Solaris 8 containers and solaris 9 containers customer presentation
Hastatus Solaris
-
Upload
anonymous-pdzazj -
Category
Documents
-
view
213 -
download
1
Transcript of Hastatus Solaris
-
7/22/2019 Hastatus Solaris
1/320
Hastatus sum
Hagrp switch
-
7/22/2019 Hastatus Solaris
2/320
-
7/22/2019 Hastatus Solaris
3/320
-
7/22/2019 Hastatus Solaris
4/320
-
7/22/2019 Hastatus Solaris
5/320
Shutdown i6 g0 -y
-
7/22/2019 Hastatus Solaris
6/320
-
7/22/2019 Hastatus Solaris
7/320
-
7/22/2019 Hastatus Solaris
8/320
-
7/22/2019 Hastatus Solaris
9/320
-
7/22/2019 Hastatus Solaris
10/320
-
7/22/2019 Hastatus Solaris
11/320
-
7/22/2019 Hastatus Solaris
12/320
-
7/22/2019 Hastatus Solaris
13/320
Internet (IP) address: A host's IP address identiies where a host is on the Internet! which a""ows networ#traic to $e directed to that host% &his sotware address is p"aced in the etcinethosts i"e%thernet address -A host's uniue hardware address% A num$er disp"ayed as *+ he,adecima" digits% ore,amp"e! 0.:00:+0:*c:/:1e% &his address is stored in the 234A5 (nono"ati"e random access memory)chip%The Solaris Operating Environment Software Installation Options
Solaris Web Start 3.0 Installation- Proides a graphica" user interace-$ased! 7aa techno"ogy-poweredsotware app"ication that guides you through the insta""ation o the So"aris 8perating nironment andother sotware on a sing"e system rom a "oca" or remote 9-485 drie%Solaris Interactive Installation Program-Proides a graphica" user Interace that guides you step-$y-step through insta""ing the So"aris 8perating nironment sotware! 'this insta""ation program does notena$"e you to insta"" a"" the additiona" sotware! as with So"aris ;e$ Start! it insta""s on"y the So"aris8perating nironment sotware%Solaris Installation Over the Network - Proides the capa$i"ity to insta"" the So"aris 8peratingenironment sotware on a "arge num$er o systems that do not hae -a "oca" 9-485 drie% &hise"iminates the need to insert the So"aris 8perating nironment sotware 9-485 on eery system% eo the system%Solaris Custom JumpStart Installation - A type o insta""ation in which the So"aris 8peratingnironment sotware is automatica""y insta""ed on a system $ased on a user-deined proi"e% e proi"es or dierent types o users and systems! and this is the most cost-eectie option orinsta""ing the So"aris 8perating nironment sotware in a "arge enterprise% Proides hands o insta""ationacross the networ# $ased on a centra" conigured serer%
-
7/22/2019 Hastatus Solaris
14/320
Software Packages: A sotware pac#age contains a group o i"es and directories in a category o re"atedsotware (or e,amp"e! system or app"ication) and sotware insta""ation scripts
Software Clusters:uring the sotware insta""ation process! "ogica" co""ections o sotware pac#ages are
grouped into sotware c"usters! or e,amp"e! the 9 sotware c"uster inc"udes the o""owing pac#ages:
S?2;dt$as S?2;dthed S?2;dtmad S?2;eudhr
S?2;dt$as S?2;dthe S?2;dtrme S?2;eudhs
S?2;dtdem S?2;dticn S?2;dtwn S?2;eudis
S?2;dtdm S?2;dtim S?2;eud$a S?2;eud"g
S?2;dtdst S?2;dtinc S?2;ud$d S?2;mman
S?2;dthe S?2;dtma S?2;eudda
Some sotware c"usters can contain on"y one sotware pac#age%
Cluster Configuration: &he c"uster conigurations are reerred to during the insta""ation process as theSo"aris Sotware @roups% &here are current"y ie sotware groups aai"a$"e! which inc"ude:
ntire So"aris Sotware @roup P"us 85 -S?2;9a""
ntire So"aris Sotware @roup S?2;9a""
ee"oper So"aris Sotware @roup - S?2;9prog
nd ?ser So"aris Sotware @roup - S?2;9usr
9ore So"aris Sotware @roup - S?2;9re
Software Packages: Sotware administration ino"es adding and
remoing sotware rom systems% Sun and its third-party endors de"ier
products in a orm ca""ed a sotware pac#age%
&he term pac#age to the method or distri$uting and insta""ing sotwareproducts to systems where the products! wi"" $e used% In its simp"est orm!
a pac#age is a co""ection o i"es and directories
Pac#age administration commands - p#gadd! p#grm! p#gino! and p#gch#&he admintoo" uti"ity - A graphica" ront-end to the p#gadd and p#grm commands
Command format: p#gino B -d B deice C pathname D D B -* D p#gEname
or e,amp"e:
F p#gino C more
Gsome output omitted
app"ication S?2;A,g So"aris @ J %J Answer Koo#
app"ication S?2;aadm So"aris System Administrator 9o""ection
system S?2;a$+m So"aris ocumentation Serer oo#up
system S?2;a$+r So"aris ocumentation Serer
-
7/22/2019 Hastatus Solaris
15/320
system S?2;a$+s So"aris ocumentation Serer
system S?2;a$+u So"aris ocumentation Serer
app"ication S?2;a$da Sun u"tra /*0 Hardware AnswerKoo#
app"ication S?2;a$e So"aris ?ser 9o""ection
app"ication S?2;a$sd# So"aris Sotware ee"oper 9o""ection
&he co"umns o inormation that are disp"ayed are descri$ed $e"ow%
9A&@84< Is the pac#age category! such as app"ication! system! A! or 9&%
PL@I2S& Is the sotware pac#age nameM i it $egins with S?2;! it is a Sun 5icrosystems productM
otherwise! it represents a third-party pac#age
2A5 Is a $rie description o the sotware product%
&o iew a"" the aai"a$"e inormation a$out the sotware pac#ages! use the p#gino command with the
option:
F p#gino -" C more
Displaying Detailed Information for a Specific Pacage:
F p#gino -* S?2man
PL@I2S&: S?2;man
2A5: 8n-"ine 5anua" Pages
9A&@84
-
7/22/2019 Hastatus Solaris
16/320
J shared pathnames
1 directories
1JO+/ $"oc#s used (appro,)
&he "ast "ine (1JO+/ $"oc#s used (appro,)! identiies the si>e o the pac#age% A $"oc# is a /*+-$yte dis#$"oc#% &he $"oc#s used num$er deines how much space is needed on the dis# to insta"" this pac#age%
&o determine how many pac#ages are current"y insta""ed on dis#! use the o""owing command:
F p#gino C wc -*
&o disp"ay inormation a$out sotware pac#ages that resides on the So"aris Sotware 9-485 (or other
re"ease media)! use the p#gino command with the -d option
F p#gino -d cdrom
0s0So"arisE,Product C more
F p#gino -d cdromcdrom0s0So"arisE*0Product -* S?2;audio
Command Format: P#grm p#gEEname
or e,amp"e: F p#grm S?S;audio
&he o""owing pac#age is current"y insta""ed:
S?2;audio Audio app"ications
(spare) J%6%!43N*%O.%*+%0J
o you want to remoe this pac#age y
FF 4emoing insta""ed pac#age instance GS?2;audio
FF 3eriying pac#age dependencies%
;A42I2@:
&he GS?2;o"rte pac#age depends on the pac#age 9urrent"y $eing remoed%
;A42I2@:
&he GS?2;o"aud pac#age depends on the pac#age9urrent"y $eing remoed%
;A42I2@:
&he GS?2;o"dc pac#age depends on the pac#age 9urrent"y $eing remoed%
;A42I2@:
-
7/22/2019 Hastatus Solaris
17/320
&he !S?2;,w#ey pac#age depends on the pac#age9urrent"y $eing remoed%
ependency chec#ing ai"ed%
o you want to continue with the remoa" o this pac#age By!n!!D y
2ote - &he message i"ename Gshared pathname not remoed is disp"ayed i a i"e is shared $y twoor more pac#ages% It is remoed on"y when the "ast pac#age it is shared with remoed%
he pkga!! Command:;hen a sotware pac#age is added! the p#add command uncompresses and
copies i"es rom the insta""ation media to the "oca" systemQs dis#% &his command wi"" as# or conirmation
to continue with pac#age add process%
Command Format : P#gadd B-d Bdeice C pathname D D p#gEname
or e,amp"e: F p#gadd d cdromcdrom0s0so"arisE*0Product S?2;audio
Processing pac#ages instance GS?2;audio rom Gcdromso"E*0Esparcs0So"arisE*0Product
Audio app"ications
(sparc) J%6%! 43N*% O.%*+%0J
copyright *OOO Sun 5icrosystems! I29% A"" rights resered%
?sing G as the pac#age $ase director%
FF processing pac#age inormation%
FF Processing system inormation%
+ pac#age pathnames are a"ready proper"y insta""ed
FF 3eriying pac#age dependencies%
FF 3eriying dis# space reuirements%
FF 9hec#ing or con"icts with pac#ages a"ready insta""ed%
FF 9hec#ing or setuidsetgid programs%
This package contains scripts, which will be executed with super-user permission during the process of installing
these packages.
Do you want to continue with the installation of
-
7/22/2019 Hastatus Solaris
18/320
The pkgchk *ommand+ The pkgchk command checks installation completeness pathname, file contents, and file
attributes of a package.
*ommand ormat + akgchk # options % #-p path % #pkg/name%
The following example checks the contents and attributes of a software package currently installed on the system.
( pkgchk SU!audio
ote + If the pkgchk command does not display a message, it indicates that the package was installed
successfully.
