Hastatus Solaris

7/22/2019 Hastatus Solaris

1/320

Hastatus sum

Hagrp switch


2/320


3/320


4/320


5/320

Shutdown i6 g0 -y


6/320


7/320


8/320


9/320


10/320


11/320


12/320


13/320

Internet (IP) address: A host's IP address identiies where a host is on the Internet! which a""ows networ#traic to $e directed to that host% &his sotware address is p"aced in the etcinethosts i"e%thernet address -A host's uniue hardware address% A num$er disp"ayed as *+ he,adecima" digits% ore,amp"e! 0.:00:+0:*c:/:1e% &his address is stored in the 234A5 (nono"ati"e random access memory)chip%The Solaris Operating Environment Software Installation Options

Solaris Web Start 3.0 Installation- Proides a graphica" user interace-$ased! 7aa techno"ogy-poweredsotware app"ication that guides you through the insta""ation o the So"aris 8perating nironment andother sotware on a sing"e system rom a "oca" or remote 9-485 drie%Solaris Interactive Installation Program-Proides a graphica" user Interace that guides you step-$y-step through insta""ing the So"aris 8perating nironment sotware! 'this insta""ation program does notena$"e you to insta"" a"" the additiona" sotware! as with So"aris ;e$ Start! it insta""s on"y the So"aris8perating nironment sotware%Solaris Installation Over the Network - Proides the capa$i"ity to insta"" the So"aris 8peratingenironment sotware on a "arge num$er o systems that do not hae -a "oca" 9-485 drie% &hise"iminates the need to insert the So"aris 8perating nironment sotware 9-485 on eery system% eo the system%Solaris Custom JumpStart Installation - A type o insta""ation in which the So"aris 8peratingnironment sotware is automatica""y insta""ed on a system $ased on a user-deined proi"e% e proi"es or dierent types o users and systems! and this is the most cost-eectie option orinsta""ing the So"aris 8perating nironment sotware in a "arge enterprise% Proides hands o insta""ationacross the networ# $ased on a centra" conigured serer%


14/320

Software Packages: A sotware pac#age contains a group o i"es and directories in a category o re"atedsotware (or e,amp"e! system or app"ication) and sotware insta""ation scripts

Software Clusters:uring the sotware insta""ation process! "ogica" co""ections o sotware pac#ages are

grouped into sotware c"usters! or e,amp"e! the 9 sotware c"uster inc"udes the o""owing pac#ages:

S?2;dt$as S?2;dthed S?2;dtmad S?2;eudhr

S?2;dt$as S?2;dthe S?2;dtrme S?2;eudhs

S?2;dtdem S?2;dticn S?2;dtwn S?2;eudis

S?2;dtdm S?2;dtim S?2;eud$a S?2;eud"g

S?2;dtdst S?2;dtinc S?2;ud$d S?2;mman

S?2;dthe S?2;dtma S?2;eudda

Some sotware c"usters can contain on"y one sotware pac#age%

Cluster Configuration: &he c"uster conigurations are reerred to during the insta""ation process as theSo"aris Sotware @roups% &here are current"y ie sotware groups aai"a$"e! which inc"ude:

ntire So"aris Sotware @roup P"us 85 -S?2;9a""

ntire So"aris Sotware @roup S?2;9a""

ee"oper So"aris Sotware @roup - S?2;9prog

nd ?ser So"aris Sotware @roup - S?2;9usr

9ore So"aris Sotware @roup - S?2;9re

Software Packages: Sotware administration ino"es adding and

remoing sotware rom systems% Sun and its third-party endors de"ier

products in a orm ca""ed a sotware pac#age%

&he term pac#age to the method or distri$uting and insta""ing sotwareproducts to systems where the products! wi"" $e used% In its simp"est orm!

a pac#age is a co""ection o i"es and directories

Pac#age administration commands - p#gadd! p#grm! p#gino! and p#gch#&he admintoo" uti"ity - A graphica" ront-end to the p#gadd and p#grm commands

Command format: p#gino B -d B deice C pathname D D B -* D p#gEname

or e,amp"e:

F p#gino C more

Gsome output omitted

app"ication S?2;A,g So"aris @ J %J Answer Koo#

app"ication S?2;aadm So"aris System Administrator 9o""ection

system S?2;a$+m So"aris ocumentation Serer oo#up

system S?2;a$+r So"aris ocumentation Serer


15/320

system S?2;a$+s So"aris ocumentation Serer

system S?2;a$+u So"aris ocumentation Serer

app"ication S?2;a$da Sun u"tra /*0 Hardware AnswerKoo#

app"ication S?2;a$e So"aris ?ser 9o""ection

app"ication S?2;a$sd# So"aris Sotware ee"oper 9o""ection

&he co"umns o inormation that are disp"ayed are descri$ed $e"ow%

9A&@84< Is the pac#age category! such as app"ication! system! A! or 9&%

PL@I2S& Is the sotware pac#age nameM i it $egins with S?2;! it is a Sun 5icrosystems productM

otherwise! it represents a third-party pac#age

2A5 Is a $rie description o the sotware product%

&o iew a"" the aai"a$"e inormation a$out the sotware pac#ages! use the p#gino command with the

option:

F p#gino -" C more

Displaying Detailed Information for a Specific Pacage:

F p#gino -* S?2man

PL@I2S&: S?2;man

2A5: 8n-"ine 5anua" Pages

9A&@84


16/320

J shared pathnames

1 directories

1JO+/ $"oc#s used (appro,)

&he "ast "ine (1JO+/ $"oc#s used (appro,)! identiies the si>e o the pac#age% A $"oc# is a /*+-$yte dis#$"oc#% &he $"oc#s used num$er deines how much space is needed on the dis# to insta"" this pac#age%

&o determine how many pac#ages are current"y insta""ed on dis#! use the o""owing command:

F p#gino C wc -*

&o disp"ay inormation a$out sotware pac#ages that resides on the So"aris Sotware 9-485 (or other

re"ease media)! use the p#gino command with the -d option

F p#gino -d cdrom

0s0So"arisE,Product C more

F p#gino -d cdromcdrom0s0So"arisE*0Product -* S?2;audio

Command Format: P#grm p#gEEname

or e,amp"e: F p#grm S?S;audio

&he o""owing pac#age is current"y insta""ed:

S?2;audio Audio app"ications

(spare) J%6%!43N*%O.%*+%0J

o you want to remoe this pac#age y

FF 4emoing insta""ed pac#age instance GS?2;audio

FF 3eriying pac#age dependencies%

;A42I2@:

&he GS?2;o"rte pac#age depends on the pac#age 9urrent"y $eing remoed%

;A42I2@:

&he GS?2;o"aud pac#age depends on the pac#age9urrent"y $eing remoed%

;A42I2@:

&he GS?2;o"dc pac#age depends on the pac#age 9urrent"y $eing remoed%

;A42I2@:


17/320

&he !S?2;,w#ey pac#age depends on the pac#age9urrent"y $eing remoed%

ependency chec#ing ai"ed%

o you want to continue with the remoa" o this pac#age By!n!!D y

2ote - &he message i"ename Gshared pathname not remoed is disp"ayed i a i"e is shared $y twoor more pac#ages% It is remoed on"y when the "ast pac#age it is shared with remoed%

he pkga!! Command:;hen a sotware pac#age is added! the p#add command uncompresses and

copies i"es rom the insta""ation media to the "oca" systemQs dis#% &his command wi"" as# or conirmation

to continue with pac#age add process%

Command Format : P#gadd B-d Bdeice C pathname D D p#gEname

or e,amp"e: F p#gadd d cdromcdrom0s0so"arisE*0Product S?2;audio

Processing pac#ages instance GS?2;audio rom Gcdromso"E*0Esparcs0So"arisE*0Product

Audio app"ications

(sparc) J%6%! 43N*% O.%*+%0J

copyright *OOO Sun 5icrosystems! I29% A"" rights resered%

?sing G as the pac#age $ase director%

FF processing pac#age inormation%

FF Processing system inormation%

+ pac#age pathnames are a"ready proper"y insta""ed

FF 3eriying pac#age dependencies%

FF 3eriying dis# space reuirements%

FF 9hec#ing or con"icts with pac#ages a"ready insta""ed%

FF 9hec#ing or setuidsetgid programs%

This package contains scripts, which will be executed with super-user permission during the process of installing

these packages.

Do you want to continue with the installation of


18/320

The pkgchk *ommand+ The pkgchk command checks installation completeness pathname, file contents, and file

attributes of a package.

*ommand ormat + akgchk # options % #-p path % #pkg/name%

The following example checks the contents and attributes of a software package currently installed on the system.

( pkgchk SU!audio

ote + If the pkgchk command does not display a message, it indicates that the package was installed

successfully.

&o "ist the i"e contained in a sotware pac#age! type

F p#gch# S?2;audio

&o "ist the i"e contained in a sotware pac#age! type

F p#gch# S?2;audio

&o chec# any i"e to determine i its content and attri$utes hae changed since it was insta""ed with its

sotware pac#age! type:

F p#gch# p etc passwd

4484: etcpasswd

i"e si>e G* e,pected GJJO* actua"

i"e c#sum GJJO e,pected G*1+/ actua"

&he origina" etcpasswd i"e has changed in si>e since the initia" So"aris 8perating nironment sotware

insta""ation% &his is indicated $y the dierences in i"e si>e and chec#sum% &he chec#sum is used to

a"idate transported data%

The arsadmInsta""contents "ile:

&he arsadminsta""contents i"e is a comp"ete record o a"" the sotware pac#ages insta""ed on the "oca"

system dis#% It reerences eery i"e $e"onging to eery sotware pac#age! and the coniguration o

products insta""ed can $e iewed%

F more arsadminsta""contents

&he p#gadd command update the contents i"e wheneer new pac#ages are insta""ed%

&he p#grm command uses the contents i"e to determine where i"es or a sotware pac#age are "ocated

on the system% 8nce a pac#age is remoed! p#grm updates the contents i"e% &his i"e can $e ueried to

determine i a particu"ar i"e has $een insta""ed on the system dis#:


19/320

Identifying the Directory #ocation of a Command :?se the grep command to search the

arsadminsta""contents i"e to determine i a particu"ar i"e was insta""ed! and the directory where it is

"ocated% or or e,amp"e! eriy that the command showre is insta""ed on the system dis#

F grep showrev "var"sa!m"install"contents

usr$inshowre none 01// root sys J0**6 +01. OJ.6J10/ S?2;admc

ery sotware pac#age contained! on the distri$ution media has its own p#gmap! which

contains a content "ist o each pac#age%

F grep showrev "c!rom"c!rom0"s0"Solaris#$0"Pro!uct"%"pkgmap

cdromso"E*0Esparcs0So"arisE*0ProductS?2;admcp#gmap:" none

usr$inshowre 01// root sys J*+16 616 OJ.61610

?sing a Spool Directory :or conenience! reuent"y insta""ed sotware pac#ages can $e copied rom the

