solaris - sys admin 1
TRANSCRIPT
Pradip Gudale 1
SYSTEM CONCEPTS
PART 1: Ch1
Pradip Gudale 2
Operating System
• Definition : Set of programs that manage all computer operations and provides an interface between the User and the System Resources
• Main parts of OS are Kernel, Shell and File structure
Pradip Gudale 3
Kernel
• Manages devices, memory processes and daemons
• controls the functions (transfer) between programs and hardware
• schedules & executes processes
• Manages swap & daemons
Pradip Gudale 4
KERNEL
H/W
Shell
Pradip Gudale 5
OS shells
• Bourne shell ($) : default, AT & T Unix
• C shell (%) : similar features as Korn shell
• Korn shell ($) : superset of Bourne shell; adds aliasing, history and command line editing
Pradip Gudale 6
FS structure
• Directory hierarchy
• topmost directory is root
• /usr, /opt, /dev, /export/home, /kernel (genunix resides here)
Pradip Gudale 7
termionology
• Host : a computer system• host name : unique; each on network must have
hostname• Ip address : number used by networking s/w• client : host that uses services from other hosts• server : host that provides service• network : group of connected hosts
Pradip Gudale 8
Examples of server
• File server
• print server8
• boot server
• install server
• name server
• mail server
Pradip Gudale 9
Managing Users & Groups
PART 1:
Pradip Gudale 10
Solaris Users and Groups
• role-based access control (RBAC) provides a flexible way to package superuser privileges
• Special type of User Account called “Role”
Pradip Gudale 11
User Account Information
• User Name
• Password
• User’s Home Directory
• Initialization Files
Pradip Gudale 12
User => Group
• You add a User to a particular Group
• This is to give access for a particular file or directory to a set of users
Pradip Gudale 13
User ID Numbers Login Accounts Reserved For …---------------------------------------------------------------
0 - 99 root, daemon, bin, sys, etc. System accounts
100 - 2147483647 Regular users General purpose accounts
60001 nobody Unauthenticated users
60002 noaccess Compatibility with Solaris 2.0 andcompatible versions and SVR4releases
Pradip Gudale 14
PASSWORD
• Password aging feature
• must be changed after specified period
• cannot be changed within specified period
Pradip Gudale 15
Home directories
• Usually /export/home/username
• Can be on local m/c or file server
• accessed via /home/username
• if automounter is used it does not allow you to vreate anything under /home
Pradip Gudale 16
User’s Initialization Files
• .login
• .cshrc
• .profile
• System initialization files are /etc/.login and /etc/profile
Pradip Gudale 17
Groups…. Each group to have
• group name
• group ID
• list of users that belong to the group
Pradip Gudale 18
groups
• Each user can be assigned to two types of groups…. 1 Primary and 16 secondary
• Files created by user are assigned GID of the group the user primarily belong to
• secondary group not important for files…. It is useful for some applications like admintool which expects user to belong to sysadmin group GID 14
Pradip Gudale 19
Groups
• groups command lists all groups user belongs to
• primary group of the user can be temporarily changed using newgrp command to any other group user is a member of
Pradip Gudale 20
Management of users and groups
• Local system… use admintool with CDE or commands like useradd, groupadd etc
• local/remote system… use adminsuite with CDE
Add a User AccountNIS+ nistbladm & nisclientNIS useradd & makeNone useradd
Pradip Gudale 21
Where information is stored ?
• /etc/passwd and /etc/shadow
• username:password:uid:gid:comment:home-directory:login-shell
• e.g. root:x:0:1:Super-User:/:/sbin/sh
• e.g. rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978
Pradip Gudale 22
Initialization Files
PART 1:
Pradip Gudale 23
Initialization Filesexample of .profile
PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/ccs/bin:. 1MAIL=/var/mail/$LOGNAME 2NNTPSERVER=server1 3MANPATH=/usr/share/man:/usr/local/man 4PRINTER=printer1 5umask 022 6export PATH MAIL NNTPSERVER MANPATH PRINTER 7
Pradip Gudale 24
Customization of Environment
• Solaris provides template files in /etc/skel
• For Bourne Shell /$HOME/.profile
• For C Shell /$HOME/.cshrc and /$HOME/.login
• For korn Shell .profile and /$HOME/$ENV
Pradip Gudale 25
/etc/skel
C Shell /etc/skel/local.login /etc/skel/local.cshrc
Bourne or Korn /etc/skel/local.profile
Pradip Gudale 26
BOURNE C Shell Korn ShellJob control Yes Yes YesHistory list No Yes Yes
Command-line editing No Yes YesAliases No Yes YesSingle-char abbre forlogin directory No Yes YesProtection from overwriting(noclobber) No Yes YesSetting to ignore Control-d(ignoreeof) No Yes YesEnhanced cd No Yes YesInitialization file separate from.profile No Yes YesLogout file No Yes No
Pradip Gudale 27
Shell environment
• Environment variables : upper case .. Use setenv command
• shell (local) variables : lower case.. Use set command. E.g. user term home and path
• C shell setenv VARIABLE value• Bourne or Korn shell VARIABLE=value; export VARIABLE
Pradip Gudale 28
Environment variables
• LPDEST Sets the user’s default printer.• MAIL Sets the path to the user’s
mailbox.• MANPATH Sets the hierarchies of man
pages available.• OPENWINHOME Sets the path to the
OpenWindows subsystem.
Pradip Gudale 29
Variables… cntd
• prompt Defines the shell prompt for the C shell.
• PS1 Defines the shell prompt for the Bourne or Korn shell.
• SHELL (or shell in• the C shell)• Sets the default shell used by make, vi,
and other tools.
Pradip Gudale 30
Variables.. cntd• PATH=/usr/bin:/usr/sbin:/opt/SUNWmd/• CDPATH=/export/home/rajiv• TERM (or term in the C shell) Defines the
terminal. This variable should be reset in /etc/profile or /etc/.login. When the user invokes an editor, the system looks for a file with the same name as the definition of this environment variable.
Pradip Gudale 31
umaskDefault permissions given for file or directory when created, by subtracting umask value from 666 or 777 file directory
0 rw- rwx1 rw- rw-2 r-- r-x3 r-- r--4 -w- -wx5 -w- -w- 6 --x --x7 --- (none) --- (none)
Pradip Gudale 32
Booting & Run Levels
PART 1:
Pradip Gudale 33
Booting & Shutdown
• What’s new in this release ?
• What was the method used earlier ?
• How do we boot Intel Platform Solaris ?
Pradip Gudale 34
Terminology
• init state
• run level
• Which process helps change run-levels
Pradip Gudale 35
Types of Boot
• Interactive
• Reconfiguration
• Recovery
Pradip Gudale 36
Shutdown commands
• init
• shutdown
Which one is better ? Why ?
Can anybody shutdown the system ?
Pradip Gudale 37
When do you need to change run_levels ?
• Add new h/w
• backup-restore
• retune kernel parameters
• repair system configuration file
• known power outage
Pradip Gudale 38
Run control
How to Determine a System’s Run Level ?
How to Use a Run Control Script to Stop or Start a Service ?
How to Add a Run Control Script ?
How to Disable a Run Control Script ?
Pradip Gudale 39
Current run level ?
$ who -r. run-level 3 Sep 1 14:45 3 0 S
Since when ?
privious
Number of times at this RL since last boot
Pradip Gudale 40
/etc/inittab fileProvides three important items to init process
The system’s default run level
What processes to start, monitor, and restart if they terminate
What actions to be taken when the system enters a new run level
Pradip Gudale 41
/etc/inittab entries
Each entry in the /etc/inittab file has the following fields:
id:rstate:action:process
Unique id
Applies to these run levels
How the process is to be run
The command to execute
Pradip Gudale 42
/etc/inittab entries
ap::sysinit:/sbin/autopush -f /etc/iu.ap
is:3:initdefault:
p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 -g0 >/dev/msglog 2<>/dev/console
sS:s:wait:/sbin/rcS >/dev/msglog 2<>/dev/msglog </dev/
sc:234:respawn:/usr/lib/saf/sac -t 300
co:234:respawn:/usr/lib/saf/ttymon -g -h -p "‘uname -n‘ console login: ” -T terminal-type -d /dev/console -l console -m ldterm,ttcompat
Pradip Gudale 43
What happens when init runs
1. The init process is started and reads the /etc/default/init file to set any environment variables. By default, only the TIMEZONE variable is set.2. Then init reads the inittab file to do the following:a. Identify the initdefault entry, which defines the default run level (3).b. Execute any process entries that have sysinit in the action field so that any special initializations can take place before users login.c. Execute any process entries that have 3 in the rstate field, which matches the default run level, 3.
Pradip Gudale 44
Run control scripts
• Each associated with rc.x script in /sbin
• there is a corresponding directory /etc/rcx.d which contains [KS] [0-9] [0-9] * scripts for starting or stopping various services
• The scripts are kept in /etc/init.d and are linked to files in /etc/rcx.d
Pradip Gudale 45
Sample /etc/rc2.d
# ls /etc/rc2.dK07dmi S70uucp S75cron S91afbinit K07snmpdx S71ldap.client S75flashprom S91ifbinit K28nfs.server S71rpc S75savecore S92volmgt README S71sysid.sys S76nscd S93cacheos.finish S01MOUNTFSYS S72autoinstall S80PRESERVE S94ncalogdS05RMTMPFILES S72inetsvc S80lp S95IIimS20sysetup S72slpd S80spc S95amiserv S21perf S73cachefs.daemon S85power S95ocfservS30sysid.net S73nfs.client S88sendmail S99audit S40llc2 S74autofs S88utmpd S99dtlogin S47asppp S74syslog S89bdconfig S69inet S74xntpd S90wbem
Pradip Gudale 46
Adding scripts
How would you add a script to start/stop some service ?
Pradip Gudale 47
Adding scripts….
# cp filename /etc/init.d# chmod 0744 /etc/init.d/filename# chown root:sys /etc/init.d/filename
# cp filename /etc/init.d # chmod 0744 /etc/init.d/filename
# chown root:sys /etc/init.d/filename
# cd /etc/init.d# ln filename /etc/rc2.d/Snnfilename# ln filename /etc/rcn.d/Knnfilename
Pradip Gudale 48
Summary of rc scripts
/sbin/rc0 Performs the following tasks:
Stops system services and daemons
Terminates all running processes
Unmounts all file systems
Pradip Gudale 49
/sbin/rc1
Stops system services and daemons
Terminates all running processes
Unmounts all file systems
Brings the system up in single-user mode
Pradip Gudale 50
/sbin/rc2
Mounts all local file systems Enables disk quotas if at least one file system was mounted with
the quota option Saves editor temporary files in /usr/preserve
Removes any files in the /tmp directory Configures system accounting
Configures default router Sets NIS domain and ifconfig netmask
Reboots the system from the installation media or a boot server ifeither /.PREINSTALL or /AUTOINSTALL exists
Starts inetd and rpcbind and named, if appropriate
Pradip Gudale 51
/sbin/rc2…… cntd
Starts Kerberos client-side daemon, kerbd Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd),depending on whether the system is configured for NIS or NIS+,
and whether the system is a client or a server Starts keyserv, statd, lockd, xntpd, and utmpd
Mounts all NFS entries Starts nscd (name service cache daemon)
Starts automount, cron, LP print service, sendmail, utmpd, andvold daemons
Pradip Gudale 52
/sbin/rc3
/sbin/rc3 Runs the /etc/rc3.d scripts to perform the following tasks: Cleans up sharetab
Starts nfsd Starts mountd
If the system is a boot server, starts rarpd, rpc.bootparamd, andrpld
Starts snmpdx (Solstice Enterprise AgentsTM
process).
Pradip Gudale 53
/sbin/rc5 and /sbin/rc6
/sbin/rc5 and /sbin/rc6
Runs the /etc/rc0.d/K* scripts to perform the following tasks: Kills all active processes
Unmounts the file systems
Pradip Gudale 54
/sbin/rcS
Establishes a minimal network Mounts /usr, if necessary
Sets the system name Checks the root (/) and /usr file systems
Mounts pseudo file systems (/proc and /dev/fd) Rebuilds the device entries for reconfiguration boots
Checks and mounts other file systems to be mounted in single-usermode
Pradip Gudale 55
Shutdown commands
• Shutdown
• init
• reboot
• halt
Pradip Gudale 56
Booting of the system & BOOT PROM
PART 1:
Pradip Gudale 57
Prom monitor
> n
OK
Pradip Gudale 58
Prom monitor
How to find PROM version ?
How to change boot-device ?
How to change boot-files ?
Pradip Gudale 59
Prom monitor : important commands
• printenv
• setenv
• probe-scsi-all
• reset
Pradip Gudale 60
Boot command
ok boot [boot-device] [boot-files] [boot options]
-a
-s
-r
………….Try it out
Pradip Gudale 61
Boot over a network
• Need to set up a boot server
• rarp or dhcp protocols
• for dhcp PROM version must be > 3.25• ok nvalias net
/pci@1f,4000/network@1,1:dhcp
Pradip Gudale 62
Stop system for recovery
press Stop-a or L1-a.
On terminals, press the Break key.
Pradip Gudale 63
Intel Solaris
Solaris Boot Diskette
Solaris Installation CD
Pradip Gudale 64
Boot process
Pradip Gudale 65
What all does a PROM do ?
