SOLARIS QUICK REFERENCE

SOLARIS
# uname a Gives all details about the system # uname m Displays H/W platform (sun4u) # uname p Machine processor architecture (sparc or i !") # uname i Machine model architecture (#$%W& $ltra '()*) # uname + Detailed description # m,dir p /data/dir -reates directory and sub directory in one shot # rmdir r /data Deletes the directory and all its subdirectory and files # cp r /data /data) .t copies the directory # echo /M0%102H 3 /usr/local/samba/man3 # echo /102H #ho4s environmental path /usr/sbin3/usr/bin Grep -ommand 5ptions 6i 6l 6n 6v 64 #earches for both upper 7 lo4er case characters 8ists the names of files 4ith matchin9 lines 1roceeds each line 4ith the relative line number in the file .nverts the search to display lines that do not match the pattern #earches for the e:pression as a complete 4ord;

# find /,ris name file) #earches for file file) in /,ris directory # find /,ris name file) e:ec ls l <= >? #earch and display # find /,ris type f si@e * e:ec ls l <= >? #earch for the file 4ith si@e * # find /,ris user user) #ho4s file used by user Auser)B / 102HC/102H3/usr/ccs/bin3/usr/ucb3 .t 4ill 9et appended to the e:istin9 path # ln s Dsource filenameE Ddestination filenameE -reatin9 symbolic lin, # ln Dsource filenameE Ddestination filenameE -reatin9 hard lin, $ni: File 1ermission r 4& 4 G& : ) (r4( r( ( r( ( ("44) Default file permission dr4: r(: r(: (H'') Default directory permission 5 G 5 1ermission cate9ories # ls n /var/adm dr4:r4:r(: ' 4 4 ')G nov )' )43'' file)

' 6 %o of hard lin, to the file or directory 4 2he $.D of the o4ner 4 2he G.D of the 9roup ')G #i@e # chmod I H'' Ddirectory nameE For inherit permission

J. Kditor .nsertin9 and 0ppendin9 2e:t a 6 0 6 i 6 . 6 o 6 5 6 3r DfilenameE 0ppend te:t after the cursor 0ppends te:t at the end of the line .nserts te:t before the cursor .nserts te:t at the be9innin9 of the line 5pens a ne4 line belo4 the cursor 5pens a ne4 line above the cursor .nserts te:t from another file into the current file

Ley #eMuence for the J. Kditor n& left arro4 or bac,space 8eft one characters N or do4n arro4 Do4n one line , or up arro4 $p one line l& ri9ht arro4 or spacebar Ii9ht one character 4 For4ard one 4ord b Oac, one 4ord e 2o the end of the current 4ord / 2o the end of the line * (@ero) 2o the be9innin9 of the line P 2o the first non 4hitespace character on the line Ieturn Do4n to the be9innin9 of the ne:t line G Goes to the last line of the file )G Goes to the first line of the file 3n Goes to the line n nG Goes to the line n -trl F 1a9es for4ard one screen -trl D #croll do4n one half screen -trl O 1a9es bac, one screen -trl $ #crolls up one half screen -trl 8 Iefreshes the screen Kditin9 files usin9 the J. editin9 commands I s : d4 dd D 3n&nd 5ver4rites or replace characters to the ri9ht of the cursor -han9es or over4rites characters to the end of the line #ubstitute a strin9 for a character at the cursor Deletes a character at the cursor Deletes a 4ord or part of the 4ord to the ri9ht of the cursor Dletes the line containin9 the cursor Deletes the line from the cursor to the ri9ht end of the line Deletes the line n throu9h n

$sin9 the 2e:t -han9in9 -ommands u $ $ndoes the previous command $ndoes all chan9es to the current line

Iepeats the previous command

#earch and Ieplace -ommand /strin9 #earches for4ard for the strin9 Qstrin9 #earches bac,4ard for the strin9 n #earches the ne:t occurrence of the strin9 % #earches for the previous occurrence of the strin9 3Rs/old/ne4/9 #earches for the old strin9 and replace it 4ith the ne4 strin9 9lobally $sin9 the te:t copyin9 and 2e:t 1astin9 -ommands yy p 1 3n&n co n 3n&n m n File 0rchives # tar cvf b,p;tar file) fileG Will archive file) 7 fileG # tar tvf b,p;tar #ho4s the table of content # tar :vf b,p;tar .t e:tracts file from the tar archive # tar cf 6 T U (cd /folderG ? tar :vf 6) # Nar cvf b,p;tar # Nar tvf b,p;Nar # Nar :vf b,p;Nar # compress b,p;tar 2o compress tar archive # ls b,p;tar;@ # uncompress b,p;tar;@ 2o uncompress tar archive # 9@ip b,p;tar 2o create 9@ip file b,p;tar;9@ # 9un@ip b,p;tar;9@ 2o e:tract the tar archive by 9un@ip b,p;tar # @ip out;@ip b,p;tar 2o create @ip archive # un@ip out;@ip 2o e:tract the @ip archive 2o copy and e:tract file from one folder to other San,s a copy of a line 1uts yan,ed or deleted te:t under the line containin9 the cursor 1uts yan,ed or deleted te:t before the line containin9 the cursor -opies lines n throu9h n and puts them after line n Moves lines n throu9h n to line n

Module 1 Introducing the Solaris OE Directory Hirerarchy /bin #ymbolic lin, to /usr/bin contains binary files of standard system commands /,ernel 1latform independent lodable ,ernel modules /platform 1latform dependable lodable ,ernel modules /sbin #in9le user bin directory contains essential e:ecutables /usr -ontains pro9rams& scripts and libraries that are used by all system users $ni: #ystem Iesources /var Directory of varyin9 files& includes temporary& lo99in9& or status files /dev/cua /dev/ds, /dev/pts /dev/term /dev/rmt Dial out device files for $$-1 7 111 Oloc, dis, devices /dev/rds, Ia4 dis, devices 1suedo terminal devices /dev/md Metadis, devices #erial devices /dev/sound 0udio device files Ia4 ma9netic tape devices -onfi9 info for cron utility /etc/default Default info for various pro9; -onfi9 files 6 net4or, services /etc/init;d #cripts to stop 7 start services -onfi9 info for printer /etc/nfs -onfi9 info for %F# server lo99in9 #cripts for various run levels /etc/s,el Default shell initiali@ation files

/etc/cron;d /etc/inet /etc/lp /etc/rc#;d

/usr/bin #tandard system command /usr/sbin #ystem administration commands /usr/,ernel 1latform independent lodable ,ernel module devfsadm #olaris ! 7 V drvconfi9 #olaris G;: throu9h G;H

Module 2 Managing Local Disk Devices Dis, #lices */ ) s4ap G Kntire Dis, ' /opt " /usr H /e:port/home

/dev 8o9ical Device %ames

/devices 1hysical Device %ames

/etc/path(to(inst For each device& the system records its physical and instance name # prtconf #ho4s system information includin9 memory si@e # devfsadm Will search and confi9ure ne4 devices added; # devfsadm c dis, # devfsadm i Ddriver nameE # devfsadm v 2o print chan9es made to the /dev and /devices directory # devfsadm c 2o invo,e cleanup routines that remove unreferenced symbolic lin,s for devices # format FormatE label 2o store partition details; FormatE fdis, 2o create partitions

FormatE verify Display partition details FormatE partition 2o 9et into partition menu FormatE save #avin9 ne4 dis, and partition 3/etc/format;dat 1artitionE * -han9e * partition select #elect a predefined table modify Modify a predefined partition table name %ame the current table print Displays the current table label Write partition map and label to the dis, # prtvtoc /dev/rds,/c)t*d*sG 2o vie4 dis, table # prtvtoc /dev/rds,/c)d*sG E /in 2o save dis, partition details to /in file # fmthard s /in /dev/rds,/c)d*sG 2o load partition detail from file to dis,

Module 3 Managing the Solaris OE ile Syste! ufs $ni: F# hsfs Hi9h #ierra F# udfs $niversal Dis, Format F# 1seudo F# Memory based F# tmpfs pcfs 1- F# for D5# F02 G F# nfs 6 %et4or, F# s4apfs procfs mntfs

J25- present in the first sector in the ra4 dis, area; J25- 6 ')G sector Ooot Oloc, 6 )6)' sector #uper Oloc, 6 )"6 ) First -ylinder Group 6 G -reatin9 File #ystems # ne4fs /dev/rds,/c)d*s* -reatin9 F# # ne4fs i )" !4 /dev/rds,/c)d*s* -reatin9 F# 4ith data bloc, si@e )"LO # mount /dev/ds,/c)d*s* /p) Mountin9 partition in /p) directory # fstyp v /dev/rds,/c)d*s* U 9rep minfree minfree "R 2o ,no4 the reserved dis, space # tunefs m G /dev/rds,/c)d*s* 2his 4ill reduce the reserved space to GR # umount /p) 2o umount a partition; %ever run the fsc, command on a mounted F#; 2he /& /usr and /var F# should have the fsc, command run on them on sin9le user mode # fsc, /dev/rds,/c*t*d*sH 2o chec, the F# in interactive mode # fsc, o f&p /dev/rds,/c*t*d*sH f forces p preen or %on interactive mode

# fsc, y /dev/rds,/c*t*d*sH .t ans4ers that to all Muestions 4e said yes 4ith y option # ne4fs % /dev/rds,/c*t*d*sH 2o vie4 the locations of alternative bac,up superbloc,s # fsc, o bC G /dev/rds,/c*t*d*sH Will retrieve the corrupted partition; # dd ifC/dev/@ero ofC/dev/rds,/c*d*sH bsC')G countC G .t 4ill corrupt the partition # df #ho4s dis, detail in bloc,s # df , (in LO) # df h Displays dis, allocation in MO 7 GO # df e 1oints only the number of files free # du , Displays dis, use in LO # du s Displays only the summary in ')G bytes bloc,s; $sin9 the s and , options to9ether sho4s summary in LO # du h /opt #ho4s the dis, usa9e by the directory # Muot a Ieports on all mounted file systems # Muot f .nclude the number of files # Muot h /e:port/home #ho4s dis, usa9e user4ise in the particular directory

Module " Mounts # $n!ounts # mount lists all of the mounted F# in the /etc/mnttab file JF#20O Jirtual File #ystem 2ab /etc/vfstab device to mount device to fsc, mount point F# type fsc, pass mount at boot mount options /etc/mnttab file is an mntfs file that provides read6only info about mounted F# on the local host 2he /etc/vfstab file lists all the F# to be automatically mounted at system boot time& 4ith the e:ception of the /etc/mnttab and /var/run F# # mount /dev/ds,/c*t*d*sH /e:port/home Mount 5ptions3 read/4rite& setuid& intr& nolo99in9 and lar9efiles& :attr and onerror; # mount o option&option&W device(name mount(point # mount 6o ro /dev/ds,/c*d*sH /p Mount the partition read only; # mount o ro&nosuid /dev/ds,/c*t*d*sH /e:port/home 1rohibit e:ecution of setuid p9m; .n solaris GGO is the lar9e file limit; $se of nolar9efiles option fails if the F# to be mounted contains lar9e files; # mount 6o nolar9efiles&noatime /dev/ds,/c*d*sH /p nolar9efiles WonBt allo4 lar9e files in this partition noatime Modification time stamp 4onBt 9et updated;

# mountall Mounted local F# listed in the /etc/vfstab file # mountall l .f any F# has entry in the fsc, pass field as or * then it 4ill 9et mounted 4ithout fsc, chec,in9; 5ther4ise fsc, carried out before mountin9 # fstype /dev/rds,/c*t*d*sH 2o ,no4 the F# type # mount F hsfs o ro /dev/ds,/c*t"d*s* /cdrom 2o mount -D6Drive # mount F pcfs /dev/dis,ette /pcfs # umount /e:port/home or umount /dev/ds,/c*t*d*sH # umountall Will unmount local F# listed in /etc/mnttab e:cept /& /usr& /proc& /dev/fd& /var& /var/run 7 /tmp # umountall l 2o verify the F# listed in the /etc/mnttab # fuser c /p Will sho4 the process runnin9 on the partition # fuser c, /p Will ,ill the user processes # umount f /p Force the partition to unmount

# 2KIMCsun # e:port 2KIM K:ecutes this G command to enable the J. editor to 4or, properly # ps ef U 9rep vold Jold is the daemon ta,in9 care of auto mountin9 -D6Iom; # volchec, Will chec, any media present in -D6Iom or Floppy drive # /floppy/floppy* Floppy 9et mounted here automatically # /cdrom/cdrom* -D6Iom 9et mounted here automatically # /etc/init;d/volm9t stop (or) start # eNect cdrom Will eNect the -D6Iom if the vold is runnin9 # fdformat t dos /dev/rdis,ette 2o format a floppy 4ith D5# mode # fdformat 2o format the floppy in #olaris Format;

Module % Installation #olaris V 5K .nstallation and $p9rade options #olaris suninstall pro9ram #olaris Web #tart .nstallation soft4are -ustom Xumpstart procedure #olaris Web #tart Flash .nstallation #tandard up9rade #olaris 8ive $p9rade method # 9rep MK20-8$#2KI /var/sadm/system/admin/;clustertoc 2o ,no4 cluster types

# cat /var/sadm/system/admin/-8$#2KI 2o ,no4 the installed cluster confi9 -8$#2KIC#$%W-+all

Module & 'ackage (d!inistrtaion /var/sadm/install/contents file has all the details about installed pac,a9es; # 9rep sho4rev /var/sadm/install/contents Will sho4 4hether sho4rev pac,a9e is installed or not /var/sadm/p,9 directory maintains a record of all installed pac,a9es # p,9info U more Will sho4 all installed pac,a9es # p,9info l #$%Wman #ho4s information about #$%Wman pac,a9e # p,9info d /cdrom/cdrom*/s*/#olaris(V/1roduct U more 2o vie4 info about p,9 in -D # p,9add d /cdrom/cdrom*/#olaris(V/1roduct #$%W@ip # p,9ch, #$%Wman .f the p,9ch, command doesnBt display a messa9e& it indicates the pac,a9e 4as installed successfully # p,9ch, v #$%W@ip 2o list the files contained in a soft4are pac,a9e # p,9ch, p /etc/shado4 2o determine if the contents and attributes of a file have chan9ed since it 4as installed 4ith its soft4are pac,a9e # p,9ch, l #$%Wman 8ists info about selected files that ma,e up a pac,a9e # p,9rm #$%W@ip Will remove the #$%W@ip pac,a9e # p,9add d /cdrom/cdrom*/#olaris(V/1roduct s spool #$%W@ip .t 4ill dump the #$%W@ip pac,a9e to /var/spool/p,9 folder; 0lternate path can be 9iven instead of spool li,e /p,9 etc;& # p,9rm s spool #$%Wman Will delete the dumped #$%Wman pac,a9e from spool directory # admintool 7 2ool (G$.) used to add users& printers& 9roups& soft4ares etc;& # prodre9 7 2ool (G$.) to vie4 installed pac,a9es as 4ell as to install 7 uninstall pac,a9es;