So"aris Sotware 9-485 to a spoo" directory on the system%

&he p#gadd command! $y deau"t! "oo#s in the arspoo"p#g directory or any pac#ages speciied on the

command "ine%

9opying pac#ages rom the 9-485 into spoo" directory is not the same as insta""ing the pac#ages on

dis#%

o cop& a package into the "var"spool"pkg !irector&'

# pkga!! (! "c!rom"c!rom0"s0"Solaris $0"Pro!uct (s spool S)NWau!io

&ranserring GS?2;audio pac#age instance

&he -s option with the #eyword spoo" copies the pac#age into the arspoo"p#g directory $y deau"t%

Spooling Packages:


20/320

F pkgrm (s "e*port"pkgs S)NWau!io

&he o""owing section summari>es the tas#s ino"ed in pac#age administration%

P#gino ists pac#ages insta""ed on the system oraai"a$"e on distri$ution media%

p#gadd Insta""s pac#ages!

p#grm 4emoes pac#ages%

p#gch# 3eriies the attri$utes and contents o thepath names $e"onging to pac#ages%

arsadminsta""contents Sotware pac#agemap o the entiresystem%

optp#gname Preerred "ocation or the insta""ation o un$und"ed pac#ages%

optp#gname$in or opt$in Preerred "ocation or the e,ecuta$"e i"es o un$und"ed pac#ages%

aroptp#gname or Preerred "ocation or "og i"es o

etcoptp#gname un$und"ed pac#age%

Patch /!ministration' &he administration o patches ino"es insta""ing or remoing So"aris8perating enironment patches rom a running So"aris 8perating nironment% A patch contains a

co""ection o i"es and directories that rep"ace e,isting i"es and directories that are preenting proper

e,ecution o the sotware% Some patches contain product enhancements%

A patch is distri$uted as a directory that is identiied $y a uniue num$er% &he num$er assigned to a patch

inc"udes the patch $ase code irst! a hyphen! and a num$er that represents the patch reision num$er%

or e,amp"e! a patch directory named *0*O/-0+! indicates that *0*O/ is the $ase code! and 0+ is thereision num$er%

Patch Distribution: Su$ customers hae access to a genera" set o security patches and other

recommended patches through the ;or"d ;ide ;e$ or anonymous tp%

Sun customers who hae a Sun Serices S5contract! hae access to the Sunso"e data$ase o patches

and patch inormation! such as technica" white papers! the Symptom and 4eso"ution data$ase! and more%

&hese are aai"a$"e using the ;or"d ;ide ;e$ or anonymous tp%

;or"d ;ide ;e$ Patch Access: &o access patches on the ;or"d ;ide ;e$ site! the wor#station has to

$e:

A$"e to access the Internet

9apa$"e o running ;e$ $rowsing sotware! such as 2etscape

http:sunso"e%sun%com ?nited States

8r use the o""owing ?4! and naigate to the SunSo"e patch data$ase rom the Support entry%

http:www%sun%com


21/320

rom the Sun 5icrosystems home page! c"ic# on the Sa"es and Serice $utton and naigate to

the SunSo"e patch data$ase%

&he patch data$ases or pu$"ic"y aai"a$"e patches are "a$e"ed RPu$"ic patch access%R

&he patch data$ase o customers is "a$e"ed R9ontract customer patch access%R &he customer's

assigned Sun r the comprehensie set o patches and patch inormation aai"a$"e to contract cSerice password is reuired to access this data$ase%

Anonymous ftp Patch Access: &o access patches using anonymous tp! the wor#station must $e:

A$"e to access the Internet

9apa$"e of running the tp program

&o access patches using tp! use the tp command to connect to: sunso"e%sun%com

;hen tp prompts or a "ogin! enter anonymous as the "ogin name% ;hen prompted or the password!

enter your comp"ete emai" address%

Ater the connection is comp"ete! the pu$"ic"y aai"a$"e patches are "ocated in the pu$patches directory%

The ftp Patch Access Procedure :

&he tp uti"ity has many commandsM howeer! on"y a ew are necessary or moing i"es rom system to

system%


22/320

JJ*-At the second "ogin prompt: Gsunso"e "ogin name Gsunso"e passwd

JJ* e,amp"e: myssImypasswd

JJ*

JJ* Pu$"ic users may "og in as anonymousM contract customers

JJ*- Shou"d use the standard sunso"e "ogin and password!

JJ*- o""owed $y their suso"e accountpassword when prompted%

JJ*-

JJ*- Sunso"e6 &P sere (3ersion wu-+%6%0(J) ;ed 7an / */:0+: +1 5S& +000) ready%

JJ*- @uest "ogin o#! send your comp"ete e-mai" address as password%

Password:

Goutput omitted

+J0 @uest "ogin o#! access restrictions app"y%

tp $in

+00 &ype set to I%

tp cd pu$patches

tp Is *0.+11

*0.+11-0*%>ip

*0.+11% readme

tp mget *0.+11

mget *0.+11-0*%>ip ip!

*0.+1$% readme

Downloading Patches :;hen patches are down"oaded to the "oca" system! the patches must $e

p"aced in a temporary directory to prepare them or insta""ation% &he directory most oten used is theartmp directory%

&he most common reason or patch insta""ation ai"ure is directory permissionownership pro$"ems% &he

artmp directory is open to a"" and e"iminates any o these types o pro$"ems%

Patch informational Documents: &here are important summary documents that "ist a"" recommended

patches or eery ersion o the operating system! inc"uding a detai"ed "ist o a"" patches or each

operating system re"ease%


23/320

Patch ocument 9ontents

So"aris*0%Patch4eport A summary o a"" recommended patches or the So"aris 8perating nironment

re"ease%

*0E4ecornmended%>ip A patch c"uster containing a"" the recommended patches or the So"aris 8perating

nironment re"ease%

.E4ecororaended 4A5 Instructions or how to insta"" the recommendedpatches or the So"aris

8perating nironment%

Start with the Patch 4eport document irst% &his report is diided into seera" dierent categories

regarding inormation a$out a"" patches or a So"aris 8S 4e"ease%

&he o""owing e,amp"e demonstrates how to use tp to "ocate the Patch 4eport using a wi"dcard i"e

search% 8nce oundM the document is copied to a directory on the "oca" system% or e,amp"e :)

F cd artmp

F tp sunso"e% sun% com

Goutput omitted tp cd pu$patches

tp Is .%Patch4eport

+00 P84& command successu"%

*/0 8pening AS9II mode data connection or i"e "ist%

So"aris*0 Patch 4eport

So"aris*0E,.6 Patch 4eport

++6 &ranser comp"ete!

remote: *0 Patch4eport

. $ytes receied in 0%000J/ seconds (*%eT0+ L$ytess)

tp get So"aris*0%Patch4eport

tp $ye

So"aris 8$so"ete Patches:

--------------------------------------------

So"aris 9omp"ete isting o 4e"eased Patches:

&ota" Patches: J0


24/320

&ota" Kug i,es: /O

Sun8S 4e"eased Patch ist:

NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN

Patch-I *0./0-0J

Synopsis: Sun8S /%.: "iteJ AK @raphics Patch

Kui"d is i,ed with this patch: +J0/ +OO6J J000.O J0J../ J0.*+/

9hanges incorporated in this ersion: J0J.6/ J0.1+/

ate: La,*600

Patch-I *-0.60/-0J

Synopsis: Sun8S /%.: 9reator . K @raphics Patch

KugId's i,ed with this patch: +J0*/ +OO/J J0J../ J0.1+/

9hanges incorporated in this ersion: J0J6./ J0.1+/

ate: Lar*698

Patch-IN *0J60O-0*

Synopsis: Sun8S /%.: Kuttonsia"s Patch

KugI is i,ed with this patch: +OO/+6 Goutput truncatedU

igure *6-+ Samp"e So"aris S Patch 4eport

2ote - 2o! a"" patches aai"a$"e rom Sun 5icrosystems need to $e insta""ed% It is on"y necessary to insta"" the

4ecommended Patches! Security Patches! and those reuired to i, pro$"ems speciic to your site%

The "var"sa!m"patchirectory:Historica" inormation a$out a"" patches current"y insta""ed on asystem is stored in arsadmpatch directory% or e,amp"e:

F "s arsadmpatch%

*01//.-0/ *01/O-0 *016J0-0* *0166J-0* *016.J-0*

*016O6-0* *01.*1-0* *01/.+-0* *016*+-06% *0160-0J


25/320

or the So"aris /%, and So"aris O 8perating nironments! use the un>ip command to e,tract the

patch i"es%

+ "usr"bin"un1ip $000(0$.1ip

or So"aris +%6 8perating nironment patches use the >cat command to uncompress the patch i"es and

the tar command to create the patch directories%

F usr$in>cat *000-0*% tar %> C tar ,

patchadd - ?sed to insta"" unpac#ed patches to the So"aris 8perating nironment%patchrm-?sed to remoe patches insta""ed on the So"aris 8perating nironment%

Installing a Patch: ;hen a patch is insta""ed! patchadd ca""s the p#gadd command to insta"" thepatch pac#ages%

Patch insta""ation procedure diers depending on the current ersion o the So"aris 8perating

nironment sotware insta""ed on the system%

&he e,amp"es $e"ow descri$e the procedure or patch insta""ation on Pre-So"aris +%6 8perating

nironment! and those systems current"y Insta""ed with So"aris +%6 and a$oe! (or e,amp"e! the So"aris

/%, or So"aris O 8perating nironments)%

Koth e,amp"es assume the patch to $e insta""ed e,ists in the artmp directory and has $een prepared!

or e,tracted or insta""ation%

&nstalling a atch in the Solaris 0.1 2perating 3n4ironment and 5ater 6ersions


26/320

or the So"aris +%6 and a$oe 8perating nironments! use the patchadd command% &he o""owing shows

how to insta"" a patch using the patchadd command%

Fcd tmp

F patchadd *0/0/0-0*

9hec#ing insta""ed patches%%% 3eriying suicient i"e system capacity (dry run method) Insta""ing patch pac#ages%%%

Patch num$er *0/0/0-0* has $een successu""y insta""ed%

See arsadmpatch*0/0/0-0*"og or detai"s%

Patch pac#ages insta""ed:

S?2;hea

i""ustrates those components o the arsadm directory that are updated during the

insta""ation o patch *0/0/0-0*

ar

sadm

p#g patch

*0/0/0-0*

S?2;csu% S?2;hea

4A5%*0/0/0-0* "og

p#gino sae

p#gino sae

(?pdated


27/320

$y patch) *0/0/0-0*

undo%V

4emoing a Patch: ;hen you remoe a patch! the patchrm command restores a"" i"es that weremodiied or rep"aced $y that patch! un"ess:

