Solaris - Sys Admin 1

PART 1: Ch1
SYSTEM CONCEPTS
Pradip Gudale 1
Operating System
• Definition : Set of programs that manage
all computer operations and provides an
interface between the User and the System
Resources
• Main parts of OS are Kernel, Shell and File
structure
Pradip Gudale 2
Kernel
• Manages devices, memory processes and
daemons
• controls the functions (transfer) between
programs and hardware
• schedules & executes processes
• Manages swap & daemons
Pradip Gudale 3
H/W
KERNEL
Shell
Pradip Gudale 4
OS shells
• Bourne shell ($) : default, AT & T Unix
• C shell (%) : similar features as Korn shell
• Korn shell ($) : superset of Bourne shell;
adds aliasing, history and command line
editing
Pradip Gudale 5
FS structure
• Directory hierarchy
• topmost directory is root
• /usr, /opt, /dev, /export/home, /kernel
(genunix resides here)
Pradip Gudale 6
termionology
• Host : a computer system
• host name : unique; each on network must have
hostname
• Ip address : number used by networking s/w
• client : host that uses services from other hosts
• server : host that provides service
• network : group of connected hosts
Pradip Gudale 7
Examples of server
• File server
• print server8
• boot server
• install server
• name server
• mail server
Pradip Gudale 8
PART 1:
Managing Users & Groups
Pradip Gudale 9
Solaris Users and Groups
• role-based access control (RBAC)
provides a flexible way to package
superuser privileges
• Special type of User Account called
“Role”
Pradip Gudale 10
User Account Information
• User Name
• Password
• User’s Home Directory
• Initialization Files
Pradip Gudale 11
User => Group
• You add a User to a particular Group
• This is to give access for a particular file or
directory to a set of users
Pradip Gudale 12
User ID Numbers Login Accounts Reserved For …
---------------------------------------------------------------
0 - 99 root, daemon, bin, sys, etc. System accounts
100 - 2147483647 Regular users General purpose accounts
60001 nobody Unauthenticated users
60002 noaccess Compatibility with Solaris 2.0 and

compatible versions and SVR4
releases
Pradip Gudale 13
PASSWORD
• Password aging feature
• must be changed after specified period
• cannot be changed within specified period
Pradip Gudale 14
Home directories
• Usually /export/home/username
• Can be on local m/c or file server
• accessed via /home/username
• if automounter is used it does not allow you
to vreate anything under /home
Pradip Gudale 15
User’s Initialization Files
• .login
• .cshrc
• .profile
• System initialization files are /etc/.login and
/etc/profile
Pradip Gudale 16
Groups…. Each group to have
• group name
• group ID
• list of users that belong to the group
Pradip Gudale 17
groups
• Each user can be assigned to two types of
groups…. 1 Primary and 16 secondary
• Files created by user are assigned GID of
the group the user primarily belong to
• secondary group not important for files….
It is useful for some applications like
admintool which expects user to belong to
sysadmin group GID 14
Pradip Gudale 18
Groups
• groups command lists all groups user
belongs to
• primary group of the user can be
temporarily changed using newgrp
command to any other group user is a
member of
Pradip Gudale 19
Management of users and groups
• Local system… use admintool with CDE or
commands like useradd, groupadd etc
• local/remote system… use adminsuite with
CDE
Add a User Account
NIS+ nistbladm & nisclient
NIS useradd & make
None useradd
Pradip Gudale 20
Where information is stored ?
• /etc/passwd and /etc/shadow
• username:password:uid:gid:commen
t:homedirectory:login-shell
• e.g. root:x:0:1:Super
User:/:/sbin/sh
rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978
• e.g.
Pradip Gudale 21
PART 1:
Initialization Files
Pradip Gudale 22
Initialization Files
example of .profile
PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/c
cs/bin:. 1
MAIL=/var/mail/$LOGNAME 2
NNTPSERVER=server1 3
MANPATH=/usr/share/man:/usr/local/man 4
PRINTER=printer1 5
umask 022 6
export PATH MAIL NNTPSERVER MANPATH
PRINTER 7
Pradip Gudale 23
Customization of Environment
• Solaris provides template files in /etc/skel
• For Bourne Shell /$HOME/.profile
• For C Shell /$HOME/.cshrc and
/$HOME/.login
• For korn Shell .profile and /$HOME/$ENV
Pradip Gudale 24
/etc/skel
C Shell /etc/skel/local.login

/etc/skel/local.cshrc
Bourne or Korn /etc/skel/local.profile
Pradip Gudale 25
BOURNE C Shell Korn Shell
Job control Yes Yes Yes
History list No Yes Yes
No Yes Yes
No Yes Yes
No Yes Yes
ng
No Yes Yes
d
No Yes
No Yes Yes
from
No
Pradip Gudale Yes
26
No Yes No
Shell environment
• Environment variables : upper case .. Use
setenv command
• shell (local) variables : lower case.. Use
set command. E.g. user term home and
path
• C shell setenv VARIABLE value
• Bourne or Korn shell
VARIABLE=value; export
VARIABLE Pradip Gudale 27
Environment variables
• LPDEST Sets the user’s default printer.
• MAIL Sets the path to the user’s
mailbox.
• MANPATH Sets the hierarchies of man
pages available.
• OPENWINHOME Sets the path to the
OpenWindows subsystem.
Pradip Gudale 28
Variables… cntd
• prompt Defines the shell prompt for
the C shell.
• PS1 Defines the shell prompt for the
Bourne or Korn shell.
• SHELL (or shell in
• the C shell)
• Sets the default shell used by make, vi,
and other tools.
Pradip Gudale 29
Variables.. cntd
• PATH=/usr/bin:/usr/sbin:/opt/SUNWmd/
• CDPATH=/export/home/rajiv
• TERM (or term in the C shell) Defines
the terminal. This variable should be
reset in /etc/profile or
/etc/.login. When the user invokes
an editor, the system looks for a file with
the same name as the definition of this
environment variable.
Pradip Gudale 30
umask
Default permissions given for file
or directory when created, by
subtracting umask value from 666 or
777
file directory
0 rw rwx
1 rw rw
2 r rx
3 r r
4 w wx
5 w w
6 x x
Pradip Gudale 31
7 (none) (none)
PART 1:
Booting & Run Levels
Pradip Gudale 32
Booting & Shutdown
• What’s new in this release ?
• What was the method used earlier ?
• How do we boot Intel Platform Solaris ?
Pradip Gudale 33
Terminology
• init state
• run level
• Which process helps change run-levels
Pradip Gudale 34
Types of Boot
• Interactive
• Reconfiguration
• Recovery
Pradip Gudale 35
Shutdown commands
• init
• shutdown
Which one is better ?

Why ?
Can anybody shutdown the system ?
Pradip Gudale 36
When do you need to change
run_levels ?
• Add new h/w
• backup-restore
• retune kernel parameters
• repair system configuration file
• known power outage
Pradip Gudale 37
Run control
How to Determine a System’s Run Level ?
How to Use a Run Control Script to Stop or Start a Service ?
How to Add a Run Control Script ?
How to Disable a Run Control Script ?
Pradip Gudale 38
Current run level ?
$ who -r
. runlevel 3 Sep 1 14:45 3 0 S
Since when ?
Number of times at this RL

since last boot
privious
Pradip Gudale 39
/etc/inittab file
Provides three important items to init process
The system’s default run level
What processes to start, monitor, and restart if they

terminate
What actions to be taken when the system enters a

new run level
Pradip Gudale 40
/etc/inittab entries
Each entry in the /etc/inittab file has the
following fields:
id:rstate:action:process
Unique id
Applies to these
run levels
How the process

is to be run
The command to execute
Pradip Gudale 41
/etc/inittab entries
ap::sysinit:/sbin/autopush f
/etc/iu.ap
is:3:initdefault:
p3:s1234:powerfail:/usr/sbin/shutdown
y i5 g0 >/dev/msglog
2<>/dev/console
sS:s:wait:/sbin/rcS >/dev/msglog
2<>/dev/msglog </dev/
sc:234:respawn:/usr/lib/saf/sac t 300
Pradip Gudale 42
What happens when init runs
1. The init process is started and reads the
/etc/default/init file to set any environment
variables. By default, only the TIMEZONE variable is set.
2. Then init reads the inittab file to do the
following:
a. Identify the initdefault entry, which defines the
default run level (3).
b. Execute any process entries that have sysinit in the
action field so that any special initializations can take
place before users login.
c. Execute any process entries that have 3 in the rstate
field, which matches the default
Pradip Gudalerun level, 3. 43
Run control scripts
• Each associated with rc.x script in /sbin
• there is a corresponding directory /etc/rcx.d
which contains [KS] [0-9] [0-9] * scripts for
starting or stopping various services
• The scripts are kept in /etc/init.d and are
linked to files in /etc/rcx.d
Pradip Gudale 44
Sample /etc/rc2.d
# ls /etc/rc2.d
K07dmi S70uucp S75cron S91afbinit
K07snmpdx S71ldap.client S75flashprom
S91ifbinit K28nfs.server S71rpc
S75savecore S92volmgt README
S71sysid.sys S76nscd S93cacheos.finish
S01MOUNTFSYS S72autoinstall S80PRESERVE
S94ncalogd
S05RMTMPFILES S72inetsvc S80lp
S95IIim
S20sysetup S72slpd S80spc S95amiserv
S21perf S73cachefs.daemon S85power
S95ocfserv
Pradip Gudale 45
Adding scripts
How would you add a script to

start/stop some service ?
Pradip Gudale 46
Adding scripts….
# cp filename
# cp /etc/init.d
filename /etc/init.d
# chmod 0744 /etc/init.d/filename
# chmod 0744 /etc/init.d/filename
# chown root:sys /etc/init.d/filename
# chown root:sys /etc/init.d/filename
# cd /etc/init.d
# ln filename /etc/rc2.d/Snnfilename
# ln filename /etc/rcn.d/Knnfilename
Pradip Gudale 47
Summary of rc scripts
/sbin/rc0 Performs the following tasks:
Stops system services and daemons
Terminates all running processes
Unmounts all file systems
Pradip Gudale 48
/sbin/rc1
Stops system services and daemons
Terminates all running processes
Unmounts all file systems
Brings the system up in single-user mode
Pradip Gudale 49
/sbin/rc2
Mounts all local file systems
Enables disk quotas if at least one file system was mounted with
the quota option
Saves editor temporary files in /usr/preserve
Removes any files in the /tmp directory
Configures system accounting
Configures default router
Sets NIS domain and ifconfig netmask
Reboots the system from the installation media or a boot server if
either /.PREINSTALL or /AUTOINSTALL exists
Starts inetd and rpcbind and named, if appropriate
Pradip Gudale 50
/sbin/rc2…… cntd
Starts Kerberos client-side daemon, kerbd

Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd),
depending on whether the system is configured for NIS or NIS+,
and whether the system is a client or a server
Starts keyserv, statd, lockd, xntpd, and utmpd
Mounts all NFS entries
Starts nscd (name service cache daemon)
Starts automount, cron, LP print service, sendmail, utmpd, and
vold daemons
Pradip Gudale 51
/sbin/rc3
bin/rc3 Runs the /etc/rc3.d scripts to perform the following tas
Cleans up sharetab
Starts nfsd
Starts mountd
If the system is a boot server, starts rarpd, rpc.bootparamd, and
rpld
Starts snmpdx (Solstice Enterprise Agents
TM
process).
Pradip Gudale 52
/sbin/rc5 and /sbin/rc6
/sbin/rc5 and /
sbin/rc6
Runs the /etc/rc0.d/K* scripts to perform the following tasks:
Kills all active processes
Unmounts the file systems
Pradip Gudale 53
/sbin/rcS
Establishes a minimal network

Mounts /usr, if necessary
Sets the system name
Checks the root (/) and /usr file systems
Mounts pseudo file systems (/proc and /dev/fd)
Rebuilds the device entries for reconfiguration boots
Checks and mounts other file systems to be mounted in single-user
mode
Pradip Gudale 54
Shutdown commands
• Shutdown
• init
• reboot
• halt
Pradip Gudale 55
PART 1:
Booting of the system &

BOOT PROM
Pradip Gudale 56
Prom monitor
>n
OK
Pradip Gudale 57
Prom monitor
How to find PROM version ?

How to change boot-device ?
How to change boot-files ?
Pradip Gudale 58
Prom monitor : important
commands
• printenv
• setenv
• probe-scsi-all
• reset
Pradip Gudale 59
Boot command
ok boot [boot-device] [boot-files] [boot options]
-a
-s
-r
………….Try it out
Pradip Gudale 60
Boot over a network
• Need to set up a boot server
• rarp or dhcp protocols
• for dhcp PROM version must be > 3.25
• ok nvalias net
/pci@1f,4000/network@1,1:dhc
p
Pradip Gudale 61
Stop system for recovery
press Stopa or L1a.