&o "ist the i"e contained in a sotware pac#age! type
F p#gch# S?2;audio
&o "ist the i"e contained in a sotware pac#age! type
F p#gch# S?2;audio
&o chec# any i"e to determine i its content and attri$utes hae changed since it was insta""ed with its
sotware pac#age! type:
F p#gch# p etc passwd
4484: etcpasswd
i"e si>e G* e,pected GJJO* actua"
i"e c#sum GJJO e,pected G*1+/ actua"
&he origina" etcpasswd i"e has changed in si>e since the initia" So"aris 8perating nironment sotware
insta""ation% &his is indicated $y the dierences in i"e si>e and chec#sum% &he chec#sum is used to
a"idate transported data%
The arsadmInsta""contents "ile:
&he arsadminsta""contents i"e is a comp"ete record o a"" the sotware pac#ages insta""ed on the "oca"
system dis#% It reerences eery i"e $e"onging to eery sotware pac#age! and the coniguration o
products insta""ed can $e iewed%
F more arsadminsta""contents
&he p#gadd command update the contents i"e wheneer new pac#ages are insta""ed%
&he p#grm command uses the contents i"e to determine where i"es or a sotware pac#age are "ocated
on the system% 8nce a pac#age is remoed! p#grm updates the contents i"e% &his i"e can $e ueried to
determine i a particu"ar i"e has $een insta""ed on the system dis#:
-
7/22/2019 Hastatus Solaris
19/320
Identifying the Directory #ocation of a Command :?se the grep command to search the
arsadminsta""contents i"e to determine i a particu"ar i"e was insta""ed! and the directory where it is
"ocated% or or e,amp"e! eriy that the command showre is insta""ed on the system dis#
F grep showrev "var"sa!m"install"contents
usr$inshowre none 01// root sys J0**6 +01. OJ.6J10/ S?2;admc
ery sotware pac#age contained! on the distri$ution media has its own p#gmap! which
contains a content "ist o each pac#age%
F grep showrev "c!rom"c!rom0"s0"Solaris#$0"Pro!uct"%"pkgmap
cdromso"E*0Esparcs0So"arisE*0ProductS?2;admcp#gmap:" none
usr$inshowre 01// root sys J*+16 616 OJ.61610
?sing a Spool Directory :or conenience! reuent"y insta""ed sotware pac#ages can $e copied rom the
So"aris Sotware 9-485 to a spoo" directory on the system%
&he p#gadd command! $y deau"t! "oo#s in the arspoo"p#g directory or any pac#ages speciied on the
command "ine%
9opying pac#ages rom the 9-485 into spoo" directory is not the same as insta""ing the pac#ages on
dis#%
o cop& a package into the "var"spool"pkg !irector&'
# pkga!! (! "c!rom"c!rom0"s0"Solaris $0"Pro!uct (s spool S)NWau!io
&ranserring GS?2;audio pac#age instance
&he -s option with the #eyword spoo" copies the pac#age into the arspoo"p#g directory $y deau"t%
Spooling Packages:
-
7/22/2019 Hastatus Solaris
20/320
F pkgrm (s "e*port"pkgs S)NWau!io
&he o""owing section summari>es the tas#s ino"ed in pac#age administration%
P#gino ists pac#ages insta""ed on the system oraai"a$"e on distri$ution media%
p#gadd Insta""s pac#ages!
p#grm 4emoes pac#ages%
p#gch# 3eriies the attri$utes and contents o thepath names $e"onging to pac#ages%
arsadminsta""contents Sotware pac#agemap o the entiresystem%
optp#gname Preerred "ocation or the insta""ation o un$und"ed pac#ages%
optp#gname$in or opt$in Preerred "ocation or the e,ecuta$"e i"es o un$und"ed pac#ages%
aroptp#gname or Preerred "ocation or "og i"es o
etcoptp#gname un$und"ed pac#age%
Patch /!ministration' &he administration o patches ino"es insta""ing or remoing So"aris8perating enironment patches rom a running So"aris 8perating nironment% A patch contains a
co""ection o i"es and directories that rep"ace e,isting i"es and directories that are preenting proper
e,ecution o the sotware% Some patches contain product enhancements%
A patch is distri$uted as a directory that is identiied $y a uniue num$er% &he num$er assigned to a patch
inc"udes the patch $ase code irst! a hyphen! and a num$er that represents the patch reision num$er%
or e,amp"e! a patch directory named *0*O/-0+! indicates that *0*O/ is the $ase code! and 0+ is thereision num$er%
Patch Distribution: Su$ customers hae access to a genera" set o security patches and other
recommended patches through the ;or"d ;ide ;e$ or anonymous tp%
Sun customers who hae a Sun Serices S5contract! hae access to the Sunso"e data$ase o patches
and patch inormation! such as technica" white papers! the Symptom and 4eso"ution data$ase! and more%
&hese are aai"a$"e using the ;or"d ;ide ;e$ or anonymous tp%
;or"d ;ide ;e$ Patch Access: &o access patches on the ;or"d ;ide ;e$ site! the wor#station has to
$e:
A$"e to access the Internet
9apa$"e o running ;e$ $rowsing sotware! such as 2etscape
http:sunso"e%sun%com ?nited States
8r use the o""owing ?4! and naigate to the SunSo"e patch data$ase rom the Support entry%
http:www%sun%com
-
7/22/2019 Hastatus Solaris
21/320
rom the Sun 5icrosystems home page! c"ic# on the Sa"es and Serice $utton and naigate to
the SunSo"e patch data$ase%
&he patch data$ases or pu$"ic"y aai"a$"e patches are "a$e"ed RPu$"ic patch access%R
&he patch data$ase o customers is "a$e"ed R9ontract customer patch access%R &he customer's
assigned Sun r the comprehensie set o patches and patch inormation aai"a$"e to contract cSerice password is reuired to access this data$ase%
Anonymous ftp Patch Access: &o access patches using anonymous tp! the wor#station must $e:
A$"e to access the Internet
9apa$"e of running the tp program
&o access patches using tp! use the tp command to connect to: sunso"e%sun%com
;hen tp prompts or a "ogin! enter anonymous as the "ogin name% ;hen prompted or the password!
enter your comp"ete emai" address%
Ater the connection is comp"ete! the pu$"ic"y aai"a$"e patches are "ocated in the pu$patches directory%
The ftp Patch Access Procedure :
&he tp uti"ity has many commandsM howeer! on"y a ew are necessary or moing i"es rom system to
system%
-
7/22/2019 Hastatus Solaris
22/320
JJ*-At the second "ogin prompt: Gsunso"e "ogin name Gsunso"e passwd
JJ* e,amp"e: myssImypasswd
JJ*
JJ* Pu$"ic users may "og in as anonymousM contract customers
JJ*- Shou"d use the standard sunso"e "ogin and password!
JJ*- o""owed $y their suso"e accountpassword when prompted%
JJ*-
JJ*- Sunso"e6 &P sere (3ersion wu-+%6%0(J) ;ed 7an / */:0+: +1 5S& +000) ready%
JJ*- @uest "ogin o#! send your comp"ete e-mai" address as password%
Password:
Goutput omitted
+J0 @uest "ogin o#! access restrictions app"y%
tp $in
+00 &ype set to I%
tp cd pu$patches
tp Is *0.+11
*0.+11-0*%>ip
*0.+11% readme
tp mget *0.+11
mget *0.+11-0*%>ip ip!
*0.+1$% readme
Downloading Patches :;hen patches are down"oaded to the "oca" system! the patches must $e
p"aced in a temporary directory to prepare them or insta""ation% &he directory most oten used is theartmp directory%
&he most common reason or patch insta""ation ai"ure is directory permissionownership pro$"ems% &he
artmp directory is open to a"" and e"iminates any o these types o pro$"ems%
Patch informational Documents: &here are important summary documents that "ist a"" recommended
patches or eery ersion o the operating system! inc"uding a detai"ed "ist o a"" patches or each
operating system re"ease%
-
7/22/2019 Hastatus Solaris
23/320
Patch ocument 9ontents
So"aris*0%Patch4eport A summary o a"" recommended patches or the So"aris 8perating nironment
re"ease%
*0E4ecornmended%>ip A patch c"uster containing a"" the recommended patches or the So"aris 8perating
nironment re"ease%
.E4ecororaended 4A5 Instructions or how to insta"" the recommendedpatches or the So"aris
8perating nironment%
Start with the Patch 4eport document irst% &his report is diided into seera" dierent categories
regarding inormation a$out a"" patches or a So"aris 8S 4e"ease%
&he o""owing e,amp"e demonstrates how to use tp to "ocate the Patch 4eport using a wi"dcard i"e
search% 8nce oundM the document is copied to a directory on the "oca" system% or e,amp"e :)
F cd artmp
F tp sunso"e% sun% com
Goutput omitted tp cd pu$patches
tp Is .%Patch4eport
+00 P84& command successu"%
*/0 8pening AS9II mode data connection or i"e "ist%
So"aris*0 Patch 4eport
So"aris*0E,.6 Patch 4eport
++6 &ranser comp"ete!
remote: *0 Patch4eport
. $ytes receied in 0%000J/ seconds (*%eT0+ L$ytess)
tp get So"aris*0%Patch4eport
tp $ye
So"aris 8$so"ete Patches:
--------------------------------------------
So"aris 9omp"ete isting o 4e"eased Patches:
&ota" Patches: J0
-
7/22/2019 Hastatus Solaris
24/320
&ota" Kug i,es: /O
Sun8S 4e"eased Patch ist:
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
Patch-I *0./0-0J
Synopsis: Sun8S /%.: "iteJ AK @raphics Patch
Kui"d is i,ed with this patch: +J0/ +OO6J J000.O J0J../ J0.*+/
9hanges incorporated in this ersion: J0J.6/ J0.1+/
ate: La,*600
Patch-I *-0.60/-0J
Synopsis: Sun8S /%.: 9reator . K @raphics Patch
KugId's i,ed with this patch: +J0*/ +OO/J J0J../ J0.1+/
9hanges incorporated in this ersion: J0J6./ J0.1+/
ate: Lar*698
Patch-IN *0J60O-0*
Synopsis: Sun8S /%.: Kuttonsia"s Patch
KugI is i,ed with this patch: +OO/+6 Goutput truncatedU
igure *6-+ Samp"e So"aris S Patch 4eport
2ote - 2o! a"" patches aai"a$"e rom Sun 5icrosystems need to $e insta""ed% It is on"y necessary to insta"" the
4ecommended Patches! Security Patches! and those reuired to i, pro$"ems speciic to your site%
The "var"sa!m"patchirectory:Historica" inormation a$out a"" patches current"y insta""ed on asystem is stored in arsadmpatch directory% or e,amp"e:
F "s arsadmpatch%
*01//.-0/ *01/O-0 *016J0-0* *0166J-0* *016.J-0*
*016O6-0* *01.*1-0* *01/.+-0* *016*+-06% *0160-0J
-
7/22/2019 Hastatus Solaris
25/320
or the So"aris /%, and So"aris O 8perating nironments! use the un>ip command to e,tract the
patch i"es%
+ "usr"bin"un1ip $000(0$.1ip
or So"aris +%6 8perating nironment patches use the >cat command to uncompress the patch i"es and
the tar command to create the patch directories%
F usr$in>cat *000-0*% tar %> C tar ,
patchadd - ?sed to insta"" unpac#ed patches to the So"aris 8perating nironment%patchrm-?sed to remoe patches insta""ed on the So"aris 8perating nironment%
Installing a Patch: ;hen a patch is insta""ed! patchadd ca""s the p#gadd command to insta"" thepatch pac#ages%
Patch insta""ation procedure diers depending on the current ersion o the So"aris 8perating
nironment sotware insta""ed on the system%
&he e,amp"es $e"ow descri$e the procedure or patch insta""ation on Pre-So"aris +%6 8perating
nironment! and those systems current"y Insta""ed with So"aris +%6 and a$oe! (or e,amp"e! the So"aris
/%, or So"aris O 8perating nironments)%
Koth e,amp"es assume the patch to $e insta""ed e,ists in the artmp directory and has $een prepared!
