Unix Sysadmin

UNIX System Administration
Frank G. Fiamingo
[email protected]
University Technology Services The Ohio State University
September 23, 1998
1991-1998 University Technology Services, The Ohio State University, Baker Systems Engineering Building, 1971 Neil Avenue, Columbus, OH 43210.
All rights reserved. Redistribution and use, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions must retain the above copyright notice, this list of conditions, and the following disclaimer. 2. Neither the name of the University nor the names of its contributors may be used to endorse or promote products or services derived from this document without specific prior written permission. THIS PUBLICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. THIS PUBLICATION MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS.
UNIX is a registered trademark of The Open Group. Sun, SunOS, Solaris, SPARC, NFS, NIS, NIS+, JumpStart, OpenWindows, Sunview and SunInstall are trademarks or registered trademarks of Sun Microsystems, Inc. Ultrix, Digital UNIX and DEC are trademarks of Digital Equipment Corporation. HP-UX is a trademark of Hewlett-Packard Co. IRIX is a trademark of Silicon Graphics, Inc. AIX is a trademark of International Business Machines, Inc. AT&T is a trademark of American Telephone and Telegraph, Inc. GNU is a trademark of the Free Software Foundation. X Window System is a trademark of Massachusetts Institute of Technology. Ethernet is a registered trademark of Xerox Corporation. Netscape is a copyright of Netscape Communications Crop. Mosaic is a copyright of the National Center for Supercomputing Applications at the University of Illinois, Urbana-Champaign. All other products mentioned are trademarks of their respective owners.
This publication is available via the Internet as: ftp://wks.uts.ohio-state.edu/sysadm_course/sysadm_book.ps and http://wks.uts.ohio-state.edu/sysadm_course/sysadm.html. Also available via the Internet is Introduction to Unix: ftp://wks.uts.ohio-state.edu/unix_course/unix_book.ps and http://wks.uts.ohio-state.edu/unix_course/unix.html. Acknowledgements: The author wishes to thank the following for helpful advice and discussions related to the material presented in this document: Harpal Chohan, Bob DeBula, Bob Manson, Steve Romig, and Bill Yang.
1998 University Technology Services, The Ohio State University
Table of Contents
PART I
1
Introduction .......................................................9
Overview ............................................................................11
1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 1.10 What is UNIX System Administration? ........................11 Daily Tasks of a System Administrator ........................11 Startup and Shutdown ....................................................11 Periodic Processes ...........................................................12 Managing File Systems ...................................................12 Responsibilities to the users ...........................................12 Hardware responsibilities ..............................................12 Types of SunOS Systems ................................................12 Resources for System Administrators ...........................13 UTS Software Support ...................................................15 Disk Structure and Partitions ........................................17 Disk Partitions .................................................................19 Logical Names .................................................................27 Disk Partitioning .............................................................28 Disk Label and Bootblock ..............................................31 Tapes ................................................................................32 File Systems .....................................................................33 File System Types ............................................................35 Compatibility ...................................................................38 Names & contents of important UNIX directories ......40 File structure of standalone and server machines .......43 Disk Partitioning .............................................................43 File System Management ...............................................45 Fsck ...................................................................................46 Disk Check Commands ..................................................47
1998 University Technology Services, The Ohio State University 3
2 3
Disk Structure and Partitions ..........................................17

2.1 2.2 3.1 3.2 3.3 3.4
Devices ...............................................................................27
The UNIX File System ......................................................33

4.1 4.2 4.3 4.4 4.5 4.6
File System Management .................................................45

5.1 5.2 5.3
5.4 5.5 5.6 5.7 5.8 5.9 5.10
Swapping and Paging .....................................................48 Adding swap space ..........................................................49 Setting up a Cache File System ......................................50 XFS (IRIX) ......................................................................52 File System Quotas ..........................................................52 Miscellaneous useful commands ....................................53 Log files ............................................................................54 Booting .............................................................................55 Run Levels (SunOS 5.X, IRIX 5.X) ...............................57 /etc/inittab (SunOS 5.X, IRIX 5.X, Digital UNIX) .......57 Sun PROM .......................................................................65 SGI Indy PROM .............................................................67 Diskless Workstations .....................................................67 Shutdown .........................................................................69 Crashes .............................................................................70 Suninstall .........................................................................71 SunOS 4.1.X .....................................................................71 SunOS 5.X ........................................................................74 Post Install Actions ........................................................84 Sun Patch List .................................................................86 IRIX 5.X ...........................................................................90 SunOS 4.1.X .....................................................................91 SunOS 5.X ........................................................................92 IRIX 5.X .........................................................................100 Digital UNIX ..................................................................101 Ultrix ..............................................................................101 SunOS 4.1.X ...................................................................103 SunOS 5.X ......................................................................110 IRIX 5.X .........................................................................110 Special Files ...................................................................111 SunOS 4.X ......................................................................112 SunOS 5.X ......................................................................112 IRIX 5.X .........................................................................113 Ultrix and Digital UNIX ...............................................114 System Directories ........................................................115 / - root ............................................................................115 /etc - system and network configuration .....................118
Startup and Shutdown .................................................... 55

6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8
Operating System Installation ........................................ 71

7.1 7.2 7.3 7.4 7.5 7.6
Kernel Configuration ...................................................... 91

8.1 8.2 8.3 8.4 8.5
Adding Hardware .......................................................... 103

9.1 9.2 9.3
10
Special Files .................................................................... 111

10.1 10.2 10.3 10.4 10.5
11
System Directories ......................................................... 115

11.1 11.2 11.3
11.4
/usr - system programs, libraries, etc. .........................120 User accounts .................................................................123 Admittance - login procedure ......................................126 Password Aging, SunOS 4.1.X .....................................126 User and Group Administration .................................127 Communicating with system users ..............................129 Running programs automatically, cron & at .............129 Admintool ......................................................................131 Solstice Adminsuite .......................................................131 Services Managed ..........................................................132 The Distributed System Administration Daemon ......140 Program Locations ........................................................140 Packages .........................................................................141 Packages Distributed with Solaris 2.5 .........................143 Swmtool ..........................................................................150 SunOS 4.X ......................................................................152 IRIX 5.X .........................................................................153 Digital UNIX and Ultrix ...............................................154 Backup Procedures .......................................................155 Backup strategies .........................................................155 Backup and Restore Commands .................................156
12
User accounts ..................................................................123

12.1 12.2 12.3
13
Daily System Administration .........................................127

13.1 13.2 13.3
14
Administration Tool & Solstice Adminsuite ................131

14.1 14.2 14.3 14.4 14.5
15
Package Administration .................................................141

15.1 15.2 15.3 15.4 15.5 15.6
16
Backup Procedures .........................................................155

16.1 16.2 16.3
PART II
17
Network Services ...........................................161

Service Access Facility ....................................................163
17.1 17.2 17.3 17.4 17.5 17.6 17.7 17.8 Overview of Service Access ..........................................163 Service Access Facility Overview ................................164 Service Access Controller .............................................164 Port Monitors ................................................................165 Setting Up a Terminal ..................................................166 Network Port Monitors ................................................168 Terminal Control ..........................................................170 Summary ........................................................................172 The Network ..................................................................173 Hardware used in a network ........................................174 Ethernet Frame .............................................................175 Trouble shooting the Ethernet .....................................176 Monitoring the network ...............................................177
18
The Network ....................................................................173

18.1 18.2 18.3 18.4 18.5
18.6
Difference between Ethernet and Internet Addresses 179 Network Initialization ...................................................181 Host Names and addresses ...........................................185 Services ...........................................................................187 Network Programs ........................................................188 SunOS 5.X ......................................................................191 Ultrix and Digital UNIX ...............................................193 Miscellaneous Configuration Files ..............................194 Distributed File Systems ...............................................195 NFS Protocol ..................................................................196 SunOS 4.1.X ...................................................................198 SunOS 5.X ......................................................................202 DFS Command Summary ............................................205 IRIX 5.X, Ultrix and Digital UNIX .............................206 NFS statistics .................................................................206 What is it and what does it do for you? ......................209 NIS ..................................................................................209 NIS+ ................................................................................211 Clients .............................................................................219 Server configuration and software .............................219 Installing the client of a server, SunOS 4.1.X .............220 JumpStart ......................................................................221 AutoClient ......................................................................221
19
Network Administration ............................................... 181

19.1 19.2 19.3 19.4 19.5 19.6 19.7
20
Distributed File System Administration ...................... 195

20.1 20.2 20.3 20.4 20.5 20.6 20.7
21
Network Information Services (NIS and NIS+) .......... 209

21.1 21.2 21.3
22
Adding Clients ................................................................ 219

22.1 22.2 22.3 22.4 22.5
PART III Selected Topics ..............................................223

23 Usenet .............................................................................. 225
23.1 23.2 23.3 23.4 23.5 Usenet .............................................................................225 Reading news, rn/rrn/xrn/trn/nn .................................226 Network news transfer protocol, nntp ........................226 Disk space requirements ...............................................226 Relevant UNIX newsgroups .........................................227 Format online manual pages, catman .........................229 System process status, ps ..............................................230 Swap space and kernel inode usage, pstat ..................231 top ...................................................................................231 vmstat .............................................................................232 iostat ...............................................................................234 ProCtool .........................................................................236
24
Useful Utilities ................................................................ 229

24.1 24.2 24.3 24.4 24.5 24.6 24.7
24.8 System usage, uptime, users, who and w ....................239 24.9 File Compression, compress & gzip ............................240 24.10 Shells, tcsh & bash ........................................................240
25
Print Service ....................................................................241

25.1 25.2 25.3 25.4 SunOS 4.1.X ...................................................................241 SunOS 5.X ......................................................................243 IRIX 5.X .........................................................................252 Ultrix and Digital UNIX ...............................................252 Send and receive electronic mail via SMTP, sendmail 253 Network mail configuration file ...................................253 The mail alias file ..........................................................254 Installation of sendmail ................................................255 Security ..........................................................................256 Mail programs, mail, Mail, Columbia mm, elm, etc. .256 WWW .............................................................................257 URLs ...............................................................................257 WWW Server ................................................................258 WWW Browsers ............................................................258 Setting up your Server ..................................................258 Home Page .....................................................................260 Security Concerns .........................................................265 What needs to be Secured? ..........................................266 Security Programs ........................................................266 Security Response Teams .............................................267 The password and group files ......................................267 File and Directory Permissions ....................................269 EEPROM Security ........................................................269 Secure the console port .................................................270 Security Loopholes ........................................................271 Additional Security Features in SunOS 5.X ...............273 SRI Security Report ......................................................275 CERT Security Advisories ...........................................276 Secure SHell ...................................................................277 SSH Programs ...............................................................279 Control Files ..................................................................280 Setting up the Service ...................................................284 Login Process .................................................................286 Installation .....................................................................287
26
Mail ..................................................................................253
26.1 26.2 26.3 26.4 26.5 26.6
27
World Wide Web ............................................................257

27.1 27.2 27.3 27.4 27.5 27.6
28
System Security ...............................................................265

28.1 28.2 28.3 28.4 28.5 28.6 28.7 28.8 28.9 28.10 28.11 28.12
29
Secure Shell, SSH ............................................................277

29.1 29.2 29.3 29.4 29.5 29.6
PART IV Summary ........................................................291

UNIX System Administration 1998 University Technology Services, The Ohio State University 7
30 31
Summary of SunOS/Solaris Differences ...................... 293

30.1 30.2 31.1 31.2 SunOS 4.1.X and 5.X Administrative Command Differences 293 SunOS 4.1.X and 5.X Administrative File Differences 296 UTS WORKSTATION SUPPORT TEAM ................297 Software .........................................................................298
UTS UNIX Workstation Support ................................. 297
PART I
Introduction
Overview Disk Structure Devices File Systems Startup & Shutdown Installation Kernel Configuration Adding Hardware Special Files System Directories User Accounts Daily System Administration Administration Tool & Solstice AdminSuite Package Administration Backup Procedures
Introduction
10
CHAPTER 1
Overview
1.1 What is UNIX System Administration?

Systems administration is the installation and maintenance of the UNIX computer system. The system administrator will need to maintain the software and hardware for the system. This includes hardware configuration, software installation, reconfiguration of the kernel, networking, and anything else thats required to make the system work and keep it running in a satisfactory manner. To do this the system administrator can assume superuser, or root, privileges to perform many tasks not normally available to the average user of the system.
1.2 Daily Tasks of a System Administrator

1.2.1 Manage user logins You add accounts by assigning login ids, groups, user id numbers, group id numbers, login directories, and set-up the users login environments. You also need to balance the needs of various users, e.g. with quotas on disk space or limits on simultaneous processes. 1.2.2 Monitor system activity and security You need to monitor disk status, system processes, user process activity, system security, and system log files to make sure that your resources are available and that only valid users have access to them. 1.2.3 Administer file systems, devices, and network services You need to manage disk space usage, tape and CDROM devices and network services to make sure that these resources are available.
1.3 Startup and Shutdown

Startup is when you boot the system from the PROM. This can be from cdrom, disk, or over the network (ethernet). The shutdown programs, shutdown/reboot/halt, allow you to close down the system in an orderly fashion.
Overview
1.4 Periodic Processes

Cron is the clock daemon. It executes periodic processes at pre-arranged times. You can use this to clean up old files, manage log files, backup the system to tape nightly, etc.
1.5 Managing File Systems

1.5.1 File System Backups Backup and restore procedures are need to insure data integrity against disk crashes, users accidently deleting files, for the removal of seldom used programs to free up disk space, etc. You can usually automate this task. 1.5.2 Disk space quotas Quotas restrict users to a finite disk space and can be set individually. This insures that individual users dont hog the available disk space.
1.6 Responsibilities to the users

You have the responsibility to provide access to disk space, CPU cycles, data integrity, operating system software updates, install necessary software, mail and network access, system security.
1.7 Hardware responsibilities

You are responsible for keeping the system running and maintaining it, adding new hardware, and making sure that everything is working properly.
1.8 Types of SunOS Systems

Standalone - system can function alone, independently of other systems. Server - a standalone machine that can serve others, e.g. with disk space via NFS; can boot diskless workstations; can serve different architectures. Dataless - has minimal disk space for systems programs and swap space only, shares file space via NFS mount of server disk space. Diskless - has no disk; requires server for boot (via network), swap, and all program and file space. AutoClient - similar to a diskless client except that it uses a local disk for caching. Requires a 100 MB local disk.
12
Resources for System Administrators
1.9 Resources for System Administrators

1.9.1 Network Resources Usenet newsgroups/Mailing lists - via Internet through SONNET (the Ohio State University network). WWW pages, you can start at the Workstation Groups home page: http://www-wks.acs.ohio-state.edu. SunWorld Online (formerly Advanced Systems formerly SunWorld) - now available via the World Wide Web at http://www.sun.com/sunworldonline/index.html. 1.9.2 Periodicals Information Week - weekly publication for high-end business and technology users, Information Week, CMP Publications, Inc., 600 Community Drive, Manhasset, NY 11030. SunExpert - monthly publication for Sun users, Computer Publishing Group, 1330 Beacon St. Brookline, MA 02146-3202. UnixWorld - monthly publication, McGraw Hill, Inc., 1900 OFarrell Street, San Mateo, CA 944031311. /AIXtra - bimonthly publication for AIX users, IBM Corp., Mail Stop 40-B3-04, One East Kirkwood Blvd., Roanoke, TX 76299-0015. RS/Magazine - monthly publication for RS/6000 users, Computer Publishing Group, 1330 Beacon St. Brookline, MA 02146-3202. DECProfessional - monthly publication for DEC users, Cardinal Business Media, Inc., 101 Witmer Rd., Horsham, PA 17601. SysAdmin - monthly publication, 1601 W. 23rd St., Suite 200, Lawrence, KS 66046-9950 (913-8411631). 1.9.3 Books
1.9.3.1 Unix and the Internet
A Students Guide to Unix, Harley Hahn (McGraw Hill, 1993, ISBN 0-07-025511-3). UNIX in a Nutshell for BSD 4.3, A Desktop Quick Reference (OReilly & Associates, Inc. 1990, 0937175-20-x). UNIX in a Nutshell, A Desktop Quick Reference for System V & Solaris 2.0, Dan Gilly and the staff of OReilly & Associates, Inc. (OReilly & Associates, Inc. 1992, ISBN 1-56592-001-5) The C Programming Language, 2nd Ed., Brian Kernighan and Dennis Ritchie (Prentice Hall, 1988, ISBN 0-13-110362-8). Unix Shell Programming, Stephen Kochan and Patrick Wood (Hayden, 1990 ISBN 0-672-48448-X). Programming Perl, Larry Wall and Randal L. Schwartz (OReilly & Associates, 1991, ISBN 0937175-64-1). The Whole Internet - Users Guide & Catalog, 2nd Ed., Ed Krol (OReilly, 1994, ISBN 1-56592-0635).
Overview
Zen and the Art of the Internet, 3rd Ed., Brendan Kehoe (1994, ISBN 013-121492-6). UNIX Power Tools, Jerry Peek, Tim OReilly, and Mike Loukides (OReilly & Associates, 1993, ISBN 0-679-79073-X). (Includes a CDROM of useful software for various OSs.)
1.9.3.2 System Administration
UNIX System Administration Handbook, 2nd Ed., Evi Nemeth, Garth Snyder, Scott Seabass and Trent Hein (Prentice-Hall, 1995, ISBN 0-13-151051-722). (Includes a CD-ROM) Essential System Administration, 2nd Ed., Aeleen Frisch (OReilly, 1995, ISBN 1-56592-127-5). When You Cant Find Your UNIX System Administrator, Linda Mui (OReilly & Associates, Inc., 1995, ISBN 1-56592-104-6). Solaris System Administrators Guide, Janice Winsor (Ziff-Davis, 1993, ISBN 1-56276-080-7). Solaris Advanced System Administrators Guide, Janice Winsor (Ziff-Davis, 1993, ISBN 1-56276131-5). System Performance Tuning, Mike Loukides (OReilly & Associates, 1991, ISBN 0-937175-60-9). Sun Performance and Tuning, Adrian Cockroft (Prentice Hall, 1995, ISBN 0-13-149642-5). Unix System V Release 4 Administration, 2nd Ed., David Fiedler, Bruce Hunter, and Ben Smith (Hayden, 1991, ISBN 0-672-22810-6). Managing NFS and NIS, Hal Stern (OReilly & Associates, 1991, ISBN 0-937175-75-7). All About Administering NIS+, Rick Ramsey (SunSoft Press/Prentice Hall, 1992, ISBN 013-0688002) DNS and BIND, Paul Albitz and Cricket Liu (OReilly & Associates, 1993, ISBN 1-56592-010-4). TCP/IP Network Administration, Craig Hunt (OReilly & Associates, 1992, ISBN 0-937175-82-X). sendmail, Bryan Costales with Eric Allman and Neil Rickert (OReilly & Associates, 1994, ISBN 156592-056-2). Panic! UNIX System Crash Dump Analysis, Chris Drake and Kimberley Brown (SunSoft Press, 1995, ISBN 0-13-149386-8). (Includes a CD-ROM).
1.9.3.3 Security
UNIX System Security, Patrick Wood and Stephen G. Kochan (Hayden Books, 1985, ISBN 0-81046267). Practical UNIX & Internet Security, 2nd Ed., Simon Garfinkel and Gene Spafford (OReilly & Associates, 1996, ISBN 1-56592-148-8). Firewalls and Internet Security, W. R. Cheswick and S. M. Bellovin (Addison-Wesley, 1994). Building Internet Firewalls, D. Brent Chapman and Elizabeth D. Zwicky (OReilly & Associates, Inc. 1995 ISBN 1-56592-124-0). Improving the Security of Your UNIX System, David A. Curry (SRI International), available via anonymous ftp from www-wks.acs.ohio-state.edu:/pub/security/security-doc.tar.
14
UTS Software Support
1.10 UTS Software Support

University Technology Services UNIX Workstation Support - Software support for SunOS/Solaris (Sun), Ultrix and Digital UNIX (formerly OSF/1) (DEC), and IRIX (SGI).
1.10.1 Solaris The Sun operating system, SunOS, along with the OpenWindows graphical user interface (GUI), make up the complete Sun UNIX environment. The latest release is Solaris 2.6, which includes SunOS 5.6, OpenWindows 3.6, and version 1.2 of the Common Desktop Environment (CDE). SunOS 5 is based on the System V Revision 4 version of UNIX. Solaris 2.4 runs on all SPARC hardware. Solaris 2.4 runs on all SPARC hardware except the Sun4 series (i.e. Sun 4/110, 4/280, etc.). Solaris 2.4 is still available for those who need it. The latest release of the BSD version of UNIX for the SPARC architecture is Solaris 1.1.2, which includes SunOS 4.1.4 and OW 3_414. Solaris 1.1.2 runs on all SPARC hardware except the Sun4u series (UltraSPARCs). Sun software is site licensed for all Ohio State University faculty, staff, and students, and can be borrowed from UTS Customer Services, 512 Baker Systems. All software is on CDROM.
1.10.2 IRIX IRIX 5.3 is supported on all R3000 and R4000 hardware. IRIX 6.5 is supported on the R4000 and later hardware. Software licenses must be purchased at the University Bookstore. The Bookstore receipt, along with the serial number(s) of the machine(s), must be presented before the software can be loaned to you. SGI software is site licensed for all Ohio State University faculty, staff, and students, and can be borrowed from UTS Customer Services, 512 Baker Systems. All software is on CDROM.
15
Overview
16
CHAPTER 2
Disk Structure and Partitions
Modern disk drives include a CPU and memory to control the disk operation. The drive can accept many simultaneous requests, sort them, and process them concurrently. This minimizes the amount of head movement required to find all the requested data. It stores the data for all these commands in its own memory and can pre-fetch data that it expects you to ask for next, when its not too busy with current requests.
2.1 Disk Structure and Partitions

2.1.1 Disk Structure A hard disk is physically composed of a series of flat, magnetically coated platters stacked on a spindle. The spindle turns while the heads move between the platters, in tandem, radially reading/writing data onto the platters.
FIGURE 2.1
Physical Disk Structure
Cylinder
Head
Platter
Actuator Arm
Spindle
17
FIGURE 2.2
Disk Platter
Sector
Track
2.1.2 Disk tracks, cylinders, and sectors A disk is divided into tracks, cylinders, and sectors. A track is that portion of a disk which passes under a single stationary head during a disk rotation, a ring 1 bit wide. A cylinder is comprised of the set of tracks described by all the heads (on separate platters) at a single seek position. Each cylinder is equidistant from the center of the disk. A track is divided into segments of sectors, which is the basic unit of storage. On Sun systems a sector is 512 bytes (1 disk block) of data, with header and trailer information. The latter make it possible for the controller to identify sectors, detect data errors, and perform error corrections when necessary. The actual layout of a disk sector will vary depending on the controller, but should look something like that shown in Fig. 2.3. There are two Preambles and a Postamble (whose sizes may vary due to rotational speed, etc., and are disk dependent). The Header field lets the controller know where the head is positioned, and the ECC field is for error correction.
FIGURE 2.3
Sector
Preamble 1 Header 25 bytes
Sync Preamble 2 Sync 25 bytes 1 byte
Data Field 512 bytes
ECC 6 bytes
Postamble 22 bytes
8 bytes 1 byte
18
Disk Partitions
The number of sectors per track varies with the radius of the track on the platter. The outermost tracks is larger and can hold more sectors than the inner ones. These outer tracks also spin faster under the head than do the inner ones, because while the angular speed remains the same, the larger circumference results in more sectors spinning by in the same period for the outer tracks. Disk blocks are numbered starting at the outermost track, so put the data you expect to access most often on partition, or slice, 0. 2.1.3 Cylinder group SunOS uses the Berkeley fast file system which uses cylinder groups. A group is formed form 32 or fewer cylinders on a disk (default 16). Each cylinder group has a redundant copy of the superblock, space for inodes, list of available blocks, and a list of data block usage within the cylinder group. Data blocks are spaced to minimize rotational delays and to keep blocks of the same file close together. By grouping cylinders in this way we reduce the amount of head movement, on average, required to access a file. The inode describing the file, and the data for the file, are likely to be in the same physical area of the disk. The position of the redundant superblock within each cylinder group is varied, so that they dont all reside on the same disk platter. This helps to insure that you can recover in the event of the loss of the primary superblock.
2.2 Disk Partitions

2.2.1 SunOS 4.1.X The BSD and SunOS 4.1.X operating systems divide a disk into 8 partitions: a h, some of which may be zero. Partition c covers the entire disk. On the root disk partition a is for the boot files and root directory, b is for swap space - virtual memory space for process and information that cant be contained in main memory, and c is the entire disk. Disk space is allocated in terms of cylinders, tracks, and sectors/blocks. An example of the partition table on a SunOS 4.1.X disk might be:
# format sd0 format> partition partition> print Current partition table partition a - starting partition b - starting partition c - starting partition d - starting partition partition partition partition e f g h starting starting starting starting
(original cyl 0, cyl 46, cyl 0, cyl 220, cyl cyl cyl cyl 0, 0, 303, 0,
sd0): # blocks # blocks # blocks # blocks # # # # blocks blocks blocks blocks
33120 125280 828720 59760 0 0 610560 0
(46/0/0) (174/0/0) (1151/0/0) (83/0/0) (0/0/0) (0/0/0) (848/0/0) (0/0/0)
Corresponding File System / - root swap entire disk /var
/usr
19
2.2.2 SunOS 5.X SunOS 5.X defines the partitions as numbers, rather than names. Also, instead of calling it a partition its now called a slice. The root slice is then 0, slice 1 is swap and slice 2 covers the entire disk. On a SunOS 5.X the disk might be formatted something like this:
# format sd0 format> partition partition> print Volume: nyssa Current partition table (original): Total disk cylinders available: 1866 + 2 (reserved cylinders)
Corresponding
Part 0 1 2 4 6 Tag root swap backup var usr Flag wm wu wm wm wm wm wm wm Cylinders 0 74 0 294 0 368 - 1245 1246 - 1865 367 73 293 Size 20.23MB 60.16MB 510.23MB 0 20.23MB 0 240.08MB 169.53MB (74/0/0) (220/0/0) (0/0/0) (74/0/0) (0/0/0) (878/0/0) (620/0/0) Blocks 41440 123200 0 41440 0 491680 347200
0 - 1865
(1866/0/0) 1044960
File System / - root swap entire disk /var /usr /opt
3 unassigned 5 unassigned 7 unassigned
where Flag indicates writable/mountable (wm) and writable/unmountable (wu). 2.2.3 SGI IRIX 5.X IRIX 5.X uses and enhanced version of the Unix file system called the Extent File System (EFS) and allows up to 11 partitions on your disk, some of which are used for diagnostic purposes only. The disk format command is fx, which when using the /label/show/all menu shows:
# fx/label/show> all ----- current drive parameters----Error correction enabled Enable data transfer on error Don't report recovered errors Do delay for error recovery Don't transfer bad blocks Error retry attempts 1 Do auto bad block reallocation (read) Do auto bad block reallocation (write) Drive readahead enabled Drive buffered writes disabled Drive disable prefetch 0 Drive minimum prefetch 0 Drive maximum prefetch 0 Drive prefetch ceiling 0 Number of cache segments 6 CTQ disabled Read buffer ratio 0/256 Write buffer ratio 0/256
20
Disk Partitions
----- current drive geometry----Tracks/zone = 484 Sect/track = 108 Alt sect/zone = 50 Interleave = 1 Cylinders = 3875 Alt track/volume = 8 Cylinder skew = 15 Heads = 3 Alt track/zone = 1 Track skew = 11 Data bytes/sec = 512 Rotational rate = 4500 ----- partitions----part type cyls blocks Megabytes (base+size) 0: efs 8 + 3053 2584 + 986119 1 + 482 1: raw 3061 + 253 988703 + 81719 483 + 40 8: volhdr 0 + 8 0 + 2584 0 + 1 10: volume 0 + 3314 0 + 1070422 0 + 523 ----- bootinfo----root partition = 0 swap partition = 1 bootfile = /unix ----- directory entries----0: sgilabel block 2 size 512 2: ide block 288 size 977920 1: sash block 3 size 140800 ----- sgi-info----serial = 0000 name = SGI IBMDSAS-3540 S47K
Here partition 0 contains the user files, including root, usr, etc. Larger systems may have /usr as a separate partition on partition 6. Swap is partition 1. The entire usable disk, excluding the volume header is partition 7. The volume header is on partition 8, including some diagnostic tools and standalone programs. The entire drive, including the volume header is partition 10. The prtvtoc command will provide similar information without the destructive danger of fx. The dvhtool command can be used to report or change the disk volume header. To list the header information a command similar to the following will work, specifying the raw device for the volume header:
# dvhtool -v list /dev/rdsk/dks0d1vh Current contents: File name sgilabel sash ide
Length 512 140800 977920
Block # 2 3 288
In this listing sash is the standalone shell. You can set aside additional maintenance partitions, if you have the disk space.
21
2.2.4 Ultrix 4.X Ultrix 4.X uses the BSD 4.2 disk format with the disk divided into 8 partitions, a -> h. You can use chpt with the "-q" option (for query) to display the disk label, e.g.:
# chpt -q /dev/rrz2a /dev/rrz2a Current partition table: partition bottom top a 0 32767 b 32768 163839 c 0 1956863 d 0 0 e 0 0 f 0 0 g 163840 1956863 h 0 0
size 32768 131072 1956864 0 0 0 1793024 0
overlap c,d,e,f,h c a,b,d,e,f,g,h a,c,e,f,h a,c,d,f,h a,c,d,e,h c a,c,d,e,f
2.2.5 Digital UNIX OSF/1 uses the BSD disk format also. To display the disk partitions use the disklabel command with the "-r" option (for read only), e.g.:
# disklabel -r rz0 # /dev/rrz0a: type: SCSI disk: rz26 label: flags: bytes/sector: 512 sectors/track: 57 tracks/cylinder: 14 sectors/cylinder: 798 cylinders: 2570 sectors/unit: 2050860 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 track-to-track seek: 0 drivedata: 0 8 partitions: # size offset a: 131072 0 b: 262144 131072 c:2050860 0 d: 552548 393216 e: 552548 945764 f: 552548 1498312 g:1001000 393216 h: 656644 1394216
# milliseconds # milliseconds fstype [fsize bsize cpg] 4.2BSD 1024 8192 16 unused 1024 8192 unused 1024 8192 unused 1024 8192 unused 1024 8192 unused 1024 8192 4.2BSD 1024 8192 16 4.2BSD 1024 8192 16
# # # # # # # #
(Cyl. 0 - 164*) (Cyl. 164*- 492*) (Cyl. 0 - 2569) (Cyl. 492*- 1185*) (Cyl. 1185*- 1877*) (Cyl. 1877*- 2569*) (Cyl. 492*- 1747*) (Cyl. 1747*- 2569*)
22
Disk Partitions
2.2.6 Label For SunOS the label is contained on the first sector of the first partition. The next 15 sectors contain the Boot Area. IRIX reserves the first block (also 512 bytes) but doesnt use it for anything.
2.2.7 Cylinder Groups Following the label in the root partition, and in all the other partitions that are intended for the UNIX file system, we create a series of Cylinder Groups. Each Cylinder Group contains a Superblock, Cylinder Group Summary Block, Inode Table, and Data Block Area. IRIX places the Superblock in the second block of the file system. The index node, known as the inode, keeps track of the location of the files on the disk. The first Superblock in a file system is the Primary one and the remainder are backup copies for that partition or slice. The Cylinder Group Summary Block keeps track of: the size of the file system the number of inodes and data blocks pointers to the last block, fragment, and inode used the number of available fragments the used inode map the free inode map.
23
FIGURE 2.4
Logical Disk Layout
Label Boot Area Primary Superblock Cylinder Group Summary Block
first 16 sectors
Inode Table
Data Block Area Backup Superblock Cylinder Group Summary Block Inode Table
Data Block Area
24
Disk Partitions
The default size for each Data Block is 8192 bytes, divided into 8 fragments of 1024 bytes each. 0 1 2 3 4 5 6 7
Inodes are assigned one per file. Each Inode Block consists of ownership, timestamps (creation, modification, access), size, number of hard links, and location of data block information for that file. The inode does not contain the name of the file. That is defined by the directory table information.
FIGURE 2.5
Inode Block Contents
Mode Owners Time Stamps Size 1 2 3 4 5 6 7 8 9 10 11 12 Single Indirects Double Indirects Triple Indirects Pointers to Data Blocks Data Block for Pointers
Data Blocks D D
D P D P D P D
Each pointer is 4 bytes long 8192 bytes/pointer block 4 bytes/pointer 8192 bytes/data block 1.7 107 bytes for a single indirect. (8192/4) 3.4 1010 bytes for a double indirect. (8192/4)2 7.0 1013 bytes for a triple indirect.
25
The maximum size of a Unix file and a Unix file system are limited by the capabilities of the operating system. Those for SunOS and IRIX are listed in the table below.
TABLE 2.1
Maximum File and File System Sizes File Size 2 GB 2 GB 1 TB 2 GB 9,000,000 TB (64-bit Kernel) 1 TB (32-bit Kernel) File System Size 2 GB 1 TB 1 TB 8 GB 9,000,000 TB (64-bit Kernel) 1 TB (32-bit Kernel)
Operating System SunOS 4.1.X SunOS 5.X SunOS 5.6 IRIX 5.X IRIX 6.2
26
CHAPTER 3
Devices
For the operating system to recognize a hardware device you need to give the device a software name and have the driver that controls the device available to the kernel.
3.1 Logical Names

3.1.1 Disk and Tape Devices For SunOS 4.1.X the disk and tape logical device names correspond to entries in the /dev (devices) directory which control access to the physical devices. Some of the devices are: Disks: sd - SCSI controllers, can control 2 disks. xy - Xylogics 450/451 SMD controller, can control 2 disks. xd - Xylogics 7053 controller, can control 4 disks. Tapes: st - SCSI controller: 1/4" QIC, 8mm, 4mm DAT xt - 1/2" high density Xylogics 472 controller mt - 1/2" low density Tapemaster controller, and others (sometimes linked to st)
CD-ROM: sr - SCSI controller where SCSI stands for Small Computer System Interface. 3.1.2 Ethernet Devices ie - Intel (82586 chip), Sun-3/75, Sun-3/100, Sun-3/200, Sun-4 le - Lance (AMD chip), Sun-3/xx, SPARCstations (Sun-4c, Sun-4m) ec - SGI Irix ln - DEC Ultrix and Digital UNIX
Ethernet:
27
Devices
3.1.3 Device Controllers The controller is the hardware that controls the communication between the system and the peripheral drive unit. It takes care of low level operations such as error checking, moving disk heads, data transfer, and location of data on the device. 3.1.4 Device Drivers The device driver is the software that operates the controller. This software must be available to the kernel if you wish to use the device. The device drivers must match the device that you wish to use. Drivers perform functions to: probe, attach, open, close, read, write, reset, stop, timeout, select, strategy, dump, psize, ioctl, and process transmit and receive interrupts for a device. When a program attempts to access a device the kernel traps the request, looks up the appropriate information in its tables, and transfers control to the device driver.
3.2 Disk Partitioning

3.2.1 SunOS 4.1.X The disk is organized into logical partitions, each of which corresponds to a device entry, e.g. /dev/sd0a, where sd is the controller type, 0 represent disk0 attached to the controller, and a represents the partition. Partitions "a" through "h" are allowed, where "c" represents the entire disk. The format program writes a label to the disk on cylinder 0, track 0, sector 0, describing the partitions. Partitions allow you to subdivide your disks and separate data. You can examine your disk partitioning scheme with the dkinfo command.
# dkinfo sd0 sd0: SCSI CCS controller at addr f8800000, unit # 24 1254 cylinders 9 heads 36 sectors/track a: 16848 sectors (52 cyls) starting cylinder 0 b: 86184 sectors (266 cyls) starting cylinder 52 c: 406296 sectors (1254 cyls) starting cylinder 0 d: No such device or address e: No such device or address f: No such device or address g: 145476 sectors (449 cyls) starting cylinder 318 h: 157788 sectors (487 cyls) starting cylinder 767
The devices listed correspond to the logical devices /dev/sd0a /dev/sd0h and /dev/rsd0a /dev/rsd0h, for the block and character (raw) devices, respectively.
28
Disk Partitioning
3.2.2 SunOS 5.X For SunOS 5.X the device naming convention has been changed considerably from that of SunOS 4.1.X. The new convention includes some of the devices characteristics in the name. Suns convention is slightly different from the SysV.4 naming convention, because SunOS 5.X limits disk partitions to eight per disk. If you install the binary compatibility package links are created with the old style names to the new device names, so you should be able to use either scheme. Device names are split into three name spaces: physical logical SunOS 4.X compatible
In the physical name space devices have names consistent with the ones used by the Open Boot PROM. These are kept in the /devices directory. Devices that control other devices, such as the bus controller, have a subdirectory under this hierarchy. The physical device name now contains the hardware information within the name. What was formerly known as /dev/sd0a might now be:
/devices/sbus@1,f8000000/esp@0,800000/sd@0,0:aor /devices/iommu@0,10000000/sbus@0,10001000/espdma@5,8400000/esp@5,8800000/sd@0,0:a
Similarly, at the Open Boot PROM the first example device would be known as:
/sbus@1,f8000000/esp@0,800000/sd@0,0:a
This name uniquely identifies the physical location of the hardware device to the system. It has a series of node names, each separated by a slash (/) of the form
name@address:arguments
where
name @ address : arguments is a text string that usually has a mnemonic value, e.g. sbus, esp, sd precedes the address parameter text string, usually in the form hex_number, hex_number precedes the arguments parameter text string intended to pass additional information to the device driver
So in the examples above:

sbus@1,f8000000 represents the address on the main system bus occupied by the SBus, esp@0,800000 represents the SBus slot number and offset within the slot (slot 0, offset 80000) for the SCSI controller, esp sd@0 represents a SCSI disk, sd, attached to the SCSI bus with Target Number 0 0 is the SCSI Logical Unit Number of sd, and a is the disk Partition. UNIX System Administration 1998 University Technology Services, The Ohio State University 29
Devices
The logical device names are kept in /dev and are symbolic links to the physical device names in /devices. The logical names are what you will generally use. The logical disk names contain the controller number, target number if the disk is on a device bus, disk number, and slice (formerly partition) number. Every disk device has an entry in both the /dev/dsk and /dev/rdsk directories, for the block and raw disk devices, respectively. So the logical device name for what was known under SunOS 4.1.X as /dev/sd0a would be:
/dev/dsk/c0t0d0s0
where
c0 t0 d0 s0 Controller Number Target Number Disk Number Slice (Partition) Number
and this is a symbolic link to:

/devices/sbus@1,f8000000/esp@0,800000/sd@0,0:a
For disks that are directly attached you would drop the target number entry, e.g. something similar to:
/dev/dsk/c0d0s0.
The dkinfo command is not available for examining disks under SunOS 5.X. You can check disk information with the new command prtvtoc, but this must be run with root permissions. Heres an example of the output you might see:
# prtvtoc /dev/rdsk/c0t3d0s2 * /dev/rdsk/c0t3d0s2 partition map * Dimensions: * 512 bytes/sector * 80 sectors/track * 9 tracks/cylinder * 720 sectors/cylinder * 2500 cylinders * 1151 accessible cylinders * Flags: * 1: unmountable * 10: read-only * * First Sector Last * Partition Tag Flags Sector 0 2 00 0 1 3 01 37440 2 5 00 0 5 6 00 103680 6 4 00 452160 7 8 00 739440 30
Count 37440 66240 828720 348480 287280 89280
Sector 37439 103679 828719 452159 739439 828719
Mount Directory /
/opt /usr /home
Disk Label and Bootblock
where some of the Tag codes are:

Boot Root Swap Usr 1 2 3 4
and the Flags are:

Mountable, read/write 00 Not Mountable 01 Mountable, read only 10
3.2.3 IRIX 5.X IRIX has the physical devices in /dev, with disk entries in /dev/dsk (block devices) and /dev/rdsk (raw devices) for each of partitions 0 7, in the form dksXdYsZ. X, Y, and Z are numbers, with X starting at 0 for your default SCSI interface, Y starting at 1 for your first disk, and Z going from 0 through 7. Additionally there are raw device entries for the volume and volume header partitions, in the form dksXdYvol and dksXdYvh, respectively. for the root disk you can also reference the root device as /dev/root and /dev/rroot, for the block and character devices, respectively. There are similar entries for swap, /dev/swap and /dev/rswap; usr, /dev/usr and /dev/rusr; and an access to the header, /dev/rvh. 3.2.4 Ultrix and Digital UNIX Ultrix and Digital UNIX (formerly OSF/1) follow the BSD style. The disk devices are know as /dev/rz0a /dev/rz0h and /dev/rrz0a /dev/rrz0h for the block and character devices, respectively, for physical devices a through h.
3.3 Disk Label and Bootblock

The disk label is put on the rst sector of the rst partition. This label contains the partitioning information for the disk. You can use the format program to format, check, partition, and label an unmounted disk. For Ultrix use rzdisk/radisk to format a SCSI/DSSI disk and chpt to change disk partitions. For IRIX 5.X use fx or dvhtool. The SunOS 4.1.X EEPROM expects to find bootblock code in the bootblock area of a disk, sectors 1 through 15 of the first partition. This program is put there by the installboot program and allows the PROM to locate the boot program on the disk. Under SunOS 5.X the boot program and the boot block uses the drivers resident on the PROM or on the Sbus card. So the bootblock area doesnt contain the actual location of the disk block where the boot program resides. The SunOS 5.X bootblk program can read the file system to locate the boot program.
31
Devices
3.4 Tapes
3.4.1 SunOS 4.1.X The tape devices are generally referenced as the raw device, either rst, rxt, or rmt devices. For SCSI drives the tape device should have a target ID of either 4 or 5, /dev/rst0 or /dev/rst1, respectively. If the drive can handle more than one density then adding 8 to the device number should access the higher density, e.g. /dev/rst8 and /dev/rst9, respectively. You access the no-rewind device by prepending the device name with an "n", e.g. /dev/nrst0 and /dev/nrst1, respectively. 3.4.2 SunOS 5.X The tape naming convention has been changed for SunOS 5.X. The tape devices are found in the subdirectory /dev/rmt. The tape devices are numbered from 0 and may include in their name certain characteristics, such as tape density, whether its a no-rewind device, and whether it should use BSD behavior. The latter specifies that when reading past an EOF mark it should return the first record of the next file and that when closing a no-rewind device it should skip a tape space forward. The logical tape name would be something like:
/dev/rmt/XYbn
where
X Y b n specifies the Logical Tape Number specifies the Tape Density (l=low, m=medium, h=high, u=ultra, c=compressed) specifies BSD Behavior specifies the no-rewind device.
So if you want to use the 5 GByte capacity on a 2/5Gbyte 8mm tape you would use the device
/dev/rmt/0h
which corresponds to the physical device:

/devices/sbus@1,f8000000/esp@0,800000/st@4,0:h
For QIC drives l=>QIC-11, m=>QIC-24, and h=>QIC-150, though if your drive can only write one format thats what will be written regardless of the format selected. 3.4.3 IRIX 5.X The default tape device is /dev/nrtape. 3.4.4 Ultrix and Digital UNIX The default tape device is /dev/rmtXD and /dev/nrmtXD, where X is a number and D specifies the density, i.e. l, h, etc. The "n" in front of rmt specifies the no-rewind device.
32 1998 University Technology Services, The Ohio State University UNIX System Administration
CHAPTER 4
The UNIX File System
4.1 File Systems

Before you can use the disk partitions by the OS you need to construct a file system on them. Generally you create a separate file system on each partition, except those used for swap which are accessed as raw partitions, and then join them together to form a hierarchical, tree like structure. 4.1.1 File system implementation The disk must first be formatted and partitioned before it can be used by the OS. You format the disk with the format command which uses the /etc/format.dat configuration file for parameter values. You construct a new file system with newfs/mkfs. newfs is a friendly front-end to mkfs. It reads the disk label, builds the file system, and installs the bootstrap program if its the root partition. It sets aside space for inodes (default is 1 inode per 2048 bytes of data space) and reserves free space for use only by root (default is 10%, which can be reset later with tunefs). The new file system should be checked for internal consistency with fsck, and can then be mounted by the OS. 4.1.2 Function and contents of superblock The superblock contains information on the size of the file system, the number of inodes, the number of data blocks, the free and used inodes, and the block size for the file system. The superblock is kept in memory and in multiple locations on disk for each file system. 4.1.3 The inode area The OS interprets requests to read/write/delete files by allocating inodes and data blocks. An area is set aside on each partition to store the inode table for that partition. Inodes contain information on files and directories stored in the file system, their file permissions, link count, state and type of file, time stamps, size, and pointers to location of data blocks. The inodes do NOT contain the name of the file. An inode keeps track of its own state; whether its allocated or not.
33
4.1.4 Directories Each directory contains the names of files within the directory and the inode numbers associated with these files. A directory is just an ordinary file in the data block area. Its a binary file, which contains tabular information similar to (e.g. for /usr):
2 2 3 2688 5376 10752 13440 26880 4570 94123 7 102177 ... . .. lost+found export bin ucb etc include lib hosts boot local
where the current directory (.) and the parent directory (..) are the same, because /usr is on a separate disk partition. lost+found is created by newfs for use by fsck.
4.1.5 Data area The data area contains the users data, files, and directories. Symbolic links also reside in the data area, and point to files of directories on this or other file systems.
1.
2. 3. 4. 5.
4.1.6 Making and mounting file systems - summary format - format and partition the physical disk chpt - Ultrix command to partition the disk newfs - construct the file system on each partition fsck - check the new file systems for internal consistency mount/umount - mount/unmount the file systems /etc/fstab, or /etc/vfstab (SunOS 5.X only) - edit this file to mount these file systems automatically at start of multi-user mode
34
File System Types
4.2 File System Types

SunOS has 3 different types of file systems: disk-based, distributed, and pseudo. The disk-based file systems include hard disks, CDROMs, and diskettes. The distributed file systems manage network resources. The pseudo file systems are memory-based and do not use any disk space. They provide access to kernel information and facilities.
TABLE 4.1
File System Types Name ufs hsfs Description UNIX File System, based on BSD Fat Fast File System (default) High Sierra File System, used by CDROMs and supports Rock Ridge extensions. Very similar to ufs, except that it does not support writable media or hard links PC File System, to allow read/write access to DOS formatted disks Cache File System, allows use of local disk to store frequently accessed data from a remote file system or CDROM Network File System, the default distributed file system type Remote File Share, AT&Ts RFS product Automount File System, automounts NFS file systems, as needed, using NIS and NIS+ maps Temporary File System, file storage in memory and swap without the overhead of writing to a ufs file Special File System, allows access to the special character and block devices Loopback File System, creates a virtual file system which can overlay or duplicate existing files. The files are accessible from either path Translucent File System, allows mounting of a file system on top of existing files, with both visible Process Access File System, allows access to active processes and their images File Descriptor File System, allows access to file names using descriptors Name File System, used by STREAMS for dynamic mounts of file descriptors on top of files First In First Out File System, allows process access to named pipe files Swap File System, used by the kernel to manage swap space SunOS 4.1.X yes (known as 4.2) yes SunOS 5.X yes yes
Type Disk-based
pcfs cachefs
yes no
yes yes
Distributed
nfs rfs autofs
yes yes no yes yes yes
yes no (only < 5.3) yes yes yes yes
Pseudo
tmpfs specfs lofs
tfs proc fdfs namefs fifos swapfs
yes no no no no no
no yes yes yes yes yes
35
4.2.1 Temporary File System (tmpfs) A temporary file system uses memory to simulate a traditional disk partition. Normal file system writes are scheduled to be written to disk along with access control information, but the files actually reside in memory only. A good candidate for a tmpfs is a partition that will have many small files that will be accessed often, e.g. /tmp. This will considerably speed up their access time. Tmpfs files and directories are NOT saved when the system shuts down. Tmpfs is recommended for systems that do a lot of compiling and loading of programs and have large amounts of memory (> 16 MB) and swap space. Disadvantages are that it reduces the amount of swap space available for other process and that it is volatile. To mount a temporary file system under SunOS 4.1.X as /tmp:
# mount -t tmp swap /tmp
where the -t option indicates the type is tmp. To do this under SunOS 5.X you specify the -F option:
# mount -F tmpfs swap /tmp
Note that the file system type is specified as tmp in SunOS 4.1.X and tmpfs in SunOS 5.X. In order to use tmpfs under SunOS 4.1.X the TMPFS option must be configured in the kernel, and an entry such as:
swap /tmp tmp rw 0 0
could be put in /etc/fstab. Under SunOS 5.X the /etc/vfstab entry would look like:
#device #to mount swap device to fsck mount point /tmp FS type tmpfs fsck pass mount at boot yes mount options -
4.2.2 Translucent File System (TFS) The translucent file system allows users to mount a writable file system on top of a read-only file system. The contents of the lower system remain visible when the file system is mounted in this way, so long as there is no file system of similar name in the top file system (SunOS 4.1.X only). So TFS is a series of stacked file systems where searching for files is done from the top of the stack downward until the first file of that name is found. Modification of files can be done on the top most file system only. If a user tries to remove a file from a directory not in the foremost file system TFS creates a whiteout in the topmost file system and leaves the lower one intact. Further attempts by the user to access that file are answered as if the file had been removed, when in fact it is still intact at the lower file system, and can be accessed by other users not using TFS. TFS requires both the LOFS (loopback filesystem) and TFS (translucent filesystem) options be compiled into the kernel. It also requires the following line in the /etc/inetd.conf file:
tfsd/1-2 36 dgram rpc/udp wait root /usr/etc/tfsd tfsd UNIX System Administration
File System Types
To mount a TFS file system use the following command:

# mount -t tfs /src/fgf/test /usr/bin
Unmount with:
# umount /usr/bin
4.2.3 Swapfs Swap and how its managed by the OS has changed considerable in Solaris 2. If you have enough memory you can now run without swap space should you so desire. The OS now treats main memory as if it were a backing store. SunOS 4.1.X required that all memory have a physical backing store. So if you set aside less swap than physical memory, you couldnt use all the memory available. This also meant that the swap space was reserved even if the program and data could fit entirely in memory. This is no longer the case under the virtual swap space of SunOS 5.X. To implement this concept the pseudo file system, swapfs was created. Swapfs provides names for anonymous memory pages. Whenever a process executes a file system operation on a page named by swapfs, swapfs gains control of the page. Swapfs can change the name of the page and back it up with physical store, if necessary. Anonymous memory pages appear to the system as if they were backed up by real swap space, though this is not actually the case. As more memory is needed these pages can be moved to available physical swap space by swapfs. Swapfs uses main memory as if it were swap space. So in effect swap space is expanded to include main memory as well as physical swap space. A certain fraction of main memory is always reserved for the kernel data structures and is not available to swapfs. When releasing swap space swapfs always releases main memory before physical backing swap space. Under swapfs its now also possible to remove swap devices and files while the system is running, so long as this swap area is not being used or if the files in this swap area can be moved to another swap area or memory. All swap partitions, including the primary one, are now mounted through entries in /etc/vfstab, e.g.:
#device #to mount /dev/dsk/c0t3d0s1 device to fsck mount point FS type swap fsck pass mount at boot no mount options -
4.2.4 Cachefs The cache file system, cachefs, lets you use a disk drive on a local system to cache frequently used data from a remote file system or CDROM. The cache is a temporary storage area for those files. The data is read from the original file system and stored in the cache on the local disk. The next time the file is accessed, it will come from the cache, after first insuring that the original file has not changed. This reduces network traffic and/or increases response time from a slow medium such as CDROM. The cache file system can store files from one or more remote file systems on a local disk. This should be useful in situations where you have enough disk space to set aside for cachefs and where your local machine is fast enough that you dont lose too much time caching the le the rst time.
37
4.2.5 Autofs The automounting file system, autofs, mounts file systems when access is requested and unmounts the file system after a few minutes of inactivity. Theres a certain amount of overhead traffic required to maintain the NFS connection. Autofs allows you to break that connection when the file system is not being used and restart it again automatically when access is desired. This reduces network traffic. The automount daemon, automountd, is run to mount file systems requested by autofs.
4.3 Compatibility
SunOS 5.X and SunOS 4.1.X formatted disks are compatible. There are a few tags that can be added to the 5.X disks during formatting or labeling that are ignored if the disk is used on a 4.1.X system. Likewise, if a 4.1.X disk is used on a 5.X system these missing tags will be assigned the default values. The expanded disk label includes:
volume name to identify the disk device, up to 8 characters partition tags to identify partition usage; valid tags are: unassigned boot root swap usr backup stand var home partition ags that specify read/write access and whether the partition is mountable; valid
flags are:
w r m u read/write read only mountable unmountable
The default partition tag and flag values for a disk are:
0 1 2 3 4 5 6 7 root swap backup unassigned unassigned unassigned usr unassigned wm wu wm wm wm wm wm wm
38
Compatibility
The format utility can be used to set volume names and retag the partitions. The prtvtoc command can be used to examine the disk label. You can also examine the disk labels with the verify subroutine of the format command:
# format> verify format> verify Primary label contents: ascii name pcyl ncyl acyl nhead nsect Part Tag 0 root 1 swap 2 backup 3 unassigned 4 unassigned 5 6 usr 7 home = <SUN0424 cyl 1151 alt 2 hd 9 sec 80> = 2500 = 1151 = 2 = 9 = 80 Flag Cylinders Size wm 0 - 51 18.28MB wu 52 - 143 32.34MB wm 0 - 1150 404.65MB wm 0 0 wm 0 0 wm 144 - 627 170.16MB wm 628 - 1026 140.27MB wm 1027 - 1150 43.59MB
Blocks (52/0/0) (92/0/0) (1151/0/0) (0/0/0) (0/0/0) (484/0/0) (399/0/0) (124/0/0)
The fmthard command can be used to update the VTOC (Volume Table of Contents) of a hard disk. The disk needs to be first labeled by format.
39
4.4 Names & contents of important UNIX directories