On terminals, press the Break key.
Pradip Gudale 62
Intel Solaris
Solaris Boot Diskette
Solaris Installation CD
Pradip Gudale 63
Boot process
Pradip Gudale 64
What all does a PROM do ?
Pradip Gudale 65
Boot phases
• Boot prom phase
• boot program phase
• kernel initialization phase
• init phase
Pradip Gudale 66
Boot phases
Boot prom :the PROM loads the primary boot program,
bootblk
bootblk program finds and executes the secondary
boot program, ufsboot, and loads it into memory.
ufsboot program loads the kernel.

kernel initializes itself and begins loading modules
kernel unmaps the ufsboot
kernel creates a user process and starts the

/sbin/init
Pradip Gudale 67
PART 1:
Pradip Gudale 68
Volume Management
Major Benefits
Pradip Gudale 69
/etc/init.d/volmgt
• automatically mounts diskettes and
CDs
• enables you to access diskettes and
CDs without having to become
superuser.
• allows you to give other systems on the
network automatic access to any
diskettes and CDs you insert into your
system Pradip Gudale 70
Manual mounting
Steps Manual Mounting Automatic Mounting
1 Insert media.
2 Become superuser.
3 Determine the location of the media device.
4 Create a mount point.
5 Make sure you are not in the mount point directory.
6 Mount the device using the proper mount options.
7 Work with files
8 Become Superuser and unmount
9 Eject media
Pradip Gudale 71
How to access from FDD/CD
enter floppy and run volcheck
Files on a diskette or Raw data on a diskette
access through /vol/dev/aliases/floppy0
File Systems on floppy
access through /floppy/floppy0
Files on a CD : Enter The CD and wait for a few seconds

access through /cdrom/cdrom0
Pradip Gudale 72
Files copied from CD
Remember……..
Files copied to disk will not have write permissions
WHY ?
Pradip Gudale 73
How do you find who are using
the CD ?
# fuser -u [-k] /cdrom/cdrom0
Pradip Gudale 74
..How do you use CDROM
connected to another M/C ?
Prerequisite ?
CDROM on
other M/C must
be shared..
Pradip Gudale 75
$ showmount -e system-name
export list for system-
name:
/cdrom/sol_8_sparc
(everyone)
Become a superuser
# mount -F nfs -o ro system-name:/cdrom/cd-name

mountpoint
Pradip Gudale
…….Try this out
76
..How do you make CDROM on
your system available to other
systems ?
Basically…. It-must-be-shared
Pradip Gudale 77
STEPS …..
# mkdir /dummy
# vi /etc/dfs/dfstab
( Add the following line:)
share -F nfs -o ro /dummy
# eject cdrom0
# chmod 644 /etc/rmmount.conf
# vi /etc/rmmount
( Add the following line to the File
System Sharing section:)
share cdrom*
# chmod 444 /etc/rmmount.conf
( Load a CD.)
# share
Pradip Gudale 78
Configure a System to Play
Musical CDs
Edit /etc/rmmount.conf and add action line
# Actions
action cdrom action_workman.so path/workman
Workman-options
path The dir in which you have placed the Workman S/W
workman-options The options allowed by the Workman S/W

Pradip Gudale 79
“start and stop volume
management”
# /etc/init.d/volmgt start
# /etc/init.d/volmgt stop
Pradip Gudale 80
Formatting floppies ...tasks
• Load unformatted diskette
• Format diskette for dos
• Format diskette for ufs
• make ufs FS
Pradip Gudale …...Try this out81

Known restriction..
Diskettes formatted for UFS are restricted to the hardware
platform on which they were formatted.
In other words, a UFS diskette formatted on a SPARC

based platform cannot be used for UFS on an IA platform,
nor can a diskette formatted on an IA platform be used on a
SPARC based platform. This is because the SPARC and IA
UFS formats are different.
SPARC uses little-endian bit coding, IA uses big-endian.
Pradip Gudale 82
Can format to 7 densities
• 3.5” Extended • 5.25” High Density
Density 2.88 Mbytes (HD) 1.2 Mbytes
• 3.5” High Density • 5.25” Medium
(HD) 1.44 Mbytes Density (DD) 720
• 3.5” Medium Density Kbytes
(DD) 1.2 Mbytes • 5.25” Low Density
• 3.5” Low Density 360 Kbytes
720 Kbytes
Pradip Gudale 83
Formatting defaults...
• the diskette drive formats a diskette to a
like density unless instructed otherwise
• a diskette can be formatted to its
capacity or lower
• a drive can format to its capacity or
lower
Pradip Gudale 84
Use fdformat command with
density option….
To Format In A Drive fdformat Density
a diskette as of option
2.88 Mbytes 2.88 Mbytes −E

1.44 Mbytes 2.88 Mbytes −H
1.44 Mbytes 1.44 Mbytes none
1.2 Mbytes 1.44 Mbytes −t nec −M
720 Kbytes 1.44 Mbytes −D or −t dos −D
1.2 Mbytes 1.2 Mbytes none
720 Kbytes 1.2 Mbytes −D
720 Kbytes 720 Kbytes none
360 Kbytes 720 Kbytes
Pradip Gudale
−D 85
fdformat
• fdformat -z to view options
• start fdformat w/o density option to find out
drive’s default density
Pradip Gudale 86
Formatting for ufs FS
$ fdformat -v -U [density-options convenience-options]
verify e.g. -D 720KB
-e eject
-f force ..no questions
Unmount if mounted
-b label
Pradip Gudale -z just show options 87
How to Place a UFS File
System on a Diskette ?
Command to create FS options to this command
/usr/sbin/newfs Where to make FS
Type of FS
ufs taken as
default
Pradip Gudale 88
Creating FS
/usr/sbin/newfs -v /vol/dev/aliases/floppy0
Displays status
Pradip Gudale 89
Auto mounting
Invoke the volrmmount command using the −i
option to notify Volume Management that the diskette is
inserted.
$ volrmmount -i floppy0
Use #ls /floppy to confirm mounted ufs FS
Pradip Gudale 90
Formatting for DOS
$ fdformat -v -U [density-options convenience-
options]
-d 1.44MB for MS-DOS

-d -D 720KB for MS-DOS
Pradip Gudale 91
Things to remember
• volcheck -v command to notify volume
management
• floppy0 is symbolic link to floppy name
• if nothing is found under /floppy it means
floppy not mounted or not formatted
• /floppy is same as /vol/dev/diskette0
• fuser -u [-k] floppy0 to find user and [kill]
• if formatted but without name system refers
to it as unnamed_floppy
• # ls /floppy/floppy0 to see
Pradip Gudale 92
How to use floppy put in another
M/C’s floppy drive ?
Same as CDROM …… except…...
Add the following lines to /etc/rmmount.conf

on a system where floppy drive is
connected and to be shared
# File System Sharing
share floppy*
Pradip Gudale 93
How
Volume Management
works?
Pradip Gudale 94
Volume management
• All removable media made available under
/vol/dev
/vol/dev
Drive --- diskette0 rdiskette0
Pradip Gudale 95
Volume management
/vol/dev
Drive --- diskette0 rdiskette0
Diskette name Diskette name

Pradip Gudale 96
CDROMs
/vol/dev
dsk rdsk
c0t6 c0t6
cdrom drive
Pradip Gudale 97
CDROMs
/vol/dev
dsk rdsk
c0t6 c0t6
cdrom drive
cd name cd name
Pradip Gudale 98
To make access more convenient, Volume Management uses
two special mount points, /floppy and /cdrom.
floppy cdrom
Volume Management mounts the

/vol/dev/diskette0 and
/vol/dev/dsk/c0t6 directories onto /floppy and
/cdrom
Pradip Gudale 99
Convenient mount points
/floppy and /cdrom
However, these mount points depend on proper
formatting. If a diskette is formatted, the mount
succeeds, but if it is unformatted, the mount
fails and the diskette is only available under
/vol/dev/diskette0.
Pradip Gudale 100

Additional convenience
symbolic links
/floppy/floppy0 > /floppy/name >
/vol/dev/diskette0/name
/cdrom/cdrom0 > /cdrom/cd-name >
/vol/dev/dsk/c0t6d0/cd-name
The symbolic links for file system access simply link the
directories /floppy/floppy0 and /cdrom/cdrom0 to the
diskette inserted into the first diskette drive and the CD
inserted into the first CD-ROM drive:
Pradip Gudale 101

What’s the advantage of
symbolic links ?
enable you to access floppies and CDs without

knowing their names.
You can use the link names, floppy0 or cdrom0,

instead.
Pradip Gudale 102

Symbolic links for
raw device access
/vol/dev/aliases/floppy0 >
/vol/dev/rdiskette0/diskette-name
/vol/dev/aliases/cdrom0 >
/vol/dev/rdsk/c0t6d0/cd-name
Pradip Gudale 103

Purpose of symbolic links
to enable you to access a raw-character diskette or CD

without knowing its name
use /vol/dev/aliases/floppy0 or
/vol/dev/aliases/cdrom0 link names.
Pradip Gudale 104

compatibilities
• Ufs : not compatible between Sparc and
Intel
• CDROM : HSFS type; No issues
Pradip Gudale 105

installation CDs, contain mixed formats; that is, part
UFS, and part ISO 9660 standard
the CD is split into slices
9660 portion : portable

UFS portion : architecture-specific
ISO 9660
UFS : Sparc
UFS : Intel
Pradip Gudale 106

Volume Management ignores un-related
formats on CDs and mounts appropriate
slice
Pradip Gudale 107

CD slices appear as….
$ ls /cdrom/cdrom0
S0 S2
$ ls /vol/dev/dsk/c0t6
S0 S2
Pradip Gudale 108

PART 1:
SOFTWARE
ADMINISTRATION
Pradip Gudale 109

S/W administration
• Adding and Removing S/W
• Checking Consistemncy
• understanding S/W packages
• Adding and removing patches
Pradip Gudale 110

What is a S/W Package ?
Sun and other vendors distribute

S/W in the form of Package
package is a collection of files and
directories in a defined format.
Pradip Gudale 111

Package Admin Commands
Solaris provides utilities to

understand the package format
and istall, Remove and check
packages
pkgadd, pkgrm and pkgcheck
Pradip Gudale 112
Admintool to manage S/W
Add packages to a spool directory
: Not possible
Eliminate user interaction by using an

administration file : Not possible
Pradip Gudale 113

S/W PACKAGE
Control files S/w files
Pkgadd Pkadd uncompresses and

interpretes installs in base directory
Keeps track of
what is installed
Pradip Gudale 114

#Pkgrm pkgname
Removes all files for that

package unless they are
shared with another package
Pradip Gudale 115

Things to know….
How packages are named ?
….. SUNWutr, SUNWvolr
How to see what are installed ?
….. Pkginfo / admintool
How to install S/W for clients ?

….. Some part on server some on client
Pradip Gudale 116

client-server scenario
a piece of software might have a package with

files that are installed on the client’s root file
system and a package with files that are
installed on the /usr file system, which the
client typically mounts from a server.
Pradip Gudale 117

administration file
Comes into play with -a option to

pkgadd
# pkgadd -a filename pkgname
Looks for admin file in current dir OR in
/var/sadm/install/admin
Pradip Gudale 118

Uses of admin file...
manipulate the base directory by setting the
basedir keyword in a special file called an
administration file.
basedir=/usr/v5/sbin
Avoid user interaction while adding or removing

packages
Quit installation if error encountered
……...etc. Pradip Gudale 119

Response file….
Using a Response File
A response file contains your answers to specific

questions asked by an interactive package.
An interactive package includes a request script

that asks you questions prior to package installation,
such as whether or not optional pieces of the
package should be installed.
Pradip Gudale 120

Response file
Use pkgask command to store

your replies and use it as…
pkgadd -r response-file
…. To avoid user interaction
Pradip Gudale 121
commands
# pkgadd -a admin-file -d device-name pkgid

...
Default…
/var/spool/pkg
Pradip Gudale 122

commands
Verification of
installed package...
# pkgchk -v pkgid
If pkgchk determines there are no errors, it returns a

list of installed files.
Otherwise, it reports the error.
Pradip Gudale 123

What do you understand from
this..
# mount -F nfs -o ro package-server:/latest-
packages /mnt
# pkgadd -d /mnt SUNWaudio

.
Pradip Gudale 124

..and what do you think is this ?
# pkgadd -d
/cdrom/sol_8_sparc/s0/Solaris_8/Product
-s /var/spool/pkg SUNWaudio
Pradip Gudale 125

Is this command OK ?
# pkgadd SUNWman
Pradip Gudale 126

pkginfo
Tells what packages are
installed on the system
$ pkginfo
system SUNWaccr System
Accounting, (Root)
system SUNWaccu System Accounting,
(Usr)
system SUNWadmap System
administration applications
system SUNWadmc System
Pradip Gudale 127
administration core libraries
Integrity of installed packages
# pkgchk -dspooldir pkgid ...
# pkgchk [ -a -c -v ] pkgid

...
attributes Default: both a & c
contents
Pradip Gudale 128

$ pkginfo -l SUNWcar
PKGINST: SUNWcar
NAME: Core Architecture, (Root)
CATEGORY: system
ARCH: sparc.sun4u
VERSION: 11.8.0,REV=1999.09.18.11.52
BASEDIR: /
VENDOR: Sun Microsystems, Inc.
DESC: core software for a specific hardware
platform group
PSTAMP: humbolt19990821191439
INSTDATE: Sep 18 1999 11:53
HOTLINE: Please contact your local service
provider
STATUS: completely installed
FILES: 95 installed pathnames
31 shared pathnames Pradip Gudale 129
35 directories
Removal of packages
Always use
#pkgrm [-s spooldir] pkgid
Do not use “rm” to remove
package files….. WHY ?
Pradip Gudale 130

“Removal of packages”
Can be done through admintool
What is the prerequisite ?
Be either super-user
or
member of sysadm group
Pradip Gudale 131
patches
• What are they ?
• How are they distributed ?
• How are they numbered ?
• What happens when you install patches ?
• What happens when you remove patches ?
Pradip Gudale 132

What is a patch ?
collection of files and directories

that replace or update existing files and
directories that are preventing proper
execution of the software.
The existing software is derived from a
specified package
Pradip Gudale 133

Knowing what are applied
# showrev -p
# patchadd -p
# pkgparam pkgid PATCHLIST
# pkgparam pkgid PATCH_INFO_patch-

number
Tells inst date and host from where applied
Pradip Gudale 134
Patch distribution
via www OR anonymous ftp
http://www.sun.com
For contract customers : Full sunsolve

database and periodical CDs
For others: general set of patches

Pradip Gudale 135
ftp
sunsolve1.sun.com (provided by Sun Service) or
sunsite.unc.edu (maintained by the University of
North Carolina).
Login as anonymous
password as complete e-mail address
pickup patches from
/pubs/patches directory.
Transfer mode :
binary Pradip Gudale 136
Patch numbering
106925–02
Patch base code
hyphen
Patch revision
Pradip Gudale 137