or e,tracted or insta""ation%
&nstalling a atch in the Solaris 0.1 2perating 3n4ironment and 5ater 6ersions
-
7/22/2019 Hastatus Solaris
26/320
or the So"aris +%6 and a$oe 8perating nironments! use the patchadd command% &he o""owing shows
how to insta"" a patch using the patchadd command%
Fcd tmp
F patchadd *0/0/0-0*
9hec#ing insta""ed patches%%% 3eriying suicient i"e system capacity (dry run method) Insta""ing patch pac#ages%%%
Patch num$er *0/0/0-0* has $een successu""y insta""ed%
See arsadmpatch*0/0/0-0*"og or detai"s%
Patch pac#ages insta""ed:
S?2;hea
i""ustrates those components o the arsadm directory that are updated during the
insta""ation o patch *0/0/0-0*
ar
sadm
p#g patch
*0/0/0-0*
S?2;csu% S?2;hea
4A5%*0/0/0-0* "og
p#gino sae
p#gino sae
(?pdated
-
7/22/2019 Hastatus Solaris
27/320
$y patch) *0/0/0-0*
undo%V
4emoing a Patch: ;hen you remoe a patch! the patchrm command restores a"" i"es that weremodiied or rep"aced $y that patch! un"ess:
&he patch was insta""ed with patchadd -d (which instructs patchadd not to sae copies o i"es
$eing updated or rep"aced)%
&he patch is reuired $y another patch
&he patch has $een o$so"eted $y a "ater patch
&he patchrm command ca""s p#gadd to restore pac#ages that were saed rom the initia" patch insta""ation%
or the So"aris +%6 and a$oe 8perating nironments! use the patchrm command% &he o""owing shows
how to remoe a patch using the patchrm command%
+ patchrm $0243(0$
9hec#ing insta""ed pac#ages and patches%%%
Kac#ing out patch *06*OJ-0*%%% Patch *061OJ-0* has $een $ac#ed out%
7emo4ing a atch from the re-Solaris0.1 2perating 3n4ironments
Keore the So"aris +%6 8perating -nironment! the patchrm command was not
aai"a$"e% Instead! each patch contained a $ac#outpatch program%
+ c! "var"sa!m"patch"$0530$(0$
+ ."backoutpatch. $0530$(0$
Checing Current Patch Status: Keore insta""ing patches! you shou"d #now a$outpatches that hae $een preious"y insta""ed on a system%
&here are two commands aai"a$"e that proide useu" inormation a$out current"y insta""ed patches%
# showre(p
Patch: *061OJ-0* 8$so"etes: 4euires: Incompati$"es:
Pac#ages: S?2;hea
+ patcha!! (p
Patch: *061OJ-0* 8$so"etes: 4euires: Incompati$"es:
Pac#ages: S?2;hea
-
7/22/2019 Hastatus Solaris
28/320
&wo important responsi$i"ities o the system administrator are contro""ing access and securing data on a
system% &he So"aris operating enironment proides some standard Security eatures or contro""ing
access $y unauthori>ed users and or protecting i"es on "oca" and remote systems%
Some $asic steps that you shou"d ta#e to manage security at the user! i"e! system! and networ# "ee"
inc"ude:
5aintaining password and "ogin contro"
5onitoring system usage
4estricting access to data contained in i"es
&rac#ing root "ogins
5onitoring setuid programs
9ontro""ing remote access on the networ#
5anaging ogin and Access 9ontro":
A"" accounts on the system must hae a password% Any account without a password a""ows unauthori>ed
access to the "oca" host and to the entire networ#%
The pwconv Command:
&he pwcon command creates and updates the etcshadow i"e with inormation rom the etcpasswd
i"e%
It is the pwcon command that re"ies on the specia" a"ue o ',' in the password ie"d o etcpasswd &he ','
indicates that the password or the user a"ready e,ists in the etcshadow i"e%
I the etcshadow i"e does not e,ist! pwcon creates with the inormation rom etcpasswd%
I the etcshadow i"e does e,ist! the o""owing tas#s are perormed:
ntries that are in the etcpasswd i"e and not in the etcshadow i"e are added to the shadowi"e%
ntries that are in the etcshadow i"e and not in theetcpasswd i"e are remoed rom the shadow i"e
Recording Failed Login Attempts:
;hen a user "ogs in to a system! "oca""y or remote"y! rom the command "ine on"y! the "ogin program
consu"ts the etcpasswd and etcshadow i"e to authenticate the user $y eriying the user name and
password entered
I the user proides a "ogin I name rom the etcpasswd i"e and the correct password or that "ogin
name! the "ogin program grants access to the system
It the user name is not in the etcpasswd i"e or the password is not correct or the user name! the "ogin
program denies access to the system
-
7/22/2019 Hastatus Solaris
29/320
-
7/22/2019 Hastatus Solaris
30/320
ogin name: userO In rea" "ie: userO's Account
irectory: homeuserO She"": $in#sh
8n since Apr * 0.:/1:J1 on conso"e rom : 0
2o unread mai"
2o% P"an%
I a user creates the standard AS9II i"es %p"an or %proWects in their home directories! the content o
those i"es is shown as part o the output o the inger command%
&hose i"es are traditiona""y used to out"ine a user's current p"ans or proWects! and must $e created
with i"e access permissions set to 6 (rw-r--r--)%
?se the "ast command to disp"ay a record o a"" "ogins and "ogouts with the most recent actiity at
the top o the output% It "oo#s in the aradmwtmp, i"e! which records a"" "ogins and "ogouts%
ach entry inc"udes user name! the "ogin deice! host "ogged in rom! date and time "ogged in! time o "ogout! and tota" "ogin time in hours and minutes! inc"uding entries or system re$oot times%
&he o""owing is an e,amp"e o the "ast command:
&he "ast command can a"so disp"ay inormation a$out an indiidua" user! or e,amp"e:
F"ast
ist o a"" users
+ last user4
userO pts1host" &ue ec . 0O:JO - 0O:O (00:*0)
+ last reboot
re$oot system $oot ri e$ ** *0:*/
re$oot system $oot ;ed 7an +6 *:/.
re$oot system $oot 5on 7an J *6:J0
6ispla&ing )sers on 8emote S&stems :&he rusers command produces output simi"ar to the whocommand $ut disp"ays users "ogged in on remote hosts% &he "ist is disp"ayed in the order the responses
are receied rom the hosts X disp"aying the user's name and the host's name%
A remote host responds on"y to the rusers command! i its rpc% rusersd daemon is ena$"ed% It is the
networ# serer daemon that returns the "ist o users on the remote hosts%
rusers B -* D
-
7/22/2019 Hastatus Solaris
31/320
&he rusers -* command disp"ays a "ist o "ogin names o users who are "ogged in on remote systems! a"ong with the
name o the system a user is "ogged into! the &&< port ("ogin deice)! the month! date! "ogin time! and id"e time% I the
user is not id"e! no time is disp"ayed in the "ast ie"d%
F rusers -*
userS remotehost" :pts e$ ++ **:. +1 (:0)
root remotehost":conso"e e$ ++ 0O:J* +.:*0 (:0)
user remotehost/:pts*+ e$ ++ .:00 *:J (:0)
user6 remotehost+:conso"e e$ ++ *J:* O (:0)
As the system administrator! you shou"d "og in on"y to the root account to perorm administration tas#s%
-
7/22/2019 Hastatus Solaris
32/320
F e,it
o switch a another user an! have that user environment'At the she"" prompt! type suwith the dash (-) option! the name o the user to $ecome! and press return% &ype the password or the
user account and press return ro e,amp"e:
S su ? user5
Password
etermine the "ogin name o the user switched to $y typing whoamin and pressing return%
S whoami
?ser+
etermine where the user is indicated! type pwd and press 4eturn the "ocation is the new user home
directory%
Pwd
he s&sa!min @roup' Any user who is a mem$er o the sysadmin group (@I *) can runadmintoo" or the purpose o managing "oca" system i"es and unctions! such as adding and remoing
users! groups! sotware! printers! and seria" deices%
I you hae not added any user to this group then on"y root can run the admintoo" uti"ity%
2ote - 5em$ers o the sysadmin group can a"so ino#e So"stice AdminsuiteY! a So"aris 8perating nironment serer product used to "oca""y or
remote"y manage important system i"es and unctions%
Aanaging )ser /ccess : ocated in the etcdeau"t directory are three system i"es root can
modiy to monitor who is using the su commandM restrict root accessM and set up system-wide passwordaging or eery user who "ogs in to the system%
&he etcdeau"tsu i"e contro"s how su attempts are "ogged% &he etcdeau"t"ogin i"e can $e set to restrict root access%
&he etcdeau"tpassword i"e can $e set up to enorce system-wide password aging%
Aonitoring su /ttempts : or security reasons! you must monitor who has $een using the sucommand! especia""y those user's who are trying to gain root! access on the system%
-
7/22/2019 Hastatus Solaris
33/320
F982S8Ndeconso"e
F PA&H sets the initia" she"" PA&H aria$"e
FPA&HNusr$in:
F S?PA&H sets the initia" she"" PA&H aria$"e or root
FS?PA&HNusrs$in: usr$in
FS
-
7/22/2019 Hastatus Solaris
34/320
The /etc/default/passwd File Variables:&he o""owing sections descri$e the etcdeau"tpasswd i"e aria$"es%
&he 5A;LS 3aria$"e%
&he a"ue set or the 5A;LS aria$"e speciies the ma,imum num$er o wee#s (seen-day wee#s) a
password is a"id $eore it must $e changed or a"" regu"ar users%
I there is no a"ue set or this aria$"e! which is the deau"t setting! on"y users who hae a a"ue or 5a,
9hange speciied in the ourth ie"d o the etcshadow i"e must change their passwords at the speciied
num$er o days%
The M!"##$% Variable:
&he a"ue sot or the 5I2;LS aria$"e speciies the minimum num$er o wee#s $etween password
changes or a"" regu"ar users%
I there is no a"ue set or this aria$"e! which is the deau"t setting! on"y users who hae a a"ue or 5in
9hange speciied in the ith ie"d o the etcshadow i"e are "imited as to when they can change their
passwords%
2ote - &he password aging entries in the etcshadow i"e ta#e precedence oer the etcdeau"tpasswd
i"e entries or indiidua" users
&he PASS2@&H 3aria$"e:
&he PASS2@&H aria$"e speciies a minimum password "ength or a"" regu"ar users $etween the si,
and eight a"ues% 2um$ers $e"ow si, deau"t to si, character passwords! and num$ers a$oe eight deau"t
to eight character passwords%
8estricting /ccess to 6ata in Diles'
;hen you hae esta$"ished "ogin restrictions! the ne,t tas# is to contro" access to the data on the
systems% 8 course! some users need to $e a""owed to read arious i"es! other users need permission to
change and de"ete i"es! and there are some i"es that no user shou"d $e a$"e to access%?sers who need
to share i"es shou"d $e put in a group%
2ote - In genera"! you use i"e access permissions to determine what users or groups hae permission to
read! modiy! or de"ete i"es%
+ groups
sta c"ass
+ groups user
sta c"ass sysadmin
; i!
uid *0*(user") gidNJ00(c"ass)
&o iew i"" the account inormation or a speciic user! use the -a option:
-
7/22/2019 Hastatus Solaris
35/320
; i! (a userl
uidN*0*(user") gidNJ00(c"ass) groupsN*(sysadmin)
The setuid Permission :
;hen set-user identiication (setuid) permission is set on an e,ecuta$"e i"e! a user or process that runs
this e,ecuta$"e i"e is granted access $ased on the owner o the i"e (usua""y root) instead o the user who
started the e,ecuta$"e%&his a""ows a user to access i"es and directories that are norma""y accessi$"e on"y
$y the owner% P"us many e,ecuta$"e programs must $e run as root! sys! or $in to wor# proper"y%
or e,amp"e:
-r-sr-,r-, * root sys *1*/6 7an / *1:0J usr$insu
&he setuid permission disp"ays as an RsR in the owner's e,ecute ie"d%
2ote - I a capita" [SR appears! it simp"y indicates that the setuid $it is on and the e,ecute $it R,R is o or
denied%
&he root user and the owner can set the setuid permissions on an e,ecuta$"e i"e using the chmod
command and the octa" a"ue 000%
or e,amp"e:
+ chcno!