Pradip Gudale 66
Boot phases
• Boot prom phase
• boot program phase
• kernel initialization phase
• init phase
Pradip Gudale 67
Boot phasesBoot prom :the PROM loads the primary boot program, bootblk
bootblk program finds and executes the secondary boot program, ufsboot, and loads it into memory.
ufsboot program loads the kernel.kernel initializes itself and begins loading modules
kernel unmaps the ufsboot
kernel creates a user process and starts the /sbin/init
Pradip Gudale 68
PART 1:
Pradip Gudale 69
Volume Management
Major Benefits
Pradip Gudale 70
/etc/init.d/volmgt
• automatically mounts diskettes and CDs
• enables you to access diskettes and CDs without having to become superuser.
• allows you to give other systems on the network automatic access to any diskettes and CDs you insert into your system
Pradip Gudale 71
Manual mounting
Steps Manual Mounting Automatic Mounting
1 Insert media.2 Become superuser. 3 Determine the location of the media device. 4 Create a mount point.5 Make sure you are not in the mount point directory.6 Mount the device using the proper mount options.7 Work with files8 Become Superuser and unmount9 Eject media
Pradip Gudale 72
How to access from FDD/CD
enter floppy and run volcheckFiles on a diskette or Raw data on a disketteaccess through /vol/dev/aliases/floppy0File Systems on floppyaccess through /floppy/floppy0
Files on a CD : Enter The CD and wait for a few secondsaccess through /cdrom/cdrom0
Pradip Gudale 73
Files copied from CD
Remember……..
Files copied to disk will not have write permissions
WHY ?
Pradip Gudale 74
How do you find who are using the CD ?
# fuser -u [-k] /cdrom/cdrom0
Pradip Gudale 75
..How do you use CDROM connected to another M/C ?
Prerequisite ?
CDROM on other M/C must be shared..
Prerequisite ?
CDROM on other M/C must be shared..
Pradip Gudale 76
$ showmount -e system-name
export list for system-name:/cdrom/sol_8_sparc (everyone)Become a superuser
# mount -F nfs -o ro system-name:/cdrom/cd-name mountpoint
…….Try this out
Pradip Gudale 77
..How do you make CDROM on your system available to other
systems ?
Basically…. It-must-be-shared
Pradip Gudale 78
STEPS …..
# mkdir /dummy# vi /etc/dfs/dfstab( Add the following line:)share -F nfs -o ro /dummy# eject cdrom0# chmod 644 /etc/rmmount.conf# vi /etc/rmmount( Add the following line to the File System Sharing section:)share cdrom*# chmod 444 /etc/rmmount.conf( Load a CD.)# share …. Try this out
Pradip Gudale 79
Configure a System to Play Musical CDs
Edit /etc/rmmount.conf and add action line
# Actionsaction cdrom action_workman.so path/workman Workman-options
path The dir in which you have placed the Workman S/W
workman-options The options allowed by the Workman S/W
Pradip Gudale 80
“start and stop volume management”
# /etc/init.d/volmgt start
# /etc/init.d/volmgt stop
Pradip Gudale 81
Formatting floppies ...tasks
• Load unformatted diskette
• Format diskette for dos
• Format diskette for ufs
• make ufs FS
…...Try this out
Pradip Gudale 82
Known restriction..
Diskettes formatted for UFS are restricted to the hardware platform on which they were formatted.
In other words, a UFS diskette formatted on a SPARC based platform cannot be used for UFS on an IA platform, nor can a diskette formatted on an IA platform be used on a SPARC based platform. This is because the SPARC and IA UFS formats are different.
SPARC uses little-endian bit coding, IA uses big-endian.
Pradip Gudale 83
Can format to 7 densities
• 3.5” Extended Density 2.88 Mbytes
• 3.5” High Density (HD) 1.44 Mbytes
• 3.5” Medium Density (DD) 1.2 Mbytes
• 3.5” Low Density 720 Kbytes
• 5.25” High Density (HD) 1.2 Mbytes
• 5.25” Medium Density (DD) 720 Kbytes
• 5.25” Low Density 360 Kbytes
Pradip Gudale 84
Formatting defaults...
• the diskette drive formats a diskette to a like density unless instructed otherwise
• a diskette can be formatted to its capacity or lower
• a drive can format to its capacity or lower
Pradip Gudale 85
Use fdformat command with density option….
To Format In A Drive fdformat Densitya diskette as of option
2.88 Mbytes 2.88 Mbytes E1.44 Mbytes 2.88 Mbytes H1.44 Mbytes 1.44 Mbytes none1.2 Mbytes 1.44 Mbytes t nec M720 Kbytes 1.44 Mbytes D or t dos D1.2 Mbytes 1.2 Mbytes none720 Kbytes 1.2 Mbytes D720 Kbytes 720 Kbytes none360 Kbytes 720 Kbytes D
Pradip Gudale 86
fdformat
• fdformat -z to view options
• start fdformat w/o density option to find out drive’s default density
Pradip Gudale 87
Formatting for ufs FS
$ fdformat -v -U [density-options convenience-options]
verify
Unmount if mounted
e.g. -D 720KB
-e eject
-f force ..no questions
-b label
-z just show options
Pradip Gudale 88
How to Place a UFS File System on a Diskette ?
Command to create FS options to this command
/usr/sbin/newfs Where to make FS
Type of FS
ufs taken as default
Pradip Gudale 89
Creating FS
$ /usr/sbin/newfs -v /vol/dev/aliases/floppy0
Displays status
Pradip Gudale 90
Auto mounting
Invoke the volrmmount command using the i option to notify Volume Management that the diskette is inserted.
$ volrmmount -i floppy0
Use #ls /floppy to confirm mounted ufs FS
Pradip Gudale 91
Formatting for DOS
$ fdformat -v -U [density-options convenience-options]
-d 1.44MB for MS-DOS
-d -D 720KB for MS-DOS
Pradip Gudale 92
Things to remember• volcheck -v command to notify volume management
• floppy0 is symbolic link to floppy name
• if nothing is found under /floppy it means floppy not mounted or not formatted
• /floppy is same as /vol/dev/diskette0
• fuser -u [-k] floppy0 to find user and [kill]
• if formatted but without name system refers to it as unnamed_floppy
• # ls /floppy/floppy0 to see contents
Pradip Gudale 93
How to use floppy put in another M/C’s floppy drive ?
Same as CDROM …… except…...
Add the following lines to /etc/rmmount.confon a system where floppy drive is connected and to be shared
# File System Sharingshare floppy*
Pradip Gudale 94
How Volume Management
works?
Pradip Gudale 95
Volume management
• All removable media made available under /vol/dev
/vol/dev
diskette0 rdiskette0Drive ---
Pradip Gudale 96
Volume management
/vol/dev
diskette0 rdiskette0Drive ---
Diskette name Diskette name
Pradip Gudale 97
CDROMs/vol/dev
dsk rdsk
c0t6 c0t6
cdrom drive
Pradip Gudale 98
CDROMs/vol/dev
dsk rdsk
c0t6 c0t6
cdrom drive
cd name cd name
Pradip Gudale 99
To make access more convenient, Volume Management uses two special mount points, /floppy and /cdrom.
Volume Management mounts the /vol/dev/diskette0 and/vol/dev/dsk/c0t6 directories onto /floppy and /cdrom
/
floppy cdrom
Pradip Gudale 100
Convenient mount points/floppy and /cdrom
However, these mount points depend on proper formatting. If a diskette is formatted, the mount succeeds, but if it is unformatted, the mount fails and the diskette is only available under
/vol/dev/diskette0.
Pradip Gudale 101
Additional conveniencesymbolic links
/floppy/floppy0 --> /floppy/name --> /vol/dev/diskette0/name
/cdrom/cdrom0 --> /cdrom/cd-name --> /vol/dev/dsk/c0t6d0/cd-name
The symbolic links for file system access simply link the directories /floppy/floppy0 and /cdrom/cdrom0 to the diskette inserted into the first diskette drive and the CD inserted into the first CD-ROM drive:
Pradip Gudale 102
What’s the advantage of symbolic links ?
enable you to access floppies and CDs without knowing their names.
You can use the link names, floppy0 or cdrom0, instead.
Pradip Gudale 103
Symbolic links forraw device access
/vol/dev/aliases/floppy0 --> /vol/dev/rdiskette0/diskette-name
/vol/dev/aliases/cdrom0 --> /vol/dev/rdsk/c0t6d0/cd-name
Pradip Gudale 104
Purpose of symbolic links
to enable you to access a raw-character diskette or CD without knowing its name
use /vol/dev/aliases/floppy0 or /vol/dev/aliases/cdrom0 link names.
Pradip Gudale 105
compatibilities
• Ufs : not compatible between Sparc and Intel
• CDROM : HSFS type; No issues
Pradip Gudale 106
installation CDs, contain mixed formats; that is, part UFS, and part ISO 9660 standard
the CD is split into slices
9660 portion : portableUFS portion : architecture-specific
UFS : Sparc
ISO 9660
UFS : Intel
Pradip Gudale 107
Volume Management ignores un-related formats on CDs and mounts appropriate slice
Pradip Gudale 108
CD slices appear as….
$ ls /cdrom/cdrom0S0 S2$ ls /vol/dev/dsk/c0t6S0 S2
Pradip Gudale 109
SOFTWARE
ADMINISTRATION
PART 1:
Pradip Gudale 110
S/W administration
• Adding and Removing S/W
• Checking Consistemncy
• understanding S/W packages
• Adding and removing patches
Pradip Gudale 111
What is a S/W Package ?
Sun and other vendors distribute S/W in the form of Package
package is a collection of files and directories in a defined format.
Pradip Gudale 112
Package Admin Commands
Solaris provides utilities to understand the package format and istall, Remove and check packages
pkgadd, pkgrm and pkgcheck
Pradip Gudale 113
Admintool to manage S/W
Add packages to a spool directory : Not possible
Eliminate user interaction by using an administration file : Not possible
Pradip Gudale 114
S/W PACKAGEControl files S/w files
Pkgadd interpretes
Pkadd uncompresses and installs in base directory
Keeps track of what is installed
Pradip Gudale 115
#Pkgrm pkgname
Removes all files for that package unless they are shared with another package
Pradip Gudale 116
Things to know….How packages are named ?
….. SUNWutr, SUNWvolr
How to see what are installed ?
….. Pkginfo / admintool
How to install S/W for clients ? ….. Some part on server some on client
Pradip Gudale 117
client-server scenario
a piece of software might have a package with files that are installed on the client’s root file system and a package with files that are installed on the /usr file system, which the client typically mounts from a server.
Pradip Gudale 118
administration file
Comes into play with -a option to pkgadd
# pkgadd -a filename pkgname
Looks for admin file in current dir OR in /var/sadm/install/admin
Pradip Gudale 119
Uses of admin file...manipulate the base directory by setting the basedir keyword in a special file called an administration file. basedir=/usr/v5/sbin
Avoid user interaction while adding or removing packages
Quit installation if error encountered
……...etc.
Pradip Gudale 120
Response file….
Using a Response File
A response file contains your answers to specific questions asked by an interactive package.
An interactive package includes a request script that asks you questions prior to package installation, such as whether or not optional pieces of the package should be installed.
Pradip Gudale 121
Response file
Use pkgask command to store your replies and use it as…
pkgadd -r response-file
…. To avoid user interaction
Pradip Gudale 122
commands
# pkgadd -a admin-file -d device-name pkgid ...
Default…
/var/spool/pkg
Pradip Gudale 123
commands
# pkgchk -v pkgid
If pkgchk determines there are no errors, it returns a list of installed files.Otherwise, it reports the error.
Verification of installed package...
Pradip Gudale 124
What do you understand from this..
# mount -F nfs -o ro package-server:/latest-packages /mnt
# pkgadd -d /mnt SUNWaudio.
Pradip Gudale 125
..and what do you think is this ?
# pkgadd -d /cdrom/sol_8_sparc/s0/Solaris_8/Product -s /var/spool/pkg SUNWaudio
Pradip Gudale 126
Is this command OK ?
# pkgadd SUNWman
Pradip Gudale 127
pkginfo
Tells what packages are installed on the system
$ pkginfosystem SUNWaccr System Accounting, (Root)system SUNWaccu System Accounting, (Usr)system SUNWadmap System administration applicationssystem SUNWadmc System administration core libraries.
Pradip Gudale 128
Integrity of installed packages
# pkgchk -dspooldir pkgid ...
# pkgchk [ -a -c -v ] pkgid ...
attributes
contents
Default: both a & c
Pradip Gudale 129
$ pkginfo -l SUNWcarPKGINST: SUNWcarNAME: Core Architecture, (Root)CATEGORY: systemARCH: sparc.sun4uVERSION: 11.8.0,REV=1999.09.18.11.52BASEDIR: /VENDOR: Sun Microsystems, Inc.DESC: core software for a specific hardware platform groupPSTAMP: humbolt19990821191439INSTDATE: Sep 18 1999 11:53HOTLINE: Please contact your local service providerSTATUS: completely installedFILES: 95 installed pathnames31 shared pathnames35 directories49 executables11307 blocks used (approx)
Pradip Gudale 130
Removal of packages
Always use
#pkgrm [-s spooldir] pkgid
Do not use “rm” to remove package files….. WHY ?
Pradip Gudale 131
“Removal of packages”
Can be done through admintool
What is the prerequisite ?
Be either super-user
or
member of sysadm group
Pradip Gudale 132
patches
• What are they ?
• How are they distributed ?
• How are they numbered ?
• What happens when you install patches ?