&he patch was insta""ed with patchadd -d (which instructs patchadd not to sae copies o i"es

$eing updated or rep"aced)%

&he patch is reuired $y another patch

&he patch has $een o$so"eted $y a "ater patch

&he patchrm command ca""s p#gadd to restore pac#ages that were saed rom the initia" patch insta""ation%

or the So"aris +%6 and a$oe 8perating nironments! use the patchrm command% &he o""owing shows

how to remoe a patch using the patchrm command%

+ patchrm $0243(0$

9hec#ing insta""ed pac#ages and patches%%%

Kac#ing out patch *06*OJ-0*%%% Patch *061OJ-0* has $een $ac#ed out%

7emo4ing a atch from the re-Solaris0.1 2perating 3n4ironments

Keore the So"aris +%6 8perating -nironment! the patchrm command was not

aai"a$"e% Instead! each patch contained a $ac#outpatch program%

+ c! "var"sa!m"patch"$0530$(0$

+ ."backoutpatch. $0530$(0$

Checing Current Patch Status: Keore insta""ing patches! you shou"d #now a$outpatches that hae $een preious"y insta""ed on a system%

&here are two commands aai"a$"e that proide useu" inormation a$out current"y insta""ed patches%

# showre(p

Patch: *061OJ-0* 8$so"etes: 4euires: Incompati$"es:

Pac#ages: S?2;hea

+ patcha!! (p

Patch: *061OJ-0* 8$so"etes: 4euires: Incompati$"es:

Pac#ages: S?2;hea


28/320

&wo important responsi$i"ities o the system administrator are contro""ing access and securing data on a

system% &he So"aris operating enironment proides some standard Security eatures or contro""ing

access $y unauthori>ed users and or protecting i"es on "oca" and remote systems%

Some $asic steps that you shou"d ta#e to manage security at the user! i"e! system! and networ# "ee"

inc"ude:

5aintaining password and "ogin contro"

5onitoring system usage

4estricting access to data contained in i"es

&rac#ing root "ogins

5onitoring setuid programs

9ontro""ing remote access on the networ#

5anaging ogin and Access 9ontro":

A"" accounts on the system must hae a password% Any account without a password a""ows unauthori>ed

access to the "oca" host and to the entire networ#%

The pwconv Command:

&he pwcon command creates and updates the etcshadow i"e with inormation rom the etcpasswd

i"e%

It is the pwcon command that re"ies on the specia" a"ue o ',' in the password ie"d o etcpasswd &he ','

indicates that the password or the user a"ready e,ists in the etcshadow i"e%

I the etcshadow i"e does not e,ist! pwcon creates with the inormation rom etcpasswd%

I the etcshadow i"e does e,ist! the o""owing tas#s are perormed:

ntries that are in the etcpasswd i"e and not in the etcshadow i"e are added to the shadowi"e%

ntries that are in the etcshadow i"e and not in theetcpasswd i"e are remoed rom the shadow i"e

Recording Failed Login Attempts:

;hen a user "ogs in to a system! "oca""y or remote"y! rom the command "ine on"y! the "ogin program

consu"ts the etcpasswd and etcshadow i"e to authenticate the user $y eriying the user name and

password entered

I the user proides a "ogin I name rom the etcpasswd i"e and the correct password or that "ogin

name! the "ogin program grants access to the system

It the user name is not in the etcpasswd i"e or the password is not correct or the user name! the "ogin

program denies access to the system


29/320


30/320

ogin name: userO In rea" "ie: userO's Account

irectory: homeuserO She"": $in#sh

8n since Apr * 0.:/1:J1 on conso"e rom : 0

2o unread mai"

2o% P"an%

I a user creates the standard AS9II i"es %p"an or %proWects in their home directories! the content o

those i"es is shown as part o the output o the inger command%

&hose i"es are traditiona""y used to out"ine a user's current p"ans or proWects! and must $e created

with i"e access permissions set to 6 (rw-r--r--)%

?se the "ast command to disp"ay a record o a"" "ogins and "ogouts with the most recent actiity at

the top o the output% It "oo#s in the aradmwtmp, i"e! which records a"" "ogins and "ogouts%

ach entry inc"udes user name! the "ogin deice! host "ogged in rom! date and time "ogged in! time o "ogout! and tota" "ogin time in hours and minutes! inc"uding entries or system re$oot times%

&he o""owing is an e,amp"e o the "ast command:

&he "ast command can a"so disp"ay inormation a$out an indiidua" user! or e,amp"e:

F"ast

ist o a"" users

+ last user4

userO pts1host" &ue ec . 0O:JO - 0O:O (00:*0)

+ last reboot

re$oot system $oot ri e$ ** *0:*/

re$oot system $oot ;ed 7an +6 *:/.

re$oot system $oot 5on 7an J *6:J0

6ispla&ing )sers on 8emote S&stems :&he rusers command produces output simi"ar to the whocommand $ut disp"ays users "ogged in on remote hosts% &he "ist is disp"ayed in the order the responses

are receied rom the hosts X disp"aying the user's name and the host's name%

A remote host responds on"y to the rusers command! i its rpc% rusersd daemon is ena$"ed% It is the

networ# serer daemon that returns the "ist o users on the remote hosts%

rusers B -* D


31/320

&he rusers -* command disp"ays a "ist o "ogin names o users who are "ogged in on remote systems! a"ong with the

name o the system a user is "ogged into! the &&< port ("ogin deice)! the month! date! "ogin time! and id"e time% I the

user is not id"e! no time is disp"ayed in the "ast ie"d%

F rusers -*

userS remotehost" :pts e$ ++ **:. +1 (:0)

root remotehost":conso"e e$ ++ 0O:J* +.:*0 (:0)

user remotehost/:pts*+ e$ ++ .:00 *:J (:0)

user6 remotehost+:conso"e e$ ++ *J:* O (:0)

As the system administrator! you shou"d "og in on"y to the root account to perorm administration tas#s%


32/320

F e,it

o switch a another user an! have that user environment'At the she"" prompt! type suwith the dash (-) option! the name o the user to $ecome! and press return% &ype the password or the

user account and press return ro e,amp"e:

S su ? user5

Password

etermine the "ogin name o the user switched to $y typing whoamin and pressing return%

S whoami

?ser+

etermine where the user is indicated! type pwd and press 4eturn the "ocation is the new user home

directory%

Pwd

he s&sa!min @roup' Any user who is a mem$er o the sysadmin group (@I *) can runadmintoo" or the purpose o managing "oca" system i"es and unctions! such as adding and remoing

users! groups! sotware! printers! and seria" deices%

I you hae not added any user to this group then on"y root can run the admintoo" uti"ity%

2ote - 5em$ers o the sysadmin group can a"so ino#e So"stice AdminsuiteY! a So"aris 8perating nironment serer product used to "oca""y or

remote"y manage important system i"es and unctions%

Aanaging )ser /ccess : ocated in the etcdeau"t directory are three system i"es root can

modiy to monitor who is using the su commandM restrict root accessM and set up system-wide passwordaging or eery user who "ogs in to the system%

&he etcdeau"tsu i"e contro"s how su attempts are "ogged% &he etcdeau"t"ogin i"e can $e set to restrict root access%

&he etcdeau"tpassword i"e can $e set up to enorce system-wide password aging%

Aonitoring su /ttempts : or security reasons! you must monitor who has $een using the sucommand! especia""y those user's who are trying to gain root! access on the system%


33/320

F982S8Ndeconso"e

F PA&H sets the initia" she"" PA&H aria$"e

FPA&HNusr$in:

F S?PA&H sets the initia" she"" PA&H aria$"e or root

FS?PA&HNusrs$in: usr$in

FS


34/320

The /etc/default/passwd File Variables:&he o""owing sections descri$e the etcdeau"tpasswd i"e aria$"es%

&he 5A;LS 3aria$"e%

&he a"ue set or the 5A;LS aria$"e speciies the ma,imum num$er o wee#s (seen-day wee#s) a

password is a"id $eore it must $e changed or a"" regu"ar users%

I there is no a"ue set or this aria$"e! which is the deau"t setting! on"y users who hae a a"ue or 5a,

9hange speciied in the ourth ie"d o the etcshadow i"e must change their passwords at the speciied

num$er o days%

The M!"##$% Variable:

&he a"ue sot or the 5I2;LS aria$"e speciies the minimum num$er o wee#s $etween password

changes or a"" regu"ar users%

I there is no a"ue set or this aria$"e! which is the deau"t setting! on"y users who hae a a"ue or 5in

9hange speciied in the ith ie"d o the etcshadow i"e are "imited as to when they can change their

passwords%

2ote - &he password aging entries in the etcshadow i"e ta#e precedence oer the etcdeau"tpasswd

i"e entries or indiidua" users

&he PASS2@&H 3aria$"e:

&he PASS2@&H aria$"e speciies a minimum password "ength or a"" regu"ar users $etween the si,

and eight a"ues% 2um$ers $e"ow si, deau"t to si, character passwords! and num$ers a$oe eight deau"t

to eight character passwords%

8estricting /ccess to 6ata in Diles'

;hen you hae esta$"ished "ogin restrictions! the ne,t tas# is to contro" access to the data on the

systems% 8 course! some users need to $e a""owed to read arious i"es! other users need permission to

change and de"ete i"es! and there are some i"es that no user shou"d $e a$"e to access%?sers who need

to share i"es shou"d $e put in a group%

2ote - In genera"! you use i"e access permissions to determine what users or groups hae permission to

read! modiy! or de"ete i"es%

+ groups

sta c"ass

+ groups user

sta c"ass sysadmin

; i!

uid *0*(user") gidNJ00(c"ass)

&o iew i"" the account inormation or a speciic user! use the -a option:


35/320

; i! (a userl

uidN*0*(user") gidNJ00(c"ass) groupsN*(sysadmin)

The setuid Permission :

;hen set-user identiication (setuid) permission is set on an e,ecuta$"e i"e! a user or process that runs

this e,ecuta$"e i"e is granted access $ased on the owner o the i"e (usua""y root) instead o the user who

started the e,ecuta$"e%&his a""ows a user to access i"es and directories that are norma""y accessi$"e on"y

$y the owner% P"us many e,ecuta$"e programs must $e run as root! sys! or $in to wor# proper"y%

or e,amp"e:

-r-sr-,r-, * root sys *1*/6 7an / *1:0J usr$insu

&he setuid permission disp"ays as an RsR in the owner's e,ecute ie"d%

2ote - I a capita" [SR appears! it simp"y indicates that the setuid $it is on and the e,ecute $it R,R is o or

denied%

&he root user and the owner can set the setuid permissions on an e,ecuta$"e i"e using the chmod

command and the octa" a"ue 000%

or e,amp"e:

+ chcno!