What happens when you install a
patch ?
• patchadd calls pkgadd
• checks version of target system
• updates patch packages pkginfo file with
what are the patches getting obsoleted by
this, what are other required patches by this
and patches incompatible with this etc.
• patch installation log is kept in
/var/sadm/patch/patch-
number/log Pradip Gudale 138
Patch not installed if…...
* The package is not fully installed on the host
* The patch packages architecture differs from the
system’s architecture
*The patch packages version does not match the
installed package’s version
*There is already an installed patch with the same base
code and a higher version number
* The patch is incompatible with another, already
installed patch. (Each installed patch keeps this
information in its pkginfo file)
* The patch being installed requires another patch that
is not installed
Pradip Gudale 139
Patch removal
Means… backing out a patch

All files modified by patch are
restored back to original
Pradip Gudale 140

patchrm restores old files
unless….
* The patch was installed with patchadd d (which
instructs patchadd not to save copies of files being
updated or replaced)
* The patch has been obsoleted by a later patch
* The patch is required by another patch
patchrm keeps a log of the back out process in

/tmp/backoutlog.process_id. This log file is
removed if the patch backs Pradip
out Gudale 141
PART 1:
DISK
MANAGEMENT
Pradip Gudale 142

Disk geometry
• Bits and bytes
• Sectors
• Tracks
• Cylinders
• Heads
• Disk Controller
• Device drivers
Pradip Gudale 143
……….more
• Disk slices
• Disk Labels
• Cylinder Groups
• File Systems
Pradip Gudale 144

FS characteristics
• Files are stored in FS
• Each FS is assigned one slice i.e FS can not
span multiple slices
• In one slice only one FS can be go
• To the OS each slice appears as
independent disk
• FS is a fully functional independent unit
Pradip Gudale 145
Disk slices / partitions
SPARC Platforms IA Platforms
Whole disk given to the FDISK partitioned

operating environment Only one given to OE
8 slices maximum one partition: 10 slices
slices are 0-7 slices are 0-9
Pradip Gudale 146

What gets stored ..where ?
• Slice 0 : root--OS files and directories
• 1: Swap--workspace
• 2: Overlap
• 3: /export--diff arch os files for clients
• 4: /export/swap--swap for clients
• 5: /opt--applications added
• 6: /usr-- executables and library routines
• 7: /home or /export/home--user’s
Pradip Gudale stuff 147
Intel specific….
• Slice 8: info that helps Solaris to boot from
Hard Disk. Resides at the beginning of disk
• Slice 9: alternate blocks for assignment in
lieu of bad blocks
Pradip Gudale 148

Note on usage
Do not use the following areas of the disk for raw
data slices, which are sometimes created by third-
party database applications:
1. Block 0, cylinder 0, where the disk label is stored.

2. Avoid cylinder 0 entirely for improved
performance.
3. Slice 2, which represents the entire disk.
A slice cannot be split between two or more disks.

However, multiple swap slices on separate disks are
allowed. Pradip Gudale 149
PART 1:
format utility
Pradip Gudale 150

format
• Menu driven built-in utility
• For preparing hard disks for use
• does more than mere formatting disks
• Not for floppies, cdroms and mag tapes
Pradip Gudale 151

What all can “format” do ?
• Search all connected devices and display
• display partition information
• modify partitions information
• label the disk
• analyze and repair the disk
• low level format the disk
Pradip Gudale 152

Most common usage..
• Partition
• label
Formatting is destructive process….

helps preparing unfromatted disk
helps gather bad areas information
Pradip Gudale 153
Disk Label VTOC
Cylinder 0 Block 0 Sector 0
controller geometry Partition tabel

or slices
Pradip Gudale 154

Partition tabel
• Number : 0 to 7
• tag : 0=UNASSIGNED 1=BOOT 2=ROOT 3=SWAP
4=USR5=BACKUP 7=VAR 8=HOME
numeric value that usually describes the file system
mounted on this partition.
• flags : wm The partition is writable and mountable
wu writable & unmountable -- swap
rm read only & mountable
Pradip Gudale 155

Example partition table
Total disk cylinders available: 2036 + 2
(reserved cylinders)
Part Tag Flag Cylinders
Size Blocks
0 root wm 0 300
148.15MB (301/0/0) 303408
1 swap wu 301 524
110.25MB (224/0/0) 225792
2 backup wm 0 2035
1002.9MB (2036/0/0) 2052288
3 unassigned wm 0
0 (0/0/0) 0
Pradip Gudale 156
sectors
# prtvtoc /dev/rdsk/c0t1d0s0
* /dev/rdsk/c0t1d0s0 partition map
* Dimensions:
* 512 bytes/sector
* 72 sectors/track
* 14 tracks/cylinder
* 1008 sectors/cylinder
* 2038 cylinders
* 2036 accessible cylinders
* Flags:
* 1: unmountable
* 10: readonly
* First
Sector Last
* Partition Tag Flags Sector Count
Sector Mount Directory
0 2 00 0
Pradip Gudale 157
Formatting a disk
Easiest way is to use “modify”

option under format..partition
…try out extensively

Pradip Gudale 158
Recovering the disk
• Recover disk geometry i.e. label
• restore root FS if it is a boot disk
• restore usr FS if it is a boot disk
• ……..Then what ? Will it boot ?
Pradip Gudale 159

Put a boot block on the disk
For Sparc:
# installboot
/usr/platform/sun4m/lib/fs/ufs/bootblk
/dev/rdsk/c0t0d0s0
`Uname -I`
For Intel:
# installboot
/usr/platform/i86pc/lib/fs/ufs/pboot
/usr/platform/i86pc/lib/fs/ufs/bootblk
/dev/rdsk/c0t6d0s2
Pradip Gudale 160
Recovering corrupted disk label
Step 1: is to put back disk geometry
automatic configuration
or
manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label

format> verify
Step 3: backup label is put
format> backup Pradip Gudale 161
Recovering corrupted disk label
Step 1: is to put back disk geometry
automatic configuration
or
manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label

format> verify
Step 3: backup label is put
format> backup Pradip Gudale 162
Support for third party disks
supply either a device driver, a format.dat entry, or

both of these.
Unrecognized disks cannot be formatted without precise

information about the disk’s geometry and operating
parameters. This information is supplied in the
/etc/format.dat file.
Pradip Gudale 163

Disk parameters example..
disk_type = "SUN2.1G" \
: ctlr = SCSI : fmt_time = 4 \
: ncyl = 2733 : acyl = 2 : pcyl = 3500 :
nhead = 19 : nsect = 80 \
: rpm = 5400 : bpt = 44823
No of physical cyl
Data sec per track
No of alternate cyl
Pradip Gudale 164

Specifying block nos to format
command...
* Block number as an integer
OR
*Block number in the cylinder/head/sector format
Enter defective block number: 12345
Enter defective block number: 34/2/3
Pradip Gudale 165

Thumb rules for slice sizes
Disk Size Root File System Swap Slice
0 - 180 Mbytes 16 Mbytes 16 Mbytes

180 Mb - 280 Mb 16 Mbytes 32 Mbytes
600 Mb - 1.0 Gb 32 Mbytes 64 Mbytes
1.0 Gb - 2.0 Gb 64 Mbytes 128 Mbytes
More than 2.0 Gb 128 Mbytes 128 Mbytes
Pradip Gudale 166

Analyze and repair a disk
# format
format> analyze
analyze> setup .. Select parameters
Starting block
loop
Stop on first error
Assign alternate block
format> repair Pradip Gudale 167

tips and tricks
Invoke format M to enable extended and
diagnostic messages for using the format
utility with SCSI devices only.
For labeling multiple disks with same

partition table...
# for i in 1 2 3 5
> do
> prtvtoc /dev/rdsk/c2t0d0s0 | fmthard -s -
/dev/rdsk/c2t${i}d0s2
> done
Pradip Gudale 168
FORMAT MENU:
disk select a disk
type select (define) a disk type
partition select (define) a partition table
current describe the current disk
format format and analyze the disk
repair repair a defective sector
label write label to the disk
analyze surface analysis
defect defect list management
backup search for backup labels
verify read and display labels
save save new disk/partition definitions
inquiry show vendor, product and revision
volname set 8character volume name
quit Pradip Gudale 169
PART 1:
INTRODUCTION TO FILE SYSTEM
AND ITS MANAGEMENT
Pradip Gudale 170

Overview of FS
• It’s a collection of files & directories
• structure in the form of file tree
• data structure of a disk slice
Pradip Gudale 171

Types of FS
• Disk based
• Network based
• vertual FS
• Solaris provides virtual file system
architecture……This ficilitates standard
interface to any type of FS
Pradip Gudale 172

Disk based FS
ufs hsfs pcfs udfs

Default ISO9660 Read/wr of On optical
dos media
based on on
formatted
BSD fast CDROm DVD
disks
FS read only
Pradip Gudale 173

Network-based FS
Typically,
network-based file systems reside on one system,
typically a server, and are accessed
by other systems across the network.
NFS
is the only available network-based or
distributed computing file system.
Pradip Gudale 174

Virtual FS
Memory based
most of them do not use disk
space
cachefs and tmpfs do
Pradip Gudale 175

cachefs
Think about What is cache ?

When is that used ?
Pradip Gudale 176

TMPFS
Default FS for /tmp dir

use swap space as backup disk space
*The TMPFS file system can run out of space, just
as a regular file system can fill up.
* Because TMPFS allocates swap space to save file

data (if necessary), some programs might not
execute because there is not enough swap space.
Pradip Gudale 177
Loop back FS
The Loopback File System (LOFS) lets you create a

new virtual file system, so you can access files by
using an alternative path name.
e.g. create / FS under /tmp/newroot
Pradip Gudale 178

procfs
• Resides in memory
• contains list of active processes by process
number
• commands like ps use it
• do not administer or remove files from this
Pradip Gudale 179

Few other virtual FS
FIFOFS (first-in first-out): Named pipe files that give

processes common access to data
FDFS (file descriptors): Provides explicit names for
opening files using file descriptors
NAMEFS: Used mostly by STREAMS for dynamic
mounts of file descriptors on top of files
SPECFS (special): Provides access to character special
and block devices
SWAPFS: File system used by the kernel for swapping
Pradip Gudale 180

FS related commands
clri
fsck df ff Clear fstyp ncheck
inodes
mount
volcopy Lists file names
newfs with inode nos
labelit
List filePradip Gudale

names with statistics 181
How commands decide FS type
• -F option
• match in vfstab entry
• look in /etc/default/fs and /etc/fs/fstypes
entries for local and remote FSs
Note: # man mount

# man mount_ufs
Pradip Gudale 182
Default solaris FSs
• root /: essential files to make system work;
boot programs, kernel, device drivers,
mount points
• /usr: sharable files, library programs, those
that run on specific platform
• /export/home: user’s home directories
• /var: changing/growing files, vi & ex
backup, log files
• /opt: third party application
Pradip Gudale s/w 183
DEFAULT DIRECTORIES UNDER /DEV
/dev/cfg Symbolic links to physical ap_ids

/dev/cua Device files for uucp
/dev/dsk Block disk devices
/dev/fbs Frame buffer device files
/dev/md Logical volume management meta-disk devices
/dev/fd File descriptors
/dev/pts pty slave devices
/dev/rdsk Raw disk devices
/dev/rmt Raw tape devices
/dev/sad Entry points for the STREAMS Administrative Dri
/dev/sound Audio device and audio device control files
/dev/swap Default swap device
/dev/term Serial devices
Pradip Gudale 184
Default directory under /etc
/etc Host-specific sys admin config files &
databases
/etc/acct Accounting configuration information
/etc/cron.d Configuration information for cron
/etc/default Defaults information for various
programs
/etc/dmi Solstice
/etc/dhcp DHCP Enterprise
config files Agents
/etc/fn Federated
configuration files Naming Service and x.500
/etc/dfs Config
support files information for shared file
/etc/fs Binaries
systems organized byFS types for
operations
required before /usr is mounted
/etc/gss Generic Security Service (GSS) Appl
Program
Interface configuration files
Pradip Gudale 185
/etc/inet Configuration files for Internet services