TABLE 4.2
Unix Directories SunOS 4.1.X yes yes, but scripts are in /etc yes SunOS 5.X yes yes Ultrix 4.X yes no Digital UNIX yes yes
Directory / /sbin
Description root - kernel files required to start the system and scripts to control the boot process
IRIX 5.X yes yes
/etc
files required to boot the system and communicate, and scripts to control the boot process system configuration option files cron access files and FIFO default system configuration distributed file sharing configuration static file system specific mount commands file domain names and devices, symbolic links to the file volumes internet services configuration internet service scripts run by init shared libraries required for boot line printer system configuration mail configuration configuration for transportindependent network services optional software package configuration files operations performed when entering run level # (S,0,1,2,3) service access facility configuration security audit configuration " directories of system files system binary files further system communication and administration programs
yes, but some scripts are in /sbin no yes yes yes yes no yes yes yes yes yes yes yes yes yes yes no yes yes no
yes
yes
yes
/etc/config /etc/cron.d /etc/default /etc/dfs /etc/fs /etc/fdmns /etc/inet /etc/init.d /etc/lib /etc/lp /etc/mail /etc/net /etc/opt /etc/rc#.d /etc/saf /etc/security /etc/sec /usr /usr/bin /usr/etc
no no no no no no no no no no no no no no no no no yes yes yes
yes yes yes no no no no yes no no no yes yes yes no no no yes yes yes
no no no no no no no no no no no no no no no no yes yes yes yes
no no no no no yes no no no no no no no no no no yes yes yes no
40
Names & contents of important UNIX directories
TABLE 4.2
Unix Directories SunOS 4.1.X no yes no yes yes yes no yes no no no no no no no no no yes yes yes yes no yes no yes no no no yes no SunOS 5.X yes yes yes no no no yes yes no yes yes yes yes yes yes yes yes yes yes yes no yes no yes yes yes no yes yes yes Ultrix 4.X no yes no no no no no yes no no no no no no no no no yes yes no yes no yes no yes no no no yes no Digital UNIX yes yes no no no no no yes no yes no no no no no no no yes yes no yes no yes no yes no no no yes no
Directory /usr/sbin /usr/lib /usr/4lib /usr/5bin /usr/5include /usr/5lib /usr/aset /usr/ucb /usr/bsd /usr/ccs /usr/dt /usr/lib/fs /usr/lib/lp /usr/lib/netsvc /usr/lib/nfs /usr/lib/nis /usr/lib/saf /var /var/adm /var/log /var/spool/mail /var/mail /var/yp /var/nis /var/spool /var/sadm /var/inst /var/saf /dev /dev/dsk
Description " libraries of object files, sendmail SunOS 4.1 libraries required for binary compatibility System V binaries System V include files System V libraries automated security enhancement tool files and programs BSD binaries " compiler support systems CDE desktop hierarchy file system dependent modules line printer databases and programs network service utilities NFS daemons and programs NIS+ programs and setup scripts SAF daemons and programs directories for administrative programs and logs system log and account files system log files mail spool directory mail spool directory NIS tables and Makefile for updating NIS NIS+ tables directories for cron, logs, etc. databases maintained by package administration utilities databases maintained by inst utility service access facility log and account files devices directory block disk devices directory
IRIX 5.X yes yes no no no no no no yes no no no no no no no no yes yes no no yes yes no yes no yes no yes yes
41
TABLE 4.2
Unix Directories SunOS 4.1.X no no no no no no yes SunOS 5.X yes yes yes yes yes yes yes Ultrix 4.X no no no no no no no no yes client boot programs temporary files locally installed files locally installed packages and files contains the kernel and drivers for the kernel hardware specific files for kernel support standalone environment programs, can be accessed from the PROM for process access file system, it provides access to all current processes object files to reconfigure the kernel vold mount points yes yes optional no no no no no yes yes optional yes yes >=2.5 no yes no yes yes optional yes no no yes yes yes optional no no no no no yes optional yes no no no yes no no Digital UNIX no yes yes no yes no yes
Directory /dev/rdsk /dev/pts /dev/rmt /dev/term /dev/sad /devices /home /usr/people /usr/users /tftpboot /usr/local/boot /tmp /usr/local /opt /kernel /platform /stand /proc
Description raw disk devices directory pseudo terminal (pty) devices directory raw tape devices directory terminal devices directory entry points for STREAMS administrative drivers physical devices directory user directories
IRIX 5.X yes yes yes no yes no no yes
/sys /vol
yes no
no yes
no no
yes no
yes no
42
File structure of standalone and server machines
4.5 File structure of standalone and server machines

Standalone / /var /usr /home /opt Server / /var /usr /home /export/[root,swap,exec] /opt /usr/local root swap spool system programs user space optional software packages (SunOS 5.X) root swap spool server system programs user space client root, swap, and /usr optional software packages (SunOS 5.X) optional software packages (SunOS 4.X).
4.6 Disk Partitioning

In the old days you normally partitioned the disks to allow just a little more space than actually needed for system files. For file systems that were likely to grow, like /home and /usr/local, you made as large as possible while balancing your needs and resources. The root partition was expected to have few files that would change on a daily basis (/etc/passwd being the notable exception), and this was a good thing. With few files changing there was less likelihood that the file system would be corrupted. Disks were not as reliable as they are now. A problem arises, though, if you need to add more space to a partition. Most OSs wont let you transparently add this space. You normally have to back up the disk, repartition the drives, and restore the files from the backup. As operating systems grew in size, and this was especially noticeable in the transition to Solaris, more files, and more changing files, were placed in the root partition. For example, by default the Solaris install put /var in root, but /var now changes considerably every time you add a new software package or install an OS patch. So the old idea of a small, little-changing root partition doesnt hold, unless you separate /var on another partition. There has been a lot of discussion of this topic in the system administration newsgroups recently. For standalone machines its probably most efficient to just have two partitions: one for swap, and one for everything else. For servers its better to isolate the different types of files on separate partitions. Below Ill summarize many of the arguments for and against the two positions.
43
TABLE 4.3
Disk Partitions Separate Partitions Difficult to maintain Easier with smaller partitions Less chance of corruption Can more easily restore that file system Allow different mount options Separate quotas by partition Can run out of space on one partition while lots of space on others Fills space only on that partition Combined Partitions No maintenance Higher density tapes, stackers Can rebuild the OS quickly Can boot diskless & rebuild the OS quickly One mount option One quota Still has space available to users Fills all available space, this may shut down essential services, e.g. mail & logs
Argument Proper Size Tape Backups Small Root Partition Any Corrupted Partition NFS File Service Quotas Space Runaway Programs
44
CHAPTER 5
File System Management
5.1 File System Management

5.1.1 Maintenance Use fsck to examine the disk partitions at startup. The only time this should be disabled (e.g. fasthalt/fastboot, SunOS 4.1.X only) is if you are testing the boot procedure or a new kernel. Under SunOS 4.1.2 and above if you bring the system down cleanly the disk partitions will be marked FSCLEAN. The fsck will notice this and skip the check. This is okay. If the system has not come down cleanly then be sure to force fsck to check the disk the next time you boot. 5.1.2 File system updates The operating system doesnt write immediately to disk when a file is modified. To save time it writes to a buffer cache which is much faster than writing to disk. When the buffer cache fills up the information, along with the appropriate inode numbers to identify the files, is written to disk. If the system is somehow interrupted before the buffer is written to disk, the file system on the disk can become corrupted. 5.1.3 Sync command Sync causes the system to flush its buffers and write all waiting data to disk. Sync should be executed periodically by the OS, either in the kernel, or through a periodic program, e.g. cron. SunOS does this for you every 30 seconds using either the update (4.1.X) or fsush (5.X) command. 5.1.4 Causes of file system corruption Most common causes of file system corruption are due to improper shutdown or startup procedures, hardware failures, or NFS write errors. Shutdown should be done through one of the system shutdown commands; these sync the file system first. Never shut the system down by turning off the power. Taking a mounted file system off-line or physically write-protecting a mounted file system can also corrupt the disk. Improper startup includes not checking a file system for consistencies (fsck) before mounting it and not repairing any inconsistencies discovered by fsck. Hardware
45
failures could be a bad block on disk, a bad disk controller, a power outage, or accidental unplugging of the system. Software errors in the kernel can also cause file system corruption.
5.2 Fsck
The fsck command checks and corrects file system inconsistencies. The file system should be unmounted or "quiet" when running fsck. Ideally, it should be unmounted, but this is not always possible for the root file system. fsck makes several passes through the file system, each time examining a different feature. 5.2.1 The lost+found directory This directory is created when the file system is made by newfs. fsck copies problem ("lost") files here. fsck cant create its own directories so newfs must do this first. When creating the directory newfs makes entries so that, should it need to, numerous files could be put there by fsck. 5.2.2 Superblock consistency fsck checks for inconsistencies involving le system size, free block count, and free inode count in the superblock. fsck can not independently verify the file system size, but it can check that this size is larger than the sum of the superblock and inode blocks. All other fsck checks require that the file system size and layout information be correct. 5.2.3 Inode consistency fsck checks for the allocation state, the format and type, link count, duplicate blocks (blocks already claimed by another inode), bad blocks, inode size, and block count for each of the inodes, starting with inode 2. Inode 0 is reserved to mark unused inodes, and inode 1 is reserved for a future service. If an inode has a non-zero link count, but fsck, when checking the directory entries, finds no reference for that inode, it places the file referenced by the inode in lost+found. 5.2.4 Data block consistency fsck cant check ordinary data blocks, but it can check directory data blocks. These it checks for inode numbers pointing to unallocated inodes, out-of-bounds inode numbers, incorrect inode numbers for "." and "..", and directories not connected to the file system. The latter it will link back into the file system by putting an entry for it in the lost+found directory. The directory entry for "." should be the first entry in a directory block, and it should reference itself, i.e. have the inode number for the directory. The second entry in the directory should be "..", and reference the inode for the parent of this directory. For the root directory ".." would reference the inode pointing to itself. In addition to ordinary data blocks and directory data blocks there exist symbolic link data blocks. These contain the path name for the link.
46
Disk Check Commands
5.2.5 Phases of fsck fsck sets up tables for storing inodes and comparisons, verifies validity of fsck options, then runs through the 6 phases. After initializing its tables fsck runs through:
Phase 1: Check Blocks and Sizes Phase 2: Check Path-Names Phase 3: Check Connectivity Phase 4: Check Reference Counts Phase 5: Check Cylinder Groups Phase 6: Salvage Cylinder Groups - checks inodes for inconsistencies - checks directory <-> inode consistencies - checks that all directories are connected to the file system - compares link count information from Phases 2 & 3, correcting discrepancies - checks free blocks and the used inode maps for consistency - update the tables to reflect any changes made in earlier passes
5.2.6 Fsck corrective action fsck will prompt for corrective action whenever an inconsistency is found. If the file system is modified you will need to reboot WITHOUT syncing the disk. You do NOT want to write the in-core copies of the system tables to the disk, as that will undo the corrective action taken by fsck.
5.3 Disk Check Commands

5.3.1 ncheck command ncheck will generate names from inode numbers. ncheck can be used to find the pathnames of any files reported as problems by fsck. Provide the list of inodes following the -i option, with a space separated (SunOS 4.X), or comma separated (no whitespace, SunOS 5.X) list, e.g. for SunOS 4.X:
# ncheck -i 8689 29478 12903 /dev/rsd0h /dev/rsd0h: 8689 /frank/sunos/disk_info 29478 /frank/uts/www 12903 /frank/cosug/membership
5.3.2 Disk geometry commands As we saw earlier in this course dkinfo and prtvtoc are the commands to report the disk geometry and partitions for SunOS 4.1.X and 5.X, respectively. For Ultrix the command dkio has a similar function. 5.3.3 Disk space commands df reports the free disk space or inodes on file systems, e.g. to report the disk space:
# df /dev/sd0h Filesystem /dev/sd0h kbytes used avail capacity Mounted on 303338 263320 9684 96% /home
and to report the inodes, e.g.:
47
File System Management # df -i /dev/sd0h Filesystem iused ifree %iused Mounted on /dev/sd0h 11922 33134 26% /home
du reports the number of disk blocks used by directory or file, e.g.:

# du src (-s sum of disk blocks) 40 src/ntp/hp 418 src/ntp 66 src/traceroute/bin 66 src/traceroute/vj_traceroute 411 src/traceroute 830 src
In SunOS 5.X the commands df and du report in different formats. du uses 512-byte blocks by default, though the -k option will report in kilo-bytes. The -k option to df will report disk information in a format similar to that of SunOS 4.X, and the -l option specifies only local disks, e.g.:
# df -lk Filesystem /dev/dsk/c0t3d0s0 /dev/dsk/c0t3d0s6 /proc fd swap /dev/dsk/c0t3d0s7 /dev/dsk/c0t3d0s5 kbytes 17295 134823 0 0 22716 41807 163311 used 12156 109088 0 0 8 15381 75036 avail 3419 12255 0 0 22708 22246 71945 capacity 78% 90% 0% 0% 0% 41% 51% Mounted on / /usr /proc /dev/fd /tmp /home /opt
5.4 Swapping and Paging

SunOS uses virtual memory, so that disk area (swap space) is used as an extension of physical memory for temporary storage when the operating system tries to keep track of processes requiring more physical memory than what is available. When this happens the swap space is used for swapping and paging. Paging is when individual memory segments, or pages, are moved to or from the swap area. When memory is low portions of a process (data areas, but not instructions which are available from local or remote file systems) are moved to free up memory space. Segments are chosen to be moved if they havent been referenced recently. When the process next tries to reference this segment a page fault occurs and the process is suspended until the segment is returned to memory. A page fault is normally returned the first time a program is started, as it wont be in memory. Its then paged from the local or remote file system. Swapping happens under a heavier work load. With swapping the kernel moves all segments belonging to a process to the swap area. The process is chosen if its not expected to be run for a while. Before the process can run again it must be copied back into physical memory.
48
Adding swap space
5.5 Adding swap space

You can add additional swap space as partitions or as files. Adding them as partitions minimizes overhead as you access the raw partition. To do this under SunOS 4.1.X you would add an entry to /etc/fstab similar to the following.
/dev/sd1b swap swap rw 0 0
You can make a file suitable for use as swap with the mkle command found in /usr/etc (SunOS 4.1.X) or /usr/sbin (SunOS 5.X), e.g.:
# mkfile 20m /export/swap/swapfile
Under SunOS 4.1.X you add this to the swap area with the swapon command, i.e.:
# /usr/etc/swapon /export/swap/swapfile
To automatically add this swap space when booting add the above entry to /etc/rc.local. For SunOS 5.X you would use the swap command with the -a (add) option to add the swapfile, i.e.:
# /usr/sbin/swap -a /export/swap/swapfile
You can make an entry in /etc/vfstab to have this automatically added to the swap space after a reboot.
/usr/swapfile swap no -
To display the available swap space under SunOS 5.X do the following:
# swap -l swapfile swapfs /dev/dsk/c0t3d0s1 /usr/swapfile dev 32,25 swaplo 0 8 8 blocks 123776 66232 30712 free 118600 50184 14360
To display the total swap space use swap -s in SunOS 5.X or pstat -s in SunOS 4.X, e.g.:
# swap -s total: 18780k bytes allocated + 6444k reserved = 25224 used, 30084 available
SunOS 5.X allows you to delete swap space at any time. To do this use:
# swap -d /export/swap/swapfile
When the swap file is no longer in use it will be deleted from the available swap space and will no longer be accessible for swapping. Swapping to a partition is a little more efficient than swapping to a file, though with the latest OS versions the difference is small. Swap files are convenient to set up, especially if you are only going to use them for a short time period. You can then delete them when the need has expired.
49
5.6 Setting up a Cache File System

The cache file system, cachefs, is available on Suns starting with Solaris 2.3. It is intended to reduce access time to NFS or slow media (e.g. CDROM) file systems by storing the files on local disk when theyre accessed the first time. Subsequent calls for that file will access the cache on the local disk. The original file system is the back file system and its files are the back files. The file system used by cachefs is the front file system and its files are the front files. You set up a cachefs using all or part of an existing file system, or a new partition. This front file system must be a UFS file system. It has to be writable, as a read-only file system would not allow caching. Also, quotas should not be set on this file system as they interfere with the control mechanisms of cachefs. You create the cache with the cfsadmin command, specifying the local cache directory and the resource parameters to use for the cache. You then mount the file system you want cached using the -F cachefs option. By default cfsadmin uses the following resource parameters:
Cache Parameter maxblocks minblocks threshblocks maxfiles minfiles threshfiles Default Value 90% 0% 85% 90% 0% 85%
where maxblocks sets the maximum number of blocks (in percentage) allowed for cachefs, and maxles sets the maximum number of inodes (in percentage) that can be used by cachefs in the front file system. These percentages refer to total available on the front file system, before reduction due to reserving free space for root-only write access. If the front file system is used for purposes in addition to cachefs you may not be able to achieve these maximum values, as there may be fewer resources available. The minblocks and minles parameters set minimum values for blocks and files, respectively, and when these minimum values have been reached on the front file system then threshblocks and threshles will be checked. Cachefs can only claim more than the minimum when the percentage of available resources remaining is greater than the threshold values. If the minimum, maximum, and threshold values are identical, cachefs is allowed to grow to the maximum, so long as the resources are available in the front file system.
So to set up a cachefs file system:

1.
Use cfsadmin to create the cache directory and set the cache file system parameters. The cache directory should not exist prior to executing this command. Create the cache directory and set starting parameters with:
# cfsadmin -c -o maxblocks=80,minblocks=30,threshblocks=60 /local/cache
2.
Modify cache parameters with cfsadmin. You can only increase the cache size. To decrease it you need to remove and recreate the cache. To modify parameters, e.g.:
# cfsadmin -u -o parameter1=value1,parameter2=value2 /local/cache
50
Setting up a Cache File System

3.
Mount the UFS back file system from the command line, e.g.:
# mount -F cachefs -o backfstype=nfs,cachedir=/local/cache server:/export/home /home
4.
Mount a CDROM back file system, from the command line. If the file system is already mounted, as is will be if youre running the volume manager daemon, you need to specify the backpath options, e.g.:
mount -F cachefs -o backfstype=hsfs,cachedir=/local/cache,ro,backpath=/cdrom/cd_name \ /cdrom/cd_name /mount/point
5.
To mount a file system from /etc/vfstab use entries similar to:

#device #to mount server:/export/home device to fsck /local/cache mount point /home FS type cachefs fsck pass 2 mount at boot yes mount options rw,backfstype=nfs
6.
Display cachefs information, including caching parameters and back file systems, after specifying the cache directory, e.g.:
# cfsadmin -l /local/cache cfsadmin: list cache FS information maxblocks 90% minblocks 0% threshblocks 85% maxfiles 90% minfiles 0% threshfiles 85% maxfilesize 3MB server:_export_home _cdrom_cd_name
7.
Delete a cached file system with cfsadmin, specifying the cache_id (or all) and the cache directory. First unmount the directory (umount), second delete the cachefs entry (cfsadmin -d), third update the resource counts for the cache (fsck), e.g.:
# umount /home # cfsadmin -d server:_export_home /local/cache # fsck -F cachefs /local/cache
The fsck command above will automatically correct consistency problems without user intervention. This is run automatically for you at boot time or when you mount the file system. To delete all file systems in a cache directory, and the directory itself, use:
# cfsadmin -d all /local/cache /home auto_home -fstype=cachefs, cache=/local/cache
The cachefsstat command will report the statistics for the Cache File System. It will display information about the hit rate, consistency checks, and number of modifications to files in the cache.
51
5.7 XFS (IRIX)

IRIX 6.2 includes the 64-bit journalled file system, XFS, as the default file system. It was included in IRIX 5.3 as an option, but EFS was the default file system for that release. It comes with a volume manager, xlv, and supports disk striping, concatenation of disk partitions, and mirroring. It supports CacheFS, AutoFS, and NFS version 3. With 64-bit addresses it will support files and file system of up to 1 TB, under IRIX 5.3 and 9 million TB under IRIX 6.2 for systems supporting 64-bit kernels. XFS does not support disk quotas. XFS is a journalled le system. It logs changes to the inodes, directories and bitmaps to the disk before the original entries are updated. Should the system crash before the updates are done they can be recreated using the log and updated as intended. XFS uses a space manager to allocate disk space for the file system and control the inodes. It uses a namespace manager to control allocation of directory files. These managers use B-tree indexing to store file location information, significantly decreasing the access time needed to retrieve file information. Inodes are created as needed and are not restricted to a particular area on a disk partition. XFS tries to position the inodes close to the files and directories they reference. Very small files, such as symbolic links and some directories, are stored as part of the inode, to increase performance and save space. Large directories use B-tree indexing within the directory file to speed up directory searches, additions and deletions.
5.8 File System Quotas

File System quotas are used to control disk space. This allows you to prevent users from monopolizing the disk space. For SunOS 4.1.X to run quotas you need first to provide the support in the kernel. This is done with the line: options QUOTA in the configuration file. Quotas are only supported on locally mounted disks; quotas will work on NFS mounted file systems, but soft-limit warnings may not always be given. The file should be mounted with the quota option, e.g. in /etc/fstab there might be a line similar to:
/dev/sd0h /home 4.2 rw,quota 12
A file named quotas must be set up at the root directory of each file system for which you wish to have quotas. This is a binary file that can be edited with edquota. It should be owned by root with no access for other users, e.g.:
# touch /home/quotas # chmod 600 /home/quotas
The script /etc/rc checks for quota consistency under SunOS 4.1.X with the command quotacheck, which examines the disk usage on each file system against the disk quota file. This should be run on quiescent file systems (preferably unmounted). /etc/rc then turns the quotas on for each file system with quotaon. This must be run on mounted file systems.
52
Miscellaneous useful commands
Quotas can be set for each user independently, and can be by either blocks or inodes. The former limits the amount of disk space available for the user, while the latter limits the number of files that the user can have. To set/change a users limits use the edquota program. e.g. "edquota username". This creates an ASCII file of the current disk quotas for that user and then invokes an editor. After modifying the quotas you leave the editor and edquota takes this temporary file and merges it with the binary quota file. The ASCII version of the quotas file might look something like:
fs /home blocks (soft = 4000, hard = 5000) inodes (soft = 0, hard = 0)
where a "0" means there is no limit. To check disk usage on a file system you can use the quot command, e.g.:
# quot /dev/rsd0h /dev/rsd0h: 97558 chohan 48915 root 41465 anup 31227 frank 14454 bobd 10301 jeffs 9051 kalal
5.9 Miscellaneous useful commands

5.9.1 find command nd is used to search for files, matching a naming pattern, file type, permissions, date of last use, etc. It will search recursively through the directory tree. nd can also execute commands based on the results, e.g.:
% find ~ -name src -print /home/tardis/frank/src
Roots crontab file sometimes has an entry similar to the following:

30 3 * * * find / -name core -exec rm -f {} \; -o -fstype nfs -prune
This instructs the cron program to execute the find command at 3:30 am everyday. The find command searches every directory, except those on file systems of type "nfs", for files named "core" and removes them. 5.9.2 Removing files To remove a file you will normally use the remove command, rm, which removes (unlinks) files. Occasionally you may find that rm wont remove a file or directory. This most often happens when a hard link is made to a directory. If you cant find the link you can still remove the directory with the unlink command. You should then unmount the file system, fsck it, and remount it. fsck will update the link count changed by unlink.
53
5.10 Log files

5.10.1 Daily System Logs The system accounting programs keep log files of many system activities, including: logins, connect time, user processes, mail activity, error messages, etc. These system log files can grow quite large and need to be truncated occasionally. /etc/syslog.conf controls where the messages are sent, usually to files such as: /var/log/syslog, /var/adm/messages, or /var/adm/SYSLOG for system startup and system error messages, and /var/spool/mqueue/syslog for mail logs. (The Ultrix error report formatter, uerf, puts data in /usr/adm/syserr/syserr.hostname). Daily and monthly process accounting information is kept in /var/adm and /var/adm/acct/[nite,scal,sum]. Crash files, placed there by savecore, are usually put in either /var/crash/hostname or /var/adm/crash/hostname. 5.10.2 Process Accounting Process accounting information is contained in the file /var/adm/pacct. Support for system accounting must be built into the kernel for SunOS 4.1.X with "options SYSACCT" and "pseudodevice sysacct" lines in the configuration file. Its turned on with the accton command in /etc/rc. A summary of accounting information is kept in the file /var/adm/savacct. The program, /usr/ucb/lastcomm, is used to show all commands run since accounting was started (/var/adm/pacct was created). Statistics on each process, e.g. number of times called, CPU minutes, total elapsed time, etc., is given by the /usr/etc/sa command. It gets this information from /var/adm/pacct and puts it into /var/adm/savacct. A record of all logins and logouts is kept in /var/adm/wtmp. The record of current users is kept in /etc/utmp. To list all user logins since /var/adm/wtmp was created use the /usr/ucb/last command, e.g.:
% last amit chohan amit chohan ttyp0 ttyp7 ttyp7 ttyp8 ivy galifrey.acs.oh slippry1.acs.oh charm.acs.ohioTue May 15 16:54 - 16:55 Tue May 15 13:04 - 17:05 Tue May 15 12:49 - 12:51 Tue May 15 12:19 - 12:21 (00:01) (04:00) (00:01) (00:01)
To show the connect time of all users since /var/adm/wtmp was created use /usr/etc/ac or /usr/lib/acct/acctcon. The file /var/adm/lastlog keeps the last login record for each user. The general system message and error log file is /var/adm/messages and /var/log/syslog, as specified in /etc/syslog.conf. The script, /usr/lib/newsyslog, is run periodically by cron to clean up /var/adm/messages and /var/log/syslog. You should modify this script, or write your own, to properly update all your log files.
54
CHAPTER 6
Startup and Shutdown
6.1 Booting
During the boot process the operating system is loaded into memory and executed. After doing diagnostic checks the system reads in the boot program from the disk, or other boot device. The boot program locates the kernel and loads it into memory. When the kernel is executed it does initial checks on system hardware resources and attempts to initialize the devices. The kernel then starts up a few processes, including init, which executes the initialization scripts for the system. 6.1.1 EEPROM on CPU board When you boot the EEPROM and the operating system it takes you through the following steps.
1. 2. 3. 4. 5. 6. 7. 8.
Self-test diagnostics, memory Display identification- model, hostid, ethernet address Probe bus for the boot device - SCSI, Network, etc. PROM reads in the boot block bootblk reads in the boot program Boot program reads in the kernel Kernel initializes the systems and starts the init process init reads /etc/inittab (SunOS 5.X) and executes the RC scripts
When booting from disk the PROM finds the system boot block at sectors 1-15 of the boot partition. The bootblock program, bootblk, reads in the boot program, /boot (SunOS 4.X). For SunOS 5.X bootblk, the generic part of the boot program, reads in the file-specific part of the boot program: /ufsboot for diskfull boots, or /inetboot for diskless boots; these use the device driver on the PROM or on the SBus F-code PROM, so the boot block no longer contains the actual location of the disk block where the boot program resides. Under SunOS 5.X bootblk can read the ufs file system to locate the boot program, /ufsboot. The boot program then locates the kernel and passes control to it.
55
6.1.2 Operating System

6.1.2.1 Kernel
The kernel is loaded, /vmunix (SunOS 4.X) or /kernel/unix (SunOS 5.0-5.4) or /unix (SGI), and control passes to the operating system. Solaris 2.5 and above (SunOS 5.5+) has both a generic, platform-independent part (/kernel/genunix) and a core, or platform-specific part (/platform/uname -m/kernel/unix) of the kernel. These are combined to form the running kernel. When the kernel starts it outputs information about its size and history, probes the bus to confirm the devices, those that it cant contact are ignored, it identifies the root, swap, and dump devices, starts up programs to manage physical memory and flush the kernel memory buffers, and then it invokes /sbin/init.
6.1.2.2 sched
SunOS 5.X uses the real-time scheduler, sched, which is started as process 0. This can be used to set priority for real-time processes so that they can be given "immediate" access to the kernel. The latency time on a SparcStation 2 is less than 1 millisecond on a lightly used machine and a maximum of 2 milliseconds with an arbitrary number of processes running.
6.1.2.3 swapper
SunOS 4.X uses the swapper daemon, process 0, to manage virtual memory. It moves processes from physical memory to swap space when more physical memory is needed. SunOS 5.X uses the swap file system, swapfs, to manage virtual memory.
6.1.2.4 update and fsflush
When a program makes a change to the file system it first writes to the in-core buffer in the kernel. The disk write normally occurs later, and is handled asynchronously. The user process continues without waiting for this to happen. The kernel initializes the program, update (SunOS 4.X, started by /etc/rc) or fsflush (SunOS 5.X, process 3), that periodically (the default is every 30 seconds) flushes the in-core memory buffers to the disk by calling the sync command. This helps to minimize damage in the event of a crash.
6.1.2.5 pagedaemon and pageout
When a page of virtual memory is accessed the kernel page table is checked to determine if the page is currently in physical memory. If it is not, a page fault is registered and the daemon, pagedaemon (SunOS 4.X), or pageout (SunOS 5.X), both as process id 2, is used to bring the page into memory from the disk. If necessary, the page daemon moves a page of physical memory to the swap device to make room for the new page in physical memory, and updates the page table.
6.1.2.6 Init
/sbin/init starts and forks into the background to run forever (process 1; it must always be running). init then invokes the run control (RC) scripts (in /etc for SunOS 4.X, /sbin for SunOS 5.X) to perform system checks and start the daemon processes. init runs the scripts /etc/rc.boot and /etc/rc.ip (SunOS 4.1.X) or /sbin/rcS (SunOS 5.X) which runs fsck. It then continues on with the boot sequence to run /etc/rc, /etc/rc.single, and /etc/rc.local (SunOS 4.X) or /sbin/rc2 and /sbin/rc3 (SunOS 5.X). The System V version of init reads /etc/inittab to determine the actions to take at various run levels.
Run Levels (SunOS 5.X, IRIX 5.X)
IRIX 5.X has its RC scripts in /etc and runs bcheckrc, brc, rc2, and rc3, as determined by inittab, as the appropriate run levels are reached. It uses the files in /etc/config to determine which daemons to start and the options to use for system services. Digital UNIX has its RC scripts in /sbin and runs bcheckrc, rc2, and rc3, via /etc/inittab, as it moves through the various run-levels. The RC scripts source the resource definitions file, /etc/rc.cong to determine the values for certain system parameters and whether or not to start particular services.
6.2 Run Levels (SunOS 5.X, IRIX 5.X)

Solaris 2 and IRIX 5.X have eight run levels, 0-6,s or S. The following table identifies the modes for these run levels.
TABLE 6.1
System Run Levels Function PROM monitor level (power-down) Single-user mode Multi-user mode, NO resources shared Multi-user mode, resources shared Alternative multi-user mode (not currently used) Halt and software Poweroff the system Halt and reboot to default state init 5, shutdown -i5 init 6, shutdown -i6, reboot Command init 0, shutdown -i0, halt init 1, shutdown -i1 init 2, shutdown -i2 init 3, shutdown -i3
Run Level 0 1,S,s 2 3 4 5 6
You can determine the current run state with the command
# who -r . run-level 3 Feb 22 08:54 3 0 S
Additionally, init responds to the q or Q run levels, which cause init to reread /etc/inittab. Digital UNIX has run levels 0,2,3,q,s.
6.3 /etc/inittab (SunOS 5.X, IRIX 5.X, Digital UNIX)

Init reads /etc/inittab for the initdefault entry, which should be set to run level 3. Init then executes the scripts for entries with sysinit in the action field, and then for any entries with 3 in the action field. For the former it will execute /sbin/autopush and /sbin/rcS. For the latter it will execute /sbin/rc2, /sbin/rc3, /usr/lib/saf/sac, and /usr/lib/saf/ttymon. The RC scripts will execute the scripts in the directories /etc/rc2.d and /etc/rc3.d, respectively. There should be at least one entry in inittab for each run level. The scripts in the /etc/rc#.d directories begin with either the letter K or S. When these scripts are executed by the /sbin/rc# script first the K
57
(kill) files are run, then the S (start) files, to kill and start the various daemons needed for that run level. These scripts have names of the form:
[K,S][0-9][0-9]filename[0-99]
and are executed in ASCII sort order. To start the daemons the RC scripts check for the existence of the /etc/rc#.d directory, then for any files beginning with "S" in that subdirectory, and then they execute those scripts with the "start" option. The appropriate lines in the RC file, e.g. those in /sbin/rc2, to start the scripts beginning with "S", are:
if [ -d /etc/rc2.d ] then for f in /etc/rc2.d/S* { if [ -s ${f} ] then case ${f} in *.sh) *) esac fi } fi
. ${f} ;; /sbin/sh ${f} start ;;
# source it # sub shell
Then in /etc/rc2.d you would have scripts such as the K20lp script and the S80lp script to stop and start, respectively, the lineprinter scheduler. These scripts are actually identical and are run with either the stop or start options to cause the desired effect. Some of the scripts are symbolic links to files in the /etc/init.d directory. The K and S files for a service dont have to be in the same RC directory. You might stop a service when entering run level 2, and start it when entering run level 3. A typical script might look something like (substitute your daemon name for sample_daemon):
#!/bin/sh # start up sample_daemon, installed by FGF, 04/12/96 # case "$1" in 'start') if [ -x /opt/local/sbin/sample_daemon ]; then /opt/local/sbin/sample_daemon && echo "Starting sample_daemon ... " fi ;; 'stop') pid=`/usr/bin/ps -e | /usr/bin/grep sample_daemon | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` if [ "${pid}" != "" ]; then echo "Stopping sample_daemon " /usr/bin/kill ${pid} fi ;;
58
/etc/inittab (SunOS 5.X, IRIX 5.X, Digital UNIX) *) echo "Usage: /etc/init.d/sample_daemon { start | stop }" ;; esac exit 0
To modify the run states you can write your own startup scripts, install scripts in /etc/init.d and make symbolic links to them in the /etc/rc#.d directory (with the proper K,S names), or add entries to /etc/inittab. Your /etc/inittab file has entries of the form:
id:run-state:action:process
where:
id run-state
action
respawn wait once boot bootwait powerfail powerwait off ondemand initdefault sysinit
1 or 2 characters to identify the entry the run level(s) for which this entry will be applicable. (If no run level is specified then all levels, 0 through 6, are assumed.) how the process will be treated by init. Valid keywords are:
start the process if it doesnt exist, restart it if it dies start the process and wait for it to terminate start the process when entering the run level, but dont wait for it to complete and dont restart it if it dies process the entry only on boot up process the first time init moves from single- to multi-user state after a boot and wait for it to complete execute when init receives a power-fail signal, SIGPWR execute when a power-fail signal is received and wait for it to complete send a SIGTERM to the process followed 5 seconds later by a SIGKILL to forcibly terminate it same as respawn process when init is initially invoked - sets the default run-level to enter process this entry before accessing the console and wait for it to complete
process
the command or script to be executed; any legal "sh" syntax is valid
The init process first searches /etc/inittab for initdefault entries to determine the run-level. Next, sysinit entries are executed. Following this all process whose run-state matches the initdefault value are executed. Entries are processed starting from the top of the table and working down.
59
A typical inittab might look similar to:

ap::sysinit:/sbin/autopush -f /etc/iu.ap fs::sysinit:/sbin/rcS >/dev/console 2>&1 </dev/console is:3:initdefault: p3:s1234:powerfail:/sbin/shutdown -y -i0 -g0 >/dev/console 2>&1 s0:0:wait:/sbin/rc0 off >/dev/console 2>&1 </dev/console s1:1:wait:/sbin/shutdown -y -iS -g0 >/dev/console 2>&1 </dev/console s2:23:wait:/sbin/rc2 >/dev/console 2>&1 </dev/console s3:3:wait:/sbin/rc3 >/dev/console 2>&1 </dev/console s5:5:wait:/sbin/rc5 ask >/dev/console 2>&1 </dev/console s6:6:wait:/sbin/rc6 reboot >/dev/console 2>&1 </dev/console of:0:wait:/sbin/uadmin 2 0 >/dev/console 2>&1 </dev/console fw:5:wait:/sbin/uadmin 2 2 >/dev/console 2>&1 </dev/console RB:6:wait:/sbin/sh -c echo \nThe system is being restarted. >/dev/console 2>&1 rb:6:wait:/sbin/uadmin 2 1 >/dev/console 2>&1 </dev/console sc:234:respawn:/usr/lib/saf/sac -t 300 co:234:respawn:/usr/lib/saf/ttymon -g -h -p uname -n console login: -T sun -d /dev/console -l console -m ldterm,ttcompat
To cause init to reread inittab specify q or Q to the init (or telinit) command, e.g.
# init q -ortelinit q
This is similar to doing a kill -HUP 1 under SunOS 4.X.
60
/etc/inittab (SunOS 5.X, IRIX 5.X, Digital UNIX)

6.3.0.1 RC scripts
SunOS 4.1.X uses the RC scripts rc.boot, rc.ip, rc, rc.single, and rc.local, all in /etc. The major functions performed by these scripts are listed in the next table.
TABLE 6.2
SunOS 4.1.X RC Scripts Functions bring up the network, matching hostnames with the interfaces rc.ip set the default route (required for a diskless client to mount /usr) mount /usr (read only) fsck local file systems
RC Script rc.boot
rc.ip rc
bring up the network rc.single mount local file systems check quotas rc.local add additional swap start lpd
rc.single
remount / and /usr read/write fix up mtab clean up /etc/ld.so.cache and /etc/utmp use tzsetup to set the timezone in the kernel load the keyboard translation table for the current keyboard
61
TABLE 6.2
SunOS 4.1.X RC Scripts Functions start the portmapper check for .UNCONFIGURED, if there reconfigure the system run tzsetup to set the timezone set the domainname if running NIS if an NIS server run ypserv if the NIS master run ypxfrd if an NIS client run ypbind run the RPC keyserver, keyserv set the netmask and broadcast for the network interfaces set the default route again diskless clients synchronize time-of-day with their server if there's no default route run the route daemon if specified mount /tmp on swap mount NFS files if a name server run the named daemon start the block I/O daemon, biod if an NFS server start the nfsd daemons clean up /etc/motd start the system log daemon, syslogd if specified check for a crash dump and save it initialize any specialized hardware start any local daemons, e.g. sendmail if specified, export NFS file systems if a diskless boot server run rpc.bootparamd start the file status monitor and locking daemons any other locally supplied calls
RC Script rc.local
SunOS 5.X uses the RC scripts rcS, rc0, rc1, rc2, rc3, rc5, and rc6 in /sbin. These start or stop services defined in the scripts contained in the /etc/rc#.d directories. The S scripts are run during startup, lower through higher run-level. The K scripts are run during shutdown, higher through lower run-level. These RC scripts provide the functions listed in the next table.
62
/etc/inittab (SunOS 5.X, IRIX 5.X, Digital UNIX)
TABLE 6.3
SunOS 5.X RC Scripts RC Script /sbin/rcS Functions run the scripts in /etc/rcS.d configure the network, match hostnames to interfaces set the default route mount /usr (read only)
/etc/rcS.d/S30rootusr.sh
/etc/rcS.d/S33keymap.sh /etc/rcS.d/S35cacheos.sh /etc/rcS.d/S40standardmounts.sh /etc/rcS.d/S50/S50drvconfig /etc/rcS.d/S60devlinks /etc/rcS.d/S70buildmnttab.sh /sbin/rc0
loads the keyboard mappings configures the devices when running cachefs add physical swap space check and remount / and /usr read/write configure the /devices directory configure the /dev directory mount file systems for single user mode run the scripts in /etc/rc0.d, kill all processes, sync the file systems, unmount all partitions, bring the system down
/etc/rc0.d/K10dtlogin /etc/rc0.d/K20lp /etc/rc0.d/K42audit /etc/rc0.d/K47asppp /etc/rc0.d/K50utmpd /etc/rc0.d/K55syslog /etc/rc0.d/K57sendmail /etc/rc0.d/K66nfs.server /etc/rc0.d/K68rpc /etc/rc0.d/K69autofs /etc/rc0.d/K70cron /etc/rc0.d/K75nfs.client /etc/rc0.d/K76ncsd /etc/rc0.d/K85rpc /sbin/rc1 /etc/rc1.d/K10dtlogin /etc/rc1.d/K42audit /etc/rc1.d/K47asppp /etc/rc1.d/K50utmpd
initiate the CDE tasks stop the line printer daemon stop the audit daemon stop the PPP daemon stop the utmp daemon shutdown the system log daemon stop the sendmail daemon kill the nfs, mount, bootparam and rarp daemons kill rpc daemons stop the automount daemon shutdown cron kill lockd, statd, and the automounter kill ncsd daemons kill rpc daemons run the scripts in /etc/rc1.d, kill all processes, unmount all partitions, leave the system in single-user mode initiate the CDE tasks stop the audit daemon stop the PPP daemon stop the utmp daemon
63
TABLE 6.3
SunOS 5.X RC Scripts RC Script Functions stop syslog stop sendmail shutdown NFS services shutdown RPC services stop the automount daemon shutdown cron kill ncsd daemons unmount all NFS file systems mount all local file systems set the timezone run the scripts in /etc/rc2.d shutdown the line printer shutdown NFS services mount all local file systems clean up /tmp and /var/tmp print the system configuration if specified save the core image enable system performance accounting if /.UNCONFIGURED exists reconfigure the system start the PPP daemon configure the default route set the domainname clean up uucp locks start rpc start NIS(+) daemons if /.UNCONFIGURED exists reconfigure the system start up NIS (up) services if /AUTOINSTALL exists re-install the OS set the default interface for multicasting start inetd if a name server start named
/etc/rc1.d/K55syslog /etc/rc1.d/K57sendmail /etc/rc1.d/K65nfs.server /etc/rc1.d/K67rpc /etc/rc1.d/K68autofs /etc/rc1.d/K70cron /etc/rc1.d/K76ncsd /etc/rc1.d/K80nfs.client /etc/rc1.d/S01MOUNTFSYS /sbin/rc2 /etc/rc2.d/K20lp /etc/rc2.d/K60nfs.server /etc/rc2.d/S01MOUNTFSYS /etc/rc2.d/S05RMTMPFILES /etc/rc2.d/S20sysetup /etc/rc2.d/S21perf /etc/rc2.d/S30sysid.net /etc/rc2.d/S47asppp /etc/rc2.d/S69inet /etc/rc2.d/S70uucp /etc/rc2.d/S71rpc /etc/rc2.d/S71sysid.sys /etc/rc2.d/S71yp /etc/rc2.d/S72autoinstall /etc/rc2.d/S72inetsvc
/etc/rc2.d/S73nfs.client /etc/rc2.d/S74autofs /etc/rc2.d/S74syslog
start lockd and statd mount NFS file systems start the automount daemon start the system log daemon
64
Sun PROM
TABLE 6.3
SunOS 5.X RC Scripts RC Script Functions start cron start up the name service cache daemon save edit files in /usr/preserve start the line printer scheduler start up utmpd to clean up utmp entries start sendmail set SunVideo device permissions start the volume management daemon final cachefs settings start the audit daemon automatically start the CDE login window on the console run the scripts in /etc/rc3.d start the processes required for remote file sharing start your daemon run /sbin/rc0, kill off all process, unmount all filesystems run /sbin/rc0, kill off all process, unmount all filesystems
/etc/rc2.d/S75cron /etc/rc2.d/S76nscd /etc/rc2.d/S80PRESERVE /etc/rc2.d/S80lp /etc/rc2.d/S88utmpd /etc/rc2.d/S88sendmail /etc/rc2.d/S92rtvc-config /etc/rc2.d/S92volmgt /etc/rc2.d/S93cacheos.finist /etc/rc2.d/S99audit /etc/rc2.d/S99dtlogin /sbin/rc3 /etc/rc3.d/S15nfs.server /etc/rc3.d/S20sample_daemon /sbin/rc5 /sbin/rc6
6.3.0.2 Fsck runs
fsck checks file systems for internal consistency.