-
7/22/2019 Hastatus Solaris
36/320
&he root user and the owner can set setgid permissions on an e,ecuta$"e i"e using the chmod command
and the octa" a"ue +000%or e,amp"e:
F chmod +/// e,ecuta$"eEi"e
%hared &irectories :
&he setgid permission is a useu" eature or creating shared directories%
;hen a setgid permission is app"ied to a directory! i"es created in the directory $e"ong to the group to
which the directory $e"ongs%
or e,amp"e! i a user has write permission in the directory and creates a i"e there! that i"e $e"ongs to the
same group as the directory! and not the user's group%
&o create a shared directory! you must set the setgid% $it using sym$o"ic mode:
+ chmo! gEs share!#!irector&
Searching ,or setgi! Dlies an! 6irectories&o search or i"es with setgid permissions and disp"ay their u"" pathname! e,ecute the o""owing
command:
+ ,in! " (perm (5000
he Stick& Fit Permission'
&he Stic#y Kit is a specia" permission that protects the i"es within a pu$"ica""y writa$"e directory%
I the directory has the Stic#y Kit set! a i"e can $e de"eted on"y $y the owner o the i"e! the owner o the
directory! or $y root% &his preents a user rom de"eting other users' i"es rom pu$"ic"y writa$"e directories%
or e,amp"e:
+ Is (I! "tmp
drw,rw,rwt 6 root sys 1*O 5ay J* 0J:J0 tmp
&he Stic#y Kit is disp"ayed as the "etter RtR in the e,ecute ie"d or other%
2ote - I a capita" [&R appears! it indicates that the Stic#y Kit is on! howeer! the e,ecute $it is o or
denied%
&he root user and the owner can set the Stic#y Kit permission on directories using the chmod command
and the octa" a"ue *000%
or e,amp"e:
+ chmo! $ public#!irector&
2ote - I a capita" [&R appears! it indicates that the Stic#y Kit is on! howeer! the e,ecute $it is o or
denied%
-
7/22/2019 Hastatus Solaris
37/320
&he root user and the owner can set the Stic#y Kit permission on directories using the chmod command
and the octa" a"ue *000%
or e,amp"e:
+ chmo! $ public#!irector&
%earching for &irectories with a %tic'( )it *ermission
&o search or directories with Stic#y Kit permissions and disp"ay their u"" pathname! e,ecute the o""owing
command:
F ind -type d -perm -*000
2ote - or more detai"ed inormation on the Stic#y Kit! e,ecute the o""owing command: man stic#y
Access 9ontro" ists:Access 9ontro" ists (A9s) can proide greater contro" oer i"eaccess permissions when traditiona" i"e protection is not enough%An A9 proides $etter i"e
security $y ena$"ing you to deine i"e permissions or the i"e owner! i"e group! other! speciic
users and groups% A9s a"so ena$"e you to set deau"t permissions or each o these
categories%or e,amp"e! i the system administrator wanted eeryone in a particu"ar group to $e
a$"e to read a i"e! you wou"d simp"y gie the group read permissions on that i"e%
Howeer! what i the system administrator wanted on"y one person in that group to $e a$"e to
write to that i"e A9s can proide that "ee" o i"e security! where traditiona" ?2I i"e access
protection cannot%
-
7/22/2019 Hastatus Solaris
38/320
ach A9 entry consists o the ie"ds descri$ed in &a$"e J-+! which are separated $y
co"ons%
/C9 Diel!s 6escriptionentry- type &ype o entry to set i"e permissions or owner! owner's group! speciic users!
additiona" groups! or the A9 mas#%
?I or @I &he user's name or identiication num$er (?&)%&he group's name or identiication
num$er (@I)% %perm Permissions set or entry-type%
-
7/22/2019 Hastatus Solaris
39/320
F getac" i"e%t,t
F i"e: i"e%t,t
F owner: user"
F group: c"ass
user::rw,
user : :user. :rw F eectie :r--
group: : r- F eectie : rX
mas#: rX
other:---
&here are two ways to determine i a i"e has an A9 ?sing the getac" command and ?sing the Is -*
command?sing the "s -* command on any i"e that has an A9 disp"ays a p"us (T) sign at the end o the
permission mode ie"d% or e,amp"e:
F Is -* i"e%t,t
-rw,r-------T I user" c"ass *61 Apr *. **:*J i"e%t,t
2ote - I a i"e has no A9 entries or additiona" users or groups! the i"e is considered to $e a triia" A9
i"e and the T sym$o" is not disp"aye
6eleting an /C9 Bntr& on a ,ile
&o de"ete an A9 entry rom a i"e! use the setac" -d command% An A9 entry can $e one or more comma-
separated A9 entries without permissions% &o de"ete an A9! speciy the entry type and the ?I (user
name) or @I (group name)%
-
7/22/2019 Hastatus Solaris
40/320
and the A9 mas# is set to readwrite! which indicates that no user or group can hae e,ecute
permissions on the i"e%
+ set,acl (S user' 'rw(:group' 'r((:other'((:mask'rw(:user 'userG'a "( ,ile.t*t
&o eriy which A9 entries were set on the i"e! use the getac" command%
+ get,acl ,ile.t*t
F i"e: i"e%t,t
F owner: user"
F group: c"ass
user::rw-
user:user.:rw- F eectie:rw-
group::r-- F eectie::
mas#:rw-
other:--
In addition! user. is gien read and write permissionsM howeer! due to the A9 mas#! the eectie permissions or
user. are read on"y%
+ set,acl (s u'':g''
-
7/22/2019 Hastatus Solaris
41/320
rom remote system users% &he three networ# i"es "isted here proide certain schemes or hand"ing $asic
security issues ino"ing remote user access o a "oca" system%
he"etc"hosts.eHuiv ,ile : he ;OAB" .rhosts ,ile : he "etc",tpusers ,ile
he "etc"hosts. eHuiv an! ;OAB". rhosts Diles
&ypica""y! when a remote user reuests "ogin access to a "oca" host! the irst i"e read $y the "oca" host is
its etcpasswd i"e% An entry or that particu"ar user in this i"e ena$"es that user to "og in to the "oca" host
rom a remote system% I a password is associated with that account! then the remote user is reuired to
supp"y this password at "ogin to gain system access%;hen there is no entry in the "oca" host's etcpasswd
i"e or the remote user! access is denied%
The ;etc;hosts. eui4 and =>2?3; .rhosts files bypass this standard password-based authentication to determine if a
remote user should be allowed to access the local host, with the identity of local user.
Bntries in "etc"hosts . eHuivan! ;OAB " . rhosts '
;hi"e the etchosts%eui and \H85%rhosts i"es hae the same ormatM the same entries in each i"e
hae dierent eects%
&he genera" ormat is presented here% ,p"anations and e,amp"es o the meanings o each type o entry
are presented on the o""owing pages%
Koth i"es are ormatted as a "ist o one-"ine entries! which can contain the o""owing types o entries:
ostname
hostname username
T
2ote - &he host name(s) in the etchosts%eui and \H85 %rhosts i"es must $e the oicia" name o the
host! not one o its a"ias name(s)%
I on"y the hostname is used! then a"" users rom the named host are trusted! proided they are #nown tothe "oca" host%I $oth hostname and username are used! then on"y the named remote user rom the named remote hostcan access the "oca" host%A sing"e p"us sign (T) character p"aced in the i"e indicates that eery remote host on the networ# istrusted $y the "oca" host% na$"ing remote users to "ogin rom anywhere on the networ#! with nopasswords reuired%
&he etchosts%eui i"e
or regu"ar users! the etchosts%eui i"e is used to identiy remote hosts and remote users who are
considered trusted%
2ote - &he etchosts%eui i"e is not chec#ed at a"" i the remote user reuesting "oca" access is root%
-
7/22/2019 Hastatus Solaris
42/320
I the "oca" host has etchosts%eui i"e contains the host name o a remote host! then a"" regu"ar users o
that remote host are trusted and do not need to supp"y a password to "og in to the "oca" host% Proided
that each remote user is #nown to the "oca" host $y haing an entry in the "oca" etcpasswd i"eM
otherwise! access is denied%
&his is particu"ar"y useu" or sites where it is common or regu"ar users to hae accounts on many
dierent systems! e"iminating the security ris# o sending AS9II passwords oer the networ#%
&he etchosts%eui i"e does not e,ist $y deau"t% It must $e created i remote user access is reuired en
the "oca" host%
The ,-.M# / rhosts File;hi"e the etchosts%euiy i"e app"ies system-wide or non-root users! the %rhosts i"e app"ies to a speciic
user%
A"" users! inc"uding root! can create and maintain their own% rhosts i"es in their home directory%or
e,amp"e! i you run an r "ogin process rom a remote host to gain root access to a "oca" host! it chec#s or
a %rhosts i"e in the root home directory on the "oca" host%
I the remote host name is "isted in the i"e! it is considered to $e a trusted host and remote user access! in
this case root access! is granted on the "oca" host%
&he \H85%rhosts ie does not e,ist $y deau"t! you must creates at in the user's home directory
8estricting DP 9ogins'
&he So"aris 8perating nironment proides an AS9II i"e named etctpusers% &he tpusers i"e is used to
"ist the names o users who are prohi$ited rom running an tp "ogin on the system%ach "ine entry in this
i"e contains a "ogin name or each restricted user! or e,amp"e:
?sername
Ky deau"t! the tpusers i"e has the o""owing system account entries:
4oot
daemon
$in
s&s
adm
IP
uucp
nuucp
"isten
no$ody
-
7/22/2019 Hastatus Solaris
43/320
noaccess
no$ody
As with any user name that you can add! these entries must match the user account names "ocated in the
etcpasswd i"e%
Kecause the new deau"t security po"icy in the So"aris 8perating nironment is to disa""ow remote root "ogins! theroot entry is inc"uded in etctpusers%
I root "ogin prii"eges are a""owed $y de"eting the root! entry in etctpusers! ensure the etc deau"t "ogin i"e re"ects
remote root "ogin prii"eges%
he "etc"shells Dile
&heetcshe""s i"es contain a "ist o the she""s on the system App"ications! such as sendmai" and tp! can use this i"e to
determine whether a she"" is a"id%
&his i"e does not e,ist $y deau"t%
2ote - I this i"e does not e,ist! then getusershe""s (Jc) uses its own "ist o she""s%
Ky creating this i"e! each she"" that you want to $e recogni>ed $y the system! must hae a sing"e "ine entry! consisting
o the she""'s path! re"atie to (root)%or e,amp"e:
+ touch "etc"shells
s$insh $insh
$in#sh
;hi"e the etctpusers i"e prohi$its tp connections or a speciic user! you can create an etcshe""s i"e to a""ow tp
connections on"y to those users running she""s that you hae deined in this i"e%
I an entry or a she"" does not e,ist in this i"e! any user running the undeined she"" is not a""owed tp connections to
the system%
The %oot P&O Concept
ach Sun system has a $oot P485 chip% &his .-#$yte chip is typica""y "ocated on the same
$oard as the 9P?% &he main unctions o the $oot P485 are to test the system hardware and
$oot the operating system% &he $oot P485 irmware! reerred to as the monitor program!
