: 6445 ::::::
nobody4 :NP: 6445 ::::::

Each line entry contains the following nine fields, separated by colons:

login ID: password: lastchg:min:max: warn: inactive:expire:

‰ loginID- Contains the user's login name.

‰ password -Contains a 13-character encrypted password, or the string *LK* , which


indicates a locked account, or the string NP, which indicates no password.

‰ lastchg - Indicates the number of days between January 1,1970, and the last password
modification date.

‰ min -Contains the minimum number of days required between password changes.

‰ max-Contains the maximum number of days the password is valid before the user is
prompted to enter a new password at login.

‰ warn - Contains the number of days the user is warned before the password expires.

Solaris Operating Environment System Administration I & II Page 133 of 563


Solaris SA 1 & 2 - Training Material

‰ inactive - Contains the number of inactive days allowed for that user before the user's
account is locked.

‰ expire -Contains the date when the user account expires. Once exceeded, the user can
no longer log in.

The ninth field is reserved for future use, and is currently not used.

Solaris Operating Environment System Administration I & II Page 134 of 563


Solaris SA 1 & 2 - Training Material

The /etc/group File


Each user must belong to a group, which is referred to as the user's primary group and
specified by the GID located in the user's account entry within the /etc/passwd file.

Each user can also belong up to 15 additional groups, known as secondary groups, which are
specified in /etc/group file only.

The following is a sample of the default entries in an /etc/group file.


# cat /etc /group
root: :0 :root
Other: : 1 :
bin : : 2 : root , bin , daemon
sys : : 3 : root , bin , sys , adm
adm : : 4 : root , adm , daemon
uucp : : 5 : root , uucp
mail : : 6 : root
tty : : 7 : root , tty , adm
lp : : 8 : root , lp , adm
nuucp : : 9 : root , nuucp
staff ::10:
daemon : : 12 : root , daemon
sysadmin: : 14 : lister, torey
nobody: : 60001:
noaccess: : 60002 :
nogroup: : 65534 :
#

Each line entry in the /etc/group file contains the following four fields, each separated by a
colon character.

groupname : group -password: GID: username-list

‰ groupname -Contains the name assigned to the group. Group names can contain a
maximum of eight characters.
‰ group-password - Contains an asterisk or is an empty field. This field is a relic of
earlier versions of UNIX. There is no utility to set a password on a group. To place a
password on a group, cut and paste an existing password from the /etc/shadow file
into the /etc/group file entry

Solaris Operating Environment System Administration I & II Page 135 of 563


Solaris SA 1 & 2 - Training Material

Note — A group password is used by the newgrp command. This command is used to log a
user into a new group. If that new group has a password, and the user is not a member of that
group, the password has to be entered before newgrp will continue.

‰ GID-Contains the group's GID number. It must be unique on the local system and
should be unique across the organization. Numbers 0 to 99, 60001, and 60002 are
reserved for system group accounts. User-defined groups can range from 100 to
60000.
‰ username-list-Contains a comma-separated list of user names that represent the user's
secondary group memberships. By default, each user can belong to a maximum of 15
secondary groups.

Solaris Operating Environment System Administration I & II Page 136 of 563


Solaris SA 1 & 2 - Training Material

Creating and Managing Accounts from the Command line

You can use the following command-line tools to add, modify, and delete user accounts and
group accounts on the local system.
‰ useradd- Adds a new user account to the local system
‰ usermod - Modifies a user's account on the local system
‰ userdel - Deletes a user's account from the local system
‰ groupadd - Adds (creates) a new group account on the system
‰ groupmod - Modifies a group account on the system
‰ groupdel - Deletes a group account from the system

Solaris Operating Environment System Administration I & II Page 137 of 563


Solaris SA 1 & 2 - Training Material

Creating User Accounts

You can add new user accounts on the local system using the useradd command. This
command adds an entry for the new user into the /etc/passwd and /etc/shadow files.

The useradd command also automatically copies all the initialization files in the /etc/skel
directory to the user's new home directory.

Command Format

useradd [ -u uid ] [ -g gid [ -G gid [,gid, . . ]] [ -d dir ] [ -m ] [ -s shell ] [ -c


comment ] loginname

Options

You can use the following options with the useradd command:

‰ -u uid -Sets the unique UID for the new user.

‰ -g group - Specifies a predefined group's ID or name.

‰ -G group - Defines the new user's secondary group memberships.

‰ -d dir- Defines the full pathname for the user's home directory.

‰ -m-Creates the new home directory if it does not already exist.

‰ -s shell - Defines the full pathname for the shell program to be used as the user's login
shell. If not defined, it defaults to /bin/sh.

‰ -c comment - Typically used to specify the user's full name and location.

‰ -o -Allows a UID to be duplicated.

‰ -e expire - Sets an expiration date on the user account. Specifies the date (mm/dd/yy)
on which a user can no longer log in and access the account. The account is locked

Solaris Operating Environment System Administration I & II Page 138 of 563


Solaris SA 1 & 2 - Training Material

‰ inactive - Sets the number of inactive days allowed on a user account. If the account is
not logged into during the specified number of days it is locked.

‰ -k skel_dir- Specifies an alternative directory location containing customized


initialization files to be copied into the user's home directory. (The default is
/etc/skel.)

Adding a User with useradd

You can use the useradd command to create an account for a user named userl, assign the
UID, add the user to the group other, create a home directory in /export/home, and set the
login shell for the account.

# useradd -u 100 -g other -d /export/home/newuserl -m -s /bin/ksh -c “regular User


Account" newusarl

By convention, a user's login name is also the user's home directory name.

Solaris Operating Environment System Administration I & II Page 139 of 563


Solaris SA 1 & 2 - Training Material

Modifying User Accounts

You can use the usermod command to modify the components existing in a user account.

Command Format

usermod [ -u uid [ -o ] ] [ -g group } ( -G group [ . group . . . ] ] -d dir ] [ -m ] ] [ -s shell ] [ -c


comment } [ -1 newlogname } [. -f inactive } [ -e expire ] login

Options

In general, the options for the usermod command function the same as for the useradd
command, with the exception of the following options:

‰ -1 newlogname - Changes a user's login name for the specified user account.
‰ -m-Moves the user's home directory to the new location specified with the -d option.

Example

The following example changes the login name and home directory for userl to guestl:

usermod -d /export/home/guestl -m -i guestl newuserl

Solaris Operating Environment System Administration I & II Page 140 of 563


Solaris SA 1 & 2 - Training Material

Deleting User Accounts

You can use the userdel command to delete a user's login account from the system. This
command also removes the user's home directory and all of its contents,if requested to do so.

Command Format

userdel [ -r ] login

Options

You can use the following option with the userdel command:

‰ -r-Removes the user's home directory from the local file system. This directory must
exist.

Examples

The following example removes the login account for user guestl:

# userdel guestl

To request that both the user's login account and home directory be removed from the system
at the same time, execute the following:
# userdel -r guestl

Solaris Operating Environment System Administration I & II Page 141 of 563


Solaris SA 1 & 2 - Training Material

Adding Group Accounts


As root, you can create new group accounts on the local system using the groupadd
command. This command adds an entry for the new group into the /etc/group file.

Command Format

groupadd [ -g gid [ -o ] ] groupname

Options

You can use the following options with the groupadd command:
‰ -g gid - Assigns the group ID gid for the new group.
‰ -o -Allows the gid to be duplicated.

Example

The following groupadd command creates the new account classl on the local system:
groupadd -g 301 classl

Solaris Operating Environment System Administration I & II Page 142 of 563


Solaris SA 1 & 2 - Training Material

Modifying Group Accounts


You can use the groupmod command to modify the definitions of the specified group by
modifying the appropriate entry in the /etc/group file.

Command For mat

groupmod [ -g gid [ -o ]] [ -n name ] groupname

Options

You can use the following options with the groupmod command:

‰ -g gid - Specifies the new GID for the group.

‰ -o - Allows the GID to be duplicated.

‰ -n name-- Specifies the new name for the group.

Example

The following example changes the class account group GID to 400:

# groupmod -g 400 class

Solaris Operating Environment System Administration I & II Page 143 of 563


Solaris SA 1 & 2 - Training Material

Deleting Group Accounts

You can use the groupdel command to delete a group account from the system. It
deletes the appropriate entry from the /etc/group file.

Command Format

groupdel groupname

Example

The following example removes the group account classl from the local system.

# groupdel classl

Solaris Operating Environment System Administration I & II Page 144 of 563


Solaris SA 1 & 2 - Training Material

Understanding Initialization Piles


When users log in to the system, their login shells look for the execute two different
types of initialization, files. The first type controls the system -wide environment. The
second type controls the user's environment.

System-Wide Initialization Files

You maintain the system initialization files to provide an environment for the entire community of
users who log in to the system. These files are provided by the Solaris Operating Environment and
reside in the /etc directory.

The two main system initialization files are called /etc/profile and /etc/. login.

The Bourne and Korn login shells look for and execute the system initialization file
/etc/profile during login.

The C login shell looks for and executes the system initialization file /etc/.login
during the login process.

Note -The default files /etc/profile and /etc/.login check disk usage quotas, print the
message of the day from the /etc/motd file, and check for mail. None of the messages
are printed to the screen if the file .hushlogin exists in the user's home directory.

User Initialization Files

You set up the user's initialization files and place them in each user's home directory.

The primary job of a user initialization file is to define the characteristics of a user's
work environments such as user’s search path, environment variables, and windowing
environment.

The owner(s) of the file(s) or root can change or customize the content of these files

Solaris Operating Environment System Administration I & II Page 145 of 563


Solaris SA 1 & 2 - Training Material

Table 2-4 defines the initialization files for the six possible shells in the Solaris Operating
Environment.

Table 2-4 Initialization Files for the Six Shells

Shells System-wide User Initialization User Shell


Initialization Files Read at Login Initialization Pathname
Files Read
Files When a New
Shell is Started
After Login

Bourne /etc/profile $HOME/.profile /bin/sh

Korn /etc/profile $HOME/.profile $HOME/.kshrc /bin/ksh


$HOME/.kshrc

C /etc/.login $HOME/.cshrc /bin/csh

Z /etc/zshenv $HOME-/. zsheriv $HOME/.zshrc /bin/zsh


/etc/zprofile $HOME/.zprofile
/etc/zshrc $HOME/.zlogin .
/etc/zlogin

BASH /etc/profile $HOME/.bash_profile $HOME/.bashrc /bin/bash


$HOME/.bash_login
$HOME/.profile

TC /etc/csh.cshrc $HOME/.tcshrc /bin/tcsh


/etc/csh.login or
$HOME/.cshrc

Note - The root user's login shell by default is the Bourne shell, and root' s shell entry in the
/etc/passwd file appears as /sbin/sh.

When a user logs in to the system, the user's login shell is invoked. The shellprogram looks
for its initialization files in a specific order; executes the commands contained in each file,
and when finished, displays the shell prompt on the user's screen.

Solaris Operating Environment System Administration I & II Page 146 of 563


Solaris SA 1 & 2 - Training Material

Customizing the Work Environment


The shells all provide basic features and a set of variables that determine what root or
a regular user can do when customizing user initialization files for each shell.

Shell Variables

The environment maintained by the shell includes variables that are defined by the login program, system

initialization file, and the user initialization files.

The shells support two types of variables:

‰ Environment variables - Every shell program started receives its information


about the user's environment from these variables.

‰ Local variables - This affects only the current shell. Any subshell started would
not have knowledge of these variables.

Table 2-5 lists some of the variables available, for customizing a user's shell environment.

Table 2-5 Shell Variables

Variable
Set By Description
Name
LOGNAME Set by login Defines the user's login name.
HOME Set by login Sets the path to the user's home
directory. Default argument for cd.
SHELL Set by login Sets the path to the default shell.
PATH Set by login Sets the default path the shell searches
to find commands.
MAIL Set by login Sets file path to the user's mailbox.
TERM Not set by Defines the terminal.
default
LPDEST Not set by Sets the user’s default partner
default

Solaris Operating Environment System Administration I & II Page 147 of 563


Solaris SA 1 & 2 - Training Material

Table 2-5 Shell Variables (Continued)

Variable Set By Description


Name
PWD Set by shell Defines the current working directory.

PSI Set by shell Defines the shell prompt for the Bourne or
Korn shell.

Prompt Set by shell Defines the shell prompt for the C shell.

Note — For complete information on all variables used by the default shells see the following
man pages: sh (1), ksh (1), csh (1), zsh (1), bash(l)/and tcsh(l).

Setting Environment Variables in User Initialization Files

A user can change the values of the predefined variables and specify additional variables.

Table 2-6 demonstrates how to set environment variables in user initialization files.

Table 2-6 Setting Environment Variables

Shell User's Initialization File

Bourne or Korn Shell VARIABLE=value ; export VARIABLE


For example:

"$HOSTNAME 1 $ export PSl

C Shell Setenv variable value

For example

Solaris Operating Environment System Administration I & II Page 148 of 563


Solaris SA 1 & 2 - Training Material

Using the Initialization file Templates


The Solaris Operating Environment provides you with a set of initialization file
templates.

The initialization file templates are located in the /etc/skel directory and are defined in
Table 2-7.

Table 2-7 Default User Initialization Files

Shell Initialization File User s Initialization Files


Templates
Bourne /etc/skel/local.profile $HOME/.profile
Korn /etc/skel/local.profile $KOME/.profile
C /etc/skel/local.login $HOME/.login
/etc/skel/local.cshrc $HOME/.cshrc

The root user can customize these templates to create a standard set of user initialization files
to provide a common work environment for each user.

User's can then edit their initialization files to further customize their environments for each
shell.

When new user accounts are created by root, these initialization files are automatically copied
to each new user's home directory.

Solaris Operating Environment System Administration I & II Page 149 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 6

DEVICE CONFIGURATION

Objectives
Upon completion of this module, you should be able to:

‰ Describe the disk components: sectors, tracks, and cylinders

‰ Define the term disk slice

‰ Identify a disk device by its logical device name, physical device name, and instance
name

‰ Describe the purpose of the /etc/path to inst file

‰ List a system's device configuration information using the prtconf command

‰ Display the system's current disk configuration using the format: commands

‰ Show how to invoke a reconfiguration boot after adding a peripheral device to the
system

‰ Describe how devices are reconfigured using the devfsadm command

Solaris Operating Environment System Administration I & II Page 150 of 563


Solaris SA 1 & 2 - Training Material

Basic Architecture of a Disk

The following sections describe the architecture of a disk.

Physical Disk Structure

A disk is physically composed of a series of flat, magnetically coated platters stacked


on a spindle. The spindle turns while the read/write heads move between platters, in
unison, racially reading and writing data on the platters.

Figure 5-1 Components of a Disk

The following describes the components of a disk:

‰ One or more platters.

‰ Platters rotate around the spindle.

‰ Head actuator arm moves the read/write heads as a unit above and below each platter.

Solaris Operating Environment System Administration I & II Page 151 of 563


Solaris SA 1 & 2 - Training Material

Components of a Disk Platter


A disk is divided into the following components: sectors, tracks, and cylinders.

‰ Sector - The smallest addressable unit on a platter, One sector can hold 512 bytes of
data. Sectors are also known as disk blocks.
‰ Track - A series of sectors positioned end-to-end in a circular path.
‰ Cylinder - A stack of tracks.

Figure 5-2 Components of a Disk Platter

Note - The number of sectors per track varies with the radius of a track on the platter. The
outermost tracks are larger and can hold more sectors than the inner tracks.

Because a disk spins continuously and the read/write heads move as a single unit, the most
efficient seeking occurs when the sectors to be read or written to are located in a single
cylinder.

Solaris Operating Environment System Administration I & II Page 152 of 563


Solaris SA 1 & 2 - Training Material

Defining Disk Slices


Disks can, be divided into individual partitions, known as slices. Slices are groupings
of cylinders commonly used to organize data by function.

For example, you can store critical system files and programs in one slice, while you
can store user-created files in another slice on the same disk.

Note - By grouping cylinders in this way, the amount of movement required by the
read/write heads to access a file is reduced, which improves disk I/O performance.

A disk under SunOS can be divided into eight slices, labeled slice 0 through slice 7.

By convention, slice 2 is used to represent the entire disk. It records items, such as the
size of the actual disk, and the total number of cylinders available for the storage of
files and directories.

Solaris Operating Environment System Administration I & II Page 153 of 563


Solaris SA 1 & 2 - Training Material

The Boot Disk

The slices shown in Figure 5-3 are a possible configuration convention for logically
organizing data that is to be stored on the boot disk. Not all slices have to be defined
on a disk.

Figure 5-3 Disk Slices on a Single Disk System

Table 5-1 identifies the disk slices.

Table 5-1 Disk Slices

Slice Name Function

0 / root's system files

1 swap Swap area

2 Entire disk

5 /opt Optional software

6 /usr System executables and programs

7 /export/home User files and directories

Figure 5-4 illustrates how the above slices reside on the disk. Each slice is defined by a
starting cylinder and an ending cylinder. These cylinder boundaries determine the size of a
slice.

Solaris Operating Environment System Administration I & II Page 154 of 563


Solaris SA 1 & 2 - Training Material

Disk Slice Naming Convention

The full name of a slice is represented by an eight character string which includes the
controller number, the target number the disk number, and the slice number.

‰ Controller number - Identifies the host bus adapter, which controls communications
between the system and disk unit. It takes care of moving disk heads, data transfer,
and location of data on the device. The controller number is assigned in sequential
order, such as c0, c1, c2 and so on.

‰ Target number – Target numbers such as t0, t1, t2 , and t3 correspond to a unique
address switch setting that is selected for each disk, tape, or CD-ROM. An external
disk drive has an address switch, located on the rear panel. An internal disk has
address pins which are jumpered to assign its target number.

Solaris Operating Environment System Administration I & II Page 155 of 563


Solaris SA 1 & 2 - Training Material

‰ Disk number — The disk number is also known as the logical unit number (LUN).
This number reflects the number of disks at the target location. The disk number is
always set to do with embedded SCSI disks.

‰ Slice number — A slice number ranging from 0 to 7.

c# t # d# s#

Controller number

Target number

Disk number
(Logical Unit Number, LUN)

Slice number

Solaris Operating Environment System Administration I & II Page 156 of 563


Solaris SA 1 & 2 - Training Material

Device Naming Conventions


In the Solaris Operating, Environment, all devices have three different types of names,
depending on how the device is being referenced.

‰ Logical device names


‰ Physical device names
‰ Instance names

Note - BSD device names also exist in the Solaris Operating Environment if the BSD
compatibility packages are installed with either the Developer, Entire Distribution, or Entire
Distribution plus OEM Solaris Software Group. The BSD device names are typically used for
backwards compatibility with old scripts, (for example, /dev/sdOa).

Logical Device Names

You use logical device names, and in some cases by regular users, primarily to refer
to a device on the command line.

All logical device names are kept in the /dev directory.

Logical device names are symbolic links to the physical device names kept in the
/devices directory.

The logical disk device names contain the controller number, target number, disk
number, and slice number.

Every disk device has an entry in both the /dev/dsk and /dev/rdsk
directories, for the block and character (raw) disk devices respectively.

# or example:

# ls /dev/dsk

Solaris Operating Environment System Administration I & II Page 157 of 563


Solaris SA 1 & 2 - Training Material

‰ C0t0d0s0 through c0t0d0s7 – Identifies the device names for disk slices 0 through 7,
for a disk that is attached to controller 0, at target 0, on disk unit 0.
‰ C0t3d0s0 throughc0t3d0s7 — Identifies the device names for disk slices 0 through 7,
for a disk that is attached to controller 0, at target 3, on disk unit 0.
‰ c0t6d0s0 through c0t6d0s7 — Identifies the device names for disk slices 0 through 7.
Normally, CD-ROM devices are treated the same as disks. This indicates a device on
controller 0, at target 6, and disk unit 0.

Physical Device Names

Physical device names uniquely identify the physical location of the hardware devices
on the system, and are maintained in the /devices directory.

Note Various hardware platforms have different device trees.

A physical device name uniquely identifies the location of the device. It contains the
hardware information, represented as a series of node names, separated by slashes, to
indicate the path to the device that reflects hardware connectivity. For example:

# ls -1 /dev/dsk/c0t0d0s0 .

Irwxrwxrwx 1 root root 46 Jun 16 19:07 /dev/dsk/c0t0d0s0 ->


. . / . . /devices/pci@lf ,0/pci@l, l/ide@3/dad@0 , 0 :a

Solaris Operating Environment System Administration I & II Page 158 of 563


Solaris SA 1 & 2 - Training Material

For example, an Ultra 5 system has the device configuration tree-structure shown in Figure 5-
8 (not all possible devices are included).

Figure 5-8 The /devices Directory Structure

The top-most directory in the hierarchy is called the root node of the device tree. An object
below the root node has a device driver associated with it, which is called a leaf, or bus nexus
node.

Note - A device driver is the software that communicates with the device. This software must
be available to the kernel to use the device.

The kernel identifies the physical location of a device by associating a node with an address,
nodename@address, which is called the physical.device name, for example, dad@0 .

Solaris Operating Environment System Administration I & II Page 159 of 563


Solaris SA 1 & 2 - Training Material

Instance Names

Instance names are abbreviated names assigned by the kernel for each device on the
system.

An instance name is simply a shortened name for the physical device name. Two
examples are shown below:

sdn

Where sd is the disk name and n is the disk number, such as sd0, for the first SCSI
(small computer system interface) disk device:

dadn

where dad (direct access device) is the disk name and n is the disk number, such as
dad0, for the first ide (integrated drive electronics) disk device.

Solaris Operating Environment System Administration I & II Page 160 of 563


Solaris SA 1 & 2 - Training Material

Listing a System's Devices


The following sections describe how to list a system's devices.

The /etc/path_to_inst File


In the Solaris Operating Environment, the system records, for each device, its instance name and number
along with its physical name in the /etc/path_to_.inst file. These name are used by the kernel to identify
every possible device. This file is read only at boot time.

Note - The device instance number, shown in bold below, appears to the right of the
device instance name when recorded in this file.

The /etc/path_to_inst file is maintained by the kernel, and it is generally not


necessary, nor is it advisable for the system administrator to ever change this file.

# more /etc/path_to_inst
#
# Caution! This file contains critical kernel state
#
# pci@lf, 0" 0 "pci"
# /pci@lf,0/pci@l,l/ide@3/sd@2,0" 2 "sd" (CD-ROM)
# /pci@lf,0/pci@l,l/idePVdad@0,0" 0 “dad" (disk)
# /pci@lf, 0/pci@l,l/ebus@l" 0 "ebus" (extended bus)
# /pci@lf,0/pci@l/l/ebus@l/fdthree@14,3023fO" 0 "fd" (floppy disk)
# /pci@lf ,0/pci@l(l/ebus@l/su@14,3062f8" 1 "su" (mouse)
# /pci@lf,0/pci@l,l/ebus@l/se@14,400000" 0 "se" (serial ports A and B)
# /pcieif,0/pci@l,l/ebus@l/su@14,3083f8" 0 "su" keyboard;
# /pci@lf , 0/pci@l,l/ebus@l/ecpp@14,3043bc" 0 "ecpp" ('extended
capability parallel port)
#pci@lf, 0'/pci@l, l/ebus@l/SUNW,CS4231@14, 200000" 0 "audiocs" (crystal
semiconductor)
# /pci@lf, 0/pci@l, l/ebus@l/pov;er@14, 724000" 0 "power" /power management bus)
# /pci@lf ,0/pci@l, l/network@l , 1" 0 "hme" (Fast Ethernet)

Solaris Operating Environment System Administration I & II Page 161 of 563


Solaris SA 1 & 2 - Training Material

Note — Different systems have different physical device paths. This example shows
an onboard peripheral component interconnect (PCI) bus configuration.

Sample /etc/path_to_inst File

The following is a path_to_inst file from a system that has a different bus architecture. In this
case, it is an example of a system that has an onboard Sun system bus (Sbus).

# more /etc/path_to_inst
#
# Caution! This file contains critical kernel state
#
# /sbus@lf,0" 0 "sbus"
# /sbus@lf ,0/espdma@e, 8400000" 0 "dma"
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000” 0 “esp”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@3,0” 3 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@2,0” 2 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@1,0” 1 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@0,0” 0 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@6,0” 6 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@5,0” 5 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / sd@4,0” 4 “sd”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@3,0” 3 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@2,0” 2 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@1,0” 1 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@2,0” 2 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@3,0” 3 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@4,0” 4 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@5,0” 5 “st”
# /sbus@lf ,0/espdma@e, 8400000/esp@e,8800000 / st@4,0” 4 “st”

….< remaining lines removed > ….

The prtconf Command


You use the prtconf command to display the systems configuration information,
including the total amount of members installed and the configuration of system
peripherals formatted as a device free.

The prtconf command lists all instances of devices whether the device is attached or
not attached to the system

Solaris Operating Environment System Administration I & II Page 162 of 563


Solaris SA 1 & 2 - Training Material

To view only a list of attached devices on the system, execute the following
commands.

# prtconf | grep -v not

System Configuration: Sun Microsystems sun4u


Memory size: 64 Megabytes
System Peripherals (Software Nodes):

SUNW,Ultra-5_10
options, instance #0
pci, instance #0
pci, instance #0
ebus, instance #0
power, instance #0
se, instance #0
su, instance #0
su, instance #l :
fdthree, instance #0
network, instance #0
SUNW,m64B, instance #0
ide, instance #0
dad, instance #0
sd, instance #2
pci, nstance #l
pseudo, instance #0

Note - The command grep -v not is used to omit all containing the word "not" from
the output.

Solaris Operating Environment System Administration I & II Page 163 of 563


Solaris SA 1 & 2 - Training Material

The format Command


You use the format command to display both logical and physical device names for
all currently available disks. For example

# format

Searching for disks ... done

AVAILABLE DISK SELECTIONS:


0. cOtOdO <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>
/pci@lf ,0/pci@l,l/ide@e/dad@0,0
1. clt3dO <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>
/pci@if ,0/pci@l/isptwo@4/sd@3,0

Specify disk (enter its number) :

Note - Press Control +d to exit the format command.

Solaris Operating Environment System Administration I & II Page 164 of 563


Solaris SA 1 & 2 - Training Material

Reconfiguring Devices
The system recognizes a newly added peripheral devices if a reconfiguration boot is
invoked. This particular boot process adds the new device to a newly generated device
tree and to the /dev and /devices directories..

The following steps reconfigure a system to recognize a newly attached disk.

1. Create the /reconfigure file. This file causes the system to check for the
presence of any newly instated devices the next time it is powered on or
booted.

# touch /reconfigure

2. Shut down the system. This command brings the system to an appropriate
slate for turning the system power off to safely allow for adding or removing
devices.
# init 5

3. Turn off the power to all external devices.

4. Install the peripheral device, making sure the device being added has no
conflicting address with other devices on the system.

5. Turn on the power to all external devices.

6. Turn on the power to the system. The system boots to the login screen.

7. Verify that the peripheral device has been added by issuing one of the
following commands: prtconf or format.

Once the disk is recognized by the system, YOU can begin the process of defining disk
slices.

Note - If the /reconfigure file was not created before the system was shut down, you
can invoke a manual reconfiguration boot with the PROM level command: boot -r .

Solaris Operating Environment System Administration I & II Page 165 of 563


Solaris SA 1 & 2 - Training Material

Configuring the Solaris Operating Environment Devices

Before the Solaris Operating Environment release, you used the drvconfig command
to configure, devices. This command managed the physical device entries in the
/devices directory. The commands disks, tapes, devlinks, and ports manage the logical
device entries in the /dev directory.

Note - The ports command creates /dev entries for serial lines.

Now, both the reconfiguration boot process and the updating of the, /dev and /devices
directories for dynamic reconfiguration events are handled by the devfsadm
command.

For compatibility purposes, drvconfig and the other commands are symbolic links to devf sadm.

The devfsadm command attempts to load every driver in the system and attach to all
possible device instances.

It then creates the device files in the /devices directory and the logical links in the /dev
directory. In addition to managing these directories, devfsadm also maintains the,
/etc/path_to_inst file

devfsadm Options
To restrict the use of the devfsadm command to a specific device class, use the -c
option.

#devfsadm -c device_class

Where the values to device_class include: disk, tape, port video and pseudo. For
example:

# devfsadm -c disk

Solaris Operating Environment System Administration I & II Page 166 of 563


Solaris SA 1 & 2 - Training Material

You can use the -c option more than once on the command line to specify multiple device
classes. For example:

# devfsadm -c disk -c tape -c audio

To restrict the use of the devfsadm command to configure only devices for a named
driver, user the -i option. For example:

devfsadm -i driver_name

Some examples of using the -i option include:

‰ To configure only those disks supported by the dad driver:


# devfsadm -i dad
‰ To configure only those disks support by the sd driver:
# devfsadm -i sd
‰ To configure devices supported by the st driver:
# devfsadm -i st

Solaris Operating Environment System Administration I & II Page 167 of 563


Solaris SA 1 & 2 - Training Material

Configuring a Device Before, the Solaris Operating Environment

You can also use the drvconfig command to reconfigure the system to recognize new devices without
rebooting

By default, this command configures the /devices directory with the physical device
name(s) of the newly attached device(s) and updates the /etc/path_to_inst file.

Adding a New Disk or Tape Drive

Commonly, the types of peripheral devices added to a workstation are disks and tape
drives.

‰ When adding a new disk, you must issue the disk command to create the /dev
entries for the newly attached disk(s).
‰ When adding a tape drive, you must issue the tape command to create the /dev
entries for the newly attached tape drive(s).

Note - If adding miscellaneous devices or pseudo-devices, you use the devlinks


command to add /dev entries for the new devices.

Adding a New Disk Device

The following steps illustrate how to add a new tape device:

1. Invoke the drvconfig command

# drvconfig -i dad

or

# drvconfig -i sd

Solaris Operating Environment System Administration I & II Page 168 of 563


Solaris SA 1 & 2 - Training Material

2. Invoke the disks command.

# disks

This command creates symbolic links in the /dev/dsk and /dev/rdsk directories
pointing to the actual disk device files located in the /devices directory.

Adding a New Tape Drive

The following steps illustrate how to add a new tape drive:

1. Invoke the drvconfig command.

# drvcconfig -i st

2. Invoke the tapes command.

# tapes

This command creates symbolic links in the /dev/rmt directory to the actual
tape device files located in the /devices directory.

Solaris Operating Environment System Administration I & II Page 169 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER – 7

DISKS, SLICES, AND FORMAT

Objectives

Upon completion of this module, you should be able to:

‰ Explain the term disk slice

‰ Describe and create a disk label

‰ Define and modify a partition table using the format utility

‰ Describe the purpose of the /etc/format.dat file

‰ Use the format utility to save and retrieve customized partition tables

‰ Demonstrate how to view the disk's VTOC using two different commands: verify

and prtvtoc

‰ Use the fmthard command to update the VTOC on a disk

Solaris Operating Environment System Administration I & II Page 170 of 563


Solaris SA 1 & 2 - Training Material

Disk Slices and the format Utility

The format utility is a system administration tool used primarily to prepare hard disk
drives for use in the Solaris Operating Environment.

Though you can use the format utility to perform a variety of disk management
activities, the main reason you use the format utility is to divide a disk into disk slices.

Note - The Solaris Operating Environment installation program also divides disks into
disk slices as part of installing the Solaris Operating Environment release.

To divide a disk into slices, the system administrator will need to:

• Identify the correct disk

• Plan the layout of the disk

• Use the format utility to divide into slices

• Label the disk with new slice information

Only the root user can use the format utility. If format is run by a regular user, the
following error message is displayed:

$ format

Searching for disk...done

No permission (or no disk found)

Solaris Operating Environment System Administration I & II Page 171 of 563


Solaris SA 1 & 2 - Training Material

Disk Labels and Partition Tables

Every disk in the Solaris Operating Environment has a special area set aside for
storing information about the disk's controller, geometry, and slices.

This information is called the disk's lable. Another term used to describe a disk label
is the volume table of contents (VTOC). The disk's label VTOC is stored on the first
sector of the disk.

To label a disk means to write slice information onto the disk. If the system
administrator fails to label a disk after defining slices, the slice information is lost.

An important part of the disk label is the partition table, which identifies, a disk
slices, the slice boundaries (in cylinders), and the total size of the slices.

Note -The terms disk slice and disk partition are interchangeable.

Solaris Operating Environment System Administration I & II Page 172 of 563


Solaris SA 1 & 2 - Training Material

Disk Partition Table


A disks partition table can be displayed using the format utility

Figure 6-1 A Partitioned Disk

The partition table primarily defines partition boundaries and the number of
£vHn£tersjn_a_£artition. For example:

Current partition table (original):


Total disk cylinders available 8892 + 2 (reserved cylinders)

part Tag Flag Cylinders


Size Blocks

0 root wm 0 -2520 1.1 4G3 (2521/0/0) 2382345


1 swap wu 2521 -2840 147. 66KB (320/0/0) 302400
2 backup wm 0 -8892 4 .01GB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned win 0 0 (0/0/0) 0
6 usr wm 2 841 -8000 2.73GB (6051/0/0) 5718195
7 unassigned wm 0 0 (0,0/0) 0
Partition boundaries must begin and end with entire cylinders.

Solaris Operating Environment System Administration I & II Page 173 of 563


Solaris SA 1 & 2 - Training Material

Table 6-1 describes the fields contained in a disk's partition table.

Table -5-1 Partition Table Terms and Usage

Field Description

Part Slice number. Valid slice numbers include 0


through 7.

Tag A value used to indicate how the slice is


being used.
0 = unassigned
1 =boot
2 = root
3 = swap
4 = usr
5 = backup
6 = stand
7 = var
8 = home
9 = alternates

Flag wm- disk slice is writable and mountable.

wu -disk slice is writable and unmountable.


This is the defaults state of slice dedicated for swap areas.

rm = disk slice is read only and mountable.

ru - disk slice is read only and unmountable.

Cylinders The starting and ending cylinder number for the disk slice.

Size The slice size: Mbytes (mb), Gbytes (gb),


Blocks (b), or Cylinders (c).

Blocks The total number of cylinders and the total


number of sectors per slice.

Note - Partition tags and flags are assigned by convention. They are ignored by the
SunOS and require no maintenance.

Solaris Operating Environment System Administration I & II Page 174 of 563


Solaris SA 1 & 2 - Training Material

Defining Disk Slices


Disk slices are defined by an offset and a size in cylinders. The offset is the distance
from cylinder 0. For example:

Slice 2 -- Overlaps Entire Disk

Slice 0 Slice 1 Slice 6


Size
Size 320 Cylinders Size
2521 Cylinders 6051 Cylinders

Offset 0 Off set 2521 Off set 2841

Figure 6-2 Offsets and Sizes for Disk Partitions

The offset for slice 0 is 0 cylinders and its size is 2521 cylinders. Slice 0 begins on
cylinder 0 and ends on cylinder 2520.

The offset for slice 1 is 2521 cylinders and its size is 320 cylinders. Slice 1 begins on
cylinder 2521 and ends on cylinder 2840.

The offset for slice 6 is 2841 cylinders and its size is 6051 cylinders. Slice 6 begins on
cylinder 2841 and ends on the last available cylinder 8892.

Solaris Operating Environment System Administration I & II Page 175 of 563


Solaris SA 1 & 2 - Training Material

Defining Disk Partitions


The following sections describe conditions that can occur when you are defining disk
partitions.

Undesirable Conditions

When creating or changing disk slices, two types of undesirable conditions can occur:
wasted disk space and overlapping disk space.

Wasted Disk Space

Wasted disk space occurs when one or more cylinders are not allocated to a disk slice.

Size- 2521 cyl Size – 320 cyl

Offset – 0 Offset - 2521

Size – 2500cyl wasted Size -320 cyl

Offset – 0 Offset – 2521

Figure 6-3 Disk Slice With Wasted Space ;

The wasted disk space condition can occur when you decrease the size of one slice,
and do not adjust the starting cylinder number of the next disk slice. (In the example
above, cylinders 2501 through 2520 are unusable.)

Overlapping Disk Slices


Overlapping disk slices occurs when one or more cylinders are allocated to more than
one disk slice.

Solaris Operating Environment System Administration I & II Page 176 of 563


Solaris SA 1 & 2 - Training Material

Size- 2521 cyl Size – 320 cyl

Offset – 0 Offset - 2521

Size – 2590cyl wasted Size -320 cyl

Offset – 0 Offset – 2521

Figure 6-4 Disk Slices With Overlapping Cylinders

This type of condition can occur when you increase the size of one slice and do not
adjust the starting cylinder number of the next disk slice. In the example above
cylinders 2521 through 2590 are overlapping two disk slices. The format utility does-
not warn you of overlapping disk slices.

Warning - Do not change the size of disk slices that are currently in use.

Caution - When a disk with existing slices is repartitioned and relabeled, any existing
data will be inaccessible. Existing data must be copied to backup media before the
disk is repartitioned and restored after the disk is relabeled.

Solaris Operating Environment System Administration I & II Page 177 of 563


Solaris SA 1 & 2 - Training Material

Locations of Disk Partition Tables

As a root user, when you select a disk to be partitioned using the format utility, a copy
of the disk’s partition tables is read into memory and is the current disk label.

The format utility also works with a file called /etc/format.dat, which is read when
you invoke the format utility. The format.dat file is a table of available disk types and
a set of predefined partition tables that you can use to partition a disk quickly.

On disk In memory /etc/format.dat

Disk Current Predefined


VTOC disk partition name partition
table save tables

verify" label print Select

Figure 6-5 Partition Table Locations

You can select a predefined partition table from /etc/format.dat to be read in as the
disk's current label by using the following commands within the format utility.

‰ select - Selects a predefined partition table from the list of tables stored in
/etc/format .dat.
‰ print - Displays the selected partition table.
‰ label - Writes the selected partition table to the disk's label.
‰ verify - Locates the disk's label and displays the new information.

You can also save a modified partition table to the /etc/format .dat file for later use on
other disks by using the commands within Format.

• disk - Selects a disk


• name - Creates a name for the modified partition table
• save - Saves the named table to /formats for futures use

The format utility, by default, saves disk labels

Solaris Operating Environment System Administration I & II Page 178 of 563


Solaris SA 1 & 2 - Training Material

Disk Partitioning

The following steps describe how to divide a disk into slices:

1. As root, type format; at the prompt and press Return.

# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:

0. c0t0d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>


/pci@if,4000/pci@l,l/ide@3/dad@0,0
1. Clt3d0 <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>
/pci@if, 4000/pci@l/isptwo@4/sd@3,0

Specify disk (enter its number): 1

The format utility searches for all attached disks. For each disk found, format
displays its logical device name, hardware name, physical parameters, and
physical device name.
2 Choose the second disk by selecting the number located to the left of that
disk's logical device name (for example, 1).

The format utility's main menu is displayed.

selecting clt3d0
[disk formatted]

FORMAT MENU:

disk - select a disk


type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a detective sector
show - translate a disk address
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup tables
verify - read, and display tables
save- - save new disk/partition definitions
volname - set 8 character volume name

Solaris Operating Environment System Administration I & II Page 179 of 563


Solaris SA 1 & 2 - Training Material

The specific menu selections that are used to divide a disk into slices

Partition — Displays the partition menu


label. — Writes the current partition definition to the disk label
verify — Reads and displays the disk label
quit — Exits the format utility
type partition at the format prompt.

- change '0' partition


- change '1' partition
- change '2' partition
- change '3 ' partition
- change ‘4’ partition
- change ‘5' partition
- change '6' partition
- change ‘7' partition

select a predefined table


modify a predefined partition table
name the current table
display the current table
write partition map and label to the disk
execute <cmd>, then return

The partition menu is displayed. This menu enables you to perform the following
functions:

0 - Specifies the offset and size of up to eight partitions


select - Chooses a predefined partition table from format.dat
modify - Changes a predefined partition table
name - Identifies the current partition table
print - Displays the current partition table
lable - Writes the current partition table to the disk label

Solaris Operating Environment System Administration I & II Page 180 of 563


Solaris SA 1 & 2 - Training Material

4. Type print at the part it ion prompt to display the disk label that was
copied to RAM when the format utility was started.

Current partition table (original)


Total disk cylinders available: 2036 +2 (reserved cylinders)

Part Tag Flag Cylinders Size


Blocks
0 root wm 0 - 2520 1.14GB (2521/0/0) 2382345
1 swap wu 2521 - 2840 147.66MB (320/0/0) 302400
2 backup wm 0 - 8892 4.01GB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 usr wra 2841 - 8892 2.73GB (6051/0/0) 5718195
7 unassigned wm 0 0 (0/0/0) 0

The name of the partition table is displayed in parentheses in the first line of the table.

The columns of the table have the following meanings:


• Part - The disk slice number
• Tag - The predefined, optional tag
• Flag - The predefined, optional flag
• Cylinders - The starting and ending cylinder number for the slice
• Size - The slice size (Mbytes, Gbytes, Blocks, or Cylinders)
• Blocks - The total number of cylinders and the total number of sectors per
slice

5. Type 0 (zero) to select slice 0.

Partition>0

Palt Tag Flag Cylinders Size Blocks


0 Root wm 0-1830 901.20MB 1845640
Enter partition id tag [ root ]: <press Return>
Enter partition permission flagsiwm]: cpress Return>
Enter new starting cyl[0]: <press Return>
Enter partition size[184S648b, 1831c, 901 . : 40Omb

6. When prompted for the Id tag enter a question mark (?) and press return, to list
the available choice a tag can be changed by typing a new tag name.

Solaris Operating Environment System Administration I & II Page 181 of 563


Solaris SA 1 & 2 - Training Material

Enter partition id tag(root) : ?


Expecting one of the following: (abbreviations ok):

unassigned boot root swap


usr backup stand var
home alternates

Enter partition id tag[root]:

7. Press the Return key to except the default tag.

8. when prompted for the permission flags, enter a question mark (?) and press Return,
to list the available choices. A flag can be changed by typing the new flag name.

Enter partition permission flags[wm): ?


Expecting one of the following: (abbreviations ok) :
wm - read-write, mauntable
wu - read-write, unmountable
rm - read only, mountable
ru - read only, unmount able

Enter partition permission flags[wmj: .

9. Press the Return key to except the default flags.


10. Press the Return key to except the starting cylinder of 0 (zero).
11. Enter the new partition size for slice 0.
12. Type print.

partition> print . .
Current partition table (unnamed):
Total disk cylinders available: 2036 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks


0 root wm 0 - 2520 1.14GB (2521/0/0) 2382345
1 swap wu 2521 - 2840 147.66MB (320/0/0) 302400
2 backup; wm 0 - 8892 4.01GB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0'0) 0
6 usr wm wm 2841 - 8892 2.73GB (6051 0/0) 5718135
7 unassigned wm 0 0 (0/0 '0) 0

Solaris Operating Environment System Administration I & II Page 182 of 563


Solaris SA 1 & 2 - Training Material

The current partition table shows the change to slice 0.

This change has resulted in wasted disk space between slice 0 and slice 1. To remove
this undesirable condition, adjust the starting cylinder for the next slice.

13. Type 1 to select slice number 1..

partition> 1
Part Tag Flag Cylinders Size Blocks
0 swap wu 1831 - 1983 75.30MB (153/0/0) 154213

Enter partition id tag [swap] :


Enter partition permission flags [wu]:
Enter new starting cyl[1831] : 813
Enter partition size [15422"4b, 153c, 75.30mb]: 60mb

14. Press the Return key to select the default tag and the default flags.

15. Enter the new starting cylinder for slice 1.

16. Enter the new partition size for slice 1.


17. Type print.

partition> print
Current partition table (unnamed) :
Total disk cylinders available: 2036 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks


0 root wm 0 - 2520 1.14GB (2521/0/0) 2382345
1 swap wu 2521 - 2840 147.66MB (320/0/0) 302400
2 backup wm 0 - 8892 4.01GB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 usr wm 2841 - 8892 2.73GB (6051/0/0) 5718195
7 unassigned wm 0 0 (0/0/0) 0

The current, partition table shows the change to slice 1.

The new starting cylinder for slice 1 is one greater than the ending cylinder for
partition 0.

This change- has resulted in wasted disk space between slice 1 and slice 7. To
remove this undesirable condition adjust the starting cylinder for the next
slice.

Solaris Operating Environment System Administration I & II Page 183 of 563


Solaris SA 1 & 2 - Training Material

18. Type 7 to select slice number 7.

partition> 7
Part Tag Flag Cylinders Size Blocks
7 home wm 1984-2034 25.10MB (51/0/0) 51404
Enter partition id tag[home]:
Enter partition permission flags[wm]:
Enter new starting cyl[1831J: 935
Enter partition size[154224b, 153c, 75.30mb]: $

19. Press the Return key to select the default tag and the default flags.

20. Enter the new starting cylinder for slice 7.


21. Enter the new partition size for slice 7, by typing a $ sign.

Note - Entering a $ sign as a value for the last partition size automatically
assigns the ending cylinder boundary for the last slice.

22. Type print to display the partition table.

partition> print

Current partition table (unnamed):


Total disk cylinders available: 2036 + 2 (reserved cylinders)

Part Tag Flag Cylinders Blocks


Size
0 root wm 0 -2520 1.14GB (2521/0/0) 2382345
1 swap wu 2521 -2840 147.66MB . (320/0/0) 302400
2 backup wm 0 -8892 4. 0lGB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) ' 0
5 unassigned wm 0 0 (0/0/0) 0
6 usr wm 2841 -8892 2.73GB (6051/0/0) 5718195
7 unassigned wm 0 0 (0/0/0) 0

Add up the cylinders in the Blocks column for slice 0, slice 1, and slice 7. The
number should equal the total number of cylinders contained in slice 2.

23. After checking the partition table to ensure there are no errors, label
the disk.

partition> label
Ready to label disk, continue? y

partition>

Solaris Operating Environment System Administration I & II Page 184 of 563


Solaris SA 1 & 2 - Training Material

Saving a Partition Table to the /etc/format.dat File


You can use this optional procedure to add the newly created partition table to the
/etc/format.dat file. You save a customized partition table so you can use it to quickly
partition other disks of the same type on the system.

To save a customized partition table, at the partition menu:

1. Type name to enter a unique name for the current partition table. (Frequently
the disk manufactures name is used.)

partition> name
Enter table name (remember quotes) : SUN4.2

2. Exit the partitionmenu.


partition> Quit

3. Type save to save the new partition table information. Enter the - full
pathname for the /etc/format.dat file.
format> save
Saving new partition definition.
Enter file name["./format.dat"]: /etc/format.dat

Locating and Using the Customized Partition Table

To retrieve a customized partition table, at the format menu:


1. Type partition-format partition
2. Locate and select the customized-partition table from the list, using its
assigned number.
partition> select
0. original
1. unamed
2. SUN4.2
Specify table (enter its number)(O) : 2
3. Lable the disk with the select partition table
partitions label
Ready to label disk, continue? yes
4. Exit the partition menu
partition> quit
5. Read the new disk label.
format> verify
6 Exit the format utility.
format> quit

Solaris Operating Environment System Administration I & II Page 185 of 563


Solaris SA 1 & 2 - Training Material

Repartitioning a Disk with the modify Command


You will need to change the size of slices on a disk, as storage requirements
grow, or diminish. The easiest way to accomplish this is using the modify
command from the partition menu.

Warning - When a disk with existing slices is repartitioned and relabeled, any
existing data is inaccessible. Existing data must be copied to backup media
before the disk is repartitioned and restored after the disk is relabeled.

The modify command allows root to create slices by specifying the size of
each slice without having to keep track of starting cylinder boundaries. It also
keeps track of any disk-space remainder in the free hog slice.

The free hog slice is used as a disk space accumulator that expands and
contracts as other slice sizes are changed.

Using the modify Command

The following steps describe how to change the size of a disk slice.
In this procedure slice 0 is increased from 128Mbytes to 200Mbytes.

1. Type format at the prompt and press Return.


2. Select a disk by typing the appropriate number.

# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:

0. c0t0dC <SUN4.2G cyl 3880 alt 2 hd 16 sec 135>


/pciiif,4000/pci@l,l/ide@3/dad@0,0
1. clt3dO <SUN4.2G cyl 3380 all 2 hd 16 sec 135>
/pci@if, 4000/pci@l/isptwo@4/sd@3, 0

Specify disk (enter its number): 1

The format utility's main menu is displayed.

Solaris Operating Environment System Administration I & II Page 186 of 563


Solaris SA 1 & 2 - Training Material

Selecting clt3do
(disk formatted)

FORMAT MENU

disk - select a disk


type - select (define) a disk type
partition - select (define) a partition
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
show - translate a disk address
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/par tit ion definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
:<cmd> - execute <cmd>, then return
quit

3. Type partition.

The partition menu is displayed.


format> partition

PARTITION MENU:

0 - change ‘0’ partition


1 - change ‘1’ partition
2 - change ‘2’ partition
3 - change ‘3’ partition
4 - change ‘4’ partition
5 - change ‘5’ partition
6 - change ‘6’ partition
1 - change ‘7’ partition

select - select a predefined table


modify - modify a predefined partition table
name - name of the current table
print - display the current table
label - write partition map
!<cmd> - execute <cmd>. Then return
quite
partition>

Solaris Operating Environment System Administration I & II Page 187 of 563


Solaris SA 1 & 2 - Training Material

4. Type modify and press Return.


partition> modify
Select partitioning base:
0. Current partition table (original).
1. All Free Hog
Choose base (enter number) [0]? <Return>
5. Press the Return key to accept the default selection. The current partition table
is displayed.

