Trouble Shooting Interview Question Solaris
-
Upload
robinsondba8697 -
Category
Documents
-
view
703 -
download
3
Transcript of Trouble Shooting Interview Question Solaris
Trouble Shooting Interview Question Solaris
http://solarisinterview.blogspot.com/2009/02/trouble-shooting-interview-question.html
1) What can I do if Solaris won't boot?
You need to boot from your install CD. Insert the Solaris Software CD in your CDROM drive. If your CDROM drive/BIOS isn't bootable, first insert the "Device Configuration Assistant" (DCA) diskette. At the "Boot Solaris" menu, choose "CD."
At the "Type of Installation: Interactive or JumpStart" menu, type "b -s" Or, after the video configuration, network, time and date you'll notice one of the menu's has a button: [Exit] Select Exit and, when it asks you again "do you want to exit?," just say yes.
Once you're at the UNIX root prompt #, you can mount the boot drive with "mount /dev/dsk/c0t0d0s0 /mnt"" and view anything wrong with the boot drive (omit the "t0" for ATAPI).
2) How do I restore the Solaris boot block without reinstalling?
This may happen when installing a boot manager that comes with another operating system (such as LILO from Linux) or an after-market multi-OS boot manager. These sometimes trample's active partition, which in our case is Solaris. Also, moving the Solaris partition with a partition manager program such as Partition Magic requires reinstalling the Solaris boot block. Before taking these steps, first verify the Solaris partition is active. If it isn't, just make the Solaris partition active and reboot. Otherwise follow the steps below.
1. Boot from CD-ROM and get the root prompt, #, as described in the previous question, 7.1.
2. Determine the controller, disk number, and partition. The boot disk is /dev/rdsk/c?t?d?p? where? is the controller #, target ID, and disk #, and partition #. Omit "t?" for ATAPI E.g., /dev/rdsk/c0d0p0
3. Verify it's the correct device correct with prtvtoc for the drive: This is VERY important; if it's wrong, you you may hose another partition: prtvtoc /dev/rdsk/c0t0d0p0 (omit "t0" for ATAPI, always use p0, which means the "entire drive"). The prtvtoc prints out the map for the Solaris partition on the hard drive, if found. The partitions shown on the output are actually "slices" within the Solaris partition.
4. Restore the boot block as follows: /sbin/fdisk -b /usr/lib/fs/ufs/mboot (raw disk dev)E.g., for SCSI it might be: /sbin/fdisk -b /usr/lib/fs/ufs/mboot /dev/rdsk/c0t0d0p0(omit "t0" for ATAPI)
5. Finally, remove your CDROM and diskette media and type "/sbin/shutdown -i6" to reboot. The Solaris Multiple Device Boot Menu should appear after rebooting. If not, you can always to an upgrade (re-)install. Note: This procedure does NOT make your Solaris partition active again (sometimes needed after installing another operating system, such as Windows, on the same disk), it just writes to your bootblock IN your Solaris partition. To learn more about the Solaris boot process, read the boot(1M) man page.
3) How do I logon as root if the password doesn't work anymore?
Regaining control of a Solaris x86 system where the root password has been lost can be accomplished by the following steps. Note that any savvy user can do this with the proper CD-ROM and diskette. Therefore, of course, physical security of a system is important for machines containing sensitive data.
1
1. Insert installation boot diskette and installation CD-ROM for Solaris x86.
2. Boot system from the installation floppy and select the CD-ROM as the boot device.
3. Type "b -s" (instead of typing 1 or 2 from the menu) and it'll drop you straight to a root shell, #, (and you'll be in single-user mode).
4. At the root prompt, #, key in the following commands, which will create a directory called hdrive under the /tmp directory and then mount the root hard drive partition under this temporary directory.
5. mkdir /tmp/hdrive
6. mount /dev/dsk/c0t0d0s0 /tmp/hdrive #SCSI; for ATAPI, omit "t0"
7. To use the vi editor, the TERM variable must be defined. Key in the following commands.
8. TERM=at386
9. export TERM
10. Start vi (or some other editor) and load /tmp/hdrive/etc/shadow file:
11. vi /tmp/hdrive/etc/shadow
12. Change the first line of the shadow file that has the root entry to:
13. root::6445::::::
14. Write and quit the vi editor with the "!" override command:
15. :wq!
16. Remove the floppy installation diskette, and reboot the system:
17. /sbin/shutdown -i6
18. When system has rebooted from the hard drive, you can now log in from the Console Login: as root with no password. Just hit enter for the password.
19. After logging in as root, use the passwd command to change the root password and secure the system.
Andreas Pfaffeneder has a simpler suggested to recover the password: Choose the Failsafe-Boot option (which results in kernel/unix -s), answer "Yes" when you are prompted if / of the installed system should be mounted. Chroot into the system and change the password: # chroot /a /bin/bash# passwd# /sbin/shutdown -i6
4) How can I fix Netscape Communicator to render fonts correctly on S/x86? This problem occurs with Solaris 2.6 and Netscape Communicator 4.0x, and has since been fixed. Apply patch 106248, which I'm told fixes this problem. A workaround is to add the following two lines to your ~/.xinitrc file: xset +fp /usr/openwin/lib/X11/fonts/75dpi/xset fp rehashAnother workaround, if you don't have these fonts, is to go into Netscape Preferences and change the
2
font faces.
5) Why is Solaris always booting into the Device Configuration Assistant (DCA)?
This is usually caused by one of the following: • You installed Solaris onto a disk other than the primary boot disk.
• You didn't remove your DCA boot diskette or if you didn't remove your installation CD-ROM if it's in a bootable CD-ROM drive.
• File /boot/solaris/bootenv.rc is corrupt or truncated, usually after a hard reboot or reset. This file is setup and used by DCA. It should contain several lines.
To change or set your default boot device, See Sun FAQ 2271-02 at http://access1.Sun.COM/cgi-bin/rinfo2html?227102.faq for instructions. To summarize:
• From the "Boot Solaris" screen, press F4 (Boot Tasks).
• On the "Boot Tasks" screen, press Enter to place an "X" in front of "View/Edit Autoboot Settings."
• In the "View/Edit Autoboot Settings" screen, note that the Default Boot Device will not be set to any valid device. Place an "X" in front of Set Default Boot Device and press F2 (Continue).
• On the Set Default Boot Device screen, place an X in front of the correct disk and press F2 (Continue).
• Arrow up to the Accept Settings and press Enter to mark with an "X". Press F2 (Continue) to return to the Boot Tasks screen.
• Press F3 (Back). It will load appropriate drivers after which you will be at the Boot Solaris screen. Press F2 (Continue) to continue booting
6) Help! I get error 2 or error 8 while applying patches. What do I do? Don't do anything. Error 2 means you already have the same or newer code. Error 8 means you can't patch some optional packages that haven't been installed, even if you did "everything plus OEM" during the original installation. Other errors, usually from lack of disk space, are explained in the patchadd(1M) man page.
7) I get this error message: "can't get local host's domain name" or "The local host's domain name hasn't been set." What do I do? This is a NIS message. The easiest way to fix it is to type the following as root: domainname abc.com; domainname >/etc/defaultdomain
8) My system doesn't boot due to superblock problems with the root filesystem. What do I do?
Normally, you reboot in single user mode and run /usr/bin/fsck as root and everything is OK. If you get a message about errors/problems on /dev/dsk/c0d0s0, are told to run fsck manually in single user mode, and get this message: BAD SUPER BLOCK: BAD VALUES IN SUPERBLOCK USE AN ALTERNATIVE SUPERBLOCK to SUPPLY NEEDED INFORMATION e.g. fsck -F ufs -b=# [special]. then you may be able to recover from this if the disk isn't entirely corrupted. The superblock stores important information about the file system. Because it is so important it is duplicated in several places. Hopefully one of the backup superblocks isn't corrupted. To see duplicate locations of superblock, use newfs -Nv. For example, if your root slice is at /dev/dsk/c0d0s0, run this command: # newfs -Nv /dev/dsk/c0d0s0 You must specify -Nv so you don't clobber your root slice with a new filesystem. Your output should look like this: # newfs -Nv /dev/dsk/c0d0s0mkfs -F ufs -o N /dev/rdsk/c0d0s0 614880 63 16 8192 1024 16 10 60 2048 t
3
0 -1 87 n/dev/rdsk/c0d0s0: 614880 sectors in 610 cylinders of 16 tracks, 63sectors300.2MB in 39 cyl groups (16 c/g, 7.88MB/g, 3776 i/g)super-block backups (for fsck -F ufs -o b=#) at:32, 16224, 32416, 48608, 64800, 80992, 97184, 113376, 129568, 145760,468576, 484768, 500960, 516128, 532320, 548512, 564704, 580896, 597088,613280,Note the numbers following "super-block backups." Use one of the numbers in fsck (e.g., 32) and use it with the fsck -F -o b= option: # fsck -F ufs -o b=32You may get a message FREE BLK COUNT(S) WRONG IN SUPERBLOCK SALVAGE? or FILE SYSTEM STATE IN SUPERBLOCK IS WRONG; FIX? In either case, type "yes" and press return. You should get a FILE SYSTEM WAS MODIFIED message. Reboot your system. If system complains about shutdown not being found do a halt -q. Now, hopefully, your system will boot up with out any problems.
9) How to change the hostname in Solaris?
The following steps are required to change a Sun system's hostname. • /etc/hosts.allow (to correct access permissions) • /etc/dfs/dfstab on this system's NFS servers (to allow proper mount access) • /etc/vfstab on this system's NFS clients (so they will point at the correct server) • kerberos configurations • ethers and hosts NIS maps • DNS information • Netgroup information • cron jobs should be reviewed. • Other hostname-specific scripts and configuration files. Additional steps may be required in order to correct issues involving other systems. Having said all that, the minumum number of changes required are: • /etc/nodename • /etc/hosts • /etc/hostname.* • /etc/net/*/hosts
10) NFS Troubleshooting
Sun's web pages contain substantial information about NFS services; search for an NFS Administration Guide or NFS Server Performance and Tuning Guide for the version of Solaris you are running. The share_nfs man page contains specific information about export options. If NFS is not working at all, try the following: • Make sure that the NFS server daemons are running. In particular, check for statd, lockd, nfsd and rarpd. If the daemons are not running, they can be started by running /etc/init.d/nfs.server start. See Daemons below for information on NFS-related daemons. • Check the /etc/dfs/dfstab and type shareall. • Use share or # showmount -e to see which filesystems are currently exported, and to whom. # showmount -a shows who the server believes is actually mounting which filesystems. • Make sure that your name service is translating the server and client hostnames correctly on both ends. Check the server logs to see if there are messages regarding failed or rejected mount attempts; check to make sure that the hostnames are correct in these messages. • Make sure that the /etc/net/*/hosts files on both ends report the correct hostnames. Reboot if these have to be edited.If you are dealing with a performance issue, check • Network Issues • CPU Useage • Memory Levels
4
• Disk I/O • Increase the number of nfsd threads in /etc/init.d/nfs.server if the problem is that requests are waiting for a turn. Note that this does increase memory useage by the kernel, so make sure that there is enough RAM in the server to handle the additional load. • Where possible, mount filesystem with the ro option to prevent additional, unnecessary attribute traffic. • If attribute caching does not make sense (for example, with a mail spool), mount the filesystem with the noac option. If nfsstat reports a high getattr level, actimeo may need to be increased (if the attributes do not change too often). • nfsstat reports on most NFS-related statistics. The nfsstat page includes information on tuning suggestions for different types of problems that can be revealed with nfsstat.If these steps do not resolve the issue, structural changes may be required: • cachefs can be used to push some of the load from the NFS server onto the NFS clients. To be useful, cfsadmin should be used to increase maxfilesize for the cache to a value high enough to allow for the caching of commonly-used files. (The default value is 3 Mb.)
11) NFS ClientWhen a client makes a request to the NFS server, a file handle is returned. The file handle is a 32 byte structure which is interpreted by the NFS server. Commonly, the file handle includes a file system ID, inode number and the generation number of the inode. (The latter can be used to return a "stale file handle" error message if the inode has been freed and re-used between client file accesses.) If a response is not received for a request, it is resent, but with an incremented xid (transmission ID). This can happen because of congestion on the network or the server, and can be observed with a snoop session between server and client. The server handles retransmissions differently depending on whether the requests are idempotent (can be executed several times without ill effect) or nonidempotent (cannot be executed several times). Examples of these would include things like reads and getattrs versus writes creates and removes. The system maintains a cache of nonidempotent requests so that appropriate replies can be returned. DaemonsThe following daemons play a critical role in NFS service: • biod: On the client end, handles asynchronous I/O for blocks of NFS files.• nfsd: Listens and responds to client NFS requests.• mountd: Handles mount requests.• lockd: Network lock manager.• statd: Network status manager
12) Solaris Filesystem TroubleshootingFilesystem corruption can be detected and often repaired by the format and fsck commands. If the filesystem corruption is not due to an improper system shutdown, the hard drive hardware may need to be replaced. ufs filesystems contain the following types of blocks:• boot block: This stores information used to boot the system.• superblock: Much of the filesystems internal information is stored in these.• inode: Stores location information about a file--everything except for the file name. The number of inodes in a filesystem can be changed from the default if newfs -i is used to create the filesystem.• data block: The file's data is stored in these.
fsckThe fsck command is run on each filesystem at boot time. This utility checks the internal consistency of the filesystem, and can make simple repairs on its own. More complex repairs require feedback from the root user, either in terms of a "y" keyboard response to queries, or invocation with the -y option. If fsck cannot determine where a file belongs, the file may be renamed to its inode number and placed in the filesystem's lost+found directory. If a file is missing after a noisy fsck session, it may still be intact in the lost+found directory. Sometimes the fsck command complains that it cannot find the superblock. Alternative superblock
5
locations were created by newfs at the time that the filesystem was created. The newfs -N command can be invoked to nondestructively discover the superblock locations for the filesystem. ufs filesystems can carry "state flags" that have the value of fsclean, fsstable, fsactive or fsbad (unknown). These can be used by fsck during boot time to skip past filesystems that are believed to be okay. formatThe analyze option of format can be used to examine the hard drive for flaws in a nondestructive fashion. dfdf can be used to check a filesystem's available space. Of particular interest is df -kl, which checks available space for all local filesystems and prints out the statistics in kilobytes. Solaris 10 also allows us to use df -h, which presents the statistics in a more human-friendly form that doesn't require counting digits to decide whether a file is 100M or 1G in size. dudu can be used to check space used by a directory. In particular, du -dsk will report useage in kilobytes of a directory and its descendants, without including space totals from other filesystems.
Filesystem TuningFilesystem performance can be improved by looking at filesystem caching issues. The following tuning parameters may be valuable in tuning filesystem performance with tunefs or mkfs/newfs: • inode count: The default is based upon an assumption of average file sizes of 2 KB. This can be set with mkfs/newfs at the time of filesystem creation.• time/space optimization: Optimization can be set to allow for fastest performance or most efficient space useage.• minfree: In Solaris 2.6+, this is set to (64 MB / filesystem size) x 100. Filesystems in earlier OS versions reserved 10%. This parameter specifies how much space is to be left empty in order to preserve filesystem performance.• maxbpg: This is the maximum number of blocks a file can leave in a single cylinder group. Increasing this limit can improve large file performance, but may have a negative impact on small file performance
14)Filesystem Performance MonitoringMcDougall, Mauro and Gregg suggest that the best way to see if I/O is a problem at all is to look at the amount of time spent on POSIX read() and write() system calls via DTrace. If so, we need to look at the raw disk I/O performance.
iostatAs with most of the monitoring commands, the first line of iostat reflects a summary of statistics since boot time. To look at meaningful real-time data, run iostat with a time step (eg iostat 30) and look at the lines that report summaries over the time step intervals. For Solaris 2.6 and higher, use iostat -xPnce 30 to get information including the common device names of the disk partitions, CPU statistics, error statistics, and extended disk statistics. For Solaris 2.5.1 and earlier, or for more compact output, use iostat -xc 30 to get the extended disk and CPU statistics. In either case, the information reported is: • disk: Disk device name.• r/s, w/s: Average reads/writes per second.• Kr/s, Kw/s: Average Kb read/written per second.• wait: Time spent by a process while waiting for block(eg disk) I/O to complete. (See Notes on Odd Behavior below.) • actv: Number of active requests in the hardware queue.
6
• %w: Occupancy of the wait queue.• %b: Occupancy of the active queue with the device busy.• svc_t: Service time (ms). Includes everything: wait time, active queue time, seek rotation, transfer time.• us/sy: User/system CPU time (%).• wt: Wait for I/O (%).• id: Idle time (%).
Notes on Odd Behavior
The "wait" time reported by iostat refers to time spent by a process while waiting for block device (such as disk) I/O to finish. In Solaris 2.6 and earlier, the calculation algorithm sometimes overstates the problem on multi-processor machines, since it does not take into account that an I/O wait on one CPU does not mean that I/O is blocked for processes on the other CPUs. Solaris 7 has corrected this problem. iostat also sometimes reports excessive svc_t (service time) readings for disks that are very inactive. This is due to the action of fsflush keeping the data in memory and on the disk up-to-date. Since many writes are specified over a very short period of time to random parts of the disk, a queue forms briefly, and the average service time goes up. svc_t should only be taken seriously on a disk that is showing 5% or more activity.
15) mpstatmpstat reports information which is useful in understanding lock contention and CPU loading issues. mpstat reports the following: • CPU: Processor ID• minf: Minor faults• mjf: Major fault• xcal: Processor cross-calls (when one CPU wakes up another by interrupting it). If this exceeds 200/second, the application in question may need to be examined.• intr: Interrupts.• ithr: Interrupts as threads (except clock).• csw: Context switches• icsw: Involuntary context switches (this is probably the more relevant statistic when examining performance issues.)• migr: Thread migrations to another processor. If the migr measurement of mpstat is greater than 500, rechoose_interval should be sent longer in the kernel.• smtx: Number of times a CPU failed to obtain a mutex.• srw: Number of times a CPU failed to obtain a read/write lock on the first try.• syscl: Number of system calls. • usr/sys/wt/idl: User/system/wait/idle CPU percentages.
netstatnetstat provides useful information regarding traffic flow. In particular, netstat -i lists statistics for each interface, netstat -s provides a full listing of several counters, and netstat -rs provides routing table statistics. netstat -an reports all open ports. netstat -k provides a useful summary of several network-related statistics up through Solaris 9, but this option was removed in Solaris 10 in favor of the /bin/kstat command. Through Solaris 9, netstat -k provides a listing of several component kstat statistics. Here are some of the issues that can be revealed with netstat: • netstat -i: (Collis+Ierrs+Oerrs)/(Ipkts+Opkts) > 2%: This may indicate a network hardware issue.
• netstat -i: (Collis/Opkts) > 10%: The interface is overloaded. Traffic will need to be reduced or redistributed to other interfaces or servers.
• netstat -i: (Ierrs/Ipkts) > 25%: Packets are probably being dropped by the host, indicating an overloaded network (and/or server). Retransmissions can be dropped by reducing the rsize and wsize mount parameters to 2048 on the clients. Note that this is a temporary workaround, since this has the net effect of reducing maximum NFS throughput on the segment.
7
• netstat -s: If significant numbers of packets arrive with bad headers, bad data length or bad checksums, check the network hardware.
• netstat -i: If there are more than 120 collisions/second, the network is overloaded. See the suggestions above.
• netstat -i: If the sum of input and output packets is higher than about 600 for a 10Mbs interface or 6000 for a 100Mbs interface, the network segment is too busy. See the suggestions above.• netstat -r: This form of the command provides the routing table. Make sure that the routes are as you expect them to be.
nfsstatnfsstat can be used to examine NFS performance. nfsstat -s reports server-side statistics. In particular, the following are important: • calls: Total RPC calls received. • badcalls: Total number of calls rejected by the RPC layer. • nullrecv: Number of times an RPC call was not available even though it was believed to have been received. • badlen: Number of RPC calls with a length shorter than that allowed for RPC calls. • xdrcall: Number of RPC calls whose header could not be decoded by XDR (External Data Representation). • readlink: Number of times a symbolic link was read. • getattr: Number of attribute requests. • null: Null calls are made by the automounter when looking for a server for a filesystem. • writes: Data written to an exported filesystem. Sun recommends the following tuning actions for some common conditions: • writes > 10%: Write caching (either array-based or host-based, such as a Prestoserv card) would speed up operation. • badcalls >> 0: The network may be overloaded and should be checked out. The rsize and wsize mount options can be set on the client side to reduce the effect of a noisy network, but this should only be considered a temporary workaround. • readlink > 10%: Replace symbolic links with directories on the server. • getattr > 40%: The client attribute cache can be increased by setting the actimeo mount option. Note that this is not appropriate where the attributes change frequently, such as on a mail spool. In these cases, mount the filesystems with the noac option. nfsstat -c reports client-side statistics. The following statistics are of particular interest: • calls: Total number of calls made. • badcalls: Total number of calls rejected by RPC. • retrans: Total number of retransmissions. If this number is larger than 5%, the requests are not reaching the server consistently. This may indicate a network or routing problem. • badxid: Number of times a duplicate acknowledgement was received for a single request. If this number is roughly the same as badcalls, the network is congested. The rsize and wsize mount options can be set on the client side to reduce the effect of a noisy network, but this should only be considered a temporary workaround.If on the other hand, badxid=0, this can be an indication of a slow network connection. • timeout: Number of calls that timed out. If this is roughly equal to badxid, the requests are reaching the server, but the server is slow. • wait: Number of times a call had to wait because a client handle was not available. • newcred: Number of times the authentication was refreshed. • null: A large number of null calls indicates that the automounter is retrying the mount frequently. The timeo parameter should be changed in the automounter configuration.
nfsstat -m (from the client) provides server-based performance data. • srtt: Smoothed round-trip time. If this number is larger than 50ms, the mount point is slow. • dev: Estimated deviation. • cur: Current backed-off timeout value. • Lookups: If cur>80 ms, the requests are taking too long.