Module ) Managing So*t+are 'atches #olarisV/1atchIeport 0 summary of all patches for the solaris V 5K release V(Iecommended;IK0DMK .nstruction for ho4 to intall the recommended patch; # sho4rev p (or) # patchadd p Will sho4 installed patches

 /var/sadm/patch 6 .nfo about all patches that are currently installed; 1atch %ame " di9it number6revision number ())HH' 6*)) # /usr/bin/@cat )*'*'*6*);tar;@ U tar :vf 6 # cd /var/tmp # patchadd )*'*'*6*) Will add patch When you remove a patch& the patchrm command restores all files that 4ere modified or replaced by that patch& unless 2he patch 4as installed 4ith the patchadd d option (Which instructs the patchadd command not to save copies of files bein9 updated or replaced) 2he patch is reMuired by the another patch 2he patch has been obsoleted by a later patch # patchrm )*'*'*6*) Will remove patch .nstallin9 1atch -luster # cd V(Iecommended # ;/install(cluster /var/sadm/install(data/#olaris(V(Iecommended(lo9 Module , E-ecuting .oot '/OM 0o!!ands # /usr/platform/Buname mB/sbin/prtdia9 v 2o ,no4 the 5penOoot version #topYD 1ress this ,eys 4hen system po4er is turned 5% to s4itch to dia9nostic mode 2his ,ey seMuence is not available on a serial port terminal #topY% 1ress 4hile the system is turned 5% to set the %JI0M parameters to default #topY0 2o 9et into boot 1I5M /etc/default/,bd 6 Iemove the comment for the line LKSO50ID(0O5I2Cdisable to turn off #topY0 function inside 5#; 2hen issue the command ,bd i o, 9o 2o comeout of 1I5M prompt o, banner #ho4s system confi9uration o, printenv #ho4s all variables o, reset6all Will save the chan9es and clear the buffer 7 reboot the system o, ;re9isters Displays the contents of the re9isters o, sho46devs #ho4s all device 4ith physical path o, devalias #ho4s currently available devices .n sparc if 4e chan9e values; 2here is no option to come out 4ithout savin9;

o, o, o, o,

probe6ide #ho4s ide details and device connected probe6scsi #ho4s scsi details and device connected probe6scsi6all .dentifies devices on all all #-#. buses probe6fcal6all .dentifies devices on all fibre channel loops

o, nvalias Dalias nameE /pciZif&;;;;;;;;;;;;;;;;;;;;;; o, nvunalias Dalias nameE 2o delete alias name o, o, o, o, o, sho46dis,s Desplays and allo4s a selection of device paths sho46ttys sho46displays sho46nets sho46tapes

o, help #ho4s list of help o, help floppy eNect o, test Iuns self6test on specified systems o, sync Manually attempts to flush memory and synchroni@e F# o, o, o, o, o, o, boot Ooot the system boot r Detect ne4 devices (Ieconfi9uration boot) boot s #in9le user mode boot v Jerbose mode boot the system and sho4s the bac,9round details boot a .nteractive mode; 1rompt user for user input for all the process at boot time boot rv (or) sv

o, printenv auto6bootQ auto6bootQCfalse o, printenv boot6device 2o ,no4 the variable details boot6deviceCdis, o, setenv auto6bootQ 2rue 2o chan9e value to true for [auto6bootQ\ variable auto6bootQCtrue o, printenv dia96s4itchQ Dia96s4itchQCfalse o, setenv dia96s4itchQ 2rue o, set6defaults Ieset all settin9s to factory default o, setenv boot6device dis, cdrom net o, set6default boot6device Will reset the default value of boot6device variable o, po4er6off Will s4itch off the system immediately .nside 5# # eeprom KMuivalent to printenv # eeprom auto6boot 0uto6bootQCtrue # eeprom auto6bootQCfalse # eeprom dia96s4itchQCtrue

Module 1 'er*or!ing .oot and Shutdo+n 'rocedures Iun 8evels * s or # ) G 4 ' " o, mode #olaris 5K sin9le user mode 4ith critical F# mounted #in9le user administrative state 4ith access to all F# available Multiuser can access the system; 0ll sys daemons are runnin9 e:cept %F# Multiuser operations 4ith %F# 7 %/W resource available Ieserved 1o4eroff Ieboot

# 4ho r #ho4s current run level Ooot #eMuence ); G; ; 4; Ooot 1I5M phase Ooot pro9ram phase Lernel initiali@ation phase init phase

/etc/inittab id(# ) rstat( ) action(4ait) -ontains details about init levels /etc/vfstab /etc/inittab /etc/system .mportant Files /etc/system moddir root device and root F# confi9 e:clude forceload set 0l4ays ma,e a copy of /etc/system file before you edit the same; .n case of problem & issue the interactive boot command 3 boot a; When promptin9 for system file; Knter the path of bac,up file for /dev/null for a null confi9uration file; /etc/init;d Directory contains many process or services li,e volume mana9ement /sbin Kach run level has an associated rc scripts located in this directory (e9 /sbin/rc*) 2he I- scripts rc*& rc' 7 rc" are hard lin,ed to each other; Iun control scripts are located in /etc/init;d directory and these files are hard6lin,ed to correspondin9 run control sctipts in the ;etc/rc#;d directories;

-reatin9 %e4 Iun -ontrol #cripts -reate the script in the /etc/init;d directory and create lin,s in the appropriate /etc/rc#;d directory for the run level in 4hich the service is to be started and stop; # vi /etc/init;d/filename # chmod H44 /etc/init;d/filename # ch9rp sys /etc/init;d/filename # cd /etc/init;d # ln filename /etc/rc#;d/###filename # ln filename /etc/rc#;d/L##filename # /etc/init;d/filename start 2o test the filename # init G #4itch the run level to G # shutdo4n Will moves to maintenance mode (init #) # shutdo4n y 9 ** i" [2he system is bein9 rebooted\ Ieboots after ** seconds; Default is "* sec # shutdo4n i* (or) i' (or) i" # halt #hutdo4n the system immediately to o, prompt # po4eroff KMuivalent to init' # reboot KMuivalent to init" 2hese commands 4onBt ececute rc* ,ill scripts;

Module 12 'er*or!ing $ser (d!inistration /etc/pass4d H fields lo9in.D3:3$.D3G.D3comment3home(dir3lo9in(shell * 6 VV $.D Ieserved system user accounts )** "**** $.D for users ran9e * Ioot "***) Ieserved for the nobody account "***G Ieserved for noaccess account 2o 9enerate error messa9e "'' 4 nobody4 the anoynomous user account /etc/shado4 V fields lo9in.D3pass4ord3lastch93min3ma:34arn3inactive3e:pire3reserved /etc/9roup 9roupname39roup6p4d3G.D3user6list /etc/default/pass4d #et values for the follo4in9 parameters M0+WKKL# M.%WKKL# 10##8K%G2H(valid entries are "&H 7 !) W0I%WKKL# )VH* 6E J4 )V!" #un released first 5# (sunos);*) # useradd u D$.DE 9 DG.DE G G.D&G.D&;; d /e:port/home/user ** m s /bin/,sh c [Ie9ular $ser\ user ** # pass4d user ** # useradd d /e:port/home/user *' m user *' # useradd user *"

# usermod ]6u uid ]6o^^ ]69 9id^ ]6G 9id^ ]6d dir^ ]6m^ ]6s shell^ ]6c comment^ ]6l ne4lo9inname^ lo9inname # usermod l Dne4 user nameE d /e:port/home/Dne4 user nameE m Dold userE # usermod u D$.DE user *) -han9e uid to V*' # usermod s /bin/csh user *) # userdel user *) Delete the user account not the home dir # userdel r user *) Delete user id 7 home dir # 9roupadd ]69 9id ]6o^^ 9roupname # 9roupadd 9 DG.DE D9roupnameE # 9roupmod ]69 9id ]6o^^ ]6n name^ 9roupname # 9roupmod n Dne49rpnameE Dold9rpnameE # 9roupmod 9 4** class -han9e G.D to 4** for the 9roup class # 9roupdel 9roup) /etc/profile 2he Oourne& Lorn and O0#H shells e:ecute this initiali@ation file /etc/;lo9in 2he - shell loo,s for and e:ecutes this initiali@ation file durin9 lo9on; 2here are no default 9lobal initiali@ation files for the _ or 2- shells Oourne /etc/profile /H5MK/;profile /bin/sh Lorn /etc/profile /H5MK/;profile /bin/,sh /H5MK/;,shrc /etc/;lo9in /H5MK/;cshrc /bin/csh /H5MK/;lo9in #ettin9 Knvironment Jariables Oourne or Lorn shell J0I.0O8KCvalue? e:port J0I.0O8K For e:ample3 1#)C\/H5#2%0MK\? e:port 1#) setenv variable value For e:ample3 setenv 81DK#2 laserprinter /etc/s,el/local;profile /etc/s,el/local;profile /etc/s,el/local;cshrc /etc/s,ell/local;lo9in

# id user *) #ho4s $.D of the user 7 primary 9roup # id a user *) #ho4s secondary 9roup details also # 9roups user ** #ho4s the users 9roups # cho4n I DusernameE39rpname DdirectoryE # p4conv 2o sync pass4d and shado4 files; /etc/s,el 2emplate files 9et copied once user id is created; Oy default /etc/s,el/local;profile file donBt have any content; 1rofile 5rder /etc/motd file Messa9e of the day

/etc/profile //H5MK/;profile

Module 11 'er*or!ing Syste! Security # 4ho 8ist of users currently lo99ed in to the local system; 2he command refers /var/adm/utmp: to obtain information # 4ho m .nfo about only the current terminal 4indo4 # rusers 6l Displays a list of the users lo99ed in on local and remote hosts; # fin9er m usera Displays info about the user and host name of user lo9in session # last Displays a record of all lo9ins and lo9outs (/var/adm/4tmp:) # last n ' reboot 2o vie4 the last five system reboot times only Iecordin9 Failed 8o9in 0ttempts # touch /var/adm/lo9inlo9 File to lo9 incorrect lo9in; .f a user tries to lo9in ' times (default) 4ith 4ron9 pass4ord a entry is created here; # cho4n root3sys /var/adm/lo9inlo9 # chmod "** /var/adm/lo9inlo9 # /usr/ucb/4hoami -urrent lo9in name # 4ho am i 8o9in name of the ori9inal user Monitorin9 su 0ttempts /etc/default/su File monitorin9 su lo9in info #$85G J0I.0O8K #$85GC/var/adm/sulo9 #pecifies the file location of the lo9 file -ontrollin9 #ystem 0ccess # /etc/default/lo9in file -5%#58KC/dev/console 2his line should be commented to lo9in as root from remote system 10##IK`CSK# Knforces that each user should have pass4ord to lo9in /etc/ftpd/ftpusers 8ists names of users prohibited from connectin9 to system throu9h F21 /etc/ftpusers #olaris !

/etc/hosts;eMuiv 7 /H5MK/;rhosts Files to determine if a remote user is allo4ed to access the local host& 4ith the identity of a local user; 2his procedure first chec, /etc/hosts;eMuiv and then /H5MK/;rhosts hostname hostname username Y .f a uses local hostBs /etc/hosts;eMuiv file contains the host name ofa a remote host& then all re9ular users of that remote host are trusted and do not need to supply a pass4ord to lo9in to the local host; Wherease the /;rhosts file applies to a specific user /etc/inetd;conf File used to control all services # svcadm disable (or) enable ftp (or) telnet in solaris )* # rsh )4*;4*;4*;)') # rcp )4*;4*;4*;)')3/test/file) . 2o copy remote system file to local # rcp /H5MK3/file) )4*;4*;4*;)')3/tmp 2o copy local files to remote system # cho4n userG fileH 2o chan9e o4ner of a file # cho4n I userG dir4 2o chan9e o4nership for folder and all its subfolders # cho4n user 3class fileH -han9in9 both the individual and 9roup o4nership in one shot # ch9rp class file4 2o chan9e the 9roup o4nership of a file or directory #etuid 1ermission on K:ecutable Files When the setuid permission is set on an e:ecutable file& a user or process that runs this e:ecutable file is 9ranted access based on the o4ner of the file; # ls l /usr/bin/su ( r(s r(:r(: ) root sys WWWW; 2he setuid permission displays as an [s\ in the o4ners e:ecutable field; Sou should disallo4 the use of setuid pro9rams or at least restrict their use # chmod 4''' De:ecutable(fileE 2o set setuid permission on a e:ecutable; # find / 6perm 4*** 2o search for setuid files #et9id 1ermission on K:ecutable Files When the process runs& it runs as if it 4ere a member of the same 9roup in 4hich the file is a member; 0lso access is 9ranted based on the permission assi9ned to that 9roup # ls l /usr/bin/4rite ( r(: r(s r(: ) root WWWW; Displays as [s\ in the 9roupBs e:ecute field # chmod G''' De:ecutable(fileE # chmod 9Ys Dshared(directoryE 2o set set9id for a directory # find / 6perm G*** 2o search for set9id files #tic,y Oit 1ermission on 1ublic Directories

.f the directory permission have the stic,y bit set& a file can be deleted only by the o4ner of the file/directory or the root user; # ls ld /tmp dr4:r4:r4t " root sys WW Displays as [t\ in the e:ecute field for other; # chmod )HHH Dpublic(directoryE # find / 6type d perm )*** 2o search for stic,y bit directory