6.3.0.3 The daemon processes start
The RC scripts start the network daemons and mount remote file systems.
6.3.0.4 Init starts multi-user mode
At the conclusion of the RC scripts init starts multi-user mode and initiates ports and allows other users to login.
6.4 Sun PROM

6.4.1 Bootstrap Procedures For Sun Microsystems hardware you can interact with the PROM monitor at any time by holding down the STOP key (the L1 key on older keyboards) and pressing the "a" key. If youre using a terminal keyboard you can use the "break" key. The PROM monitor boot commands come in two forms: "old" style, with a ">" prompt; and "new" style with a "ok" prompt. The "new" style came in about the time the SPARC chip was first
65
introduced, and the newer PROMs have both. On the latter you can get to the "new" style from the "old" by typing "n <return>". The general form to specify the boot device is:
>b device(controller#,unit#,file#)pathname args
or
ok boot device(controller#,unit#,file#)pathname args
where the controller# is the host bus adapter # (always 0 if you only have one SCSI bus), the unit# is the tape drive or disk drive #, and le# is the partition on the drive or file on the tape. The pathname is the path to the kernel, and possible arguments include:
s a r boot to single user mode only ask for configuration information, i.e. root and swap devices and system file reconfigure the system based on currently connected hardware devices (Solaris 2.X only)
At the ">" prompt the boot command is "b", while at the "ok" prompt it is "boot". The default boot device can be configured in the EEPROM to allow:
>b -or-orok boot ok boot -s
Single user:
>b -s
Boot from network:

>b le()
Boot a specific kernel from disk, e.g. for the kernel, vmunix:
>b sd(0,0,0)vmunix
6.4.2 Sun Boot PROM search sequence The legal boot devices known by the EEPROM can be determined by
>b ?
This also gives the order the devices are polled; these devices may or may not be present. On newer systems you can determine the SCSI devices on the system bus with:
ok probe-scsi
and on all SCSI busses with:

ok probe-scsi-all
Newer machines use the OpenBoot PROM with device names that specify the hardware controlling the device, as shown in Chapter 3, but also accept shorthand notation to specify the disk devices. In the latter "disk" represents the disk device on the main SCSI bus with SCSI target ID of 3, "disk1" has target ID 1, "disk2" has target ID 2, "disk3" has target ID 0, and "cdrom" has target ID 6. PROM environmental variables can be read with the printenv command and set with setenv command when at the "ok" prompt. To stop the machine and perform a manual boot type "STOP-A" then specify the device, e.g.:
>b st() -orok boot cdrom -orok boot disk
When the boot operations are completed the kernel is loaded and control passes to it.
SGI Indy PROM
6.5 SGI Indy PROM

When you turn on the power to your Indy workstation the System Startup Notifier is displayed and youre given the option to "Stop for Maintenance". Click on the icon or press <Esc> to display the System Maintenance Menu. Click on "Enter Command Mode" or type 5 at the menu. Youre then presented with the ">> " prompt. From this menu you can specify a boot device, list the PROM environment variables with printenv or set them with setenv, etc. To specify a boot device and disk partition or kernel, other than the defaults, use the form:
>> boot dksc(controller#,unit#,file#)pathname
where the controller# is the host bus adapter # (always 0 if you only have one SCSI bus), the unit# is the disk drive #, and le# is the partition on the drive, and pathname is the path to the kernel.
6.6 Diskless Workstations

Diskless workstations need help in booting. To do this they first need to: Determine who they are Locate their boot server Locate their kernel Mount file systems from the server
67
FIGURE 6.1
Client-Server Boot Exchange
rarp request to get IP server
C L
pass IP back use tftp to get boot program
S E
send boot program
I E
send whoami send hostname getfile request for parameters
R V E R
N T
pass info in /etc/bootparams boot program NFS mounts /vmunix client boots & NFS mounts file systems
1.
2.
3. 4. 5. 6. 7.
8.
9.
10.
Boot PROM sends reverse address request packet (rarp) onto the network with its Ethernet address to find out who knows its Internet (IP) address (/etc/ethers: ethernet<=>hostname). Server running reverse address resolution protocol daemon (/usr/etc/rarpd) answers with the IP address of the client (/etc/hosts: IP<=>hostname). Client PROM uses trivial file transfer program (tftp) to load the boot program. Server sends the boot program to the client. Boot program issues whoami request to get the clients hostname. Server looks up hostname from IP address and responds to the client (/etc/hosts). Boot program issues a getle request to determine boot parameters (/etc/bootparams: client root and swap locations). Server running the boot parameter daemon (/usr/etc/rpc.bootparamd) responds with /etc/bootparams information. Boot program NFS mounts the root file system, loads the kernel (/vmunix, for SunOS 4.X), and transfers control to the kernel. The client proceeds to boot normally and NFS mounts other file systems.
68
Shutdown
6.7 Shutdown
Shutdown can be initiated at the PROM or by one of the shutdown programs of the operating system. 6.7.1 PROM
Stop-A -orL1-A -or<Break>
This takes you to the PROM level, but does NOT warn users about the shutdown. Once at this level you can execute one of the following PROM commands. >c - continue after system abort. >g0 (Sun3) - force system crash and sync the disks. >sync (Sun4) - force system crash and sync the disks. ok sync (Sun4c/4m/4u) - force system crash and sync the disks. In addition to flushing the system memory buffers to disk, the PROM commands that sync the system also dump the in-core kernel and memory pages to the high end of swap on the disk. This can be useful if you want to debug the reason for a system crash. After rebooting you can use the savecore program to copy those areas of swap to the file system. Keep in mind, though, that these files can be quite large, especially if you have large amounts of physical memory. Generally, it takes a specialist in kernel architecture with access to the source code to accurately analyze these files. 6.7.2 Shutdown programs Generally, you want to run a system program that will warn users and perform an orderly shutdown.
6.7.2.1 shutdown
This is an automated procedure to warn users and then brings the system down. When complete you can then power off the system or reboot. shutdown must be run as root. As an example, to shutdown the system in 10 minutes followed by a reboot, for SunOS 4.X, execute:
# shutdown -r +10 - reboot in 10 minutes.
SunOS 5.X, which uses a different shutdown program. This program is a shell script to take you to the desired run state and is located in /usr/sbin. You can specify a grace period (-g) in seconds, a run level (-i), and auto-confirmation of answers (-y). So to halt the system in 2 minutes while warning the users of the impending shutdown execute:
# shutdown -y -g120 -i0
6.7.2.2 halt/fasthalt and reboot/fastboot
halt and fasthalt synchronize the disk and then shutdown, but they do NOT warn users. fasthalt creates a file, /fastboot (SunOS 4.X only). If it exists /etc/rc skips the fsck step when booting. To halt without syncing the file system type "halt -n". reboot and fastboot are similar to halt/fasthalt, but then they immediately reboot the system. fastboot also creates the file /fastboot (SunOS 4.X only).
6.7.2.3 Kill init
# kill -TERM 1
This kills the init process. Since init must be running this will panic the system and force a reboot. It is NOT recommended.
69

6.7.2.4 Synchronize the disks
sync synchronizes the disks by updating the super block and forcing changed blocks to the disk. This should be called before the processor is halted abnormally. Any user can run sync at any time. You can also sync the system from the PROM, if necessary, as shown above.
6.8 Crashes
6.8.1 Panics and their causes Some causes of system panics are: Memory errors Bugs in the Operating System Disk write errors - bad blocks on disk The system logger, syslogd, writes a log of system error messages in /var/adm/messages or /var/log/syslog. These can be helpful in tracking down the cause of a system problem or kernel panic. For more information during recurrent crashes turn on savecore in /etc/rc.local (SunOS 4.X) or /etc/rc2.d/S20sysetup (SunOS 5.X). When enabled the system will save a core image of memory in the file /var/crash/uname -n/vmcore.# and the kernels namelist in the same directory in the file vmunix.# (SunOS 4.X) or unix.# (SunOS 5.X) during the reboot. These files can then be analyzed for the causes of the system panic. The appropriate lines in rc.local are:
# Default is to not do a savecore # mkdir -p /var/crash/`hostname` # echo -n 'checking for crash dump... ' # intr savecore /var/crash/`hostname`
6.8.2 Crash recovery Reboot the system. Examine the console output for information that may help determine the cause of the problem. If necessary boot in single user mode:
>b -s
or with an alternate kernel, e.g.:

>b sd()vmunix.gen
For best recovery after a crash have good backups and perform a file system check, fsck, when booting. If necessary reboot in single user mode and run fsck manually on an unmounted file system. 6.8.3 IRIX At the ">> " PROM Command Mode prompt you can specify an alternate disk, disk partition, or kernel to boot from in the form:
>> boot dksc(0,1,7)unix.save
where 0 is the disk controller, 1 is the SCSI target number of the disk, 7 is the disk partition, and unix.save is the alternate kernel.
70
CHAPTER 7
Operating System Installation
7.1 Suninstall
Suninstall is a set of programs and files that are used to install SunOS, other Sun software, determine mount points, and resize disk partitions. The files are located in /usr/etc/install (SunOS 4.1.X) or /usr/sbin (SunOS 5.X). 7.1.1 Features of suninstall The /usr/etc/install/files directory contains a record of the installation and any errors are kept in suninstall.log. Suninstall can be interrupted at any point and a record of current settings will be kept if run from SunOS. If run from MINIUNIX then the data is destroyed when you reboot. It supports various Sun architectures, and can build heterogeneous servers, standalone, and dataless workstations. 7.1.2 Installation of SunOS on a standalone workstation Load the bootstrap program from cdrom/tape. Load the standalone copy program from cdrom/tape. Copy MINIUNIX from cdrom/tape to the disk swap partition (SunOS 4.X), or the root partition to memory (SunOS 5.X). Start suninstall. Load the requested cdrom/tapes(s). Reboot the system.
1. 2. 3.
4. 5. 6.
7.2 SunOS 4.1.X

7.2.1 Boot CDROM contents: The SunOS 4.1.4 (Solaris 1.1.2) CDROM, which includes the latest BSD version of SunOS, allows for both a full install and an upgrade from earlier versions of SunOS 4.1.X. The CD conforms to the hsfs file system. You can mount it and look at it under SunOS. If you do this you will see that the top level directory contains the subdirectories: export, patches, and sunupgrade. Under /export there are the
71
subdirectories: exec and share. /export/share contains the manual pages. /export/exec holds the necessary executables to install the OS. The files are in uncompressed tar format. Under /export/exec we have (in 512 byte blocks):
/export/exec: 4 kvm/ 512 proto_root_sunos_4_1_4* 4 sun4_sunos_4_1_4/ /export/exec/kvm: 4 sun4_sunos_4_1_4/ 4 sun4c_sunos_4_1_4/ 4 sun4m_sunos_4_1_4/ /export/exec/kvm/sun4c_sunos_4_1_4: 10400 kvm* 14000 miniroot_sun4c* 11216 sys* 13 xdrtoc* /export/exec/sun4_sunos_4_1_4: 5856 debugging* 6288 games* 1952 install* 15264 openwindows_demo* 46400 openwindows_programmers* 1808 rfs* 2752 shlib_custom* 3680 sunview_programmers* 8016 system_v* 96 tli* 57888 usr* 11920 versatec* /export/share: 4 sunos_4_1_4: 14992 manual
(kernel contained on boot file 1 on the CDROM) (kernel contained on boot file 2 on the CDROM) (kernel contained on boot file 3 on the CDROM) (similar sub-directories for Sun4 and Sun4m)
8128 3568 2096 19040 67024 640 1024 5328 1424 15376 1216
demo* graphics* networking* openwindows_fonts* openwindows_users* security* sunview_demo* sunview_users* text* user_diag* uucp*
Since the files are tar formatted archives, so you can readily retrieve any files later on, as needed. 7.2.2 Before starting installation: Read the "SunOS 4.1.X Release & Install" manual. Read the "READ THIS FIRST" document provided. Decide or obtain the information necessary to complete the install, including:
- hostname.dept.ohio-state.edu- required if on SONNET - prints during the EEPROM self-test. - required if on the OSU network, SONNET; obtain from UTS. - Sun3/Sun3x/Sun4/Sun4c/Sun4m - disk partitions
1. 2. 3.
Hostname Ethernet address Internet address Machine architecture Partitions and sizes
72
SunOS 4.1.X Mount points - mount points need to exist before partitions can be mounted; exceptions are partition a (/) and partition b (swap). Software desired - if disk space is available you can load everything, otherwise delete items youre unlikely to use.
7.2.3 Installation Example Install the miniroot: Insert boot tape and at the PROM prompt type:
>b tape or >b st() -orok boot tape
for old Sun4c/Sun4/Sun3 -orfor old Sun4c for Sun4 ok boot cdrom
or boot cdrom
>b cdrom or >b sd(0,6,2) >b sd(0,30,1)
After successfully installing the miniroot youll be presented with the choice;
What would you like to do: 1 - install SunOS mini-root 2 - exit to single user shell Enter a 1 or 2:
If you enter 1 youll be given the opportunity to select, format, and relable the disk. Disks purchased from Sun are formatted at the factory so you shouldnt need to reformat them. You may wish to relable them to change partition sizes. Once the mini-root is installed on your disks swap space youll be presented with:
Mini-root installation complete. What would you like to do? 1 - reboot using the just-installed miniroot 2 - exit into single user shell Enter a 1 or 2:
Exit to single user mode and start the installation:

# suninstall (many screens and questions to configure your system; installation of the chosen software) # reboot >b sd(0,0,0) -or>b sd() -or>b
The default boot device can be set with the program eeprom, e.g.:
# eeprom bootdev=sd$0,0,0$.
73
7.3 SunOS 5.X

7.3.1 SunInstall Our old friend SunInstall is still here. Hes changed a little bit though. SunInstall no longer has MUNIX or miniroot. This is because it now works directly from CDROM. All temporary files are stored in memory and it does not require a dedicated swap partition. Since its using the file system from the CDROM its a bit slow; it takes about 5 minutes to boot SunOS 5.X. A significant advantage to this new method is that you can now modify the root and swap partitions of the hard disk with SunInstall, since the program is not using the hard disk. 7.3.2 Hardware Requirements Solaris 2 runs only on SPARC computers. It will not run on Sun3s. Solaris 2.5-2.6 is supported on Sun4c, Sun4m, and Sun4u hardware, but not Sun4 hardware. Solaris 2.4 will run on all SPARC hardware except the UltraSPARCs (Sun4u). To run Solaris 2 the machine should have At least 16 MB of memory A minimum of 200 MB of hard disk space, with 400 MB required to install everything.
The machines can be

Networked Standalone Dataless Client (root and swap on same disk) Diskless Client Homogeneous Server at SunOS 5.X (clients at same or lower release level) Heterogeneous Server at SunOS 5.X (clients at differing architecture at same or lower release level, including SunOS 4.1.1 or later)
A CDROM drive is required, either locally or on the subnet, to install the software. 7.3.3 Software Terminology
7.3.3.1 Packages and Clusters
The software is grouped into packages of files and directories related to an application. For example there will be a group for man pages and another for SunOS 4.1.X binary compatibility. These groups of software are labelled packages. A package is the standard way to deliver software under Solaris 2, both bundled and unbundled. There are 187 software packages in the Solaris 2.5 base distribution. There are standard commands for administering the packages that well look at later. Packages from Sun are generally identified by the SUNWxxx naming convention.
74
SunOS 5.X
Packages may be grouped into clusters of related applications. For example, the Source Compatibility Support cluster includes:
Source Compatibility (root), SUNWscpr Source Compatibility (usr), SUNWscpu Source Compatibility Archive Library, SUNWsra Source Compatibility Header Files, SUNWsrh
A cluster can be composed of one or more packages. The cluster names refer to logical names, such as Source Compatibility Support and On-line Manual Pages, not to the SUNWxxx convention.
7.3.3.2 Configuration Options
The packages and clusters are further grouped into four configuration options for SunInstall.
Core
End User Developer
Entire
- This contains the software needed to boot and run Solaris 2. It is sufficient for a standalone workstation and includes some networking software and the drivers to run OpenWindows. It does not include OpenWindows or the on-line manual pages. - This contains the software and end user programs required to run Solaris 2. It includes OpenWindows and the on-line manual pages. - This contains software required to develop software, including: compiler tools, OpenWindows, and the man pages. It does not include any compilers or debuggers. - This includes the entire Solaris 2 release. It does not include any compilers or debuggers, other than adb.
7.3.4 Partition Planning All partitions can now be adjusted during SunInstall. You no longer need to run format before starting the installation. Unbundled applications usually have a default installation directory of /opt (for optional). Packages that might previously have tried to install into /usr/lang or /usr/local now suggest /opt/SUNWxxx as their default directory. Its now possible to have smaller swap space than RAM, as idle processes are not automatically swapped out. This was discussed in the section on swapfs in an earlier chapter. Suns suggestions for disk partitioning are as follows. I would suggest that for a server you increase / and /opt, and add a /var partition. For a standalone machine you might have only two partitions: one for the software and one for swap.
75
TABLE 7.1
Server Disk Partitions, always Minimum 12 Mbytes 80 Mbyte 30 Mbytes 5 Mbytes none Default 16 Mbytes 3 times the memory 160 Mbytes 5 Mbytes part of / Maximum Req. 17 Mbytes varies 181 Mbytes varies none My Recommendation 20 Mbytes varies 220 Mbytes varies 30 Mbytes; larger for servers
File System / (root) swap /usr /opt /var
TABLE 7.2
Server Disk Partitions, per diskless client File System /export/root /export/swap /export/exec 4.X /export/root /export/exec 16 Mbytes 15 Mbytes/sun4 client arch 80 Mbytes Each Diskless Client 20 Mbytes 24 Mbytes 15 Mbytes Each Release 10 Mbytes
Client SunOS Version 5.X
7.3.5 Installation The installation process has three levels. Sysidtool prompts for system identification information. SunInstall does the installation. Admintool is a GUI tool used to add new users, set-up diskless clients, manage printers and databases. Installation consists of:
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Save the previous configuration and data files. Boot from CDROM. Provide sysidtool the system identification information. Provide SunInstall the installation information. Choose the Quick or Custom Install option. For a server - identify diskless clients and the architectures to be supported. Select the desired software. Configure the disks to support the desired software and clients. Start the installation. Customize your system.
76
SunOS 5.X
7.3.5.1 Pre-Installation Information
During installation youll be asked to provide the following information. Hostname Hosts IP address
Desired name service (NIS+, NIS, none). Should you choose NIS+ or NIS you will also need to provide: domainname NIS(+) server hostname NIS(+) server IP address Note: At this point you are choosing the NIS(+) domain name and server, not the IP domain name.
Subnet information Geographic region Timezone and current date and time Configuration: Standalone Server Dataless Client Installation Type: Quick Install Custom Install Identify any diskless clients Choose the software configuration type: all core developer end-user Identify the disk(s) to use for the installation and whether or not they should be formatted. 7.3.6 Booting
You can boot from CDROM either locally or remotely. From the old Sun4 systems, i.e. 300 and 400 series at the > prompt type:
b sd(0,30,1).
From the older SPARCstations, i.e. SS1, 1+, IPC, and SLC at the ok prompt type:
boot sd(0,6,2).
From newer SPARCstations, i.e. SS2, SS10, ELC, IPX, 600MP, Sun4m and Sun4u hardware at the ok prompt type:
boot cdrom.
77
7.3.7 Setting Up an Install Server An install server provides boot service for other machines for installing Solaris 2.X. If your CDROM drive is not directly attached to the machine youre upgrading you might want to set up an install server on the machine with the CDROM. You could also copy the CDROM to a hard disk on the install server. If you take the former route theres only a small temporary space required on the server, about 150 Kbytes per kernel architecture. Copying all of Solaris 2.X onto hard disk requires approximately 320 Mbytes of space. To copy the contents of the CDROM to disk do the following:
# mkdir /cdrom # mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom-on a 2.X server -or# mount -t hsfs -r /dev/sr0 /cdrom-on a 4.1.X server -then# cd /cdrom # ./setup_install_server /export/install-or another install directory
From then on you can use /export/install, or the specified install directory, in place of the CDROM. After the client boots from the server installation proceeds as it would for a local installation.
7.3.7.1 Server at 4.1 or 4.1.1
Before you can boot the client using the Solaris 2.X CDROM you need to add the Rock Ridge extensions to the High Sierra File System to allow it to support longer file names, symbolic links, and deeper directories on the CDROM. These are located on the CDROM. To access them:
# mkdir /cdrom # /etc/mount -t hsfs -r /dev/sr0 /cdrom # cd /cdrom # ./inst.rr # cd / # umount /cdrom
The new driver is enabled when you remount the CDROM, as below.
7.3.7.2 Server at 4.1.X (or after installing the rr extensions above)
First mount the CDROM:

# mkdir /cdrom # /etc/mount -t hsfs -r /dev/sr0 /cdrom
Then change to the /cdrom directory and execute the command to install clients:
# cd /cdrom # ./add_install_client machine_name architecture
78
SunOS 5.X -or# ./add_install_client -e ethernet_address -i ip_address machine_name architecture
where machine_name is the name of the client and architecture is either sun4c or sun4m or Sun4u. The -e and -i options are necessary if the NIS server does not already have this information.
7.3.7.3 Server at 2.X
First mount the CDROM:

# mkdir /cdrom # mount -F hsfs -o ro /dev/dsk/c0t6d0s0 /cdrom
You then use the Host Manager to introduce the client machine to the server. Entries that youll add for the client with Host Manager include:

Hostname IP address Ethernet address Type: standalone, diskless, or dataless Time zone region and time zone Remote or local (CDROM) installation for the client Media server for remote installation (machine with the CDROM) OS release to install from the remote server (Sun4c/Sun4m/Sun4u)
You then need to update the NIS(+) maps and youre ready to go.
7.3.7.4 Booting the Client
The server needs to be running the Reverse Address Resolution Protocol and the bootparam daemons, rarpd and rpc.bootparamd, respectively. You should create the directory, /tftpboot if it doesnt already exist on the server. The boot program will be copied here when you add each client. You cannot boot Solaris 2.X through a router. The install server must be on the same subnet as the client. You dont, however, need to have a complete install server on each subnet. You can have a pared down boot server on the subnet with the kernel architecture required for those subnet clients, and a full install server on another subnet. After adding the machine as a client of the install server halt and boot the client from the network:
# halt ok boot net
After the client completes the boot process the suninstall program is invoked automatically.
79
7.3.8 JumpStart JumpStart, or auto-install, is designed to make the installation easy and automatic. This allows you to pre-configure the information you need to do the install. It also allows you to readily install many machines with the same configuration, rather than having to worry about each of them individually. You make a stub on the disk containing the information about the packages you want to install. On the NIS(+) server you can configure the network information for the new system including the hostname, IP address, time zone and domain name. If your system is already at Solaris 1.1 (SunOS 4.1.3) or higher you can run JumpStart to upgrade to Solaris 2.X. After backing up your system you would execute the script, /etc/.install.d/re-preinstallsvr4 when in single user mode to perform the upgrade. The script uses /usr/etc/install/bpgetle to try to locate a network version of the Solaris 2 CDROM. bpgetfile does an rpc broadcast to the local subnet to try to locate an install server with the install program. Failing that it checks locally for a mountable CDROM. Should it find either source it mounts the file system on /.stub/mnt. After checking to make sure that it has the necessary files for this architecture it starts the upgrade process and gives you a chance to back out. It reads any custom files that have been placed in /.stub to control the install.
7.3.8.1 Configuration Information
When a new machine boots it searches for an install customization directory. It first checks the local floppy drive and if none is found there it then queries the bootparam server for an entry with the keyword install_cong. The bootparam server would have an entry similar to the following in the /etc/bootparams file or its NIS(+) bootparams map:
client_name install_config=server:/export/install_info -or* install_config=server:/export/install_info -Solaris 1.X -Solaris 2.X, which takes wild card entries.
With add_install_client use the -c option to automatically setup the bootparam entry when you set up the client:
# ./add_install_client -s install_server:/cdrom -c config_server:/dir sunclient sun4 where /dir on cong_server contains the auto-install configuration information.
Theres a sample directory on the Solaris 2.X CDROM, auto_install_sample, that you can use as an example when setting up your configuration file. There is also a sample rules file there. The boot program provides the auto-install program with information about the machine being booted. That, in conjunction with the information provided to the server for this client, provides the auto-install program with sufficient information to determine hostname, host and network addresses, NIS(+) domainname, machine model and architecture type, kernel architecture, memory installed, disk size, and hostid for the client. The rules file then looks for sets of information defined by the Table below. Auto-install will then execute a script before the installation, begin, setup a profile based on the class, and execute a script when done, nish.
80
SunOS 5.X
Casper Dik has made some good examples of these scripts available on the Internet at ftp://ftp.fwi.uva.nl/pub/solaris/auto-install/. .
TABLE 7.3
Auto-install Rules File Match Type exact exact exact exact exact exact exact range disk_name range disk_slice release range exact ignored Expected Data Type text string dotted decimal address dotted decimal address NIS(+) domain - text string machine architecture - text string kernel architecture - text string machine model, e.g.: 4_75 memory size in MB, e.g.: 16-64 specific disk size in MB, e.g.: c0t3d0 180-500 specific disk slice and OS release, e.g.: c0t3d0s0 solaris_2.5 total disk size in MB, e.g. 180-500 8 digit hex number, e.g.: 80442a6b always matches
Comparison hostname hostaddress network domainname arch karch model memsize disksize installed totaldisk hostid any
Note, that the backslash, \, at the end of a line of a rules line indicates that the line is continued on the next line. Lines beginning with # are comments. So if your rules file has entries of the form (modified from an example by Casper Dik):
# key value begin # SPARCstation LX karch sun4m model SUNW, SPARCstation-LX memsize 16-64 disksize rootdisk 180-550 scripts/start # SPARCstations 1, 1+, 2, ELC, SLC, IPC, IPX karch sun4c memsize 16-64 totaldisk 180-250 scripts/start # Anything not matched - dont install any scripts/no_match class &&\ &&\ &&\ packages/default &&\ &&\ packages/no_var finish
scripts/finish
scripts/finish -
Where the lines are interpreted as:

karch sun4m &&\ model SUNW, SPARCstation-LX &&\ Specifies that a sun4m type architecture and the model SPARCstation LX are being selected. UNIX System Administration 1998 University Technology Services, The Ohio State University 81
Operating System Installation memsize 16-64 &&\ disksize rootdisk 180-550 scripts/start packages/default scripts/finish Specifies that if the memory size is 16-64 MB and the root disk size is 180-550 MB set the parameters dened in the packages/default class file. Before installation run the begin le, scripts/start, and upon completion the nish script, scripts/nish, will be run. karch sun4c &&\ memsize 16-64 &&\ totaldisk 180-250 scripts/start packages/no_var scripts/finish Specifies that any machine with sun4c kernel architecture, and memory size of 16-64 MB, and total disk size of 180-250 MB should set the class parameters define in packages/no_var (e.g. so that /var is not a separate partition), and run the begin script, scripts/start, and the nish script, scripts/nish. any scripts/no_match This matches any machine, so if the machine was not flagged by one of the previous lines in the file install with the scripts/no_match begin script. If you left off this last line the machine would perform an interactive install if it didnt match a previous line.
An example of a class configuration file:

filesys any 24 / filesys any 80 /usr filesys any 43 /var nosuid filesys any 0 /home filesys any 0 /opt filesys any free swap cluster SUNWCreq package SUNWvolr package SUNWvolu cluster SUNWClp package SUNWdoc
delete delete
Where these lines are interpreted as:

filesys any 24 / The filesys entries specify the disk partitioning in MBs. The entry partitioning could be used with either default or existing to indicate that the disk should be partitioned based on the software selected or that the current partitions should be used, respectively. If not specified default is used. cluster SUNWCreq This defines the cluster to be installed. If this is a configuration cluster the add|delete fields are ignored. package SUNWvolr delete So the package SUNWvolr has be selected to be deleted from the previously chosen cluster.
82
SunOS 5.X
Additional fields follow the format:

product product_name product_version to specify a product to install and the OS version (e.g. Solaris 2.5). filesys any (size | all) to define the size to partition various file systems, e.g.: filesys any 60 swap
filesystem
package package_name (add | delete) to specify a package to install. The add and delete options specify whether the package should be added or deleted from the configuration cluster and clusters previously chosen, e.g.: package SUNWaudmo add package SUNWman delete
7.3.8.2 Automatic Installation
With existing machines specify the install option when booting to enable auto-install, i.e.:
ok boot net - install Note: There must be a apace between the - and install.
Machines already installed with Solaris 2.X can be reconfigured by touching the AUTOINSTALL file in the root directory and then rebooting, e.g.:
# touch /AUTOINSTALL # reboot
The machine will attempt to auto-install during the boot process. 7.3.9 Installation Files The installation programs keep a record of the packages and files installed on the system in the /var/sadm directory.
/var/sadm/install_data - contains a CLUSTER file listing the installed clusters, and a log file of the installation, install_log. /var/sadm/install - the contents file in this directory keeps a listing of the various packages installed on the system and their locations, permissions, ownership, and the package with which they are associated. /var/sadm/softinfo - the INST_RELEASE and Solaris_2.X files in this directory contain the OS name and version number. /var/sadm/pkg - the subdirectories here represent every software package installed on your system. Each subdirectory contains a file describing the package and another listing the files associated with the package. /var/sadm/patch - there is a subdirectory here for each patch installed, with files to describe the patch and the package and files associated with it. Theres also a script to backout the patch should that become necessary. If youre short of space in /var/sadm you can install the patch with the "-d" option to prevent saving the original files. In that case you wont be able to backout the patch.
83
7.4 Post Install Actions

After youve installed the operating system you should install the recommended patches, and then you can personalize the system to your needs. Below are some of the steps I take to finish and personalize the configuration on my systems.
TABLE 7.4
Post Install Actions SunOS 4.X X X X X X X X X X X X SunOS 5.X X X
Procedure touch /TIMESTAMP passwd rm /etc/hosts.equiv vi /etc/netmasks 128.146.0.0 vi /etc/ttytab ifconfig le0 netmask + broadcast xxx.yyy.zzz.255 route add default xxx.yyy.zzz.1 1 ftp wks.uts.ohio-state.edu 255.255.255.0
Purpose let's you know the start time set a passwd on the root login comes with "+" create an entry for the network, e.g. for 128.146 change "secure" -> "unsecure" reset the netmask and broadcast reset route under /pub/sunpatches retrieve the patch files needed. Contact [email protected] for the current patch list for your version of the OS. follow READMEs for the individual patches create /etc/defaultrouter with the IP address of the default router edit /etc/rc.local to mount /tmp as tmpfs (on swap) and to set the proper permissions on the directory and to set the proper broadcast add the line to mount /tmp on swap this is required for several of the OS patches edit to taste and remove "." from path protect all accounts, even sync remove +: entry if not using NIS well look at how to do this in a later Chapter remove +: entry if not using NIS
Install patches echo "xxx.yyy.zzz.1" > /etc/defaultrouter vi /etc/rc.local mount /tmp chmod 1777 /tmp chmod g+s /tmp ifconfig le0 broadcast `cat /etc/defaultrouter |sed -n "s/\.[0-9]$/\.255/p"` vi /etc/fstab swap /tmp tmp rw 0 0 Generate a new kernel and reboot with it vi /.cshrc /.login /.profile vipw Create necessary accounts vi /etc/group
X X X
X X
X X X X X X X X
84
Post Install Actions
TABLE 7.4
Post Install Actions SunOS 4.X X SunOS 5.X X
Procedure Add tcsh and/or bash to /usr/bin
Purpose much better than csh or sh for login (the sources can be obtained via anonymous ftp from tesla.ee.cornell.edu in /pub/tcsh and prep.ai.mit.edu in /pub/gnu for tcsh and bash, respectively.) add entries for all login shells, e.g.:
cat << EOF > /etc/shells /sbin/sh /bin/sh /bin/csh /bin/ksh /bin/bash /bin/tcsh EOF chown root /home rm -rf /var/spool/uucppublic Install resolv+2.1.1 package /usr/lib/libresolv.a /usr/lib/libc.so.1.9.1 /usr/lib/libc.sa.1.9.1 Now execute ldconfig Then copy the new include files to /usr/include. cat << EOF > /etc/resolv.conf domain acs.ohio-state.edu. nameserver 128.146.1.7 nameserver 128.146.48.7 search acs.ohio-state.edu magnus.acs.ohiostate.edu cis.ohio-state.edu eng.ohiostate.edu EOF cat << EOF > /etc/host.conf order hosts,bind trim .magnus.acs.ohio-state.edu, .acs.ohiostate.edu nospoof on alert on EOF
not caught by patch 100103 writable by everyone, so remove if not used for DNS, or use NIS, it includes: resolver library shared library shared library to pick up the new libraries
X X X X
for DNS, with the IP domain, up to 3 nameservers, these are ns1.net and ns2.net and a search path
used by resolv+ set the host database order to search trim the domains
85
TABLE 7.4
Post Install Actions SunOS 4.X SunOS 5.X X X X
Procedure vi /etc/nsswitch.conf hosts: files dns vi /etc/syslog.conf define(LOGHOST,localhost) -orvi /etc/hosts www.xxx.yyy.zzz hostname loghost chmod o-w /etc/* Set up xntp, including change in /etc/services for udp service Install any other desired packages, e.g. perl, language compilers, etc. Backup the system
Purpose set name service switch lookups set the host database order to search define LOGHOST (first line in file), or reference the files locally and remove the "ifdef(LOGHOST..." entries, as desired add the alias loghost to your hostname entry, not to the localhost entry remove general write permissions Network Time Protocol make the system more usable so you can reproduce the current state after a catastrophe.
X X X X
X X X X
7.5 Sun Patch List

Ohio State University members can usually find the necessary SunOS patches on the patch server, ftp://wks.uts.ohio-state.edu/pub/sunpatches/. If you dont find what you need there, contact [email protected]. Others should contact Sun Microsystems, or their software vendor, for patches. 7.5.1 SunOS 4.1.3_U1 (Solaris 1.1.1)
100103-12 101434-03 101436-08 101440-01 101508-14 101558-07 101579-01 101587-01 101592-07 101621-04 trol 101625-02 SunOS 4.1.3;4.1.3_U1: set file permissions to more secure mode SunOS 4.1.3_U1: lpr Jumbo Patch SunOS 4.1.3_U1: patch for mail executable SunOS 4.1.3_U1: security problem: methods to exploit login/su SunOS 4.1.3_U1: Sun4m kernel patch SunOS 4.1.3_U1: international libc jumbo patch SunOS 4.1.3_U1: Security problem with expreserve for Solaris 1.1.1 SunOS 4.1.3_U1: security patch for mfree and icmp redirect SunOS 4.1.3_U1: UFS File system Patch SunOS 4.1.3_U1: tty patch CTE zs driver gates reception on CD for hardware flow conSunOS 4.1.3_U1: ftp does not prompt for account information
86
Sun Patch List 101665-07 101679-01 101759-04 101784-04 102060-01 102177-04 100444-76 100448-03 100452-72 100478-01 101435-02 SunOS 4.1.3_U1: sendmail jumbo patch SunOS 4.1.3_U1: Breach of security using modload SunOS 4.1.3_U1: domestic (US only) libc jumbo patch SunOS 4.1.3_U1: rpc.lockd/rpc.statd jumbo patch SunOS 4.1.3_U1: Root access possible via passwd race condition SunOS 4.1.3_U1: NFS Jumbo Patch OpenWindows 3.0: OpenWindows V3.0 Server Patch 3000-124 OpenWindows 3.0: loadmodule Patch OpenWindows 3.0: XView 3.0 Jumbo Patch OpenWindows 3.0: xlock crashes leaving system open 1 SunOS 4.1.3_U1: ypserv and ypxfrd fix
7.5.2 SunOS 4.1.4 (Solaris 1.1.2)

100103-12 102264-02 102394-02 102414-01 102423-04 102436-02 102544-04 102545-04 100444-76 100448-03 100452-72 100478-01 102516-04 SunOS 4.1.3;4.1.3_U1: set file permissions to more secure mode SunOS 4.1.4: rpc.lockd patch for assertion failed panic SunOS 4.1.4: NFS Jumbo Patch SunOS 4.1.4: mail jumbo patch Sunos 4.1.4: Sendmail jumbo patch SunOS 4.1.4: Machine soft hangs and hangs on bootup (sun4m) SunOS 4.1.4: domestic (U.S. only) libc jumbo patch SunOS 4.1.4: international libc jumbo patch OpenWindows 3.0: OpenWindows V3.0 Server Patch 3000-124 OpenWindows 3.0: loadmodule Patch OpenWindows 3.0: XView 3.0 Jumbo Patch OpenWindows 3.0: xlock crashes leaving system open 1 SunOS 4.1.4: UFS File system Patch
2
Some patches apply only to specific hardware, and 102544 and 102545 are mutually exclusive, as they apply to the domestic and international versions of the libraries, respectively. 7.5.3 SunOS 5.4 (Solaris 2.4)
101945-41 101959-07 101973-16 102042-05 SunOS 5.4: kernel patch SunOS 5.4: lp jumbo patch SunOS 5.4: fixes for libnsl and ypbind SunOS 5.4: usr/bin/mail jumbo patch
1. This patch is on the Security list, but not the Recommended list, because its assumed to be too application dependent and not relevant to all sites. 2. Not actually on the Recommended list for this release, but you will want to check the changes this script makes to be sure that you have similar file permission settings on your system
87
Operating System Installation 102044-01 102066-09 102070-01 102165-03 102216-07 102218-03 102277-02 102437-03 102479-02 102656-01 102664-01 102680-03 102693-03 102704-02 102711-01 102741-01 102756-01 102769-03 102788-02 102922-03 102960-01 103070-01 103270-01 101878-13 102292-02 103290-02 102049-02 102303-05 102336-01 SunOS 5.4: bug in mouse code makes "break root" attack possible SunOS 5.4: sendmail patch SunOS 5.4: Bugfix for rpcbind/portmapper SunOS 5.4: nss_dns.so.1 fixes SunOS 5.4: klmmod and rpcmod patch SunOS 5.4: libbsm fixes SunOS 5.4: nss_nisplus.so.1 fixes SunOS 5.4: /usr/ccs/bin/as has an internal error SunOS 5.4: DNS spoofing is possible per Cern ca-96.02 SunOS 5.4: /dev/qec should protect against being opened directly SunOS 5.4: data fault in scanc() due to bad "cp" argument SunOS 5.4: fixes for ufsdump and wall SunOS 5.4: at and atrm fixes SunOS 5.4: jumbo patch for NIS commands SunOS 5.4: Creation of /tmp/ps_data is security problem SunOS 5.4: libm can hit SEGV in multi-threaded mode SunOS 5.4: expreserve still has security problem SunOS 5.4: statd fixes SunOS 5.4: Jumbo patch for sccs bug fixes. SunOS 5.4: inetd fixes SunOS 5.4: vipw has security problem SunOS 5.4: tip will read and print any uucp owned file SunOS 5.4: nissetup default permissions not secure enough OpenWindows 3.4: Xview Patch OpenWindows 3.4: filemgr (ff.core) fixes SPARCstorage Array 2.0: SSA Jumbo patch for Solaris 2.4 11/94, HW395 SunOS 5.4: linker fixes 3 SunOS 5.4: POINT PATCH: linker fixes 3 SunOS 5.4: POINT PATCH: 1091205 - Password aging & NIS+ don't work
7.5.4 SunOS 5.5 (Solaris 2.5)

102971-01 102980-07 103093-03 103169-06 103241-01 SunOS 5.5: vipw fix SunOS 5.5: sendmail patch SunOS 5.5: kernel patch SunOS 5.5: ip driver and ifconfig fixes SunOS 5.5: Undefined symbol in libc.so.1.9
3. This patch is on the Security list, but not the Recommended list, because its assumed to be too application dependent and not relevant to all sites.
88
Sun Patch List 103242-01 103266-01 103279-02 103447-03 103468-01 103667-01 103703-01 103708-01 103746-01 103815-01 102832-01 103300-02 103017-04 SunOS 5.5: linker patch SunOS 5.5: nissetup default permissions for password table not secure SunOS 5.5: nscd breaks password shadowing with NIS+ SunOS 5.5: tcp patch SunOS 5.5: statd security problem SunOS 5.5: DNS spoofing is possible per Cern ca-96.02 SunOS 5.5: nss_dns.so.1 source modification and rebuild for BIND 4.9.3 SunOS 5.5: rpc.nisd_resolv rebuild for BIND 4.9.3 SunOS 5.5: XFN source modifications for BIND 4.9.3 SunOS 5.5: rdist suffers from buffer overflow OpenWindows 3.5: Xview Jumbo Patch OpenWindows 3.5: ff.core security patch SPARCstorage Array Solaris 2.5: Jumbo patch for SSA for Solaris 2.5
7.5.5 SunOS 5.5.1 (Solaris 2.5.1)

103582-01 103594-03 103630-01 103663-01 103680-01 103683-01 103686-01 103743-01 103817-01 SunOS 5.5.1: /kernel/drv/tcp patch SunOS 5.5.1: /usr/lib/sendmail fixes SunOS 5.5.1: ip and ifconfig patch SunOS 5.5.1: DNS spoofing is possible per Cern ca-96.02 SunOS 5.5.1: nscd/nscd_nischeck rebuild for BIND 4.9.3 SunOS 5.5.1: nss_dns.so.1 rebuild for BIND 4.9.3 SunOS 5.5.1: rpc.nisd_resolv rebuild for BIND 4.9.3 SunOS 5.5.1: XFN source modifications for BIND 4.9.3 SunOS 5.5.1: rdist suffers from buffer overflow
89
7.6 IRIX 5.X

7.6.1 Installation When you boot your SGI machine youll have a few seconds to press the "Stop for Maintenance" button on the "Starting up the System" window. From there youll be given the choices:

Start System Install System Software Run Diagnostics Recover System Enter Command Monitor Select Keyboard Layout
Select "Install System Software" with the mouse. Then choose the source, e.g. "Local CD-ROM", for the software. The miniroot, including the installation tool, inst, will be copied from CDROM to swap on the local disk. The system will then reboot from swap, putting you into the miniroot. Run inst, from which youll be given the "Inst> " prompt. At this point you have various options available to you with inst. You can use list to list the software, e.g. "list * *" will list all the packages available. Then install will add the product to the list to be installed, along with the defaults already marked, e.g. "install print.man.bsdlpr" to choose the man pages for the BSD style line printer package. After choosing your software type "go" to start the installation. When the installation is completed you can "quit" from the inst tool and reboot the system. 7.6.2 Post Install Now you can personalize the system. Some things you might want to change include the following.
1.
2.
3.
4.
turn off the route daemon To do this edit /etc/config/routed and change "on" to "off". set a default route Edit /etc/init.d/network and add a line similar to: /usr/etc/route add default xxx.yyy.zzz.1 1 before the routed line. remove the setuid/setgid bits from /usr/lib/desktop/permissions to close this security hole get the latest BSD sendmail, or install the sendmail patch, again for security concerns.
Also, read through the steps above for SunOS to see which might be applicable here. Ohio State University members can usually find the necessary IRIX patches on the patch server, ftp://araminta.acs.ohio-state.edu/pub/sgi/patches/.
90
CHAPTER 8
Kernel Configuration
8.1 SunOS 4.1.X

The SunOS 4.1.X kernel that comes with the installation is configured to allow the use of all supported devices for the architecture. This makes it quite large and causes it to take up considerable memory. Since most systems will not have all the supported peripherals you can remove those that arent needed, freeing memory space for use by programs. If you add additional devices, then you need to put the drivers back in and reconfigure and reinstall the kernel. It is not necessary to reconfigure the SunOS 5.X kernel, as this kernel loads only the drivers for the devices attached to the system. 8.1.1 Kernel configuration files Templates for the kernel configuration can be found in the directory /usr/share/sys/sun{3,3x,4,4c,4m}/conf. Some of the templates are:
DL60 DLS60 GENERIC GENERIC_SMALL Makefile.src NFS60 README SDST60 - diskless 4/60 (SS2) - diskless 4/60 with local swap - default (all general supported devices) - default for generic_small (8 SCSI disks, 4 SCSI tapes, 2 CDROMs) - makefile for the compilation - to boot a disk-equipped machine from a server - detailed directions for building the kernel - 4/60 with SCSI disks and tapes
Normally you will congure the kernel to match the hardware of a system e.g. disk(s)/diskless, tape(s), color monitor, etc. Reconfiguring the kernel should save memory space and allow the kernel to execute faster. 8.1.2 Overview of Sysgen process cd /usr/share/sys/sun{3,3x,4,4c,4m}/conf cp GENERIC HOSTNAME - copy the configuration file vi HOSTNAME - edit and revise as needed config HOSTNAME - build the system configuration files
1. 2. 3. 4.
cd ../HOSTNAME - cd to the new directory 6. make - compile the new kernel 7. mv /vmunix /vmunix.gen - save the old kernel 8. cp vmunix / - install the new kernel 9. reboot - reboot using the new kernel Sometimes the new kernel will not run properly. The patch may have been faulty; you may have left out defining one of the necessary parameters; the object files may have been corrupted, etc. If you cant boot from the new kernel for any reason, reboot using the old kernel and then repeat the steps above to regenerate a new kernel. Reboot with:
5.
>b vmunix.gen
8.2 SunOS 5.X

8.2.1 Autoconfiguration Under Solaris 2 the kernel is now modularized. Whenever the kernel needs a module it loads it and processes it. The kernel is now /kernel/unix for early versions of Solaris, SunOS 5.0-5.4). Solaris 2.5 and above (SunOS 5.5+) has both a generic, platform-independent part (/kernel/genunix) and a core, or platform-specific part (/platform/uname -m/kernel/unix) of the kernel. These are combined to form the running kernel. You can customize the kernel with the /etc/system file. This configuration file contains commands to be read by the kernel during initialization. You can specify that modules be excluded, or loaded during initialization, rather than when first used, etc. You can set the root and swap devices to something other than the default value. You can even set the value of kernel parameters, e.g.:
set maxusers=16
Each type of module has its own subdirectory in /kernel, e.g. the device drivers are under /kernel/drv. Each driver also has a configuration file associated with it to set the kernel parameter values. Solaris 2.5 and above again has a platform-independent set in /kernel/drv and a platformdependent set in /platform/uname -m/kernel/drv. A significant advantage to modularization is that the kernel now only loads the modules it needs, making more efficient use of memory. Also, you can add drivers without having to rebuild the kernel and reboot the system. 8.2.2 Accessing New Device Drivers Should you add new device drivers they should be installed in /kernel. You can add drivers with the add_drv command and remove them with the rm_drv command. Once the driver is installed and the new device connected reboot the system with:
ok boot -r
92
SunOS 5.X
Alternatively, you can create the file /reconfigure before rebooting. reconfigured during the boot process.
# touch /reconfigure # reboot
The kernel will then be
One of these procedures is required for all drivers not installed initially. It causes the kernel to properly recognize the new drivers during the boot process. 8.2.3 Device Configuration During the boot process devices are identified and new ones are automatically added to /devices and /dev. So you no longer have to execute MAKEDEV to configure the new devices. The equivalent is done for you with the new automatic reconfiguration process when you boot. The Solaris 2.X system is responsible for assigning an unused major number when you add a device, so these should not be hard-coded into the drivers. Minor numbers are assigned by the driver. Should you need to reconfigure the /devices directory you can do this with the drvcong command. This should create the /devices directory tree from the attached hardware. It uses the dev_info tree of the kernel. The devices should be powered on when you run this command. Normally this is done for you whenever a new driver is installed with the add_drv utility and you reboot the system with the -r option. drvcong uses the file /etc/minor_perm to determine the permissions to apply to the devices and the file /etc/name_to_major to assign major device numbers. Use the utility prtconf to display the devices configured on your system.
# prtconf
System Configuration: Sun Microsystems Memory size: 64 Megabytes System Peripherals (Software Nodes): sun4m
SUNW,SPARCstation-5 packages (driver not attached) disk-label (driver not attached) deblocker (driver not attached) obp-tftp (driver not attached) options, instance #0 aliases (driver not attached) openprom (driver not attached) iommu, instance #0 sbus, instance #0 espdma, instance #0 esp, instance #0 sd (driver not attached) st (driver not attached)
93
sd, instance #0 (driver not attached) sd, instance #1 sd, instance #2 (driver not attached) sd, instance #3 sd, instance #4 (driver not attached) sd, instance #5 sd, instance #6 SUNW,bpp (driver not attached) ledma, instance #0 le, instance #0 SUNW,lpvi, instance #0 SUNW,bpp (driver not attached) cgsix, instance #0 power-management (driver not attached) SUNW,CS4231, instance #0 afx-misc (driver not attached) obio, instance #0 zs, instance #0 zs, instance #1 eeprom (driver not attached) slavioconfig (driver not attached) auxio (driver not attached) counter (driver not attached) interrupt (driver not attached) power (driver not attached) SUNW,fdtwo, instance #0 memory (driver not attached) virtual-memory (driver not attached) FMI,MB86904 (driver not attached) pseudo, instance #0
8.2.4 Creation of the logical name space The last stage of the automatic configuration process involves the generation of the logical name space to correspond with the new devices. Several utilities are used for this, depending on the type of device. disks tapes ports devlinks
adds /dev entries for hard disks adds /dev entries for tape drives adds /dev and inittab entries for serial lines adds /dev entries for miscellaneous devices and pseudo-devices, according to the entries in /etc/devlink.tab
94
SunOS 5.X
8.2.5 Tuning Kernel Parameters Many kernel parameters scale relative to the value chosen for maxusers. You can change many others that affect the kernel and kernel modules by setting values for them in /etc/system. With /etc/system you can specify: kernel modules to be loaded automatically kernel modules not to be loaded automatically root and swap devices new values for kernel integer variables
To get a complete list of the tunable kernel parameters use the /usr/ccs/bin/nm command on the kernel, e.g.:
# /usr/ccs/bin/nm /kernel/unix # /usr/ccs/bin/nm /kernel/genunix /platform/uname -m/kernel/unix -for Solaris 2.4 -for Solaris 2.5
which yields over 5000 lines of kernel parameters, of the form:

Symbols from /kernel/unix: [Index] Value Size Type Bind Other [1] | 0| 0|FILE |LOCL |0 |ABS Shndx Name |unix
Most of these you will never need to change. You should also be aware that kernel parameters and their meanings may change in latter releases of the OS, so you should not blindly copy /etc/system files to new machines. You can get a list of the drivers and modules currently loaded and some selected kernel parameter values by using the /usr/sbin/sysdef command with the -i option as shown below.
# sysdef -i
[...] * Loadable Objects * genunix misc/consconfig [...] fs/nfs hard link: sys/nfs fs/procfs fs/specfs fs/tmpfs fs/ufs [...] sys/semsys sys/shmsys drv/arp hard link: strmod/arp drv/arp [...] * Tunable Parameters * 1306624 1002 99 997 30
maximum memory allowed in buffer cache (bufhwm) maximum number of processes (v.v_proc) maximum global priority in sys class (MAXCLSYSPRI) maximum processes per user id (v.v_maxup) auto update time limit in seconds (NAUTOUP)
95
25 5 25 25 page stealing low water mark (GPGSLO) fsflush run rate (FSFLUSHR) minimum resident memory for avoiding deadlock (MINARMEM) minimum swapable memory for avoiding deadlock (MINASMEM)
* * Utsname Tunables * 5.5 release (REL) nyssa node name (NODE) SunOS system name (SYS) Generic version (VER) * * Process Resource Limit Tunables (Current:Maximum) * Infinity:Infinity cpu time Infinity:Infinity file size 7ffff000:7ffff000 heap size 800000:7ffff000 stack size Infinity:Infinity core file size 40: 400 file descriptors Infinity:Infinity mapped memory * * Streams Tunables * 9 maximum number of pushes allowed (NSTRPUSH) 65536 maximum stream message size (STRMSGSZ) 1024 max size of ctl part of message (STRCTLSZ) * * IPC Messages * 100 entries in msg map (MSGMAP) 2048 max message size (MSGMAX) 4096 max bytes on queue (MSGMNB) 50 message queue identifiers (MSGMNI) 8 message segment size (MSGSSZ) 40 system message headers (MSGTQL) 1024 message segments (MSGSEG) * * IPC Semaphores * 10 entries in semaphore map (SEMMAP) 10 semaphore identifiers (SEMMNI) 60 semaphores in system (SEMMNS) 30 undo structures in system (SEMMNU) 25 max semaphores per id (SEMMSL) 10 max operations per semop call (SEMOPM) 10 max undo entries per process (SEMUME) 32767 semaphore maximum value (SEMVMX) 16384 adjust on exit max value (SEMAEM) * * IPC Shared Memory * 1048576 max shared memory segment size (SHMMAX) 1 min shared memory segment size (SHMMIN) 100 shared memory identifiers (SHMMNI) 6 max attached shm segments per process (SHMSEG) * * Time Sharing Scheduler Tunables * 60 maximum time sharing user priority (TSMAXUPRI) SYS system class name (SYS_NAME)
96
SunOS 5.X
To get and set kernel driver configuration parameters you can use the command /usr/sbin/ndd. At this time ndd only supports access to the TCP/IP modules. Use the "-set" option to set a value, without it you query the named device driver, e.g. to get a list of the IP driver parameters execute:
# ndd /dev/ip \? - "?" indicates to list all parameters for the driver ? (read only) ip_ill_status (read only) ip_ipif_status (read only) ip_ire_status (read only) ip_rput_pullups (read and write) ip_forwarding (read and write) ip_respond_to_address_mask_broadcast (read and write) ip_respond_to_echo_broadcast (read and write) ip_respond_to_timestamp (read and write) ip_respond_to_timestamp_broadcast (read and write) ip_send_redirects (read and write) ip_forward_directed_broadcasts (read and write) ip_debug (read and write) ip_mrtdebug (read and write) ip_ire_cleanup_interval (read and write) ip_ire_flush_interval (read and write) ip_ire_redirect_interval (read and write) ip_def_ttl (read and write) ip_forward_src_routed (read and write) ip_wroff_extra (read and write) ip_ire_pathmtu_interval (read and write) ip_icmp_return_data_bytes (read and write) ip_send_source_quench (read and write) ip_path_mtu_discovery (read and write) ip_ignore_delete_time (read and write) ip_ignore_redirect (read and write) ip_output_queue (read and write) ip_broadcast_ttl (read and write) ip_icmp_err_interval (read and write) ip_reass_queue_bytes (read and write) ip_strict_dst_multihoming (read and write)
To get the value of a specific driver:

# ndd /dev/ip ip_forwarding 2
To disable packet forwarding (i.e. on a firewall machine) set this value to "0", as is done in the startup script /etc/init.d/inetinit:
# ndd -set /dev/ip ip_forwarding 0
97
To set values for kernel parameters in /etc/system you would use the form:
set module:variable=value
some examples would be:

set maxusers=16
to raise maxusers above the default value of 8. Actually the default value for maxusers is chosen based on the amount of available memory, with a maximum of 2048, according to:
TABLE 8.1
Solaris 2.X maxusers default values Memory Size < 32 MB < 40 MB < 64 MB < 128 MB 128 MB Maxusers value 8 32 40 64 128
Maxusers affects the default settings for several other kernel table parameters according to the formula in the following table.
TABLE 8.2
Kernel Parameter values affected by Maxusers Kernel Variable ncallout ufs_ninode ncsize max_nprocs ndquot maxuprc Variable Value 16+max_nprocs max_nprocs+16+maxusers+64 max_nprocs+16+maxusers+64 10+16*maxusers (maxusers*NMOUNT)/4+max_nprocs max_nprocs-5
Kernel Table Callout Inode Name Cache Lookup Process Disk Quota Structure User Processes
The parameters npty and pt_cnt are not automatically tuned with the size of memory or maxusers, and may need to be reset to allow more network connections on a large machine. Another example where you might reset a kernel parameter is to have NFS always check that the request is coming from a port number < 1024 (i.e. a "trusted port"). Do this for Solaris 2.4 with:
set nfs:nfs_portmon=1
and for Solaris 2.5 with:

set nfssrv:nfs_portmon=1
where the module containing the parameter has changed from nfs to nfssrv. Some kernel parameters that you might consider tuning are in the table below.
98
SunOS 5.X
TABLE 8.3
Some Tunable Kernel Parameters Default Value 48 Practical Limit 3000 Function number of 5.X style pseudo-ttys.; sets the limit for the number of remote logins. Reboot with the "-r" option to create the /dev/pts entries. number of 4.X style pseudo-ttys Directory Name Lookup Cache (DNLC) size. Increase for NFS server with lots of clients. "vmstat -s" reports the cache hit rate. maximum number of inodes cached; should be at least as large as ncsize set this if you want to limit the number of processes a user can have 20% of physical memory maximum size of the buffer cache (Kbytes). Caches inode, indirect block, and cylinder group information. "sar -b" reports the buffer cache hit rate.
Parameter pt_cnt
npty ncsize
48 17*maxusers + 90 17*maxusers + 90 16*maxusers + 5 0, which allows up to 2% of physical memory
3000 16000
ufs_ninode maxuprc bufhwm
34906
You need to be very careful about the changes you make in /etc/system. Its possible that by putting incorrect values in /etc/system you could leave the machine in a state in which it is unable to boot. Should this occur, boot with the "-a" option, and when the system asks you to provide the configuration file name input /dev/null instead of /etc/system. Then edit /etc/system to correct the problem and reboot again.
99
8.3 IRIX 5.X