8
• Reads: If cur>150 ms, the requests are taking too long. • Writes: If cur>250 ms, the requests are taking too long.
p-CommandsIn Unix, every object is either a file or a process. With the /proc virtual file system, even processes may be treated like files. /proc (or procfs) is a virtual file system that allows us to examine processes like files. This means that /proc allows us to use file-like operations and intuitions when looking at processes. /proc does not occupy disk space; it is located in working memory. This structure was originally designed as a programming interface for writing debuggers, but it has grown considerably since then. To avoid confusion, we will refer to the virtual file system as /proc or procfs. The man page for procfs is proc(4). proc, on the other hand, will be used to refer to the process data structure discussed in the Process Structure page. Under /proc is a list of numbers, each of which is a Process ID (PID) for a process on our system. Under these directories are subdirectories referring to the different components of interest of each process. This directory structure can be examined directly, but we usually prefer to use commands written to extract information from this structure. These are known as the p-commands. • pcred: Display process credentials (eg EUID/EGID, RUID/RGID, saved UIDs/GIDs)• pfiles: Reports fstat() and fcntl() information for all open files. This includes information on the inode number, file system, ownership and size.• pflags: Prints the tracing flags, pending and held signals and other /proc status information for each LWP.• pgrep: Finds processes matching certain criteria.• pkill: Kills specified processes.• pldd: Lists dynamic libraries linked to the process.• pmap: Prints process address space map.• prun: Starts stopped processes.• prstat: Display process performance-related statistics.• ps: List process information.• psig: Lists signal actions.• pstack: Prints a stack trace for each LWP in the process.• pstop: Stops the process.• ptime: Times the command; does not time children.• ptree: Prints process genealogy.• pwait: Wait for specified processes to complete.• pwdx: Prints process working directory.
prstat Example 1CPU Saturation is can be directly measured via prstat. (Saturation refers to a situation where there is not enough CPU capacity to adequately handle requests for processing resources.) Saturation can be measured directly by looking at the CPU latency time for each thread reported by prstat -mL. (LAT is reported as a percentage of the time that a thread is waiting to use a processor.) This example shows the prstat -mL output from a single-CPU system that has been overloaded. Notice the load average and LAT numbers. PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG PROCESS/LWPID2724 root 24 0.2 0.0 0.0 0.0 0.0 2.2 74 284 423 361 0 gzip/12729 root 21 0.3 0.0 0.0 0.0 0.0 3.3 75 396 564 518 0 gzip/12733 root 20 0.3 0.0 0.0 0.0 0.0 5.3 75 391 514 484 0 gzip/12737 root 14 0.2 0.0 0.0 0.0 0.0 4.1 81 176 415 383 0 gzip/12730 root 3.3 0.3 0.0 0.0 0.0 0.0 96 0.7 602 258 505 0 gunzip/12734 root 2.9 0.3 0.0 0.0 0.0 0.0 92 4.5 522 280 457 0 gunzip/12738 root 2.7 0.2 0.0 0.0 0.0 0.0 93 3.9 377 147 370 0 gunzip/12725 root 2.4 0.2 0.0 0.0 0.0 0.0 95 2.4 495 179 355 0 gunzip/12728 root 0.1 1.4 0.0 0.0 0.0 0.0 97 1.7 769 11 2K 0 tar/12732 root 0.1 1.3 0.0 0.0 0.0 0.0 99 0.2 762 14 2K 0 tar/12723 root 0.0 1.1 0.0 0.0 0.0 0.0 99 0.1 564 7 1K 0 tar/12731 root 0.3 0.4 0.0 0.0 0.0 0.0 98 1.2 754 3 1K 0 tar/1
9
2735 root 0.3 0.4 0.0 0.0 0.0 0.0 98 0.9 722 0 1K 0 tar/12736 root 0.0 0.6 0.0 0.0 0.0 0.0 99 0.0 341 2 1K 0 tar/12726 root 0.3 0.3 0.0 0.0 0.0 0.0 98 1.0 473 145 1K 0 tar/12739 root 0.2 0.2 0.0 0.0 0.0 0.0 99 0.3 335 1 664 0 tar/12749 scromar 0.0 0.1 0.0 0.0 0.0 0.0 100 0.0 23 0 194 0 prstat/1337 root 0.0 0.0 0.0 0.0 0.0 0.0 100 0.0 6 0 36 6 xntpd/12716 scromar 0.0 0.0 0.0 0.0 0.0 0.0 100 0.0 3 1 21 0 sshd/1124 root 0.0 0.0 0.0 0.0 0.0 0.0 100 0.0 3 0 17 0 picld/4119 root 0.0 0.0 0.0 0.0 0.0 0.0 100 0.0 21 0 63 0 nscd/26Total: 51 processes, 164 lwps, load averages: 4.12, 2.13, 0.88
prstat Example 2In this case, we sort prstat output to look for the processes with heavy memory utilization: # prstat -s rssPID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP471 juser 125M 58M sleep 59 0 4:26:46 0.6% java/17200 daemon 62M 55M sleep 59 0 0:01:21 0.0% nfsmapid/418296 juser 116M 39M sleep 26 11 0:05:36 0.1% java/23...254 root 3968K 1016K sleep 59 0 0:00:03 0.0% sshd/1Total: 47 processes, 221 lwps, load averages: 0.20, 0.21, 0.20Other Usage Examples# ps -ef | grep more | grep -v greproot 18494 8025 0 08:53:09 pts/3 0:00 more# pgrep more18494# pmap -x 1849418494: moreAddress Kbytes RSS Anon Locked Mode Mapped File00010000 32 32 - - r-x-- more00028000 8 8 8 - rwx-- more0002A000 16 16 16 - rwx-- [ heap ]FF200000 864 824 - - r-x-- libc.so.1FF2E8000 32 32 32 - rwx-- libc.so.1FF2F0000 8 8 8 - rwx-- libc.so.1FF300000 16 16 - - r-x-- en_US.ISO8859-1.so.3FF312000 16 16 16 - rwx-- en_US.ISO8859-1.so.3FF330000 8 8 - - r-x-- libc_psr.so.1FF340000 8 8 8 - rwx-- [ anon ]FF350000 168 104 - - r-x-- libcurses.so.1FF38A000 32 32 24 - rwx-- libcurses.so.1FF392000 8 8 8 - rwx-- libcurses.so.1FF3A0000 24 16 16 - rwx-- [ anon ]FF3B0000 184 184 - - r-x-- ld.so.1FF3EE000 8 8 8 - rwx-- ld.so.1FF3F0000 8 8 8 - rwx-- ld.so.1FFBFC000 16 16 16 - rw--- [ stack ]-------- ------- ------- ------- -------total Kb 1456 1344 168 -# pstack 1849418494: moreff2c0c7c read (2, ffbff697, 1)00015684 ???????? (0, 1, 43858, ff369ad4, 0, 28b20)000149a4 ???????? (ffbff82f, 28400, 15000000, 28af6, 0, 28498)00013ad8 ???????? (0, 28b10, 28c00, 400b0, ff2a4a74, 0)00012780 ???????? (2a078, ff393050, 0, 28b00, 2a077, 6b)00011c68 main (28b10, ffffffff, 28c00, 0, 0, 1) + 684000115cc _start (0, 0, 0, 0, 0, 0) + 108
10
# pfiles 1849418494: moreCurrent rlimit: 256 file descriptors0: S_IFIFO mode:0000 dev:292,0 ino:2083873 uid:0 gid:0 size:0O_RDWR1: S_IFCHR mode:0620 dev:284,0 ino:12582922 uid:1000 gid:7 rdev:24,3O_RDWR|O_NOCTTY|O_LARGEFILE/devices/pseudo/pts@0:32: S_IFCHR mode:0620 dev:284,0 ino:12582922 uid:1000 gid:7 rdev:24,3O_RDWR|O_NOCTTY|O_LARGEFILE/devices/pseudo/pts@0:3# pcred 1849418494: e/r/suid=0 e/r/sgid=0groups: 0 1 2 3 4 5 6 7 8 9 12
16) sarThe word "sar" is used to refer to two related items:1. The system activity report package2. The system activity reporterSystem Activity Report PackageThis facility stores a great deal of performance data about a system. This information is invaluable when attempting to identify the source of a performance problem. The Report Package can be enabled by uncommenting the appropriate lines in the sys crontab. The sa1 program stores performance data in the /var/adm/sa directory. sa2 writes reports from this data, and sadc is a more general version of sa1. In practice, I do not find that the sa2-produced reports are terribly useful in most cases. Depending on the issue being examined, it may be sufficient to run sa1 at intervals that can be set in the sys crontab. Alternatively, sar can be used on the command line to look at performance over different time slices or over a constricted period of time:
sar -A -o outfile 5 2000
(Here, "5" represents the time slice and "2000" represents the number of samples to be taken. "outfile" is the output file where the data will be stored.) The data from this file can be read by using the "-f" option (see below).
System Activity Reportersar has several options that allow it to process the data collected by sa1 in different ways:• -a: Reports file system access statistics. Can be used to look at issues related to the DNLC.
o iget/s: Rate of requests for inodes not in the DNLC. An iget will be issued for each path component of the file's path.
o namei/s: Rate of file system path searches. (If the directory name is not in the DNLC, iget calls are made.)
o dirbk/s: Rate of directory block reads.
• -A: Reports all data.
• -b: Buffer activity reporter:
o bread/s, bwrit/s: Transfer rates (per second) between system buffers and block devices (such as disks).
o lread/s, lwrit/s: System buffer access rates (per second).
o %rcache, %wcache: Cache hit rates (%).11
o pread/s, pwrit/s: Transfer rates between system buffers and character devices.
• -c: System call reporter:
o scall/s: System call rate (per second).
o sread/s, swrit/s, fork/s, exec/s: Call rate for these calls (per second).
o rchar/s, wchar/s: Transfer rate (characters per second).
• -d: Disk activity (actually, block device activity):
o %busy: % of time servicing a transfer request.
o avque: Average number of outstanding requests.
o r+w/s: Rate of reads+writes (transfers per second).
o blks/s: Rate of 512-byte blocks transferred (per second).
o avwait: Average wait time (ms).
o avserv: Average service time (ms). (For block devices, this includes seek rotation and data transfer times. Note that the iostat svc_t is equivalent to the avwait+avserv.)
• -e HH:MM: CPU useage up to time specified.
• -f filename: Use filename as the source for the binary sar data. The default is to use today's file from /var/adm/sa.
• -g: Paging activity (see "Paging" for more details):
o pgout/s: Page-outs (requests per second).
o ppgout/s: Page-outs (pages per second).
o pgfree/s: Pages freed by the page scanner (pages per second).
o pgscan/s: Scan rate (pages per second).
o %ufs_ipf: Percentage of UFS inodes removed from the free list while still pointing at reuseable memory pages. This is the same as the percentage of igets that force page flushes.
• -i sec: Set the data collection interval to i seconds.
• -k: Kernel memory allocation:
o sml_mem: Amount of virtual memory available for the small pool (bytes). (Small requests are less than 256 bytes)
o lg_mem: Amount of virtual memory available for the large pool (bytes). (512 bytes-4 Kb)
o ovsz_alloc: Memory allocated to oversize requests (bytes). Oversize requests are dynamically allocated, so there is no pool. (Oversize requests are larger than 4 Kb)
o alloc: Amount of memory allocated to a pool (bytes). The total KMA useage is the sum of these columns.
12
o fail: Number of requests that failed.
• -m: Message and semaphore activities.
o msg/s, sema/s: Message and semaphore statistics (operations per second).
• -o filename: Saves output to filename.
• -p: Paging activities.
o atch/s: Attaches (per second). (This is the number of page faults that are filled by reclaiming a page already in memory.)
o pgin/s: Page-in requests (per second) to file systems.
o ppgin/s: Page-ins (per second). (Multiple pages may be affected by a single request.)
o pflt/s: Page faults from protection errors (per second).
o vflts/s: Address translation page faults (per second). (This happens when a valid page is not in memory. It is comparable to the vmstat-reported page/mf value.)
o slock/s: Faults caused by software lock requests that require physical I/O (per second).
• -q: Run queue length and percentage of the time that the run queue is occupied.
• -r: Unused memory pages and disk blocks.
o freemem: Pages available for use (Use pagesize to determine the size of the pages).
o freeswap: Disk blocks available in swap (512-byte blocks).
• -s time: Start looking at data from time onward.
• -u: CPU utilization.
o %usr: User time.
o %sys: System time.
o %wio: Waiting for I/O (does not include time when another process could be schedule to the CPU).
o %idle: Idle time.
• -v: Status of process, inode, file tables.
o proc-sz: Number of process entries (proc structures) currently in use, compared with max_nprocs.
o inod-sz: Number of inodes in memory compared with the number currently allocated in the kernel.
o file-sz: Number of entries in and size of the open file table in the kernel.
o lock-sz: Shared memory record table entries currently used/allocated in the kernel. This size is reported as 0 for standards compliance (space is allocated dynamically for this purpose).
o ov: Overflows between sampling points.
• -w: System swapping and switching activity.13
o swpin/s, swpot/s, bswin/s, bswot/s: Number of LWP transfers or 512-byte blocks per second.
o pswch/s: Process switches (per second).
• -y: TTY device activity.
o rawch/s, canch/s, outch/s: Input character rate, character rate processed by canonical queue, output character rate.
o rcvin/s, xmtin/s, mdmin/s: Receive, transmit and modem interrupt rates.
18) vmstat
The first line of vmstat represents a summary of information since boot time. To obtain useful real-time statistics, run vmstat with a time step (eg vmstat 30). The vmstat output columns are as follows use the pagesize command to determine the size of the pages):• procs or kthr/r: Run queue length.• procs or kthr/b: Processes blocked while waiting for I/O.• procs or kthr/w: Idle processes which have been swapped.• memory/swap: Free, unreserved swap space (Kb).• memory/free: Free memory (Kb). (Note that this will grow until it reaches lotsfree, at which point the page scanner is started. See "Paging" for more details.)• page/re: Pages reclaimed from the free list. (If a page on the free list still contains data needed for a new request, it can be remapped.)• page/mf: Minor faults (page in memory, but not mapped). (If the page is still in memory, a minor fault remaps the page. It is comparable to the vflts value reported by sar -p.)• page/pi: Paged in from swap (Kb/s). (When a page is brought back from the swap device, the process will stop execution and wait. This may affect performance.)• page/po: Paged out to swap (Kb/s). (The page has been written and freed. This can be the result of activity by the pageout scanner, a file close, or fsflush.)• page/fr: Freed or destroyed (Kb/s). (This column reports the activity of the page scanner.)• page/de: Freed after writes (Kb/s). (These pages have been freed due to a pageout.)• page/sr: Scan rate (pages). Note that this number is not reported as a "rate," but as a total number of pages scanned.• disk/s#: Disk activity for disk # (I/O's per second).• faults/in: Interrupts (per second).• faults/sy: System calls (per second).• faults/cs: Context switches (per second).• cpu/us: User CPU time (%).• cpu/sy: Kernel CPU time (%).• cpu/id: Idle + I/O wait CPU time (%).• vmstat -i reports on hardware interrupts. vmstat -s provides a summary of memory statistics, including statistics related to the DNLC, inode and rnode caches. vmstat -S reports on swap-related statistics such as: • si: Swapped in (Kb/s).• so: Swap outs (Kb/s).(Note that the man page for vmstat -s incorrectly describes the swap queue length. In Solaris 2, the swap queue length is the number of idle swapped-out processes. (In SunOS 4, this referred to the number of active swapped-out processes.)
14
You might also like:
NFS server configuration on solaris 10
Booting process in solaris 10
Important open boot commands in solaris OBP commands
Configuring NFS
MNC Frequently Asked Questions and Answers
NFS server configuration on solaris 10
The network file system (NFS)
NFS is the system that can be used to access file systems over the network. NFS version 4 is the default NFS in Solaris 10. The NFS service is managed by the Service Management Facility. That means NFS can be managed (enabled, disabled, or restarted) by the svcadm command, and the status of NFS service can be obtained by using the svcs command. The benefit here is sharing files over the network among computers possibly running different operating systems.
The NFS Service
The NFS service is a network service that enables computers of different architectures running different operating systems to share file systems across the network. A wide spectrum of operating systems ranging from Windows to Linux/UNIX support NFS. It has become possible to implement the NFS environment on a variety of operating systems because it is defined as an abstract model of a file system, rather than an architectural specification. Each operating system applies the NFS model to its specific file system semantics. This means that file system operations such as reading and writing work for the users as if they were accessing a file on the local system.
The benefits of the NFS service are described here:
1) It enables users on the network to share data, because all computers on the network can access the same set of files.
2) It reduces storage costs by letting computers share applications and common files instead of needing local disk space on each computer for each common file and user application.
3) It provides data consistency and reliability, because all users can read the same set of files, and whenever changes are made, they are made only at one place.
4) It makes the mounting of file systems accessing the remote files transparent to users.
5) It supports heterogeneous environments and reduces system administration overhead.
NFS is a network service offered in the client/server environment
NFS Servers and Clients
The NFS is a client/server system, the terms client and server refer to the roles that computers assume in sharing resources (file systems in this case) on the network. In NFS, computers that make their file systems available over the network and thereby offer NFS service to serve the requested files are acting as NFS servers, and the computers that are accessing the file systems are acting as NFS clients. In the NFS framework, a computer on a network can assume the role of a client, a server, or both.
15
Here is how NFS works:
A server makes a file system on its disk available for sharing, and the file system can then be accessed by an NFS client: on the network.
A client accesses files on the server's shared file system by mounting the file system.
The client does not make a copy of the file system on the server; instead, the mounting process uses a series of remote procedure calls that enable the client to access the file system transparently on the server's disk. To the user, the mounting works just like a mount on the local machine.
Once the remote file system (on the server) is mounted on the client machine, the user types commands as though the file systems were local.
You can mount an NFS file system automatically with autoFS.
The NFS File Systems
In most UNIX system environments, a file hierarchy that can be shared by using the NFS service corresponds to a file system or a portion of a file system. However, a file system resides on a single operating system, and NFS support works across operating systems. Moreover, the concept of a file system might be meaningless in some non-UNIX environments. Therefore, the term file system in NFS refers to a file or a file hierarchy that can be shared and mounted in the NFS environment.
An NFS server can make a single file or a directory subtree (file hierarchy) available to the NFS service for sharing. A server cannot share a file hierarchy that overlaps with a file hierarchy that is already being shared. Note that peripheral devices such as modems and printers cannot be shared under NFS.
Managing NFS
Since the release of Solaris 9, the NFS server starts automatically when you boot the system. Nevertheless, you do need to manage NFS, which includes administering the NFS service, working with NFS daemons, and making file systems available for sharing.
Administering the NFS Service
When the system is booted, the NFS server is automatically started by executing the nfs.server scripts. However, when the system is up, you may need to stop the service or start it again for whatever reason without rebooting the system. For that, you need to know that the NFS service is managed by the Service Management Facility (SMF) under the identifier network/nfs/server. By means of this identifier, you can find the status of the service by using the svcs command, and you can start (enable) or stop (disable) the service by using the svcadm command.
You can determine whether the NFS service is running on your machine by issuing the command shown here:
# svcs network/nfs/server
This command displays whether the NFS service is online or disabled. If you want to stop (disable) the service, issue the following command:
# svcadm disable network/nfs/server
You can start the service by issuing the following command:
# svcadm enable network/nfs/server
When the system is up, some daemons are running to support the NFS service.16
Working with NFS Daemons
Since the release of Solaris 9, NFS service starts automatically when the system is booted. When the system goes into level 3 (or multiuser mode), several NFS daemons are started to support the service.
Daemons automatically started in NFS version 4 when the system boots Daemon
Description
automountd - Handles mount and unmount requests from the autofs service.
nfsd - Handles file system requests from clients.
nfs4cbd - Manages the communication endpoints for the NFS version 4 callback program.
nfsmapid - Provides integer-to-String and string-to-integer conversions for the user ID (UID) and the group ID (GID).
The nfsd daemon handles the file system requests from the client and is automatically started with option -a. You can change the parameters of the command by editing the /etc/default/nfs file. The syntax for the nfsd command is as follows:
nfsd [-a] [-c {#_conn}] [-l {listenBacklog}] [-p {protocol}] [-t {device}][{nservers}]
The options and parameters are described here:
-a. Start the daemon over all available connectionless and connection-oriented transport protocols such as TCP and UDP. This is equivalent to setting the NFSD_PROTOCOL parameter in the nfs file to ALL.
-c (#_conn.) Set the maximum number of connections allowed to the NFS server over connection-oriented transport protocols such as TCP. By default, the number is unlimited. The equivalent parameter in the nfs file is NFSD_MAX_CONNECTIONS.
-l (listenBacklog). Set the connection queue length (specified by (listenBacklog)) for the number of entries for the NFS TCP. The default value is 32. This number can also be determined by setting the NFSD_LISTEN_BACKLOG parameter in the nfs file.
-p (protocol). Start the daemon over the protocol specified by (protocol). The default in NFS version 4 is TCP. The equivalent parameter in the nfs file is: NFSD_PROTOCOL.
-t (device). Start an nfs daemon for the transport specified by . The equivalent parameter in the nfs file is: NFSD_DEVICES.