Part Flag Cylinders


Tag Size Blocks
0 root wm 0 - 189 200.39MB (190/0/0) 410400
1 swap wu 190 - 311 128.67MB (122/0/0) 263520
2 backup wm 0 -8892 4.00GB (8892/0/0) 8402940
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 {0/0/0} 0
6 Usr wm 312 -8892 3.67GB (3568/0/0) 7853760
7 unassigned wm 0 0 (0/0/0) 0

Do you wish to continue creating a new partition


table based on above table [yes]? <Return>

6. Select the default option by pressing the Return key, or typing yes
7. Press the Return key to accept slice 6 (the default) as the Free Hog partition. If
slice 6 does not have space allocated to it, then you must specify another slice.

Free Hog partition [6] ? <Return>

Using the Free Hog Slice

When root invokes the format utility to change the size of one or more disk slices, a
"temporary" slice must be designated that expands and shrinks to accommodate the
resizing operations.

This temporary slice is used to donate space when another slice is expanded, and it
receives, or hogs, the discarded space when a slice is shrunk For this reason, the
designated temporary slices sometimes called the tree hog.

Solaris Operating Environment System Administration I & II Page 188 of 563


Solaris SA 1 & 2 - Training Material

The free hog slice exists only during installation, format. There is no
permanent free hog slice during normal operations.

8. Enter the size of slice 0 as 200mb and press Return.

Enter size o£ partition '0' [263520b, 122c, 128.67mb, 0.13gb]: 200mb


Enter size of partition ‘1’ [263520b, 122c, 128.67mb, 0.13gb]: <Retun>
Enter size of partition '3' [0b, 0c, 0.00mb, 0.00gb]: <Retun>
Enter size of partition '4' [0b, 0c, 0.00mb, 0.00gb]: <Retun>
Enter size of partition '5’ [0b, 0c, 0.00mb, 0.00gb]: <Retun>
Enter size of partition '7' [0b, 0c, 0.00mb, 0.00gb]: <Retun>

9. Press the Return key through the remaining slices (1, 3, 4, 5, 7) to


default to their current sizes. Slice 6 is skipped because it has been
designated as the Free Hog partition.

In the partition table, slice 6 has decreased in size as the size of slice 0
increased.

10. Press Return to confirm using this modified partition table.


Okay to make this the current partition table [yes]? <Return>

11. Name the modified partition table and press Return. Enter table name
(remember quotes): clt3d0.4gb

12. Write the modified partition table to the disk by typing yes and
pressing Return.

Ready to label disk, continue? yes


13. Type quit (or q) and press Return to exit the partition menu.

partition> Quit

Thy main format menu is displayed.

Solaris Operating Environment System Administration I & II Page 189 of 563


Solaris SA 1 & 2 - Training Material

Viewing the Disk's VTOC


You can use two methods for locating and viewing a ..link's label, or VTOC.

The first method is to use the verify command from the format utility.

The second method is to invoke the prtvtoc command from the command line.

Reading a Disk's VTOC Using the verify Command

I. At the format prompt, enter the command verify and press Return.

format> verify
Primary label contents:
ascii name = <SUN4.2G cyl 3890 alt 2'hd 16 sec 135>
pcyl = 3382
ncyl = 3880
acyl = 2
nhead = 16
nsect = 135

Part Tag Flag Cylinders Size Blocks


0 root wm 0-189 200.39MB (190/0/0) 410400
1 swap wu 190 - 311 128.67MB (122/0/0) 263520
2 backup wm 0 - 8892 4.00GB (8892/0/0) 8402940
3 unassigned wm 0 0. (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 assigned wm 0 0 (0/0/0) 0
6 usr wm 312 - 8892 3.67GB (3568/0/0) 7853760
7 unassigned wm 0 0 (0/0-0) 0

format> quit

2. Type quit (or q) and press Return to exit the format menu.

Solaris Operating Environment System Administration I & II Page 190 of 563


Solaris SA 1 & 2 - Training Material

Reading a Disk's VTOC Using the prtvtoc Command


The prtvtoc command gives you the ability to view a disk's VTOC from the
command line. For example,

# prtvtoc /dev/rdsk/clt3dOs2

* /dev/rdsk/c0t0d0s2 partition map


* Dimensions:
* 512 bytes/sector
* 135 sectors/track
* 16 tracks/cylinder
* 2160 sectors/cylinder
* 3882 cylinders
* 3880 accessible cylinders
* Flags:
* 1: unmountable
* 10: read-only

First Sector Last


* Partition Tag Flat Sector Count Sector Mount Directory
0 2 00 0 408240 408240 /
1 3 01 410400 671760 1082159
2 5 00 0 8380800 8380799
6 4 00 673920 7706880 8380799 /usr

The disk label information includes the following fields:


• Dimension- Describes the physical dimensions of the disk.
• Flags - Describes the flags listed in the partition table.
• Partition (or slice) - Described in Table 6-1 on page 6-5
• Tag - Described in Table 6-1 on page 6-5
• Flags - Described in Table 6-1 on page 6-5
00=wm / 01=wu / 10=rm / ll=ru
• First Sector - Defines the first sector '(disk block) of the slice.
• Sector Count - Defines the total number of sectors in the slice.
• Last" Sector - Defines the last sector number in the slice.
• Mount Directory - Indicates if it is a file system currently in use. If the field is empty
the slice is currently not being used. If a directory name appears in this field, the slice
is currently being used to store data used to store data.

Solaris Operating Environment System Administration I & II Page 191 of 563


Solaris SA 1 & 2 - Training Material

The fmthard Command


You should save a disk's VTOC to a file, using the prtvtoc command. This allows you
to relabel the disk using the fmthard command, should one of the following situations
occur.

• The VTOC on the disk has been destroyed.


• You accidentally changed the partition information on the disk, and did not
save a backup label in the /etc/format .dat file.

By saving the output of the prtvtoc command into a file on another disk, you can use
it as the data file argument to fmthard to relabel the disk.

fmthard -s datafile /dev/rdsk/c#t#d#s2

Warning - The fmthard command cannot write a disk label on an unlabeled disk. Use
the format utility for this purpose.

If one of the situations described above has occurred, and the VTOC was previously
saved to a file, you can:

1. Run format, select the disk, and label it with the default partition table.
2. Use the fmthard command to write the desired label information, save to a
datafile back to the disk. For example:

# fmthard -s /vtoc/clt3dO /dev/rdsk/clt3dOs2

Solaris Operating Environment System Administration I & II Page 192 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 8

INTRODUCING THE SOLARIS OPERATING


ENVIRONMENT UFS FILE SYSTEM

The Solaris Operating Environment ufs File System


Objectives
Upon completion of this module, you should be able to:
• Describe the three different types of file systems in the Solaris Operating
Environment

• Define the term file system

• List the components that are contained in the structure of a file system

• Create a new ufs file system using the newfs command

Solaris Operating Environment System Administration I & II Page 193 of 563


Solaris SA 1 & 2 - Training Material

File System Types Supported by the Solaris Operating Environment


The Solaris Operating Environment supports three different types of file
systems:

• Disk-based file systems


• Distributed file systems
• Pseudo file systems

Disk-Based File System

Disk-based file systems include hard disks, CD-ROMs, diskettes, and DVD.

• ufs –The standard UNIX file system. Under the Solaris Operating Environment, the
ufs file system is based on the Berkeley fast file-system.

• hsfs - The High Sierra file system is a special purpose file system developed for use
on CD-ROM media.

• pcf s - The PC file system is a UNIX implementation of the DOS file attribute table
(FAT32) file system. It allows the Solaris Operating Environment to access PC-DOS
formatted file systems, giving users direct read/write access to PC-DOS files using
UNIX commands.

• udf -The Universal Disk Format file system for optical storage targeted at DVD and
CD-ROM media. Provides for universal data exchange and supports road-write
operations.

Solaris Operating Environment System Administration I & II Page 194 of 563


Solaris SA 1 & 2 - Training Material

Distributed File Systems

Distributed file systems provide network access to files system resources.

• nfs - The Network file system allows users to share files between many
types of systems on the network. It provides a method of making a disk on
one system appear as though it was connected to another system.

Pseudo File System

Pseudo file systems are memory-based. These File system types provide
access to kernel information and facilities.

• tmpfs - The Temporary file system for file storage in memory without
overhead of writing to a disk-based file system. It is created and destroyed
every time the system is rebooted.
• swapfs -The Swap file system used by the kernel to manage swap space on
disk(s).
• fdfs - The File Descriptor file system provides explicit names for opening
files using file descriptors (for example,/dev/fd/0, /dev/fd/1, /dev/fd/2) in
the /dev/fd directory.
• procfs -The Process file system contains a list of active processes, by
process number, in the /proc directory. Information in this /directory is
used by commands such as the ps command.

Solaris Operating Environment System Administration I & II Page 195 of 563


Solaris SA 1 & 2 - Training Material

Introducing The Solaris Operating Environment Ufs File System

To a user in the Solaris Operating Environment, a file system is a collection of files and
directories used to store and organize data for access by the system and users.

To the operating system, a file system is a collection of control structures and data blocks that
occupy the space defined by a partition and allow for the storage and management of data.

The Solaris Operating Environment stores data in a logical file hierarchy. This file hierarchy
is referred to as the Solaris directory tree, which is formed by a number of file systems.

root ( / )

opt usr dev kernel etc var export tmp

bin lib rdsk dsk default init.d shadow adm home

passwd login su user1 user2 user

Figure 7-1 Solaris Directory Tree

Note - This is not a complete representation of a Solaris directory tree.

Solaris Operating Environment System Administration I & II Page 196 of 563


Solaris SA 1 & 2 - Training Material

Every ufs file system must be created on a disk slice before it can be used in the
Solaris Operating Environment. Creating a file system on a disk slice enables the Solaris
Operating Environment to store UNIX directories and file

The root ( / ) file system

Root ( / )

opt usr dev kernel etc var export tmp

rdsk dsk init.d adm home

/dev/dsk/c0t0d0s0

bin lib userl user2 user3

/dev/dsk/c0t0d0s6 /dev/dsk/c0t0d0s7

Figure 7-2 solaris ufs file systems residing on disk slices

Solaris Operating Environment System Administration I & II Page 197 of 563


Solaris SA 1 & 2 - Training Material

Basic Disk Structures


The Disk Label (VTOC)

The disk label (VTOC) contains the partition table for, the disk, and is located
in the first disk sector (512-byte blocks). A disk partition can contain a file
system that the Solaris Operating Environment interprets as an organization of
directories and files.

The Boot Block


The bootstrap program (bootblk) is found in the next 15 disk sectors. Only the
root file system has an active boot block, although space is allocated for a boot
block at the beginning of each file system.

The Superblock
The file system is described by its superblock. The superblock is contained in
the 16 disk sectors following the boot block. The superblock is a table of
information about the file system including:

• The number of data blocks


• The number of cylinder groups
• The size of a data block and fragment
• A description of the hardware (derived from the label)
• The name of the mount point
• File system state flag: clean, stable, active, logging, or unknown

Backup Superblocks

Because the superblock contains critical data, it is replicated in each cylinder


group to protect against catastrophic loss. This is done when the file system is
created.

Solaris Operating Environment System Administration I & II Page 198 of 563


Solaris SA 1 & 2 - Training Material

DISK LABEL

bootblk

Primary Superblock

Backup Superblock

Cylinder Group Block

Inode Table

Data Blocks
8 Kbytes

Backup Superblock

Cylinder Group Block

Inode Table

Data Blocks
8 Kbytes

Figure 7-3 ufs File System Structure

Figure 7-3 shows a series of cylinder groups in a ufs file system

Solaris Operating Environment System Administration I & II Page 199 of 563


Solaris SA 1 & 2 - Training Material

Cylinder Groups
By dividing the partition into cylinder groups. (the minimum default size is 16
cylinders per group), disk access is improved. The file system constantly
optimizes the disk by placing file data in one cylinder group, thus reducing
head travel. The file system stores files across several cylinder groups if
needed.

Cylinder Group Blocks

The cylinder group block is a table that describes the cylinder group,
including:

• The number of inodes


• The number of data blocks in the cylinder group
• The number of directories
• Free blocks, free inodes, and free fragments in the cylinder group
• The free block map
• The used inode map

Inode Table

The inode table contains the inodes for the cylinder group. An inode (from the
term index node) is the internal description of a file and the location of its data
blocks. Each cylinder group contains a portion of the total number of inodes.

Data Blocks
A data block is the unit of storage for data in the Solaris Operating Environment
file system. The data block is 8192 bytes in size by default

Solaris Operating Environment System Administration I & II Page 200 of 563


Solaris SA 1 & 2 - Training Material

Inodes

An inode contains the following information about a file:

• The type of file and the access modes


• The UID and GID numbers of the filers owner and group
• The size of the file
• The time the file was last accessed or modified, and the inode changed
• The total number of data blocks used by, or allocated to the file

The inode contains two types of pointers: direct pointers and indirect pointers.

Solaris Operating Environment System Administration I & II Page 201 of 563


Solaris SA 1 & 2 - Training Material

Direct Pointers
There are 12 direct pointers, which refer directly to data blocks. The 12 direct pointers
can directly reference the data blocks for a file up to 96 Kbytes.

Indirect Pointers

The three types of indirect pointers are:

• Single indirect pointer - A single indirect pointers refers to a file system block
containing pointers to data blocks. This file system block contains 2048 additional
addresses of 8-Kbyte data blocks, which can point to an additional 16 Mbytes of data.
• Double indirect pointer - A double indirect-pointer refers to a file system block
containing single indirect pointers. Each indirect pointer refers to a file system, block
containing the data block, pointers. Double indirect pointers points to an additional 32
Gbytes of data.
• Triple indirect pointer - A triple indirect pointer can reference up to an additional 70
Tbytes of data. However, the maximum file size is limited to 1 Tbyte in a ufs file
system.

Solaris Operating Environment System Administration I & II Page 202 of 563


Solaris SA 1 & 2 - Training Material

Data Blocks
The rest of the space allocated to the file system is occupied by data blocks, also
called storage blocks.

Data blocks are allocated by default in 8-Kbyte logical block sizes, and further
divided into a 1-Kbyte fragment.

For a regular file, the data blocks contain the contents of the file.

For a directory, the data blocks contain entries that give the inode number and the file
name of those files contained in that directory.

Free Blocks

Those blocks that are currently not being used as ACL lists, indirect address blocks,
or storage blocks are marked as free in the cylinder group map. This map also keeps
track of fragments to prevent fragmentation from degrading disk performance.

Data Blocks and Fragmentation

The method used by the ufs file system to store the contents of a file. which is not
large enough to fill one data block is called fragmentation.

Data blocks can be divided into eight fragments of 1024 bytes each, for the storage of
small files.

Data Block

8192 bytes

1024
bytes
Fragment

Figure 7.5 Example of a Divided Data Block

if a file, contained in a fragment, -grows and requires more space, it is allocated one or more
fragments in the same data block.

Solaris Operating Environment System Administration I & II Page 203 of 563


Solaris SA 1 & 2 - Training Material

The content of two different files can be stored in fragments in the same data block. For
example:

Two files stored in one Data Block

8192 bytes

Block A

File l file 2

Figure 7-6 Example of Two Files Stored in One Data Block

If file 1 requires more space than is currently available in the shared 'data block, then the
entire contents of that expanding file are moved by ufs into a free data block 'This is a
requirement of ufs to assure that all the same file fragments are contained in a whole data
block.

The ufs file system will not allow fragments of the same file to be stored in two different
data blocks.

A single file expanding in another data block

8192 bytes

Block B

File l

Figure 7-7 Example of an Expanded File

Solaris Operating Environment System Administration I & II Page 204 of 563


Solaris SA 1 & 2 - Training Material

Shadow Inode
Files with an ACL list have two inodes, a ufs mode and a shadow inode.

On disk, the ACL lists are stored the same way as the file data, and is referred
to through the direct block pointers in the inode.

The shadow inode points to the data block that contains the actual ACL list.

File (ufs) Inode Shadow Inode

Owner permission
Group permission
Other permission ACL
Shadow address
File data address

Data Block Data Block

ACL List
File Data
User1: rwx
Group 5:r-x

Figure 7-8 Shadow Inode

Solaris Operating Environment System Administration I & II Page 205 of 563


Solaris SA 1 & 2 - Training Material

Creating ufs File Systems


Every disk slice on a newly partitioned disk that is used to store directories or
files must have a file system created on it first.

As root, you can construct a ufs file system on a disk slice using the newfs
command.

The newfs command is a front-end to the mkfs command used to create file
system file systems. The newfs command is located in the /usr/sbin directory.

Caution - The newfs command is destructive; it overwrites any data that


resides on the selected disk slice.

Creating a ufs File System

1. As root, create a file system on the first slice of a newly partitioned


disk. For example:

# newfs /dev/rdsk/clt3d0s0
newfs: construct a new file system /dev/rdsk/clt3d0s0: (y/n)? y
/dev/rdsk/clt3d0s0: 410720 sectors in 302 cylinders 17 tracks 80 sectors
200.5MB in 19 cyl groups (16 c/g,. 10.62MB/g,- 5120 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 21872, 43712, 65552, 87392, 109232, 131072, 152912, 174752, 196592,
218432, 240272, 262112, 283952, 305792, 327632, 349472, 371312, 393152

2. The newfs command asks for confirmation before continuing. Verify


that the correct disk slice on the correct disk is selected. To proceed,
type: y
To terminate the process/type: n

The newfs command displays information about the new file system
being created.

The first line printed by newfs describes the basic disk geometry. The
second line describes the ufs file system created in this slice The third
and remaining lines list the locations of the backup super blocks.

Solaris Operating Environment System Administration I & II Page 206 of 563


Solaris SA 1 & 2 - Training Material

Note - This process also creates a lost+found directory for the ufs file system.
A directory that is used by the file system check and repair (fsck) utility.

3. Steps 1 and 2 above are repeated for every disk slice (on any newly
partitioned disk) that needs to contain a file system.

The newfs command uses a minimum percentage of free space to be


maintained in the new file system. This free space in the file system is referred
to as minfree.. It specifies the amount of space on the slice that is reserved or
held back from regular users.

You can use the newfs -m %free command, to preset the percentage of free
space when you create a new file system.

To change the minimum percentage value of file system, the system


administrator can use the command:

tunefs -m % free

For example:

# tunefs -m 1 /dev/rdsk/clt3dOsO

Solaris Operating Environment System Administration I & II Page 207 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 9

MOUNTING FILE SYSTEMS

Objectives
Upon completion of this module, you should be able to:

• Define the term mount point


• Identify mounted and unmounted file systems
• Mount file systems using the commands .mount and mountall
• Describe some of the commonly used options of the mount command: noatime,
nolargefiles, and logging
• Describe the purpose and format of the /etc/mnttab and /etc/vfstab files
• Define the procedure for mounting different types of file systems
• List the system files used to determine a file system's type
• Unmount local and remote file systems using the commands umount and umountall
• Forcibly unmount a busy file system
• Describe how to mount and access file systems residing on removable media devices,
such as diskettes and CD-ROMs

Solaris Operating Environment System Administration I & II Page 208 of 563


Solaris SA 1 & 2 - Training Material

Working With File Systems

Once you have created a file system, you must attach it to the Solaris
Operating Environment directory tree, at a mount point. Amount point, is a
directory that is the point of connection for a file system, file systems are
commonly referred to by the names of their mount points. For example, the /
(root) file system or the usr file system,

In the Solaris Operating Environment, you use the mounting process to attach
individual file systems to their mount points on the directory tree. This action
makes a file system accessible to the system and to the users,

You use the unmounting process to detach a file system from its mount point
in the directory tree. This action makes a file system unavailable to the system
or users.

Solaris Operating Environment System Administration I & II Page 209 of 563


Solaris SA 1 & 2 - Training Material

Figure 8-1 illustrates how the directory tree spans from one file system to the next.
File system do not contain their own mount point directories.

The root (/) file system

/ (root) on / dev / dsk/c0t0d0s0

opt etc dev usr kernel var export

Default dsk var home

application1
application2
on / dev /dsk/c0t0d0s5 bin share lib
on / dev /dsk/c0t0d0s6

The / opt file system


The /usr file system

user 1 user 1 user 1

on / dev /dsk/c0t0d0s6

The /export /home file system

Figure 8-1 File systems and Mount Points

Solaris Operating Environment System Administration I & II Page 210 of 563


Solaris SA 1 & 2 - Training Material

Identifying Mounted File Systems

The mount Command

All users can determine which file systems are currently mounted by running
the mount command, which is located in the /sbin directory.

The /etc/mnttab File

The mount command maintains the /etc/mnttab file, mounted file system table.

Each time a file system is mounted, an entry is added to this file by mount.
Whenever a file system is unmounted, its entry is removed from the mnttab
file.

A typical /etc/mnttab file is shown below:

# mount
/ on /dev/dsk/c0t0d0s0 read/write/setuid on Thu Apr 13 17:25:29 2000
/usr on /dev/dsk/c0t0d0s6 read/write/setuid on Thu Apr 13 17:26:30 2000
/var on /dev/dsk/c0t0d0sl /read/write on Mon Mar 6 17:58:20 2000
/proc on /proc read/write/setuid on Thu Apr 13 17:26:28 2000
/dev./fd on fd read/write/setuid on Thu Apr 13 17.26:31 2000
/etc/mnttab on mnttab read/write/setuid on Thu Apr 13 17:26:34 2000
/var/run on swap read/write/setuid on Thu Apr 13 17:26:34 2000
/tmp on swap read/write/setuid on Thu Apr 13 17:26:38 2000
/opt on /dev/dsk/c0t0d0s5 read/write/setuid on Thu Apr 13 17:26:38 2000
/export/home on /dev/dsk/c0t0d0s7 /read/write on Mon Mar 6 17:58:21 2000

The fields in the mount output are described in the example below.
/export/home on /dev/dsk/c0t0d0s7 /read/write on Mon Mar 6 17:58:21 2000

mount device mount date and time


point name options mounted

• Mount Point - The mount point, or directory name where the system is to be attached
to within the root file system, (for example: /usr, /opt).

Solaris Operating Environment System Administration I & II Page 211 of 563


Solaris SA 1 & 2 - Training Material

• Device Name - The name of the device that is mounted at the mount point. This block
device is where the file system is physically located.

• Mount Options - The list of mount options in effect for the file system.

• Date and Time Mounted - The date and time the file system was mounted to the
directory tree.

Mount Table Changes in /etc/mnttab

In previous Solaris Operating Environment releases, /etc/mnttab was a text file that
stored information about mounted file systems. In Solaris this file is an mntfs file
system -that provides read-only' information directly from the kernel about mounted
files systems for the local host.

Note - No administration is required for the /etc/mnttab mount table

The /var/run File System

The /var/run file system is a new tmpfs mounted file system, in the Solaris Operating
Environment.

It is the repository for temporary system files that are not needed across system
reboots in this Solaris Operating Environment release. It is mounted as a pseudo file
system rather than a disk-based file system.

The /var/run directory requires no administration. for security reasons, it is owned by


root.

The / tmp directory continues to be repository for temporary files

Solaris Operating Environment System Administration I & II Page 212 of 563


Solaris SA 1 & 2 - Training Material

Mounting file Systems


The /usr/sbin/mount

The mount command not only lists which file systems are currently mounted,
it is also provides the root user with a method for mounting file systems.

You can mount file systems manually by root running the mount command, or
the system can automatically mount file systems at boot time after consulting
the /etc/vfstab file.

Note -The /etc/vfstab file lists file systems to be mounted when the system is
booted. This file is covered in detail later in this module.

Command format

mount [ option (s)] device_name mount_point

Mounting a Local File System Manually

To mount a local file system manually, you need to know the name of the
device where the file system resides, and its mount point directory name. For
example:

# mount /dev/dsk/c0t0d0s7 /export/home

In this example, the default action is to mount the file system with the
following preferences: read/write, setuid, nologging, and largefiles.

• read/write- Indicates the file permissions. Access is based on the


permissions of the files and directories in the file system. (The default
for hsfs file systems is ro.)

• setuid- Permits the execution of setuid programs in the file system.

Solaris Operating Environment System Administration I & II Page 213 of 563


Solaris SA 1 & 2 - Training Material

• no logging - Disables logging for the ufs file system.

• large files — Allows for the creation of files larger than 2 gigabytes.
A file system mounted with this option may contain large size files.

Note - Due to file system overhead, the largest file size that can be created is
866 Gbytes.

Using Options With the mount Command

When using mount options on the command line, the options are preceded by
the -o flag. When multiple options are used, they are entered as a comma
separated list following the –o flag.

mount -o options, option,... device name mount point

Some options used to mount local file systems include: ro, nosetuid, noatime,
nolargefiles, and logging.

• ro - Mounts the file system as read-only.

The following is an example using this option on the command line:


# mount -o ro /dev/dsk/c0t0c0s7 /export/home

• nosuid - Prohibits the execution of setuid programs in the file system. This
does not restrict the creation of setuid programs.

The following example shows the use of multiple options on the command
line:

# mount -o ro, nosuid. /dev/dsk/c0t0d0s7 /export/home


• noatime - Suppresses the time last accessed modification on files, reducing
disk activity on a file system where access times are not important.
Specifying this option generally improves file access times and boots
overall performance. For example:

# mount -o noatime /dev/dsk/c1t0d0s7 /export/home

• nolargefiles – Prevents a file system containing one or more “large files”


from being mounted. For example.

Solaris Operating Environment System Administration I & II Page 214 of 563


Solaris SA 1 & 2 - Training Material

# mount -o nolargefiles /dev/dsk/c0t0d0s7 / export/home

Using the nolargefiles option fails if the file system to be mounted contains a
large file, or did contain a large file at one time.

If the file system currently contains a large file, and root needs to mount it
with this option, then the large file(s) must be located, and moved or removed
from the file system. Then you must run the file system check program
manually to update the superblock information.

The mount will also fail if the file system at one time contained a large file,
even though it was moved or removed. You must run the file system check
program to clear the old information and allow the file system to be mounted.

Note - Module 9, "Maintaining File Systems" describes the file system check
program (fsck).

• logging-Enables logging for a ufs file system.

For example:

# mount -o logging /dev/dsk/cOtOdOs7 /export/home

UFS file system logging is a process of storing file system transactions, or


changes that make up a complete file or directory operation, into a log before
they are applied to the file system. Once a transaction is stored, the complete
transaction can be applied or reapplied to. the file system later.

The ufs log is allocated from free blocks in the file system. It is sized
approximately 1 Mbyte per 1 Gbyte, up to a maximum of 64 Mbytes.

As a ufs log reaches its maximum size, it begins to write transactions to the
file system (for example, disk). When the file system is unmounted the entire
ufs log is emptied and all transactions are written to disk.

Solaris Operating Environment System Administration I & II Page 215 of 563


Solaris SA 1 & 2 - Training Material

UFS logging offers two advantages. First it prevents file systems from
becoming inconsistent; therefore, eliminating the need to run lengthy fsck
scans. Secondly, you can bypass fsck scanning, which reduces the time
required to reboot a system if it was stopped by a method other than an orderly
shutdown.

Solaris Operating Environment System Administration I & II Page 216 of 563


Solaris SA 1 & 2 - Training Material

Automatic Mounting of File systems


The Virtual File System Table: /etc/vfstab

The Solaris Operating Environment provides several methods for automating


file system mounts.

One method is to add the file system(s) to the /etc/vfstab file. This file lists all
the file systems that are to be automatically mounted at system boot time.

The /etc/vfstab file provides you with another important feature.

If the /etc/vfstab file contains the mapping between the mount point and the
actual device name, root can manually mount a file system specifying only the
mount point on the mount command-line.

For example:

# mount /export/home

The /etc/vfstab File

A default /etc/vfstab file is created during the Solaris Operating Environment


software installation, based on your selections.

However, the system administrator can edit the /etc/vfstab file whenever file
entries need to be added or modified.

The following is an example of an /etc/vfstab file, on a system with one disk


(c0t0d0).

The file format includes seven fields per line entry, each field is separated by a
Tab. A - (dash) character indicates an empty field. Commented lines begin
with the # symbol.

# cat /etc/vfstab

# device device mount FS fsck mount mount


# to mount to fsck point type pass at boot options

Solaris Operating Environment System Administration I & II Page 217 of 563


Solaris SA 1 & 2 - Training Material

# /dev/dsk/cld0s2 /dev/rdsk/cld0s2 /usr ufs 1 yes -


fd -- /dev/fd fdfs - no -
/proc -- /proc procfs - no -
/dev/dsk/cdt0d0sl -- - swapfs - no -
dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no -
/dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr ufs 1 no -
/dev/dsk/c0t0d0s3 /dev/rdsk/c0t0d0s3 /opt ufs 1 yes noatime
/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 1 yes logging
swap -- /tmp tmpfs - yes

To add a line entry, you need the following information: the device where the file
system resides; the name of the mount point; the type of file system; whether it is to
be mounted automatically during a system boot; and any mount options. For example:

device to mount — The block device to be mounted. For example, a local ufs file
system: /dev/dsk/c#t#d#s# or a -pseudo file system: /proc.

device to fsck — The raw or character device to be checked by the file system check
program (fsck).

mount point — The name of the directory where the device should be added to the
Solaris Operating Environment directory tree.

FS type — The type of file system to be mounted.

fsck pass — Indicates whether the file system is to be checked by fsck at boot time. A
whole number placed in this field indicates a yes. A - (dash) or a 0 (zero) indicates a
no.

mount at boot — Enter a yes to enable the mountall command to mount the file
systems at boot time. Enter a no to prevent a file system mount at boot time.

Note - For / (root) and /usr, the mount at boot field value is specified as no. These file
systems are mounted by the kernel as part of the boot sequence before the mountall
command is run.

mount options — A comma-separated list of options to be passed to the mount


command.

Solaris Operating Environment System Administration I & II Page 218 of 563


Solaris SA 1 & 2 - Training Material

The usr/sbin/mountall Command


The /etc/vfstab file is read by the /usr/sbin/mountall command during the system boot
sequence; and mounts all file systems specified in vfstab that have a yes in the mount
at boot field.

The root user can use this command to manually mount every file system in
/etc/vfstab that has a yes in the mount at boot field. For example:

# mount all

To mount only the local file systems specified in the /etc/vfstab file:

# mount all -1

Checking File Systems Before Mounting

Each local file system in the vfstab file that has a device to fsck entry and a fsck pass
number is checked by fsck to determine if the file system is in a usable state to be
safely mounted.

If the file system is found to be in an unusable state (for example, corrupted), it is


repaired by fsck before the mount is attempted. Any local file systems with a '-' or '0'
(zero) entry in the fsck pass field will attempt to be mounted without being checked.

Solaris Operating Environment System Administration I & II Page 219 of 563


Solaris SA 1 & 2 - Training Material

Unmounting File Systems


The /usr/sbin/umount Command

Unmounting a file system using the umount command removes it from the file
system mount point and deletes the entry from the /etc/mnttab file.

Some file system administration tasks cannot be performed on mounted file


systems.

A file system is commonly unmounted if it is no longer needed, if it needs to


be checked and repaired by fsck, or if it needs to be backed up completely.

Note - Notify users before unmounting a file system they are currently
accessing.

To manually unmount a file system using the mount point or directory name:

# umount /export/home

or

# umount /dev/dsk/c0t0d0s7

Solaris Operating Environment System Administration I & II Page 220 of 563


Solaris SA 1 & 2 - Training Material

Automatic Unmounting of File Systems


The /usr/sbin/ umountall Command

The /etc/mattab file is also read by the /usr/sbin/umountall command during


the system shutdown sequence and unmounts all file systems specified in vf
stab except / (root), /usr, /proc, /dev/fd, /var, /var/run, and /tmp.

Manually Unmounting all File Systems


This command can be run by root to manually unmount all the file systems
listed in /etc/mnttab. For example:

# umountall

To unmount all local file systems specified in the /etc/mnttab file:

# umountall -1

To verify that a file system or a number of file systems have been unmounted,
invoke the mount command and check the output.

Solaris Operating Environment System Administration I & II Page 221 of 563


Solaris SA 1 & 2 - Training Material

Commands to Unmount a Busy file System


Any file system that is busy is not available for unmounting. Both the umount
and umountall command display the error message:

umount: file system_name busy

A file system is considered to be busy if one of the following conditions


exists: a program is accessing a directory in the file system; a user is in the file
system mount point directory; a program has a file open in that file system, or
it is being shared.

There are two methods to make a file system available for unmounting if it is
busy.

• fuser command -To list all the processes accessing the file system, and kill
them if necessary.
• umount. -f command - To force the unmount of a file system.

Note - The umount -f command is new in the Solaris Operating


Environment.

Using the fuser Command

To stop all processes from accessing a file system:


1. As root, list all the processes accessing the file system. Use the
following command to identify which processes need to be terminated.

# fuser -cu mount_point

This displays the name of the file system and the user login name for
each process currently active in the file system.

2. Kill all processes accessing the file system.

# fuser –ck mount_point

A SIGKILL is sent to each process using the file system.

Solaris Operating Environment System Administration I & II Page 222 of 563


Solaris SA 1 & 2 - Training Material

3. Verify there are no processes accessing the file system.


# fuser -c mount_point
4. Unmount the file system.
# umount mount_point

Using the umount -f Command


As root, you can unmount a file system even if it is busy using the -f (force) option with umount. This is a
new option in the Solaris Operating Environment.

#umount -f mount_point
The file system is unmounted even if there are open files. A forced unmount can
result in loss of data. However, it is particularly useful for unmounting a shared file
system if the remote file server is nonfunctional.

Solaris Operating Environment System Administration I & II Page 223 of 563


Solaris SA 1 & 2 - Training Material

Procedure for Mounting a New File System


The general procedure outlined below briefly describes the steps for adding a
new disk to the system, preparing the disk to hold a file system, and mounting
the file system.

1. Set up the disk hardware. Includes setting address switches and


connecting cables.

2. Perform a reconfiguration boot to add support for the new device.

3. Use the format utility to partition the disk into one or more slices.

4. Create a new file system structure on one slice using the newfs
command..

5. Create a mount point for the file system by creating a new directory in
the root file system using the mkdir command. For example:

# mkdir /database

6. Mount the new file system manually using the mount command, For
example:

# mount /dev/dsk/clt3dOs3 /database

7. Check to see if the file system is mounted with the mount command.

# mount

8. Edit the /etc/vfstab file to add a line entry for the new file system. The
file system will automatically be mounted whenever the system boots.
# device device mount FS fsck mount mount
# to mount to fsck point type pass at boot options

Solaris Operating Environment System Administration I & II Page 224 of 563


Solaris SA 1 & 2 - Training Material

Removable Media Device Management


To access file systems on diskettes and CD-ROMS, the Solaris Operating
Environment gives users a standard interface referred to as Volume
Management.

Volume Management provides three major benefits:

• It automatically mounts diskettes and CD-ROMs for users.

• It allows access to diskettes and CD-ROMs without having to become


root.

• It can give other systems on the network automatic access to any diskettes
and CD-ROMs currently inserted in the local system.

The volume management service is controlled by the /usr/sbin/vold daemon.


By default, this service Is always running on the system to automatically
manage diskettes and CD-ROMs for regular users.

Volume management provides automatic detection of CD-ROMs. However, it


does not detect the presence of a diskette that has been inserted in the drive
until it is informed, by the volcheck command. You run this command to
instruct vold to check the diskette drive for installed media.

Note - Automatic detection of diskettes would cause excessive reads, which


would quickly wear out the drive.

Accessing Mounted Diskettes and CD-ROMs

To make working with diskettes and CD-ROMs simple for your users, each
device is mounted in an easy-to-remember location by vold
• For diskettes, vold automatically mounts the device alter you insert the
diskette and run the volcheck command.
• For CD-ROMs, vold automatically mounts the device when you insert the
CD into the drive

Solaris Operating Environment System Administration I & II Page 225 of 563


Solaris SA 1 & 2 - Training Material

If vold detects that the mounted diskette or CD-ROM contains a file system,
then the device is mounted at the directory location described in Table 8-1.

Table 8-1 Directory Locations

Media Device Access file systems Or.

First diskette drive /floppy/floppyO


First CD-ROM drive /cdrom/cdromO

If vold detects the mounted diskette or CD-ROM does not contain a file
system, the raw device is accessible using the following paths described in
Table 8-2.

Table 8-2 Paths for Accessing Raw Devices

Media Device Access Raw Device On

First Diskette Drive /vol/dev/aliases/floppyO


First CD-ROM Drive /vol/dev/aliases/cdromO

When volume management is running on the system, a regular user can easily
access a diskette or CD-ROM following these basic steps:

1. Insert the media.


2. For diskettes only, use the volcheck command.
3. Work with files on the media.
4. Eject the media.

Administering Volume Management

To restrict regular users from accessing diskettes or CD-ROMs on the systems


root can terminate the volume management service.

To stop volume management from running on a system temporarily the


following command would be run by root.

# /etc/init.d/volmgt stop

Solaris Operating Environment System Administration I & II Page 226 of 563


Solaris SA 1 & 2 - Training Material

To restart the volume management service, the following command is invoked


by root.

# /etc/init.d/volmgt start

Administering Volume Management

Two configuration files are used by volume management.

File Description

/etc/vold.conf The volume management


configuration file. This defines items such as
what action should be taken when media is
inserted or ejected, what devices are used, and
what file system types are unsafe to eject.

/etc/rmmount.conf The rmmount command configuration


file. The rmmount command is a removable
media mounter that is executed by the volume
management daemon whenever a CD-ROM or
diskette is inserted.

Accessing a Diskette or CD-ROM Without Volume Management

When volume management is not running, then only root can mount and
access a diskette or CD-ROM, using the following:

1 Insert the media device.

2. Become root.

3 Create a mount point, if necessary.

4 Determine the file system type.

5 Mount the device using the proper mount options.

6 Work with files on the media device.

Solaris Operating Environment System Administration I & II Page 227 of 563


Solaris SA 1 & 2 - Training Material

7. Unmount the media device.

8. Eject the media device.

9. Exit the root session.

Solaris Operating Environment System Administration I & II Page 228 of 563


Solaris SA 1 & 2 - Training Material

Mounting Different types of File Systems


Different file system types have unique properties that affect how the mount
command functions.

By default the mount command assumes it is mounting a ufs type file system.
However, when mounting a different type of file system, its type may have to
be specified on the command line.

You use -F option on the mount command to specify the type of file system to
be mounted.

Specifying a hsfs File System Type

As root, to mount a file system that resides on a CD-ROM, when the volume
management services are stopped:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom

In this example the file system type is hsfs, the file system resides, on disk
slice /dev/dsk/cOt6dCsO, and the mount point used, /cdrom is a pre-existing
directory in the Solaris Operating Environment.

Specifying a pcfs file System Type

As root, to mount a file system that resides on a diskette, when the volume
management services are stopped:

# mkdir /pcfs
# mount -F pcfs /dev/diskette /pcfs

In this example, the file system type is pcfs, the file system resides on the
device /dev/diskette, and the mount point used, /pcfs had to be created.

Solaris Operating Environment System Administration I & II Page 229 of 563


Solaris SA 1 & 2 - Training Material

Determining a File System's Type


Because the mount commands needs the file system type to be specified to
function properly, it must be explicitly specified, or it will have to be
determined by searching the following files.

• The /etc/vfstab for FS type field.


• The /etc/default/fs file for local file system type.
• The /etc/dfs/fstypes file for remote file system type.

If the file system's type has not been explicitly specified on the command line
using mount -F FStype option, mount looks in /etc/vfstab to determine the file
systems type, using its block device name, raw device name, or mount point
directory name.

If you cannot determine the file system's type by searching /etc/vfstab, mount
uses the default file system type specified in either /etc/default/fs or
/etc/dfs/fstypes, depending on whether the file system is local or remote.

The default local file system type is specified in /etc/default/fs by the line
entry LOCAL=fstype. For example:

LOCAL=ufs

The default remote file system type is determined by the line entry in
the/etc/dfs/dfstypes file. For example:

nfs NFS Utilities

Finding a File System's Type

To determine a file system's type to use with the option of the mount
command, run the following grep command to display the information

# grep mount-point fs-table

mount-point — Specifies the mount point directory name of the file system.
For example, the /var directory.

Solaris Operating Environment System Administration I & II Page 230 of 563


Solaris SA 1 & 2 - Training Material

fs-table – Specifies the absolute path to the file system table used to search for
the file system’s type.

If the file system is mounted, fs-table should be /etc/mnttab.If the file system
is not mounted, fs-table should be /etc/vfstab.

The following example uses the /etc/vfstab to determine the type of the
/export/home file system.

# grep / export /home /etc/vfstab


/dev/dsk/c0t0d0s7 dev/rdsk/c0t0d0s7 /export/hone ufs 1 yes -
#
The fstyp Command
The fstyp command can also be used with the raw device name of the disk
slice to determine a file system's type. For example:

# fstyp /dev/rdsk/c0t0d0s7
ufs

Solaris Operating Environment System Administration I & II Page 231 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER – 10

THE DIRECTORY HIERARCHY

Objectives

Upon completing this module you should be able to:

‰ Identify the four main file types in the Solaris Operating Environment

‰ Describe the functions provided by regular files, directories, symbolic links, device
files, and -hard links

‰ Define the function of each subdirectory found directly within the root directory

Solaris Operating Environment System Administration I & II Page 232 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment File Types

The Solaris Operating environment supports a standard set of files: -found in nearly
all UNIX-based operating systems. In general, files provide a means of storing data,
activating devices, or allowing interprocess communication. Of the different types of
files that exist, four could be described
types in the Solaris Operating Environment, which include:

‰ Regular or ordinary files


‰ Directories
‰ Symbolic links
‰ Device files

Regular Files, directories, and symbolic links all store one or more kind of data.
Device files differ from the other three because they do not store data; instead, they
provide access to devices.

Files that provide inter-process communication include sockets named pipes, and
doors. These last three types of files are not described in this module

Solaris Operating Environment System Administration I & II Page 233 of 563


Solaris SA 1 & 2 - Training Material

Identifying File Types

Using the ls command, you can easily distinguish different file types from one
another. In the following example, the first column of information the Is -1 command
displays indicates the file type.

The following examples show partial listings on an Ultra 5 system from directories
that contain a mix of different file types:

# cd /etc
# ls -1
total 428
drwxr-xr-x 2 adm adm 512 apr 3 10:42 acct
lrwxrwxrwx 1 root root 14 apr 3 11:05 aliases->
./mail/aliases
drwxr-xr-x 2 root sys 512 apr 3 10:44 ami
drwxr-xr-x 2 root bin 512 apr 3 10:45 apache
-rwxr—r— 1 root sys 360 apr 3 10:45 asppp.of
-rw-r—r— 1 root bin 50 apr 3 10:45 auto_home
-rw-r—r— 1 root bin 113 apr 3 10:45 auto_ master
(output truncated)

# cd /devices/pci@lf,0/pci@l,l/ide@3
# ls -1
total 0

brw--------- 1 root sys 136, 0 Apr 3 11:11 dad@0,0:a


crw ------- 1 root sys 136, 0 Apr 3 11:11 dad@0, 0:a. raw
brw------ 1 root sys 136, i Apr 4 11:06 da,di?0,0:b
crw------- 1 root sys 136, 1 Apr 3 11:11 dad@0, 0:b,raw
(output truncated)-

The character in the first column identifies each file's type, as follows:

‰ — Regular files
‰ d - Directories
‰ 1 -Symbolic links
‰ b - Block special device files
‰ c Character special device files

Solaris Operating Environment System Administration I & II Page 234 of 563


Solaris SA 1 & 2 - Training Material

File Names, Inodes, and Data Blocks


All files in the Solaris Operating Environment make use of a file name and a record
called an inode. Most files also make use of data blocks.

File names are the objects most often used to access and manipulate files

Inodes are the objects the system uses to record information about a file.

Data blocks are units of disk space used to store data.

To exist, a file must have a name that is associated with an inode. In general, inodes
contain two parts. First they contain information about the file, including who owns it,
its permissions and size. Second, they contain pointers to data blocks associated with
the file.

Subsequent modules that describe the ufs file system describe the content of inode records in detail.

However, in general, a file name is associated with an inode, and an inode provides access to data blocks.

For understanding file types, use Figure 4-i to visualize these relationships.

Filename inode number

Data blocks

Figure 4-1 File Names, Inodes, and Data Blocks

Inodes are numbered, and each file system its own separate of inodes when you create a new
file system it generates a complete list of inodes found in that file system.

Solaris Operating Environment System Administration I & II Page 235 of 563


Solaris SA 1 & 2 - Training Material

Regular Piles
A regular file simply holds data. Perhaps the most common file type found in the Solaris Operating

Environment are regular files, which allow you to store many different kinds of data. Regular files can hold

ASCII text, binary data, image data, databases, application-related data, and more.

You can create regular files in many ways. For, example, you could use vi to create an
ASCII text file, or you could use a compiler to create a file that contains binary data. The
touch command creates a new, empty regular file.

filel
I d 1282
Creation methods
Data
Text editors
Text
Compilers
Binaries Application programs
Data blocks
Images Database programs
Application dData Commands (e.g. touch)
Databases

Purpose

Regular files store data

Figure 4-2 Regular Files

Figure 4-2 describes a regular file called filel. As illustrated, the name filel is associated with
inode number 1282. The data blocks associated with filel can hold one of many kinds of data,
and the file could have been created in one of many different ways.

Solaris Operating Environment System Administration I & II Page 236 of 563


Solaris SA 1 & 2 - Training Material

Symbolic Links
A symbolic link is a file that points to another file. Like directories, symbolic links
contain only one kind of data.

A symbolic link contains the pathname of the file to which it points Because symbolic links use pathnames

to point to other files, they can Point to files found in, other file systems. Also, the size of a symbolic link

always matches the number of characters found in the pathname it contains.

For example, the symbolic link called /bin points to the directory ./usr/bin. Its size is 9
bytes because the pathname ./usr/bin contains nine characters.

# cd /
# ls -1
total 135
Irwxrwxrwx 1 root root 0 Apr 3 10:39 bin -> ./usr/bin
(output truncated).

Symbolic links can point to regular files, directories, other symbolic links, and device files. And they can

use absolute or relative pathnames.

Solaris Operating Environment System Administration I & II Page 237 of 563


Solaris SA 1 & 2 - Training Material

Purpose

Symbolic links refer to other file names.


A symbolic link contains the pathname
of the file to which it points

Figure 4-4 Symbolic Links

Figure 4-4 describes a symbolic link file called linkl. As illustrated, the name linkl is
associated with inode number 3561. The data blocks associated with linkl contain the
pathname of the file to which linkl points.

Depending on the length of the pathname the link contains, it can either reside directly in the
link's lnode record or in data blocks.

The In command with the -s option creates a symbolic link.

Symbolic links direct read and write operations to the file to which they point. In the example
above it shows how using linkl as a command's argument would cause that command to refer
to the file called filel.

Solaris Operating Environment System Administration I & II Page 238 of 563


Solaris SA 1 & 2 - Training Material

Device Files
A device file provides access to a device. Unlike regular files, directories, and
symbolic links, device files do not use data blocks. Instead, in their inode information,
they hold numbers that refer to devices. Where the file size displays for other file
types, listings of device files display two numbers, separated by a comma.

These two numbers are called major and minor device numbers. In the example
below, the device file dad@0,0a refers to major device number 136 and minor device
number 0.

# cd /devices/pci@lf,0/pci&l,l/ide@3
# ls -1
total 0
brw------ 1 root sys 136, 0 Apr 3 11:11 dad@0,0:a
crw------ l root sys 136, 0 Apr 3 11:11 dad@0,0:a,raw
(output truncated)

A major device number identifies the specific device driver required to access a device. A
minor device number identifies the specific unit of the type that the device driver controls.

dad@0,0:a

Data Creation methods


Major and minor inode 90681 devfsadm (Solaris)
device numbers drvconfig (<= Solaris 7)
mknod (Solaris 1)

Purpose
Device files activate devices.
Their major and minor device
numbers refer to specific device
drivers and individual devices.

Figure4-5 Device Files

The device file dad@0,0:a described in Figure 4.5 occupies inode number 90681. That inode
contains the major and minor device numbers that refer to a specific device, in this case, a
slice or a disk.

Solaris Operating Environment System Administration I & II Page 239 of 563


Solaris SA 1 & 2 - Training Material

In general, device files are created automatically when you perform a reconfiguration reboot.
In the Solaris Operating Environment, you can use the devfsadm command to create new
device files manually. Before the Solaris Operating Environment you used drvconfig.

Information about interpreting device file names and procedures for creating device files
manually and automatically are described in later modules.

Figure 4-6 Device File Example

Figure 4-6 illustrates the relationship between the device file dad&0, 0:a and the disk device
it controls. The inode information for dad@0,0: a contains major number 136 and minor
number 0. Major device number 136 identifies the dad device driver. The dad device driver
controls IDE disk drives. Minor number 0 identifies slice 0 of the master disk on the first IDE
bus.

Device files fall into two categories: character-special device and block-special devices.
Character-special devices are also called simply character or raw devices. Block special
devices are often called simply block devices. These two categories of device files interact
with devices differently.

Character Device Files

The file type “c’ identifies character device files. For disk devices, character device files call
for I/O operation based on the disks smallest addressable unit or sectors Each sector is 512
bytes in size.

Solaris Operating Environment System Administration I & II Page 240 of 563


Solaris SA 1 & 2 - Training Material

Block Device Files


The file type “b” identifies block device files. For disk devices, block device files call for I/O
operations based on a defined block size. The block size depends on the particular device, but
for UFS file systems, the default block size is 8 Kbytes

brw ------- 1 root sys 136, 0 Apr 3 11:11 dad@0,0: a

Solaris Operating Environment System Administration I & II Page 241 of 563


Solaris SA 1 & 2 - Training Material

Hard Links
A hard link is the association between a file name and an inode. A hard link is not a
separate type of file. Every type of file uses at least one hard link. Every entry in a
directory constitutes a hard link. Think of every file name as a hard link to an inode.
When you create a file, using touch for example, you create a new directory entry that
links the file name you specify with a particular inode.

In Figure 4-7, the file called filel is listed in the directory dirl. In dirl, the name filel is
associated with inode number 1282, In this way, simply creating a new file creates a
hard link.