Module 12 0on*iguring 'rinter Services /etc/lp Directory contains a hierarchy of 81 server confi9uration directories and files /var/spool/lp Directory contains a list of current reMuests that are in the print Mueue; /var/lp;lo9s 5n 9oin9 history of print reMuests /var/lp/lo9s/reMuests -ompleted print reMuest Nob /H5MK/;printers file to set default printer ((default printername) /etc/printers;conf -ontains entry for printers # lpadmin p printerO c DclassnameE -reatin9 and addin9 printer class # lpadmin p printerD c bld9G 0ddin9 printerD to bld9G class # accept DclassnameE 2o Mueuin9 print reMuest # lpstat t 2o chec, the status of the ne4 printer class # lp d DclassnameE myfile 2o print myfile to printer class # lpadmin d printername (or) printer(classname 2o set it as default # lpstat d 2o chec, the systemBs default printer # lpadmin d bld9G 2o chan9e the default printer # lpadmin : printername 2o remove a clientBs printer confi9uration # /usr/sadm/admin/bin/printm9r 7 1rint Mana9er Iemovin9 a #erverBs 1rinter -onfi9uration # reNect printerD #top Mueuin9 print reMuests # disable printerD #top the printer # lpadmin : printerD Delete the printer confi9 from the /etc/lp/printers and /etc/printers;conf # /usr/lib/lpsched 1rint services started # /etc/init;d/lp start #tartin9 by script # /usr/lib/lpshut #top print services

# /etc/init;d/lp stop #toppin9 by script

Module 13 $sing 'rint 0o!!ands # /usr/bin/lp filename 1rint to default printer # /usr/bin/lp d printername filename # /usr/ucb/lpr filename # /usr/ucb/lpr p printername filename 81 1rint #ervice 0dministration -ommand # /usr/sbin/accept printerD 1ermits print reMuests to be Mueued # /usr/sbin/reNect r [Ieplacin9 cartrid9e\ printerD #top Mueuin9 print reMuests # /usr/bin/enable printerD 0ctivates the specified printers # /usr/bin/disable Deactivates the specified printers # lpmove printer- printer0 Moves print reMuests from one printer- to printer0 # lpstat o Jie4in9 print Mueue # lpstat a printer0 2o chec, 4hether it acceptin9 print Nobs # lpmove printer- G printer- printer0 Movin9 individual print reMuests Module 1" 0ontrolling Syste! 'rocesses # /usr/dt/bin/sdtprocess 7 G$. tool for process monitorin9 # prstat Displays info about active process (' sec refresh interval) 5ptions for prstat command 6c ; -ontinuously prints ne4 reports belo4 previous reports 6n nproc Iestricts the number of output lines 6p pidlist Ieports only on process that have 1.D 6t Ieports total usa9e summary for each users 6u euidlist Ieports only processes that have an K$.D in the 9iven list 6$ uidlist Ieports only processes that have a real $.D in the 9iven list # ,ill si9nal 1.D # p,ill si9nal process # p9rep l mail 2o ,no4 1.D # p,ill sendmail 2o ,ill sendmail process # ps e U 9rep mail 2o ,no4 1.D # ,ill )4 2o ,ill mail process # ,ill si9nal 1.D 1.D 1.D # p,ill si9nal process process Default si9nal is )' ) #.GH$1 Hna9up #top 7 start 4ith the same pid

G V )'

#.G%2 #.GL.88 #.G2KIM

.nterrupt Lill 2erminate

Lill forcibly Lill properly

# p,ill 6) (or) H$1 sendmail # ,ill #.G2KIM (or) 6)' DpidE # ,ill #.GL.88 (or) 6V DpidE # ,ill #.GH$1 (or) 6) (or) H$1 DpidE # renice n 6)* )V' 2o chan9e priority 6G* Hi9hest priority for a process * %eutral priority YG* 8east priority # psrinfo sho4s ho4 lon9 the system is runnin9 # ps e #ho4s all system process # ps ef Default process details 4ith command or service name # ps ef U 9rep cron 2o vie4 specific process # at V3** pm atE find /e:port/home/userG name core rm <= >? atE -trlYD # at no4 atE banner [4elcome\ E /dev/pts/4 atE ctrlYd # # at l )*)"*H!4**;a Ieports Nobs schedule # atM #ho4s the at Nobs Mueue # ls l /var/spool/cron/atNobs Directory contains the at Nobs # at r )*)"*H!4**;a 2o remove the at Nob /etc/cron;d/at;deny We can add username to this file to deny access to at Nobs /etc/cron;d/at;allo4 We can add username to this file to allo4 access to at Nobs .f neither file at;allo4 7 at;deny file does not e:ist only the root user can use the at command; -rontab File Format *6'V *6G )6 ) )6)G )6H DcommandE Min Hour Date Month Days # crontab l Jie4 content of user crontab file # crontab e Kditin9 the file * )H T T ' /usr/bin/banner [2ime to 9oa\ E /dev/console # crontab r username Iemove a crontab file /etc/cron;d/cron;deny $sers in this file 4ill deny access to use crontab command

/etc/cron;d/cron;allo4 $sers in this file 4ill allo4 access to use crontab command .f 4e type only crontab as the command; .t 4ill 9o to process so if 4e press -trlYc then it 4onBt save the file but e:istin9 data 4ill be present; When 4e press -trlYD then all the content 4ill 9et deleted; # crontab /root(cron 2o use a bac,up file for cron Nobs; # /etc/init;d/cron stop (or) start # /var/spool/cron/crontabs Directory 4here users crontab schedule files are 9ettin9 stored; # /var/spool/cron/atNobs Directory 4here 02 Nobs 9et saved # svcadm enable (or) disable cron

Module 1% 'er*or!ing ile Syste! .acku3s /dev/rmt/#hn h 2ape Density (l&m&h&c&u) n no re4ind mt f tape6device6name command count mt status Displays status info about the drive mt offline Ie4ind the tape and if appropriate ta,es the drive unit offline mt re4ind Ie4inds the tape mt fsf count Moves the tape for4ard count records # mt f /dev/rmt/*n fsf G 1ositions the tape at the be9innin9 of the third tape record 8evel * Monthly M 2 W 4 ' 4 ' 4 ' 2h " " " F G G G

/etc/dumpdates Kach line sho4s the F# that 4as bac,ed up and the level of the last bac,up; 0lso sho4s the date& and the time of the bac,up (e9) /dev/rds,/c*tGd*s" * fri Nan 4 )V3)G3GH G**' When an incremental bac,up is performed the ufsdump command consults the /etc/dumpdates file; .t loo,s for the date of the ne:t lo4er level bac,up; 2hen the ufsdump command copies to the bac,up media all of the files that 4ere modified or added since the date of that lo4er6level bac,up; When the bac,up is complete& the /etc/dumpdates file records

a ne4 entry that describes this bac,up; 2he ne4 entry replaces the entry for the previous bac,up at that level 5ptions for the ufsdump command *;V Oac,up levels v Jerify& 0fter the tape is 4ritten for any discrepancies occur s #i@e estimate l 0utoload& you use this option 4ith an autoloadin9 tape drive o 5ffline& When the bac,up is complete; 2a,es offline& re4inds& and if possible eNect u $pdates the /etc/dumpdates file n %otify; #ends messa9es to the lo99ed6in users terminals 4ho are member of sys 9roup f device #pecify the device 2ape Oac,up Oecome root user& s4itch to sin9le user mode& and unmount the F# # /usr/sbin/shutdo4n y 9 ** [#ystem is bein9 shutdo4n for bac,up\ # umount /e:port/home # fsc, /dev/rds,/c*t*d*sH # ufsdump *uf /dev/rmt/* /dev/rds,/c*t*d*sH Iemote Oac,ups 2o perform remote bac,ups across the net4or,& the system 4ith tape drive must have an entry in its /;rhosts file for every system that uses the tape drive # ufsdump *uf hostG3/dev/rmt/* /e:port/home Module 1& 'er*or!ing ile Syste! restores 2he ufsrestore command copies files to the dis,& relative to the current 4or,in9 directory from bac,up tapes that 4ere created by the ufsdump command; 5ptions for the ufsrestore -ommand t 8ists the table of the bac,up media r Iestores the entire F# from the bac,up media : file) fileG Iestores only the files named on the command line i .nvo,es an interactive restore v #pecifies verbose mode; Displays details of the restore operation on the screen f device #pecifies the tape drive name restoresymtable #ystem creates this file 4hen you restore an entire F#; 2he ufsrestore command uses this file for chec,Cprintin9 or passin9 information bet4een incremental restores; Sou can remove this file 4hen the restore is complete; Iestorin9 the /opt F# # ne4fs /dev/rds,/c*t*d*s' # mount /dev/ds,/c*t*d*s' /opt # cd /opt # ufsrestore rf /dev/rmt/* # rm restoresymtable # cd / # umount /opt # fsc, /dev/rds,/c*t*d*s'

# ufsdump *uf /dev/rmt/* /dev/rds,/c*t*d*s' 0l4ays restore a F# by startin9 4ith the level * bac,up tape& continue 4ith the ne:t lo4er level tape and continue throu9h the hi9hest level tape; Iestorin9 /usr F# o, boot cdrom s # ne4fs /dev/rds,/c*t*d*s" # mount /dev/ds,/c*t*d*s" /a # cd /a # ufsrestore rf /dev/rmt/* # rm restoresymtable # cd / # umount /a # fsc, /dev/rds,/c*t*d*s" # ufsdump *uf /dev/rmt/* /dev/rds,/c*t*d*s" # init " 1erformin9 a special case Iecovery of the /(root) F# o, boot cdrom 6s # ne4fs /dev/rds,/c*t*d*s* # mount /dev/ds,/c*t*d*s* /a # cd /a # ufsrestore rf /dev/rmt/* # rm restoresymtable # cd /usr/platform/Buname mB/lib/fs/ufs # installboot boo,bl, /dev/rds,/c*t*d*s* # cd / # umount /a # fsc, /dev/rds,/c*t*d*s* # ufsdump *uf /dev/rmt/* /dev/rds,/c*t*d*s* # init " .nvo,in9 an .nteractive Iestore # cd /var/tmp # ufsrestore ivf /dev/rmt/* ufsrestoreE ls Display the contents of the directory structure on the bac,up tape ufsrestoreE cd directory) ufsrestoreE ls ufsrestoreE add file) fileG 0dd the files you 4ant to be restore to the e:traction list ufsrestoreE delete file) to delete a file from the e:traction list ufsrestoreE mar,ed 2o vie4 the mar,ed e:traction files ufsrestoreE e:tract 2o restore the selected files from the bac,up tape 2he ufsrestore command has to find the selected files; .f you used more than one type for the bac,up& first insert the tape 4ith the hi9hest volume number and type the appropriate number at this point; #et directory mde& o4ner& and times #et o4ner/mode for A;BQ]yn^ n 0ns4erin9 y sets o4nership and permission of the temp directory to those of the directory structure on the tape

ufsrestoreE Muit Move/copy the restored files to their ori9inal or permanent directory and delete from the temp directory 1erformin9 an .ncremental Iestore 0l4ays start 4ith the last volume and to4ards the first; 2he system uses info in the restoresymtable file to restore incremental bac,ups on top of the latest full bac,up; # more /etc/dumpdates U 9rep c*t*d*sH # ne4fs /dev/rds,/c*t*d*sH # mount /dev/ds,/c*t*d*sH /e:port/home # cd /e:port/home # ufsrestore rvf /dev/rmt/* 8oad the ne:t lo4er level tape into the tape drive and issue the follo4in9 command # ufsrestore rvf /dev/rmt/* 0lternate #teps (' 7 ") # ufsrestore iv /dev/rmt/* ufsrestoreE ls ufsrestoreE add T ufsrestoreE e:tract ufsrestoreE M 8oad the ne:t tape and perform the belo4 operation # ufsrestore iv ufsrestoreE ls ufsrestoreE addT ufsrestoreE e:tract ufsrestoreE M Module 1) .acku3 u3 a Mounted S +ith a $ S Sna3shot /usr/sbin/fssnap F Fs2ype J o special6options(s) mount6point U special 5ptions for the fssnap command 6d Deletes the snapshots associated 4ith the 9iven F#; .f o unlin, option 4as used 4hen you built the snapshot& the bac,in9 store file is deleted to9ether other4ise it has to be deleted manually 6F Fs2ype #pecifies the F# type to be used 6i Displays the state of an F#2ype snapshot 6v Kchos the complete command line& but does not e:ecute the command 6o Knables you to use special options; #uch as the location 7 si@e of bs file # fssnap F ufs o bsCbac,in9(store(path /file(system # fssnap F ufs o bsC/var/tmp /e:port/home /dev/fssnap/* bac,in9 store file 2he snapshot subsystem saves F# data in this file; 2he fssnap command creates the bac,in96store file and t4o read6only virtual devices; 2he bloc, virtual

device& /dev/fssnap/*& can be mounted as a read6only F#; 2he ra4 virtual device& /dev/rfssnap/*; Sou can limit the si@e of the bac,in96store file by usin9 the o ma:si@eCn option; .f the bac,in96store file runs out of dis, space& the system automatically deleted the ufs snapshot; # fssnap F ufs o bsC/var/tmp&ma:si@eC'**m /e:port/home # fssnap i Displays a list of all the current $F# snapshots on the system * /e:port/home ) /usr G /database # /usr/lib/fs/ufs/fssnap i /e:port/home #ho4s the details for the /e:port/home snapshot 1erformin9 a bac,up of a $F# #napshot # m,dir p /bac,ups/home;b,p -reatin9 an empty directory # mount F ufs o ro /dev/fssnap/* /bac,ups/home;b,p Mountin9 the bloc, virtual device # cd /bac,ups/home;b,p # tar cvf /dev/rmt/* (or) # ufsdump *uf /dev/rmt/* /dev/rfssnap/* # ufsrestore tf /dev/rmt/* 2o verify