/etc/init.d Scripts for changing between run levels
/etc/lib Dynamic linking libraries
needed when /usr is not available
/etc/llc2 Logical link control (llc2) driver
configuration files
/etc/lp Configuration information for
the printer subsystem
/etc/mail Mail subsystem configuration
information
/etc/net Configuration information for TI
(transport- independent) network services
/etc/nfs NFS server logging configuration
file
/etc/openwin OpenWindows configuration files
/etc/opt Configuration information for
optional packages
/etc/rc0.d Scripts for entering/leaving run 186
Pradip Gudale level
0
/etc/rcS.d Scripts for bringing the system up in single
user mode
/etc/rpcsec This directory may contain a NIS+
authentication
configuration file
/etc/saf Service access facility files (including
FIFOs)
/etc/security Basic Security Module (BSM)
configuration files
/etc/skel Default profile scripts for new user
accounts
/etc/tm Trademark files; contents displayed at
boot time
/etc/uucp uucp configuration
Pradip Gudale
information 187
/export Default directory for users’ home directories, client file
systems, or other shared file systems
/home Default directory or mount point for a user’s home
directory on a standalone system. When AutoFS is
running, you cannot create any new entries in this
directory.
/kernel Directory of platform-independent loadable kernel
modules required as part of the boot process. It includes
the generic part of the core kernel that is platform
independent, /kernel/genunix.
/platform and /usr/platform directory structure.
/mnt Convenient, temporary mount point for file systems
/opt Default directory or mount point for add-on application
packages
/sbin Essential executables used in the booting process and in
manual system failure recovery
/stand Standalone programs Pradip Gudale 188
/tmp Temporary files; cleared during boot sequence
/var Directory for varying files, which usually inclu
temporary, logging, or status files
/var/adm System logging and accounting files
/var/audit Basic Security Module (BSM) audit files
/var/crash Default depository for kernel crash dumps
/var/cron cron’s log file
/var/dmi Solstice Enterprise Agents Desktop Management
Interface (DMI) run time components
/var/dt dtlogin configuration files
/var/ftp FTP server directory
/var/inet IPv6 router state files
/var/log System log files
/var/lp Line printer subsystem logging information
/var/mail Directory where users’ mail is kept
/var/news Community service messages (note: not the same
USENET-style news)
/var/nis NIS+ databases Pradip Gudale 189
/var/nfs NFS server log files
/var/ntp Network Time Protocol (NTP) server state directo
/var/opt Root of a subtree for varying files associated with
software packages
/var/preserve Backup files for vi and ex
/var/run Temporary system files that are not
needed across system reboots. This is a TMPFS-
mounted directory.
/var/sadm Databases maintained by the software
package
management utilities
/var/saf saf (service access facility)
logging and accounting files
/var/spool Directories for spooled temporary files
/var/spool/cron cron and at spool files
/var/spool/locks pooling
Pradip Gudale lock files 190
/var/spool/lp Line printer spool
files
/var/spool/mqueue Mail queued for delivery
/var/spool/pkg Spooled packages
/var/spool/uucp Queued uucp jobs
/var/spool/uucppublic Files deposited by uucp
/var/statmon Network status monitor
files
/var/tmp Directory for
temporary files; not cleared
during boot sequence
/var/uucp uucp log and status files
/var/yp NIS databases (for
backwards compatibility with
NIS and unnecessary Pradip Gudale after full transition
191
to NIS+)
/usr
4lib SunOS 4.1 binary compatibility package libraries
5bin Symbolic link to the /usr/bin directory
X Symbolic link to the /usr/openwin directory
adm Symbolic link to the /var/adm directory
aset Directory for Automated Security Enhancement Tools
(ASET) programs and files
bin Location for standard system commands
ccs C compilation programs and libraries
demo Demo programs and data
dict Symbolic link to the /usr/share/lib/dict directo
which contains the dictionary file used by the UNIX spell
program
dt Directory or mount point for CDE software
games An empty directory, which is a remnant of the SunOS 4.
4.1 software
Pradip Gudale 192
Under /usr
include Header files (for C programs, etc.)
java* Directories containing Java prog and libraries
kernel Additional kernel modules
kvm Implementation architecture-specific
binaries and libraries
lib Various program libraries, architecture-
dependent
databases, and binaries not invoked directly by
the user
local Commands local to a site
mail Symbolic the /var/mail directory
man Symbolic link tolink
the to
/usr/share/man directory
net Directory for network listener services
news Symbolic link to the /var/news directory
oasys Files pertaining to the Form and Menu Language
Pradip Gudale 193
Interpreter (FMLI) execution environment
old Programs that are being phased out
openwin Directory or mount point for OpenWindows S/W
perl5 Perl 5 programs and documentation
platform
preserve Symbolic link to the /var/preserve directory
proc Directory for the proc tools
pub Files for online man page and character
processing
sadm Various files and directories related to sys
admin
sbin Executables for system administration
sbin/static Statically linked version of selected
programs from /usr/bin and /usr/sbin
share Architecture-independent sharable files
share/lib Architecture-independent databases
share/src Source code for kernel, libraries, and utilities
snadm Programs andPradip
libraries
Gudale
related to system and
194
Under /usr
spool Symbolic link to the /var/spool
directory
src Symbolic link to the share/src
directory
tmp Symbolic link to the var/tmp
directory
ucb Berkeley compatibility package
binaries
ucbinclude Berkeley compatibility package header
files
ucblib Berkeley compatibility package
libraries
vmsys Directory
Pradipfor Framed Access
Gudale 195
Command Environment (FACE)
/platform &
/usr/platform Dir
/platform Contains a series of
directories, one per supported
platform that need to reside in the
root (/) file system.
/platform/*/kernel Contains platform-dependent
kernel components, including
the file unix, the core kernel that is
/usr/platform Contains platform-
platform dependent.
dependent objects that do not
need to reside in the root (/).
/usr/platform/*/lib Contains platform-dependent
objects similar to those found in
the /usr/lib /platform/*/sbin Contains
platform-dependent objects Pradip Gudale similar
196
/var/run in Solaris 8
Temporary MEMORY based

FS for systems files not
required across boot
/tmp continues to be
temporary FS for non-system
files Pradip Gudale 197
New in Sol 8
/etc/mnttab now MNTFS read

only. Sync guarunteed.
Earlier it was text-based and
modifiable. Likely out of sync.
Pradip Gudale 198
New in Sol 8
The Solaris 7 11/99 or the Solaris 8 release
UDF FS
the industry-standard format for storing information on the

optical media technology called DVD (Digital Versatile Disc
or Digital Video Disc)
is included in this Solaris release.
Dynamically loadable modules

SUNWudfr — 32–bit kernel component
SUNWudfrx — 64–bit kernel component
Pradip Gudale 199
udf FS management
Display FS parameters
# mkfs -F udfs -m /dev/rdsk/device-name
Create UDF FS
# mkfs -F udfs /dev/rdsk/device-name
Check it is UDF type ..

# fstyp -v /rdev/dsk/device-name
Check its integrity..

# fsck -F udfs /dev/rdsk/device-name
Mount ..
Pradip Gudale 200
# mount -F udfs /dev/dsk/device-name /mount-
swap
• Some disk slices used as swap instead of FS
• used as virtual memory
• plan how much swap space to allocate
Pradip Gudale 201

ufs FS features
• State flags:Show the state of the file system:
clean, stable, active, logging, or unknown.
These flags eliminate unnecessary file system
checks. If the file system is “clean,” “stable,” or
“logging,” file system checks are not run.
• Large FS: Upto 1TB. How do you get this big
slice ?
• Large Files: By default > 2Gb.
How to make it < 2GB ? …. Use “nolargefiles” option
Pradip Gudale 202

What is ufs logging ?
UFS logging is the process of storing

transactions (changes that make up a
complete UFS operation) in a log before the
transactions are applied to the UFS file
system.
Transcations can be applied later

Like journalling in IBM
Pradip Gudale 203
Advantages of ufs logging
• Inconsistent transactions discarded; only
complete transactions applied ensuring
consistent FS and hence no fsck required at
reboot
• reboot is very fast; very useful on large FS
Logging is not by default

enable it using -o logging
Pradip Gudale option to mount 204
Planing ufs FS
• Distribute I/O load. /export/home and swap
across disks
• keep it logical.. Put all project or group
files into one FS
• have root, usr and swap on system disk
• make no more than 2 or 3 FS on others.
Make them roomier. (Less fragmentation
and easy to backup)
Pradip Gudale 205
PART 1:
MOUNTING FS
Pradip Gudale 206

mounting
• root always mounted at boot time
• others mounted and unmounted as required
• you need a mount point
Pradip Gudale 207

Root /
usr /opt
Mount point Unbundled
File system app1

file1
file2
Pradip Gudale 208

mnttab and vfstab
• Reside under /etc
• mnttab tells what is mounted
• vfstab specifies what is to be mounted,
where and required parameters to do that
Pradip Gudale 209

Example mnttab
$ more /etc/mnttab
/dev/dsk/c0t0d0s0 / ufs
rw,intr,largefiles,onerror=panic,suid,de
v=2200000 938557523
/proc /proc proc dev=3180000 938557522
fd /dev/fd fd rw,suid,dev=3240000
938557524
mnttab /etc/mnttab mntfs dev=3340000
938557526
swap /var/run tmpfs dev=1 938557526
swap /tmp tmpfs dev=2 938557529
/dev/dsk/c0t0d0s7 /export/home ufs
Pradip Gudale 210
Example vfstab
$ more /etc/vfstab
#device device mount FS
fsck mount mount
#to mount to fsck point
type pass at boot options
/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 /
ufs 1 no
/proc
/proc proc no

/dev/dsk/c0t0d0s1
Pradip Gudale 211
swap no
NFS features
• File resource on server and others share it;
server maintains list of shared resources
• actual loaction of resource irrelevant to user
• commonly used sharable s/w is accessed
through nfs e.g. man files
• upgradation/change to resource can be
easily managed
Pradip Gudale 212
autofs mounting for NFS
• Client side service in NFS
• resource gets mounted when you access it
• remains mounted as long as you are in it
• gets unmounted when not used for ... Time
• boot time saved
• user need not know root passwd to mount
• n/w trafic reduced
Pradip Gudale 213
autofs serviced by...
• Autofs service … automountd
• can specify alternate server to mount same
FS
• can use NIS, NIS+ or files
• /home is usually auto-mounted
Pradip Gudale 214

cachefs
• Want to improve performance of NFS ?…
• It is a layered FS
• One FS is mounted on another
• It’s a caching mechanism. Good for PPP.
• reduces server and network load.
• client per server ratio goes up
• combine autofs and cachefs to improve
scalability & performance
Pradip Gudale 215
Creating file systems
• Need to create if you add a new disk,
change partiotion structure, restore full from
tapes
• need contiguous formatted cylinders
• use newfs device-name (front-end of mkfs)
Pradip Gudale 216

newfs
# newfs [-N][-b size][-i bytes]

/dev/rdsk/device-name
Tells parameters that would
get passed to mkfs without Block No of bytes
actually creating FS size per inode
Pradip Gudale 217

*Creating tmpfs FS
Do not use newfs ….
# mount -F tmpfs [-o size=number ] swap
mount-point
Note: creating multiple tmpfs has no
benefit… why ?
How will you create tmpfs at boot time ?
Swap /export/test tmpfs
yes Pradip Gudale 218
Creating loop back FS
Do not use newfs

# mount -F lofs loopback-directory mount-
point
How to make it at boot time ?
/ /tmp/newroot lofs
yes Pradip Gudale 219
MOUNTING
FILE SYSTEMS
Pradip Gudale 220

mounting
• mount, mountall [-l|-r]commands
• Inconsistent FS are not mounted
• common options are:
Pradip Gudale 221

Mount options.. -o
bg | fg NFS first attempt fails, retries in the
background (bg) or in the foreground (fg).
hard | soft NFS Specifies the procedure if the
server does not respond. soft indicates that an error
is returned.
hard indicates that the retry request is
continued until the server responds.
The default is hard.
intr | nointr NFS Specifies whether keyboard

interrupts are
delivered to a process that is hung while
waiting forPradip
a response
Gudale on a hard-mounted
222
file system. The default is intr

Mount options.. -o
Log space used from
For ufs FS; 1MB per 1GB;
max 64MB
-o logging default nologging

-o nolargefiles default largefiles
-o noatime default atime
Pradip Gudale 223
-o options …. cntd
Remount All Changes the mount options associated

with an already-mounted file system. This
option can be used with any option except
ro,
retry=n NFS Retries the mount operation when it fails.
n ro | rw All Specifies read/write or
read-only.
The default is read/write.
The default option for HSFS is ro.
suid | nosuid All Allows or disallows setuid
execution.
The default is to allow setuid execution.
Pradip Gudale 224
Entries in vfstab
• Dev to mount : block dev, resource name
or /proc for proc FS type
• dev to fsck : raw device
• mount point : directory
• FS-type : type of file system
• fsck pass: “-” not checked; “0” ufs not
checked; “1” checked one at a time;
”>1” and -o preen then checked parallely
Pradip Gudale 225
Entries in vfstab …. cntd
• Mount at boot : yes/no specifies whether to
mount at boot; “no” for /, /usr,/var,/proc and
/dev/fd. These get mounted by other method
and not by mountall command
• mount options: “-” or comma separated list
Pradip Gudale 226

Remounting without large files
option
When you mount a file system, the largefiles option
is selected by default,
which enables you to create files larger than 2 Gbytes.
Once a file system contains large files, you cannot
remount the file system with the nolargefiles
option or mount it on a system running Solaris 2.6 or
compatible versions, until you remove any large files
and run fsck to reset the state to nolargefiles.
Pradip Gudale 227

How do you find files > 2GB ?
# cd mount-point
# find . -xdev -size +20000000 -exec
ls -l {} \;
Pradip Gudale 228

Mounting NFS File System
# mount -F nfs [-o mount-options] server:/directory

mount-pt
Pradip Gudale 229

Mounting pcfs (DOS) FS
# mount -F pcfs [-o rw | ro] /dev/dsk/device-

name:logical-drive mount-point
Dos logical drive letter or

Device name of whole disk
number c to z or 1 to 24
/dev/dsk/c0t0d0p0
c or 1 : primary DOS slice
rest : extended DOS slice
Pradip Gudale 230
unmounting FS
• umount or umountall
• you must be superuser
• FS must be available for unmounting
• FS must not be busy or in use :
Changing to a directory in a different file system.
Logging out of the system.
Using the fuser command to list all processes
accessing the file system and to stop them if
necessary. # fuser -c [-u] [-k] mount-point
Unsharing the file system
Pradip Gudale 231
PART 1:
File System
structure
Pradip Gudale 232