The autoconfiguration script /etc/init.d/autoconfig is run at run-level 2, S23autoconfig, during the boot process. If new boards or devices are found, or if changes have been made to the object files or system tuning files in /var/sysgen/mtune/*, /var/sysgen/master.d/*, or /var/sysgen/system/* the program will check the /var/config/autoconfig.options file to see if it should automatically generate a new kernel. The default "-T" option indicates this. Otherwise it will prompt to generate a new kernel. So you should rarely, if ever, need to generate a new kernel by hand. autoconfig uses the lboot command to actually generate the new kernel and reads the /var/sysgen/stune file for the settings of any tunable parameters different from the defaults. This creates a new kernel and saves it as /unix.install. When doing this by hand you should then copy the old kernel, /unix, to a new name, e.g. /unix.save and reboot the system with "reboot". The /usr/sbin/systune program can be used to examine or change kernel tunable parameters; in the latter case it will add entries to /var/sysgen/stune. A few of the tunable parameters listed by systune are, e.g. for NFS parameters:
snfs (statically changeable) svc_maxdupreqs = 136 (0x88) nfs_portmon = 0 (0x0)
You can execute systune in interactive mode to examine and set parameters, e.g. to report and then raise the value for the number of system processes, nproc:
# systune -i systune-> nproc nproc = 300 (0x12c) systune-> nproc 500 nproc = 300 (0x12c) Do you really want to change nproc to 500 (0x1f4)? (y/n) y In order for the change in parameter nproc to become effective, reboot the system systune-> quit
This creates the new kernel /unix.install. The parameter change will take effect the next time you reboot the system. When this file exists /etc/init.d/autoconfig reconfigures the kernel as part of the boot process. Should you need to recover from an unbootable kernel following an unsuccessful kernel regeneration, interrupt the boot process and go to "System Maintenance Menu". There select "Command Monitor". At the ">> " prompt boot from the old kernel, e.g.:
>> boot unix.save
100
Digital UNIX
8.4 Digital UNIX

Digital UNIX recommends that you be in single user mode when building the kernel. The steps to follow are:
1. 2. 3. 4. 5. 6. 7.
8.
9.
cp /vmunix /vmunix.save - save the old kernel cp /genunix /vmunix - install the generic kernel to be the running kernel /usr/sbin/shutdown -r +5 - shutdown the system Log on as root and take the system down to single user mode /usr/sbin/shutdown +1 mount /usr - remount the /usr file system /usr/sbin/doconfig - you will be prompted for system configuration information. If you need to edit the resulting configuration file answer "yes" at the prompt. The new kernel will then be built and the path to it will be displayed. mv /sys/DECOSF/vmunix /vmunix - move the kernel from the path displayed in the step above to the root directory /usr/sbin/shutdown -r now - reboot the system
If the system fails to boot you can reboot to single user mode using the generic kernel (/genunix) and try again.
8.5 Ultrix
Ultrix is similar to SunOS 4.1.X when building a kernel. The steps to follow on a MIPS hardware platform are:
1. 2. 3. 4. 5. 6. 7. 8. 9.
cd /sys/conf cp GENERIC HOSTNAME vi HOSTNAME config HOSTNAME cd /sys/MIPS/HOSTNAME make mv /vmunix /genvmunix cp vmunix / reboot
- copy the configuration file - edit and revise as needed - build the system configuration files - change to the new configuration directory - compile the new kernel - save the old kernel - install the new kernel - reboot using the new kernel
101
102
CHAPTER 9
Adding Hardware
9.1 SunOS 4.1.X

9.1.1 Procedures for adding new hardware to a system When adding new hardware to a SunOS 4.1.X system may need to reconfigure the kernel before the device will be supported. In general you should follow these steps. Reconfigure the kernel to support the device. 2. Generate the special files that allow the kernel to communicate with the device. These can generally be created with /dev/MAKEDEV using the mknod command. 3. Halt the system and Connect the actual hardware; insert boards, disk, etc. 4. Reboot and Change any files that the system uses concerning the new hardware. An excellent guide for all your modem and terminal concerns is available on the web, written by Celeste Stokely, http://www.stokely.com/.
1.
9.1.2 MAKEDEV MAKEDEV is a script located in /dev which puts its generated files in /dev. This is a device "make" file for devices such as tapes, disks, terminal multiplexors, printers, graphics/windows, etc. using the mknod command. If youre adding both 1/4" and 1/2" tape drives you need to MAKEDEV st0 (1/4") first, then MAKEDEV xt0 (1/2"), as the first links xt devices to the similar st devices. If youre adding a new disk that has not yet been formatted, you will need to format it. This will require that there be an entry in /etc/format.dat, e.g. for the Sun supplied 424MB disk the entry would be:
disk_type = SUN0424 \ : ctlr = SCSI : fmt_time = 4 \ : trks_zone = 9 : asect = 2 \ : ncyl = 1151 : acyl = 2 : pcyl = 2500 : nhead = 9 : nsect = 80 \ : rpm = 4400 : bpt = 26000
9.1.3 Files that control terminal logins Besides having the proper device files in /dev you control terminal logins with the files ttys, ttytab, gettytab, and termcap in /etc.
Adding Hardware
9.1.3.1 ttytab
The entries in /etc/ttytab are used to turn ports on/off and denotes them as being secure or unsecure for root login. The entry also specifies the program to run, usually getty with the corresponding entry in /etc/gettytab to control the login, and expected terminal type, which must match an entry in /etc/termcap, e.g.
# name console ttya ttyb 12console 02ttya 02ttyb getty "/usr/etc/getty std.9600" "/usr/etc/getty std.9600" "/usr/etc/getty std.9600" type sun unknown unknown status on off off comments local secure local unsecure remote unsecure
The le ttys is derived from ttytab by init, and should not be edited.
For Ultrix ttys is more like ttytab in SunOS 4.1.X, and there is no ttytab. Should you modify ttytab you will need to interrupt init to get it to reread this file. This can be done with the kill command:
# kill -HUP 1
where the -HUP (or -1) option (hangup) interrupts, but doesnt kill init.
9.1.3.2 termcap
/etc/termcap is a data base of descriptions of terminal capabilities (BSD, SunOS 4.1.X). It is one large file with entries for all terminal types, e.g. the vt100 description would be similar to:
d0|vt100|vt100-am|vt100am|dec vt100:\ :do=^J:co#80:li#24:cl=50\E[;H\E[2J:sf=5\ED:\ :le=^H:bs:am:cm=5\E[%i%d;%dH:nd=2\E[C:up=2\E[A:\ :ce=3\E[K:cd=50\E[J:so=2\E[7m:se=2\E[m:us=2\E[4m:ue=2\E[m:\ :md=2\E[1m:mr=2\E[7m:mb=2\E[5m:me=2\E[m:is=\E[1;24r\E[24;1H:\ :rf=/usr/share/lib/tabset/vt100:\ :rs=\E>\E[?3l\E[?4l\E[?5l\E[?7h\E[?8h:ks=\E[?1h\E=:ke=\E[?1l\E>:\ :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=^H:\ :ho=\E[H:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:pt:sr=5\EM:vt#3:xn:\ :sc=\E7:rc=\E8:cs=\E[%i%d;%dr:
9.1.3.3 terminfo
/usr/share/lib/terminfo/[1-9,A-Z,a-z]/* are a collection of files that describe terminal capabilities (SysV, SunOS 4.1.X, SunOS 5.X). These files are functionally equivalent to the entries in /etc/termcap.
9.1.3.4 gettytab
The gettytab file is a database used to describe terminal lines. The std.9600 entry referred to in /etc/ttytab above might look something like:
2|std.9600|9600-baud:\ :sp#9600:
104
SunOS 4.1.X
You could modify the default entry to write white on black and personalize your login message with an entry like:
default:\ :ap:lm=\E[q\r\n%h login\72 :sp#9600:\ im=\r\nUTS Workstation Lab\n:
9.1.3.5 getty
/etc/getty is the terminal login program. It is started by init, reads gettytab, monitors the terminal line, and invokes the login program when a connection is made. 9.1.4 Adding a Modem Under SunOS 4.1.X it is not necessary to modify the kernel when adding a standard modem, as it was under earlier versions of SunOS. However, if you add modem boards you may still need to modify the kernel. The new feature in SunOS4.1.x is the ttysoftcar command. You will need to make sure the device file exists for the modem and that the configuration files have been properly changed. The steps to take are:
1. 2. 3. 4. 5.
cd /dev mknod device_name c major# minor# vi /etc/ttytab kill -HUP 1 ttysoftcar -a vi /etc/remote
9.1.4.1 Make the device node
6.
- go to the devices directory - create the special device file - edit and change, as needed - send init a hangup signal - reset the ttys to their appropriate values, based on the /etc/ttytab "status" entry - edit as needed
The mknod command builds the special file that you want the kernel to recognize as the modem, cua0. It should be a character type file with major and minor numbers of 12 and 128, respectively. This corresponds to the same physical line as ttya, with major and minor numbers of 12 and 0, respectively. The commands to create the device and set the proper permissions and ownerships are:
# mknod cua0 c 12 128 # chmod 600 cua0 # chown uucp cua0
9.1.4.2 Edit /etc/ttytab
ttya cua0
"/usr/etc/getty std.19200" "/usr/etc/getty std.19200"

9.1.4.3 Reinitialize init
sun unknown
on off
local remote
unsecure unsecure
Send init a hangup signal so that it will reread its initialization files.
# kill -HUP 1
105
Adding Hardware
9.1.4.4 Execute ttysoftcar
Kill off the getty process for this line, should one exist, then execute ttysoftcar to set the software carrier detect, i.e.:
# /usr/etc/ttysoftcar -a
Should you forget to kill the getty process ttysoftcar may hang. In the file /etc/rc uncomment the line:
/usr/etc/ttysoftcar -a > /dev/null 2>&1
9.1.4.5 Edit /etc/remote
Edit /etc/remote add the line:

cua0:dv=/dev/cua0:br#19200
You can then use /bin/tip or /bin/cu to access the line, e.g.:
# tip cua0
You exit tip and cu with "~.".
9.1.5 SCSI Device Designation and Description SCSI, Small Computer System Interface, has become the standard for connecting peripheral devices: disks, tapes, cdroms, optical drives, etc. It was intended to provide device independence for a wide range or peripherals to the host computer. Devices conforming to the SCSI standard should be able to plug directly to the hosts SCSI bus without requiring changes to the system hardware or software. There are several different versions of the standard (and as many implementations as there are manufacturers). The original standard, now called SCSI-1 or classical SCSI, will allow synchronous data transfers up to 5 MBytes/sec of 8 bit data. The current standard, SCSI-2, also known as Fast SCSI, and includes Wide SCSI. Fast SCSI allows asynchronous data transfers up to 10 MBytes/sec. SCSI-1 and SCSI-2 devices can co-exist on the same bus using a 50-conductor cable. Wide SCSI uses additional lines to transfer 16 or 32 data bits at a time, effectively doubling or quadrupling the maximum Bus transfer speed, up to 40 MBytes/sec, while using a 68-conductor cable. Narrow and wide SCSI devices can be mixed if the cable connections are made consistent. SCSI-1 and SCSI-2 allow cable lengths totalling up to 6 meters, including internal cabling. Differential SCSI allows longer cable lengths, up to 25 meters. You cant directly mix differential and single-ended (classical) SCSI devices on the same SCSI bus without special translation devices. SCSI devices are daisy-chained, and should be terminated on both ends of the chain. Classical SCSI uses passive terminators. Fast SCSI requires active terminators. These use voltage regulation to provide a more consistent termination resistance. Differential SCSI uses passive termination, but a different kind from classical SCSI. The classical SCSI bus can accommodate 8 target devices, numbered 0 through 7. The last number, 7, is reserved for the connection between the bus and the system itself. Of the remaining seven the Sun kernel configuration file (SunOS 4.1.X) assumes that the first four will be used by disk devices, the next two by tape devices, and the last for a CDROM device, i.e.:
106
SunOS 4.1.X
Disk targets 0,1,2,3 Tapes targets 4 & 5 CDROM target 6 You can change these defaults and regen the kernel. Wide SCSI allows 16 target devices, 0 through 15, with 15 the target ID of the host adaptor. The larger the device number, the higher the priority of the device. Only two SCSI devices can communicate at a time. So when a slow device is communicating with the host, i.e. a tape drive, the bus is effectively slowed down to the speed of the tape drive. When the tape drive is not in use the bus can resume a higher transfer rate of another device. Earlier we mentioned that to boot a Sun4c machine from CDROM you would specify sd(0,6,2), or for a Sun4 machine you would specify sd(0,30,1) to the boot PROM. We will now look at where these numbers come from. As an example we look at sd(0,30,1).
FIGURE 9.1
SCSI Device Designation
sd(0,30,1)
Target ID number (number of the controller) multiplied by 8 (for 8 possible SCSI devices for each target) plus the logical unit number of the device (in hex) SCSI host interface resident on the system bus File or partition number
SCSI devices may have their own controller to control a series of devices within the cabinet. For example you may have a cabinet with a controller and two disks that it controls. These external controllers can have 2 disks/target device; embedded controllers are limited to 1 disk/target device. Most SCSI devices today have embedded controllers, so you have one device for each SCSI ID on the Bus. Non-embedded devices are still available and may become more popular as the faster SCSI-2 protocol takes hold. Suns SCSI numbering scheme originated when non-embedded, external controller, devices were popular. One of their first products was called the "Shoebox" which had one controller to manage two disks, or a disk and tape drive. So when they mentioned disk drives as sd0 and sd1 they were talking about disks with the same SCSI host interface, but with different logical unit numbers, both with SCSI ID 0, but drive numbers 0 and 1. As embedded controllers became the norm, people generally referred to sd0 as the disk at SCSI ID 0 and sd1 as the disk at SCSI ID 1. But this is wrong, as they were both attached to the same SCSI controller. By using the drive number to specify both the SCSI ID and the disk number Sun was confusing people. Later Sun began using 3 octal numbers to represent the SCSI devices in the kernel configuration file, e.g.:
disk UNIX System Administration sd3 at sc0 drive 011 flags 0 1998 University Technology Services, The Ohio State University 107
Adding Hardware
Here, in 011, the first number, 0, represents the SCSI interface number, the second number, 1, indicates the SCSI controller (target ID), and the last number, 1, indicates the drive number. A flag of 0 indicates a disk device, and 1 a tape device. With embedded controllers the drive number is always 0, so people tend to refer to the device by its SCSI target ID only, further confusing the issue. The following tables map out the relationship between SCSI target ID and Unix disk number. In these tables LUN stands for logical unit number.
TABLE 9.1
SCSI Target IDs, part 1 Target ID LUN UNIX sd# 0 0 0 0 0 0 1 1 0 2 1 0 2 1 1 3 0 4 2 0 4 2 1 5 0 6 3 0 6 3 1 7
External Controller
Embedded Controller
Target ID LUN UNIX sd#
TABLE 9.2
SCSI Target IDs, part 2 0 0 0 0 0 1 1 1 1 0 8 8 2 1 1 9 9 3 0 16 10 4 2 1 17 11 5 0 24 18 6 3 1 25 19 7 0 32 20 st0 4 NA 0 40 28 st1 5 NA 0 48 30 sr0 6 NA
Target ID LUN SCSI Drive # SCSI Hex# UNIX sd#
To go back to our example then, we see from the second table that the CDROM device at SCSI target ID 6, sr0, has the number 3016, so to boot from the second file on this device we would use: sd(0,30,1). 9.1.6 Kernel Configuration File The Sun3 and Sun4 GENERIC kernel configuration files have entries to describe the attached devices of the form:
# Support for the SCSI-2 host adapter with 2 disks and 1 1/4 tape # on the first SCSI controller, 2 disks and 1 1/4 tape on the second # SCSI controller, 2 embedded SCSI disks, and a CD-ROM drive. controller sc0 at vme24d16 ? csr 0x200000 priority 2 vector scintr 0x40 tape st0 at sc0 drive 040 flags 1
108
SunOS 4.1.X tape disk disk disk disk disk disk disk st1 at sc0 drive 050 flags 1 sr0 at sc0 drive 060 flags 2 sd0 at sc0 drive 000 flags 0 sd1 at sc0 drive 001 flags 0 sd2 at sc0 drive 010 flags 0 sd3 at sc0 drive 011 flags 0 sd4 at sc0 drive 020 flags 0 sd6 at sc0 drive 030 flags 0
where the our example CDROM drive, sr0, has a target ID of 6 and an LUN of 0, or 060. This device would then be referenced by the SCSI Hex # of 30, i.e.:
target ID (6) * 8 + LUN (0) = 4810 = 3016
So you would boot from second file on this device as:

sd(0,30,1)
SPARCstation (Sun4c) devices are treated slightly differently. The internal (supplied) disk is target 3. So to avoid confusion (?) they remapped the target device numbers, as follows. Sun3/Sun3x/Sun4 Sun4c Target 3 sd6sd(0,18,0) sd0sd(0,0,0) Target 1 sd2sd(0,8,0) sd1sd(0,1,0) Target 2 sd4sd(0,10,0) sd2sd(0,2,0) Target 0 sd0sd(0,0,0) sd3sd(0,3,0) The NVRAM on the CPU board is used to re-map the target SCSI ID numbers. The ordering of the targets is set with the parameter sd-targets, i.e.:
sd-targets 31204567
The Sun4c GENERIC kernel configuration file then has different entries to describe the attached peripherals, i.e.:
# The following section describes SCSI device unit assignments. scsibus0 at esp # declare first scsi bus disk sd0 at scsibus0 target 3 lun 0 # first hard SCSI disk disk sd1 at scsibus0 target 1 lun 0 # second hard SCSI disk disk sd2 at scsibus0 target 2 lun 0 # third hard SCSI disk disk sd3 at scsibus0 target 0 lun 0 # fourth hard SCSI disk tape st0 at scsibus0 target 4 lun 0 # first SCSI tape tape st1 at scsibus0 target 5 lun 0 # second SCSI tape disk sr0 at scsibus0 target 6 lun 0 # CD-ROM device
Sun doesnt support mixing embedded and non-embedded SCSI devices on the same host. Sometimes it works, and sometimes it doesnt. If it doesnt work, dont expect to get any help from Sun. The SCSI bus must be terminated and this termination should be at the end of the bus line. The maximum length of all the SCSI cables, including internal cabling at the devices, is 6 meters.
109
Adding Hardware
9.2 SunOS 5.X

For most peripherals you will not need to add a device driver, as they are already included in the operating system. For those devices that do require a new driver, the driver and instructions should accompany the system. New device drivers should come in System V package format, so that you can install them with the pkgadd command or the Software Manager tool. We will discuss these commands in a latter chapter. The next step is to get the system to recognize the device driver. If you touch the file /recongure, e.g.:
# touch /reconfigure
then when the system is rebooted it will reconfigure the kernel, as discussed in the chapter on Kernel Configuration. Now you can shutdown the system, power it off, add the new hardware, and then boot new system. You will want to be sure to power on the peripheral devices before the CPU to insure that the system will recognize the peripherals. If you did not create the /recongure file you can still reconfigure the kernel during the boot process by booting with the -r (reconfigure) option to the PROM boot command, i.e.: ok boot -r The kernel will then recognize the new drivers during the boot process and create the necessary device entries in /devices for the attached hardware using the drvcong command. You can examine the currently loaded device driver list with the -i option to the sysdef command.This will output several pages of information including the list of tunable parameters for the kernel shown in the last section.
9.3 IRIX 5.X

As mentioned in the chapter on Kernel Configuration, when new hardware is discovered during the boot process the kernel is automatically regenerated to recognize the new devices with the /etc/init.d/autocong script at run-level 2.
110
C H A P T E R 10
Special Files
10.1 Special Files

UNIX devices are treated as les, in that I/O to devices is done in the same way as I/O to files. A file referring to a device is a special file in that it doesnt contain data (as a regular file) or information about other files (as a directory does). A special file informs the operating system about the location of the device its associated with and the means by which it can communicate with the device. Special files are created with the mknod command and are stored in /dev (also /devices for SunOS 5.X). Once a special file exists I/O is performed with the device simply by reading or writing to the associated file. 10.1.1 Block and character devices All I/O devices are classified as either block or character (raw) devices. The block special device causes the I/O to be buffered in large pieces. The character (raw) device causes I/O to occur one character (byte) at a time. Some devices, such as disks and tapes, can be both block and character devices, and must have entries for each mode. Terminals operate in character mode. The first entry in the permission field indicates either bblock, or ccharacter. 10.1.2 Major and minor devices The major number identifies the kernel driver that communicates with the device. The minor number identifies the location of the device, i.e. it divides a physical device into logical devices. The major number directs you to the proper controller and mode. Minor device numbers 0 7 refer to portions of drive 0; minor devices 815 refer to drive 1, etc. For SunOS 5.X the system is responsible for assigning unused major numbers when you add a device, so these should not be hard-coded in the drivers. Minor numbers are assigned by the driver. 10.1.3 The mknod command The mknod command is used to build special files, e.g. under SunOS 4.1.X:
# mknod cua0 c 12 128
generates a special file named cua0; it is a character-type device, 12 specifies the terminal controller, and 128 indicates that it will be a dial-out device. This uses the same physical line as ttya, the dial-in device with major and minor numbers 12 and 0, respectively.
Special Files
10.2 SunOS 4.X

Under SunOS 4.X the /dev directory contains the special files. The standard devices are installed with /dev/MAKEDEV, which uses the mknod command to create them. For a SCSI disk, represented by sd and rsd for the block and character devices, respectively, we have:
0 brw-r----0 brw-r----0 brw-r----0 brw-r----0 brw-r----0 brw-r----0 brw-r----0 brw-r----0 crw-r----0 crw-r----0 crw-r----0 crw-r----0 crw-r----0 crw-r----0 crw-r----0 crw-r----1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root operator operator operator operator operator operator operator operator operator operator operator operator operator operator operator operator 7, 7, 7, 7, 7, 7, 7, 7, 17, 17, 17, 17, 17, 17, 17, 17, 0 Apr 30 1 Apr 30 2 Apr 30 3 Apr 30 4 Apr 30 5 Apr 30 6 Apr 30 7 Apr 30 0 Apr 30 1 Apr 30 2 Apr 30 3 Apr 30 4 Apr 30 5 Apr 30 6 Apr 30 7 Apr 30 1995 /dev/sd0a 1995 /dev/sd0b 1995 /dev/sd0c 1995 /dev/sd0d 1995 /dev/sd0e 1995 /dev/sd0f 1995 /dev/sd0g 1995 /dev/sd0h 1995 /dev/rsd0a 1995 /dev/rsd0b 1995 /dev/rsd0c 1995 /dev/rsd0d 1995 /dev/rsd0e 1995 /dev/rsd0f 1995 /dev/rsd0g 1995 /dev/rsd0h
10.3 SunOS 5.X

For SunOS 5.X if you install the binary compatibility package the SunOS 4.X compatible names are created in /dev, but these are just links to the SysV type logical names in sub-directories, which are in turn links to the actual device names in /devices. The logical names are what you would generally use. Under SunOS 5.X /dev is no longer a flat space, but has sub-directories for the types of devices:
dsk rdsk rmt term cua pts fbs sad block disk devices raw or character disk devices tape devices serial line devices dial-out modems pseudo terminals frame buffers STREAMS administrative driver
The SunOS 4.X compatible names link you to the SysV type names, e.g.:
2 lrwxrwxrwx 1 root root 13 Mar 1 09:54 /dev/sd0a -> dsk/c0t3d0s0 2 lrwxrwxrwx 1 root root 12 Mar 1 09:54 /dev/rsd0a -> rdsk/c0t3d0s0 2 lrwxrwxrwx 1 root root 51 Dec 22 10:01 /dev/dsk/c0t3d0s0 -> ../../devices/sbus@1,f8000000/esp@0,800000/sd@3,0:a 2 lrwxrwxrwx 1 root root 55 Dec 22 10:01 /dev/rdsk/c0t3d0s0 -> ../../devices/sbus@1,f8000000/esp@0,800000/sd@3,0:a,raw 112 1998 University Technology Services, The Ohio Staet University UNIX System Administration
IRIX 5.X
For the logical names the raw devices are in /dev/rdsk and the block devices are in /dev/dsk. The controller, target number, disk number, and slice number (partition) are described by the:
c# t# d# s#
entries, respectively, in the name, e.g.:

/dev/dsk/c0t3d0s0
which corresponds to the SunOS 4.X compatible entry for a SPARCstation of:
/dev/sd0a
and the physical name:

/devices/sbus@1,f8000000/esp@0,800000/sd@3,0:a
For the physical names: sbus@1 indicates the slot number esp@0 indicates the SCSI Host Adaptor sd@3 indicates the SCSI Target Number 0 is the SCSI Logical Unit Number a is the partition 10.3.1 Reconfiguring the /devices directory (SunOS 5.X) Should you need to reconfigure the /devices directory you can do this with the drvcong command. This should create the /devices directory tree from the attached hardware. It uses the dev_info tree of the kernel. The devices should be powered on when you run this command. Normally this is done for you whenever a new driver is installed with the add_drv utility and you reboot the system with the -r option. drvconfig uses the file /etc/minor_perm to determine the permissions to apply to the devices and the file /etc/name_to_major to assign major device numbers.
10.4 IRIX 5.X

In IRIX the physical devices are in /dev in a format thats sort of a merge of the BSD and SysV.4 styles. There are numerous files in /dev and a few sub-directories to separate the different types of devices, including:
abi dsk hl pts rdsk rmt sad Application Binary Interface block disk devices (ips, dks, xyl) files used by GTX hardware pseudo terminals raw or character disk devices tape devices STREAMS administrative devices
113
Special Files
SCSI disk devices have entries in /dev/dsk and /dev/rdsk of the form:
dks<controller-#>d<drive-#.>{s<partition-#>|vh|vol}
where vh represents the volume header (partition 8) and vol (partition 10) is the entire drive, e.g.:
dsk/ 0 brw------0 brw-r----0 brw------0 brw------rdsk/ 0 crw------0 crw------0 crw------0 crw------0 crw------0 crw------2 root 2 root 2 root 1 root 2 root 1 root sys sys sys sys sys sys 128, 16 Apr 9 03:10 dks0d1s0 128, 17 Mar 24 09:37 dks0d1s1 128, 22 Mar 24 09:37 dks0d1s6 128, 23 Mar 24 09:37 dks0d1s7 128, 24 Mar 24 09:37 dks0d1vh 128, 26 Mar 24 09:37 dks0d1vol 2 root 2 root 2 root 1 root sys sys sys sys 128, 16 Mar 24 09:37 dks0d1s0 128, 17 Mar 24 09:37 dks0d1s1 128, 22 Mar 24 09:37 dks0d1s6 128, 23 Mar 24 09:37 dks0d1s7
10.5 Ultrix and Digital UNIX

The physical devices are located in /dev, in a BSD style, and the MAKEDEV program is used to install the special files. For Digital UNIX there are also a few SysV.4 style sub-directories for sad and streams. SCSI disks are designated as rz and rrz for the block and character devices, respectively, with, for Digital UNIX:
0 brw------0 brw------0 brw------0 brw------0 brw------0 brw------0 brw------0 brw------0 crw------0 crw------0 crw------0 crw------0 crw------0 crw------0 crw------1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root 1 root system system system system system system system system system system system system system system system 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 0 May 1 May 2 May 3 May 4 May 5 May 6 May 7 May 0 May 1 May 2 May 3 May 4 May 5 May 6 May 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 1995 rz0a 1995 rz0b 1995 rz0c 1995 rz0d 1995 rz0e 1995 rz0f 1995 rz0g 1995 rz0h 1995 rrz0a 1995 rrz0b 1995 rrz0c 1995 rrz0d 1995 rrz0e 1995 rrz0f 1995 rrz0g
For Ultrix the major and minor numbers are different for block and character devices.
114
1998 University Technology Services, The Ohio Staet University
C H A P T E R 11
System Directories
11.1 System Directories

The UNIX file system is laid out in a tree type structure, with the top level directory being the root. This contains the kernel, or the /kernel (SunOS 5.X) and /platform (SunOS 5.5+) directories, and the directories required by the operating system.
11.2 / - root
11.2.1 SunOS 4.1.X SunOS 4.1.X standalone machine might have:
1 lrwxrwxrwx 120 11 3 1 1 256 1 8 1 1 1 1 4 1 1 1424 1712 1 root wheel bin staff staff wheel ats wheel wheel wheel staff wheel staff wheel wheel wheel staff daemon wheel 7 Jan 25 1995 bin -> usr/bin 110352 Jan 25 1995 boot 11264 Apr 17 14:57 dev/ 2560 May 23 13:59 etc/ 512 Jan 25 1995 export/ 512 Oct 4 1995 home/ 252913 Jan 25 1995 kadb* 7 Jan 25 1995 lib -> usr/lib 8192 Jan 25 1995 lost+found/ 512 Oct 14 1994 mnt/ 512 Jan 25 1995 pcfs/ 512 Jan 25 1995 sbin/ 13 Jan 25 1995 sys -> ./usr/kvm/sys 80 Jul 12 04:15 tmp/ 1024 Feb 8 1995 usr/ 512 Jan 25 1995 var/ 1449841 Jan 25 1995 vmunix* 1740330 Jan 25 1995 vmunix.gen*
-r--r--r-- 1 root drwxr-sr-x 2 root drwxr-sr-x 11 root drwxr-sr-x 4 root drwxr-sr-x 10 root -rwxr-xr-x 1 root lrwxrwxrwx 1 root drwxr-xr-x 2 root drwxr-sr-x 2 root drwxr-sr-x 2 root drwxr-sr-x 2 root lrwxrwxrwx 1 root drwxrwsrwt 4 root drwxr-xr-x 26 root drwxr-sr-x 9 root -rwxr-xr-x 1 root -rwxr-xr-x 1 root
115
System Directories
11.2.2 SunOS 5.X A SunOS 5.X standalone machine would not have the kernels, but rather kernel directories, and would have a different boot file and a few additional directories, e.g.:
2 drwxr-xr-x 2 drwxr-xr-x 2 lrwxrwxrwx 2 8 2 8 2 2 2 2 2 16 2 2 2 2 2 32 2 8 2 2 0 drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x lrwxrwxrwx drwx-----drwxr-xr-x dr-xr-xr-x drwxrwxr-x drwxr-xr-x drwxr-xr-x dr-xr-xr-x drwxr-xr-x drwxrwsrwt drwxrwxr-x drwxr-xr-x dr-xr-xr-x 2 root 4 root 1 root 2 16 5 28 4 6 6 9 1 2 2 2 19 5 3 2 2 6 31 21 6 root root root root root root root root root root root root root root root root root sys root root root root staff root staff sys sys sys sys sys root sys root root sys root sys root sys root sys sys sys sys root 7 1995 TT_DB/ 7 1995 acs/ 7 1995 bin -> ./usr/bin/ 512 Jun 27 15:35 cdrom/ 4096 May 23 09:11 dev/ 512 Dec 7 1995 devices/ 4096 Jul 11 10:14 etc/ 512 Dec 7 1995 export/ 512 Jun 26 15:25 home/ 1024 Jun 25 08:46 jumpstart/ 512 Dec 7 1995 kernel/ 9 Dec 7 1995 lib -> ./usr/lib/ 8192 Dec 7 1995 lost+found/ 512 Dec 7 1995 mnt/ 512 Dec 7 1995 net/ 512 Jun 25 08:43 opt/ 512 Nov 9 1995 pcnfs/ 512 Dec 7 1995 platform/ 16064 Jul 12 10:50 proc/ 512 Dec 7 1995 sbin/ 755 Jul 12 10:40 tmp/ 1024 Jun 27 13:19 usr/ 512 Dec 7 1995 var/ 512 May 23 09:12 vol/ 512 Dec 512 Dec 9 Dec
116
/ - root
11.2.3 IRIX 5.X IRIX is similar to SunOS 5.X, but its kernel is a file in the root directory, /unix, rather than under /kernel.
1 1 1 6 5 1 21 1 10 3 1 1 6007 6007 1 1 drwxr-xr-x lrwxr-xr-x lrwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x drwx-----drwxr-xr-x dr-xr-xr-x drwxr-xr-x drwxr-xr-x drwxrwxrwt -rwxr-xr-x -rwxr-xr-x drwxr-xr-x drwxr-xr-x 2 root 1 root 1 root 15 root 15 root 2 root 2 root 6 root 2 root 3 root 2 root 3 sys 1 root 1 root 25 root 24 root sys sys sys sys sys sys sys sys sys sys sys sys sys sys sys sys 512 Mar 4 1994 CDROM/ 7 Apr 11 1994 bin -> usr/bin/ 4 Mar 4 1994 debug -> proc/ 3072 Jul 9 09:56 dev/ 2560 Jul 9 09:56 etc/ 512 Mar 24 1995 lib/ 10752 Sep 23 1994 lost+found/ 512 Mar 24 1995 opt/ 4848 Jul 12 11:05 proc/ 1536 Mar 24 1995 sbin/ 512 Mar 24 1995 stand/ 512 Jul 12 11:00 tmp/ 3075152 Jul 3 07:51 unix* 3075156 Jul 3 07:55 unix.save* 512 Jul 9 09:56 usr/ 512 Jun 8 1995 var/
11.2.4 Digital UNIX

0 8 8 7360 8 0 8 8 8 27 8 8 8 0 8 8 8 0 8608 8928 lrwxr-xr-x drwxr-xr-x drwxr-xr-x -rwxr-xr-x drwxr-xr-x lrwxr-xr-x drwxr-xr-x drwxr-xr-x drwxr-xr-x -rwxr-xr-x dr-xr-xr-x drwxr-xr-x drwxr-xr-x lrwxr-xr-x drwxr-xr-x drwxrwxrwt drwxr-xr-x lrwxrwxrwx -rwxr-xr-x -rwx--x--1 root 7 root 13 root 1 root 10 root 1 root 2 root 2 root 2 root 1 root 2 root 10 root 2 root 1 root 5 root 4 root 20 root 1 root 1 root 1 root system 7 May 23 1995 bin@ -> usr/bin/ system 8192 Jul 12 07:41 dev/ system 8192 Jul 12 10:41 etc/ system 7535240 Jul 25 1995 genvmunix* system 8192 Jul 11 15:34 home/ system 7 May 23 1995 lib@ -> usr/lib/ system 8192 May 23 1995 mdec/ system 8192 Jul 25 1995 mnt/ system 8192 May 23 1995 opt/ system 27440 Jul 24 1995 osf_boot* system 8224 Jul 12 11:08 proc/ system 8192 May 24 13:17 sbin/ system 8192 May 23 1995 subsys/ system 7 May 23 1995 sys@ -> usr/sys/ system 8192 May 23 1995 tcb/ system 8192 Jul 12 10:10 tmp/ system 8192 May 22 14:45 usr/ system 7 May 23 1995 var@ -> usr/var/ system 8812896 Jun 20 11:15 vmunix* system 9134136 Jun 20 11:19 vmunix.save*
Where /tcb contains files and databases used with enhanced security for checking authorizations.
117
System Directories
11.2.5 Ultrix Ultrix is similar to SunOS 4.X with a few differences: the boot program is ultrixboot; the kernel is still vmunix, but the generic backup kernel is genvmunix.
11.3 /etc - system and network configuration

/etc contains configuration files and networking programs that are used during the boot process and to control network access. 11.3.1 SunOS 4.1.X, configuration files
aliases defaultrouter fstab hosts.equiv mtab printcap rc.single services aliases.dir ethers gettytab hosts.lpd netgroup rc remote shells aliases.pag exports group inetd.conf netmasks rc.boot resolv.conf syslog.conf bootparams fbtab hostname.le0 magic networks rc.ip rpc ttys defaultdomain format.dat hosts motd passwd rc.local sendmail.cf ttytab
11.3.2 SunOS 5.X, configuration files and directories

aliases -> ./mail/aliases auto_master default/ dfs/ ethers group hosts.allow inetd.conf -> ./inet/inetd.conf issue lp/ mnttab netconfig nodename nsswitch.files ntp.conf path_to_inst publickey* rc1 -> ../sbin/rc1* rc2.d/ rc5 -> ../sbin/rc5* rcS.d/ rmmount.conf asppp.cf* bootparams defaultdomain dt/ format.dat hostname.le0 hosts.deny init.d/ lib/ magic motd netmasks -> ./inet/netmasks nscd.conf nsswitch.nis opt/ profile rc0 -> ../sbin/rc0* rc1.d/ rc3 -> ../sbin/rc3* rc6 -> ../sbin/rc6* remote rmtab auto_home cron.d/ defaultrouter dumpdates fs/ hosts -> ./inet/hosts inet/ inittab logindevperm mail/ net/ networks -> ./inet/networks nsswitch.conf nsswitch.nisplus passwd protocols -> ./inet/protocols rc0.d/ rc2 -> ../sbin/rc2* rc3.d/ rcS -> ../sbin/rcS* resolv.conf rpc
118
/etc - system and network conguration saf/ services -> ./inet/services skel/ ssh_host_key.pub sshd_config termcap -> ../usr/share/lib/termcap utmpx -> ../var/adm/utmpx wtmp -> ../var/adm/wtmp security/ shadow ssh_config ssh_known_hosts syslog.conf ttydefs vfstab wtmpx -> ../var/adm/wtmpx sendmail.cf -> mail/sendmail.cf shells ssh_host_key ssh_random_seed system utmp -> ../var/adm/utmp vold.conf
11.3.3 IRIX 5.X, configuration files and directories

TIMEZONE brutab device.tab fsd.tab group inittab motd netid protocols rc2.d/ rmtab shadow aliases config/ ethers fstab hosts lastbackup mtab networks rc0 rc3 rpc syslog.conf bootparams cron.d/ exports fstyp.d/ inetd.conf magic netconfig passwd rc0.d/ rc3.d/ sendmail.cf ttytype bootptab default/ fscklogs/ gettydefs init.d/ mailcap netgroup printcap rc2 resolv.conf services
11.3.4 Digital UNIX

TIMEZONE exports hosts lprsetup.dat ntp.conf rc.config rpc setup.conf svcorder zoneinfo/ acucap fstab hosts.equiv magic passwd remote sec/ sia/ sysconfigtab auth/ gettydefs inetd.conf motd printcap resolv.conf securettys strsetup.conf syslog.conf disktab group inittab networks protocols routes services svc.conf termcap@
119
System Directories
11.3.5 Ultrix
acucap disktab elcsd.conf group install_upgrade ntp.conf rc ris sendmail.cf svc.conf utmp aliases dms exports hosts krb.conf passwd rc.local rmtab services syslog.conf zoneinfo/ auth doconfig fstab hosts.equiv motd printcap remote rpc setld termcap crontab dumpdates gettytab inetd.conf networks protocols resolv.conf sec/ setldlog ttys
11.4 /usr - system programs, libraries, etc.

You dont normally need to change these unless you want to change the functionality of a program, patch system programs, or plug security holes. Generally, you would install programs you write or port to the system in either /usr/local or /opt/local. 11.4.1 SunOS 4.1.X
5bin/ bin/ dict/ hosts/ lddrv/ mdec -> ./kvm/mdec/ pub -> share/lib/pub/ src -> share/src/ ucb/ xpg2include/ 5include/ boot -> ./kvm/boot/ etc/ include/ lib/ net -> /var/net/ sccs/ stand -> ./kvm/stand/ ucbinclude -> ./include/ xpg2lib/ 5lib/ demo/ export/ kvm/ local/ nserve -> ../etc/nserve/ share/ sys -> kvm/sys/ ucblib -> lib/ adm -> ../var/adm/ diag/ games/ lang/ man -> share/man/ openwin/ spool -> ../var/spool/ tmp -> ../var/tmp/ xpg2bin/
120
/usr - system programs, libraries, etc.
11.4.2 SunOS 5.X

4lib/ aset/ dict -> ./share/lib/dict/ lib/ net/ preserve -> ../var/preserve/ sbin/ src -> ./share/src/ ucblib/ 5bin -> ./bin/ bin/ dt/ local -> /opt/local/ news -> ../var/news/ proc/ share/ tmp -> ../var/tmp/ vmsys/ TT_DB/ ccs/ include/ mail -> ../var/mail/ openwin/ pub -> ./share/lib/pub/ snadm/ ucb/ adm -> ../var/adm/ demo/ kernel/ man -> ./share/man/ platform/ sadm/ spool -> ../var/spool/ ucbinclude/
11.4.3 IRIX 5.X

Cadmin/ bsd/ dist/ include/ people/ share/ tmp -> ../var/tmp/ ToolTalk/ catman/ etc/ lib/ preserve -> ../var/preserve/ spool -> ../var/spool/ adm -> ../var/adm/ cpu/ explorer/ local/ relnotes/ src/ bin/ demos/ gfx/ mail -> ../var/mail/ sbin/ sysgen/
11.4.4 Digital UNIX

adm -> ../var/adm/ doc/ lbin/ news -> ../var/news/ share/ sys/ var/ bin/ examples/ lib/ opt/ shlib/ tcb/ ccs/ field/ local -> /home/local/ preserve -> ../var/preserve/ skel/ tmp -> ../var/tmp/ dict/ include/ man -> share/man/ sbin/ spool -> ../var/spool/ ucb -> ./bin/
11.4.5 Ultrix
adm@ -> var/adm etc/ include/ mdec/ src/ users/ bin/ examples/ lib/ preserve@ -> var/preserve sys/ var/ dict/ field/ local/ skel/ tmp@ -> var/tmp diskless/ hosts/ man/ spool@ -> var/spool ucb/
121
System Directories
122
C H A P T E R 12
User accounts
12.1 User accounts

12.1.1 Registration The user information is registered in the passwd, group, and, for SunOS 5.X, in the shadow files in /etc.
12.1.1.1 Password file - /etc/passwd
/etc/passwd contains 7 fields, each separated by ":", in the form:

login-id:password:user-id#:group-id#:User Info:home-dir:shell
where these fields represent: login-id 28 characters containing lower case alphabetic characters and numbers. password encrypted password, 13 characters, of which the first 2 are the salt. If this field is empty login does NOT prompt for a password. If this field contains 112 characters NO password will ever match. user-id# uid, numerical ID for the user, should be between 0 and 60000 (SunOS 4.1.X, Solaris 2.0-2.5). Solaris 2.5.1 uses a signed long for this value, MAXUID in /usr/include/sys/param.h, raising the limit to 231. group-id# gid, numerical ID for the group that the user belongs to, should be between 0 and 60000. User Info Users real name, etc. home-dir Path to the directory the user is logged in to. shell The users initial shell program. The default shell if this is empty is /usr/bin/sh. Valid entries within passwd would be:
sysdiag:*:0:1:System Diagnostic:/usr/diag/sysdiag:/usr/diag/sysdiag/sysdiag frank:yPf3M5qMgglUc:101:10:Frank G Fiamingo:/home/tardis/frank:/usr/bin/csh
The home directory, field 6 of /etc/passwd, specifies the location of the users home within the operating system. The user is placed here by the login program. For a normal login user this directory should be owned by the user.
123
User accounts
The shell, field 7 of /etc/passwd, is the program run when the user logs in. Generally this is a shell that acts as a command interpreter, reading from a terminal and translating the commands into system actions, e.g. sh (Bourne shell), csh (C shell), or tcsh (extended C shell). Occasionally this is not a shell, but a stand-alone program, as in the sysdiag passwd entry given above. Here when you login as "sysdiag" you go directly into the systems diagnostics program. For SunOS 4.1.X you would generally edit the passwd file using the vipw command. This saves a copy of passwd as ptmp, uses the vi editor by default (or the editor set by your VISUAL or EDITOR environment variable), and verifies the consistency of the root entry before writing the file back to passwd. The shell for the root account must be listed in /etc/shells, if the file exists. The ptmp file also serves as a lock against a simultaneous use of vipw.
12.1.1.2 Group file - /etc/group
/etc/group contains 4 fields, each separated by a ":", in the form:

group-name:password:gid:comma-separated,list,of,names
where these fields represent: group-name Name of the group password If the password field is empty you are not prompted for a password when changing groups. gid Numerical ID for the group; should match the gid field for the passwd file. list comma-separated list of users who belong to this group. Valid entries within group would be:
operator:*:5:frank,bobd staff:*:10:
12.1.1.3 Shadow file - /etc/shadow (SunOS 5.X, IRIX 5.X)
SunOS 5.X uses additional security measures over the older OS. One of these is the shadow password scheme, which is used by default. The encrypted password is not kept in /etc/passwd, but rather in /etc/shadow. /etc/passwd has a placeholder, x, in this field. passwd is readable by everyone, whereas shadow is readable only by root. The shadow file also contains password aging controls. /etc/shadow contains 9 fields, each separated by a ":", in the form:
login-id:password:lastchg:min:max:warn:inactive:expire:flag
where these fields represents:

login-id password lastchg min max
login name 13 character encrypted password number of days from Jan 1, 1970 to the last password change minimum number of days required between password changes maximum number of days the password is valid
124
User accounts
warn inactive expire ag
number of days before expiring the password that the user is warned number of days of inactivity allowed for the user absolute date after which the login may no longer be used currently not used
The encrypted password field might also contain the entries: NP *LK*
for no password is valid meaning the account is locked until the superuser sets a password
A typical /etc/shadow file might be:

root:st44wfkgx33qX::::::: daemon:NP:6445:::::: bin:NP:6445:::::: sys:NP:6445:::::: adm:NP:6445:::::: lp:NP:6445:::::: smtp:NP:6445:::::: uucp:NP:6445:::::: nuucp:NP:6445:::::: listen:*LK*::::::: nobody:NP:6445:::::: noaccess:NP:6445::::::
The shadow password file is updated using the commands: passwd useradd usermod userdel
change the password and password attributes add a new user modify a users login information delete a users login entry
If you presently have an /etc/passwd file under SunOS 4.X that you want to use with SunOS 5.X, you can use the pwconv command to convert the passwd file to the new style and create the /etc/shadow file. The /etc/shadow file has specific fields to keep track of the last password change, the minimum and maximum time in days that the password is valid, the number of inactive days allowed between uses before the login ID is declared invalid, and an expiration date for the account. You can edit /etc/shadow and set these values, or use the useradd command to set limits on the account. Sun recommends that you use the admintool or solstice utilities or the useradd command to add new users, rather than editing the passwd file. If you do edit the passwd file youll want to use pwconv to update the passwd changes to the shadow file. The use of vipw is no longer recommended. Its included with the compatibility package, as /usr/ucb/vipw, and you can still use it, but it does not update the shadow file, though it does remind you to do so.
125
User accounts
12.2 Admittance - login procedure

Under SunOS 4.1.X init creates a process for each terminal port defined within /etc/ttytab. For each hardwired line it starts a getty process. For network ports init starts the inetd daemon process to monitor for telnet, ftp, etc. logins. When the user logs out init detects this event and restarts the getty process. Similarly, the getty process is used by IRIX, Digital UNIX, and Ultrix. For SunOS 5.X init uses the Service Access Facility to control system access. We will look at this service in a latter chapter.
12.3 Password Aging, SunOS 4.1.X

With password aging you can set minimum and maximum lengths of time for which the password is valid. Only the superuser can change these values. Maximum time lengths force your users to change passwords regularly. Minimum lengths prevent them from quickly changing them back. For SunOS 4.1.X password aging for a user is started with the passwd command, using either the -x (maximum) or -n (minimum) options and specifying a time limit in days and a user name. This will alter the encrypted password field by adding a comma and 2 digits to the end of it. The first digit is for the maximum time and the second for the minimum. For 14 days or less the digits are zero. For longer than 14 days add 1 for each 7 day period, after rounding up to the nearest whole week value. This means that you have a granularity of a week, with a minimum time of 2 weeks. To set a maximum time of 40 days, and a minimum time of 30 days, for the user frank, execute:
# passwd -x 40 frank # passwd -n 30 frank
These numbers will be rounded to the next greatest whole week value, converted to weeks, and then have 2 subtracted. So the digit for maximum time will be 4, and that for the minimum time will be 3. You can set a maximum time without a minimum, but not the reverse. The next time the password is changed a 2 character time field will be appended to the encrypted password string, encoding the time into it. So the corresponding entry in /etc/passwd could be:
frank:yPf3M5qMgglUc,437I:101:10:Frank G Fiamingo:/home/tardis/frank:/usr/bin/csh
If there was no minimum then the 3 would be missing. You can display the values the password aging fields with the -d option to passwd, e.g.:
# passwd -d frank 9/19/94 35 42
which displays the date the current password was chosen and the minimum and maximum ages allowed. Unfortunately, password aging in SunOS 4.1.X works only with /etc/passwd, and not with NIS.
126
C H A P T E R 13
Daily System Administration
13.1 User and Group Administration

For NIS (YP) networked machines this should be done on the NIS master. If you are using NIS+ then you will probably want to use admintool to make these changes, and this can be done from any networked machine as long as you are a member of the sysadmin group (gid=14). 13.1.1 SunOS 4.1.X
13.1.1.1 Adding Users
1.
2. 3.
4.
5.
6.
7.
8.
9.
Edit the /etc/passwd file to add the user - use vipw, as this program creates a lock file that prevents two people from trying to edit the password file at the same time. vipw also makes a copy of the original file in /etc/opasswd, and checks the consistency of the root password entry before saving the new version of the file. Edit the /etc/group file to add the user to additional groups. If youre using NIS update the databases on the server: # (cd /var/yp; make) -or(cd /var/yp; make passwd) Give the new user a password with the passwd command: # passwd username This will prompt you twice for the users password, without echoing. Change to what will be the new users proposed parent directory: # cd /home/server Create a directory for the new user: # mkdir username Copy any startup files, e.g. ".login", ".cshrc" into this directory: # cp /usr/local/adm/users/.[a-zA-Z]* username Set the proper user and group ownership of the directory and startup files: # chown -R username.groupnname username- SunOS 4.1.X # chown -R username:groupnname username- SunOS 5.X Set the proper permissions on the directory and startup files: # chmod -R 700 username

13.1.1.2 Removing users
You can disable a users login by editing /etc/passwd to change the encrypted password entry, or by removing the users entire entry. If youre running with NIS you then need to remake the NIS databases before the change will take effect. To temporarily disable a users login replace the encrypted password field with something between 1 and 12 characters. The normal entry has 13 characters; anything shorter (other than NULL) cant be matched by the login crypt program. To completely lock the user out also change their shell, e.g. to /bin/false, so that it wont be valid. Also make sure that theyre not running any background processes, cron processes, or at processes. Enhanced Security mode under Ultrix has a 24 character encrypted password field (2 salt plus 22 encrypted password characters) and allows passwords up to 16 characters.
13.1.1.3 Changing passwords
For root to change a users password its the same as creating one, as above. For a user to change their own password all they need to type is passwd. The program will then prompt for their old password and twice for their new one. The new password is required to be at least 5 characters long if combined upper/lower case letters are used, and 6 characters long otherwise. 13.1.2 SunOS 5.X The most convenient way to add or remove users and groups is to use the User Account Manager of admintool. This OpenWindows GUI tool takes you through the necessary steps. We will look at admintool in a later chapter. These changes can also be made on the command line, as shown below.
13.1.2.1 Adding users
To add new users from the command line use useradd. This updates the files /etc/passwd and /etc/shadow, and if necessary, /etc/group, and creates the home directory. You would execute this command in the form "useradd [options] login-id", e.g.:
# useradd -u 1001 -g staff -d /export/home/frank -s /usr/bin/csh -d "Frank G Fiamingo" -m \ -k /etc/skel frank
where the options used above refer to:

u g d s m k uid number group name home directory name path to the shell make the home directory path to the skeleton dot files
The last step is to provide the user with a password, using the passwd command.
13.1.2.2 Adding groups
There is a command to add new groups, groupadd. To add a group with gid 14 called sysadmin, you would execute:
# groupadd -g 14 sysadmin
128
Communicating with system users

13.1.2.3 Removing Users
You can use the passwd command to lock the password entry for a user to temporarily suspend their activities. This places *LK* in the password field of /etc/shadow. To remove a user completely use the command userdel.
13.1.2.4 Modifying user and group entries
To change user and group entries use the commands usermod and groupmod, respectively.
13.1.2.5 User Initialization Files
The /etc/skel directory contains default user initialization files used by useradd. You can modify these as desired. The /etc/prole is the system-wide Bourne and Korn shell profile script. Its executed before the users $HOME/.prole. There is no similar system-wide script for the C shell under SunOS 4.1.X, though one can be set for the T-C shell, tcsh. For SunOS 5.X if the user doesnt have their own .login, then csh will read /etc/.login.
13.2 Communicating with system users