(nservers). Set the maximum number of concurrent requests from the clients that the NFS server can handle. The equivalent parameter in the nfs file is: NFSD_SERVERS.
The default NFS version is version 4 in Solaris 10, Unlike previous versions of NFS, NFS version 4 does not use these daemons: lockd, mountd, nfslogd, and statd
Sharing File Systems
On the server machine, you can make a file system available for sharing by using the share command on the machine. You can use this command manually for testing purpose or to make a file system available only until the system is rebooted. If you want to make the sharing of a file system
17
permanent and automatic, you should enter the share command into the /etc/dfs/dfstab file. Each entry of this file is a share command, and this file is automatically executed at boot time when the system enters run level 3. The syntax for the share command is shown here:
share [-F (FSType)] [-o (specificOptions)] [-d (description)] [(pathname)]
The options are described here:
-F (FSType). Specifies the file system type, such as nfs.
-o (specificOptions). The (specificOptions) specifies the options for controlling access to the shared file system. The possible values for (specificOptions) are as follows:
rw. Read/write permissions for all clients. This is the default behavior.
rw = (client1):(client2). . . . Read/write permission for the listed clients; no access for any other client.
ro. Read-only permission for all clients.
ro = (client1):(client2). . . . Read-only permission for the listed clients; no access for any other client.
-d (description). The (description) specifies the description for the shared resource.
If you want to know the resources being shared on the local server, issue the dfshares command without any arguments or options.
Files related to the NFS service
/etc/default/autofs - Configuration information for autofs.
/etc/default/fs - Lists the default file system type for local file systems.
/etc/default/nfs - Configuration information for the nfsd daemon.
/etc/dfs/dfstab - Contains a list of local resources to be shared; the share commands.
/etc/mnttab - Lists file systems that are currently mounted.
/etc/dfs/sharetab - Lists the local and remote resources that are shared.
/etc/vfstab - Defines file systems to be mounted locally.
Some Examples how to share files in NFS
# vi /etc/dfs/dfstab
share -F nfs -o ro,anon=0 /cdrom/sol_10_305_sparc/s0/Solaris_10/Tools - to share the cdrom OS software and read only permission.
share -F nfs -o rw,anon=0 /cdrom - to share files with read and write permission and anon=0 means access to all hosts.
share -F nfs -o rw=hostname1 /cdrom - to give access to only one host.
share -F nfs -o rw=-hostname1 /cdrom - to deny this hostname1 and access to all.
share -F nfs -o rw=hostname1 hostname2 /cdrom - access to hostname1 and hostname2
18
share -F nfs -o rw=-hostname1 -hostname2 /cdrom - deny hostname1 and hostname2 and allow access to all computer in the network.
wq!
# Shareall (or)#exportfs -va - to export the filesystem
#share - to see the files shared in nfs and which are exported currently
Client side mount the shared File system
# mount -f nfs hostname1:/cdrom /cdrom - mount shared file directory to local directory.
# cd /cdrom# ls
You might also like:
Configuring NFS
Trouble Shooting Interview Question Solaris
Configuring System Messaging
NFS Configuration
Important open boot commands in solaris OBP commands
Configuring NFS
NFS Server Files
/etc/dfs/dfstab Lists the local resources to share at boot time/etc/dfs/sharetab Lists the local resources currently being shared./etc/dfs/fstypes Lists the default FS types for remote FS/etc/rmtab Lists FS remotely mounted by NFS clients/etc/nfs/nfslog.conf Lists info of the location of config logs used for NFS server logging/etc/default/nfslogd Lists config info describing the behavior of the nfslogd daemon
# cat /etc/dfs/dfstabshare –F nfs –o ro /export.sys44_data
# cat /etc/dfs/sharetab/export/sys44_data - nfs ro
# cat /etc/dfs/fstypesnfs NFS Utilitiesautofs AUTOFS Utilitiescachefs CACHEFS Utilities
# cat /etc/rmtabsys42:/export/sys44-data#sys41:/usr/share/man#sys43:/export/sys44_data -- The # entries are removed by the mountd daemon during a system startup
NFS Server Daemons
To start the NFS server daemons or to specify the number of concurrent NFS requests that can be
19
handled by the nfsd daemon, use the /etc/rc3.d/S15nfs.server script
mountd Handles FS mount requests from remote systems, and provides access controlnfsd Handles client FS requestsstatd Works with the lockd daemon to provide crash recovery functions for the lock managerlockd Supports record locking operations on NFS filesnfslogd Provides operational logging
# /etc/init.d/nfs.server start -- To start NFS server daemon# /etc/init.d/nfs.server stop -- To stop NFS server daemon
NFS Server Commands
# share -- To share directory and also displays the contents of the /etc/dfs/sharetab file# unshare /test -- Unshare the share
# shareall -- Shares all resources listed in the /etc/dfs/dfstab file# unshareall /export/sys44_data -- Unshare currently shared file resources listed in the /etc/dfs/sharetab file
# dfshares -- Displays currently shared resources by using the NFS dameon mountd# dfshares 140.40.40.160 -- Lists available shared resources in remote system# dfmounts -- Displays a list of NFS resources that are currently mounted and client list# dfmounts sys42 -- Displays NFS resources of sys42 that are currently mounted & clients
share [-F nfs] [-o options] [-d description] [pathname]
# share –o ro /export/sys44_data -- By default resources available with RW. Access decision is based on a comparison of the UID of the client and the owner.
The Share Command Options
ro Informs clients that the server accepts only read requestsrw Allows the server to accept read and write requests from the clientroot=client Informs client that the root user on the specified client system or systems can perform superuser-privileged requests on the share resource.ro=access-list Allows read requests from the specified access listrw=access-list Allows RW requests from the specified access list
Access List Options
access-list=client:client Allows access based on a colon-separated list of clientsaccess-list=@network Allows access based on a network number (eg @192.168.100 or a network name eg. @mynet.com). The network name must be defined in the /etc/networks fileaccess-list=.domain Allows access based on a DNS domainaccess-list=netgroup_name Allows access based on a config net group (NIS) or (NIS+)anon=n Sets n to be the effective user ID (EUID) of anonymous users. By default, anonumous users are given the EUID 6001-nobody user. If n is set to –1, access is denied.
# share –F nfs –o r0 direcctory -- Restricts access to read-only access.# share –F nfs –o r0,rw=client1 directory-- Restricts access to read-only, however, the NFS server accepts both read & write requests from the client client1
# share –F nfs –o root=client2 directory -- Allows the root user on the client named client2 to have superuser access to the NFS mounted
20
resources
# share –F nfs –o ro,anon=0 directory-- By setting the option anon=0, the EUID for access to shared resources by an anonymous user is set to 0. The access is also set to read only.
# share- /export/sys44_data ro “”
Managing the NFS Client
NFS Client Files
/etc/vfstab Defines FS to be mounted locally/etc/mnttab Lists currently mounted FS including automounted directories./etc/dfs/fstypes Lists the default FS types for remote FS
NFS Client Daemons
The NFS client daemons are started using the /etc/rc2.d/S73nfs.client script
statd Works with the lockd daemon to provide crash recovery functionslockd Supports record-locking operations on NFS files
/etc/init.d/nfs.client start (or) stop
NFS Client Commands
dfshares Lists available shared resources from a remote or local NFS servermount Attach a file resource to a specified local mount pointumount Unmounts a currently mounted file resourcesmountall Mounts all file resources or a specified group of file resources listed in the /etc/vfstab file with a mount at boot value of yesumountall Unmounts all non-critical local and remote file resourcesdfmounts Displays a list of currently mounted NFS server directories
mount [-F nfs] [-o options] server:pathname mount-point
# mount sys44:/export/sys44_data /export/remote-data# mount –o ro sys45,sys43,sys41:/multi_home_data /remote_shared_data-- When mounting a read-only remote resources, you can specify a comma separated list of sources for the remote resources. Which are then used as a list of failover resources
# umount /export/remote-data -- Unmounting remote FS from the client
# mountall –r -- To limit the action of this command to remote file resources.# umountall –r -- To unmount all remote file systems
Mounting Remote Resources at Boot Time
Enter appropriate entries in the client’s /etc/vfstab file to mount the remote file resources at boot time.# vi /etc/vfstabsys44:/export/sys44_data - /export/remote-data nfs - yes soft,bg
Mount Command Options
rw | ro Read/Write or read-only. The default is read/writebg | fg Retry to mount in background or foreground. The default is to retry in the foreground soft |
21
hard Soft option reports an error on the request, and stop trying when retrans=n reach. Whereas hard option prints a warning message and continue to try. Default is hard mountintr | nointr Enables or disabled the use of KB interrupts to kill aprocess that hangs on a hard-mounted FS. The default is intr.suid | nosuid Indicates whether to enable setuid execution. Default is setuid executiontimeo=n Sets the timeout to n tenth of a second. The default timemout is 11, measures in one-tenth of a second for UDP and 600 tenths of a second for TCP.retry=n Sets the no of times to retry the mount operation. Default is 10,000 timesretrans=n Sets the number of NFS retransmission to n. The default is 5 for UDP.
Enabling the NFS Server Logging
nfslogd daemon responsible for NFS logging
The /etc/nfs/nfslog.conf file defines the path, file names, and type of logging that the nfslogd daemon must use. There is a taq corresponding to each definition.
Eg. Of nfslog.conf file
# NFS server log configuration file
global defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog_workbufferdefaultdir=dir_path -- Specifies the default parent directorylog=logfile_pat -- Specifies relative or absolute path and the filename for the ASCII log filefhtable=table_path -- Specifies path and the filename for the file-handle-to-path DB filebuffer=buffer_path -- Specifies path and the filename for the raw buffer filelog format=basic | extended -- Specifies the format when creating user-redable log files
To easily identify the log files for different shared resources, place them in separate dir. For eg.
# cat /etc/nfs/nfslog.confglobal defaultdir=/var/nfs \log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
public defaultdir=/var/nfs/public \log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
Create the /var/nfs/public directory before starting NFS server logging
Specify a tag by entering the tag to use with the log=taq option in the /etc/dfs/dfstab file. Use the log option without specifying a taq, which mean use the default global tagshare –F nfs –o ro,log /export/sys44_date
/etc/default/nfslogd -- The config info file controls the logging behavior of the nfslogd daemon.
Configuring AutoFS
The automount facility contains three componentsThe AutoFS FSThe automountd daemonThe automount command
The AutoFs map types
Master Map The auto_master map associates a directory, also called a mount point, with a map.
22
Direct Map Lists the mount points as absolute path names. This map explicitly indicates the mount point on the client.
Indirect Map Lists the mount points as relative path names. This map uses a relative path to establish the mount point on the client.Special Provides access to NFS servers by using their host names
# cat /etc/auto_master+auto_master/net -hosts -nosuid,nobrowse/home auto_home -nobrowse/xfn -xfn
SyntaxMount point map name(direct or indirect map) mount options(similar to standard mount options. But nobrowse option is an AutoFS specific mount option
The plus(+) symbol at th beginning of the +auto_maser line directs the automountd daemon to look at the NIS, NIS+, or LDAP databases before it reads the rest of the map. If this line is commented out, only the local files are searched unless the /etc/nsswitch.conf file specifies that NIS, NIS+, or LDAP should be searched.
The two mount points for special maps are –hosts map & -xfn mapThe –hosts map Provide access to all resources shared by NFS servers. The resources being shared by a server are mounted below the /net/hostname directory, or if only the server’s IP address is known below the /net/IPaddress directory. The server doesn’t have to be listed in the hosts database for this mechanism to work.
The –xfn map Provides access to resources acailable through the Federated Naming Service (FNS). Resources associated with FNS mount below the /xfn directory
Direct Map
# cat /etc/auto_master../- auto_direct -ro
The /- mount point is a pointer that informs the automount facility that the full path names are defined in the file specified by map-name(the /etc/auto_direct file in this example)
# cat /etc/auto_direct# Super User created direct map for automounter/apps/frame -ro,soft server1:/export/framemaker/opt/local -ro,soft server2:/export/unbundled/usr/share/man -ro,soft server3,server4:/usr/share/man
Indirect Map
The /home entry defines a mount point for an indirect map. The map auto_home list relative path names only. The Solaris 2.6 through Solaris 9 OE support browsing of indirect maps and special maps with the –browse option. The –nobrowse option disables the browsing of indirect maps. The default option is –browse
# cat /etc/auto_home+auto_homesteven hosts5:/export/home/steven
23
mary mars:/export/home/marry
Reducing the auto_home map to a single line
* server1:/export/home/&The client remotely mont the /export/home/loginID directory from the NFS server server1 onto the local mount point /home/loginID. Wildcard character(*) to match any key. The substitution character (&) at the end of the location is replaced with the matched key field.
Run the automount command when making changes to the master map or creating a direct map to make the changes effective. You do not have to stop and restart the automountd daemon after making changes to existing entries in a direct map.
Automount [-t duration] [-v]-t Specifies a time in seconds, the FS remains mounted when not in use. Default is 600 sec.
When to run the automount commandAutomount Map Run if entry is added/deleted Run if entry is modifiedMaster map yes yesDirect map yes noIndirect map no no
# cat /etc/mnttab-hosts /net autofs indirect,nosuid,ignore,nobrowse dev=4300001|1008255810auto_home ………….-xfn ………….
# /etc/init.d/autofs start (or) stop
You might also like:
NIS Master Server Configurations
Configuring NFS
NFS server configuration on solaris 10
Configuring Name Service Clients
Configuring System Messaging
NIS Master Server Config
NIS maps are located in /var/yp/domainname directory(where domainname is the name of the NIS domain). There are two files (.pag and .dir files) for each map in this directory. Eg./var/yp/training/hosts.byname.pag file/var/yp/training/hosts.byname.dir file/var/yp/training/hosts.byaddr.pag file/var/yp/training/hosts.byaddr.dir file
The syntax for the NIS map is map.key.pag and map.key.dir
Ypcat [-k] mname -- To retrieve values from NIS name service map, mname can be either a map name or a map nickname# ypcat hostslocalhost 127.0.0.1 localhostsysprint 192.168.30.70 sysprintsys44 192.168.30.44 sys44 loghost
24
ypmatch [-k] value mname -- Prints values associated with one or more keys from the NIS name services map specified by the mname argument.# ypmatch sys44 hostssys44: 192.168.30.44 sys44 loghost# ypmatch usera passwdusera: usera:LojyTdiQev5i:3001:10::/export/home/usera:/bin/ksh
NIS Domain ContainsOne NIS Master ServerNIS Slave Servers (Optional)NIS Clients
The NIS Master Server
Contains the original /etc/ASCII files used to build the NIS mapsContains the NIS maps generated from the ASCII filesProvides a single point-of control for the entire NIS domain
NIS Slave Servers
Do not contain the original /etc/ASCII filesContains copied of the NIS maps copied from the NIS Master ServerProvides a a backup repository for NIS map informationProvides redundancy in case of server failureProvides load sharing on large networks
NIS Clients
Do not contain original /etc/ASCII filesDo not contain any NIS mapsBind to the master server or to a Slave Server to obtain access to the administrative file information contained in that server’s NIS mapsDynamically rebind to another server in case of server failureMake all appropriate system calls aware of NIS
NIS Processes
The main daemons involved in the running of an NIS domain areThe ypserv daemon -- Responds to client information requestsThe ypbind daemon -- Client to server bindingThe rpc.yppasswd daemon -- Password change update in master serverThe ypxfrd daemon -- Push the map to slave servers (sync)The rpc.ypupdated domain -- Update NIS maps using the config stored in /var/yp/updates
The NIS Slave Server contains upserv and ypbind daemon
The NIS Clients contains only ypbind daemon
The three most common search orders areSearch files and then NISSearch NIS and then filesForward hosts lookup requests from NIS to DNS
Introducing NIS Security
The /var/yp/securenets file to restrict access to a single host or to a subnetwork, and using the passwd.adjunct file to limit access to the password information across the network.
25
The /var/yp/securenets File
If exist on an NIS server, the server only answers queries or supplies maps to hosts and networks whose IP Address exist in the file. The server must be part of the subnet to access itself.# cat /var/yp/securenets# Two methods of giving access to a system. Using the netmask followed by the IP Address # or host keyword followed by the IP Addresshost 127.0.0.1255.255.255.0 150.10.1.0host 13.13.14.1host 13.13.14.2
If you modify entries in the /var/yp/securenets file. You must kill and restart the ypserv and ypxfrd daemons.# /usr/lib/netsvc/yp/ypstop (or) ypstart
The passwd.adjunct File
Encrypted password are normally hidden from the user in the /etc/shadow file. With the default NIS configuration, however the encrypted password string is shown as part of passwd maps. This file prevents unauthorized users from seeing the encrypted passwords. # ypmatch –k usera passwdusera: usera:LojyTdiQev512:3001:10:/export/home/usera:/bin/ksh
The passwd.adjunct file contains the account name preceded by ## in the password field. Subsequent attempts to gain account ino, using the ypcat or ypmatch commands, returnds the password entry from the passwd adjunct file.# ypmatch –k usera passwdusera: usera:##usera:3001:10:/export/home/usera:/bin/ksh
Configuring NIS Domain
To locate the source file in another directory, modify the /var/yp/Makefile file:Change the DIR=/etc line to DIR=Your choiceChange the PWDIR=/etc line to PWDIR=/your-choice
Before you make any modification to the /var/yp/Makefile, save a copy of the original Makefile file.
The NIS configuration script /usr/sbin/ypinit and the make utility generate NIS maps. The ypinit command reads the Makefile for source file locations, and converts ASCII scource files into NIS maps.The /etc/defaultdomain file sets the NIS domain name during system boot.
Important files on the NIS Master (Part 1) -- hosts, passwd & shadow
Important files on the NIS Master (Part 2) The /var/yp/domainname directory is the repository for the NIS maps created by the ypinit script.The /var/yp/binding/domainname directory contains the ypservers file where the names of NIS Master server and NIS Slave server are stored.
Important files on the NIS Master (Part 3) -- The /usr/netsvc/yp directory contains the ypstop and ypstart commands that stop and start NIS services respectively
# /usr/sbin/ypinit –m -- This command prompts for a list of other machies to become NIS slave servers.
Configuring the NIS Master Server
26
Core, End User or Developer software configuration cluster do not have all necessary files in the /usr/lib/netsvc/yp directory to allow a host to function as an NIS server.
1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. If necessary, modify the file2. Enter the domainname command to set the local NIS domain# domainname classroom.central.sun.com3. Create an /etc/defaultdomain file with the domain name4. If the files do not already exist, use the touch command to create zero-length files. /etc/ethers, /etc/bootparams, /etc/locale, /etc/timezone, /etc/netgroup and /etc/netmasks. These files are necessary for the creation of the complete set of NIS maps.5. Install and update Makefile file in the /var/yp directory.6. Create or populate the /etc/locale file, and make an entry for each domain on your network using the following formatdomainname locale eg. Classroom.central.sun.com en_us7. Initialize the master server by using the local /etc files# ypinit –m -- Provide slave server names and Ctrl+D to save the details. Press n for “Terminate it on the first fatal error”Note: If you have to restart the ypinit program, You are prompted to destroy the /var/yp/domainname directory. Answer Y8. # /usr/lib/netsvc/yp/ypstart
Testing the NIS Service
$ ypcat hosts -- Prints value from an NIS map# ypmatch sys41 localhost hosts192.168.30.41 sys41127.0.0.1 localhost loghost$ ypwhich -- To identify the master serversys41
Configure the NIS Client
1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file2. Edit the /etc/inet/hosts file to ensure NIS master and slave servers have been defined.3. # domainname domainname -- To set the local NIS domain4. Create and populate the /etc/defaultdomain file with the domain name5. # ypinit –c -- To initialize the system as an NIS client6. Enter the names of the NIS Master and all Slave Servers7. # /usr/lib/netsvc/yp/ypstart8. # ypwhich –m -- To test the functionality
Configuring NIS Slave Server
Follow the client configuration steps and perform the below command# ypinit –s master -- Command to initialize the system as an NIS slave server. Where master is the name of the NIS master. Start the service and test the functionality
Updating the NIS Map
1. Updates the text files in your source directory (typically /etc, unless it was changed in the Makefile file)2. # cd /var/yp 3. # /usr/ccs/bin/make -- Refresh the NIS database maps using the make utility
Updating NIS Password Map
If the NIS master is running the rpc.yppasswdd daemon, any client system can update the NIS 27
password map by using the yppasswd or passwd commands.1. Run the rpc.yppasswdd daemon on the NIS master server# /usr/lib/netsvc/yp/rpc.yppassed /$PWDIR/passwd –m passwd
Updating the NIS Slave Server Map
The following steps manually update the NIS timezone map on the master server and propagate all maps to the slave servers1. Edit the source file on the NIS Master# vi /etc/timezone2. Remake and push the NIS maps to slave servers# cd /var/yp; /usr/ccs/bin/make3. If the push fails. Manually pull only the timezone map from the master server by performing the below command in Slave server# /usr/lib/netsvc/yp/ypxfr timezone.byname# ypinit –s nis_master -- To pull all of the maps at once
Sometimes maps fail to propagate, and you must manually use the ypxfr command to retrieve new map information. You can use shell scripts to run cron jobs for automatic update. The Solaris OE provides several template scripts in the /usr/lib/netsvc/yp directory that you can use and modify to meet your local site requirement.
ypxfr_lperhour script -- To sync NIS Slave Servers passwd mapypxfr_lperday script -- To sync NIS Slave Servers NIS maps for the group, protocols, networks, services, and upservers keys.Ypxfr_2perday script -- To sync NIS Slave servers nIS maps for the hosts, ethers, netfroups keys, and mail aliases.
