Escolar Documentos
Profissional Documentos
Cultura Documentos
QUICK REFERENCE
SOLARIS
# uname a Gives all details about the system
# uname m Displays H/W platform (sun4u)
# uname p Machine processor architecture (sparc or i386)
# uname i Machine model architecture (SUNW, Ultra 5_10)
# uname X Detailed description
# mkdir p /data/dir Creates directory and sub directory in one shot
# rmdir r /data Deletes the directory and all its subdirectory and files
# cp r /data /data1 It copies the directory
# echo $MANPATH
: /usr/local/samba/man:
# echo $PATH Shows environmental path
/usr/sbin:/usr/bin
Grep Command Options
-i
-l
-n
-v
-w
# find /kris name file1 Searches for file file1 in /kris directory
# find /kris name file1 exec ls l {} \; Search and display
# find /kris type f size 0 exec ls l {} \; Search for the file with size 0
# find /kris user user1 Shows file used by user user1
$ PATH=$PATH:/usr/ccs/bin:/usr/ucb: It will get appended to the existing path
# ln s <source filename> <destination filename> Creating symbolic link
# ln <source filename> <destination filename> Creating hard link
Unix File Permission
r 4, w 2, x 1
_rw_ r_ _ r_ _ (644) Default file permission
drwx r_x r_x (755) Default directory permission
O G O Permission categories
# ls n /var/adm
drwxrwxr_x 5 4 4
VI Editor
Inserting and Appending Text
a
A
i
I
o
O
:r <filename>
File Archives
# tar cvf bkp.tar file1 file2 Will archive file1 & file2
# tar tvf bkp.tar Shows the table of content
# tar xvf bkp.tar It extracts file from the tar archive
# tar cf - * | (cd /folder2 ; tar xvf -)
/etc/cron.d
/etc/inet
/etc/lp
/etc/rc#.d
/usr/bin
Standard system command
/usr/sbin System administration commands
/usr/kernel Platform independent lodable kernel module
devfsadm Solaris 8 & 9
drvconfig Solaris 2.x through 2.7
1 swap
2 Entire Disk
5 /opt
6 /usr
7 /export/home
/etc/path_to_inst For each device, the system records its physical and instance name
# prtconf Shows system information including memory size
# devfsadm Will search and configure new devices added.
# devfsadm c disk
# devfsadm i <driver name>
# devfsadm v To print changes made to the /dev and /devices directory
# devfsadm C To invoke cleanup routines that remove unreferenced symbolic links for
devices
# format
Format> label To store partition details.
Format> fdisk To create partitions
# fsck y /dev/rdsk/c0t0d0s7 It answers that to all questions we said yes with y option
# newfs N /dev/rdsk/c0t0d0s7 To view the locations of alternative backup superblocks
# fsck o b=32 /dev/rdsk/c0t0d0s7 Will retrieve the corrupted partition.
# dd if=/dev/zero of=/dev/rdsk/c0d0s7 bs=512 count=32 It will corrupt the partition
# df Shows disk detail in blocks
# df k (in KB)
# df h Displays disk allocation in MB & GB
# df e Points only the number of files free
# du k Displays disk use in KB
# du s Displays only the summary in 512 bytes blocks. Using the s and k options
together shows summary in KB
# du h /opt Shows the disk usage by the directory
# quot a Reports on all mounted file systems
# quot f Include the number of files
# quot h /export/home Shows disk usage userwise in the particular directory
Module 5 Installation
Solaris 9 OE Installation and Upgrade options
Solaris suninstall program
Solaris Web Start Installation software
Custom Jumpstart procedure
Solaris Web Start Flash Installation
Standard upgrade
Solaris Live Upgrade method
# grep METACLUSTER /var/sadm/system/admin/.clustertoc To know cluster types
ok
ok
ok
ok
ok printenv auto-boot?
auto-boot?=false
ok printenv boot-device To know the variable details
boot-device=disk
ok setenv auto-boot? True To change value to true for auto-boot? variable
auto-boot?=true
ok printenv diag-switch?
Diag-switch?=false
ok setenv diag-switch? True
ok set-defaults Reset all settings to factory default
ok setenv boot-device disk cdrom net
ok set-default boot-device Will reset the default value of boot-device variable
ok power-off Will switch off the system immediately
Inside OS
# eeprom Equivalent to printenv
# eeprom auto-boot
Auto-boot?=true
# eeprom auto-boot?=false
# eeprom diag-switch?=true
ok mode
Solaris OE single user mode with critical FS mounted
Single user administrative state with access to all FS available
Multiuser can access the system . All sys daemons are running except NFS
Multiuser operations with NFS & N/W resource available
Reserved
Poweroff
Reboot
# usermod [-u uid [-o]] [-g gid] [-G gid] [-d dir] [-m] [-s shell] [-c comment] [-l
newloginname] loginname
# usermod l <new user name> d /export/home/<new user name> m <old user>
# usermod u <UID> user301 Change uid to 905
# usermod s /bin/csh user301
# userdel user301 Delete the user account not the home dir
# userdel r user301 Delete user id & home dir
# groupadd [-g gid [-o]] groupname
# groupadd g <GID> <groupname>
# groupmod [-g gid [-o]] [-n name] groupname
# groupmod n <newgrpname> <oldgrpname>
# groupmod g 400 class Change GID to 400 for the group class
# groupdel group1
/etc/profile The Bourne, Korn and BASH shells execute this initialization file
/etc/.login The C shell looks for and executes this initialization file during logon.