contro"s the operation o the system $eore the #erne" is aai"a$"e% &he $oot P485 irmware
has the capa$i"ities to perorm system initia"i>ation at power on and proide a user interace%
2ote -&he $oot P485 does not understand the So"aris 8perating nironment i"e systems ori"esM it dea"s main"y with hardware deices%
9urrent"y there are three generations o Sun $oot P485s% ach generation has its own $ase
reision num$er as descri$ed in the o""owing "ist:
*%,- &he origina" SPA49Y $oot P485+%,- &he irst 8penKoot P485 (8KP)
-
7/22/2019 Hastatus Solaris
44/320
J%,- &he 8penKoot P485 with a "ash update eature% ed rom the $oot P485's deau"t parameters
settings% &his gies you a certain "ee" o "e,i$i"ity in coniguring the system to $ehae in a
particu"ar manner or a speciic set o circumstances%
&he user-interace commands and deice a"iases are stored in the 234A5%
2ote - &he 234A5 chip has a ye""ow stic#er with a $ar code on it% 5any sotware pac#ages thatare "icensed are $ased on the system host I in 234A5% I the chip ai"s! Sun wi"" rep"ace it with
a new chip containing the same host I and thernet address%
Power On Self Test (POST):
;hen a system's power is turned on! a "ow-"ee" power on se"-test (P8S&) is initiated% &his "ow-
"ee" P8S& code is stored in the $oot P485 and is designed to test the most $asic unctions o
the system hardware%At the successu" comp"etion o the "ow-"ee" P8S& phase! the $oot
P485 irmware ta#es contro" and perorms the o""owing Initia"i>ation seuence:
Initia"i>es the system
Pro$es the memory and then the 9P?
Pro$es $us deices! interprets their driers! and $ui"ds a deice tree
Insta""s the conso"e
Ater system initia"i>ation! the $anner disp"ays on the! conso"e and the high "ee" testing $egins%
;hen the high-"ee" tests are inished! the system chec#s parameters stored in the 234A5 to
determine i and how to $oot the operating system%
The .pen)oot 0oal&he oera"" goa" o the 8penKoot Institute o "ectrica" and "ectronics ngineers!
(I) standard is to proide the capa$i"ities to:
&est and initia"i>e system hardware ! etermine the systems hardware conigurationKoot the operating system ! Proide interactie de$ugging aci"itiesna$"e the use o third-party deices
-
7/22/2019 Hastatus Solaris
45/320
Third party Device Configuration
A"" ersions o the 8penKoot architecture a""ow a third-party $oard to identiy itse" and
"oad its own p"ug-in deice drier% ach deice identiies its type and urnishes its p"ug-in
deice drier when reuested $y the 8KP during the system hardware coniguration
phase o the $oot process%
Kasic Koot P485 Configurations &he o""owing sections descri$e the$asic KootP485 conigurations%
%(stems Containing a %ingle %(stem )oard&he o""owing Sun systems are conigured with on"y one system $oard! which ho"ds $oth the $oot P485
and 234A5 chip%
SPA49stationY ! /!*0! and +0
?"traY *! +! *+*0! J0! 60! .0! ++0! +/0! +0! and /0
&he ?"tra systems use a re-programma$"e $oot P485 ca""ed a flash P&O+ (or P485)% &his a""ows
new $oot program data to $e "oaded into the P485 ia sotware! instead o haing to rep"ace the chip%
&hese updates are distri$uted on 9485!
%(stems Containing Multiple %(stem )oards&he o""owing S?2 systems are conigured with mu"tip"e System $oards%
nterprise J00
nterprise 00
nterprise /00
nterprise 600
Systems containing mu"tip"e system $oards hae a specia" $oot P485 and 234A5 arrangement- &hese
systems a"so hae a c"oc# $oard to oersee the $ac#p"ane communications%
-
7/22/2019 Hastatus Solaris
46/320
Some characteristics o these particu"ar systems are:
&he 9P? "ocated in the "owest card Rcage s"ot $ecomes the 5aster R9P? $oard%
ach 9P? $oard runs its own indiidua" P8S&%&he host I and thernet address are on the 9"oc# $oard and are automatica""y down"oaded to a"" 9P?$oard 234A5s when P8S& is comp"ete%
P485 contents are eriied $y chec#sum comparisons%9"oc# $oard and a"" system $oards are compared%Ina"id P485 a"ues can $e manua""y rewritten and eriied%I the P485 contents on the 9"oc# $oard are ound to $e dierent! it is re"oaded with the contents romthe 5aster 9P? $oard 234A5%
-
7/22/2019 Hastatus Solaris
47/320
-alting the %olaris .perating #nvironment
&o ha"t the So"aris 8perating nironment to get to the P485 monitor prompt! ho"d
down the Stop #ey and the [aR #ey simu"taneous"y% An o# prompt disp"ays on the screen
indicating that the monitor program is aai"a$"e%
;arning - )! Ley$oard Present 8penKoot J%**! *+. 5K memory
insta""ed! Seria" F**O00O6/% thernet- addresses .:0:+0:$/:O.:+/! Host I: .0$/O.+/%
The boot Command
-
7/22/2019 Hastatus Solaris
48/320
Command-Format
8# $oot Bdeice-nameD BoptionsD
ntering the $oot command at the o# prompt $oots the system to mu"ti-user mode
automatica""y% or e,amp"e: 8# $oot
Options &he o""owing "ist descri$es the options or the $oot command:
s-Koots the system to a sing"e user mode and prompts or the root password% ore,amp"e:ok boot ?s
2ote- &o continue the process and $ring the system to mu"tiuser mode! process the
contro" d #eys%
A Koots the system interactie"y% &his is useu" i you need to ma#e a temporarychange to the system i"e or the #erne"% &he $oot program as#s you or the o""owing
inormation%ok boot ?a
nter i"ename o the #erne" (#erne" uni,):
nter deau"t directory or modu"es (#erne"M usr #erne"):
nter name o system i"e (etc system):
nter deau"t root i"e system type (us):
nter physica" name o root deice:
or e,amp"e:
ok help
nter 'he"p command-name' or 'he"p category-name' or more he"p (?se 82< the irst word o a category
description) ,amp"es: he"p se"ect -or- he"p "ine
5ain categories are:4epeated "oops ! eining new commands ! ! 2umeric output !4adi, (num$er $ase
conersions) ! Arithmetic !5emory access !ine editor !System and $oot coniguration parameters ! Se"ect
I8 deices !"oppy eWect !Power on reset! iag (diagnostic routines) ! 4esume e,ecution ! i"e down"oad
and $oot ! nramrc (ma#ing new commands permanent)
o#
Detailed HelpTo 4iew specific information for one of the main categories listed abo4e, type the following+
o# he"p "ineo# he"p systemo# he"p diago# he"p i"e
-
7/22/2019 Hastatus Solaris
49/320
The printen 9ommand
-
7/22/2019 Hastatus Solaris
50/320
security-F $ad"ogins 0
diag-switch a"se a"se
o#
-
7/22/2019 Hastatus Solaris
51/320
o# set-deau"t diag-"ee"
&o see the entire deice tree! use the show-descommand%
o# show-des
S?2;!?"traSPA49-IIiZ0!0
pciZ"!0
irtua"-memory
memoryZ0!*0000000
pciZ"!0pciZ"
pciZ"!0pciZ"!"
pciZ"!0pciZ"pciZ"
pciZ"!0pciZ"pciZ"S?2;!isptwoZ
pciZ"!0pciZ"pciZ"S?2;!hmeZ0!-"
pciZ"!0pciZ"pciZ"S?2;!isptwoZst
pciZ"!0pciZ"pciZ"S?2;!isptwoZsd
pciZ"!0pciZ"%*ideZJ
pciZ"!0pciZ"%*sunw! m6KZ+
pciZ"!0pciZ" * networ#s *! *
pciZ"!0pciZ" e$usZ*
pciZ"!0pci%ei! "ideZJcdrom
pciZ"!0pciZ" ideZJdis#
pciZ"!0pciZ" "e$usZ"S?2;!9S+J*Z*!+00000
pciZ"!0pciZ"!"e$usZi"ashpromZ*0!0 pciZ"!0pciZ"!"e$usZ"eepromZ*!0 pciZ"! 0pciZ"!
"e$usZ"dthree(+*!J0+J0 pciZ"!0pciZ"!"e$usZ"ecppZ*!J0J$c
pciZ"!0pciZ"!*e$usZ*suZ*! J06+.
pciZ"!0pciZ"!*e$usZ*suZ*! J0.J.
pciZ"!0pciZ"!"e$usZ"seZ*!00000 pciZ"!0pciZ"!"e$usZ"powerZ*!1+000
pciZ"!0pciZ"!"e$usZ"a,o,ioZ*!1+6000
Goutput truncated
o#
%oot Dis Device Path E-ample &he paths $ui"t in the deice tree $y the 8penKootirmware wi"" ary depending on the system type and its deice coniguration%
-
7/22/2019 Hastatus Solaris
52/320
.sing pro,e/ Commands to Identify Devices
&o identiy the periphera" deices! such as dis#s! tape dries or 9485s current"y connected to the
system! use the 8KP commands:
probe(i!e probe(scsi probe(scsi(all
ote - Use the probe -fcal 2@ command to identify peripheral de4ices on systems containing the iber *hannel'rbitrated 5oop 8*-'5: A@&* Aigabit &nterface *on4erters.
Periphera" deices are connected to the System $oard ,y I8 (inputoutput) $uses%
bus or integrate! !rive electronics =I6B> bus.
A proe! "arning #essage
;arning - &he o""owing warning message is disp"ayed i you ino#e the pro$e-commands on Sun systems that
contain a J, $oot P485%
Shutting down the So"aris operating system a$rupt"y with the stop a seuence! or with the ha"t command! creates a
condition where running the pro$e command hangs the system un"ess you run the reset-a"" command irst%
;hen 8perating nironment has $een running $eore the stop a #ey seuence! you must comp"ete the o""owingsteps $eore using the price commands! $ecause these commands can cause the system to ree>e%
2ote - i a pro$e- command causes a system to ree>e! turn o the system and then turn it $ac# on $y togg"ing the
power switch "ocated on the $ac# o the system unit%
$. /t the ok prompt: set the N8/A auto(boot Parameter to ,alse
ok setenv auto(boot ,alse
-
7/22/2019 Hastatus Solaris
53/320
5. /t the ok prompt: enter the reset comman! to clear all bu,,ers an! registers be,ore entering an&
!iagnostic comman!s.
ok reset
The proe!scsi $ommand
&he pro$e-scsi command! identiies the periphera" deices (dis#s! tape dries! or 9485s) attached tothe on-$oard S9SI contro""er! $y their target address% or e,amp"e:
Ok prob(scsi.