13.2.1 The message of the day The file /etc/motd this is printed by login on the terminal of each user that logs in. You can use this text file to let users know about significant changes on the system. 13.2.2 Broadcast messages The programs wall and rwall allow you to write to all users terminals. This allows you to alert all users about immediate problems or impending shutdowns. You type in the message after invoking the program and end the message with Control-D (^D).
13.3 Running programs automatically, cron & at

cron executes periodic commands at specified times and dates. cron is a clock daemon that runs continuously on the system and schedules jobs to be run according to the crontab files. You should use the crontab command to update entries in the crontab database. at executes a command once at a specified time. Users are allowed to run the cron and at programs if their names are listed in the file /var/spool/cron/[cron,at].allow (SunOS 4.1.X) or /etc/cron.d/[cron,at].allow (SunOS 5.X). If this file doesnt exist then the file /var/spool/cron/[cron,at].deny (SunOS 4.1.X) or /etc/cron.d/[cron,at].deny (SunOS 5.X) is checked to see if permission should be denied. If neither file exists permission is refused for all but the superuser. If you wish to allow everyone permission create an empty [cron,at].deny file. Ultrix only allows the root user access to crontab.
129
The crontab files are kept in the directory /var/spool/cron/crontabs for both SunOS 4.1.X and 5.X. Each crontab file is named after the owner. Some typical entries in the root crontab file, /var/spool/cron/crontabs/root, might be:
5 0 * * * calendar 15 0 * * * /usr/etc/sa -s >/dev/null # save only last weeks worth of sendmail logs 5 4 * * 6 /usr/lib/newsyslog >/dev/null 2>&1 # backup file systems 10 0 * * 2-6 /usr/local/backup/cron-backup
There are 5 time fields and a command field to control and what program is executed by cron and when, field values minute 0 -> 59 hour 0 -> 23 date of month 1 -> 31 month 1 -> 12 day of week 0 -> 6 (0=Sunday) command command or Bourne shell script Time fields can contain single values, comma (,) separated values (match any listed values), hyphen (-) separated values (match any value in the range), or the wildcard (*) (always match). To edit a crontab file use the command "crontab -e". This will allow you to change the crontab file and will cause cron to re-read it when youre done. By default in Solaris 2.X crontab assumes the ed editor. What you set with your EDITOR environmental variable will override this. To just list the contents of your crontab file use the command "crontab -l".
130
C H A P T E R 14
Administration Tool & Solstice Adminsuite
14.1 Admintool
The Administration Tool, admintool, uses a graphical user interface under OpenWindows, to allow you to administer a number of administrative databases on the network. It users a distributed administrative framework to allow you to perform system administrative functions over the network. You can add new systems, setup printers, and add new user accounts. Members of the sysadmin group (gid 14) are allowed to modify the databases, both locally and remotely (pre SunOS 5.5), if they are also a member of the sysadmin group on the remote system. Members can create, delete, and modify the databases, while non-members have read-only permission on the databases. So, in general, if you are a member of the sysadmin group, you can run admintool under your own user id, and are not required to run it as root. NIS+ has its own method of security, so in addition to being a member of the sysadmin group one needs to have the appropriate permissions on the NIS+ tables to be changed. The sysadmin group, by default, does not exist on the system. You will need to create this group first if you want to use it. With SunOS 5.5 the remote database functions have been relegated to Solstice Adminsuite, and Admintool only functions on local databases.
14.2 Solstice Adminsuite

With SunOS 5.5 Sun removed the network part of admintool and replaced it with Solstice Adminsuite, solstice. This software comes on a separate CDROM and should be installed after the OS. It also requires a license, which you can readily get by returning the form supplied on the CDROM with your license information. You can also run the product in DEMO mode without the license. With solstice you can manage local and remote system databases, using NIS+, NIS, or the local files in /etc.
131
14.3 Services Managed

The SunOS 5.5+ version of admintool and solstice provide access to the following service functions:
TABLE 14.1
Services Function Database Manager User Manager Group Manager Host Manager Printer Manager Serial Port Manager Software Manager Administration Tool No Yes Yes Yes Yes Yes Yes Solstice AdminSuite Yes Yes Yes Yes Yes Yes No
When invoking solstice you should see a display similar to the following, from which you can select your choice of management tool.
132
Services Managed
14.3.1 Database Manager The Database Manager maintains the databases:

aliases group netmasks rpc auto_home hosts networks services bootparams locale passwd timezone ethers netgroup protocols
using the naming services:

NIS+ NIS None Network Information Services Plus (replaces NIS) Network Information Services (formerly known as YP) text files in /etc
When selecting Database Manager you are presented with the display:
133
14.3.2 Host Manager The Host Manager lets you add, delete, or modify the following information in the various host related databases:
Host Type IP Address Ethernet Address Timezone File Server
14.3.3 Print Manager Use Print Manager to install and setup printers, using the functions
add access to a printer install a new printer modify the configuration for a printer delete the information for a printer
When selecting Print Manager you are presented with the display:
134
Services Managed
You modify a printer by selecting the Modify option under Edit and get this display:
135
14.3.4 User Manager The User Manager is used to administer user accounts on a network, which can:
create new accounts modify accounts delete accounts
where user account information can be managed by any of the three naming services, NIS+, NIS, or None. The User Manager sets up the home directories with the appropriate file and account information and manages the databases:
aliases auto_home cred group passwd shadow
After selecting User Manager you asked to choose the naming service, and are then presented with the display:
136
Services Managed
Choosing Edit/Add presents this window:
137
14.3.5 Serial Port Manager The Serial Port Manager lets you configure SAF for terminals and modems. It uses the pmadm command to configure the serial ports, providing templates for quick installation. You can setup, delete, or check the status of one or many ports. You can configure both local and remote system ports. You can add, modify, disable, or delete a service. The templates are provided for:
terminal modem modem modem initialize only hardwired dial-in only dial-out only bidirectional no connection
When selecting Serial Port Manager you are presented with the display:
138
Services Managed
After choosing to Edit serial port a, and specifying Expert mode, were given the following display:
139
14.4 The Distributed System Administration Daemon

The distributed system administration daemon, admind (SunOS 5.4 and below), or sadmind (SunOS 5.5 and above), accepts requests for the services preformed by admintool or solstice, respectively, on the network. The admind or sadmind daemon is started automatically by inetd whenever a request is received, or it can be started on the command line. Before the request is acted upon the daemon must authenticate the client to the server. Once the client identity is verified the daemon uses this identity to allow authorization. The default security level for admind is SYS. You can use the more secure DES level by specifying the option, -S 2, when invoking the daemon, after first making sure that all servers in the domain are properly set up to use DES security. User and group identities are used for authorization as:
root ID allows root privileges only on the local system. Root requests from a remote client are changed to user nobody. Root on the server is allowed to function as root. ordinary users can retrieve information, but cannot modify it. admintool or solstice permission is granted to users who are members of this group on the system where the task is to be performed.
user ID sysadmin group member
14.5 Program Locations

The programs, admintool and solstice, are located in /usr/bin. daemons, admind and sadmind, are in /usr/sbin. The distributed administrative
The executable programs for solstice are located in the /opt/SUNWadm directory, with some further programs and setup files under the /usr/snadm directory. With the -l and -c options to sadmind you specify that a log of requests be kept. By default this log is put in /var/adm/admin.log.
140
C H A P T E R 15
Package Administration
15.1 Packages
SVR4 compliant software must be distributed in package format. SunOS 5.X and all unbundled Solaris 2 products are released in this format. Third party software should also be distributed as packages. There are a number of utilities to install, remove, and keep track of the various packages on your system. They keep extensive logs of whats actually installed on your system. There is also an OpenWindows GUI tool, swmtool, that you can use to perform the functions of the following package commands. Packages can be on tapes or CDROM. On CDROM the package has a directory hierarchy with subdirectories and files, along with possible scripts to control the installation. 15.1.1 pkginfo The pkginfo command displays information about the software package specified. It could be a package to be installed, or resident on the system. You can check on individual packages or for the entire distribution media. e.g.
# pkginfo -d /cdrom/solaris_2_5_sparc/s0/Solaris_2.5 SUNWaccr system SUNWaccr System Accounting, (Root)
15.1.2 pkgadd The pkgadd command is used to install packages on your system. e.g.:
# pkgadd -d /cdrom/solaris_2_5_sparc/s0/Solaris_2.5 SUNWaccr Processing package instance <SUNWaccr> from </cdrom> System Accounting ... Using </usr> as the package base directory ... Installation of <SUNWaccr> was successful
141
15.1.3 pkgrm To remove packages currently installed on the system use the command pkgrm. Its designed to only remove those files belonging exclusively to the package in question. You can execute this command interactively and it will prompt you for the actions to be taken. e.g.:
# pkgrm SUNWaccr The following package is currently installed: SUNWaccr System Accounting Do you want to remove this package [y,n,?,q] y ## Removing installed package instance <SUNWaccr> ## Verifying package dependencies ... ## Updating system information Removal of <SUNWaccr> was successful
15.1.4 pkgchk To check on the attributes and integrity of packages use the pkgchk command. This command verifies the contents of the package against the system log files and reports any discrepancies along with an explanation of the problem. In this example option -a requests a check on the file attributes and option -p specifies the path.
# pkgchk -a -p /etc/passwd ERROR: /etc/passwd permissions <0644> expected <0777> actual
15.1.5 Package Log Files The system log file for packages installed is kept in /var/sadm/install/contents. This file has a record for every file installed on the system with the pkgadd command. These records have the form:
filename filetype permissions owner group size(in bytes) checksum(of contents) time(of last modification) PackageList
where PackageList is the list of the packages associated with the file, e.g.:
/etc d none 0775 root sys SUNWcsr SUNWesu SUNWadmr SUNWbnur SUNWlpr SUNWnisr SUNWscpr /etc/.login f none 0644 root sys 445 32698 720806491 SUNWcsr /etc/TIMEZONE v none 0444 root sys 131 9791 720806487 SUNWcsr /etc/aliases=./mail/aliases s none SUNWcsr /etc/auto_home v none 0555 root bin 50 4502 720800466 SUNWcsr /etc/auto_master v none 0555 root bin 83 7133 720800463 SUNWcsr /etc/autopush=../sbin/autopush s none SUNWcsr /etc/chroot=../usr/sbin/chroot s none SUNWscpr /etc/clri=../usr/sbin/clri s none SUNWcsr /etc/crash=../usr/kvm/crash s none SUNWcsr /etc/cron=../usr/sbin/cron s none SUNWcsr /etc/cron.d d none 0755 root sys SUNWcsr /etc/cron.d/.proto f none 0744 root sys 82 5173 28800 SUNWcsr /etc/cron.d/at.deny v none 0644 root sys 45 4171 28800 SUNWcsr 142 1998 University Technology Services, The Ohio State University UNIX System Administration
Packages Distributed with Solaris 2.5 /etc/cron.d/cron.deny v none 0644 root sys 45 4171 28800 SUNWcsr /etc/cron.d/logchecker f none 0555 bin bin 1178 27089 720797586 SUNWcsr /etc/cron.d/queuedefs f none 0644 root sys 17 1164 28800 SUNWcsr /etc/dcopy=../usr/sbin/dcopy s none SUNWcsr /etc/default d none 0775 root sys SUNWcsr /etc/default/cron f none 0555 bin bin 12 844 720797589 SUNWcsr /etc/default/fs f none 0444 bin bin 10 768 720801815 SUNWcsr /etc/default/login f none 0444 root sys 146 9532 720803469 SUNWcsr /etc/default/passwd f none 0444 root sys 74 4934 720807242 SUNWcsr /etc/default/su f none 0444 root sys 97 6692 720809999 SUNWcsr
The contents file is taken from the pkgmap file supplied with each package and logged in /var/sadm/pkg in a subdirectory known by the package name, in a file named pkgmap. Also in this subdirectory there is a pkginfo file describing the package. The system does not supply any tools to list the files contained in a package, but you can examine the pkgmap files or use grep to search the contents file for this information.
15.2 Packages Distributed with Solaris 2.5

The 262 packages distributed with Solaris 2.5 server edition, as obtained from the pkginfo command, are listed in the table below for the 7 CDROMs in the set.
TABLE 15.1
CDROM adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 adminsuite_2_1 disksuite_4_0 disksuite_4_0 disksuite_4_0 networker_4_1_2
Solaris 2.5 Software

Type application application application application application system system system system system system system system system system system application system system application Name SUNWsadmd SUNWlicja SUNWlicsw SUNWlit SUNWlitja SUNWpcr SUNWpcu SUNWpsf SUNWpsr SUNWpsu SUNWsadma SUNWsadmc SUNWsadmo SUNWscplp SUNWspapp SUNWspman SUNWabmd SUNWmd SUNWmdg SUNWsbuc Description Solstice AdminSuite AnswerBook FlexLM License System Japanese Localization FlexLM License System STE License Installation Tool STE License Installation Tool Japanese Localization SunSoft Print - Client, (root), Early Access SunSoft Print - Client, (usr), Early Access PostScript filters - Early Access, (Usr) SunSoft Print - LP Server, (root), Early Access SunSoft Print - LP Server, (usr), Early Access Solstice AdminSuite system & network administration applications. Solstice AdminSuite system & network administration methods. Solstice AdminSuite object libraries. SunSoft Print - Source Compatibility, (Usr) Solstice AdminSuite print application On-Line Manual Pages DiskSuite 4.0 AnswerBook Solstice DiskSuite Solstice DiskSuite Tool Solstice Backup (Backup/Recover) Client Package
143
TABLE 15.1
CDROM networker_4_1_2 networker_4_1_2 networker_4_1_2 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_desktop_1_0 solaris_2_5_server_1_0 solaris_2_5_server_1_0 solaris_2_5_server_1_0 solaris_2_5_server_1_0 solaris_2_5_server_1_0 solaris_2_5_server_1_0 solaris_2_5_sparc solaris_2_5_sparc

Type application application system system system system system system system system system system system system system system system system system system application system system system system system system system system application application application application application system system application application system system system Name SUNWsbum SUNWsbus1 SUNWsbus2 SUNWdtab SUNWdtdem SUNWdthed SUNWdtinc SUNWdtma SUNWdtmad SUNWmfdev SUNWmfdm SUNWmfman SUNWtltkd SUNWtltkm SUNWdtdst SUNWdthe SUNWdthev SUNWdtim SUNWdtrme SUNWdtwm SUNWdta SUNWdtbas SUNWdtcor SUNWdtdmn SUNWdtdte SUNWdtft SUNWdticn SUNWmfrun SUNWtltk ISLIodbc ISLIodbcD SUNWaws SUNWwabi SUNWnskta SUNWnsktr SUNWnsktu SUNWaadm SUNWaman SUNWipx AXILvplr.c AXILvplr.m Description Solstice Backup (Backup/Recover) Man Pages Solstice Backup (Backup/Recover) Server Package Solstice Backup (Backup/Recover) Device Drivers CDE DTBUILDER CDE DEMOS CDE HELP DEVELOPER ENVIRONMENT CDE Includes CDE man pages CDE developer man pages Motif Development Kit Motif Demos CDE Motif Development Kit Manuals ToolTalk CDE developer support ToolTalk CDE manual pages CDE DESKTOP APPS CDE HELP RUNTIME CDE HELP VOLUMES CDE DESKTOP APPS CDE README FILES CDE DESKTOP WINDOW MANAGER Solaris Common Desktop Env. AnswerBook 1.0.1 CDE base CORE (CDE) CDE daemons CDE DESKTOP LOGIN ENVIRONMENT CDE fonts CDE icons Motif RunTime Kit ToolTalk CDE runtime ODBC (Open DataBase Connectivity) Driver Manager Demo ODBC (Open DataBase Connectivity) Mutli-Dialect dBASE Driver Wabi 2.1 AnswerBook Wabi Application NSKit 1.2 AnswerBook NIS Server for Solaris (root) NIS Server for Solaris (usr) Solaris 2.5 System Administrator AnswerBook Solaris 2.5 Reference Manual AnswerBook PC Protocol Services 1.1 Axil platform links Axil platform links
144
Packages Distributed with Solaris 2.5
TABLE 15.1
CDROM solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc

Type system system system system system system application system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system Name AXILvplu.c AXILvplu.m PFUcar.m PFUdfb.m PFUvplr.m PFUvplu.m SUNWabe SUNWaccr SUNWaccu SUNWadmap SUNWadmc SUNWadmfw SUNWadmr SUNWapppr SUNWapppu SUNWarc SUNWast SUNWaudio SUNWaudmo SUNWbcp SUNWbnur SUNWbnuu SUNWbtool SUNWcar.c SUNWcar.d SUNWcar.m SUNWcar.ma SUNWcar.u SUNWcg6.c SUNWcg6.d SUNWcg6.m SUNWcg6.ma SUNWcg6.u SUNWcg6h SUNWcsd SUNWcsr SUNWcsu SUNWdfb.c SUNWdfb.d SUNWdfb.m SUNWdfb.ma Description Axil usr/platform links Axil usr/platform links PFU/Fujitsu kernel/unix for Power Control Software S-4/Leia LCD Dumb Frame Buffer Driver PFU/Fujitsu platform links PFU/Fujitsu usr/platform links Solaris 2.5 User AnswerBook System Accounting, (Root) System Accounting, (Usr) System administration applications System administration core libraries System & Network Administration Framework System & Network Administration Root PPP/IP Asynchronous PPP daemon config files PPP/IP Asynchronous PPP daemon and PPP login service Archive Libraries Automated Security Enhancement Tools Audio applications Audio demo programs SunOS 4.x Binary Compatibility Networking UUCP Utilities, (Root) Networking UUCP Utilities, (Usr) CCS tools bundled with SunOS Core Architecture, (Root) Core Architecture, (Root) Core Architecture, (Root) Core Architecture, (Root) Core Architecture, (Root) GX (cg6) Device Driver GX (cg6) Device Driver GX (cg6) Device Driver GX (cg6) Device Driver GX (cg6) Device Driver GX (cg6) Header Files Core Solaris Devices Core Solaris, (Root) Core Solaris, (Usr) Dumb Frame Buffer Device Drivers Dumb Frame Buffer Device Drivers Dumb Frame Buffer Device Drivers Dumb Frame Buffer Device Drivers
145
TABLE 15.1

Type system system system application system system system system system system application application application application system system system system system system system system system system application application application system system system system system system system system application system application system system system Name SUNWdfb.u SUNWdfbh SUNWdial SUNWdialh SUNWdoc SUNWdtcor SUNWdxlib SUNWesu SUNWfac SUNWffb.u SUNWffbcf SUNWffbmn SUNWffbw SUNWffbxg SUNWfns SUNWfnspr SUNWfnsx5 SUNWhea SUNWhinst SUNWhmd SUNWhmdu SUNWinst SUNWipc SUNWisolc SUNWkcspf SUNWkcspg SUNWkcsrt SUNWkey SUNWkvm.c SUNWkvm.d SUNWkvm.m SUNWkvm.ma SUNWkvm.u SUNWleo.d SUNWleo.m SUNWleoo SUNWleor SUNWleow SUNWlibC SUNWlibCf SUNWlibm Description Dumb Frame Buffer Device Drivers Dumb Frame Buffer Header Files Buttons/Dials (bd) Streams Module Buttons/Dials (bd) Header Files Documentation Tools CORE (CDE) Direct Xlib Extended System Utilities Framed Access Command Environment FFB System Software (Device Driver) FFB Configuration Software On-Line FFB Manual Pages FFB Window System Support FFB XGL support Federated Naming System FNS Support For Printer Context FNS Support For X.500 Directory Context SunOS Header Files 4.1* Heterogeneous Install Software SunSwift SBus Adapter Drivers SunSwift SBus Adapter Headers Install Software Interprocess Communications XSH4 conversion for ISO Latin character sets KCMS Optional Profiles KCMS Programmers Environment KCMS Runtime Environment Keyboard configuration tables Core Architecture, (Kvm) Core Architecture, (Kvm) Core Architecture, (Kvm) Core Architecture, (Kvm) Core Architecture, (Kvm) ZX System Software (Device Driver) ZX System Software (Device Driver) ZX XGL support ZX System Software (Root) ZX Window System Support SPARCompilers Bundled libC SPARCompilers Bundled libC (cfront version) SPARCompilers Bundled libm
146
TABLE 15.1

Type system system system system system system system system system system system system system system system system system system system system system system system system system system system system system system application application application system system system system system system system application Name SUNWlibms SUNWloc SUNWlpmsg SUNWlpr SUNWlps SUNWlpu SUNWman SUNWmfrun SUNWnisr SUNWnisu SUNWoladd SUNWolaud SUNWolbk SUNWoldcv SUNWoldem SUNWoldim SUNWoldst SUNWoldte SUNWolimt SUNWolinc SUNWolman SUNWolrte SUNWolslb SUNWolsrc SUNWowbcp SUNWowrqd SUNWpcmci SUNWpcmcu SUNWpcmem SUNWpcser SUNWpexcl SUNWpexh SUNWpexsv SUNWploc SUNWploc1 SUNWplow SUNWplow1 SUNWpppk SUNWrdm SUNWrtvc SUNWrtvcu Description SPARCompilers Bundled shared libm System Localization LP Alerts LP Print Service, (Root) LP Print Service - Server, (Usr) LP Print Service - Client, (Usr) On-Line Manual Pages Motif RunTime Kit Network Information System, (Root) Network Information System, (Usr) OPEN LOOK Alternate Desktop Demos OPEN LOOK Audio applications OpenWindows online handbooks OPEN LOOK document and help viewer applications OPEN LOOK demo programs OPEN LOOK demo images OPEN LOOK deskset tools OPEN LOOK Desktop Environment OPEN LOOK imagetool OPEN LOOK include files OPEN LOOK toolkit/desktop users man pages OPEN LOOK toolkits runtime environment OPEN LOOK toolkit/desktop static/lint libraries OPEN LOOK sample source OpenWindows binary compatibility OpenWindows required core package PCMCIA Card Services, (Root) PCMCIA Card Services, (Usr) PCMCIA memory card driver PCMCIA serial card driver PEX Runtime Client Library PEX Client Developer Files PEX Runtime Server Extension Partial Locales Supplementary Partial Locales OpenWindows enabling for Partial Locales OpenWindows enabling for Suppl. Partial Locales PPP/IP and IPdialup Device Drivers On-Line Open Issues ReadMe SunVideo Device Driver SunVideo Runtime Support Software
147
TABLE 15.1

Type system system system system system system system system system system application application system application application system application application system system system system system system system application system system system system system application application application application application system application application application application Name SUNWsadml SUNWscbcp SUNWscpr SUNWscpu SUNWsprot SUNWsra SUNWsrh SUNWssadv SUNWssaop SUNWsutl SUNWsx SUNWsxow SUNWsxr.m SUNWsxxgl SUNWsxxil SUNWtcx.m SUNWtcxow SUNWtcxu SUNWter SUNWtltk SUNWtltkd SUNWtltkm SUNWtnfc SUNWtnfd SUNWtoo SUNWvlxil SUNWvolg SUNWvolr SUNWvolu SUNWxcu4 SUNWxcu4t SUNWxgldg SUNWxgler SUNWxglft SUNWxglh SUNWxglrt SUNWxi18n SUNWxildg SUNWxiler SUNWxilh SUNWxilow Description Solstice Admintool Launcher. SPARCompilers Binary Compatibility Libraries Source Compatibility, (Root) Source Compatibility, (Usr) SPARCompilers Bundled tools Source Compatibility Archive Libraries Source Compatibility Header Files SPARCstorage Array Drivers SPARCstorage Array Utility Static Utilities SX Shareable Library SX Window System Support SX Video Subsystem Drivers SX XGL Support SX XIL Support TCX System Software (Device Driver) TCX Window System Support TCX XGL Support Terminal Information ToolTalk runtime ToolTalk developer support ToolTalk manual pages TNF Core Components TNF Developer Components Programming Tools VIS/XIL Support Volume Management Graphical User Interface Volume Management, (Root) Volume Management, (Usr) XCU4 Utilities XCU4 make and sccs utilities XGL Generic Loadable Libraries XGL English Localization XGL Stroke Fonts XGL Include Files XGL Runtime Environment X Windows I18N Common Package XIL Loadable Pipeline Libraries XIL English Localization XIL Header Files XIL Deskset Loadable Pipeline Libraries
148
TABLE 15.1
CDROM solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc solaris_2_5_sparc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc upd_sol_2_5_smcc

Type application system system system system system system system system system system system system system system system system system system system system application system system system system system system system system system system system system system system system Name SUNWxilrt SUNWxwacx SUNWxwcft SUNWxwdem SUNWxwdim SUNWxwdv SUNWxwdxm SUNWxwfnt SUNWxwfs SUNWxwinc SUNWxwman SUNWxwmod SUNWxwoft SUNWxwopt SUNWxwplt SUNWxwpmn SUNWxwpsr SUNWxwslb SUNWxwsrc TSBWvplr.m TSBWvplu.m SUNWabhdw SUNWbtryh SUNWbttry.m SUNWcpr.m SUNWcpr.u SUNWird.m SUNWirdh SUNWpmc.m SUNWpmch SUNWpmman SUNWpmow SUNWpmr SUNWpmu SUNWvts SUNWvtsmn SUNWvygmn Description XIL Runtime Environment AccessX client program X Windows common (not required) fonts X Windows demo programs X Windows demo images XWindows Window Drivers DPS motif library X Windows platform required fonts Font server X Windows include files X Windows online user man pages OpenWindows kernel modules X Windows optional fonts nonessential MIT core clients and server extensions X Windows platform software X Windows online programmers man pages Sun4u-platform specific X server aux filter modules X Windows static/lint libraries X Windows sample source Toshiba platform links Toshiba usr/platform links Solaris 2.5 on Sun Hardware AnswerBook Battery Module Header File Battery Streams Module Suspend, Resume package Suspend, Resume package Infra Red Device Driver based on MIC Infra Red Device Driver Header File Power Management Chip Driver Power Management Chip Driver Header Files Power Management Man Pages Power Management OW Utilities Power Management config file and rc script Power Management binaries Online Validation Test Suite Online Validation Test Suite Man Pages SPARCstation Voyager Man Pages
149
15.3 Swmtool
swmtool is an X-windows GUI to the package commands. In later versions its part of Admintool. With it you can install, upgrade, or remove the software packages on a local or remote system. Starting with Solaris 2.5 its now part of the Admintool set of programs. It checks /var/sadm/install/contents for the packages installed. To use it bring up the tool, and select "Add" under the "Edit" menu to install new software.
In the pop-up menu specify the source to use, click on the desired action and let it go to work. e.g., for the SunSoft Workshop Developers Products CDROM specify the CDROM mount point as below.
Click on "OK" and the tool will automatically read the package information from the CDROM and provide you with the choice of install options, as below.
Swmtool
Click on the desired package and start the install.
151
Clicking on SPARCompiler C 4.0 and then choosing "Customize..." brings the next pop-up menu so that you can customize the installation process and start the install.
15.4 SunOS 4.X

SunOS 4.X uses /usr/etc/install/add_services to install system software. It doesnt keep any records of where the software is installed on the machine.
152
IRIX 5.X
15.5 IRIX 5.X

IRIX uses the software installation tool, inst. It can be invoked either from the command line, or in standalone mode from the miniroot. In the latter case we saw some examples in the Chapter on OS Installation. At the command line you can invoke inst either with command line options, or in interactive mode, e.g.:
inst Default distribution to install from: . For help on inst commands, type "help overview". Inst Main Menu 1. from [source] 2. list [keywords] [names] 3. go 4. install [keywords] [names] 5. remove [keywords] [names] 6. keep [keywords] [names] 7. step [keywords] [names] 8. conflicts [choice ...] 9. help [topic] 10. view ... 11. admin ... 12. quit Inst> Specify location of software to be installed Display information about software subsystems Perform software installation and removal now Select subsystems to be installed Select subsystems to be removed Do not install or remove these subsystems Interactive mode for install/remove/keep List or resolve installation conflicts Get help in general or on a specific word Go to the View Commands Menu Go to the Administrative Commands Menu Terminate software installation
inst keeps records of where software is installed in /var/inst.
153
15.6 Digital UNIX and Ultrix

Both Digital UNIX and Ultrix use setld to install system software. Mount the CDROM, change to the desired directory, e.g. /mnt/RISC/BASE, and run the setld command, i.e.:
# setld -l
You will then be prompted for the packages to load. Software can be loaded from disk, CDROM, tape, or over the network from an install server. A log is kept of the transactions in /var/adm/smlogs/setld.log (Digital UNIX) or /etc/setldlog (Ultrix). You can use the fverify command to verify that the specified files have the correct files size, checksum, user id, group id, mode and file type as the installed file. /usr/lbin/fverify (Digital UNIX) or /etc/stl/fverify (Ultrix) will check the databases in /usr/.smdb./*.inv or /usr/etc/subsets/*, respectively, for the inventory files.
154
C H A P T E R 16
Backup Procedures
16.1 Backup Procedures

One of your most important functions as a System Administrator is to maintain the integrity of the data on your system. Since hardware does break and people make mistakes it is imperative that you make frequent backups of the file systems. That way in the event of a disk crash or accidental deletion of files you can recover a recent version of the data or program. Generally you back up data from disk to tape (1/2" 9-track, 200 MB; 1/4" cartridge, 150 MB; 4mm DAT, 1-12 GB; 8mm, 210 GB; or DLT 20 GB) or removable optical disks, for long term storage. If you have the disk space you can consider making backup copies of critical data files on other disk partitions. If your system doesnt have a backup medium, emphasize to the powers that be that someday your disk will crash and you will not be able to recover their data.
16.2 Backup strategies

Take a full dump of all the file systems soon after installation and personalizing the system. After this periodically take full backups of all file systems, e.g. weekly or monthly, and take incremental backups of all file systems weekly or daily, if needed. If your system is heavily used for file storage, or if the data stored there are hard to reproduce backup your file systems daily. Set up and stick to a regular schedule. Backups should be done on quiescent file systems. This can be either single user mode, or with no one on the system, e.g. late at night. 16.2.1 Full backups A full backup is a complete copy of all your file systems. Should your file system be blown away you can recreate it exactly as it was at the time of the full backup. These should be done monthly or weekly on each file system. 16.2.2 Incremental backups Incremental backups copy only files that were added or changed since the last lower level dump are backed up. Since most of your files, e.g. system files, are static they will not be included in the dump.
Backup Procedures
This can save considerable space and time. A complete restoration of a damaged file system will them require the last full dump followed by the incremental dump(s). Incremental dumps should be done weekly or daily, depending on file system activity and importance.
16.3 Backup and Restore Commands

16.3.1 Dump The program dump (SunOS 4.1.X, IRIX 5.X, Ultrix, Digital UNIX) or ufsdump (SunOS 5.X) can be used to backup a complete file system. There are 10 levels of dumps, 0-9. 0 is a full dump, while levels 1-9 are incremental dumps. The lower the number the more complete the dump. A level 1 dump will include everything changed since the last level 0 dump. A level 9 dump will only include those files changed since the last lower numbered dump. The manuals sometimes recommend some weird dump sequence involving every possible level through different days of the week, with a monthly period, to minimize tape usage. However, this makes it nearly impossible to figure out what you need to do to restore a particular file. Pick a simple schedule thats easy to follow and stick to it. To use the /usr/etc/dump or /usr/sbin/ufsdump program, e.g. to an 8mm tape drive, well use a command line similar to the following to dump the root device, /dev/rsd0a.
/usr/etc/dump 0ufsdb /dev/nrst8 6000 54000 126 /dev/rsd0a
where 0ufsdb call for: 0 - full dump; dump level (0->9). u - update the record for dumps, /etc/dumpdates. f - dump file; e.g. /dev/nrst8, where nrst indicates "no rewind". s - size of the tape volume youre dumping to, e.g. 6000 ft. d - tape density; e.g. 54000 bpi for 8mm tape. b - tape block size; e.g. 126 When you specify the size of the tape volume be conservative. Deliberately reduce it a few percent from the actual length, as the SunOS 4.1.X dump program doesnt know how to determine end-of-tape and will try to write to the full size specified, if needed. Also, any additional tapes needed for this backup will be assumed to have the same size as that specified for the first tape. The SunOS 5.X dump program, ufsdump, can detect end-of-tape, and so the size parameter is not needed here. The following is a sample dump output when backing up the /usr partition to a remote tape drive.
DUMP: Date of this level 0 dump: Sat Oct 1 04:56:03 1994 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rsd0g (/usr) to /dev/nrst8 on host tardis DUMP: mapping (Pass I) [regular files] DUMP: mapping (Pass II) [directories] DUMP: estimated 254102 blocks (124.07MB) on 0.07 tape(s). DUMP: dumping (Pass III) [directories] DUMP: dumping (Pass IV) [regular files] DUMP: 41.11% done, finished in 0:07
156
Backup and Restore Commands DUMP: 81.87% done, finished in 0:02 DUMP: DUMP: 254102 blocks (124.07MB) on 1 tape DUMP: DUMP IS DONE DUMP: level 0 dump on Sat Oct 1 04:56:03 1994 DUMP: Tape rewinding
dump and ufsdump keep a record in /etc/dumpdates of files they have backed up in the form:
#filesystem /dev/rsd0a /dev/rsd0g level date 0 Sat Oct 0 Sat Oct -or, for SunOS 5.X/dev/rdsk/c0t3d0s0 0 Sat Oct /dev/rdks/c0t3d0s5 0 Sat Oct 1 04:54:52 1994 1 04:56:03 1994 1 04:54:52 1994 1 04:56:03 1994
16.3.2 Sample backup scripts You can write a script to do the periodic backups, requiring operator intervention, e.g.:
# Script to do a complete backup of the system # A dataless system to a tape drive on a server. echo "***************************************************************" echo "This program will allow you to backup GALLIFREY onto magtape" echo " Follow the directions given below." echo "***************************************************************" echo "Mount tape for partition a and g" echo " then type RETURN " read start echo " ...working - Starting GALLIFREY backup " /usr/etc/dump 0ufsdb server:/dev/nrst8 6000 54000 126 /dev/sd0a && echo "Done with partition a ..." /usr/etc/dump 0ufsdb server:/dev/rst8 6000 54000 126 /dev/sd0g && echo "Done with partition g ..." /usr/bin/mt -f /dev/rst8 rewoffl
Backup scripts similar to this can be run by you as root, or by an operator. You may wish to set up a login in /etc/passwd similar to:
backup:ogHt5C0Z.bcD2:20:5:Remote Backup to Server:/etc/adm:/etc/adm/backup
where the backup script is the shell, /etc/adm/backup. You or the operator would login as backup and the program would run at login. When the program terminates you would be logged out. You can also set up your backup script to be run by cron. If the tape is large enough to hold the entire backup the following script could be set to run periodically. You will just need to make sure that the proper tapes are in the drive at the appropriate times.
157
Backup Procedures #!/bin/sh # Cron script to do a complete backup of the system #/dev/sd0a 15663 6335 7762 45% / #/dev/sd0g 138511 101061 23599 81% /usr #/dev/sd2h 268319 4208 237280 2% /home #/dev/sd2f 458671 36844 375960 9% /usr/local #/dev/sd2a 47711 297 42643 1% /var HOST=hostname admin=frank Mt=/bin/mt Dump=/usr/etc/dump device=/dev/nrst0 size=6000 dens=54000 blksz=126 # Failure - exit failure () { /usr/ucb/mail -s "Backup Failure - $HOST" $admin << EOF $HOST Cron backup script failed. Apparently there was no tape in the device. EOF exit 1 } # Dump Failure - exit dumpfail () { /usr/ucb/mail -s "Backup Failure - $HOST" $admin << EOF $HOST Cron backup script failed. Could not write to the tape. EOF exit 1 } # Success success () { /usr/ucb/mail -s "Backup completed successfully - $HOST" $admin << EOF $HOST Cron backup script was apparently successful. The /etc/dumpdates file is: /bin/cat /etc/dumpdates EOF } # Confirm that the tape is in the device $Mt -f $device rewind || failure $Dump 0ufsdb $device $size $dens $blksz /dev/sd0a || dumpfail $Dump 0ufsdb $device $size $dens $blksz /dev/sd0g || dumpfail $Dump 0ufsdb $device $size $dens $blksz /dev/sd2h || dumpfail $Dump 0ufsdb $device $size $dens $blksz /dev/sd2f || dumpfail ($Dump 0ufsdb $device $size $dens $blksz /dev/sd2a || dumpfail) && success $Mt -f $device rewoffl
158
Backup and Restore Commands
16.3.3 Restore You can restore entire file systems or you can interactively restore individual files with the restore program, restore (SunOS 4.1.X) or ufsrestore (SunOS 5.X). These programs restore files relative to your current directory. On a full restore they place a file, restoresymtable, in the current directory, thats used to pass information to a further instance of restore, for restoring incremental dumps. This file can be safely removed only after all of the incremental dumps have been restored. To do a complete restore of a damaged file system, e.g. /dev/sd0h, you might try:
# newfs /dev/rsd0h - to clear and re-create the file system. # mount /dev/sd0h /mnt - to mount the file system temporarily. # cd /mnt - move to the new file system. # restore -r - restore a level 0 dump of the file system. Later, incremental dumps can then be restored. # umount /mnt - unmount the file system. # fsck /dev/rsd0h - check the file system for consistency. # mount /dev/sd0h /home- mount the file system
Restore can also be run interactively and you can specify the device, e.g.:
# restore -if /dev/rst9
restore then first recreates the file system in memory so that you can use some UNIX type commands, i.e. ls, cd, and pwd, to move around the file system. You can then "add" entries to a table of files to "extract" from the tape. A special case is restoration of the root file system. For this you need to boot from tape or CDROM. After restoring the file system you also need to re-install the boot block program, bootblk. This is done with installboot, as in the following for a SCSI disk on SunOS 4.1.X:
# /usr/mdec/installboot /boot bootsd /dev/rsd0a
and for SunOS 5.X:

# /usr/sbin/installboot /usr/platform/uname -i/lib/fs/ufs/bootblk /dev/rdsk/c0t3d0s0
As you can see the syntax is dependent on both the hardware platform and software version, so read the man page before using installboot. 16.3.4 Remote dumps and restores Dumps and restores can be done locally or remotely, across a network. The major difference is that when you specify location of the backup media for the remote device you need to include the system name, e.g. tardis:/dev/nrst8. You can also specify a different user on the remote machine, e.g.: frank@tardis:/dev/nrst8. The remote machines /etc/hosts.equiv or users .rhosts file would have to allow access. 16.3.5 Tape Archive program, tar The tape archive program, tar, can be used to copy files to and from tape or across a network. If youre working with individual files or directories youll probably want to use tar for this service. Most UNIX systems have tar, so its convenient for moving files between different systems. UNIX source
159
Backup Procedures
archives, e.g. those on archive.cis.ohio-state.edu and many other places, are often stored as compressed tar files. Compression generally saves 1/2 - 2/3 of the original file space. A compressed tar file usually has a name similar to lename.tar.Z, where the "Z" stands for Lempel-Ziv compression. The GNU compression program, gzip, uses a different compression scheme, signified by ending the filename with "z" or "gz". A compressed file is a binary file. To generate a tar file:
# tar -cvf filename.tar list-of-files
This puts the files into tar format and stores them in lename.tar. You could just as easily put them onto tape, e.g.:
# tar -cvf /dev/rmt8 list-of-files
Some of the options for tar are:

c v f t - create a new tarfile. - verbose, print out the file names as they are archived. - use the next argument as the output file. - list the files
You can extract files from tape or a tarfile with:

# tar -xvf /dev/rmt8
So if you have a compressed tarfile you would first use uncompress to uncompress the tarfile, then tar with the "-x" option on the tarfile to extract the programs and directories, similar to:
# uncompress filename.tar.Z- which produces "filename.tar" as output. # tar -xvf filename.tar - which extracts the files, e.g. filename/Makefile README main.c header.h ...
16.3.6 cpio cpio copies files in and out of a cpio archive. The Solaris 2.X packages on the install CDROM are compressed cpio archives. To examine one of these packages: # zcat file | cpio -idumB where the cpio options indicate: i copy in d create directories as needed u copy unconditionally, even replacing newer files of the same name m retain modification times B block I/O 5120 bytes/record t list the table of contents of the input file You can create your own cpio archives with cpio. cpio reads and writes to stdin and stdout, respectively.
PART II
Network Services
Service Access Facility The Network Network Administration Distributed File System Administration Network Information Services Adding Clients Usenet
161
Network Services
162
C H A P T E R 17
Service Access Facility
17.1 Overview of Service Access

The Service Access Facility (SAF) is used by SunOS 5.X to control access to terminals, modems and network services, such as remote print requests. Its designed to be flexible and to treat local and network requests in a similar fashion. The init and login programs have been re-written for Solaris 2 and part of their previous functions now belong to SAF. SAF is not a program, but rather a package of daemons and administrative commands. The Service Access Controller (sac) is the master SAF process. Its spawned by init at run level 2 and controls the port monitors. It can add or remove and start or stop the port monitors. The port monitors control either a serial or network port. They connect incoming requests to services, which are arbitrary processes, such as login. The port monitor administrative commands can add or delete and start or stop services for the ports. The getty process is no longer used. It was considered too inflexible in that the only service it provided was login. Also, it didnt scale well to large numbers of ports, as you had to run a getty process for every port it monitored. The SAC administers the port monitors with the sacadm command. Each port monitor can control one or many ports. The ports are administered through the pmadm command. The pmadm command controls the services provided by ttymon and listen. One ttymon daemon serves multiple serial ports and one listen daemon provides multiple services to the network ports. Serial ports can be configured using the Serial Port Manager facility of the admintool GUI described in a later chapter, or by using the commands specified below.
163
17.2 Service Access Facility Overview

FIGURE 17.1
Service Access Facility Overview

/etc/inittab /etc/saf/_syscong /etc/saf/_sactab sac /usr/sbin/sacadm ttymon /etc/saf/<pmtag>/_pmtab listen /usr/sbin/pmadm init
/dev/term/a
/dev/term/b
listenS5
listenBSD
17.3 Service Access Controller

The Service Access Controller follows these steps:
1.
The sac program is started by init when entering run level 2 through an entry in /etc/inittab,
sc:234:respawn:/usr/lib/saf/sac -t 300
2.
3.
4. 5.
When sac is invoked it reads the configuration script /etc/saf/_syscong to customize its environment. After interpreting the _syscong file sac reads its administrative file, /etc/saf/_sactab, which specifies the port monitors to start. For each port monitor sac starts it forks a child process. Each child process then interprets its specific port monitor configuration script, /etc/saf/<pmtag>/_cong. Lastly the child process execs the port monitor specified by the _sactab entry.
An entry is made in /var/saf/_log whenever sac starts or stops a port monitor.
164
Port Monitors
17.4 Port Monitors

There are two types of port monitors, TTY monitors that listen for incoming connections on serial devices, and network listeners, that listen for incoming requests on the network ports. 17.4.1 ttymon The ttymon monitor manages the TTY ports. It monitors, sets terminal modes, baud rates, and starts the specified service, e.g. login, for the port. The ttymon process sets the line disciplines according to the values specified in /etc/ttydefs (which replaces gettytab). ttymon replaces the getty process. A single ttymon command can monitor multiple ports. This command is configured using the sacadm program and its services are specified using the pmadm and ttyadm commands. 17.4.2 listen The network port manager is listen. Requests received through the network, such as remote print requests, are processed by listen, which invokes the appropriate servers to provide the service. The listen daemon is configured by sacadm while specific service information is provided by the pmadm and nlsadmin commands. 17.4.3 sacadm The sacadm command administers both ttymon and listen. It can be used to add and remove, start and stop, and enable and disable port monitors. 17.4.4 pmadm The pmadm command associates a service with an instance of a port monitor. It embeds a ttyadm or nlsadmin command when invoked to provide specific information for a port monitor. 17.4.5 ttyadm The ttyadm command provides information specific to ttymon to the pmadm command. Information such as whether the port is bi-directional, which STREAMS modules to push, the baud rate, and the service to provide. 17.4.6 nlsadmin The nlsadmin command provides information specific to listen to the pmadm command. Information such as the full path name of the server process, or the FIFO, or the named STREAM that the server uses to listen for services.
165
17.5 Setting Up a Terminal

To configure an ASCII terminal for login service perform the following steps.
1. 2.
3.
4.
Connect the terminal to the system. Here well assume that it is serial port A. Issue the sacadm command to add a ttymon port monitor named zsmon: # sacadm -a -p zsmon -t ttymon -c /usr/lib/saf/ttymon -v ttyadm -V where -a is the flag to add the port -p specifies the pmtag zsmon as the port monitor tag -t specifies the type of port monitor as ttymon -c defines the command string to start the port monitor -v specifies the version number of the port monitor (provided by ttyadm -V) You can use the sacadm program to report the status for a port monitor: # sacadm -l PMTAG PMTYPE FLGS RCNT STATUS COMMAND zsmon ttymon 0 ENABLED /usr/lib/saf/ttymon Should you need to you can remove any existing service for ttya do the following: # pmadm -r -p zsmon -s ttya where -r indicates to remove a service from the port monitors administrative file -p specifies the pmtag zsmon associated with the port monitor -s specifies the service tag Use pmadm to associate the port monitor with the new service: # pmadm -a -p zsmon -s a -i root -fu -v ttyadm -V -m "ttyadm -l 9600 -d /dev/term/a -i terminal disabled -s /usr/bin/login -T tvi925 -S y" where for pmadm we have the options -a indicates to add a service to the port monitor administrative file -i is the identity assigned to the service tag when its started (must be in /etc/passwd) -f specifies one or both of the two ags: x do not enable the service through the port monitor u create a utmp entry for the service -v specifies the version number (using ttyadm for ttymon, nlsadmin for listen) -m specifies the part of the port monitor administrative file entry for this service, and for ttyadm we have the options -l specifies the label in the /etc/ttydefs file to use as the starting point for the baud rate -d specifies the full path name of the device file for the TTY port -i specifies the inactive (disabled) message to sent to the port when it is disabled -s specifies the service to be invoked when a connection request is received by the port -T sets the default terminal type -S sets the software carrier value y turns software carrier on n turns software carrier off
166
Setting Up a Terminal
5.
This puts an entry in /etc/saf/zsmon/_pmtab and enables the terminal. You can read this file with:
# pmadm -l PMTAG PMTYPE SVCTAG FLGS zsmon ttymon ttya u ldterm,ttcompat ttya login: - tvi925 y # ID root <PMSPECIFIC> /dev/term/a I - /usr/bin/login - 9600
The actual entry in the _pmtab file is:

# VERSION=1 ttya:u:root:reserved:reserved:reserved:/dev/term/a:I::/usr/bin/login::9600:ldterm,ttcompat:ttya login\: ::tvi925:y:#
Rather than typing in the sacadm and pmadm commands on the command line as done above, with all the possibilities for error, you can edit their control files and add your entries. To have these take effect you execute the sacadm command with the -x option, telling it to reread its database files for the -p pmtag specified, e.g.: Create /etc/saf/_sactab: # cat <<EOF_SACTAB > /etc/saf/_sactab # VERSION=1 zsmon:ttymon::0:/usr/lib/saf/ttymon: # TTY Port Monitor EOF_SACTAB 2. Make a directory for the zsmon port monitor # mkdir /etc/saf/zsmon Change to the new directory and create the _pmtab file # cd /etc/saf/zsmon # cat <<EOF_PMTAB > _pmtab
1.
# VERSION=1
ttya:u:root:reserved:reserved:reserved:/dev/term/a:I::/usr/bin/login::9600:ldterm,ttcompat:ttya login\: ::tvi925:y:#
EOF_PMTAB
3.
4.
Create the log directory and file # mkdir /var/saf/zsmon # touch /var/saf/zsmon/log Re-initialize SAF # sacadm -x -p zsmon 17.5.1 TTY Monitor Control Commands
You control the TTY port monitor with sacadm, e.g.:

# sacadm -e -p zsmon # sacadm -d -p zsmon - enable a port monitor to allow it to service new requests - disable a port monitor, this prevents it from starting new services for
incoming connections, but does not affect present services # sacadm -s -p zsmon - restart the port monitor # sacadm -k -p zsmon - kill the TTY port monitor
167
17.5.2 Removing a TTY Monitor Removing a port monitor deletes the information in the configuration file associated with the port monitor. Port monitor information in the configuration files can not be updated or changed with sacadm. To reconfigure a port monitor delete it and add a new one,
# sacadm -r -p zsmon
17.5.3 Adding Services to a TTY Monitor The pmadm command is used to add services to a port monitor. The service tag and port monitor tag uniquely identify the service. So when specifying the pmadm command to add a service you need to specify both the service (-s) and port monitor instance (-p) through which the service is made available. 17.5.4 Disable/Enable a TTY Service To disable a TTY service use pmadm with the "-d" option; to re-enable it use the "-e" option to pmadm:
# pmadm -d -p zsmon -s a # pmadm -e -p zsmon -s a
17.6 Network Port Monitors

The listen port monitor is the network listener daemon. Multiple services can be provided by each instance of listen. The administrative files for listen are configured using the pmadm and nlsadmin commands. The network listener plays a role similar to that of inetd and provides additional services, such as network printing service between System V and BSD machines. The listen monitor can be enabled disabled killed
monitoring requests for service and invoking the responsible servers not monitoring new requests, but previous servers remain functional then all servers previously invoked by this instance of listen are disabled.
17.6.1 Adding a Listener The sacadm command is used to add the listener:
# sacadm -a -p tcp -t listen -c /usr/lib/saf/listen -v nlsadmin -V where: -a adds the port monitor -p specifies the pmtag associated with the port monitor -t specifies the port monitor type -c specifies the command to execute when starting the port monitor -v specifies the version number (from nlsadmin)
168
Network Port Monitors
17.6.2 Listing a Listener You can use the sacadm command to list the status of the listener,
# sacadm -l -p tcp PMTAG PMTYPE tcp listen FLGS RCNT 0 STATUS ENABLED COMMAND /usr/lib/saf/listen tcp #
17.6.3 Listener Control Commands To control a listener use the sacadm command for the tcp port monitor, i.e.:
# sacadm -e -p tcp # sacadm -s -p tcp # sacadm -d -p tcp # sacadm -k -p tcp # sacadm -r -p tcp - enable a listener - start a listener - disable a listener - kill a listener - remove a listener
17.6.4 Adding Services to the Listener The nlsadmin command is used to present listen-specific configuration information to the pmadm command. It associates an instance of a listen process with the specific service called for by that listener. To add a service use pmadm and nlsadmin, e.g. to add a listen process for the SunOS5.X print request:
# pmadm -a -p tcp -s lp -i root -v nlsadmin -V -m "nlsadmin -o /var/spool/lp/fifos/listenS5" where for nlsadmin the option -o specifies the full pathname to the FIFO or named STREAM used by the server process to receive the connection
17.6.5 List a Listen Status You can use the -l option to the pmadm command to check the listener status,
# pmadm -l -p tcp PMTAG PMTYPE tcp listen SVCTAG FLGS lp ID root <PMSPECIFIC> - - p - /var/spool/lp/fifos/listenS5 #
17.6.6 Enable a Listen Service Enable a listen service with the -e option to pmadm and specify appropriate service tag:
# pmadm -e -p tcp -s lp
169
17.7 Terminal Control