There are no default global initialization files for the Z or TC shells
Bourne /etc/profile $HOME/.profile /bin/sh
Korn
/etc/profile $HOME/.profile /bin/ksh
$HOME/.kshrc
C
/etc/.login $HOME/.cshrc /bin/csh
$HOME/.login
/etc/skel/local.profile
/etc/skel/local.profile
/etc/skel/local.cshrc
/etc/skell/local.login
/etc/profile
/$HOME/.profile
If the directory permission have the sticky bit set, a file can be deleted only by the owner of
the file/directory or the root user.
# ls ld /tmp
drwxrwxrwt 6 root sys Displays as t in the execute field for other.
# chmod 1777 <public_directory>
# find / -type d perm 1000 To search for sticky bit directory
SIGHUP
Hnagup
2
9
15
SIGNT
SIGKILL
SIGTERM
Interrupt
Kill
Terminate
Kill forcibly
Kill properly
/etc/cron.d/cron.allow Users in this file will allow access to use crontab command
If we type only crontab as the command. It will go to process so if we press Ctrl+c then it
wont save the file but existing data will be present. When we press Ctrl+D then all the
content will get deleted.
# crontab /root_cron To use a backup file for cron jobs.
# /etc/init.d/cron stop (or) start
# /var/spool/cron/crontabs Directory where users crontab schedule files are getting
stored.
# /var/spool/cron/atjobs Directory where AT jobs get saved
# svcadm enable (or) disable cron
Th
6
6
6
F
2
2
2
/etc/dumpdates Each line shows the FS that was backed up and the level of the last
backup. Also shows the date, and the time of the backup
(eg) /dev/rdsk/c0t2d0s6 0 fri jan 4 19:12:27 2005
When an incremental backup is performed the ufsdump command consults the
/etc/dumpdates file. It looks for the date of the next lower level backup. Then the ufsdump
command copies to the backup media all of the files that were modified or added since the
date of that lower-level backup. When the backup is complete, the /etc/dumpdates file records
a new entry that describes this backup. The new entry replaces the entry for the previous
backup at that level
Options for the ufsdump command
0.9
Backup levels
v
Verify, After the tape is written for any discrepancies occur
s
Size estimate
l
Autoload, you use this option with an autoloading tape drive
o
Offline, When the backup is complete. Takes offline, rewinds, and if possible eject
u
Updates the /etc/dumpdates file
n
Notify. Sends messages to the logged-in users terminals who are member of sys group
f device Specify the device
Tape Backup
Become root user, switch to single user mode, and unmount the FS
# /usr/sbin/shutdown y g300 System is being shutdown for backup
# umount /export/home
# fsck /dev/rdsk/c0t0d0s7
# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t0d0s7
Remote Backups
To perform remote backups across the network, the system with tape drive must have an
entry in its /.rhosts file for every system that uses the tape drive
# ufsdump 0uf host2:/dev/rmt/0 /export/home
Module 16 Performing File System restores
The ufsrestore command copies files to the disk, relative to the current working directory
from backup tapes that were created by the ufsdump command.
Options for the ufsrestore Command
t
Lists the table of the backup media
r
Restores the entire FS from the backup media
x file1 file2 Restores only the files named on the command line
i
Invokes an interactive restore
v
Specifies verbose mode. Displays details of the restore operation on the screen
f device
Specifies the tape drive name
restoresymtable System creates this file when you restore an entire FS. The ufsrestore
command uses this file for check=printing or passing information between incremental
restores. You can remove this file when the restore is complete.
Restoring the /opt FS
# newfs /dev/rdsk/c0t0d0s5
# mount /dev/dsk/c0t0d0s5 /opt
# cd /opt
# ufsrestore rf /dev/rmt/0
# rm restoresymtable
# cd /
# umount /opt
# fsck /dev/rdsk/c0t0d0s5
ufsrestore> quit
Move/copy the restored files to their original or permanent directory and delete from the temp
directory
Performing an Incremental Restore
Always start with the last volume and towards the first. The system uses info in the
restoresymtable file to restore incremental backups on top of the latest full backup.