&arget J
?nit 0 is# SA@A& S&*.0 S?20+6+6600*O00*6
&arget 6
?nit 0 4emoa$"e 4ead on"y deice S82< 9485
The pro$e-scsi -a"" Command
&he pro$e-scsi-a"" command identiies the periphera" deices attached to the on-$oard S9SI contro""er and a""
periphera" deices attached to separate SKus or P9I S9SI contro""ers%
ok probe(scsi(all
pciZ*! 0pciZ*pciZ*S?2;!insptwoZ
&arget J
?nit 0 is# ?7I&S?5AKJ0/S S?2%+@*O01
&arget
?nit 0 4emoa$"e &ape AK
-
7/22/2019 Hastatus Solaris
54/320
o# dea"ias
screen pc"Z"!0pciZ"!"S?2;!m6KZ+
net pciZ"!0pciZ"!"networ#]"!"
cdrorti pciZ" !0pciZ"!"ideZJcdrcsnZ+!0:
dis# pciZ"!0pciZ"!"ideZJdis#Z0!0
dis#J pciZ"!0pciZ"!"ideZJdis#ZJ!9
dis#+ pciZ*0pciZ"!"ideZJdis#Z+!0
dis#^ pciZ"0pciZ"!"ide_Jdis#Z"!0
dis#8 pciei!0pciei!"ideeJdis#Z0!0
ide pcid"!0pciZ"!"ideZJ
"oppy pciZ" !0pciZI!"e$usG+"dthree
tty$ pciZ"!0pciZ"!"e$usZ"se:$
ttya pciZ"! 0pciZ"!"e$usZ"se:ci %
#ey$oard^ pciZ"!0pciZ"!"e$usZ"suZ*%J9.J.:orcemode
#ey$oard pci_"!0pciei!"e$usZ"suZ*!J0.J.
mouse pciZ"!0pci("!"e$usZ"suZ*!J06+.
name a"iases
eice a"ias names are "isted on the "et side o the command output! and the physica" address o each
deice is shown on the right side o the output%eice a"iases are hard-coded into the 8KP irmware! and
they are easier to remem$er and use than the physica" deice addresses%&he dis# deice a"ias identiies
the deau"t $oot deice or the system%
&o $oot the system rom the deau"t deice simp"y type the $oot command%
ok boot
Creating Custom Device 0liases
-
7/22/2019 Hastatus Solaris
55/320
ok nvalias alias(name !evice(path
&he eect o na"ias is to store this entire command "ine in the 234A549%
&o remoe a custom deice a"ias name:
ok nvunalias alias(name
&he eect o nuna"ias is to de"ete the a"ias name rom 234A549%
!sing nvalias to Create Custom Deice Aliases
&he o""owing procedure shows how to add a new $oot deice a"ias! ca""ed my dis+ and $oot the system
rom this new $oot deice a"ias%?sing show-dis#s se"ect the deice path that re"ates to the dis# to $e
used% ?sing na"ias create a new deice a"ias ca""ed mydis#%
ok show(!isks
(select a dis from the list)
o# na"ias mydis# pciZ*! 0pciZ"pciZ"S?2;! isptro(5sd
&o paste the deice path! or the se"ected dis#! on the command "ine press 9ontro"-y%
Removing Custom Device Aliases
-
7/22/2019 Hastatus Solaris
56/320
o# reset
4esetting %%%%%
o# $oot mydis#
-
7/22/2019 Hastatus Solaris
57/320
Interrupting an !nresponsie System;hen a system ree>es! or stops responding to the #ey$oard!you must Interrupt it% Interrupting the system stops the processor immediate"y and does not a""ow or memory to $e
"ushed! or i"e systems to $e synchroni>ed%&o interrupt an unresponsie system:
*% Attempt a remote "ogin on the unresponsie system to "ocate and #i"" the oending process%
34 Attempt to re$oot the users system graceu""y%
J% Ho"d down the Stop-a #ey seuence on the #ey$oard o the unresponsie system% &he system is p"aced at the o#
prompt%
2ote - I an AS9II: termina" is $eing used as the system! conso"e! use the Krea# seuence #eys% %
5anua""y synchroni>e the i"e systems using the 8KP sync command%
o# sync %
&his command causes the system to create a crash dump o memory and then re$oot the system%
9reate and manage user accounts on the "oca" system using the admin too" uti"ity escri$e the ormat o the i"es etcpasswd and etcshadow or securing "ogin access escri$e the ormat o the etcgroup i"e or maintaining shared and restricted access to i"es and
directories Add! modiy! and de"ete user accounts on the "oca" system with the commands useradd!
usermod! and userde" Add! modiy! and de"ete group accounts or the "oca" system with the commands groupadd!
groupmod! and groupde" eine the two dierent types o she"" initia"i>ation i"es escri$e the she"" startup actiities during "ogin or the three main So"aris 8perating nironment ist the she"" initia"i>ation i"es used to set up a user's wor# enironment at "ogin escri$e the purpose o the etcs#e" directory 5odiy initia"i>ation i"es to customi>e a userQs wor# enironment%
Setting ?p ?ser Accounts
An important system administration tas# is setting up user accounts or each user reuiring system
access% ach user account consists o ie main components:
)ser name- A uniue name a user enters to "og in to a system! a"so ca""ed a "ogin name% Passwor!- A com$ination o si, to eight "etters! num$ers! or specia" characters that a user must
enter with the "ogin name to gain access to a system% )serLs home !irector& - A directory the user is p"aced in ater "ogin! or creating and storing i"es% )serLs login shell- &he user's wor# enironment is set up $y the initia"i>ation i"es deined $y the
user's "ogin she""% &here are si, possi$"e "ogin she""s in the So"aris 8perating nironment! whichinc"ude the Kourne she""! Lorn she""! 9 she""! V she""! KASH she""! and the &9 she""%
?ser initia"i>ation i"es - She"" scripts that determine how a user's wor# enironment is to $e set upwhen the user "ogs in to a system%
Aanaging )ser /ccount:
-
7/22/2019 Hastatus Solaris
58/320
9ogin name- ach user's name must $e uniue and consist o two to eight "etters (AEV! a->) and
num$ers (0-O)% &he irst character must $e a "etter! and at "east one character must $e a "owercase etter%
?ser names cannot contain underscores or spaces%
)ser i!enti,ication =)I6> number- &he user's uniue numerica" I or the system% ?I num$ers or
regu"ar users range rom *00 to 60000% A"" ?I num$ers must $e uniue%
2ote - As o the So"aris +%6 8perating nironment! the ma,imum a"ue or a ?I is +*1_J61%
Howeer! the ?Is oer 60000 do not hae u"" unctiona"ity and are incompati$"e with some the So"aris
8perating nironment eatures% So aoid using ?Is oer 60000 to $e compati$"e with ear"ier ersions
o the operating system%
@roup i!enti,ication =@I6> number- &he uniue numerica" I o the group to which the user $e"ongs%ach @I num$er must $e an integer $etween *00 to 60000%2ote -
-
7/22/2019 Hastatus Solaris
59/320
A"" passwords are encrypted and maintained in a separate shadow i"e named etcshadow% &o urther contro" user
passwords! you can oten enorce password aging! which is maintained in the etcshadow i"e%
&he "etc"group i"e deines the deau"t system group accounts%
-
7/22/2019 Hastatus Solaris
60/320
comment -9ontains the user's u"" name% home#!irector&-9ontains the u"" pathname to the user's home directory% login#shell(eines the user's "ogin she""! which can $e $insh! $in#sh! $incsh!
$in>sh! $in$ash! or $intcsh%
root
daemon
$in
sys
adm
smtp
0
*
+
J
1*
0
Superuser account% Has a"most no restrictions and oerrides a"" other "ogins!protections! and permissionsM has access to the entire system%
System account that contro"s $ac#ground processing%
Administratie account that owns most o the commands%
Administratie account that owns many system i"es%
Administratie account that owns certain administratie i"es%
Print serice account that owns the o$Wect and spoo"ed data i"es or the printer%
&he smtp mai"er uses the Simp"e 5ai" &ranser Protoco" (S5&P) to transer a
message% S5&P is the standard mai" protoco" used on the Internet%
uucp
nuucp
"isten
no$ody
noaccess
no$ody
/
6
J1
6000*
6000+
6//J
&he uucp account that owns the o$Wect and spoo"ed data i"es or the ?2I-to-?2I
copy program (??9P)%
&he uucp account used $y remote systems to "ogin to the host and start i"e
transers%
2etwor# "istener account%
Anonymous user account! assigned $y an 2S serer when an unathori>ed root
user ma#es a reuest% &he no$ody user account is assigned to sotware processes
that do not need any specia" permissions%
Account assigned to a user or a process that needs access to a system through
some app"ication without actua""y "ogging into the system%
Sun8SY %0 or %* ersion o the no$ody account%
*% &he no$ody account is used or securing 2S resources% ;hen a user is "ogged in as root on an 2S
c"ient and attempts to access a remote i"e resource! the ?I is changed rom 0 to the ?I o no$ody
(6000*)M no$ody gets the same access permissions as those deined or eeryone e"se%
-
7/22/2019 Hastatus Solaris
61/320
&he etcshadow i"eue to the critica" nature o the etcshadow i"e! you shou"d neer edit it direct"y%Instead! you maintain the i"e's ie"ds using admintoo" or the commands useradd! usermod! or passwd% &he
etcshadow i"e can $e read on"y $y a user with root permission%
&he o""owing is an e,amp"e o the etcshadow i"e containing its initia" system account entries:
root:eo#t9o5twV2:6/::::::
daemon:2P:6/::::::
$in:2P:6/::::::
sys:2P:6/::::::
adm:2P:6/::::::
"p:2P:6/: : : : : :
smtp:2P:6/::::::
uucp: 2P : 6/ ::::::
nuucp: 2P:6/::::::
"isten : L ::::::
no$ody:2P:6/ ::::::
noaccess :2P: 6/ ::::::
no$ody :2P: 6/ ::::::
ach "ine entry contains the o""owing nine ie"ds! separated $y co"ons:
"ogin I: password: "astchg:min:ma,: warn: inactie:e,pire:
loginI6- 9ontains the user's "ogin name% passwor! -9ontains a *J-character encrypted password! or the string L ! which indicates a "oc#ed
account! or the string 2P! which indicates no password% lastchg- Indicates the num$er o days $etween 7anuary *!*O10! and the "ast password modiication date% min-9ontains the minimum num$er o days reuired $etween password changes% ma*-9ontains the ma,imum num$er o days the password is a"id $eore the user is prompted to enter a
new password at "ogin% warn- 9ontains the num$er o days the user is warned $eore the password e,pires% inactive- 9ontains the num$er o inactie days a""owed or that user $eore the user's account is "oc#ed% e*pire-9ontains the date when the user account e,pires% 8nce e,ceeded! the user can no "onger "og in%
&he ninth ie"d is resered or uture use! and is current"y not used
he "etc"group Dile ach user must $e"ong to a group! which is reerred to as the user's primary group and speciied$y the @I "ocated in the user's account entry within the etcpasswd i"e%
ach user can a"so $e"ong up to */ additiona" groups! #nown as secondary groups! which are speciied in etcgroup
i"e on"y%&he o""owing is a samp"e o the deau"t entries in an etcgroup i"e%
F cat etc group
root: :0 :root
-
7/22/2019 Hastatus Solaris
62/320
8ther: : * :
$in : : + : root ! $in ! daemon
sys : : J : root ! $in ! sys ! adm
adm : : : root ! adm ! daemon
uucp : : / : root ! uucp
mai" : : 6 : root
tty : : 1 : root ! tty ! adm
"p : : . : root ! "p ! adm
nuucp : : O : root ! nuucp
sta ::*0:
daemon : : *+ : root ! daemon
sysadmin: : * : "ister! torey
no$ody: : 6000*:
noaccess: : 6000+ :
nogroup: : 6//J :
F
ach "ine entry in the etcgroup i"e contains the o""owing our ie"ds! each separated $y a co"on character%
groupname : group -password: "ID: username-list
groupname-9ontains the name assigned to the group% @roup names can contain a ma,imum o eightcharacters%
group(passwor!- 9ontains an asteris# or is an empty ie"d% &his ie"d is a re"ic o ear"ier ersions o ?2I%&here is no uti"ity to set a password on a group% &o p"ace a password on a group! cut and paste an e,istingpassword rom the etcshadow i"e into the etcgroup i"e entry
2ote X A group password is used $y the newgrp command% &his command is used to "og a user into a new group% I
that new group has a password! and the user is not a mem$er o that group! the password has to $e entered $eore
newgrp wi"" continue%
@I6-9ontains the group's @I num$er% It must $e uniue on the "oca" system and shou"d $e uniue acrossthe organi>ation% 2um$ers 0 to OO! 6000*! and 6000+ are resered or system group accounts% ?ser-deinedgroups can range rom *00 to 60000%
username-"ist-9ontains a comma-separated "ist o user names that represent the user's secondary group
mem$erships% Ky deau"t! each user can $e"ong to a ma,imum o */ secondary groups%
9reating ?ser Accounts
-
7/22/2019 Hastatus Solaris
63/320
&he useradd command a"so automatica""y copies a"" the initia"i>ation i"es in the etcs#e" directory to the
user's new home directory%
9ommand ormat
usera!! B -u uid D B -g gid B -@ gid B!gid! % % DD B -d dir D B -m D B -s she"" D B -c
comment D "oginname
-
7/22/2019 Hastatus Solaris
64/320
6eleting )ser /ccounts:
-
7/22/2019 Hastatus Solaris
65/320
+ groupmo! (g ation! i"es% &he irst type contro"s the system -wide
enironment% &he second type contro"s the user's enironment%
%(stem3"ide nitiali5ation Files ation i"es are ca""ed "etc"pro,ile an! "etc". login.