Quick Reference
# domainname digit.com -- Create domain name
# domainname > /etc/defaultdomain -- Creating domainname file
# cp /etc/nsswitch.nis /etc/nsswitch.conf
# /var/yp/Makefie -- Config file
Makefile 4 parts
1 – Declaration2 – Details of centralization3 – Coding for mapping4 – Declaration of original path
# cd /var/yp
# ypinit –m -- Initializing the master server# ypinit –s -- Initializing the slave server# ypinit –c -- Initializing the clientCtrl+D -- To save the fileIs this correct? [y/n] yNon fatal error [y/n] n
If there is any error follow the below procedure
# cd /etc# touch ethers bootparams netgroup netmasks timezone
28
# cd /var/yp# ypinit –m# /usr/lib/netsvc/yp/ypstart -- To start the daemons
# ypwhich -- Shows the map server detailsSolaris
# ypwhich –m -- Full details of map
A directory will be created with domain name
# cd /var/yp/digit.com -- Contains all config file with .pag & .dir extensions
# ypcat to read the file
# ypcat –k passwd -- With arguments print keys as well as values
# ypmatch –k root passwd
You might also like:
NIS Interview questions and answers
Configuring NIS for Jumpstart Procedures
Using Name Services
NIS Client and Slave Configuration
Configuring AutoFS
How to create a nis master
#Domainname sun.com#Echo sun.com > /etc/defaultdomain#Vi /etc/hostsSun1 192.168.0.1Sun2 192.168.0.2 add all the host connected to the networkWq!
#Cp /etc/nsswitch.nis /etc/nsswitch.conf#Vi /etc/nsswitch.confFile nis – add this entryWq!
#Cd /var/yp#Ypinit –m – master serverEnter host 192.168.0.1Stop at errors say no hereYes-yes-yes
#Cd /var/yp#/usr/lib/netsvc/yp/ypstop#/usr/lib/netsvc/yp/ypstart
Here you can see all the deamon get restarted .
Q)which command display the default nis server
29
A)ypwhich
Q)which command will display all the master and slave serversA)Ypcat –k ypservers
Q)how to see the nis usersA)Ypcat passwd
Q)what are the deamons for nis masterA)Ypserv ypbind ypxfrd rpc.ypassword rpc.ypupdates.
Q)what is mapA)Map is table which consist of a key and a file which consist of the information of the key
Q)how to create nis slave server(192.168.0.2)
#Vi /etc/hostSun1 192.168.0.1 master server ipWq!
#Cp /etc/nsswitch.nis /etc/switch.conf#Vi nsswitch.conFiles nisWq!
#Domainname sun.com#Echo sun.com> /etc/defaultdomain or to maintain more security /var/yp/ypservers
#Cd /var/yp#Ypinit –s sun1 (master server)Yes give master server ip or hostnameError say noYes-yes
#Cd /var/up if u r in that directory then its okay#/usr/lib/netsvc/yp/ypstop#/usr/lib/netsvc/yp/ypstartYpserv ypbind
#Ypwhich – will display master and slave servers#Ypcat –k ypservers – list master and slave server
Q)what are the daemon for nis slave serverA)Ypserv ypbind
Q)how to see nis user from the slaveA)Ypcat passwd
38)how to configure nis client
#Vi /etc/hostsSun1 192.168.0.1 - masterSun2 192.168.0.2 – slaveWq!
#Cp /etc/nsswitch.nis /etc/nsswitch.conf#Domainname sun.com
30
#Echo sun.com > /etc/defaultdomain or /var/yp/ypservers
#Cd /var/yp#Ypinit –cAdd the slave if available or masterYesNo at errors
#Cd /var/yp#/usr/lib/netsvc/yp/ypstop#/usr/lib/netsvc/yp/ypstart
Daemons for nis clients are ypbind
Q)To see nis server and master from the clientA)Ypcat –k ypservers
Q)how do you update slave servers from the masterA)Cd /var/yp#/usr/ccs/bin/make passswdOr yppush.
Q)how to create nis+ server and client#Cp /etc/passwd /export/home/nisfiles#Cp /etc/group /export/home/nisfiles#Cp /etc/hosts /export/home/nisfiles
#Vi auto_masterRemove all entries and keep only user name home directoriesHost1 192.168.0.1:/export/homeHost2 192.168.0.1:/export/homeWq!
#cp /etc/nsswitch.nis /etc/nsswitch.confFiles nisplusWq!
#domainname sun.com#echo sun.com>/etc/defaultdomain
#nisserver –r –YReboot#cd /export/home#nspopulate -v –F
Q)how to create nis+ client
#cp /etc/nsswitch.nis /etc/nsswitch.confFiles nisplusWq!
#domainname sun.com#echo sun.com>/etc/defaultdomain
#nisclient –I –h 192.168.0.1 –d sun.com
Listing table & objects in NIS+ • #nisls ;Gives the total objects in NIS+ • #nisls org_dir ;Lists the tables listed in the directory.
31
Listing a contents of tables• #niscat passwd.org_dir Listing table structure • #niscat -o passwd.org_dir ;lists structure of password table. Adding A user • #nistbladm -a name=john uid=123 gid=111 home=/home/john shell=/bin/sh passwd.org_dir Changing the user information in passwd table (Super user only Fill in the corresponding values in <>• #nistbladm –a name=<> passwd=<> uid=<> gid=<> home=<> shelll=<> passwd.org_d example • #nistbladm -a name=john uid=123 gid=234 home=/home/john shell=/bin/sh passwd.org_di to change only shell • #nistbladm -m shell=/usr/local/bin/bash [name=john],passwd.org_dir Changing user passwd
As root • # nispasswd ;user has to update his key through
chkey -p As user • $ nispasswd ;update encrypted key • $chkey -p ;(user NIS+ passwd and login passwd are the same.)
Adding user credentials • #nisaddcred -p 123 -P john local • # nisaddcred -p [email protected] -P john.planet.com. des 123 is userid and john is the user name. Adding / removing a user dir entry in auto_home table : • #nistbladm -a key=john value=10.20.30.40:/home/john auto_home.org_dir • #nistbladm -r key=john auto_home.org_dir ;If key is not unique then more fields needs to be defined . Removing a user• #nistbladm -r name=john passwd.org_dir Modifying the tables for multiple entries.• #nisaddent -d passwd > /tmp/passwd ;Dump the table to a file • #vi /tmp/passwd ;Edit the dumped file • # nisaddent -r -f /etc/passwd passwd ;Put back the dumped file. nisaddent command is available only for some of the standard tables, for others either nispopulate or nistbladm has to be used .
You might also like:
NIS Master Server Configurations
Configuring NIS for Jumpstart Procedures
Using Name Services
NIS Client and Slave Configuration
Jump start and Boot Only Server
NIS Client Config
# domainname digit.com
32
# domainname > /etc/defaultdomain
# vi /etc/hosts140.40.40.151 Solaris
# cp /etc/nsswitch.nis /etc/nsswitch.conf# ypnit –cGive master server name Solaris
# /usr/lib/netsvc/yp/ypstartrpcbind done – client has only ypbind daemon
Slave server has ypserve & ypbind daemon
NIS Slave Config
# ypinit –s Solaris (Master Server)
Configuring NIS for Jumpstart Procedures
Configuring NIS to support jumpstart procedures involves editing files and running commands on the NIS master server in use. Info supplied in the sysidcfg file overrides any information you make available in NIS.
A change to any file that is represented by a map in an NIS domain requires that you complete the following steps on the NIS master server
# vi /etc/inet/hosts192.10.10.4 client1# vi /etc/ethers8:0:20:88:5b client1# vi localeclient1 en_US# cd /var/yp# vi Makefile1. Add the text after the existing *.time entries. Duplicate the timezone entry, and replace timezone with localeAdd/Append the word locale to the line beginning with the word allAdd the following line after the auto.home: autohometime entryLocale: locale.timeSave the file and exit the editor# cd /var/yp# /usr/ccs/bin/make2. On any slave servers that exist in the NIS domain, run the ypxfr command to transfer the locale.byname map for the first time.# /usr/bin/netsvc/yp/ypxfr locale.byname3. On the NIS master server, again update the NIS maps by running the make command# cd /var/yp# /usr/ccs/bin/make
# vi /etc/timezoneUS/Mountain client1US/Mountain Central.sun.com# cd /var/yp# /usr/ccs/bin/make
33
# /vi /etc/netmasks192.9.200.0 255.255.255.0# cd /var/yp# /usr/ccs/bin/make
-- Each time you run the add_install_client script on a boot server to provide boot support for a jumpstart client, the script checks the /etc/nsswitch.conf file for the bootparams entry.
Begin ScriptProfileFinish Script
-- Use can use CD/DVD soruces as boot source instead of spooled Solaris OE Image. Also you can use a Flash source as an alternative installation service.
Identifying Log Files
Jumpstart clients retain the following log files during the installation process:/tmp/begin.log/tmp/finish.log/tmp/install_log/var/sadm/system/logs/sysidtool.log
Jumpstart clients retain a corresponding set of log files after the installation process completes and the system reboots/var/sadm/system/logs/begin.log/var/sadm/system/logs/finish.log/var/sadm/system/logs/install_log/var/sadm/system/logs/sysidtool.log
You might also like:
NIS Master Server Configurations
NIS Interview questions and answers
Jump start and Boot Only Server
Configuring Name Service Clients
Configuring System Messaging
JumpStart Installation
Four Main Services
Boot ServicesIdentification ServicesConfiguration ServicesInstallation Services
Implementing a Basic Jumpstart Server
1. Spool the OS image2. Edit the sysidcfg file3. Edit the rules and profile files4. Run the check script5. Run the add_install_client scripts
34
6. Boot the client
# cd /export# mkdir config# mkdir sol_dump# cd /cdrom/cdrom0/s0/Solaris_9/Misc/Jumpstart_sample/# cp –r * /export/config/# cd /cdrom/cdrom0/s0/Solaris_8/Tools# ./setup_install_server /export/home/sol_dump -- Copying solaris dump to local directory# cd /cdrom/cdrom0/Solaris_9/Tools/# ./add_to_install_server /export/home/sol_dump -- Appending 2nd CD content# cd /etc
# vi ethers8:0:20:a6:aa:2b ultra5 (hostname)
# vi /etc/hosts140.40.40.154 ultra5
# vi /etc/timezoneAsia/Calcutta ultra5
# cd /export/config/
# vi ruleshostname ultra5 - host_class finish_script
- Pre Install scripthost_class -- Config details like partitionfinish_script -- Post install scripts
# vi host_classinstall_type initial_installsystem_type standalonepartitioning explicitCluster SUNWXallfilesys c0t0d0s0 10000 /filesys c0t0d0s1 550 swapfilesys c0t0d0s7 free /export/home
# vi finish_scripttouch /a/noaushutdownrm /a/etc/defaultdomainrm –r /a/var/yp/digit.comcp /a/etc/nsswitch.files /a/etc/nsswitch.conf
# vi sysidcfg -- System identification & configuration. Timezone can also be given heresecurity_policy=nonename_service=nonenetwork_interface=primary [netmask=255.255.0.0 protocol_ipv6=no]timezone= Asia/Calcuttasystem_locale=en_US
-- Time zone are listed in the directory structure below the /usr/share/lib/zoneinfo directory.-- Locales are listed in the /usr/lib/locale directory
# chmod 755 finish_script35
# ./check -- To check the config
# vi /etc/dfs/dfstabshare –o anon=0 /export/home/sol_dumpshare –o anon=o /export/config
# cd /var/yp# /usr/ccs/bin/Make# cd /export/home/sol_dump/solaris_9/Tools# ./add_install_client –c 140.40.40.151:/export/config –p 140.40.40.151:/export/config ultra5(hostname) sun4u# update the NIS file with make command
From Client
ok boot net –install -- Will search the network and start the installation automatically
-- Before a Jumpstart client can boot and obtain all of the NFS resourctes it requires, every directory listed as an argument to the add_install_client script must be shared by the server on which it resides.
Setting Up a Boot-Only Server
A boot server responds to RARP, TFTP, and bootparams requests from jumpstart clients and provides a boot image using the NFS service.1. Running the setup_install_server script with the –b option to spool a boot image from CD-Rom or DVD2. Running the add_install_client script with options and argument that shows a list of servers and the identification config, and installation services that they provide.
Executing the setup_install_server script# mkdir /export/install# cd /cdrom/cdrom0/s0/Solaris_9/Tools# ./setup_install_server –b /export/installExecuting the add_install_client scriptBefore you run the script, update the hosts and ethers information for the jumpstart client
/etc/inet/hosts192.10.10.4 client1
/etc/ethers8:0:20:9c:88:5b client1
The boot server must have entry in /etc/inet/hosts file for each server you specify while you run add_install_client script.# cd /export/install/Solaris_9/Tools# ./add_install_client –c server1:/export/config –p server1:/export/config client1 sun4u
You might also like:
Configuring NIS for Jumpstart Procedures
Important open boot commands in solaris OBP commands
Configuring NFS
NIS Master Server Configurations
36
NFS server configuration on solaris 10
Configuring Name Service Clients
Configuring a DNS Client
The client resolver code is controlled by the following files/etc/resolv.conf -- Contains directive to specify the scope of a query/etc/nsswitch.conf -- Contains the reference to DNS for the hosts entry
Configuring the DNS Client During Installation
-- Select DNS -- Give Domain Name -- Enter IP Address -- Enter search Domains -- Confirm
Editing DNS Client Configuration Files
# vi /etc/resolv.confdomain digigeeks.comnameserver 140.40.40.152search digigeeks.com -- List the local domain as the first argument to the search
Copying the /etc/nsswitch.dns File to the /etc/nsswitch.conf
# cp /etc/nsswitch.dns /etc/nsswitch.conf# cat /etc/nsswitch.conf………hosts files dns……..
If you want to add DNS name resolution to a system currently running a name service, such as NIS or NIS+. You must place the dns keyword on the hosts line in the specific location, along with other keywords.
# cat /etc/nsswitch.conf…..hosts: nfs files dns…..Setting up an LDAP Client
The LDAP server cannot be a client of itself. Getting this configuration to work properly requires changes to the LDAP server and the LDAP client. The ldap_cachemgr daemon is responsible for maintaining and updating the changes to the client profile information.
Configuring LDAP Client During Installation-- Select LDAP -- Enter Domain Name -- Enter Profile Name & Profile Server IP Address -- Confirm
Initializing the Native LDAP Client
You execute the ldapclient command on the client system once to initiate the client as a native LDAP client. The ldapclient command creates two files in the ./var/ldap directory on the LDAP client. These files contain info that the LDAP client use when binding to and accessing LDAP data./var/ldap/ldap_client_cred -- The proxy agent info that the client uses for LDAP authentication/var/ldap/ldap_client_file -- The config info from the client profile in the LDAP server DB
# ldapclient init –a proxy password=proxy –a proxy DN=cn=proxyagent, ou=profile, dc=suned.com, dc=sun –a domainname=suned.com 192.168.0.100
37
# ldapclient list
Copying the /etc/nsswitch.ldap to the /etc/nsswitch.conf
During LDAP client initialization the /etc/nsswitch.ldap file is copied over the /etc/nsswitch.conf file
# ldaplist -- To list naming info from LDAP server
# ldapclient uninit -- Unconfiguring LDAP Client
You might also like:
Using Name Services
Solaris-10 LDAP NIS DNS Guide
Configuring NFS
NIS Master Server Configurations
NFS server configuration on solaris 10
Name Services -- DNS, NIS, NIS+, LDAP
/etc/rc2.d/S72inetsvc script -- Starts DNS during system boot./etc/rc2.d/S71rpc script -- Starts NIS & NIS+ during system boot/etc/rc2.d/S72directory script -- Starts iPlanet Server during system boot.
http://4.bp.blogspot.com/_HPbV8aJu9n8/SmW1y7fdwcI/AAAAAAAAFCM/qjTdwf3rT4I/s1600-h/solaris+interview+questions.JPG http://4.bp.blogspot.com/_HPbV8aJu9n8/SmW1y7fdwcI/ AAAAAAAAFCM/qjTdwf3rT4I/s1600-h/solaris+interview+questions.JPGThe name service switch file determines which services a system users to search for information and in which order the name services are searched. All Solaris OE systems uses the /etc/nsswitch.conf file as the name service switch file. The nsswitch.conf is loaded with the contents of a template file during the installation of the Solaris OE depending on the name service that is selected.
Name Service Name Service TemplateLocal Files /etc/nsswitch.filesDNS /etc/nsswitch.dnsNIS /etc/nsswitch.nisNIS+ /etc/nsswitch.nisplusLDAP /etc/nsswitch.ldap
Configuring the Name Service Cache Daemo (nscd)
The nscd daemon is a process that provides a cache for the most common name service requests. The /etc/nscd.conf file controls the behavior of the nscd daemon. The nscd daemon provides caching for passwd, group, hosts, ipnodes, exec_attr, prof_attr and user_attr databases. Each line specifies either an attribute and a value or an attribute, a cache name, and a value.
# /etc/init.d.nscd stop (or) start
The getent command provides generic retrieval interface to search many name service database. As a system administrator, you can query name service information sources with tools, such as the ypcat NIS namespacenslookup DNSldaplist LDAPBt these tools are not consulting nsswitch.conf file. Whereas getent command searches the
38
information sources in the order in which they are configured in the name service switch file. So if there is any error in the file will be identified with this command.
getent database [key]…..database -- The name of the database to be examined. This name can be passwd, group, hosts, ipnodes, services, protocols, ethers, networkds, or netmasks.
# getent passwd lplp:x:71:8:Line Printer Admin:/usr/spool/lp:
# getent group 10staff::10:
# getent hosts sys44192.168.38.44 sys44 loghost (loghost will be absent if the NIS is searched first)
Configuring System Messaging
The syslog system messaging features track system activities and events. You can manually generate log messages by using the logger command. The syslog function, the syslogd daemon, and input from the /etc/syslog.conf file work together to facilitate system messaging for the solaris 9 OE.
The /etc/syslog.conf file
This file consists of two tab-separated fields: selector and action. The selector field has two components, a facility and a level written as facility.level. Facility represents categories of system processes that can generate messages. Levels represent the severity or importance of the message. The action field determines whether to send the message.
*.err /var/adm/messages -- Error messages for all facilities are sent to the /var/adm/messages
Only use tabs as white space in the .etc.syslog.conf file. The Solaris OE accesses the /usr/include/sys/syslog.h file to determine the correct facility.level sequencing order.
Selector Fields (facility) Options
kern Messages generated by the kerneluser Messages generated by user processes and don’t have default priority for messagesdaemon System daemon, such as the in.ftpd and the telnetd daemonauth The authorization system, including the login, su, and ttymon commandssyslog Messages generated internally by the syslogd daemonlpr The line printer spooling system, such as the lpr and lpc commandsnews Files reserved for the USENET network news systemuucp The UNIX to UNIX copy (uucp) system does not use the syslog functioncron The cron and at facilities, including crontab, at, and cronlocal0-7 Fields reserved for local use.mark The time when the message was last saved and produced by the syslogd daemon* All facilities, except the mark facility.
You can use the asterisk (*) to select all facilities (for eg. *.err); however, you cannot use * to select all levels of a facility (for eg. Kern.*)
The levels in descending order of severitySelector Fields (level) OptionsLevel Priority Description
emerg 0 Panic conditions that are normally broadcast to all users
39
alert 1 Conditions that should be corrected immediatelycrit 2 Warnings about critical conditions, such as hard device errorserr 3 Errors other than hard device errorswarning4 Warning messagesnotice 5 Non-error conditions that might require special handlinginfo 6 Informational messagesdebug 7 Messages that are normally used only when debugging a programnone 8 Messages are not sent from the indicated facility to the selected file
Not all levels of severity are implemented for all facilities in the same way.
Action Field -- The action field defines where to forward the message. This field can have any one of the following entries
/filename The targeted file@host The @sign denoted that messages must be forwarded to a remote host. Messages are forwarded to the syslogd daemon on the remote hostuser1, user2 The user1 and user2 entries receive messages if they are logged in* All logged in users will receive messages
You must restart the syslogd daemon whenever you make any changes to /etc/syslog.conf file# /etc/init.d/syslog stop (or) start# pkill –HUP syslogd
Syslogd started -- It’s starting the M4 Macro Processor -- M4 will read the /etc/syslog.conf file.
Configuring syslog Messaging
The inetd daemon uses the syslog command to record incoming network connection requests made by using TCP. You can modify the behavior of the inetd daemon to log TCP connections by using the syslogd daemon. The daemon facility and the notice message level are supported by inetd.Use the –t option as an argument to the inetd daemon to enable tracing of TCP services. When you enable the trace option for the inetd daemon, it uses the daemon.notice to log the client’s IP address and TCP port number, and the name of the service. Add the –t option to the entry which activated the inetd daemon in the inetsvc script located in the /etc/init.d directory
# grep inetd /etc/init.d/inetsvc/usr/sbin/inetd –s –t -- You must restart the inetd daemon for the new option to take effect
# grep daemon.notice /etc/syslog.conf*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
Monitoring a syslog File in Real Time
The tail –f command holds the file open so that you can view messages being written to the file by the syslogd daemon.