# more /etc/dumpdates | grep c0t0d0s7
# newfs /dev/rdsk/c0t0d0s7
# mount /dev/dsk/c0t0d0s7 /export/home
# cd /export/home
# ufsrestore rvf /dev/rmt/0
Load the next lower level tape into the tape drive and issue the following command
# ufsrestore rvf /dev/rmt/0
Alternate Steps (5 & 6)
# ufsrestore iv /dev/rmt/0
ufsrestore> ls
ufsrestore> add *
ufsrestore> extract
ufsrestore> q
Load the next tape and perform the below operation
# ufsrestore iv
ufsrestore> ls
ufsrestore> add*
ufsrestore> extract
ufsrestore> q
Module 17 Backup up a Mounted FS with a UFS Snapshot
/usr/sbin/fssnap F FsType V o special-options(s) mount-point | special
Options for the fssnap command
-d
Deletes the snapshots associated with the given FS. If o unlink option was used
when you built the snapshot, the backing store file is deleted together otherwise it has
to be deleted manually
-F FsType
Specifies the FS type to be used
-i
Displays the state of an FSType snapshot
-v
Echos the complete command line, but does not execute the command
-o
Enables you to use special options. Such as the location & size of bs file
# fssnap F ufs o bs=backing_store_path /file_system
# fssnap F ufs o bs=/var/tmp /export/home
/dev/fssnap/0
backing store file The snapshot subsystem saves FS data in this file. The fssnap
command creates the backing-store file and two read-only virtual devices. The block virtual
device, /dev/fssnap/0, can be mounted as a read-only FS. The raw virtual device,
/dev/rfssnap/0.
You can limit the size of the backing-store file by using the o maxsize=n option.
If the backing-store file runs out of disk space, the system automatically deleted the ufs
snapshot.
# fssnap F ufs o bs=/var/tmp,maxsize=500m /export/home
# fssnap i Displays a list of all the current UFS snapshots on the system
0
/export/home
1
/usr
2
/database
# /usr/lib/fs/ufs/fssnap i /export/home Shows the details for the /export/home snapshot
Performing a backup of a UFS Snapshot
# mkdir p /backups/home.bkp Creating an empty directory
# mount F ufs o ro /dev/fssnap/0 /backups/home.bkp Mounting the block virtual
device
# cd /backups/home.bkp
# tar cvf /dev/rmt/0
(or)
# ufsdump 0uf /dev/rmt/0 /dev/rfssnap/0
# ufsrestore tf /dev/rmt/0 To verify
# fssnap -d /export/home
# rm /backing_store_file
sys41
Modifies the dump config so it does not run the savecore command automatically on
reboot
-u
Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf
-y
Modifies the dump config so that the savecore command is run automatically on
reboot. This is default
-c content-type
The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currently
executing process
-d dump-device
The dump device cab be an absolute path of swap
-m mink | minm | min% Creates a minfree file in the current savecore-dir
-r root-dir
PID
EUID
EGID
Executable file name
System node name (uname n)
%m
%t
%%
# cat /etc/dfs/dfstab
share F nfs o ro /export/sys44_data
# cat /etc/dfs/sharetab
/export/sys44_data # cat /etc/dfs/fstypes
nfs NFS Utilities
autofs AUTOFS Utilities
nfs
ro
Handles FS mount requests from remote systems, and provides access control
Handles client FS requests
Works with the lockd daemon to provide crash recovery functions for the lock
manager
Supports record locking operations on NFS files
Provides operational logging
access-list=@network
access-list=.domain
access-list=netgroup_name
anon=n
ro
To easily identify the log files for different shared resources, place them in separate dir. For
eg.
# cat /etc/nfs/nfslog.conf
global defaultdir=/var/nfs \
log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
public defaultdir=/var/nfs/public \
log=nfslog fhtable=fhtable buffer=nfslog-workbuffer
Create the /var/nfs/public directory before starting NFS server logging
Specify a tag by entering the tag to use with the log=taq option in the /etc/dfs/dfstab file. Use
the log option without specifying a taq, which mean use the default global tag
share F nfs o ro,log /export/sys44_date
/etc/default/nfslogd The config info file controls the logging behavior of the nfslogd
daemon.
The auto_master map associates a directory, also called a mount point, with a
map.
Direct Map Lists the mount points as absolute path names. This map explicitly indicates
the mount point on the client.
Indirect Map Lists the mount points as relative path names. This map uses a relative path to
establish the mount point on the client.
Special
Provides access to NFS servers by using their host names
# cat /etc/auto_master
+auto_master
/net
-hosts
/home
auto_home
/xfn
-xfn
-nosuid,nobrowse
-nobrowse
Syntax
Mount point map name(direct or indirect map)
mount options(similar to standard mount
options. But nobrowse option is an AutoFS specific mount option
The plus(+) symbol at th beginning of the +auto_maser line directs the automountd daemon
to look at the NIS, NIS+, or LDAP databases before it reads the rest of the map. If this line is
commented out, only the local files are searched unless the /etc/nsswitch.conf file specifies
that NIS, NIS+, or LDAP should be searched.
The two mount points for special maps are hosts map & -xfn map
The hosts map Provide access to all resources shared by NFS servers. The resources being
shared by a server are mounted below the /net/hostname directory, or if only the servers IP
address is known below the /net/IPaddress directory. The server doesnt have to be listed in
the hosts database for this mechanism to work.