Figure 4-7 Hard Links

Information in each inode keeps count of the number of file names associated with it.
This is called a link count. In the output from ls -1, the link count displays between
the file permissions and the owner column. In the following example, filel uses one
hard link.

# touch filel
# ls –1
total 0
1 root
-rw-r--r-- 1 root other Apr 1 15:26 filel

Using the command, you can create new hard links to regular files. The command in filel
file2 file2 creates a new directory entry called file2, associate with the same inode associated
with the same inode associated with file.

Solaris Operating Environment System Administration I & II Page 242 of 563


Solaris SA 1 & 2 - Training Material

figure 4-8 illustrates the result, where two file names are associated with inode
number 1282. These file names are functionally identical. Unlike symbolic links, hard
links cannot span file systems.

Figure 4-8 File Names Associated With an Inode Number

Creating the new hard link increments the link count. In the example below,
inode 1282. now has .two hard links; one for filel and the other for file2. The
Is -li command lists the inode number in the leftmost column.
#In filel file2
# Is -1
total 0
-rw-r—r-- 2 root other 0 Apr 7 15:26 filel
-rw-r—r— 2 root other 0 Apr 1 15:26 file2
# Is -li
total 0
1282 -rw-r—r-- 2 root other 0 Apr 1 15:26 file1
1282 -rw-r--r-- 2 root other 0 Apr 7 15:26 file2

Deleting one of the file names has no effect on the other. The link count
decrements accordingly.

# rm filel
# ls -li
total 0
1282 -rw-r--r-- 1 root other 0 Apr 15:26 file2

Solaris Operating Environment System Administration I & II Page 243 of 563


Solaris SA 1 & 2 - Training Material

The root Subdirectories


The directory tree is organized for administrative convenience. Branches within this
tree segregate directories used for different purposes. For example directories exist to
hold files that are private to the local system, files to share with other systems, and
home directories.

Logically all directories fall below the root (/) directory. Physically, all directories can
be located on one file system or divided among more than one file system. Every
Solaris Operating Environment has a root file system and can have other file systems
attached at points within the directory tree. File systems are structures created on disk
slices, and they contain or hold files and directories.

The terms file systems and disk-slices are only briefly explained here because they are
described in detail in subsequent modules.

Note - file systems are described in Module 7. Disk slices are described in Module 6.
See also, man -s5 file system for information on file system organization.

The Solaris Operating Environment is comprised of a hierarchy of critical system


directories and files that are necessary for the operating system to function properly.

‰ / - Root of the overall file system name space.


‰ /bin - This directory is a symbolic link to the /usr/bin directory. It is the directory
location for standard system commands, or binary files.

Solaris Operating Environment System Administration I & II Page 244 of 563


Solaris SA 1 & 2 - Training Material

‰ /dev — Primary location for logical device name. These are symbolic links that point
to device files in the /devices directory. Table 4-1 describes the contents of the /dev
directory.

Table 4-1 The /dev Directory Contents

Directory Description

/dev/cua Dial out device files for uucp


/dev/dsk Block disk devices
/dev/ f bs Frame buffer for device files
/dev/ f d File descriptors
/dev/md Logical volume management meta-disk devices
/dev/pts Pseudo terminal devices
/dev/rdsk Raw disk devices
/dev/rmt Raw magnetic tape devices
/dev/sound Audio device and audio device control files
/dev/term Serial devices

‰ /devices — Primary location for physical device names. These are device files

Solaris Operating Environment System Administration I & II Page 245 of 563


Solaris SA 1 & 2 - Training Material

‰ /etc- Host-specific system administrative configuration files and databases. Table 4-2
describes the contents of the /etc directory.

Table 4-2 The /etc Directory Contents

Directory Description

/etc/acct Accounting configuration information


/etc/cron. d Configuration information for cron
/etc/default Defaults information for various programs
/etc/inet Configuration files for network services
/etc/init.d Scripts for changing between run levels
/etc/lib Dynamic linking libraries needed when /usr is
not available
/etc/lp Configuration information for the printer
subsystem
/etc/mail Mail subsystem configuration information
/etc/nfs NFS server logging configuration file
/etc/openwin OpenWindowsTM configuration files
/etc/opt Configuration information for optional packages
/etc/rc#,d Scripts for entering/leaving run level #
/etc/skel Default profile scripts for new user accounts

‰ /export - Default directory for commonly shared file systems, such as users home
directories, client file systems, or other shared file systems.
‰ /home - Default directory or mount point for users home directories. When AutoFS is
running, you cannot create any new entries in this directory.
‰ /kernel - Directory of platform-independent loadable kernel modules required as part
of the boot process. It includes the generic part of the core kernel that is platform
independent /kernel qenunix.
‰ /mnt – convenient, temporary mount point file systems

Solaris Operating Environment System Administration I & II Page 246 of 563


Solaris SA 1 & 2 - Training Material

‰ /opt - Default directory or mount point for add-on application packages.

‰ /sbin - Essential executables used in the booting process and in manual system failure
recovery.

‰ /tmp - Temporary files; cleared during boot sequence.

‰ /usr - Mount point for the /usr file system. This directory name is an acronym for
UNIX System Resources. Table 4-3 describes the contents of the /usr directory.

Table 4-3 The /usr Directory Contents

Directory Description

/usr/bin Location for standard system commands


/usr/ccs C compilation programs and libraries
/usr/demo Demonstration programs and data
/usr /dt Directory or mount point for CDE software
/usr/include Header files (for C programs, and so on)
/usr/Java Directories containing JavaTNC technology
programs and libraries
/usr/lib Various program libraries, architecture-
dependent databases, and binaries not invoked
directly by the user
/usr/openwin Directories containing OpenWindows programs
/usr/opt Configuration information for optional packages
/usr/pub Files for online man page and character
processing
/usr/spool Symbolic link to the /var/spool directory

‰ /var - Directory for varying files, which usually includes temporary, logging, or status
files.

Solaris Operating Environment System Administration I & II Page 247 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 11

MAINTAINING FILE SYSTEMS

Objectives

Upon completion of this module, you should be able to:

• Describe why fsck is necessary

• Describe how to check and repair a file system

• Display disk space usage by file systems

• Display disk usage of a directory

• Display disk usage by user name

• Demonstrate how to repair the /etc/vfstab file when the system fails to boot

completely

Solaris Operating Environment System Administration I & II Page 248 of 563


Solaris SA 1 & 2 - Training Material

The File System Check Program


A file system can become damaged if it is corrupted from a power failure, a
software error in the kernel, a hardware failure, or an Improper shutdown of
the system.

The file system check program, fsck, checks the data consistency of a file
system and corrects or repairs any inconsistencies or damage found.

Caution - Never run fsck on a mounted file system. It could leave the file
system in an unusable state and delete data. Always run fsck on unmounted
file systems only.

Every time a system boots, fsck automatically performs a file system.


consistency check, fsck checks and repairs any problems encountered in file
systems before they are mounted.
When file system is mounted with the ufs logging option, it eliminates the need to run fsck because logging prevents the file system
from becoming inconsistent.

Note -The status of a file system's state flag determines whether the file
system needs to be checked by fsck. When the file system is "clean," "stable,"
or "logging," file system checks are not run.

Data Inconsistencies Checked by fsck


The fsck command makes several passes through a file system, each time it
scans to check the following types of file system inconsistencies.

The lost+found Directory

The fsck command puts files and directories that are allocated but .
unreferenced in the lost+ found directory located in that file system. The inode
number of each file is assigned as its name. If the lost+found directory does
not exist fsck creates it, and if there is not enough space in the lost+found
directory fsck increases its size.

Solaris Operating Environment System Administration I & II Page 249 of 563


Solaris SA 1 & 2 - Training Material

However, if a more serious inconsistency is found, and a decision has to be


made, the fsck program terminates and leaves the system in single-user mode.
You must run fsck interactively to continue.

Interactive Mode

During this process, fsck lists each problem it encountered, followed by a


suggested corrective action, in the form of a question that requires a yes or no
response.

By responding yes, fsck applies the corrective action and moves on. By
responding no, fsck will often simply repeat the original problem and suggest
corrective action, and not move forward until you respond with a yes.

For example:

# fsck /export/home
** /dev/rdsk/c0t0d0s7
** last Mounted on /export/home
** Phase 1 - Check 'Blocks and Sizes
INCORRECT BLOCK COUNT I=743 (5 should be 2)
CORRECT?

Using the fsck Command

The following examples demonstrate how the system root can use the fsck
command to check the integrity of file systems.

• To check a single unmounted file system, execute the following command.

# fsck /dev/rdsk/c0t0d0s7

This is the only way to check .1 file system that has not been entered in the
/etc/vfstab file.

• To check a file system using the 'mount point directory name as listed in
the /etc/vfstab file, execute the following command

# fsck /opt

Solaris Operating Environment System Administration I & II Page 250 of 563


Solaris SA 1 & 2 - Training Material

The following example has fsck check and repair the file system in non-
interactive mode and exit if a serious problem requiring intervention is
encountered.

# fsck -o f,p /dev/rdsk/c0t0d0s5


/dev/rdsk/c0t0d0s5: 77 files , 9621 used, 46089 free
/dev/rdsk/c0t0d0s5: (4 frags, 57 blocks, 0.0% fragmentation)

The f option forces checking of the file system regardless of the state of its
superblock clean flag.

The p option checks and fixes the file system non-interactively (preen). The
program exits immediately if a problem requiring intervention is found. This
option is required to enable parallel file system checking.

Solaris Operating Environment System Administration I & II Page 251 of 563


Solaris SA 1 & 2 - Training Material

Troubleshooting with fsck


If problems occur in a file system, you are alerted by fsck. Some of the more
common file system errors that require interactive intervention are described
in. the following sections.

Reconnecting an Allocated Unreferenced File

In this example, the fsck program discovers an inode that is allocated but
unreferenced or not linked in any directory.

A yes response to the RECONNECT? question causes fsck to save the file to
the lost+found directory and names it using the inode number.

** Phase 3 - Check Connectivity


UNREF FILE 1=788 OWNER=root MODE=100644
SIZE=19994 MTIME=Jan 18 10:49 1999
RECONNECT? y

To determine what type of file had to moved to the lost+found directory by


fsck:

1. List the contents of the file systems lost+found directory, for example:

# Is /export/home/lost+found
#788

2. Determine the file type, using the file command, for example:

# file / export/home/lost+found/#788
/export/home/lost+found/#788: ascii text

3. To view the contents of the ASCII text file use the more or cat
command. To view the contents of a binary file use the strings
command. If the file is associated with an application, (e.g. a word
processing document), it would be necessary to use the application to
view the contents of the file.

# cat /export/home/lost+found/#788

4 If the file is intact and you know where it belongs, the file can copied
back to its original location in the file system. For example:

# cp export/home/lost+found/#788 /export/home/user1/report

Solaris Operating Environment System Administration I & II Page 252 of 563


Solaris SA 1 & 2 - Training Material

Adjusting a Link Counter


In this example, the fsck program discovers that the value of a directory inode
link counter and the actual number of directory links are inconsistent.

A yes response to the ADJUST? question causes fsck to correct the directory
inode link counter from 4 to 3.

** Phase 4 - Check Reference Counts


LINK COUNT DIR 1=2 OWNER=root MODE=40755
SIZE-512 MTIME=Jan 18 15:59 1999 COUNT 4 SHOULD BE 3
ADJUST? y

Salvaging the Free List

In this example, the fsck program discovers that the unallocated block count
and the free block number listed in the superblock are inconsistent.

A yes response to the SALVAGE? question causes fsck to update the


information in the file system superblock.

** Phase 5 - Check Cyl groups


CG 0: BAD MAGIC NUMBER
FREE BLK COUNT(S) WRONG IN SUPERBLK
SALVAGE? y

Using Backup Superblocks

Superblock corruption can cause a file system to be unmountable.

You know when a file system is unusable when the message "Can' t mount
file system name appears. For example:

Can't mount /dev/dsk/c0t0d0s7

which can appear during a system boot or when manually mounting the file
system.

If fsck fails because of a corrupted superblock it returns an error-message


informing you that it must be run using an alternative superblock backup to
recover the file system.

Solaris Operating Environment System Administration I & II Page 253 of 563


Solaris SA 1 & 2 - Training Material

The corrective action is to run fsck using the -o option with the b flag. The b
flag is followed by a backup superblock number.

Every file system always has an alternate backup superblock at block number
32, which can be given to fsck to repair the main superblock. For example:

# fsck -o b=32 /dev/rdsk/c1t3d0s0


Alternate super block location: 32.
** /dev/rdsk/clt3d0s0
** Currently Mounted on
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - check Reference Counts
** Phase 5 - Check Cyl groups

171 files, 3762 used, 5984 free (79 frags, 748 blocks, 0.1% fragmentation)

The fsck program takes the information in the backup superblock, compares it
with the actual file system and attempts to rebuild the main superblock.

If however, this block is part of the file system that was damaged it is
unusable. You must select another backup superblock for fsck to continue.

To list the locations of all the alternate backup superblocks in the file system,
run the newfs -N command. For example:

#'newfs -N /dev/rdsk/c#t#d#s#

Caution -This method works if the underlying file system was built using the
newfs default parameters. If the file system was not built with these defaults,
then you must run newfs -N using the identical parameters to generate
identical superblock locations.

You use the -N option to print out file system parameters that would be used
to create a new file system without actually creating the tile system.

Solaris Operating Environment System Administration I & II Page 254 of 563


Solaris SA 1 & 2 - Training Material

A portion of that print out is a list of all the backup superblock locations that
can be used with fsck -o b#. For example:

# newfs -N /dev/rdsk/c0t0d0s7
newfs -N /dev/rdsk/c0t0d0s7
/dev/rdsk/c0t0d0s7 : 3537040 sectors in 2327 cylinders of 19 tracks, 80 sectors
1727.1MB in 73 cyl groups (32c/g, 23.75MB/g, 5888 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 48752, 97472, 146192, 194912, 243632, 292352, 341072, 389792,
487232, 535952, 584672, 633392, 730832, 779552, 828272, 876992,
925712, 974432, 1023152, 1071872, 1169312, 1218032, 1266752, 1315472 1364192,.
1412912, 1461632,. 1510352, 1556512, 1605232, 1653952, 1702672, 1751392, 1800112,
1848832, 1897552, 1946272, 1994992, 2043712, 2092432, 2141152, 218S872, 2238592,
2287312, 2336032, 2384752, 2433472, 2482192, 2530912, 2579632, 2628352, 2677072,
2725792, 2774512, 2823232, 2871952,

#
You could use any other alternative superblock number in the list with
fsck.For example

# fsck -o b=535952 /dev/rdsk/c0t0d0s?


Alternate super block location: 5359528.
** /dev/rdsk/c0t0d0s7
** Last Mounted on
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 – Check Reference Counts
**Phase 5 - Check -Cyl groups
7 files, 14.used, 279825 free (17 frags, 347891 blocks, 0.0% fragmentation)
#

Solaris Operating Environment System Administration I & II Page 255 of 563


Solaris SA 1 & 2 - Training Material

Monitoring File System Usages


An important activity of a system administrator is to monitor file system usage
on a regular basis. There are four useful commands available for this task,
which include df, du, ff and quot.
• df — Display the number of free disk blocks and files.
• du - Summarize disk usage.
• ff - List files names and statistics for a file system.
• quot - Summarize file system ownership.

The df Command

You use the df command to display the amount of disk space occupied by
mounted file systems. It lists the amount of used and available space, and how
much of the file system's total capacity is used.

Command Format

df [-k] [directory]

Options
-k Displays usage in Kbytes and subtracts the space
reserved by the operating system from the amount of available
space.

To display the capacity of file systems, use the following command:

# df -k
file system kbytes used avail capacity Mounted on
/dev/dsk/c0t3d0s0 38111 19196 18877 51% /
/dev/dsk/c0t3d0s6 565503 361529 203409 64% /usr
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
/dev/dsk/c0t3d0sl 25159 4886 20248 20% /var
/dev/dsk/c0t3d0s5 27439 20362 7050 75% /opt
swap 45980 12 45968 1% /tmp

Solaris Operating Environment System Administration I & II Page 256 of 563


Solaris SA 1 & 2 - Training Material

The amount of space that is reported as used and avail is less than the amount
of total space in the file system. A fraction of space, from 1 percent to 10
percent, is reserved in each file system.

When all the reported space on the file system is In use, its capacity is
displayed as 100 percent. Regular users receive the message "File System
Full" and cannot continue working. The reserved space is still available to
root, who can delete or back up files to free space in the file system.

The following lists the fields displayed by df -k

file system Mounted file system

kbytes Size of the file system in Kbytes (1024 bytes)


used Number of Kbytes used
avail Number of Kbytes available
capacity Percentage of file system capacity used
Mounted on. Mount point

The du Command
You use the du command to display the number of disk blocks (512 bytes)
used by directories and files.

Command Format

du [-a] [-s] [-k] (directory)

Solaris Operating Environment System Administration I & II Page 257 of 563


Solaris SA 1 & 2 - Training Material

Options

-k Displays in Kbytes.
-s Displays only the summary in 512-byte blocks. Using
the s and k options together will show the summary in Kbytes.
-a Displays the number of blocks used by all files and
directories within the specified directory hierarchy.

To display disk usage in kilobytes, execute the following:

# cd /opt
# du -k
8 ./lost+found
3 ./SUNWits/Graphics-sw/xil/lib
4 ./SUNWits /Graphics -sw/xil
16 ./SUNWits/Graphics-sw/xgl/demo

38 ./netscape/movemail-src
11392 ./netscape
20362 .

To display disk usage including files, execute the following:

# du -ak /usr
16 /usr/lost+found
2 /usr/X
2 /usr/lib/liblCE.so
2 /usr/lib/libICE.so.6
2 /usr/lib/libMrm.so
6 /usr/kvm

/usr

To display a summary of disk usage, execute the following

# du -sk /usr
723057 /usr

Solaris Operating Environment System Administration I & II Page 258 of 563


Solaris SA 1 & 2 - Training Material

The ff Command
The ff command provides a list of pathnames and inode numbers of files in the
file system.

The command output is sorted in ascending inode number order. For example:

# ff /dev/dsk/c1t3d0s5
/dev/dsk/clt3d0s5:
inode# pathname
inode# pathname
inode# pathname
inode# pathname
inode# pathname

The quot Command


The quot command displays how much disk space (in Kbytes) is being used
by users

Note - The quot command can only be run by root

Command Format

quot [-af] [file system...]

Options

a Reports on all mounted file systems


f Includes number of files

To display disk space being used by users on all mounted file systems, execute
the following:

# quot -af
/dev/rdsk/c0t0d0s0

14326 1284 root

Solaris Operating Environment System Administration I & II Page 259 of 563


Solaris SA 1 & 2 - Training Material

1 1 sys
/dev/rdsk/c0t0d0s6 (/usr):
197394 6962 root
161203 11884 bin
2140 232 lp
1 1 adm.

The columns represent Kbytes used, number of files, and owner, respectively

To display a count of the number of files and space owned by each user for a
specific file system, execute the following:

# quot -f /dev/dsk/clt0d0s5
/dev/dsk/clt0d0s5:

134 62 root
103 84 user1
140 32 user9

Solaris Operating Environment System Administration I & II Page 260 of 563


Solaris SA 1 & 2 - Training Material

Troubleshooting

Repairing Important Files if Boot Fails

The /etc/vfstab file is an important system file. If it becomes corrupted or


contain editing errors, it can cause the system boot to fail.

The following procedure describes how to boot from the Solaris Operating
Environment software CD-ROM to edit the /etc/vfstab file.

1. Insert the Solaris Operating Environment software CD-ROM 1 of 2


into the CD-ROM drive.

2. Run a single-user boot from the CD-ROM.

0k boot cdrom -s
Boot device: /pci@lf,0/pci@l,l/ide@3/cdrom@2,0:f File and args -s
SunOS Release 5.8 Version Generic_106541-02 [UNIX(R) System V
Copyright (c) 1983-1999 by Sun Microsystems, Inc.
Configuring the /dev and /devices directories

INIT: SINGLE USER MODE


#

Note - Performing a single-user boot operation from this Software CD-ROM


creates an in-memory copy of the / (root) file system, which supports your
ability to perform administrative tasks.

3. Use the fsck command on the / (root) partition to check and repair any
potential problems in the file system.

fsck /dev/rdsk/c0t0d0s0

4. If fsck completed successfully, mount the / (root) file system on the /a


directory, to gain access lo the file system on disk.

/dev/dsk/c0t0d0s0 /a

5. Set and export the TERM variable which enables the vi editor to work
properly

# TERM=sun
# export TERM

Solaris Operating Environment System Administration I & II Page 261 of 563


Solaris SA 1 & 2 - Training Material

6. Edit the /etc/vfstab file and correct any problems. Then exit the
file.

# vi /a/etc/vfstab

7. Unmount the file system.

# cd /
# umount /a

8. Reboot the system.

# reboot

Solaris Operating Environment System Administration I & II Page 262 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 12

SCHEDULING PROCESS CONTROL

Objectives

Upon completion of this module, you should be able to:

• Start the CDE Process Manager to monitor and control active processes

• Report active process statistics using the prstat command

• Schedule the automatic execution of commands, programs, or scripts using


the commands at and crontab

• Define the files used to control user access to the commands at and crontab

• Create and execute an at job

• Describe the location and format of a crontab file

• Demonstrate the steps to create, view, edit, and remove a crontab file

Solaris Operating Environment System Administration I & II Page 263 of 563


Solaris SA 1 & 2 - Training Material

Processes Running on the System


A process is any program that is running on the system. All processes are
assigned a unique process identification number (PID), which is used by the
kernel to track and manage the process. The PID numbers are used by root and
regular, users to identify and control their processes.

Viewing Processes and PIDs

The Ps (process status) command is commonly the method used for viewing a
list of processes currently running on a system. However, there are two other
methods for managing process which include:

• The CDE Process Manager


• The prstat command

Note - The prstat command is new with the Solaris Operating Environment.

Solaris Operating Environment System Administration I & II Page 264 of 563


Solaris SA 1 & 2 - Training Material

The prastat Command


The prstat command interactively examines and displays information about
active processes on the system.

This command enables you to view information by specific processes, UIDs,


CPU IDs, or processor sets. By default, prstat displays information about all
processes sorted by CPU usage.

# prstat

To quit prstat type: q

Table 10-1 Column Headings for the prstat Command

Column Heading Description


PID The process identification number of the process.

USERNAME The login ID name of the owner of the process.

SIZE The total virtual memory size of the process.

RSS The resident set size of the process in kilobytes,


megabytes, or gigabytes.

STATE The state of the process:


cpu - process is running on the CPU.
sleep - process is waiting for an event to complete.
run - process is in run queue.
zombie - process terminated and parent not waiting.
stop-process is stopped.
PRI The priority of the process.

NICE The value used in priority computation.

TIME The cumulative execution time for the process.

CPU The percentage of recent CPU time used by the process.

PROCESS/NLWP The name of the process.


The number of LWPs in the process.

Note - Lightweight process (LWP) is a virtual CPU or execution resource.


LWPs are scheduled by the kernel to use available CPU resources based on
their scheduling class and priority.

Solaris Operating Environment System Administration I & II Page 265 of 563


Solaris SA 1 & 2 - Training Material

Table 10-2 describes some options for the prstat command.

Table 10-2 Options for the prstat Command

Option Description

-a Displays separate reports about processes and


users at the same time.

-c Continuously prints new reports below previous


reports.

-n nproc Restricts the number of output lines.

-p pldlist Reports only on processes that have a PID in the given list.

-s key Sorts output lines by key in descending order. The five possible keys
include: cpu, time, size, rss, and pri. You can use only one key at a
time.

-S key Sorts output lines by key in ascending order

-1 Reports total usage summary for each user.

-u euidlist Reports only processes that have an effective user ID in the given list.

-U euidlist Reports only processes that have an effective user ID is in the given
list.

Solaris Operating Environment System Administration I & II Page 266 of 563


Solaris SA 1 & 2 - Training Material

Scheduling the Automatic Execution of Commands


Users can schedule a job for a one-time execution at a specified time by using
the at command.

Users can schedule a job to be executed repetitively, at regular intervals, by


using a crontab file.

The cron daemon is responsible for scheduling; and running; these jobs.

Note - The cron daemon is started at system boot and runs continuously in the
background.

The cron tab Command

A crontab file is used to automatically execute commands or scripts


repetitively, at regularly scheduled intervals. All crontab files are maintained
in /var/spool/cron/crontabs/username (s),

The crontab command enables the user to view, edit or remove a crontab file.

Solaris Operating Environment System Administration I & II Page 267 of 563


Solaris SA 1 & 2 - Training Material

The crontab File Format


A crontab file consists of commands, one per line that will be executed at
regular intervals.

The beginning of each line contains date and time information that tells the
cron daemon when to execute the command.

These first five fields are separated by spaces, and indicate when the command
will be executed.

10 3 * * 0 /usr/lib/newsyslog

The minute field can hold values between,0 and


59.

The hour field can hold values between 0 and 23

The day-of-month field can hold values between


1 and 31.

The month field, can hold values between 1 and


12, January to December.

The day-of-week field can hold values between 0


and 6. Sunday is 0.

The command field contains the command to be


run by cron.

Figure 10-3 Fields in a crontab File

The first five fields can follow these format rules:

n Matches if field value is n

n.p.q Matches if field value is n,p, or q

n-p Matches if field has values between n and p inclusive

Matches any value (or can be used as a placeholder)

Solaris Operating Environment System Administration I & II Page 268 of 563


Solaris SA 1 & 2 - Training Material

Crontab for the root User


A crontab file, /var/spool/cron/crontabs/root, is provided in the Solaris
Operating Environment for the root user. By default, regular users do not have
crontab files.

The root crontab file contains the following command lines by default:

# ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 • */


# The root crontab should be used to perform accounting data collection.
#
# The rtc command is run to adjust the real time clock if and when
# daylight savings time changes.
#
10 3 * * 0,4 /etc/cron.d/logchecker
10 3 * * 0 /usr/lib/newsyslog
15 3 * * 0 /usr/lib/fs/ufs/nfsfind
1 2 * * * [ -x /usr/sbin/rtc ] &&. /usr/sbin/rtc -c > /dev/null 2>&l
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] &&
/usr/lib/gss/gsscred_clean

The first line instructs cron to run logchecker at 3:10AM on Sunday and
Thursday.

The second line instructs cron to run newsyslog at 3:10AM every Sunday.

The third line instructs cron to execute nfsfind every Sunday at 3:15AM.

The fourth line instructs cron to check daily-for Daylight Savings Time and
make corrections if necessary.

The fifth line instructs cron to check for and remove duplicate entries in the
Generic Security Service table, /etc/gss gsscred_db.

Solaris Operating Environment System Administration I & II Page 269 of 563


Solaris SA 1 & 2 - Training Material

Using crontab -l to View a Crontab file


To view the contents of the root crontab run the followmg command, as root:

# crontab -1

This is the same command regular users would run to view the, contents of
their own crontab file.

As root, you can view the contents of any regular user's crontab by running the
command:

# crontab -1 username

Editing a crontab File

To create or edit a crontab file, follow these steps:


1. Check that the EDITOR variable is set to the editor you want to use.
This instruct cron on which editor to use to open the file. For example:

# EDITOR=vi
# export EDITOR

2. Run the following crontab command to open your crontab file, and add
the following entry.

# crontab -e -
30 17 * * 5 /usr/bin/banner "Time to go!" > /dev/console
:wq

Controlling crontab Access


Control access to crontab with two files in the /etc/ cron. d directory

• /etc/cron.d/cron.deny
• /etc/cron.d/cron.allow

Solaris Operating Environment System Administration I & II Page 270 of 563


Solaris SA 1 & 2 - Training Material

The at Command
The at command is used automatically execute a job at a specified time Just
once.

Command Format

at [-m] [-r job] [-q queuename] [-t time] [date]

Options

The options that can be used to instruct cron on how to execute an at fob
include:

-t time Specifies a time for the command to execute. Includes


the following formats:
h, hh, hh:mm
now
noon
midnight

A 24-hour clock is assumed unless you use am/AM or pm/PM


on the command line.

date Specifies a date for the command to execute. Includes


formats, such as:
month followed by a day number, (e.g. Jun 6) name of a day,
(e.g. Friday)
today
tomorrow

-m Sends mail to the user after the job has finished. This
is the default for root.

-t Removes a scheduled at job from the queue,

-q. queuename Specify a specific queue.

Solaris Operating Environment System Administration I & II Page 271 of 563


Solaris SA 1 & 2 - Training Material

Executing the at Command


To create an at job to run at a specified time to locate and delete core files:

# at 8:45 pm

at>find /export/home/user2 -name core -exec rm {} \;


at><Press Control-d here>
commands will be executed using /bin/ksh
job 891550468.a at Thu Apr 2 14:45:00 2000

To display information about execution times of jobs:

# at -1 [ job_ld ]
897543900, a Thu Apr 2 14:45:00 2000

To display the jobs queued to run at specified times by ranking order:

# atq
Rank. Execution Date Owner Job Queue Job Name
1st Apr 2, 2000 14:45 user2 8915504G8.a a stdin

To remove a job from the at queue: 1

# at -r 891550468.a

To view all the at jobs currently scheduled in the queue:

# ls -1 /var/spool/cron/atjobs
-r-S-------- 1 user2 staff 634 Apr 2 14:45 891550468.a
-r-S-------- 1 userl staff 321 Apr 2 21:02 952725600.a

Denying at Access

By default, the Solaris Operating Environment includes the file /etc/cron.d/at


.deny. This file identifies users who are prohibited from vising the at
command. The file format is one user name per line.

Solaris Operating Environment System Administration I & II Page 272 of 563


Solaris SA 1 & 2 - Training Material

A user who is denied access to at receives the following message when


attempting to use this command:

at: you are not authorized to use at. Sorry.

If the /etc/cron.d/at.deny file-exists, but is empty, then all logged in users can
access the at command.

Allowing at Access
As root, you can create the file /etc/cron.d/at.allow to list the names of users who are permitted to use the at command. When this file
exists, it is read before the /etc/cron.d/at.deny file. If a user name exists in both files then that user will be denied access to the at
command.

When neither the at .deny or the allow files exists, only root can use this
command.

Solaris Operating Environment System Administration I & II Page 273 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 13

SYSTEM BOOT PROCESS

Objectives

Upon completion of this module, you should be able to:

• Describe the four phases of the boot process


• Identify the directories that contain the kernel and its loadable modules
• Modify the kernel's configuration file
• Describe the eight Solaris Operating Environment run levels
• Define a system's current run level using the who -r command
• Explain the purpose of the /etc/inittab file
• Describe the steps in the init process to bring a system to multiuser mode
• List the directories that hold the run control scripts used to stop and start
system processes and services
• Describe the steps to add a new run control script
• Use the following commands to shut down the system: init, shutdown,
halt, power off and reboot

Solaris Operating Environment System Administration I & II Page 274 of 563


Solaris SA 1 & 2 - Training Material

The Solaris Operating Environment Run Levels


A run level is a digit or a letter representing a system state that defines what services and resources are
currently available to users. The system is always running in one run level.

Run levels are sometimes referred to as init states because the init process is
used to transition between run levels. You can use the init command to
manually initiate run-level transitions.

The Solaris Operating Environment has eight run levels, which are described
in the following table.

Table 13-1 Solaris Run Levels

Run
Level Function

0 Shuts down the Solaris Operating Environment and displays


the boot PROM ok prompt so it is safe to turn off power to
the system.
s or S Runs as single user with all file systems mounted and
accessible.
1 Indicates system is running IN a single-user administrative
state with access to all available file systems.

2 Indicates system is running in multi-user operations.


Multiple users can access the system. All system daemons are
running except for the NFS server daemons.

3 Indicates system is running in multi-user operations with NFS


resource-sharing available. Specified as the default run level
in the /etc/inittab file.
4 This level is currently not implemented.
5 Shuts down the Solaris Operating Environment and powers
off the system.
6 Shuts down the system to run level 0, and then reboots to
multi-user operations, (or the level set in the default in the
/etc/inittab file).

Solaris Operating Environment System Administration I & II Page 275 of 563


Solaris SA 1 & 2 - Training Material

Determining a System's Current Run Level

To determine the current run level of a system, use the following command.

# who -r
run level 3 Jun 9 08:30 3 0 S

Date and Time current Previous


Current run level of last run level run level run level
change
Number of times
at this run level
since last reboot

Solaris Operating Environment System Administration I & II Page 276 of 563


Solaris SA 1 & 2 - Training Material

The Boot Process: In general, when a system is turned on, the PROM monitor runs a quick self-test
procedure that checks the hardware and memory on the system. If no errors are found, the system
begins the automatic boot process. The entire boot process is described by four distinct phases:

1) Boot PROM phase 2) Boot Programs phase 3) Kernel Initialization phase 4) init phase

Boot PROM phase:

The following describes the Boot PROM phase:

ƒ PROM runs POST (The boot PROM firmware runs the power on self test (POST) to verify the
system’s hardware and memory. The PROM displays the system identification banner, for
example, model type, amount of installed memory, PROM version number, PROM serial
number, Ethernet Address, and Host ID.
ƒ Boot determines the boot device.
ƒ Boot locates the bootblk on the boot device.
ƒ Boot loads the bootblk from its location on the boot device into memory.
ƒ The primary booth program, bootblk, is located in a fixed location on the boot device in
sectors 1-15.
ƒ Its purpose is to load the secondary boot program located in the ufs file system on the boot
device.

Boot Programs phase:

The following describes the Boot Programs phase:

ƒ Bootblk loads the secondary boot program, ufsboot from the boot device into memory. The
path to ufsboot is recorded in the bootblk, which is installed by the solaris utility installboot.
ƒ Ufsboot locates and loads the appropriate two-part kernel. The kernel is comprised of a two
piece static core called gennix kernel file and unix is the platform specific kernel file. When
ufsboot loads these two files into memory, they are combined to form the running kernel.
ƒ On a 32 bit system, the twopart kernel is located in the directory/platform/’uname –m’/kernel.
ƒ On a 64 bit system, the twopart kernel is located in the directory/platform/’uname –
m’/kernel/sparcv9.
ƒ Note: To determine the platform name (Eg: the sytem hardware class, type the command
uname –m. For example, by typing this command on a Sun Ultra 10 it would display: sun4u

The kernel initialization Phase:

The following describes the kernel initialization phase:

ƒ The kernel initializes itself and begins loading modules. The kernel uses ufboot to read the
files. When it has loaded enough modules to mount the root file system it unmaps the
ufsboot program and continues on.
ƒ The kernel reads its configuration file called / etc/system.
ƒ The kernel starts the /sbin/init process.

The SunOS kernel consists of a small, static core (genunix and unix) and many dynamically loadable
kenel modules. Modules can consist of device drivers, file systems, streams, as well as other types
used for specific tasks within the system.

The modules which comprise the kernel typically reside in the directories /kernel and usr/kernel.
Platform dependent modules reside in the /platform/’uname –m’/kernel and /platform/’uname –
I’/kernel directories.

Each subdirectory located under these directories is a collection of similar-type modules.

Solaris Operating Environment System Administration I & II Page 277 of 563


Solaris SA 1 & 2 - Training Material

Solaris Operating Environment System Administration I & II Page 278 of 563


Solaris SA 1 & 2 - Training Material

PROM runs POST

boot locates boot-device


Boot PROM Phase
boot reads bootblk

boot loads bootblk

Bootblk loads secondary


Boot program (ufsboot)

Boot Programs phase


ufsboot loads kernel
32-bit kernel
or
64-bit kernel

kernel initialises itself


loads modules
Kernel Initialization phase
Reads configuration file
/etc/system

kernel starts
init phase /etc/init

init starts re scripts

Figure 13-1 Phases of the Boot Process

Solaris Operating Environment System Administration I & II Page 279 of 563


Solaris SA 1 & 2 - Training Material

kernel

sys fs misc
exec

sched strmod drv

genunix

Figure 13-2 -Module Subdirectories in /kernel

The following describes the types of module subdirectories contained


in/kernel, /usr/kernel, /platform./'uname -m /kernel, or /platform/' uname -
i'/kernel directories:

• sys - System calls (defined interfaces for applications to use)


• exec — Executable file formats
• fs - File system types, for example, ufs, nfs, and proc
• misc - Miscellaneous modules (virtual swap)
• sched - Scheduling classes (process execution scheduling)
• strmod - Streams modules (generalized connection between users and
device drivers)
• drv - Device drivers

The /kernel/drv directory contains all of the device drivers used for system
boot.

The directory /usr/kernel/drv is used for device drivers.

Solaris Operating Environment System Administration I & II Page 280 of 563


Solaris SA 1 & 2 - Training Material

Modules are loaded automatically as needed either at boot time or on demand,


if requested by an application. When a module is no longer in use it is
unloaded on the basis that the memory it uses up is needed for another task.

The advantages of this dynamic kernel arrangement is the overall size of the
kernel is smaller making more efficient use of memory and allowing for
simpler modification and tuning.

32-bit Kernel MEMORY


/platform/’uname -m'/kernel/genunix
/platform/'uname -m'/kernel/unix Static Core
genunix
64-bit Kernel
/platform/ 'uname -m'/kernel/sparcv9/genunix unix
/platform/ 'uname -mV kernel/spar cv9/unix
Device Driver
Modules
Module directories Streams
Modules
Modules
/kernel FS Modules
/usr/kernel
/platform/ uname –m’/kernel Sched
/platform/unama -i /kernel Modules
Sch'ed Modules

Figure 13-3 Kernel and Modules Loaded In Memory

Note - The sparcv9 is the type of CPU that supports 64-bit processing.

Configuring the kernel


The /etc/system file is the control file for specifying which modules and
parameters are to be loaded by the kernel at boot time. By default, all lines in
this file are commented out.

Modifying-the kernel's behavior (or configuration) requires editing the


/etc/system file. Altering this file allows the system administrator to -modify
the kernel's treatment of loadable modules, as well as kernel parameters for
some performance tuning.

Solaris Operating Environment System Administration I & II Page 281 of 563


Solaris SA 1 & 2 - Training Material

The boot program contains a list of default loadable kernel modules which are
loaded at boot time. However, you can override this list by modifying the
/etc/system file to control which modules, as-well as parameters are loaded.

All changes to this file take effect after a reboot.

The /etc/system file explicitly controls:

• The search path for default modules to be loaded at boot time.


• The root type and device.
• The modules not to be loaded automatically at boot time.
• The modules to be forceable loaded automatically at boot time, rather that
at first access.
• The new values to override the default kernel parameter values.

Note - Command lines must be 80 characters or less in length and comment


lines must begin with an asterisk (*) and end with a new line character.

Solaris Operating Environment System Administration I & II Page 282 of 563


Solaris SA 1 & 2 - Training Material

Sample/etc/system File
* ident "@ (#) system 1.18 97/06/27 SMT /* SVR4 1.5 */
* SYSTEM SPECIFICATION FILE
*
* moddir:
* Set the search path for modules. This has a format similar to the csh path
* variable. If the module isn't found in the first directory it tries, the second.
* and so on. The default is /kernel /usr/kernel
* Example:
* moddir: /kernel /usr/kernel /other/modules
*
* root device and root filesystem. configuration-.
* The following may be used to override the defaults provided by the boot program':
* rootfs: Set the file system type of the root.
*
* rootdev: Set the root device. This should be a fully
* expanded physical pathname. The default is the
* physical pathname of the device where the boot
* program resides. The physical pathname is
* highly platform and configuration dependent.
* Example:
* rootfs :ufs
* rootdev:/sh is@l,f8000000/esp@0,800000/sd@3,0:a -
* (Swap device confirmation should be specified in /etc/vfstab.)
*
* exclude:
* Modules appearing in the moddir path which are NOT to be loaded, even if
referenced.
* Note that 'exclude' accepts either a module name, or a filename which includes the
* directory.
* Examples:
* exclude: win
* exclude: sys/shmsys
*
* forceload:
* Cause these modules to be loaded at boot time, (just before mounting the, root
* filesystem) rather than at first reference. Note that forceload expects a
* filename which includes the directory. Also note that loading a module does
* not necessarily imply that it will be installed.
* Example:
* forceload: drv/foo
* set:
* Set an integer variable in the kernel or a module to a new value.
* This facility should be used with caution. See system(4) .
*
* Examples:
* To set variables in 'unix':
* set nautopush=32
* set maxusers=40

Solaris Operating Environment System Administration I & II Page 283 of 563


Solaris SA 1 & 2 - Training Material

* To set a variable namea 'debug' in the module named test module'


* set test_module:C2bug = 0>;13

The /etc/system file is divided into five distinct sections:

• moddir:

Sets the search path for default loadable kernel modules. You can list
together multiple directories to search, delimited either by blank spaces or
colons. If the module is not found in the first directory, it tries the second
directory, and so on.

• root device and root filesystem configuration:

Sets the root file system type to the listed value. The default is rootfs:ufs

Sets the root device. The default is the physical pathname of the device
where the boot program resides. The physical pathname is platform and
configuration dependent. For example:
rootdev: /sbus@l, f 8000000 /esp80 , 800000/sd@3 , 0 : a

• exclude:

Does not allow the loadable kernel module(s) to be loaded during kernel
initialization. For example: exclude: sys/shmsys

• forceload:

Forces the kernel module(s) to be loaded during kernel initialization. For


example: forceload: drv/vx

The default action is to automatically load a kernel module when its


services are first accessed during runtime, by a user or application.

• set: .

Changes kernel parameters to modify the operation of the system.


For example: set maxusers = 40

Editing the /etc/system File

Before editing the /etc/system file, you should make a backup copy. If you
enter incorrect values in this file, the system might not be able to boot.

Solaris Operating Environment System Administration I & II Page 284 of 563


Solaris SA 1 & 2 - Training Material

The following shows how to copy the original /etc/system file to a backup
file, and then edit the /etc/ system lie.

# cp /etc/system /etc/system.orig
# vi /etc/system.

If a boot process fails because of an unusable /etc/system file, issue the


interactive boot command: boot -a. When requested to enter the name of the
system file, type in the name of your backup system file, or alternatively enter:
dev/null, for a null configuration file.

The init Phase

The final phase of the boot process is the /etc/init phase. During this phase init
start the run control scripts which starts Other processes.

The -init process executes re scripts .which -in turn execute a series of other
scripts

Once the init phase completes successfully, the system login prompt is
displayed.

Solaris Operating Environment System Administration I & II Page 285 of 563


Solaris SA 1 & 2 - Training Material

The /etc/inittab File


When you boot a system, or changes run levels with the init or shutdown
command, the init daemon starts processes by reading information from the
/etc/inittab file.

The inittab file defines three important items for the init process:

• The system's default run level.

• What processes to start, monitor, or restart if terminated.

• What actions to take when the system enters a new run level.

Each line entry in the /etc/inittab file has the following four fields:

id:rstate:action:process

The fields in an inittab entry are described in the following table:


id A 1 to 4 character identifier for the entry.
rstate One or more ran levels to which this entry applies.
action How the process (in the next field) is to be treated.
process The command or script to execute.

s3 : 3 : wait: /sbin/rc3 >/dev/msglog 2<> /dev/msglog </dev/console

Figure 13-4 An/etc/inittab File Entry

Note - Message output from system startup (rc) scripts is directed to


/dev/msglog. Previously, all of these messages were written to /dev/console.
For more information refer to msglog (7D)

Some possible keywords used in the action field include:

initdefault Identifies the default run level. Read when init is initially invoked. Used by
init to determine which run level to enter initially. The default is run level 3.

Solaris Operating Environment System Administration I & II Page 286 of 563


Solaris SA 1 & 2 - Training Material

Caution - If the rstate field is empty it is interpreted as 0123456. and init will
enter run level 6, as the default. This will cause the system to reboot
continuously.

sysinit Executes the process before init tries to access the


console (for example, the console login prompt), init waits for
its completion before it continues to read the inittab file.

wait Starts the process and waits for it to complete before


moving to the next entry containing the same run level.

respawn If the process dies, init will restart it. If the. process
does not exist, init starts it and continues reading the inittab
file. If the process does exist, no action required, and init.
continues reading the inittab file.

powerfail Executes the process only if init receives a power fail signal.

Note — Additional action keywords are available and defined in the inittab
man page.

Solaris Operating Environment System Administration I & II Page 287 of 563


Solaris SA 1 & 2 - Training Material

Default /etc/inittab File


The following is an example of the defaultf/etc/inittab file.

ap::sysinit:/sbin/autopush -f /etc/iu.ap
ap::sysinit:/sbin/soconfig -f /etc/sock2path
fs::sysinit:/sbin/rcS sysinit >/dev/msglog 2<>/dev/msglog </dev/console is:3:initdefault:
p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 –g0 >/dev/msglog
2<>/dev/msglog
sS:S:wait:/sbin/rcS >/dev/msglog 2<>/dev/msglog </dev/console
s0:0:wait:/sbin/rc0 >/dev/msglog 2<>/dev/msglog </dev/console
sl:l:respawn:/sbin/rcl >/dev/msglog 2<>/dev/msglog </dev/console
s2:23:wait:/sbin/rc2 >/dev/msglog 2<>/dev/msglog </dev/console
s3:3:wait:/sbin/rc3 >/dev/msglog 2<>/dev/rosglog </dev/console
s5:5:wait:/sbin/rc5 >/dev/msglog 2<>/dev/msglog </dev/console
s6:6:wait:/sbin/rc6. >/dev/msglog 2<>/dev/msglog </dev/console
fw:0:wait:/sbin/uadmin 2 0 >/d<2v/msglog 2<>/dev/msglog </dev/console
of:5:wait: /sbin/uadmin 2 6 >/6.ev/msglog 2<>/dev/msglog </dev/console
rb:6:wait:/sbin/uadmin 2 1 >/dev/msglog 2<>/dev/msglog </dev/console
sc:234:respawn:/usr/lib/saf/sac —t 300,
co:234:respawn:/usr/lib/saf/ttymon –g -h -p 'uname -n' console login: "
-T sun -d /dev/console -1 console -m Idterm, ttcompat

The following describes each inittab line entry:

1. Initializes STREAMS modules

2. Configures socket transport providers

3. Initializes file systems

4. Defines default run level

5. Describes a power fail shutdown

6. Defines single-user mode

7. Defines run level 0

8. Defines run level 1

9. Defines run level 2

10. Defines run level 3

11. Defines run level 5

Solaris Operating Environment System Administration I & II Page 288 of 563


Solaris SA 1 & 2 - Training Material

12. Defines run level 6

13. Defines transition to firmware ..

14. Defines transition to power off

15. Defines transition to reboot

16. Initializes Service Access Controller

17. Initializes console

The init Process

The following illustrates the process of bringing a system to the default run
level 3.

init process /etc/inittabfile /sbin/autopush


Sets initdefault to run level
/sbin/soconfig
Executes commands with a
sysinit entry in the action /sbin/rcS
field
/sbin/rc2
Executes commands with a
run level 3 entry in the rstate
field fields /sbin/rc3

/usr/lib/saf/sac

/usr/lib/saf/ttymon

System Login

Figure 13-5 The init Process

Solaris Operating Environment System Administration I & II Page 289 of 563


Solaris SA 1 & 2 - Training Material

The /etc/init process reads the /etc/inittab file to do the following:

1. Identify the initdefault entry, which defines the default run level 3.
2. Execute any process entries that have sysinit in the action field so that
any special initialization can take place before users login.
3. Execute any process entries that have 3 in the rstate field, which
matches the default run level, 3.

The commands executed at this run level include:

• /usr/sbin/shutdown-The init process runs the shutdown command


only if the system has received a powerfail signal.
• /sbin/rcS -Mounts and checks / (root), /usr, /var, and /var/adm file
systems.
• /sbin/rc2 - Starts the system daemons, bringing the system up into
run level 2 (multi-user mode).
• /sbin/rc3 - Starts NFS resource sharing for run level 3.
• /usr/lib/saf/sac-Starts or restarts the port monitors and network
access for UUCP.
• /usr/lib/saf/ttymon-Starts or restarts the ttymon process that
monitors the console for login requests. The terminal type on a
SPARC-based system is sun. The terminal type on an lA-based
system is AT385.

Solaris Operating Environment System Administration I & II Page 290 of 563


Solaris SA 1 & 2 - Training Material

Run Control Scripts


The Solaris Operating Environment provides a series of run control (rc) scripts
to stop and start processes normally associated with run levels

The /sbin Directory

Each run level has an associated rc script located in the /sbin directory.

sbin

rc0 rcl . rc2 rc3 rc5 rc6 rcs

Figure 13-6 The / sbin Directory

The rc scripts are executed by init to set up variables, test conditions.. and make calls to "outer scripts that
start and stop processes for that run level

The rc scripts rc0, rc5 and rc6 files are hard linked. For example:

# cd /sbin
# Is -i rc*
47154 rc0 47156 rc2 47154 rc5 47158 rcS
47155 rcl 47157 rc3 47154 rc6

SunOS provides the same series of rc scripts in the /etc directory for backward compatibility.

These scripts are symbolic link files to the rc scripts in. the /sbin directory.

# ca /etc
# 1s –1 rc?

Solaris Operating Environment System Administration I & II Page 291 of 563


Solaris SA 1 & 2 - Training Material

Irwxrwxrwx 1 root root 11 Fee 22 14:19 rc0 -> ../sbin/rc0


Irwxrwxrwx 1 root root 11 Feb 22 14.19 rcl -> . ./sbin/rcl
Irwxrwxrwx 1 root root 11 Feb 22 14:19 rc2 -> ../sbin/rc2
Irwxrwxrwx 1 root root 11 Feb 22 14:19 rc3 -> . ./sbin/rc3
Irwxrwxrwx 1 root root 11 Fee 22 14:19 rc5 -> ../sbin/rc5
Irwxrwxrwx 1 root root 11 Feb 22 14:19 rc6 -> . ./sbin/rc6
lrwxrwxrwx 1 root root 11 Feb 22 14:19 rcS -> ../sbin/rcS
#

The /etc/rc # . dDirectories

For each /sbin/rc script, there is a corresponding directory named /etc/rc#.d. .