• What happens when you remove patches ?
Pradip Gudale 133
What is a patch ?
collection of files and directoriesthat replace or update existing files and directories that are preventing properexecution of the software.The existing software is derived from a specified package
Pradip Gudale 134
Knowing what are applied
# showrev -p
# patchadd -p
# pkgparam pkgid PATCHLIST
# pkgparam pkgid PATCH_INFO_patch-number
Tells inst date and host from where applied
Pradip Gudale 135
Patch distribution
via www OR anonymous ftp http://www.sun.com
For contract customers : Full sunsolve database and periodical CDs
For others: general set of patches
Pradip Gudale 136
ftp
sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina).
Login as anonymouspassword as complete e-mail addresspick-up patches from /pubs/patches directory.
Transfer mode : binary
Pradip Gudale 137
Patch numbering
106925–02
Patch base code
hyphen
Patch revision
Pradip Gudale 138
What happens when you install a patch ?
• patchadd calls pkgadd• checks version of target system• updates patch packages pkginfo file with what
are the patches getting obsoleted by this, what are other required patches by this and patches incompatible with this etc.
• patch installation log is kept in /var/sadm/patch/patch-number/log
Pradip Gudale 139
Patch not installed if…...* The package is not fully installed on the host* The patch packages architecture differs from the system’s architecture*The patch packages version does not match the installed package’s version*There is already an installed patch with the same base code and a higher version number* The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file)* The patch being installed requires another patch that is not installed
Pradip Gudale 140
Patch removal
Means… backing out a patch
All files modified by patch are restored back to original
Pradip Gudale 141
patchrm restores old files unless….
* The patch was installed with patchadd -d (which instructs patchadd not to save copies of files being updated or replaced) * The patch has been obsoleted by a later patch * The patch is required by another patch
patchrm keeps a log of the back out process in/tmp/backoutlog.process_id. This log file is removed if the patch backs out
Pradip Gudale 142
DISK
MANAGEMENT
PART 1:
Pradip Gudale 143
Disk geometry
• Bits and bytes
• Sectors
• Tracks
• Cylinders
• Heads
• Disk Controller
• Device drivers
Pradip Gudale 144
……….more
• Disk slices
• Disk Labels
• Cylinder Groups
• File Systems
Pradip Gudale 145
FS characteristics
• Files are stored in FS
• Each FS is assigned one slice i.e FS can not span multiple slices
• In one slice only one FS can be go
• To the OS each slice appears as independent disk
• FS is a fully functional independent unit
Pradip Gudale 146
Disk slices / partitions
SPARC Platforms IA Platforms
Whole disk given to the operating environment
8 slices maximum
slices are 0-7
FDISK partitioned Only one given to OE
one partition: 10 slices
slices are 0-9
Pradip Gudale 147
What gets stored ..where ?
• Slice 0 : root--OS files and directories
• 1: Swap--workspace
• 2: Overlap
• 3: /export--diff arch os files for clients
• 4: /export/swap--swap for clients
• 5: /opt--applications added
• 6: /usr-- executables and library routines
• 7: /home or /export/home--user’s stuff
Pradip Gudale 148
Intel specific….
• Slice 8: info that helps Solaris to boot from Hard Disk. Resides at the beginning of disk
• Slice 9: alternate blocks for assignment in lieu of bad blocks
Pradip Gudale 149
Note on usageDo not use the following areas of the disk for raw data slices, which are sometimes created by third-party database applications:
1. Block 0, cylinder 0, where the disk label is stored.2. Avoid cylinder 0 entirely for improved performance.3. Slice 2, which represents the entire disk.
A slice cannot be split between two or more disks. However, multiple swap slices on separate disks are allowed.
Pradip Gudale 150
format utilityPART 1:
Pradip Gudale 151
format
• Menu driven built-in utility• For preparing hard disks for use• does more than mere formatting disks• Not for floppies, cdroms and mag tapes
Pradip Gudale 152
What all can “format” do ?
• Search all connected devices and display
• display partition information
• modify partitions information
• label the disk
• analyze and repair the disk
• low level format the disk
Pradip Gudale 153
Most common usage..
• Partition
• label
Formatting is destructive process….
helps preparing unfromatted disk
helps gather bad areas information
Pradip Gudale 154
Disk Label VTOC
Cylinder 0 Block 0 Sector 0
controller geometry Partition tabel or slices
Pradip Gudale 155
Partition tabel
• Number : 0 to 7
• tag : 0=UNASSIGNED 1=BOOT 2=ROOT 3=SWAP 4=USR5=BACKUP 7=VAR 8=HOME
numeric value that usually describes the file system mounted on this partition.
• flags : wm The partition is writable and mountable wu writable & unmountable -- swap
rm read only & mountable
Pradip Gudale 156
Example partition table
Total disk cylinders available: 2036 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks0 root wm 0 - 300 148.15MB (301/0/0) 3034081 swap wu 301 - 524 110.25MB (224/0/0) 2257922 backup wm 0 - 2035 1002.9MB (2036/0/0) 20522883 unassigned wm 0 0 (0/0/0) 04 unassigned wm 0 0 (0/0/0) 05 unassigned wm 0 0 (0/0/0) 06 usr wm 525 - 2035 743.7MB (1511/0/0) 15230887 unassigned wm 0 0 (0/0/0) 0
sectors
Pradip Gudale 157
# prtvtoc /dev/rdsk/c0t1d0s0* /dev/rdsk/c0t1d0s0 partition map* Dimensions:* 512 bytes/sector* 72 sectors/track* 14 tracks/cylinder* 1008 sectors/cylinder* 2038 cylinders* 2036 accessible cylinders* Flags:* 1: unmountable* 10: read-only* First Sector Last* Partition Tag Flags Sector Count Sector Mount Directory0 2 00 0 303408 303407 /1 3 01 303408 225792 5291992 5 00 0 2052288 2052287
Pradip Gudale 158
Formatting a disk
Easiest way is to use “modify” option under format..partition
…try out extensively
Pradip Gudale 159
Recovering the disk
• Recover disk geometry i.e. label
• restore root FS if it is a boot disk
• restore usr FS if it is a boot disk
• ……..Then what ? Will it boot ?
Pradip Gudale 160
Put a boot block on the disk
For Sparc:
# installboot /usr/platform/sun4m/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0
For Intel:# installboot /usr/platform/i86pc/lib/fs/ufs/pboot/usr/platform/i86pc/lib/fs/ufs/bootblk /dev/rdsk/c0t6d0s2
`Uname -I`
Pradip Gudale 161
Recovering corrupted disk label
automatic configuration
or
manual disk type specification. Select disk type number.
Step 1: is to put back disk geometry
Step 2: use verify command to check backup label
format> verify
Step 3: backup label is put
format> backup
Pradip Gudale 162
Recovering corrupted disk label
automatic configuration
or
manual disk type specification. Select disk type number.
Step 1: is to put back disk geometry
Step 2: use verify command to check backup label
format> verify
Step 3: backup label is put
format> backup
Pradip Gudale 163
Support for third party disks
supply either a device driver, a format.dat entry, or both of these.
Unrecognized disks cannot be formatted without precise information about the disk’s geometry and operating parameters. This information is supplied in the/etc/format.dat file.
Pradip Gudale 164
Disk parameters example..
disk_type = "SUN2.1G" \: ctlr = SCSI : fmt_time = 4 \: ncyl = 2733 : acyl = 2 : pcyl = 3500 : nhead = 19 : nsect = 80 \: rpm = 5400 : bpt = 44823
Data sec per track
No of physical cyl
No of alternate cyl
Pradip Gudale 165
Specifying block nos to format command...
* Block number as an integerOR *Block number in the cylinder/head/sector format
Enter defective block number: 12345
Enter defective block number: 34/2/3
Pradip Gudale 166
Thumb rules for slice sizes
Disk Size Root File System Swap Slice
0 - 180 Mbytes 16 Mbytes 16 Mbytes180 Mb - 280 Mb 16 Mbytes 32 Mbytes280 Mb - 380 Mb 24 Mbytes 32 Mbytes380 Mb - 600 Mb 32 Mbytes 32 Mbytes600 Mb - 1.0 Gb 32 Mbytes 64 Mbytes1.0 Gb - 2.0 Gb 64 Mbytes 128 MbytesMore than 2.0 Gb 128 Mbytes 128 Mbytes
Pradip Gudale 167
Analyze and repair a disk
# format
format> analyze
analyze> setup .. Select parameters
Starting block
loop
Stop on first error
Assign alternate block
format> repair
Pradip Gudale 168
tips and tricksInvoke format -M to enable extended and diagnostic messages for using the format utility with SCSI devices only.
# for i in 1 2 3 5> do> prtvtoc /dev/rdsk/c2t0d0s0 | fmthard -s - /dev/rdsk/c2t${i}d0s2> done
For labeling multiple disks with same partition table...
Pradip Gudale 169
FORMAT MENU:disk - select a disktype - select (define) a disk typepartition - select (define) a partition tablecurrent - describe the current diskformat - format and analyze the diskrepair - repair a defective sectorlabel - write label to the diskanalyze - surface analysisdefect - defect list managementbackup - search for backup labelsverify - read and display labelssave - save new disk/partition definitionsinquiry - show vendor, product and revisionvolname - set 8-character volume namequit
Pradip Gudale 170
INTRODUCTION TO FILE SYSTEM
AND ITS MANAGEMENT
PART 1:
Pradip Gudale 171
Overview of FS
• It’s a collection of files & directories
• structure in the form of file tree
• data structure of a disk slice
Pradip Gudale 172
Types of FS
• Disk based
• Network based
• vertual FS
• Solaris provides virtual file system architecture……This ficilitates standard interface to any type of FS
Pradip Gudale 173
Disk based FS
ufs hsfs pcfs udfs
Default
based on BSD fast FS
ISO9660
on CDROm
read only
Read/wr of dos formatted disks
On optical media
DVD
Pradip Gudale 174
Network-based FS
Typically,network-based file systems reside on one system, typically a server, and are accessedby other systems across the network.
NFS is the only available network-based ordistributed computing file system.
Pradip Gudale 175
Virtual FS
Memory based
most of them do not use disk space
cachefs and tmpfs do
Pradip Gudale 176
cachefs
Think about What is cache ?
When is that used ?
Pradip Gudale 177
TMPFS
Default FS for /tmp dir
use swap space as backup disk space
*The TMPFS file system can run out of space, just as a regular file system can fill up.
* Because TMPFS allocates swap space to save file data (if necessary), some programs might not execute because there is not enough swap space.
Pradip Gudale 178
Loop back FS
The Loopback File System (LOFS) lets you create a new virtual file system, so you can access files by using an alternative path name.