The xfn map Provides access to resources available through the Federated Naming Service
(FNS). Resources associated with FNS mount below the /xfn directory
Direct Map
# cat /etc/auto_master
.
.
/auto_direct
-ro
The /- mount point is a pointer that informs the automount facility that the full path names are
defined in the file specified by map-name(the /etc/auto_direct file in this example)
# cat /etc/auto_direct
# Super User created direct map for automounter
/apps/frame
-ro,soft
server1:/export/framemaker
/opt/local
-ro,soft
server2:/export/unbundled
/usr/share/man
-ro,soft
server3,server4:/usr/share/man
Indirect Map
The /home entry defines a mount point for an indirect map. The map auto_home list relative
path names only. The Solaris 2.6 through Solaris 9 OE support browsing of indirect maps and
special maps with the browse option. The nobrowse option disables the browsing of
indirect maps. The default option is browse
# cat /etc/auto_home
+auto_home
steven
hosts5:/export/home/steven
mary
mars:/export/home/marry
Reducing the auto_home map to a single line
* server1:/export/home/&
The client remotely mont the /export/home/loginID directory from the NFS server server1
onto the local mount point /home/loginID. Wildcard character(*) to match any key. The
substitution character (&) at the end of the location is replaced with the matched key field.
Run the automount command when making changes to the master map or creating a direct
map to make the changes effective. You do not have to stop and restart the automountd
daemon after making changes to existing entries in a direct map.
Automount [-t duration] [-v]
-t Specifies a time in seconds, the FS remains mounted when not in use. Default is 600 sec.
When to run the automount command
Automount Map
Run if entry is added/deleted
Master map
yes
Direct map
yes
Indirect map
no
# cat /etc/mnttab
-hosts /net autofs indirect,nosuid,ignore,nobrowse dev=4300001|1008255810
auto_home .
-xfn
.
# /etc/init.d/autofs start (or) stop
ufs
no
The metaroot command also updates the /etc/system file to contain the forceload statement
that loads the kernel modules that support the logical volumes.
# tail /etc/system
forceload : misc/md_hotspares
forceload : misc/md_sp
forceload : misc/md_stripe
forceload : misc/md_mirro
forceload : drv/pcipsy
.
.
.
rootdev:/pseudo /md@0.10.blk
You must reboot the system before attaching the secondary submirror
# init 6
# metattach d10 d1
d10: Submirror d1 is attached
# ls l /dev/dsk/c0t1d0s0
Record the path that follows the /devices directory: /pci@if,0/pci@1/scsi@4......................
ok nvalias backup_root /pci@if,0/pci@1/scsi@4,1/disk@2,0:b
ok printenv boot-device
boot-device=disk net
ok setenv boot-device disk backup_root net
boot-device=disk backup_root net
ok boot backup_root To test the secondary submirror
Unmirroring the Root (/) File System
# metastat d10 To verify that status of the mirror
# metadetach d10 d1 To make a one-way mirror
d10: submirror d1 is detached
# metaroot /dev/dsk/c0t0d0s0 To change entries in /etc/vfstab and /etc/system
# init 6
# metaclear r d10 To clear the mirror and submirror. The r deletes metadevices
d10: Mirror is cleared
d0: Concat/Stripe is cleared
# metaclear d1
d1: Concat/Stripe is cleared
Module - 10 ACL
entry-type:[UID or GID]:perm
mask:r__
other:r__
$ setfacl d u:usera file2 Removing special permissions
$ getfacl file2
file
: file2
owner : userc
group : sysadmin
user::rw_
user:userb:rwx
# effective:r__
group::r__
# effective:r__
mask:r__
other:r__
setfacl s u::perm,g::perm,o:perm,m:perm,[u:UID:perm],[g:GID:perm] filename
$ setfacl s u::rwx,g::rw_,o:r__,m:rw_,u:usera:rwx file1
$ getfacl file1
file
: file1
owner : userc
group : sysadmin
user::rwx
user:usera:rwx
# effective:rw_
group::rw_
# effective:rw_
mask:rw_
other:r__
$ setfacl s u::7,g::6,0:4,m:6,u:usera:7 file2
$ setfacl r m u:usera:7 file1 Change the umask value as well as to the
user(Recalculating an ACL mask)
$ getfacl file1
file
: file1
owner : userc
group : sysadmin
user::rwx
user:usera:rwx
# effective:rwx
group::rw_
mask:rwx
other:r__
getfacl filename1 | setfacl f filename2
$ getfacl file1 | setfacl f file3 Copying an ACL List
You can set default ACL entries only on directories. You must set default ACL entries for the
user, group, other, and ACL mask before you set a default ACL entry for an additional user of
group.