# tail –f /var/adm/messages -- Press Ctrl+c to exit
Adding One-Line Entries to a System Log File
logger [-i](logs PID) [-f file] [-p priority] [-t tag] [message]
# logger system rebooted -- If the user.notice field is configured in the /etc/syslog.conf file, the message is logged to the file designated for the user.notice selector field
# logger –p user.err system rebooted -- Changing the priority of the messages to user.err route the 40
messages to the /var/adm/messages file as indicated in the /etc/syslog.conf file# logger –i –p2 “crit”
/dev/sysmsg -- Console
Performing File System Backups
/dev/rmt/#hn -- h – Tape Density (l,m,h,c,u) n – no rewind
mt –f tape-device-name command countmt status -- Displays status info about the drivemt offline -- Rewind the tape and if appropriate takes the drive unit offlinemt rewind -- Rewinds the tapemt fsf count -- Moves the tape forward count records
# mt –f /dev/rmt/0n fsf 2 -- Positions the tape at the beginning of the third tape record
Level 0 MonthlyM T W Th F3 4 5 6 23 4 5 6 23 4 5 6 2
/etc/dumpdates -- Each line shows the FS that was backed up and the level of the last backup. Also shows the date, and the time of the backup(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005
When an incremental backup is performed the ufsdump command consults the /etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdump command copies to the backup media all of the files that were modified or added since the date of that lower-level backup. When the backup is complete, the /etc/dumpdates file records a new wntry that describes this backup. The new entry replaces the entry for the previous backup at that level
Options for the ufsdump command
0-9 Backup levelsv Verify, After the tape is written for any discrepancies occurs Size estimatel Autoload, you use this option with an autoloading tape driveo Offline, When the backup is complete. Takes offline, rewinds, and if possible ejectu Updates the /etc/dumpdates filen Notify. Sends messages to the logged-in users terminals who are member of sys groupf device Specify the device
Tape Backup
Become root user, switch to single user mode, and unmount the FS# /usr/sbin/shutdown –y –g300 “System is being shutdown for backup”# umount /export/home# fsck /dev/rdsk/c0t0d0s7# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7
Remote Backups
To perform remote backups across the network, the system with tape drive must have an entry in its /.rhosts file for every system that uses the tape drive
41
# ufsdump 0uf host2:/dev/rmt/0 /export/home
Performing File System restores
The ufsrestore command copies files to the disk, relative to the current working directory from backup tapes that were created by the ufsdump command.
Options for the ufsrestore Command
t Lists the table of the backup mediar Restores the entire FS from the backup mediax file1 file2 Restores only the files named on the command linei Invokes an interactive restorev Specifies verbose mode. Displays details of the restore operation on the screenf device Specifies the tape drive name
restoresymtable -- System creates this file when you restore an entire FS. The ufsrestore command uses this file for check=printing or passing information between incremental restores. You can remove this file when the restore is complete.
Restoring the /opt FS
# newfa /dev/rdsk/c0t0d0s5# mount /dev/dsk/c0t0d0s5 /opt# cd /opt# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /# umount /opt# fsck /dev/rdsk/c0t0d0s5# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s5
Always restore a FS by starting with the level 0 backup tape, continue with the next lower level tape and continue through the highest level tape.
Restoring /usr FS
ok boot cdrom –s# newfs /dev/rdsk/c0t0d0s6# mount /dev/dsk/c0t0d0s6 /a# cd /a# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /# umount /a# fsck /dev/rdsk/c0t0d0s6# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s6# init 6
Performing a special case Recovery of the /(root) FS
ok boot cdrom -s# newfs /dev/rdsk/c0t0d0s0# mount /dev/dsk/c0t0d0s0 /a# cd /a# ufsrestore rf /dev/rmt/0# rm restoresymtable# cd /usr/platform/’uname –m’/lib/fs/ufs
42
# installboot bookblk /dev/rdsk/c0t0d0s0# cd /# umount /a# fsck /dev/rdsk/c0t0d0s0# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s0# init 6
Invoking an Interactive Restore
# cd /var/tmp# ufsrestore ivf /dev/rmt/0ufsrestore> ls -- Display the contents of the directory structure on the backup tapeufsrestore> cd directory1ufsrestore> lsufsrestore> add file1 file2 -- Add the files you want to be restore to the extraction listufsrestore> delete file1 -- to delete a file from the extraction listufsrestore> marked -- To view the marked extraction filesufsrestore> extract -- To restore the selected files from the backup tape
The ufsrestore command has to find the selected files. If you used more than one type for the backup, first insert the tape with the highest volume number and type the appropriate number at this point.
Set directory mde, owner, and timesSet owner/mode for ‘.’?[yn] n -- Answering y sets ownership and permission of the temp directory to those of the directory structure on the tape
ufsrestore> quit
Move/copy the restored files to their original or permanent directory and delete from the temp directory
Performing an Incremental Restore
Always start with the last volume and towards the first. The system uses info in the restoresymtable file to restore incremental backups on top of the latest full backup.
# more /etc/dumpdates | grep c0t0d0s7# newfs /dev/rdsk/c0t0d0s7# mount /dev/dsk/c0t0d0s7 /export/home# cd /export/home# ufsrestore rvf /dev/rmt/0Load the next lower level tape into the tape drive and issue the following command# ufsrestore rvf /dev/rmt/0
Alternate Steps (5 & 6)
# ufsrestore iv /dev/rmt/0ufsrestore> lsufsrestore> add *ufsrestore> extractufsrestore> q
Load the next tape and perform the below operation# ufsrestore ivufsrestore> lsufsrestore> add*ufsrestore> extract
43
ufsrestore> q
Backup up a Mounted FS with a UFS Snapshot
/usr/sbin/fssnap –F FsType –V –o special-options(s) mount-point | special
Options for the fssnap command
-d Deletes the snapshots associated with the given FS. If –o unlink option was used when you built the snapshot, the backing store file is deleted together otherwise it has to be deleted manually-F FsType Specifies the FS type to be used-i Displays the state of an FSType snapshot-v Echos the complete command line, but does not execute the command-o Enables you to use special options. Such as the location & size of bs file
# fssnap –F ufs –o bs=backing_store_path /file_system# fssnap –F ufs –o bs=/var/tmp /export/home/dev/fssnap/0
backing store file -- The snapshot subsystem saves FS data in this file. The fssnap command creates the backing-store file and two read-only virtual devices. The block virtual device, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device, /dev/rfssnap/0.
You can limit the size of the backing-store file by using the –o maxsize=n option.If the backing-store file runs out of disk space, the system automatically deleted the ufs snapshot.
# fssnap –F ufs –o bs=/var/tmp,maxsize=500m /export/home# fssnap –I -- Displays a list of all the current UFS snapshots on the system0 /export/home1 /usr2 /database
# /usr/lib/fs/ufs/fssnap –I /export/home -- Shows the details for the /export/home snapshot
Performing a backup of a UFS Snapshot
# mkdir –p /backups/home.bkp -- Creating an empty directory# mount –F ufs –o ro /dev/fssnap/0 /backups/home.bkp -- Mounting the block virtual device# cd /backups/home.bkp# tar cvf /dev/rmt/0(or)# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0# ufsrestore tf /dev/rmt/0 -- To verify
Performing an Incremental Backup of a UFS Snapshot
Use ufsdump with the N option to create an incremental UFS snapshot. Which writes the name of the device being backed up, rather than the name of the snapshot device to the /etc/dumpdates file
# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c1t0d0s0 /dev/rfssnap/0# ufsrestore tf /dev/rmt/0 -- To verify
# fssnap –d /extra(Source FS) -- To remove a snapshot# rm /var/tmp/snapshot0
44
Restoring Data from a UFS Snapshot Backup
The backup created from a virtual device is a backup of the original FS when the UFS snapshot was taken. You can restore a UFS snapshot from a backup tape in the same manner as you would the backup of an original FS
# cd /usr# ufsrestore if /dev/rmt/0ufsrestore> add demoufsrestore> extractufsrestore> quit
Deleting a UFS Snapshot
# umount /dev/fssnap/0# fssnap 0d /export/home# rm /backing_store_file
Q)How to create backup by ufs dump
A) ufsdump –0(zero)cvf /dev/rmt/0 /naveen
How to list the files
Ufsrestore –tvf /dev/rmt/0Ufsdump –uvf /dev/rmt/0 /naveen – to updatesUfsrestore –ivf /dev/rmt/0 /naveen
Q) How to back up using tar
A)Tar –cvf /dev/rmt/0 /naveen - copyTart –tvf /dev/rmt/0 - ExtractTar –uvf /dev/rmt/0 /naveen - UpdateTar –xvf /dev/rmt/0 /naveen - Extract
Backup commands
File Archives
# tar –cvf bkp.tar file1 file2 - Will archive file1 & file2# tar –tvf bkp.tar - Shows the table of content# tar –xvf bkp.tar - It extracts file from the tar archive
# jar –cvf bkp.tar# jar –tvf bkp.jar # jar –xvf bkp.jar
# compress bkp.tar - To compress tar archive# lsbkp.tar.z# uncompress bkp.tar.z - To uncompress tar archive# gzip bkp.tar - To create gzip filebkp.tar.gz# gunzip bkp.tar.gz - To extract the tar archive by gunzipbkp.tar
# zip out.zip bkp.tar - To create zip archive
45
# unzip out.zip - To extract the zip archive
http://solarisinterview.blogspot.com/
Managing the Solaris OE File System
ufs – Unix FS
hsfs – High Sierra FS
pcfs – PC FS for DOS FAT32 FSudfs – Universal Disk Format FS
nfs - Network FSPseudo FS – Memory based FS tmpfs swapfs procfs mntfs
VTOC present in the first sector in the raw disk area.VTOC - 512 sector
Boot Block - 1-15 sectorSuper Block - 16-31First Cylinder Group - 32
Creating File Systems
# newfs /dev/rdsk/c1d0s0 - Creating FS# newfs –i 16384 /dev/rdsk/c1d0s0 - Creating FS with data block size 16KB
# mount /dev/dsk/c1d0s0 /p1 - Mounting partition in /p1 directory
# fstyp –v /dev/rdsk/c1d0s0 grep minfreeminfree 6% - To know the reserved disk space
# tunefs –m 2 /dev/rdsk/c1d0s0 - This will reduce the reserved space to 2%
# umount /p1 - To umount a partition.
Never run the fsck command on a mounted FS. The /, /usr and /var FS should have the fsck command run on them on single user mode
# fsck /dev/rdsk/c0td0s7 - To check the FS in interactive mode# fsck –o f,p /dev/rdsk/c0t0d0s7 - f – forces p – preen or Non interactive mode# fsck –y /dev/rdsk/c0t0d0s7 - It answers that to all questions we said yes with –y option
# newfs –N /dev/rdsk/c0t0d0s7 - To view the locations of alternative backup superblocks
# fsck –o b=32 /dev/rdsk/c0t0d0s7 -Will retrieve the corrupted partition.# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32 - It will corrupt the partition# df - Shows disk detail in blocks# df –k (in KB) # df –h - Displays disk allocation in MB & GB
# df –e - Points only the number of files free
# du –k - Displays disk use in KB
# du –s - Displays only the summary in 512 bytes blocks. Using the s and k options together shows summary in KB
46
# du –h /opt - Shows the disk usage by the directory
# quot –a - Reports on all mounted file systems
# quot –f - Include the number of files
# quot –h /export/home - Shows disk usage userwise in the particular directory
Mounts & Unmounts
# mount - Lists all of the mounted FS in the /etc/mnttab file
VFSTAB -Virtual File System Tab /etc/vfstabdevice to mount:device to fsck:mount point:FS type: fsck pass: mount at boot: mount options- /etc/mnttab file is an mntfs file that provides read-only info about mounted FS on the local host
- The /etc/vfstab file lists all the FS to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run FS
# mount /dev/dsk/c0t0d0s7 /export/homeMount Options : read/write, setuid, intr, nologging and largefiles, xattr and onerror.
# mount –o option,option,… device_name mount_point# mount -o ro /dev/dsk/c0d0s7 /p3 - Mount the partition read only.# mount –o ro,nosuid /dev/dsk/c0t0d0s7 /export/home - Prohibit execution of setuid pgm.
In solaris 2GB is the large file limit. Use of nolargefiles option fails if the FS to be mounted contains large files.# mount -o nolargefiles,noatime /dev/dsk/c0d0s7 /p3nolargefiles - Won’t allow large files in this partitionnoatime - Modification time stamp won’t get updated.
# mountall - Mounted local FS listed in the /etc/vfstab file
# mountall –l - If any FS has entry in the fsck pass field as – or 0 then it will get mounted without fsck checking. Otherwise fsck carried out before mounting
# fstype /dev/rdsk/c0t0d0s7 - To know the FS type
# mount –F hsfs –o ro /dev/dsk/c0t6d0s0 /cdrom - To mount CD-Drive
# mount –F pcfs /dev/diskette /pcfs
# umount /export/home or umount /dev/dsk/c0t0d0s7
# umountall - Will unmount local FS listed in /etc/mnttab except /, /usr, /proc, /dev/fd, /var, /var/run & /tmp
# umountall –l - To verify the FS listed in the /etc/mnttab
# fuser –c /p3 - Will show the process running on the partition# fuser –ck /p3 Will kill the user processes
# umount –f /p3 Force the partition to unmount
# TERM=sun
47
# export TERM - Executes this 2 command to enable the VI editor to work properly
# ps –ef | grep vold
Vold is the daemon taking care of auto mounting CD-Rom.
# volcheck - Will check any media present in CD-Rom or Floppy drive
# /floppy/floppy0 - Floppy get mounted here automatically
# /cdrom/cdrom0 - CD-Rom get mounted here automatically
# /etc/init.d/volmgt stop (or) start
# eject cdrom - Will eject the CD-Rom if the vold is running
# fdformat –t dos /dev/rdiskette - To format a floppy with DOS mode
# fdformat - To format the floppy in Solaris Format.
solaris interview question Raid levels and File systems
Q) How to create raid 0 concatination
A) # metainit d0 2 1 c0t0d0s1 1 c0t1d0s1
Q)How to see the meta device information
A)# metastat
Q)How to format and mount a slice
A)newfs /dev/md/rdsk/d0Mount /dev/md/dsk/d0 /nav
Q) how to create raid 0 stripping
A) #metainit d1 1 2 c0t0d0s1 c0t0d0s2#metastat#newfs /dev/md/rdsk/d1#mount /dev/md/dsk/c1 /naveen
Q) How to differentiate concatenation and stripping
A)when used metastat command stripping will show an interlace value 32KB this shows it is striped
Q)how to clear metadevices
A)#metaclear d0#metaclear d1
Q)How to create mirroring raid -1#metainit d1 1 1 c0t0d0s1 Metainit d2 1 1 c0t0d0s2 Metainit d3 –m d1
48
Metattach d3 d2 Metastat
Q) how to create stripe with parity# metainit d1 –raid5 c0t0d0s0 c0t0d0s0 c0t2d0s0MetastatNewfs /dev/md/rdsk/d1Mount /dev/md/rdsk/d1 /naveen
Q)how to grow the size of the volume#growfs –M /d1 c0t0d0s1-(new device)
Q) how to create raids using veritas volume manager concationation
#vxassit –g rootdg make vol01 20g#newfs /dev/vx/rdsk/rootdg/vol01#mount /dev/vx/dsk/rootdg/vol01 /naveen
StrippingA)vxassit –g rootdg make vol02 20g layout=stripe st_width=32#newfs /dev/vx/rdsk/rootdg/vol02#mount /dev/vx/dsk/rootdg/vol02 /naveen
mirroring
vxassit –g rootdg make vol03 20g layout=mirrornewfs /dev/vx/rdsk/rootdg/vol03mount /dev/vx/dsk/rootdg/vol03 /naveen
stripping with parity.
vxassit –g rootdg make vol4 20g layout=raid5,nologsnewfs /dev/vx/rdsk/rootdg/vol4mount /dev/vx/dsk/rootdg/vol4.
Q)How to print plexes,subdisk,volumes
Vxprint –pt – for plexesVxprint –st subdiskVxprint –vt volumes
Q)how to increase the size of the volume
Vxassit –r rootdg growby vol01 20g/usr/lib/fs/fsck –F ufs –M /naveen /dev/vx/rdsk/rootdg/vol01 40980 (offset value by typing the vxprint –vt command)
Q)what is the top command used for ?
Its lists all the processes with the process idCpu utilization and idle cpuMemory utilization and idle memorySwap utilization and ideal swapApplication using maximum cpu utilization with pid
49
Q)what is lofs used for?
Lofs list open files is used for to check a problem encounter with a file or process
Q)what is the use of truss command
A)Trace system call for every running file
30) What are the fields in vfstab
A) 1. device to mount 2.raw device to fsck 3.mountpoint 4.filesystem type 5.fsck pass 6.mount at boot 7. mount options
cat /etc/vfstab
#device device mount FS fsck mount mount
#to mount to fsck point type pass at boot options
#
/dev/md/dsk/d1 - - swap - no -
/dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no -
#/dev/md/dsk/d3 /dev/md/rdsk/d3 /data1 ufs 2 yes -
#/dev/md/dsk/d4 /dev/md/rdsk/d4 /data2 ufs 2 yes -
swap - /tmp tmpfs - yes -
/dev/dsk/c3t32d0s0 /dev/rdsk/c3t32d0s0 /data1 ufs 2 yes -
/dev/dsk/c3t32d0s1 /dev/rdsk/c3t32d0s1 /data2 ufs 2 yes -
Solaris volume Mangement
metadb –a [-f] [-c n] [-l nnnn] disk_slice
-a Adds a stale database replica-f Force the creation of the initial replica, even if no replica exist. -c n Specifies the number of replicas to add to the slice-l nnnn Specifies the size of the new replica in blocksdisk_slice Specifies the name of the disk_slice that will hold the replica
# metadb –a –f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 -- To create metadb# metadb -- Reports the status of all replicas
RAID 0 Config
# metainit d10(name d0-dn) 3(total disk/slice) 1 c0t1d0s0 1 c0t1d0s1 1 c0t1d0s3# newfs /dev/md/rdsk/d10
# metaclear d10 -- Delete the volume
# metainit d0(partition name) –p d10(volume name) 1000m -- Creating partition
# metattach d0 999m -- To increase partition size
# growfs –M /m1(mount point) /dev/md/rdsk/d0 -- To create FS for extra space added
# metattach d10(volume) c0t1d0s4 -- To increase space for volume50
RAID 5 Config
# metainit d20 –r(raid 5 option) c0t1d0s0 c0t1d0s1 c0t1d0s3
# metadb –d –f c0t1d0s7 -- To delete metadb
RAID 1 Config
# metainit d10 –m d0 -- To create mirrorThen reboot# metattach d10 d1 -- Attaching another disk to mirror
# metastat -- To check the status of mirror disk
Building a Mirror of the Root (/) File System
metainit –f concat/stripe numstipes width components……# metainit –f d0 1 1 c0t0d0s0d0 concat/stripe is setup
# metainit d1 1 1 c0t1d0s0d1 concat/stripe is setup
metainit mirror –m submirror [read_options] [write_options] [pass_num]
read_options-g -- Enables the geometric read option, which results in faster performance on sequential reads-r -- Directs all reads to th first submirror. Use this option, when the devices that comprise the first submirror are substantially faster than those of the second mirror.
You cannot use –r option with the –g option. If neither the –g nor –r options are specified, reads are made in a round-robin order from all submirros in the mirror. This process enables load balancing across the submirros.
write_optionsS -- Performs serial write to mirrors. The default setting for this option is parallel writePass_num -- A number (0-9) at the end of an entry defining a mirror that determines the order in which that mirror is resynchronized during a reboot. The default is 1. If 0 used resync is skipped.
# metainit d10 –m d0d10 : Mirror is setup
# metaroot d10 -- Updates /etc/system file also /etc/vfstab
# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -
The metaroot command also updates the /etc/system file to contain the forceload statement that loads the kernel modules that support the logical volumes.
# tail /etc/systemforceload : misc/md_hotsparesforceload : misc/md_spforceload : misc/md_stripe
51
forceload : misc/md_mirroforceload : drv/pcipsy...rootdev:/pseudo /[email protected]
You must reboot the system before attaching the secondary submirror# init 6# metattach d10 d1d10: Submirror d1 is attached
# ls –l /dev/dsk/c1t0d0s4Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................
ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:bok printenv boot-deviceboot-device=disk netok setenv boot-device disk backup_root netboot-device=disk backup_root net
ok boot backup_root -- To test the secondary submirrorUnmirroring the Root (/) File System
# metastat d10 -- To verify that status of the mirror# metadetach d10 d1 -- To make a one-way mirrord10: submirror d1 is detached# metaroot /de/dsk/c0t0d0s0 -- To change entries in /etc/vfstab and /etc/system# init 6# metaclear –r d10 -- To clear the mirror and submirror. The –r deletes metadevicesd10: Mirror is clearedd0: Concat/Stripe is cleared# metaclear d1d1: Concat/Stripe is cleared
MNC Frequently Asked Questions and Answers
1) How to do see the processor information in solaris 8/9/10?
# psrinfo# psrinfo –pv :- To see which processors are online and offline.If you have multiple processors.
2) How to change processor operation status in solaris.
# psradm –a –n online:- To set all processor available on the system to online# psradm –f 2 3 offline :- To make processor 2 and 3 offline, if you have multiple processors
3)How to make processor 4 number offline when you have more then 4 processors.
# psrinfo –V :- To check the status and then # psradm –f 4 offline - To make processor number 4 offline
4) How to make processor 3 online when you have more then 4 processor and processor 3 is offline?
52
# psrinfo –v:- To see the status of all processors# psradm –a 3 online :- To make processor 3 online
5) How to see which kernel version and artitecture used by the system?
# isainfo -v :- To see kernal version and 32 bit or 64 bit system and artictect.
6) How to see the default boot device from the boot prom or OBP?
ok> prtenv boot-device
7) How do you set a deafault boot device from the boot prom?
ok> setenv boot-device diskBoot-device=disk# reset - To make the changes.