e.g. create / FS under /tmp/newroot
Pradip Gudale 179
procfs
• Resides in memory
• contains list of active processes by process number
• commands like ps use it
• do not administer or remove files from this
Pradip Gudale 180
FIFOFS (first-in first-out): Named pipe files that give processes common access to dataFDFS (file descriptors): Provides explicit names for opening files using file descriptorsNAMEFS: Used mostly by STREAMS for dynamic mounts of file descriptors on top of filesSPECFS (special): Provides access to character special and block devicesSWAPFS: File system used by the kernel for swapping
Few other virtual FS
Pradip Gudale 181
FS related commands
fsck df ffclri
fstyp
mount
newfslabelit
ncheck
Lists file names with inode nos
List file names with statistics
Clear inodes
volcopy
Pradip Gudale 182
How commands decide FS type
• -F option
• match in vfstab entry
• look in /etc/default/fs and /etc/fs/fstypes entries for local and remote FSs
Note: # man mount
# man mount_ufs
Pradip Gudale 183
Default solaris FSs• root /: essential files to make system work; boot
programs, kernel, device drivers, mount points
• /usr: sharable files, library programs, those that run on specific platform
• /export/home: user’s home directories
• /var: changing/growing files, vi & ex backup, log files
• /opt: third party application s/w
Pradip Gudale 184
/dev/cfg Symbolic links to physical ap_ids/dev/cua Device files for uucp/dev/dsk Block disk devices/dev/fbs Frame buffer device files/dev/md Logical volume management meta-disk devices/dev/fd File descriptors/dev/pts pty slave devices/dev/rdsk Raw disk devices/dev/rmt Raw tape devices/dev/sad Entry points for the STREAMS Administrative Driver/dev/sound Audio device and audio device control files/dev/swap Default swap device/dev/term Serial devices
DEFAULT DIRECTORIES UNDER /DEV
Pradip Gudale 185
/etc Host-specific sys admin config files & databases/etc/acct Accounting configuration information/etc/cron.d Configuration information for cron/etc/default Defaults information for various programs/etc/dmi Solstice Enterprise Agents configuration files/etc/dfs Config information for shared file systems
/etc/dhcp DHCP config files/etc/fn Federated Naming Service and x.500 support files/etc/fs Binaries organized byFS types for operations
required before /usr is mounted/etc/gss Generic Security Service (GSS) Appl Program
Interface configuration files/etc/inet Configuration files for Internet services
Default directory under /etc
Pradip Gudale 186
/etc/init.d Scripts for changing between run levels/etc/lib Dynamic linking libraries needed when /usr is not available/etc/llc2 Logical link control (llc2) driver configuration files/etc/lp Configuration information for the printer subsystem/etc/mail Mail subsystem configuration information/etc/net Configuration information for TI (transport- independent) network services/etc/nfs NFS server logging configuration file/etc/openwin OpenWindows configuration files/etc/opt Configuration information for optional packages/etc/rc0.d Scripts for entering/leaving run level 0/etc/rc1.d Scripts for entering/leaving run level 1/etc/rc2.d Scripts for entering/leaving run level 2/etc/rc3.d Scripts for entering/leaving run level 3
Pradip Gudale 187
/etc/rcS.d Scripts for bringing the system up in single user mode/etc/rpcsec This directory may contain a NIS+ authentication
configuration file/etc/saf Service access facility files (including FIFOs)/etc/security Basic Security Module (BSM) configuration files/etc/skel Default profile scripts for new user accounts/etc/tm Trademark files; contents displayed at boot time/etc/uucp uucp configuration information
Pradip Gudale 188
/export Default directory for users’ home directories, client filesystems, or other shared file systems/home Default directory or mount point for a user’s homedirectory on a standalone system. When AutoFS isrunning, you cannot create any new entries in thisdirectory./kernel Directory of platform-independent loadable kernelmodules required as part of the boot process. It includesthe generic part of the core kernel that is platformindependent, /kernel/genunix. /platform and /usr/platform directory structure./mnt Convenient, temporary mount point for file systems/opt Default directory or mount point for add-on applicationpackages/sbin Essential executables used in the booting process and inmanual system failure recovery/stand Standalone programs/tmp Temporary files; cleared during boot sequence
Pradip Gudale 189
/var Directory for varying files, which usually includes temporary, logging, or status files
/var/adm System logging and accounting files/var/audit Basic Security Module (BSM) audit files/var/crash Default depository for kernel crash dumps/var/cron cron’s log file/var/dmi Solstice Enterprise Agents Desktop Management
Interface (DMI) run time components/var/dt dtlogin configuration files/var/ftp FTP server directory/var/inet IPv6 router state files/var/log System log files/var/lp Line printer subsystem logging information/var/mail Directory where users’ mail is kept/var/news Community service messages (note: not the same as USENET-style news)/var/nis NIS+ databases
Pradip Gudale 190
/var/nfs NFS server log files/var/ntp Network Time Protocol (NTP) server state directory/var/opt Root of a subtree for varying files associated with
software packages
/var/preserve Backup files for vi and ex/var/run Temporary system files that are not needed across system reboots. This is a TMPFS-
mounted directory./var/sadm Databases maintained by the software package
management utilities/var/saf saf (service access facility) logging and accounting files/var/spool Directories for spooled temporary files/var/spool/cron cron and at spool files/var/spool/locks pooling lock files
Pradip Gudale 191
/var/spool/lp Line printer spool files/var/spool/mqueue Mail queued for delivery/var/spool/pkg Spooled packages/var/spool/uucp Queued uucp jobs/var/spool/uucppublic Files deposited by uucp/var/statmon Network status monitor files/var/tmp Directory for temporary files; not cleared during boot sequence/var/uucp uucp log and status files/var/yp NIS databases (for backwards compatibility with NIS and unnecessary after full transition to NIS+)
Pradip Gudale 192
/usr4lib SunOS 4.1 binary compatibility package libraries5bin Symbolic link to the /usr/bin directoryX Symbolic link to the /usr/openwin directoryadm Symbolic link to the /var/adm directoryaset Directory for Automated Security Enhancement Tools
(ASET) programs and filesbin Location for standard system commandsccs C compilation programs and librariesdemo Demo programs and datadict Symbolic link to the /usr/share/lib/dict directory,
which contains the dictionary file used by the UNIX spellprogram
dt Directory or mount point for CDE softwaregames An empty directory, which is a remnant of the SunOS 4.0/
4.1 software
Pradip Gudale 193
include Header files (for C programs, etc.)java* Directories containing Java prog and librarieskernel Additional kernel moduleskvm Implementation architecture-specific binaries and librarieslib Various program libraries, architecture-dependent
databases, and binaries not invoked directly by the user
local Commands local to a sitemail Symbolic link to the /var/mail directory
Under /usr
man Symbolic link to the /usr/share/man directorynet Directory for network listener servicesnews Symbolic link to the /var/news directoryoasys Files pertaining to the Form and Menu Language
Interpreter (FMLI) execution environment
Pradip Gudale 194
old Programs that are being phased outopenwin Directory or mount point for OpenWindows S/Wperl5 Perl 5 programs and documentation platform preserve Symbolic link to the /var/preserve directoryproc Directory for the proc toolspub Files for online man page and character processingsadm Various files and directories related to sys adminsbin Executables for system administrationsbin/static Statically linked version of selected programs from /usr/bin and /usr/sbinshare Architecture-independent sharable filesshare/lib Architecture-independent databasesshare/src Source code for kernel, libraries, and utilitiessnadm Programs and libraries related to system and
network
Pradip Gudale 195
spool Symbolic link to the /var/spool directorysrc Symbolic link to the share/src directorytmp Symbolic link to the var/tmp directoryucb Berkeley compatibility package binariesucbinclude Berkeley compatibility package header filesucblib Berkeley compatibility package librariesvmsys Directory for Framed Access Command Environment (FACE) programsxpg4 Directory for POSIX-compliant utilities
Under /usr
Pradip Gudale 196
/platform & /usr/platform Dir
/platform Contains a series of directories, one per supported platform that need to reside in the root (/) file system./platform/*/kernel Contains platform-dependent kernel components, including the file unix, the core kernel that is platform dependent./usr/platform Contains platform-dependent objects that do not need to reside in the root (/)./usr/platform/*/lib Contains platform-dependent objects similar to those found in the /usr/lib /platform/*/sbin Contains platform-dependent objects similar to those found in the /usr/sbin
Pradip Gudale 197
/var/run in Solaris 8
Temporary MEMORY based FS for systems files not required across boot
/tmp continues to be temporary FS for non-system files
Pradip Gudale 198
New in Sol 8
/etc/mnttab now MNTFS read only. Sync guarunteed.
Earlier it was text-based and modifiable. Likely out of sync.
Pradip Gudale 199
New in Sol 8
UDF FS
the industry-standard format for storing information on theoptical media technology called DVD (Digital Versatile Disc or Digital Video Disc)is included in this Solaris release.
Dynamically loadable modulesSUNWudfr — 32–bit kernel componentSUNWudfrx — 64–bit kernel component
The Solaris 7 11/99 or the Solaris 8 release
Pradip Gudale 200
udf FS managementDisplay FS parameters
# mkfs -F udfs -m /dev/rdsk/device-name
Create UDF FS
# mkfs -F udfs /dev/rdsk/device-name
Check it is UDF type ..
# fstyp -v /rdev/dsk/device-name
Check its integrity..
# fsck -F udfs /dev/rdsk/device-name
Mount ..
# mount -F udfs /dev/dsk/device-name /mount-point
Pradip Gudale 201
swap
• Some disk slices used as swap instead of FS
• used as virtual memory
• plan how much swap space to allocate
Pradip Gudale 202
ufs FS features• State flags:Show the state of the file system:
clean, stable, active, logging, or unknown. These flags eliminate unnecessary file
system checks. If the file system is “clean,” “stable,” or “logging,” file system checks are not run.
• Large FS: Upto 1TB. How do you get this big slice ?
• Large Files: By default > 2Gb. How to make it < 2GB ? …. Use “nolargefiles”
option
Pradip Gudale 203
What is ufs logging ?
UFS logging is the process of storing transactions (changes that make up a complete UFS operation) in a log before the transactions are applied to the UFS file system.
Like journalling in IBM
Transcations can be applied later
Pradip Gudale 204
Advantages of ufs logging
• Inconsistent transactions discarded; only complete transactions applied ensuring consistent FS and hence no fsck required at reboot
• reboot is very fast; very useful on large FS
Logging is not by default
enable it using -o logging option to mount
Pradip Gudale 205
Planing ufs FS
• Distribute I/O load. /export/home and swap across disks
• keep it logical.. Put all project or group files into one FS
• have root, usr and swap on system disk
• make no more than 2 or 3 FS on others. Make them roomier. (Less fragmentation and easy to backup)
Pradip Gudale 206
MOUNTING FS
PART 1:
Pradip Gudale 207
mounting
• root always mounted at boot time
• others mounted and unmounted as required
• you need a mount point
Pradip Gudale 208
Root /
usr /opt
Unbundled
file1
file2
app1File system
Mount point
Pradip Gudale 209
mnttab and vfstab
• Reside under /etc
• mnttab tells what is mounted
• vfstab specifies what is to be mounted, where and required parameters to do that
Pradip Gudale 210
Example mnttab
$ more /etc/mnttab/dev/dsk/c0t0d0s0 / ufs rw,intr,largefiles,onerror=panic,suid,dev=2200000 938557523/proc /proc proc dev=3180000 938557522fd /dev/fd fd rw,suid,dev=3240000 938557524mnttab /etc/mnttab mntfs dev=3340000 938557526swap /var/run tmpfs dev=1 938557526swap /tmp tmpfs dev=2 938557529/dev/dsk/c0t0d0s7 /export/home ufs rw,intr,largefiles,onerror=panic,suid,dev=2200007 938557529
Pradip Gudale 211
Example vfstab
$ more /etc/vfstab#device device mount FS fsck mount mount#to mount to fsck point type pass at boot options/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no -/proc - /proc proc - no -/dev/dsk/c0t0d0s1 - - swap - no -swap - /tmp tmpfs - yes -/dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr ufs 2 no -/dev/dsk/c0t3d0s7 /dev/rdsk/c0t3d0s7 /test ufs 2 yes -
Pradip Gudale 212
NFS features
• File resource on server and others share it; server maintains list of shared resources
• actual loaction of resource irrelevant to user
• commonly used sharable s/w is accessed through nfs e.g. man files
• upgradation/change to resource can be easily managed
Pradip Gudale 213
autofs mounting for NFS
• Client side service in NFS
• resource gets mounted when you access it
• remains mounted as long as you are in it
• gets unmounted when not used for ... Time
• boot time saved
• user need not know root passwd to mount
• n/w trafic reduced
Pradip Gudale 214
autofs serviced by...
• Autofs service … automountd
• can specify alternate server to mount same FS
• can use NIS, NIS+ or files
• /home is usually auto-mounted
Pradip Gudale 215
cachefs• Want to improve performance of NFS ?…
• It is a layered FS
• One FS is mounted on another
• It’s a caching mechanism. Good for PPP.
• reduces server and network load.
• client per server ratio goes up
• combine autofs and cachefs to improve scalability & performance
Pradip Gudale 216
Creating file systems
• Need to create if you add a new disk, change partiotion structure, restore full from tapes
• need contiguous formatted cylinders
• use newfs device-name (front-end of mkfs)
Pradip Gudale 217
newfs
# newfs [-N][-b size][-i bytes] /dev/rdsk/device-name
Tells parameters that would get passed to mkfs without actually creating FS
No of bytes per inode
Block size
Pradip Gudale 218
*Creating tmpfs FS
# mount -F tmpfs [-o size=number ] swap mount-point
Do not use newfs ….
Note: creating multiple tmpfs has no benefit… why ?
How will you create tmpfs at boot time ?
Swap - /export/test tmpfs - yes -
Pradip Gudale 219
Creating loop back FS
Do not use newfs
# mount -F lofs loopback-directory mount-point
How to make it at boot time ?
/ - /tmp/newroot lofs - yes -
Pradip Gudale 220
MOUNTING
FILE SYSTEMS
Pradip Gudale 221
mounting
• mount, mountall [-l|-r]commands
• Inconsistent FS are not mounted
• common options are:
Pradip Gudale 222
Mount options.. -obg | fg NFS first attempt fails, retries in the background (bg) or in the foreground (fg).
hard | soft NFS Specifies the procedure if the server does not respond. soft indicates that an error is returned. hard indicates that the retry request is continued until the server responds. The default is hard.
intr | nointr NFS Specifies whether keyboard interrupts are delivered to a process that is hung while waiting for a response on a hard-mounted file system. The default is intr
Pradip Gudale 223
Mount options.. -o
-o logging default nologging
-o nolargefiles default largefiles
-o noatime default atime
For ufsLog space used from FS; 1MB per 1GB; max 64MB
Pradip Gudale 224
Remount All Changes the mount options associated with an already-mounted file system. This option can be used with any option except ro,retry=n NFS Retries the mount operation when it fails. n ro | rw All Specifies read/write or read-only. The default is read/write. The default option for HSFS is ro.suid | nosuid All Allows or disallows setuid execution. The default is to allow setuid execution.
-o options …. cntd
Pradip Gudale 225
Entries in vfstab
• Dev to mount : block dev, resource name or /proc for proc FS type
• dev to fsck : raw device
• mount point : directory
• FS-type : type of file system
• fsck pass: “-” not checked; “0” ufs not checked; “1” checked one at a time; ”>1” and -o preen then checked parallely
Pradip Gudale 226
Entries in vfstab …. cntd
• Mount at boot : yes/no specifies whether to mount at boot; “no” for /, /usr,/var,/proc and /dev/fd. These get mounted by other method and not by mountall command
• mount options: “-” or comma separated list
Pradip Gudale 227
Remounting without large files option
When you mount a file system, the largefiles option is selected by default,which enables you to create files larger than 2 Gbytes. Once a file system contains large files, you cannot remount the file system with the nolargefiles option or mount it on a system running Solaris 2.6 or compatible versions, until you remove any large files and run fsck to reset the state to nolargefiles.