36/320

&he root user and the owner can set setgid permissions on an e,ecuta$"e i"e using the chmod command

and the octa" a"ue +000%or e,amp"e:

F chmod +/// e,ecuta$"eEi"e

%hared &irectories :

&he setgid permission is a useu" eature or creating shared directories%

;hen a setgid permission is app"ied to a directory! i"es created in the directory $e"ong to the group to

which the directory $e"ongs%

or e,amp"e! i a user has write permission in the directory and creates a i"e there! that i"e $e"ongs to the

same group as the directory! and not the user's group%

&o create a shared directory! you must set the setgid% $it using sym$o"ic mode:

+ chmo! gEs share!#!irector&

Searching ,or setgi! Dlies an! 6irectories&o search or i"es with setgid permissions and disp"ay their u"" pathname! e,ecute the o""owing

command:

+ ,in! " (perm (5000

he Stick& Fit Permission'

&he Stic#y Kit is a specia" permission that protects the i"es within a pu$"ica""y writa$"e directory%

I the directory has the Stic#y Kit set! a i"e can $e de"eted on"y $y the owner o the i"e! the owner o the

directory! or $y root% &his preents a user rom de"eting other users' i"es rom pu$"ic"y writa$"e directories%

or e,amp"e:

+ Is (I! "tmp

drw,rw,rwt 6 root sys 1*O 5ay J* 0J:J0 tmp

&he Stic#y Kit is disp"ayed as the "etter RtR in the e,ecute ie"d or other%

2ote - I a capita" [&R appears! it indicates that the Stic#y Kit is on! howeer! the e,ecute $it is o or

denied%

&he root user and the owner can set the Stic#y Kit permission on directories using the chmod command

and the octa" a"ue *000%

or e,amp"e:

+ chmo! $ public#!irector&

2ote - I a capita" [&R appears! it indicates that the Stic#y Kit is on! howeer! the e,ecute $it is o or

denied%


37/320

&he root user and the owner can set the Stic#y Kit permission on directories using the chmod command

and the octa" a"ue *000%

or e,amp"e:

+ chmo! $ public#!irector&

%earching for &irectories with a %tic'( )it *ermission

&o search or directories with Stic#y Kit permissions and disp"ay their u"" pathname! e,ecute the o""owing

command:

F ind -type d -perm -*000

2ote - or more detai"ed inormation on the Stic#y Kit! e,ecute the o""owing command: man stic#y

Access 9ontro" ists:Access 9ontro" ists (A9s) can proide greater contro" oer i"eaccess permissions when traditiona" i"e protection is not enough%An A9 proides $etter i"e

security $y ena$"ing you to deine i"e permissions or the i"e owner! i"e group! other! speciic

users and groups% A9s a"so ena$"e you to set deau"t permissions or each o these

categories%or e,amp"e! i the system administrator wanted eeryone in a particu"ar group to $e

a$"e to read a i"e! you wou"d simp"y gie the group read permissions on that i"e%

Howeer! what i the system administrator wanted on"y one person in that group to $e a$"e to

write to that i"e A9s can proide that "ee" o i"e security! where traditiona" ?2I i"e access

protection cannot%


38/320

ach A9 entry consists o the ie"ds descri$ed in &a$"e J-+! which are separated $y

co"ons%

/C9 Diel!s 6escriptionentry- type &ype o entry to set i"e permissions or owner! owner's group! speciic users!

additiona" groups! or the A9 mas#%

?I or @I &he user's name or identiication num$er (?&)%&he group's name or identiication

num$er (@I)% %perm Permissions set or entry-type%


39/320

F getac" i"e%t,t

F i"e: i"e%t,t

F owner: user"

F group: c"ass

user::rw,

user : :user. :rw F eectie :r--

group: : r- F eectie : rX

mas#: rX

other:---

&here are two ways to determine i a i"e has an A9 ?sing the getac" command and ?sing the Is -*

command?sing the "s -* command on any i"e that has an A9 disp"ays a p"us (T) sign at the end o the

permission mode ie"d% or e,amp"e:

F Is -* i"e%t,t

-rw,r-------T I user" c"ass *61 Apr *. **:*J i"e%t,t

2ote - I a i"e has no A9 entries or additiona" users or groups! the i"e is considered to $e a triia" A9

i"e and the T sym$o" is not disp"aye

6eleting an /C9 Bntr& on a ,ile

&o de"ete an A9 entry rom a i"e! use the setac" -d command% An A9 entry can $e one or more comma-

separated A9 entries without permissions% &o de"ete an A9! speciy the entry type and the ?I (user

name) or @I (group name)%


40/320

and the A9 mas# is set to readwrite! which indicates that no user or group can hae e,ecute

permissions on the i"e%

+ set,acl (S user' 'rw(:group' 'r((:other'((:mask'rw(:user 'userG'a "( ,ile.t*t

&o eriy which A9 entries were set on the i"e! use the getac" command%

+ get,acl ,ile.t*t

F i"e: i"e%t,t

F owner: user"

F group: c"ass

user::rw-

user:user.:rw- F eectie:rw-

group::r-- F eectie::

mas#:rw-

other:--

In addition! user. is gien read and write permissionsM howeer! due to the A9 mas#! the eectie permissions or

user. are read on"y%

+ set,acl (s u'':g''


41/320

rom remote system users% &he three networ# i"es "isted here proide certain schemes or hand"ing $asic

security issues ino"ing remote user access o a "oca" system%

he"etc"hosts.eHuiv ,ile : he ;OAB" .rhosts ,ile : he "etc",tpusers ,ile

he "etc"hosts. eHuiv an! ;OAB". rhosts Diles

&ypica""y! when a remote user reuests "ogin access to a "oca" host! the irst i"e read $y the "oca" host is

its etcpasswd i"e% An entry or that particu"ar user in this i"e ena$"es that user to "og in to the "oca" host

rom a remote system% I a password is associated with that account! then the remote user is reuired to

supp"y this password at "ogin to gain system access%;hen there is no entry in the "oca" host's etcpasswd

i"e or the remote user! access is denied%

The ;etc;hosts. eui4 and =>2?3; .rhosts files bypass this standard password-based authentication to determine if a

remote user should be allowed to access the local host, with the identity of local user.

Bntries in "etc"hosts . eHuivan! ;OAB " . rhosts '

;hi"e the etchosts%eui and \H85%rhosts i"es hae the same ormatM the same entries in each i"e

hae dierent eects%

&he genera" ormat is presented here% ,p"anations and e,amp"es o the meanings o each type o entry

are presented on the o""owing pages%

Koth i"es are ormatted as a "ist o one-"ine entries! which can contain the o""owing types o entries:

ostname

hostname username

T

2ote - &he host name(s) in the etchosts%eui and \H85 %rhosts i"es must $e the oicia" name o the

host! not one o its a"ias name(s)%

I on"y the hostname is used! then a"" users rom the named host are trusted! proided they are #nown tothe "oca" host%I $oth hostname and username are used! then on"y the named remote user rom the named remote hostcan access the "oca" host%A sing"e p"us sign (T) character p"aced in the i"e indicates that eery remote host on the networ# istrusted $y the "oca" host% na$"ing remote users to "ogin rom anywhere on the networ#! with nopasswords reuired%

&he etchosts%eui i"e

or regu"ar users! the etchosts%eui i"e is used to identiy remote hosts and remote users who are

considered trusted%

2ote - &he etchosts%eui i"e is not chec#ed at a"" i the remote user reuesting "oca" access is root%


42/320

I the "oca" host has etchosts%eui i"e contains the host name o a remote host! then a"" regu"ar users o

that remote host are trusted and do not need to supp"y a password to "og in to the "oca" host% Proided

that each remote user is #nown to the "oca" host $y haing an entry in the "oca" etcpasswd i"eM

otherwise! access is denied%

&his is particu"ar"y useu" or sites where it is common or regu"ar users to hae accounts on many

dierent systems! e"iminating the security ris# o sending AS9II passwords oer the networ#%

&he etchosts%eui i"e does not e,ist $y deau"t% It must $e created i remote user access is reuired en

the "oca" host%

The ,-.M# / rhosts File;hi"e the etchosts%euiy i"e app"ies system-wide or non-root users! the %rhosts i"e app"ies to a speciic

user%

A"" users! inc"uding root! can create and maintain their own% rhosts i"es in their home directory%or

e,amp"e! i you run an r "ogin process rom a remote host to gain root access to a "oca" host! it chec#s or

a %rhosts i"e in the root home directory on the "oca" host%

I the remote host name is "isted in the i"e! it is considered to $e a trusted host and remote user access! in

this case root access! is granted on the "oca" host%

&he \H85%rhosts ie does not e,ist $y deau"t! you must creates at in the user's home directory

8estricting DP 9ogins'

&he So"aris 8perating nironment proides an AS9II i"e named etctpusers% &he tpusers i"e is used to

"ist the names o users who are prohi$ited rom running an tp "ogin on the system%ach "ine entry in this

i"e contains a "ogin name or each restricted user! or e,amp"e:

?sername

Ky deau"t! the tpusers i"e has the o""owing system account entries:

4oot

daemon

$in

s&s

adm

IP

uucp

nuucp

"isten

no$ody


43/320

noaccess

no$ody

As with any user name that you can add! these entries must match the user account names "ocated in the

etcpasswd i"e%

Kecause the new deau"t security po"icy in the So"aris 8perating nironment is to disa""ow remote root "ogins! theroot entry is inc"uded in etctpusers%

I root "ogin prii"eges are a""owed $y de"eting the root! entry in etctpusers! ensure the etc deau"t "ogin i"e re"ects

remote root "ogin prii"eges%

he "etc"shells Dile

&heetcshe""s i"es contain a "ist o the she""s on the system App"ications! such as sendmai" and tp! can use this i"e to

determine whether a she"" is a"id%

&his i"e does not e,ist $y deau"t%

2ote - I this i"e does not e,ist! then getusershe""s (Jc) uses its own "ist o she""s%

Ky creating this i"e! each she"" that you want to $e recogni>ed $y the system! must hae a sing"e "ine entry! consisting

o the she""'s path! re"atie to (root)%or e,amp"e:

+ touch "etc"shells

s$insh $insh

$in#sh

;hi"e the etctpusers i"e prohi$its tp connections or a speciic user! you can create an etcshe""s i"e to a""ow tp

connections on"y to those users running she""s that you hae deined in this i"e%

I an entry or a she"" does not e,ist in this i"e! any user running the undeined she"" is not a""owed tp connections to

the system%

The %oot P&O Concept

ach Sun system has a $oot P485 chip% &his .-#$yte chip is typica""y "ocated on the same

$oard as the 9P?% &he main unctions o the $oot P485 are to test the system hardware and

$oot the operating system% &he $oot P485 irmware! reerred to as the monitor program!

contro"s the operation o the system $eore the #erne" is aai"a$"e% &he $oot P485 irmware

has the capa$i"ities to perorm system initia"i>ation at power on and proide a user interace%

2ote -&he $oot P485 does not understand the So"aris 8perating nironment i"e systems ori"esM it dea"s main"y with hardware deices%

9urrent"y there are three generations o Sun $oot P485s% ach generation has its own $ase

reision num$er as descri$ed in the o""owing "ist:

*%,- &he origina" SPA49Y $oot P485+%,- &he irst 8penKoot P485 (8KP)


44/320

J%,- &he 8penKoot P485 with a "ash update eature% ed rom the $oot P485's deau"t parameters

settings% &his gies you a certain "ee" o "e,i$i"ity in coniguring the system to $ehae in a

particu"ar manner or a speciic set o circumstances%

&he user-interace commands and deice a"iases are stored in the 234A5%

2ote - &he 234A5 chip has a ye""ow stic#er with a $ar code on it% 5any sotware pac#ages thatare "icensed are $ased on the system host I in 234A5% I the chip ai"s! Sun wi"" rep"ace it with

a new chip containing the same host I and thernet address%

Power On Self Test (POST):

;hen a system's power is turned on! a "ow-"ee" power on se"-test (P8S&) is initiated% &his "ow-

"ee" P8S& code is stored in the $oot P485 and is designed to test the most $asic unctions o

the system hardware%At the successu" comp"etion o the "ow-"ee" P8S& phase! the $oot

P485 irmware ta#es contro" and perorms the o""owing Initia"i>ation seuence:

Initia"i>es the system

Pro$es the memory and then the 9P?