$ pwd
/export/home/userc
$ mkdir dir1
drwxr_xr_x 2 userc sysadmin 512 Apr 29 17:11 dir1
$ getfacl dir1
# file:dir1
# owner:userc
# group:sysadmin
user::rwx
group::r_x
mask:r_x
other:r_x
# effective:r_x
user::rwx
group::rwx # effective:rwx
mask:rwx
other:rwx
default:user::rwx
default:user:usera:rwx
default:group::rwx
default:mask:rwx
default:other:rwx
$ cd dir1/subdir2
$ touch filea
$ ls l
_rw_rw_rw_+ 1 userc sysadmin 0 Apr 30 13:34 filea
$ getfacl filea
user::rw_
user:usera:rwx
# effective:rw_
group::rw_
# effective:rw_
mask:rw_
other:rw_
The permission granted to the user, group, and other categories for filea represents the
intersection of mode 666(default for files without umask influence) with the default entries
associated with the directory are set to rwx, the example of intersection is clear.
The mask value doesnt exceed the permissions assigned to the group. Eventhough the
/dir1/subdir2 directory lists rwx as the default mask value inherit only upto rw_. The entry for
usera was applied as a standard ACL entry and not as a default entry, because only directory
replicate default entries.
policy.conf
profiles
roles
roleadd
rolemod
roledel
in exec_attr
Identifies the config file for the security policy. Lists granted authorization
Displays profiles for a specified user
Displays roles granted to a user
Adds a role account to the system
Modifies the roles account info in the system
Deletes a roles account from the system
Example
Profile Privilege to Profile Role Profile to Role Role to User
system processes that can generate messages. Levels represent the severity or importance of
the message. The action field determines whether to send the message.
*.err /var/adm/messages Error messages for all facilities are sent to the /var/adm/messages
Only use tabs as white space in the .etc/syslog.conf file. The Solaris OE accesses the
/usr/include/sys/syslog.h file to determine the correct facility.level sequencing order.
Selector Fields (facility) Options
kern Messages generated by the kernel
user Messages generated by user processes and dont have default priority for messages
daemon System daemon, such as the in.ftpd and the telnetd daemon
auth The authorization system, including the login, su, and ttymon commands
syslog Messages generated internally by the syslogd daemon
lpr
The line printer spooling system, such as the lpr and lpc commands
news Files reserved for the USENET network news system
uucp The UNIX to UNIX copy (uucp) system does not use the syslog function
cron The cron and at facilities, including crontab, at, and cron
local0-7 Fields reserved for local use.
mark The time when the message was last saved and produced by the syslogd daemon
*
All facilities, except the mark facility.
You can use the asterisk (*) to select all facilities (for eg. *.err); however, you cannot use * to
select all levels of a facility (for eg. Kern.*)
The levels in descending order of severity
Selector Fields (level) Options
Level Priority
Description
emerg 0
alert 1
crit
2
err
3
warning4
notice 5
info 6
debug 7
none 8
Not all levels of severity are implemented for all facilities in the same way.
Action Field The action field defines where to forward the message. This field can have
any one of the following entries
/filename
@host
user1, user2
*
You must restart the syslogd daemon whenever you make any changes to /etc/syslog.conf file
# /etc/init.d/syslog stop (or) start
# pkill HUP syslogd
Syslogd started Its starting the M4 Macro Processor M4 will read the
/etc/syslog.conf file.
Configuring syslog Messaging
The inetd daemon uses the syslog command to record incoming network connection requests
made by using TCP. You can modify the behavior of the inetd daemon to log TCP
connections by using the syslogd daemon. The daemon facility and the notice message level
are supported by inetd.
Use the t option as an argument to the inetd daemon to enable tracing of TCP services.
When you enable the trace option for the inetd daemon, it uses the daemon.notice to log the
clients IP address and TCP port number, and the name of the service. Add the t option to the
entry which activated the inetd daemon in the inetsvc script located in the /etc/init.d directory
# grep inetd /etc/init.d/inetsvc
/usr/sbin/inetd s t You must restart the inetd daemon for the new option to take effect
# grep daemon.notice /etc/syslog.conf
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
Monitoring a syslog File in Real Time
The tail f command holds the file open so that you can view messages being written to the
file by the syslogd daemon.
# tail f /var/adm/messages Press Ctrl+c to exit
Adding One-Line Entries to a System Log File
logger [-i](logs PID) [-f file] [-p priority] [-t tag] [message]
# logger system rebooted If the user.notice field is configured in the /etc/syslog.conf file,
the message is logged to the file designated for the user.notice selector field
# logger p user.err system rebooted Changing the priority of the messages to user.err
route the messages to the /var/adm/messages file as indicated in the /etc/syslog.conf file
# logger i p2 crit
/dev/sysmsg Console
Module 14 Using Name Services
Name Services DNS, NIS, NIS+, LDAP
/etc/rc2.d/S72inetsvc script Starts DNS during system boot.
/etc/rc2.d/S71rpc script Starts NIS & NIS+ during system boot
/etc/rc2.d/S72directory script Starts iPlanet Server during system boot.