&he Kourne and Lorn "ogin she""s "oo# or and e,ecute the system initia"i>ation i"e etcproi"e during
"ogin%&he 9 "ogin she"" "oo#s or and e,ecutes the system initia"i>ation i"e etc%"ogin during the "ogin
process%
2ote -&he deau"t i"es etcproi"e and etc%"ogin chec# dis# usage uotas! print the message o the day
rom the etcmotd i"e! and chec# or mai"% 2one o the messages are printed to the screen i the i"e
%hush"ogin e,ists in the user's home directory%
)ser Initiali1ation Diles
-
7/22/2019 Hastatus Solaris
66/320
V etc>shen
etc>proi"e
etc>shrc
etc>"ogin
\H85-% >sheri
\H85%>proi"e
\H85%>"ogin %
\H85%>shrc $in>sh
KASH etcproi"e \H85%$ashEproi"e
\H85%$ashE"ogin
\H85%proi"e
\H85%$ashrc $in$ash
&9 etccsh%cshrc
etccsh%"ogin
\H85%tcshrc
or
\H85%cshrc
$intcsh
2ote - &he root user's "ogin she"" $y deau"t is the Kourne she""! and root' s she"" entry in the etcpasswd
i"e appears as s$insh%
;hen a user "ogs in to the system! the user's "ogin she"" is ino#ed% &he she""program "oo#s or its
initia"i>ation i"es in a speciic orderM e,ecutes the commands contained in each i"e! and when inished!
disp"ays the she"" prompt on the user's screen%
Customi1ing the Work Bnvironment&he she""s a"" proide $asic eatures and a set o aria$"es that
determine what root or a regu"ar user can do when customi>ing user initia"i>ation i"es or each she""%
%hell Variables &he enironment maintained $y the she"" inc"udes aria$"es that are deined $y the"ogin program! system initia"i>ation i"e! and the user initia"i>ation i"es%
&he she""s support two types o aria$"es:
nironment aria$"es - ery she"" program started receies its inormation a$out the user's enironment
rom these aria$"es%oca" aria$"es - &his aects on"y the current she""% Any su$she"" started wou"d not
hae #now"edge o these aria$"es%
-
7/22/2019 Hastatus Solaris
67/320
Kourne or Lorn She"" 3A4IAKNa"ue M e,port 3A4IAK or e,amp"e:
R\H8S&2A5 * \ e,port PS"
9 She"" Seten aria$"e a"ueor e,amp"e
eau"t ?ser Initia"i>ation i"es
She"" Initia"i>ation i"e
&emp"ates
?ser s Initia"i>ation i"es
Kourne etcs#e""oca"%proi"e \H85%proi"e
Lorn etcs#e""oca"%proi"e \L85%proi"e
9 etcs#e""oca"%"ogin
etcs#e""oca"%cshrc
\H85%"ogin
\H85%cshrc
&he root user can customi>e these temp"ates to create a standard set o user initia"i>ation i"es to proide
a common wor# enironment or each user%?ser's can then edit their initia"i>ation i"es to urther customi>e
their enironments or each she""%
-
7/22/2019 Hastatus Solaris
68/320
;hen new user accounts are created $y root! these initia"i>ation i"es are automatica""y copied to each
new user's home directory
A dis# is physica""y composed o a series o "at! magnetica""y coated p"atters stac#ed on a spind"e% &he
spind"e turns whi"e the readwrite heads moe $etween p"atters! in unison! racia""y reading and writing
data on the p"atters%
he ,ollowing !escribes the components o, a !isk'
One or more platters. Platters rotate aroun! the spin!le. ea! actuator arm moves the rea!"write hea!s as a unit above
an! below each platter.
A dis# is diided into the o""owing components: sectors! trac#s! and cy"inders%
Sector- &he sma""est addressa$"e unit on a p"atter! 8ne sector can ho"d/*+ $ytes o data% Sectors are a"so #nown as dis# $"oc#s%
rack- A series o sectors positioned end-to-end in a circu"ar path% C&lin!er- A stac# o trac#s%
2ote - &he num$er o sectors per trac# aries with the radius o a trac# on the p"atter%
&he outermost trac#s are "arger and can ho"d more sectors than the inner trac#s%
Kecause a dis# spins continuous"y and the readwrite heads moe as a sing"e unit! the
most eicient see#ing occurs when the sectors to $e read or written to are "ocated in asing"e cy"inder%
eining is# S"icesis#s can! $e diided into indiidua" partitions! #nown as s"ices%S"ices are groupings o cy"inders common"y used to organi>e data $y unction%
or e,amp"e! you can store critica" system i"es and programs in one s"ice! whi"e you
can store user-created i"es in another s"ice on the same dis#%
Note - Ky grouping cy"inders in this way! the amount o moement reuired $y the
readwrite heads to access a i"e is reduced! which improes dis# I8 perormance%
A dis# under Sun8S can $e diided into eight s"ices! "a$e"ed s"ice 0 through s"ice 1%
Ky conention! s"ice + is used to represent the entire dis#% It records items! such as the
si>e o the actua" dis#! and the tota" num$er o cy"inders aai"a$"e or the storage o i"es
and directories%
&he Koot is#
&he s"ices shown a possi$"e coniguration conention or "ogica""y organi>ing data that is to $e stored on the
$oot dis#% 2ot a"" s"ices hae to $e deined on a dis#%
-
7/22/2019 Hastatus Solaris
69/320
Disk (lice )aming $on%ention
&he u"" name o a s"ice is represented $y an eight character string which inc"udes the contro""er
num$er! the target num$er the dis# num$er! and the s"ice num$er%
Controller number- Identiies the host $us adapter! whichcontro"s communications $etween the system and dis# unit% Itta#es care o moing dis# heads! data transer! and "ocationo data on the deice% &he contro""er num$er is assigned inseuentia" order! such as c0! c*! c+ and so on%arget number &arget num$ers such as t0! t*! t+ ! and tJcorrespond to a uniue address switch setting that isse"ected or each dis#! tape! or 9-485% An e,terna" dis#drie has an address switch! "ocated on the rear pane"% Aninterna" dis# has address pins which are Wumpered to assignits target num$er%6isk number X &he dis# num$er is a"so #nown as the"ogica" unit num$er (?2)% &his num$er re"ects the num$ero dis#s at the target "ocation% &he dis# num$er is a"ways setto do with em$edded S9SI dis#s%
Slice numberX A s"ice num$er ranging rom 0 to 1%
cFtFdFsF
contro""er num$er! target num$er!is# num$er! S"ice 2um$er%
-
7/22/2019 Hastatus Solaris
70/320
eice 2aming 9onentions
In the So"aris 8perating! nironment! a"" deices hae three dierent types o names! depending on how the deice
is $eing reerenced%
9ogical !evice names Ph&sical !evice names
Instance names
2ote - KS deice names a"so e,ist in the So"aris 8perating nironment i the KS compati$i"ity pac#ages are
insta""ed with either the ee"oper! ntire istri$ution! or ntire istri$ution p"us 85 So"aris Sotware @roup% &he
KS deice names are typica""y used or $ac#wards compati$i"ity with o"d scripts! (or e,amp"e! desd8a)%
Logical &evice !ames
-
7/22/2019 Hastatus Solaris
71/320
*h(sical &evice !amesPhysica" deice names uniue"y identiy the physica" "ocation o the hardwaredeices on the system! and are maintained in the deices directory% 2ote 3arious hardwarep"atorms hae dierent deice trees%A physica" deice name uniue"y identiies the "ocation othe deice% It contains the hardware inormation! represented as a series o node names!separated $y s"ashes! to indicate the path to the deice that re"ects hardware connectiity% ore,amp"e:
+ ls ($ "!ev"!sk"c0t0!0s0 %
Irw,rw,rw, * root root 6 7un *6 *O:01 deds#c0t0d0s0 -
. . " . . "!evices"pci7l, :0"pci7l: l"i!e73"!a!70 : 0 'a
or example, an Ultra C system has the de4ice configuration tree-structure shown in igure C- 8not all possible
de4ices are included
&he top-most directory in the hierarchy is ca""ed the root node o the deice tree% An o$Wect $e"ow the root
node has a deice drier associated with it! which is ca""ed a "ea! or $us ne,us node%
2ote - A deice drier is the sotware that communicates with the deice% &his sotware must $e aai"a$"e
to the #erne" to use the deice%
&he #erne" identiies the physica" "ocation o a deice $y associating a node with an address! nodenameZaddress!
which is ca""ed thephysica"%deice name! or e,amp"e! dadZ0 %
Instance Names:Instance names are a$$reiated names assigned $y the #erne" or each deiceon the system%
An instance name is simp"y a shortened name or the physica" deice name% &wo e,amp"es are shown
$e"ow:
-
7/22/2019 Hastatus Solaris
72/320
s!n
;here sd is the dis# name and n is the dis# num$er! such as sd0! or the irst S9SI (sma"" computer
system interace) dis# deice:
!a!n
where dad (direct access deice) is the dis# name and n is the dis# num$er! such as dad0! or the irst ide
(integrated drie e"ectronics) dis# deice%
#isting a System's Devices &he o""owing sections descri$e how to "ist a system's deices%
he "etc"path#to#inst $ile
&n the Solaris 2perating 3n4ironment, the system records, for each de4ice, its instance name and number along withits physical name in the *etc*path+to+.inst file. These name are used by the kernel to identify e4ery possible de4ice.This file is read only at boot time.