8) How to see all the informations of the hardware related from bootprom (OBP)# banner or# prtconf
9) How to see the physical disk connected to the system from Open Boot Command OBP?
Ok>probe-scsi
10) How do you check your loop back or network devices from Open boot prom ?
ok> test net
11) How to check the check the clock devices from OBP?
Ok>netwatch-clock
12) How to set environment variable in NVRAM?
# nvalias /pci---/rarp – to set scsi for booting of client# nvalias net dhcp – to boot from dhcp# nvunalias net – remove the alias
13) How to configure newly attached hardware like hardsik/network card?
# devfsadmOr# drvconfig
14) How to create state database replica?
#metabd –a –f c0t0d0s1
15) what are raid0, raid1 and raid5?
A) Raid 0 is concatenation or stripping Concatenation means writing data in disk one after another Stripping means writing data of 32kbs interlease value in to disk
Raid 1 – mirroring that means writing data on two disk parallely or duplicatiung the data on two disk.
53
Raid 5 – stripping with parity the data of 2 disk is duplicated in the third disk with parity information
16) How to see the state databases replica?
# metabd -i
17) How to change the default level of State Database replica from 8kb to 4kb
# metabd –a –f –l 4096 c0t0d0s1
18) How to create 2 database replicas?
# metadb –a –f –c 2 c0t0d0s1
19) How to create raid 0 concatination?
A) # metainit d0 2 1 c0t0d0s1 1 c0t1d0s1
20) How to see the meta device information?
A)# metastat
21) How to format and mount a slice
A) newfs /dev/md/rdsk/d0 mount /dev/md/dsk/d0 /nav
22) how to create raid 0 stripping
A) #metainit d1 1 2 c0t0d0s1 c0t0d0s2#metastat#newfs /dev/md/rdsk/d1#mount /dev/md/dsk/c1 /naveen
23) How to differentiate concatenation and stripping
A) when used metastat command stripping will show an interlace value 32KB this shows it is striped
24) how to clear metadevices?
A)#metaclear d0#metaclear d1
25)How to create mirroring raid -1#metainit d1 1 1 c0t0d0s1Metainit d2 1 1 c0t0d0s2Metainit d3 –m d1Metattach d3 d2Metastat
26) how to create stripe with parity#metainit d1 –raid5 c0t0d0s0 c0t0d0s0 c0t2d0s0MetastatNewfs /dev/md/rdsk/d1Mount /dev/md/rdsk/d1 /naveen
27)how to grow the size of the volume#growfs –M /d1 c0t0d0s1-(new device)
54
28)how to create raids using veritas volume manager concationation
A)#vxassit –g rootdg make vol01 20g#newfs /dev/vx/rdsk/rootdg/vol01#mount /dev/vx/dsk/rootdg/vol01 /naveen
StrippingA)vxassit –g rootdg make vol02 20g layout=stripe st_width=32#newfs /dev/vx/rdsk/rootdg/vol02#mount /dev/vx/dsk/rootdg/vol02 /naveen
mirroring
A)vxassit –g rootdg make vol03 20g layout=mirrornewfs /dev/vx/rdsk/rootdg/vol03mount /dev/vx/dsk/rootdg/vol03 /naveen
stripping with parity.
A)vxassit –g rootdg make vol4 20g layout=raid5,nologsnewfs /dev/vx/rdsk/rootdg/vol4mount /dev/vx/dsk/rootdg/vol4.
29)How to print plexes,subdisk,volumes
Vxprint –pt – for plexesVxprint –st subdiskVxprint –vt volumes
30) how to increase the size of the volume?
# Vxassit –r rootdg growby vol01 20g
/usr/lib/fs/fsck –F ufs –M /naveen /dev/vx/rdsk/rootdg/vol01 40980 (offset value by typing the vxprint –vt command)
31) what is the top command used for
A)Its lists all the processes with the process idCpu utilization and idle cpuMemory utilization and idle memorySwap utilization and ideal swapApplication using maximum cpu utilization with pid
32)what is lofs used for
A)Lofs list open files is used for to check a problem encounter with a file or process
33)what is the use of truss command
A)Trace system call for every running file
34)Whats are the fields in vfstab
A)mount device-raw device for fsk-mountpoint-filesystem-fsckcheck-mount at boot and it contain all the mounted filesystem
55
35) How to recover root passwd?
#ok boot cdrom –sTERM=ansiExport TERMmkdir /demomount /dev/dsk/c0t0d0s0 /demoVi /demo/etc/shadow
Root:KHGHGHGGFG:-remove this encrypted passwd filed.
Save & quit
# Wq!
Reboot it logins with out asking for passwd# Passwd – enter new password.
36) How to create a user?
A) Useradd –u uid –g gid –d /export/home/naveen –m –s /bin/sh naveen
37) what are the files which maintain user information?
/etc/passwd/etc/group/etc/shadow
38) fields in /etc/passwdUsername-encrypted passwd-uid-gid-homedirectory-shell
39) fields in /etc/group group name-gid
40) fields in /etc/shadowusername:encrypted passwd-min-max-lastchange-inactive-warn-expire
41) how to create a quotascd /export/hometouch quotaschmod u+rw quotasedquota naveenSoft=5000 hard=6000 inodes=5000 inode=5500quotaon –v /export/homerepqupota –v /export/home or quota –v naveen to see quota
Solaris volume Mangement
Solaris volume Mangement
metadb –a [-f] [-c n] [-l nnnn] disk_slice
-a Adds a stale database replica-f Force the creation of the initial replica, even if no replica exist. -c n Specifies the number of replicas to add to the slice-l nnnn Specifies the size of the new replica in blocksdisk_slice Specifies the name of the disk_slice that will hold the replica
56
# metadb –a –f c0t0d0s4 c0t0d0s5 c1t0d0s0 c1t0d0s1 -- To create metadb# metadb -- Reports the status of all replicas
RAID 0 Config
# metainit d10(name d0-dn) 3(total disk/slice) 1 c0t1d0s0 1 c0t1d0s1 1 c0t1d0s3# newfs /dev/md/rdsk/d10
# metaclear d10 -- Delete the volume
# metainit d0(partition name) –p d10(volume name) 1000m -- Creating partition
# metattach d0 999m -- To increase partition size
# growfs –M /m1(mount point) /dev/md/rdsk/d0 -- To create FS for extra space added
# metattach d10(volume) c0t1d0s4 -- To increase space for volume
RAID 5 Config
# metainit d20 –r(raid 5 option) c0t1d0s0 c0t1d0s1 c0t1d0s3
# metadb –d –f c0t1d0s7 -- To delete metadb
RAID 1 Config
# metainit d10 –m d0 -- To create mirrorThen reboot# metattach d10 d1 -- Attaching another disk to mirror
# metastat -- To check the status of mirror disk
Building a Mirror of the Root (/) File System
metainit –f concat/stripe numstipes width components……# metainit –f d0 1 1 c0t0d0s0d0 concat/stripe is setup
# metainit d1 1 1 c0t1d0s0d1 concat/stripe is setup
metainit mirror –m submirror [read_options] [write_options] [pass_num]
read_options-g -- Enables the geometric read option, which results in faster performance on sequential reads-r -- Directs all reads to th first submirror. Use this option, when the devices that comprise the first submirror are substantially faster than those of the second mirror.
You cannot use –r option with the –g option. If neither the –g nor –r options are specified, reads are made in a round-robin order from all submirros in the mirror. This process enables load balancing across the submirros.
write_optionsS -- Performs serial write to mirrors. The default setting for this option is parallel write
57
Pass_num -- A number (0-9) at the end of an entry defining a mirror that determines the order in which that mirror is resynchronized during a reboot. The default is 1. If 0 used resync is skipped.
# metainit d10 –m d0d10 : Mirror is setup
# metaroot d10 -- Updates /etc/system file also /etc/vfstab
# grep md /etc/vfstab/dev/md/dsk/d10 /dev/md/rdsk/d10 / ufs 1 no -
The metaroot command also updates the /etc/system file to contain the forceload statement that loads the kernel modules that support the logical volumes.
# tail /etc/systemforceload : misc/md_hotsparesforceload : misc/md_spforceload : misc/md_stripeforceload : misc/md_mirroforceload : drv/pcipsy...rootdev:/pseudo /[email protected]
You must reboot the system before attaching the secondary submirror# init 6# metattach d10 d1d10: Submirror d1 is attached
# ls –l /dev/dsk/c1t0d0s4Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................
ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:bok printenv boot-deviceboot-device=disk netok setenv boot-device disk backup_root netboot-device=disk backup_root net
ok boot backup_root -- To test the secondary submirrorUnmirroring the Root (/) File System
# metastat d10 -- To verify that status of the mirror# metadetach d10 d1 -- To make a one-way mirrord10: submirror d1 is detached# metaroot /de/dsk/c0t0d0s0 -- To change entries in /etc/vfstab and /etc/system# init 6# metaclear –r d10 -- To clear the mirror and submirror. The –r deletes metadevicesd10: Mirror is clearedd0: Concat/Stripe is cleared# metaclear d1d1: Concat/Stripe is cleared
Booting process in solaris 10
The first question while giving any interview in solaris is what is the booting process in solaris or what is the boot phase in solaris.
58
Even to understand solaris clearly and to trouble shoot most of the things we need to know the booting process so that we can encounter where exactly is the problem we are getting.
The Boot Phases
The different phases of the boot process on SPARC-based systems are described here:
(I) Boot PROM phase.
The PROM displays the system identification information and then runs power-on self test (POST), which is a diagnostics routine that scans the system to verify the installed hardware and memory. POST runs diagnostics on hardware devices and builds a device tree, which is a data structure describing the devices attached to the system. After the completion of POST, the PROM loads the primary boot program bootblk.
(II) Boot programs phase.
The bootblk program loaded by PROM finds the secondary boot program ufsboot located in the UFS file system on the default boot device and loads it into the memory.
(III) Kernel initialization phase.
The ufsboot program loads the kernel into the memory. The kernel initializes itself and uses the ufsboot program to locate and load OS modules to control the system. A module is a piece of software with a specific functionality, such as interfacing with a particular hardware device. After loading enough modules to mount the root (/) file system, the kernel umnaps the ufsboot program and continue gaining control of the system. At the end of the kernel initialization phase, the kernel starts the /sbin/init process.
(IV) The init phase.
The init phase starts when, after initializing itself, the kernel starts the /sbin/init process, which in turn starts /lib/svc/bin/svc.startd to start the system services to do the following:
Check and mount file systems.
Configure network and devices.
Start various processes and perform tasks related to system maintenance.
The svc.startd process also executes run control (rc) scripts for backward compatibility. The steps in the boot process are illustrated in
59
Managing Crash Dumps & Core Files
When an OS has a fatal error; it generates a crash dump file (crash dump). When a process has a fatal error, it generates a core file.
If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs, the panic routine is executed. Where memory contents are copied to a disk partition defined as a dump device.
When an OS crashes, the savecore command is automatically executed during a reboot. The savecore command retrieves the crash dump from the dump device and the writes the crash dump to a pair of files in your FS.It places kernel core info in the /var/crash/nodename/vmcore.X fileIt places name list info & table info in the /var/crash/nodename/unix.X file
By default, the dump device is a swap partition. The swap partition contains temp data; therefore permanent data is overwritten by the crash dump.
# dumpadm -- To view the current dump configurationDump Content : Kernel pages (or) Application Pages (or) AllDump device : /dev/dsk/c0t0d0s1 (swap)Savecore directory : /var/crash/host1Savecore enabled : yes
# cat /etc/dumpadm.conf -- Content of dumpadm command
60
Changing the Crash Dump configuration
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-r root-dir] [-s savecore-dir]
-n Modifies the dump config so it does not run the savecore command automatically on reboot-u Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf-y Modifies the dump config so that the savecore command is run automatically on reboot. This is default-c content-type The content type can be kernel, all, or curproc. The curproc includes the kernel, memoty pages and the memory page of the currently executing process-d dump-device The dump device cab be an absolute path of swap-m mink | minm | min% Creates a minfree file in the current savecore-dir-r root-dir Specifies an alternative root directory relative to which dumpadm command should create files. The default root dir “/” is used.-s savecore-dir To mention savefiles dir. The default is /var/crash/hostname
Managing Core File Behavior
A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy is written to a more permanent medium, such as a HDD. A core file is useful in analyzing why a particular program crashed.
When a core file occurs, the OS generated two possible copies of the core files, one copy known as the global core file and the other copy known as per process core file. All depends on options in effect. Global core file is created in mode 600 and is owned by the superuser. Ordinary per-process core files are created in mode 600 under the credentials of the process.
# coreadm -- Displays the currnet core file configglobal core file pattern : -- Identifies the name to use for core files placed in global directoryinit core file pattern : core -- Identified the default name that per-process core files must useglobal core dumps : disabled -- Indicates global core files are disabledper-process core dumps : enabled global setid core dumps : disabledper-process setid core dumps : disabledglobal core dump logging : disabled
# cat /etc/coreadm.conf -- Content of coreadm command
You can enable or disable two configurable core file paths, per-process and global, separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each process that terminates abnormally produces two core files: One in the current working directory, and one in the /corefiles/core directory.
coreadm [-p pattern] [pid]………. -- Users can run this commandcoreadm [-g pattern] [-I pattern] [-d option……] [-e option…..] -- only root user can run
-i pattern Sets the per-process core file name pattern from init to pattern-e option Enables the specified core file optionglobal Enables core dumps by using the global core patternprocess Enables core dumps by using the per-process core patternglobal-setid Enables setid core dump by using the global core patternproc-setid Enables setid core dumps by using the per-process core patternlog Generates a syslog (3) message when a user attempts to generate a global core file-d option Disables the specified core file option. See the –e option for possible options-u Updates system-wide core file options from the config file /etc/coreadm.conf.
61
-g pattern Sets the global core file name pattern to pattern. The pattern must start with a /-p pattern Sets the per-process core file name pattern to pattern.
Pattern options for the coreadm Command
%p PID%u EUID%g EGID%f Executable file name%n System node name (uname –n)%m Machine hardware name (uname –m)%t The time in seconds since midnight jan 1 1970%% Literal %
# coreadm –p core.%f.%p $$ -- When executed from a users $HOME/.profile (or) .login file sets the core file name pattern for all processes run during the login session. The $$ variable is the PID of the currently running shell. The per-process core file name pattern is inherited by all child processes.
# coreadm –p $HOME/corefiles/%n.%f.%p $$ -- This command places all of the user’s core files into the corefiles subdirectory of users home directory, differentiated by the system node name.
# coreadm –g /var/core/core.%f.%p –e global -- This sets system-wide parameters that add the executable filename and PID to the name of any core file that is created.# coreadm -- to verify that this parameter is now part of the core file configuration
# coreadm 278 5678 -- Search for the core dump file. Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs.
Basic Boot PROM Commands
When the system is turned on or reset, it first runs POST, and then one of the following two things can happen:
The system will automatically reboot if the value of the configuration variable auto-boot? is true, the value of the boot-command variable is boot, and OpenBoot is not in diagnostic mode. In order to boot, the system will automatically load, and executes the program and its arguments specified by the boot-file variable from the device described by the boot-device variable.
If the configuration variable auto-boot? is false, the system may stop at the OpenBoot user interface without booting the system and will display the ok prompt.
You can issue the Boot PROM commands at the ok prompt. One obvious command is the boot command to boot the system, which you can use in one of the following ways:
Issue the boot command without any arguments if you want to boot the system from the default boot device using the default boot arguments.
Issue the boot command with an explicit boot device as an argument if you want to boot the system from the specified boot device using the default boot arguments.
The general syntax of the boot command is shown here:
boot [device] [arguments]
Arguments and options are described here:
{device}. Specifies the full path or the alias for the boot device. The typical values are:62
rsc>ok boot cdrom (for CD-ROM drive)
rsc>ok boot disk for hard disk
rsc>ok boot floppy for 3.5 inch diskette drive
rsc>ok boot net for network
rsc>ok boot tape for SCSI tape
{arguments}. Specify the arguments for the boot command such as the name of the file that contains the program that will be started as a result of the command. The name is relative to the selected device and partition. If this argument is not specified, the boot program uses the value of the NVRAM parameter: boot-file.
In addition to the boot command there are other administrative and diagnostic commands that you can issue at the Boot PROM prompt: ok. The commonly used OpenBoot PROM commands issued from the ok prompt are described below
rsc>ok banner - Displays current power-on banner. (-h ) can be used
rsc> ok boot [arguments] [options] - Boots the system.rsc> ok boot - Boots with default options.
rsc> ok .enet-addr - Displays current Ethernet address of the machine.
ok .version - Displays the version of the Boot PROM
ok eject media - Ejects the media.ok eject floppy ok eject cdrom ok eject tape
ok help [category]
ok help [command]ok help [command] The help command without arguments displays a list of command categories, and, with a category as an argument, displays help for all the commands in that category.
Example :- ok help setenv - Displays help for the setenv command.
ok password - Sets the security password.
ok printenv - Displays a table showing the boot configuration variable names, their current values, and default values.
ok reset-all - Resets the system. It's equivalent to performing a power cycle.
ok set-default [varName] - Sets the value of the specified variable to its default value.
Example :- ok set-default auto-boot?
ok setenv [varName] [value] - Sets the value of a boot configuration variable.
Example - ok auto-boot? false
ok show-devs - Displays the list of all the devices in the OpenBoot device tree.63
ok test [device] - Tests the specified device. No message displayed means test succeeded.
Example -ok test floppy ok test cdrom ok test /memory ok test tape
rsc>ok probe-scsi-all - to see all scsi based hardware.
Rebooting the Hung System
In order to reboot the hung system and force a crash dump, perform the following steps. This procedure will work even if the system is not hung.
Press the stop key sequence for your system. The specific stop key sequence depends on your keyboard type. For example, it could be Stop-A or L1-A. On terminals, press the Break key. The system will go to the PROM phase and display the ok prompt.
Synchronize the file systems and write the crash dump.1)> nrsc>ok sync
After the crash dump has been written to disk, the system will continue to reboot.
Verify that the system boots to run level 3. The login prompt is displayed when the boot process has finished successfully.
[login prompt]:
Login as root, and issue the following command to force a crash dump:
# halt -d
At the ok prompt, issue the boot command to boot the system:
rsc>ok boot
Making boot device alias
In case system can not boot from primary disk and it is needed to make another boot disk to access the data, nvalias command is used.
nvalias command makes the device alias and assigns an alternate name to a physical disk. Physical address of target disk is required which can be had by show-disk command on ok>.
rsc>ok nvalias disk7 /iommu@f,e0000000/sbus@f,e0001000/dma@3,81000/esp@3,80000/sd2,0 The new aliased disk can be named as boot disk or can be used for booting by refering its name . rsc>ok setenv boot-device disk7 rsc>ok reset or rsc>ok boot disk7
64
Basic Boot PROM Commands
rsc>ok boot cdrom - To boot from CD-ROM drive
rsc>ok boot disk - To boot from hard disk
rsc>ok boot floppy - To boot from 3.5 inch diskette drive
rsc>ok boot net - To boot from network( basically used for Custom Jumpstart
rsc>ok boot tape - for SCSI tape
Solaris Interview Questions and Answers http://solarisinterview.blogspot.com/
Performing Boot and Shutdown Procedures
Run Levels
0 -- ok modes or S Solaris OE single user mode with critical FS mounted1 -- Single user administrative state with access to all FS available2 -- Multiuser can access the System . All sys daemons are running except NFS3 -- Multiuser operations with NFS & N/W resource available4 -- Reserved5 -- Poweroff6 -- Reboot
# who –r -- Shows current run level..
Boot Sequence
1. Boot PROM phase2. Boot program phase3. Kernel initialization phase4. init phase
/etc/inittab -- id(S3) rstat(3) action(wait) Contains details about init levels
/etc/vfstab /etc/inittab /etc/system -- Important Files
/etc/system -- moddir root device and root FS config exclude forceload set
-- Always make a copy of /etc/system file before you edit the same. In case of problem, issue the interactive boot command: boot –a. When prompting for system file. Enter the path of backup file for /dev/null for a null configuration file.
/etc/init.d -- Directory contains many process or services like volume management
/sbin -- Each run level has an associated rc scripts located in this directory (eg /sbin/rc0)The RC scripts rc0, rc5 & rc6 are hard linked to each other. Run control scripts are located in /etc/init.d directory and these files are hard-linked to corresponding run control sctipts in the .etc.rc#.d directories.
You might also like:
65
Important open boot commands in solaris OBP commands
Boot PROM Commands
Configuring NIS for Jumpstart Procedures
Booting process in solaris 10
Creating New Run Control Scripts
Creating New Run Control Scripts
Create the script in the /etc/init.d directory and create links in the appropriate /etc/rc#.d directory for the run level in which the service is to be started and stop.