NIS
Flat
NIS+
Hierarchical
Hierarchical
Data Storage
Files/Resoruce
records
Server Types
Master/Cache/
Cache only/
Forwarding
Master/
Slave
Transport
TCP/IP
TCP/IP
TCP/IP
TCP/IP
Scale
WAN
LAN
LAN
WAN
_______________________________________________________________________
The name service switch file determines which services a system uses to search for
information and in which order the name services are searched. All Solaris OE systems uses
the /etc/nsswitch.conf file as the name service switch file. The nsswitch.conf is loaded with
the contents of a template file during the installation of the Solaris OE depending on the name
service that is selected.
Name Service Name Service Template
Local Files
/etc/nsswitch.files
DNS
/etc/nsswitch.dns
NIS
/etc/nsswitch.nis
NIS+
/etc/nsswitch.nisplus
LDAP
/etc/nsswitch.ldap
Configuring the Name Service Cache Daemo (nscd)
The nscd daemon is a process that provides a cache for the most common name service
requests. The /etc/nscd.conf file controls the behavior of the nscd daemon. The nscd daemon
provides caching for passwd, group, hosts, ipnodes, exec_attr, prof_attr and user_attr
databases. Each line specifies either an attribute and a value or an attribute, a cache name,
and a value.
# /etc/init.d/nscd stop (or) start
The getent command provides generic retrieval interface to search many name service
database. As a system administrator, you can query name service information sources with
tools, such as the
ypcat
NIS namespace
nslookup
DNS
ldaplist
LDAP
Bt these tools are not consulting nsswitch.conf file. Whereas getent command searches the
information sources in the order in which they are configured in the name service switch file.
So if there is any error in the file will be identified with this command.
getent database [key]..
database The name of the database to be examined. This name can be passwd, group,
hosts, ipnodes, services, protocols, ethers, networkds, or netmasks.
# getent passwd lp
If exist on an NIS server, the server only answers queries or supplies maps to hosts and
networks whose IP Address exist in the file. The server must be part of the subnet to access
itself.
# cat /var/yp/securenets
# Two methods of giving access to a system. Using the netmask followed by the IP Address
# or host keyword followed by the IP Address
host 127.0.0.1
255.255.255.0
150.10.1.0
host 13.13.14.1
host 13.13.14.2
If you modify entries in the /var/yp/securenets file. You must kill and restart the ypserv and
ypxfrd daemons.
# /usr/lib/netsvc/yp/ypstop (or) ypstart
The passwd.adjunct File
Encrypted password are normally hidden from the user in the /etc/shadow file. With the
default NIS configuration, however the encrypted password string is shown as part of passwd
maps. This file prevents unauthorized users from seeing the encrypted passwords.
# ypmatch k usera passwd
usera: usera:LojyTdiQev512:3001:10:/export/home/usera:/bin/ksh
The passwd.adjunct file contains the account name preceded by ## in the password field.
Subsequent attempts to gain account ino, using the ypcat or ypmatch commands, returnds the
password entry from the passwd adjunct file.
# ypmatch k usera passwd
usera: usera:##usera:3001:10:/export/home/usera:/bin/ksh
Configuring NIS Domain
To locate the source file in another directory, modify the /var/yp/Makefile file:
Change the DIR=/etc line to DIR=Your choice
Change the PWDIR=/etc line to PWDIR=/your-choice
Before you make any modification to the /var/yp/Makefile, save a copy of the original
Makefile file.
The NIS configuration script /usr/sbin/ypinit and the make utility generate NIS maps. The
ypinit command reads the Makefile for source file locations, and converts ASCII scource files
into NIS maps.The /etc/defaultdomain file sets the NIS domain name during system boot.
Important files on the NIS Master (Part 1) hosts, passwd & shadow
Important files on the NIS Master (Part 2)
The /var/yp/domainname directory is the repository for the NIS maps created by the ypinit
script.
The /var/yp/binding/domainname directory contains the ypservers file where the names of
NIS Master server and NIS Slave server are stored.
Important files on the NIS Master (Part 3) The /usr/lib/netsvc/yp directory contains the
ypstop and ypstart commands that stop and start NIS services respectively
# /usr/sbin/ypinit m This command prompts for a list of other machies to become NIS
slave servers.
Configuring the NIS Master Server
Core, End User or Developer software configuration cluster do not have all necessary files in
the /usr/lib/netsvc/yp directory to allow a host to function as an NIS server.
1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file. If necessary, modify the file
2. Enter the domainname command to set the local NIS domain
# domainname classroom.central.sun.com
3. Create an /etc/defaultdomain file with the domain name
4. If the files do not already exist, use the touch command to create zero-length files.
/etc/ethers, /etc/bootparams, /etc/locale, /etc/timezone, /etc/netgroup and /etc/netmasks.
These files are necessary for the creation of the complete set of NIS maps.