The /etc/rc#_.d_directories contain additional scripts that start and


Stop system processes for that run level.

/etc

. rcS.d rc0.cl rcl.d rc2.d rc3.d

K# script S#script

S#script S# script

K# script K# script K# script S#script

Figure 13-7 The /etc/rc# .d Directories.

For example, /etc/rc2.dcontains scripts used to start and stop process for run
level 2.

# 1s /etc/rc2.d

The /etc/rc# .d scripts are always run in the sort order shown by the
1s command-. These files have names in the form of:

[KS] (0-9) [0-9]*

Solaris Operating Environment System Administration I & II Page 292 of 563


Solaris SA 1 & 2 - Training Material

Files beginning with K are run to terminate (kill) a system process. Files
beginning with S are run to start a system process.

Note - File names that begin with a lowercase k or s are ignored by init and
they are not executed. To disable a script, rename it with the appropriate
lowercase letter.

The/etc/init.d Directory
Run control scripts are located in the /etc/init.d directory. These files are hard linked to corresponding: run
control scripts in the /etc /rc#. d directories.

/etc

init.d

cron dtlogin lp nfs. server

Figure 13-8 The /etc/init.d Directory

The benefit of having; individual scripts for each run, level is that you can run
scripts in the /etc/init.d director individually by root. You can turn off a
process or start a process without changing the system's run level

For example, to stop and restart the lp print services, run the following script's
with a stop or start command:

# /etc/init.d/lp stop

# /etc/init.d/lp start

Solaris Operating Environment System Administration I & II Page 293 of 563


Solaris SA 1 & 2 - Training Material

Summary of Run Control Scripts and Functions


The following table summarizes the tasks that are performed by each of the
/sbin rc scripts.

Table 13-2 Run Control Scripts and Function

rc Script Function

/sbin/rc0 Runs the /etc/rc0 .d/K* scripts to perform the following tasks - Stops system
services and daemons - Terminates all running processes - Unmounts all file
systems

/sbin/rcl Runs the /etc/rcl .d scripts to perform the following tasks: - Stops system
services and daemons . - Terminates all running processes - Unmounts all file
systems

/sbin/rc2 Runs the /etc/rc2.,d scripts to perform the following tasks: - Mounts all local
file systems - Removes any files in the /trop directory I - Configures system,
accounting - Configures default router
Starts most of the system daemons

/sbin/rc3 Runs the /etc/rc3 .discripts to perform the allowing tasks: • Cleans up
/etc/dfs/sharetab file - Starts nfsd and mountd

/sbin/rc5 Runs the /etc/rc0 .d/K* scripts to perform the following tasks: - Kills all active
/sbin/rc6 processes and unmounts the file systems
/sbin/rcS Runs the /etc/rcS.d scripts to bring the system up to run level S.
- Establishes a minimal network,
- Mounts /usr, if necessary
-Sets the system name
- Checks the / (root) and /usr file systems
- Mounts p'seudo file systems (/proc and /dev/ f d)
- Rebuilds the device entries for reconfiguration boots .
- Mounts other file systems to be mounted in single-user mode

Solaris Operating Environment System Administration I & II Page 294 of 563


Solaris SA 1 & 2 - Training Material

Creating a New Run Control Script


You can create new scripts to start and stop additional processes or services to
customize a system.

For example, to eliminate the requirement for having to manually start a


database server, create a script to automatically start the database server once
the appropriate network services have started.

You could then create another script to terminate this service and shut down
the database server before the network services are stopped. .

To add run control scripts to start and stop a service/ create the script in the /etc/init .d

directory and create links ion the appropriate /etc/rc#.d directory for the run level the service is

to be started and stopped '

See the README file in each / etc /rc#.d directory for more information on
run control scripts.

The following procedure describes how to add a run control script'.

1 Create the script in the /etc/init.d directory.


# vi /etc/init.d/filename
# chmod 0744 /etc/init.d/filename
# chown root:sys /etc/init.d/filename

2. Create links to the appropriate/etc/re#, d directory.


# cd /etc/init.d
# 1n filename /etc/rc#.d/S##filename
# 1n filename /etc/re#.d/K.##filename

3. Use the 1s command to verity that the script has links in the
appropriate directories.

# 1s /etc/init.d /etc/rc#.d /etc/rc#.d

4. Test the filename by entering the following commands'.


# /etc/init.d/filename start

Solaris Operating Environment System Administration I & II Page 295 of 563


Solaris SA 1 & 2 - Training Material

System Shutdown Procedures


You can shut down the Solaris Operating Environment to perform
administration tasks or maintenance activities, in anticipation of a power
outage, or if you need to move the system to a new location.

The Solaris Operating Environment requires a clean and orderly shutdown


process, which stops process writes data in memory to disk(s), and unmounts
file systems.

Of course, the type of work you need to do determines how the system is shut
down and what command is used.

The following describes the different types of system shutdowns.

• Shut down the system to single-user mode

• Shut down the system to stop the Solaris Operating Environment and
display the ok prompt.

• Shut down the system to turn off power

• Shut down the system automatically-and reboot to multi-user mode

The commands available to root for doing these types of system shutdown
procedures include:

• /sbin/init (using run levels S, 1, 0, 5 or 6)

• /usr/sbin/shutdown (using run levels S, 1, 0, 5 or 6)

• /usr/sbin/halt

• /usr/sbin/poweroff

• /usr/sbin/reboot

The /sbin/init Command


You can use the init command to shutdown, powerof f, or reboot a system in a clean and

orderly manner. It executes the rc0 kill scripts, however, this command does not warn logged

in users that the system is being shutdown, and there is no delay.

Solaris Operating Environment System Administration I & II Page 296 of 563


Solaris SA 1 & 2 - Training Material

To shut down-the system to single user mode, use cither run level S or 1, for
example:

# init S

To shut down the system to stop the Solaris Operating Environment and
display the ok prompt:

# init 0

To shut down the system and turn its power off:

# init 5

To shut down the system and then reboot to multi-user mode:

# init 6

The /usr/sbin/shutdown Command


The shutdown command is a script that invokes init to shutdown ,poweroff, or reboot the

system. It does execute the rc0 kill scripts to shutdown processes and applications gracefully.

Unlike the init command, the shutdown command does the following:

• Notifies all logged in users that the system is being shutdown

• Delays the shutdown for 60 seconds by default

• Gives you the capability to include an optional descriptive message to


inform your users

Command Format

shutdown [ -y ] [ -g grace-period-] [ -i init-state ] [ optional message ]

The -y option is used to pro-answer the final shutdown confirmation question


so the command runs without user intervention.

The -g grace-period allows root to change the number of seconds from the 60-
second default.

The -i init-state specifics the slate init is to be in." By default, system state S is
used.

Solaris Operating Environment System Administration I & II Page 297 of 563


Solaris SA 1 & 2 - Training Material

To shut down the system to single-user mode, enter either run level S or 1, for
example:

# shutdown -is

To shut down the system to stop the Solaris Operating Environment and
display the ok prompt:

# shutdown -i0

To shut down the system and turn off its power automatically:

# shutdown -i5

To shut down the system and then reboot to multi-user mode:

# shutdown -i6

The /usr/sbin/halt Command


The halt command performs an immediate shutdown: It does not execute the
rc0 kid scripts, it does not notify logged in users, and there is no delay.

To shut down the system to stop the Solaris Operating Environment and
display the ok prompt:

# halt

The /usr/sbin/poweroff Command

The poweroff command performs an immediate shutdown. It does not execute


the rc0 kill scripts, no logged in users are notified, and there is no delay.

To shut down the system and turn off its power,

# poweroff

Solaris Operating Environment System Administration I & II Page 298 of 563


Solaris SA 1 & 2 - Training Material

The /usr/sbin/reboot Command

The reboot command performs an immediate shutdown and bring the system
to run level 3 by default. The reboot command differs from the nit 6 command
because it does not execute the rc0 kill scripts, and it does not notify logged in
users.

To shutdown the system and then reboot to multi-user mode

# reboot

Solaris Operating Environment System Administration I & II Page 299 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 14

BACKUP AND RECOVERY

Objectives

Upon completion of this module, you should be able to:


• Identify the logical device names for tape drives

• Define the two different types of file system backups

• Backup a file system to tape using the ufsdump command

• Describe how to backup a file system to a remote tape drive

• Explain the purpose of the /etc /dumpdates file

• Restore a file system from tape using the ufsrestore command

• Describe the procedure for recovering file systems

• Use the tar command to manage multiple archives

• Use the rat command to control the actions of the tape drive

Solaris Operating Environment System Administration I & II Page 300 of 563


Solaris SA 1 & 2 - Training Material

Backing Up and Restoring File Systems


Backing up file systems is the task of copying file systems to removable
media, such as tape, to safeguard against loss, damage, or corruption.

Restoring file systems means copying reasonably current backup files from
removable media back to disk.

Importance of Regular File System Backups

Backing up file systems is one of the most crucial system administration,


functions. Backups should be performed on a regularly scheduled basis to
prevent loss of data due to:

• Accidental deletion of files

• Hardware failures

• Problems when reinstalling or upgrading a system

• System crashes

• System break-in by an unauthorized user compromising data integrity

• Natural disasters

Solaris Operating Environment System Administration I & II Page 301 of 563


Solaris SA 1 & 2 - Training Material

Tape Device Types


Figure 17-1 shows typical tape devices used for storing file systems during the
backup process.

The media chosen depends on the availability of the equipment that supports it
and the media selected to store the data.

Table 17-1 Tape Device Types

Media Type Capacity


1/2-inch reel tape 40 Mbytes (6250 BPI)
1/4-inch (QIC) cartridge tape 8 Gbytes
8-mm cartridge tape 40 Gbytes
4-mm DAT cartridge tape 24 Gbytes
DLT 1/2-inch cartridge tape 70 Gbytes

The capacities shown are approximate and continue to increase. Check the documentation that comes with the tape device to determine
its capacity.

Solaris Operating Environment System Administration I & II Page 302 of 563


Solaris SA 1 & 2 - Training Material

Tape Device Naming

Logical Tape Device Names

All tape devices have logical device names that are used to reference the
device on the command line. These logical device names use the following
format:

/dev/rmt/#hn

Logical tape number


Tape density (l,m,h,c,u)
No rewind

Figure 17-1 Logical Device Name Format

For example:

• The first instance of a tape drive:

/dev/rmt/0

• The second instance of a tape drive:

/dev/rmt/1

• The third instance of a tape drive:

/dev/rmt/2

Tape device names are always numbered 0 and can include the following optional
parameters:

• No Rewind: The letter "n" at the end of a tape device name indicates the tape is
not to be rewound when the current operation completes.

• Tape Density: Five values can be given in the tape device name: -1 (low), m
(medium), h (high), c (compressed), or u (ultra compressed).

Solaris Operating Environment System Administration I & II Page 303 of 563


Solaris SA 1 & 2 - Training Material

Denstintion the tape drive ependent. Check the manufacturer's documentation for the
correct densities supported by a tape device.

The default can also be determined by device entries in the file /kernel/drv/st.conf.

Data Compression

Tape devices that support data compression contain internal hardware that per forms
the; compression. Hardware-based compression is not as space efficient as using the
Solaris compress command, though it is much faster.

Be aware that if a software compressed file is backed up using the tape device
hardware compression option, the file will expand on tape to a size larger than its
compressed version.

Solaris Operating Environment System Administration I & II Page 304 of 563


Solaris SA 1 & 2 - Training Material

Types of Pile System Backups


As root, you can perform the following types of backups:

• Full - A complete file system backup

• Incremental - Only files in the file system that have been added or
modified since a previous backup

The ufsdump Command

The /usr/sbin/ufsdump command is the recommended command for sheduled


backups of complete file systems, as it is resident command in the Solaris
Operating Environment.

Note - Other backup programs are available from either Sun Microsystems,
Inc., or third-party packages.

Command Format

ufsdump options [ arguments ] filesystem._name

You can use this command to back up a complete or a partial file system to
backup media.

Common Options

The following are One common options for the ufsdump command:

• 0-9-_Backup Level. Level 0 is for a full backup of the whole file system.
Levels 1 through 9 are for incremental backups of files that have changed
since the last lower-level backup.

• v- Verify. After each type is written, verify the contents of the media
against the source file system. If any discrepancies occur, prompt the
operator to insert new media,-then repeat the process. Use this option only
on an unmounted file system, any activity in the file system causes it to
report discrepancies.

Solaris Operating Environment System Administration I & II Page 305 of 563


Solaris SA 1 & 2 - Training Material

• S - Size estimate. Determines the amount of space needed on tape to


perform the backup and display the estimated number of bytes required.

• 1 - Autoload. Use this option for an autoloading (stackloader) tape drive.

• o - Offline. When finished, take the drive offline, rewind (if tape), and if
possible eject the media.

• u-Update the /etc/dumpdates file. An entry indicates the device name for
the file system disk slice, the backup level (0-9), and the date. No record is
written when the u option is not used, If an entry already exists for a
backup at the same level, it is replaced.

• f -Specify the tape device name where the file system will be copied".
When the default tape device, /dev/rmt/0) is being used, it is not necessary
to specify this device with the f option, it is assumed.

• file system to backup - Specify one of the following to be backed up. The
file system's mount point name (e.g. /usr). The raw device name
(/dev/rdsk/c#t#d#s#).

Solaris Operating Environment System Administration I & II Page 306 of 563


Solaris SA 1 & 2 - Training Material

The /etc/dumpdates File

Each line in /etc/dumpdates file shows the file system backed up, the level of
the last backup, and the day, date, and time of the backup.

The following is an example of a typical /etc/dumpdates file:

# cat /etc/dumpdates
/dev/rdsk/c0t2d0s6 0 Fri Jun 2 19:12:27 2000
/dev/rdsk/c0t2d0s0 0 Fri Jun 2 20:44:02 2000,
/dev/rdsk/c0t2d0s4 5 Thu Jun 8 19:42:21 2000

When incremental backups are performed, the ufsdump command consults


/etc/dumpdates to and the date of the most recent backup of the next lower
level.

Then it copies all files that were modified or added since the date of that
lower-level backup to the backup media.

After the backup is complete, a new entry, describing the backup just
completed, replaces the entry for the previous backup at that level.

You can determine if backups are being done by viewing the /etc/dumpdates
file. This is particularly important if a backup is not completed because of
equipment failure, it will not be recorded in /etc/dumpdates.

Note- When restoring an entire file system, check /etc/dumpdates for a list of
the most recent dates and levels of backups, to determine which tapes are
needed to restore the entire file system.

Solaris Operating Environment System Administration I & II Page 307 of 563


Solaris SA 1 & 2 - Training Material

Scheduling Backups
The dump level specified in the ufsdump command (0-9) determines which
files are to be backed up. Specifying dump level 0 creates a full backup of the
file system.

The numbers 1 through 9 are used to schedule incremental backups, but have
no defined meanings. These are just a range of numbers used to schedule
cumulative backups. The only meaning levels 1 through 9 have is in
relationship to each other, as a higher or lower number.

Performing daily, cumulative incremental backups is the most commonly used


backup scheme and is recommended for most situations. The following
examples illustrate an incremental backup schedule for a particular file
system.

Solaris Operating Environment System Administration I & II Page 308 of 563


Solaris SA 1 & 2 - Training Material

A Sample Backup Strategy


The following is an example of using incremental levels to backup a file
system.

Figure 17-2 incremental Backup Strategy

• Full (level 0) backup is performed once each month.

• Level 3 backup is performed every Monday. Copies only new or modified


files since the last lower level backup (for example, 0).

• Level 4 backup is performed every Tuesday. Copies only new or modified


files since the last lower level backup (for example, 3).

• Level 5 backup is performed every Wednesday. Copies only new or


modified files since the last lower level backup *(for example 5)

modified files since use last lower level backup, which is the level

Solaris Operating Environment System Administration I & II Page 309 of 563


Solaris SA 1 & 2 - Training Material

Planning File System Backups


• The file systems to backup

• The number of tapes for backup

• A backup device (for example, tape drive)

• The type of backup (for example, full or incremental)

• The procedures for marking and storing tapes

Finding File System Names

Display the contents of the /etc/vfstab file, and look at the mount point column for the name of

the file system.

Determining the Number of Tapes

The size of the file system backup can be determined by using the following
command.

For example:

# ufsdump 0S fiIesystem_name
<number reported>

or

# ufsdump 3S filesystem_name
<number reported>

The estimated number of bytes needed on tape to perform the backup is displayed.

Divide the reported size by the capacity of the tape to see how may needed to
backup the file system.

Solaris Operating Environment System Administration I & II Page 310 of 563


Solaris SA 1 & 2 - Training Material

Backing Up to Tape
You should bring the system to single-user mode and unmount the file system
before doing a backup.

If you cannot unmount the file system, you need to be aware that backing up a
file system, while operations, such as creating, removing, and renaming files
are occurring, means some data will not be included in the backup.

1. Become root to bring the system to single-user mode and unmount the
file systems.

# /usr/sbin/shutdown -y -g300 "System is being shutdown for backup"

Shutdown started. Mon Jun 5 14:05:45 MdT 2000 .

Broadcast Message from root (pts/1) on hostl Mon Jun 5 14:05:45...


The system hostl will be shut down in.5 minutes
System is being shutdown for backup

2. Unmount all file systems (except / and/usr)


# unmount /export /home

3. Check the integrity of the file system data with the fsck command, but
only if the file system has been unmounted.
# fsck /export/home

4. Perform a full level 0 backup of the /export/home file system.

#ufsdump Ouf /dev/rmt/0 /export/home


DUMP: Writing 32 Kilobyte records
DUMP: Date of this level 0 dump: Mon Jun 5 2000 14:10:15 PM MDT DUMP:
Date of last level 0 dump:' the epoch
DUMP: Dumping 7dev/rdsk/c0t0d0s7 (hostl:/export/home) to /dev/rmt/0. DUMP:
Mapping (Pass I) [regular files]
DUMP: Mapping (Pass II) [directories]
DUMP: Estimated 125206 blocks (61.14MB).
DUMP: Dumping (Pass III) [directories]
DUMP: Dumping (Pass IV) [regular files]
DUMP: Tape rewinding
DUMP: 125182 blocks (61.12M3) on 1 volume at 747 KB/sec
DUMP: DUMP IS DONE
DUMP: Level 0 dump on Mon Jun 5 2000 14:10:15 PM MDT

Solaris Operating Environment System Administration I & II Page 311 of 563


Solaris SA 1 & 2 - Training Material

Performing Remote Backups

You can use the ufsdump command to perform, a backup on a remote tape
device.

When doing remote backups across the network the system with the tape drive
must have entries in its /. rhosts file for every system that will be using the
tape drive.

Command Format

ufsdump opi.,ns remotest: tapedevice filesystem

For example, to perform a full level 0 backup of the export/home file system
on hostl to the remote tape device on host2. use the following command:

# ufsdump Ouf bost2:/dav/rmt/0 /export/home


DUMP: Writing 32 Kilobyte records
DUMP: Date of this level 0 dump: Mon 5 Jun 2000 03:10:57 PM MST
DUMP: Date of last level 0 dump: the epoch
DUMP: Dumping /dev/rdsk/c0t0d0s7 (hostl:/export/home) to
host2:/dev/rtnt/0.
DUMP: Mapping (Pass I) [regular files]
DUMP: Mapping (Pass II) [directories]
DUMP: Estimated 125206 blocks (61.14MB).
DUMP: Dumping--(Pass III) [directories] ,
DUMP: Dumping (Pass IV) [regular files]
DUMP: Tape rewinding
DUMP: 125182 blocks (61.12MB) on 1 volume at 704 KB/sec
DUMP: 'DUMP IS DONE
DUMP: Level 0 dump on Mon 5 Jun 2000 03:10:57 PM MST

Solaris Operating Environment System Administration I & II Page 312 of 563


Solaris SA 1 & 2 - Training Material

Restoring File Systems


Use the ufsrestore command to restore files and file systems that were backed
up using the ufsdump command.

The reasons why a file system might need to be restored include:

• Rebuilding a damaged file system

• Reinstallation or upgrade of the Solaris Operating Environment software

• Reorganizing file' systems on existing or new disks

The ufsrestore command copies files To disk relative to the current working
director from backups created using the ufsdump command.

Use ufsrestore to reload an entire file system hierarchy from a level 0 backup
and incremental backups that follow it; or to-restore one 'or more single files
from any dump tape.

Command Format

ufsrestore. options [ arguments ] [ filesystem ]


ufsrestore options [ arguments ] [ filenames . . . ]

Common Options

The following describes the some options for the ufsrestore command:

• t - Lists the table of contents of the backup media:

• r - Restores the entire file system from the backup media.

• x - Restores only the files named on the command line.

• i - Invokes are interactive restore.

• v - Specifies Verbose mode. Displays pathnames to the terminal screen


as each tile is being restored.

• f - Specifies the tape device name.

Solaris Operating Environment System Administration I & II Page 313 of 563


Solaris SA 1 & 2 - Training Material

The restoresymtable File


A restoresymtable file is created whenever restoring an entire file system from
a backup tape. The restoresymtable file is used only by ufsrestore for check-
pointing, which is information passed between incremental restores.

The restoresymtable file is not needed when the restore is complete and should
be removed from the file system.

Preparing to Restore File Systems

The examples that follow demonstrate how to restore individual files invoke
restore in interactive mode to browse the contents of the backup tape; and
restore an entire file system.

Before restoring files or file systems, you must determine the following:

• What file system backup tapes are needed

• The raw device name to restore the file system

• The temporary directory name to restore individual files

• The type of backup device to be used (local or remote)

• The backup device name (local or remote)

Solaris Operating Environment System Administration I & II Page 314 of 563


Solaris SA 1 & 2 - Training Material

Restoring the root(/) File System


To restore the / (root) file system, boot from the Solaris CD-ROM and then
run ufsrestore.

Note - If / (root), /usr, or the /var file system is unusable because of some type
of corruption or damage, the system will not boot.

The following procedure demonstrates how to restore the / (root) file system
on the boot disk c0t0d0s0.

1. Insert the Solaris Software CD 1 of 2, and boot the CD-ROM with the
single-user mode option.

ok boot cdrom -s

2. Create the new file system structure,.


# newfs /dev/rdsk/c0t0d0s0

3. Mount the file system to an empty mount point directory,/a and change
to that directory.

# mount /dev/dsk/c0t0d0s /a
# cd /a

3. Restore the / (root) file system from its backup tape,


# ufsrestore rf /dev/rmt/0

Note - Remember to always restore a file system starting with the level 0
backup tape and continuing with the next lowest level tape up through the
highest level tape.

5. Remove the restoresymtable file.


# rm restoresymtable

6. Install the bootblk in sectors 1-15 of the boot disk. Change to the
directory containing the bootblk, and run the installboot command.

# cd /usr/platform/'uname -m/lib/fs/ufs
# installboot bootblk /dev/rdsk/c0t0d0s0

Solaris Operating Environment System Administration I & II Page 315 of 563


Solaris SA 1 & 2 - Training Material

7. Unmount the new file system.


# cd /
# umount / a

8. Use the fsck command to check the restored file system.

# fsck /dev/rdsk/c0t0d0s0

9. Reboot the system.


# init 6

10. Perform a full backup of the file system. For example:


# ufsdump Ouf /dev/rmt/0 /dev/rdsk/c0t0d0s0

Note - Always back up the newly created file system, as ufsrestore repositions
the files and changes the inode allocation. ;

Restoring the /usr and /var File Systems

To restore the /usr and /var file systems repeat the steps described above,
except step 6. This step is required only when restoring the ( / ) root file
system.

Restoring Regular File Systems

To restore a regular file system, (for example, /export/home, or /opt) back to


disk, repeat the steps described above, except steps 1, 6, and 9.

Example
# newfs /dev/rdsk/c#t#d#s#
# mount /dev/dsk/c#t#d#s# /rant
# cd /rant
# ufsrestore rf /dev/rmt/#
# rm restoresymtable •• •
# cd /
# umount /rant
# fsck /dev/rdsk/c#t#d#s#
# ufsdump Ouf /dev/rmt/ # /dev/rdsk/c#t#d#s#

Solaris Operating Environment System Administration I & II Page 316 of 563


Solaris SA 1 & 2 - Training Material

Invoking an Interactive Restore

The ufsrestore i-i command invokes an interactive interface for browsing


through the backup tape's directory hierarchy and selects individual files to be
extracted.

1. Become root and change to a temporary directory to place the


extracted files.
# cd /var/tmp

2. Invoke the ufsrestore command with the interactive option.


# ufsrestore ivf /dev/rmt/0
Verify volume and initialize maps
Media block size is 64
Dump date: Mon June 01 15:17;09 2000
Dumped from: the epoch
Level C dump of / on hostl: /dev/dsk/c0t3d0s0
Label: none
Extract directories from tape
Initialize symbol table,

3. Display the contents of the director}' structure .on the backup tape.

ufsrestore > Is
2 *./ 39 devices/ 30847 net/
2 *../ 5122 etc/ 15360 opt/.
161 Xauthority 5120 export/ 25611 proc/
160 Xdefaults 10240 hone/ 15381 sbin/
159 .rhosts 40 kadb 35863 tmp/
3085 .wastebasket/ 2560.8 kernel/ 30848 tmp_mnt/
3 bin 35 lib 20480 usr/
3087 cdrom/ 3 lost+found/ 25600 var/
25610 dev/ 20503 mnt/

To change directories on the backup, tape:

ufsrestore > cd etc/inet


ufsrestore > Is

4. Add any file to be restored to the extraction list,


ufsrestore > add inetd.conf hosts

Solaris Operating Environment System Administration I & II Page 317 of 563


Solaris SA 1 & 2 - Training Material

Files to be restored are marked with an asterisk (*) for extraction. If


you are extracting a directory. All of its contents are marked for
extraction.

In this example, two files are marked for extraction; and this command
displays an asterisk in front of the selected file names: *hosts and *
inetd.conf.

To delete a file from the extraction list, use, the delete command:
ufsrestore > delete inetd.conf

This command displays inetd. conf without an asterisk.

5. To restore the selected file(s) from the backup tape:

ufsrestore > extract


Extract requested files -
YOU have not read any volumes yet.
Unless you know which volume your file(s) are on you should start,
with the last volume and work towards the first. .
Specify next volume #:1
extract file ./etc/inet/hosts . .
Add links.
Set director, mode, owner, and times.
set owner/mode for '.'? [yn] n
.
6 Exit the interactive restore once the files are extracted.
ufsrestore> quit

7. Check the restored files, move them to their original or permanent


directory location, and delete the files from the temporary directory.
#mv /var/tmp/etc/inet/hosts /etc/inet/hosts
# rm -r /var/tmp/etc

Note - Within an interactive restore you can use the help command to display
a list of available commands.

Solaris Operating Environment System Administration I & II Page 318 of 563


Solaris SA 1 & 2 - Training Material

Controlling the Tape Drive


The mt Command (magnetic tape control) is used to send instructions to the
tape drive. Not all tape drives support all mt commands.

Command Format

mt [ -f cape-device-name ] command [ count }

You use the -f option to specify the tape device name, typically a no-rewind
device name.

• status -Displays status information about the tape drive.

• rewind-Rewinds the tape.

• off line-Rewinds the tape and, if appropriate, takes the drive unit off-line
by unloading the tape.

• fsf - Forward skips count tape files.

Examples of Handling Multiple Archives

To create a tape archive of the current directory on the default tape drive,
without the no rewind option, use the following command.

$ tar cvf /dev/rmt/0 .

The following example creates a tape archive of the current directory, on the
default tape drive, using the no rewind option.

$ tar cvf /dev/rmt/On /etc

This example positions the tape at the beginning of the third tar record.

$ mt -f /dev/rmt/On fsf 1

To extract all files from tape and place them into the current directory, use the
following command:

$ tar xvf / dev/rmt / 0

Solaris Operating Environment System Administration I & II Page 319 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 15

INTRODUCING DISK MANAGEMENT

Objectives
Upon completion of this module, you should be able to:

• List the three utilities used to create, check, and mount file systems

• Identify the physical path name differences between physical disks and
virtual disks

• List the potential advantages of any virtual disk management application

• List the basic difference between Solstice DiskSuite™ and Sun StorEdge
Volume Manager™

• List the main advantages of using a concatenated virtual file system

• List the main advantage of using a striped virtual file system

• Install the Solstice DiskSuite applications

• Use the Solstice DiskSuite application to dynamically grow a file system

Solaris Operating Environment System Administration I & II Page 320 of 563


Solaris SA 1 & 2 - Training Material

Physical Disks

In a standard Solaris Operating Environment installation, memory-resident


drivers access all physical disks. Each type of disk device has a unique driver.

Typical Physical Disk Drivers

Typical physical disk drivers include:

• dad - IDE disk driver

• sd — The SCSI disk drive driver

For efficiency, most drivers are loaded into memory at system boot time.

Access Paths

The access path to all physical disks is through path names defined in the /dev
directory. For every slice on every physical disk, there are two unique access
paths—the block device path and the raw device path.

Block Device Path

The block device path is used by commands, utilities, and processes that refer
to the slice as a file system. For example, the following are typical block
device path names:

• /dev/dsk/c0t0d0s0
• /dev/dsk/c0t0d0s7

The following is a typical mount command using the block device path name:

# mount /dev/dsk/c0t0d0s7 /mnt

Solaris Operating Environment System Administration I & II Page 321 of 563


Solaris SA 1 & 2 - Training Material

Raw Device Path


The raw device access path is used by utilities and processes that do not use
the device as a file system but transfer data sector by sector. For example, the
following are typical raw device path names:

• /dev/rdsk/c0t0d0s0

• /dev/rdsk/c0t0d0s7

The following are typical commands that can be used with the raw device path
name:

newfs /dev/rdsk/c0t0d0s7
fsck /dev/rdsk/c0t0d0s7

Solaris Operating Environment System Administration I & II Page 322 of 563


Solaris SA 1 & 2 - Training Material

Virtual Disk Access Paths


A key feature of all virtual volume management applications is that they
transparently provide a virtual partition that can consist of many" disk
partitions. To the Solaris Operating Environment, a virtual partition appears to
be the same as any other. The logical device names associated with the virtual
partitions are similar to other special devices in that they have both a raw
device path and a block device path.

The following are typical virtual volume raw and block device path names for
disks created with Solstice DiskSuite:

• /dev/md/rdsk/d42

• /dev/md/dsk/d42

The following are typical virtual volume raw and block device path names for
disks created with Sun StorEdge Volume Manager:

• /dev/vx/rdsk/apps/logvol

• /dev/vx/dsk/apps/logvol

You can use virtual volume device paths the same way as any other device
path by system utilities; for example:

# mount /dev/nva/dsk/d42 /mnt


# newfs /dev/nva/rdsk/d42
# fsck /dev/vx/rdsk/apps/logvol

To eliminate the limitation of one slice per file system, there are virtual
volume management applications that can create virtual volume structures in
which a single file system can consist of an almost unlimited number of disks
or slices.

Two virtual volume managers are available through Sun:

• Solstice DiskSuite

• Sun StorEdge Volume Manager

Solaris Operating Environment System Administration I & II Page 323 of 563


Solaris SA 1 & 2 - Training Material

Virtual Volume Management

Solstice DiskSuite and Sun StorEdge Volume Manager assemble large


volumes from multiple disk drives, but they use different approaches.

Solstice DiskSuite

Solstice DiskSuite uses standard partitioned disk slices that have been created
using the format utility. A typical volume structure is assembled and managed
transparently.

/dev/md/clsk/d42
d42 is called
a metadevice

/dev/rdsk/c0t0d0s7
/dev/rdsk/c0tld0s4
/dev/rdsk/c0t2d0s6

Figure 4-1 Solstice DiskSuite Management of Disk Slices

Solaris Operating Environment System Administration I & II Page 324 of 563


Solaris SA 1 & 2 - Training Material

Sun StorEdge Volume Manager

Sun StorEdge Volume Manager manages disk space by using contiguous


sectors. The application formats the disks into only two slices, Slice 3 and
Slice 4. Slice 3 is called a private area, and Slice 4 is a public area.

Slice 3 maintains information about the virtual to physical d mappings, while


the sectors in Slice 4 provide space to build the virtual devices. Contiguous
sector groups can be configured into subdisks; see Figure 4-2.

Figure 4-2 Sun StorEdge Volume Management of Disk Slices

An advantage of this approach is there is almost no limit to the number of


subdisks you can create on a single disk drive. In a standard Solaris-disk
partitioned environment, there is an eight-partition limit per disk.

Solaris Operating Environment System Administration I & II Page 325 of 563


Solaris SA 1 & 2 - Training Material

Concatenated Volumes

A concatenated volume combines portions of one or more physical disks into a


single virtual structure. The portions are contiguous, and the first portion tends
to fill with data before the next portion is used. Figure 4-3 illustrates a sample
layout of concatenated volumes.

Figure 4-3 Concatenated Volumes

The following describes some of the features of a concatenated volume:


• It can be used to create a virtual volume that is larger than one physical
disk.

• You can grow a file system as needed by concatenating additional physical


disk space to it. Using this feature, you can increase the size of a file
system while it is mounted and in use.

It is not uncommon for file systems to run out of space due to company
expansion that was not anticipated during the system planning phase. As a
system administrator, you would be required to increase the size of a file
system. The Solstice DiskSuite package that is bundled with the Solaris
Operating Environment server release can be used to expand (or grow) the size
of a file system using concatenation.

Solaris Operating Environment System Administration I & II Page 326 of 563


Solaris SA 1 & 2 - Training Material

Adding a Disk
Before you can use the disk management tools to configure additional disk
space, you must first add the additional device and then modify the device
configuration directories to make the device visible to the system. The two
methods of making the device visible are:

• A reconfiguration boot

• An execution of the devfsadm daemon

Reconfiguration Boot

Traditionally, you would perform a reconfiguration boot operation to


recognize new devices on the system. The three basic methods are:

• Execute a boot -r from the boot PROM's ok prompt

• Execute a reboot — -r from the # (system's superuser shell) prompt; the


— passes the -r to the boot command

• Create a /reconfigure file and reboot the system

The disadvantage to these methods is that each requires you to reboot the
system. In today's computer environments, many systems have a 24 hours a
day, seven days a week (24x7) uptime requirement; therefore, rebooting the
system to add new devices is not an option.

The devfsadm Daemon

For systems that have a 24x7-uptime requirement, you can add new devices
without requiring a reboot.

Before the Solaris Operating Environment, you needed a suite of devfs


administration tools, including drvconfig(lM), disks(lM), tapes(lM), ports(lM),
audlinks(lM), and devlinks(lM) to create the /dev and /devices entries
necessary for the Solaris Operating Environment to access new devices.

These commands still exist in the Solaris Operating Environment; however,


each of them is linked to the new devfsadm administration command that
maintains the name space for /dev and /devices entries.

Solaris Operating Environment System Administration I & II Page 327 of 563


Solaris SA 1 & 2 - Training Material

Therefore, after adding new hardware (or hot-plugable hardware where


permitted), the devfsadm command is executed, thereby transparently building
the necessary configuration entries the new device is then ready for
assignment by the system.

Solaris Operating Environment System Administration I & II Page 328 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 16

INTRODUCING THE SOLARIS NETWORK ENVIRONMENT

Objectives

Upon completion of this module, you should be able to:

• Define the function of each layer within the seven-layer Open Systems
Interconnect (OSI) model and the five-layer Transmission Control
Protocol (TCP)/Internet Protocol (EP) model

• Describe the contents of various network control files

• Construct command strings to perform basic monitoring operations on an


active network

• Start and stop network services using the command line

Solaris Operating Environment System Administration I & II Page 329 of 563


Solaris SA 1 & 2 - Training Material

Overview
The standard Solaris Operating Environment comes with the TCP/IP stack
built into it. To understand the protocol stack, you must understand network
models.

The most commonly referred to networking models are the seven-layered


International Standards Organization (ISO) / OSI model and the five-layered
TCP/IP network model.

Both models provide a framework for describing data communications.

Note - The U.S. Department of Defense created the TCP/IP model.

This module references the TCP/IP model.

Solaris Operating Environment System Administration I & II Page 330 of 563


Solaris SA 1 & 2 - Training Material

The Function of the Layers


Each layer in either of the two network models describes a specific network
function. Each function supports the layer above and receives support from the
layer below.

The separation of the data-communication process into distinct functions


makes it easier for developers to design network components that inter-operate
with each other, regardless of the vendor.

Each layer uses separate protocols, such as the IP or the TCP, to complete the
required tasks for the particular layer.

The functions of data delivery and connection management are handled by


separate protocols. The data delivery protocol is simple and does not deal with
connection management. Conversely, the connection management protocol is
also simple because it does not concern itself with data delivery.

This separation of the data delivery functions from the connection


management functions helps to simplify development using these protocols.

Figure 2-1 ISO/OSI and TCP/IP Model layers

Solaris Operating Environment System Administration I & II Page 331 of 563


Solaris SA 1 & 2 - Training Material

Protocol layering produces simple protocols, each with a few well-defined


tasks. You can then assemble these protocols into a useful whole. You can
also remove or replace individual protocols as needed for particular
applications.

The function of the individual layers of the ISO/OSI model are described in
Table 2-1.

Table 2-1 ISO/OSI Network Model

ISO/OSI Layer Function


Application Manages user-accessed application programs and
network service (using the underlying layers).

Presentation Manages the presentation of the data to be independent of


the architecture.

Session Manages communication setup and termination.

Transport Ensures that messages reach the correct application.

Network Manages data addressing and delivery between networks,


as well as fragmenting data for the Data Link layer. A
router functions at this layer by using IP addresses.

Data Link Manages the delivery of data across the physical network.
This layer provides error detection and packet framing. A
bridge/switch functions at this layer. Delivery decisions
are based on the Ethernet address (also known as the
Media Access Control [MAC] address).

Physical Describes the network hardware, including electrical


signal characteristics, such as voltage and current. A
repeater functions at this layer.

Solaris Operating Environment System Administration I & II Page 332 of 563


Solaris SA 1 & 2 - Training Material

The function of the individual layers of the TCP/IP model are listed in Table 2-2.

Table 2-2 TCP/IP Network Model

TCP/IP Layer Function

Application Manages user-accessed application programs and network


services (using the underlying layers), manages the
presentation of the data to be independent of the
architecture, and manages the presentation of the data to be
independent of the architecture.

Transport Ensures that messages reach the correct application.

Internet Manages data addressing and delivery between networks, as


well as fragmenting data for the data link layer. A router
functions at this layer by using IP addresses.

Network Interface Manages the delivery of data across the physical network.
This layer provides error detection and packet framing. A
bridge/switch functions at this layer. Delivery decisions are
based on the Ethernet address (also known as the Media
Access Control [MAC] address).

Hardware Describes the network hardware, including electrical signal


characteristics, such as voltage and current. A repeater
functions at this layer.

Solaris Operating Environment System Administration I & II Page 333 of 563


Solaris SA 1 & 2 - Training Material

Peer Communication
In contrast to the client/server model, the peer-to-peer communication model
is one in which each party has the same capabilities and either party can
initiate communication.

Encapsulation and De-encapsulation


When systems communicate with each other, data can be thought of as
flowing down the model from the application layer to the hardware layer,
across the network connection, and then flowing up the model on the target
system from the hardware layer to the application layer.

A header is added to each segment received on the way down the model, and a
header is removed from each segment on the way up the model, as shown in
Figure 2-2.

Each header contains specific address information so that the layers on the
remote system know how to forward the communication.

Figure 2-2 Simplified Encapsulation and De-encapsulation


Between System I and System 2 Using the TCP/IP Model

Solaris Operating Environment System Administration I & II Page 334 of 563


Solaris SA 1 & 2 - Training Material

Common Protocols and Applications in the Solaris Operating


Environment
A protocol is a set of rules governing the exchange of data between _. Protocols can exist at
each layer in a telecommunication session. Both end points must recognize and observe the
protocols.

Protocols are described in an industry or international standard. For example,


on the Internet, there are the TCP/IP protocols consisting of:

• Transmission Control Protocol (TCP), which uses a set of rules to


exchange messages with other Internet points at the information packet
level.

• Internet Protocol (DP), which uses a set of rules to send and receive
messages at the Internet-address level.

Specific protocols are related with each layer of the network models. Table 2-
3 shows some of the protocols associated with each layer of the TCP/IP
network model.

Table 2-3 Protocols and Network Model Layers

TCP/IP Layer TCP/IP Protocol and Applications

Application NFS/NIS+, DNS, SMTP, DHCP, SNMP,


HTTP, RPC, RIP, rlogin, telnet, and ftp,

Transport TCP and UDP

Internet IP, ARP, RARP, and ICMP

Network interface Ethernet, ATM, FDDI, and PPP

Solaris Operating Environment System Administration I & II Page 335 of 563


Solaris SA 1 & 2 - Training Material

TCP/IP Protocol Descriptions


The following sections describe the TCP/IP protocols.

Network Interface Layer Protocols

The network layer protocols consist of the following: -


• Ethernet is a type of local area network (LAN) that enables real-time
communication between machines connected directly through cables.

• Asynchronous Transfer Mode (ATM) is a dedicated, connection-switching


technology that organizes digital data into 53-byte cell units and transmits
them over a physical medium using digital signal technology.

• Fiber Distributed Data Interface (FDDI) specifies a 100-Mbytes-per-


second, token-passing, dual-ring LAN using a fiber-optic transmission
medium. It defines the physical layer and media-access portion of the link
layer.

• Point-to-Point Protocol (PPP) transmits IP datagrams over serial point-to-


point links.

Internet Layer Protocols

The internet layer protocols consist of the following-.

• Internet Protocol (IP) determines the path a packet must take, based on the
destination host's IP address. Both IPv4 and IPv6 are supported.

• Address Resolution Protocol (ARP) defines the method that map a 32-bit
IP address to a 48-bit Ethernet address.

• Reverse Address Resolution Protocol (RARP) is the reverse of ARP. It


maps a 48-bit Ethernet address to a 32-bit'IP address.

Note - ARP and RARP are not used in Internet Protocol, version 6 (IPv6).

Solaris Operating Environment System Administration I & II Page 336 of 563


Solaris SA 1 & 2 - Training Material

• Internet Control Message Protocol (ICMP) defines a set of error and


diagnostic feedback messages for the IP. ICMP has support for IPv4 (with
ICMPv4) and IPv6 (with ICMPv6).

Transport Layer Protocols

The transport layer protocols consist of the following:

• Transmission Control Protocol (TCP) is a connection-oriented protocol


that provides the full duplex, reliable service on which many application
protocols depend.

• User Datagram Protocol (UDP) provides a half-duplex, non-acknowledged


delivery service.

Application Layer Protocols

The application layer protocols consist of the following:

• Network File System (NFS) is a client-server application that enables you


to view and, optionally, store and update files on a remote system as
though they were on your own system.

• Network Information System (NIS) and Network Information System Pius


(NIS+) are network-naming and administration systems.

• Dynamic Host Configuration Protocol (DHCP) automates the assignment


of IP addresses in an organization's network.

• Domain Name System (DNS) is a distributed database that maps host


names to IP addresses.

• Hypertext Transfer Protocol (HTTP) is used by the world wide web to


display text, pictures, sounds, and other multimedia information with a
web browser.

• Remote Procedure Call (RPC) is a protocol that one program can use to
request service from a on another system in the network without needing
to understand network details.

• Routing Information Protocol (RIP) provides for automated distribution of


routing information between systems.

Solaris Operating Environment System Administration I & II Page 337 of 563


Solaris SA 1 & 2 - Training Material

• Simple Mail Transport Protocol (SMTP) provides for delivery of mail


messages.

• Simple Network Management Protocol (SNMP) is the language that


allows for the monitoring and control of network devices.

• rlogin is a service, offered primarily by UNIX® systems, which enables


users of one system to connect to other systems across the intranet, and to
interact as if their terminals were connected to the systems directly.

• telnet is a service that enables users of one system to connect to other


systems across the Intranet, and to interact as if their terminals were
connected to the systems directly. \

• File Transfer Protocol (FTP) transfers a file by copying a file from one
system to another system.

Solaris Operating Environment System Administration I & II Page 338 of 563


Solaris SA 1 & 2 - Training Material

Network Files and Commands


You must configure network interfaces to allow peer-to-peer communication.
You can use many files and commands to manipulate the networking
characteristics of a system installed with the Solaris Operating Environment.

This section introduces you to some of the common files and commands,
including those used for:

• Identifying a host

• Determining network configuration

• Troubleshooting a network

• Providing network services

• Providing remote procedure calls

Solaris Operating Environment System Administration I & II Page 339 of 563


Solaris SA 1 & 2 - Training Material

Displaying the MAC Address


There are numerous ways to display a system's hardware address, also known
as the media access control (MAC) address and as the Ethernet address. The
MAC address is usually required by system administrators when configuring a
system needing to be jump-started.

The ifconfig -a Command

You can use the ifconfig command with the -a switch to display the system's
hardware address. This address is displayed only if the root user issues the
ifconfig command. Only the IP address information is displayed if a non-root
user issues the ifconfig command.

ifconfig -a
lo0: flags=1000849<UP,LOOPBACK, RUNNING /MULTICAST, IPv4> mtu 8232 index
1 inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,MULTICAST,IPv4> mtu 1500 index 2 inet
192.168.10.25 netmask ffffff00 broadcast 192.168.10.255
ether 8:0:20:a2:ll:de

The banner Command

You can also retrieve the MAC address from a system that has not yet been
booted by typing banner at the ok prompt.

ok banner

Sun Ultra 5/10 UPA/PCI (UltraSPARC-II 300MHz) , Keyboard, Present


OpenBoot 3.1.1 64 MB memory installed, Serial #9361102.
Ethernet address 8:0-.20:8e-.d6:ce, HostlD: 808ed6ce.

Solaris Operating Environment System Administration I & II Page 340 of 563


Solaris SA 1 & 2 - Training Material

Configuring Interfaces at Boot Time


System interfaces can be automatically configured at boot time if the
supporting files have appropriate entries.

The /etc/rcS.d/S30network.shFile

The /etc/rcS.d/S30network.sh file is one of the startup scripts that are run each
time the system is booted. This script uses the ifconfig utility to configure each
interface with an IP address and other required network information. The
script searches for files called hostname .xxn in the /etc directory where xx is
an interface type and n is the instance of the interface. The
/etc/ho3i.name.hmeO is an example of a host-name file.

Note - This is a new file In Solaris Operating Environment. It is functionally


similar to the file /etc/rcS.S30 rootusr in older Solaris releases.

The /etc /hostname.xxn File


The /etc/hostname. xxn file contains only an entry for the interface. This host
name must exist in the /etc/hosts file so that it can resolve to an IP address at
system boot time. An example of the file contents is

# cat / etc/hostname.hme0
host1
#

Note – Creating an empty /etc/hostname6.xxn file causes the Solaris Operating


Environment to automatically IPv6 interface. This also occurs if the Ipv6 is
enabled during installation of the Solaris Operating Environment.

Solaris Operating Environment System Administration I & II Page 341 of 563


Solaris SA 1 & 2 - Training Material

The /etc/hosts File


The /etc/hosts file contains at least loop-back and host information. For
example:

# cat /etc/hosts
* Internet host table
127.0.0.1 localhost loghost
192.1.68.10.25 hostl

The localhost and loghost are both assigned to the loop-back address and the
interface name, hostl, is assigned to a different IP address.

Solaris Operating Environment System Administration I & II Page 342 of 563


Solaris SA 1 & 2 - Training Material

Important Files and Utilities


The following files and commands play a key role in the administration of the
Solaris Operating Environment.

The /etc/nodename File

Each Solaris Operating Environment has a host name, which is used by


persons when referring to a system. You can change the host name by editing
the /etc/nodename file and rebooting. The following is an example of a
system's /etc/nodename file:

# cat /etc/nodename
hostl

A system's, host name and the name of its network interfaces do not need to be
the same and are often different.

Determining the Current Network Configuration


Use the ifconfig -a command to display the settings of all configured
interfaces; for example:

# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNIN3, MULTICAST, IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff 000000
hme0: f lags=1000843<UP, BROADCAST, RUNNH-JG, MULTICAST, IPv4> mtu 1500
index 2 inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255
ether 8:0:20:a2 :ll:de
hmel: flags=1000843<UP, BROADCAST, RUNNING, MULTICAST. IPv4> mtu 1500
index 2 inet 192.9.200.201 netmask ffffff00 broadcast 192.9.200.255
ether 8: p: 20:a2: ll:de

The hme0 interface is up, running, and configured with


192. 168. 10. 25 as its IP address.

Solaris Operating Environment System Administration I & II Page 343 of 563


Solaris SA 1 & 2 - Training Material

You can also use the ifconfig utility to manually change the IP address of an
interface. For example, to change the IP address to 192.168.10.37, execute the
following commands:

# ifconfig hme0 down


# ifconfig hme0 192.168.10. 37 up
# ifconfig -a
lo0: flags=1000849<UP, LOOPBACK, RUNNING, MULTICAST, IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: £lags=1000843<UP, BROADCAST, RUNNING, MULTICAST, IPv4> mtu 1500
index 2
inet 192.168.10.37 netmask ffffff00 broadcast 192.168.10.255
ether 8:0:20:a2:11:de
hmel: flags=1000843<UP. BROADCAST .RUNNING, MULTICAST, IPv4 > mtu 1500
index 2
inet 192.9.200.201 netmask ffffff00 broadcast 192.9.200.255
ether 8:0:20:a2:11:de

Network Troubleshooting Utilities

Two of die most common network troubleshooting utilities are the packet
internet groper (ping) and the snoop utility. Use the ping utility to determine if
another system can be contacted over the TCP/IP network. For example:

# ping host2
host2 is alive

A response of no answer from host2 indicates that host2 is not available on the
network.