Pro$es $us deices! interprets their driers! and $ui"ds a deice tree

Insta""s the conso"e

Ater system initia"i>ation! the $anner disp"ays on the! conso"e and the high "ee" testing $egins%

;hen the high-"ee" tests are inished! the system chec#s parameters stored in the 234A5 to

determine i and how to $oot the operating system%

The .pen)oot 0oal&he oera"" goa" o the 8penKoot Institute o "ectrica" and "ectronics ngineers!

(I) standard is to proide the capa$i"ities to:

&est and initia"i>e system hardware ! etermine the systems hardware conigurationKoot the operating system ! Proide interactie de$ugging aci"itiesna$"e the use o third-party deices


45/320

Third party Device Configuration

A"" ersions o the 8penKoot architecture a""ow a third-party $oard to identiy itse" and

"oad its own p"ug-in deice drier% ach deice identiies its type and urnishes its p"ug-in

deice drier when reuested $y the 8KP during the system hardware coniguration

phase o the $oot process%

Kasic Koot P485 Configurations &he o""owing sections descri$e the$asic KootP485 conigurations%

%(stems Containing a %ingle %(stem )oard&he o""owing Sun systems are conigured with on"y one system $oard! which ho"ds $oth the $oot P485

and 234A5 chip%

SPA49stationY ! /!*0! and +0

?"traY *! +! *+*0! J0! 60! .0! ++0! +/0! +0! and /0

&he ?"tra systems use a re-programma$"e $oot P485 ca""ed a flash P&O+ (or P485)% &his a""ows

new $oot program data to $e "oaded into the P485 ia sotware! instead o haing to rep"ace the chip%

&hese updates are distri$uted on 9485!

%(stems Containing Multiple %(stem )oards&he o""owing S?2 systems are conigured with mu"tip"e System $oards%

nterprise J00

nterprise 00

nterprise /00

nterprise 600

Systems containing mu"tip"e system $oards hae a specia" $oot P485 and 234A5 arrangement- &hese

systems a"so hae a c"oc# $oard to oersee the $ac#p"ane communications%


46/320

Some characteristics o these particu"ar systems are:

&he 9P? "ocated in the "owest card Rcage s"ot $ecomes the 5aster R9P? $oard%

ach 9P? $oard runs its own indiidua" P8S&%&he host I and thernet address are on the 9"oc# $oard and are automatica""y down"oaded to a"" 9P?$oard 234A5s when P8S& is comp"ete%

P485 contents are eriied $y chec#sum comparisons%9"oc# $oard and a"" system $oards are compared%Ina"id P485 a"ues can $e manua""y rewritten and eriied%I the P485 contents on the 9"oc# $oard are ound to $e dierent! it is re"oaded with the contents romthe 5aster 9P? $oard 234A5%


47/320

-alting the %olaris .perating #nvironment

&o ha"t the So"aris 8perating nironment to get to the P485 monitor prompt! ho"d

down the Stop #ey and the [aR #ey simu"taneous"y% An o# prompt disp"ays on the screen

indicating that the monitor program is aai"a$"e%

;arning - )! Ley$oard Present 8penKoot J%**! *+. 5K memory

insta""ed! Seria" F**O00O6/% thernet- addresses .:0:+0:$/:O.:+/! Host I: .0$/O.+/%

The boot Command


48/320

Command-Format

8# $oot Bdeice-nameD BoptionsD

ntering the $oot command at the o# prompt $oots the system to mu"ti-user mode

automatica""y% or e,amp"e: 8# $oot

Options &he o""owing "ist descri$es the options or the $oot command:

s-Koots the system to a sing"e user mode and prompts or the root password% ore,amp"e:ok boot ?s

2ote- &o continue the process and $ring the system to mu"tiuser mode! process the

contro" d #eys%

A Koots the system interactie"y% &his is useu" i you need to ma#e a temporarychange to the system i"e or the #erne"% &he $oot program as#s you or the o""owing

inormation%ok boot ?a

nter i"ename o the #erne" (#erne" uni,):

nter deau"t directory or modu"es (#erne"M usr #erne"):

nter name o system i"e (etc system):

nter deau"t root i"e system type (us):

nter physica" name o root deice:

or e,amp"e:

ok help

nter 'he"p command-name' or 'he"p category-name' or more he"p (?se 82< the irst word o a category

description) ,amp"es: he"p se"ect -or- he"p "ine

5ain categories are:4epeated "oops ! eining new commands ! ! 2umeric output !4adi, (num$er $ase

conersions) ! Arithmetic !5emory access !ine editor !System and $oot coniguration parameters ! Se"ect

I8 deices !"oppy eWect !Power on reset! iag (diagnostic routines) ! 4esume e,ecution ! i"e down"oad

and $oot ! nramrc (ma#ing new commands permanent)

o#

Detailed HelpTo 4iew specific information for one of the main categories listed abo4e, type the following+

o# he"p "ineo# he"p systemo# he"p diago# he"p i"e


49/320

The printen 9ommand


50/320

security-F $ad"ogins 0

diag-switch a"se a"se

o#


51/320

o# set-deau"t diag-"ee"

&o see the entire deice tree! use the show-descommand%

o# show-des

S?2;!?"traSPA49-IIiZ0!0

pciZ"!0

irtua"-memory

memoryZ0!*0000000

pciZ"!0pciZ"

pciZ"!0pciZ"!"

pciZ"!0pciZ"pciZ"

pciZ"!0pciZ"pciZ"S?2;!isptwoZ

pciZ"!0pciZ"pciZ"S?2;!hmeZ0!-"

pciZ"!0pciZ"pciZ"S?2;!isptwoZst

pciZ"!0pciZ"pciZ"S?2;!isptwoZsd

pciZ"!0pciZ"%*ideZJ

pciZ"!0pciZ"%*sunw! m6KZ+

pciZ"!0pciZ" * networ#s *! *

pciZ"!0pciZ" e$usZ*

pciZ"!0pci%ei! "ideZJcdrom

pciZ"!0pciZ" ideZJdis#

pciZ"!0pciZ" "e$usZ"S?2;!9S+J*Z*!+00000

pciZ"!0pciZ"!"e$usZi"ashpromZ*0!0 pciZ"!0pciZ"!"e$usZ"eepromZ*!0 pciZ"! 0pciZ"!

"e$usZ"dthree(+*!J0+J0 pciZ"!0pciZ"!"e$usZ"ecppZ*!J0J$c

pciZ"!0pciZ"!*e$usZ*suZ*! J06+.

pciZ"!0pciZ"!*e$usZ*suZ*! J0.J.

pciZ"!0pciZ"!"e$usZ"seZ*!00000 pciZ"!0pciZ"!"e$usZ"powerZ*!1+000

pciZ"!0pciZ"!"e$usZ"a,o,ioZ*!1+6000

Goutput truncated

o#

%oot Dis Device Path E-ample &he paths $ui"t in the deice tree $y the 8penKootirmware wi"" ary depending on the system type and its deice coniguration%


52/320

.sing pro,e/ Commands to Identify Devices

&o identiy the periphera" deices! such as dis#s! tape dries or 9485s current"y connected to the

system! use the 8KP commands:

probe(i!e probe(scsi probe(scsi(all

ote - Use the probe -fcal 2@ command to identify peripheral de4ices on systems containing the iber *hannel'rbitrated 5oop 8*-'5: A@&* Aigabit &nterface *on4erters.

Periphera" deices are connected to the System $oard ,y I8 (inputoutput) $uses%

bus or integrate! !rive electronics =I6B> bus.

A proe! "arning #essage

;arning - &he o""owing warning message is disp"ayed i you ino#e the pro$e-commands on Sun systems that

contain a J, $oot P485%

Shutting down the So"aris operating system a$rupt"y with the stop a seuence! or with the ha"t command! creates a

condition where running the pro$e command hangs the system un"ess you run the reset-a"" command irst%

;hen 8perating nironment has $een running $eore the stop a #ey seuence! you must comp"ete the o""owingsteps $eore using the price commands! $ecause these commands can cause the system to ree>e%

2ote - i a pro$e- command causes a system to ree>e! turn o the system and then turn it $ac# on $y togg"ing the

power switch "ocated on the $ac# o the system unit%

$. /t the ok prompt: set the N8/A auto(boot Parameter to ,alse

ok setenv auto(boot ,alse


53/320

5. /t the ok prompt: enter the reset comman! to clear all bu,,ers an! registers be,ore entering an&

!iagnostic comman!s.

ok reset

The proe!scsi $ommand

&he pro$e-scsi command! identiies the periphera" deices (dis#s! tape dries! or 9485s) attached tothe on-$oard S9SI contro""er! $y their target address% or e,amp"e:

Ok prob(scsi.