# vi /etc/init.d/filename# chmod 744 /etc/init.d/filename# chgrp sys /etc/init.d/filename# cd /etc/init.d# ln filename /etc/rc#.d/S##filename# ln filename /etc/rc#.d/K##filename# /etc/init.d/filename start -- To test the filename
# init 2 -- Switch the run level to 2
# shutdown -- Will moves to maintenance mode# shutdown –y –g300 –i6 “The system is being rebooted” -- Reboots after 300 seconds. Default is 60 sec
# shutdown –i0 (or) i5 (or) –i6
# halt -- Shutdown the system immediately to ok prompt# poweroff -- Equivalent to init5# reboot -- Equivalent to init6 -- These 3
RBAC (Role Based Access Control)
/etc/user_attr -- The extended user attributes database, which associates users and roles with authorizations and right profiles in addition to the /etc/passwd, /etc/group, and /etc/shadow files/etc/security/prof_attr -- The rights profile attributes database, which defines profiles, lists the profile’s assigned authorizations and any nested rights profiles, and identifies the associated help files./etc/security/exec_attr -- The execution attributed database, which defines the privileged commands and scripts assigned to a profile./etc/security/auth_attr -- The authorization attributes database, which defines authorizations and their attributes. This database also identifies the associated help file./etc/security/policy.conf -- File provides system default authorizations for users
The /etc/user_attr Database
user:qualifier(reserved):res1(reserved):res2(reserved):attr
66
attr : An optional list of semicolon separated (;) key value pairs that describe the security attributes to be applied when the user runs commands.type -- Can be normal or role. A role is assumed after the user has logged in.auths -- Specifies a list of authorization chosen from names defined in the auth_attr DBprofiles -- Specifies a list of profile names chosen from the /etc/security/prof_attr DBroles -- Specifies a list of role names defined in the same /etc/user_attr DB. Roles are indicated by setting the type value to role. Roles cannot be assigned to other roles.
sysadmin::::type=role;profiles=Device Management,Filesystem Management,Printer Managementjohndoe::::type=normal;auth=solaris.system.date;roles=sysadmin
The /etc/security/prof_attr Database
profname:res1:res2:desc(description):attr
attr : The security attrinutes to apply to the object upon execution. You can specify zero or more key. The two valid keys are help and auths.
# grep ‘Printer Management’ /etc/security/prof_attrPrinter Management:::manage Printers, daemns, \……………………;auths=solaris.admin.printer.read, \
The Printer Management profile, which is defined in the /etc/security/prof_attr DB, is assigned to the sysadmin role in the /etc/user_attr DB.
The Printer management profile is defined in the prof_attr DB as having all authorizations, beginning with the solaris.admin.printer.string, assigned to it. These authorizations are defined in the /etc/security/auth_attr DB.solaris.admin.printer.read:::view printer information::\
The /etc/security/exec_attr Database
name:policy:type:res1:res2:id:attr
name -- Name of the profilepolicy -- The security policy associated with this entry. The suser (superuser policy model) is the only valid policy entry.type -- The type of entity. Whose attributes are specified. The only valid type is cmdid -- a string identifying the entity. Command should have full path or a path with wildcardattr -- euid and uid | egid and gid
Printer Management:suser:cmd:::/usr/sbin/accept:euid=lp
The /etc/security/auth_attr Database
You can assign authorization directly to users or roles in the /etc/user_attr DB. You can also assign authorizations to rights profiles, which are assigned to roles.
authname:res1:res2:short_desc:long_desc:attr
authname -- A unique character string that identifies the authorization in the prefix.suffix[.] format.
The /etc/security/policy.conf file
67
This file lets you grant specific rights profiles and authorization to all users. Two types of entries in the file areAUTHS_GRANTED=authorizationsPROFS_GRANTED=right_profiles
# cat policy.confAUTHS_GRANTED=solaris.device.cdrwPROFS_GRANTED=Basic Solaris Users
# roleadd –m –d /export/home/tarback –m –c “Privileged tar backup role” –p “Media Backup, Media Restore” tarback-A authorization and -p profile -- Assign authorization and profiles respectively to the role.
# rolemod –A auth1,auth2 –p profile1,profile2 role1
Additional Commands Used to Perform RBAC Functions
auths Displays authorizations for a usermakedbm Makes a dbm filenscd Identifies the name service. Useful for caching the 4 RBAC DB detailspam_roles Identifies the role account management module for password authentication module (PAM)pfexec Identifies the profile shells used to execute commands with attributes specifies in exec_attrpolicy.conf Identifies the config file for the security policy. Lists granted authorizationprofiles Displays profiles for a specified userroles Displays roles granted to a userroleadd Adds a role account to the systemrolemod Modifies the role’s account info in the systemroledel Deletes a role’s account from the system
Example
Profile -- Privilege to profile -- Creating Role -- Role to profile -- Role to user
/etc/security/prof_attr -- Contains profile details
Creating profile in prof_attruadd::Profile for user admininit:::Profile for init process
/etc/security/exec_attr -- Privilege to profileuadd:suser:cmd:::/usr/sbin/useradd:euid=0uadd:suser:cmd:::/usr/sbin/usermod:euid-0init:suser:cmd:::/usr/sbin/init:euid=0init:suser:cmd:::/usr/sbin/shutdown:euid=0
Creating Role# roleadd –d /export/home/role1 –m role1# passwd role1
Role to Profile# rolemod –P uadd,init role1
Adding role to user# usermod –R role1 user1
68
/etc/user_attr -- Details about role & user to role
Login as normal user Switch to role profile & use the privilege command
/etc/security/auth_attr -- Authorization file -- Config file for users & this roles
Disk Slices
Slice 0 -> /
Slice 1-> swap
Slice 2-> Entire Disk
Slice 3-> /home
Slice 4-> /opt
Slice 5-> /usr
Slice 6-> /export/home
/dev – Logical Device Names
/devices – Physical Device Names
/etc/path_to_inst - For each device, the system records its physical and instance name
# prtconf - Shows system information including memory size
# devfsadm -Will search and configure new devices added.
# devfsadm –c disk
# devfsadm –i
# devfsadm –v - To print changes made to the /dev and /devices directory
# devfsadm –c - To invoke cleanup routines that remove unreferenced symbolic links for devices
# format
Format> label -To store partition details.
Format> fdisk -To create partitions
Format> verify - Display partition details
Format> partition -To get into partition menu
Format> save - Saving new disk and partition :/etc/format.dat
Partition> 0 - Change 0 partition
select - Select a predefined table
modify - Modify a predefined partition table
69
name - Name the current table
print - Displays the current table
label - Write partition map and label to the disk
# prtvtoc /dev/rdsk/c1t0d0s2 - To view disk table
# prtvtoc /dev/rdsk/c1d0s2 > /in - To save disk partition details to /in file
# fmthard –s /in /dev/rdsk/c1d0s2 To load partition detail from file to disk
You might also like:
Managing the Solaris OE File System
Mounts & Unmounts
solaris interview questions and answers
Trouble Shooting Interview Question Solaris
Performing File System restores
)How to do see the processor information in solaris 8/9/10
# psrinfo# psrinfo –v :- To see which processors are online and offline.If you have multipl processors.
Creation of user and group in solaris10
From command mode :-
#groupadd -g gid groupname - to create a new group.eg:- groupadd -g 200 newgroup
#more /etc/groupsto check if the group is created
#useradd -u -g -d /export/home/userhomedirectory -m -s /bin/sh username
eg:- useradd -u 200 -g 200 -d /export/home/naveen -m -s /bin/sh naveen.
#passwd naveenenter passwd
#more /etc/passwd#more /etc/shadow-This is used to check the user and passwd entries are available.
GUI MODE :-
Type SMC at command mode
70
#smc - solaris management console
2)Double click user tab
3)Click on the create user option and enter the information
71
4)Enter user id .
5)Enter Password.
72
6)Enter group.
7)Enter Home Directory.
73
8)Enter default Mail server path.
9)Click finish and user is created same way u can also create group.For testing #su - naveen - if you are trying to login from root it will not ask for passwd so use #telnet localhost and enter username and passwd.
74
Thanks & RegardsNaveen
You might also like:
Solaris10-DTrace Containers
Performing User Administration
Monitoring and User permissions
MNC Frequently Asked Questions and Answers
ACL - Access Control List
Performing User Administration
/etc/passwd -- 7 fields loginID:x:UID:GID:comment:home_dir:login_shell
0 - 99 UID -- Reserved system user accounts100 – 60000 -- UID for users range0 -- Root60001 -- Reserved for the nobody account60002 -- Reserved for noaccess account -- To generate error message65534 -- nobody4 The anoynomous user account
/etc/shadow -- 9 fields loginID:password:lastchg:min:max:warn:inactive:expire:reserved/etc/group -- groupname:group-pwd:GID:user-list
/etc/default/passwd -- Set values for the following parameters MAXWEEKS MINWEEKS PASSLENGTH (valid entries are 6,7 & 8) WARNWEEKS
1970 –-> V41986 -- Sun released first OS (sunos1.0)
# useradd –u –g –G GID,GID,.. d /export/home/user300 –m –s /bin/ksh –c “Regular User” user300# passwd user300# useradd –d /export/home/user305 –m user305
75
# useradd user306
# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-l newloginname] loginname# usermod –l –d /export/home/ –m # usermod –u user301 -- Change uid to 905# usermod –s /bin/csh user301
# userdel user301 -- Delete the user account not the home dir# userdel –r user301 -- Delete user id & home dir
# groupadd [-g gid [-o]] groupname# groupadd –g # groupmod [-g gid [-o]] [-n name] groupname# groupmod –n # groupmod –g 400 class -- Change GID to 400 for the group class
# groupdel group1
/etc/profile -- The Bourne, Korn and BASH shells execute this initialization file/etc/.login -- The C shell looks for and executes this initialization file during logon.There are no default global initialization files for the Z or TC shells
Bourne /etc/profile $HOME/.profile /bin/sh /etc/skel/local.profileKorn /etc/profile $HOME/.profile /bin/ksh /etc/skel/local.profile$HOME/.kshrcC /etc/.login $HOME/.cshrc /bin/csh /etc/skel/local.cshrc$HOME/.login /etc/skell/local.login
Setting Environment Variables
Bourne or Korn shell VARIABLE=value; export VARIABLEFor example: PS1=”$HOSTNAME”; export PS1
C setenv variable valueFor example: setenv LPDEST laserprinter
# id user301 -- Shows UID of the user & primary group# id –a user301 -- Shows secondary group details also
# groups user300 -- Shows the users groups
# chown –R :grpname
# pwconv -- To sync passwd and shadow files.
/etc/skel -- Template files get copied once user id is created.
-- By default /etc/skel/.profile file don’t have any content.
Profile Order
/etc/motd file -- Message of the day/etc/profile
76
/$HOME/.profile
You might also like:
Creation of user and group in solaris10
User Administration solaris interview
RBAC (Role Based Access Control)
NIS Interview questions and answers
Monitoring and User permissions
Monitoring su Attempts
/etc/default/su -- File monitoring su login info
CONSOLE VARIABLE# CONSOLE=/dev/console -- Remove the comment (#) symbol. So that root can login remotely by su command.SULOG VARIABLESULOG=/var/adm/sulog -- Specifies the file location of the log file
Controlling System Access
# /etc/default/login file
CONSOLE=/dev/console -- This line should be commented to login as root from remote system
PASSREQ=YES -- Enforces that each user should have password to login
/etc/ftpd/ftpusers -- Lists names of users prohibited from connecting to system through FTP/etc/ftpusers -- Solaris 8
/etc/hosts.equiv & $HOME/.rhosts -- Files to determine if a remote user is allowed to access the local host, with the identity of a local user. This procedure first check /etc/hosts.equiv and then $HOME/.rhostshostnamehostname username+
If a uses local host’s /etc/hosts.equiv file contains the host name ofa a remote host, then all regular users of that remote host are trusted and do not need to supply a password to login to the local host. Wherease the /rhosts file applies to a specific user
/etc/inetd.conf -- File used to control all services
# svcadm disable (or) enable ftp (or) telnet -- in solaris 10
# rsh 140.40.40.151# rcp 140.40.40.151:/test/file1 . -- To copy remote system file to local# rcp $HOME:/file1 140.40.40.151:/tmp -- To copy local files to remote system
# chown user2 file7 -- To change owner of a file# chown –R user2 dir4 -- To change ownership for folder and all its subfolders# chown user3:class file7 -- Changing both the individual and group ownership in one shot
77
# chgrp class file4 -- To change the group ownership of a file or directory
Setuid Permission on Executable Files
When the setuid permission is set on an executable file, a user or process that runs this executable file is granted access based on the owner of the file.# ls –l /usr/bin/su_ rs r_xr_x 1 root sys ………….The setuid permission displays as an “s” in the owners executable field. You should disallow the use of setuid programs or at least restrict their use
# chmod 4555 -- To set setuid permission on a executable.# find / -perm –4000 -- To search for setuid files
Setgid Permission on Executable Files
When the process runs, it runs as if it were a member of the same group in which the file is a member. Also access is granted based on the permission assigned to that group# ls –l /usr/bin/write_ r _ r_sr_x 1 root …………. -- Displays as “s” in the group’s execute field
# chmod 2555 # chmod g+s -- To set setgid for a directory# find / -perm –2000 -- To search for setgid files
Sticky Bit Permission on Public Directories
If the directory permission have the sticky bit set, a file can be deleted only by the owner of the file/directory or the root user.
# ls –ld /tmpdrwxrwxrwt 6 root sys …… -- Displays as “t” in the execute field for other.
# chmod 1777 # find / -type d –perm –1000 -- To search for sticky bit directory
You might also like:
NFS server configuration on solaris 10
Basic Solaris Interview Questions and Answers
Trouble Shooting Interview Question Solaris
Configuring NFS
Configuring System Messaging Configuring System Messaging
The syslog system messaging features track system activities and events. You can manually generate log messages by using the logger command. The syslog function, the syslogd daemon, and input from the /etc/syslog.conf file work together to facilitate system messaging for the solaris 9 OE.
The /etc/syslog.conf file
78
This file consists of two tab-separated fields: selector and action. The selector field has two components, a facility and a level written as facility.level. Facility represent categories of system processes that can generate messages. Levels represent the severity or importance of the message. The action field determines whether to send the message.
*.err /var/adm/messages -- Error messages for all facilities are sent to the /var/adm/messages
Only use tabs as white space in the .etc.syslog.conf file. The Solaris OE accesses the /usr/include/sys/syslog.h file to determine the correct facility.level sequencing order.
Selector Fields (facility) Options
kern Messages generated by the kerneluser Messages generated by user processes and don’t have default priority for messagesdaemon System daemon, such as the in.ftpd and the telnetd daemonauth The authorization system, including the login, su, and ttymon commandssyslog Messages generated internally by the syslogd daemonlpr The line printer spooling system, such as the lpr and lpc commandsnews Files reserved for the USENET network news systemuucp The UNIX to UNIX copy (uucp) system does not use the syslog functioncron The cron and at facilities, including crontab, at, and cronlocal0-7 Fields reserved for local use.mark The time when the message was last saved and produced by the syslogd daemon* All facilities, except the mark facility.
You can use the asterisk (*) to select all facilities (for eg. *.err); however, you cannot use * to select all levels of a facility (for eg. Kern.*)
The levels in descending order of severitySelector Fields (level) OptionsLevel Priority Description
emerg 0 Panic conditions that are normally broadcast to all usersalert 1 Conditions that should be corrected immediatelycrit 2 Warnings about critical conditions, such as hard device errorserr 3 Errors other than hard device errorswarning4 Warning messagesnotice 5 Non-error conditions that might require special handlinginfo 6 Informational messagesdebug 7 Messages that are normally used only when debugging a programnone 8 Messages are not sent from the indicated facility to the selected file
Not all levels of severity are implemented for all facilities in the same way.
Action Field -- The action field defines where to forward the message. This field can have any one of the following entries
/filename The targeted file@host The @sign denoted that messages must be forwarded to a remote host. Messages are forwarded to the syslogd daemon on the remote hostuser1, user2 The user1 and user2 entries receive messages if they are logged in* All logged in users will receive messages
You must restart the syslogd daemon whenever you make any changes to /etc/syslog.conf file# /etc/init.d/syslog stop (or) start# pkill –HUP syslogd
Syslogd started -- It’s starting the M4 Macro Processor -- M4 will read the /etc/syslog.conf file.79
Configuring syslog Messaging
The inetd daemon uses the syslog command to record incoming network connection requests made by using TCP. You can modify the behavior of the inetd daemon to log TCP connections by using the syslogd daemon. The daemon facility and the notice message level are supported by inetd.Use the –t option as an argument to the inetd daemon to enable tracing of TCP services. When you enable the trace option for the inetd daemon, it uses the daemon.notice to log the client’s IP address and TCP port number, and the name of the service. Add the –t option to the entry which activated the inetd daemon in the inetsvc script located in the /etc/init.d directory
# grep inetd /etc/init.d/inetsvc/usr/sbin/inetd –s –t -- You must restart the inetd daemon for the new option to take effect
# grep daemon.notice /etc/syslog.conf*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
Monitoring a syslog File in Real Time
The tail –f command holds the file open so that you can view messages being written to the file by the syslogd daemon.
# tail –f /var/adm/messages -- Press Ctrl+c to exit
Adding One-Line Entries to a System Log File
logger [-i](logs PID) [-f file] [-p priority] [-t tag] [message]
# logger system rebooted -- If the user.notice field is configured in the /etc/syslog.conf file, the message is logged to the file designated for the user.notice selector field
# logger –p user.err system rebooted -- Changing the priority of the messages to user.err route the messages to the /var/adm/messages file as indicated in the /etc/syslog.conf file# logger –i –p2 “crit”
/dev/sysmsg -- Console
You might also like:
NFS server configuration on solaris 10
Trouble Shooting Interview Question Solaris
Configuring NFS
Performing File System Backups
Configuring AutoFS
Managing Software Patches
Solaris9/PatchReport A summary of all patches for the solaris 9 OE release9_Recommended.README Instruction for how to intall the recommended patch.
# showrev –p (or) # patchadd –p -- Will show installed patches
80
-- /var/sadm/patch - Info about all patches that are currently installed.
Patch Name 6 digit number-revision number (117753-01)
# /usr/bin/zcat 105050-01.tar.z | tar xvf -
# cd /var/tmp# patchadd 105050-01 -- Will add patch
-- When you remove a patch, the patchrm command restores all files that were modified or replaced by that patch, unless -- The patch was installed with the patchadd –d option (Which instructs the patchadd command not to save copies of files being updated or replaced)-- The patch is required by the another patch-- The patch has been obsoleted by a later patch
# patchrm 105050-01 -- Will remove patch
Installing Patch Cluster# cd 9_Recommended# ./install_cluster
-- /var/sadm/install_data/Solaris_9_Recommended_log
Managing swap configuration
Virtual Memory = RAM + Disk SpaceSwap Slice | Swap File | RAM } Swap Space
# swap –s -- Summary of virtual swap space# swap –l -- Lists the details of systems physical swap (eg. Swap file)
Adding Swap Space
# vi /etc/vfstab/dev/dsk/c1t0d0s3 - - swap - no -# swap –a /dev/dsk/c1t0d0s3 -- To add swap space from HDD slice.
Adding Swap File
# mkfile 20m /export/data/swapfile -- Swap file allocation# swap –a /export.data.swapfile# swap –l -- To list the details of the modified system swap space# swap –s -- List a summary of the modified system swap space# vi /etc/vfstab/export/data/swapfile - - swap - no -
Removing Swap Space
# swap –d /dev/dsk/c1t0d0s3 -- Also remove entry from vfstab
Removing Swap File
# swap –d /export/data/swapfile# rm /export/data/swapfile -- Also remove entry from vfstab
Describing the Client Server Model
81
inetd -- (Internet Service Daemon) Responsible for On-Demand services eg. Telnetd, ftpd/etc/inetd.conf -- Config file for inetd daemon
To turn-off a service, add a symbol to the beginning of the corresponding to that service in the /etc/inet.conf file, and send a HUP request.# pkill –HUP inetd -- Restarting the inetd services
/etc/inet/services -- Services file/etc/inet/protocols -- Registered protocols are listed here
Network Ports -- Well-known ports & ephemeral (short-lived) portsPort Assignment -- Central Authority (Well-known) & Dynamic Binding (ephemeral)
Central Authority Ports -- 0 – 1024Dynamic Binding -- 1024 – 65000
Starting Services that use a Well-Known Port1. Services that start by default at system boot time (eg. Sendmail)2. Services start on-demand (eg. telnet)
Starting RPC Services1. Services that start by default at system boot time2. Services start on-demand
The rpcbind process (Daemon) associates RPC program numbers with port numbers. /etc/rc2.d/S71rpc script initializes the rpcbind service (port 111)rpcbind - 111 port number - Resposible for rpc services/etc/rpc -- Config file for rpc services
# grep rpcbind /etc/servicessunrpc 111/udp rpcbindsunrpc 111/tcp rpcbind
# rpcinfo –p -- rpcbind informationProg No Version Protocol Port Service Name# rpcinfo –d 1002(Prog No) 1(Version) -- Deleting RPC service registration
Recording Failed Login Attempts
# touch /var/adm/loginlog -- File to log incorrect login. If a user tries to login 5 times (default) with wrong password a entry is created here.# chown root:sys /var/adm/loginlog# chmod 600 /var/adm/loginlog
# /usr/ucb/whoami -- Current login name# who am i -- Login name of the original user
Unix File Permission
r – 4, w – 2, x – 1_rw_ r_ _ r_ _ (644) Default file permissiondrwx r_x r_x (755) Default directory permission
O G O - Permission categories
82
# ls –n /var/admdrwxrwxr_x 5 4 4 512 nov 15 14:55 file1
5 - No of hard link to the file or directory4 – The UID of the owner4 – The GID of the group
512 – Size# Chmod –R 755 - For inherit permission
ln Commands
$ PATH=$PATH:/usr/ccs/bin:/usr/ucb: - It will get appended to the existing path
# ln –s - Creating symbolic link
# ln - Creating hard link
VI Editor
Inserting and Appending Text
a - Append text after the cursorA - Appends text at the end of the linei - Inserts text before the cursorI - Inserts text at the beginning of the lineo - Opens a new line below the cursorO - Opens a new line above the cursor:r Inserts text from another file into the current file
Key Sequence for the VI Editor
n, left arrow or backspace Left one charactersj or down arrow Down one linek or up arrow Up one linel, right arrow or spacebar Right one characterw Forward one wordb Back one worde To the end of the current word$ To the end of the line0 (zero) To the beginning of the line^ To the first non whitespace character on the lineReturn Down to the beginning of the next lineG Goes to the last line of the file1G Goes to the first line of the file:n Goes to the line nnG Goes to the line nCtrl F Pages forward one screenCtrl D Scroll down one half screenCtrl B Pages back one screenCtrl U Scrolls up one half screenCtrl L Refreshes the screen
Editing files using the VI editing commands
83
R Overwrites or replace characters to the right of the cursorC Changes or overwrites characters to the end of the lines Substitute a string for a character at the cursorx Deletes a character at the cursordw Deletes a word or part of the word to the right of the cursordd Dletes the line containing the cursorD Deletes the line from the cursor to the right end of the line:n,nd Deletes the line n through n
Using the Text Changing Commands
u Undoes the previous commandU Undoes all changes to the current line. Repeats the previous command
Search and Replace Command/string Searches forward for the string?string Searches backward for the stringn Searches the next occurrence of the stringN Searches for the previous occurrence of the string:%s/old/new/g Searches for the old string and replace it with the new string globally
Using the text copying and Text Pasting Commands
yy Yanks a copy of a linep Puts yanked or deleted text under the line containing the cursorP Puts yanked or deleted text before the line containing the cursor:n,n co n Copies lines n through n and puts them after line n:n,n m n Moves lines n through n to line n
You might also like:
Trouble Shooting Interview Question Solaris
Solaris Interview Questions collection
NFS server configuration on solaris 10
Configuring System Messaging
NIS Master Server Configurations
Solaris Zone configuration
The SolarisTM Zones facility in the Solaris Operating System provides an isolated environment in which to run applications on your system. Solaris Zones are a component of the Solaris Container environment.