1erformin9 an .ncremental Oac,up of a $F# #napshot $se ufsdump 4ith the % option to create an incremental $F# snapshot; Which 4rites the name of the device bein9 bac,ed up& rather than the name of the snapshot device to the /etc/dumpdates file # ufsdump )uf% /dev/rmt/* /dev/rds,/c)t*d*s* /dev/rfssnap/* # ufsrestore tf /dev/rmt/* 2o verify # fssnap d /e:tra(#ource F#) 2o remove a snapshot # rm /var/tmp/snapshot* Iestorin9 Data from a $F# #napshot Oac,up 2he bac,up created from a virtual device is a bac,up of the ori9inal F# 4hen the $F# snapshot 4as ta,en; Sou can restore a $F# snapshot from a bac,up tape in the same manner as you 4ould the bac,up of an ori9inal F# # cd /usr # ufsrestore if /dev/rmt/* ufsrestoreE add demo ufsrestoreE e:tract ufsrestoreE Muit Deletin9 a $F# #napshot # umount /dev/fssnap/*

# fssnap 6d /e:port/home # rm /bac,in9(store(file

Module 1 Descri4ing Inter*ace 0on*iguration 2o ,no4 M0- 0ddress of %.- -ard o, banner # ifconfi9 a !3*3G*3V 3cVW; #un manufacturin9 %.- card hme* Mfe* eri* leo* #un %.- card types # ifconfi9 hme* do4n 2o do4n the %.# ifconfi9 hme* up 2o up the %.# pin9 s )4*;4*;*;)G -ontinuous pin9in9

# snoop 2o display incomin9 7 out9oin9 pac,ets; 1ress -trlYc to stop the snoop utility # snoop .1) .1G 2o capture communication bet4een t4o systems # snoop a dhcp 2o turn on audible clic,s for all net4or, traffic related to a dhcp boot # snoop J #ummary verbose output # snoop v Detailed verbose output # snoop o filename Iedirects the snoop utility output to filename in summary mode # snoop i filename Displays pac,ets that 4ere previously captured in filename /etc/hosts 8in, file to /etc/inet/hosts /etc/inet/hosts #hould contain .1 7 hostname

 G virtual interface is possible hme*3) hmeo3G W;; hme*3 G -onfi9urin9 .1v4 .nterfaces at Ooot 2ime /etc/rc#;d/# *net4or,;sh 6 file # cat /etc/hostname;hme* sys4) (or) )VG;)"!; *;4) # cat /etc/inet/hosts )VG;)"!; *;4) sys4)

plumb 2o sync the .1 and the confi9 files -han9in9 the #ystem Hostname /etc/nodename File to chan9e hostname /etc/hostname;::n /etc/inet/hosts /etc/net/ticlts/hosts /etc/net/ticots/hosts /etc/net/ticotsord/hosts 2he /etc/net/ticT directories contains a host file; 2hese files contain confi9 info for transport independent net4or, services; .f these files become corrupted& unpredictable results can occur; # sys6unconfi9 For total reconfi9uration Module 2 Descri4ing the 0lient Server Model inetd (.nternet #ervice Daemon) Iesponsible for 5n6Demand services e9; 2elnetd& ftpd /etc/inetd;conf -onfi9 file for inetd daemon 2o turn6off a service& add a symbol to the be9innin9 of the correspondin9 to that service in the /etc/inetd;conf file& and send a H$1 reMuest; # p,ill H$1 inetd Iestartin9 the inetd services /etc/inet/services #ervices file /etc/inet/protocols Ie9istered protocols are listed here %et4or, 1orts Well6,no4n ports 7 ephemeral (short6lived) ports 1ort 0ssi9nment -entral 0uthority (Well6,no4n) 7 Dynamic Oindin9 (ephemeral) -entral 0uthority 1orts * )*G4 Dynamic Oindin9 )*G4 "'*** #tartin9 #ervices that use a Well6Lno4n 1ort ); #ervices that start by default at system boot time (e9; #endmail) G; #ervices start on6demand (e9; telnet) #tartin9 I1- #ervices ); #ervices that start by default at system boot time

G; #ervices start on6demand 2he rpcbind process (Daemon) associates I1- pro9ram numbers 4ith port numbers; /etc/rcG;d/#H)rpc script initiali@es the rpcbind service (port )))) rpcbind 6 ))) port number 6 Iesposible for rpc services /etc/rpc -onfi9 file for rpc services # 9rep rpcbind /etc/services sunrpc )))/udp rpcbind sunrpc )))/tcp rpcbind # rpcinfo p rpcbind information 1ro9 %o Jersion 1rotocol 1ort #ervice %ame # rpcinfo d )**G(1ro9 %o) )(Jersion) Deletin9 I1- service re9istration

Module 3 0usto!i5ing the SM0 # /etc/init;d/init;4bem status (or) stop (or) start #M- #ervice (port !V!) # smc #tartin9 the console # smc edit #tartin9 the toolbo: editor http3//hostname3!V!/toolbo:es/smc/smc;tb:

Module " Managing s+a3 con*iguration Jirtual Memory C I0M Y Dis, #pace < #4ap #lice U #4ap File U I0M = #4ap #pace # s4ap s #ummary of virtual s4ap space # s4ap l 8ists the details of systems physical s4ap (#4ap file 7 #4ap #lice) 0ddin9 #4ap #pace # vi /etc/vfstab /dev/ds,/c)t*d*s 6 6 s4ap 6 no 6 # s4ap a /dev/ds,/c)t*d*s 2o add s4ap space from HDD slice; 0ddin9 #4ap File # m,file G*m /e:port/data/s4apfile #4ap file allocation # s4ap a /e:port/data/s4apfile # s4ap l 2o list the details of the modified system s4ap space # s4ap s 8ist a summary of the modified system s4ap space # vi /etc/vfstab /e:port/data/s4apfile 6 6 s4ap 6 no 6

Iemovin9 #4ap #pace # s4ap d /dev/ds,/c)t*d*s Iemovin9 #4ap File # s4ap d /e:port/data/s4apfile # rm /e:port/data/s4apfile 0lso remove entry from vfstab 0lso removes entry from vfstab

Module % Managing 0rash Du!3s # 0ore iles When an 5# has a fatal error& it 9enerates a crash dump file (crash dump); When a process has a fatal error& it 9enerates a core file; .f the #olaris 5K ,ernel encounters a problem or 4hen an une:pected hard4are fault occurs& the panic routine is e:ecuted; Where memory contents are copied to a dis, partition defined as a dump device; When an 5# crashes& the savecore command is automatically e:ecuted durin9 a boot; 2he savecore command retrieves the crash dump from the dump device and then 4rites the crash dump to a pair of files in your F#; .t places ,ernel core info in the /var/crash/nodename/vmcore;+ file .t places name list info 7 table info in the /var/crash/nodename/uni:;+ file Oy default& the dump device is a s4ap partition; 2he s4ap partition contains temp data& therefore permanent data is over4ritten by the crash dump; # dumpadm 2o vie4 the current dump confi9uration Dump -ontent 3 Lernel pa9es (or) 0pplication 1a9es (or) 0ll Dump device 3 /dev/ds,/c*t*d*s) (s4ap) #avecore directory 3 /var/crash/host) #avecore enabled 3 yes # cat /etc/dumpadm;conf -ontent of dumpadm command -han9in9 the -rash Dump confi9uration /usr/sbin/dumpadm ]6nuy^ ]6c content6type^ ]6d dump6device^ ]6m min, U minm > minR^ ]6r root6dir^ ]6s savecore6dir^ 6n Modifies the dump confi9 so it does not run the savecore command automatically on reboot 6u Forcibly updates the ,ernel dump confi9 based on the contents of /etc/dumpadm;conf 6y Modifies the dump confi9 so that the savecore command is run automatically on reboot; 2his is default 6c content6type 2he content type can be ,ernel& all& or curproc; 2he curproc includes the ,ernel& memoty pa9es and the memory pa9e of the currently e:ecutin9 process 6d dump6device 2he dump device cab be an absolute path of s4ap 6m min, U minm U minR -reates a minfree file in the current savecore6dir

6r root6dir

#pecifies an alternative root directory relative to 4hich dumpadm command should create files; 2he default root dir [/\ is used; 6s savecore6dir2o mention savefiles dir; 2he default is /var/crash/hostname Mana9in9 -ore File Oehavior 0 core file is a point6in6time copy (snapshot) of the I0M allocated to a process; 2he copy is 4ritten to a more permanent medium& such as a HDD; 0 core file is useful in analy@in9 4hy a particular pro9ram crashed; When a core file occurs& the 5# 9enerated t4o possible copies of the core files& one copy ,no4n as the 9lobal core file and the other copy ,no4n as per process core file; 0ll depends on options in effect; Global core file is created in mode "** and is o4ned by the superuser; 5rdinary per6process core files are created in mode "** under the credentials of the process; # coreadm Displays the currnet core file confi9 9lobal core file pattern 3 .dentifies the name to use for core files placed in 9lobal directory init core file pattern 3 core .dentified the default name that per6process core files must use 9lobal core dumps 3 disabled .ndicates 9lobal core files are disabled per6process core dumps 3 enabled 9lobal setid core dumps 3 disabled per6process setid core dumps 3 disabled 9lobal core dump lo99in9 3 disabled # cat /etc/coreadm;conf -ontent of coreadm command Sou can enable or disable t4o confi9urable core file paths& per6process and 9lobal& separately; .f a 9lobal core file path is enabled and set to /corefiles/core& for e9; 2hen each process that terminates abnormally produces t4o core files3 5ne in the current 4or,in9 directory& and one in the /corefiles/core directory; coreadm ]6p pattern^ ]pid^WWW; $sers can run this command coreadm ]69 pattern^ ]6. pattern^ ]6d optionWW^ ]6e optionW;;^ only root user can run 6i pattern #ets the per6process core file name pattern from init to pattern 6e option Knables the specified core file option 9lobal Knables core dumps by usin9 the 9lobal core pattern process Knables core dumps by usin9 the per6process core pattern 9lobal6setid Knables setid core dump by usin9 the 9lobal core pattern proc6setid Knables setid core dumps by usin9 the per6process core pattern lo9 Generates a syslo9 ( ) messa9e 4hen a user attempts to 9enerate a 9lobal core file 6d option Disables the specified core file option; #ee the e option for possible options 6u $pdates system64ide core file options from the confi9 file /etc/coreadm;conf; 69 pattern #ets the 9lobal core file name pattern to pattern; 2he pattern must start 4ith a / 6p pattern #ets the per6process core file name pattern to pattern; 1attern options for the coreadm -ommand Rp Ru R9 Rf Rn 1.D K$.D KG.D K:ecutable file name #ystem node name (uname n)

Rm Rt RR

Machine hard4are name (uname m) 2he time in seconds since midni9ht Nan ) )VH* 8iteral R

# coreadm p core;Rf;Rp // When e:ecuted from a users /H5MK/;profile (or) ;lo9in file sets the core file name pattern for all processes run durin9 the lo9in session; 2he // variable is the 1.D of the currently runnin9 shell; 2he per6process core file name pattern is inherited by all child processes; # coreadm p /H5MK/corefiles/Rn;Rf;Rp // 2his command places all of the userBs core files into the corefiles subdirectory of users home directory& differentiated by the system node name; # coreadm 9 /var/core/core;Rf;Rp e 9lobal 2his sets system64ide parameters that add the e:ecutable filename and 1.D to the name of any core file that is created; # coreadm to verify that this parameter is no4 part of the core file confi9uration # coreadm GH! '"H! #earch for the core dump file; 5nly the o4ner of a process or the superuser can Muery a process by usin9 the coreadm command 4ith a list of 1.Ds;

Module & 0on*iguring 6 S %F# #erver Files /etc/dfs/dfstab /etc/dfs/sharetab /etc/dfs/fstypes /etc/rmtab /etc/nfs/nfslo9;conf /etc/default/nfslo9d 8ists the local resources to share at boot time 8ists the local resources currently bein9 shared; 8ists the default F# types for remote F# 8ists F# remotely mounted by %F# clients 8ists info of the location of confi9 lo9s used for %F# server lo99in9 8ists confi9 info describin9 the behavior of the nfslo9d daemon

# cat /etc/dfs/dfstab share F nfs o ro /e:port/sys44(data # cat /etc/dfs/sharetab /e:port/sys44(data 6 # cat /etc/dfs/fstypes nfs %F# $tilities autofs 0$25F# $tilities nfs ro

cachefs -0-HKF# $tilities # cat /etc/rmtab sys4G3/e:port/sys446data #sys4)3/usr/share/man #sys4 3/e:port/sys44(data 2he # entries are removed by the mountd daemon durin9 a system startup %F# #erver Daemons 2o start the %F# server daemons or to specify the number of concurrent %F# reMuests that can be handled by the nfsd daemon& use the /etc/rc ;d/#)'nfs;server script mountd nfsd statd loc,d nfslo9d Handles F# mount reMuests from remote systems& and provides access control Handles client F# reMuests Wor,s 4ith the loc,d daemon to provide crash recovery functions for the loc, mana9er #upports record loc,in9 operations on %F# files 1rovides operational lo99in9

# /etc/init;d/nfs;server start 2o start %F# server daemon # /etc/init;d/nfs;server stop 2o stop %F# server daemon %F# #erver -ommands # share 2o share directory and also displays the contents of the /etc/dfs/sharetab file # unshare /test $nshare the share # shareall #hares all resources listed in the /etc/dfs/dfstab file # unshareall $nshare currently shared file resources listed in the /etc/dfs/sharetab file # dfshares Displays currently shared resources by usin9 the %F# dameon mountd # dfshares )4*;4*;4*;)"* 8ists available shared resources in remote system # dfmounts Displays a list of %F# resources that are currently mounted and client list # dfmounts sys4G Displays %F# resources of sys4G that are currently mounted 7 clients share ]6F nfs^ ]6o options^ ]6d description^ ]pathname^ # share o ro /e:port/sys44(data Oy default resources available 4ith IW; 0ccess decision is based on a comparison of the $.D of the client and the o4ner; 2he #hare -ommand 5ptions ro .nforms clients that the server accepts only read reMuests r4 0llo4s the server to accept read and 4rite reMuests from the client rootCclient .nforms client that the root user on the specified client system or systems can perform superuser6privile9ed reMuests on the share resource; roCaccess6list 0llo4s read reMuests from the specified access list r4Caccess6list 0llo4s IW reMuests from the specified access list 0ccess 8ist 5ptions access6listCclient3client 0llo4s access based on a colon6separated list of clients

access6listCZnet4or, access6listC.domain access6listCnet9roup(name anonCn

0llo4s access based on a net4or, number (e9 Z)VG;)"!;)** or a net4or, name e9; Zmynet;com); 2he net4or, name must be defined in the /etc/net4or,s file 0llo4s access based on a D%# domain 0llo4s access based on a confi9 net 9roup (%.#) or (%.#Y) #ets n to be the effective user .D (K$.D) of anonymous users; Oy default& anonumous users are 9iven the K$.D "**)6nobody user; .f n is set to )& access is denied;