Use the snoop utility to determine what information is actually traveling


between systems. The snoop utility can show what actually happens when one
system uses the ping utility to communication with another system. For
example:

# snoop hostl host2


host1 --> host2 ICMP Echo request
host2 --> hostel ICMP Echo reply

The snoop utility can also use audible clicks to notify you of any network
traffic by using the -a switch. Although noisy, this is especially useful when
troubleshooting a JumpStart™ or Dynamic Host Configuration Protocol
(DHCP) boot without the help of a second person in a large room.

Solaris Operating Environment System Administration I & II Page 344 of 563


Solaris SA 1 & 2 - Training Material

For example, to hear audible clicks for all network traffic related to a DHCP
boot, execute the following:

# snoop -a dhcp

Some additional snoop options include:

• snoop -V

Provides a summary verbose output

• snoop -v

Provides a detailed verbose output

• snoop -o filename

Redirects the snoop Activity output to filename

• snoop -i filename -V |more

Displays packets that were previously captured in filename

Solaris Operating Environment System Administration I & II Page 345 of 563


Solaris SA 1 & 2 - Training Material

Network Services
Each network service requires a server process to respond to a client request.

The Internet Service Daemon (inetd)

A special network process, inetd, runs on each system to listen on behalf of


many server processes that are not started at boot time. The inetd process starts
these server processes when the appropriate service is requested.

The inetd process is informed of the services to listen for and the
corresponding processes to start through the /etc/inet/inetd.conf file. For
example:

# grep ftp /etc/inet/inetd.conf


ftp stream tcp nowait root /usr/sbin/in.ftpd

If a change is made to the /etc/inet/inetd.conf file, a hang-up . signal must be


sent to the inetd process to force it to reread the configuration file. For
example:

# pkill -HUP inetd

Port Numbers
Each network service uses a port that represents an address space, which is
reserved for that service. A client usually communicates with a server through
a well-known port. Well-known ports are listed in the /etc/services file. For
example:

# grep telnet /etc/services


telnet 23/tcp
#

The example shows that the telnet service uses well-known Port 23 and uses
the TCP protocol.

Solaris Operating Environment System Administration I & II Page 346 of 563


Solaris SA 1 & 2 - Training Material

Remote Procedure Call (RFC)


Each network service must have a unique port number that is agreed upon by
all hosts in the network. This is an increasingly difficult task given the number
of systems on any network and the number of network services that the
systems are capable of running.

Sun Microsystems™ developed an extension to the client-server model known


as a remote procedure call (RFC). When using an RFC service, a client
connects to a special server process, rpcbind, which is a well-known registered
Internet service.

The rpcbind process registers port numbers associated with each RFC service
listed in the /etc/rpc file. The rpcbind process receives all RFC-based client
application connection requests and sends the client the appropriate server port
number. For example, the sprayd entry is listed in the /etc/rpc file, and looks
like the following:

# grep spray /etc/rpc


sprayd 100012 spray
#

This shows that the sprayd daemon has a program number of 100012 and is
also known as spray.

Checking for Registered Services

Use the rpcinfo utility with the -p switch to list registered RFC programs. For
example, to determine if the sprayd daemon is registered, execute the
following:

# rpcinfo -p hostl | grep sprayd


100012 1 udp 32805 sprayd
#

Solaris Operating Environment System Administration I & II Page 347 of 563


Solaris SA 1 & 2 - Training Material

Stopping a Network Service


Use the rpcinfo utility with the -d switch to unregister an RFC program, which
effectively stops the service. For example, to stop the spray service, execute
the following:

# rpcinfo -d sprayd 1

To verify the service has been stopped, execute the following:

# rpcinfo -p | grep sprayd


#

Starting a Network Service

You can register RFC network services by sending an HUP (Hangup) signal to the
inetd process. For example, to start the spray service again, execute the following:

# pkill -HUP inetd

To verify the service has been registered again, execute the following:

# rpcinfo -p | grep sprayd


100012 1 udp 42288 sprayd

Solaris Operating Environment System Administration I & II Page 348 of 563


Solaris SA 1 & 2 - Training Material

Check Your Progress


Before continuing on to the next module, check that you are able to
accomplish the following:

• Define the function of each layer within the seven-layer OSI model and the
five-layer TCP/IP model

• Describe the contents of various network control files

• Construct command strings to perform basic monitoring operations on an,


active network

• Start and stop network services using the command line

Solaris Operating Environment System Administration I & II Page 349 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 17

SOLARIS OPERATING ENVIRONMENT syslog

Objectives

Upon completion of this module, you should be able to:

• Configure syslog message routing

• Modify log message priority and severity

• Determine the effect of the LO3HOST variable on the syslog process

• Describe the two methods of--starting the syslogd daemon

• Add entries to a system log using the logger utility

Solaris Operating Environment System Administration I & II Page 350 of 563


Solaris SA 1 & 2 - Training Material

The syslog Facility


The syslog () function sends messages generated by the kernel and system
utilities to the syslogd daemon. Depending on the configuration of the
/etc/syslog.conf file, this daemon can:

• Write messages to a system log

• Write messages to the system console

• Forward messages to a list of users

• Forward messages to the syslogd on other hosts over the network

The most valuable feature of syslog is that it puts you in control of message
logging. This enables you to decide which messages are to be kept and where
the messages are to be placed.

Solaris Operating Environment System Administration I & II Page 351 of 563


Solaris SA 1 & 2 - Training Material

The syslog Concept

Programs/ Processes Destinations


Generates messages Messages

Kernel syslogd Logs messages


Daemons Writes messages
User processes forwards messages
Logger command Reads
Etc/syslog.conf

Figure 3.1 syslog concept

Solaris Operating Environment System Administration I & II Page 352 of 563


Solaris SA 1 & 2 - Training Material

Controlling the Behavior of syslogd


Many processes are programmed to generate messages at various levels of
importance in response to actions taken, or conditions encountered, during-
operation.

You can control the manner in which syslogd manages these messages by
modifying the /etc/syslog . conf configuration file. Prom this configuration
file, you can instruct syslogd to sort messages by their source or their
importance and route them to a specified destination.

Solaris Operating Environment System Administration I & II Page 353 of 563


Solaris SA 1 & 2 - Training Material

Configuring the /etc/syslog. conf File


A configuration entry in the /etc/syslog.conf file consists of two tab-separated
fields: selector and action.

The selector field consists of a facility and a level written as facility, level.
Facilities represent categories of system processes that can generate messages.
Levels represent the severity or importance of the message.

The action field determines where to send the message.

For example, placing the following entry in the /etc/syslog.conf file causes
error messages for all facilities to be sent to the /var/adm/messages file:

* . err /var/adm/messages
where
* . err Is the selector field; is the facility, is the delimiter, and
err is the level of the message

/var/adm/messages Is the action field

Caution -Only use tabs as white space in the /etc/syslog.conf file.

Selector Field

The selector field is a semicolon-separated list of priority specifications of the


form:

facility, level; facility. level.

Solaris Operating Environment System Administration I & II Page 354 of 563


Solaris SA 1 & 2 - Training Material

Facility is a system facility that is defined by the items shown in Table 3-1.

Table 3-1 Facility

kern Messages generated by the kernel.

user Messages generated by user processes. This is the


default priority for messages from programs or facilities not listed in this file.

mail The mail system.

daemon System daemons, such as in. ftpd and telnetd

auth The authorization system including login, su, and


getty.

syslog Messages generated internally by syslogd

lpr The line printer spooling system - lpr and lpc.

news Files reserved for the USENET network news system.

uucp The UNIX-to-UNIX copy (UUCP) system; does not use


syslog.

cron The cron and at facilities, including crontab, at, and


cron.

Local0-7 A field reserved for local use.

mark Time-stamp messages produced internally by


syslogd

* All facilities, except the mark facility.

Note - You can use the * to select all facilities (for example * .err); however, you
cannot use it to select all levels for a facility (for example, kern. *)

Solaris Operating Environment System Administration I & II Page 355 of 563


Solaris SA 1 & 2 - Training Material

Level is the severity of the message. Levels in order of descending order of severity are
shown in

Table 3-2 Levels

emerg Panic conditions that are normally to be broadcast to all users.

alert Conditions that should be corrected immediately, such as a corrupted system


database.

Crit Warnings about critical conditions, such as hard device errors.

err Other errors.

warning Warning messages.

notice For conditions that are not error conditions, but might
require special handling,

info Informational messages.

debug Messages that are normally used only when debugging


a program.

The none message is normally used only when debugging a program. The none message
appears when messages are not sent from the indicated facility to the selected file; for
example, a selector of * .debug; mail.none sends all messages except mail messages to the
selected file.

Note - Not all levels of severity are implemented for all facilities in the same
way. For more information, refer to the online manual pages.

Solaris Operating Environment System Administration I & II Page 356 of 563


Solaris SA 1 & 2 - Training Material

Action Field
The action field defines where the message should be forwarded. It can have
any one of the following forms:

• /filename

The absolute path for log file is required.

Note —this file must be manually created if it does not exist.

• @host

You must prefix the host name or IP address with an @ sign. Messages
are forwarded to the syslogd of the remote system.

• userl, user2
userl and user2 receive messages if they are logged in.

• *

All logged-in users will receive messages.

Solaris Operating Environment System Administration I & II Page 357 of 563


Solaris SA 1 & 2 - Training Material

The /etc/syslog.conf File


A sample /etc/syslog.conf configuration file is:
# ident "@(ft)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998, by Sun Microsystems, Inc.
# All rights reserved
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote ('') names
# that match m<l reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
* .err;kern.notice,-auth.notice /dev/sysmsg
*. err; kern, debug; daemon, notice; mail, cr it /var/adm/messages
*.alert;kern .err;daemon.err operator
*.alert- root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
# auth.notice if:def (>LOGHOST', /var/log/authlog, (? loghost)

mail.debug i fde f (v LOGHOST', /var/log/authlog, ©loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef (‘LOGHOST',
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert 'root, operator'
user.emerg *

Solaris Operating Environment System Administration I & II Page 358 of 563


Solaris SA 1 & 2 - Training Material

Starting and Stopping syslogd


The configuration file is read each time syslogd starts. The /etc/rc2
.d/S74syslog file starts syslogd during each system boot.

You can manually start or stop syslogd, if the configuration file has been
modified, with the command:

# /etc/init.d/syslog start | stop

Solaris Operating Environment System Administration I & II Page 359 of 563


Solaris SA 1 & 2 - Training Material

Syslogd and them4 Macro Processor


The syslogd daemon, the m4 macro processor, and the /etc/syslog.conf file
interact, in conceptual phases, to determine correct message routing. These
conceptual phases are described as:

1. syslogd runs m4.


2. m4 processes ifdef statements in /etc/syslog .conf.
3. syslogd uses m4 output to route messages to the appropriate places.

On first evaluation, it appears the syslogd daemon receives message-log


routing information from the /etc/syslog .conf file. However, syslogd does not
read the /etc/syslog.conf file directly. Instead, syslogd starts m4, which parses
the /etc/syslog.conf file for ifdef statements that can be interpreted by m4.

If m4 does not recognize any m4 commands on a line, it passes the output


back to syslogd as a two-column output that syslogd then uses to route
messages to appropriate destinations. If m4 encounters an ifdef statement
within the /etc/syslog.conf file, the ifdef is evaluated for a true or false
condition, and message routing occurs relative to the output of the test.

Figure 3-2 The m4 Macro Processor

Solaris Operating Environment System Administration I & II Page 360 of 563


Solaris SA 1 & 2 - Training Material

Detailed Operation
You must first consider two examples of the host systems
/etc/hosts file

Note-These /etc/hosts file examples have been excepted for brevity.

Example A

192.9.200.1 hostl loghost


192.9-200.2 host2

Example B

192.9.200 1 host1
192.9.200.2 host2 loghost

You mist next consider two examples of the m4 command line.

1. /usr/ccs/bin/m4 /etc/syslog. Conf.


2. /usr/ccs/bin/m4 –d LOGHOST /etc /syslog. conf

Solaris Operating Environment System Administration I & II Page 361 of 563


Solaris SA 1 & 2 - Training Material

Phase 1
When syslogd starts on boot, syslogd evaluates the /etc/hosts file to check the
IP address associated with the hostname compared to the IP address associated
with the loghost.

In Example A, hostl and loghost are both associated with IP address


192.9.200.1; therefore, syslogd runs the second command line, /usr/ccs/bin/m4
-D LOGHOST that causes the m4 LOGHOST variable to be evaluated as
TRUE during the parsing of the /etc/sylog . conf file.

In Example B, hostl is associated with IP address 192.9. 200 .1, while host2
and loghost are both associated with IP address 192. 9. 200. 2; therefore,
syslogd runs the first command line, /usr/ccs/bin/m4 (no -D LOGHOST) that
causes the m4 LOGHOST variable to be evaluated as FALSE during the
parsing of the /etc/sylog.conf file.

Solaris Operating Environment System Administration I & II Page 362 of 563


Solaris SA 1 & 2 - Training Material

Phase 2
In the second phase, the m4 macro processor parses the /etc/syslog.conf file.
For each uncommented line that is parsed, m4 searches the line for an ifdef
statement. If no ifdef is encountered on the line, m4 passes the line back to
syslogd daemon.

If the m4 finds a line with an ifdef statement, the line is evaluated for the
TRUE or FALSE condition of the LOGHOST variable, and m4 passes syslogd
the output, accordingly. For example,

mail. debug ifdef ('LOGHOST' , /var/log/authlog, @loghost)

Consider, if the LOGHOST variable was evaluated as TRUE in Phase 1, then


the m4 processor returns:

mai1.debug / var/log/authlog

If the LOGHOST variable was evaluated as FALSE in Phase 1, then the m4


processor returns:

mail.debug @ loghost

In either case, the output has an entry in the selector field and an entry in the
action field.

Phase3

In phase 2, for each line that was parsed in the /etc/syslog .conf file, m4
produced output in a two-column field: A selector field and an action field.
This information is returned to syslogd, and syslogd uses the information to
route messages to their appropriate destinations.

Once configured, syslogd continues to run with this configuration.

Solaris Operating Environment System Administration I & II Page 363 of 563


Solaris SA 1 & 2 - Training Material

Modifying inetd to Use syslog


The inetd is the server process for many network services. The inetd process
listens for service requests on the TCP (or UDP) ports associated with each of
the service listed in its configuration file. When a request arrives, inetd
executes the server program associated with the service. You can modify the
inetd to log TCP connections using, the syslogd.

inetd Manual Page Excerpt


The following online manual page excerpt for inetd shows that only the
daemon facility and the notice message level is supported:

% man inetd
Maintenance Commands
inetd (1M)

NAME

inetd - Internet services daemon


…..
…..
-t Instructs inetd to trace the incoming connections for all of its TCP
services. It does this by logging the client's IP address and TCP port number,
along with the name of the service, using the syslog (3) facility. UDP
services can not be traced. When tracing is enabled, inetd uses the syslog
facility code ‘"daemon'' and '"notice'' priority level.

Note - The Internet daemon, inetd, provides services for many network protocols
including the telnet protocol and File Transfer Protocol (FTP).

Solaris Operating Environment System Administration I & II Page 364 of 563


Solaris SA 1 & 2 - Training Material

The inetd Start up File


Using the -t option as an argument to the inetd command enables TCP tracing.
You must enable the trace option for- the inetd daemon for syslog messaging.
You add the -t option to the entry, which starts inetd in the inetsvc script in the
/etc/init.d directory.

The modified entry looks similar to the following:

# grep inetd /etc/init.d/ inetsvc


/usr/sbin/inetd -s -t &
#

Note - You must restart the inetd process for the new option to take effect.

The /etc/syslog.conf file configures the syslogd to selectively distribute the


messages sent to it; in the previous example, from inetd

# grep daemon, notice /etc/syslog.conf

* .err;kern.debug;daemon.notice;mail.crit /var/adm/messages

The notice entry in the /etc/syslog.conf file causes all daemon messages of
level notice to be sent to the /var/adm/messages file.

Note - The /var/adm/messages file must exist and you must stop and start the syslog
daemon.

Solaris Operating Environment System Administration I & II Page 365 of 563


Solaris SA 1 & 2 - Training Material

Example of syslog Logged Entry


You can monitor the syslog file, var adm/messages, in real time using the
command tail -f. This holds the file open so you view messages being routed
into this file by syslog.

# tail -f /var/adm/messages

Date/time Local Process


host name/
name PID#

Jun 14 13:15:39 hostl inetd(2359] : [ID 317013 daemon.notice] telnet [2361;from


192.9.200.1 45800

IP address Port Msg ID#/ Incoming


number selector facility. level request/
PPID#

Figure 3-3 . Example of syslog Logged. Entry

The preceding output logs a telnet request to system hostl from IP address
192.9.200.1 on port 4580:.

To exit, press Control-C

Note - You can use scripts to automatically parse the log files and send notification to
support personnel should any unusual activity exist.

Solaris Operating Environment System Administration I & II Page 366 of 563


Solaris SA 1 & 2 - Training Material

The logger Utility


With the logger command, you can add one-line entries to a system log file.
Typically, you can use the logger command as part of a script.

Command For mat

logger [ -i ] [ -f file ] t -p priority ) [ -t tag ] [ message ]

Command Options

• -f file

Uses the contents of file as the message to log (file must exist).

• -I

Logs the process ID of the logger process with each line.

• -p priority

Enters the message with the specified priority.

• -t tag

Marks each line added to the log with the specified tag.

• Message

Concatenates the string arguments in the message together, in the order


specified, separated by single-space characters.

Solaris Operating Environment System Administration I & II Page 367 of 563


Solaris SA 1 & 2 - Training Material

Examples
The following example logs the System rebooted message to the default
priority level notice and the facility user for syslogd

# logger System rebooted

The System rebooted message should be logged to the file designated for the
user .notice selector field. However, if you investigate further, you will find
that the user .notice selector field is not configured (by default) in the
/etc/syslog.conf file. You can either add the user.notice selector field to the
/etc/syslog .conf file, or you can prioritize the output as follows:

# logger -p user.err System rebooted

Changing the priority of the message to user .err will route the message to the
/var/adm/messages file as indicated in the /etc/syslog.conf file.

Solaris Operating Environment System Administration I & II Page 368 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 18

SOLARIS PSEUDO FILE SYSTEMS AND SWAP SPACE

Objectives

Upon completion of this module, you should be able to:

• List the Solaris pseudo file system types

• Describe the relationship between system processes and the /proc directory

• Describe how the tmpf s file system improves performance

• Use the dumpadm program to display system dump configuration

• Use the coreadm command to display core file configuration

• Create and add a swap file or partition to the swap space

Solaris Operating Environment System Administration I & II Page 369 of 563


Solaris SA 1 & 2 - Training Material

Solaris Pseudo File Systems

Pseudo file systems are sometimes called RAM-based file systems. Their
most, distinguishing feature is that they do not reside on hard physical media.
They reside only in physical memory while the operating system is running.

You use pseudo file systems to increase performance. They enhance


performance because they provide access to data in physical memory, instead
of disk-based structures. They enable the use of typical file system operation
semantics (for example, the use of the standard system calls) for access to the
underlying data structures.

The pseudo file systems supported in the Solaris Operating Environment


include:

• procfs -The Process file system contains a list of active processes, named
according to process number, in the /proc directory. Information in this
directory is used by commands, such as the ps command. See the proc(4)
man page.

• tmpfs -The Temporary file system for file storage in memory without the
overhead of writing to a disk-based file system. It is created and destroyed
every time the system is rebooted.

• fdfs -The File Descriptor file system provides explicit names for opening
files using file descriptors (for example, /dev/ fd/0, /dev/fd/1, /dev/fd/2) in
the /dev/£d directory.

• swapfs -The Swap file system is used by the1 .kernel to manage swap
space on disk(s).

Solaris Operating Environment System Administration I & II Page 370 of 563


Solaris SA 1 & 2 - Training Material

The /proc File System


The /proc directory is a mount point for a pseudo file system that provides
access to the stale of each process and light-weight process (LWP) in the
system. You can write applications to access this state information using the
standard system calls.

The process information stored in the /proc file system changes as the process
moves through its life cycle.

Beginning with the Solaris 2.6 Operating Environment release, the previously
flat /proc file system was restructured into a directory hierarchy that contains
additional subdirectories for state information and control functions.

The following are the characteristics of the new directory structure of /proc:

• The name of each entry in the /proc directory is a decimal number


corresponding to a process ID.

• Each process ID named directory in /proc has files that contain more
detailed information about that process.

• The owner of each file in /proc directory and below is determine by the
user ID of the process.

The/proc directory is mounted at system boot time by scripts call from/


sbin/rcS. The following example from the /etc/vfstab file shows the mounting
of the proc file system on the /proc mount pc.

#device device mount FS fsck mount mount


#to mount to fsck point type pass at boot options

/proc - /proc proc - no -

Solaris Operating Environment System Administration I & II Page 371 of 563


Solaris SA 1 & 2 - Training Material

The tmpfs File System

The tmpfs file system uses the virtual memory (VM) subsystem. Once this file
system is mounted, it supports standard file operations and semantics. Files
and directories in this file system are temporary and are released when the
tmpfs is unmounted or the system reboots.

This file system supports better performance by maintaining files and


directories in RAM. This performance enhancement is most noticeable when a
large number of short-lived files are written and accessed on this file system.

The following example from the /etc/vfstab file shows the mounting of tmpfs
on the virtual memory subsystem at boot time:

device device mount FS fsck mount mount


to mount to fsck point type pass at boot options
swap - /tmp tmpfs - yes -

As a result of using tmpfs, all data written to /tmp is written to RAM if space
is available. If RAM space is not available, then any data written to /tmp is
written to swap space instead.

Solaris Operating Environment System Administration I & II Page 372 of 563


Solaris SA 1 & 2 - Training Material

The fdfs File System

The fdfs file system is a pseudo file system that maintains a repository of file
descriptors for open files. Running programs access files by using these file
descriptors.

The following example from the /etc/vfstab file shows the mounting of the
fdfs file system on the /dev/fd mount point at system boot time:

# device device mount FS fsck mount mount


#to mount to fsck point type pass at boot options
fd - /dev/fd fd - no -

Table 5-1 describes each file descriptor.

Table 5-1 File Descriptor Usage

File Descriptor Description

/dev/fd/0 Standard input(stdin)

/dev/fd/1 Standard output(stdout)

/dev/f.d/2 Standard error(stderr)

/dev/fd/3 Name of file (file)

Solaris Operating Environment System Administration I & II Page 373 of 563


Solaris SA 1 & 2 - Training Material

The swapfs File System


The Solaris Operating Environment software can use disk partitions for
temporary memory storage, in addition to using partitions to store file systems.
Partitions used to store memory images are called swap partitions.

Swap partitions are used as virtual memory storage areas when the system
does not have enough physical memory to handle the needs of the currently
running processes. Additionally, swap files can be used to augment swap
space.

Figure 5-1 Swap Space Definition

Virtual and Physical Addresses

The Solaris virtual memory system maps the files on disk to virtual addresses
in memory. As the instructions or static data in those files are needed, the
virtual memory system maps the virtual addresses in memory lo real physical
addresses in memory. The data or instructions in those files are then paged
from the disk into physical memory for use by the CPU. These types of
physical pages of memory are always backed by known files on the disk.

Solaris Operating Environment System Administration I & II Page 374 of 563


Solaris SA 1 & 2 - Training Material

Anonymous Memory Pages


In addition to containing program instructions or static data, physical memory
pages can contain private data or stack information generated by running
processes. The information in these pages of physical memory is not backed
by a file in the file system. Therefore, these pages can be backed only by swap
space on disk in the event that they must be temporarily paged out of memory.
Because these private data or stack pages in physical memory are not backed
by an actual file on the disk, but solely by swap space, they are referred to as
anonymous memory pages.

Solaris Operating Environment System Administration I & II Page 375 of 563


Solaris SA 1 & 2 - Training Material

Reserving Swap Space


When a process is run by the kernel, swap space for any private data or stack
space used by the process must be reserved. This reservation occurs just in
case the private data or stack information would have to be paged out of
physical memory, due to multiple processes contending for limited memory
space.

Without the use of virtual swap, large amounts of physical swap space would
have to be configured on systems to accommodate these reservations. Even
systems capable of avoiding paging by having large amounts of physical
memory available would still need large swap areas configured for these
reservations just in case.

However, with the virtual swap space provided in the Solaris Operating
Environment by the swapfs file system, the need for configuring large
amounts of physical swap space can be reduced on systems with large
amounts of available memory. This reduced need for physical swap space can
occur because swapfs provides virtual swap space addresses rather than real
physical swap space addresses in response to the requests to reserve swap
space.

With swapfs providing virtual swap space, real physical swap space is
required only with the onset of paging, due to processes contending for
memory. In this situation, swapfs must convert the virtual swap space
addresses to physical swap space addresses for paging to actual swap space to
occur.

Criteria for Swap Space

With the addition of swapfs, the size of swap space is based entirely on two
criteria:

• To save any possible panic dumps resulting from a fatal system failure,
there must be sufficient swap space to hold the necessary memory pages in
RAM at the time of the failure.

• The amount of RAM + swap memory must be at least equal to the


requirements of both the Solaris Operating Environment and any
concurrently running processes.

Solaris Operating Environment System Administration I & II Page 376 of 563


Solaris SA 1 & 2 - Training Material

Swap Space
If you use tmpfs, you should be aware of some constraints involved i
mounting a tmpfs file system. The resources used by tmpfs are the same as
those used when commands are executed. This means that large sized tmpf s
files can affect the amount of space left over for programs to execute.
Likewise, programs requiring large amounts of memory use up the space
available to tmpfs. Users running into this constraint (for example, running out
of space on tmpfs) can allocate more swap space by using the swap command.

You can add or delete swap space using the swap command. When swap files
or swap partitions are mounted for access by the kernel memory manager, the
file type used is swap (observe the contents of the /etc/vfstab file).

Using the swap-Command


As the system administrator, you can add swap files or partitions.

Command Format
swap [ options ] [ argument ]

Options

• -l

Lists swap space

• -a

Adds to swap

• -d

Deletes from swap e

• -s

Summarizes swap space

Solaris Operating Environment System Administration I & II Page 377 of 563


Solaris SA 1 & 2 - Training Material

Adding a Swap File

Fig are 5-1 illustrates the allocation of swap space.

Allocated

used
Reserved
swap -s

Available

Figure 5-2 Swap Space Allocation

To add a swap file, complete the following steps:

1. List a summary of the system's virtual swap space.

# swap — s
total: 25728k bytes allocated + 6140k reserved = 31868k used, 56496k
available

2. List the details of the system's physical swap space.

# swap -1
swapfile dev swaplo blocks free
/dev/dsk/c0t3d0sl 32,28 8 98752 90384

3. Using the df command, display the amount of disk space occupied by


currently mounted file systems, the amount of used and available
space, and how much of the file system's total capacity has been used.
From, this output, determine which partition has enough space for a
swap file of at least 20 Mbytes.
# df -k
File system kbytes used avail Capacity Mounted on
/dev/dsk/c0t3d0s0 245455 87061 58149 36% /
/dev/dsk/c0t3d0s6 480815 375163 105172 79% /usr
/proc 0 0 0 0% /proc
fd 0 0 0 0% /dev/fd
/dev/md/dsk/d0 231815 82 231502 1% /export/data
/dev/md/dsk/d1 67159 9 67083 1% /export/swap
swap 103844 204 103640 1% / tmp

Solaris Operating Environment System Administration I & II Page 378 of 563


Solaris SA 1 & 2 - Training Material

The /export/data file system appears to have more than enough space to create
an additional swap file. Create a 20-Mbyte swap file named swapfile in the
/export/data directory.

# mkfile 20m /export/data/swapfile

4. Add a swap file to the system's swap space.

# swap -a /export/data/swapfile

5. List the details of the modified system swap space.

# swap -1

swapfile dev swaplo blocks free


/dev/dsk/cOt3dOsl 32/28 8 98792 90384
/export/data/swapfile - 8 20472 20472

6. List a summary of the modified system swap space.

# swap -s
total: 25728k bytes allocated -t- 6140k reserved = 31868k used, 66708k
available

Removing a Swap File

To remove a swap file, complete the following steps:

1. To delete a swap file while online, issue the following command.


(Deleting the swap file stops swapping and empties the specified disk
space.)

# swap -d /export/data/swapfile

3. Remove the swap file to free disk space.

# rm /export/data/swapfile

Solaris Operating Environment System Administration I & II Page 379 of 563


Solaris SA 1 & 2 - Training Material

Adding a Swap Slice

To add a swap slice, complete the following steps:

1. Add information about the swap partition you created to the file system
table (the /etc/vfstab file).

# vi /etc/vfstab
# device device mount FS fsck mount mount
# to mount to fsck point type pass at boot opt
/dev/dsk/c0t2d0sl - - swap - no -

2. Reboot the system or use the swap -a command to add the additional
swap area.

Adding a Permanent Swap File Using the /etc/vfstab File

To add a permanent swap file, complete the following steps:

1. Edit the /etc/vfstab file and add the entry for the file.

# vi /etc/vfstab
# device device mount FS fsck mount mount
# to mount to fsck point type pass at boot opt
/ export /data /swapfile - - swap - no -

2. Reboot the system or use the swap -a command to add additional swap
space.

Solaris Operating Environment System Administration I & II Page 380 of 563


Solaris SA 1 & 2 - Training Material

The dumpadm Command


The dumpadm program is an administrative command that manages the
configuration of the operating system crash dump facility.

Note - A panic dump contains a copy of the "interesting portions" of physical


memory at the time of a fatal system error.

If a fatal operating system error occurs, a message describing the error is


printed to the console. The operating system then generates a crash dump by
writing the contents of physical memory to a predetermined dump device,
which is typically a local disk partition. The dump device can be configured
by using dumpadm. Once the crash dump has been written to the dump device,
the system reboots.

Fatal operating system errors can be caused by bugs in the operating system,
its associated device drivers and loadable modules, or by faulty hardware.
Whatever the cause, the crash dump itself provides invaluable information to
your support engineer to aid in diagnosing the problem.

Following an operating system crash, the savecore(lM.) utility is executed


automatically during a boot up to retrieve the crash dump from, the dump
device. It then writes the crash dump to a pair of files in your file system
named unix.X and vmcore.X, where X is an integer identifying the dump.

The kernel core information placed in the file


/var/crash/ 'uname -n’ /vmcore.X is accessed from the device
/dev/mem. The name list information placed in the file
/var/crash/ 'uname -n' /unix.X is accessed from the device
/dev/ksyms.

Together, these data files form the saved crash dump. The directory in which
the crash dump occurred is saved when you reboot, and you can use the
dumpadm command to configure it.

By default, the dump device is configured to be an appropriate swap partition.


Swap partitions are disk partitions reserved as virtual memory backing stoic
for the operating system, and thus no permanent information resides there to
be overwritten by the dump.

Solaris Operating Environment System Administration I & II Page 381 of 563


Solaris SA 1 & 2 - Training Material

To view the current dump configuration, execute dumpadm with no


arguments. For example:

# dumpadm
Dump content: kernel pages
Dump device: /dev/dsk/c0t0d0sl (swap)
Savecore directory: /var/crash/hostl
Savecore enabled: yes

When no options are specified, dumpadm prints the current crash dump
configuration. The previous example shows the set of default values: the dump
content is set to kernel memory pages only, the dump device is a swap disk
partition, the directory for savecore files is set to /var/crash/hostname, and
savecore is set to run automatically on reboot. The default values are set in the
/ etc/dumpadm. con f file. For example:

# cat /etc/dumpadm.conf
# dumpadm.conf
#
# Configuration parameters for system crash dump.
# Do NOT edit this file by hand — use dumpadm(1M) instead.
#
DUMPADM_DEVICE=/dev/dsk/c0t0d0sl
DUMPADM_SAVDIR=/var/crash/hostl
DUMPADM_COOTENT=kernel
DUMPADM_ENABLE=yes

Note - All modifications to the dumpadm configuration should be done at the


command line using the dumpadm utility, rather than attempting to edit the
/etc/dumpadm.conf file. This could result in an inconsistent system dump
configuration.

Solaris Operating Environment System Administration I & II Page 382 of 563


Solaris SA 1 & 2 - Training Material

Command Format
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m min k |
min m | min%] [-s savecore-dir] [-r root-dir]

• -c content-type - Specifies the contents of the crash dump,

¾ kernel - Indicates kernel memory pages only.

¾ all - Indicates all memory pages.

• -d dump-device- Modifies the dump configuration to use the specified


dump device.

¾ dump-device - Specifies a specific dump device specified as an


absolute path name, such as/dev/dsk/C#t#d#s#.

¾ swap - Specifies the special token swap. If this swap is specified, as


the dump device, dumpadm examines the active swap entries and
selects the most appropriate entry to configure as the dump device.
See swap(lM).

• -m min k | min m | min % -Creates a minfree file in the current


savecore directory indicating that savecore should maintain at least the
specified amount of free space in the file system where the savecore
directory is located.

¾ k - Indicates a positive integer suffixed with the unit k specifying


kilobytes.
¾ m - Indicates a positive integer suffixed with the unit m specifying
megabytes.
¾ % - Indicates a percent (%) symbol, indicating the minfree value
should be computed as the specified percentage of the total current
size of the file system containing the savecore directory.

• -n - Modifies the dump configuration so it does not run savecorc


automatically, on reboot.

• -r root-dir- Specifies an alternative root directory relative to which


dumpadm should create files. If no -r argument is specifies the default root directory "/" is used.

Solaris Operating Environment System Administration I & II Page 383 of 563


Solaris SA 1 & 2 - Training Material

• -s savecore-dir- Modifies the dump configuration to use the


specified directory to save files written by savecore. The default savecore directory is /var/crash/hostname where
hostname is the output of the -n option to the uname(l) command.

• -y- Indicates that savecore is automatically run on reboot. This is


the default for this dump setting.

Solaris Operating Environment System Administration I & II Page 384 of 563


Solaris SA 1 & 2 - Training Material

The coreadm Command

Use the coreadm command to specify the name or location of core files
produced by abnormally-terminating processes.

The coreadm command provide flexible core file naming conventions and
better core file retention. For example, you can use the coreadm command to
configure a system so that process core files are placed in a single system
directory. This means it is easier to track problems by examining the core files
in a specific directory whenever a Solaris process or daemon terminates
abnormally.

Two new configurable core file paths, par-process and global, can' be enabled
or disabled independent of each other. When a process terminates abnormally,
it produces a core file in the current directory, as in previous Solaris
Operating Environment releases. But if a global core file path is enabled and
set to /core flies/core, for example, then each process that terminates
abnormally produces two core files: one in the current working directory are
one in the /coreflies directory.

Note - If the core file path does not exist, you must create it.

Command Format

The following command can be ran by regular users and is used to specify the
file name pattern to be used by the operating system when generating a per-
process core file.

coreadm [-p pattern] [pid] . . .

The following command is run by root only and is used to configure, system-
wide core file options.

coreadm [-g pattern ] [-i pattern ] [ -i option ]


[ -e option ... ]

Solaris Operating Environment System Administration I & II Page 385 of 563


Solaris SA 1 & 2 - Training Material

Default coreadm Command Without Options


Using the coreadm with no options displays the typical default settings from
the /etc/coreadm.conf file.

# coreadm
global core file pattern:
init core file pattern: core
global core dumps: disabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging: disabled

The first line of output identifies the name to use for core files placed in &
global directory. When generated, a global core file is created with mode 600
and is owned by the superuser. Non-privileged users cannot examine such
files.

The second line of output identifies the name to be used if the init process
generates a core file.

The third line indicates that global core files are disabled.

The fourth line indicates that core files in the current directory are enabled.
Ordinary per-process core files are created with mode 600 under the
credentials of the process. The owner of the process can examine such files.

In the fifth and sixth lines, if setid core files are enabled, they are created with
mode 600 and are owned by the superuser.

The seventh line identifies whether the global core dump logging is enabled.

Caution - A process that has a setuid mode presents security issues with
respect to dumping core files, as it might contain sensitive information in its
address space to which the current non-privileged owner of the process should
not have access. Normally setuidcore files are not generated because of this
security issue.

Solaris Operating Environment System Administration I & II Page 386 of 563


Solaris SA 1 & 2 - Training Material

Note - Complete all modifications to the coreadm configuration at the


command line using the coreadm utility instead of editing the
/etc/coreadm.conf file. If you manually edit the coreadm configuration file,
you must reboot the system or run coreadm -u.

Viewing the /etc/coreadm.conf file verifies the same configuration parameters


that were described on page 5-18:

# cat /etc/coreadm.conf
# coreadm.conf
#
# Parameters Core system core- file configuration.
# Do NOT edit this file by hand -- use coreadm(l) instead.

COREADM_GLOB_PATTERN=
COREADM_INIT_PATTERN=core
COREADM_GLOB_ENABLED=no
COREADM_PROC_ENABLED=yes
COREADM_GLOB_SETID_ENABLED=no
COREADM_PROC_SETID_ENABLED=no
COREADM_GLOB_LOG_ENABLED=no

Patterns

A core file name pattern is a normal file system path name with embedded
variables, specified with a leading percent (%) character. These variables are
expanded from values in effect when a core file generated by the operating
system. The possible variables are:

• %p - Process ID

• %u - Effective user ID

• %g - Effective group ID

• %f - Executable file name

• %n - System node name (uname -n)

• %m - Machine hardware name (uname -m)

• %t - Decimal value of time(2)

• %% - Literal %

Solaris Operating Environment System Administration I & II Page 387 of 563


Solaris SA 1 & 2 - Training Material

Examples

The following examples show various ways to use the coreadm command.

Example 1 - Setting the Core File Name Pattern as a Regular User

When executed from a user's $HOME/ .profile or $HOME/. login, the


following command sets the core file name pattern for all processes run during
the login session:

$ coreadm -p core.%f.%p $$

Note — $$ is the process ID of the currently running shell. The per-process


core file name pattern is inherited by all child processes.

Example 2 -Dumping a User's Files into a Subdirectory

The following command dumps all of the user's core dumps into the corefiles
subdirectory of the home directory, discriminated by the system node name.
This is useful for users who use many different machines but have a shared
home directory.

$ coreadm -p $ HOME/ corefiles/'%n%f ,%p $$

Example 3 - Enabling and Setting the Core File Global Name Pattern

The following is an example of setting system-wide parameters that add the


executable file name and PID to the name of any potential core file that might
be created:

# coreadm -g / var /core /core. %f.%cp -e global

For example, the core file name pattern: /var /core/core . %f. %p causes the f
oo program with process ID 1234, to generate the core file /var/core/core . foo
. 1234 .

Solaris Operating Environment System Administration I & II Page 388 of 563


Solaris SA 1 & 2 - Training Material

To verify that this parameter is now part of the coreadm configuration,


run the coreadm command again:

#coreadm
global core file pattern: /var/core/core.%f.%p
-init core file pattern: core
global core dumps: enabled
per-process core dumps: enabled
global setid core dumps: disabled
per-process setid core dumps: disabled
global core dump logging-, disabled

Example 4 - Checking the Core File Configuration for Specific


Process IDs

The coreadm command with only a list of process IDs reports each 'process's
per-process core file name pattern, for example:

$ coreadm 278 5678


278: core.%f.%p
5678: /home/george/cores/%f. %p.%t

Only the owner of a process or the superuser can interrogate a process in this
manner.

When a core dump occurs, the operating system generates two possible core
files, the global core file and the per-process core file. Depending on the
system options in effect, one file, both files, or no files can be generated.
When generated, a global core file is created in Mode 600 and is owned by the
superuser. Non-privileged users cannot examine such files.

Ordinary per-process core files are created in Mode 600 under the credentials
of the process. The owner of the process can examine such files.

Solaris Operating Environment System Administration I & II Page 389 of 563


Solaris SA 1 & 2 - Training Material

Options Supported by coreadm

The following are some useful options to the coreadm command.

• - i pattern

Sets the per-process core file name pattern for init to pattern. This is tine
same as coreadm -p pattern 1 except that the setting is persistent across
reboot. Only a super user can use this option.

• -e option

Enables the specified core file option. Specifies the option as one of the
following:

¾ global

Allows core dumps using the global core pattern.

¾ process

Allows core dumps using the per-process core pattern.

¾ global-setid

Allows setidcore dumps using the global core pattern.

¾ proc-setid

Allows setid core dumps using the per-process core.pattern.

¾ log.

¾ Generates a syslog (3) message when, a user attempts to generate a


global core file. Only superuser can use this option.

Solaris Operating Environment System Administration I & II Page 390 of 563


Solaris SA 1 & 2 - Training Material

¾ -d option

Disables the specified core file option. See the -e option for
descriptions of possible options. Multiple -e and -d options can be
specified on the command line. Only root can use this option.

¾ -u

Updates system-wide core file options from the contents of the


configuration file /etc/coreadm. conf. If the configuration file is
missing or contains invalid values, default values are substituted.
Following the update, the configuration file is resynchronized with the
system core file configuration. Only superuser can use this option.

Solaris Operating Environment System Administration I & II Page 391 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 19

NETWORK FILE SYSTEM (NFS )

Objectives

Upon completion of this module, you should be able to:

• Describe the functions of an NFS sewer and an NFS client

• Make resources available and unavailable for mounting

• Edit the /etc/dfs/dfstab) file on an NFS server to enable automatic sharing


of resources

• Display a server's available resources for mounting

• Mount a resource from another system

• Edit the /etc/vfstab file to mount resources on an NFS client

• Describe the function of these commands: mountall, umountall, shareall,


and unshareall

• Describe and configure NFS logging

Solaris Operating Environment System Administration I & II Page 392 of 563


Solaris SA 1 & 2 - Training Material

The NFS Distributed File System


The Solaris Operating Environment supports the sharing of remote file system
resources and presents them to users as if they were local files and directories.

The sharing of remote file system resources is administered through


distributed file systems (DPS) file system types. This file system type provides
the architectural support required for mounting resources over the network.

The NFS environment contains the following components:

• NFS server - A system that contains the file resources to be shared with
other systems on the network.

• NFS client - A system that mounts the file resources shared over the
network and presents the file resources as if they were local.

Figure 6-1 illustrates an NFS environment.

Figure 6-1 NFS Distributed File System

Solaris Operating Environment System Administration I & II Page 393 of 563


Solaris SA 1 & 2 - Training Material

The Benefits of a Network Pile System

The benefits of an NFS include:

• Centralized file access

Files are located in centralized locations. You can make a copy of a file
accessible to many users or systems simultaneously. This is an especially
useful feature with home directories or common data files.

• Common software access

Systems can share one or more software packages that are located in a
central location. This reduces the disk space requirements for individual
systems.

• Easy to use

Remote file sharing is transparent to the user and to any applications,


because these resources appear as if they were resident on the local
system.

The NFS environment provides file sharing in a heterogeneous environment,


potentially containing many different operating systems, including UNIX®,
MS-DOS, and Virtual Memory System (VMS).

Note - NFS uses remote procedure calls (RPCs) and external data
representation (XDR). XDR library routines allow programmers to describe
arbitrary data structures in a machine-independent fashion.

Solaris Operating Environment System Administration I & II Page 394 of 563


Solaris SA 1 & 2 - Training Material

NFS Distributed File System Components

The DPS administration files, commands, and daemons necessary for sharing
and mounting NFS file resources are illustrated in Figure 6-2, for both an NFS
server and an NFS client.

NFS server NFS client

Daemons: Daemons:
mountd, nfsd, statd, and statd and lockd
lockd, nfslogd
Files:
Files: - /etc/vfstab
- /etc/dfs/dfstab - /etc/mnttab
- /etc/dfs/sharetab - /etc/dfs/fstypes
- /etc/dfs/fstypes
- /etc/rmtab Commands:
- /etc/nfs/nfslog.conf
- /etc/default/nfslogd mount
- /etc/nfs/nfslogtab umount
mountall unmountall
Commands: dfshares
dfmounts
share
unshare
shareall
unshareall
dfshares
dfmounts

Figure 6-2 NFS Files, Commands, and Daemons

Solaris Operating Environment System Administration I & II Page 395 of 563


Solaris SA 1 & 2 - Training Material

The NFS Daemons

NFS operation requires daemons running on the NFS server and NFS client.

The Mount Daemon

When an NFS client issues an NFS mount request, the mount process contacts
the NFS server's mount daemon, /usr/lib/nfs/mountd, to get & file handle
(pointer) for the file resource to be mounted.

The NFS client mount process then writes the file handle (along with other
information about the mounted resource) to the /etc/mnttab file.

NFS Server Daemons

When a process on a client attempts to access a remote file resource the NFS
server daemon, /usr/lib/nfs/nfsd, on the server gets the request (along with the
resource's file handle) and performs the file operation. It then returns any data
to the requesting process on the client.

The server daemons are started from the /etc/init.d/nfs .server script. The
nfs.server script also defines the maximum number of nfsd threads that can be
started.

If a system has entries in its /etc/dfs/dfstab file, these server daemons are
started when the system enters run level 3.

Solaris Operating Environment System Administration I & II Page 396 of 563


Solaris SA 1 & 2 - Training Material

NFS Daemons on the Client and Server

Two other NFS daemons, /usr/lib/nfs/statd and /usr/lib/nfs/lockd run on both


the NFS servers and clients. These daemons are started automatically when a
system enters run level 2.

The two daemons work together to provide locking services in NFS. If the
server crashes, clients can quickly re-establish the connections to files they
were using. The server has a record of the clients that were using NFS. It
contacts each client to obtain the information about which files were in use to
allow continued operation. Doth daemons are started from the
/etc/init.d/nfs.client script, and typically do not require administrative
intervention.

NFS File Handles

File handles are client references that identify a unique file or directory on the
server. File handles encode the file's 'mode number, inode generation number,
and disk device number.

Once a client successfully completes an NFS mount request, an entry is made


in the /etc/rmtab file by the mountd daemon on the server. The /etc/rmtab file
contains a table of file systems that are remotely mounted by NFS clients. It
also contains a line entry for each remotely mounted file system. For example:

hostname:fsname

These line entries are removed from this file by the mountd command when it
is first started.

Stale entries can accumulate in this file for clients that have crashed, and could
hot send an unmount request. Removing these entries allows the client to
remount the resource.

Solaris Operating Environment System Administration I & II Page 397 of 563


Solaris SA 1 & 2 - Training Material

The NFS Server


The following commands and files are used in conjunction with the NFS
server.

The share Command

When the mountd daemon is running, use the /usr/sbin/share command to


make file resources available for mounting by remote systems.

Command Format

share [ -F FSType ] ( -o options ] ( -d description ] pathname

Options

The following options can be used with the share command:

• -F nfs

Specifies the file system type. This option is not typically required as nfs is
the default remote file system type.

Note - If you do not use the option -F fstypes, the system takes the file system
type from the first line of the /etc/dfs/fstype file.

• -o options

Controls a client's access to an NFS-shared resource.

• -d description

Describes the file resource being shared. This information is displayed by


the share command when used with no argument

• pathname

Specifies the resource to be shared.

Solaris Operating Environment System Administration I & II Page 398 of 563


Solaris SA 1 & 2 - Training Material

File Resource Staring

To share a file resource from the command line, execute the following:

# share -F nfs -o ro /usr/ snare /man

The share command writes information for all shared file resources to the /etc
/dfs/ share tab file. The file contains a table of the local resources shared.

If no argument is specified, the share command displays a list of all file


resources currently shared.

# share
/ usr/share/man
/export/ install

The /etc/dfs/dfstab File


The /etc/dfs/dfstab file gives the system administrator a method for the
automatic sharing of local file systems. Each line of the dfstab file consists of
a share command.

# cat /etc /dfs/dfstab


# Place share (1M) commands here for automatic execution
# on entering init state 3.
#
# issue the command ' /etc/ init.d/nfs. server start' to run the NFS
# daemon processes and the share commands, after adding the very
# first entry to this file.
#
# share [-F fstype | -o options] [-d "<text>"] <pathname> [resource]
# e.g.
# share -F nfs -o rw=engineering -d "home dirs" /export/home2
#

The contents of the /etc/dfs/dfstab file are executed when:

• The system enters run level 3.

• The superuser runs the shareall command. The NFS daemons must be
running.

• The superuser runs the /etc/init.d/nfs.server script (which contains a

Solaris Operating Environment System Administration I & II Page 399 of 563


Solaris SA 1 & 2 - Training Material

shareall command) with the start argument. This script starts the nfs server
daemons.

Note - If the nfs.server script does not find NFS entries in the /etc/dfs/dfstab
file, it exits without running the NFS daemons.

NFS Access Management

By default, NFS-mounted resources are available with read and write


privileges based on standard Solaris file permissions. Access decisions are
based, on a comparison of the DID of the client and the owner.

The following share command options restrict the read and write capabilities
for NFS clients and enable superuser access to a mounted resource.

• ro

Informs clients that the server accepts only read requests.

• rw

Allows the server to accept read and write requests from the client.

• root-client

Informs clients that the root user on the specified client system or systems
can perform superuser privileged requests on the shared resource.

• ro=access-list

Allows read requests from the specified access list.

• rw=access-list

Allows read and write requests from the specified access list.

- access-list:client1:client2
Allows access based on a colon-separated list of one or more clients.

Solaris Operating Environment System Administration I & II Page 400 of 563


Solaris SA 1 & 2 - Training Material

- access-1ist=@network

Allows access based on a network number (for example,


0192.168.100) or network name (for example, &mynet.com). The
network name must be defined in /etc/networks.

- access-list = .domain

Allows access based on a DNS domain; the dot (.) identifies it as a


DNS domain.

- access-1ist = netgroup_name

Allows access based on a configured net group (NIS or NIS+ only).