5. Install and update Makefile file in the /var/yp directory.
6. Create or populate the /etc/locale file, and make an entry for each domain on your network
using the following format
domainname locale eg. Classroom.central.sun.com en_us
7. Initialize the master server by using the local /etc files
# ypinit m Provide slave server names and Ctrl+D to save the details. Press n for
Terminate it on the first fatal error
Note: If you have to restart the ypinit program, You are prompted to destroy the
/var/yp/domainname directory. Answer Y
8. # /usr/lib/netsvc/yp/ypstart
Testing the NIS Service
$ ypcat hosts Prints value from an NIS map
# ypmatch sys41 localhost hosts
192.168.30.41 sys41
127.0.0.1 localhost loghost
$ ypwhich To identify the master server
sys41
Configure the NIS Client
1. Copy the /etc/nsswitch.nis file to the /etc/nsswitch.conf file
2. Edit the /etc/inet/hosts file to ensure NIS master and slave servers have been defined.
3. # domainname domainname To set the local NIS domain
4. Create and populate the /etc/defaultdomain file with the domain name
5. # ypinit c To initialize the system as an NIS client
6. Enter the names of the NIS Master and all Slave Servers
7. # /usr/lib/netsvc/yp/ypstart
8. # ypwhich m To test the functionality
# cd /var/yp
# ypinit m Initializing the master server
# ypinit s Initializing the slave server
# ypinit c Initializing the client
Ctrl+D To save the file
Is this correct? [y/n] y
Non fatal error [y/n] n
If there is any error follow the below procedure
# cd /etc
# touch ethers bootparams netgroup netmasks timezone
# cd /var/yp
# ypinit m
# /usr/lib/netsvc/yp/ypstart To start the daemons
# ypwhich Shows the map server details
Solaris
# ypwhich m Full details of map
A directory will be created with domain name
# cd /var/yp/digit.com Contains all config file with .pag & .dir extensions
# ypcat <filename> to read the file
# ypcat k passwd With arguments print keys as well as values
# ypmatch k root passwd
NFS Config
# vi /etc/dfs/dfstab
share /export/home
share /usr/man.orig
# /etc/init.d/nfs.server stop
# /etc/init.d/nfs.server start
# useradd d /export/home/chennai1 m chennai1
# useradd d /export/home/chennai2 m chennai2
# passwd chennai1
# passwd chennai2
Remove the /export in the /etc/passwd file for user chennai1 & chennai2. So the home
dir is /home/chennai1
Autofs Config
# vi /etc/auto_master
comment +auto_master to search in WW
/home
auto_home
-nobrowse
/auto_direct
# vi /etc/auto_direct
/usr/share/man 140.40.40.151:/usr/share/man.orig
# vi /etc/auto_home
comment +auto_home
chennai1
140.40.40.151:/export/home/chennai1
chennai2
140.40.40.151:/export/home/chennai2
# automount v
# cd /var/yp
# /usr/ccs/bin/make To update the map after any config change
Include auto direct in Makefile in 2, 3, & 4 section
# /usr/lib/netsvc/yp/ypstop
#/usr/lib/netsvc/yp/ypstart
NIS Client Config
# domainname digit.com
# domainname > /etc/defaultdomain
# vi /etc/hosts
140.40.40.151
Solaris
# cp /etc/nsswitch.nis /etc/nsswitch.conf
# ypnit c
Give master server name Solaris
# /usr/lib/netsvc/yp/ypstart
rpcbind done client has only ypbind daemon
Slave server has ypserve & ypbind daemon
NIS Slave Config
# ypinit s Solaris (Master Server)
Before configuring slave, client config should be done.
Module 17 JumpStart
Four Main Services
Boot Services
Identification Services
Configuration Services
Installation Services
Implementing a Basic Jumpstart Server
1. Spool the OS image
2. Edit the sysidcfg file
3. Edit the rules and profile files
4. Run the check script
5. Run the add_install_client scripts
6. Boot the client
# cd /export
# mkdir config
# mkdir sol_dump
# cd /cdrom/cdrom0/s0/Solaris_9/Misc/Jumpstart_sample/
# cp r * /export/config/
# cd /cdrom/cdrom0/s0/Solaris_8/Tools
# ./setup_install_server /export/sol_dump Copying solaris dump to local directory
# cd /cdrom/cdrom0/Solaris_9/Tools/
# ./add_to_install_server /export/sol_dump Appending 2nd CD content
# cd /etc
# vi ethers
8:0:20:a6:aa:2b
ultra5 (hostname)
# vi /etc/hosts
140.40.40.154
ultra5
# vi /etc/timezone
Asia/Calcutta
ultra5
# cd /export/config/
# vi rules
hostname ultra5 - host_class finish_script
- Pre Install script
host_class Config details like partition
finish_script Post install scripts
# vi host_class
install_type initial_install
system_type standalone
partitioning explicit
Cluster
SUNWXall
filesys
c0t0d0s0 10000 /
filesys
c0t0d0s1 550
swap
filesys
c0t0d0s7 free
/export/home
# vi finish_script
touch /a/noaushutdown
rm /a/etc/defaultdomain
rm r /a/var/yp/digit.com
cp /a/etc/nsswitch.files /a/etc/nsswitch.conf
# vi sysidcfg System identification & configuration. Timezone can also be given here
security_policy=none
name_service=none
network_interface=primary [netmask=255.255.0.0 protocol_ipv6=no]
timezone= Asia/Calcutta
system_locale=en_US
Time zone are listed in the directory structure below the /usr/share/lib/zoneinfo directory.