# share F nfs o ro direcctory Iestricts access to read6only access; # share F nfs o ro&r4Cclient) directory Iestricts access to read6only& ho4ever& the %F# server accepts both read 7 4rite reMuests from the client client) # share F nfs o rootCclientG directory 0llo4s the root user on the client named clientG to have superuser access to the %F# mounted resources # share F nfs o ro&anonC* directory Oy settin9 the option anonC*& the K$.D for access to shared resources by an anonymous user is set to *; 2he access is also set to read only; # share 6 /e:port/sys44(data Mana9in9 the %F# -lient %F# -lient Files /etc/vfstab Defines F# to be mounted locally /etc/mnttab 8ists currently mounted F# includin9 automounted directories; /etc/dfs/fstypes 8ists the default F# types for remote F# %F# -lient Daemons 2he %F# client daemons are started usin9 the /etc/rcG;d/#H nfs;client script statd Wor,s 4ith the loc,d daemon to provide crash recovery functions loc,d #upports record6loc,in9 operations on %F# files /etc/init;d/nfs;client start (or) stop %F# -lient -ommands dfshares mount umount mountall umountall dfmounts 8ists available shared resources from a remote or local %F# server 0ttach a file resource to a specified local mount point $nmounts a currently mounted file resources Mounts all file resources or a specified 9roup of file resources listed in the /etc/vfstab file 4ith a mount at boot value of yes $nmounts all non6critical local and remote file resources Displays a list of currently mounted %F# server directories ro [\

mount ]6F nfs^ ]6o options^ server3pathname mount6point

# mount sys443/e:port/sys44(data /e:port/remote6data # mount o ro sys4'&sys4 &sys4)3/multi(home(data /remote(shared(data When mountin9 a read6only remote resources& you can specify a comma separated list of sources for the remote resources; Which are then used as a list of failover resources # umount /e:port/remote6data $nmountin9 remote F# from the client # mountall r 2o limit the action of this command to remote file resources; # umountall r 2o unmount all remote file systems Mountin9 Iemote Iesources at Ooot 2ime Knter appropriate entries in the clientBs /etc/vfstab file to mount the remote file resources at boot time; # vi /etc/vfstab sys443/e:port/sys44(data 6 /e:port/remote6data nfs 6 yes soft&b9 Mount -ommand 5ptions r4 U ro Iead/Write or read6only; 2he default is read/4rite b9 U f9 Ietry to mount in bac,9round or fore9round; 2he default is to retry in the fore9round soft U hard #oft option reports an error on the reMuest& and stop tryin9 4hen retransCn reach; Whereas hard option prints a 4arnin9 messa9e and continue to try; Default is hard mount intr U nointr Knables or disabled the use of LO interrupts to ,ill aprocess that han9s on a hard6mounted F#; 2he default is intr; suid U nosuid .ndicates 4hether to enable setuid e:ecution; Default is setuid e:ecution timeoCn #ets the timeout to n tenth of a second; 2he default timemout is ))& measures in one6tenth of a second for $D1 and "** tenths of a second for 2-1; retryCn #ets the no of times to retry the mount operation; Default is )*&*** times retransCn #ets the number of %F# retransmission to n; 2he default is ' for $D1;

Knablin9 the %F# #erver 8o99in9 nfslo9d daemon responsible for %F# lo99in9 2he /etc/nfs/nfslo9;conf file defines the path& file names& and type of lo99in9 that the nfslo9d daemon must use; 2here is a taM correspondin9 to each definition; K9; 5f nfslo9;conf file # %F# server lo9 confi9uration file 9lobal defaultdirC/var/nfs > lo9Cnfslo9 fhtableCfhtable bufferCnfslo9(4or,buffer defaultdirCdir(path #pecifies the default parent directory lo9Clo9file(pat #pecifies relative or absolute path and the filename for the 0#-.. lo9 file fhtableCtable(path #pecifies path and the filename for the file6handle6to6path DO file bufferCbuffer(path #pecifies path and the filename for the ra4 buffer file lo9 formatCbasic U e:tended #pecifies the format 4hen creatin9 user6redable lo9 files

2o easily identify the lo9 files for different shared resources& place them in separate dir; For e9; # cat /etc/nfs/nfslo9;conf 9lobal defaultdirC/var/nfs > lo9Cnfslo9 fhtableCfhtable bufferCnfslo964or,buffer public defaultdirC/var/nfs/public > lo9Cnfslo9 fhtableCfhtable bufferCnfslo964or,buffer -reate the /var/nfs/public directory before startin9 %F# server lo99in9 #pecify a ta9 by enterin9 the ta9 to use 4ith the lo9CtaM option in the /etc/dfs/dfstab file; $se the lo9 option 4ithout specifyin9 a taM& 4hich mean use the default 9lobal ta9 share F nfs o ro&lo9 /e:port/sys44(date /etc/default/nfslo9d 2he confi9 info file controls the lo99in9 behavior of the nfslo9d daemon;

Module ) 0on*iguring (uto S 2he automount facility contains three components 2he 0utoF# F# 2he automountd daemon 2he automount command 2he 0utoFs map types Master Map 2he auto(master map associates a directory& also called a mount point& 4ith a map; Direct Map 8ists the mount points as absolute path names; 2his map e:plicitly indicates the mount point on the client; .ndirect Map 8ists the mount points as relative path names; 2his map uses a relative path to establish the mount point on the client; #pecial 1rovides access to %F# servers by usin9 their host names # cat /etc/auto(master

Yauto(master /net 6hosts /home auto(home /:fn 6:fn

6nosuid&nobro4se 6nobro4se

#ynta: Mount point map name(direct or indirect map) mount options(similar to standard mount options; Out nobro4se option is an 0utoF# specific mount option 2he plus(Y) symbol at th be9innin9 of the Yauto(maser line directs the automountd daemon to loo, at the %.#& %.#Y& or 8D01 databases before it reads the rest of the map; .f this line is commented out& only the local files are searched unless the /etc/nss4itch;conf file specifies that %.#& %.#Y& or 8D01 should be searched; 2he t4o mount points for special maps are hosts map 7 6:fn map 2he hosts map 1rovide access to all resources shared by %F# servers; 2he resources bein9 shared by a server are mounted belo4 the /net/hostname directory& or if only the serverBs .1 address is ,no4n belo4 the /net/.1address directory; 2he server doesnBt have to be listed in the hosts database for this mechanism to 4or,; 2he :fn map 1rovides access to resources available throu9h the Federated %amin9 #ervice (F%#); Iesources associated 4ith F%# mount belo4 the /:fn directory Direct Map # cat /etc/auto(master ; ; /6 auto(direct 6ro 2he /6 mount point is a pointer that informs the automount facility that the full path names are defined in the file specified by map6name(the /etc/auto(direct file in this e:ample) # cat /etc/auto(direct # #uper $ser created direct map for automounter /apps/frame 6ro&soft server)3/e:port/framema,er /opt/local 6ro&soft serverG3/e:port/unbundled /usr/share/man 6ro&soft server &server43/usr/share/man .ndirect Map 2he /home entry defines a mount point for an indirect map; 2he map auto(home list relative path names only; 2he #olaris G;" throu9h #olaris V 5K support bro4sin9 of indirect maps and special maps 4ith the bro4se option; 2he nobro4se option disables the bro4sin9 of indirect maps; 2he default option is bro4se # cat /etc/auto(home Yauto(home steven hosts'3/e:port/home/steven mary mars3/e:port/home/marry Ieducin9 the auto(home map to a sin9le line

T server)3/e:port/home/7 2he client remotely mont the /e:port/home/lo9in.D directory from the %F# server server) onto the local mount point /home/lo9in.D; Wildcard character(T) to match any ,ey; 2he substitution character (7) at the end of the location is replaced 4ith the matched ,ey field; Iun the automount command 4hen ma,in9 chan9es to the master map or creatin9 a direct map to ma,e the chan9es effective; Sou do not have to stop and restart the automountd daemon after ma,in9 chan9es to e:istin9 entries in a direct map; 0utomount ]6t duration^ ]6v^ 6t #pecifies a time in seconds& the F# remains mounted 4hen not in use; Default is "** sec; When to run the automount command 0utomount Map Iun if entry is added/deleted Master map yes Direct map yes .ndirect map no Iun if entry is modified yes no no

# cat /etc/mnttab 6hosts /net autofs indirect&nosuid&i9nore&nobro4se devC4 ****)U)**!G''!)* auto(home WWWW; 6:fn WWWW; # /etc/init;d/autofs start (or) stop

Module , # 1 Solaris volu!e Mange!ent metadb a ]6f^ ]6c n^ ]6l nnnn^ dis,(slice 6a 0dds a stale database replica 6f Force the creation of the initial replica& even if no replica e:ist; 6c n #pecifies the number of replicas to add to the slice 6l nnnn #pecifies the si@e of the ne4 replica in bloc,s dis,(slice #pecifies the name of the dis,(slice that 4ill hold the replica # metadb a f c*t*d*s4 c*t*d*s' c)t*d*s* c)t*d*s) 2o create metadb # metadb Ieports the status of all replicas I0.D * -onfi9 # metainit d)*(name d*6dn) (total dis,/slice) ) c*t)d*s* ) c*t)d*s) ) c*t)d*s # ne4fs /dev/md/rds,/d)* # metaclear d)* Delete the volume

# metainit d*(partition name) p d)*(volume name) )***m -reatin9 partition # metattach d* VVVm 2o increase partition si@e # 9ro4fs M /m)(mount point) /dev/md/rds,/d* 2o create F# for e:tra space added # metattach d)*(volume) c*t)d*s4 2o increase space for volume I0.D ' -onfi9 # metainit dG* r(raid ' option) c*t)d*s* c*t)d*s) c*t)d*s # metadb d f c*t)d*sH 2o delete metadb I0.D ) -onfi9 # metainit d)* m d* 2o create mirror 2hen reboot # metattach d)* d) 0ttachin9 another dis, to mirror # metastat 2o chec, the status of mirror dis, Ouildin9 a Mirror of the Ioot (/) File #ystem metainit f concat/stripe numstipes 4idth componentsWW # metainit f d* ) ) c*t*d*s* d* concat/stripe is setup # metainit d) ) ) c*t)d*s* d) concat/stripe is setup metainit mirror m submirror ]read(options^ ]4rite(options^ ]pass(num^ read(options 69 Knables the 9eometric read option& 4hich results in faster performance on seMuential reads 6r Directs all reads to th first submirror; $se this option& 4hen the devices that comprise the first submirror are substantially faster than those of the second mirror; Sou cannot use r option 4ith the 9 option; .f neither the 9 nor r options are specified& reads are made in a round6robin order from all submirros in the mirror; 2his process enables load balancin9 across the submirros; 4rite(options # 1erforms serial 4rite to mirrors; 2he default settin9 for this option is parallel 4rite 1ass(num 0 number (*6V) at the end of an entry definin9 a mirror that determines the order in 4hich that mirror is resynchroni@ed durin9 a reboot; 2he default is ); .f * used resync is s,ipped; # metainit d)* m d*

d)* 3 Mirror is setup # metaroot d)* $pdates /etc/system file also /etc/vfstab # 9rep md /etc/vfstab /dev/md/ds,/d)* /dev/md/rds,/d)* / ufs ) no 6

2he metaroot command also updates the /etc/system file to contain the forceload statement that loads the ,ernel modules that support the lo9ical volumes; # tail /etc/system forceload 3 misc/md(hotspares forceload 3 misc/md(sp forceload 3 misc/md(stripe forceload 3 misc/md(mirro forceload 3 drv/pcipsy ; ; ; rootdev3/pseudo /mdZ*;)*;bl, Sou must reboot the system before attachin9 the secondary submirror # init " # metattach d)* d) d)*3 #ubmirror d) is attached # ls l /dev/ds,/c)t*d*s4 Iecord the path that follo4s the /devices directory3 /pciZif&*/pciZ)/scsiZ4;;;;;;;;;;;;;;;;;;;;;; o, nvalias bac,up(root /pciZif&*/pciZ)/scsiZ4&)/dis,ZG&*3b o, printenv boot6device boot6deviceCdis, net o, setenv boot6device dis, bac,up(root net boot6deviceCdis, bac,up(root net o, boot bac,up(root 2o test the secondary submirror $nmirrorin9 the Ioot (/) File #ystem # metastat d)* 2o verify that status of the mirror # metadetach d)* d) 2o ma,e a one64ay mirror d)*3 submirror d) is detached # metaroot /de/ds,/c*t*d*s* 2o chan9e entries in /etc/vfstab and /etc/system # init " # metaclear r d)* 2o clear the mirror and submirror; 2he r deletes metadevices d)*3 Mirror is cleared d*3 -oncat/#tripe is cleared # metaclear d) d)3 -oncat/#tripe is cleared