- anon=n

Sets n to be the effective user ID of unknown users. By default,


unknown users are-given the effective user ID UID_NOBODY. If n is
set to -1, access is denied.

You can combine these options by separating each with commas, forming
intricate access restrictions.

Examples

# share -F nfs -o ro directory

This command line restricts access to NFS mounted resources to read-only


access.

# share -F nfs -o ro, rw=clientl directory

This command line restricts access to NFS-mounted resources to read-only


access; however, the NFS server accepts both read and write requests from the
client named clientl.

# share -F nfs -o root=client2 directory

This command line allows the root user on the client named client1:2 to have
superuser access to the NFS mounted resources.

# share -F nfs -o anon=0 directory

By setting the option anon=0, the G.U1D for access lo shared resources is set
to the U1D of the user who is accessing the shared resource.

Solaris Operating Environment System Administration I & II Page 401 of 563


Solaris SA 1 & 2 - Training Material

The unshare Command


The /usr/sbin/unshare command makes file resources unavailable for mounting
by remote systems. It reads the /etc/dfs/sharetab file.

Command Format

unshare [ -F nfs ] pathname

Options

The following options can be used with the unshare command:

• -F nfs

Specifies nfs as the file system type. This option is not typically required
because nfs is the default remote file system type.

• pathname

Specifies the path name of the file resource to be unshared.

The following example makes the resource unavailable for mounting:

# unshare /usr/share/man

Solaris Operating Environment System Administration I & II Page 402 of 563


Solaris SA 1 & 2 - Training Material

The shareall and unshareall Commands


Use the /usr/sbin/shareall and /usr/sbin/unshareall commands to share and
unshare alt NFS resources.

The shareall Command

Without any arguments, the shareall command shares all file resources listed
in the /etc/d£s/dfstab file.

shareall [ -F nfs ]

The unshareall Command

Without any arguments, the unshareall command unshares currently shared


file resources. It does this by reading the /etc/dfs/sharetab file.

unshareall [ -F nfs ] .

Solaris Operating Environment System Administration I & II Page 403 of 563


Solaris SA 1 & 2 - Training Material

Configuring the NFS File Server

To set up an NFS server, complete the following steps:

1. Edit the /etc/dfs/dfstab file and add those file resources to be


automatically shared whenever the system enters run level 3. For
example:

share -F nfs /usr/share/man

2. Start the NFS server daemons by invoking the following:

# /etc/init.d/nfs.server start

This shares the content? of the /etc/dfs/dfstab file.

Note - You can use the dfshares command to verify that the resources are
available.

Solaris Operating Environment System Administration I & II Page 404 of 563


Solaris SA 1 & 2 - Training Material

NFS Informational Commands

Use the following commands to get information about NFS resources.

The dfshares Command

The dfshares command displays the NFS resources currently being shared.

Command Format

dfshares [ -F nfs ] [ host ]

Without arguments, the dfshares command displays shared resources for the
local server.
# dfshares

RESOURCE SERVER ACCESS TRANSPORT


hostl:/usr/share/man hostl - - _

It is also used to display shared resources by a specified server name.

# dfshares host2
RESOURCE SERVER ACCESS TRANSPORT
host2:/export host2 - -

Solaris Operating Environment System Administration I & II Page 405 of 563


Solaris SA 1 & 2 - Training Material

The dfmounts Command

This command displays mounted resource information.

Command Format

dfmounts [ -F nfs ]

Without arguments, the dfmounts command displays the shared resource and
clients mounting the resource for the local server.

# demounts

RESOURCE SERVER PATHNAME CLIENTS


- hostl /usr/share/man host5,hosc9

This command is also used to display mounted resource information for a


specified server name.

# dfmounts host2
RESOURCE SERVER PATHNAME CLIENTS
- host2 /export host5, host9

Solaris Operating Environment System Administration I & II Page 406 of 563


Solaris SA 1 & 2 - Training Material

The NFS Client

The following commands and files are used with the NFS client.

The mount Command

The /usr/sbin/mount command is used to attach either a local or remote file


resource to the file system hierarchy.

Command Format

mount [ -F nfs ] [ -o options ] server .-pathname mount_point

Options
The following options can be used with the mount command:

• -F nfs

Specifies nfs as the file system type. This option is not required because nfs is the default

remote file system type.

• -o options

Specifies a comma-separated list of file-system specific options, such as


rw, to mount the file resource as read, write, and ro to mount the file
resource read-only. (The default is rw.)

• server: pathname .

Specifics the name of the server and the path name of the remote file
resource; these are separated by a colon (:).

• mount_point

Specifies the path name of the mount point on the local system (which
must already exist).

Solaris Operating Environment System Administration I & II Page 407 of 563


Solaris SA 1 & 2 - Training Material

Accessing a Remote File Resource

Use the mount command to access a remote file resource. For example:

# mount hostl:/usr/share/man /usr/share/man

To mount a remote read-only file resource from the first-available host in a


comma-separated list of hosts, execute the following:

# mount -o ro hostl, host2,host3:/usr/share/man /usr/share/man

For file systems shared as read-only, if multiple hosts are named and the first
server in the list is down, the failover utility uses an alternative server in the
list to access files.

The /etc/ vfstab File


To have remote file resources mounted at boot time, enter the appropriate
entries in (he client's /etc/vfstab file. For example:

# device device mount. FS fsck mount mount


# to mount to fsck point type pass at boot options
#
hostl:/usr/share/man - /usr/share/man nfs - yes soft.bg

The fields in the /etc/vfstab file include:

• device to mount

The name of the server and the path name of the remote file resource;
these are separated by a colon (:).

• device to fsck

NFS resources are not checked from the client, because the file system is
not owned by the client. This field is always dash (-) for NFS resources.

• mount point

The default mount point for the file resource.

• FS type

Use nfs for NFS resources.

Solaris Operating Environment System Administration I & II Page 408 of 563


Solaris SA 1 & 2 - Training Material

• fsck pass

NFS resources are not checked from the client, because the file system is
not owned by the client. This field is always dash (-) for NFS resources.

• mount at boot

Either yes or no, which indicates whether the file resource should be,
mounted when the system enters run level 2 or when the mountall
command is issued, respectively.

• mount options

A comma-separated list of mount options.

• rw | ro

Specifies whether the resource is mounted as read write or read only. The
default is read write.

• bg|fg

If the first mount attempt fails, retry in the background or foreground. The
default is to retry in the foreground.

• soft | hard

During an NFS mount request, the soft option returns an error if the server
does not respond, then it continues boot. The hard option continues to retry
the mount until the server responds or the retry/timeout values are
exceeded. The default is a hard mount.

Note - Although soft or bg are not the default settings, combining these two
options usually results in the fastest client boot up when NFS mounting
problems arise.

• Intr/ nointr

Indicates keyboard interrupts to kill a process that is hung waiting for a


response on a hard-mounted file system. The default is intr.

Solaris Operating Environment System Administration I & II Page 409 of 563


Solaris SA 1 & 2 - Training Material

• Suid/nosuid

Indicates whether to enable setuid execution. The default enables setuid


execution.

• Timeout = n

Sets timeout to n tenths of a second. The default timeout is 11, measured in


one-tenth of a seconds (0.1 second) for User Datagram Protocol (UDP)
transports and 600 tenths of a second for TCP.

• retry=n

Sets the number of times to retry the mount operation. The default is
10,000 times.

• re trans -n

Sets the number of NFS retransmissions to n. The default is 5 for UDP.


For connection-oriented transports (such as TCP), this option has no effect.

Note - If the file resource is listed in the /etc/vfstab file, the superuser can
specify either server-.pathname or mount_point on the command line because
the mount command checks the /etc/vfstab file for more information.

Solaris Operating Environment System Administration I & II Page 410 of 563


Solaris SA 1 & 2 - Training Material

Recommended Mounting Options

Mounting a file system with the bg option indicates that if the server's mountd
does not respond, the system's attempt to remount the file system occurs in the
background. This prevents the remount from interruptions of other system
services.

When the file system is mounted, an NFS request waits die amount of time
indicated by the timeo field (tenths of a second) for a response. If no response
is received, the value in the timeo field is doubled and the request is retried.

When the retransmission times reach the value in the retrans field, a file
system mounted with the soft option returns an error. A file system mounted
with the hard option prints a warning message and continues to retry.

Table 6-1 lists the recommended mounting options for some commonly shared file resources.

Table 6-1 Mount Options

Read-write/ System Server


NFS File Resource Interrupt Security
Read-only Startup Crash
/usr ro £g hard nointr suid
/export /home rw bg hard intr nosuid
/opt/ home ro bg soft - nosuid

A Read-Only Director

The /usr file system contains operating system binaries. This essential file
system is mounted in the foreground, the booting process does not continue
until the mount is completed.

The NFS client hard mounts this directory. This means the client continues to
retry the mount request until the server responds.

Solaris Operating Environment System Administration I & II Page 411 of 563


Solaris SA 1 & 2 - Training Material

A Read-Write Directory
The /export/home directory is where the users' login directories are commonly
placed. A hard mount is recommended for all read-write (rw) file systems (for
example, users' home directories).

The nosuid option provides additional network security because the setuid
permissions on NFS resources are ignored.

A Read-Only Application Directory

Nonessential applications are commonly mounted as read only (ro) in the


background (bg) with a sole mount. The system continues to boot if the server
does not respond during boot. If the server crashes, the mount times out.

The umount Command


Use the /usr/sbin/umount command to detach either a local or remote file
resource from the file system hierarchy.

Command Format

umount server : pathname | mount_point

The command line can specify either server:pathname or mount_point.

# umount /usr/ share /man

Solaris Operating Environment System Administration I & II Page 412 of 563


Solaris SA 1 & 2 - Training Material

The mountall and umountall Commands

Use the /usr/sbin/mountall and /usr/sbin/umountall commands to mount and


unmount all file resources.

The mountall Command

Without any arguments, the /usr/sbin/mountall command mounts all file


resources listed in the /etc/vfstab file with a mount-at-boot value of yes.

To limit the action of this command to remote file resources, use the -r option.

Command Format

mountall -r [ -F nfs ]

The -F nfs option restricts the action of this command to NFS resources only.

# mountall -r

Solaris Operating Environment System Administration I & II Page 413 of 563


Solaris SA 1 & 2 - Training Material

The umountall Command

Without any arguments, the /usr/sbin/umountall command unmounts all


currently mounted file resources. To limit the action of this command to
remote file resources, use the -r option.

Note - root ( / ), /usr, /var, and all pseudo file systems are not unmounted.

Command format

Umountall -r [ -F nfs ]

# umountall -r

Option

The following option can be used with the umountall command:

• -F nfs

Specifies nfs as the file system type. This option is not required, because
nfs is the default remote file system type.

Solaris Operating Environment System Administration I & II Page 414 of 563


Solaris SA 1 & 2 - Training Material

The NFS Client Setup


To set up an NFS client, complete the following steps:

1. Use the /usr/sbin/df shares command to display a server's available


resources.

# dfshares hostl

RESOURCE SERVER ACCES TRANSPORT


hostl:/usr/share/man hostl - -

2. Use the /usr/sbin/mount command to access the remote file resource.

# mount hostl:/usr/share/man /usr/share/man

The /usr/share/man directory on the client is the mount point in the local
system's file hierarchy. This directory should be empty.

3. Once it has been determined that access to the manual pages located on
the remote server is no longer needed, you can unmount the remote file
resources from the client by using the /usr/sbin/umount command.

# umount /usr/share/man'

Occasionally, an attempt to unmount an NFS file system results in the


following error message:

nfs mount: /usr/share/man: is busy

This usually means that a user or program is accessing the resource.

Mounting Using the /etc/vf stab File


Edit the /etc/vfstab file to add an entry for the remote resource that is
automatically mounted whenever the system enters run level 3.

hostl: /usr/share/man - /usr/share/man nfs - yes ro,bg

Solaris Operating Environment System Administration I & II Page 415 of 563


Solaris SA 1 & 2 - Training Material

NFS Server Logging

A new feature in the Solaris Operating Environment is NFS server logging.


This feature records NFS reads and writes on the file system. The daemon,
nfslogd, provides this operational logging.

When NFS server logging is enabled, records of all NFS operations on the file
system are written into a buffer file by the kernel. This data includes a
timestamp, the client IP address, the DID of the requestor, the file handle of
the resource that is being accessed, and the type of operation that occurred.

The nfslogd daemon converts this raw data into ASCII records- that are stored
in ASCII log files. During the conversion, the IP addresses arc modified to
host names and the UIDs are modified to logins.

Mappings of file handles to path names is also handled by nfslogd. It keeps


track of these mappings in a file-handle- to-path mapping .table.

One mapping table exists for each tag identified in the /etc/nfs/nfslog.conf file.

The file handles are also converted into path names. The daemon keeps
track of the file handles and stores information in a separate file handle to path
name table, this way the path does not have to be re-identified each time a file
handle is accessed.

Note - It is important to keep the nfslogd daemon running, because there is no


tracking of changes to the mappings in the file_handle-to-path table if nfslogd
is turned off.

Solaris Operating Environment System Administration I & II Page 416 of 563


Solaris SA 1 & 2 - Training Material

Enabling NFS Server Logging


To enable nfs server logging, complete the following steps:

1. Become superuser.

2. Optional: Change the file system configuration settings.

In /etc/nfs/nfslog.conf, either edit the default settings for all file


systems by changing the data associated with the global tag or add a
new tag for the specific file system. If these changes are not needed, do
not edit this file.

3. Add entries for each file system to be shared using NFS server

Edit /etc/dfs/df stab and add one entry to the file for the file system that
is to have NFS server logging enabled.

You must enter the tag used with the log=tag option in
/etc/nfs/nfslog.conf

The following example uses the default settings in the global tag:

share -F nfs -o ro , iog=global /export/ftp

4. Check that the nfs service is running on the server.

If the nfs daemons are not running, issue the following commands to
kill and restart the nfs daemons.

# /etc/init .d/nfs . server stop


# /etc/init .d/nfs. server start

5. If the NFS daemons are already running, issue a command to share the
file system.

Once you add the entry to /etc/dfs/dfstab, the file,system can be shared
by either rebooting the system or by using the shareall command.
# shareall

If the NFS daemons were restarted earlier, you do not need to run this
command because the script runs the command.

Solaris Operating Environment System Administration I & II Page 417 of 563


Solaris SA 1 & 2 - Training Material

6, Verify that the information is correct. .

Run the share command to check that the correct options are listed:

# share

- /export/share/man ro “”
- /usr/src rw=eng “”
- /export/ftp ro, log=global ""

7. Start the NFS log daemon, nfslogd, if it is not running already.

# /usr/lib/nfs/nfslogd

This step is not necessary if you restarted the nfs daemons using the nfs. server
script, because this script also starts this dacrnon if the /etc/nfs/nfslog .conf file
exists.

The / etc/nfs/nfslog. conf File

This file defines the path, file names, and type of logging to be used b; nfslogd
Each definition is associated with a tag.

Starting NFS server logging requires that you identify the tag for each file
system. The global tag defines the default values.

The following is an example of an original nfslog .conf file:

# cat /etc/nfs/nfslog.conf
# ident "@(#)nfslog.conf 1.5 99/02/21 SMI"
#
#

# NFS server log configuration file.


#
<tag> [ defaultdir=<dir_path> ] \
[ log=<logfile_jDath> ] [ stable=<table_path> ] \
[ buffer=<bufferfile_path> ] [ log format=basicl extended ]
#

global defaultdir=/var/nfs \
log=nfslog fhtable=fhtable buffer=nfslog_workbu£fer

Solaris Operating Environment System Administration I & II Page 418 of 563


Solaris SA 1 & 2 - Training Material

Use the following parameters with each tag, as needed:

• defaultdir=path

Specifies the default directory path for the logging files.

• log=path/ filename

Sets the path and file name for the log files.

• fhtable=path/ filename

Selects the path and file name for the file_handle-to-path database files.

• buffer=path/ filename

Determines the path and file name for the buffer files.

• logformat=basic| extended

Selects the format to be used when creating user-readable log files. The
basic format produces a log file similar to some ttpd daemons. The
extended format gives a more detailed view.

For the parameters that can specify both the path and the file name, if the path
is not specified, the path defined by defaultdir is used. Also, you can override
defaultdir by using an absolute path.

To make identifying the files easier, place the files in separate directories. For
example,

# cat /etc/nfs/nfslog.conf
# ident "@ (#) nfslog.conf 1.5 99/02/21 SMI
# NFS server log configuration file.
#

global defaultdir=/var/nf s \
log=nfslog fhtable=fhtable buffer=nfslog_workbuffer
publicftp log=logs/nfslog fhtable=fh/fhtables buffer=buffers/workbuffer

You must create the directories for logs, fh, and buffers before starting NFS
server logging.

Solaris Operating Environment System Administration I & II Page 419 of 563


Solaris SA 1 & 2 - Training Material

In this example, any file system shared with log=publicftp uses the following
values:

• The default directory is/var/nfs.

• The log files are stored in /var/nfs/logs/nfslog*.

• The file_handle-to-path database tables are stored in /var/nfsIfh/fhtables.

• The buffer files are stored in /var/nfs/buffers/workbuffer.

The /etc/default/nfslogd File


NFS operations on an NFS server are logged based on the configuration
information defined in /etc/default/nfslogd.

This file defines some of the parameters used when using NFS server logging.
These parameters include:

• MAX_LOGS_PRESERVE - Determines the number of log files to be


saved. The default value is 10.

• MINL_PROCESSING_SIZE - Sets the minimum number of bytes that the


buffer file must reach before processing and writing to the log file. The
default value for is 524288 bytes. Increasing this number can improve
performance by reducing the number of times the buffer file is processed.

This parameter, along with IDLE_TIME determines how often the buffer
file is processed.

• IDLEJTLME - Sets the number of seconds mat nfslogd should sleep


(wait) before checking for more information in the buffer file. It also
determines how often the configuration file is checked. The default
value is 300 seconds. Increasing this number can improve performance
by reducing the number of checks.

• CYCLE_FREQUENCY - Determines the number of hours that must


pass before the log files are cycled. The default value is 24 hours This
option is used to prevent the log files from growing too large

• UMASK - Specifies the permissions for the log files that are create by
nfslogd. The default value is 0137.

Summary of NFS Commands, Files, and Daemons

The main commands and files used on both the server and client systems are

Solaris Operating Environment System Administration I & II Page 420 of 563


Solaris SA 1 & 2 - Training Material

summarized in Table 6-2.

Table 6-2 Summary of NFS Commands, Files, and Daemons

NFS Server NFS Client

Commands share resource mount server : directory


unshare resource mount-point
shareall umount mount-point
unshareall mountall -r
dfmounts umountall -r.
/etc/init.d/nfs.server dfshares server
/etc/init.d/nfs.client

Files /etc/dfs/fstypes /etc/dfs/fstypes


/etc/dfs/dfstab /etc/vfstab
/etc/dfs/sharetab) /etc/mnttab
/etc/rmtab
/etc/nfs/nfslog.conf
/etc/default/n£slogd
/etc/nfs/nfslogtab

Daemons /usr/lib/nfs/nfsd /usr/lib/nfs/statd


/usr/lib/nfs/mountd /usr/lib/nfs/lockd
/usr/lib/nfs/statd
/usr/lib/nfs/lockd
/usr/lib/nfs/nfslogd

Solaris Operating Environment System Administration I & II Page 421 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 20

AUTO FS

Objectives

Upon completion of this module, you should be able to:

• List the benefits of using the automount utility

• Describe the purpose of each of the types of autmount maps

• Configure the auto_master map to specify which direct, indirect and


special maps the automountd daemon reads

• Create the auto_direct map with the full path names and mount options for
automatically mounting remote file resources

• Modify the autohome map as an example of an indirect map providing a


consistent view of home directories across the network regardless of where
the user is logged in

Solaris Operating Environment System Administration I & II Page 422 of 563


Solaris SA 1 & 2 - Training Material

AutoFS Overview

The AutoFS file system enables you to do the following:

• Mount file systems on demand

• Unmount file systems automatically.

Note - Automountd resources remain mounted for as long as they are being
used. If no files or directories within the file system are accessed within a
specified time-out period, a file system unmount automatically occurs.

• Centralize the administration of AutoFS mounts through the use of a name


service.

• Have multiple mount resources for read-write file systems.

Solaris Operating Environment System Administration I & II Page 423 of 563


Solaris SA 1 & 2 - Training Material

AutoFS Components

AutoFS contains three components that work together on the client to


accomplish automatic mounting. These components include an AutoFS file
system, the automount command, and the automountd daemon.

Figure 7-1 AuloFS Components

The following list describes the components:

• The autofs file system's mount points are defined in automount: maps
located in the /etc directory on the client system. Once the autofs mount
points are set up, activity under the mount points can trigger file systems to
be -mounted under them. If automount is configured, the autof.s file
system monitors mount requests made on the client. If a mount request is
made for an autofs resource not currently mounted, autofs calls the
automountd daemon, which actually mounts the requested resource.

Solaris Operating Environment System Administration I & II Page 424 of 563


Solaris SA 1 & 2 - Training Material

• The automount command - The automount command, called at system


startup time, reads the master map file /etc/auto_master to create the initial
set of autofs mounts These autofs mounts are not automatically mounted at
startup time. They are points under which file systems are mounted on
demand.

• The automountd daemon - The automountd daemon is, started at boot time
from the /etc/init.d/autofs script and mounts file systems on demand.

Note - The automountd daemon is completely independent from the


automount command. Because of this separation, you can add, delete, or
change map information without having to stop and start the automountd
daemon process. However, the process might have to reread the maps.

Solaris Operating Environment System Administration I & II Page 425 of 563


Solaris SA 1 & 2 - Training Material

Automount Maps

The autofs files, called maps, identify the file system resources to be
automatically mounted. These map types include:

• Master map - Read by the automount command during boot up. This map
lists the other maps used for establishing the autofs file system.

• Direct map - Lists the mount points as absolute path names. This map
explicitly indicates the mount point on the client.

• Indirect map - Lists the mount points as relative path names. This map
uses a relative path to establish the mount point on the client

• Special - Provides access to entries in /etc/hosts or the Federated Naming


Service (FNS).

automount maps contain ASCII data files or NIS or NIS+ database files.
Together, these maps describe information similar to the information specified
in the /etc/vf stab file for remote file resources

Solaris Operating Environment System Administration I & II Page 426 of 563


Solaris SA 1 & 2 - Training Material

Master Maps

The auto_master file associates a mount point with a map. It is a master list
specifying all of the maps that autofs should check. Names of direct and
indirect maps listed here refer to files in /etc. The following example shows
what an auto_master file can contain:

# cat /etc/auto_master
# Master map for automount
#
+auto_master
/net -hosts -nosuid,nobrowse
/- auto_direct
/home / auto_home -nobrowse
/xfn -xfn

The following describes the fields in this example of a master map file:

mount_point The full path name of a directory. If the directory does


not exist, autofs creates one if possible.

Map-name The name of a direct or indirect map. These maps are


directions to mounting information.

mount-options The general options for the map. The mount


options are the same as those for standard NFS mounts.

Note - The plus (+) symbol at the beginning of the +auto_master line in this
file directs the automounter program to look at the NIS or NIS+ databases. If
this line is commented out, only the local files are used.

Solaris Operating Environment System Administration I & II Page 427 of 563


Solaris SA 1 & 2 - Training Material

Special Maps

There are two mount points for special maps listed in this /etc/auto_master
file. They identify the following:

• The -hosts map

This special map provides access to all resources shared by each NFS
server listed in the hosts database. You can obtain this information from
/etc/met/hosts, NIS, NIS+, or DNS. This is a default entry. Shared
resources associated with this map are mounted below /net/hostname.

• The -xfn map

This special map provides access to resources available through the


X/Open Federated Naming Service. Resources associated with this service
mount below /xfn.

Direct Map Entries

The /- entry in the example master map defines a mount point for direct maps.
This mount point is a pointer that informs the automount program that the full
path names are defined in the file specified by map name (/etc/auto_direct in
this example).

Note - This is not an entry in the default master map. It has been added here as
an example. The other entries in this example already exist in the auto master
file.

Note - A NIS or NIS+ auto_master map can have only one direct map entry.
An auto_master map that is a local file can have any number of entries.

Indirect Map Entries

The /net, /home, and /xfn entries define mount points for indirect maps. The
maps -hosts, auto_home, and -xfn list relative path names only. Indirect maps
get the initial path of the mount point from the master map.

Solaris Operating Environment System Administration I & II Page 428 of 563


Solaris SA 1 & 2 - Training Material

The Solaris 2.6 Operating Environment through Solaris Operating Environment releases
support browsing of indirect maps (and special maps) with the -browse option. This allows
all of the potential mount points to be visible, regardless of whether they are mounted. The -
nobrowse option disables the browsing of indirect maps. Therefore, in this example, the
/home automount point provides no browser functions for any directory other than those that
are currently mounted. The default for this option is -browse.

Solaris Operating Environment System Administration I & II Page 429 of 563


Solaris SA 1 & 2 - Training Material

Direct Maps
Direct maps specify the absolute path name of the mount point, the specific
options for this mount, and the shared resource to mount. For example:

# cat /etc/auto_direct
# Superuser-created direct map for automount
#
/apps/frame -ro.soft serverl: /export/framemaker, v4 .0
/opt/local -ro.soft server2:/export/unbundled
/usr/share/man -ro.soft servers,server4,server5: /usr/share/man

The following describes the syntax for direct maps:

key [ mount-options] location

• key - The full path name of the mount point for direct maps.

• options - The specific options for a given entry.

• location - The location of the file resource specified in server -.pathname


notation.

The following direct map entry specifies that the client mounts the
/usr/share/man directory as read only from tine servers servers, server4, or
servers, as available:

/usr/share/man -ro server3, server4, servers: /usr/share/man

This entry uses a special notation, a comma-separated list of servers, to specify


a powerful automounter feature—multiple locations for a file resource.

Note - The comma-separated list of servers automount feature works only with
servers that are sharing files as read-only.

The automountd command automatically mounts /usr/share/man as needed,


from server3, server4, or servers, with server proximity being the factor on
server selection. If the nearest server fails to respond within the prescribed
time-out period, the server with the next nearest proximity is selected.

Solaris Operating Environment System Administration I & II Page 430 of 563


Solaris SA 1 & 2 - Training Material

Indirect Maps
Indirect maps have relative paths in the key field. The first part of the path
name is specified in the master map. Indirect maps are useful when you want
to mount many remote file resources below a common directory.

The auto_home Indirect Map

The auto_home indirect map provides a consistent view of home directories


across the network, regardless of which system a user is currently logged in to.
For example,

# cat /etc/auto_home
# Home directory map for automounter
+auto_home
stevenu host5 : /export/ home /stevenu
johnnyd host6 : /export/home/ johnnyd
wkd serverl : /export/home/wkd

Note - The plus (+) symbol at the beginning of the +auto_home line in the file
directs the automounter to look at the NIS or NIS+ databases. If this line is
commented out, only the local files arc used.

The following describes the syntax for indirect maps:

key [ mount-options] location

• key - The path name of the mount point relative to the beginning of the
path name specified in the /etc/auto_master file.

• options -The specific options for a given entry.

• location -The location of the file resource specified in server: pathname


notation.

Solaris Operating Environment System Administration I & II Page 431 of 563


Solaris SA 1 & 2 - Training Material

The Substitution String for an Indirect Map

The following entry reduces die auto_home file to a single line. The use of
substitution characters specifies that for every login ID, the client remotely
mounts the /export/home/login ID directory from the NFS server serverl onto
the local mount point /home/loginlD.

serverl -. /export/home/k

This entry uses the wildcard character (*) to match any key; the substitution
character (&) at the end of the location specification is replaced with the
matched key field. This works only when all home directories are on a single
server (in this example, serverl).

Solaris Operating Environment System Administration I & II Page 432 of 563


Solaris SA 1 & 2 - Training Material

The automount Command

When making changes to the master map or creating a direct map, make the
change effective by running the automount command.

Command Format

automount [-t duration ] [-v ]

The following describes the automount command options.

• -t duration

Specifies a time, in seconds, that the file system remains mounted when not in
use. The default is 600 seconds (10 minutes).

• -v

Displays output as the automount command executes

You do not have to stop and restart the automountd daemon after making
changes to existing entries in either a direct or indirect map because it is
stateless. You can modify existing entries in both direct and indirect maps at
any time The new information is used when the automountd daemon next uses
the map entry to perform a mount.

You can modify the master map entries or add entries for new maps. However,
you must run the automount command to make these changes take effect.

A modification is a change to options or resources. A change to the key (the


mount point) or a completely new line is considered to be an added or deleted
entry or both.

Solaris Operating Environment System Administration I & II Page 433 of 563


Solaris SA 1 & 2 - Training Material

Use Table 7-1 to determine whether you should run (cr re-run) the automount
command.

Table 7-1 Using Automount Maps

Automount Run if Entry is Added or Run if Entry Modified


Deleted is

auto__master Yes Yes


direct map Yes No
indirect map No No

Note - There is no harm in running the automount command to rescan the


maps, even if it is not required.

Solaris Operating Environment System Administration I & II Page 434 of 563


Solaris SA 1 & 2 - Training Material

The Client autofs File System

The autofs file system is a kernel file system that supports automatic mounting
and unmounting. When you make a request to access a file system at an autofs
mount point, the following occurs:

1. The autofs file system intercepts the request.

2. The autofs file system sends a message to the automountd daemon for
the requested file system to be mounted.

3. The automountd daemon locates the file system information in a map


and performs the mount.

4. The autofs file system allows the Intercepted request to proceed.

5. The automountd daemon will unmount the file system after a period of
inactivity.

Note - Mounts managed through the autofs service should not be manually
mounted or unmounted. Even if the operation is successful, the autofs file
system does not check that the object has been unmounted/ resulting in
possible inconsistency. A reboot clears all of the autofs mount points. .

Multi-threaded autofs

The new autofs automount daemon is now fully multi-threaded. This enables
concurrent servicing of multiple.mount requests and increases reliability.

Solaris Operating Environment System Administration I & II Page 435 of 563


Solaris SA 1 & 2 - Training Material

Automount Administration

The following procedure describes how to set up remote access to a resource


in the Solaris Operating Environment that is located on an NFS server, using
the automountd daemon.

Setting up a Direct Map

This example demonstrates how to set up remote access to the man pages
located on an NFS server.

1. Edit the /etc/auto_master file to add a direct map entry.

# Master map for automounter


#.
+auto_master
/net -hosts -nosuid.nobrowse
/home auto_home -nobrowse
/- auto_direct
/xfn -xfn

2. Create a new file called /etc/auto_direct and add the following entry
for the directory you want to automount. Replace server with the host
name of your server.

/usr/share/man -ro server./usr/share/man

3. Make the changes effective.

# automount -v
automount: /usr/share/man mounted
automount: no unmounts

Solaris Operating Environment System Administration I & II Page 436 of 563


Solaris SA 1 & 2 - Training Material

Setting up an Indirect Map

Complete the following steps to set up an indirect map:

1. Edit the /etc/auto_master file. Add the patch directory and


map.

# Master map for automounter


#
+ auto_master
/net -hosts -nosuid, nobrowse
/home auto_home -nobrowse
/services auto_patch.
/xfn -xfn

2. Create an /etc/auto_patch map. Enter the patch directory name on the


client and the server pathname. The following example illustrates the
indirect map content.

# Patch directory map for automounter


#
patch serverl:/export/patch

3. Make the changes effective.

# automount -v

Solaris Operating Environment System Administration I & II Page 437 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 21

CACHE FS

Objectives
Upon completion of this module, you should be able to:

• Describe the CacheFS file system

• Use the appropriate commands to configure the CacheFS file system

• Use the appropriate commands to check the status and consistency of the
CacheFS file system

• Set up CacheFS file system logging

• Describe the steps necessary to perform a check of the CacheFS file system

• List the steps to dismantle and delete a CacheFS file system

Solaris Operating Environment System Administration I & II Page 438 of 563


Solaris SA 1 & 2 - Training Material

CacheFS File System

You can use the CacheFS file system to improve the performance of remote
file systems (such as NFS), or slow devices, such as CD-ROM drives.

Figure 8-1 CacheFS Diagram

When you enable the CacheFS file system, the data read from the remote file
system or CD-ROM is stored in a disk-based cache on the local system.
Subsequent read requests to the same data are fulfilled by the local cache,
which improves read performance.

Note - This has no effect on the NFS server; it affects only the client.

Solaris Operating Environment System Administration I & II Page 439 of 563


Solaris SA 1 & 2 - Training Material

Solaris Operating Environment System Administration I & II Page 440 of 563


Solaris SA 1 & 2 - Training Material

3. Mount the remote file system and implement a CacheFS file .


system.

# mount -F cachefs -o backfstype=nfs, cachedir=/cache/cache0, \ cacheid=data_cache hostl:


/export/data /data

• The remote resource is mounted as a CacheFS file system.

• The source file system type (backfstype) is nfs.

• You must specify the cachedir.

• The cacheid is optional, but it can provide a convenient user-


defined label lo identify this CacheFS mount for subsequent
administration commands.

• The remote resource is hostl: /export/data and local users 'l


access it through the /data mount point.

4. Use the mount: command (o verify the mount.

# mount

/ on /dev/dsk/c0t0d0s0 read/write/setuid/larciefiles on Thu May 11


15:55:34 2000
/proc on /proc read/write/setuid on Thu May 11 15:55:34 2000
/dev/fd on fd read/write/setuid on Thu May 11 15:55:34 2000
/tmp on swap read/write on Thu Hay 11 15:55:35 2000

/data on /cache/cache0/ .cfs_mnt_points/hostl :_export_data


backfstype=nfs/cachedir-/'cache/cacheO/cacheid-data_cache on Thu l-lay 11
06:38:43 2000

You could automate (his mount by adding a line similar lo the following to the
/etc/vfstab file:

hostl:/export/data - /data cachefs - yes


backfstype=nfs, cachedir=/cache/cacheO,cacheid=data_cache

The cache is now used when local users access the resource through the local
/data mount point.

Solaris Operating Environment System Administration I & II Page 441 of 563


Solaris SA 1 & 2 - Training Material

Cache FS Cache Directory Details

Figure 8-3 illustrates areas of the underlying cache directory hierarchy:

cache

cache0

(Link)
0000000000049071 data_cache .cfs_mnt points
(Cached data)

hostl: _export_data

Figure 8-3 CacheFS Cache Directory Structure

The following describes the cache directory hierarchy:

• For each CacheFS file system being cached in the cache directory, an entry
is made in the .cfs_mnt_points directory.

• If you specify a cache ID string when the CacheFS file system is mounted,
this string becomes a symbolic link to the cache data for that file system.

• Local users access the cached data through the local /data mount point.

Solaris Operating Environment System Administration I & II Page 442 of 563


Solaris SA 1 & 2 - Training Material

Using Cache FS Terminology

The following terms are used when discussing the CacheFS file system:

• Back file system - The original disk-based, network-based, or CD- ROM-


based file system that is mounted as a CacheFS file system and cached.

• Front file system - The mounted file system that is cached and accessed by
the user through the local mount point.

• Consistency -Refers to the state of synchronization between the back and


front file systems,

Using CacheFS File System Commands

You have the following commands available for administering a CacheFS file
system:

• cfsadmin - This command administers the disk space for the cached file
system. This includes creating, deleting, and listing the contents of the
cache.

• cachefsstat - This command provides statistics on cache usage.

• cachef slog - This command establishes a login procedure for the cache.

• cachefswssize - This command helps determine the working set sizes for
CacheFS file systems so that the cache area can be properly sized. This
functions only if CacheFS logging is enabled.

Solaris Operating Environment System Administration I & II Page 443 of 563


Solaris SA 1 & 2 - Training Material

Creating a CacheFS File System

Setting up a CacheFS file system is basically a three-step procedure, illustrated


in Figure 8-2.

Create cache
(cfsadmin)

Create mount_poinl
(mkdir)

Mount cachcFS
(mount -F cachefs)

Figure 8-2 Setting up a CacheFS File System

This example procedure assumes that & file system (/export/data) on a remote
system (hostl) IS available to the local system. Tine local system mounts the
resource and caches it.

Note - All commands are executed on the local system.

To set up a CacheFS file system, perform the following steps:

1. Create a cache using the following command:

# cfsadmin -c /cache/cache0

2. If one does not already exist, create a local mount point in preparation
for mounting the remote file system.

# mkdir /data

Solaris Operating Environment System Administration I & II Page 444 of 563


Solaris SA 1 & 2 - Training Material

Cache FS Statistics and Consistency Checking

To view CacheFS file system statistics you can use the cachefsstat: command.
To check consistency, use the cfsadmin command.

The cachefsstat Command

You use cachefsstat command to display cache statistics. It displays


information that describes the effectiveness of your cache.

The following output shows statistics for a newly created cache:

# cachefsstat /data

/data
cache hit rate: 100% ( 8 hits, 0 misses)
consistency checks: 24 (24 pass, 0 fail)
modifies: 0
garbage collection: 0

By default, automatic cache consistency is enabled. The files in the cache are
checked against the originals in the back file system (on the server) and
updates are performed on the client's front file system. The pass value (24 in
this example) indicates the number of consistency checks performed. The fail
value (0 here) indicates the number of updates that have been performed.

The value in the hit rate indicates the efficiency of the cache. The hits indicate
the instances when the cached file was used and access to the original file
avoided. The miss value indicates when there was not a cached copy of the file
and the back file system copy was accessed.

To collect status over a specific period of time, you can first zero the cachefs
counters. To zero all cachefs counters, use the following command:

# cachefsstat -z

Solaris Operating Environment System Administration I & II Page 445 of 563


Solaris SA 1 & 2 - Training Material

The dernandconst Option

You can disable the automatic consistency checks by using the demandconst
option for the mount command (see the mount_cachefs(l) man page for more
information). This should be done only when the back file system is static or
the back and front file systems do not need to be synchronized. For example, if
the back file system is a read-only file system on a CD-ROM, there is no need
to enable consistency checking.

The cfsadmin Command

If automatic consistency checking is disabled by using the demandconst


option, the following cfsadmin command manually invokes a consistency
check and performs any necessary updates:

# cfsadmin -s /data

Solaris Operating Environment System Administration I & II Page 446 of 563


Solaris SA 1 & 2 - Training Material

Enhancing CacheFS File System Caching

You can have additional control of the caching mechanism for CacheFS file
systems by doing the following:

• Set the number of data blocks used by the cache as a percentage of the
front file system. Refer to the cfsadmin(lM) man page for details.

Note - these percentages can be enforced only if the CacheFS file subsystem is
given exclusive access to the front file system.

• Set the minimum and maximum number of files that the CacheFS file
system can use as a percentage of the files in the front file system.

The following display of cache statistics shows the default values:

# cfsadmin-1 /cache/cache0
cfsadmin: list cache FS information
maxblocks 90%
minblocks 0%
threshblocks 85%
maxfiles 90%
minfiles 0%
threshfiles 85%
maxfilesize 3MB
data_cache

where:

• maxblocks - Maximum amount of storage space that CacheFS can use,


expressed as a percentage of the total number of blocks in the front file
system.

• minblocks - Minimum amount of storage space (expressed as a percentage


of the total number of blocks in the front file system) that CacheFS is
always allowed to use without limitation by its internal control
mechanisms.

• threshblocks - A percentage of the total blocks in the front file system


beyond which Cache-FS cannot claim resources once its block usage has

Solaris Operating Environment System Administration I & II Page 447 of 563


Solaris SA 1 & 2 - Training Material

reached the level specified by minblocks.

• maxfiles - Maximum number of files that CacheFS can use, expressed as a


percentage of the total number of inodes in the front file system.

• minfiles - Minimum number of files (expressed as a percentage of the total


number of inodes in the front file system) that CacheFS is always allowed
to use without limitation by its internal control mechanisms.

• threshfiles - A percentage of the total inodes in the front file system


beyond which CacheFS cannot claim inodes once its usage has reached the
level specified by mint lies.

• maxfilesize - Largest file size (expressed in Mbytes) that CacheFS is


allowed to cache.

These parameters are specified with the -o option, with multiple parameters
separated by commas. Refer to the cfsadmin(1M) man page for more details.

You can change these parameters only when you create 'the cache.

Solaris Operating Environment System Administration I & II Page 448 of 563


Solaris SA 1 & 2 - Training Material

Sizing the Cache

You use the cachefswssize command to determine the current size of the data
in the cache. This includes the amount of cache space needed for each file
system that was mounted under the cache, as well as a total. Before using the
cache fswssize command, you must enable cachefs logging. Before you enable
the cachefs logging, you must create the directory for the log files.

# mkdir /var/cachelogs

The following command creates and begins a cachets log:

# cachef slog -f /var/cachelogs /data, log /data


/var/cachelogs/data.log: /data

In the previous command, a cache log called


/var/cachelogs/date. log was created for the CacheFS file system
mounted locally as /data.

You can change the cache log at any time. The following command is an
example of changing the log file to:
/var/cachelogs/date_new.log:

# cachefslog -f /vax/cachelogs/dsta_new_062100.1og /data


/var/cachelogs/data_new_062100.1og: /data

At any time, you can determine the current log file. The following is a sample
command that describes how to do this:

# cachefslog /data
/var/cachelogs/data_new_062100.1og: /data

You can stop and verify logging using the following commands:

# cachefslog -h /data
not logged: /data
# cachefslog /data
not legged: /data

Solaris Operating Environment System Administration I & II Page 449 of 563


Solaris SA 1 & 2 - Training Material

Once you enable logging, you can check the size of the cache

# cachefswssize /vax/cachelogs/data, log

total for cache


initial size: 4256k
end size: 511k
high water size: 511k

Solaris Operating Environment System Administration I & II Page 450 of 563


Solaris SA 1 & 2 - Training Material

Cache FS File System Integrity

You use the fsck(lM) command to check and repair the integrity of file
systems.

To check the integrity of the CacheFS file system, perform the following
steps:

1. Unmount the CacheFS file system before invoking the fsck command.

# mount /data

2. Use the following command to check and repair the CacheFS file
system:

# fsck -F cachets -o noclcan /cache/cached

The -F option informs the fsck command that the type of file system to check
is the CacheFS file system type. The -o nod can option is used to force fsck to
perform a check even if it determines that a check is not necessary.

3. Use the mount command to enable access to the repaired CacheFS file,
system.

# mount -F cachefs -o backfstype=nfs,cachedir=/cache/cache0, \


cacheid=data_cache host1:/export/data /data

Solaris Operating Environment System Administration I & II Page 451 of 563


Solaris SA 1 & 2 - Training Material

Dismantling a Cache FS File System

Implementing a CacheFS file system can be an interim measure for enhancing


performance. You can delete a CacheFS file system and recreate it at a later
time.

Note - Deleting a CacheFS file system (that is, deleting its cached copy) has
no effect on the original back file system.

You can mount more than one back file system as a CacheFS file system and
cache it in the same caching directory. You can dismantle one CacheFS file
system, leaving others intact. You can also dismantle all the CacheFS file
systems in the caching directory.

To dismantle a CacheFS file system, perform the following steps:

1. If necessary, warn users that their access to the CacheFS file system
will be interrupted.

2. Determine the cache ID for the CacheFS file system you intend to
delete. The ID string is located in the last line of the output of the
following command. The remainder of the output is covered later in
this module.

# cfsadmin -1 /cache/cache0
cfsadmin: list cache FS information
maxblocks 90%
minblocks 0%
threshblocks 85%
maxtiles 90%
minfiles 0%
thresh file 85%
maxfilesize 3MB
data cache .

3. Unmount all CacheFS file systems that share the same cache directory
with the one you intend to delete. The examples in this module use only
one cache directory, so the command is

# umount: /data

Solaris Operating Environment System Administration I & II Page 452 of 563


Solaris SA 1 & 2 - Training Material

4. Delete the CacheFS file system.

# cfsadmin -d data_cache /cache/cache0

Note -To delete all CacheFS file systems in the cache directory, use the
cfsadmin -d all command.

5. If some CacheFS file systems remain after others are deleted, use the
fsck command to correct the resource counts in the cache directory.

# fsck -F cachefs -o noclean /cache/cached

6. Remount the remaining CacheFS file systems.

Solaris Operating Environment System Administration I & II Page 453 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 22

NAMING SERVICES OVERVIEW

Objectives

Upon completion of this module, you should be able to:

• Describe the concept of a naming service

• List the available naming services

• Compare the functionality of naming services

• Describe the name service switch process and determine which


configuration is appropriate for your network

Solaris Operating Environment System Administration I & II Page 454 of 563


Solaris SA 1 & 2 - Training Material

Name Services Overview

The name service concept centralizes the shared information in your network. A single machine, the name
server, maintains the information previously maintained on each individual host. The name servers provide
information, such as host names and IP addresses user names, passwords, and automount maps.

Other hosts in your network, clients, request the information from the name
server. This name server system responds to clients, and translates or resolves
their requests from its memory-based (cached) or disk database(s).

Figure 11-1 Overview of Name Service Functionality

Solaris Operating Environment System Administration I & II Page 455 of 563


Solaris SA 1 & 2 - Training Material

The name service concept provides:

• Ease of management:

¾ Single point of administration

¾ Consistent information

¾ Uniform view of network

• Immediate reflection of changes to all clients

• Assurance that clients do not miss updates

In a file-based scheme, updates received using ftp or copied in some way


to client machines could be missed if a host were do\vi or off the network
when the changes were propagated.

• Secondary servers prevent a single point of failure

While a single master server is all that is required, the name service
scheme allows for the creation of secondary servers (sometimes referred to
as slaves or replicas). These secondary servers maintain a copy of the
master's database, receive changes and updates to the database from the
master, and participate in client resolution. As such, they not only
overcome a single point o failure, but also play a role in increased network
performance.

Available Name Services

Some common name service solutions address specific needs or architectures,


as follows:

• Domain Name Service (DNS) - This name service is used within n TCP/IP
network to translate host names to their associated IP addresses.

• Network Information Service (NIS) - This name service provides a


centralized lookup for LAN resources, such as user accounts, host names
and addresses, services, automount maps, and other key files that would
otherwise be needed on each host of the LAN.

Solaris Operating Environment System Administration I & II Page 456 of 563


Solaris SA 1 & 2 - Training Material

• Network Information Service Plus (NIS+) - This name service provides a


centralized lookup location for LAN resources. However, NIS+ is greatly
expanded to support today's intranet with the features of a hierarchical
naming structure, distributed administration, built-in security
authentication, and cross-domain lookups.

• Lightweight Directory Access Protocol (LDAP) - This name service


extends the naming services with a directory service. While a naming
service allows you to look up an object given its name, a directory service
also allows these objects to have attributes. Therefore, in addition to
lookup, you can also get the attributes for these objects or search for
objects given their attributes. LDAP is only one implementation of a
directory service.

Solaris Operating Environment System Administration I & II Page 457 of 563


Solaris SA 1 & 2 - Training Material

DNS Overview

The DNS is application software that primarily provides for the distributed
administration of IP addresses throughout the Internet. It also does the
following:

• It enables local administrators to maintain information about their own


local hosts and enables them to share this information with others
throughout the Internet,

• It is commonly implemented by the Berkeley Internet Name Domain


(BIND)) software developed at the University of California at Berkeley.
Sun uses aport of the BIND software.

You can use DNS to resolve host name and IP address requests on the intranet.
If you connect your network to the Internet, you must use DNS because it is
the name service used to resolve host name and IP address requests, and
organize the millions of hosts and domains, on the Internet.

A domain is a collection of network hosts that share some common


information. DNS domain names are dot-notated, and the names of hosts
within the domain include the host name plus the domain name. For example,
the host merton in the domain sun . com would be known to other systems,
outside of the domain, as merton. sun. com.

All hosts known to DNS are included within the DNS namespace. The DNS
namespace is divided into hierarchical domains. The namespace begins with
the root (.) domain and includes all subdomains. Figure 11-2 on page 11-6
shows several top-level domains.

Solaris Operating Environment System Administration I & II Page 458 of 563


Solaris SA 1 & 2 - Training Material

Figure 11-2 Top-Level Domains

The DNS nsswitch Template

The nsswitch template file for DNS .is in /etc/nsswitch.dns, and the keyword
is dns.

Top-Level Domains

The top-level domains are administered by Network Solutions, the NS1


registry. Administration of the lower-level domains is delegated to the various
organizations that are a part of the Internet.

The top-level domain you choose can depend on which one best suits the
needs of your organization. Large organizations tend to use the organizational
domains while small organizations or individuals often , choose to use a
country code.

Solaris Operating Environment System Administration I & II Page 459 of 563


Solaris SA 1 & 2 - Training Material

Network Information Service Overview

NIS focuses on making network administration more manageable by


providing centralized control over a variety of network information. NIS
stores information about workstation names and addresses, users, the network
itself, and network services. This collection of network information is referred
to as the NIS namespace.

NIS Domains

NIS uses domains to arrange the machines, users, and networks in its
namespace. However, it does not use a domain hierarchy, therefore, an NIS
namespace is flat.

You cannot directly connect a NIS domain to the Internet using just NIS. However, organizations that want
to use NIS and also be connected to the Internet can combine NIS with DNS. You can use NIS to manage
all local information and use DNS for Internet host lookup. NIS provides a forwarding service that forwards
host lookups to DNS if the "information cannot be found in a NIS map. The Solaris Operating Environment
also allows you to set up the nsswitch, conf file so that lookup requests from hosts go only to DNS, or to
DNS and then NIS if the requests are not found by DNS, or to NIS and then DNS if the requests are not
found by NIS.

Client-Server Arrangement

By running the NIS service, you can distribute administrative database maps
among a variety of servers (master and slaves) and update those databases
from a centralized location in an automatic and reliable fashion to ensure that
all clients share the same name service information in a consistent manner
throughout the network.