SunOS 5.X uses the System V terminfo database for terminal control by default, not the termcap file of BSD. The termcap file and its associated utilities are provided with the compatibility package, but are not intended for general use. The serial port naming convention has been changed for SunOS 5.X. It now allows for more ports. The device names of SunOS 4.X are still there as symbolic links to the new names, e.g. /dev/ttya is a symbolic link to /dev/term/a, which is a symbolic link to the physical device, /devices/zs@1,f1000000:a. When logging in stty and tput are used to configure the terminal I/O values to match the characteristics expected for the terminal. 17.7.1 The terminfo database The terminfo database contains the descriptions of the terminal capabilities. Its used by programs such as vi and the curses package to control the screen. The database is kept in the /usr/share/lib/terminfo directory with subdirectories specified by the first character of the names of the terminfo files. Each terminfo description is a separate, compiled file, within the subdirectory matching the first character of its name [1-9,a-z,A-Z]. The terminfo files are functionally equivalent to the individual entries in the termcap file, however, the terminfo files are in a compiled format, not ASCII, as is the termcap file. The entries in a terminfo file are described in the terminfo(4) man page. You can display the contents of a terminfo file in a format similar to a termcap entry using the infocmp command. With no options and no TERMINFO environment variable set infocmp assumes the desired terminfo file is that of the TERM variable, e.g.:
# infocmp # Reconstructed via infocmp from file: /usr/share/lib/terminfo/x/xterm xterm|vs100|xterm terminal emulator, am, km, mir, msgr, xenl, cols#80, it#8, lines#65, acsc=aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~, bel=^G, blink=@, bold=\E[1m, clear=\E[H\E[2J, cr=\r, csr=\E[%i%p1%d;%p2%dr, cub=\E[%p1%dD, cub1=\b, cud=\E[%p1%dB, cud1=\n, cuf=\E[%p1%dC, cuf1=\E[C, ... sgr0=\E[m, smacs=^N, smkx=\E[?1h\E=, smso=\E[7m, tbc=\E[3g,
170
Terminal Control
17.7.2 Terminal Definitions The terminal definitions are contained in the /etc/ttydefs file. ttymon uses this file to configure the terminal and set the baud rates for the ports. The ttydefs file contains fields for the following:

ttylabel initial-ags nal-ags autobaud nextlabel
string to match the TTY ports ttylabel field the initial termio settings the final termio settings for the connection A=enabled, blank=disabled next ttydefs entry to try
A few of the entries in the ttydefs file are:

38400:38400 hupcl:38400 sane hupcl::19200 19200:19200 hupcl:19200 sane hupcl::9600 9600:9600 hupcl:9600 sane hupcl::4800 4800:4800 hupcl:4800 sane hupcl::2400 2400:2400 hupcl:2400 sane hupcl::1200 1200:1200 hupcl:1200 sane hupcl::300 300:300 hupcl:300 sane hupcl::38400 auto:hupcl:sane hupcl:A:9600 console:9600 hupcl opost onlcr:9600 sane::console pty:9600 hupcl opost onlcr:9600 sane::pty
17.7.3 Changing Terminal Definitions The sttydefs command is used to maintain the terminal definitions file. This command can add and remove line settings and use hunt sequences in the ttydefs file. The change options can only be used by root, but anyone can use the -l option to display the entry for a particular label, e.g.:
% sttydefs -l 9600 ------------------------------------------------9600:9600 hupcl:9600 sane hupcl::4800 ------------------------------------------------ttylabel: 9600 initial flags: 9600 hupcl final flags: 9600 sane hupcl autobaud: no nextlabel: 4800
The options available to sttydefs are:

-l -a -b -n -i -f -r UNIX System Administration display matching ttylabel add a record using the ttylabel enable autobauding specify the nextlabel value specify the initial-ags value specify the nal-ags value remove the record for ttylabel 1998 University Technology Services, The Ohio State University 171
17.8 Summary
In summary we have the following tables for the SAF commands and control files.
TABLE 17.1
Command Summary Description sac administrative command to add, remove, disable, enable, and monitor port monitors service administration command to associate a port monitor instance with the service to be provided provides ttymon specific information, such as port device name, to the pmadm command provides listen specific information, such as the server that will answer requests, to the pmadm command
Command Name sacadm pmadm ttyadm nlsadmin
TABLE 17.2
File Summary Description system configuration script sac administrative file to configure the port monitors controlled by sac directory for the pmtag port monitor administrative file to control the port monitor configuration for the services provided by pmtag log file for sac directory for the log files created for pmtag
File Name /etc/saf/_sysconfig /etc/saf/_sactab /etc/saf/<pmtag> /etc/saf/<pmtag>/_pmtab /var/saf/_log /var/saf/<pmtag>
172
C H A P T E R 18
The Network
18.1 The Network Network types and access - Local Area Network (LAN) and Wide Area Network (WAN). LAN
high speed connection between machines within a site. WAN geographically remote machines. Ethernet uses Carrier Sense Multiple-Access Collision Detection (CSMA/CD) to share a single transmission line. This means the system listens on the line prior to attempting to send a packet, any system can send at any time, and should a collision occur the system will sense this and retransmit after a random delay. The International Standard Organizations Open System Interconnection (ISO/OSI) model is used by Sun and many other vendors as the network protocol. From the top down the layers are:
TABLE 18.1
Network Protocol Layers ISO/OSI Application Presentation Function provides network services, e.g. mail, ftp, telnet, NFS, YP, DNS, WWW XDR (eXternal Data Representation); transformation services such as text compression, conversion between character codes (EBCDIC ASCII), etc. so that it can be recognized by other machines. RPC (Remote Procedure Call); enables programs to establish connections with each other via names rather than socket addresses; recovers from failed connections. TCP (Transmission Control Protocol), UDP (User Datagram Protocol); TCP provides reliable communication between pairs of processes on the network, it establishes connections through "sockets" which are determined from the IP address and the port number; UDP provides a low overhead transmission service, but with less error checking. IP (Internet Protocol); connects subnets to the Internet; handles fragmentation/recombination, routing and buffering; initiates and terminates connections between machines. defines data frames; controls data encapsulation; detects and possibly corrects errors; determines how the line is to be shared by the multiple machines. provides an electrical connection, e.g. through coaxial cable, between machines; defines procedures for starting and ending sessions; transfers packets.
Practical
Application Session Transport Transport
IP
Network
Data Link
Physical
Physical
173
The Network
18.2 Hardware used in a network

Controller - e.g. Intel (ie0 - Sun3, Sun4), Lance (le0 - Sun4m, Sun4c, Sun3/50, Sun3/60). Transceiver Cable - connects the controller to the transceiver box. Transceiver Box - electrically isolates the system from the rest of the network. Coaxial Cable - the ethernet backbone. Switch - examines the data packet to determine the destination, then sends the packet only over the segment hosting the recipient machine. If the packet is addressed to a machine on the same segment, the packet never leaves that segment. This minimizes traffic on the network segments that dont need to see the packet. Bridge - operates at the Data Link layer. Designed for transparent connection of networks. Bridges and Switches allow you to break the network into smaller segments that increase the overall throughput of the total network. Router - joins 2 networks at the network layer; forwards packets of a particular protocol from one subnet to another; translates messages between different protocols, e.g. DECnet and TCP/IP. Gateway - joins different types of networks; translates one protocol into another, e.g. between OSUs SONNET backbone and the local subnets. Terminal Server - attach systems on a local area network to serial devices, e.g. terminals and printers; may support LAT and Telnet protocols.
174
Ethernet Frame
18.3 Ethernet Frame

Ethernet traffic is transported in units of a frame, where each frame has a definite beginning and end. The form of the frame is in the figure below.
FIGURE 18.1
Ethernet Frame
Preamble D addr S addr Type 8 bytes
D addr
S addr
Data maximum of 1500 bytes
CRC 4 bytes
6 bytes 6 bytes 2 by 6 bytes 6 bytes
MAC
Media Access Control Header In this model we define:

Data Field
(46-1500 bytes)
Preamble Destination Address Source Address Type Data Field Destination Address Source Address CRC
Field used for synchronization, 64-bits Ethernet address of the destination host, 48-bits Ethernet address of the source host, 48-bits Type of data encapsulated, e.g. IP, ARP, RARP, etc, 16-bits. Data area, 46-1500 bytes, which has Internet address of destination host Internet address of source host Cyclical Redundancy Check, used for error detection
The data to be sent is encapsulated by each layer, from the Application down to the Physical, and each adds its own header information. When data is received each layer strips off its header and then passes the packet up to the next layer. The Transport Layer makes sure that the source and destination, hosts and ports, can be identified, and includes a sequence number so that a file can be broken into multiple packets and recombined on the receiving end. The Internet Layer determines how the frames will be delivered, including fragmenting them to send along a path with a smaller maximum transmission unit (MTU) or recombining them for a larger MTU path. It determines the routing used to get to the destination. The Network Layer provides the encapsulation of the datagram into the frame to be transmitted over the network. It includes the ethernet addresses of the source machine and of the next hop towards the destination. These addresses are rewritten with each hop.
175
The Network
18.4 Trouble shooting the Ethernet

Some common error messages related to the network that you might come across are: le0 no carrier - transceiver cable problem? Check the transceiver cable to make sure that you are properly connected to the network. Sun, especially on their older boxes, is notorious for having bad connections here; try a different transceiver box. It could also be another hardware problem on the network, such as a damaged cable, or a faulty bridge or router. le0 ethernet jammed Make sure that the ethernet cable is terminated at both ends. unknown host The remote hostname cant be resolved into an IP address. Try using the IP address. If this works you need to check your name resolution. network unreachable Your machine doesnt have a route to the remote host. Use "netstat -rn" to check the routing tables and set a default route if necessary. no answer or Connection timed out or cannot connect Your machine has a route to the remote host, but is not receiving any response from it. The network may be down, or the remote host may not have a route back to your machine, or one or both machines may be misconfigured. Check your network configuration with ifconfig and netstat. 18.4.1 etherfind With SunOS 4.1.X you can use ethernd to examine network traffic. For etherfind to work your network interface must be in promiscuous mode, i.e. have the appropriate streams NIT support enabled in the kernel. This support is required for a diskless boot server, but is something you may want to disable on other machines. To examine all traffic originating or terminating at the workstation "nyssa":
# etherfind -p -i le0 -src nyssa -o -dst nyssa icmp type lnth proto source 60 tcp leela.acs.ohio 138 udp tardis 138 udp tardis 118 udp tardis 74 tcp leela.acs.ohio 60 tcp leela.acs.ohio
destination nyssa nyssa nyssa nyssa nyssa nyssa
src port login 2049 2049 652 login login
dst port 1021 1023 1023 684 1021 1021
To examine traffic between machines "nyssa" and "leela" the command would be:
# etherfind -p -i le0 -between nyssa leela
176
Monitoring the network
18.4.2 snoop SunOS 5.X has the snoop command to allow you to inspect packets on the network. This command has numerous options for determining which packets to examine. To examine all packets to or from host "nyssa" you would execute:
# /usr/sbin/snoop host nyssa Using device le0 (promiscuous mode) nyssa.acs.ohio-state.edu -> ace.acs.ohio-state.edu RSTAT C Get Statistics ace.acs.ohio-state.edu -> nyssa.acs.ohio-state.edu RSTAT R Get Statistics tardis.acs.ohio-state.edu -> nyssa.acs.ohio-state.edu XWIN C port=1085 nyssa.acs.ohio-state.edu -> tardis.acs.ohio-state.edu XWIN R port=1085 nyssa.acs.ohio-state.edu -> gallifrey.acs.ohio-state.edu RSTAT C Get Statistics gallifrey.acs.ohio-state.edu -> nyssa.acs.ohio-state.edu RSTAT R Get Statistics tardis.acs.ohio-state.edu -> nyssa.acs.ohio-state.edu XWIN C port=1085 nyssa.acs.ohio-state.edu -> peri.acs.ohio-state.edu RSTAT C Get Statistics
which displays the originating and destination addresses, the protocol used, and the port used. 18.4.3 IRIX 5.X IRIXs NetVisualizer product contains netsnoop and other programs useful for analyzing network problems. netsnoop will allow you to check for bad ethernet packets, etc. 18.4.4 Digital UNIX Digital UNIX has the PD program, tcpdump, available for network packet analysis. This will provide information similar to Suns snoop program.
18.5 Monitoring the network

18.5.1 arp The address resolution protocol program, arp, is useful for determining other machines broadcasting on your subnet. The -a option will display the current ARP entries from the kernel, e.g.:
% arp -a Net to Media Table Device IP Address ------------------------le0 gallifrey.acs.ohio-state.edu le0 tardis.acs.ohio-state.edu le0 ace.acs.ohio-state.edu le0 nyssa.acs.ohio-state.edu le0 224.0.0.0
Mask --------------255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 240.0.0.0
Flags -----
SP SM
Phys Addr --------------08:00:20:0c:63:66 08:00:20:06:85:c9 08:00:20:0c:3f:ec 08:00:20:0c:a2:93 01:00:5e:00:00:00
177
The Network
18.5.2 ping ping sends an echo packet to the network host and reports on whether or not it replies, e.g.:
% ping nisca nisca.acs.ohio-state.edu is alive
18.5.3 traceroute traceroute is a PD program for tracing the route taken by a packet enroute to a host. To trace a packet to SunSite (Suns anonymous ftp archive at UNC) execute:
% traceroute sunsite.unc.edu traceroute to sunsite.unc.edu (152.2.22.81), 30 hops max, 40 byte packets 1 son-se7-eth2.acs.ohio-state.edu (128.146.6.1) 10 ms 0 ms 10 ms 2 son-se4-eth3.acs.ohio-state.edu (164.107.100.1) 10 ms 10 ms 0 ms 3 kc1.acs.ohio-state.edu (128.146.3.1) 20 ms 10 ms 10 ms 4 cicnet.ohio-dmz.net (192.68.143.1) 20 ms 30 ms 10 ms 5 um-osu.cic.net (131.103.11.46) 20 ms 30 ms 30 ms 6 fd-0.enss131.t3.ans.net (192.203.195.1) 20 ms 30 ms 20 ms 7 t3-2.Cleveland-cnss41.t3.ans.net (140.222.41.3) 30 ms 20 ms 40 ms 8 t3-3.Cleveland-cnss40.t3.ans.net (140.222.40.4) 30 ms 20 ms 20 ms 9 t3-1.New-York-cnss32.t3.ans.net (140.222.32.2) 50 ms 40 ms 50 ms 10 t3-1.Washington-DC-cnss56.t3.ans.net (140.222.56.2) 40 ms 50 ms 60 ms 11 t3-2.Greensboro-cnss72.t3.ans.net (140.222.72.3) 60 ms 60 ms 60 ms 12 t3-0.Greensboro-cnss73.t3.ans.net (140.222.73.1) 50 ms 60 ms 60 ms 13 t3-0.Greensboro-cnss75.t3.ans.net (140.222.75.1) 50 ms 60 ms 50 ms 14 t1-0.enss150.t3.ans.net (140.222.150.1) 120 ms 140 ms 190 ms 15 rtp3-gw.concert.net (192.101.21.253) 170 ms 180 ms 200 ms 16 uncch-gw.concert.net (128.109.3.2) 160 ms 130 ms 110 ms 17 SunSite.unc.edu (152.2.22.81) 130 ms 100 ms 110 ms
18.5.4 netstat netstat shows the status of a network and displays network tables, e.g. to display the statistics concerning packets transferred, errors, etc.:
% netstat -i Name Mtu lo0 8232 le0 1500 Net/Dest Address loopback localhost 128.146.116.0 nyssa Ipkts Ierrs 4866839 0 28898831 598 Opkts Oerrs 4866839 0 17568833 1123 Collis Queue 0 0 332910 0
To display the routing tables use the -r option (-n to prevent host name lookups), e.g.:
% netstat -rn Routing Destination -------------------127.0.0.1 128.146.116.0 224.0.0.0 default 178 Table: Gateway -------------------127.0.0.1 128.146.116.4 128.146.116.4 128.146.116.1
Flags ----UH U U UG
Ref ----0 3 3 0
Use -----4579185 7624 0 41960
Interface --------lo0 le0 le0
Difference between Ethernet and Internet Addresses
18.5.5 traffic trafc graphically displays the ethernet traffic, but must be run from a SunView window. This program is available only under SunOS 4.1.X. 18.5.6 xtr X-windows version of traffic is xtr. For both traffic and xtr you need to run /usr/etc/rpc.etherd to collect the ethernet statistics to be displayed by these programs.
18.6 Difference between Ethernet and Internet Addresses

18.6.1 Ethernet address Ethernet addresses are assigned by the manufacturer and are arbitrary. This number is burned into the machines ID PROM on the CPU board of all Sun workstations. It is composed of 6 1-byte fields for a total of 48 bits. This number is unique and is associated with a particular ethernet device. The values of the ethernet addresses for a subnet are kept in /etc/ethers, e.g.:
08:00:20:06:50:C2 08:00:20:06:AD:E4 08:00:20:06:A3:4E 00:00:A7:00:1D:4E 08:00:20:07:9D:64 ivy nyssa gallifrey bongo leela
A server requires this information in order to boot a diskless client. 18.6.2 Internet (IP) address The Internet address is a 32-bit number (4 8-bit fields), that represent the individual machine and subnet of the network. Each 8-bit field is designated by a decimal number between 0 and 255, in the form: a.b.c.d. These addresses are divided into two parts: a network address and a host address. If the first bit of the address is 0, then this is a Class A address, allowing up to 224 - 2 hosts on a network. Class B networks have the first 2 bits as 10, and allow up to 216 - 2 hosts on a network. Class C address have the first 3 bits as 110, and allow up to 28 - 2 hosts on a network. There are also Class D addresses. These are reserved for multicasting, and have their first four bits as 1110. The following Table illustrates the characteristics of the IP Classes.
TABLE 18.2
IP Classes First 4 bits 0xxx 10xx 110x 1110 # Network Bits 7 14 21 28 # Host Bits 24 16 8 Multicast Network Number 1 to 127 128 to 191 192 to 223 224 to 239
Class A B C D
179
The Network
These correspond to the following IP addresses characteristics.

TABLE 18.3
IP Addresses Maximum # of Networks 128 16,384 2,097,152
Class
A B C
Maximum # of Hosts
16,777,214 65,534 254
Address Range
1.*.*.* to 127.*.*.* 128.*.*.* to 191.*.*.* 192.*.*.* to 223.*.*.*
Network Address
a a.b a.b.c
Host Address
b.c.d c.d d
The Network and Broadcast addresses are reserved and not used for actual hosts. A Network addresses has a host value of 0, as in 128.146.116.0. A Broadcast address has all ones in the host address, e.g. 128.146.116.255. Earlier versions of SunOS (4.X) use the old style, all zeroes, to indicated the broadcast address, e.g. 128.146.116.0. All Sun systems accepts broadcasts from both the 0 and 255 addresses. If you are running SunOS 4.X you should reset the broadcast in /etc/rc.local to use the 255 address. An address starting with 127 in the first field designates a loopback address, 127.0.0.1. This refers to the internal interface used by the machine to send a packet to itself. This is usually designated as interface lo0. On a national basis IP addresses are assigned by the Network Information Center (NIC). Locally, these are assigned by the OSU/UTS NIC. A valid IP address and name would look like:
128.146.116.4 nyssa.acs.ohio-state.edu
where and where and
128 .146 .116.4 .116 .4
.edu .ohio-state nyssa.acs a subnet of .acs.ohio-state.edu nyssa
NIC UTS
IP and hostname pairs are kept in /etc/hosts, which might have the contents:
127.0.0.1 128.146.116.4 128.146 140.254 164.107 localhost nyssa nyssa.acs.ohio-state.edu loghost
There are 3 class B networks assigned to the Ohio State University:
Which should leave OSU with ample room for expansion for the near future.
180
C H A P T E R 19
Network Administration
19.1 Network Initialization

On startup the RC scripts are run to configure the system and the network interface. Through these scripts the system mounts its local file systems and those it will use over the network. SunOS 5.X uses most of the scripts in /etc/init.d when the system enters run level 2. Scripts such as rootusr, inetinit, inetsvc, sendmail, rpc, nfs.client, and nfs.server start and stop the network services. 19.1.1 Configuration Files The configuration files are in the /etc directory. Some of these are shown in the following table.
TABLE 19.1
Configuration Files
SunOS 4.1.X
aliases defaultrouter defaultdomain hostname.xxx hosts hosts.equiv inetd.conf
SunOS 5.X
aliases -> ./mail/aliases defaultrouter defaultdomain hostname.xxx hosts -> ./inet/hosts hosts.equiv inetd.conf -> ./inet/inetd.conf netconfig netmasks -> ./inet/netmasks nodename nsswitch.conf remote resolv.conf ./mail/sendmail.cf services -> ./inet/services
Description
sendmail aliases file IP address of the default router NIS(+) domain name host name for the xxx interface hosts file file of equivalent hosts configuration file for /usr/sbin/inetd network configuration database netmask value host name for the system configuration file for the name service switch remote host description file for tip configuration file for domain name service sendmail configuration file Internet services file
NA
netmasks
NA NA
remote resolv.conf sendmail.cf services
181
19.1.2 /etc/bootparams Diskless clients depend on the server to inform them of their root and swap partitions. The server keeps this information in the /etc/bootparams file, e.g.:
ivy root=tardis:/export/root/ivy \ swap=tardis:/export/swap/ivy
19.1.3 File System Mount Options When mounting a file system you can specify a number of options to indicate the type of file system and to control access to the file system. The following are valid mount options.
4.2 ufs nfs tmp tmpfs swap rw|ro bg|fg suid|nosuid quota|noquota soft hard intr|nointr retry=n rsize=n wsize=n timeo=n noac retrans=n actimeo=n acregmin=n acregmax=n acdirmin=n acdirmax=n secure port=n block special device (BSD 4.2 file system type) (SunOS 4.X only) block special device (SunOS 5.X) NFS file system type TMPFS file system type (SunOS 4.X only) tmpfs file system type (SunOS 5.X only) swapfs file system type (SunOS 5.X only) read/write (default), or read-only if the first attempt fails retry the mount in the background, or foreground (default) allow (default), or disallow, setuid execution enable, or disable, quota checking on this file system (applies locally only) the nfs mount is interruptible the client will continue trying until the server responds (default) allow, or disallow (default) the process to be interrupted on hard mounts retry the mount operation n times (defaults to 10000) set the read buffer to n bytes (defaults to SunOS 4.X: 8192; SunOS 5.X: 32768) set the write buffer to n bytes (defaults to SunOS 4.X: 8192; SunOS 5.X: 32768) set the NFS timeout value to n tenths of a second (defaults to 7) no attribute and name lookup caching. set the NFS retransmission tries to n (defaults to 3) set the minimum and maximum cache times for files and directories to n seconds (no default) retain cached attributes at least n seconds after file is modified (defaults to 3) retain cached attributes no more than n seconds after file is modified (defaults to 60). retain cached attributes at least n seconds after a directory is modified (defaults to 30) retain cached attributes no more than n seconds after a directory is modified (defaults to 60). set DES authentication for NFS transactions set the server IP port number to n (defaults to NFS_PORT).
These mount options are valid both on the command line for the mount command and in the mount table: /etc/fstab (most Unices) or /etc/vfstab (SunOS 5.X).
182 1998 University Technology services, The Ohio State University UNIX System Administration
Network Initialization
19.1.4 File System Mounting, SunOS 4.1.X SunOS 4.1.X specifies the file systems to be mounted in the file /etc/fstab. For example a file server might have in /etc/fstab:
/dev/sd0a /dev/sd0f /dev/sd0g /dev/sd0h /dev/sd1b /dev/sd1a swap / /var /usr /home /export/swap /export/root /tmp 4.2 rw,nosuid 4.2 rw 4.2 rw 4.2 rw 4.2 rw,nosuid 4.2 rw,nosuid tmp rw 11 13 12 14 15 16 00
A diskless client might have in its /etc/fstab:

tardis:/export/root/blueagle tardis:/export/exec/sun4.sunos.4.1.4 tardis:/export/share/sunos.4.1.4 tardis:/usr/local tardis:/home/tardis tardis:/var/spool/mail tardis:/export/exec/kvm/sun4c.sunos.4.1.4 / /usr /usr/share /usr/local /home/tardis /var/spool/mail /usr/kvm nfs rw nfs ro nfs ro,soft,bg nfs rw,hard,bg nfs rw nfs rw,noac nfs ro 00 00 00 00 00 00 00
where the indicated keywords and a few other valid ones have the following meanings: The last two numbers are the dump interval, in days, and the order in which fsck checks the disk. 19.1.5 File System Mounting, SunOS 5.X
19.1.5.1 The mount table, /etc/vfstab
SunOS 5.X specifies its mount table in /etc/vfstab, not /etc/fstab. The format has been changed a bit also. The fields in this table are:

device-to-mount
device-to-fsck mount-point FS-type fsck-pass mount-at-boot mount-options
the block special device for a local file system, or the server:/dir designation for a remote one the raw special device to be used by fsck the mount point for the file system file system type, e.g. ufs, nfs, rfs, swapfs, tmpfs, proc specifies whether the file systems are checked sequentially or in parallel specify if the file system should be automatically mounted at boot the list of comma-separated options used by mount (no spaces)
183
A vfstab file might look something like the following. Each field must contain an entry, so where no option is called for a hyphen (-) is used.
#device #to mount /proc fd swap /dev/dsk/c0t3d0s0 /dev/dsk/c0t3d0s6 /dev/dsk/c0t3d0s5 /dev/dsk/c0t3d0s1 /acs/nyssa/0/swapfile /dev/dsk/c0t6d0s0 tardis:/home/tardis device to fsck /dev/rdsk/c0t3d0s0 /dev/rdsk/c0t3d0s6 /dev/rdsk/c0t3d0s5 mount point /proc /dev/fd /tmp / /usr /opt /cdrom /home/tardis FS type proc fd tmpfs ufs ufs ufs swap swap ufs nfs fsck pass 1 2 3 mount at boot no no yes no no yes no no no yes mount options ro hard,intr,bg
The fsck pass value specifies whether or not the file system is checked. If this field contains a value of 1 or greater the file system is checked. Non ufs type file systems with a zero fsck pass value are checked. For ufs file systems if this value is zero (0) or hyphen (-) the file system is not checked. For values greater than 1 the files systems are checked in parallel if the preen option (-o p) is used with fsck (this is the default for ufs file systems in /sbin/rcS). The list of mounted file systems is kept in the /etc/mnttab file.
19.1.5.2 Default File System Types
When using the mount command on the command line the default file system type for local operations is specified in the file /etc/default/fs, with the LOCAL parameter, and is set to ufs, i.e.:
LOCAL=ufs
For remote file systems the default is specified in the file /etc/dfs/fstypes, and is set to nfs. When using the mount command these defaults are assumed unless otherwise specified, e.g. by using the -F option:
# mount -F file-type file-system mount-point
The actual mount command used and the available options are determined by the file-type specification. The man pages for mount_ufs, mount_nfs, mount_hsfs, mount_rfs, and mount_tmpfs describe the options available. The actual commands are located in /usr/lib/fs under subdirectories named for the file-types.
184
1998 University Technology services, The Ohio State University
Host Names and addresses
19.1.6 File System Mounting, IRIX 5.X IRIX uses /etc/fstab to specify its file systems, e.g.:
/dev/root / efs rw,raw=/dev/rroot 0 0 mail_server:/var/spool/mail /var/mail nfs hard,bg,intr,noac 0 0 home_server:/home/frank /usr/people/frank nfs hard,bg,intr 0 0 file_server:/usr/local /usr/local nfs ro,hard,bg,intr 0 0
Here, for a local device the raw partition is specified as one of the mount options. 19.1.7 File System Mounting, Digital UNIX Digital UNIX uses /etc/fstab with a format very similar to SunOS 4.X, except for swap space. This is referenced with an sw mount option and for multiple swap areas you can specify the priority, e.g.:
/dev/rz0a / ufs rw 1 1 /proc /proc procfs rw 0 0 /dev/rz0g /usr ufs rw 1 2 /dev/rz0b swap1 ufs sw,pri=0 0 2 /dev/rz1b swap2 ufs sw,pri=1 0 2 /dev/rz0h /home ufs rw 1 3 file_server:/usr/local /usr/local nfs rw,hard,bg,intr 0 0
19.1.8 File System Mounting, Ultrix Ultrix uses /etc/fstab with a format similar to SunOS 4.X, except that fields are separated by a colon (:) instead of whitespace, e.g.:
/dev/rz2a:/:rw:1:1:ufs:: /dev/rz2g:/usr:rw:1:2:ufs:: /dev/rz6e:/usr/local:rw:1:2:ufs::1:2:ufs::
19.2 Host Names and addresses

19.2.1 Static Tables The table of host names and IP addresses is kept in /etc/hosts, in the form:
# IP-address 127.0.0.1 128.146.116.4 128.146.116.1 hostname alias localhost loghost nyssa nyssa.acs.ohio-state.edu loghost tardis tardis.acs.ohio-state.edu
Generally you will keep the local host name here, its server, or for a server, its diskless clients, and maybe a few other frequently used machines. Diskless machines require that the server know their ethernet address, kept in the /etc/ethers, e.g:
# ethernet-address 00:00:A7:00:11:3D UNIX System Administration hostname bongo 1998 University Technology Services, The Ohio State University 185
19.2.2 Dynamic name resolution Network names and addresses change and new hosts are constantly being added to the network, so its impossible to keep the static host table up-to-date. To serve this need we have Domain Name Servers (DNS) on the network. These are authoritative, or query the authoritative servers to determine IP address, when given host names. The DNS server will be running named, the Internet domain name server daemon (/usr/[etc,sbin]/in.named). For SunOS 4.1.X you can get this automatically through the Network Information Services (NIS) when you set the option B=-b in /var/yp/Makele and re-initialize the NIS maps. Then NIS will automatically query the name server specified in /etc/resolv.conf for hosts not found in the NIS maps. For SunOS 5.X you turn on this service by specifying "dns" for the host entry in the network switch configuration file, /etc/nsswitch.conf. You can also have the system query NIS and or the local /etc/hosts file by specifying those, in the desired order, on this entry, e.g.:
hosts: dns nis files
Queries to DNS will then be resolved using the information supplied in /etc/resolv.conf. The /etc/resolv.conf file contains the IP domain name of the system and a list of name servers to use. For SunOS 5.X you can also specify a search path to use, e.g.:
domain acs.ohio-state.edu. nameserver 128.146.1.7 <---- ns1.net.ohio-state.edu, authoritative for OSU nameserver 128.146.48.7 <---- ns2.net.ohio-state.edu search acs.ohio-state.edu magnus.acs.ohio-state.edu eng.ohio-state.edu ohio-state.edu
The domain will automatically be appended to any host name not having a dot (.) in the name. The first nameserver listed will be considered primary and queried first. Additional ones will be queried, in order (up to a maximum of 3), if the primary one does not respond to the request. Many resolvers will accept the search field, whereby names to be resolved have these strings appended and then checked for resolution, in the order specified, until one is resolved. 19.2.3 IRIX 5.X IRIX has a similar /etc/resolv.conf file, but it is also used to specify the host resolution order with a line similar to:
hostresorder local nis bind
in addition to those above. 19.2.4 Ultrix and Digital UNIX Ultrix and Digital UNIX specify the order to search in /etc/svc.conf, with a line similar to:
hosts=local,bind
186
Services
19.3 Services
19.3.1 /etc/services The services available on your system through the network are described in the file /etc/services. This database matches services available with their port numbers and protocol, e.g. a few of the many network service entries are:
ftp telnet smtp tftp www ntp ntp 21/tcp 23/tcp 25/tcp 69/udp 80/tcp 123/tcp 123/udp # File Transfer Protocol # Telnet # Simple Mail Transfer Protocol # Trivial File Transfer Protocol # World Wide Web # Network Time Protocol # Network Time Protocol
19.3.2 /etc/inetd The internet services daemon, inetd, is started in the RC scripts. Inetd responds to requests for services on your machine. It monitors the services specified in /etc/inetd.conf and uses the corresponding ports and protocol specified in /etc/services. For each service specified in the services database there is a corresponding entry in the inetd.conf file. So for the above example with the telnet service there will be a corresponding entry in inetd.conf to start the telnet service when a request is received on the network port 23. This entry will be:
telnet stream tcp nowait root /usr/etc/in.telnetd in.telnetd
Inetd starts up the required daemon to respond to the request for the specified port. After the connection is made (e.g. at port 23 for telnetd) the transaction is moved to some higher port number. Port numbers 0->1023 are considered "trusted ports" and can only be monitored by root. Each connection is identified by a set of 2-32-bit numbers and 2-16-bit numbers:
Host number of connections origination Port number of connections origination Host number of connections target Port number of connections target
19.3.3 Remote Procedure Calls The NFS and NIS protocols, among others, use Remote Procedure Calls (RPC) to request and respond to queries for information over the network. The services and the RPC program number they use are listed in the /etc/rpc database, in the form:
# rpc-program-server portmapper rpcbind nfs rpc-program-number 100000 100000 100003 aliases portmap sunrpc <--- SunOS 4.1.X portmap sunrpc rpcbind<--- SunOS 5.X nfsprog
187
19.4 Network Programs

19.4.1 ifconfig - Configure the Network Interface Configure the network interfaces with the ifcong command. For each interface you can report or assign the IP, ethernet and broadcast addresses, enable or disable the interface, set the netmask, and protocols for the interface. Syntax
ifcong [interface] [address] [options]
Common Options
-a -au -ad up down trailers|-trailers arp|-arp plumb|unplumb apply the action to all interfaces (SunOS 4.X and 5.X only) apply the action to all "up" interfaces (SunOS 4.X and 5.X only) apply the action to all "down" interfaces (SunOS 4.X and 5.X only) bring the interface up. This happens automatically when you set the first address on the interface. bring the interface down. The system will no longer send messages through this interface. set the flag to use, or disable, "trailer" link level encapsulation. "trailers" is no longer used, and it set, is ignored. enable, or disable, the use of Address Resolution Protocol (arp) to map between network level and link level address (defaults to arp) setup and open, or destroy and close, the streams necessary to for TCP/IP to use the interface. After using unplumb the device will not be reported by "ifconfig -a". (SunOS 5.X only). set the address for broadcasting to the local subnet. The default broadcast address is the machine address with the host part of the address set to all 1s, except for SunOS 4.X which defaults to all 0s in the host part of the address. set the mask for how much of the address to use for the network part of the address and how much to use for the subnet (host part) of the address. set the ethernet address
broadcast address
netmask mask ether address
Examples ifcong is usually executed at several points in RC scripts, first to bring up each interface, and then again later to reset the netmask and broadcast for each. To report on the network interface do the following, where le0 is the primary interface name on most Sun workstations:
# ifconfig le0 le0: flags=63<UP,BROADCAST,NOTRAILERS,RUNNING> inet 128.146.116.4 netmask ffffff00 broadcast 128.146.116.255 ether 8:0:20:fa:1b:2c
where the netmask value of ffffff00 is equivalent to 255.255.255.0 and the ethernet address is reported only if you are the superuser. The file /etc/netmasks contains information for non-default netmasks. For SunOS 5.X entries should have the network address use zeroes to fill out the octets, while in SunOS 4.1.X it should not, e.g:
188 1998 University Technology services, The Ohio State University UNIX System Administration
Network Programs # Network 128.146.0.0 128.146 # ifconfig le0 netmask + netmask 255.255.255.0 255.255.255.0
<-- used by SunOS 5.X <-- used by SunOS 4.1.X
ifcong uses this file for its default settings, i.e. when doing the following:
19.4.2 Logical Interfaces (SunOS 5.X) SunOS 5.X allows the use of multiple logical interfaces for each physical network interface. So a single physical connection can have more than one IP address. The physical interface must first be "plumbed", to make it visible to ifcong e.g.:
# ifconfig le0 plumb
Then the logical interfaces can be configured using the device_name:logical_unit_number format, while retaining the logical unit number 0 for the default physical interface. Valid logical unit numbers are 1 through 255. So to set the first logical interface do:
# ifconfig le0:1 IP_address up
Each logical interface can have its own network address, netmask, etc. Then create the file /etc/hostname.le0:1 containing the desired hostname for that logical interface. It should then automatically be configured after each reboot. 19.4.3 route - Network Routing Normally you would just use the default route to get to one of the network routers (or the server for your subnet) and not have to worry about managing the network routing tables on your system. You can have the system set the default route on startup by placing the IP address of the default router in the file /etc/defaultrouter. If you do need to manage the network routing tables then you can run the network routing daemon, in.routed. This will be started for you through the RC scripts if no default route exists (i.e. /etc/defaultrouter is empty or non-existent). Syntax
route [ options ] [ add|delete ] [ host|net] destination [ gateway [ metric ] ]
Common Options
-f -n add|delete host|net destination gateway metric flush the routing tables dont map the IP addresses to host names add, or delete, a route to the destination interpret the destination as a host or network, respectively network destination address the network gateway address through which packets are sent number of hops to destination, required with the add option. A metric of
0 indicates an interface on the local machine; specify this if all destinations are local. A metric of 1 indicates its on the local subnet.
189
Examples To add the server as the default router for a workstation, first kill the route daemon on the workstation, if its running, then ush the existing route with:
# route -f
Lastly, add the default route for the interface:

# route add default 128.146.116.1 1
where default is the designation used to indicate the destination address for all non-local packets, 128.146.116.1 is the address of the router for the sub-net, and it is 1 hop away. 19.4.4 netstat - Show Network Status Report the status of the network, with its interfaces and sockets, with netstat. Syntax
netstat [ options ] [ system ] [ core ]
Common Options
-a -f address_family inet unix -i -m -n -r -s -g -M -p -v system core show status of all sockets, including server processes report only statistics related to the address_family, one of: AF_INET address family AF_UNIX family show status of auto-configured interfaces only show management statistics (or STREAMS statistics, SunOS 5.X only) dont map the IP addresses to host names show the routing tables, or statistics (with -s) show the per-protocol statistics, or routing statistics (with -r) show multicast groups (SunOS 5.X only) show multicast groups (IRIX only) show the address resolution protocol (ARP) statistics (SunOS 5.X only) verbose (SunOS 5.X only) defaults to the kernel, e.g. /vmunix specify the kernel core file when examining savecore output, e.g. for SunOS 4.1X: system=vmunix.0, core=vmcore.0.
Examples You can check the routes that the machine is actually using with netstat, e.g.:
# netstat -rn Routing tables Destination 127.0.0.1 default 128.146.116.0
Gateway 127.0.0.1 128.146.116.1 128.146.116.4
Flags UH UG U
Refcnt 1 27 29
Use 10007 55222481 138605429
Interface lo0 le0 le0
190
SunOS 5.X
The -i option will show the status of the network interfaces, e.g.:
# netstat -i Name Mtu le0 1500 le1 1500 lo0 1536 Net/Dest 128.146.116.0 128.146.6.0 loopback Address server server-gw localhost Ipkts 33168177 25310460 458882 Ierrs 864 1193 0 Opkts 34382907 20675896 458882 Oerrs 19 0 0 Collis 49045 62690 0 Queue 0 0 0
where
mtu Ipkts Ierrs Opkts Oerrs Collis Queue maximum transmission unit Input packets Input errors Output Packets Output errors Collisions number in the Queue
Often a shortage of buffers can lead to input errors. If the input error rate, Ierrs/Ipkts 0.00025 (0.025%), you may want to experiment with increasing the receive buffers. Here Ierrs/Ipkts is 0.000026 for le0 and 0.000047 for le1. Network saturation can be investigated by looking at the collision rate, Collis, for a few days. If any of the following are true than one should be concerned.
(Collis + Ierrs + Oerrs)/(Ipkts + Opkts) > 0.02 (2%) Collis/Opkts > 0.02 (2%) (0.0014, .14%) Oerrs > 0% (0.0007, .07%)
This may indicate that the network is saturated. Trafc or xtr can give you an indication of the ethernet usage. If it consistently reports 35% utilization then the ethernet segment is saturated and you should look at ways to distribute the load. The netstat command has a few new options for SunOS 5.X to report on the new TCP/IP features, including IP multicasting. IP multicasting allows the sender to transmit one packet to be received by one or more, but not necessarily all, hosts on a network. This is useful in multi-party communications when sending the same data to multiple destinations. With logical addressing you can send to a service, rather than a host. The default multicast address is 244.0.0.0. The address 244.0.0.1 is permanently assigned to the group of all hosts and gateways participating in IP multicasting. Host groups are identified by this address and interested hosts listen on this address.
19.5 SunOS 5.X

19.5.1 Host Name The SunOS 5.X system host name is stored in several files. These files are /etc/nodename, /etc/hostname.xxx, /etc/inet/hosts, and in the hosts files in the directories, /etc/net/[ticlts,ticots,ticotsord]. These three refer to the loopback transport providers of the same names. Should you ever change the host name youll need to change it in all these files. Another way to change the hostname is to touch /etc/.UNCONFIGURED and then reboot the machine. On the
way back up you will be prompted for the system identification information, including hostname, IP address, NIS/NIS+ type and server, etc. 19.5.2 The rpcbind Server The server, rpcbind, replaces portmap as the service providing addresses of server programs to client programs. The rpcbind server is started by the script /etc/init.d/rpc. 19.5.3 Selections
19.5.3.1 Network Services
The network services to use are specified in the file /etc/nsswitch.conf. Here you can specify the various name and service databases and the order in which to search the databases. The databases associated with this switch are:
aliases automount bootparams ethers group hosts netmasks networks passwd protocols publickey rpc services for sendmail for the automounter for bootparamd for mapping ethernet address to hostnames for getting group names for checking host names for ifconfig for Internet network addresses for checking login entries for protocol names for the rpc public key for the rpc service addresses for the network services list
These databases can use the following sources:

files nis nisplus dns compat e.g. /etc/hosts, /etc/passwd, etc. NIS NIS+ Domain Name Service allows use of +/- entries in passwd and group files (for NIS)
A typical nsswitch.conf file is:

passwd: compat files nis group: files nis # consult /etc files only if nis is down. hosts: dns nis [NOTFOUND=return] files networks: nis [NOTFOUND=return] files protocols: nis [NOTFOUND=return] files rpc: nis [NOTFOUND=return] files 192 1998 University Technology services, The Ohio State University UNIX System Administration
Ultrix and Digital UNIX ethers: nis [NOTFOUND=return] files netmasks: nis [NOTFOUND=return] files bootparams: nis [NOTFOUND=return] files publickey: nis [NOTFOUND=return] files netgroup: nis automount files nis aliases: files nis # for efficient getservbyname() avoid nis services: files nis sendmailvars: files

The /etc/svc.conf file specifies the databases and services, e.g.:
# Note: White space allowed only after commas or newlines. # File Format # database=service,service # # The database can be: # aliases # group # hosts # netgroup # networks # passwd # protocols # rpc # services # The service can be: # local # yp # bind (hosts ONLY) aliases=local group=local hosts=local,bind netgroup=local networks=local passwd=local protocols=local rpc=local services=local SECLEVEL=BSD # for backward compatibility ONLY
193
19.7 Miscellaneous Configuration Files

19.7.1 /etc/syslog.conf The system log daemon, syslogd, records its information in log files on the system as determined by its configuration file, /etc/syslog.conf. These log files, usually /var/adm/messages and/or /var/log/syslog or /var/adm/SYSLOG (IRIX) or /var/adm/syserr/syserr.hostname (Ultrix) will, among others, contain messages related to problems with the network. The Solaris 2.X syslogd requires that the m4 macro process program be installed (in /usr/ccs/bin) to interpret the syslog.conf file. syslogd can be run with the -d option to debug problems with syslog.conf entries. 19.7.2 /etc/hosts.equiv We sometimes want to allow other users, on systems we trust, to login over the network without supplying a password. In other words, we presume that authentication on their system is equivalent to our own. We can accomplish this by putting their system hostname in the file /etc/hosts.equiv. When an rlogin or rsh request comes in from one of these hosts there is no prompt for a password. This applies for all users except the root user. SunOS 4.X is delivered with "+" in this file, meaning ALL hosts are trusted. If you are not going to use this file remove it. On a per user basis the file ~/.rhosts is equivalent to the above file; this also includes the root user. 19.7.3 Terminals The terminal configuration files are covered in the chapters on Adding Hardware, and the Service Access Facility. 19.7.4 Mail We will look at the mail related configuration files, sendmail.cf and aliases in the Mail chapter.
194
C H A P T E R 20
Distributed File System Administration
20.1 Distributed File Systems

There are two distributed file systems used by SunOS, the Network File System (NFS) and the Remote File Sharing (RFS) system. These both operate over the network and allow you to share files. The latter also allows you to share devices. These are both available in SunOS 4.1.X and 5.2, though RFS did not survive beyond 5.2. The commands for using these programs are different in the two releases. A machine can simultaneously run both NFS and RFS. 20.1.1 The Network File System The Network File System was developed by Sun Microsystems and is licensed to many vendors. It allows the sharing of file systems and directories, and provides a common login environment regardless of the network machine on which you login. Its a service that is designed to be machine independent and transparent to the user. NFS uses remote procedure calls (RPC) through the external data representation protocol (XDR) to communicate between machines. The user doesnt have to know any of the details. When things are working properly local and remote file systems will appear as one big local file system to the user. The major functions of NFS are mount/export directories from/to other computers, on/off your local network, so that they can be accessed as if they were local. An NFS client can mount files systems from more than one NFS server. These mounts are done through the ethernet. The NFS server does not maintain state information about its clients open files; this must be done by the client. The server program is small and efficient, while the client program has to do most of the work. NFS supports diskless workstation booting and automounting, and allows you to mount NFS directories on top of other NFS directories. 20.1.2 The Remote File Sharing System The Remote File Sharing system, was developed by AT&T to allow UNIX workstations to share files over a network. It allows workstations to act as clients of servers. RFS provides access to files and directories without the user having to know where the resource is located. A nameserver is used to register resource names, so the client machine doesnt need to know where the resources are. Resources are moved simply by changing entries in the nameserver registry.
RFS allows users to mount special directories so that they can share devices (e.g. tape drives) residing on other machines. RFS is a stateful protocol; the server maintains state information of local resources. The server knows what each client is doing to its files at all times. The server can detect client crashes, so cache consistency is guaranteed. RFS can NOT be used to boot diskless clients. RFS does NOT support symbolic linking or automounting. RFS does NOT support mounting of a directory on top of an existing RFS directory.
20.2 NFS Protocol

The NFS protocol uses RPCs to communicate between client and server. The client issues an RPC request for information from the server which replies with the result. If requests go to a machine with different byte ordering XDR can translate between them. There are 16 different RPCs used by NFS version 2 to request and regulate file access. The RPCs run on top of the UDP protocol. UDP is faster than TCP, but doesnt provide any error checking. NFS relies on the built-in retry logic of the RPCs to make sure that requests and replies arrive at their destinations. The client can specify block sizes, number of retry attempts, and time to wait values when it mounts the servers files, with defaults of 8k blocks (read: rsize, write: wsize), 5 retries (retrans), and a 1 second timeout (timeo). If the client doesnt receive an acknowledgment within the timeout period it sends the request again. To prevent overloading the server it then doubles the time-to-wait period. The client continues the cycle until the server responds or the retry limit is reached. If the latter occurs you get the familiar "nfs server not responding" error message. Since the NFS protocol is stateless the client receiving this error has no information to decide if the problem is with the network or with the server. Processes trying to access server files, e.g. df, will happily wait until the server responds, as it is blocked until it receives a reply. If the server crashed the client program will pick up where it left off after the server comes back on line. You can use "soft" mounts to give you the ability to break out from stalled RPC send/receive requests. If you really want to ensure that write requests are completed, though, you should use "hard" mounts, and also specify "intr" if you want to be able to abort the command. Before a client issues an RPC request to the server it checks to see if the desired data is already cached from an earlier request. If the data is newer than the cache attribute timeout value (actimeo, with a default of 30 seconds) than the data is used, otherwise it sends a request to the server to compare the modification time of its cached file with that of the servers file. If the servers file is newer a request to resend the data is issued. NFS version 3, used by IRIX 5.3+ and SunOS 5.5+ has some significant enhancements over earlier versions. NFS can now run on top of the TCP protocol. Additionally it now supports safe asynchronous writes, finer access control, and larger file transfer sizes, with less overhead. Since NFS is stateless you want to make sure that the server has really performed the write request to a
196
NFS Protocol
stable storage area before acknowledging it to the client. Version 3 allows unsafe, asynchronous, writes to be committed to stable storage reliably. The maximum transfer size has been increased from 8 kB to 4 GB, where the machines negotiate the transfer size, up to 64 KB, the maximum allowed for both UDP and TCP. The protocol, either TCP or UDP, is also negotiated between the machines, defaulting to TCP if both ends support it. The new protocol now allows 64-bit file offsets, up from the former 32-bit limit, supporting arbitrarily large file sizes. The new version is more efficient, e.g. it returns the file attributes after each call, eliminating the need to issue a separate request for this information. Solaris 2.5 and IRIX 5.3+ NFS implementations support both version 3 and version 2 of the protocols, so that they can reliably communicate with clients and servers supporting either, with full backwards compatibility. Both NFS versions use port 2049 and should have such and entry for both udp and tcp in /etc/services. The 22 RPC requests used be NFS version 3 are listed below.
TABLE 20.1
NFS RPC calls NFS version 2 null getattr setattr lookup readlink read write create mkdir symlink remove rmdir rename link readdir statfs Description Does nothing, except make sure the connection is up get file, or directory, attributes, e.g. file type, access times & permissions set file, or directory, attributes lookup file name in a directory check access permissions for a user read the data from a symbolic link read from a file write to a file create a file or symbolic link create a directory create a symbolic link create a special device node remove a file (delete the directory entry) remove a directory (delete the subdirectory entry from a directory) rename a file or directory create a link to an object read from a directory extended read from a directory get dynamic file system state information get static file system state information retrieve POSIX information for the filesystem commit the cached data on the server to stable storage (force a flush of data previously written to the server)
NFS version 3 void GETATTR SETATTR LOOKUP ACCESS READLINK READ WRITE CREATE MKDIR SYMLINK MKNOD REMOVE RMDIR RENAME LINK READDIR READDIRPLUS FSSTAT FSINFO PATHCONF COMMIT
197
20.3 SunOS 4.1.X