Module 7 12 (0L entry6type3]$.D or G.D^3perm

.ntroducin9 0-8 -ommands 9etfacl ]6a^ ]6d^ filename(s) Displays 0-8 entries for files 6a Displays the filename& file o4ner& file 9roup& and 0-8 entries for the specified file 6d Displays the filename& file o4ner& file 9roup& and default 0-8 entries setfacl m acl(entries filename -reats or modify 0-8 entries on files setfacl s acl(entries filename #ubstitute ne4 0-8 entries for old 0-8 entries setfacl d acl(entries filename Deletes one or more 0-8 entries on files setfacl f acl(file filename #pecifies an 0-8 confi9uration file that contain 0-8 entries to set on other files setfacl r filename Iecalculate the 0-8 mas, based on the 0-8 entries; When used 4ith m or s option / ls l (r4(r((r((Y ) userc staf * Xan G ) 34* fileG 0 plus si9n appears for files contains 0-8 permission 2here are no effective permission listed for a fileBs o4ner or [othersB users; Ho4ever& the fileBs 9roup and any other specific users or 9roups present in the 0-8 list have effective permissions; When no 0-8 mas, is specifically set on a file or directory& the 0-8 mas, has the same permissions as the 9roup permissions for that file or directory; / 9etfacl file) %o 0-8 entries present file 3 file) o4ner 3 userc 9roup 3 sysadmin user33r4( 9roup33r(( # effective3r(( mas,3r(( other3r(( / 9etfacl fileG -ustom 0-8entry present file 3 fileG o4ner 3 userc 9roup 3 sysadmin user33r4( user33usera3r4: # effective3r(( 9roup33r(( # effective3r(( mas,3r(( other3r(( 2he effective permission sho4s 4hich permissions are allo4ed; When you compute the intersection (a Ooolean lo9ical 0%D operation) of the 0-8 entry and the 0-8 mas,; / setfacl m u3userb3H fileG #et special permission to userb(username) / 9etfacl fileG file 3 fileG o4ner 3 userc 9roup 3 sysadmin user33r4( user33usera3r4: # effective3r(( user3userb3r4: # effective3r(( 9roup33r(( # effective3r((

mas,3r(( other3r(( / setfacl d u3usera fileG Iemovin9 special permissions / 9etfacl fileG file 3 fileG o4ner 3 userc 9roup 3 sysadmin user33r4( user3userb3r4: # effective3r(( 9roup33r(( # effective3r(( mas,3r(( other3r(( setfacl s u33perm&933perm&o3perm&m3perm&]u3$.D3perm^&]93G.D3perm^ filename / setfacl s u33r4:&933r4(&o3r((&m3r4(&u3usera3r4: file) / 9etfacl file) file 3 file) o4ner 3 userc 9roup 3 sysadmin user33r4: user3usera3r4: # effective3r4( 9roup33r4( # effective3r4( mas,3r4( other3r(( / setfacl s u33H&933"&*34&m3"&u3usera3H fileG / setfacl r m u3usera3H file) -han9e the umas, value as 4ell as to the user(Iecalculatin9 an 0-8 mas,) / 9etfacl file) file 3 file) o4ner 3 userc 9roup 3 sysadmin user33r4: user3usera3r4: # effective3r4: 9roup33r4( mas,3r4: other3r(( 9etfacl filename) U setfacl f filenameG / 9etfacl file) U setfacl f file -opyin9 an 0-8 8ist Sou can set default 0-8 entries only on directories; Sou must set default 0-8 entries for the user& 9roup& other& and 0-8 mas, before you set a default 0-8 entry for an additional user of 9roup; / p4d /e:port/home/userc / m,dir dir) dr4:r(:r(: G userc sysadmin ')G 0pr GV )H3)) dir) / 9etfacl dir) # file3dir) # o4ner3userc # 9roup3sysadmin

user33r4: 9roup33r(: mas,3r(: other3r(:

# effective3r(:

/ setfacl m d3u33r4:&d3933r(:&d3o3r(:&d3m3r(: dir) / setfacl m default3user3usera3r4: dir) / 9etfacl dir) # file3dir) # o4ner3userc # 9roup3sysadmin user33r4: 9roup33r(: # effective3r(: mas,3r(: other3r(: default3user3r4: default3user3usera3r4: default39roup3r(: default3mas,3r(: default3other3r(: Kffect of Default 0-8s on %e4 #ubdirectories When a directory contains a default 0-8& the permissions 9ranted to the user& 9roup& and other cate9ories for the directory represent the intersection of mode HHH& 4hich is the $%.+ default for directories 4ithout umas, influence; When a subdirectory/file created& the permissions on the ne4ly created subdirectory/file are 9enerated accordin9 to the intersection bet4een the default 0-8 entries and the permissions set initially durin9 creation; / m,dir dir)/subdir) / ls l dir) dr4:r(:r(:Y G userc sysadmin ')G 0pr * *!3*) subdir) / 9etfacl dir)/subdir) / 9etfacl dir)/subdir) # file3dir)/subdir) # o4ner3userc # 9roup3sysadmin user33r4: 9roup33r(: # effective3r(: mas,3r(: other3r(: default3user3r4: default3user3usera3r4: default39roup3r(: default3mas,3r(: default3other3r(: .f default 0-8 entries chan9ed for the dir) it 4onBt affect the 0-8 of dir)/subdir); Out if 4e create ne4 subdirectory the ne4 0-8 of the dir) 4ill 9et inherited; / setfacl m d3user33r4:&d39roup33r4:&d3other3r4:&d3mas,3r4: dir) / m,dir dir)/subdirG / 9etfacl dir)/subdirG

user33r4: 9roup33r4: # effective3r4: mas,3r4: other3r4: default3user33r4: default3user3usera3r4: default39roup33r4: default3mas,3r4: default3other3r4: / cd dir)/subdirG / touch filea / ls l (r4(r4(r4(Y ) userc sysadmin * 0pr * ) 3 4 filea / 9etfacl filea user33r4( user3usera3r4: # effective3r4( 9roup33r4( # effective3r4( mas,3r4( other3r4( 2he permission 9ranted to the user& 9roup& and other cate9ories for filea represents the intersection of mode """(default for files 4ithout umas, influence) 4ith the default entries associated 4ith the directory are set to r4:& the e:ample of intersection is clear; 2he mas, value doesnBt e:ceed the permissions assi9ned to the 9roup; Kventhou9h the /dir)/subdirG directory lists r4: as the default mas, value inherit only upto r4(; 2he entry for usera 4as applied as a standard 0-8 entry and not as a default entry& because only directory replicate default entries;

Module 11 /.(0 8/ole .ased (ccess 0ontrol9 /etc/user(attr 2he e:tended user attributes database& 4hich associates users and roles 4ith authori@ations and ri9ht profiles in addition to the /etc/pass4d& /etc/9roup& and /etc/shado4 files /etc/security/prof(attr 2he ri9hts profile attributes database& 4hich defines profiles& lists the profileBs assi9ned authori@ations and any nested ri9hts profiles& and identifies the associated help files; /etc/security/e:ec(attr 2he e:ecution attributed database& 4hich defines the privile9ed commands and scripts assi9ned to a profile;

/etc/security/auth(attr 2he authori@ation attributes database& 4hich defines authori@ations and their attributes; 2his database also identifies the associated help file; /etc/security/policy;conf File provides system default authori@ations for users 2he /etc/user(attr Database user3Mualifier(reserved)3res)(reserved)3resG(reserved)3attr attr 3 0n optional list of semicolon separated (?) ,ey value pairs that describe the security attributes to be applied 4hen the user runs commands; type -an be normal or role; 0 role is assumed after the user has lo99ed in; auths #pecifies a list of authori@ation chosen from names defined in the auth(attr DO profiles #pecifies a list of profile names chosen from the /etc/security/prof(attr DO roles #pecifies a list of role names defined in the same /etc/user(attr DO; Ioles are indicated by settin9 the type value to role; Ioles cannot be assi9ned to other roles; sysadmin3333typeCrole?profilesCDevice Mana9ement&Filesystem Mana9ement& 'rinter Manage!ent Nohndoe3333typeCnormal?authCsolaris;system;date?rolesCsysadmin 2he /etc/security/prof(attr Database profname3res)3resG3desc(description)3attr attr 3 2he security attrinutes to apply to the obNect upon e:ecution; Sou can specify @ero or more ,ey; 2he t4o valid ,eys are help and auths; # 9rep A1rinter Mana9ementB /etc/security/prof(attr 'rinter Manage!ent333mana9e 1rinters& daemns& > WWWWWWWW?authsCsolaris.ad!in.3rinter.read& > 2he 1rinter Mana9ement profile& 4hich is defined in the /etc/security/prof(attr DO& is assi9ned to the sysadmin role in the /etc/user(attr DO; 2he 1rinter mana9ement profile is defined in the prof(attr DO as havin9 all authori@ations& be9innin9 4ith the solaris;admin;printer;strin9& assi9ned to it; 2hese authori@ations are defined in the /etc/security/auth(attr DO; solaris.ad!in.3rinter.read333vie4 printer information33>

2he /etc/security/e:ec(attr Database name3policy3type3res)3resG3id3attr name %ame of the profile policy 2he security policy associated 4ith this entry; 2he suser (superuser policy model) is the only valid policy entry; type 2he type of entity; Whose attributes are specified; 2he only valid type is cmd id a strin9 identifyin9 the entity; -ommand should have full path or a path 4ith 4ildcard

attr euid and uid U e9id and 9id 'rinter Manage!ent3suser3cmd333/usr/sbin/accept3euidClp 2he /etc/security/auth(attr Database Sou can assi9n authori@ation directly to users or roles in the /etc/user(attr DO; Sou can also assi9n authori@ations to ri9hts profiles& 4hich are assi9ned to roles; authname3res)3resG3short(desc3lon9(desc3attr authname 0 uniMue character strin9 that identifies the authori@ation in the prefi:;suffi:];^ format; 2he /etc/security/policy;conf file 2his file lets you 9rant specific ri9hts profiles and authori@ation to all users; 24o types of entries in the file are 0$2H#(GI0%2KDCauthori@ations 1I5F#(GI0%2KDCri9ht(profiles # cat policy;conf 0$2H#(GI0%2KDCsolaris;device;cdr4 1I5F#(GI0%2KDCOasic #olaris $sers # roleadd m d /e:port/home/tarbac, m c [1rivile9ed tar bac,up role\ p [Media Oac,up& Media Iestore\ tarbac, 60 authori@ation and 6p profile 0ssi9n authori@ation and profiles respectively to the role; # rolemod 0 auth)&authG p profile)&profileG role) 0dditional -ommands $sed to 1erform IO0- Functions auths ma,edbm nscd pam(roles pfe:ec policy;conf profiles roles roleadd rolemod roledel K:ample 1rofile 1rivile9e to 1rofile Iole 1rofile to Iole Iole to $ser Displays authori@ations for a user Ma,es a dbm file .dentifies the name service; $seful for cachin9 the 4 IO0- DO details .dentifies the role account mana9ement module for pass4ord authentication module (10M) .dentifies the profile shells used to e:ecute commands 4ith attributes specifies in e:ec(attr .dentifies the confi9 file for the security policy; 8ists 9ranted authori@ation Displays profiles for a specified user Displays roles 9ranted to a user 0dds a role account to the system Modifies the roleBs account info in the system Deletes a roleBs account from the system

/etc/security/prof(attr -ontains profile details -reatin9 profile in prof(attr uadd3331rofile for user admin init3331rofile for init process /etc/security/e:ec(attr 1rivile9e to profile uadd3suser3cmd333/usr/sbin/useradd3euidC* uadd3suser3cmd333/usr/sbin/usermod3euid6* init3suser3cmd333/usr/sbin/init3euidC* init3suser3cmd333/usr/sbin/shutdo4n3euidC* -reatin9 Iole # roleadd d /e:port/home/role) m role) # pass4d role) Iole to 1rofile # rolemod 1 uadd&init role) 0ddin9 role to user # usermod I role) user) /etc/user(attr Details about role 7 user to role 8o9in as normal user #4itch to role profile 7 use the privile9e command /etc/security/auth(attr 0uthori@ation file -onfi9 file for users 7 this roles Module 12 'er*or!ing S!artcard (uthentication # /usr/dt/bin/sdtsmartcardadmin 7 2o start smartcard console 02I 0ns4er to reset %umber (uniMue) # smartcard c disable Disablin9 smartcard operation # smartcard c admin Display the current client and server confi9uration # /etc/smartcard/opencard;properties -onfi9 File Module 13 0on*iguring Syste! Messaging 2he syslo9 system messa9in9 features trac, system activities and events; Sou can manually 9enerate lo9 messa9es by usin9 the lo99er command; 2he syslo9 function& the syslo9d daemon& and input from the /etc/syslo9;conf file 4or, to9ether to facilitate system messa9in9 for the solaris V 5K; 2he /etc/syslo9;conf file 2his file consists of t4o tab6separated fields3 selector and action; 2he selector field has t4o components& a facility and a level 4ritten as facility;level; Facility represents cate9ories of

system processes that can 9enerate messa9es; 8evels represent the severity or importance of the messa9e; 2he action field determines 4hether to send the messa9e; T;err /var/adm/messa9es Krror messa9es for all facilities are sent to the /var/adm/messa9es 5nly use tabs as 4hite space in the ;etc/syslo9;conf file; 2he #olaris 5K accesses the /usr/include/sys/syslo9;h file to determine the correct facility;level seMuencin9 order; #elector Fields (facility) 5ptions ,ern Messa9es 9enerated by the ,ernel user Messa9es 9enerated by user processes and donBt have default priority for messa9es daemon #ystem daemon& such as the in;ftpd and the telnetd daemon auth 2he authori@ation system& includin9 the lo9in& su& and ttymon commands syslo9 Messa9es 9enerated internally by the syslo9d daemon lpr 2he line printer spoolin9 system& such as the lpr and lpc commands ne4s Files reserved for the $#K%K2 net4or, ne4s system uucp 2he $%.+ to $%.+ copy (uucp) system does not use the syslo9 function cron 2he cron and at facilities& includin9 crontab& at& and cron local*6H Fields reserved for local use; mar, 2he time 4hen the messa9e 4as last saved and produced by the syslo9d daemon T 0ll facilities& e:cept the mar, facility; Sou can use the asteris, (T) to select all facilities (for e9; T;err)? ho4ever& you cannot use T to select all levels of a facility (for e9; Lern;T) 2he levels in descendin9 order of severity #elector Fields (level) 5ptions 8evel 1riority Description emer9 * alert ) crit G err 4arnin94 notice ' info " debu9 H none ! 1anic conditions that are normally broadcast to all users -onditions that should be corrected immediately Warnin9s about critical conditions& such as hard device errors Krrors other than hard device errors Warnin9 messa9es %on6error conditions that mi9ht reMuire special handlin9 .nformational messa9es Messa9es that are normally used only 4hen debu99in9 a pro9ram Messa9es are not sent from the indicated facility to the selected file