Locales are listed in the /usr/lib/locale directory
# chmod 755 finish_script
# ./check To check the config
# vi /etc/dfs/dfstab
share o anon=0 /export/home/sol_dump
share o anon=o /export/config
# cd /var/yp
# /usr/ccs/bin/Make
# cd /export/home/sol_dump/solaris_9/Tools
# ./add_install_client c 140.40.40.151:/export/config p 140.40.40.151:/export/config
ultra5(hostname) sun4u
# update the NIS file with make command
From Client
ok boot net install Will search the network and start the installation automatically
Before a Jumpstart client can boot and obtain all of the NFS resourctes it requires, every
directory listed as an argument to the add_install_client script must be shared by the server on
which it resides.
Setting Up a Boot-Only Server
A boot server responds to RARP, TFTP, and bootparams requests from jumpstart clients and
provides a boot image using the NFS service.
1. Running the setup_install_server script with the b option to spool a boot image from
CD-Rom or DVD
2. Running the add_install_client script with options and argument that shows a list of
servers and the identification config, and installation services that they provide.
Executing the setup_install_server script
# mkdir /export/install
# cd /cdrom/cdrom0/s0/Solaris_9/Tools
# ./setup_install_server b /export/install
Executing the add_install_client script
Before you run the script, update the hosts and ethers information for the jumpstart client
/etc/inet/hosts
192.10.10.4
client1
/etc/ethers
8:0:20:9c:88:5b
client1
The boot server must have entry in /etc/inet/hosts file for each server you specify while you
run add_install_client script.
# cd /export/install/Solaris_9/Tools
# ./add_install_client c server1:/export/config p server1:/export/config client1 sun4u
Configuring NIS for Jumpstart Procedures
Configuring NIS to support jumpstart procedures involves editing files and running
commands on the NIS master server in use. Info supplied in the sysidcfg file overrides any
information you make available in NIS.
A change to any file that is represented by a map in an NIS domain requires that you
complete the following steps on the NIS master server
# vi /etc/inet/hosts
192.10.10.4 client1
# vi /etc/ethers
8:0:20:88:5b client1
# vi locale
client1
en_US
# cd /var/yp
# vi Makefile
1. Add the text after the existing *.time entries. Duplicate the timezone entry, and replace
timezone with locale
Add/Append the word locale to the line beginning with the word all
Add the following line after the auto.home: autohometime entry
Locale: locale.time
Save the file and exit the editor
# cd /var/yp
# /usr/ccs/bin/make
2. On any slave servers that exist in the NIS domain, run the ypxfr command to transfer the
locale.byname map for the first time.
# /usr/bin/netsvc/yp/ypxfr locale.byname
3. On the NIS master server, again update the NIS maps by running the make command
# cd /var/yp
# /usr/ccs/bin/make
# vi /etc/timezone
US/Mountain client1
US/Mountain Central.sun.com
# cd /var/yp
# /usr/ccs/bin/make
# /vi /etc/netmasks
192.9.200.0 255.255.255.0
# cd /var/yp
# /usr/ccs/bin/make
Each time you run the add_install_client script on a boot server to provide boot support
for a jumpstart client, the script checks the /etc/nsswitch.conf file for the bootparams entry.
Begin Script
Profile
Finish Script
Use can use CD/DVD soruces as boot source instead of spooled Solaris OE Image. Also
you can use a Flash source as an alternative installation service.
Identifying Log Files
Jumpstart clients retain the following log files during the installation process:
/tmp/begin.log
/tmp/finish.log
/tmp/install_log
/var/sadm/system/logs/sysidtool.log
Jumpstart clients retain a corresponding set of log files after the installation process
completes and the system reboots
/var/sadm/system/logs/begin.log
/var/sadm/system/logs/finish.log
/var/sadm/system/logs/install_log
/var/sadm/system/logs/sysidtool.log
Module 18 Flash
# flarcreate n flash_archive R / -C x /flash /flash/flash_archive
flash_archive Any name can be given
-R To mention root path
-C To compress the archive file
-x To exclude folders while creating archive image
-t Create an archive on a tape device
Administering a Flash Archive
flare i archive Retrievs info about the archive
flare c archive Combines the individual sections that make up an existing archive into a
new archive
flare s archive Splits an archive into one file for each sections of the archive
/etc/ethers Mac address and hostname
/etc/hosts IP Address and hostname
# cd /export/config
# vi rules Same as Jumpstart content
# vi host_class Same as Jumpstart content except few options
install_type flashinstall
archive_location nfs 140.40.40.160:/flash/flash_archive
partitioning
.
.