20.3.1 NFS
20.3.1.1 Server
For an NFS server the important command is /usr/etc/exportfs. This command must be run to enable clients to mount the file systems. You can specify file systems to be exported on the command line, or you can use the -a (all) option to the default export file, /etc/exports. /etc/exports contains the list of system directories to export, who has access to them, and the nature of the access (e.g. rw or ro, root, etc.). A file server might have the following exports file to service diskless and dataless clients of multiple hardware architectures.
/home -access=nyssa:blueagle:leela /usr -root=blueagle,access=blueagle /usr/local -root=nyssa,access=nyssa:blueagle /usr/sun3/local -access=leela /var/spool/mail -access=nyssa:blueagle:leela /export/share -access=blueagle:leela:nyssa /export/exec/sun3x.sunos.4.1.1 -access=leela /export/exec/kvm/sun4c.sunos.4.1.4 -access=blueagle /export/exec/kvm/sun3x -access=leela /export/root/leela -root=leela,access=leela /export/root/swap/leela -root=leela,access=leela /export/root/blueagle -root=blueagle,access=blueagle /export/swap/blueagle -root=blueable,access=blueagle
If you dont specify restrictions it defaults to allow read/write access to all, e.g. if exports contains:
/
your root directory is accessible to everyone on the net. After you edit /etc/exports to make the directories mountable by other systems you need to run:
# /usr/etc/exportfs -a
The server needs to run the NFS mount daemon, rpc.mountd, and several NFS service daemons, nfsd (typically 8 for a low use server). These two daemons handle NFS mount requests and client requests, respectively. NFS also requires that the block IO daemons, biod, be running (normally 4 are started) to buffer read-ahead and write-behind requests. These are used for all client requests, both local and through NFS. The block IO daemons are always started by rc.local; the other NFS daemons started for the server during boot by rc.local only if /etc/exports exists. The relevant lines in rc.local are:
if [ -f /usr/etc/biod ]; then biod 4; (echo -n biod) >/dev/console fi if [ -f /etc/exports ]; then > /etc/xtab exportfs -a >/dev/console nfsd 8 & (echo -n nfsd) >/dev/console rpc.mountd -n >/dev/console fi 198 1998 University Technology Services, The Ohio State University UNIX System Administration
SunOS 4.1.X
If you create an exports file later you will need to start these by hand before your system can become a server. The file /etc/xtab contains the list of files actually exported via exportfs. If you execute exportfs without any options it will display this list. You can use the showmount command to see who is mounting your file systems, though its not a very accurate representation of the current state.
20.3.1.2 Client
The client normally mounts all file systems listed in /etc/fstab during the boot process. Those of type nfs are mounted when the "mount -at nfs" command is issued in /etc/rc.single, e.g. an nfs entry in fstab might be:
tardis:/home /home nfs rw 0 0
You can also mount file systems from the command line, e.g.:
# mount -t nfs tardis:/home /home
This will issue an NFS request to the server, tardis, to mount the file system, /home, on the local directory, /home. The client needs to be running the block IO daemon, biod, to buffer NFS requests (normally 4 are started). Another way to mount file systems is to use the automounter. The automount daemon, automount, will automatically mount the desired file system whenever a file/directory in that file system is accessed. It intercepts any requests for access to the file system and then uses the information in a NIS map or local file to decide how and where to mount the file system. If no access is made after a few minutes the file system is unmounted again. 20.3.2 RFS
20.3.2.1 Security
Security for RFS is provided through: machine passwords read-only access to resources can restrict machines allowed to access resources can force users off at any time file access based on user and group id mapping
20.3.2.2 Components of RFS
The RFS Domain consists of: primary name server secondary name servers RFS resource servers RFS clients
199
The RFS name server maintains information about the RFS domain, available resources, and passwords for use in the domain. The RFS le server can advertise resources from itself or those that it has NFS mounted. The RFS client mounts resources advertised from an RFS le server.
20.3.2.3 Installation and Initialization
The RFS software must be loaded from the Installation tape or CDROM, either at installation or later with the add_services utility. The following kernel options are required in the configuration file in order to use RFS:
options options pseudo device pseudo device pseudo device pseudo device pseudo device pseudo device pseudo device pseudo device RFS VFSSTATS tim64 tirw64 tcptli32 sp clone snit pf nbuf
You need to choose a unique domain name, having a maximum of 14 characters (SysV restriction). Then create the file, /usr/nserve/rfmaster, on the primary name server. This file should contain the names and IP addresses of the primary and secondary RFS name servers in the format:
RFS_domain server_type RFS_domain.hostname A RFS_domain.hostname hex_IP_address
where server_type should be replaced by either P (primary) or S (secondary), and separate each field of a line by a space or tab. To convert an IP address to hex use the following command for hosts listed in /etc/hosts:
% hostrfs tardis \x00021450809274010000000000000000
The database file, /usr/nserve/rfmaster, should be readable by everyone, but writable only by root (mode 644). Initialize RFS on the name server with:
# dorfs init RFS_domain tcp [port num]
where init initializes the services for the domain and tcp specifies the network protocol type. The RFS daemons are started with:
# dorfs start
This will start the daemons: listener, rfudaemon, rfs:server, rfs:recovery, rfs:rfdaemon RFS startup can be done at boot time by uncommenting the associated lines in /etc/rc. Initialize RFS on the client by first copying the /usr/nserve/rfmaster file from the server, again setting the permissions to 644. After the primary name server is started initialize RFS with:
# dorfs init RFS_domain tcp [port num]
200
SunOS 4.1.X
and start the RFS daemons with:

# dorfs start
20.3.2.4 Advertising and Monitoring the Resources
The server now needs to advertise resources it wishes to export with the adv command. An example whereby you want to allow the tape devices of the server to be available to the clients, you could create the directory /dev/rdev on the server. The files in /dev/rdev would be links to the tape devices, e.g.:
# ln /dev/rst8 /dev/rdev/rst8 # ln /dev/rmt8 /dev/rdev/rmt8
Then you advertise the resources in /dev/rdev to the client:

# adv -r -d "tardis devices" tardisdevs /dev/rdev nyssa
Here I have advertised the tardis devices directory, /dev/rdev, read-only, which will be known only to the client nyssa, with the name tardisdevs. If you want to advertise resources automatically create a file /etc/rstab on the RFS server. It should be a shell script of adv commands and should be executable by all, mode 755. To display the advertised properties on the server use the adv command without options, e.g.:
# adv tardisdevs # unadv resource /dev/rdev "tardis devices" read-only nyssa
To unadvertise a resource on the server use the unadv command, e.g.: To find out what resources are available on the client use the nsquery command, e.g.:
# nsquery RESOURCE tardisdevs ACCESS read-only SERVER rfs_acs.tardis DESCRIPTION tardis devices
Mount the resource on the client with the mount command, specifying the RFS device, e.g.:
# mount -r -d tardisdev /mnt
where "-r" specifies read-only, and "-d" is followed by the name of the RFS resource. To unmount the directory use the umount command, e.g.:
# umount -d tardisdev
To mount an RFS resource automatically at boot time add an entry to /etc/fstab similar to:
tardisdev /mnt rfs ro 0 0
To unadvertise and forcibly unmount a resource from all clients type at the server use fumount, e.g.:
# fumount [-w seconds] resource
The superuser can monitor client use of server resources with the rmntstat command:
# rmntstat RESOURCE tardisdevs # fuser tardisdevs PATH /dev/rdev HOSTNAMES rfs_acs.nyssa
The fuser command can be used on the client to see who is using the resource, e.g.:
201
20.4 SunOS 5.X

SunOS 5.X uses a common set of commands and files to administer both the Network File System (NFS) and the Remote File Sharing (RFS) system. This combination is known as the Distributed File System (DFS). These common set of commands for DFS replace the individual commands for NFS and RFS of SunOS 4.X. Through DFS you can share files, directories, and devices over the network. The operative word with DFS is sharing. With DFS we share file systems, rather than export them. /etc/exports and exportfs are gone. In place of these files we have the control files in the /etc/dfs directory and the share and shareall commands. The files in /etc/dfs are: dfstab fstypes sharetab
containing commands for sharing resources across the network which registers the DFS packages on the system, i.e. nfs and rfs containing a table of local resources being shared
20.4.1 /etc/dfs/dfstab This server file contains a series of share commands for sharing the resources. Each line consists of a share command specifying the resource to be shared, the file system type, a description of the resource and options specifying client access to the resource. The commands in this file are automatically executed when entering run level 3. An example of a dfstab would be:
# place share(1M) commands here for automatic execution # on entering init state 3. # # share [-F fstype] [ -o options] [-d <text>] <pathname> [resource] # .e.g, # share -F nfs -o rw=engineering -d home dirs /export/home2 share -F nfs -o ro=ace:tardis:gallifrey -d nyssa cdrom /cdrom
20.4.2 /etc/dfs/fstypes For each distributed file system type installed on the system there is a line in fstypes that begins with the file system type name followed by a description of the package, e.g. for nfs:
nfs nfs utilities: version 11.4.2
20.4.3 /etc/dfs/sharetab This contains a table of shared local resources and is created by the share command. There is a line for each resource shared containing the pathname of the resource, the resource being shared, the file system type, specific options specifying how the resource is being shared, and a description of the resource, e.g.:
/cdrom nfs ro=ace:tardis:gallifrey nyssa cdrom
202
SunOS 5.X
20.4.4 Daemons The block I/O daemons, biod, have been replaced by kernel threads. NFS write requests are queued and assigned to a kernel thread on a per-mount basis. The kernel thread performs the asynchronous write request. The kernel threads are created on demand, with up to 8 per mount point allowed. When there are no outstanding write requests no threads exists for that mount point. 8 nfs daemons, nfsd, and the mount daemon, mountd, are started when you initiate run level 3 by the /etc/rc3.d/S15nfs.server script. These daemons are physically located in /usr/lib/nfs. If the /etc/dfs/dfstab file is empty when entering run level 3 the mountd and nfsd daemons are not started. To start these daemons later you can place an entry in the dfstab file and execute "init 1", and then return to run level 3, or you can execute the nfs.server script mentioned above. NFS clients require the statd and lockd daemons, also located in /usr/lib/nfs. 20.4.5 The Automount File System, autofs Autofs mounts file systems when they are accessed and unmounts them after a specified period of inactivity. It uses the automount daemon, /usr/lib/autofs/automountd, to control the mounting of file systems. This daemon is started at run-level 2 by the /etc/init.d/autofs script which also mounts the file systems with the /usr/sbin/automount command. The automount system doesnt use /etc/vfstab to specify file systems. It uses the maps specified in the /etc/auto_master file and in the NIS(+) system. (This file is known as auto.master for NIS.) The auto_master file has entries of the form:
#mount-point +auto_master /net /home map-name -hosts auto_home [ mount-options ] -nosuid
In this file +auto_master refers to an NIS(+) master map. If one exists insert those entries as if they were part of this file. The remaining entries specify the directory to automount the file and the automount map associated with it. The -hosts map entry specifies all the NFS exported file systems in the NIS(+) hosts database. These will be mounted on /net, e.g. the file systems for a host, tardis, will be mounted on /net/tardis. For the last entry in auto_master there is a corresponding /etc/auto_home file with contents:
+auto_home
indicating that the auto_home NIS(+) map should be used. (This file is known as auto.home for NIS.) When the location of this file is not specified by the complete path name it is follows the convention determined by the automount entry in /etc/nsswitch.conf, e.g.:
automount: files nis
which specifies that the files in /etc should be checked first, followed by the NIS maps. The auto_home table maps login names with directories, and is managed through the NIS(+) system. The automount maps can be direct or indirect. The direct maps specifies a mount point on the client for a specific directory on the server. An indirect map refers to a table of automount points. The indirect map is the more common way of using the automounter.
203
In a direct map you can specify more than one server from which to access read-only file systems, e.g.:
/usr/man -ro server1:/usr/man server2:/usr/man server3:/usr/man
The system will mount the nearest available server, with those on the same subnet being given preference. You can use certain variables in these maps by prefacing a dollar sign to the variable name. The variable names recognized by the automounter are:
Variable Name ARCH CPU HOST OSNAME OSREL OSVERS Variable Meaning hardware architecture processor type hostname operating system name operating system release number operating system version Example sun4c sparc nyssa SunOS 5.5 FCS1.0
When you make an addition or deletion to a direct map you need to run the automount command to have the change take effect. Modifications to existing entries dont require you to do this. To modify the master NIS+ maps use the nistbladm command then run the automount command to have the changes take effect. Well look at the nistbladm command in the chapter on NIS+ later in the course. You can access non-NFS file systems through the automounter, including removable media and cachefs file systems. For these you need to specify the file system type and the device file or cache to use. To mount a cachefs file system put an entry similar to the following in master map:
/home auto_home -fstype=cachefs, cache=/local/cache
You can not automount a file system on top of another automounted file system. By default when you boot your system it will try to automount the home directories known to the NIS(+) server. If you dont want to run the automounter move the file, /etc/rc2.d/S74autofs, to a name not beginning with "S", e.g. old.S74autofs. 20.4.6 Utilities
20.4.6.1 Mounting and Unmounting Resources
To mount and unmount resources we have the mount, mountall, umount, and umountall commands. With the mount command you can specify the file system type (-F) and options to be used (-o) for the mount. With the mountall command you can designate a file system type (-F) and either local (-l) or remote (-r) file systems. Use umount to unmount a file system. There are similar options for the umountall command with the addition of a kill (-k) option to send a kill signal to all processes with open files on the indicated systems. Your local systems are mounted when going to run level 2 by /etc/rc2.d/S01MOUNTFSYS. NFS clients resources are mounted at run level 2 also by the S73nfs.client script.
204
DFS Command Summary

20.4.6.2 Sharing and Unsharing Resources
To share resources use the share and shareall commands and unshare them with the unshare and unshareall commands. You can specify file system types (-F) a description of the resource (-d) and various options to control client access (-o, with ro/rw, or rw=client[:client2]). With the unshare(all) commands you can only specify a file system type, so you can unshare all nfs file types with the command:
# unshareall -F nfs
The shareall command shares all resources specified in the /etc/dfs/dfstab file, or a named file. When invoked with no arguments the share command displays the resources currently shared, e.g.:
# share /cdrom ro=ace:tardis:gallifrey nyssa cdrom
20.4.6.3 Displaying Available Resources
To display mounted resources information use the dfmounts command. This command shows the local resources that are shared along with the clients that have the resource mounted.
# dfmounts RESOURCE SERVER nyssa PATH /cdrom CLIENTS gallifrey
To display available resources from remote or local systems use the dfshares command, e.g.:
# dfshares RESOURCE nyssa:/cdrom SERVER nyssa ACCESS TRANSPORT -
20.5 DFS Command Summary

The following table summarizes the commands used to administer Distributed File Systems in SunOS.
TABLE 20.2
DFS Command Summary SunOS 5.X mountall umountall share unshare shareall dfmounts dfshares Description Mount all file systems Unmount all file systems Share file systems Unshare file systems Share all file systems Show mounted file systems Show shared file systems
SunOS 4.X mount -a umount -a exportfs exportfs -u exportfs -a showmount -d showmount -e
205
20.6 IRIX 5.X, Ultrix and Digital UNIX

IRIX 5.X, Ultrix, and Digital UNIX all use /etc/exports to specify the files available for sharing over the network. IRIX, similar to SunOS 4.X, requires you to run /usr/etc/exportfs to actually export those files. Ultrix and Digital UNIX do not use the exportfs command.
20.7 NFS statistics

20.7.1 netstat netstat can be used to show the per-protocol statistics with the -s options, e.g. on SunOS 4.1.X:
# netstat -s udp: 0 incomplete headers 0 bad data length fields 0 bad checksums 0 socket overflows tcp: 21392 packets sent 13925 data packets (1565473 bytes) 23 data packets (901 bytes) retransmitted
If udp reports socket overflows then increase the number of nfsds, as user processes arent draining the sockets quickly enough. Typically a SunOS 4.X server starts, by default, 8 NFS daemons. On some systems it may be more appropriate to have 12 20 nfsds. 20.7.2 nfsstat The nfsstat command can be used to display statistics related to NFS activity. This command is useful when trying to debug NFS and RPC problems. nfsstat also has options to show both client and server information.
20.7.2.1 Server
On the server use nfsstat -ns (-n NFS information; -s server) to examine the statistics, e.g.:
% nfsstat -ns Server nfs: calls 69350 null 0 0% wrcache 0 0% mkdir 3 0%
badcalls 0 getattr 54682 78% write 1465 2% rmdir 0 0%
setattr 266 0% create 421 0% readdir 902 1%
root 0 0% remove 247 0% fsstat 37 0%
lookup 7138 10% rename 84 0%
readlink 748 1% link 5 0%
read 3352 4% symlink 0 0%
206
NFS statistics
Of these RPC calls, root and wrcache are not currently used by NFS. If readlink is high (>10%) replace symbolic links with mount points wherever possible on the client to improve NFS performance. If getattr is > 50% check for non-default attribute caching.
20.7.2.2 Client
To display client statistics, on the client execute nfsstat -rc (-r RPC information; -c client), e.g.:
% nfsstat -rc Client rpc: calls badcalls 307703 54
retrans 31
badxid 24
timeout 82
wait 0
newcred 0
timers 2037
where
calls badcalls retrans badxid timeout wait newcred total number of RPC calls received timeouts resulting from RPC error retransmission count duplicate responses from server # of RPC calls timed out calls that had to wait on a busy CLIENT handle refreshes of authentication information
If retrans > 5% of total calls, then requests are not reaching the server. If badxid ~ timeout, then most requests are reaching the server, and the server is the bottleneck. If badcalls ~ timeout, then soft-mounted filesystems are failing. You can check the NFS mounted file system states for the client with nfsstat -m (-m NFS stats for each mounted file system), e.g.:
% nfsstat -m /usr/local from server:/usr/local Flags: vers=2,proto=udp,auth=unix,hard,intr,dynamic,rsize=8192,wsize=8192,retrans=5 Lookups: srtt=7 (17ms), dev=4 (20ms), cur=2 (40ms) Reads: srtt=7 (17ms), dev=4 (20ms), cur=2 (40ms) Writes: srtt=31 (77ms), dev=3 (15ms), cur=5 (100ms) All: srtt=7 (17ms), dev=4 (20ms), cur=2 (40ms) /opt/ftp from susan:/opt/ftp Flags: vers=3,proto=tcp,auth=unix,hard,intr,link,symlink,acl,rsize=32768,wsize=32768,retrans=5 All: srtt=0 (0ms), dev=0 (0ms), cur=0 (0ms)
where
srtt dev cur smoothed round-trip time estimated deviation current backed-off timeout value
207
If srtt > 50 ms, then the mount point is slow, either at the server or because of network problems. If Lookups: cur > 80 ms, or Reads: cur > 150 ms, or Writes: cur > 250 ms, its taking tool long to process the requests on the server side (either server or network). If you frequently see the "NFS server not responding" error message it maybe time to increase the timeo setting on the mount in /etc/fstab or /etc/vfstab (SunOS 5.X). To correct for slow servers, (i.e. badxid ~ timeout) increase the RPC timeout (timeo option of the mount command). To correct for badcalls ~ timeout, increase retrans and possibly timeo option values. It is recommended that soft mounts not be used for writable filesystems or for executable files. Soft is recommended for only non-executable file systems mounted read-only. For other filesystems hard,intr,bg is recommended. If the network is the bottleneck (i.e. badxid ~ 0) it may be necessary to decrease the NFS buffer sizes: rsize and wsize, on the client from 8kB to 2kB. Network bottlenecks can also have other causes, e.g. the interconnection device (gateway, router, bridge) may be limiting.
208
C H A P T E R 21
Network Information Services (NIS and NIS+)
21.1 What is it and what does it do for you?

The Network Information Service (NIS) allows networked machines to have a common interface regardless of the workstation that you log into. This service was formerly known as the Yellow Pages, or YP. With NIS you have the same passwd and group files (same uid and gid) and can be placed into the same home directory on each of your machines. These services are considerably expanded under SunOS 5.X as Network Information Services Plus (NIS+). The Solaris 2 CDROM provides an NIS+ version that will run under SunOS 4.1.X in case you want to mix and match servers.
21.2 NIS
21.2.1 Initialization Install the NIS software during installation with suninstall, or later with /usr/etc/install/add_services. Initialize the NIS domain by running /usr/etc/ypserv, on the server and on its clients running /usr/etc/ypbind. This is done in /etc/rc.local. The NIS servers can also be NIS clients. You can have slave servers for redundancy. You need to specify a domainname, e.g. department, etc. in /etc/rc.local. This is completely separate from the IP domain name. Normally the NIS domainname is put in the file /etc/defaultdomain for use during startup. If this file does not exist or has the contents "noname", it is assumed that you are not using NIS. The domainname can be set or displayed with the domainname command. You originally set up the NIS databases on the server with the command /usr/etc/yp/ypinit -m/s (master/slave). In the simple case the server is the master for all maps in the database. All databases are built from scratch with ypinit. To update changed databases, e.g. after installing a new user:
# cd /var/yp; make
This will push the new databases to all the machines in the NIS domain. If you have more than one NIS server you may wish to bind a particular machine with a specific server. This can be done with the ypset command in conjunction with using the -ypset option to ypbind. To display your current NIS server use the ypwhich command.
To display contents of the NIS tables you can use the ypcat and ypmatch commands. ypcat lists the specified table. ypmatch matches a keyword with the specified table, e.g.:
% ypmatch frank passwd frank:jkl/fdasjklKY:101:10:Frank G Fiamingo:/home/tardis/frank:/usr/bin/tcsh
21.2.2 Databases controlled by NIS The information in the NIS maps is in a database format using the ndbm library. Each map has 2 files: .pag, and .dir. These are contained in a subdirectory of /var/yp named after your NIS "domain". The databases are:
Name aliases bootparams ethers group hosts netgroup netid netmasks networks passwd protocols publickey rpc services +::0:0::: Service mail aliases and addresses boot and NFS mount information for diskless clients hostname and ethernet addresses group names and gids hostname and internet addresses netgroup membership list map of local userID/groupID/group access-list and hosts for DES network number and netmask network number and internet name username and password information internet protocol names and numbers public and secret keys for secure NFS RPC program name and number internet service name, port number, and protocol
To tell the SunOS 4.1.X system to use the NIS database for passwd and group files put entries such as:
as the last entry in the /etc/passwd file of the NIS clients, i.e. all NIS password entries are valid on this host. Other examples of limitations and exclusions are, for /etc/passwd:
+frank: +frank:::::/home/new/frank: +@group:*:0:0:::/bin/true -@group::0:0::: - frank is a valid user, use his entry from the NIS database. - frank is a valid user, all entries are as in the NIS database, except his login directory. - the group "group" cant login, but users in this group can refer to their home directories. - exclude this group from entry. - all entries in the NIS group database are valid here. - the NIS group "group" is valid. - only the member frank and bob of group "project" are valid.
and for /etc/group:

+: +group: +project:::frank,bob
210
NIS+
SunOS 5.X clients will use the NIS database if nis and compat (for NIS +/- entry compatibility) are specified for the passwd entry in /etc/nsswitch.conf, e.g.:
passwd: compat files nis
To use the default NIS passwd table there is no need to add additional entries to /etc/passwd on the SunOS 5.X client.
21.3 NIS+
SunOS 5.X provides an enhanced version of NIS, NIS+, that is upwardly compatible with NIS. The new service provides for a hierarchical name space, similar to that used by the Internet. This allows for a distributed authority mechanism. Users can be given access to an entire database, or just particular entries within a database. Administrators can be restricted to changing files only within their domain. NIS+ propagates only changes in the maps, not the entire map. This allows for much faster updates. Entries are changeable anywhere on the NIS+ network. You dont have to be on the server to change the maps. The authorization model for NIS+ is similar to that for the UNIX file system. Each item in the namespace has an access rights list associated with it. These rights grant access to owner of the item, group owner of the item, and all others. 21.3.1 Domains The NIS+ domain is composed of a directory object and all of its children. The NIS+ namespace is made up of all the domains below the root directory. Each name is composed of a series of characters separated by a (.). These character sequences are known as labels. The label furthest to the right is closest to the root of the namespace. The (.) name is reserved to indicate the global root namespace; the root directory name always ends with a (.). NIS+ names are not case sensitive. The root server is the server for the root (.) domain. There is only one root server for a domain. A master server serves a domain. A master server is a client of the server directly above it in the hierarchy. A replica server is a copy of the master server, formerly known as a slave server. This provides redundancy for the service.
211
21.3.2 Objects There are three types of objects: directory objects table objects group objects
which form the framework of the namespace which store the information which are used for security
The directory objects are at the top of the namespace. Directory objects contain the names, addresses, and authentication information for systems within the domain. Objects within the database are stored as children of the directory object. The directory object at the top of the hierarchy is known as the root directory. You can add directory objects beneath the root directory and beneath other directory objects. The table objects identify table databases. The table object contains the scheme by which columns within the table can be identified and searched. Each table contains information about users, machines, or resources on the network. The normal set of 16 tables store information for:
hosts group networks protocols bootparams netgroups netmasks rpc password mail aliases ethers auto.home cred timezone services auto.master
The group objects contain a list of members of the group. An NIS+ group is a collection of users and workstations identified by a single name. They are assigned access rights as a group. Essentially, this is used to set security. All objects have a common set of properties. These are:
principal owner group owner access rights unique id time to live values
Also, each object type specifies information describing the type. Link objects point to the name of another object. 21.3.3 Names In general you can name directories any name you like. Two names are reserved, however: org_dir and groups_dir. They are reserved only for the objects that store the NIS+ table and group objects, respectively. An NIS+ domain consists of a directory object, the groups_dir and org_dir subdirectories, and a set of NIS+ tables. Names that identify objects in the namespace are known as regular names.
212
NIS+
Index names identify rows within a table. These are compound names containing a search criterion and a regular name. The regular name specifies the table to search, while the search criterion specifies the column values to search for within the table. 21.3.4 Authorization and Authentication NIS+ authorization allows four classes of principals: owner group world nobody
of the object set of specified users set of authenticated users all clients
and four access rights:
read modify create destroy
read contents of objects change objects add objects to tables and directories remove objects from tables and directories
Authentication is based on secure RPC. Solaris 2 supports three levels: none LOCAL DES
no authentication AUTH_SYS RPC authentication AUTH_DES Secure RPC
DES authentication is the most secure, but if you are running with Secure RPC you will not be able to mount files from servers not running Secure RPC (i.e. SunOS 4.X servers). Authentication is performed for every NIS+ request. If credentials can not be confirmed the client is treated as nobody. 21.3.5 Configuration The familiar yp* commands have been replaced with commands beginning with nis. The NIS+ administrative commands are located in /usr/bin, /usr/sbin and /usr/lib/nis. Starting with SunOS 5.3 Sun has added some scripts to assist you in setting up an NIS+ system. These scripts can be found in /usr/lib/nis. They automate setting up servers, clients, and populating NIS+ tables. The scripts are: nisserver nisclient nispopulate
set up NIS+ servers, root master, non-root master, and replica servers initialize NIS+ credentials for hosts and users populate NIS+ tables from files or NIS maps
213

21.3.5.1 Initialize a Server
The nisinit command is used to setup a client, master server, or replica server for NIS+. To initialize the root server use the -r option:
# nisinit -r
This should only be run once for the name space. It uses the domainname specified in /etc/defaultdomain and places its root object in the directory /var/nis.
21.3.5.2 Tables
The nissetup shell script is found in /usr/lib/nis. It creates org_dir and groups_dir directories and the standard tables, though empty, in an NIS+ directory. The domain should have first been created with the /usr/bin/nismkdir command. Subdirectories are removed with the nisrmdir command. Copies of the information are automatically passed to replica servers.
21.3.5.3 Credentials
The /usr/bin/nisaddcred command is used to create credentials for an NIS+ principal. These credentials are stored in the cred.org_dir public key table. You can add local or des credentials for the principal, e.g.:
# nisaddcred -p <uid> -P login.domain local
21.3.5.4 Permissions
Change permission attributes of an object with the /usr/bin/nischmod command. You must have modify access to the object before you can change the attributes. The /usr/bin/nisls command can be used to list the objects and permissions of an NIS+ directory.
21.3.5.5 Table Entries
The /usr/lib/nis/nisaddent utility is used to add table entries. It can use NIS maps, /etc files, NIS+ tables, or command line arguments as its source. With nisaddent you can dump entries from a table into a file. To enter the /etc/hosts table into the NIS+ database you could do the following.
# cat /etc/hosts | /usr/lib/nis/nisaddent -av hosts adding stdin to table hosts.org_dir.your.domain. adding/updating localhost adding/updating nyssa ...
You can administer NIS+ tables with /usr/bin/nistbladm. This command will allow you to create and delete tables, add entries to and modify entries within tables, and remove entries from tables. You can display NIS+ tables and objects with the /usr/bin/niscat command, e.g.:
# niscat -h netmasks.org_dir # number mask comment 128.146 255.255.255.0
The commands nismatch and nisgrep in /usr/bin can be used to match keywords and grep for regular expressions, respectively, in NIS+ tables.
NIS+
21.3.5.6 Defaults
Default values for principal name, domain name, host name, group name, access rights, time to live, and search path can be obtained with the nisdefaults command in /usr/bin. 21.3.6 NIS+ Setup These next few sub-sections indicate how to set up root, master, and replica servers, and client machines.
21.3.6.1 Root Master Server
1.
2.
3.
4.
5.
6.
7.
Choose a domainname # domainname acs.ohio-state.edu. # domainname > /etc/defaultdomain Choose the NIS+ version for nsswitch.conf # cp /etc/nsswitch.nisplus /etc/nsswitch.conf Initialize the server # nisinit -r where -r root server Start the daemon # rpc.nisd -rS 0 where -r indicates a root server -S 0 sets the security level to 0, i.e. non-secure, does not enforce access controls Setup the NIS+ directory structure # /usr/lib/nis/nissetup acs.ohio-state.edu. Add data to the tables cat <file> | nisaddent -a <tablename> where -a specifies to add entries without deleting existing entries Verify the entries, e.g. # niscat hosts.org_dir
21.3.6.2 SubDomain Server (Non-Root Master)
The root and master servers can be the same machine.

1.
Become a client of the parent domain # domainname wks.acs.ohio-state.edu. # domainname > /etc/defaultdomain # cp /etc/nsswitch.nisplus /etc/nsswitch.conf # nisinit -c -H <domain server hostname> where -c initializes an NIS+ client specifies hostname is the trusted server -H hostname
215

2.
3.
4.
5.
6.
Start the daemon in non-secure mode # rpc.nisd -S 0 Make the directories for the databases # nismkdir -m <subdomain server name> wks.acs.ohio-state.edu. where -m hostname create the directory with hostname as the master server Restart the NIS+ daemon # ps -ef | grep rpc # kill <pid> # rpc.nisd -S 0 Setup the NIS+ tables # /usr/lib/nis/nissetup wks.acs.ohio-state.edu. Add data to the tables # cat <file> | nisaddent -a <tablename>
21.3.6.3 Replica Server
A replica server binds to a domain.

1.
2.
3.
4.
Become a client of the parent domain # domainname wks.acs.ohio-state.edu. # domainname > /etc/defaultdomain # cp /etc/nsswitch.nisplus /etc/nsswitch.conf # nisinit -c -H <domain server hostname> Start the daemon # rpc.nisd -S 0 Make the directories for the databases # nismkdir -s <replica server hostname> acs.ohio-state.edu. where -s hostname specify hostname to be a replica server for the existing directory, <domain name> Replicate the domain # /usr/lib/nis/nisping acs.ohio-state.edu.
21.3.6.4 Client
A client binds to a sub-domain.

1.
2.
3.
Setup the sub-domain # domainname wks.acs.ohio-state.edu. # domainname > /etc/defaultdomain Choose the NIS+ version for nsswitch.conf # cp /etc/nsswitch.nisplus /etc/nsswitch.conf Initialize the client # nisinit -c -H <domain server hostname>
216
NIS+
21.3.7 Credential Setup To gain authorization to change NIS+ databases you need to create your security credentials for the NIS+ principals. These credentials are stored in the cred.org_dir table in the default NIS+ domain.
21.3.7.1 Root Master
Setting Up Credentials for the Root Master Server

1.
2.
3.
4.
5.
6.
Login as root on the root master server and create the credential for the root master at the highest security level # nisaddcred des Create the group nisadmin and the master host to the group # nisgrpadm -c nisadmin.acs.ohio-state.edu. # nisgrpadm -a nisadmin.acs.ohio-state.edu. master_host_name.acs.ohio-state.edu. Update the NIS+ keys # nisupdkeys acs.ohio-state.edu. # nisupdkeys org_dir.acs.ohio-state.edu. # nisupdkeys groups_dir.acs.ohio-state.edu. Kill and restart the rpc.nisd with the new security level enforced # ps -ef | grep rpc.nisd # kill rpc.nisd_pid_number # rpc.nisd -r Set the permissions and group ownerships for the directories # nischmod g=rmcd acs.ohio-state.edu. org_dir.acs.ohio-state.edu. groups_dir.acs.ohiostate.edu. # nischgrp nisadmin.acs.ohio-state.edu. acs.ohio-state.edu. Set the environmental variable NIS_GROUP. To do this permanently add this variable to /.profile and /.login, e.g. # setenv NIS_GROUP nisadmin.acs.ohio-state.edu.
21.3.7.2 Clients
Setting Up Credentials for Client Hosts

1.
2.
3.
Login as root on the root master server and define the client host as a principal. Youll be prompted for the root password of the client host. You can also add the client host to the group nisadmin.acs.ohio-state.edu. # nisaddcred -p [email protected] -P host_name.acs.ohio-state.edu. des To allow the root user on the client host to update the maps, add that host to the NIS+ group, nisadmin.acs.ohio-state.edu. # nisgrpadm -a nisadmin.acs.ohio-state.edu. host_name.acs.ohio-state.edu. Login as root on the client host and enter the password for root of that host. # keylogin -r Password:
217

4.
If the root user on the client host is to update the maps, then on the client host set the environmental variable NIS_GROUP. To do this permanently add this variable to /.profile and /.login, e.g. # setenv NIS_GROUP nisadmin.acs.ohio-state.edu.
21.3.7.3 Users
Setting Up Credentials for Users

1.
2.
3.
4.
Login as root on the root master server and create the user account. This can be done with admintool. Add a password for the user account using the nispasswd command and add the credentials using nisaddcred. # admintool # nispasswd login_name Password: # nisaddcred -p uid# local # nisaddcred -p unix.uid#@acs.ohio-state.edu -P login_name.acs.ohio-state.edu. des Password: To allow the user to change the NIS+ maps, the user must be added to the NIS+ group, nisadmin.acs.ohio-state.edu. # nisgrpadm -a nisadmin.acs.ohio-state.edu. login_name.acs.ohio-state.edu. If the user is to update the maps using admintool you must create the group sysadmin with gid=14 and then add this user as a member of the sysadmin group. Set the users environment variable NIS_GROUP. To do this permanently add this variable to ~/.profile and ~/.login, e.g. # setenv NIS_GROUP nisadmin.acs.ohio-state.edu.
218
C H A P T E R 22
Adding Clients
22.1 Clients
There are four types of SunOS clients: diskless, dataless, standalone, and AutoClient. These must all be served by an NFS file server over the network. The diskless client has no disk. It must get root, swap, home, and system files from the server. The dataless client has a small local disk. It may have root and swap local, with system and home files on the server. The standalone client has all the files necessary to run the OS but may desire additional file systems from the server, e.g. the user home directories. The AutoClient is similar to the diskless client, except that it has a small disk for local caching. An AutoClient should have an entire disk, of at least 100 MB, devoted to it. It uses the Cache File System (cachefs) to locally store /, /usr, and other cachefs mounted file systems. It can also use NFS to mount other file systems. It allows for fast access with centralized administration because theres no permanent data on the client. Everything is quickly reproduced by rebooting over the network from the server. You can install a client with the Solstice Host Manager GUI tool of SunOS 5.5+. Under SunOS 5.3-5.4 you add clients with the Admintool Host Manager GUI tool. We look at these admintool and solstice utilities in another chapter.
22.2 Server configuration and software

A server can be of the same (homogeneous) or different (heterogeneous) architecture from the client(s). If different it needs to have the executables for the client architecture installed in addition to its own, e.g if you have a sun4 server with sun3 and sun3x clients you need to have:
/export/root /export/swap /export/exec/sun3 /export/exec/kvm/sun{3,3x} /export(usr)/share /export/sun3/local client root partitions client swap files Sun3 client system files client kernel files files shared by all systems, e.g. man locally compiled programs for Sun3/3x / swap /usr /usr/kvm /usr/share /usr/local
Under SunOS 4.1.X if your server was not installed as a heterogeneous server you can add different architecture executables to the server by running the program /usr/etc/install/add_services along with
Adding Clients
the appropriate install tapes/CDROMs for these architectures. Add_services is a menu-based program that sets up a system as a server for an additional architecture or to add additional software from the release tapes/CDROMs.
22.3 Installing the client of a server, SunOS 4.1.X

On the server add the clients ethernet address to /etc/ethers, and the IP address to /etc/hosts. Then cd to /usr/etc/install and run add_client. e.g.
# (cd /usr/etc/install; ./add_client) usage: add_client [[options] clients] where clients is the name of the any number of clients to add and [options] are one or more of the following for each client: -a arch architecture type (e.g. sun3, sun4, etc.) -e path path to clients executables -f path path to clients share location -h path path to clients home directory -i interactive mode - invoke full-screen mode -k path path to clients kernel executables -m path path to clients mail -p print information of existing client -r path path to clients root -s path path to clients swap -t termtype terminal to be used as console on client -v verbose mode - reports progress while running -y type clients NIS type (client, or none) -z size size of swap file (e.g. 16M, 16000K, 32768b etc.) -n prints parameter settings and exits w/o adding client
To run the program interactively use the -i option to add_client, e.g.:

# (cd /usr/etc/install; ./add_client -i)
This will invoke a full-screen display for entering the client information similar to the display used during Suninstall. This program will add all the necessary information to the /etc/bootparams file, make the boot file in /tftpboot (using the clients hex IP address in the file name, which is a symbolic link to the boot program for the appropriate architecture of the client), create the clients root file system in /export/root/client_name, create the clients swap file as /export/swap/client_name, add entries in /etc/exports to export the necessary file systems to the client, and add entries in the clients /etc/fstab file (/export/root/client_name/etc/fstab on the server) to enable the client to mount the servers file systems at boot. Youll need to make sure that the appropriate entry is in /etc/ethers for the clients ethernet address, hostname pair. You will then need to run exportfs to correctly export the file systems to the new client. You should then be able to boot the new client. First, though, check the servers /etc/bootparams and /etc/exports file to make sure that the entries are appropriate.
220
JumpStart
22.4 JumpStart
To add a client that you want to boot via jumpstart follow the steps below. First copy the install CDROM to disk. In this example that CDROM is copied to /jumpstart/solaris_2_5.
1.
Go to the jumpstart directory and add the client:

cd /jumpstart/solaris_2_5
2.
This updates /etc/bootparams, /etc/ethers, /etc/hosts, & /tftpboot.

./add_install_client -i ip_address -e ethernet_address -s nyssa:/jumpstart/solaris_2_5/export/exec/kvm/sparc.Solaris_2.5 hostname sun4c
3.
4.
5.
If you're running with TCPwrapper enable the client to access in.tftpd by editing /etc/hosts.allow. If /tftpboot did not exist at boot time run "/etc/init.d/nfs.server start" to enable the server to start /usr/sbin/rpc.bootparamd. Boot the client from the network:
ok boot net - install
22.5 AutoClient
Solstice AutoClient software comes with Solaris 5.5.1 on the same CDROM as the AdminSuite software. Both these applications should be installed. You can use either the Solstice Host Manager tool or the /opt/SUNWadm/2.2/bin/admhostadd command to add the client. First setup the OS Server; again, this can be done with the Solstice Host Manager tool. If youre using NIS be sure to setup a timezone map with entries of the form:
hostname timezone or domainname timezone
e.g.:
nis_domain US/Eastern
The admhostadd program lets you specify the same type information you would fill in the Host Manager. Use it in the form:
admhostadd -i IP_addr [ -e ethernet_addr ] [ -x type=host_type ] [ -x tz=timezone ] [ -x term=type ] [ -x fileserv=file_server ] [ -x root=directory ] [ -x swap=directory ] [ -x swapsize=size [ -x disconn=Y|N ] [ -x install=Y|N ] [ -x installpath=server:/path ] [ -x bootpath=server:/path ] [ -x profile=server:/path ] [ -x os=version ] [ -x diskconf=configuration ] [ -x ns=NIS|NIS+|NONE ] [ -x domain=domain|rhost=host ] host
221
Adding Clients
As with the diskless client you need to make sure that your /etc/ethers and /etc/bootparams files (or the NIS(+) equivalent maps) are properly setup and that the OS server properly shares the files needed by the client. The AutoClient can then be booted from the network similar to a diskless client, e.g.:
ok boot net
222
PART III
Selected Topics
Useful Utilities Print Service Mail World Wide Web Usenet System Security Secure Shell
Unix System Administration
223
Selected Topics
224
C H A P T E R 23
Usenet
23.1 Usenet
Usenet is a world-wide network of computers, most of them UNIX, that run netnews software. Its a public forum for the exchange of news articles, similar to bulletin boards. The articles are exchanged between sites by mutual agreement between the System Administrators of the sites. This requires either an ethernet or UUCP connection between the machines. Users can post, read, and reply to articles in any of over 13000 different topics, or newsgroups on the Internet. Locally you can find newsgroups that range from osu.general (site specific to OSU) to comp.sys.sun.admin (the Sun administrators list) to alt.tv.simpsons. The major Usenet headings are:
comp sci news rec soc talk misc also: can clari bit - computer science related groups - sciences other than computer science, - netnews software and general interest for netnews users, - discussions of recreational activities, - discussions of social topics, - extended discussion of special topics (e.g. talk.politics), - groups other than those listed above. - Canadian - Clarinet (UPI) news feed - BITNET lists
Groups within these headings are created by consensus of the Usenet users. In addition there are other groups such as "alt" for alternate, that are created at the whim of individual users. These groups may not be carried by all Usenet news sources. Additionally there are groups with more limited distribution, such as cle, cmh, and oh, and local groups, such as osu, cis, and uts.
225
Usenet
23.2 Reading news, rn/rrn/xrn/trn/nn

Reading news requires a program that can select news groups, articles within those groups, and page through them. It should also be able to keep track of articles youve read and topics you want to see, or dont want to see. Many popular read news programs are derived from rn: rn - simple unthreaded newsreading, trn - adds threading and other useful features to rn; can use nntp to read news on a remote server. xrn - X-windows newsreader which uses nntp to query a news server. There are also nntp newsreaders for Macs and PCs. The OSU HomeNet/ResNet/OfficeNet software from UTS now includes these. With this software you can connect to the news server from your desktop computer.
23.3 Network news transfer protocol, nntp

nntp is the Network News Transfer Protocol. This protocol controls the transfer of news articles form the news server to your machine. NNTP server machines contain a full installation of USENET news. They allow remote sites to connect and read, transfer and/or post news, as controlled by the nntp_access file in /usr/lib/news, e.g.:
host/net read/xfer/no post/no newsgroups (!not.allowed)
nntp can operate either as a stand-alone server, or as a server under inetd. News articles are placed in the news spool as numbered files in directories specified by the group name, e.g. comp.sys.sun.admin would become /var/spool/news/comp/sys/sun/admin. There are three major news servers on Campus:
magnus.acs.ohio-state.edu zaphod.mps.ohio-state.edu news.cis.ohio-state.edu
23.4 Disk space requirements

A full news feed requires massive amounts of disk space, currently a Gbyte or more of disk space per day and growing rapidly. Also, since the articles are generally smaller than the default inodes/disk space of 2 Kbytes, you may run out of inodes before you run out of disk space. You should anticipate this when you set up the news partition and run newfs with the desired inode density.
226
Relevant UNIX newsgroups
23.5 Relevant UNIX newsgroups

23.5.1 UNIX - news
clari.nb.unix UPI stories related to UNIX
23.5.2 SunOS
comp.sys.sun.admin comp.sys.sun.apps comp.sys.sun.announce comp.sys.sun.hardware comp.sys.sun.misc comp.sys.sun.wanted comp.unix.solaris osu.sys.sun Sun administrators list
Solaris 2 (SunOS 5.X) related concerns Local Sun related concerns
23.5.3 HP-UX
comp.sys.hp.hpux comp.sys.hp.hardware comp.sys.hp.apps comp.sys.hp.misc osu.sys.hp HP-UX administrators list
Local HP-UX related concerns
23.5.4 Ultrix
comp.unix.ultrix osu.sys.dec.ultrix Ultrix administrators list Local Ultrix related issues
23.5.5 SGI
comp.sys.sgi.announce comp.sys.sgi.admin comp.sys.sgi.apps comp.sys.sgi.bugs comp.sys.sgi.graphics comp.sys.sgi.hardware comp.sys.sgi.misc osu.sys.sgi SGI administrators list
Local SGI related issues
23.5.6 Linux
osu.sys.linux comp.os.linux.admin comp.os.linux.announce comp.os.linux.development comp.os.linux.misc comp.os.linux.help UNIX System Administration Local Linux users list Linux administrators list
227
Usenet
23.5.7 NeXT
comp.sys.next.sysadmin comp.sys.next.announce comp.sys.next.misc comp.sys.next.programmer comp.sys.next.hardware comp.sys.next.software comp.soft-sys.nextstep cmh.sys.next NeXT users list
Local NeXT users list
23.5.8 AIX
comp.unix.aix IBMs AIX users list
23.5.9 Digital Unix and OSF/1

comp.unix.osf.osf1 OSF/1 related concerns
23.5.10UNIX - technical
comp.unix.admin osu.network osu.unix comp.unix.shell UNIX Administration Networking issues at OSU/OSC Local UNIX concerns UNIX shell (sh, csh, tcsh, bash, etc.)
23.5.11 Security
alt.security comp.security.announce comp.security.misc comp.security.unix Discussions of Security Issues Security Announcements
23.5.12 Sources
alt.sources comp.sources.misc comp.sources.reviewed comp.sources.sun comp.sources.unix
23.5.13 Perl
comp.lang.perl.moderated comp.lang.perl.announce comp.lang.perl.modules comp.lang.perl.tk comp.lang.perl.misc
228
C H A P T E R 24
Useful Utilities
24.1 Format online manual pages, catman

catman creates the display files used by the manual command, man. These files are put in directories under /usr/man to match the /usr/man/man* entries, i.e. /usr/man/cat[1-8,l,n] (SunOS 4.1.X) or /usr/man/cat[1[,b,c,f,m,s],2,3[,b,c,e,g,i,k,m,n,r,s,t,x],4,4b,5,6,7,9[,e,f,s],l,n] (SunOS 5.X) and a database of the one-line synopses are put in /usr/man/whatis (SunOS 4.1.X) or /usr/man/windex (SunOS 5.X) for use by the whatis and "man -k keyword" commands. Running catman doubles the space required to contain the man pages, but allows the man command to execute considerably faster. The man pages generally follow the conventions given in the following table.
TABLE 24.1
Man Page Placements SunOS 5.X man1 man2 man3 man7 & man9 man4 man6 man5 man1m manl mann Description user commands - from the shell prompt system calls - C functions interfacing between user programs and the kernel user level library functions - C library functions for user programs device drivers and network interfaces - describes access to special files in /dev file formats - describes formats used by system programs games and demo descriptions miscellaneous - including standards and text processing system administration - commands for system maintenance and operation locally installed man pages new man pages
SunOS 4.X man1 man2 man3 man4 man5 man6 man7 man8 manl mann
You can install other man pages under any hierarchy, e.g. /usr/local/man or /usr/lang/man, and make them accessible to the man command by setting the MANPATH environment variable to include them, i.e. for the C-shell:
% setenv MANPATH /usr/local/man:/usr/man:/usr/lang/man
and for the Bourne shell:

MANPATH=/usr/local/man:/usr/man:/usr/lang/man ; export MANPATH UNIX System Administration 1998 Frank Fiamingo 229
Useful Utilities
24.2 System process status, ps

ps displays information about processes currently running. The results of the ps command are very system dependent, so read the man pages for the specifics on your machine. Without options ps tells you what current programs you own, e.g.:
% ps PID 12263 12608 TT p6 p6 STAT S R TIME 0:02 0:00 COMMAND -tcsh (tcsh) ps
where PID is the process ID number, TT is the terminal port, STAT is the status of the program (i.e. runnable, R; stopped, T; waiting, P or D; sleeping, S; idle, I; terminated, Z), TIME is the CPU time consumed, and COMMAND is the program. The options to ps and its display is a little different between SunOS 4.1.X and 5.X. To look at all process running on the system, by all users, use the options "auxww" under SunOS 4.1.X and the options "-ef" under SunOS 5.X, e.g. for SunOS 4.1.X:
% ps -auxww USER PID frank 514 root 113 root 2 root 1 root 44 frank 141 root 102 root 50 bin 47 root 74 root 76 root 90 root 117 root 77 root 101 frank 174 root 0 %CPU 38.5 0.8 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 %MEM 3.2 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 SZ 144 24 0 72 56 96 72 56 40 24 24 72 80 24 80 0 0 RSS 376 16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 TT p2 ? ? ? ? co co co ? ? ? ? ? ? co ? ? STAT R S D IW IW IW IW IW IW I I IW IW I IW Z D START 13:43 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 May 14 TIME 0:00 16:10 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:01 0:01 0:00 0:00 0:01 0:00 0:00 0:01 COMMAND ps -auxww update pagedaemon /sbin/init portmap -tcsh (tcsh) rpc.statd keyserv ypbind (biod) (biod) syslogd cron (biod) rpc.lockd <defunct> swapper
This includes additional information, where USER is the owner of the process, MEM is the percentage of real memory the process is using, SZ is the size of the data and stack segments (in Kbytes), RSS is the real memory used (in Kbytes), and START is the time (or day) when the program was started.
230
1998 Frank Fiamingo
Swap space and kernel inode usage, pstat
24.3 Swap space and kernel inode usage, pstat

pstat lists the contents of certain system tables kept by the kernel. Its available only with SunOS 4.1.X, e.g.:
% pstat -T 301/1888 694/946 83/522 16/ 32 14232/88296 files inodes processes files swap
where it shows the file table, both the used and cached inodes, process table, stream table, and used and available swap space (in Kbytes). With the "-s" option you can get a little more information about swap space, e.g.:
% pstat -s 10968k allocated + 2648k reserved = 13616k used, 74680k available.
The "swap -s" command of SunOS 5.X will provide similar information. There are other options to pstat to provide further system information.
24.4 top
Top is a PD program available on the Internet. The top program displays a screenful of the top cpu processes that is updated every few seconds.
1998 Frank Fiamingo
231
Useful Utilities
24.5 vmstat
To report on virtual memory statistics; process, virtual memory, disk, trap, and CPU activity use the vmstat command, e.g.:
% vmstat
procs r b w 0 0 0 memory swap free 984 1840 re 0 page disk mf pi po fr de sr f0 s1 s3 s5 1 1 0 1 0 0 0 0 0 0 faults cpu in sy cs us sy id 29 509 151 25 7 68
The "-S 5" options will report on swapping, rather than paging activity every 5 seconds, e.g.
% vmstat -S 5
procs r b w 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 memory page disk swap free si so pi po fr de sr f0 s1 s3 984 1840 0 0 1 0 1 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 2 61172 628 0 0 0 0 0 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 0 61172 628 0 0 0 0 0 0 0 0 0 0 s5 0 0 0 0 0 0 0 0 in 29 24 72 35 18 55 58 34 faults sy cs 509 151 111 39 395 73 212 45 129 44 324 65 305 61 144 45 us 25 0 2 6 0 3 3 0 cpu sy id 7 68 0 100 2 96 2 92 0 100 2 95 2 96 1 99
where
procs r in run queue b blocked for resources (i/o, paging, etc.) w runnable memory (usage of virtual and real memory) swap swap space currently available (Kbytes) free size of free list (Kb) page/swap activity si swap-ins so swap-outs pi page-ins (Kb/s) po page-outs (Kb/s) fr Kb freed/sec de anticipated short term memory shortfall (Kb) sr pages scanned/sec disk Number of disk operations/sec for each of up to 4 disks. faults (Trap/Interrupt average rate) in (non-clock) device interrupts/sec sy system calls/sec cs CPU context switches/sec cpu us user time sy system time id idle
232
1998 Frank Fiamingo
vmstat
This can provide useful information for evaluating NFS file server performance. You could run this for about an hour during peak periods to collect meaningful statistics. CPU idle time should be at least 10% inorder for the system to efficiently schedule daemons and to process protocols. The "-s" option will display the contents of the sum structure, related to paging events, e.g.
% vmstat -s 0 swap ins 0 swap outs 0 pages swapped in 0 pages swapped out 6458837 total address trans. faults taken 752003 page ins 135318 page outs 1419068 pages paged in 515004 pages paged out 76738 total reclaims 71392 reclaims from free list 0 micro (hat) faults 6458837 minor (as) faults 734466 major faults 1338667 copy-on-write faults 2067746 zero fill page faults 2443859 pages examined by the clock daemon 156 revolutions of the clock hand 1374036 pages freed by the clock daemon 43658 forks 1497 vforks 54907 execs 811460734 cpu context switches 691373136 device interrupts 46740506 traps 2727532551 system calls 34362625 total name lookups (cache hits 93%) 10675 toolong 133937046 user cpu 37507920 system cpu 362695349 idle cpu 1386715 wait cpu
If the "total name lookups" cache hit rate is a low percentage ( < 70%) on a SunOS 4.1.X NFS server you should consider increasing the value of MAXUSERS to 128 and increase nbuf (default is 27, increase to 64 for 1-4 disks, 112 for > 4 disks). SunOS 5.X automatically sizes MAXUSERS to fit available memory. Increasing MAXUSERS also increases the values of nproc (number of processes allowed), ninode (inode cache), ncsize (directory cache table), nle (# open files allowed), and ncallout (callout queue).
1998 Frank Fiamingo
233
Useful Utilities
In general, for a SunOS 4.1.X server, if you have 32 MB RAM on your server set MAXUSERS to:
64 128 4 disks, or 10 simultaneous users > 4 disks, or > 10 simultaneous users
Buffer cache is another parameter that can have a large affect on performance. You should reserve about 10% of kernel memory for disk I/O cache to reduce disk I/O. This means increasing nbuf to 64 for systems with 4 disks (and > 60% busy) or to 112 for systems with > 4 disks. Additional hardware you can add to increase performance would be a Prestoserve or NC400 board to enhance NFS performance. (With NFS version 3, these hardware cards may not produce as large an improvement as they did with version 2.) If the ethernet traffic is limiting you could add additional ethernet controllers. On compute servers it helps to increase the memory. You can also balance the load across disks and ethernets available to the server.
24.6 iostat
iostat reports on I/O statistics, terminal and disk I/O and CPU utilization. With the following option it reports this information for every disk on the system every 5 seconds on a SunOS 5.X machine:
% iostat 5
tin 0 0 0 0 2 1 2 1 0 0 0 0 0 0 0 0 3 0 0 2 tty fd0 tout Kps tps serv 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 33 0 0 0 63 0 0 0 4389 0 0 0 6728 0 0 0 7053 0 0 0 4902 0 0 0 7571 0 0 0 7900 0 0 0 7885 0 0 0 8100 0 0 0 2143 0 0 0 15 0 0 0 171 0 0 0 0 0 0 0 344 0 0 0 Kps tps 1 0 0 0 0 0 12 3 9 2 23 5 5 1 218 57 150 58 126 66 330 76 182 57 144 39 139 33 142 29 44 11 283 35 675 84 106 13 0 0 sd1 serv 37 0 0 8 8 9 10 10 12 13 265 11 9 11 13 12 40 73 375 0 Kps tps 2 0 0 0 16 2 88 22 23 6 19 5 0 0 11 3 0 0 1 0 40 6 32 6 4 1 0 0 18 3 4 1 8 1 29 5 3 0 0 0 sd3 serv 33 0 80 12 13 13 0 15 0 12 25 17 10 0 16 10 16 18 17 0 Kps tps 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 sd5 serv 100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 us 25 9 3 2 0 2 1 45 63 59 44 60 56 59 59 18 2 3 1 3 sy 7 7 4 6 1 3 2 25 29 36 26 31 36 35 37 9 4 8 2 4 cpu wt id 0 68 0 84 0 93 25 68 9 90 9 86 0 96 8 22 8 0 5 0 9 21 9 0 8 0 6 0 4 0 2 71 45 49 85 4 0 97 0 93
234
1998 Frank Fiamingo
iostat
where the headings refer to:

tin tout kps tps serv us sy wt id characters read from terminals characters written to terminals Kilo bytes transferred/second transfers/second average service time (milliseconds) (estimated) user mode (% of CPU time) system mode (% of CPU time) waiting for I/O (% of CPU time) idle (% of CPU time)
The "-D" option reports the disk activity, reads/sec, writes/sec, and % disk utilization, for each disk, e.g.:
% iostat -D fd0 rps wps util 0 0 0.0 sd1 rps wps util 0 0 0.1 sd3 rps wps util 0 0 0.3 sd5 rps wps util 0 0 0.0
A disk is heavily loaded if the utilization rate, util, is .75, or I/O operations (rps + wps) 40 IOPS. To enhance system performance you might try to spread the load more evenly among the disks. Run tmpfs, which reduces disk and network traffic (for diskless clients) and reduces the number of writes to the filesystem where /tmp is located. The "-x" option reports extended disk activity, e.g.:
disk fd0 sd1 sd3 sd5 r/s 0.0 0.1 0.1 0.0 w/s 0.0 0.0 0.1 0.0 Kr/s 0.0 0.4 0.8 0.0 Kw/s 0.0 0.3 0.8 0.0 extended disk statistics wait actv svc_t %w %b 0.0 0.0 0.0 0 0 0.0 0.0 36.9 0 0 0.0 0.0 33.2 0 0 0.0 0.0 99.5 0 0
where the headings refer to:

disk r/s w/s Kr/s Kw/s wait actv svc_t %w %b name of the disk reads/second writes/second Kilobytes read/second Kilobytes written/second average number of transactions waiting for service (length of queue) average number of transactions currently being served average service time (milliseconds) % of time there are transactions waiting for service % of time the disk is busy
1998 Frank Fiamingo
235
Useful Utilities
24.7 ProCtool
ProCtool is a process monitoring and management tool developed by a couple of Sun engineers, but not officially supported by Sun (Walter Nielsen, [email protected], and Morgan Herrington, [email protected]). There are versions for Solaris 2.2 and above. It provides the functionality of ps, top, iostat, and much more in a graphical presentation under Open Look. It will continually update the display by sampling the kernel tables. Among its many features are: report on all active processes (sorted by choice of characteristic); turn off or on CPUs on an MP box; kill or renice selected processes; send signals to a set of processes; report on VM and I/O usage, and paging rate and memory map, etc.; and graph system characteristics. ProCtool can be obtained via anonymous ftp from sunsite.unc.edu in /pub/sun-info/mde, or locally from www-wks.acs.ohiostate.edu in /pub/proctool. The desired characteristics for display are setable with the View pop-up window under Viewpoint and include the following options:
236 ADDR CLS CMD CMDLINE CPU CPU# CPU% CS/S CTIME FLAGS GID HEAP IO/S LWP MPF/S MSGS/S NICE PF/S PGID PID PPID PRI RSS SDATE SID SIZE ST STACK STIME TIME TTY UID USER WCHAN - Address of process - Scheduling Class - Command - Command and Arguments - CPU tick count - Processor Number - Percentage of CPU Utilization - Context Switches/Sec - Children user+sys CPU time - Process flags - Group ID - Heap Size (KBytes) - Characters read+written/Sec - LWP count - Minor Page Faults/Sec - Messages sent+received/Sec - Nice value - Major Page Faults/Sec - Process Group ID - Process ID - Parent Process ID - Priority - Resident Set Size (KBytes) - Start Date - Session ID - SIZE (KBytes) - Process state - Stack Size (KBytes) - Start Time - user+sys CPU time - Controlling Terminal - User ID - Username - Address process is waiting on 1998 Frank Fiamingo UNIX System Administration
ProCtool
1998 Frank Fiamingo
237
Useful Utilities
The Properties/System Properties pop-up window is:
238
1998 Frank Fiamingo
System usage, uptime, users, who and w
24.8 System usage, uptime, users, who and w

uptime shows you how long the system has been running, the number of users presently logged in, and the average load over the last 1, 5, and 15 minutes, e.g.:
% uptime 2:07pm up 12 days, 3:37, 7 users, load average: 0.11, 0.02, 0.00
rup is similar to uptime, but it gives the status of remote machines, e.g.:
% rup tardis nyssa blueagle up 12 days, 3:41, up 2 days, 5:27, up 3:18, load average: 0.00, 0.00, 0.00 load average: 0.61, 0.15, 0.05 load average: 0.08, 0.02, 0.01
users/rusers list the users on the local/remote machines of your network.