2ote - &he deice instance num$er! shown in $o"d $e"ow! appears to the right o the deice instance
name when recorded in this i"e%
&he etcpathEtoEinst i"e is maintained $y the #erne"! and it is genera""y not necessary! nor is it adisa$"e
or the system administrator to eer change this i"e%
+ more "etc"path#to#inst
5
F 9aution^ &his i"e contains critica" #erne" state
F
F pciZ"! 0R 0 RpciR
F pciZ"!0pciZ"!"ideZJsdZ+!0R + RsdR (CD/&O)
F pciZ"!0pciZ"!"ideP3dadZ0!0R 0 [dadR (dis)
F pciZ"! 0pciZ"!"e$usZ"R 0 Re$usR (e-tended ,us)
F pciZ"!0pciZ""e$usZ"dthreeZ*!J0+J8R 0 RdR (floppy dis)
F pciZ" !0pciZ"("e$usZ"suZ*!J06+.R * RsuR (mouse)
F pciZ"!0pciZ"!"e$usZ"seZ*!00000R 0 RseR (serial ports 0 and %)
F pciei!0pciZ"!"e$usZ"suZ*!J0.J.R 0 RsuR #ey$oardM
F pciZ" ! 0pciZ"!"e$usZ"ecppZ*!J0J$cR 0 RecppR ('e,tended
capa,ility parallel port)
FpciZ"! 0'pciZ"! "e$usZ"S?2;!9S+J*Z*! +00000R 0 RaudiocsR (crystal
semiconductor)
F pciZ"! 0pciZ"! "e$usZ"poMerZ*! 1+000R 0 RpowerR power management ,us)
-
7/22/2019 Hastatus Solaris
73/320
F pciZ" !0pciZ"! "networ#Z" ! *R 0 RhmeR (ast thernet)
2ote X ierent systems hae dierent physica" deice paths% &his e,amp"e shows an on$oard periphera"
component interconnect (P9I) $us coniguration%
Sample "etc"path#to#inst $ile
&he o""owing is a pathEtoEinst i"e rom a system that has a dierent $us architecture% In this case! it is an
e,amp"e o a system that has an on$oard Sun system $us (S$us)%
+ more "etc"path#to#inst
F
F 9aution^ &his i"e contains critica" #erne" state
F
F s$usZ"!0R 0 Rs$usR
F s$usZ" !0espdmaZe! .00000R 0 RdmaR
F s$usZ" !0espdmaZe! .00000espZe!..00000 0 [esp
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZJ!0 J [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ+!0 + [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ*!0 * [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ0!0 0 [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ6!0 6 [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ/!0 / [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 sdZ!0 [sd
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZJ!0 J [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ+!0 + [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ*!0 * [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ+!0 + [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZJ!0 J [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ!0 [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ/!0 / [st
F s$usZ" !0espdmaZe! .00000espZe!..00000 stZ!0 [st
he prtcon, Command
-
7/22/2019 Hastatus Solaris
74/320
-
7/22/2019 Hastatus Solaris
75/320
ide! instance F0
dad! instance F0
sd! instance F+
pci! nstance F"
pseudo! instance F0
2ote - &he command grep - not is used to omit a"" containing the word RnotR rom the output%
%econfiguring Deices &he system recogni>es a new"y added periphera" deices i areconfiguration ,oot is ino#ed% &his particu"ar $oot process adds the new deice to a new"y generated
deice tree and to the de and deices directories%%
&he o""owing steps reconigure a system to recogni>e a new"y attached dis#%
* 9reate the reconigure i"e% &his i"e causes the system to chec# or the presence o any new"y
instated deices the ne,t time it is powered on or $ooted%
+ touch "recon,igure
+% Shut down the system% &his command $rings the system to an appropriate s"ate or
turning the system power o to sae"y a""ow or adding or remoing deices%
+ init
J% &urn o the power to a"" e,terna" deices%
% Insta"" the periphera" deice! ma#ing sure the deice $eing added has no con"icting
address with other deices on the system%
/% &urn on the power to a"" e,terna" deices%
6% &urn on the power to the system% &he system $oots to the "ogin screen%
1% 3eriy that the periphera" deice has $een added $y issuing one o the o""owing
commands: prtcon or ormat%
8nce the dis# is recogni>ed $y the system!
-
7/22/2019 Hastatus Solaris
76/320
or compatibility purposes, dr4config and the other commands are symbolic links to de4f sadm.
&he desadm command attempts to "oad eery drier in the system and attach to a"" possi$"e deice
instances%
It then creates the deice i"es in the deices directory and the "ogica" "in#s in the de directory% In
addition to managing these directories! desadm a"so maintains the! etcpathEtoEinst i"e%
!ev,sa!m Options &o restrict the use o the desadm command to a speciic deice c"ass! use the -c
option%
+!ev,sa!m (c !evice#class
+ !ev,sa!m (c !isk
;here the a"ues to deiceEc"ass inc"ude: dis#! tape! port ideo and pseudo% or e,amp"e:
-
7/22/2019 Hastatus Solaris
77/320
+ !rvcon,ig (i !a!
or F drconig -i sd
+% Ino#e the dis#s command%
# !isks
&his command creates sym$o"ic "in#s in the deds# and derds# directories pointing to the actua" dis#
deice i"es "ocated in the deices directory%
Adding a !ew Tape &rive &he o""owing steps i""ustrate how to add a new tape drie:
*% Ino#e the drconig command%
+ !rvccon,ig (i st
+% Ino#e the tapes command%
+ tapes
&his command creates sym$o"ic "in#s in the dermt directory to the actua" tape deice i"es "ocated in the deices
directory%
&is' %lices and the format 1tilit(
&he ormat uti"ity is a system administration too" used primari"y to prepare hard dis# dries or use in the
So"aris 8perating nironment%
&hough you can use the ormat uti"ity to perorm a ariety o dis# management actiities! the main reason
you use the ormat uti"ity is to diide a dis# into dis# s"ices%
2ote - &he So"aris 8perating nironment insta""ation program a"so diides dis#s into dis# s"ices as part
o insta""ing the So"aris 8perating nironment re"ease%
&o diide a dis# into s"ices! the system administrator wi"" need to:
Identiy the correct dis#
P"an the "ayout o the dis#
?se the ormat uti"ity to diide into s"ices
a$e" the dis# with new s"ice inormation
8n"y the root user can use the ormat uti"ity% I ormat is run $y a regu"ar user! the o""owing error message
is disp"ayed:
; ,ormat
-
7/22/2019 Hastatus Solaris
78/320
Searching or dis#%%%done
2o permission (or no dis# ound)
Disk &abels and Partition ables
ery dis# in the So"aris 8perating nironment has a specia" area set aside or storing inormationa$out the dis#'s contro""er! geometry! and s"ices%
&his inormation is ca""ed the dis#'s la,le4 Another term used to descri$e a dis# "a$e" is the o"ume ta$"e o
contents (3&89)% &he dis#'s "a$e" 3&89 is stored on the irst sector o the dis#%
&o "a$e" a dis# means to write s"ice inormation onto the dis#% I the system administrator ai"s to "a$e" a
dis# ater deining s"ices! the s"ice inormation is "ost%
An important part o the dis# "a$e" is thepartition ta,le+which identiies! a dis# s"ices! the s"ice $oundaries
(in cy"inders)! and the tota" si>e o the s"ices%
2ote -&he terms dis slice and dis partition are interchangea$"e%
9urrent partition ta$"e (origina"):&ota" dis# cy"inders aai"a$"e ..O+ T + (resered cy"inders)
part &ag "ag 9y"inders
(ie -locks
0 root wm 0 -+/+0 *%* @J (+/+*00) +J.+J/
* swap wu +/+* -+.0 *1% 66LK (J+000) J0+00
+ $ac#up wm 0 -..O+ %0*@K (..O+00) .0+O0
J unassigned wm 0 0 (000) 0
unassigned wm 0 0 (000) 0
/ unassigned win 0 0 (000) 0
6 usr wm + .* -.000 +%1J@K (60/*00) /1*.*O/
1 unassigned wm 0 0 (0!00) 0
-
7/22/2019 Hastatus Solaris
79/320
Partition $oundaries must $egin and end with entire cy"inders%
ie"d escription
Part S"ice num$er% 3a"id s"ice num$ers inc"ude 0
through 1%
&ag A a"ue used to indicate how the s"ice is
$eing used%
0 N unassigned
* N$oot
+ N root
J N swap
N usr
/ N $ac#up
6 N stand
1 N ar
. N home
O N a"ternates
"ag wm- dis# s"ice is writa$"e and mounta$"e%
wu -dis# s"ice is writa$"e and unmounta$"e%
This is the defaults state of slice dedicated for swap areas4
rm N dis# s"ice is read on"y and mounta$"e%
ru - dis# s"ice is read on"y and unmounta$"e%
9y"inders &he starting and ending cy"inder num$er or the dis# s"ice%
Si>e &he s"ice si>e: 5$ytes (m$)! @$ytes (g$)!
K"oc#s ($)! or 9y"inders (c)%
K"oc#s &he tota" num$er o cy"inders and the tota"
num$er o sectors per s"ice%
Defining Dis Slices is# s"ices are deined $y an oset and a si>e in cy"inders% &he oset is the distance rom
cy"inder 0% or e,amp"e:
-
7/22/2019 Hastatus Solaris
80/320
(lice !! O%erlaps &ntire Disk
S"ice 0 S"ice * S"ice 6
(ie
/0 $ylinders
Si>e
J+0 9y"inders(ie
12/0 $ylinders
8set 0 8 set +/+* 8 set +.*
Digure 6-+ 8sets and Si>es or is# Partitions
&he oset or s"ice 0 is 0 cy"inders and its si>e is +/+* cy"inders% S"ice 0 $egins on cy"inder 0 and ends on
cy"inder +/+0%
&he oset or s"ice * is +/+* cy"inders and its si>e is J+0 cy"inders% S"ice * $egins on cy"inder +/+* and
ends on cy"inder +.0%
&he oset or s"ice 6 is +.* cy"inders and its si>e is 60/* cy"inders% S"ice 6 $egins on cy"inder +.* and
ends on the "ast aai"a$"e cy"inder ..O+%
Defining Dis Partitions
&he o""owing sections descri$e conditions that can occur when you are deining dis# partitions%
1ndesirable Conditions
;hen creating or changing dis# s"ices! two types o undesira$"e conditions can occur: wasted dis# space
and oer"apping dis# space%
;asted is# Space ;asted dis# space occurs when one or more cy"inders are not a""ocated to a dis#
s"ice%
8set 0 8set - +/+*
8set 0 8set +/+*
&he wasted dis# space condition can occur when you decrease the si>e o one s"ice! and do notadWust the starting cy"inder num$er o the ne,t dis# s"ice% (In the e-ample a,ove+ cylinders 3*6$
through 3*36 are unusa,le4)
SiBe E 0CFFcyl wasted SiBe -G0F cyl
-
7/22/2019 Hastatus Solaris
81/320
Overlapping Disk Slices 8er"apping dis# s"ices occurs