Pradip Gudale 228
How do you find files > 2GB ?
# cd mount-point# find . -xdev -size +20000000 -exec ls -l {} \;
Pradip Gudale 229
Mounting NFS File System
# mount -F nfs [-o mount-options] server:/directory mount-pt
Pradip Gudale 230
Mounting pcfs (DOS) FS
# mount -F pcfs [-o rw | ro] /dev/dsk/device-name:logical-drive mount-point
Device name of whole disk
/dev/dsk/c0t0d0p0
Dos logical drive letter or number c to z or 1 to 24
c or 1 : primary DOS slice
rest : extended DOS slice
Pradip Gudale 231
unmounting FS• umount or umountall
• you must be superuser
• FS must be available for unmounting• FS must not be busy or in use :
Changing to a directory in a different file system.Logging out of the system. Using the fuser command to list all processes accessing the file system and to stop them if necessary. # fuser -c [-u] [-k] mount-point Unsharing the file system
Pradip Gudale 232
File System
structure
PART 1:
Pradip Gudale 233
File system
Disk
Disk slice
Cylinder groups
Addressable blocks
UFS has 4 types
Pradip Gudale 234
Ufs blocks
• Boot block : info for booting; only in first cylinder group;cyl 0; 8k
size
• super block : info on file system
• inodes : info on file
• data block : data inside the file
Pradip Gudale 235
superblock
* Size and status of the file system* Label (file system name and volume name)* Size of the file system logical block* Date and time of the last update* Cylinder group size* Number of data blocks in a cylinder group* Summary data block* File system state: clean, stable, or active* Path name of the last mount point
Replicated in each cylinder group
A summary information block is kept with the superblock. It is not replicated. Records changes as FS is used.
Pradip Gudale 236
inode
Keeps all info on file except its name. 128 BytesThe type of the file (regular.dir,char, block,link,fifo,socket)The mode of the file (the set of read-write-execute permissions)The number of hard links to the fileThe user ID of the owner of the fileThe group ID to which the file belongsThe number of bytes in the fileAn array of 15 disk-block addressesThe date and time the file was last accessedThe date and time the file was last modifiedThe date and time the file was createdArray of 15 addresses
Pradip Gudale 237
Type of file
uid
No of bytes Direct pointer to data block
Indirect pointer
Double indirect pointer
Triple indirect pointer
8k data block
8k data block
8k data block
8k data block
2k pointers
Inode contents
12 direct
pointers
Pradip Gudale 238
Data blocks
• Rest of the space allocated to data blocks
• block size decided at FS creation time
• default is 8k
• fragmentation is 1k
• blocks contain data for file
• blocks contain files names & their inode number in a directory
Pradip Gudale 239
Inodes
Storage Blocks
Superblock
Cylinder Group Map
Bootblock (8 Kbytes)
Cylinder group 0
Cylinder Group Map
Inodes
Storage Blocks
Storage Blocks
Superblock
Cylinder group 1
Pradip Gudale 240
FS parameters
• Block size: logical that kernel uses (physical that disk controller uses is 512 bytes)
• Fragment size• Minimum free space• Rotational delay• Optimization type• Number of files
Pradip Gudale 241
“block size”
What should I consider while deciding block size ?
How does it impact ?
Do I want to increase efficiency ?.. And I don’t care much for disk space
Do I have many small files in my FS ?
Pradip Gudale 242
Fragment size
• Smaller than block-size is allocated during file expansion
• trade of between time and space
• decide based on number & size of files
Pradip Gudale 243
“Minimum free space”
• Kept aside in reserve (1% to 10%)
• As users go on consuming FS space, ufs efficiency goes down; df reports available space excluding reserve
• only superuser can use reserve spaceWhen will df report more than 100% usage ?
What command to use to change free space value ?
….tunefs
Pradip Gudale 244
Rotational delay
• Principle: knowing CPU data transfer speed and disk rotational speed, block allocation routine can place next block address to block just coming under the head & ready for read/write
• Not very useful in modern disk with cache
Pradip Gudale 245
Number of files
• Depends on number of inodes… Why ?
• You can specify number of bytes per inode (i.e number of bytes per file and not number of bytes required to store inode info)
• FS size/bytes per inode gives no of files
Conventional defaultsFS Less than or equal to 1 Gbyte 2048FS Less than 2 Gbytes 4096FS Less than 3 Gbytes 6144FS 3 Gbytes or greater 8192
Pradip Gudale 246
Creating FS
newfs [-Nv] [mkfs_options] raw_device-s size
-t ntrack
-b bsize-f fragsize
-c cgsize
-m free
Cylinder per cyl group
Tracks per cyl
..etc see man page
Pradip Gudale 247
FSCK
PART 1:
Pradip Gudale 248
File system integrity
• It is the consistency and integrity of internal tables of FS. This is lost if
Sudden power failureaccidental unplugging of system
system crashimproper shutdown
Pradip Gudale 249
Principle behind fsck
• Uses redundant information available across various tables in the FS
• Goes through superblock, inodes and data blocks• runs in phases -- means reads tables multiple
number of times• salvages as far as possible• ever noticed lost+found directory under newly
created directory ?
Pradip Gudale 250
Probable recovery..
The fsck program places files and directories that are allocated but unreferenced in the lost+found directory.
The inode number of each file is assigned as the name.
Pradip Gudale 251
FS state flag• Stored in super block• flag checked by /sbin/rcS while booting• flag checked by fsck when run• Flags FSACTIVE: mounted & modified
FSBAD : / mounted when state not FSCLEAN/FSSTABLE FSCLEAN: mounted properly FSSTABLE:mounted & unmodified FSLOG: mounted with logging
Pradip Gudale 252
How fsck tries to salvage
• Due to buffering in memory FS state on disk always lags behind that in core
• written to disk when buffer is required or kernel runs fsflush periodically
• fsck reads summary info in superblock--FS size, no of inodes, free blocks count and free inode count
• checks free block map. Cross checks that free blocks are not claimed ny files
Pradip Gudale 253
Salvage……. cntd
• No of free + no claimed by inodes=total blk
• count of free inodes in summary=actual free inodes ?.. NO.. Modify summary info
• link count in inode..No directory entry exists for that inode no
although inode contains valid info. Put file in lost+found
• Duplicate blocks: data block claimed by inodes of two files
Pradip Gudale 254
Sample fsck output..# fsck /dev/rdsk/c0t0d0s7** /dev/rdsk/c0t0d0s7** Last Mounted on /export/home** Phase 1 - Check Blocks and Sizes** Phase 2 - Check Pathnames** Phase 3 - Check Connectivity** Phase 4 - Check Reference Counts** Phase 5 - Check Cyl groups2 files, 9 used, 2833540 free (20 frags, 354190 blocks, 0.0% fragmentation)
No of inodes
No of fragsNumber of unused fragments
Number of unused full blocks
% frag
Pradip Gudale 255
How to see if FS need checking..
# fsck -m /dev/rdsk/c0t0d0s6** /dev/rdsk/c0t0d0s6ufs fsck: sanity check: /dev/rdsk/c0t0d0s6 needs checking
To check FS interactively….
#fsck
Pradip Gudale 256
Preening ufs file system
The preen option to fsck (fsck -o p) checks UFS file systems and automatically fixes the simple problems that normally result from an unexpected system shutdown.
It exits immediately if it encounters a problem that requires operator intervention.
The preen option also permits parallel checking of file systems.
Pradip Gudale 257
How to restore superblock
Find back-up superblock
# newfs -N /dev/rdsk/device-name
run fsck with another superblock
# fsck -F ufs -o b=block-number /dev/rdsk/dev-name
Pradip Gudale 258
Fixing that fsck could not..
• Run fsck multiple times
• carefully read error messages and act
• use fsdb, clri, ff, ncheck etc…. See man
• if could not fully recover try mounting read only and retrieve data
Pradip Gudale 259
BACKUP & RESTORE
PART 1:
Pradip Gudale 260
*Why do you need backup ?
• System crashes
• accidental deletion
• natural disaster
• hardware failures
• mistakes in installation or upgrade
Pradip Gudale 261
Backup methods
• Backup file systems : ufsdump
• backup NIS+ server : nisbackup
• backup all on N/W from server : solstice backup s/w
• backup/list files : cpio, tar, pax
• backup as raw dump : dd
Pradip Gudale 262
Backup devices
• 1/2-inch reel tape 140 Mbytes (6250 bpi)• 2.5-Gb 1/4 inch cartridge (QIC) tape 2.5 GB• DDS3 4-mm cartridge tape (DAT) 12 - 24 GB• 14-Gbyte 8-mm cartridge tape 14 Gbytes• DLT 7000 1/2-inch cartridge tape 35 - 70 GB
Pradip Gudale 263
How do you decide what to backup ?
• Don’t need to backup full everytime
• monitor what FSs change often
• which are critical FSs so… /export/home must be backed-up regularly, whereas /usr need
not be and /var although changing need not be backed-up very frequently.
Pradip Gudale 264
What all you can do with ufsdump
• Take backup of full FS on local or remote tape device
• Take incremental backup (those that have changed since previous backup)
• Backup groups of systems (remote shell)
• Automate backup (use crontab)
Pradip Gudale 265
Dump level concept
• This is the number between 0 and 9
• 0 is full backup
• no specific meaning to level number. Meaning is attached when looked at in relation to other level.
• 1-9 specify hierarchy of incremental backup
• dump levels are specified in ufsdump command
Pradip Gudale 266
Dump level usage
Monthly Monday Tuesday Wednesday Thursday Friday 0 9 9 9 9 5
Incremental Backup: Daily Cumulative
Pradip Gudale 267
How this scheme looks
Wk 1 a b a b c a b c d a b c d e a b c d e f
Wk 2 g g h g h I g h i j a b c d e f g h i jk
9(Mon) 9 9 9 5(Fri)
In this scheme …
How many tapes will be required?
What tapes are required to restore ?
Pradip Gudale 268
Answers..
With this schedule, you need six tapes (if you want to reuse daily tapes), or nine tapes (if you want to use four different daily tapes): one for the level 0, four for the Fridays, and one or four daily tapes.
If you need to restore a complete file system, you will need the following tapes: the level 0, the most recent Friday tape, and the most recent daily tape since the last Friday tape (if any).
Pradip Gudale 269
Dump level usage
Monthly Monday Tuesday Wednesday Thursday Friday 0 3 4 5 6 2
Incremental Backup: Daily Discrete (incremental)
Pradip Gudale 270
Daily cumulative, weekly incremental
1st of Month 0Week 1 9 9 9 9 3Week 2 9 9 9 9 4Week 3 9 9 9 9 5Week 4 9 9 9 9 6
Floating Mon Tues Wed Thurs Fri
Week 1 a b a b c a b c d a b c d e a b c d e fWeek 2 g g h g h I g h i j g h i j k
To restore you need level 0, all Friday & most recent daily tape
Pradip Gudale 271
Daily incremental, weekly cumulative
1st of Month 0Week 1 3 4 5 6 2Week 2 3 4 5 6 2Week 3 3 4 5 6 2Week 4 3 4 5 6 2
Floating Mon Tues Wed Thurs Fri
Week 1 a b c d e f a b c d e fWeek 2 g h i j k l m abcdefghijklm
To restore you need level 0, recent Friday & all daily tapes
Pradip Gudale 272
Taking backup
• Keep tape drive ready
• decide on file systems- use mount command• find number of tapes required
# ufsdump S filesystem gives you bytes. Calculate tapes required.
• Become superuser and bring system to single user mode
Pradip Gudale 273
usdump command examples
• #ufsdump 0ucf /dev/rmt/0 /• #ufsdump 9ucf /dev/rmt/0 /export/home
• #ufsdump 0ucf pluto:/dev/rmt/0 /export/home
Update /etc/dumpdates
Dump file (tape)
Verify using #ufsrestore tf /dev/rmt/0
Pradip Gudale 274
ufsrestore
• The ufsrestore command copies files to disk, relative to the current working directory, from backups created using the ufsdump command.
• Can restore individual files
• when run from root restore with original ownerships and permissions
Pradip Gudale 275
Relative to current working directory….. explanation
files backed up from the /export/doc/books directory (where /export is the file system), would be saved relative to /export. In other words, the book1 file in the docs directory would be saved as ./doc/books/book1 on the tape.
Later on, if you restored the ./doc/books/book1 file to the /var/tmp directory, the file would be restored to /var/tmp/doc/books/book1.
Pradip Gudale 276
note
Note - Do not restore files in the /tmp directory even temporarily. The /tmp directory is usually mounted as a TMPFS file system and TMPFS does not support UFS file system attributes such as ACLs.