&arget J

?nit 0 is# SA@A& S&*.0 S?20+6+6600*O00*6

&arget 6

?nit 0 4emoa$"e 4ead on"y deice S82< 9485

The pro$e-scsi -a"" Command

&he pro$e-scsi-a"" command identiies the periphera" deices attached to the on-$oard S9SI contro""er and a""

periphera" deices attached to separate SKus or P9I S9SI contro""ers%

ok probe(scsi(all

pciZ*! 0pciZ*pciZ*S?2;!insptwoZ

&arget J

?nit 0 is# ?7I&S?5AKJ0/S S?2%+@*O01

&arget

?nit 0 4emoa$"e &ape AK


54/320

o# dea"ias

screen pc"Z"!0pciZ"!"S?2;!m6KZ+

net pciZ"!0pciZ"!"networ#]"!"

cdrorti pciZ" !0pciZ"!"ideZJcdrcsnZ+!0:

dis# pciZ"!0pciZ"!"ideZJdis#Z0!0

dis#J pciZ"!0pciZ"!"ideZJdis#ZJ!9

dis#+ pciZ*0pciZ"!"ideZJdis#Z+!0

dis#^ pciZ"0pciZ"!"ide_Jdis#Z"!0

dis#8 pciei!0pciei!"ideeJdis#Z0!0

ide pcid"!0pciZ"!"ideZJ

"oppy pciZ" !0pciZI!"e$usG+"dthree

tty$ pciZ"!0pciZ"!"e$usZ"se:$

ttya pciZ"! 0pciZ"!"e$usZ"se:ci %

#ey$oard^ pciZ"!0pciZ"!"e$usZ"suZ*%J9.J.:orcemode

#ey$oard pci_"!0pciei!"e$usZ"suZ*!J0.J.

mouse pciZ"!0pci("!"e$usZ"suZ*!J06+.

name a"iases

eice a"ias names are "isted on the "et side o the command output! and the physica" address o each

deice is shown on the right side o the output%eice a"iases are hard-coded into the 8KP irmware! and

they are easier to remem$er and use than the physica" deice addresses%&he dis# deice a"ias identiies

the deau"t $oot deice or the system%

&o $oot the system rom the deau"t deice simp"y type the $oot command%

ok boot

Creating Custom Device 0liases


55/320

ok nvalias alias(name !evice(path

&he eect o na"ias is to store this entire command "ine in the 234A549%

&o remoe a custom deice a"ias name:

ok nvunalias alias(name

&he eect o nuna"ias is to de"ete the a"ias name rom 234A549%

!sing nvalias to Create Custom Deice Aliases

&he o""owing procedure shows how to add a new $oot deice a"ias! ca""ed my dis+ and $oot the system

rom this new $oot deice a"ias%?sing show-dis#s se"ect the deice path that re"ates to the dis# to $e

used% ?sing na"ias create a new deice a"ias ca""ed mydis#%

ok show(!isks

(select a dis from the list)

o# na"ias mydis# pciZ*! 0pciZ"pciZ"S?2;! isptro(5sd

&o paste the deice path! or the se"ected dis#! on the command "ine press 9ontro"-y%

Removing Custom Device Aliases


56/320

o# reset

4esetting %%%%%

o# $oot mydis#


57/320

Interrupting an !nresponsie System;hen a system ree>es! or stops responding to the #ey$oard!you must Interrupt it% Interrupting the system stops the processor immediate"y and does not a""ow or memory to $e

"ushed! or i"e systems to $e synchroni>ed%&o interrupt an unresponsie system:

*% Attempt a remote "ogin on the unresponsie system to "ocate and #i"" the oending process%

34 Attempt to re$oot the users system graceu""y%

J% Ho"d down the Stop-a #ey seuence on the #ey$oard o the unresponsie system% &he system is p"aced at the o#

prompt%

2ote - I an AS9II: termina" is $eing used as the system! conso"e! use the Krea# seuence #eys% %

5anua""y synchroni>e the i"e systems using the 8KP sync command%

o# sync %

&his command causes the system to create a crash dump o memory and then re$oot the system%

9reate and manage user accounts on the "oca" system using the admin too" uti"ity escri$e the ormat o the i"es etcpasswd and etcshadow or securing "ogin access escri$e the ormat o the etcgroup i"e or maintaining shared and restricted access to i"es and

directories Add! modiy! and de"ete user accounts on the "oca" system with the commands useradd!

usermod! and userde" Add! modiy! and de"ete group accounts or the "oca" system with the commands groupadd!

groupmod! and groupde" eine the two dierent types o she"" initia"i>ation i"es escri$e the she"" startup actiities during "ogin or the three main So"aris 8perating nironment ist the she"" initia"i>ation i"es used to set up a user's wor# enironment at "ogin escri$e the purpose o the etcs#e" directory 5odiy initia"i>ation i"es to customi>e a userQs wor# enironment%

Setting ?p ?ser Accounts

An important system administration tas# is setting up user accounts or each user reuiring system

access% ach user account consists o ie main components:

)ser name- A uniue name a user enters to "og in to a system! a"so ca""ed a "ogin name% Passwor!- A com$ination o si, to eight "etters! num$ers! or specia" characters that a user must

enter with the "ogin name to gain access to a system% )serLs home !irector& - A directory the user is p"aced in ater "ogin! or creating and storing i"es% )serLs login shell- &he user's wor# enironment is set up $y the initia"i>ation i"es deined $y the

user's "ogin she""% &here are si, possi$"e "ogin she""s in the So"aris 8perating nironment! whichinc"ude the Kourne she""! Lorn she""! 9 she""! V she""! KASH she""! and the &9 she""%

?ser initia"i>ation i"es - She"" scripts that determine how a user's wor# enironment is to $e set upwhen the user "ogs in to a system%

Aanaging )ser /ccount:


58/320

9ogin name- ach user's name must $e uniue and consist o two to eight "etters (AEV! a->) and

num$ers (0-O)% &he irst character must $e a "etter! and at "east one character must $e a "owercase etter%

?ser names cannot contain underscores or spaces%

)ser i!enti,ication =)I6> number- &he user's uniue numerica" I or the system% ?I num$ers or

regu"ar users range rom *00 to 60000% A"" ?I num$ers must $e uniue%

2ote - As o the So"aris +%6 8perating nironment! the ma,imum a"ue or a ?I is +*1_J61%

Howeer! the ?Is oer 60000 do not hae u"" unctiona"ity and are incompati$"e with some the So"aris

8perating nironment eatures% So aoid using ?Is oer 60000 to $e compati$"e with ear"ier ersions

o the operating system%

@roup i!enti,ication =@I6> number- &he uniue numerica" I o the group to which the user $e"ongs%ach @I num$er must $e an integer $etween *00 to 60000%2ote -


59/320

A"" passwords are encrypted and maintained in a separate shadow i"e named etcshadow% &o urther contro" user

passwords! you can oten enorce password aging! which is maintained in the etcshadow i"e%

&he "etc"group i"e deines the deau"t system group accounts%


60/320

comment -9ontains the user's u"" name% home#!irector&-9ontains the u"" pathname to the user's home directory% login#shell(eines the user's "ogin she""! which can $e $insh! $in#sh! $incsh!

$in>sh! $in$ash! or $intcsh%

root

daemon

$in

sys

adm

smtp

0

*

+

J

1*

0

Superuser account% Has a"most no restrictions and oerrides a"" other "ogins!protections! and permissionsM has access to the entire system%

System account that contro"s $ac#ground processing%

Administratie account that owns most o the commands%

Administratie account that owns many system i"es%

Administratie account that owns certain administratie i"es%

Print serice account that owns the o$Wect and spoo"ed data i"es or the printer%

&he smtp mai"er uses the Simp"e 5ai" &ranser Protoco" (S5&P) to transer a

message% S5&P is the standard mai" protoco" used on the Internet%

uucp

nuucp

"isten

no$ody

noaccess

no$ody

/

6

J1

6000*

6000+

6//J

&he uucp account that owns the o$Wect and spoo"ed data i"es or the ?2I-to-?2I

copy program (??9P)%

&he uucp account used $y remote systems to "ogin to the host and start i"e

transers%

2etwor# "istener account%

Anonymous user account! assigned $y an 2S serer when an unathori>ed root

user ma#es a reuest% &he no$ody user account is assigned to sotware processes

that do not need any specia" permissions%

Account assigned to a user or a process that needs access to a system through

some app"ication without actua""y "ogging into the system%

Sun8SY %0 or %* ersion o the no$ody account%

*% &he no$ody account is used or securing 2S resources% ;hen a user is "ogged in as root on an 2S

c"ient and attempts to access a remote i"e resource! the ?I is changed rom 0 to the ?I o no$ody

(6000*)M no$ody gets the same access permissions as those deined or eeryone e"se%


61/320

&he etcshadow i"eue to the critica" nature o the etcshadow i"e! you shou"d neer edit it direct"y%Instead! you maintain the i"e's ie"ds using admintoo" or the commands useradd! usermod! or passwd% &he

etcshadow i"e can $e read on"y $y a user with root permission%

&he o""owing is an e,amp"e o the etcshadow i"e containing its initia" system account entries:

root:eo#t9o5twV2:6/::::::

daemon:2P:6/::::::

$in:2P:6/::::::

sys:2P:6/::::::

adm:2P:6/::::::

"p:2P:6/: : : : : :

smtp:2P:6/::::::

uucp: 2P : 6/ ::::::

nuucp: 2P:6/::::::

"isten : L ::::::

no$ody:2P:6/ ::::::

noaccess :2P: 6/ ::::::

no$ody :2P: 6/ ::::::

ach "ine entry contains the o""owing nine ie"ds! separated $y co"ons:

"ogin I: password: "astchg:min:ma,: warn: inactie:e,pire:

loginI6- 9ontains the user's "ogin name% passwor! -9ontains a *J-character encrypted password! or the string L ! which indicates a "oc#ed

account! or the string 2P! which indicates no password% lastchg- Indicates the num$er o days $etween 7anuary *!*O10! and the "ast password modiication date% min-9ontains the minimum num$er o days reuired $etween password changes% ma*-9ontains the ma,imum num$er o days the password is a"id $eore the user is prompted to enter a

new password at "ogin% warn- 9ontains the num$er o days the user is warned $eore the password e,pires% inactive- 9ontains the num$er o inactie days a""owed or that user $eore the user's account is "oc#ed% e*pire-9ontains the date when the user account e,pires% 8nce e,ceeded! the user can no "onger "og in%

&he ninth ie"d is resered or uture use! and is current"y not used

he "etc"group Dile ach user must $e"ong to a group! which is reerred to as the user's primary group and speciied$y the @I "ocated in the user's account entry within the etcpasswd i"e%

ach user can a"so $e"ong up to */ additiona" groups! #nown as secondary groups! which are speciied in etcgroup

i"e on"y%&he o""owing is a samp"e o the deau"t entries in an etcgroup i"e%

F cat etc group

root: :0 :root


62/320

8ther: : * :

$in : : + : root ! $in ! daemon

sys : : J : root ! $in ! sys ! adm

adm : : : root ! adm ! daemon

uucp : : / : root ! uucp

mai" : : 6 : root

tty : : 1 : root ! tty ! adm

"p : : . : root ! "p ! adm

nuucp : : O : root ! nuucp

sta ::*0:

daemon : : *+ : root ! daemon

sysadmin: : * : "ister! torey

no$ody: : 6000*:

noaccess: : 6000+ :

nogroup: : 6//J :