File system
Disk
Disk slice
Cylinder groups
Addressable
blocks
UFS has 4 types
Pradip Gudale 233
Ufs blocks
• Boot block : info for booting; only in first
cylinder group;cyl 0; 8k size
• super block : info on file system
• inodes : info on file
• data block : data inside the file
Pradip Gudale 234

superblock
Replicated in each cylinder group
* Size and status of the file system
* Label (file system name and volume name)
* Size of the file system logical block
* Date and time of the last update
* Cylinder group size
* Number of data blocks in a cylinder group
* Summary data block
* File system state: clean, stable, or active
* Path name of the last mount point
A summary information block is kept with the superblock.
It is not replicated. Records
Pradipchanges
Gudale as FS is used. 235
inode
Keeps all info on file except its name. 128 Bytes
The type of the file (regular.dir,char, block,link,fifo,socket)
The mode of the file (the set of read-write-execute permissions)
The number of hard links to the file
The user ID of the owner of the file
The group ID to which the file belongs
The number of bytes in the file
An array of 15 disk-block addresses
The date and time the file was last accessed
The date and time the file was last modified
The date and time the file was created
Array of 15 addresses Pradip Gudale 236
Type of file
Inode contents
uid
No of bytes Direct pointer to data block
8k data block
8k data block
12 direct
pointers 8k data block
8k data block
Indirect pointer
2k pointers
Double indirect pointer

Pradip Gudale 237
Triple indirect pointer
Data blocks
• Rest of the space allocated to data blocks
• block size decided at FS creation time
• default is 8k
• fragmentation is 1k
• blocks contain data for file
• blocks contain files names & their inode
number in a directory
Pradip Gudale 238
Cylinder group 0 Cylinder group 1
Bootblock (8 Kbytes)
Storage Blocks
Superblock
Cylinder Group Map Superblock
Inodes
Cylinder Group Map
Storage Blocks
Inodes
Storage Blocks
Pradip Gudale 239

FS parameters
• Block size: logical that kernel uses (physical
that disk controller uses is 512 bytes)
• Fragment size
• Minimum free space
• Rotational delay
• Optimization type
• Number of files
Pradip Gudale 240

“block size”
What should I consider while deciding

block size ?
How does it impact ?
Do I want to increase efficiency ?.. And I
don’t care much for disk space
Do I have many small files in my FS ?
Pradip Gudale 241
Fragment size
• Smaller than block-size is allocated during
file expansion
• trade of between time and space
• decide based on number & size of files
Pradip Gudale 242

“Minimum free space”
• Kept aside in reserve (1% to 10%)
• As users go on consuming FS space, ufs
efficiency goes down; df reports available
space excluding reserve
• only superuser can use reserve space
When will df report more than 100% usage ?
What command to use to change free space value ?
Pradip Gudale ….tunefs 243
Rotational delay
• Principle: knowing CPU data transfer speed
and disk rotational speed, block allocation
routine can place next block address to
block just coming under the head & ready
for read/write
• Not very useful in modern disk with cache
Pradip Gudale 244

Number of files
• Depends on number of inodes… Why ?
• You can specify number of bytes per inode
(i.e number of bytes per file and not number
of bytes required to store inode info)
• FS size/bytes per inode gives no of files
Conventional defaults
FS Less than or equal to 1 Gbyte 2048
FS Less than 2 Gbytes 4096
FS Less than 3 Gbytes 6144
FS 3 Gbytes or greater
Pradip Gudale 8192 245
Creating FS
newfs [Nv] [mkfs_options] raw_device
-s size
-t ntrack Tracks per cyl
-b bsize
-f fragsize
-c cgsize Cylinder per cyl group
-m free
..etc see man page
Pradip Gudale 246
PART 1:
FSCK
Pradip Gudale 247

File system integrity
• It is the consistency and integrity of internal
tables of FS. This is lost if
Sudden power failure
accidental unplugging of system
system crash
improper shutdown
Pradip Gudale 248

Principle behind fsck
• Uses redundant information available across
various tables in the FS
• Goes through superblock, inodes and data
blocks
• runs in phases -- means reads tables
multiple number of times
• salvages as far as possible
• ever noticed lost+found directory under
Pradip Gudale 249
newly created directory ?
Probable recovery..
The fsck program places files and directories that

are allocated but unreferenced in the lost+found
directory.
The inode number of each file is assigned as the

name.
Pradip Gudale 250

FS state flag
• Stored in super block
• flag checked by /sbin/rcS while booting
• flag checked by fsck when run
• Flags FSACTIVE: mounted & modified
FSBAD : / mounted when state not
FSCLEAN/FSSTABLE
FSCLEAN: mounted properly
FSSTABLE:mounted & unmodified
FSLOG: mounted with logging
Pradip Gudale 251
How fsck tries to salvage
• Due to buffering in memory FS state on
disk always lags behind that in core
• written to disk when buffer is required or
kernel runs fsflush periodically
• fsck reads summary info in superblock--FS
size, no of inodes, free blocks count and
free inode count
• checks free block map. Cross checks that
free blocks are notPradip
claimed
Gudale
ny files 252
Salvage……. cntd
• No of free + no claimed by inodes=total blk
• count of free inodes in summary=actual free
inodes ?.. NO.. Modify summary info
• link count in inode..
No directory entry exists for that inode
no although inode contains valid info.
Put file in lost+found
• Duplicate blocks: data block claimed by
inodes of two filesPradip Gudale 253
Sample fsck output..
# fsck /dev/rdsk/c0t0d0s7
** /dev/rdsk/c0t0d0s7
** Last Mounted on /export/home
** Phase 1 Check Blocks and Sizes
** Phase 2 Check Pathnames
** Phase 3 Check Connectivity
** Phase 4 Check Reference Counts
** Phase 5 Check Cyl groups
2 files, 9 used, 2833540 free (20 frags,
354190 blocks, 0.0% fragmentation)
Number of Number of
No of frags % frag
unused unused full
No of fragments blocks
Pradip Gudale 254
inodes
How to see if FS need checking..
# fsck -m /dev/rdsk/c0t0d0s6
** /dev/rdsk/c0t0d0s6
ufs fsck: sanity check:
/dev/rdsk/c0t0d0s6 needs checking
To check FS interactively….
#fsck
Pradip Gudale 255

Preening ufs file system
The preen option to fsck (fsck o p) checks

UFS file systems and automatically fixes the simple
problems that normally result from an unexpected
system shutdown.
It exits immediately if it encounters a problem that

requires operator intervention.
The preen option also permits parallel checking of

file systems.
Pradip Gudale 256
How to restore superblock
Find back-up superblock

# newfs -N /dev/rdsk/device-name
run fsck with another superblock

# fsck -F ufs -o b=block-number
/dev/rdsk/dev-name
Pradip Gudale 257

Fixing that fsck could not..
• Run fsck multiple times
• carefully read error messages and act
• use fsdb, clri, ff, ncheck etc…. See man
• if could not fully recover try mounting read
only and retrieve data
Pradip Gudale 258

PART 1:
BACKUP & RESTORE
Pradip Gudale 259

*Why do you need backup ?
• System crashes
• accidental deletion
• natural disaster
• hardware failures
• mistakes in installation or upgrade
Pradip Gudale 260

Backup methods
• Backup file systems : ufsdump
• backup NIS+ server : nisbackup
• backup all on N/W from server : solstice
backup s/w
• backup/list files : cpio, tar, pax
• backup as raw dump : dd
Pradip Gudale 261

Backup devices
• 1/2-inch reel tape 140 Mbytes (6250 bpi)
• 2.5-Gb 1/4 inch cartridge (QIC) tape 2.5 GB
• DDS3 4-mm cartridge tape (DAT) 12 - 24 GB
• 14-Gbyte 8-mm cartridge tape 14 Gbytes
• DLT 7000 1/2-inch cartridge tape 35 - 70 GB
Pradip Gudale 262

How do you decide what to
backup ?
• Don’t need to backup full everytime
• monitor what FSs change often
• which are critical FSs
so… /export/home must be backed-up
regularly, whereas /usr need not be
and /var although changing need
not be backed-up very frequently.
Pradip Gudale 263

What all you can do with
ufsdump
• Take backup of full FS on local or remote
tape device
• Take incremental backup (those that have
changed since previous backup)
• Backup groups of systems (remote shell)
• Automate backup (use crontab)
Pradip Gudale 264

Dump level concept
• This is the number between 0 and 9
• 0 is full backup
• no specific meaning to level number.
Meaning is attached when looked at in
relation to other level.
• 1-9 specify hierarchy of incremental backup
• dump levels are specified in ufsdump
command
Pradip Gudale 265
Dump level usage
Monthly Monday Tuesday Wednesday Thursday
Friday
0 9 9 9
9 5
Incremental Backup: Daily Cumulative
Pradip Gudale 266

How this scheme looks
9(Mon) 9 9 9 5(Fri)
Wk 1 ab abc abcd abcde abcdef
Wk 2 g gh ghI ghij a b c d e f g h i jk
In this scheme …
How many tapes will be required?
What tapes are required to restore ?
Pradip Gudale 267
Answers..
With this schedule, you need six tapes (if you want
to reuse daily tapes), or nine tapes (if you want to
use four different daily tapes): one for the level 0,
four for the Fridays, and one or four daily tapes.
If you need to restore a complete file system, you

will need the following tapes: the level 0, the most
recent Friday tape, and the most recent daily tape
since the last Friday tape (if any).
Pradip Gudale 268

Dump level usage
Monthly Monday Tuesday Wednesday Thursday
Friday
0 3 4 5
6 2
Incremental Backup: Daily Discrete (incremental)

Pradip Gudale 269
Daily cumulative, weekly incremental
Floating Mon Tues Wed Thurs Fri
1st of Month 0
Week 1 9 9 9 9 3
Week 2 9 9 9 9 4
Week 3 9 9 9 9 5
Week 4 9 9 9 9 6
Week 1 ab abc abcd abcde abcdef

Week 2 g gh ghI ghij ghijk
To restore you need level 0, all Friday & most

recent daily tape Pradip Gudale 270
Daily incremental, weekly cumulative
Floating Mon Tues Wed Thurs Fri
1st of Month 0
Week 1 3 4 5 6 2
Week 2 3 4 5 6 2
Week 3 3 4 5 6 2
Week 4 3 4 5 6 2
Week 1 ab cd e f abcdef
Week 2 gh i jk lm abcdefghijklm
To restore you need level 0, recent Friday & all

daily tapes Pradip Gudale 271
Taking backup
• Keep tape drive ready
• decide on file systems- use mount command
• find number of tapes required
# ufsdump S filesystem
gives you bytes. Calculate tapes required.
• Become superuser and bring system to
single user mode
Pradip Gudale 272

usdump command examples
• #ufsdump 0ucf /dev/rmt/0 /
• #ufsdump 9ucf /dev/rmt/0
/export/home
• #ufsdump 0ucf pluto:/dev/rmt/0
/export/home
Update Dump file (tape)
/etc/dumpdates
Verify using #ufsrestore tf /dev/rmt/0

Pradip Gudale 273
ufsrestore
• The ufsrestore command copies
files to disk, relative to the current
working directory, from backups created
using the ufsdump command.
• Can restore individual files
• when run from root restore with original
ownerships and permissions
Pradip Gudale 274

Relative to current working
directory….. explanation
files backed up from the /export/doc/books
directory (where /export is the file system),
would be saved relative to /export. In other
words, the book1 file in the docs directory
would be saved as ./doc/books/book1 on
the tape.
Later on, if you restored the

./doc/books/book1 file to the /var/tmp
directory, the file would be restored to
Pradip Gudale 275
/var/tmp/doc/books/book1.
note
Note - Do not restore files in the /tmp

directory even temporarily. The /tmp directory
is usually mounted as a TMPFS file system and
TMPFS does not support UFS file system
attributes such as ACLs.
Pradip Gudale 276

ufsrestore
• # ufsrestore ta archive-name
./path/filename
• # ufsrestore tf device-name
./path/filename
• the above two check to see if filename
exists on backed-up media; first using
online archive and second using tape
contents
Pradip Gudale 277
Running ufsrestore interactively
• # ufsrestore if /dev/rmt/n
• ufsrestore> ls directory
• ufsrestore> cd directory-name
• ufsrestore> add filename1 filename2
• ufsrestore> delete filename
• ufsrestore> verbose
• ufsrestore> extract
• Specify next volume #: 1
• ufsrestore> quit
Pradip Gudale 278
Restoring specific file not
interactively
# ufsrestore xvf /dev/rmt/n
filename …
Specify next volume #: 1
(giving vol no)
set owner/mode for ’.’? [yn] n
(to keep mode of current
directory unchanged)
Pradip Gudale 279
Restoring complete File System
• # umount /dev/rdsk/device-name
• # newfs /dev/rdsk/device-name
• # mount /dev/dsk/device-name /mnt
• # cd /mnt
• # ufsrestore rvf /dev/rmt/n (use
levels..starting with 0 and going up)
• # rm restoresymtable
• # cd /; unmount /mnt;
• # ufsdump 0uf /dev/rmt/n
/dev/rdsk/device-namePradip Gudale 280
“What more you need to do to
restore root / and /usr”
• Boot from cdrom (as you don’t have os disk)
• restore root file system from tape as for any
other file system
• install boot block
# installboot
/usr/platform/‘uname-i‘
/lib/fs/ufs/bootblk
/dev/rdsk/devicename
Pradip Gudale 281
How ufsdump works..
• Makes two passes
• In first pass it scans through raw device and
builds directory & file structure in memory;
writes table to tape
in-core stuff may get skipped in active FS
• In second pass goes through inode numbers
in order & writes data to tape
• Neither free blocks nor slice image gets
backed-up Pradip Gudale 282
/etc/dumpdates role
• Each line in /etc/dumpdates shows
the file system backed up, the level of
the last backup, and the day, date, and
time of the backup.
• /dev/rdsk/c0t0d0s0 9 Tue Jul 13
10:58:12 2001 /dev/rdsk/c0t0d0s0
0 Tue Jul 13 10:46:09 2001
• during incremental backup
ufsdump consults this to find
Pradip Gudale 283
date of most recent backup of
Ufsdump command format
/usr/sbin/ufsdump [options][arguments] files-
to-back-up
0-9,a,b,c,d,D,f,s,u,v
destination
archive To diskette
Tape density
To cartridge
No of 512 byte blocks

Pradip Gudale 284
at a time
Ufsrestore command format
ufsrestore
[options][arguments][filename …]
i,r,R,x,t
table
extract
Resume restoring; restarts from checkpoint when full
restore interrupted
recursive
interactive Pradip Gudale 285

Other ways to take backup
• Want to take full FS backups..& restore ?
-- ufsdump more suitable
• Want to take selective backup..? Or transfer
files between systems..?
-- tar,cpio,pax suitable
• Want to do disk to disk copy..?
-- dd is more suitable
• Want to copy on diskette..?
-- tar would do the job
Pradip Gudale 286
Type & characteristics
Command FS boundries Multi-Volume Type
volcopy Yes Yes
Physical
tar No No
Logical
cpio No Yes
Logical
pax Yes Yes
Logical
dd Yes No
Physical Pradip Gudale 287
ufsdump/ Yes Yes
dd
• $ dd < /floppy/floppy0 >
/tmp/output.file 2400+0
records in
2400+0 records out
• …so you can specify dev names
for stdin & stdout
• $ dd if=input-file of=output-file
bs=nnK
Write a command to clone a full system
disk & boot from it
Pradip Gudale 288
d if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=12
sck /dev/rdsk/c0t2d0s2
mount /dev/dsk/c0t2d0s2 /mnt
d /mnt/etc
i vfstab
dify entries for the new disk)
d/
mount /mnt
nit 0
oot disk2 -s
ys-unconfig
oot disk2
Notice : intallboot not required. Why ?