Pradip Gudale 277
ufsrestore
• # ufsrestore ta archive-name ./path/filename
• # ufsrestore tf device-name ./path/filename
• the above two check to see if filename exists on backed-up media; first using online archive and second using tape contents
Pradip Gudale 278
Running ufsrestore interactively • # ufsrestore if /dev/rmt/n• ufsrestore> ls directory• ufsrestore> cd directory-name• ufsrestore> add filename1 filename2• ufsrestore> delete filename• ufsrestore> verbose• ufsrestore> extract• Specify next volume #: 1• ufsrestore> quit
Pradip Gudale 279
Restoring specific file not interactively
# ufsrestore xvf /dev/rmt/n filename …
Specify next volume #: 1 (giving vol no)
set owner/mode for ’.’? [yn] n (to keep mode of current directory unchanged)
Pradip Gudale 280
Restoring complete File System• # umount /dev/rdsk/device-name• # newfs /dev/rdsk/device-name• # mount /dev/dsk/device-name /mnt• # cd /mnt• # ufsrestore rvf /dev/rmt/n (use levels..starting
with 0 and going up)• # rm restoresymtable• # cd /; unmount /mnt;• # ufsdump 0uf /dev/rmt/n /dev/rdsk/device-
name
Pradip Gudale 281
“What more you need to do to restore root / and /usr”
• Boot from cdrom (as you don’t have os disk)
• restore root file system from tape as for any other file system
• install boot block# installboot
/usr/platform/‘uname-i‘ /lib/fs/ufs/bootblk /dev/rdsk/devicename
Pradip Gudale 282
How ufsdump works..• Makes two passes• In first pass it scans through raw device and
builds directory & file structure in memory; writes table to tape in-core stuff may get skipped in active FS
• In second pass goes through inode numbers in order & writes data to tape
• Neither free blocks nor slice image gets backed-up
Pradip Gudale 283
/etc/dumpdates role
• Each line in /etc/dumpdates shows the file system backed up, the level of the last backup, and the day, date, and time of the backup.
• /dev/rdsk/c0t0d0s0 9 Tue Jul 13 10:58:12 2001 /dev/rdsk/c0t0d0s0 0 Tue Jul 13 10:46:09 2001
• during incremental backup ufsdump consults this to find date of most recent backup of next lower level
Pradip Gudale 284
Ufsdump command format
/usr/sbin/ufsdump [options][arguments] files-to-back-up
0-9,a,b,c,d,D,f,s,u,v
To diskette
No of 512 byte blocks at a time
To cartridgeTape density
destinationarchive
Pradip Gudale 285
Ufsrestore command format
ufsrestore [options][arguments][filename …]
i,r,R,x,t
Resume restoring; restarts from checkpoint when full restore interrupted
recursive
interactive
extracttable
Pradip Gudale 286
Other ways to take backup
• Want to take full FS backups..& restore ?-- ufsdump more suitable
• Want to take selective backup..? Or transfer files between systems..? -- tar,cpio,pax suitable
• Want to do disk to disk copy..?-- dd is more suitable
• Want to copy on diskette..? -- tar would do the job
Pradip Gudale 287
Type & characteristics
volcopy Yes Yes Physicaltar No No Logicalcpio No Yes Logicalpax Yes Yes Logicaldd Yes No Physicalufsdump/ Yes Yes Logicalufsrestore
Command FS boundries Multi-Volume Type
Pradip Gudale 288
dd
• $ dd < /floppy/floppy0 > /tmp/output.file2400+0 records in
2400+0 records out• …so you can specify dev names for stdin & stdout
• $ dd if=input-file of=output-file bs=nnK
Write a command to clone a full system disk & boot from it
Pradip Gudale 289
# dd if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=128k# fsck /dev/rdsk/c0t2d0s2# mount /dev/dsk/c0t2d0s2 /mnt# cd /mnt/etc# vi vfstab(Modify entries for the new disk)# cd /# umount /mnt# init 0# boot disk2 -s# sys-unconfig# boot disk2
Notice : intallboot not required. Why ?
Pradip Gudale 290
cpio
• Archiving program
• copies list of files into single large output file
• inserts headers between files to facilitate restoration
• can copy to other slice or media
• can detect End-Of-Media & prompts to insert next media
Pradip Gudale 291
Exapmle copying from one FS to another
# find . -print -depth | cpio -updm filesystem2
Descends directoryCreates directories
Sets modification timeslists
Unconditional
older will replace newer
Pradip Gudale 292
Copying to tapes• Use either cpio, tar or pax .. Depends on precision
& flexibility you want• all use raw device. (You don’t make FS on tapes !)• pax: better portability on POSIX compliant sys• tar:available on most unix systems,No multi-vol• cpio:packs data more efficiently; skips over bad
spots on tape while restoring; option for different header formats (tar,crc,odc,bar),multi-vol
Pradip Gudale 293
tar• tar with -c destroys current data on tape
• can use * or ? As wildcards while backup
• cannot use wildcards while extracting• $ tar cvf /dev/rmt/0 reports (reports is
dir) a reports/ 0 tape blocks a reports/reportA 59 tape blocks a reports/reportB 61 tape blocks a reports/reportC 63 tape blocks
• $ tar tvf /dev/rmt/n (to list tape contents) • $ tar xvf /dev/rmt/n [filename ...] (retrieving)
Pradip Gudale 294
pax
• $ pax -w -f /dev/rmt/0 filename …
Enable write mode
$ pax -f /dev/rmt/0 (verifies files on tape)
filea fileb filec
Pradip Gudale 295
Copying all files with cpio
$ ls | cpio -oc > /dev/rmt/n
Copy-out mode Header in ASCII character
Pradip Gudale 296
Restoring with cpio
Restoring all files from tape in current dir
$ cpio -icvd < /dev/rmt/n
Listing files on tape
$ cpio -civt < /dev/rmt/n
Creates directories as required
$ cpio -icv "*file" < /dev/rmt/n
Restoring specific file
Pradip Gudale 297
How to take back-up on remote tape
• Take care of permissions to use tape on other machine. Your hostname and username should be entitled to do the job
• use commands that work on stdin and stdout• connect them properly
Pradip Gudale 298
Backup on remote tape...
Check appropriate permissions
$ rsh remotehost echo test
if successful…
$ tar cf - files | rsh remotehost dd of=/dev/rmt/n obs=blocksize
to extract…
$ rsh remotehost dd if=/dev/rmt/n | tar xvBpf -
Pradip Gudale 299
Copying to diskette
• Insert formatted diskette in writable mode• $ volcheck• $ fdformat -U
/vol/dev/aliases/floppy0• $ tar cvf
/vol/dev/rdiskette0/unlabeled filename …
• $ tar tvf /vol/dev/rdiskette0/unlabeled
Pradip Gudale 300
Copying files with different headers
• When do you have to do this ?e.g. Sol 8 cpio archive may not
be compatible with earlier SunOS. So create archive with different header
• $ cpio -oH odc < file-list > /dev/rmt/n odc is ASCII header with small device number
Pradip Gudale 301
Cpio -H [tar,odc,bar,crc,ustar]
• While restoring use same -H option as that used while archiving
• $ find . -print | cpio -oH tar > /tmp/test 113 blocks
• $ cpio -iH bar < /tmp/test• write command syntax on
media label
Pradip Gudale 302
Tape media names/dev/rmt/XAbn
X is Drive number 0 1 2 3 4 n etc
Optional l m h u c Density low medium high ultra compressed
“b” Berkeley (SunOS 4.x) Compatibility
“n” Optional No-rewind
Pradip Gudale 303
Tape drive commands
• # mt -f /dev/rmt/n statusArchive QIC-150 tape
drive:sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 0 block no= 0
• $ mt -f /dev/rmt/n retension | rewind
Pradip Gudale 304
PRINTER ADMINISTRATION
PART 1:
Pradip Gudale 305
What are the ways..
Solaris Print ManagerSolaris 8 and SolarisEasy AccessServer 3.0 Yes Yes Yes YesAdmintool Solaris 8 &compatible versions Yes No Yes NoLP commandsSolaris 8 & compatibleversions No Yes Yes Yes
GUI N/W manages uses NIS
printers serv & clien NIS+
Pradip Gudale 306
LP print Service
• Set of s/w utilities that allow users to print jobs while they work
• Earlier called LP spooler (system peripheral operation offline)
• LP print service includes S/W, spooler, filters and h/w associated with printer
Pradip Gudale 307
Network printer
• H/w device directly connected to network
• device has its own name & IP address
• print jobs are transferred across network
• driver support expected from vendor
• Sun provides generic drivers. Good enough but they don’t exploit all capabilities of the printer
Pradip Gudale 308
Admin tasks for printers
• Setup server & clients for printing
• Deleting a printer and remote printer access
• Checking the status of printers
• Restarting the print scheduler
Pradip Gudale 309
Print process• 1. A user submits a print request from a print client.• 2. The print command checks a hierarchy of print
configuration resources to determine where to send the print request.
• 3. The print command sends the print request directly to the appropriate print server. A print server can be any server that accepts BSD printing protocol,
• 4. The print server sends the print request to the appropriate printer.
• 5. The print request is printed.
Pradip Gudale 310
Heirarchy of print config resources
• Command line option lp -d• A user’s LPDEST or PRINTER variables• The _default variable in the sources configured
for the printers database in the /etc/nsswitch.conf file
• The $HOME/.printers file for users• The local /etc/printers.conf file for the NIS
name service• The printers.org_dir table for the NIS+ name
service
Pradip Gudale 311
How users specify printer on command line
• Three ways (1) atomic (2)POSIX and (3) context based as in FNS
• lp -d hp660c filename
• lpr -P galaxy:neptune filename
• lpr -d finance/wages/printer/modi410 filename
Pradip Gudale 312
Print server
• a system that has a local printer connected to it and makes the printer available to other systems on the netwok
• schedules & controls print jobs• They use BSD print protocol : Industry
standard and widely used• server & client can have different versions
of OS
Pradip Gudale 313
Spooling
• Spooling space is a disk space to store print jobs in a queue
• They are stored in /var/spool/lp
• Better if /var is separate FS. Can be mounted locally on print server or remotely from file server
• 30Mb for small (text messages) print jobs and upto 600Mb for bit map big jobs
Pradip Gudale 314
Overview of printing-setup
• Setup printer name, definition, port• Selecting a printer type and file content type• Setting up fault notification and default printer
destination• Determining whether you want to print banner
pages or limit user access to a printer• Setting up printer classes and fault recovery
Pradip Gudale 315
lpadmin command
• lpadmin allows you to do all the tasks
• printer manager allows you to do most tasks and some with limited functionality… tasks like file content, fault notification, banner printing and user access control and some like printer class and fault recovery you cannot.
Pradip Gudale 316
lpadmin
• Basic command is lpadmin -p printer-name
• lpadmin -p hp400tn -D “lasrjet” to add description
• lpstat -D -p hp400tn to find out description
• lpadmin -p .. -v port-no/dev/term/a or /dev/term/b
Pradip Gudale 317
For intel platforms
• Only first port is enabled by default.. So..
• For additional port you need to edit device driver configuration files of additional ports…(serial & parallel)
• /platform/i86pc/kernel/drv/asy.conf
• /platform/i86pc/kernel/drv/lp.conf
Pradip Gudale 318
Printer type
• The printer type is a generic name for a type of printer. It identifies the terminfo database entry that contains various control sequences for the printer.
• specify the printer type by using the lpadmin -T command
• For a local PostScript printer, use a printer type of either PostScript (PS) or Reverse PostScript (PSR).
Pradip Gudale 319
terminfo• /usr/share/lib/terminfo : printer capabilities and initialization control data for each printer
• cd /usr/share/lib/terminfo/e• ls • $ ls• emots ep2500+high ergo4000 exidy2500 env230 ep2500+low epson2500 esprit ep40 epson2500-80 ep2500+basic ep4000 epson2500-hi ex3000 ep2500+color ep4080
Pradip Gudale 320
File content type & print filters
• File content type tells print service type of file contents that gets printed directly without requiring modification
• Print filters convert the content type of a file to a content type that is acceptable to the destination printer.
• specify the file content type for a printer by using the lpadmin -I e.g. lpadmin -p .. -I postscript |simple
Pradip Gudale 321
Solaris print manager
• You need bit mapped display
• running X-windows or CDE
• run it from CDE workspace menu OR
• # /usr/sadm/admin/bin/printmgr & pkg SUNWppm must be installed
Pradip Gudale 322
Adding through lpadmin..example
# chown lp /dev/term/b# chmod 600 /dev/term/b # lpadmin -p luna -v /dev/term/b# lpadmin -p luna -T PS -I postscript # lpadmin -p luna -D “training-lab-ps” # accept lunadestination ‘‘luna’’ now accepting requests# enable luna printer ‘‘luna’’ now enabled# lpstat -p luna printer luna is idle. enabled since Jul 12 11:17 20019. available.
On server
Pradip Gudale 323
Adding access to printer
# lpadmin -p luna -s saturn
# lpadmin -p luna -D ”training-lab-ps"
# lpadmin -d luna
# lpstat -p luna printer luna is idle. enabled since Jul 12 11:17 2001. available.
On client
Printer server name
Makes it default
Pradip Gudale 324
*Adding network printer
• Although printer not connected to any M/C it is necessary to define & configure print server….. WHY ?
The print server provides queuing capabilities, filtering, and printing administration for the network printer.
Pradip Gudale 325
Network printer : few terms
• Print server
• printer host : s/w & h/w that makes non-network printers “Network Printers”
• printer node : printer itself if it is built-in N/W printer. Printer host if that is external box; Unique node name and IP address
• printer name: name entered on command line. Selected by sys sdmin while installing; one printer can have many names.
Pradip Gudale 326
N/W printer invoking s/w support
• The software support for network printers is called through the interface script. Netstandard
• lpadmin -p pr_name -m netstandard• lpadmin -p pr_name -o protocol=bsd | tcp
• Now printer subsystem needs access name
• lpadmin -p pr_name -o dest=pn1:9100
Node name Port number
Pradip Gudale 327
N/W printer : lpadmin
• # lpadmin -p printer-name -v /dev/null -m netstandard -o dest=pn1:9100, protocol=tcp, timeout=value
No of seconds to wait between attempting connection
# lpadmin -p printer-name -I content-type -T printer-type
#accept printer-name
#enable printer-name
Pradip Gudale 328
Managing Printers AND
print Schedulers
Pradip Gudale 329
Deleting printer
• Do it on both server and client
• print-client# lpadmin -x printer-name
• print-client# lpsystem -r print-serverthis deletes info about print-server also.