NIS Maps

NIS namespace information is stored in NIS maps. NIS maps were designed to
replace UNIX /etc files, as well as other configuration files, so they store more
than names and addresses. As a result, the namespace has a large set of maps.

NIS maps are database files created from source files in the /etc directory (or a
special directory you specify). The NIS domain maps typically include the
following files:

Solaris Operating Environment System Administration I & II Page 460 of 563


Solaris SA 1 & 2 - Training Material

• auto_home • networks
• auto_master • protocols
• bootparams • passwd
• ethers • rpc
• group • services
• hosts • aliases
• netgroup • timezone
• netmasks • IP nodes

Note - NIS administrators can also create custom maps for their Specific
network, environment needs.

The NIS nsswitch Template

The nsswitch template for NIS is /etc/nsswitch.nis and the keyword is nis.

Solaris Operating Environment System Administration I & II Page 461 of 563


Solaris SA 1 & 2 - Training Material

The NIS+ Environment

NIS+ enables you to store information about workstation addresses, security


information, mail information, Ethernet interfaces, printers, and network
services in locations where all workstations on a network can have access to it.

NIS+Namespace

The NIS+ namespace is dynamic because updates can occur and be put into
effect at any time by any authorized user.

The NIS+ namespace is hierarchical, and similar in structure to the DNS name
service. The hierarchical structure allows you to configure a NIS+ namespace
to conform to the logical hierarchy of an organization. The namespace's layout
of information is unrelated to its physical arrangement. Thus, you can divide a
NIS+ namespace into multiple domains that can be administered
autonomously. Clients can have access to information in other domains, in
addition to their own if they have the appropriate permissions.

Solaris Operating Environment System Administration I & II Page 462 of 563


Solaris SA 1 & 2 - Training Material

An Example of the NIS+ Hierarchical Namespace

A software company named Solar, Inc. (solar.com), with three divisions:


Engineering (eng), Sales (sales) and Finance (fin). Set up the NIS-f namespace
hierarchy illustrated in Figure 11-3. Each branch represents a domain. The
Engineering branch has subdomains for development and software.

solar.com.

eng.solar.cam sales.solar.com fin.solar.com

dev.eng.solar.com soft.eng.solar.com

Figure 11-3 NIS + Hierarchical Namespace

Solaris Operating Environment System Administration I & II Page 463 of 563


Solaris SA 1 & 2 - Training Material

NIS+ Tables

The objects controlled in N1S are maps, and the objects controlled in NIS+ are
tables.

Each NIS+ domain can contain the following table objects:

• auto_home • netgroup

• auto_master • netmasks

• bootpararas • networks

• client_info • passwd

• cred • protocols

• ethers • rpc

• group • sendmail

• hosts • services

• mail aliases • timezone

The NIS+ nsswitch Template

The nsswitch template for NIS+ is /etc/nsswitch.nispus and keyword is


nisplus.

Solaris Operating Environment System Administration I & II Page 464 of 563


Solaris SA 1 & 2 - Training Material

Lightweight Directory Access Protocol (LDAP) Overview .

The implementation of NIS within the Solaris Operating Environment


provided a mechanism for advertising (identifying and locating) network
objects and resources. Two major drawbacks are its flat structure (a single
domain) and the proprietary nature of the naming services.

NIS+ is an improvement to the NIS structure. NIS+ is built in a hierarchical


structure so that it more closely resembles the internal structure of an
organization and, therefore, it can access multiple domains (provided the
authorization and authentication features are properly enabled). However, like
NIS, NIS+ is somewhat proprietary (Every organization cannot access the
information).

These proprietary naming services are often decipherable only from within an
organization or group of organizations (and sometimes from within a
particular application), and they create islands of information that must
translate requests for information from the World Wide Web.

With the implementation of standardized directory services, an organization


can configure one or more servers to direct requests for information through
the organization to the appropriate servers.

A standardized directory service implies that all participating organizations


adhere to a common rule set for hierarchical naming structures, authorization
and authentication practices, and configuration of various other attributes.

The X.500 Directory Access Protocol (DAP) is one such standard; however,
when organizations attempt to implement it, many find it difficult, to
administer, and this becomes a barrier to the success of the directory server
concept as a whole. Additionally, implementation of the X.500 structure often
requires the power and resources of a UNIX system, thus putting up a barrier
to the world of personal computer users. It is readily apparent that an easier: to
administer, lighter weight protocol is needed, so more than 40 companies have
joined with Netscape and the University of Michigan to support a Lightweight
Directory Access Protocol (LDAP) as a proposed standard for Internet
directories.

Solaris Operating Environment System Administration I & II Page 465 of 563


Solaris SA 1 & 2 - Training Material

Common Uses of LDAP

LDAP is useful when you need a resource locator; however, it is practical only
in read-intensive environments where you do not need frequent updates. You
can use LDAP as a repository for the same information stored in NIS and
NIS+. The following lists some common uses:

• A resource locator for an online phone directory. Authorized users can


update it as necessary to maintain its accuracy. This eliminates the need
for a printed phone directory (which is outdated as soon as a change is
made following the printing).

Note - LDAP is useful for phone directories that are updated relatively
infrequently, but would be ineffective for sales transaction databases that
center around constantly updating data.

• The address book in most e-mail clients

• A repository of information for Web-based applications that support sales


and inventory-control processes. However, you must keep in mind that
heavy-transaction oriented sites are better suited to other relational
databases', which are suited to those applications.

• For automatically locating network resources. It provides a mechanism to


locate printers, file servers, and network services.

• To centralize network management. Instead of maintaining duplicate


information across many servers, the LDAP server is configured so that a
single director)' can be accessed by all applications.

• To tighten security. Authorization and authentication attributes can be


configured to control access to applications, resources, and modifications.

These are just a-few of the possibilities. The list is limited only by the
creativity of the administrators that implement LDAP.

LDAP applications are grouped three ways: LDAP used to locate network
users and resource?, those used to manage these resources, and those that
provide authentication and authorization security features.
The LDAP nsswitch Template
The nsswitch template for LDAP is /etc/nsswitch. ldap and the keyword is
ldap.

Solaris Operating Environment System Administration I & II Page 466 of 563


Solaris SA 1 & 2 - Training Material

Conclusion
Implementing LDAP as a Solaris naming service is not an easy task. Since LDAP provides a
general purpose directory, it is very flexible. However, with flexibility comes complexity.
While it does not make sense transitioning from NIS/NIS+ just for the sake of doing it, the
future benefits of a consolidated data store, makes it
worth exploring.

Solaris Operating Environment System Administration I & II Page 467 of 563


Solaris SA 1 & 2 - Training Material

The Name Service Switch

All Solaris Operating Environment workstations use


/etc/nsswitch.conf as the name service switch. The
/etc/nsswitch.conf file is used by the operating system for any network
information lookups. It is commonly referred to as the name, service switch
file. The /etc/nsswitch .conf file determines which sources of information your
system uses and the order in which those sources are used.

The nsswitch.conf Configuration Files


The Solaris.8 Operating Environment includes the following five templates for
the name service switch configuration file:

• /etc/nsswitch. files - The template name service switch file that, when
copied to the /etc/nsswitch.conf file, permits only searches of the local /etc
files.

• /etc/nsswitch .dns -The template name service switch file that, when
copied to the /etc/nsswitch.conf file, searches only the local /etc files for
all entries with the exception of the hosts entry. The hosts entry can be
directed to use DNS for lookup.

• /etc/nsswitch.nis -The template file that uses the NIS database as the
primary source of all information except the passwd, group, automount,
and aliases maps, which are directed to use the local /etc files first and then
the NIS databases. With the name service search order for the passwd and
group files established as the local files first followed by the NIS database,
there is no need for a plus (+) in the passwd file.

• /etc/nsswitch .nisplus - The template file that uses NIS+ as the primary
source for all information except the passwd, group, automount, and
aliases tables, which use the local /etc files first and, then the NIS+
databases.

• /etc/nsswitch . ldap - The template file that uses LDAP as the primary
source for all information except the passwd, group, automount, and
aliases tables, which use the local /etc files first and (hen the LDAP
databases.

Solaris Operating Environment System Administration I & II Page 468 of 563


Solaris SA 1 & 2 - Training Material

After determining which naming -service to use, you select the appropriate
template file; /etc/nsswitch. files, /etc/nsswitch.dns, /etc/nsswitch.nis,
/etc/nsswitch.nisplus, or /etc/nsswitch. ldap and copies it to /etc/nsswitch.conf.

The /etc/nsswitch.nis Template

The following example is the default /etc/nsswitch.nis file (which references


name service resolution provided by NIS) that is provided with the installation
of the Solaris Operating Environment software:

#
# /etc/nsswitch.nis:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# uses NIS (YP) in conjunction with files.
#
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a “-" for nametoaddr_libs of "inet" transports, jade!7

# the following two lines obviate the “+" entry in /etc/passwd and
/etc/group.
passwd: files nis
group: files nis

# consult /etc "files" only if nis is down.


hosts: nis [NOTFOUND=return] files
ip nodes: files
# Uncomment the following line and connvent out the above to resolve
# both IPv4 end IPv6 addresses from the ipnodes databases. Note that
# IPv4 addresses are searched in all of the ipnodes databases before
# searching the hosts databases. Before turning this option on, consult
#the Network Administration Guide for more details on using IPv6.
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis (NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis (NOTFOUND=return) files
publickey: nis [NOTFOUND=return] files

netgroup: nis

automount: files nis

Solaris Operating Environment System Administration I & II Page 469 of 563


Solaris SA 1 & 2 - Training Material

aliases: files nis

# for efficient getservbyname() avoid nis

services: files nis


sendmailars: files
printers: user files nis

auth_attr: files nis


prof_attr: files nis

This example /etc/nsswitch.nis file identifies NIS as the only source of data for
hosts, netgroup, and netmasks entries. Alternatively, the lines for passwd,
group, and automount have files followed by nis. This indicates that the
system uses the local files first and the NIS database second for lookups.

If you are using-NIS as the naming service, copy the /etc/nsswitch.nis file to
the /etc/nsswitch.conf file.

Solaris Operating Environment System Administration I & II Page 470 of 563


Solaris SA 1 & 2 - Training Material

Modification of the /etc/nsswitch.conf File


After copying the appropriate template file to /etc/nsswitch.conf, you might
have to modify the file to enable the operating system to access network
information. For example, to enable hosts to be resolved using local files first,
DNS second, and NIS third, the line for hosts would appear as follows:

hosts: files dns nis

Conversely, to restrict login access to only those users with local accounts,
you can remove nis from the line for passed as in this example:

passwd: files

The name service switch file contains a list of over 19 databases, their name
service sources for resolution, and the order in which these sources are
searched. As shown in Table 11-1, one or more sources from this list can be
specified for each database.

Table 11-1 Database Sources

Source Description

files Refers to the client's local /etc files

nisplus Refers to an NIS+table

nis Refers to an NIS map

user Applies to the printers entry,

dns Applies only to the hosts entry

ldap Refers to a Directory Information Tree (D1T)

compat Supports an old-style "+" syntax for passwd


and group information

Solaris Operating Environment System Administration I & II Page 471 of 563


Solaris SA 1 & 2 - Training Material

Name Service Switch Status and Action Values

Suppose the default /etc/nsswitch.nis file shown on page 11-16 was copied to
the /etc/nsswitch.conf file. The name service switch now presents some action
values for several of the entries. The naming service search for resolution from
the source specified returns a status code that presents an appropriate value in
response to the user requesting NIS information. Table 11-2 describes these
status codes.

Table 11-2 Name Service Search Return Status Codes

Status Code Description

SUCCESS Requested entry was found

UN AVAIL Source was unavailable

NOTFOUND Source contains no such entry

TRYAGAIN Source resumed "I am busy, try later" message

Actions

For each status code, two actions are possible. Table 11-3 describes these
actions.

Table 11-3 Status Code Actions

Action Description

continue Try the next source

return Slop looking for the entry

The default actions are

• SUCCESS = return

• UNAVAIL = continue

• NOTFOUND = continue

• TRYAGAIN = continue

Solaris Operating Environment System Administration I & II Page 472 of 563


Solaris SA 1 & 2 - Training Material

The following entry assumes that the NIS name service is running, the syntax
for this entry means that only the NIS hosts table is searched. If a NIS server
has no map entry for a host lookup, the system would not reference the local
files. Remove the [NOTFOUND=return] entry if you want to search the NIS
hosts table and the local hosts file.

hosts: nis [NOTFOUND=return] files

Table 11-4 shows the naming service features.

Table 11-4 Naming Service Features

Files NIS NIS+ DNS LDAP

Intended Small local LAN Multiple LAN WAN LAN WAN


Scope (Best network LANs
fit) LAN
Name Flat Flat Hierarchical Hierarchical Hierarchical
space
Template for nsswitch . nsswitch .nis nsswitch . nsswitch . dns nsswitch . ldap
nsswitch. files nisplus
conf

Object that File Map Table Zone files Directory '


stores information
information tree (DIT)

Solaris Operating Environment System Administration I & II Page 473 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 23

NETWORK INFORMATION SERVICE (NIS )

Objectives
Upon completion of this module, you should be able to:

• Describe the NIS components, master server, slave server, and client, and
the NIS processes

• Configure an NIS master, slave, and client

• List tine steps to add a new NIS map

• Use commands to update and propagate an NIS map

Solaris Operating Environment System Administration I & II Page 474 of 563


Solaris SA 1 & 2 - Training Material

Introduction to NIS Concepts

NIS enables the creation of server systems that act as central repositories for
several of the administrative files found on UNIX systems. The benefits of
NIS include:

• Centralized administration of files

• Better scaling of file administration as networks grow

As Figure 12-1 illustrates, NIS is organized into named administrative


domains. Within each domain exists one NIS master server, zero or more slave
servers, and one or more clients.

Client Figure 12-1 NIS Domains

NIS Master Server

Within each domain, the NIS master server.

• Contains the original /etc ASCII files used to build the NIS maps

• Contains the NIS maps generated from the ASCII files

• Provides a single point of control lo: the entire NIS domain

• Is easy to set up

Solaris Operating Environment System Administration I & II Page 475 of 563


Solaris SA 1 & 2 - Training Material

NTS Slave Servers

Within each domain, the NIS slave servers:

• Do not contain the original /etc ASCII files (which are used to build the
NIS maps)

• Contain copies of the NIS maps copied from the NIS master server

• Provide a backup repository for NIS map information

• Provide redundancy in case of server failures

• Provide load sharing on large networks

NIS Clients

Within each domain, ( NIS clients:

• Do not contain the original /etc ASCII files (which are used to build the
NIS maps)

• Do not contain any NIS maps

• Bind to the master server or a slave server to obtain access to the


administrative file information contained in that server's NIS maps

• Dynamically rebind to another server in case of server failure

• Make all appropriate system calls aware of NIS

Note - All hosts in the NIS environment are clients, including the NIS master
and slaves.

Solaris Operating Environment System Administration I & II Page 476 of 563


Solaris SA 1 & 2 - Training Material

NIS Processes

The two main processes involved in the running of an NIS domain are:

• ypserv - Rims on master and slave servers

• ypbind - Runs on master and slave servers, as well as client systems

There are three daemons that used in an NIS domain on the master server:

• rpc.yppasswdd

• ypxfrd

• rpc.ypupdated

Figure 12-2 illustrates a domain with these NIS processes arid daemons.

Figure 12-2 NIS Processes and Deamons

Solaris Operating Environment System Administration I & II Page 477 of 563


Solaris SA 1 & 2 - Training Material

Troubleshooting NFS Errors

You can discover most NFS problems through console messages or symptoms
on a client,

rpcbind Failure Error

Error Message

nfs mount: server:: RPC: Rpcbind failure


RFC: Timed Out
nfs mount: retrying: /mntpoint

This message is displayed on the client during the boot process or in response
to an explicit mount request. It indicates a problem accessing the server. This
error can occur due to the combination of an incorrect Internet address and a
correct host or node name in the hosts database file supporting the client node.

This error can also occur whenever the hosts database file supporting the client
is correctly specifying the server node, but the server node is extremely
overloaded, temporarily stopped, or crashed.

Solution

Complete the following step:

1. If the server node is operational, determine if the server is out of


critical resources (for example, memory, swap, or disk space).

Note - This example was caused by temporarily shutting down the server node
and then attempting (through the command line) to have it service an NFS
mount request from a client node.

Solaris Operating Environment System Administration I & II Page 478 of 563


Solaris SA 1 & 2 - Training Material

Server Not Responding Error

Error Message

NFS server server2 not responding, still trying

This message is displayed during the boot process or in response to an explicit


mount request and indicates a known server that is unreachable.

Solution

Complete die following steps:

1. Check to see if the network between the local system and the server is
down by using the ping command (ping server2).

2. Check to see if the server (server2) is down.

NFS Client Fails a Reboot Error

Error Condition

An NFS client fails a reboot without producing an error message.

This error condition is encountered whenever an administrator attempts to


restart an NFS client node using an init 6 or reboot command. The client
node correctly reboots up to the point where the system echoes:

Setting default interface for multicast: add net 224.0.0.0: gateway:


client_node_name.

The client node does not finish the proper boot sequence and does not generate
any error messages.

These symptoms arc consistent with a client requesting an NFS mount using
an entry in the /etc/vfstab file, which specifies a hard mount in the foreground
(the default option), to an NFS server that is not operational.

Solaris Operating Environment System Administration I & II Page 479 of 563


Solaris SA 1 & 2 - Training Material

Solution

Complete the following step:

1. If the NFS is available and failing:

a. Reset the failed client node and boot it in single-user mode.

b. Once in single-user mode, edit the /etc/vfstab file so that you


comment out the NFS mounts.

c. Continue with the boot cycle up to the default run level


(normally 3) by pressing Control-d

d. Using the information in the /etc/vfstab file, determine if all the


NFS servers are operational and functioning properly.

e. After you have determined which NFS server(s) have failed,


and you have resolved any outstanding problems with them,
remove the comments placed in the /etc/vfstab file.

Note - An alternative to adding the comments to the /etc/vfstab file entries can
be altering those entries to use the soft mount and background activation
options.

Stopped Server Error

Error Message

nfs mount: dbserver: NFS: Service not responding


nfs mount: retrying: /mntpoint

This message is displayed during the boot process or in response to an explicit


mount request and indicates a server that is reachable is not running the nfsd
server daemons.

Solaris Operating Environment System Administration I & II Page 480 of 563


Solaris SA 1 & 2 - Training Material

Solution

Complete the following steps:

1. Use the who -r command on the server to see if it is at run level 3. If it


is not, change to run level 3 using the init 3 command.

2. Use the ps -ef command on (lie server to check whether the nfsd
daemon and NFS server daemons are running. If they are not, start
them with the /etc/init.d/nfs.server script and the start keyword.

Program Not Registered Error

Error Message

nfs mount: dbserver: RPC: Program not registered


nfs mount: retrying: /mntpoint

This message is displayed during the boot process or in response to an explicit


mount request and indicates a server that is reachable is not running the
/usr/lib/nfs/mountd server daemon.

Solution

Complete the following steps:

1. Use the who -r command on the server to see if it is at run level 3. If it


is not, change to run level 3 using the init 3 command.

Note - If you used the shutdown command to bring the system down to the
single-user mode from run level 3, the who -r command might be disabled.
Rebooting the system re-enables the command.

2. Use the ps -ef command on the server to see if the mount daemon is
running. If it is not, start it by invoking the /etc/init .d/nfs server script
first with a stop flag and then with a start flag.

3. Chock or verify your /etc/dfstab entries.

Solaris Operating Environment System Administration I & II Page 481 of 563


Solaris SA 1 & 2 - Training Material

Stale File Handle Error

Error Message

stale NFS file handle

This message is displayed when a process attempts to access a remote file


resource and the file handle is out of date.

Solution

The file resource might have been moved on the server Complete the
following step:

1. Unmount and mount the resource again on the client.

Unknown Host Error

Error Message

nfs mount: server:: RPC: Unknown host

This message indicates that the host name of the server on the client is
missing, or not in the hosts table,

Solution

Complete the following step:

1. Determine if the host name in the hosts database supporting the client
node is correctly specified.

Note - This example has the node name server 1 misspelled.

Solaris Operating Environment System Administration I & II Page 482 of 563


Solaris SA 1 & 2 - Training Material

Mount Point Error

Error Message

mount: mount-point /DS9 does not exist.

This message is displayed during the boot process or in response to an explicit


mount request and indicates a nonexistent mount point.

Solution

Complete the following step:

1. Check that the mount point exists on the client and is spelled correctly
on the command line or in the /etc/vfstab file; or comment out the
entry and reboot.

No Such File Error

Error Message

No such, file or directory

This message is displayed during the boot process or in response to an explicit


mount request and indicates an unknown file resource name on the server.

Solution

Complete the following step:

1. Check that the directory exists on the server and is spelled correctly on
the command line or in the /etc/vfstab file.

Solaris Operating Environment System Administration I & II Page 483 of 563


Solaris SA 1 & 2 - Training Material

The ypserv Daemon


The ypserv daemon is a utility that

• Runs on master and slave servers

• Answers ypbind requests from clients

• Responds to client information requests

The ypbind Daemon


The ypbincl daemon is a process that:

• Runs on all NIS systems, servers as well as clients

• Makes initial client-to-server binding requests

• Stores binding information in the /vajr/yrVJ3ind.ing/domainriarne


directory

• Rebinds to another server if the connection is lost with the initial server

• Requests NIS map information at the library-call level

The rpc .yppasswd Daemon


The rpc.yppasswd;daemon is a process that:

• Allows users to change their passwords

• Updates the /etc/passwd and /etc/shadow files on the master server

• Updates the NIS password map

• Provides or "pushes" the NIS password map to all slave servers

Solaris Operating Environment System Administration I & II Page 484 of 563


Solaris SA 1 & 2 - Training Material

The ypxfrd Daemon

The ypxfrd daemon is a process that:

• Runs on the NIS master server only

• Responds to slave requests (using ypxfr) to pull the maps from the master

• Transfers NIS maps at high speed

The rpc .ypupdated Daemon

The rpc.ypupdated daemon is a process that:

• Runs on the NIS master server only

• Updates the publickey map if secure RPC is enabled

Solaris Operating Environment System Administration I & II Page 485 of 563


Solaris SA 1 & 2 - Training Material

The Structure of NIS Maps

NIS maps are located in the var/yp/domainname directory (where


domainname is the name of the NTS domain). There are two files (.pag and .
dir file) for each map in this directory.

NIS Maps Filenames

The syntax for the NIS maps is:

map. /cey.pag or map. key. dir

where:

• map - The base name of the map (hosts, passwd, and so on)

• key ~ The map's sort key (byname, byaddr, and so on)

• pag - The map's data

• dir - An index to the .pag file if the . pag file is large

The .dir file can be empty if the .pag file is small.

Solaris Operating Environment System Administration I & II Page 486 of 563


Solaris SA 1 & 2 - Training Material

Map Contents and Sort Keys

The contents of each map is a key and value pair. The key represents the data
used to perform the lookup in the map while the value represents the data
returned upon a successful lookup. Maps can be duplicated in the
/var/yp/domainname directory; they represent the results of the sorting of the
map's data based on different keys.

For example, the map /var/yp/domainname /hosts. Byaddr. Pag contains the
data for the hosts map indexed by host IP address. Similarly, the
/var/yp/domainname/hosts .byname pag map contains the same host data using
the host name as the lookup key. For the domain name training, the following
would be a list of the NIS map files for the hosts map:

• /var/yp/training/hosts. byname.pag

• /veor/yp/training/hosts.byname.dir

• /var/yp/training/hosts .byaddr .peg

• /var/yp/training/hosts, byaddr.dir

Commands to Read Maps

You can use two commands to read maps:

• ypcat [ -k } map - This command is similar to the cat file command

• ypmatch [ -k ] value map- This command is similar to the grep value


file command

Solaris Operating Environment System Administration I & II Page 487 of 563


Solaris SA 1 & 2 - Training Material

Generating NIS Maps

To generate NLS maps, you need the source files, which are located in either
the /etc directory on the master server or copied to an alternative directory.
You should not keep the source files in /etc because the contents of the maps
are then the same as the contents of the local files on the master server. This is
a special problem for passwd and shadow files, because ail users would have
access to the master server maps and the root password would be passed to all
YP clients through the passwd map.

If you choose to locate the source files in another directory, you must modify
the /var/yp/Makefile by changing the DIR=/etc line and the PWDIR=/etc line
to DIR=/your-choice and PWDIR=/your-choice, where your-choice is the
name of the directory you are using to store the source files. This enables you
to treat the local files on the server as if they were those of a client. (You
should first save a copy of the original Makefile.)

Solaris Operating Environment System Administration I & II Page 488 of 563


Solaris SA 1 & 2 - Training Material

The following is an excerpt from the default Makefile showing the variable
DIR and PWDIR sot' lo their default values:

# Copyright (c) 1998, by Sun Microsystems. Inc.


# All rights reserved.
#
# ident "@(#)Makefile 1-23 98/05/01 SMI"
#
# -----
# It is somewhat confusing to note that Solaris 2.x uses /etc/auto_master
# instead of the 4.x /etc/auto. master file name because of NIS+ treating a
# “.” in a special way.
#
# Set the following .variable to -"-b" to have NIS servers use the domain
name
# resolver for hosts not in the; current domain.
# B=-b
B=

DIR c=/etc
#
# If the passwd, shadow and/or adjunct files used by rpc.yppasswad
# live in 'directory other than /etc then you'll need to change the
# following line.
# DO NOT indent the line, however, since /etc/init.d/yp attempts
# to find' it with grep ""PWDIR" ...
#
PWDIR =/etc
DOM = ‘domainname’
NOPUSH = ""
ALIASES = /etc/mail /aliases
YPDIR=/usr/lib/netsvc/yp

Solaris Operating Environment System Administration I & II Page 489 of 563


Solaris SA 1 & 2 - Training Material

The ypinit Command and the NIS Makefile

The NIS maps are generated by the NIS configuration binary, /usr/sbin/ypinit,
and the make command. The ypinit command reads the /var/yp/Makef ile for
source file locations and converts ASCII source files into NIS maps.

Password Pile

For security reasons, and to prevent unauthorized root access, the files used to
build the NIS password maps should not contain an entry for root.

To do this, copy the files to an alternative directory and modifying the PWDIR
entry in the Makefile.

Figure 12-3 on page 12-12 shows the important files on the NIS master

Solaris Operating Environment System Administration I & II Page 490 of 563


Solaris SA 1 & 2 - Training Material

Configuring the NTS Master Server

To set up the NIS name service master server, perform the following steps:

1. Determine which machines within your network domain will be NIS


servers; there will be one NIS master and as many NIS slave as needed.
Typically, all systems within (he domain will be NIS clients.

Note - The NIS kit that was supplied with releases before the Solaris 2.6
Operating Environment is no longer provided. NIS is now part of the release
rather than a separate file.

2. Copy the /etc/nsswitch.nis file to /euc/nsswitch.conf and modify it, if


necessary.

3. Choose an NIS domain name. This is usually less than 32 characters in


length. (The maximum length is 256 characters.)

4. Execute the domainname command to set the local NIS domain.

5. Create an /etc/defaultdomain file with the domain name.

6. Make sure to maintain the format established by the original files, and
update the text files in the /etc directory (all of the files that are used
for NIS maps) on the master server with information about the domain.

Note - You can also copy the network information files to some other location
on the system and modify them there rather than modifying them in the /etc
directory.

7. Use the touch command to create zero-length files with the following
names: /etc/ethers, /etc/bootparams, /etc/locale,
/etc/timezone,/etc/netgroup and /etc/netmasks. These files are
necessary for the creation of the complete list of NIS maps as directed
in the Makefile. When you initialize NIS, you will receive error
messages for each of these files if they do not exist.

Solaris Operating Environment System Administration I & II Page 491 of 563


Solaris SA 1 & 2 - Training Material

8. Install an updated Makefile in /var/yp if you intend to use KMS on the


system that functions as your JumpStartTM server. This provides entries
that create a map for the /etc/locale file.

To create a Makefile that supports unassisted jumpStart installation capability,


make the following changes:

a. Add the following text after the existing time entries; all
beginning white space must be tabs:

locale.time: $(DIR)/locale

-@if [ -f $(DIR)/locale ]; then \


sed -e “/^#/d" -e s/ft.*$$// $(DIR)/locale \
| awk '{for (1=2; i<=NF; i++) print $$i, $$0)' \
I $(KAKEDBM) - $(YPDBDIR)/$ (DOM)/locale.byname; \
touch locale.time; \
echo "updated locale"; \
if [ ! $(NOPUSH) ]; then \
$.(YPPUSH) locale.byname; \
echo “pushed locale"; \
else \
:;\
fi \
else \
echo "couldn't find $(DIR)/locale"; \
fi

b. Append the word locale to the line beginning with the word all.

c. Add the following line after the

auto.home: auto.home, time entry:

locale: locale.time

9. Create or populate the file/etc/locale and make an entry for each


domain on your network using the following format

domainname locale

For example:

classroom.Central .Sun.COM en_US

Solaris Operating Environment System Administration I & II Page 492 of 563


Solaris SA 1 & 2 - Training Material

10. Edit the Makefile, and change every reference to the * .attr to
add the security subdirectory to the pathname, as follows:

$(DIR)/auth_attr
$(DIR)/exec_attr
$(DIR)/prof_attr
$(DIR)/audit_user

becomes:

$ (DIR)/security/auth_attr
$ (DIR)/security/exec_attr
$ (DIR)/security/prof_attr
$ (DIR)/security/audit_user

Note - Step 10 is necessary.

11. Initialize the master server using the local /etc files by executing the
ypinit-m command.

# ypinit -m

a. The program prompts you for a list of slave servers. When you
complete your list, press Control-D. You can make entries for
all slaves now or rerun the command after you determine that
you need more or fewer slave servers.

b. The program asks if you want to terminate on the first fatal


error. If you answer n, the procedure completes the creation of
the NIS database files. If you answer y, the process aborts with
the first error. You can fix it and restart the ypinit program.

Solaris Operating Environment System Administration I & II Page 493 of 563


Solaris SA 1 & 2 - Training Material

The following dialog provides the text feedback displayed as the program
begins:

# ypinit -m

In order for NIS to operate successfully, we have to construct a list of the NIS servers. Please
continue to add the names for YP servers in order of preference, one per line. When you are
done with the list, type a <control D> or a return on a line by itself.

next host to add: server1


next host to add: ^D

The current list of yp servers looks like this:


serverl

Is this correct? [y/n: y] y

Installing the YP database will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
OK, please remember to go back and redo manually whatever Ceils. It you
don't, some part of the system (perhaps the yp itself) won't work.

Note - If you have to restart the ypinit program, you are prompted to destroy-
the /var/yp/domainname directory. Answer y.

12. Start the NIS daemons on the master server with the following
command:

/usr/lib/netsvx:/yp/ypstart

13. Once ypbind is running you need to complete the following steps to
build the mail. aliases map.

# cd /var/yp
# /usr/ccs/bin/make

If you want to slop the NIS service running on the NIS master, issue the
following command:

# /usr/lib/netsvc/yp/ypstop

Caution - Installations that select Core, End User, or Developer software


configuration clusters do not have all of the necessary files in the
/usr/lib/netsvc/yp to allow a host to function as an NIS server.

Solaris Operating Environment System Administration I & II Page 494 of 563


Solaris SA 1 & 2 - Training Material

Accessing and Testing the NIS Service

The initial way that users access NIS information is during login. When the
user types in a user name and password, the NIS database verifies this
information before it enables a login shell. If the user's home directory is on a
remote system in the NIS domain, the NIS auto_home map will reference the
server information and automatically mount the appropriate directory.

There are some informative commands that display information in the NIS
database. You can use these commands to test NIS service.

The most commonly used NIS commands are:

Note - You do not have to be the superuser to use these commands.

• ypcat - Prints values from the NIS database.

Example: Print the information from the hosts database

$ ypcat hosts
129.0.0.1 localhost
192.9.200.1 hostl loghost
192.9.200.2 host2
192.9.200.6 host6
192.9.200.8 hosts
192.9.200.101 serverl
192.9.200.102 server2

• ypmatch - Prints the value of one or more keys from the NIS database.

Example: Match individual host entries

$ Ypmatch hostl sex-verl hosts


192.9.200.1 hostl
192.9.200.101 server

Example: Match a specific user in the password database

$ ypmatch userl passed


userl: Q7icl6NRPEmak: 11001: 10 : Userl: export/home/user1 : /bin/ksh

Solaris Operating Environment System Administration I & II Page 495 of 563


Solaris SA 1 & 2 - Training Material

• ypwhich - Returns the name of the NFS server that superuser the NIS map
services to an NFS client.

Example: Return the name of the NIS master server

$ ypwhich.
serverl

When used with the -nv option, the ypwhich command provides a list of all
databases and the name of the master server.

Example: List all databases on masterserver

$ ypwhich -m
auto.home serverl
auto.master serverl
time zone.byname serverl
netmasks.byaddr serverl
publickey.byname serverl
<Remaining output omitted>

Solaris Operating Environment System Administration I & II Page 496 of 563


Solaris SA 1 & 2 - Training Material

Configuring the NIS Client

Typically, you configure all systems within a NIS domain as clients:

1. Copy the /etc/nsswitch.nis file to /etc.nsswitch.conf and modify it if


necessary.

2. Edit the /etc/hosts file to ensure that the NIS master server and all slave
servers have been defined.

3. Execute the domainname command to set the local NIS domain. For example,

# domainname classroom.Central.Sun.COM

Note – You can use this command to set the name of a domain within a
classroom in the central region training center.

4. Create or populate the /etc/defaultdomain file with the domain name.

5. Initialize the system as an NIS client with the following command:

# ypinit -c

6. When prompted for a list of NIS servers, enter the names of the NIS
master and all slave servers.

7. Start the NIS software with the following command:

# /usr/lib/netsvc/yp/ypstart

8. On the newly configured NIS client, test the NIS functionality by


entering the following command:

# ypwhich -m

The output should include the name of the NIS master server along with the
database maps it is serving.

Solaris Operating Environment System Administration I & II Page 497 of 563


Solaris SA 1 & 2 - Training Material

Configuring the NIS Slave Server

You must have at least one NIS slave server provide backup should the NIS
master server become unavailable. You can do this by using the following
steps on the system that is designated to become the slave server:

1. Copy the /etc/nsswitch.nis file to /etc/nsswitch.conf and modify it if


necessary.

2. Edit the /etc/hosts file to ensure that the NIS master and all NIS slave
servers have been defined.

3. Execute the domainname command to set the local NIS domain.

# domainname domainname

For example,

# domainname classroom.Central,Sun.COM

4. Create or populate the /etc/defaultdomain file with the domain name.


Add a one-line entry to represent the selected domain name (for
example, domainname in step 3).

5. Initialize the system as an NIS client with the following command:

# ypinit -c

6. When prompted for a list of NIS servers, enter the NIS master host,
followed by the name of the local host and all other NIS slave servers
on the local network.

7. On the NIS master, ensure that the ypserv process is running by


running this command:

# ps -ef | grep ypserv

If it is not running, refer to the previous section on how to start NIS daemons
on the master.

8. Return to the proposed NIS slave system and run ypstart.

# /usr/lib/netsvc/yp/ypstart

9. Initialize the system as an NIS slave with the following command:

# ypinit -s master

Solaris Operating Environment System Administration I & II Page 498 of 563


Solaris SA 1 & 2 - Training Material

where master is the name of the NIS master.

Note - If you did not add the name of the NIS slave server when you initially
configured the NIS master server using the ypinit command, run the ypinit -m
command once more on the NIS master server. In the process of updating the
NIS master, the script prompts you for confirmation when it is about to
destroy the existing domain database Confirm by entering y.

10. Stop the NIS daemons on the slave server with the following
command:

# /usr/lib/netsvc/yp/ypstop

11. Restart the NIS daemons on the slave server with the following
command:

# /usr/lib/netsvc/yp/ypstart

12. On the newly configured NIS slave server, test the NIS functionality
with the following command:

# ypwhich -m

The output should include the name of the NIS master server along with a list
of database maps it is serving to the NIS domain.

Solaris Operating Environment System Administration I & II Page 499 of 563


Solaris SA 1 & 2 - Training Material

Updating the NTS Map

Database files change as time goes on and your NTS maps must be updated.
To update the NIS maps (on the master server), perform the following steps:

1. Update the text files in your source directory (typically /etc unless it
was changed in the Makefile) with the new or modified information,

2. Change to the /var/yp directory.

# cd /var/yp

3. Refresh the NIS database maps by executing the make command,

# /usr/ccs/bin/make

Updating the Hosts Map and Propagating to Slave Servers

The following steps manually update the NIS hosts map on the master server
and propagate all maps to the slave servers:

1. Edit a map source file on the NIS master.

# vi /etc/hosts

2. Remake and push the NIS maps to the slave .servers.

# cd /var/yp; make

The following commands manually "pull" only the host maps horn the master
server.

# /usr/lib/netsvc/yp/ypxfr hosts.byaddr
# /usr/lib/netsvc/yp/ypxfr host.byname

You can also pull all of the maps from the master server at once using the
following command:

# ypinit -s nis_master

Solaris Operating Environment System Administration I & II Page 500 of 563


Solaris SA 1 & 2 - Training Material

Updating the NIS Password Map

If the NIS master is running the rpc.yppasswd daemon, you can update any
client system to the NIS password map by using the

Figure 12-4 Updating the NIS Password Map

The following describes what you need to do to be successful at updating of


the password map:

• Running the rpc.yppasswd daemon on the NIS master server

# /usr/lib/netsvc/yp/rpc.yppasswd. /etc/passwd -m passwd

The rpc .yppasswd daemon updates the NIS master's /etc/passwd file and
passwd map whenever users change their NIS password (with the passwd or
yppasswd commands). The passwd map is then pushed to all slave servers.

Solaris Operating Environment System Administration I & II Page 501 of 563


Solaris SA 1 & 2 - Training Material

• Run the passwd command on any NIS client.

# passwd

Changing NIS password for user1 on server1.


Old password:
New password:
Retype new password:
NIS entry changed on server1

Solaris Operating Environment System Administration I & II Page 502 of 563


Solaris SA 1 & 2 - Training Material

Updating the NIS Slave Server Map

Sometimes maps fail to propagate and you must use ypxfr manually lo retrieve
new map information. To automate the updating and propagating of NIS maps
on slave servers, you can install shell scripts to run as cron jobs. Because maps
have different rates of change, scheduling a map transfer using the crontab
command enables you to set specific propagation times for individual maps.

Sun provides several template scripts in the /usr/lib/netsvc/yp directory that


you can use and modify to meet local site requirements. These scripts are
useful when slave servers are down during NIS map propagations. In such
cases, the slave server might not receive the update unless you run a "safety
valve" script (Figure 12-5).

Figure 12-5 Updating passwd Maps on Slave Servers with Scripts

Solaris Operating Environment System Administration I & II Page 503 of 563


Solaris SA 1 & 2 - Training Material

The following text is the contents of the ypxfr_lperhour script that, if run
hourly using cron, ensures that the NIS slave server’s passwd map is never
more than one hour out of date.

# ! /bin/sh
#
# @(#)ypxfr_lperhour.sh 1.9 92/12/18 Copyright 1999 Sun Microsystems,
# inc.
#
# ypxfr_lperhour.sh - Do hourly NIS map check/updates
#

PATH=/bin: /usr/bin: /usr/lib/netsvc/yp: $PATH


#export PATH

# set -xv
ypxfr passwd. byname
ypxfr passwd.byuid

Solaris Operating Environment System Administration I & II Page 504 of 563


Solaris SA 1 & 2 - Training Material

Updating Other Scripts

There are .scripts called ypxfr__lperday and ypxfr_2perday. The


ypxfr__lperday script checks or updates the following maps daily:

• group.byname

• group.bygid

• protocols.byname

• protocols.bynumber

• networks.byname

• netvjorks.byaddr

• services.byname . :

• ypservers

The ypxf r_2perday script checks and updates the following NIS maps twice
per day:
• hosts.byname

• hosts.byaddr

• ethers.byaddr

• ethers.byname

• netgroup

• netgroup.byuser

• netgroup.byhost

• mail,aliases

Solaris Operating Environment System Administration I & II Page 505 of 563


Solaris SA 1 & 2 - Training Material

Makefile Syntax and New Maps

You can build custom NIS maps for use with local utilities or with Sun
utilities, such as the automounter. By generating an NIS automounter map and
setting up. all NFS clients appropriately, NFS-mountable resources become
available over the network with minimum administration. Changes need to be
made only to the NIS master server, and the NFS server grants NFS access to
clients within the entire NIS domain.

The make Utility

Building customized NIS maps is essentially a lesson in the make utility. The
make utility:

• Is used by programmers to build programs

• Is used by administrators to build NIS maps

• Can be generalized to build customized NIS maps

The make utility receives its instructions from the Makefile file. The Makefile
uses.variable definitions (called macros), targets, and dependencies.

You can use macros as variables, similar to those that are used in a shell script.
A macro is defined at the beginning of the Makefi le and is used throughout
the Makefile by prefixing the macro name with a dollar sign ($).

The make utility builds targets. Targets need dependencies. Dependencies can
represent other targets that must be built before the original target is
considered "made." This structure enables you to nest the target and
dependency pairs to an arbitrary depth, allowing for hierarchical building of
complex code structures.

When making NIS maps, you should keep the target and dependency
relationship is fairly simple..

Solaris Operating Environment System Administration I & II Page 506 of 563


Solaris SA 1 & 2 - Training Material

First Section of Makefile

The NIS Makefile is located in the /var/yp directory and is composed of four
main sections. The first section contains the following macro definitions:

#B=-b
B=
DIR =/etc
PWDIR =/etc
DOM = ‘domainname’
NOPUSH = ""
ALIASES = /etc/mail/aliases
YPDiR=/usr/lib/netsvc/yp
SBINDIR=/usr / sbin
YPDBDIR=/var/Vp
YPPUSH=$ (YPDIR) /yppush
MAKEDBM=$ (YPDIR) /nekedtcn
MULTI=$ (YPDIR) /multi
REVNETGROUP=$ (SBINDIR) /revnetgroup
STDETHERS=$ (YPDIR) /stdethers
STDHOSTS=$ (YPDIR) /stdhosts
MKNETID=$'(SBINDIR) /mknetid
MKALIAS=$ (YPDIR) /mkalias

Solaris Operating Environment System Administration I & II Page 507 of 563


Solaris SA 1 & 2 - Training Material

Second Section of Makefile

The second section contains the first target, all.

all: passwd group hosts ethers networks rpc services protocols


netgroup bootparams aliases publickey netid netmasks to secure
\ timezone auto.master auto.home auth.attr exec.ettr prof.attr
\ user.attr audit.user

The all target has several dependencies, each of which represents one of the
NIS maps to be built. This enables the entire set of NIS maps to be built by
typing:

# cd /var/yp; make

The all target is not considered to be built until each of its targets is first built
in turn. Each of the targets for all depends on another target.

When adding custom maps to NIS, the name of the new map to be built should
be added to the end of the ell target list (auto .direct in the following example).

all: passwd group hosts ethers networks rpc services protocols \


netgroup bootparams aliases publickey netid netmasks c2secure
\ timezone auto.master auto.home auth.attr exec.attr prof.attr
\ user.attr audit.user auto.direct

Solaris Operating Environment System Administration I & II Page 508 of 563


Solaris SA 1 & 2 - Training Material

Fourth Section of Makefile

The entry in the fourth section of the Makefile for each of the dependencies
specified in the all target is:

passwd: passwd.time
group: group.time
hosts: hosts. time
ethers: ethers.time
networks: networks.time
rpc: rpc.time
services: services.time
protocols: protocols.time
netgroup: netgroup.time
bootparams. bootparams. time
aliases: aliases.time
publickey: publickey. time
netid: netid.time
passwd.adjunct: passwd.adjunct.time
group.adjunct: group.adjunct.time
netmasks: netmasks. time
timezone: timezone.time
auto.master: auto.master,time
auto.home: auto.home.time
$(DIR)/netid:
$(DIR)/timezone:
$(DIR)/auto_master:
$(DIR)/auto_home:
$(PWDIR)/shadow:

Solaris Operating Environment System Administration I & II Page 509 of 563


Solaris SA 1 & 2 - Training Material

Using the previous example of an auto .direct map, add a new map to the NIS
domain by appending the appropriate entries to the end of thus second level"
target/dependency pair.

….
auto.direct: auto .direct. tune
….
$ (DIR) /auto_direct:

Therefore, the final lines from the fourth section would look like this after the
auto.direct map was modified.

auto.master: auto.master.time
auto.home: auto.home.time
auto, direct: auto .direct. tin
$(DIR)/netid:
$(DIR)/timezone:
$ (DIR) /auto_master:
$(DIR)/auto_home:
$ (DIR) /auto_direct:
$(PWDIR)/shadow:

The target in this .case, auto.direct, depends on another target auto, direct,
time.

Solaris Operating Environment System Administration I & II Page 510 of 563


Solaris SA 1 & 2 - Training Material

Third Section of Makefile

In the third section of the Makefile, the final target and dependencies are
defined, along with instructions on how to build each map in the domain.

You must add the following lines to the Makefile to build a new auto_direct
map:

auto.direct.time: $(DIR)/auto_direct
-@if .[ -f $(DIR)/auto_direct ]; then \
sed -e "/"-fl/d" -e s/#.*$$// $ (DIR)/auto_direct \
| $(MAKEDBM) - $ (YPDBDIR)/$ (DOM)/auto.direct; \
touch auto.direct.time; \
echo "updated auto.direct",- \
if [ ! $(NOPUSH) ,]; then \
$(YPPUSH) auto.direct; \
echo "pushed auto.direct"; \
else \
:;\
fi \
else \
echo "couldn't find $ (DIR)/auto_direct"; \ ,
fi

Solaris Operating Environment System Administration I & II Page 511 of 563


Solaris SA 1 & 2 - Training Material

You should be aware of the following:

• auto .home. time depends on $ (DIR) /auto_home.

In this case, the dependency is a file. The make utility checks the
timestamp of the target (assumed to be a file, and in the current directory)
against the timestamp of the dependency (usually in the /etc directory). If
the target has a newer modification time than the dependency, the target is
not built, and this section is skipped. If, on the other hand, the dependency
has a more recent modification timestamp, the target is built according to
the instructions in (the section that immediately follows.

• Subsequent lines of make instruction are indented by tabs. (This is


required.)

• You can use make macros in the instructions.

• Instructions that begin with the at (@) sign are not echoed to the screen.
Removing the @ sign is useful for debugging new instructions.

• Instructions that begin with a leading dash (-), occurring before the leading
@ sign, do not have error messages echoed to the terminal.

Solaris Operating Environment System Administration I & II Page 512 of 563


Solaris SA 1 & 2 - Training Material

Building MS Maps

Most map builds consist of the following sequence of actions, which are
specified in the third section of the Makefile:

1. Extract the source file key and value pairs of information using the
awk or sed commands.

2. Send these key and value pairs to the makedbm program to generate
the NIS map.

3. Use touch on the timeslamp file so that this map is not remade unless
and until the source file is updated.

4. Echo the message stating the map has been updated.

5. Push the map to the slave servers.

6. Echo a message stating the push is done.

Caution - The first time you build a new map, the slave servers do not know of
its existence and so the push process attempt fails. Send an interrupt (Control-
C) to the build process when the push process hangs, and execute the ypxfr
command on the map from the slave server(s) to complete the build process.
(This is necessary only during the first build of a new NIS map.)

Note - Details of the awk, sed, and makedbm programs are beyond the scope
of this class.

Solaris Operating Environment System Administration I & II Page 513 of 563


Solaris SA 1 & 2 - Training Material

Exercise: Configuring NIS


Exercise objective - In this lab, you configure a NIS master server and one
NIS client.

Preparation

Choose two partners for this lab and determine which systems will be
configured as the NIS master server and which will serve a;, the NIS slave and
NIS client. You use the NIS master as the jumpstart server later in the course.
Verify that entries for al! systems exist in the /etc/hosts file. Refer to your
lecture notes as necessary to perform the steps listed.

Task Overview

In this exercise, you accomplish the following:

• On the system that will become the NIS master server, replace the
/var/yp/Makefile file with an updated copy that references /etc/locale.
Your instructor will provide the Makefile.

Solaris Operating Environment System Administration I & II Page 514 of 563


Solaris SA 1 & 2 - Training Material

• Use the following commands and files to create and configure an NIS
master server. Configme only a master server. Verify that the
configuration works using the ypwhich -m command.

/etc/nsswi tch.nis
/etc/nsswitch.conf
/etc/defaultdomain
/etc/ethers
/etc/bootparams
/etc/locale
/etc/netmasks
/etc/timezone
/etc/security/audit_user
/etc/security/auth_attr
/etc/security/exec_attr
/etc/security/prof_attr
domainname
ypinit
ypstart

• Use the following commands and files to create and configure an NIS
client. Verify that the configuration works using the ypwhich -m
command.

/etc/nsswitch.nis
/etc/nsswitch.conf
domainname
/etc/defaultdomain
ypinit
ypstart/etc/nsswitch.nis
/etc/nsswitch.conf
/etc/defaultdomain
/etc/ethers
/ etc/bootparams
/etc/locale
/etc/netmasks
/etc/timezone
/etc/security/audit_user
/etc/security/auth_attr
/etc/security/exec_attr
/etc/security/prof_attr
domainname
ypinit
ypstart

Solaris Operating Environment System Administration I & II Page 515 of 563


Solaris SA 1 & 2 - Training Material

• Use the following commands and files to create and configure an NTS
slave server. Verify that the configuration works using the ypwhich -m
command.

/etc/nsswitch.nis
/etc/nsswitch.conf
domainname
/etc/defaultdomain
ypinit
ypstart
ypcat

• Use the following commands and files to create and update a new NIS
map, auto.home. Verify that the new map works using the ypcat command.