%ot all levels of severity are implemented for all facilities in the same 4ay; 0ction Field 2he action field defines 4here to for4ard the messa9e; 2his field can have any one of the follo4in9 entries /filename Zhost user)& userG T 2he tar9eted file 2he Zsi9n denoted that messa9es must be for4arded to a remote host; Messa9es are for4arded to the syslo9d daemon on the remote host 2he user) and userG entries receive messa9es if they are lo99ed in 0ll lo99ed in users 4ill receive messa9es

Sou must restart the syslo9d daemon 4henever you ma,e any chan9es to /etc/syslo9;conf file # /etc/init;d/syslo9 stop (or) start # p,ill H$1 syslo9d

 #yslo9d started .tBs startin9 the M4 Macro 1rocessor M4 4ill read the /etc/syslo9;conf file; -onfi9urin9 syslo9 Messa9in9 2he inetd daemon uses the syslo9 command to record incomin9 net4or, connection reMuests made by usin9 2-1; Sou can modify the behavior of the inetd daemon to lo9 2-1 connections by usin9 the syslo9d daemon; 2he daemon facility and the notice messa9e level are supported by inetd; $se the t option as an ar9ument to the inetd daemon to enable tracin9 of 2-1 services; When you enable the trace option for the inetd daemon& it uses the daemon;notice to lo9 the clientBs .1 address and 2-1 port number& and the name of the service; 0dd the t option to the entry 4hich activated the inetd daemon in the inetsvc script located in the /etc/init;d directory # 9rep inetd /etc/init;d/inetsvc /usr/sbin/inetd s t Sou must restart the inetd daemon for the ne4 option to ta,e effect # 9rep daemon;notice /etc/syslo9;conf T;err?,ern;debu9?daemon;notice?mail;crit /var/adm/messa9es Monitorin9 a syslo9 File in Ieal 2ime 2he tail f command holds the file open so that you can vie4 messa9es bein9 4ritten to the file by the syslo9d daemon; # tail f /var/adm/messa9es 1ress -trlYc to e:it 0ddin9 5ne68ine Kntries to a #ystem 8o9 File lo99er ]6i^(lo9s 1.D) ]6f file^ ]6p priority^ ]6t ta9^ ]messa9e^ # lo99er system rebooted .f the user;notice field is confi9ured in the /etc/syslo9;conf file& the messa9e is lo99ed to the file desi9nated for the user;notice selector field # lo99er p user;err system rebooted -han9in9 the priority of the messa9es to user;err route the messa9es to the /var/adm/messa9es file as indicated in the /etc/syslo9;conf file # lo99er i pG [crit\ /dev/sysms9 -onsole Module 1" $sing 6a!e Services %ame #ervices D%#& %.#& %.#Y& 8D01 /etc/rcG;d/#HGinetsvc script #tarts D%# durin9 system boot; /etc/rcG;d/#H)rpc script #tarts %.# 7 %.#Y durin9 system boot /etc/rcG;d/#HGdirectory script #tarts i1lanet #erver durin9 system boot;

%ame #ervice Feature #ummary Feature D%# 8D01((((( %amespace Hierarchical Data #tora9e #erver 2ypes Files/Iesoruce records Master/-ache/ -ache only/ For4ardin9 2-1/.1

%.# Flat

%.#Y Hierarchical Hierarchical

24o column Multicolumn Directories maps tables (varied) Master/ #lave 2-1/.1 Ioot Master/ Master/ non6root mast; -onsumer Ieplica 2-1/.1 2-1/.1

2ransport

#cale W0% 80% 80% W0% ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( 2he name service s4itch file determines 4hich services a system uses to search for information and in 4hich order the name services are searched; 0ll #olaris 5K systems uses the /etc/nss4itch;conf file as the name service s4itch file; 2he nss4itch;conf is loaded 4ith the contents of a template file durin9 the installation of the #olaris 5K dependin9 on the name service that is selected; %ame #ervice %ame #ervice 2emplate 8ocal Files /etc/nss4itch;files D%# /etc/nss4itch;dns %.# /etc/nss4itch;nis %.#Y /etc/nss4itch;nisplus 8D01 /etc/nss4itch;ldap -onfi9urin9 the %ame #ervice -ache Daemo (nscd) 2he nscd daemon is a process that provides a cache for the most common name service reMuests; 2he /etc/nscd;conf file controls the behavior of the nscd daemon; 2he nscd daemon provides cachin9 for pass4d& 9roup& hosts& ipnodes& e:ec(attr& prof(attr and user(attr databases; Kach line specifies either an attribute and a value or an attribute& a cache name& and a value; # /etc/init;d/nscd stop (or) start 2he 9etent command provides 9eneric retrieval interface to search many name service database; 0s a system administrator& you can Muery name service information sources 4ith tools& such as the ypcat %.# namespace nsloo,up D%# ldaplist 8D01 Ot these tools are not consultin9 nss4itch;conf file; Whereas 9etent command searches the information sources in the order in 4hich they are confi9ured in the name service s4itch file; #o if there is any error in the file 4ill be identified 4ith this command; 9etent database ],ey^W;; database 2he name of the database to be e:amined; 2his name can be pass4d& 9roup& hosts& ipnodes& services& protocols& ethers& net4or,ds& or netmas,s; # 9etent pass4d lp

lp3:3H)3!38ine 1rinter 0dmin3/usr/spool/lp3 # 9etent 9roup )* staff33)*3 # 9etent hosts sys44 )VG;)"!; !;44 sys44 lo9host (lo9host 4ill be absent if the %.# is searched first)

Module 1% 0on*iguring 6a!e Service 0lients -onfi9urin9 a D%# -lient 2he client resolver code is controlled by the follo4in9 files /etc/resolv;conf -ontains directive to specify the scope of a Muery /etc/nss4itch;conf -ontains the reference to D%# for the hosts entry -onfi9urin9 the D%# -lient Durin9 .nstallation #elect D%# Give Domain %ame Knter .1 0ddress Knter search Domains -onfirm Kditin9 D%# -lient -onfi9uration Files # vi /etc/resolv;conf domain di9i9ee,s;com nameserver )4*;4*;4*;)'G search di9i9ee,s;com 8ist the local domain as the first ar9ument to the search -opyin9 the /etc/nss4itch;dns File to the /etc/nss4itch;conf # cp /etc/nss4itch;dns /etc/nss4itch;conf # cat /etc/nss4itch;conf WWW hosts files dns WW;; .f you 4ant to add D%# name resolution to a system currently runnin9 a name service& such as %.# or %.#Y; Sou must place the dns ,ey4ord on the hosts line in the specific location& alon9 4ith other ,ey4ords; # cat /etc/nss4itch;conf W;; hosts3 nis files dns W;; #ettin9 up an 8D01 -lient 2he 8D01 server cannot be a client of itself; Gettin9 this confi9uration to 4or, properly reMuires chan9es to the 8D01 server and the 8D01 client; 2he ldap(cachem9r daemon is responsible for maintainin9 and updatin9 the chan9es to the client profile information; -onfi9urin9 8D01 -lient Durin9 .nstallation #elect 8D01 Knter Domain %ame Knter 1rofile %ame 7 1rofile #erver .1 0ddress -onfirm

.nitiali@in9 the %ative 8D01 -lient Sou e:ecute the ldapclient command on the client system once to initiate the client as a native 8D01 client; 2he ldapclient command creates t4o files in the ;/var/ldap directory on the 8D01 client; 2hese files contain info that the 8D01 client use 4hen bindin9 to and accessin9 8D01 data; /var/ldap/ldap(client(cred 2he pro:y a9ent info that the client uses for 8D01 authentication /var/ldap/ldap(client(file 2he confi9 info from the client profile in the 8D01 server DO # ldapclient init a pro:y pass4ordCpro:y a pro:y D%CcnCpro:ya9ent& ouCprofile& dcCsuned;com& dcCsun a domainnameCsuned;com )VG;)"!;*;)** # ldapclient list -opyin9 the /etc/nss4itch;ldap to the /etc/nss4itch;conf Durin9 8D01 client initiali@ation the /etc/nss4itch;ldap file is copied over the /etc/nss4itch;conf file # ldaplist 2o list namin9 info from 8D01 server # ldapclient uninit $nconfi9urin9 8D01 -lient

Module 1& 6IS Master Server 0on*ig %.# maps are located in /var/yp/domainname directory(4here domainname is the name of the %.# domain); 2here are t4o files (;pa9 and ;dir files) for each map in this directory; K9; /var/yp/trainin9/hosts;byname;pa9 file /var/yp/trainin9/hosts;byname;dir file /var/yp/trainin9/hosts;byaddr;pa9 file /var/yp/trainin9/hosts;byaddr;dir file 2he synta: for the %.# map is map;,ey;pa9 and map;,ey;dir ypcat ]6,^ mname 2o retrieve values from %.# name service map& mname can be either a map name or a map nic,name # ypcat hosts localhost )GH;*;*;) localhost sysprint )VG;)"!; *;H* sysprint sys44 )VG;)"!; *;44 sys44 lo9host ypmatch ]6,^ value mname 1rints values associated 4ith one or more ,eys from the %.# name services map specified by the mname ar9ument; # ypmatch sys44 hosts sys443 )VG;)"!; *;44 sys44 lo9host # ypmatch usera pass4d usera3 usera38oNy2di`ev'i3 **)3)*33/e:port/home/usera3/bin/,sh %.# Domain -ontains 5ne %.# Master #erver

%.# #lave #ervers (5ptional) %.# -lients 2he %.# Master #erver -ontains the ori9inal /etc/0#-.. files used to build the %.# maps -ontains the %.# maps 9enerated from the 0#-.. files 1rovides a sin9le point6of control for the entire %.# domain %.# #lave #ervers Do not contain the ori9inal /etc/0#-.. files -ontains copies of the %.# maps copied from the %.# Master #erver 1rovides a a bac,up repository for %.# map information 1rovides redundancy in case of server failure 1rovides load sharin9 on lar9e net4or,s %.# -lients Do not contain ori9inal /etc/0#-.. files Do not contain any %.# maps Oind to the master server or to a #lave #erver to obtain access to the administrative file information contained in that serverBs %.# maps Dynamically rebind to another server in case of server failure Ma,e all appropriate system calls a4are of %.# %.# 1rocesses 2he main daemons involved in the runnin9 of an %.# domain are 2he ypserv daemon Iesponds to client information reMuests 2he ypbind daemon -lient to server bindin9 2he rpc;yppass4dd daemon 1ass4ord chan9e update in master server 2he yp:frd daemon 1ush the map to slave servers (sync) 2he rpc;ypupdated domain $pdate %.# maps usin9 the confi9 stored in /var/yp/updaters 2he %.# #lave #erver contains ypserv and ypbind daemon 2he %.# -lients contains only ypbind daemon 2he three most common search orders are #earch files and then %.# #earch %.# and then files For4ard hosts loo,up reMuests from %.# to D%#

.ntroducin9 %.# #ecurity 2he /var/yp/securenets file to restrict access to a sin9le host or to a subnet4or,& and usin9 the pass4d;adNunct file to limit access to the pass4ord information across the net4or,; 2he /var/yp/securenets File

.f e:ist on an %.# server& the server only ans4ers Mueries or supplies maps to hosts and net4or,s 4hose .1 0ddress e:ist in the file; 2he server must be part of the subnet to access itself; # cat /var/yp/securenets # 24o methods of 9ivin9 access to a system; $sin9 the netmas, follo4ed by the .1 0ddress # or host ,ey4ord follo4ed by the .1 0ddress host )GH;*;*;) G'';G'';G'';* )'*;)*;);* host ) ;) ;)4;) host ) ;) ;)4;G .f you modify entries in the /var/yp/securenets file; Sou must ,ill and restart the ypserv and yp:frd daemons; # /usr/lib/netsvc/yp/ypstop (or) ypstart 2he pass4d;adNunct File Kncrypted pass4ord are normally hidden from the user in the /etc/shado4 file; With the default %.# confi9uration& ho4ever the encrypted pass4ord strin9 is sho4n as part of pass4d maps; 2his file prevents unauthori@ed users from seein9 the encrypted pass4ords; # ypmatch , usera pass4d usera3 usera38oNy2di`ev')G3 **)3)*3/e:port/home/usera3/bin/,sh 2he pass4d;adNunct file contains the account name preceded by ## in the pass4ord field; #ubseMuent attempts to 9ain account ino& usin9 the ypcat or ypmatch commands& returnds the pass4ord entry from the pass4d adNunct file; # ypmatch , usera pass4d usera3 usera3##usera3 **)3)*3/e:port/home/usera3/bin/,sh -onfi9urin9 %.# Domain 2o locate the source file in another directory& modify the /var/yp/Ma,efile file3 -han9e the D.IC/etc line to D.ICSour choice -han9e the 1WD.IC/etc line to 1WD.IC/your6choice Oefore you ma,e any modification to the /var/yp/Ma,efile& save a copy of the ori9inal Ma,efile file; 2he %.# confi9uration script /usr/sbin/ypinit and the ma,e utility 9enerate %.# maps; 2he ypinit command reads the Ma,efile for source file locations& and converts 0#-.. scource files into %.# maps;2he /etc/defaultdomain file sets the %.# domain name durin9 system boot; .mportant files on the %.# Master (1art )) hosts& pass4d 7 shado4 .mportant files on the %.# Master (1art G) 2he /var/yp/domainname directory is the repository for the %.# maps created by the ypinit script; 2he /var/yp/bindin9/domainname directory contains the ypservers file 4here the names of %.# Master server and %.# #lave server are stored; .mportant files on the %.# Master (1art ) 2he /usr/lib/netsvc/yp directory contains the ypstop and ypstart commands that stop and start %.# services respectively