F

ach "ine entry in the etcgroup i"e contains the o""owing our ie"ds! each separated $y a co"on character%

groupname : group -password: "ID: username-list

groupname-9ontains the name assigned to the group% @roup names can contain a ma,imum o eightcharacters%

group(passwor!- 9ontains an asteris# or is an empty ie"d% &his ie"d is a re"ic o ear"ier ersions o ?2I%&here is no uti"ity to set a password on a group% &o p"ace a password on a group! cut and paste an e,istingpassword rom the etcshadow i"e into the etcgroup i"e entry

2ote X A group password is used $y the newgrp command% &his command is used to "og a user into a new group% I

that new group has a password! and the user is not a mem$er o that group! the password has to $e entered $eore

newgrp wi"" continue%

@I6-9ontains the group's @I num$er% It must $e uniue on the "oca" system and shou"d $e uniue acrossthe organi>ation% 2um$ers 0 to OO! 6000*! and 6000+ are resered or system group accounts% ?ser-deinedgroups can range rom *00 to 60000%

username-"ist-9ontains a comma-separated "ist o user names that represent the user's secondary group

mem$erships% Ky deau"t! each user can $e"ong to a ma,imum o */ secondary groups%

9reating ?ser Accounts


63/320

&he useradd command a"so automatica""y copies a"" the initia"i>ation i"es in the etcs#e" directory to the

user's new home directory%

9ommand ormat

usera!! B -u uid D B -g gid B -@ gid B!gid! % % DD B -d dir D B -m D B -s she"" D B -c

comment D "oginname


64/320

6eleting )ser /ccounts:


65/320

+ groupmo! (g ation! i"es% &he irst type contro"s the system -wide

enironment% &he second type contro"s the user's enironment%

%(stem3"ide nitiali5ation Files ation i"es are ca""ed "etc"pro,ile an! "etc". login.

&he Kourne and Lorn "ogin she""s "oo# or and e,ecute the system initia"i>ation i"e etcproi"e during

"ogin%&he 9 "ogin she"" "oo#s or and e,ecutes the system initia"i>ation i"e etc%"ogin during the "ogin

process%

2ote -&he deau"t i"es etcproi"e and etc%"ogin chec# dis# usage uotas! print the message o the day

rom the etcmotd i"e! and chec# or mai"% 2one o the messages are printed to the screen i the i"e

%hush"ogin e,ists in the user's home directory%

)ser Initiali1ation Diles


66/320

V etc>shen

etc>proi"e

etc>shrc

etc>"ogin

\H85-% >sheri

\H85%>proi"e

\H85%>"ogin %

\H85%>shrc $in>sh

KASH etcproi"e \H85%$ashEproi"e

\H85%$ashE"ogin

\H85%proi"e

\H85%$ashrc $in$ash

&9 etccsh%cshrc

etccsh%"ogin

\H85%tcshrc

or

\H85%cshrc

$intcsh

2ote - &he root user's "ogin she"" $y deau"t is the Kourne she""! and root' s she"" entry in the etcpasswd

i"e appears as s$insh%

;hen a user "ogs in to the system! the user's "ogin she"" is ino#ed% &he she""program "oo#s or its

initia"i>ation i"es in a speciic orderM e,ecutes the commands contained in each i"e! and when inished!

disp"ays the she"" prompt on the user's screen%

Customi1ing the Work Bnvironment&he she""s a"" proide $asic eatures and a set o aria$"es that

determine what root or a regu"ar user can do when customi>ing user initia"i>ation i"es or each she""%

%hell Variables &he enironment maintained $y the she"" inc"udes aria$"es that are deined $y the"ogin program! system initia"i>ation i"e! and the user initia"i>ation i"es%

&he she""s support two types o aria$"es:

nironment aria$"es - ery she"" program started receies its inormation a$out the user's enironment

rom these aria$"es%oca" aria$"es - &his aects on"y the current she""% Any su$she"" started wou"d not

hae #now"edge o these aria$"es%


67/320

Kourne or Lorn She"" 3A4IAKNa"ue M e,port 3A4IAK or e,amp"e:

R\H8S&2A5 * \ e,port PS"

9 She"" Seten aria$"e a"ueor e,amp"e

eau"t ?ser Initia"i>ation i"es

She"" Initia"i>ation i"e

&emp"ates

?ser s Initia"i>ation i"es

Kourne etcs#e""oca"%proi"e \H85%proi"e

Lorn etcs#e""oca"%proi"e \L85%proi"e

9 etcs#e""oca"%"ogin

etcs#e""oca"%cshrc

\H85%"ogin

\H85%cshrc

&he root user can customi>e these temp"ates to create a standard set o user initia"i>ation i"es to proide

a common wor# enironment or each user%?ser's can then edit their initia"i>ation i"es to urther customi>e

their enironments or each she""%


68/320

;hen new user accounts are created $y root! these initia"i>ation i"es are automatica""y copied to each

new user's home directory

A dis# is physica""y composed o a series o "at! magnetica""y coated p"atters stac#ed on a spind"e% &he

spind"e turns whi"e the readwrite heads moe $etween p"atters! in unison! racia""y reading and writing

data on the p"atters%

he ,ollowing !escribes the components o, a !isk'

One or more platters. Platters rotate aroun! the spin!le. ea! actuator arm moves the rea!"write hea!s as a unit above

an! below each platter.

A dis# is diided into the o""owing components: sectors! trac#s! and cy"inders%

Sector- &he sma""est addressa$"e unit on a p"atter! 8ne sector can ho"d/*+ $ytes o data% Sectors are a"so #nown as dis# $"oc#s%

rack- A series o sectors positioned end-to-end in a circu"ar path% C&lin!er- A stac# o trac#s%

2ote - &he num$er o sectors per trac# aries with the radius o a trac# on the p"atter%

&he outermost trac#s are "arger and can ho"d more sectors than the inner trac#s%

Kecause a dis# spins continuous"y and the readwrite heads moe as a sing"e unit! the

most eicient see#ing occurs when the sectors to $e read or written to are "ocated in asing"e cy"inder%

eining is# S"icesis#s can! $e diided into indiidua" partitions! #nown as s"ices%S"ices are groupings o cy"inders common"y used to organi>e data $y unction%

or e,amp"e! you can store critica" system i"es and programs in one s"ice! whi"e you

can store user-created i"es in another s"ice on the same dis#%

Note - Ky grouping cy"inders in this way! the amount o moement reuired $y the

readwrite heads to access a i"e is reduced! which improes dis# I8 perormance%

A dis# under Sun8S can $e diided into eight s"ices! "a$e"ed s"ice 0 through s"ice 1%

Ky conention! s"ice + is used to represent the entire dis#% It records items! such as the

si>e o the actua" dis#! and the tota" num$er o cy"inders aai"a$"e or the storage o i"es

and directories%

&he Koot is#

&he s"ices shown a possi$"e coniguration conention or "ogica""y organi>ing data that is to $e stored on the

$oot dis#% 2ot a"" s"ices hae to $e deined on a dis#%


69/320

Disk (lice )aming $on%ention

&he u"" name o a s"ice is represented $y an eight character string which inc"udes the contro""er

num$er! the target num$er the dis# num$er! and the s"ice num$er%

Controller number- Identiies the host $us adapter! whichcontro"s communications $etween the system and dis# unit% Itta#es care o moing dis# heads! data transer! and "ocationo data on the deice% &he contro""er num$er is assigned inseuentia" order! such as c0! c*! c+ and so on%arget number &arget num$ers such as t0! t*! t+ ! and tJcorrespond to a uniue address switch setting that isse"ected or each dis#! tape! or 9-485% An e,terna" dis#drie has an address switch! "ocated on the rear pane"% Aninterna" dis# has address pins which are Wumpered to assignits target num$er%6isk number X &he dis# num$er is a"so #nown as the"ogica" unit num$er (?2)% &his num$er re"ects the num$ero dis#s at the target "ocation% &he dis# num$er is a"ways setto do with em$edded S9SI dis#s%

Slice numberX A s"ice num$er ranging rom 0 to 1%

cFtFdFsF

contro""er num$er! target num$er!is# num$er! S"ice 2um$er%


70/320

eice 2aming 9onentions

In the So"aris 8perating! nironment! a"" deices hae three dierent types o names! depending on how the deice

is $eing reerenced%

9ogical !evice names Ph&sical !evice names

Instance names

2ote - KS deice names a"so e,ist in the So"aris 8perating nironment i the KS compati$i"ity pac#ages are

insta""ed with either the ee"oper! ntire istri$ution! or ntire istri$ution p"us 85 So"aris Sotware @roup% &he

KS deice names are typica""y used or $ac#wards compati$i"ity with o"d scripts! (or e,amp"e! desd8a)%

Logical &evice !ames


71/320

*h(sical &evice !amesPhysica" deice names uniue"y identiy the physica" "ocation o the hardwaredeices on the system! and are maintained in the deices directory% 2ote 3arious hardwarep"atorms hae dierent deice trees%A physica" deice name uniue"y identiies the "ocation othe deice% It contains the hardware inormation! represented as a series o node names!separated $y s"ashes! to indicate the path to the deice that re"ects hardware connectiity% ore,amp"e:

+ ls ($ "!ev"!sk"c0t0!0s0 %

Irw,rw,rw, * root root 6 7un *6 *O:01 deds#c0t0d0s0 -

. . " . . "!evices"pci7l, :0"pci7l: l"i!e73"!a!70 : 0 'a

or example, an Ultra C system has the de4ice configuration tree-structure shown in igure C- 8not all possible

de4ices are included

&he top-most directory in the hierarchy is ca""ed the root node o the deice tree% An o$Wect $e"ow the root

node has a deice drier associated with it! which is ca""ed a "ea! or $us ne,us node%

2ote - A deice drier is the sotware that communicates with the deice% &his sotware must $e aai"a$"e

to the #erne" to use the deice%

&he #erne" identiies the physica" "ocation o a deice $y associating a node with an address! nodenameZaddress!

which is ca""ed thephysica"%deice name! or e,amp"e! dadZ0 %

Instance Names:Instance names are a$$reiated names assigned $y the #erne" or each deiceon the system%

An instance name is simp"y a shortened name or the physica" deice name% &wo e,amp"es are shown

$e"ow:


72/320

s!n

;here sd is the dis# name and n is the dis# num$er! such as sd0! or the irst S9SI (sma"" computer

system interace) dis# deice:

!a!n

where dad (direct access deice) is the dis# name and n is the dis# num$er! such as dad0! or the irst ide

(integrated drie e"ectronics) dis# deice%

#isting a System's Devices &he o""owing sections descri$e how to "ist a system's deices%

he "etc"path#to#inst $ile

&n the Solaris 2perating 3n4ironment, the system records, for each de4ice, its instance name and number along withits physical name in the *etc*path+to+.inst file. These name are used by the kernel to identify e4ery possible de4ice.This file is read only at boot time.