• print-server# reject printer-name
• print-server# disable printer-name
• print-server# lpadmin -x printer-name
Pradip Gudale 330
Checking printer status
$ lpstat [-d][-p printer-name [-D][-l]] [-t]
Shows default Shows characteristics
Shows status of print service
Pradip Gudale 331
Example.. lpstat -t$ lpstat -p luna -lprinter luna is idle. enabled since Mon Jul 12 15:02:32 ...Form mounted:Content types: postscriptPrinter types: PSDescription:Connection: directInterface: /usr/lib/lp/model/standardAfter fault: continueUsers allowed: (all)Forms allowed: (none)Banner not requiredCharacter sets:Default pitch:Default page size: 80 wide 66 longDefault port settings:
Pradip Gudale 332
lpscheduler
• Check if it is running.. Login as root OR lp• # lpstat -r• # /usr/lib/lp/lpshut … to stop
scheduler• # /usr/lib/lp/lpsched … to start
scheduler
Pradip Gudale 333
Banner pages
• Gets printed for every job
• helps identify print-job
• prints who-submitted, request-ID and time-it-got-printed
• can have modifiable title
• Not desirable if few users & small printouts OR using special forms like pay-cheques
Pradip Gudale 334
Banner printing control
• Both lpadmin and lp commands take banner printing related parameters
• lpadmin -p pr1 [-o banner=always | optional | never ]applies to printer
• lp -o nobanner applies to the jobignored for regular user; Honored for root or lp user and overrides lpadmin -o banner OR lpadmin -o banner=always
On by default; can be disabled in lp
Pradip Gudale 335
banner
• Banner setting is stored in/etc/lp/printers/pr-name/configuration file.
• Check this using lpstat -p pr-name -l
Pradip Gudale 336
Printer classes
• Print service enables you to group various printers into a class
• can be done only by lpadmin -c
• Once set-up users can specify printer class instead of printer for print jobs
• The first free printer in the class is used resulting in better turnaround; checked in order in which they were put in a class
• make classes based on location or type
Pradip Gudale 337
Defining class
• # lpadmin -p pr-name -c printer-class
• gets added at the end of list in the class in the file
• To see what are the printers in a class
/etc/lp/classes/printer-class
$ lpstat -c printer-class
Pradip Gudale 338
Printer fault notification• Print service can notify in different ways
when print operation encounters problems• Write a message to the terminal on which root
is logged in• Electronic mail to root• No notification• Can be configured by lpadmin OR Print
Manager
Also allows to get msg from program of your choice; allows disabling fault notification for known problem
Pradip Gudale 339
Fault notification: lpadmin -A
• ’mail [user-name]’• ’write [user-name]’• ’command’ (run the command)• quiet (stop alert unitl fault is fixed)• none ( do not send any alerts)
Alert settings are entered in
/etc/lp/printers/printer-name/alert.sh file.
Pradip Gudale 340
Fault Recovery
• You can define the fault recovery options for a printer only by using the lpadmin -F command. This task is not available in Solaris Print Manager.
• After fixing the fault active print request begins printing…
..from beginning of the job
..from top of page where stopped
..from top of page where stopped after you enable the printer
• lpadmin -F beginning | continue | waitBoth require filter
Recovery settings go in /etc/lp/printers/pr-name/configuration file.
Pradip Gudale 341
Access control• Can prevent some users from accessing some
printers
• make allow and deny lists using lpadmin -u
• with print manager you can make only allow list • # lpadmin -p printer-name -u
allow:user-list [ deny:user-list]• /etc/lp/printers/printer-name/users.allow/etc/lp/printers/printer-name/users.deny
Pradip Gudale 342
Managing print requests
• Get status• cancel jobs• change priorities• Login to server and use lp commands• $ lpstat -o [printer-list] | -u [user-list]
• lp -i request-id -H hold | resume | immediateThis changes priority
Pradip Gudale 343
priority
• You can also change priority relatively using lp -q command
• # lp -i request-id -q 3
0 to 39
0 top priority
39 lowest priority
Pradip Gudale 344
Managing filters
• Filters are programs that convert one typoe of file to another
• programs that manage double sided or landscape printing, draft & letter quality
• detect printer faults and notify print service
• LP print service provides postscript filters and are loacted in /usr/lib/lp/postscript directory.
Pradip Gudale 345
filters
• lpfilter command used to manage list of available filters
• filter descriptors are in /etc/lp/fd directory.
• Filters themselves are in /usr/lib/lp.• System information about filters is stored in • # lpfilter -f daisytroff -F
/etc/lp/fd/daisytroff.fd
/etc/lp/filter.table file.
Your chosen name Definition name in /etc/lp/fd
Pradip Gudale 346
What do enable/disableaccept/rejet
do ?
enable/disable : start or stop printing of jobs that are in queue
accept/reject : start or stop accepting jobs for queuing
These two are different and independent operations
Pradip Gudale 347
Canceling print request
• By request Id
• For specific user on any or specified printer
• The one currently being printed
• You can cancel provided if its your print-job or if you are superuser or lp
• $ cancel request-id | printer-name• $ cancel -u user-list [printer-name]
Pradip Gudale 348
Moving print requests
• If you want to take the printer out of service
• move requests to different printer having similar capabilities
• print request IDs remain same
• first check if destination printer is accepting requests…# lpstat -p prn2
• move requests.. # lpmove prn1 prn2this stops acceptance of new requests on
prn1 automatically.
Pradip Gudale 349
Print port characteristics
• Print service sets defaults for printer ports like….
• 9600 Set baud to 9600 cs8 Set 8-bit bytes cstopb Send one stop bit per byte parity Do not generate parity ixon Enable XON/XOFF olcuc Do not map lowercase to uppercase onlcr Change line feed to carriage return/line feed
Pradip Gudale 350
Port characteristics
• You can change if defaults not suitable
• use stty to display and set characteristics• # lpadmin -p prn -o "stty=options”• # lpadmin -p luna -o
"stty=’parenb parodd cs7’”• # lpadmin -p venus -o
"stty=19200"
Pradip Gudale 351
/usr/bin The LP print service user commands/etc/lp A hierarchy of LP server configuration files/usr/share/lib The terminfo database directory/usr/sbin The LP print service administrative commands/usr/lib/lp The LP daemons; directories for binary files and PostScript filters; and the model directory (which contains the standard printer interface program)/var/lp/logs The logs for LP activities: lpsched.n – Messages fromlpsched and requests.n – Information about completed print requests/var/spool/lp The spooling directory where files are queued for printing/var/spool/print The LP print service client-side request
staging area
Print service directories
Pradip Gudale 352
/usr/lib/lp directory
• bin : Contains files for generating printing alerts, queue management prog
• lpsched : schedular daemon
• model : standard interface programs
• postscript : contains all postscript interface programs
Pradip Gudale 353
How print service works• Print scheduler on print server is started in
/etc/rc2.d/S801p• scheduler lpsched updates print config files, queues
jobs, tracks printer status • print client communicates directly with a print sever
over the network. • Print servers listen for print request with the Internet
services daemon (inetd).• inetd starts a program “protocol adaptor” (in.lpd) --
communicates with spooler
Pradip Gudale 354
What the Printer Interface Program Does
• Initialize the printer port --use stty
• Initialize the printer -- use terminfo
• Print a banner page, if necessary.
• Print the correct number of copies specified by the print request.
Standard interface program is found in /usr/lib/lp/model
Pradip Gudale 355
SYSTEM SECURITY
PART 1:
Pradip Gudale 356
Security Aspects • Maintaining physical site security (don’t leave logged-in
terminal unattended)• Maintaining login control (password must)• Restricting access to data in files -permission• Maintaining network control• Monitoring system usage (mormal load ..?)• Setting PATH variable correctly (trojan horse• Securing files (use ACLs and care setuids) • Installing a firewall• Reporting security problems
Pradip Gudale 357
Firewall or Secured Gateway
• Dedicated system separating two networks
• each appoaches another as Untrusted
• also useful between two internal networks .. Will not send packet unless origin or destination address is of Gateway system
• packets of specific protocol only can be allowed to be forwarded-- say mail and not of telnet or rlogin
Pradip Gudale 358
firewall
• System should not have any trusted hosts
• everyone must be made to type password
• it acts as a passage as well as barrier
• it makes internal user to log-in to gateway system before he can send packets to outside N/W and also external user to login before he can reach internal N/W
Pradip Gudale 359
File related commands
• ls
• chown
• chgrp
• chmod
Pradip Gudale 360
ACL
• Traditional Unix allows permissions setting to owner, group and others
• ACL allows greater & finer control…you can set permissions for all above
& for specific users and groups and default permissions to each of these
• setfacl & getfacl
Pradip Gudale 361
Special logins• root 0 Has almost no restrictions and overrides all other
logins, protections, and permissions. The root account has access to the entire system.
• daemon 1 Controls background processing.• bin 2 Owns some of the Solaris commands.• sys 3 Owns many system files.• adm 4 Owns certain administrative files.• lp 71 Owns the object & spooled data files for printer.• uucp 5 Owns the object & spooled data files of UUCP nuucp 9 Is used by remote systems to log in to the system and start file transfers.
Gids in red
Pradip Gudale 362
password
• Sources to check password are three
• /etc/nsswitch.conf entry decides which of NIS+ tables, NIS map or /etc files to look for password
• /etc files are passwd and shadow
• Only superuser can read shadow file
Pradip Gudale 363
shell
Normal shell
/usr/bin/sh
Restricted shell
/usr/lib/rsh
Notice :Not /usr/sbin/rsh (remote shell)
Access limited to home directory; can’t use cd
Can use commands only in PATH variable
Can use files only in HOME dir & subdirectories
cannot redirect output with > or >>
Pradip Gudale 364
Tracking SuperUser Login
• Requires root password
• By default, user cannot login as root remotely; He needs to login as ordinary user and then switch-over to root. This policy helps tracking “who is trying to become SuperUser”
• The command to switch-over to different user is su
Pradip Gudale 365
Switch user : su
• su user-name
• su - user-name
Pradip Gudale 366
Network security• Firewall
• authentication
• authorization
Can I log-in ? Athentication
Can I copy this file ? Authorization
How do you differentiate between authentication and authorization ?
Pradip Gudale 367
Network security
• Firewall
• for NFS : you can decide what to share (through /etc/dfs/dfstab) and whom to give what authority (read/write or read only) through share command.
• By deafult, superuser access is not given by NFS. (it is implemented to change userId of requester to that of nobody-60001)
Pradip Gudale 368
Automated Security Enhancement Tool : ASET
• enable you to control and monitor your system’s security.
• specify a security level—low, medium, or high—at which ASET will run.
• At each higher level, ASET’s file-control functions increase to reduce file access and tighten your system security.
Pradip Gudale 369
File permissions
• Read, write and execute permissions to each of three types of users - owner (the one who creates file or directory), a group and others (all those who are neither owner nor member of the group)
• Only owner or root can decide and modify these permissions
Pradip Gudale 370
Permissions of directory
• r Read List files in the directory.• w Write Add or remove files or
links in the directory.• x Execute Open or execute files in
the directory. Also can make the directory and the directories beneath it current.
Pradip Gudale 371
Special file permissions
• setuid
• setgid
• stickyBit
Applicable to executables and public directories
Pradip Gudale 372
setuid
• When set on a program, it grants the process running that program aceess based on owner of that program rather than the user who is running it.
• This allows user to access files that are normally available only to owner. e.g /etc/shadow file -r-sr-sr-x 3 root sys 104580 Jul 16 12:02 /usr/bin/passwd
Pradip Gudale 373
setgid• Similar to setuid except….• process’s effective groupID is changed to that of
a group owner of a program and user is granted access based on permissions available to the group
• When applied to directory, the files created under it belong to the same group as directory belongs and not group of the process creating it.(e.g directory containing all project files)
Pradip Gudale 374
Sticky Bit
• Permission bit that protects files within a directory.. So its applied to only directories
• Files can be deleted only by 1)Owner of the file 2)Owner of the directory 3)root
• Prevents users from deleting other user’s files from public directory like /tmp
• drwxrwxrwt 7 root sys 400 JUL 3 13:37 tmp
Pradip Gudale 375
*Default Permissions
• What are the effective permissions when you create a file or a directory ?
• What decides these defaults permissions ?
A value set for umask in system file /etc/profile or .cshrc or .login
Pradip Gudale 376
System defaults
files = 666
directories & executables = 777
Subtract umask = 022
Effective permissions
files = 644
directories & executables = 755
Pradip Gudale 377
Display information on files :ls
• Type of files• Permissions• Number of hard links• Owner of the file• Group of the file• Size of the file, in bytes• Date the file was created or last date it was changed• Name of the file
- Text or programd Directoryb Block special filec Character special filep Named pipe (FIFO)l Symbolic links Socket
Pradip Gudale 378
$ cd /sbin$ ls -latotal 13456drwxr-xr-x 2 root sys 512 Sep 1 14:11 .drwxr-xr-x 29 root root 1024 Sep 1 15:40 ..-r-xr-xr-x 1 root bin 218188 Aug 18 15:17 autopushlrwxrwxrwx 1 root root 21 Sep 1 14:11 bpgetfile -> ...-r-xr-xr-x 1 root bin 505556 Aug 20 13:24 dhcpagent-r-xr-xr-x 1 root bin 456064 Aug 20 13:25 dhcpinfo-r-xr-xr-x 1 root bin 272360 Aug 18 15:19 fdisk...