# /usr/sbin/ypinit m 2his command prompts for a list of other machies to become %.# slave servers; -onfi9urin9 the %.# Master #erver -ore& Knd $ser or Developer soft4are confi9uration cluster do not have all necessary files in the /usr/lib/netsvc/yp directory to allo4 a host to function as an %.# server; ); -opy the /etc/nss4itch;nis file to the /etc/nss4itch;conf file; .f necessary& modify the file G; Knter the domainname command to set the local %.# domain # domainname classroom;central;sun;com ; -reate an /etc/defaultdomain file 4ith the domain name 4; .f the files do not already e:ist& use the touch command to create @ero6len9th files; /etc/ethers& /etc/bootparams& /etc/locale& /etc/time@one& /etc/net9roup and /etc/netmas,s; 2hese files are necessary for the creation of the complete set of %.# maps; '; .nstall and update Ma,efile file in the /var/yp directory; "; -reate or populate the /etc/locale file& and ma,e an entry for each domain on your net4or, usin9 the follo4in9 format domainname locale e9; -lassroom;central;sun;com en(us H; .nitiali@e the master server by usin9 the local /etc files # ypinit m 1rovide slave server names and -trlYD to save the details; 1ress n for [2erminate it on the first fatal error\ %ote3 .f you have to restart the ypinit pro9ram& Sou are prompted to destroy the /var/yp/domainname directory; 0ns4er S !; # /usr/lib/netsvc/yp/ypstart 2estin9 the %.# #ervice / ypcat hosts 1rints value from an %.# map # ypmatch sys4) localhost hosts )VG;)"!; *;4) sys4) )GH;*;*;) localhost lo9host / yp4hich 2o identify the master server sys4) -onfi9ure the %.# -lient ); -opy the /etc/nss4itch;nis file to the /etc/nss4itch;conf file G; Kdit the /etc/inet/hosts file to ensure %.# master and slave servers have been defined; ; # domainname domainname 2o set the local %.# domain 4; -reate and populate the /etc/defaultdomain file 4ith the domain name '; # ypinit c 2o initiali@e the system as an %.# client "; Knter the names of the %.# Master and all #lave #ervers H; # /usr/lib/netsvc/yp/ypstart !; # yp4hich m 2o test the functionality

-onfi9urin9 %.# #lave #erver Follo4 the client confi9uration steps and perform the belo4 command # ypinit s master -ommand to initiali@e the system as an %.# slave server; Where master is the name of the %.# master; #tart the service and test the functionality

$pdatin9 the %.# Map ); $pdates the te:t files in your source directory (typically /etc& unless it 4as chan9ed in the Ma,efile file) G; # cd /var/yp ; # /usr/ccs/bin/ma,e Iefresh the %.# database maps usin9 the ma,e utility $pdatin9 %.# 1ass4ord Map .f the %.# master is runnin9 the rpc;yppass4dd daemon& any client system can update the %.# pass4ord map by usin9 the yppass4d or pass4d commands; ); Iun the rpc;yppass4dd daemon on the %.# master server # /usr/lib/netsvc/yp/rpc;yppass4dd //1WD.I/pass4d m pass4d $pdatin9 the %.# #lave #erver Map 2he follo4in9 steps manually update the %.# time@one map on the master server and propa9ate all maps to the slave servers ); Kdit the source file on the %.# Master # vi /etc/time@one G; Iema,e and push the %.# maps to slave servers # cd /var/yp? /usr/ccs/bin/ma,e ; .f the push fails; Manually pull only the time@one map from the master server by performin9 the belo4 command in #lave server # /usr/lib/netsvc/yp/yp:fr time@one;byname # ypinit s nis(master 2o pull all of the maps at once #ometimes maps fail to propa9ate& and you must manually use the yp:fr command to retrieve ne4 map information; Sou can use shell scripts to run cron Nobs for automatic update; 2he #olaris 5K provides several template scripts in the /usr/lib/netsvc/yp directory that you can use and modify to meet your local site reMuirement; yp:fr(lperhour script 2o sync %.# #lave #ervers pass4d map yp:fr(lperday script 2o sync %.# #lave #ervers %.# maps for the 9roup& protocols& net4or,s& services& and ypservers ,eys; Sp:fr(Gperday script 2o sync %.# #lave servers nis maps for the hosts& ethers& net9roups ,eys& and mail aliases; `uic, Ieference # domainname di9it;com -reate domain name # domainname E /etc/defaultdomain -reatin9 domainname file # cp /etc/nss4itch;nis /etc/nss4itch;conf # /var/yp/Ma,efie -onfi9 file Ma,efile 4 parts ) Declaration G Details of centrali@ation -odin9 for mappin9 4 Declaration of ori9inal path

# cd /var/yp # ypinit m .nitiali@in9 the master server # ypinit s .nitiali@in9 the slave server # ypinit c .nitiali@in9 the client -trlYD 2o save the file .s this correctQ ]y/n^ y %on fatal error ]y/n^ n .f there is any error follo4 the belo4 procedure # cd /etc # touch ethers bootparams net9roup netmas,s time@one # cd /var/yp # ypinit m # /usr/lib/netsvc/yp/ypstart 2o start the daemons # yp4hich #ho4s the map server details #olaris # yp4hich m Full details of map 0 directory 4ill be created 4ith domain name # cd /var/yp/di9it;com -ontains all confi9 file 4ith ;pa9 7 ;dir e:tensions # ypcat DfilenameE to read the file # ypcat , pass4d With ar9uments print ,eys as 4ell as values # ypmatch , root pass4d %F# -onfi9 # vi /etc/dfs/dfstab share /e:port/home share /usr/man;ori9 # /etc/init;d/nfs;server stop # /etc/init;d/nfs;server start # useradd d /e:port/home/chennai) m chennai) # useradd d /e:port/home/chennaiG m chennaiG # pass4d chennai) # pass4d chennaiG Iemove the /e:port in the /etc/pass4d file for user chennai) 7 chennaiG; #o the home dir is /home/chennai)

0utofs -onfi9 # vi /etc/auto(master comment Yauto(master to search in WW /home auto(home 6nobro4se /6 auto(direct 6 # vi /etc/auto(direct /usr/share/man )4*;4*;4*;)')3/usr/share/man;ori9 # vi /etc/auto(home comment Yauto(home chennai) )4*;4*;4*;)')3/e:port/home/chennai) chennaiG )4*;4*;4*;)')3/e:port/home/chennaiG # automount v # cd /var/yp # /usr/ccs/bin/ma,e 2o update the map after any confi9 chan9e .nclude auto direct in Ma,efile in G& & 7 4 section # /usr/lib/netsvc/yp/ypstop #/usr/lib/netsvc/yp/ypstart %.# -lient -onfi9 # domainname di9it;com # domainname E /etc/defaultdomain # vi /etc/hosts )4*;4*;4*;)') #olaris

# cp /etc/nss4itch;nis /etc/nss4itch;conf # ypnit c Give master server name #olaris # /usr/lib/netsvc/yp/ypstart rpcbind done client has only ypbind daemon #lave server has ypserve 7 ypbind daemon %.# #lave -onfi9 # ypinit s #olaris (Master #erver) Oefore confi9urin9 slave& client confi9 should be done; Module 1) :u!3Start Four Main #ervices

Ooot #ervices .dentification #ervices -onfi9uration #ervices .nstallation #ervices .mplementin9 a Oasic Xumpstart #erver ); #pool the 5# ima9e G; Kdit the sysidcf9 file ; Kdit the rules and profile files 4; Iun the chec, script '; Iun the add(install(client scripts "; Ooot the client # cd /e:port # m,dir confi9 # m,dir sol(dump # cd /cdrom/cdrom*/s*/#olaris(V/Misc/Xumpstart(sample/ # cp r T /e:port/confi9/ # cd /cdrom/cdrom*/s*/#olaris(!/2ools # ;/setup(install(server /e:port/sol(dump -opyin9 solaris dump to local directory # cd /cdrom/cdrom*/#olaris(V/2ools/ # ;/add(to(install(server /e:port/sol(dump 0ppendin9 Gnd -D content # cd /etc # vi ethers !3*3G*3a"3aa3Gb # vi /etc/hosts )4*;4*;4*;)'4 # vi /etc/time@one 0sia/-alcutta # cd /e:port/confi9/ # vi rules hostname ultra' 6 host(class finish(script 6 1re .nstall script host(class -onfi9 details li,e partition finish(script 1ost install scripts # vi host(class install(type initial(install system(type standalone partitionin9 e:plicit -luster #$%W+all filesys c*t*d*s* )**** / filesys c*t*d*s) ''* s4ap filesys c*t*d*sH free /e:port/home # vi finish(script ultra' (hostname) ultra' ultra'

touch /a/noaushutdo4n rm /a/etc/defaultdomain rm r /a/var/yp/di9it;com cp /a/etc/nss4itch;files /a/etc/nss4itch;conf # vi sysidcf9 #ystem identification 7 confi9uration; 2ime@one can also be 9iven here security(policyCnone name(serviceCnone net4or,(interfaceCprimary ]netmas,CG'';G'';*;* protocol(ipv"Cno^ time@oneC 0sia/-alcutta system(localeCen($# 2ime @one are listed in the directory structure belo4 the /usr/share/lib/@oneinfo directory; 8ocales are listed in the /usr/lib/locale directory # chmod H'' finish(script # ;/chec, 2o chec, the confi9 # vi /etc/dfs/dfstab share o anonC* /e:port/home/sol(dump share o anonCo /e:port/confi9 # cd /var/yp # /usr/ccs/bin/Ma,e # cd /e:port/home/sol(dump/solaris(V/2ools # ;/add(install(client c )4*;4*;4*;)')3/e:port/confi9 p )4*;4*;4*;)')3/e:port/confi9 ultra'(hostname) sun4u # update the %.# file 4ith ma,e command From -lient o, boot net install Will search the net4or, and start the installation automatically Oefore a Xumpstart client can boot and obtain all of the %F# resourctes it reMuires& every directory listed as an ar9ument to the add(install(client script must be shared by the server on 4hich it resides; #ettin9 $p a Ooot65nly #erver 0 boot server responds to I0I1& 2F21& and bootparams reMuests from Numpstart clients and provides a boot ima9e usin9 the %F# service; ); Iunnin9 the setup(install(server script 4ith the b option to spool a boot ima9e from -D6Iom or DJD G; Iunnin9 the add(install(client script 4ith options and ar9ument that sho4s a list of servers and the identification confi9& and installation services that they provide; K:ecutin9 the setup(install(server script # m,dir /e:port/install # cd /cdrom/cdrom*/s*/#olaris(V/2ools # ;/setup(install(server b /e:port/install K:ecutin9 the add(install(client script Oefore you run the script& update the hosts and ethers information for the Numpstart client /etc/inet/hosts

)VG;)*;)*;4

client) client)

/etc/ethers !3*3G*3Vc3!!3'b

2he boot server must have entry in /etc/inet/hosts file for each server you specify 4hile you run add(install(client script; # cd /e:port/install/#olaris(V/2ools # ;/add(install(client c server)3/e:port/confi9 p server)3/e:port/confi9 client) sun4u -onfi9urin9 %.# for Xumpstart 1rocedures -onfi9urin9 %.# to support Numpstart procedures involves editin9 files and runnin9 commands on the %.# master server in use; .nfo supplied in the sysidcf9 file overrides any information you ma,e available in %.#; 0 chan9e to any file that is represented by a map in an %.# domain reMuires that you complete the follo4in9 steps on the %.# master server # vi /etc/inet/hosts )VG;)*;)*;4 client) # vi /etc/ethers !3*3G*3!!3'b client) # vi locale client) en($# # cd /var/yp # vi Ma,efile ); 0dd the te:t after the e:istin9 T;time entries; Duplicate the time@one entry& and replace time@one 4ith locale 0dd/0ppend the 4ord locale to the line be9innin9 4ith the 4ord all 0dd the follo4in9 line after the auto;home3 autohometime entry 8ocale3 locale;time #ave the file and e:it the editor # cd /var/yp # /usr/ccs/bin/ma,e G; 5n any slave servers that e:ist in the %.# domain& run the yp:fr command to transfer the locale;byname map for the first time; # /usr/bin/netsvc/yp/yp:fr locale;byname ; 5n the %.# master server& a9ain update the %.# maps by runnin9 the ma,e command # cd /var/yp # /usr/ccs/bin/ma,e # vi /etc/time@one $#/Mountain client) $#/Mountain -entral;sun;com # cd /var/yp # /usr/ccs/bin/ma,e # /vi /etc/netmas,s )VG;V;G**;* G'';G'';G'';* # cd /var/yp # /usr/ccs/bin/ma,e

 Kach time you run the add(install(client script on a boot server to provide boot support for a Numpstart client& the script chec,s the /etc/nss4itch;conf file for the bootparams entry; Oe9in #cript 1rofile Finish #cript $se can use -D/DJD soruces as boot source instead of spooled #olaris 5K .ma9e; 0lso you can use a Flash source as an alternative installation service; .dentifyin9 8o9 Files Xumpstart clients retain the follo4in9 lo9 files durin9 the installation process3 /tmp/be9in;lo9 /tmp/finish;lo9 /tmp/install(lo9 /var/sadm/system/lo9s/sysidtool;lo9 Xumpstart clients retain a correspondin9 set of lo9 files after the installation process completes and the system reboots /var/sadm/system/lo9s/be9in;lo9 /var/sadm/system/lo9s/finish;lo9 /var/sadm/system/lo9s/install(lo9 /var/sadm/system/lo9s/sysidtool;lo9

Module 1,

lash

# flarcreate n flash(archive I / 6- : /flash /flash/flash(archive flash(archive 0ny name can be 9iven 6I 2o mention root path 6- 2o compress the archive file 6: 2o e:clude folders 4hile creatin9 archive ima9e 6t -reate an archive on a tape device 0dministerin9 a Flash 0rchive flare i archive Ietrievs info about the archive flare c archive -ombines the individual sections that ma,e up an e:istin9 archive into a ne4 archive flare s archive #plits an archive into one file for each sections of the archive /etc/ethers Mac address and hostname /etc/hosts .1 0ddress and hostname # cd /e:port/confi9 # vi rules #ame as Xumpstart content # vi host(class #ame as Xumpstart content e:cept fe4 options install(type flashinstall archive(location nfs )4*;4*;4*;)"*3/flash/flash(archive partitionin9

W; W; W # vi finish(script #ame as Xumpstart content # vi sysidcf9 #ame as Xumpstart content # ;/chec, 2o chec, the confi9 # cd /e:port/home/sol(dump/solaris(V/2ools # ;/add(install(client c )4*;4*;4*;)"*3/e:port/confi9 p )4*;4*;4*;)"*3/e:port/confi9 ultra'(hostname) sun4u %F# #hares /flash folder /e:port/confi9 folder