/etc/nsswitch.nis
/etc/ns switch,, conf
domainname
/etc/defaultdomain
ypinit
ypstart

Solaris Operating Environment System Administration I & II Page 516 of 563


Solaris SA 1 & 2 - Training Material

CHAPTER - 24

JUMP START™- AUTOMATIC INSTALLATION

Objectives

Upon completion of this module, you should be able to:

• List the main components for setting up a JumpStart network installation

• Set up boot services on a subnet using the setup_install_server script

• Describe the JumpStart client boot sequence

• List the files necessary to support JumpStart boot operations

• Describe the use of the sysidcfg file with and without name service support

• Set up a JumpStart installation server to provide the Solaris Operating


Environment with the software necessary lo install clients.

• Describe the use of the add_to_install_server and modify_install_server


scripts

• Add install clients to the install servers and boot servers

• Create a configuration server with customized rules and class files

• Use the pf install command lo test configuration and installation files

• Boot install clients

• Configure N1S name service support for the JumpStart program

Solaris Operating Environment System Administration I & II Page 517 of 563


Solaris SA 1 & 2 - Training Material

Introduction to JumpStart

JumpStart is an automatic installation (auto-install) process available in the


Solaris Operating Environment. JumpStart allows you to install Solaris
automatically and configure it differently depending on characteristics of
client systems. JumpStart implementations use these identifying characteristics
to select the correct configuration for each client system.

Who Should Use JumpStart and Why?

System administrators who need to install multiple systems with similar


configurations can use JumpStart to automate the installation process.
JumpStart eliminates the need for operator intervention during the installation
process.

Advantages of using JumpStart include the following:

• It frees system administrators from the lengthy question and answer


session that is part of the interactive installation process

• It enables system administrators to install different types of systems


simultaneously

• It installs the Solaris Operating Environment and unbundled software


automatically

• It simplifies administration tasks when widely-used applications must be


updated frequently

JumpStart provides networked computing environments with considerable


time savings when multiple or ongoing installations are required.

Solaris Operating Environment System Administration I & II Page 518 of 563


Solaris SA 1 & 2 - Training Material

Jumpstart Components

There are three main components to jumpStart:

• Boot and client identification services- These are provided by a networked,


boot server.

A boot-server provides the information that a JumpStart client needs to boot


using the network. This includes RARP, TFTP, and bootparams information,
and the identity of sewers that will provide installation and configuration
services. The boot server must reside on the same subnet as the client, but the
install and configuration servers may reside on other network segments.

The boot server can also provide client identification information. This
information answers the system identification questions normally asked bythe
interactive installation routine. It is possible for one server to provide boot,
installation, and configuration services.

• Installation services -These are provided by a networked install server.

An install server provides an image of the Solaris Operating Environment that


the JumpStart client uses as its source of data to install. The install server
shares a Solaris image either from a delivery CD-ROM, or from an area on a
local disk. Because the Solaris Operating Environment is delivered on two
CD-ROMs, only the Core and End User configuration clusters can install
without spooling the OS onto a local disk. jumpStart clients use NFS to mount
the OS image during the installation process.

• Configuration services -These are provided by a networked configuration


server.

A configuration server provides information that a JumpStart client uses to


partition disks and create filesystems, add or remove Solaris packages, and
perform other configuration tasks Clients select a configuration based on
identifying information known as a "class". A configuration server shares a
directory that contains a "rules" file and "class" files that allow clients to
obtain appropriate configuration information.

Solaris Operating Environment System Administration I & II Page 519 of 563


Solaris SA 1 & 2 - Training Material

If any one of (he three main components is improperly configured, the


JumpStart clients can:

• Fail to boot

• Fail to find a Solaris Operating Environment image to load

• Ask questions interactively for configuration

• Fail to partition disks, create file systems, and load the operating
environment.

Using add_install client

The script add_install_client allows you to establish support for clients on


JumpStart servers. Because JumpStart components mayexist on more than one
server, you must select options to add_install_client and specify arguments
that reflect the overall JumpStart configuration in place.

The general syntax of add_install. client is described here, but its use for
specific configurations is described throughout the module.

The add_install_client script adds support for JumpStart clients by updating


information as required on the install server. The files that these updates affect
can include /tftpboot, /etc/dfs/dfstab, etc/.bootparams, /etc/inetd.conf, and
/etc/nsswitch.conf.

The add_install_client script must run from the install server's installation
image, either on CD-ROM or spooled to disk, or the boot server's boot
directory. On the Solaris,1 of 2 CD-ROM, this directory is
/cdrom/cdrom0s0Solaris_10/Tools. In an OS image spooled to disk below
/export/install, this directory is / export / ins tall/Solar is_8/Tools.

Solaris Operating Environment System Administration I & II Page 520 of 563


Solaris SA 1 & 2 - Training Material

Command Syntax
Options and arguments for add_install_client include the following:

add_install_client -i JP_address -e Ethernet_address \


-s server .-path -c server.-path -p server .-path client_name platform__group

Options

-i Specifies the IP address of the client. This option is not required if


an entry for the client exists in a naming service in use on the boot
server or in the /etc/inet/hosts file.

-e Specifies the Ethernet (MAC) address of the client. This option is not
required if an entry for the client exists in a naming service in use on
the boot server or in the /etc/ethers file.

-s serverr:path specifies the server and absolute path of the Solaris


installation image used for this installation. This option is not required
if the boot server also acts as the install server. This option is only
required when running
add_install_client from a boot server.

c- serverpath specifies "the server and absolute path of the directory that
holds configuration information (rules and class
files).

-p serverpath specifies the server and absolute path of the directory that
holds the sysidcfgfile.

'The client_name argument specifies the name of the client.as recorded in


/etc/inet/hosts and /etc/ethers.

The platform_group argument specifies the hardware platform type as reported by


uname -m (for example., sun4u, sun4m, sun4c).

Solaris Operating Environment System Administration I & II Page 521 of 563


Solaris SA 1 & 2 - Training Material

Setting Up Boot Services


A boot server allows JurnpStart clients to boot via the network, and provides installation and configuration
server information.

This section describes JumpStart boot services including:

• The JumpStart client boot sequence

• Boot operation support files

• Adding a bootable Solaris Operating Environment image

• Using the add_.install_client script to specify a boot server that is separate from an
install server

Solaris Operating Environment System Administration I & II Page 522 of 563


Solaris SA 1 & 2 - Training Material

The following steps describe how the Jumpstart process works:

1. When a network workstation boots, the boot PROM


(programmable read-only memory) issues a Reverse Address Resolution Protocol
(RARP) broadcast to the network. On receiving the RARP request, the boot server
translates the Ethernet address to an Internet address.

The boot server running the RARP daemon, /usr/sbin/in. rarp, looks up the Ethernet
address in the /etc/ethers file, checks for a corresponding name in the/etc/hosts file,
and passes the Internet address back to (he-client.

2. The client's boot PROM sends a Trivial File Transfer Protocol (TI-TP) request for
its boot program.

3. The server searches for a symbolic link named for the client's Internet Protocol
(IP) address expressed in hexadecimal format .This link points to a boot program
to a particular Solaris releases and client architecture, For SPARCTM systems, the
file name is hex-IP-address.archticecture.

C009C864.SUN4U ->'inetboot.sun4u.Solaris-1

4. The server uses the in. tftpd daemon to transfer the boot program to the client. The
client then.runs the boot program.

5. The boot program tries to mount the root file system. To do so, it issues a whoami
request to discover the client's host name. A server running the boot parameter
daemon, rpc.bootpararrd, looks up the host name, and responds to the client. Then,
the boot program issues a getfile request to obtain the location of the client's root
and swap space.

6. The server responds with the information obtained from the /etc/bootparams file.

7. Once the client has its boot parameters, the boot program on (ho client mounts
the / (root) file system from the boot server. The client loads its kernel and
starts (he init program. When (he boot server is finished bootstrapping the
client, it redirects the client to the configuration server.

Solaris Operating Environment System Administration I & II Page 523 of 563


Solaris SA 1 & 2 - Training Material

8. The client searches for the configuration server using bootparams information.
The client mounts the configuration directory and runs sysidtool the client
then uses bootparams information to locate and mount the installation
directory where the Solaris image resides. The client then runs the Sunlnstall
program and installs the operating environment.

Solaris Operating Environment System Administration I & II Page 524 of 563


Solaris SA 1 & 2 - Training Material

Boot Operation Support Files

For boot operations to proceed, the following files and directories must be properly
configured on the boot server: /etc/ethers, /etc/hosts, /etc/bootparams, /etc/dfs/dfstab,
and /tftpboot.

On a network running the NIS or NIS-i- name services, the identification information
from the JumpStart server files must also be incorporated in the domain database
maps.

The /etc/ethers File

When the JumpStart client boots, it has no IP address so it broadcasts to the network
using RAFP and its Ethernet address. The JumpStart server receives the request and
attempts to match the client's Ethernet address with entry in the local /etc/ethers file.

If a match for the Ethernet number is found, the client name is matched to an entry in
the /etc/hosts file. In response to the RARP request from the client, the JumpSlart
server sends the IP address from the /etc/hosts file back to the client. The client then
continues the boot process using the IP address.

If a match is riot found, the client cannot acquire its IP address and cannot continue
the. boot process. The usual (repeating) message displayed on the screen of a
JumpStart client when this occurs is the following:.

Timeout waiting for ARP/RARP packet

An entry for the JumpStart client can be created by editing the /etc/ethers file or as
one of the arguments to the add_install_client script. The following example is an
entry in the /etc/ethers file for a JumpStart client:

8:0:20:2f:90:3d clientl

Solaris Operating Environment System Administration I & II Page 525 of 563


Solaris SA 1 & 2 - Training Material

The /etc/hosts File

The /etc/hosts file is the local database that associates the names 01 hosts with
their IP addresses. The JumpStart server references this file when trying to
match an entry from the local /etc/ethers file in response-to a RARP request
from a client.

If a match is not found, the client cannot acquire its IP address and cannot
continue, the boot process. The usual (repeating) message displayed on the
screen of a JumpStart client when this occurs is the following:

Timeout .waiting for ARP/RARP packet

An entry for the JumpStart client can be created by editing the /etc/hosts file or
as one of the arguments to the add_install_client script. The following
example is an entry in the /etc/hosts file for a JumpStart client:

192.9.200.100 clientl

Solaris Operating Environment System Administration I & II Page 526 of 563


Solaris SA 1 & 2 - Training Material

Tlie /tftpboot Directory

The /tftpboot directory contains the inetboot.SUN4x.Solar is_8-1 file that is


created for each JumpStart client when the add_install_client script is run.
When booting over the network, the client's boot PROM makes a RARP
request and when it receives a reply, the PROM broadcasts a TFTP request to
fetch the inetboot. file from any server that responds and executes it. For
example, the inetboot file created for a JumpStart client with a sun4u
architecture' is named inetboot;.SUW4U.Golaris__8-l. Two additional
symbolic links to this file are also created at the same time containing the IP
address and the architecture of the client system. The long listing output of a
/tftpboot directory that supports one sun4u client with an IP address of 192.
9.200 .100 appears as follows:

# ls -1 /tftpboot
total 344
lrwxrwxrwx 1 root other 26 Apr 15 21:20 C009C864 ->
inetboot.SUN4U.Solaris_10-l*
lrwxrwxrwx 1 root other 26 Apr 15 21:20 C009C864-SUN4U ->
inetboot.SUN4U.Solaris_10-l*
-rwxr-xr-x 1 root other 159768 Apr 15 21:20
inetboot.SUN4U.Solaris_10-l*
-rw-r—r— 1 root -other 315 Apr 15 21:20 rm.192.9 .200 .100

The inetboot program makes another RARP request, then uses the bootparams
protocol to locate its root file system. It then-mounts the root file system
across the network using the NFS protocol and runs the kernel.

If the files in the /tftpboot directory are unavailable to the JumpStart client
when the boot process is initiated, the client cannot retrieve bootparams
information for the root file system and stops the boot process without
displaying an error message.

Solaris Operating Environment System Administration I & II Page 527 of 563


Solaris SA 1 & 2 - Training Material

The /etc/bootparams File

The /etc/bootparains file contains entries that network clients use for booting.
JumpStart clients retrieve the information from this file by issuing requests to
a server running the rpc.bootpararad program. The /etc/bootparams file can be
used in conjunction with, or in place of, other sources for the bootparams
information. When the JumpStart client makes die request, the server
references the /etc/bootparams file and responds with the file system
information required for NFS mount to enable network installation.

If the required entries are not in the /etc/bootparams file, the JumpStart client
cannot determine the appropriate server and file system to mount, and stops at
the beginning of the boot process without displaying an error message.

Entries in this file are created by the options and arguments entered as part of
the add_install_client script. The following example is an entry in the
/etc/bootparams file for a JumpStart client named clientl:

clientl
toot=serverl:/export/install/Solaris_10/Tools/Boot.
install=serverl:/export/install
boottype=:in
sysid_config=serverl:/export/conf ig
install_conf ig=serverl:/export/conf ig
rootopts=:rsize=32768

Solaris Operating Environment System Administration I & II Page 528 of 563


Solaris SA 1 & 2 - Training Material

The following lists describes the entries:

• clientl - The JumpStart client name

• root=serverl:/export/iris tall/Solaris_10/Tools/Boot-The boot server name


and directory for the root file system

• install=serverl: /export/install - The server name and directory for the


Solaris software image

• boottype=: in - Indicates a network boot and installation

• sysid_config-serverl: /export/contig - The server name and directory for


the JumpStart configuration file system

• install_config=serverl; /export/config - The server name and directory for


the operating environment installation files

• rootopts=:rsize=32768- Mount options for the root file system and NFS
read size

The /etc/dfs/dfstab File

The /etc/dfs/dfstab file lists local file systems to be shared to the network.
Typically, when you initially set up the JumpStart server, you must manually
update this file with an entry for the configuration directory you want to share
to the network to support remote installation. This file is again populated with
the installation directory location as a result of the add_install_server script.

If the required entries are not in the /etc/dfs/dfstab file, the JumpStart client
cannot mount the file systems specified in the /etc/bootparams and displays
the following error message:

panic - boot: Could not mount filesystem

Program terminated

ok

Solaris Operating Environment System Administration I & II Page 529 of 563


Solaris SA 1 & 2 - Training Material

Adding a Bootable Image

To enable the client for JumpStart network installation, you must set up an
install server, boot server, and. a configuration server (see the "JumpStart
Components" on page 13-4).

You can set up a boot server that uses the Solaris software image located on
the CD-ROM by using the following steps:

1. Ensure that the system has an empty directory (/export/ install, for
example) with approximately 156 Mbytes of available disk space.

2. Insert the Solaris Software CD-ROM 1 of 2 in the CD-ROM drive,


allowing void to automatically mount the CD-ROM.

3. Change the directory to the location of the setup_install_server script.

# cd /cdrom/cdrom0/s0/Solaris_10/Tools

3. Run the setup_install_server script:

# ./setup_install_server -b /export/install

Note - The add_install_client to create JumpStarl clients and the


rm_nstall_client to remove an existing JumpStart client are also in this
directory.

Solaris Operating Environment System Administration I & II Page 530 of 563


Solaris SA 1 & 2 - Training Material

Adding Install Clients

You can create a Jumpstart client using a server named serverl to provide only
the boot function JumpStart component. You use another system as the install
server (named server2) for the Solaris software image installation and
configuration components by running the add_install_client command to
create a client named clientl with a sun4u architecture, as follows:

# /add_install_client
-s server2: /export/install -c servers .-/export/config \
-p server2:/export/config clientl sun4u

Run this command from the /export/install/Solaris_10/Tools directory on the


boot server (serverl). The arguments to options -s, -c, and -p, redirect the
JumpStart clients to server2 for the configuration information and the Solaris
software image.

Solaris Operating Environment System Administration I & II Page 531 of 563


Solaris SA 1 & 2 - Training Material

Setting Up Client Identification .

When a JumpStart client boots for the first time, the booting software first tries
to obtain system identification information (such as the system's host name, IP
address, locale, timezone, and root, password) from a sysidcfg file and then
from the name service database. Therefore, you can use a sysidcfg file to
answer system identification questions during the initial part of the installation
regardless of whether or not a name service (NIS or NIS+) is used. If the
JumpStart server provides this information, the client bypasses the initial
system identification portion of the Solaris Operating Environment installation
process without administrator intervention

Without the sysidcfg file or a name service database, the client displays the
appropriate interactive dialog boxes to request needed identification
information.'

Solaris Operating Environment System Administration I & II Page 532 of 563


Solaris SA 1 & 2 - Training Material

Using the sysidcfg File to Identify a Client

In the absence of a name service on the, network, the sysidcfg file must be
present to automate system identification.

Table 13-1 lists the keywords and arguments used in the construction of the
sysidcfg file.

Table 13-1 Keywords and Arguments of the sysidcfg File

Keyword Argument

name_service {domain_.name} name_service=NIS, NIS+, OTHER, NONE


Options for NIS and NIS-K {domainname=domain_name name__server=hostname (ip_address))

Options for DNS:


(domainname=domain_name
name_server ip__address, ip_address, ip_address (three
maximum) search=domain_name, donain_name,
domain_name, domain_name,
domain_name, domain_name
(six maximum, the total length is less than or equal to
250 characters))

network_interf ace, hostname, network_interface-NONE, PRIMARY,


Internet Protocol (IP) address, or value
netmask, DHCP, IPv6 {hostname=hostna.Tie ip_address = ip
address netmask=netmask protocol_ipv6=yes/no)

If DHCP is used, specify: {dhcp


protocol_ipv6+yes_or_no)

If DHCP is not used, specify:


(hostname=host_name ip_address=ip
address netmask-netmask
protocol_ipv6=yes_or_no)

root_password root_password=root_password
(Encrypted password from /etc/shadow)

Solaris Operating Environment System Administration I & II Page 533 of 563


Solaris SA 1 & 2 - Training Material

Table 13-1 Keywords and Arguments of the sysidcfg File (Continued)

Keyword Argument

security_policy seeurity_policy-kerberos, NONE

Options for kerberos:


{default_realm=FQDN admin_server=FQDN
where FQDN is a fully qualified domain name.

Note: You can list a maximum of three key distribution


centers (KDCs), but at least one is required.

system_locale system_locale=locale
(Entry from /usr/lib/locale)

terminal terminals terminal. type


(Entry from /usr/share/lib/tenrdnfo database)

timezone timezone=timezone
(Entry from /usr/share/lib/zoneinfo/}

timeserver timeserver=localhost, hostname, or


ip_addr

Sample sysidcfg File

The following rules apply to die sysidcfg file:

• Keywords can be in any order.

• Keywords are not case sensitive.

• Keyword values can be optionally enclosed in single (') or double (")


quotes.

• Only the first instance of a keyword is valid; if a keyword is specified


more than once, the first keyword specified is used.

Solaris Operating Environment System Administration I & II Page 534 of 563


Solaris SA 1 & 2 - Training Material

The following is an example of a sysidcfg file:

# Sample sysidcfg file for SPAR.C systems


system_locale=en__US
timezone=US/Mountain
timeserver=localhost
terrrunal=vtl00
name_service=NONE
security_policy=NONE .
root__password=Hx2 3475 vABDDM
network_interface=PRIMARY {protocol.. ipv6=yes netmask=2S5 .255.255.0}

Locating the sysidcfg File

The location of the sysidcfg file (host and absolute directory path) is specified
by the -p argument to the add_install_client shell script used to create
JumpStart client information files. (See "Using add_install_client" on page 13-
5 and "Adding Install Clients" on page 13-17).

As previously mentioned, you can use the sysidcfg file to answer system
identification questions during the initial part of installation regardless of
whether a name service (NIS or NIS+) is used. When this file is used with the
NIS naming service, identification parameters, such as locale and timezone
can be provided from the name service. The sysidcfg file necessary for
installing a JumpStart client on a network running the NIS name service is
typically shorter and a separate sysidcfg file for each client is unnecessary.

You can use the /etc/locale, /etc/timezone, /etc/hosts, /etc/ethers and


/etc/netmasks files as the source for creating NIS databases to support client
JumpStart installations. The following paragraphs provide a brief explanation
of how each file, when created or modified and then converted to its respective
database map, determines a specific identification parameter for the client
installation process.

Solaris Operating Environment System Administration I & II Page 535 of 563


Solaris SA 1 & 2 - Training Material

The /etc/locale File

To enable MS support for a network installation of a JumpStart client, you


must create the /etc/locale file if it does not exist (this assumes that the
system_locale keyword is not provided in a sysidcfg file). When converted to
its respective NIS map, locale.byname, it provides the installation program
running on the JumpStart client with the default language information. If this
information is not available, the client installation displays a dialog box and
prompt for it.

The following is an example of the content found in the /etc/locale file on an


NIS master for the Central.Sun.COM domain that sets the default language to
English.

Central.Sun.COM en US

Note - You can also specify separate entries based on a host name rather than
a domain. For a list of possible locale entries for this file, run the ' locale -c'
command.

Solaris Operating Environment System Administration I & II Page 536 of 563


Solaris SA 1 & 2 - Training Material

Setting Up Locale

If the installation, media contains multiple languages, you are prompted for
the language to use during installation unless the installation process car.
determine the default localization.

On the NIS server, complete the following steps:

1. Make the following changes to the /var/yp/Makefile file

a. Add the following text after the existing audit .user . time entry
(approximately line 424):

locale.time: $(DIR)/locale
-@if ( -f $(DIR)/locale ]; then \
sed -e "/^#/d" -e s/#.*$$// $ (DIR)/locale \
| awk /{for (i = 2,- i<=NF; I++) print $$i, $$0}' \
| $(MAKEDBM) -$ (YPDBDIR) /$ (DOM) /locale.byname; \
touch locale.time; \
echo "updated locale"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) locale.byname; \
echo "pushed locale"; \
else \
:;\
fi \
else \

echo "couldn't find $(DIR)/locale"; \


fi

Solaris Operating Environment System Administration I & II Page 537 of 563


Solaris SA 1 & 2 - Training Material

The /etc/timezone File

To enable NIS support for a network installation of a JumpStart client, you


must create the/etc/timezone file. If it does not exist (this assumes that the
timezone keyword is not provided in a sysidcfg file). When converted to its
respective NIS map, timezone. byname, it provides the installation program
running on the JumpStart client with the default lime zone information. If this
information is not available, the client installation displays a dialog box and
prompts for it.

The following is an example of the content found in the /etc/timezone.file on


an NIS master for the Central. Sun.COM domain that sets the default timezone
to U.S. Mountain Standard Time:

US/Mountain Central.Sun.COM

Note - You can also specify separate entries based on a host name rather than
a domain. A list of possible locale entries for this file exists in the
/usr/share/lib/zoneinfo directory.

The/etc/hosts File

To enable NIS support for a network installation of a JumpStart client., you


must update the /etc/hosts file to include the client EP address and host name.
When converted to its respective NIS map, hosts, it provides the installation
program running on the JumpStart client with its IP address. Additionally, this
file must have a timehost alias specified so the client can obtain the time of
day information required for installation. Typically, this alias is assigned to the
JumpStart server or the NIS master. If the client IP address information is not
available, the client installation displays a dialog box and prompts for it.

The following is an example of the content found in the /etc/hosts file on a


JumpStart server named server 1 for a client named client! with an IP address
of 192.9.200.100 (includes the timehost alias assigned to the server):

192.9.200.1 serverl timehost


192.9.200.100 clientl

Solaris Operating Environment System Administration I & II Page 538 of 563


Solaris SA 1 & 2 - Training Material

The /etc/netmasks File

To enable NIS support for a network installation of a JumpStart client, you


must update the /etc/netmasks file to include the local network netmask value.
When converted to its respective NIS map, netmasks byaddr, it supplies the
installation program running on the JumpStart client with the local netmask
value. If the client netmask information is not available, the client installation
displays a dialog box and prompts for it.

The /etc/netmasks file contains network masks used to implement IP subnets.


It supports both standard subnetting as specified in Request for Change (RFQ-
950 and variable length subnets as specified in RPC-1519. When using
standard subnets, there should be a single line for each network that is
submitted in this file with the network number, any number of SPACE or
TAD characters, and the network mask to use on that network. You can
specify network numbers and masks in the conventional IP '.' (dot) notation
(such as IP host addresses, but with zeroes for the host part). For example, you
can use:

192.9.200.0 255.255.255.0

to specify that the Class C network, 192 .9.200.0, should have eight bits of
host field and twenty-four bits in the network field.

Note - See the man page for netmasks for more examples of subnets.

Solaris Operating Environment System Administration I & II Page 539 of 563


Solaris SA 1 & 2 - Training Material

Setting Up an Install Server

To enable a networked client to install the Solaris Operating Environment, the


JurnpStart install server must have the Solaris Operating Environment release
software image available either on the local disk or from a CD-ROM shared to
the network. The most common configuration for the JumpStart install server
is to have this software available from the local disk. You use the
setup__install_server script to accomplish this task. This script was previously
described in "Adding a Bootable Image" on page 13-16.

The Solaris Operating Environment releases before release 8 (Solaris 7, 2.6,


2.5, and so on), had only one CD-ROM that contained the entire operating
environment The Solaris Operating Environment has three; an installation CD-
ROM, 1 of 2, and 2 of 2. To establish an installation server that c6ntains the
capability provided by the three CD-ROM set, you must make use of three
different installation scripts:

To set up a install server that uses the Solaris software Image located on the
local disk, perform following steps:

1. Ensure that the system has an empty directory (/export/install, for


example) with approximately 700 Mbytes of available disk space.

2. Insert-the Solaris Software CD-ROM 1 of 2 in the CD-ROM drive


allowing void to automatically mount the CD-ROM.

3. Change the directory to the location of the setup_install_server script.

# cd /cdrom/cdrom0/s0/Solaris_10 /Tools

4. Run the setup_install_server script to copy the release software from


the CD-ROM to the local disk (this process takes about one hour):

# /setup_install_server /export/install

There are two additional scripts that add functionality to the JumpStart boot or
installation server; add_to_install_server and modify_install_server. For more
information, sec "Adding a Bootable Image" on page 13-16.

Solaris Operating Environment System Administration I & II Page 540 of 563


Solaris SA 1 & 2 - Training Material

The add_to_install_server Script

The add_t.o_install_server script located on the Solaris Software CD-ROM 2


of 2 enables the installation of supplemental CD-ROM products directories to
an existing install server. If you do not use this script to install the additional
Solaris Operating Environment release software located on CD-ROM. 2 of 2,
you will be limited to Core and EndUser software clusters.

To add the Solaris Operating Environment supplemental software products to


an existing install server, perform the following steps (this process takes about
15 minutes):

1. Insert the Solaris Software CD-ROM 2 of 2 in the drive. The void


daemon automatically mounts the CD-ROM.

2. Change the directory to the location of the add_to_install_server script.

# cd /cdrom/cdrom0/Solari8_8/Tools

3. Run the add_to_install_server script to install the additional software


into the installation directory on the JumpStart server (assuming the
location to be/export/install).

# .add_to_install_server /export/install

The modify_install_server Script

The modify_install_server script located on the Solaris Software Installation


CD-ROM enables an interactive WebStart style of installation on the client.

Warning - Running the modify_install_server script actually defeats the


purpose of the JumpStart program. It disables the non-interactive benefit of the
JumpStart program. The resulting installation process will be interactive.

Solaris Operating Environment System Administration I & II Page 541 of 563


Solaris SA 1 & 2 - Training Material

Setting up the Configuration Server

This section elaborates on the JumpStart configuration server setup. This


system provides the configuration files for the JumpStart clients as previously
discussed (see "Jumpstart Components: section).

The configuration directory minimally contains the following files:

• The rules file

The rules file classifies the machines on your network using a set of
predefined keywords (included in Appendix A, "The JumpStart rules and
Class Files"). It also specifies the class file to be used by each class of
machines.

• A class file for each category of machines you have determined on your
network

The class files specify how the installation is to be done and what software
is to be installed. The name of a class file is chosen by the system
administrator and should follow UNIX file name conventions.

• The check script

You must run the check script after the rules and class files are created. It
checks the syntax in the rules and class files. If there are no syntax errors,
the check script creates the rules .ok file.

• The rules.ok file is created from the rules file by the check script. It is read
during the automatic installation process (the rules file is not looked at).

• Optional begin and finish scripts.

• The begin and finish scripts are used to perform pre-installation and post-
installation tasks. These scripts are available to perform more advanced
customization of the installation process, such as answering the power
management question that is asked when the newly-installed system first
boots.

Solaris Operating Environment System Administration I & II Page 542 of 563


Solaris SA 1 & 2 - Training Material

Setting Up a Configuration Server Directory

To set up a configuration directory, perform the following steps:

1. Select the system that will be the JumpStart configuration server and
create the directory where you want to store the configuration
information files. For the purpose of this discussion, use the
/'export/config directory as the name.

2. Mount the CD-ROM and copy the contents of the


/cdrom/Sol_10_sparc/sO/Solaris_10/Misc/jurnpstart_saniple directory
located on the Solaris Soft-ware CD 1 of 2 to your local /export/config
directory. The jumpstart._sample directory from the CD-ROM
contains template configuration files that you can customize; the rules
file, several class files, a finish script, and the check script.

3. Share the configuration directory.

Add an entry to share the configuration directory to the network in the


/etc/dfs/dfstab file. For example:

share -d “configuration directory" /export/config

Execute the/etc/nfs.server start command.

Note - If the system is already an NFS server, you need to run only the
shareall command.

4. Determine the different classes of machines that are or will be on your


network and create the /export/config/rules tile.

During the auto-install process, the install client is matched to a class


in the rules file. Each class defined in the rules file has a specified file,
called a class file, associated with it that is used to install the software.

Solaris Operating Environment System Administration I & II Page 543 of 563


Solaris SA 1 & 2 - Training Material

5. Determine what installation parameters to me for each class (category)


of machines you listed in step 4 and create /export/config/class file for
each (see the "Creating the Class Files" section on page 13-35). The
class file specifies how to partition the disk, what software clusters and
packages to install, and what file systems to mount. (See the host_class
template file in the configuration directory.)

6. Create begin and finish scripts. (This is optional.)

A begin script is run before the class file; that is, before the actual
installation, of software specified in the class file. A finish script is rim
after the class file but before the system is rebooted. You can use it to
modify the files or file systems of the newly installed system.

7. After configuration of the rules file, the class files, and the begin and
finish scripts, run the check script. This script checks the rules and
class files for correctness and basic syntax. If no fatal errors are found,
the rules ok file is created from the rules file. It is the rules .ok file that
is used by the client during the installation process.

a. If the configuration server is running the Solaris Operating


Environment, run the following commands:

# cd /configuration_directory.
# ./check

If the configuration server is not running the Solaris Operating Environment,


use the -p option to specify the path to the Solaris distribution.

b. Mount the Solaris distribution CD-ROM on the configuration


server (unless the configuration server is also the install server
and you copied the distribution to the install server).

c. Run the following commands:

# cd /configuration_directory
# ./check -p /path_to__Solaris distribution

Solaris Operating Environment System Administration I & II Page 544 of 563


Solaris SA 1 & 2 - Training Material

Creating the rules File

The rules file classifies the machines on your network, You should have a
template of a rules file (an actual file called rules) in you; configuration
directory after you copy the jumstart_sample directory to your configuration
directory.

The rules file is read sequentially. Ac soon as the system finds a match in the
rules file, it slops reading the file and continues with the JumpStart process.
The fields are defined in Table 13-2 on page 13-32.

Solaris Operating Environment System Administration I & II Page 545 of 563


Solaris SA 1 & 2 - Training Material

Syntax

[!] match_key match_value [&&. [!} mach_key match_value] * \


begin class finish

Table 13-2 describes the fields in the rules file.

Table 13-2 Fields in the rules File

Field Definition

match__key A predefined keyword that describes an attribute


of the system being installed. Examples of system attributes include
physical memory size, disk sizes, kernel architecture, and so on.
Keywords are used to help match a machine to a particular class for
installation and are interpreted with respect to the install client.

match_value The value (or range of values) selected by the system administrator for
the match_key.

begin The name of the begin script. A - is used in the


begin field if no begin script is to be run during the automatic
installation process.

class The name of the class file. The names for the
class files are chosen by the system administrator and must follow
UNIX file name conventions.

finish The name of the finish script (or a dash, -).

Solaris Operating Environment System Administration I & II Page 546 of 563


Solaris SA 1 & 2 - Training Material

Using the && Symbols


You can use several keywords in a rule. They are joined together by the
logical AND symbol, && .

Using the ! Symbol

The logical NOT ! symbol, if, used in front of a keyword to express negation.
That is, to express that the install client's value for match_key does not equal
the match.value specified in the rule.

Comments

You can use comments in the rules file.

A comment begins after a hash(#) sign. If a line starts with a # that the entire
line is a comment line. If a # is found in the middle o! a line, everything after
the $ is considered a comment.

Note - Blank lines are also allowed in the rules file.

Available Keywords

Use the following keywords to classify the machines on your network. See
Appendix A, "The JumpStart rules and Class Files," for a detailed description
of each keyword.

Table 13-3 Keywords

Keywords

any hostname model


arch installed network
domainname karci totaldisk
disksize memsize

Solaris Operating Environment System Administration I & II Page 547 of 563


Solaris SA 1 & 2 - Training Material

Examples of rules File Entries

The following is an example of the rules file entries.

#
# The first five rules listed here demonstrate specifics:
#
hostname clientl - host__class set_root_pw
hostname client2 - class.,basic_.user
network 192.43.34.0 && ! model 'SUNW, Ultra-5_10' - class_net3
model 'SUNW,Ultra-5_10' - class_ultra complete_ultra
memsize 64-96 && arch spare - class_prog_user
#
# The following rule matches any system.
any - - class_generic -

In this rules file example:

• The first rule matches a machine on a network called clientl. The class file
is host_class and the finish script is set_root_pw

• The second rule matches a machine with host name client2 . The class file
is class_basic_user.

• The third rule matches a machine on network 192.43.34 that is not an Ultra
5 or 10. The class file is class_net3; there is no bag in or finish script.

• The fourth rule matches a machine that is an Ultra 5 or 10. The class file is
class_ultra, and there is a finish script calico complete_ultra.

• The fifth rule matches a machine with memory between 6-1 and 96
Mbytes and a SPARC architecture. The class file is
class._prog_user.

• The sixth rule matches any machine. The class file is class_generic and
there is no begin or finish script

Solaris Operating Environment System Administration I & II Page 548 of 563


Solaris SA 1 & 2 - Training Material

Creating the Class Files

A class file, which is specified in a rule, determines how the installation is


performed on the client and what software is installed. Unlike the rules file,
class files do not have required names However, just as for the rules file, there
are predefined keywords that require certain parameters.

Keywords and Arguments

The following keywords and argument parameters arc used in a class file to
specify how the installation is to be done and what software to install. Refer to
Appendix. A, "The JumpStart rules and Class Files, for a detailed description
of each of the keywords and parameters listed in Table 13-4.

Table 13-4 Keywords and Argument Parameters for class Piles

Parameters
Keywords
install_type initial_install | upgrade
system_type standalone | dataless | server
partitioning default | existing | explicit
cluster add | delete
cluster_name
package add | delete
package_name
usedisk disk_name
dontuse disk_name
locale locale_name
num_clients number
client_swap size
client_arch kernel_architecture
filesys device size file_system
optional_parameters

Solaris Operating Environment System Administration I & II Page 549 of 563


Solaris SA 1 & 2 - Training Material

Examples of Class Files

This section contains examples of class files.

Example 1

# Select software for programmers


install_type initial_install
system_type standalone
partitioning default
filesys any 100 swap 8 specify size of swap
filesys serverl:/usr/share/man - /usr/share/man ro, soft
cluster SUNWCprog
package SUNWman delete
package SUNWypr . add
package SUNWypu add

This class file installs a system for programmers. The partitioning is


determined by the software to be installed and the swap size is set to 100
Mbytes. The configuration cluster SUNWCprog contains packages for
developing software in the Solaris Operating Environment. The man pages
from this cluster are deleted because they are mounted from serverl, a server
on the network. The NIS server packages, SUNWypr and SUNWypu are
added.

The list of possible entries for the cluster keyword as it relates to the
interactive installation names are shown in Table 13-5.

Table 13-5 Possible Entries for the cluster Keyword

Interactive Installation Name Cluster File Name

Core SJNWCrec
User SUNWCuser
Developer SUNWCprcg
Entire Distribution SUNWCall
Entire Distribution plus OEM SUNWCX all

Solaris Operating Environment System Administration I & II Page 550 of 563


Solaris SA 1 & 2 - Training Material

Example 2

install_type init.ial._install
system_type standalone
partitioning explicit
filesys c0t3d0s0 150 /
filesys c0t3d0sl 128 swap
filesys c:0t3d0s6 800 /usr
filesys c0t3d0s7 free /var
filesys c0tld0s7 all /opt
cluster SUNWCall
package SUNWman delete

Note -This class file is intended for an end-user with a small disk who does
not need the manual pages package, SUNWman

Appendix A of the Solaris System Installation and Configuration Guide


contains a description of the clusters and packages available on the Solaris
software distribution CD-ROM.

Solaris Operating Environment System Administration I & II Page 551 of 563


Solaris SA 1 & 2 - Training Material

Testing the Configuration with the pf install Command

The pf install command checks the semantics of your class files. it tests what
happens during the automatic installation process, without actually performing
an installation.

This command is successful only if the configuration and install server are the
same system or the two systems are both running the same version of the
Solaris Operating Environment.

Running the pf install Command.


To run the p fins tall command, perform the following steps:

1. If you have copied the entire CD-ROM Solaris Operating Environment


distribution to the local disk, run the pfinstall command (optional).

Syntax

# /usr/sbin/install.d/pfinstall -D | -d disk_file \
[-c path_to_distr] class_file_name

Options

-D Performs a dry run installation on the system disks using the class file
class_file_name. H displays the resulting disk configuration and
software selected, but no information is written to the disks.

-d Tests the class_file_name against the disk configuration described in


the file disk_file. The disk_file file contains output from the running of
the prtvtoc(1M) command on various disks. This gives you the ability
to test your class file on various disk configurations

-c Specifies the path to the Solaris Operating Environment distribution

Solaris Operating Environment System Administration I & II Page 552 of 563


Solaris SA 1 & 2 - Training Material

pf install Examples
This section presents three examples of the pf install command to test the
default class file host_class and includes some of the system output.

Example 1

Testing the class file, host_class, against the Solaris Operating Environment
installation image located on the CD-ROM:

# cd /export/config
# /usr/sbin/install.d/pfinstall -D -c /cdrom/cdrom0/s0 prog_class Parsing profile

0: install_type initial_install
1: locale en_US
2: system_type standalone
3: partitioning default
4: cluster SUNWCuser
5: cluster SUNWCown delete
6: cluster SUNWCtltk delete
7: cluster SUNWCxgl delete
8: cluster SUNWCxil delete
9: filesys srvr: /usr/openwin - /usr/openwin ro,intr

Processing default locales

Processing profile

- Selecting cluster (SUNWCuser)


- Deselecting cluster (SUNCown)
- Deselecting cluster (SUNWCtltk)

<output truncated>

Solaris Operating Environment System Administration I & II Page 553 of 563


Solaris SA 1 & 2 - Training Material

Example 2

Testing a disk file, 4GBdisk file and the host_class file, against the Solaris
installation image located on the CD-ROM:

Note -The 4GBdisk file is created from the output of the prtvtoc command run
on a 4-Gbyte disk. This disk file can be used to create standard disk
partitioning on JumpStart clients with 4-Gbyle disks.

# cd /export/config
#/usr/sbin/install.d/pfinstall -d 4GBdisk -c /cdrcm/cdrcrn0/s0 prog_class

….<Some output delded> .......

Verifying disk configuration

Verifying space allocation


- Total software size: 399.62 Mbytes

Preparing system for Solaris install

Configuring disk (c0t0d0)

- Creating Solaris disk label (VTOC)

slice: 0'' ( /) tag: 0x2 flag: 0x0


slice: 1 ( swap) tag: 0x3 flag: 0xl
slice: 2 ( overlap) tag: 0x5 flag: 0x0
slice: 3 ( ) tag: 0x0 flag: 0x0
slice: 4 ( ) tag: 0x0 flag: 0x0
slice: 5 ( ) tag-. 0x0 flag: 0x0
slice: 6 ( ) tag: 0x0 flag: 0x0
slice: 7 ( /export/home) tag: 0x8 flag: 0x0

Creating and checking UFS file systems

- Creating / (c0t0d0s0)
- Creating /export/home (c0t0d0s7)

<autpul truncated>

Solaris Operating Environment System Administration I & II Page 554 of 563


Solaris SA 1 & 2 - Training Material

Example 3

Testing an install image that has been copied from the CD-ROM Solaris
software distribution lo the local /export/install directory against the host_class
file:

# cd /export/config
# /usr/sbin/install.d/pfinstall -D -c /export/install host_class
……<some output deleted> ……

SUNWtleu. . . .done. 1.81 Mbytes remaining.


SUNWnamdt . . . done . 1.80 Kbytes regaining.
SUNWnamos . . . done . 1.60 Mbytes remaining.
SUNWnamow . . . done . 1.52 Mbytes remaining.

Completed software installation

Solaris software installation succeeded

Solaris package fully installed

SUNWxwrtx
SUNWxwrtl
SUNWwsr
SUNWwbapi

<some output omitted>


Customizing system devices
- Physical devices (/devices)
- Logical devices (/dev)

Installing boot information

- Installing boot blocks \c0t0d0s0)

Installation log location


- /a/var/sadm/system/logs/install_log (before reboot)
- /var/sadm/system/logs/install_log (after reboot)

Mounting remaining File systems


- Mounting /a/export/home (/dev/dsk/c0t0d0s7 )

Installation complete

Test run complete. Exit status 0.

Solaris Operating Environment System Administration I & II Page 555 of 563


Solaris SA 1 & 2 - Training Material

Using install_scripts
Use add_install_client and iro_install_client to add or remove clients to the
install server or boot servers that you must set up to support the JumpStart
installation, because these commands update the /etc/bootparams file.

Running the add install client 'Script


The add_install_client command must be run from the install server's Solaris
installation image (a mounted Solaris Operating Environment CD-ROM or a
Solaris Operating Environment CD-ROM copied to disk) or the boot server's
boot directory (if a boot server is configured). The Solaris installation image
or the boot directory must be the same Solaris Operating Environment release
that you want installed on the client.

Syntax

# ./add_install_client --e ethernet_addr -i ip__addr \


-s install_svr .-/distr -c config_svr: /config_dir \
-p sysid_config_svr:/sysid._config_dir client_name client__arch

-e Specifies the Ethernet address of the install client and is necessary if


the client is not defined in the name service.

-i Specifies the IP address of the install client and is necessary if the


client is not defined in the name service.

-s Specifies the name of the install server and the path to the
Solaris Operating Environment distribution. This option is necessary if
the client is being added to a boot server.'

-c Specifies the configuration server and (he path to the configuration


directory.

-p Specifies the configuration server and the path to the sysidcfg


file. This option is available on Solaris Operating Environment and
later distributions.

Solaris Operating Environment System Administration I & II Page 556 of 563


Solaris SA 1 & 2 - Training Material

You can apply the following associations to the examples of


theadd_install_client command arguments:

Install server install_svr


Distribution copied to /export/install
Configuration server config_svr
Configuration directory /export/config
Boot server boot_svr
Install client client_name
Client architecture client_arch

Adding a Client Using a Solaris CD-ROM. Image on the Local Disk

To create a JumpStart client from a server that has the Solaris software copied
to the local disk (see "Setting Up an Install Server" on page 13-26), perform
the following steps:

1. Change the directory to the location of the installed Solaris Operating


Environment image:

# cd /export/install/Solaris_0/Tools.

2. Create the JumpStart client using the add_install__client script found


in the local directory. The following command creates a sun4u
architecture client named clientl using serverl as its install and
configuration server:

# /add__install_client -s serverl:/export/install \
-c eervcrl: /export/config \
-p server!:/export/config clientl sun4u

Note - The location of the Solaris software installation files (-s option) in the
command indicate the /export/install directory. The location of the JumpStart
configuration files (,-c option) on serverl in the previous command indicate the
/export/comfit directory. Discussion of the Jumpstart configuration files is
subsequent to this section.

Solaris Operating Environment System Administration I & II Page 557 of 563


Solaris SA 1 & 2 - Training Material

Adding a Client Using a Solaris CD-ROM Image from the CD-ROM


To create a Jumpstart client from a server that does not have the Solaris
software CD-ROM Image copied lo the disk, perform the following steps:

1. Insert the Solaris Software Installation CD-ROM in the drive. The void
daemon automatically mounts the CD-ROM.

2. Change the directory to the location of the add_install_client. script on


the Solaris CD-ROM 1 of 2:

# cd /cdrocti/cdrcmO/sO/Solaris_10/ToolG

3. Create the JumpStart client using the add_install_client. script. found in the director)'. The following
command created a sun4u architecture client named client using the Solaris software CD-ROM for its
installation and a local directory (/export/config) on server for the sysidcfg and other configuration files:

# . /add_install_client -c serverl :/export/config \


-p serverl:/export/config clientl sun4u

Note - Additionally, running the previous add_install_client command creates


an entry in the /etc/dfs/dfstab file to share the /cdrom directory to the network
for mount by the JumpStart client. Installation software is obtained from the
media.

Solaris Operating Environment System Administration I & II Page 558 of 563


Solaris SA 1 & 2 - Training Material

The / etc /bootparams File Content

The /etc/bootparams file is updated each time the add_install_client script is


run. The resulting content provides the server name(s) and the directory
locations for the installation and configuration files.

Content With Locally Available Installation Piles

A server named server1 with Solaris software files copied to the local disk
(sec "Adding a Client Using a Solaris CD-ROM Image on the Local Disk" on
page 13-43) and shared to the network has a client! /etc/bootparams entry as
follows:

client! root=serverl:/export/install/Solaris._8/Tools/Boot
install=serverl:/export/install boot type =: in
sysid_config=serverl: /export/cprifig install_config=serverl: /export/config
rootopts=:rsize=32768

Content from the CD_ROM Installation Files

A server named serverl with Solaris software files shared to the network from
the /cdrom directory (see "Adding a Client Using a Solaris CD-ROM Image
From the CD-ROM" on page 13-44) has a clientl /etc/bootparams entry as
follows:

clientl root=serverl:/cdrom/Sol_10_sparc/s0/Solaris_10/Tools/Boot;
install=serverl: /cdrom/Sol_10_sparc/sO boottype= : in
sysid_config=serverl: /export/config install_conf ig=serverl: /export/config
rootopts=:rsize=32768

Solaris Operating Environment System Administration I & II Page 559 of 563


Solaris SA 1 & 2 - Training Material

The /etc/dfs/df stab File Content

The /etc/dfs/dfstab file is populated with the appropriate entry for either the
local file system or the CD-ROM, depending on the directory location from
which the ac3d_install_.client command is run. If the location of (he shell was
/cdrom/cdromO/sO/Solaaris_8/Tools, the entry in the /etc/dfs/dfstab would be
updated with a share command for the CD-ROM. Conversely, if the location
of the shell was /export/install/Solaris_10/Tools (or some other arbitrary
installation directory location), the /etc/dfs/dfstab would be updated with a
share command for that local directory.

Referencing the Solaris Software from Locally Available


Installation Files

The following /etc/dfs/dfstab file entry reflects the shared directory


(/export/install) of installation files from a local disk:

share -F nfs -o ro, anon=0 /export/install

Referencing the Solaris Software from CD-ROM Installation Files

The following /etc/dfs/dfstab file entry reflects the shared directory of


installation files from the CD-ROM:

share -F nfs -o ro,anon-0 /cdrom/Sol_10_sparc/s0

Note - All directory entries listed in the /etc/bootparams must be shared file
systems.

Solaris Operating Environment System Administration I & II Page 560 of 563


Solaris SA 1 & 2 - Training Material

Table 13-6 JumpStart Capabilities and Limitations (Continued)

Capabilities Limitations
Patches Can be applied None.
automatically.

Configurations supported Installs: Does not install diskless


Servers clients
Standalone systems
Dataless systems

Operations handled by Partitions disks and Requires more administrative


default sizes of file systems. steps; for example, the script
set_root_pw, which is located
Assigns host name and in the jumpstart_sample
'name service domain directory is the script needed
(NIS+,NIS, or local to assign root password.
files).
Requires IP addresses to be
manually allocated by the
administrator.

Operation handled by Enables arbitrary site- None


additional scripts specific customization,
such as: setting up a
second Ethernet port
on a machine and
making it a router;
adding additional non-
root users to a local
system, setting up print
servers; adding known
print servers to a print
client; and adding
entries to the
automount map.

Network configuration/ Requires a boot server on the


routers local network or subnet.

Allows install servers to be


placed on the opposite side of
router.

Solaris Operating Environment System Administration I & II Page 561 of 563


Solaris SA 1 & 2 - Training Material

Table 13-6 jumpStart Capabilities and Limitations (Continued)

Capabilities Limitations
Concurrent use/batch Has no software Has physical limitations that
mode limitation on the include:
number of clients that
can be installed
concurrently.

The install server is more


responsive if its copy of the
Solaris Operating
Environment distribution is on
disk, rather than on the CD-
ROM device, which is slow
for random accesses.

The number of clients


concurrently doing an
installation also negatively
affects performance.

Solaris Operating Environment System Administration I & II Page 562 of 563


Solaris SA 1 & 2 - Training Material

The Power of
Potential

# 202, Trendset Pyla, Beside e-Seva Centre,


1-A, Vengal Rao Nagar, Hyderabad – 500 038
Ph: 040-55629937, 55616704
www.rrootshell.com

Solaris Operating Environment System Administration I & II Page 563 of 563

You might also like