2ote - &he deice instance num$er! shown in $o"d $e"ow! appears to the right o the deice instance

name when recorded in this i"e%

&he etcpathEtoEinst i"e is maintained $y the #erne"! and it is genera""y not necessary! nor is it adisa$"e

or the system administrator to eer change this i"e%

+ more "etc"path#to#inst

5

F 9aution^ &his i"e contains critica" #erne" state

F

F pciZ"! 0R 0 RpciR

F pciZ"!0pciZ"!"ideZJsdZ+!0R + RsdR (CD/&O)

F pciZ"!0pciZ"!"ideP3dadZ0!0R 0 [dadR (dis)

F pciZ"! 0pciZ"!"e$usZ"R 0 Re$usR (e-tended ,us)

F pciZ"!0pciZ""e$usZ"dthreeZ*!J0+J8R 0 RdR (floppy dis)

F pciZ" !0pciZ"("e$usZ"suZ*!J06+.R * RsuR (mouse)

F pciZ"!0pciZ"!"e$usZ"seZ*!00000R 0 RseR (serial ports 0 and %)

F pciei!0pciZ"!"e$usZ"suZ*!J0.J.R 0 RsuR #ey$oardM

F pciZ" ! 0pciZ"!"e$usZ"ecppZ*!J0J$cR 0 RecppR ('e,tended

capa,ility parallel port)

FpciZ"! 0'pciZ"! "e$usZ"S?2;!9S+J*Z*! +00000R 0 RaudiocsR (crystal

semiconductor)

F pciZ"! 0pciZ"! "e$usZ"poMerZ*! 1+000R 0 RpowerR power management ,us)


73/320

F pciZ" !0pciZ"! "networ#Z" ! *R 0 RhmeR (ast thernet)

2ote X ierent systems hae dierent physica" deice paths% &his e,amp"e shows an on$oard periphera"

component interconnect (P9I) $us coniguration%

Sample "etc"path#to#inst $ile

&he o""owing is a pathEtoEinst i"e rom a system that has a dierent $us architecture% In this case! it is an

e,amp"e o a system that has an on$oard Sun system $us (S$us)%

+ more "etc"path#to#inst

F

F 9aution^ &his i"e contains critica" #erne" state

F

F s$usZ"!0R 0 Rs$usR

F s$usZ" !0espdmaZe! .00000R 0 RdmaR

F s$usZ" !0espdmaZe! .00000espZe!..00000 0 [esp

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZJ!0 J [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ+!0 + [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ*!0 * [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ0!0 0 [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ6!0 6 [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ/!0 / [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ!0 [sd

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZJ!0 J [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ+!0 + [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ*!0 * [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ+!0 + [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZJ!0 J [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ!0 [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ/!0 / [st

F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ!0 [st

he prtcon, Command


74/320


75/320

ide! instance F0

dad! instance F0

sd! instance F+

pci! nstance F"

pseudo! instance F0

2ote - &he command grep - not is used to omit a"" containing the word RnotR rom the output%

%econfiguring Deices &he system recogni>es a new"y added periphera" deices i areconfiguration ,oot is ino#ed% &his particu"ar $oot process adds the new deice to a new"y generated

deice tree and to the de and deices directories%%

&he o""owing steps reconigure a system to recogni>e a new"y attached dis#%

* 9reate the reconigure i"e% &his i"e causes the system to chec# or the presence o any new"y

instated deices the ne,t time it is powered on or $ooted%

+ touch "recon,igure

+% Shut down the system% &his command $rings the system to an appropriate s"ate or

turning the system power o to sae"y a""ow or adding or remoing deices%

+ init

J% &urn o the power to a"" e,terna" deices%

% Insta"" the periphera" deice! ma#ing sure the deice $eing added has no con"icting

address with other deices on the system%

/% &urn on the power to a"" e,terna" deices%

6% &urn on the power to the system% &he system $oots to the "ogin screen%

1% 3eriy that the periphera" deice has $een added $y issuing one o the o""owing

commands: prtcon or ormat%

8nce the dis# is recogni>ed $y the system!


76/320

or compatibility purposes, dr4config and the other commands are symbolic links to de4f sadm.

&he desadm command attempts to "oad eery drier in the system and attach to a"" possi$"e deice

instances%

It then creates the deice i"es in the deices directory and the "ogica" "in#s in the de directory% In

addition to managing these directories! desadm a"so maintains the! etcpathEtoEinst i"e%

!ev,sa!m Options &o restrict the use o the desadm command to a speciic deice c"ass! use the -c

option%

+!ev,sa!m (c !evice#class

+ !ev,sa!m (c !isk

;here the a"ues to deiceEc"ass inc"ude: dis#! tape! port ideo and pseudo% or e,amp"e:


77/320

+ !rvcon,ig (i !a!

or F drconig -i sd

+% Ino#e the dis#s command%

# !isks

&his command creates sym$o"ic "in#s in the deds# and derds# directories pointing to the actua" dis#

deice i"es "ocated in the deices directory%

Adding a !ew Tape &rive &he o""owing steps i""ustrate how to add a new tape drie:

*% Ino#e the drconig command%

+ !rvccon,ig (i st

+% Ino#e the tapes command%

+ tapes

&his command creates sym$o"ic "in#s in the dermt directory to the actua" tape deice i"es "ocated in the deices

directory%

&is' %lices and the format 1tilit(

&he ormat uti"ity is a system administration too" used primari"y to prepare hard dis# dries or use in the

So"aris 8perating nironment%

&hough you can use the ormat uti"ity to perorm a ariety o dis# management actiities! the main reason

you use the ormat uti"ity is to diide a dis# into dis# s"ices%

2ote - &he So"aris 8perating nironment insta""ation program a"so diides dis#s into dis# s"ices as part

o insta""ing the So"aris 8perating nironment re"ease%

&o diide a dis# into s"ices! the system administrator wi"" need to:

Identiy the correct dis#

P"an the "ayout o the dis#

?se the ormat uti"ity to diide into s"ices

a$e" the dis# with new s"ice inormation

8n"y the root user can use the ormat uti"ity% I ormat is run $y a regu"ar user! the o""owing error message

is disp"ayed:

; ,ormat


78/320

Searching or dis#%%%done

2o permission (or no dis# ound)

Disk &abels and Partition ables

ery dis# in the So"aris 8perating nironment has a specia" area set aside or storing inormationa$out the dis#'s contro""er! geometry! and s"ices%

&his inormation is ca""ed the dis#'s la,le4 Another term used to descri$e a dis# "a$e" is the o"ume ta$"e o

contents (3&89)% &he dis#'s "a$e" 3&89 is stored on the irst sector o the dis#%

&o "a$e" a dis# means to write s"ice inormation onto the dis#% I the system administrator ai"s to "a$e" a

dis# ater deining s"ices! the s"ice inormation is "ost%

An important part o the dis# "a$e" is thepartition ta,le+which identiies! a dis# s"ices! the s"ice $oundaries

(in cy"inders)! and the tota" si>e o the s"ices%

2ote -&he terms dis slice and dis partition are interchangea$"e%

9urrent partition ta$"e (origina"):&ota" dis# cy"inders aai"a$"e ..O+ T + (resered cy"inders)

part &ag "ag 9y"inders

(ie -locks

0 root wm 0 -+/+0 *%* @J (+/+*00) +J.+J/

* swap wu +/+* -+.0 *1% 66LK (J+000) J0+00

+ $ac#up wm 0 -..O+ %0*@K (..O+00) .0+O0

J unassigned wm 0 0 (000) 0

unassigned wm 0 0 (000) 0

/ unassigned win 0 0 (000) 0

6 usr wm + .* -.000 +%1J@K (60/*00) /1*.*O/

1 unassigned wm 0 0 (0!00) 0


79/320

Partition $oundaries must $egin and end with entire cy"inders%

ie"d escription

Part S"ice num$er% 3a"id s"ice num$ers inc"ude 0

through 1%

&ag A a"ue used to indicate how the s"ice is

$eing used%

0 N unassigned

* N$oot

+ N root

J N swap

N usr

/ N $ac#up

6 N stand

1 N ar

. N home

O N a"ternates

"ag wm- dis# s"ice is writa$"e and mounta$"e%

wu -dis# s"ice is writa$"e and unmounta$"e%

This is the defaults state of slice dedicated for swap areas4

rm N dis# s"ice is read on"y and mounta$"e%

ru - dis# s"ice is read on"y and unmounta$"e%

9y"inders &he starting and ending cy"inder num$er or the dis# s"ice%

Si>e &he s"ice si>e: 5$ytes (m$)! @$ytes (g$)!

K"oc#s ($)! or 9y"inders (c)%

K"oc#s &he tota" num$er o cy"inders and the tota"

num$er o sectors per s"ice%

Defining Dis Slices is# s"ices are deined $y an oset and a si>e in cy"inders% &he oset is the distance rom

cy"inder 0% or e,amp"e:


80/320

(lice !! O%erlaps &ntire Disk

S"ice 0 S"ice * S"ice 6

(ie

/0 $ylinders

Si>e

J+0 9y"inders(ie

12/0 $ylinders

8set 0 8 set +/+* 8 set +.*

Digure 6-+ 8sets and Si>es or is# Partitions

&he oset or s"ice 0 is 0 cy"inders and its si>e is +/+* cy"inders% S"ice 0 $egins on cy"inder 0 and ends on

cy"inder +/+0%

&he oset or s"ice * is +/+* cy"inders and its si>e is J+0 cy"inders% S"ice * $egins on cy"inder +/+* and

ends on cy"inder +.0%

&he oset or s"ice 6 is +.* cy"inders and its si>e is 60/* cy"inders% S"ice 6 $egins on cy"inder +.* and

ends on the "ast aai"a$"e cy"inder ..O+%

Defining Dis Partitions

&he o""owing sections descri$e conditions that can occur when you are deining dis# partitions%

1ndesirable Conditions

;hen creating or changing dis# s"ices! two types o undesira$"e conditions can occur: wasted dis# space

and oer"apping dis# space%

;asted is# Space ;asted dis# space occurs when one or more cy"inders are not a""ocated to a dis#

s"ice%

8set 0 8set - +/+*

8set 0 8set +/+*

&he wasted dis# space condition can occur when you decrease the si>e o one s"ice! and do notadWust the starting cy"inder num$er o the ne,t dis# s"ice% (In the e-ample a,ove+ cylinders 3*6$

through 3*36 are unusa,le4)

SiBe E 0CFFcyl wasted SiBe -G0F cyl


81/320

Overlapping Disk Slices 8er"apping dis# s"ices occurs

Hastatus Solaris

Documents

Transcript of Hastatus Solaris