Pradip Gudale 289
cpio
• Archiving program
• copies list of files into single large output
file
• inserts headers between files to facilitate
restoration
• can copy to other slice or media
• can detect End-Of-Media & prompts to
insert next media
Pradip Gudale 290
Exapmle copying from one FS to another
# find . -print -depth | cpio -updm

filesystem2 Sets modification
times
lists
Descends directory
Creates directories
Unconditional
older will replace newer
Pradip Gudale 291

Copying to tapes
• Use either cpio, tar or pax .. Depends on precision
& flexibility you want
• all use raw device. (You don’t make FS on tapes !)
• pax: better portability on POSIX compliant sys
• tar:available on most unix systems,No multi-vol
• cpio:packs data more efficiently; skips over bad
spots on tape while restoring; option for different
header formats (tar,crc,odc,bar),multi-vol
Pradip Gudale 292

tar
• tar with -c destroys current data on tape
• can use * or ? As wildcards while backup
• cannot use wildcards while extracting
• $ tar cvf /dev/rmt/0 reports
(reports is dir) a reports/ 0
tape blocks a
reports/reportA 59 tape blocks
a reports/reportB 61 tape
blocks a
reports/reportC 63 tape blocks
Pradip Gudale 293
pax
• $ pax -w -f /dev/rmt/0 filename …
Enable write mode
$ pax -f /dev/rmt/0 (verifies files on tape

filea fileb filec
Pradip Gudale 294

Copying all files with cpio
$ ls | cpio -oc > /dev/rmt/n
Copy-out mode Header in ASCII character
Pradip Gudale 295

Restoring with cpio
Listing files on tape
$ cpio -civt < /dev/rmt/n
Restoring all files from tape
in current dir
$ cpio -icvd <directories
Creates /dev/rmt/nas required
$ cpio -icv "*file" < /dev/rmt/n

Pradip Gudale 296
Restoring specific file
How to take back-up on remote tape
• Take care of permissions to use tape on

other machine. Your hostname and
username should be entitled to do the job
• use commands that work on stdin and
stdout
• connect them properly
Pradip Gudale 297

Backup on remote tape...
Check appropriate permissions
$ rsh remotehost echo test
if successful…
$ tar cf - files | rsh remotehost dd
of=/dev/rmt/n obs=blocksize
to extract…
$ rsh remotehost dd if=/dev/rmt/n | tar
xvBpf - Pradip Gudale 298
Copying to diskette
• Insert formatted diskette in writable mode
• $ volcheck
• $ fdformat -U
/vol/dev/aliases/floppy0
• $ tar cvf
/vol/dev/rdiskette0/unlabeled
filename …
• $ tar tvf
Pradip Gudale 299
/vol/dev/rdiskette0/unlabeled
Copying files with different headers
• When do you have to do this ?

e.g. Sol 8 cpio archive may not be
compatible with earlier SunOS. So create
archive with different header
• $ cpio -oH odc < file-list >
/dev/rmt/n odc is ASCII
header with small device number
Pradip Gudale 300
Cpio -H [tar,odc,bar,crc,ustar]
• While restoring use same -H option as that
used while archiving
• $ find . -print | cpio -oH tar >
/tmp/test 113 blocks
• $ cpio -iH bar < /tmp/test
• write command syntax on
media label
Pradip Gudale 301
Tape media names
/dev/rmt/XAbn
X is Drive number 0 1 2 3 4 n etc
Optional l m h
u c
Density low medium high ultra
compressed
“b” Berkeley (SunOS 4.x) Compatibility

Pradip Gudale 302
“n” Optional No-rewind
Tape drive commands
• # mt -f /dev/rmt/n status
Archive QIC150 tape
drive:sense key(0x0)= No
Additional Sense residual= 0
retries= 0 file no= 0 block
no= 0
• $ mt -f /dev/rmt/n retension |
rewind
Pradip Gudale 303
PART 1:
PRINTER ADMINISTRATION
Pradip Gudale 304

What are the ways..
GUI N/W manages uses NIS
printers serv & clien NIS+
Solaris Print Manager
Solaris 8 and Solaris
Easy Access
Server 3.0 Yes Yes Yes Yes
Admintool Solaris 8 &
compatible versions Yes No Yes No
LP commands
Solaris 8 & compatible
versions No Yes Yes
Yes
Pradip Gudale 305
LP print Service
• Set of s/w utilities that allow users to print
jobs while they work
• Earlier called LP spooler (system peripheral
operation offline)
• LP print service includes S/W, spooler,
filters and h/w associated with printer
Pradip Gudale 306

Network printer
• H/w device directly connected to network
• device has its own name & IP address
• print jobs are transferred across network
• driver support expected from vendor
• Sun provides generic drivers. Good enough
but they don’t exploit all capabilities of the
printer
Pradip Gudale 307
Admin tasks for printers
• Setup server & clients for printing
• Deleting a printer and remote printer
access
• Checking the status of printers
• Restarting the print scheduler
Pradip Gudale 308

Print process
• 1. A user submits a print request from a print client.
• 2. The print command checks a hierarchy of print
configuration resources to determine where to
send the print request.
• 3. The print command sends the print request directly
to the appropriate print server. A print server can be
any server that accepts BSD printing protocol,
• 4. The print server sends the print request to the
appropriate printer.
• 5. The print request is printed.
Pradip Gudale 309

Heirarchy of print config
resources
• Command line option lp -d
• A user’s LPDEST or PRINTER variables
• The _default variable in the sources
configured for the printers database in the
/etc/nsswitch.conf file
• The $HOME/.printers file for users
• The local /etc/printers.conf file for the
NIS name service
• The printers.org_dir table for the NIS+
Pradip Gudale 310
name service
How users specify printer on
command line
• Three ways (1) atomic (2)POSIX and
(3) context based as in FNS
• lp -d hp660c filename
• lpr -P galaxy:neptune filename
• lpr -d
finance/wages/printer/modi410
filename
Pradip Gudale 311
Print server
• a system that has a local printer
connected to it and makes the printer
available to other systems on the
netwok
• schedules & controls print jobs
• They use BSD print protocol : Industry
standard and widely used
• server & client can have different
versions of OS Pradip Gudale 312
Spooling
• Spooling space is a disk space to store print
jobs in a queue
• They are stored in /var/spool/lp
• Better if /var is separate FS. Can be
mounted locally on print server or remotely
from file server
• 30Mb for small (text messages) print jobs
and upto 600Mb for bit map big jobs
Pradip Gudale 313
Overview of printing-setup
• Setup printer name, definition, port
• Selecting a printer type and file content type
• Setting up fault notification and default printer
destination
• Determining whether you want to print banner
pages or limit user access to a printer
• Setting up printer classes and fault recovery
Pradip Gudale 314

lpadmin command
• lpadmin allows you to do all the tasks
• printer manager allows you to do most tasks
and some with limited functionality… tasks
like file content, fault notification, banner
printing and user access control and some
like printer class and fault recovery you
cannot.
Pradip Gudale 315

lpadmin
• Basic command is lpadmin -p printer-name
• lpadmin -p hp400tn -D “lasrjet” to add
description
• lpstat -D -p hp400tn to find out description
• lpadmin -p .. -v port-no
/dev/term/a or /dev/term/b
Pradip Gudale 316

For intel platforms
• Only first port is enabled by default.. So..
• For additional port you need to edit device
driver configuration files of additional
ports…(serial & parallel)
• /platform/i86pc/kernel/drv/as
y.conf
• /platform/i86pc/kernel/drv/lp
.conf
Pradip Gudale 317
Printer type
• The printer type is a generic name for a
type of printer. It identifies the
terminfo database entry that
contains various control sequences for
the printer.
• specify the printer type by using the
lpadmin T command
• For a local PostScript printer, use a printer
type of either PostScript (PS) or Reverse
Pradip Gudale 318
PostScript (PSR).
terminfo
• /usr/share/lib/terminfo :
printer capabilities and
initialization control data
for each printer
• cd /usr/share/lib/terminfo/e
• ls
• $ ls
• emots ep2500+high ergo4000
Pradip Gudale 319
File content type & print filters
• File content type tells print service type
of file contents that gets printed directly
without requiring modification
• Print filters convert the content type of a
file to a content type that is acceptable
to the destination printer.
• specify the file content type for a printer
by using the lpadmin I
e.g. lpadmin p .. I
Pradip Gudale 320
Solaris print manager
• You need bit mapped display
• running X-windows or CDE
• run it from CDE workspace menu OR
• #
/usr/sadm/admin/bin/printmgr
& pkg SUNWppm must be
installed
Pradip Gudale 321
Adding through lpadmin..example
# chown lp /dev/term/b
# chmod 600 /dev/term/b On server
# lpadmin -p luna -v /dev/term/b
# lpadmin -p luna -T PS -I postscript
# lpadmin -p luna -D “training-lab-ps”
# accept luna
destination ‘‘luna’’ now accepting
requests
# enable luna
printer ‘‘luna’’ now enabled
# lpstat -p luna
printer luna is idle. enabled since Jul 12
Pradip Gudale 322
11:17 20019. available.
Adding access to printer
On client
# lpadmin -p luna -s saturn
Printer server
# lpadmin -p luna -D ”training-lab-ps"
name
# lpadmin -d luna
Makes it default
# lpstat -p luna
printer luna is idle. enabled since Jul 12
11:17 2001. available.
Pradip Gudale 323

*Adding network printer
• Although printer not connected to any M/C
it is necessary to define & configure print
server….. WHY ?
The print server provides queuing capabilities,
filtering, and printing administration for the
network printer.
Pradip Gudale 324

Network printer : few terms
• Print server
• printer host : s/w & h/w that makes non-
network printers “Network Printers”
• printer node : printer itself if it is built-in
N/W printer. Printer host if that is external
box; Unique node name and IP address
• printer name: name entered on command
line. Selected by sys sdmin while installing;
one printer can have many names.
Pradip Gudale 325
N/W printer
invoking s/w support
• The software support for network
printers is called through the interface
script. Netstandard
• lpadmin p pr_name m
netstandard
• lpadmin p pr_name o
protocol=bsd | tcp
• Now printer subsystem needs
Node name Port number 326
access name Pradip Gudale
N/W printer : lpadmin
• # lpadmin -p printer-name -v
/dev/null -m netstandard
-o dest=pn1:9100,
protocol=tcp, timeout=value
No of seconds to wait between
attempting connection
# lpadmin -p printer-name -I content-type -T printer-

type
#accept printer-name
Pradip Gudale 327
#enable printer-name
Managing Printers
AND
print Schedulers
Pradip Gudale 328

Deleting printer
• Do it on both server and client
• print-client# lpadmin -x printer-name
• print-client# lpsystem -r print-server
this deletes info about print-server
also.
• print-server# reject printer-name
• print-server# disable printer-name
• print-server# lpadmin
Pradip Gudale
-x printer- 329
name
Checking printer status
$ lpstat [-d][-p printer-name [-D][-l]]
[-t]
Shows default Shows
characteristics
Shows status of print service
Pradip Gudale 330

Example.. lpstat -t
$ lpstat -p luna -l
printer luna is idle. enabled since Mon Jul
12 15:02:32 ...
Form mounted:
Content types: postscript
Printer types: PS
Description:
Connection: direct
Interface: /usr/lib/lp/model/standard
After fault: continue
Users allowed: (all)
Forms allowed: (none)
Banner not required
Character sets:
Default pitch: Pradip Gudale 331
Default page size: 80 wide 66 long
lpscheduler
• Check if it is running.. Login as root OR lp
• # lpstat -r
• # /usr/lib/lp/lpshut … to stop
scheduler
• # /usr/lib/lp/lpsched … to start
scheduler
Pradip Gudale 332

Banner pages
• Gets printed for every job
• helps identify print-job
• prints who-submitted, request-ID and
time-it-got-printed
• can have modifiable title
• Not desirable if few users & small printouts
OR using special forms like pay-cheques
Pradip Gudale 333
Banner printing control
• Both lpadmin and lp commands take
banner printing related parameters
• lpadmin -p pr1 On by default; can be disabled in lp
[-o banner=always | optional | never ]
applies to printer
• lp -o nobanner applies to the job
ignored for regular user; Honored for
root or lp user and overrides lpadmin -o
banner OR lpadmin Pradip-o banner=always
Gudale 334
banner
• Banner setting is stored in
/etc/lp/printers/pr-
name/configuration file.
• Check this using
lpstat -p pr-name -l
Pradip Gudale 335