Solaris Containers is Sun's operating system virtualization technique. A Solaris Container is the combination of system resource controls and the boundary separation provided by zones. Zones act as completely isolated virtual servers within a single operating system instance. By consolidating multiple sets of application services onto one system by placing each into isolated virtual server containers, system administrators can reduce cost and provide all the same protections of separate machines on a single machine.
ZFS uses a pooled storage model in which storage capacity is held within an expandable pool called a zpool. Multiple file systems can exist within a zpool and they can share the capacity and IO resources
84
of the pool. This new architectural approach, the storage version of virtual memory, permits easier administration of File systems and enables performance breakthroughs
Containers let you isolate ZFS file systems.
When To use Zones
Zones are ideal for environments that consolidate a number of applications on a single server. The cost and complexity of managing numerous machines make it advantageous to consolidate several applications on larger, more scalable servers.
The following figure shows a system with four zones. Each of the zones apps, users, and work is running a workload unrelated to the workloads of the other zones, in a sample consolidated environment. This example illustrates that different versions of the same application can be run without negative consequences in different zones, to match the consolidation requirements. Each zone can provide a customized set of services.
85
How Zones Work
A non-global zone can be thought of as a box. One or more applications can run in this box without interacting with the rest of the system. Solaris zones isolate software applications or services by using flexible, software-defined boundaries. Applications that are running in the same instance of the Solaris Operating System can then be managed independently of one other. Thus, different versions of the same application can be run in different zones, to match the requirements of your configuration.
A process assigned to a zone can manipulate, monitor, and directly communicate with other processes that are assigned to the same zone. The process cannot perform these functions with processes that are assigned to other zones in the system or with processes that are not assigned to a zone. Processes that are assigned to different zones are only able to communicate through network APIs. The global zone is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administration of the system infrastructure, such as physical devices, routing in a shared-IP zone, or dynamic reconfiguration (DR), is only possible in the global zone. Appropriately privileged processes running in the global zone can access objects associated with other zones.
Unprivileged processes in the global zone might be able to perform operations not allowed to privileged processes in a non-global zone. For example, users in the global zone can view information about every process in the system. If this capability presents a problem for your site, you can restrict access to the global zone.
Each zone, including the global zone, is assigned a zone name. The global zone always has the name global. Each zone is also given a unique numeric identifier, which is assigned by the system when the zone is created.
How to configure a zone.
Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource.
You must be the global administrator in the global zone to perform this procedure.1. Become superuser, or assume the Primary Administrator role
86
• Set up a zone configuration with the zone name you have chosen.
The name my-zone is used in this example procedure.
global# zonecfg -z my-zone
If this is the first time you have configured this zone, you will see the following system message:my-zone: No such zone configuredUse 'create' to begin configuring a new zone.
• Create the new zone configuration.This procedure uses the Sun default settings.
zonecfg:my-zone> create
• Set the zone path, /export/home/my-zone in this procedure.zonecfg:my-zone> set zonepath=/export/home/my-zone
Do not place the zonepath on ZFS for this release.
• Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:my-zone> set autoboot=true
• Set persistent boot arguments for a zone.
zonecfg:my-zone> set bootargs="-m verbose"
• Dedicate one CPU to this zone.
zonecfg:my-zone> add dedicated-cpua. Set the number of CPUs.zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
b. (Optional) Set the importance.zonecfg:my-zone:dedicated-cpu> set importance=10
c. The default is 1.
d. End the specification.
zonecfg:my-zone:dedicated-cpu> end
• Revise the default set of privileges.
zonecfg:my-zone> set limitpriv="default,sys_time"
This line adds the ability to set the system clock to the default set of privileges.
• Set the scheduling class to FSS.
zonecfg:my-zone> set scheduling-class=FSS
• Add a memory cap.
87
zonecfg:my-zone> add capped-memorya. Set the memory cap.zonecfg:my-zone:capped-memory> set physical=50m
b. Set the swap memory cap.zonecfg:my-zone:capped-memory> set swap=100m
c. Set the locked memory cap.zonecfg:my-zone:capped-memory> set locked=30m
d. End the memory cap specification.zonecfg:my-zone:capped-memory> end
• Add a file system.
zonecfg:my-zone> add fsa. Set the mount point for the file system, /usr/local in this procedure.zonecfg:my-zone:fs> set dir=/usr/local
b. Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.zonecfg:my-zone:fs> set special=/opt/local
c. In the non-global zone, the /usr/local file system will be readable and writable.
d. Specify the file system type, lofs in this procedure.zonecfg:my-zone:fs> set type=lofs
e. The type indicates how the kernel interacts with the file system.
f. End the file system specification.zonecfg:my-zone:fs> end
This step can be performed more than once to add more than one file system.
• Add a ZFS dataset named sales in the storage pool tank.zonecfg:my-zone> add dataset
a. Specify the path to the ZFS dataset sales.zonecfg:my-zone> set name=tank/sales
b. End the dataset specification.zonecfg:my-zone> end
• (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.zonecfg:my-zone> add inherit-pkg-dir
a. Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfwb. ________________________________________c. Note – d. The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.e. End the inherit-pkg-dir specification.zonecfg:my-zone:inherit-pkg-dir> end
88
This step can be performed more than once to add more than one shared file system.________________________________________Note – If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:• zonecfg:my-zone> remove inherit-pkg-dir dir=/lib • zonecfg:my-zone> remove inherit-pkg-dir dir=/platform • zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin • zonecfg:my-zone> remove inherit-pkg-dir dir=/usr ________________________________________• (Optional) If you are creating an exclusive-IP zone, set the ip-type.
zonecfg:my-zone> set ip-type=exclusive________________________________________Note – Only the physical device type will be specified in the add net step.________________________________________• Add a network interface.zonecfg:my-zone> add net
a. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.zonecfg:my-zone:net> set address=192.168.0.1
b. Set the physical device type for the network interface, the hme device in this procedure.zonecfg:my-zone:net> set physical=hme0
c. End the specification.zonecfg:my-zone:net> end
This step can be performed more than once to add more than one network interface.
• Add a device.zonecfg:my-zone> add device
a. Set the device match, /dev/sound/* in this procedure.zonecfg:my-zone:device> set match=/dev/sound/*
b. End the device specification.zonecfg:my-zone:device> end
This step can be performed more than once to add more than one device.
• Add a zone-wide resource control by using the property name.zonecfg:my-zone> set max-sem-ids=10485200
This step can be performed more than once to add more than one resource control.
• Add a comment by using the attr resource type.zonecfg:my-zone> add attr
a. Set the name to comment.zonecfg:my-zone:attr> set name=comment
b. Set the type to string.zonecfg:my-zone:attr> set type=string
c. Set the value to a comment that describes the zone.zonecfg:my-zone:attr> set value="This is my work zone."
89
d. End the attr resource type specification.zonecfg:my-zone:attr> end
• Verify the zone configuration for the zone.
zonecfg:my-zone> verify
• Commit the zone configuration for the zone.
zonecfg:my-zone> commit
• Exit the zonecfg command.
zonecfg:my-zone> exit
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.
You might also like:
Solaris Zones configuration and set up
Trouble Shooting Interview Question Solaris
NFS server configuration on solaris 10
Booting process in solaris 10
Important open boot commands in solaris OBP commands
Solaris Zones configuration and set up
Solaris Zones
Features :-
1.Virtualization like VMware2.Solaris Zones can hosts only instances of solaris. Not other Os's3.Limit of 8192 Zones per solaris Host4.Primary Zone(Global) has access to all zones5.non-global zones, do not have access to other non-global zones6.Default non global zones derive oackages from global Zone7.Program Isolation like zone1 for apache zone2 for mysql zone3 for databases.8.Provides 'Z' commands to manage Zones : Zlogin zonecfg zoneadm zonename
Features of Global Zone1.Solaris Always boots(cold/warm) to the global zone.2.Knows about All Hardware devices attach to system3.Knows about all non global Zones
Features of Non-Global Zones.1.Installed at a location on the filesystem of the Global Zone 'Zone root path' /export/home/zones/zones1 {Zone2,Zone3----} this is as root directory for this zones.2.Share Packages with Global Zone.3.Manage distinct hostname and table files. 4.cannot communicate with other non-global zones by default.NIC must be used, which means use standard network API(TCP)5.Global Zone admin can delegatenon-global zone administration
90
Zones Commands example :-
#which zonename - to check if you os has zonename commands/usr/bin/zonename
#zonename - by default will show global zonename.global
#z - "z' commands
Zone Configuration.
#zonecfg - to configure zones
note - zonecfg can run interactively , non -interactively, command-file modes
Requirements for non-global zones;
1.Hostname of2.Zone root path ie /export/home/zones/testzone13.IP Adress - bound to logical or physical interfaces.
Zones Types:-
1.sparse Root Zones - share key fileswith global zones.2.Whole Root Zones - require more storage
#df -k and select a slice which has more space lets example /export/home has 5GB
Steps for Configuring non-global-zone:
1.mkdir /export/home/zones/testzone12.chmod 700 /export/home/zones/testzone1 - for user restriction of global zone users.3.ls -ltr /export/homes/zones
4#zonecfg -z testzone1no such zone configured create one This error will pop when you first create a zone>create - to create a zone>set zonepath=/export/home/zones/testzone1 - This is the Root path for zone>add net >set address=192.168.1.0 - ip address>set physocal=el000g0 - physical name of network card check with 'ifconfig -a'> - If you are ready with you parameters press end before you can exit>info- to see what we have set>set autoboot=true - test zone will started automatically when system start>info>add attr - to add some extra parametersattr>set name=commnetattr>set type=stringattr>value =TestZone1>end>verify - verify if any error check the parameter again.>commit - commit changes>exit.
#list -iv - to list zones
#zoneadmin -z testzone1 install
91
Zone testzone1 in to installed in not ready for production so we have to get it in ready state now
#zoneadm list -iv - still u can see testzone1 has not got any id assigned like global one so now
#zoneadm -z testzone1 boot - boots the zone , changing its state from installed to ready
Simple is we are restarting the Testzone1
#zoneadm list -iv - now you can see an id is assigned and status is running.
#ps -ef | grep zzoneadmd -z testzone1 - this process is responsible for this zone to run.
zlogin - is used to login to zonesNote - each non - global maintain a console, use 'zlogin -C testzone1' to acces that zone.
Note - zlogin permits login to non - global zone via the following messages1.Interactive - i.e zlogin -l username zonename2.Non -Interactive - zlogin options command3.Console Mode - zlogin -C zonename4.Safe Mode - zlogin -S
#zoneadm list -iv
#zlogin -C testzone1 select a laguage - 0 EnglishVt100 - terminaltestzone1 press F2Configure Kerbose - yesname service - nis
Enter from this procure its same like installation of solaris so specify all details as required.like dns names, nis services location places etc etc
#enter with root user and passwd#zonenametestzone1
#zoneadm list -iv - shows all zones global and non - global
# once u r in testzone1 check /etc/passwd file u can see the system user but not users of the main system
#netstat -anp tcp
#Zoneadm -z testzone1 reboot - reboots the zone
#zlogin testzone1 shutdown - to shutdown the zone
Once Zones are created you can ssh or telnet from remote machine to connect that zone
You might also like:
Solaris Zone configuration
Solaris Zones configuration Video
92
Solaris Zones Installation Video
Trouble Shooting Interview Question Solaris
Managing Crash Dumps & Core Files
Basic Solaris Interview Questions and Answers
1) What files control user administration? A) /etc/passwd file: 7 Fields: loginid:x:userid:groupid:comment:homedir:shell/etc/shadow: 9 Fields: loginid:password:lastchng:min:max:warn:inactive:expire/etc/group : 4 Fields : groupname:password:groupid:username list)
2) What does the “pwconv” command do?A) It updates the /etc/shadow file with information from /etc/passwd file.
3) Where are the failed login attemps to system logged?A) /var/adm/loginlog (We need to create this file as it does not exist by default)
4) Which command shows the users currently logged in to system?A) who ( It reads the information from /var/adm/utmpx file)
5) Which command will show detailed information about a user?A) finger –m
6) Which command displays all login and logouts?A) last (It reads the information from /var/adm/wtmpx file)
7) What is the “StickyBit” file permission?A) Sticky Bit permission protects the file within a public writable directory.File set with sticky bit will not allow any user to delete the file except the Owner of file, owner of the group or the root user.
8) How is ACL (Access Control Lists) implemented?A) 8.1) “getfacl”command : To display an ACL on file.Syntax : getfacl
8.2) setfacl command : To set the ACL on fileSyntax : setfacl
8.3) setfacl –m command : To modify ACL entriesSyntax : setfacl –m
8.4) setfacl –s command : Remove old ACL entries and replace with new one.Syntax : setfacl –s
8.5) setfacl –d command : Delete ACL entrySyntax : setfacl –d
9) Imp “root(/)” subdirectories and their purpose :9.1) / : Root of overall file system.9.2) /bin : Symbolic link to /usr/bin. Stores standard system commands and binary files.9.3) /dev : Primary location for “logical” device names9.4) /devices : Primary location for “physical” device names9.5) /etc : Contains host specific system admin config files9.6) /export : Default directory for commonly shared filesystems.9.7) /home : Default directory / mount point for user’s home directory9.8) /kernel : Directory of platform independent loadable kernel file9.9) /mnt : Temporary mount point for file systems9.10) /opt : Default directory for add on packages9.11) /sbin : Executables used in booting process and file recovery
93
9.12) /tmp : Temporary files9.13) /usr : Mount point for /usr file system9.14) /var : Directory for varying files, temporary logging or status files
10) What are the different disk slices?
Slice Name Function0 / Root’s system files1 swap Swap area2 Entire Disk5 /opt Optional Software6 /usr System Exe’s7 /export/home User’s file and directories
You might also like:
ACL - Access Control List
Monitoring and User permissions
NFS server configuration on solaris 10
Trouble Shooting Interview Question Solaris
MNC Frequently Asked Questions and Answers
ACL - Access Control List
ACLentry-type:[UID or GID]:perm
Introducing ACL Commands
getfacl [-a] [-d] filename(s) -- Displays ACL entries for files-a -- Displays the filename, file owner, file group, and ACL entries for the specified file-d -- Displays the filename, file owner, file group, and default ACL entriessetfacl –m acl_entries filename -- Creats or modify ACL entries on filessetfacl –s acl_entries filename -- Substitute new ACL entries for old ACL entriessetfacl –d acl_entries filename -- Deletes one or more ACL entries on filessetfacl –f acl_file filename -- Specifies an ACL configuration file that contain ACL entries to set on other filessetfacl –r filename -- Recalculate the ACL mask baed on the ACL entries. When used with –m or –s option$ ls –l_rw_r__r__+ 1 userc staf 0 Jan 2 13:40 file2 -- A plus sign appears for files contains ACL permission
There are no effective permission listed for a file’s owner or “others’ users. However, the file’s group and any other specific users or groups present in the ACL list have effective permissions. When no ACL mask is specifically set o a file or directory, the ACL mask has the same permissions as the group permissions for that file or directory.
$ getfacl file1 -- No ACL entries presentfile : file1owner : usercgroup : sysadminuser::rw_group::r__ # effective:r__mask:r__other:r__
94
$ getfacl file2 -- Custom ACLentry presentfile : file2owner : usercgroup : sysadminuser::rw_user::usera:rwx # effective:r__group::r__ # effective:r__mask:r__other:r__
The effective permission shows which permissions are allowed. When you compute the intersection (a Boolean logical AND operation) of the ACL entry and the ACL mask.
$ setfacl –m u:userb:7 file2 -- Set special permission to userb(username)$ getfacl file2file : file2owner : usercgroup : sysadminuser::rw_user::usera:rwx # effective:r__user:userb:rwx # effective:r__group::r__ # effective:r__mask:r__other:r__
$ setfacl –d u:usera file2 -- Removing special permissions$ getfacl file2file : file2owner : usercgroup : sysadminuser::rw_user:userb:rwx # effective:r__group::r__ # effective:r__mask:r__other:r__
setfacl –s u::perm,g::perm,o:perm,m:perm,[u:UID:perm],[g:GID:perm] filename$ setfacl –s u::rwx,g::rw_,o:r__,m:rw_,u:usera:rwx file1$ getfacl file1file : file1owner : usercgroup : sysadminuser::rwxuser:usera:rwx # effective:rw_group::rw_ # effective:rw_mask:rw_other:r__
$ setfacl –s u::7,g::6,0:4,m:6,u:usera:7 file2
$ setfacl –r –m u:usera:7 file1 -- Change the umask value as well as to the user(Recalculating an ACL mask)$ getfacl file1file : file1owner : usercgroup : sysadminuser::rwxuser:usera:rwx # effective:rwx
95
group::rw_ mask:rwxother:r__
getfacl filename1 | setfacl –f – filename2$ getfacl file1 | setfacl –f – file3 -- Copying an ACL List
You can set default ACL entries only on directories. You must set default ACL entries for the user, group, other, and ACL mask before you set a default ACL entry for an additional user of group.
$ pwd/export/home/userc$ mkdir dir1drwxr_xr_x 2 userc sysadmin 512 Apr 29 17:11 dir1$ getfacl dir1# file:dir1# owner:userc# group:sysadminuser::rwxgroup::r_x # effective:r_xmask:r_xother:r_x
$ setfacl –m d:u::rwx,d:g::r_x,d:o:r_x,d:m:r_x dir1$ setfacl –m default:user:usera:rwx dir1$ getfacl dir1# file:dir1# owner:userc# group:sysadminuser::rwxgroup::r_x # effective:r_xmask:r_xother:r_xdefault:user:rwxdefault:user:usera:rwxdefault:group:r_xdefault:mask:r_xdefault:other:r_x
Effect of Default ACLs on New Subdirectories
When a directory contains a default ACL, the permissions granted to the user, group, and other categories for the directory represent the intersection of mode 777, which is the UNIX default for directories without umask influence.
When a subdirectory/file created, the permissions on the newly created subdirectory/file are generated according to the intersection between the default ACL entries and the permissions set initially during creation.
$ mkdir dir1/subdir1$ ls –l dir1drwxr_xr_x+ 2 userc sysadmin 512 Apr 30 08:01 subdir1$ getfacl dir1/subdir1$ getfacl dir1/subdir1# file:dir1/subdir1# owner:userc# group:sysadminuser::rwxgroup::r_x # effective:r_x
96
mask:r_xother:r_xdefault:user:rwxdefault:user:usera:rwxdefault:group:r_xdefault:mask:r_xdefault:other:r_x
If default ACL entries changed for the dir1 it won’t affect the ACL of dir1/subdir1. But if we create new subdirectory the new ACL of the dir1 will get inherited.
$ setfacl –m d:group::rwx,d:group::rws,d:other:rwx,d:mask:rwx dir1$ mkdir dir1/subdir2$ getfacl dir1/subdir2user::rwxgroup::rwx # effective:rwxmask:rwxother:rwxdefault:user::rwxdefault:user:usera:rwxdefault:group::rwxdefault:mask:rwxdefault:other:rwx$ cd dir1/subdir2$ touch filea$ ls –l_rw_rw_rw_+ 1 userc sysadmin 0 Apr 30 13:34 filea$ getfacl fileauser::rw_user:usera:rwx # effective:rw_group::rw_ # effective:rw_mask:rw_other:rw_
The permission granted to the user, group, and other categories for filea represents the intersection of mode 666(default for files without umask influence) with the default entries associated with the directory are set to rwx, the example of intersection is clear.
The mask value doesn’t exceed the permissions assigned to the group. Eventhough the /dir1/subdir2 directory lists rwx as the default mask value inherit only upto rw_. The entry for usera was applied as a standard ACL entry and not as a default entry, because only directory replicate default entries.
97