Pradip Gudale 379
Changing file ownership
• Command is chown
• By default owner cannot change ownership; Only Superuser can
• workaround…set rstchown = 0 in
/etc/system & reboot• # chown newowner filename
Pradip Gudale 380
Changing group ownership
• Only superuser or owner can change
• owner can change it to a group of which he is a member
• $ chgrp group filename
Pradip Gudale 381
Changing permissions
• chmod command
• two modes 1) absolute mode : use octal numbers (triplet) to set permissions
2) symbolic mode: use combination of letters & signs
• for setting special permissions use additional octal number to the left of the triplet
Pradip Gudale 382
chmod
Special perm owner group others
X Y Z R W X R W X R W X
setuid
setgid
Stick bit
1 1 0
Octal 6
Pradip Gudale 383
examples
• $ chmod 700 my_prog• $ ls -l my_prog
-rwx------ 1 mahesh staff 6023 Jul 5 12:06 my_prog
• $ chmod 755 public_dir• $ ls -ld public_dir• drwxr-xr-x 1 omni staff 6023 Jul 5 12:06 public_dir
Pradip Gudale 384
examples
• $ chmod 4555 dbprog• $ ls -l dbprog• -r-sr-xr-x 1 db staff 12095 May 6 09:29 dbprog
• $ chmod o-r filea (takes away read permissions from others)
• $ chmod a+rx fileb (adds r & x to all)• $ chmod g=rwx filec (adds rwx to
group)
Pradip Gudale 385
To create shared directories
• A setgid bit on a directory must be set or changed using symbolic notation
# chmod g+s project_dir
Write a command to find all files in a specified directory having owner as root and setuid bit set on them
Pradip Gudale 386
# find directory -user root -perm -4000 -exec ls -ldb {} \; >/tmp/filename
Display in ls -ldb format Output stored here
# ls -l /tmp/filename---s--x--- 1 root rar 45376 Aug 18 15:11 /usr/rar/bin/sh-r-sr-xr-x 1 root bin 12524 Aug 11 01:27 /usr/bin/df-rwsr-xr-x 1 root sys 21780 Aug 11 01:27 /usr/bin/newgrp-r-sr-sr-x 1 root sys 23000 Aug 11 01:27 /usr/bin/passwd-r-sr-xr-x 1 root sys 23824 Aug 11 01:27 /usr/bin/su#
Pradip Gudale 387
ACL
• Salient feature is you can assign permissions to specific user
e.g. you can give read permission to a group and read/write permission to a specific member in that group
• ACL contains entries which are defind using setfacl
• entry_type:[uid|gid]:perms
Pradip Gudale 388
u[ser]::perms File owner permissions.g[roup]::perms File group permissions.o[ther]:perms Permissions for users other than the fileowner or members of file group.m[ask]:perms The ACL mask. The mask entry indicates themaximum permissions allowed for users (other than the owner) and for groups. The mask is a quick way to change permissions on all the users and groups.u[ser]:uid:perms Permissions for a specific user. For uid, you can specify either a user name or a numeric UID.g[roup]:gid:perms Permissions for a specific group. For gid, you can specify either a group name or a numeric GID.
ACL Entries for files
Pradip Gudale 389
d[efault]:u[ser]::perms Default file owner permissions.d[efault]:g[roup]::perms Default file group permissions.d[efault]:o[ther]:perms Default permissions for users other than the file owner or members of the file group.d[efault]:m[ask]:perms Default ACL mask.d[efault]:u[ser]:uid:perms Default permissions for a specific user. For uid, you can specify either a user name or a numeric UID.d[efault]:g[roup]:gid:perms Default permissions for a specific group. For gid, you can specify either a group name or a numeric GID.
Default ACL on directory
You can set default ACL on directories; All created under it will have same permissions as default; When you set for specific user first time you also need to set for owner, group & mask
Pradip Gudale 390
setfacl
$ setfacl -s user::perms,group::perms,other:perms,mask:perms,acl_entry_list filename ...
Sets or replaces ACL
List of one or more ACL entries for specific user or group OR default on directory
$ setfacl -s user::rw-,group::r--,other:---,mask:rw-,user:mahesh:rw- ch1.doc$ ls -ltotal 124-rw-r-----+ 1 rajiv sysadmin 34816 Jul 11 14:16 ch1.doc
Indicates file has an ACL
Pradip Gudale 391
Display ACLsUse the command getfacl$ getfacl ch1.doc# file: ch1.doc# owner: rajiv# group: sysadminuser::rw-user:mahesh:rw- #effective:rw-group::r-- #effective:r--mask:rw-other:---
Pradip Gudale 392
ACL example$ setfacl -s u::7,g::4,o:0,m:4,u:mahesh:7 ch2.doc$ getfacl ch2.doc# file: ch2.doc# owner: rajiv# group: sysadminuser::rwxuser:mahesh:rwx #effective:r--group::r-- #effective:r--mask:r--other:---
Pradip Gudale 393
Copying ACL of one file to another
$ getfacl ch2.doc | setfacl -f - ch3.doc
Taken from here and applied there
Implies :Take from file
Pradip Gudale 394
Modifying/ Deleting ACL entry
$ setfacl -m acl_entry_list filename1 [filename2 ...]
$ setfacl -m user:mahesh:6 ch3.doc
$ setfacl -d acl_entry_list filename1 ...
Pradip Gudale 395
Login information
• Use logins command• # logins -x -l username (x:extended info)• # logins -x -l mahesh• mahesh 500 staff 10 Mahesh Kulkarni
• /export/home/mahesh• /bin/sh• PS 010170 10 7 -1
Picks info from /etc/passwd or NIS or NIS+
Password aging info
Pradip Gudale 396
Finding users not having passwords
•# logins -p
Disabling logins temporarily
Create /etc/nologin file with a message you want to display for login attempts and reboot the M/C
root login is not affected
Pradip Gudale 397
Saving failed logins
• Create /var/adm/loginlog file with read/write permissions to root only
• failed login activity will be written to this file automatically after five failed attempts.
• user’s login name, tty device, and time of the failed attempt is recorded.
Pradip Gudale 398
Dial-up password• Another layer of security for users logging
in via modem
• only superuser can create or change
• two files involved: /etc/dialups & /etc/d_passwd.
list of ports that require a dial-up password/dev/term/a/dev/term/b
list of shell programs that require an encrypted password
/usr/lib/uucp/uucico:encrypted_password:/usr/bin/csh:encrypted_password:/usr/bin/ksh:encrypted_password:/usr/bin/sh:encrypted_password:
Pradip Gudale 399
Mahesh logs in on /dev/term/b /etc/dialups
Check the presence of port in this file...
Check “login shell” field of /etc/passwd & look for match in/etc/d_passwd
/dev/term/a /dev/term/b
Prompt for password
/etc/d_passwd If no match found password entry of /usr/bin/sh is used
Dial-up logins are disabled if /etc/d_passwd has only the following entry:/usr/bin/sh:*:
Pradip Gudale 400
Creating files for dialup password• With editor create files with entries• # chown root /etc/dialups /etc/d_passwd• # chgrp root /etc/dialups /etc/d_passwd• # chmod 600 /etc/dialups /etc/d_passwd• add some user with password with useradd• # grep user-name /etc/shadow > usr-tmp• userA:U9gp9SyA/JlSk:7967:::::7988:
Delete all except this And copy
Pradip Gudale 401
Superuser login
• From security angle it should be allowed only on console
• Edit the /etc/default/login file.
• Uncomment a line and make itCONSOLE=/dev/console
• On other terminals users will have to login as some other user and do su to root which can be monitored
Pradip Gudale 402
Monitoring su attempts
• Through the /etc/default/su file you can enable the /var/adm/sulog file to monitor all su attempts. Uncomment & keepSULOG=/var/adm/sulog
• To get message on console also.. CONSOLE=/dev/console in /etc/default/su
• Entry shows date & time, success or failure (+ or -), port, name of user and switched identity
Pradip Gudale 403
Sample /var/adm/sulog
# more /var/adm/sulogSU 12/20 16:26 + pts/0 mahesh-rootSU 01/12 11:11 + pts/0 root-joebobSU 01/12 14:56 - pts/2 anu-root
Pradip Gudale 404
Scheduling Jobs
PART 1:
Pradip Gudale 405
Tasks at specific times• Task to be carried out only once at a specified
time…. Use at command
• Tasks to be executed repeatedly at regular intervals…( e.g. taking backup, removing contents of log files, probing system load).. Use crontab command
• Files kept in /var/spool/cron• Files that control access to these command are in
/etc/cron.d
Pradip Gudale 406
Entries inside crontab
10 3 * * 0,4 /etc/cron.d/logchecker10 3 * * 0 /usr/lib/newsyslog (run newsyslog at 3:10 every Sunday)15 3 * * 0 /usr/lib/fs/nfs/nfsfind1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&130 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean
cron daemon scedules jobs according to entries found in crontab files; reads /var/spool/cron/crontabs directory every 15 minutes to take-up new files/changes
Min hours day-of-month month day-of-the-week command
Pradip Gudale 407
/var/spool/cron/crontabs/..
• Crontab file for root and few other users like adm, lp, sys, uucp exist
• other users can create crontab files and they are named after their username
e.g. /var/spool/cron/crontabs/mahesh
• you need to be superuser to modify someone else’s crontab file
Pradip Gudale 408
Creating crontab file
• Use crontab -e command• crontab -e invokes the text editor
(default is ED) set up for your system environmentEDITOR=vi; export EDITOR;
• # crontab -e [username]… only superuser can create for other users
Pradip Gudale 409
Check existence & display & remove• #cd /var/spool/cron/crontabs• #ls -l -rw-r--r-- 1 root sys 190 Feb 26 16:23 adm -rw------- 1 root staff 225 Mar 1 9:19 mahesh -rw-r--r-- 1 root root 1063 Feb 26 16:23 lp
• $ crontab -l [username] … if superuser• $ crontab -l 13 13 * * * cp /home/anu/work_files /usr/backup/. > /dev/null 2>&1
• $ crontab -r [username] … if superuser to remove crontab files
Pradip Gudale 410
Controlling access to crontab
• Accomplished through two files (in /etc/cron.d ) cron.allow and cron.deny
• allowed users can create, edit, display and remove crontab files
• By default cron.deny exists but not cron.allow
• Only superuser can make these files
Pradip Gudale 411
cron.allow & .deny rules
• If cron.allow exists only the users listed in this file can work with crontab files.
• If cron.allow doesn’t exist, all users may submit crontab files, except for users listed in cron.deny.
• If neither cron.allow nor cron.deny exists, superuser privileges are required to run crontab.
• So.. by default all users except listed in .deny are allowed to work with crontab
• So.. to deny a user, just add his name to cron.deny
Pradip Gudale 412
cron.allow exists ?
Allow listed users to work
yes
cron.deny exists ?
no
Allow not listed in this to work
no
Allow only superuser to work with crontab
In /etc/cron.d
So… to limit access to few users add their names to allow list. Don’t forget to add root there.
Pradip Gudale 413
*Error message for crontab -l
• What do you make out of these ? crontab: can’t open your crontab filecrontab: you are not authorized to use cron. Sorry.
In the first case : crontab file doesnot exist
In the second case: You are denied use of crontab
Pradip Gudale 414
at jobs
• Execution at a later time
• executed only once
• By default, users can create, display, and remove their own at job files.
• When submitted an at job, it is assigned a job identification number along with the .a extension that becomes its file name.
Pradip Gudale 415
How to submit an at job
• Invoke at command with time as argument
• enter the command to be executed latermake sure to send output to a
file if required
• press control-d to come out to prompt
$ at 11:45pm July 31at> rm /home/export/mahesh/*core*at> Press Control-dcommands will be executed using /bin/cshjob 933486300.a at Sat Jul 31 23:45:00 2001
Pradip Gudale 416
Submitting at job
$ at [-m] time [date]
Sends mail once job is done
$ at 4 am Saturdayat> sort -r /usr/dict/words > /export/home/anu/big.filecntrl-d
Pradip Gudale 417
Displaying at jobs
$ atqRank Execution Date Owner Job Queue Job Name1st Jul 12, 1999 19:30 anu 897355800.a a stdin2nd Jul 14, 1999 23:45 anu 897543900.a a stdin3rd Jul 17, 1999 04:00 anu 897732000.a a stdin
$ at -l [job-id] shows execution times of your job$ at -l897543900.a Mon Jul 16 23:45:00 2001897355800.a Tue Jul 17 19:30:00 2001897732000.a Wed Jul 18 04:00:00 2001
Pradip Gudale 418
Removal of at jobs
$ at -l897543900.a Wed Jul 14 23:45:00 1999897355800.a Mon Jul 12 19:30:00 1999897732000.a Sat Jul 17 04:00:00 1999$ at -r 897732000.a$ at -l 897732000.aat: 858142000.a: No such file or directory
Pradip Gudale 419
Access to at command
• The policy is similar to one for crontab
• it is done through at.allow and at.deny lists under /etc/cron.d directory
• print server
• boot server
• install server
• name server
• mail server