Printer classes
• Print service enables you to group various
printers into a class
• can be done only by lpadmin -c
• Once set-up users can specify printer
class instead of printer for print jobs
• The first free printer in the class is used
resulting in better turnaround; checked
in order in which they were put in a class
• make classes based on location or type
Pradip Gudale 336
Defining class
• # lpadmin -p pr-name -c printer-
class
• gets added at the end of list in the class
/etc/lp/classes/printer-class
in the file
• $ lpstat
To see -c what are the printers in a class
printer-class
Pradip Gudale 337

Printer fault notification
• Print service can notify in different ways
when print operation encounters problems
• Write a message to the terminal on which
root is logged in
• Electronic mail to root
• No notification
• Can be configured by lpadmin OR Print
Manager
Also allows to get msg from program of your choice; allows
disabling fault notificationPradip
forGudale
known problem 338
Fault notification: lpadmin -A
• ’mail [user-name]’
• ’write [user-name]’
• ’command’ (run the command)
• quiet (stop alert unitl fault is fixed)
• none ( do not send any
alerts)
Alert settings are entered in
/etc/lp/printers/printer-name/alert.sh
Pradip Gudale 339
Fault Recovery
• You can define the fault recovery options for a printer
only by using the lpadmin F command. This task
is not available in Solaris Print Manager.
• After fixing the fault active print request begins
printing…
..from beginning of the job
..from top of page where stopped
..from top of page where stopped after you
enable the printer Both require filter
• lpadmin -F beginning | continue | wait
Recovery settings go in /etc/lp/printers/pr-
Pradip Gudale 340
name/configuration file.
Access control
• Can prevent some users from accessing
some printers
• make allow and deny lists using lpadmin -u
• with print manager you can make only
allow list
• # lpadmin -p printer-name -u
allow:user-list [ deny:user-list]
• /etc/lp/printers/printer-
name/users.allow Pradip Gudale 341
Managing print requests
• Get status
• cancel jobs
• change priorities
• Login to server and use lp commands
• $ lpstat -o [printerlist] | -u
[user-list]
• lp -i This
request-id
changes-H hold | resume | immediate
priority
Pradip Gudale 342
priority
• You can also change priority relatively
using lp -q command
• # lp -i request-id -q 3
0 to 39
0 top priority
39 lowest priority
Pradip Gudale 343
Managing filters
• Filters are programs that convert one typoe
of file to another
• programs that manage double sided or
landscape printing, draft & letter quality
• detect printer faults and notify print service
• LP print service provides postscript filters
and are loacted/usr/lib/lp/postscript directory.
in
Pradip Gudale 344
filters
• lpfilter command used to manage list of
available filters
• filter descriptors are in /etc/lp/fd
directory.
• Filters themselves are in
/usr/lib/lp.
/etc/lp/filter.table file.
• System information about filters is
stored in
Your chosen name Definition name in /etc/lp/fd
• # lpfilter -f daisytroff -F
Pradip Gudale 345
What do
enable/disable
accept/rejet
do ?
enable/disable : start or stop printing of jobs
that are in queue
accept/reject : start or stop accepting jobs for

queuing
These two are different and independent operations
Pradip Gudale 346
Canceling print request
• By request Id
• For specific user on any or specified printer
• The one currently being printed
• You can cancel provided if its your print-
job or if you are superuser or lp
• $ cancel request-id | printer-name
• $ cancel -u user-list [printer-name]
Pradip Gudale 347
Moving print requests
• If you want to take the printer out of service
• move requests to different printer having
similar capabilities
• print request IDs remain same
• first check if destination printer is accepting
requests…# lpstat -p prn2
• move requests.. # lpmove prn1 prn2
this stops acceptance of new
Pradip Gudale 348
requests on prn1 automatically.
Print port characteristics
• Print service sets defaults for printer ports
like….
• −9600 Set baud to 9600
∀ −cs8 Set 8-bit bytes
∀ −cstopb Send one stop bit per byte
∀ −parity Do not generate parity
∀ −ixon Enable XON/XOFF
∀ −olcuc Do not map lowercase to uppercase
∀ −onlcr Change line feed to carriage return/line feed
Pradip Gudale 349
Port characteristics
• You can change if defaults not suitable
• use stty to display and set characteristics
• # lpadmin -p prn -o
"stty=options”
• # lpadmin -p luna -o
"stty=’parenb parodd cs7’”
• # lpadmin -p venus -o
"stty=19200"
Pradip Gudale 350
Print service directories
/usr/bin The LP print service user
commands
/etc/lp A hierarchy of LP server
configuration files
/usr/share/lib The terminfo database directory
/usr/sbin The LP print service administrative
commands
/usr/lib/lp The LP daemons; directories for
binary files and PostScript filters; and the
model directory (which contains the
standard printer interface program)
/var/lp/logs The logs for LP activities: lpsched.n
– Messages fromlpsched and requests.n –
Information about completed print requests
/var/spool/lp The spooling directory where files are
Pradip Gudale 351
queued for printing
/usr/lib/lp directory
• bin : Contains files for generating
printing alerts, queue management prog
• lpsched : schedular daemon
• model : standard interface programs
• postscript : contains all postscript
interface programs
Pradip Gudale 352

How print service works
• Print scheduler on print server is started in
/etc/rc2.d/S801p
• scheduler lpsched updates print config
files, queues jobs, tracks printer status
• print client communicates directly with a
print sever over the network.
• Print servers listen for print request with the
Internet services daemon (inetd).
• inetd starts a program “protocol adaptor”
Pradip Gudale 353
(in.lpd) --communicates with spooler
What the Printer Interface
Program Does
• Initialize the printer port --use stty
• Initialize the printer -- use terminfo
• Print a banner page, if necessary.
• Print the correct number of copies
specified by the print request.
Standard interface program is found in

/usr/lib/lp/model
Pradip Gudale 354
PART 1:
SYSTEM SECURITY
Pradip Gudale 355

Security Aspects
• Maintaining physical site security (don’t leave
logged-in terminal unattended)
• Maintaining login control (password must)
• Restricting access to data in files -permission
• Maintaining network control
• Monitoring system usage (mormal load ..?)
• Setting PATH variable correctly (trojan horse
• Securing files (use ACLs and care setuids)
• Installing a firewall
• Reporting securityPradip
problems
Gudale 356
Firewall or Secured Gateway
• Dedicated system separating two networks
• each appoaches another as Untrusted
• also useful between two internal networks ..
Will not send packet unless origin or
destination address is of Gateway system
• packets of specific protocol only can be
allowed to be forwarded-- say mail and not
of telnet or rlogin
Pradip Gudale 357
firewall
• System should not have any trusted hosts
• everyone must be made to type password
• it acts as a passage as well as barrier
• it makes internal user to log-in to gateway
system before he can send packets to
outside N/W and also external user to login
before he can reach internal N/W
Pradip Gudale 358
File related commands
• ls
• chown
• chgrp
• chmod
Pradip Gudale 359

ACL
• Traditional Unix allows permissions setting
to owner, group and others
• ACL allows greater & finer control…
you can set permissions for all above &
for specific users and groups and default
permissions to each of these
• setfacl & getfacl
Pradip Gudale 360

Special logins
• root 0 Has almost no restrictions and overrides all
other logins, protections, and permissions. The root
account has access to the entire system.
• daemon 1 Controls background processing.
• bin 2 Owns some of the Solaris commands.
• sys 3 Owns many system files.
• adm 4 Owns certain administrative files.
• lp 71 Owns the object & spooled data files for
printer.
• uucp 5 Owns the object & spooled data files of
UUCP nuucp 9 Is used by remote systems to log in
to the system
Gids inand
redstartPradip
fileGudale
transfers. 361
password
• Sources to check password are three
• /etc/nsswitch.conf entry decides which of
NIS+ tables, NIS map or /etc files to look
for password
• /etc files are passwd and shadow
• Only superuser can read shadow file
Pradip Gudale 362

shell
Restricted shell
Normal shell
/usr/lib/rsh
/usr/bin/sh
Notice :Not /usr/sbin/rsh (remote shell)
Access limited to home directory; can’t use cd

Can use commands only in PATH variable
Can use files only in HOME dir & subdirectories
cannot redirect output
Pradip Gudale with > or >> 363
Tracking SuperUser Login
• Requires root password
• By default, user cannot login as root
remotely; He needs to login as ordinary user
and then switch-over to root. This policy
helps tracking “who is trying to become
SuperUser”
• The command to switch-over to different
user is su
Pradip Gudale 364
Switch user : su
• su user-name
• su - user-name
Pradip Gudale 365

Network security
• Firewall
• authentication
• authorization
How do you differentiate between
authentication and authorization ?
Can I log-in ? Athentication

Can I copy this file ? Authorization
Pradip Gudale 366
Network security
• Firewall
• for NFS : you can decide what to share
(through /etc/dfs/dfstab) and whom to give
what authority (read/write or read only)
through share command.
• By deafult, superuser access is not given by
NFS. (it is implemented to change userId of
requester to that of nobody-60001)
Pradip Gudale 367
Automated Security
Enhancement Tool : ASET
• enable you to control and monitor your
system’s security.
• specify a security level—low, medium,
or high—at which ASET will run.
• At each higher level, ASET’s file-control
functions increase to reduce file access
and tighten your system security.
Pradip Gudale 368

File permissions
• Read, write and execute permissions to each
of three types of users - owner (the one who
creates file or directory), a group and others
(all those who are neither owner nor
member of the group)
• Only owner or root can decide and modify
these permissions
Pradip Gudale 369

Permissions of directory
• r Read List files in the
directory.
• w Write Add or remove files or
links in the directory.
• x Execute Open or execute files
in the directory. Also can make the
directory and the directories beneath it
current.
Pradip Gudale 370
Special file permissions
• setuid
• setgid
• stickyBit
Applicable to executables and public directories
Pradip Gudale 371

setuid
• When set on a program, it grants the
process running that program aceess based
on owner of that program rather than the
user who is running it.
• This allows user to access files that are
normally available only to owner.
e.g /etc/shadow file
rsrsrx 3 root sys
104580 Jul 16 12:02
Pradip Gudale 372
setgid
• Similar to setuid except….
• process’s effective groupID is changed to
that of a group owner of a program and user
is granted access based on permissions
available to the group
• When applied to directory, the files created
under it belong to the same group as
directory belongs and not group of the
process creating it.(e.g directory containing373
Pradip Gudale
all project files)
Sticky Bit
• Permission bit that protects files within a
directory.. So its applied to only directories
• Files can be deleted only by 1)Owner of the
file 2)Owner of the directory 3)root
• Prevents users from deleting other user’s
files from public directory like /tmp
• drwxrwxrwt 7 root sys 400 JUL 3
13:37 tmp
Pradip Gudale 374
*Default Permissions
• What are the effective permissions when
you create a file or a directory ?
• What decides these defaults permissions ?
A value set for umask in system file

/etc/profile or .cshrc or .login
Pradip Gudale 375

System defaults
files = 666
directories & executables = 777
Subtract umask = 022
Effective permissions
files = 644
directories & executables = 755
Pradip Gudale 376
Display information on files :ls
Text or program
• Type of files d Directory
• Permissions b Block special file
• Number of hard links c Character special file
• Owner of the file p Named pipe (FIFO)
• l Symbolic link
Group of the file
s Socket
• Size of the file, in bytes
• Date the file was created or last date it was changed
• Name of the file
Pradip Gudale 377

$ cd /sbin
$ ls -la
total 13456
drwxrxrx 2 root sys 512
Sep 1 14:11 .
drwxrxrx 29 root root 1024
Sep 1 15:40 ..
rxrxrx 1 root bin 218188
Aug 18 15:17 autopush
lrwxrwxrwx 1 root root 21
Sep 1 14:11 bpgetfile > ...
Aug 20 13:24 dhcpagent
Pradip Gudale 378
Aug 20 13:25 dhcpinfo
Changing file ownership
• Command is chown
• By default owner cannot change ownership;
Only Superuser can
• workaround…
set rstchown = 0 in
/etc/system & reboot
• # chown newowner filename
Pradip Gudale 379
Changing group ownership
• Only superuser or owner can change
• owner can change it to a group of which he
is a member
• $ chgrp group filename
Pradip Gudale 380

Changing permissions
• chmod command
• two modes 1) absolute mode : use octal
numbers (triplet) to set permissions
2) symbolic mode: use
combination of letters & signs
• for setting special permissions use
additional octal number to the left of the
triplet
Pradip Gudale 381
chmod
Special perm owner group others

X Y Z R W X R W X R W X
1 1 0
setuid
setgid Octal 6
Stick bit
Pradip Gudale 382
examples
• $ chmod 700 my_prog
• $ ls -l my_prog
rwx 1 mahesh
staff 6023 Jul 5 12:06
my_prog
• $ chmod 755 public_dir
• $ ls -ld public_dir
• drwxrxrx 1 omni staff 6023
Jul 5 12:06 public_dir
Pradip Gudale 383
examples
• $ chmod 4555 dbprog
• $ ls -l dbprog
• rsrxrx 1 db staff 12095
May 6 09:29 dbprog
• $ chmod o-r filea (takes away
read permissions from others)
• $ chmod a+rx fileb (adds r &
x to all)
Pradip Gudale 384
• $ chmod g=rwx filec (adds rwx

To create shared directories
• A setgid bit on a directory must be set or
changed using symbolic notation
# chmod g+s project_dir
Write a command to find all files in a specified

directory having owner as root and setuid bit
set on them
Pradip Gudale 385

# find directory -user root
-perm -4000 -exec ls -ldb {}
\; >/tmp/filename
Display in ls -ldb
format Output stored here
# ls l /tmp/filename
sx 1 root rar 45376 Aug 18 15:11
/usr/rar/bin/sh
rsrxrx 1 root bin 12524 Aug 11 01:27
/usr/bin/df
rwsrxrx 1 root sys 21780 Aug 11 01:27
Pradip Gudale 386
/usr/bin/newgrp
ACL
• Salient feature is you can assign
permissions to specific user
e.g. you can give read permission to a
group and read/write permission to a
specific member in that group
• ACL contains entries which are defind
using setfacl
• entry_type:[uid|gid]:perms
Pradip Gudale 387
ACL Entries for files
u[ser]::perms File owner permissions.

g[roup]::perms File group permissions.
o[ther]:perms Permissions for users other than the file
owner or members of file group.
m[ask]:perms The ACL mask. The mask entry indicates
the
maximum permissions allowed for users (other than the
owner) and for groups. The mask is a quick way to change
permissions on all the users and groups.
u[ser]:uid:perms Permissions for a specific user. For
uid, you can specify either a user name or a numeric UID.
g[roup]:gid:perms Permissions for a specific group. For
gid, you can specify eitherPradip
a group
Gudale
name or a numeric 388
GID.
Default ACL on directory
You can set default ACL on directories; All created under it
will have same permissions as default; When you set for
specific user first time you also need to set for owner, group
& mask
d[efault]:u[ser]::perms Default file owner
permissions.
d[efault]:g[roup]::perms Default file group
permissions.
d[efault]:o[ther]:perms Default permissions for
users other than the file owner or members of the file
group.
d[efault]:m[ask]:perms Default ACL mask.
d[efault]:u[ser]:uid:perms Default permissions
for a specific user. For uid, you can specify either a
user name or a numeric UID.
d[efault]:g[roup]:gid:perms Pradip Gudale
Default permissions389
setfacl
Sets or replaces ACL
$ setfacl -s
user::perms,group::perms,other:per
ms,mask:perms,acl_entry_list filename
...
List of one or more ACL entries for specific user or group
OR default on directory
$ setfacl -s user::rw-,group::r--,other:---,
mask:rw-,user:mahesh:rw- ch1.doc
$ ls -l Indicates file has an ACL
total 124
rwr+ 1 rajiv sysadmin 34816 Jul 11
Pradip Gudale 390
Display ACLs
Use the command getfacl
$ getfacl ch1.doc
# file: ch1.doc
# owner: rajiv
# group: sysadmin
user::rw
user:mahesh:rw #effective:rw
group::r #effective:r
mask:rw
other: Pradip Gudale 391
ACL example
$ setfacl -s
u::7,g::4,o:0,m:4,u:mahesh:7
ch2.doc
$ getfacl ch2.doc
# file: ch2.doc
# owner: rajiv
# group: sysadmin
user::rwx
user:mahesh:rwx #effective:r
group::r #effective:r
mask:r
Pradip Gudale 392
Copying ACL of one file to another
$ getfacl ch2.doc | setfacl -f -

ch3.doc
Taken from here

and applied there
Implies :
Take from file
Pradip Gudale 393

Modifying/ Deleting ACL entry
$ setfacl -m acl_entry_list filename1

[filename2 ...]
$ setfacl -m user:mahesh:6
ch3.doc
$ setfacl -d acl_entry_list filename1 ...
Pradip Gudale 394

Login information
• Use logins command
• # logins -x -l username (x:extended
info)
• # logins -x -l mahesh
• mahesh 500 staff 10 Mahesh
Kulkarni Picks info from
• /export/home/mahesh/etc/passwd or NIS+
or NIS
• /bin/sh
Password agingPradip
infoGudale 395
Finding users
not having passwords
• # logins -p
Disabling logins
temporarily
Create /etc/nologin file with a
message you want to display for
login attempts and reboot the M/C
Pradip Gudale 396
root login is not affected
Saving failed logins
• Create /var/adm/loginlog file with
read/write permissions to root only
• failed login activity will be written to this
file automatically after five failed
attempts.
• user’s login name, tty device, and time
of the failed attempt is recorded.
Pradip Gudale 397

Dial-up password
• Another layer of security for users logging
in via modem
• only superuser can create or change
• two files involved: /etc/dialups &
/etc/d_passwd.
list of shell programs that
require an encrypted list of ports that require a
password dial-up password
/usr/lib/uucp/uucico:encrypted_ /dev/term/a
password: /dev/term/b
/usr/bin/csh:encrypted_password
: Pradip Gudale 398
/usr/bin/ksh:encrypted_password
Mahesh logs in on /dev/term/b /etc/dialups
/dev/term/a
/dev/term/b
Check the presence of
port in this file...
/etc/d_passwd If no match found

Check “login shell” field of password entry of
/etc/passwd & look for /usr/bin/sh is used
match in
/etc/d_passwd Dial-up logins are
disabled if
Prompt for password /etc/d_passwd
has only the
following entry:
Pradip Gudale
/usr/bin/sh:*: 399
Creating files for dialup password
• With editor create files with entries
• # chown root /etc/dialups
/etc/d_passwd
• # chgrp root /etc/dialups
/etc/d_passwd
• # chmod 600 /etc/dialups
/etc/d_passwd
• add some user with password with
useradd
Delete all exceptPradip
thisGudale
And copy 400
Superuser login
• From security angle it should be allowed
only on console
• Edit the /etc/default/login file.
• Uncomment a line and make it
CONSOLE=/dev/console
• On other terminals users will
have to login as some other
user and do su to root which
can be monitored
Pradip Gudale 401
Monitoring su attempts
• Through the /etc/default/su file
you can enable the /var/adm/sulog
file to monitor all su attempts.
Uncomment & keep
SULOG=/var/adm/sulog
• To get message on console also..
CONSOLE=/dev/console in
/etc/default/su
• Entry shows datePradip&Gudale
time, success or 402
Sample /var/adm/sulog
# more /var/adm/sulog
SU 12/20 16:26 + pts/0 maheshroot
SU 01/12 11:11 + pts/0 rootjoebob
SU 01/12 14:56 pts/2 anuroot
Pradip Gudale 403

PART 1:
Scheduling Jobs
Pradip Gudale 404

Tasks at specific times
• Task to be carried out only once at a
specified time…. Use at command
• Tasks to be executed repeatedly at regular
intervals…( e.g. taking backup, removing
contents of log files, probing system load)..
Use crontab command
• Files kept in /var/spool/cron
• Files that control access to these command
are in /etc/cron.d Pradip Gudale 405
Entries inside crontab
cron daemon scedules jobs according to entries found in
crontab files; reads /var/spool/cron/crontabs directory every 15
minutes to take-up new files/changes
10 3 * * 0,4 /etc/cron.d/logchecker
10 3 * * 0 /usr/lib/newsyslog (run newsyslog
at 3:10 every Sunday)
15 3 * * 0 /usr/lib/fs/nfs/nfsfind
1 2 * * * [ x /usr/sbin/rtc ] &&
/usr/sbin/rtc c > /dev/null 2>&1
30 3 * * * [ x /usr/lib/gss/gsscred_clean ]
&& /usr/lib/gss/gsscred_clean
Min hours day-of-month month day-of-the-week command
Pradip Gudale 406
/var/spool/cron/crontabs/..
• Crontab file for root and few other users
like adm, lp, sys, uucp exist
• other users can create crontab files and they
are named after their username
e.g. /var/spool/cron/crontabs/mahesh
• you need to be superuser to modify
someone else’s crontab file
Pradip Gudale 407

Creating crontab file
• Use crontab -e command
• crontab e invokes the text editor
(default is ED) set up for your system
environment
EDITOR=vi; export EDITOR;
• # crontab -e [username]… only
superuser can create for
other users
Pradip Gudale 408
Check existence & display & remove
• #cd /var/spool/cron/crontabs
• #ls -l
rwrr 1 root sys 190 Feb 26 16:23
adm rw 1 root staff 225
Mar 1 9:19 mahesh rwrr 1
root root 1063 Feb 26 16:23 lp
• $ crontab l [username] … if
superuser
• $ crontab -l
13 13 * * * cp
/home/anu/work_files
Pradip Gudale 409
/usr/backup/. > /dev/null
Controlling access to crontab
• Accomplished through two files (in
/etc/cron.d ) cron.allow and cron.deny
• allowed users can create, edit, display and
remove crontab files
• By default cron.deny exists but not
cron.allow
• Only superuser can make these files
Pradip Gudale 410

cron.allow & .deny rules
• If cron.allow exists only the users listed in this
file can work with crontab files.
• If cron.allow doesn’t exist, all users may submit
crontab files, except for users listed in cron.deny.
• If neither cron.allow nor cron.deny exists,
superuser privileges are required to run crontab.
• So.. by default all users except listed in .deny are
allowed to work with crontab
• So.. to deny a user, just add his name to cron.deny
Pradip Gudale 411
In /etc/cron.d
yes
cron.allow exists ?
no
So… to
limit
access to
few users cron.deny exists ?
add their
names to no
allow list.
Don’t Allow only
forget to superuser to work
add root with crontab
there. Allow not Allow
Pradip Gudale listed in this listed412users
to work to work
*Error message for crontab -l
• What do you make out of these ?
crontab: can’t open your
crontab file crontab: you
are not authorized to use
cron. Sorry.
In the first case : crontab file doesnot exist
In the second case: You are denied use of crontab
Pradip Gudale 413
at jobs
• Execution at a later time

• executed only once
• By default, users can create, display, and
remove their own at job files.
• When submitted an at job, it is assigned a
job identification number along with the .a
extension that becomes its file name.
Pradip Gudale 414
How to submit an at job
• Invoke at command with time as argument
• enter the command to be executed later
make sure to send output to a file if
required
• press control-d to come out to prompt
$ at 11:45pm July 31
at> rm /home/export/mahesh/*core*
at> Press Control-d
commands will be executed using /bin/csh
job 933486300.a at Sat Jul 31 23:45:00
Pradip Gudale 415
2001
Submitting at job
$ at [-m] time [date]
Sends mail once job is done
$ at 4 am Saturday
at> sort -r /usr/dict/words >
/export/home/anu/big.file
cntrl-d
Pradip Gudale 416

Displaying at jobs
$ atq
Rank Execution Date Owner Job
Queue Job Name
1st Jul 12, 1999 19:30 anu
897355800.a a stdin
2nd Jul 14, 1999 23:45 anu
897543900.a a stdin
$ at -l [job-id] shows execution times
3rd Jul 17, 1999 04:00 anu
of your job
897732000.a a stdin
$ at -l
897543900.a Mon Jul 16 23:45:00 2001
897355800.a Tue Jul 17 19:30:00 2001
897732000.a Wed Jul 18 04:00:00 2001
Pradip Gudale 417
Removal of at jobs
$ at -l
897543900.a Wed Jul 14 23:45:00 1999
897355800.a Mon Jul 12 19:30:00 1999
897732000.a Sat Jul 17 04:00:00 1999
$ at -r 897732000.a
$ at -l 897732000.a
at: 858142000.a: No such file or
directory
Pradip Gudale 418

Access to at command
• The policy is similar to one for crontab

• it is done through at.allow and at.deny lists
under /etc/cron.d directory
• print server
• boot server
• install server
• name server
• mail server Pradip Gudale 419

Solaris - Sys Admin 1

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Solaris - Sys Admin 1

Загружено:

Авторское право:

Доступные форматы

PART 1: Ch1

Managing Users & Groups

0 - 99 root, daemon, bin, sys, etc. System accounts

100 - 2147483647 Regular users General purpose accounts

60001 nobody Unauthenticated users

60002 noaccess Compatibility with Solaris 2.0 and

Bourne or Korn /etc/skel/local.profile

Booting & Run Levels

Which one is better ?

How to Determine a System’s Run Level ?

How to Use a Run Control Script to Stop or Start a Service ?

How to Add a Run Control Script ?

How to Disable a Run Control Script ?

Number of times at this RL

The system’s default run level

What processes to start, monitor, and restart if they

What actions to be taken when the system enters a

How the process

How would you add a script to

/sbin/rc0 Performs the following tasks:

Stops system services and daemons

Terminates all running processes

Unmounts all file systems

Terminates all running processes

Unmounts all file systems

Brings the system up in single-user mode

Starts Kerberos client-side daemon, kerbd

Establishes a minimal network

Booting of the system &

How to find PROM version ?

ok boot [boot-device] [boot-files] [boot options]

press Stop­a or L1­a.

ufsboot program loads the kernel.

kernel unmaps the ufsboot

kernel creates a user process and starts the

Files on a CD : Enter The CD and wait for a few seconds

# mount -F nfs -o ro system-name:/cdrom/cd-name

workman-options The options allowed by the Workman S/W

Pradip Gudale …...Try this out81

In other words, a UFS diskette formatted on a SPARC

SPARC uses little-endian bit coding, IA uses big-endian.

2.88 Mbytes 2.88 Mbytes −E

$ fdformat -v -U [density-options convenience-options]

verify e.g. -D 720KB

Command to create FS options to this command

/usr/sbin/newfs Where to make FS

Use #ls /floppy to confirm mounted ufs FS

-d 1.44MB for MS-DOS

Add the following lines to /etc/rmmount.conf

Drive --- diskette0 rdiskette0

Drive --- diskette0 rdiskette0

Diskette name Diskette name

Volume Management mounts the

Pradip Gudale 100

Pradip Gudale 101

enable you to access floppies and CDs without

You can use the link names, floppy0 or cdrom0,

Pradip Gudale 102

Pradip Gudale 103

to enable you to access a raw-character diskette or CD

Pradip Gudale 104

Pradip Gudale 105

9660 portion : portable

press Stopa or L1a.