% users frank jeffs jeffs rsf steele steele steele % rusers blueagle kitw kitw nyssa frank frank tardis steele steele steele jeffs frank rsf jeffs
who/w/whodo list who is logged in on the system and the programs theyre running, e.g.:
% who frank ttyp0 May 4 15:40 (nyssa:0.0) robert ttyp1 Apr 16 14:54 (davros) michael ttyp3 May 4 07:49 (turlough) %w 10:49am up 22 days, 2:04, 5 users, load average: 0.00, 0.00, 0.00 User tty login@ idle JCPU PCPU what frank ttyp0 Mon 3pm 16 3 w robert ttyp1 16Apr92 16:06 13:04 6 -tcsh william ttyp2 8:08am 25 1 -tcsh michael ttyp3 Mon 7am 27:00 8 7 twm -display 128.146.116.25:0.0 % w -d (SunOS 4.1.X only) 10:49am up 22 days, 2:04, 5 users, load average: 0.00, 0.00, 0.00 User tty login@ idle JCPU PCPU what 12989 -csh & 0 1 13881 w -d frank ttyp0 Mon 3pm 16 3 w -d 5661 -tcsh & 0 1 robert ttyp1 16Apr92 16:06 13:04 6 -tcsh 13534 -tcsh & 0 1 13879 elm & 1 0 michael ttyp3 Mon 7am 27:00 8 7 twm -display 128.146.116.25:0.0
1998 Frank Fiamingo
239
Useful Utilities % whodo frank (SunOS 5.X only) Wed Aug 7 10:34:13 EDT 1996 nyssa console frank 13:46 ? 17374 0:00 Xsession ? 17455 0:00 xclock ? 17446 3:05 olwm ? 17424 0:06 ttsession ? 17453 0:18 xterm pts/6 17478 0:07 tcsh ? 17454 1:55 xterm pts/5 17475 6:53 tcsh ? 17447 0:00 olwmslave pts/8 frank 13:08 pts/8 3532 0:25 ssh pts/7 frank 13:47 pts/7 17486 0:03 tcsh ? 17061 0:05 xterm pts/10 17062 0:03 tcsh pts/7 3566 9:08 mailtool ? 8426 0:00 xterm pts/17 8427 0:00 tcsh pts/9 frank 8:24 pts/9 14501 0:25 ssh pts/3 frank 9:46 pts/3 29243 0:00 rlogin
24.9 File Compression, compress & gzip

You can save a lot of valuable disk space by compressing seldom used files. Most versions of Unix come with the compress/uncompress utilities. Depending on the file contents this may save 50-70% of the space. Theres a GNU compression utility, gzip/gunzip that does an even better job of compressing files. The source is available as ftp://www-wks.acs.ohio-state:/pub/solaris2/src/gzip-1.2.4.tar.Z.
24.10 Shells, tcsh & bash

The extended C-shell, tcsh, and the Bourne-again shell, bash, provide command name completion, extended history features, in-line editing with both emacs and vi modes, command recall via up/down arrow keys, etc. The sources are available in ftp://tesla.ee.cornell.edu and ftp://prep.ai.mit.edu/pub/gnu , for tcsh and bash, respectively, or both can be obtained locally in ftp://www-wks.acs.ohio-state:/pub/solaris2/src
240
1998 Frank Fiamingo
C H A P T E R 25
Print Service
25.1 SunOS 4.1.X

25.1.1 Line Printer Spooler System
25.1.1.1 Printer configuration file, /etc/printcap
The le /etc/printcap contains the database of printer capabilities and location of the spool les. Each entry of the file describes a printer with fields separated by ":". The first entry is the name the printer is known by and any aliases separated by "|". Subsequent entries indicate the location and capabilities of the printer. A print client machine might have a printcap entry similar to:
lp|ps|postscript|PostScript:\ :lp=:rm=tardis:rp=lp:sd=/var/spool/lp:lf=/dev/console: lw|LaserWriter:\ :lw=:rm=peri:rp=lw:sd=/var/spool/lw:mx#0:lf=/var/spool/lp-log:
while the print server might have an entry:

# PostScript printer driven by TranScript sftw (PostScript & TranScript, tm Adobe Sys. Inc.) lp|ps|postscript|PostScript:\ :lp=/dev/lp:sd=/var/spool/lp:lf=/var/spool/lp-log:af=/var/spool/lp.acct:\ :br#9600:rw:fc#0000374:fs#0000003:xc#0:xs#0040040:mx#0:sf:sb:\ :if=/usr/local/lib/ps/psif:\ :of=/usr/local/lib/ps/psof:gf=/usr/local/lib/ps/psgf:\ :nf=/usr/local/lib/ps/psnf:tf=/usr/local/lib/ps/pstf:\ :rf=/usr/local/lib/ps/psrf:vf=/usr/local/lib/ps/psvf:\ :cf=/usr/local/lib/ps/pscf:df=/usr/local/lib/ps/psdf: # LaserWriter Printer lw|LaserWriter:\ :lp=/dev/ttya:br#9600:ms=-parity,onlcr,ixon,decctlq:\ :sd=/var/spool/lw:lf=/var/spool/lp-log:mx#0: UNIX System Administration 1998 University Technology Services, The Ohio State University 241
Print Service
The various filters specified in the printcap file include:

if of rf tr nf df cf gf vf plain-text jobs input filter output (banner) filter FORTRAN style text files filter troff data filter ditroff data (device independent troff) filter TeX data (DVI format) filter cifplot data filter graph data filter raster image filter
The server controls who may print on its printer by the entries in /etc/hosts.equiv and /etc/hosts.lpd. The former regulates the remote shell commands also, the latter regulates only printing access.
25.1.1.2 Spool Directory
In the above example the spool directory is /usr/spool/lp. Files concerning the line printer setup are in this directory. It contains the lock file, the log file, and the status of the printer. The file to be printed is first copied here and deleted after the printing is complete.
25.1.1.3 Accounting File
An accounting file that records the number of pages printed for each job, and who requested the print is kept, as specified by /etc/printcap. In our example that file is /var/spool/lp.acct. 25.1.2 User Commands The LP spooler uses the commands: lpr, lprm, and lpq to submit jobs, remove jobs, and query the job queue, respectively.
25.1.2.1 lpr
lpr submits the print job to the spool area for printing. Use the "-Pprinter " option to specify a particular printer defined in /etc/printcap other than the default, lp, entry. lpr will default to the PRINTER environment variable, if its set.
25.1.2.2 lprm
lprm removes jobs from the spool queue. This must be invoked by the user who submitted the job, or by the superuser.
25.1.2.3 lpq
lpq displays the list of files in the spool queue. Again you can use the "-Pprinter " option to specify a particular printer defined in /etc/printcap other than the default, lp, entry.
242
SunOS 5.X
25.1.3 Line Printer Daemon, lpd The line printer daemon, lpd, is started up in /etc/rc and creates a lock file, /var/spool/lpd.lock, to prevent two copies of the daemon from running simultaneously. The relevant lines in /etc/rc will be similar to:
if [ -f /usr/lib/lpd ]; then rm -f /dev/printer /var/spool/lpd.lock /usr/lib/lpd; (echo -n printer) fi
>/dev/console
lpd reads the /etc/printcap file to learn about existing printers and accepts print requests from users. 25.1.4 The printer control program, lpc lpc controls the printers described in /etc/printcap. Its an interactive command that can be used to start/stop a printer, enable/disable spooling for a printer, rearrange jobs in the spool queue, display the status of each printer and their spool queues and printer daemon.
25.2 SunOS 5.X

SunOS 5.X uses the System V print service, as does HP-UX, which is considerably different from the SunOS 4.X/BSD version. It offers more power and flexibility, has additional commands, and is a little more complicated to set up. This setup can be considerably simplified by using the Print Manager Facility of admintool. The compatibility package for SunOS 5.X provides the SunOS 4.X print commands, but they actually just forward the request to the new print service. The /etc/printcap file and the lpd daemon are no longer used. The printer capabilities are now defined within the terminfo database, and locations are defined within the print service configuration files. The new print service includes a large set of administrative and user commands and a new set of daemons. The new print service can interoperate with both System V and BSD printers, it has PostScript filters bundled in, it supports alternate character sets and more flexible job scheduling. Additionally, it can group similar printers into a class and can restrict printer access for individual users. When a print request is received, the file is not spooled by default to the queue unless the "-c" options is given. The service detects the format of the job by the filtering software, and if necessary, the files contents are converted to match the printer. The service keeps track of every job submitted and allows the user and system administrator to move, stop, or remove the job. When problems occur the service provides the system administrator with the error message. The print service coordinates both local and remote printers. The print service can distinguish between a printer and a destination for the request. Previously these terms were synonymous. This allows you to group similar printers into a class, so that the request can be forwarded to any available printer within the class.
Print Service
The terms used by the new print service are: Printer Class Destination
name assigned to the device, maximum of 14 characters name assigned to a group of similar printers target for the print request, either a class or an individual printer
25.2.1 Print Scheduler The print scheduler is started when entering run level 2 by the /etc/rc2.d/S80lp script. All this script does is start the print scheduler, /usr/lib/lpsched, or stop it with the /usr/lib/lpshut command. The scheduler manages the print requests and must be running for the print service to operate. It identifies the filter for any necessary conversion and queues the file for the printer. It runs the interface program to initialize a local printer and downloads the request when the printer is ready. Each print client and server must have at least one lpNet daemon running. The lpNet daemon is started by lpsched to handle network print requests. The lpNet daemon requires a port monitor be configured by the Service Access Facility, so that a registered listen service is available to handle incoming network requests for each local printer. 25.2.2 Print Filtering Every print request is examined for the content type, some of which are:
PS simple tex troff raster
The print job needs to match the content type of the printer, so it is necessary that every printer be associated with at least one content type. The system can use the content type to match a job to a particular printer. The service uses the /usr/sbin/lplter command to call the filter that will convert the contents of a file to that accepted by the target printer. This same lplter command is used to register new filters with the print service. 25.2.3 Printer Initialization The descriptive file for the printers use the terminfo database in /usr/share/lib/terminfo with the file in the subdirectory beginning with the first character of the printer name. So for a PostScript printer named PS the description file is /usr/share/lib/terminfo/P/PS. Using infocmp we can examine the contents of this file:
# infocmp PS # Reconstructed via infocmp from file: /usr/share/lib/terminfo/P/PS
244
SunOS 5.X PS|PSR|PS-b|PS-r|PS-br|Fake PostScript entry, cols#80, lines#66, cpi=null, csnm=^D, lpi=null, scs=^D, slines=^D, u9=^D,
The interface programs to initialize local printers are found in /usr/lib/lp/model. A standard initialization script is supplied called standard, which takes its initialization information from the terminfo database. This program initializes the printer port, uses stty to configure the line settings, sends the appropriate control sequences to the printer, and sets printer parameters such as whether or not to print a banner page. 25.2.4 Printer Configuration The printer control commands are located in /usr/lib. So you should have this directory in your path. The print administrative commands available to you are:

lpadmin lplter lpforms lpmove lpsched lpshut lpsystem lpusers
configure the print service administer the filters for the print service manage the paper forms for the print service move print requests to another print destination start the print service stop the print service register remote printers with the print service set print queue priorities for jobs submitted by a user
25.2.4.1 Installing a Local Printer
To configure a local printer perform the following steps.

1.
2.
3.
Change the ownership and set the permissions on the serial port: # chown lp /dev/term/a # chmod 600 /dev/term/a Add the printer and associate it with a port # lpadmin -p printer_name -v /dev/term/a where -p specifies the printer name, and -v specifies the device used by the printer This registers the printer name with the print service. Associate a content type with the printer # lpadmin -p printer_name -I simple where -I specifies the content type. If you dont specify the content type simple is assumed, meaning that printer can only deal with ASCII contents.
245
Print Service
4.
5.
Associate a printer type with the printer, if necessary. This is used by the interface program to initialize the printer before downloading a request # lpadmin -p printer_name -T proprinter where -T specifies the printer type Allow the printer to accept requests and enable the queue # accept printer_name # enable printer_name
25.2.4.2 Installing a Local PostScript Printer
To configure a local PostScript printer there are two changes to the above procedure. One is that the content and type are specified as PS, and the other is the installation of PostScript filters.
1.
2.
3.
4.
5.
Change the ownership and set the permissions on the serial port: # chown lp /dev/term/a # chmod 600 /dev/term/a Add the printer and associate it with a port # lpadmin -p printer_name -v /dev/term/a Associate a content and printer types with the printer # lpadmin -p printer_name -I PS -T PS Register the PostScript filters with lplter # cd /etc/lp/fd # lpfilter -f download -F download.fd # lpfilter -f dpost -F dpost.fd # lpfilter -f postdaist -F postdaisy.fd # lpfilter -f postdmd -F postdmd.fd # lpfilter -f postio -F postio.fd # lpfilter -f postior -F postior.fd # lpfilter -f postmd -F postmd.fd # lpfilter -f postplot -F postplot.fd # lpfilter -f postprint -F postprint.fd # lpfilter -f postreverse -F postreverse.fd # lpfilter -f posttek -F posttek.fd Allow the printer to accept requests and enable the queue # accept printer_name # enable printer_name
25.2.4.3 Removing a Local Printer
To remove a local printer from the print service do the following.

1.
Suspend the queue from accepting new requests # reject -r printer printer_name is down printer_name
246
SunOS 5.X
2.
3.
where -r indicates a reason for removing the printer (displayed by lpstat) Stop printing by disabling the printer # disable -W -r printer printer_name is down printer_name where some options to disable are: -W specifies to wait until the current request if finished printing -c specifies to cancel the current printing request -r indicates a reason for removing the printer Remove the printer from the print service # lpadmin -x printer_name
25.2.4.4 Installing a Remote Printer
To install a remote printer you need to register the remote host with the print service on both the clients and server and configure the network listener on the print server. The file hosts.lpd is no longer used. Use the lpsystem command to register the print clients with the print service. lpsystem inserts a one line entry in /etc/lp/Systems describing the service. SunOS 4.X/BSD Clients to Solaris 2 Server 1. Register the service # lpsystem -t bsd print_server_name where -t specifies the remote system type, either s5 or bsd 2. Create an instance of the listen port monitor to monitor the network for print requests # sacadm -a -p tcp -t listen -c "/usr/lib/saf/listen tcp" -v nlsadmin -V 3. Obtain the print servers universal address in hex # lpsystem -A 00020203809274040000000000000000 where the first four digits, 0002, represent the internet protocol family, the next four, either 0203 or 0ACE, represent the BSD printer port (515 -> 20316) or System V listen port (2766-> 0ACE16), respectively, the next 8 digits, 80927404, represent the hex IP address of the server (replaced by zeroes in later versions of SunOS 5.X), and the nal 16 zeroes are padding. 4. Configure the listenBSD service to monitor incoming requests from BSD clients # pmadm -a -p tcp -s lpd -i root -v nlsadmin -V -m nlsadmin -o / var/spool/lp/fifos/listenBSD -A "\00020203809274040000000000000000" Solaris 2/System V Clients to Solaris 2 Server 1. Register the service # lpsystem -t s5 print_server_name 2. Create an instance of the listen port monitor to monitor the network for print requests, if necessary. If youre already monitoring the network through the previous example you dont want to create a new listener. # sacadm -a -p tcp -t listen -c "/usr/lib/saf/listen tcp" -v nlsadmin -V
247
Print Service
3.
4.
5.
Add the service to identify the STREAM used by the lp print service to receive connection requests # pmadm -a -p tcp -s lp -i root -v nlsadmin -V -m nlsadmin -o /var/spool/lp/fifos/listenS5 Add the service 0, which is the nlps server, to use the System V listen address for print requests, 0ACE # pmadm -a -p tcp -s 0 -i root -v nlsadmin -V -m nlsadmin -c /usr/lib/saf/nlps_server -A "\00020ACE809274040000000000000000" Add the BSD lpd service to the print server. (This step appears to be a bug, which may change in future versions. Theres no obvious reason why the service should be required to listen at both ports inorder to work, but appears to be necessary in practice.) # pmadm -a -p tcp -s lpd -i root -v nlsadmin -V -m nlsadmin -o / var/spool/lp/fifos/listenBSD -A "\00020203809274040000000000000000"
25.2.4.5 Installing a Print Client
Solaris 2.x Client to 4.X Server For the SunOS 5.X print client to print to a remote BSD printer you dont have to specify the content or printer type, nor have to register any filters. These features are presumed to be taken care of by the remote service. Define the 4.X printer server as type bsd # lpsystem -t bsd print_server_name 2. Define the printer name, using the same name as on the print server # lpadmin -p printer_name -s print_server_name 3. Define the printer type as unknown # lpadmin -p printer_name -T unknown -I any 4. Start the printer # accept printer_name # enable printer_name 5. Define a default printer (optional) # lpadmin -d printer_name Solaris 2.X Client to Solaris 2.X Server 1. Define the Solaris 2 printer server as type s5 # lpsystem -t s5 print_server_name 2. Define the printer name, using the same name as on the print server # lpadmin -p printer_name -s print_server_name 3. Define the printer type as unknown # lpadmin -p printer_name -T unknown -I any For a PostScript printer you should specify the parameters here, as in steps 3 and 4 of Installing a Local PostScript Printer, above.
1.
248
SunOS 5.X
4.
5.
Start the printer # accept printer_name # enable printer_name Define a default printer (optional) # lpadmin -d printer_name 25.2.5 Print Commands
25.2.5.1 Print
The lp command is used to issue print requests. Its very similar to lpr, but with a few differences in the options allowed. Some of the more frequently used options to lp are:
-c -d -m -n number -o option -t title -w make a copy of the file to the spool directory before printing select the destination printer or class of printers for the request send mail upon completion of the print job specify the number of copies to be printed printer dependent options, such as nobanner, nolebreak, etc. print title on the banner page write a message to the users terminal after the file is printed
25.2.5.2 Status
To check the status of the printer and jobs submitted use the lpstat command. Some of the options available to this command are:
-a -c -d -o -r -R -s -t report whether print destinations are accepting requests report names of all classes and their members report the system default destination report the status of output requests report the status of the LP scheduler report the position of the job in the queue print a status summary, including scheduler status, default destination, classes and printer known to the service, etc. report all status information (-s option plus the acceptance and idle/busy status of all the printers)
To report the status of the printers:

# lpstat -t scheduler is running system default destination: lp system for lp: tardis lp accepting requests since Tue Dec 22 11:10:02 EST 1992 printer lp is idle. enabled since Tue Dec 22 11:10:02 EST 1992. available.
249
Print Service
So to check if the scheduler is running:

# lpstat -r scheduler is running
With no options lpstat prints the status of all the users print requests.
25.2.5.3 Cancel a Print Request
To cancel a print request use the cancel command. Only the user who submitted the request and the superuser can cancel a request. To cancel specify the printer and the job number:
# cancel lp-20 request lp-20 cancelled
To cancel all print requests:

# cancel -u frank lp
25.2.5.4 Move a Print Request
To move a request to another print queue use the lpmove command, specifying the printer and job number of the original request and new destination printer:
# lpmove lp-20 sparc
To move all jobs from one printer to another specify the old and new printer destinations:
# lpmove lp sparc
25.2.5.5 Controlling Access
The system administrator can set access restrictions on printers with the lpadmin command. Use the -u option to allow or deny access to individual users.
# lpadmin -p lp -u allow:frank,bobd,jeffs # lpadmin -p lp -u deny:any,body,we,want,to
Set the default printer with the lpadmin command:

# lpadmin -d default_printer_name
25.2.5.6 User Commands
The user commands are located in /usr/bin. The following table compares them with the SunOS 4.X commands.
250
SunOS 5.X
TABLE 25.1
User Commands SunOS 5.X lp lpstat cancel Description submit a request to the printer report on the status of the print request and service cancel a print request
SunOS 4.1.X lpr lpq lprm
25.2.5.7 Administrative Commands
Administrative commands are located in /usr/lib. Actually the files here are symbolic links to the actual files residing in /usr/sbin and /usr/lib/lp. The commands accept and reject are in /usr/sbin, and the commands enable and disable are in /usr/bin.
TABLE 25.2
Administrative Commands SunOS 5.X accept reject enable disable lpadmin lpsystem lpmove lpsched lpshut lpusers lpfilter Description enable a destination (printer or class) disable a destination (printer or class) from further requests enable the queue for the named printer disable the queue of the named printer for further requests configure the print service register remote hosts with the print service move requests to new destinations start the print service stop the print service change user priority settings register filters for the print service
SunOS 4.1.X NA NA lpc enable lpc disable lpc /etc/hosts.[equiv,lpd] NA lpd NA NA NA
25.2.6 Configuration Files The configuration files for the print service are kept in /etc/lp and the spooling directory is /var/spool/lp. These files are described in the following table.
251
Print Service
TABLE 25.3
Configuration Files and Directories File Type directory file file directory file symlink directory file directory file file directory Description contains LP daemons, filters and interface programs list of remote hosts registered with the print service name of default destination contains filter description files filter table to /var/lp/logs, for the usage log contains a sub-directory for each printer configuration for the printer <name> log files for the print service lock file for lpsched current status of print service spool directory
/usr/lib/lp /etc/lp/Systems /etc/lp/default /etc/lp/fd /etc/lp/filter.table /etc/lp/logs /etc/lp/printers /etc/lp/printers/<name>/configuration /var/lp/logs /var/spool/lp/SCHEDLOCK /var/spool/lp/system/pstatus /var/spool/lp/tmp
25.3 IRIX 5.X

IRIX has both the BSD and SysV lineprinter packages along with the lineprinter driver package Impresario.

Ultrix and Digital UNIX use the BSD lpr/lpd system.
252
C H A P T E R 26
Mail
26.1 Send and receive electronic mail via SMTP, sendmail

When a mail program such as mail tries to send a message it issues a request to sendmail, which processes the mail with the specified options. sendmail creates a list of recipients from the information and expands any aliases, including mailing lists. At this step syntax is checked and local addresses are verified. Duplicate recipients are removed, e.g. the same person being a member of two groups. If no addresses are valid the message is returned with an error message. sendmail then tries to deliver the message. If it cant deliver the message immediately it stores the header and body of the message in temporary files in a queue (/var/spool/mqueue) and tries to send it again later. SMTP stands for Simple Mail Transfer Protocol, and is the protocol used for Internet mail. It requires an entry in /etc/services, i.e.:
smtp 25/tcp mail
You can telnet to the mail port to see how you server is responding, i.e.:
# telnet localhost 25
It should respond with the fully qualified domain name (fqdn), otherwise, your machine may have trouble communicating with other mail servers.
26.2 Network mail configuration file

The conguration file used by sendmail is /etc/sendmail.cf (SunOS 4.1.X) or /etc/mail/sendmail.cf (SunOS 5.X). This file is read by sendmail when you start it up. It includes macros that define how header information is to be processed. Values in the header might be ignored, changed, or additional lines might be added to the header to assist in the delivery of mail. One of the important steps is the address re-writing rules. These rules search for patterns and replace them with specified strings. It also specifies the location of files and directories to be used by sendmail. These are generally, /var/spool/mail (SunOS 4.1.X) or /usr/mail (SunOS 5.X) for mail delivered to users on your machine, /usr/spool/mqueue for undelivered mail storage, and /var/spool/mqueue/syslog or /var/log/syslog for the mail log file.
Mail
Within sendmail.cf one macro might specify your Internet subdomain, e.g.:
## Change the D and E macros to accommodate your subdomains. ## Note that this configuration will do its very best to generate all addresses as coming from $D. DDacs.ohio-state.edu DEohio-state.edu
The "D" in the first column "denes" the following D and E as acs.ohio-state.edu and ohio-state.edu, respectively. These can be recalled later in the file as $D and $E. Another macro might specify the style of a header line, e.g.:
## Pick one of the next 2 lines, based on your syntactic preference for ## "[email protected] (Joe Random)" or "Joe Random <[email protected]>". #Dq$g$?x ($x)$. Dq$?x$x $.<$g>
And still another might specify where to forward BITNET mail:

# Strange nonstandard nets - attempt to hand to forwarder. R$+<@$+.bitnet> $@$>0$1%$2.bitnet<@ohstbh.acs.ohio-state.edu>
The syntax of the re-writing rules is explained in the Sun AnswerBook Mail Administration Guide and in the book sendmail by Costales, et.al.
26.3 The mail alias file

You can use the mail alias file, /etc/aliases (SunOS 4.1.X) or /etc/mail/aliases (SunOS 5.X) to redirect mail or to send mail to a group of people. The newaliases command must be called to rebuild the aliases database before this information can be used by sendmail. Some examples of entries in the aliases file are:
# Alias for mailer daemon; returned messages from our MAILER-DAEMON # should be routed to our local Postmaster. MAILER-DAEMON: postmaster postmaster: frank # # A mailing list for a group staff_group: frank@nyssa,jim,bobd@leela,smith-b@magnus, baker,bill@ohstmvsa,[email protected] owner-staff_group: frank # # COSUG ACS Mailing List (aliases included in file) cosug ::include:/acs/tardis/0/frank/cosug/aliases cosug-request : frank owner-cosug : cosug-request
254
Installation of sendmail # # Pipe mail through a program test: "| /usr/local/bin/testpgm"
The vacation program uses the latter form by placing in the users .forward file contents similar to:
\frank, "|/usr/bin/vacation frank"
System mail logs are generally kept in /var/spool/mqueue/syslog, or /var/log/syslog, or /var/adm/messages, as determined by an entry in /etc/syslog.conf, e.g.:
mail.debug ifdef(LOGHOST, /var/spool/mqueue/syslog, @loghost)
Information is kept on every message sent, who sent it, to whom, the size, the status of the message, and the time, e.g.:
Jul 24 12:05:24 peri sendmail[1090]: MAA01090: from=<[email protected]>, size=555, class=0, pri=60555, nrcpts=2, msgid=<[email protected]>, proto=SMTP, relay=nyssa [128.146.226.22] Jul 24 12:05:28 peri sendmail[1092]: MAA01090: to=<[email protected]>, ctladdr=<[email protected]> (2523/11), delay=00:00:04, xdelay=00:00:04, mailer=tcp, relay=postbox.acs.ohio-state.edu. [128.146.214.20], stat=Deferred: Connection reset by peer during client greeting with postbox.acs.ohio-state.edu. Jul 24 12:05:29 peri sendmail[1092]: MAA01090: to=<[email protected]>, ctladdr=<[email protected]> (2523/11), delay=00:00:05, xdelay=00:00:01, mailer=tcp, relay=mail0.uts.ohio-state.edu. [128.146.214.29], stat=Sent (MAA26210 Message accepted for delivery) Jul 24 12:10:50 peri sendmail[1107]: MAA01090: to=<[email protected]>, ctladdr=<[email protected]> (2523/11), delay=00:05:26, xdelay=00:00:00, mailer=tcp, relay=postbox.acs.ohio-state.edu. [128.146.214.20], stat=Sent (MAA23783 Message accepted for delivery)
26.4 Installation of sendmail

Edit sendmail.cf to put in the desired values for your system. You can create the "fast" or "frozen" version of sendmail.cf, with the "-bz" option but you probably dont want to. If you do, its installed in sendmail.fc. This will execute faster, though on todays CPUs this isnt that much of an advantage anymore. sendmail.cf will be ignored when sendmail.fc exists. 2. Kill and restart the sendmail daemon. Use "ps" to determine the process ID of sendmail. # kill #PID# # /usr/lib/sendmail -bd -q1h This starts the daemon (-bd) and requests that it process messages in the queue every 1 hour (-q1h). To check the list of messages in the queue use:
1.
% /usr/lib/sendmail -bp
or
mailq.
You can test the address rewriting rules of the sendmail.cf file by running sendmail in test mode, e.g., to see how the mail server, will treat the address, frank@magnus, going through ruleset 0:
Mail % /usr/lib/sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > 0 frank@magnus rewrite: ruleset 0 input: frank @ magnus rewrite: ruleset 98 input: frank @ magnus rewrite: ruleset 98 returns: frank @ magnus rewrite: ruleset 97 input: frank @ magnus rewrite: ruleset 3 input: frank @ magnus rewrite: ruleset 96 input: frank < @ magnus > rewrite: ruleset 96 returns: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 3 returns: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 0 input: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 98 input: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 98 returns: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 95 input: < > frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 95 returns: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 0 returns: $# smtp $@ magnus . acs . ohio-state . edu . $: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 97 returns: $# smtp $@ magnus . acs . ohio-state . edu . $: frank < @ magnus . acs . ohio-state . edu . > rewrite: ruleset 0 returns: $# smtp $@ magnus . acs . ohio-state . edu . $: frank < @ magnus . acs . ohio-state . edu . >
26.5 Security
Sendmail is a very complicated package and over the years a number of intentional and unintentional security holes have been found in it. If you are running with the vendor supplied sendmail, you most likely have an insecure version. This could result in someone cracking your system and gaining root access. Your vendor probably has a patched version available. Make sure youre running with the patched version, or the latest BSD version. The latest BSD version is at least 8.9.1. You can get this via anonymous ftp from: ftp://ftp.sendmail.org/pub/sendmail/.
26.6 Mail programs, mail, Mail, Columbia mm, elm, etc.

These and other programs are used to read and send mail messages. Generally when invoked they bring the users mail from the system mail spool, /var/spool/mail/username (SunOS 4.1.X) or /usr/mail/username (SunOS 5.X) and put it into a mailbox in the individuals home directory, usually named mbox. They can also read mail from mbox and other named files. Startup files are .mailrc for mail and mailtool, .mmrc for Columbia mm, and .elm/elmrc for elm. These customize the mail environment for the user. Should a user wish to have mail forwarded from this machine to another, the user can create the file, .forward, in their home directory containing the intended address, e.g.:
[email protected]
This file should be readable by all and not have the execute bits set (e.g. mode 644).
256
C H A P T E R 27
World Wide Web
27.1 WWW
The World Wide Web (WWW) uses the HyperText Markup Language (HTML), a subset of the Standard Generalized Markup Language (SGML), as one of its formats. This allows you publish your own multimedia documents on the network. The Internet protocol used is HyperText Transfer Protocol (http), which allow the client and server to negotiate the transfer representation of the document. Well use this as an example of how to set up a complicated server on your workstation.
27.2 URLs
Uniform Resource Locators, URLs, reference where a resource can be found in the form:
service_scheme://machine_name[:port_number]/directory/sub-directory_list/file[?keyword]
where the items in brackets are optional. Some of the more common service_schemes are:

ftp - file transfer protocol, a ;type=<type_code> may be used to indicate the file type (e.g. an I for image, or an A for text) http - hypertext transfer protocol gopher - gopher protocol news - Usenet news via NNTP telnet, rlogin, or tn3270
The service_scheme could, optionally, include a user name and password, if required for the service. The machine_name may be followed by a decimal port_number, separated from the machine_name by a colon, if something other than the default port number, 80, is used by the service. The remainder of the address is the path, with subdirectories separated by / and ending with the desired file name or program. The latter may optionally be followed by a ? and a keyword that can be used as an argument to the program. The specs for URLs can be found on:
http://www.w3c.org/Addressing/URL/Overview.html
257
World Wide Web
27.3 WWW Server

You have many choices of free servers, but one stands out; the others that were once most popular have been discontinued because Apache is so good.
Apache - Hypperreals extensions to the original NCSA server.

http://www.apache.org/ This usually comes in source form, though binaries may be available.
27.4 WWW Browsers

There are four main browsers that you might be interested in:

Netscape - from Netscape Communications, Corp., the second generation browser

http://home.netscape.com/download/ - for a pre-compiled binary.
Mozilla - the public development version of Netscape Navigator.

http://www.mozilla.org/ - for source or binary.
HotJava - from Sun, written in Java and requires Java to run

Comes with Solaris 2.6+, or get it from http://java.sun.com/products/hotjava/.
Lynx - a powerful text only browser

http://lynx.browser.org/.
27.5 Setting up your Server

For our example well use the Apache httpd server. After retrieving the source from the reference above check out the README and src/INSTALL files for installation and configuration information. To compile your own daemon uncompress and un-tar the source tree and edit the default control files in the conf directory: srm.conf, access.conf, httpd.conf. Then edit the src/Configuration file to select a compiler to use, options, and the modules to include. Some things you might change:
CC= cc CFLAGS= -DMAXIMUM_DNS DXBITHACK AUX_CFLAGS= -DSOLARIS2 AUX_LIBS= -lsocket -lnsl Module agent_log_module Module referer_log_module Module config_log_module mod_log_config.o or or or or CC=gcc CFLAGS= -O2 AUX_CFLAGS= -DSUNOS4 AUX_LIBS=
You can set the paths for the various services, control files, and log files in httpd.h. Some examples of entries you might change are:
#define HTTPD_ROOT "/usr/local/etc/httpd
258
Setting up your Server #define DEFAULT_ADMIN "[no address given]" --> #define DEFAULT_PORT 80 #define DEFAULT_XFERLOG "logs/access_log" #define DEFAULT_INDEX "index.html" #define ACCESS_CONFIG_FILE "conf/access.conf" "webmaster"
27.5.1 Compilation of the programs To compile the http daemon, httpd, first go to the src subdirectory (cd src) and type "./Congure" and respond to any questions, then type make. It will default to using the Makefile in that directory. Then build any support files needed in the support directory (cd ../support) after editing the Makele to select the desired compiler and programs. Then install the necessary programs in their desired directories. The full list of steps can be found at: ftp://wks.uts.ohiostate.edu/pub/solaris2/src/UTSinfo_apache-httpd-1.0.3, along with the source and compiled binaries in the file apache_1.0.3.tar.gz in the same directory. WWW will support applications other than just display. There are a few sample auxiliary programs you can compile in the cgi-src directory and install in the cgi-bin directory, which already contains a few sample shell scripts. If youre not going to support these services than you can ignore this step. 27.5.2 Configuration For complete documentation on how to set up your server use netscape or mosaic to web to http://www.apache.org/. There you can find step-by-step instructions on how to configure the server. The configuration file can be found in the conf directory. There is an example file you can use, httpd.conf-dist, to create your server configuration file, httpd.conf. Some of the entries youll want to check out are:
ServerType standalone Port 80 User http Group http ServerAdmin [email protected] ServerRoot /usr/local/httpd or inetd
The latter determines the directory hierarchy for your service. It could have sub-directories such as: cgi-bin, conf, htdocs, icons, and logs. This is a service you dont want to run as root, so you should create a special user and group just for it. So in /etc/passwd you might have an entry similar to:
http:nologin:999:999:World Wide Web Server:/usr/local/http:/bin/false
259
World Wide Web
and a /etc/group entry similar to:

http:*:999:frank
You can run your server either as a standalone server, in which case you would start it up in an RC script, or as a service controlled by inetd. In the latter case you would need an entry in /etc/services similar to:
http 80/tcp # WWW server
and another in /etc/inetd.conf similar to:

http stream tcp nowait http /usr/local/etc/httpd -d /usr/local/httpd -f /usr/local/httpd/conf/httpd.conf
where
-d -f specifies the ServerRoot and where the daemon will look for its configuration file (not necessary if you use the default ServerRoot path in the configuration file.) specifies the configuration file
To set it up as a standalone server you might put an entry similar to the following in an RC script, e.g. /etc/rc.local for SunOS 4.1.X:
if [ -f /usr/local/etc/httpd -a -d /usr/local/httpd -a -f /usr/local/httpd/conf/httpd.conf ]; then /usr/local/etc/httpd -d /usr/local/httpd -f /usr/local/httpd/conf/httpd.conf; echo -n httpd fi
For SunOS 5.X set up a script to start and stop the service as you go through run level 2. Running httpd as a standalone daemon is more efficient, but running as a service of inetd provides greater access control. If youre using TCPwrapper you can specify which machines or subnets have access to your http service when each connection is controlled by inetd.
27.6 Home Page

To complete your service youll want to set up a Home Page on your server. Youll need to know a little bit about HTML and the following primer will help you get started:
http://www.ncsa.uiuc.edu/General/Internet/WWW/HTMLPrimer.html
A good style guide can be found at:

http://www.sun.com/styleguide/
A simple home page could be something like this one, which you could once find on http://wks.uts.ohio-state.edu, with the following HTML:
Home Page <HTML> <HEAD> <body background = "/icons/paper.jpg" link="#0000ac"> <TITLE>UTS WORKSTATION GROUP HOME PAGE</TITLE> <!--Owner_Info="Frank Fiamingo, University Technology Services"> <LINK REV=MADE HREF="mailto:[email protected]"> </HEAD> <BODY> <A NAME="loc0"></A> <H2> <CENTER><IMG SRC="/icons/uts_wks_logo.gif" ALT=""></CENTER> <A HREF="http://www.eff.org/blueribbon.html"><IMG SRC="/icons/rib_bar_wh.gif"></A> <A NAME="loc1"></A> <CENTER>University Technology Services Workstation Support Group</CENTER></H2> <A NAME ="loc2"></A><DD><A HREF="/uts_wks_people.html">Staff members</A> are available for appointments to demonstrate software, help with machine installations, and give general system support. They are usually available weekdays between the hours of 8A and 5P. UTS workstation support is usually provided on a "second-level" support basis. Your primary platform (or machine) support person within your department should be contacted initially. The UTS Workstation Group provides campus-wide support services for the workstation platforms listed below. Please select the platform in which you are interested to obtain more detailed information on the support services which are available. <UL> <LI> <A HREF="http://araminta.acs.ohio-state.edu/ats_wks_sgi_home.html"> SGI IRIX</A></LI> <LI> <A HREF="/sun/home.html"> Sun SOLARIS & SUNOS</A></LI> <LI> <A HREF="http://axpjob.acs.ohio-state.edu">DEC ULTRIX & OSF/1</A></LI> <LI> <A HREF="/sysadm_course/sysadm.html"> Unix System Administration Course Notes </A></LI> <LI> <A HREF="/unix_course/unix.html"> Unix Course Notes </A></LI> <LI> <A HREF="/basic_unix_guide/unix_guide.html"> Basic Unix Survival Guide </A></LI> <LI> <A HREF="inventory.html">Documentation</A></LI> </UL> <HR> The University Technology Services Workstation Support Group is housed
261
World Wide Web in the Baker Systems Engineering Building, Columbus, Ohio 43210 and can be reached via ... <DL COMPACT> <DD>Phone: (614)292-7802 <DD>FAX: (614)292-7081 <DD>Internet: [email protected] </DL> <A NAME="loc6"></A> <HR> <ADDRESS>Maintained by: <A HREF="/uts_wks_frank.html">Frank Fiamingo</A></ADDRESS> <ADDRESS>(The services referenced here are constantly being updated. For more complete information contact the author.) </ADDRESS> </BODY> </HTML>
When you find a page you like on the Web you can use your browser to display or save the HTML for the page, allowing you to learn from the examples you view. When viewed by Netscape this page looks like:
262
Home Page
263
World Wide Web
264
C H A P T E R 28
System Security
28.1 Security Concerns

No system can be made completely secure and usable at the same time. So you have to balance your security concerns against your computational needs. You may decide that security is not a big concern at your site, but you cant ignore it completely. The information you keep on your system probably has some value to you. At the very least you usually dont want it altered or destroyed. If for no other reason, you need some security just to protect your good name. You wouldnt want some malicious hacker to break into your account and send thousands of hateful messages to every newsgroup in existence. Another reason to secure your system is to prevent its use as a staging ground for attacking other systems on the network. You could, conceivably, be liable for damages. Security is a shared responsibility. Every user on the system is capable of compromising security. They need to chose good passwords, change them periodically, and not share them. Teach them to report to you any suspicious activity, e.g. does the lastlogin reported match the last time they logged in? are there any files in their directory that they didnt put there?, etc. Outside hackers are not your biggest security problem. Your highest risks to your data are from bugs and errors in the OS and from disasters. So you need to make sure that you keep good backups. Can you restore your system completely from backups? If your tapedrive fails, can you read your tapes on another drive? You should analyze your system so that you know what youre protecting, why youre protecting it, what value it has, who has responsibility for it. Then you can plan your security needs accordingly. Create a simple, generic policy for your system that your users can readily understand and follow. It should protect the data youre safeguarding, as well as, the privacy of the users. Some things it might include are: who has access to the system, whos allowed to install software on the system, who owns the data, disaster recovery, and appropriate use of the system.
1998 Frank Fiamingo
265
System Security
28.2 What needs to be Secured?

You need to secure wherever your data is stored, transmitted, or accessed. This would include: Disks on the machine Tape backups Network connections Serial connections - modems, terminals, etc.
You should be concerned not just with loss or theft, or alteration of data, but also with loss of services. If your machine has extremely sensitive data it shouldnt be on an outside network. It may be that youll need to isolate your site with a firewall. Should you need to do this check out the firewall books listed in Chapter 1.
28.3 Security Programs

There are a number of PD programs you can get to help make your system more secure. Some packages you might consider installing are:

COPS - checks system service and file access privileges TCP Wrapper or Xinetd - checks network service connections for access privileges Tripwire - maintains a checklist and signature for files in its database to detect changes in these files Tiger - checks system and file permissions, including anonymous ftp (more up-to-date than COPS) Securelib - secures UDP and RPC connections lsof - list open files on your machine Swatch or Watcher - for active audit trail watching Crack - check password against dictionaries and simple algorithms PEM or PGP - for mail and file security and content verification SATAN - Security Analysis Network Tool for Auditing Networks, checks for commonly known network security holes SSH - Secure SHell, replaces rlogin, rsh, and rcp with secure, encrypted, connections
For any program of this type you need to make sure that you protect the programs and databases from tampering. It doesnt help if, e.g. with Tripwire, you compare an altered file against an altered database. The best way to prevent tampering is to store the master copies on a physically writeprotected disk or off-line.
266
1998 Frank Fiamingo
Security Response Teams
You might have logs sent to another machine, so that they cant be altered on this machine. Many of these programs are archived on the COAST (Computer Operations, Audit, and Security Technology) archive at Purdue University, ftp://coast.cs.purdue.edu/pub, under the direction of Prof. Gene Spafford. Some can be found local to OSU on ftp://ftp.net.ohio-state.edu/pub/security.
28.4 Security Response Teams

Locally, at tOSU, subscribe to [email protected]. This mailing list will alert you to any new security concerns expressed by the following organizations, and others. CERT - Computer Emergency Response Team at Carnegie Mellon University, [email protected]. CIAC - Computer Incident Advisory Capability, for DOE contractors, [email protected]. FIRST - Forum of Incident Response and Security Teams, [email protected], to get on their mailing list or check out http://www.first.org.
28.5 The password and group files

The /etc/passwd, /etc/group, and /etc/shadow files should be writable only by root. Any entry in /etc/passwd that has a uid of "0" (zero) is a ROOT entry, regardless of the name by which it is called. SunOS 4.1.X doesnt require you to set a root password when you install the OS. Make sure that you do set one. SunOS 5.X requires that you set a root password as the final step in SunInstall. Make sure that you set a good one. Passwords should be chosen that are difficult to guess. A study done in 1978 showed that 16% of all passwords are 3 characters or less, and that 86% of chosen passwords could be described as insecure. A more recent study showed that simply trying 3 guesses on each account: the login name, login name in reverse, and the two concatenated, would obtain access to 8 - 30% of the accounts on a typical system. Use a password that contains mixed case alphabetic characters and numbers. It should be 6 - 8 characters long to make the number of possible combinations extremely large. For 62 possible characters in each position (26 lower case + 26 upper case + 10 digits) there are 62n possible combinations. This is 238328 for a 3 character password and 2.18*1014 for an 8 character password. In contrast, if you only use lower case letters there are 263, or 17576 combinations for a 3 character password and 2.09*1011 in an 8 character one. Your password, though difficult to guess, should be easy to remember. If you have to write it down its not secure. A study by Daniel V. Klein reported in his paper, Foiling the Cracker: A Survey of, and Improvements, to Password Security, (available from ftp://www-wls.acs.ohiostate.edu:/pub/security/Dan_Klein_password_security.ps.Z) emphasizes the poor choice of passwords found on many systems. The following table is from this paper regarding the passwords cracked from a sample set of 13,797 accounts solicited from the Internet.
1998 Frank Fiamingo
267
System Security
TABLE 28.1
Passwords Cracked Size of Dictionary

130b 866 450 398 665 2268 4955 3901 5559 1357 650 247 772 118 133 509 998 160 59 24474 12983 14 13062 8146 69 3459 86280
Type of Password
User/account name Character sequences Numbers Chinese Place names Common names Female names Male names Uncommon names Myths & legends Shakespearean Sports terms Science fiction Movies and actors Cartoons Famous people Phrases and patterns Surnames Biology /usr/dict/words Machine names Mnemonics King James bible Miscellaneous words Yiddish words Asteroids Total
Duplicates Eliminated
0 23 6 37 29 675 1035 604 111 177 9 81 19 41 219 65 127 1 4791 3965 0 5537 4934 13 1052 23553
Search Size
130 866 427 392 628 2239 4280 2866 955 1246 473 238 691 99 92 290 933 33 58 19683 9018 14 7525 3212 56 2407 62727
# of Matches
368 22 9 56 82 548 161 140 130 66 11 32 59 12 9 55 253 9 1 1027 132 2 3 54 0 19 3340
Pct. of Total
2.7% 0.2% 0.1% 0.4%c 0.6% 4.0% 1.2% 1.0% 0.9% 0.5% 0.1% 0.2% 0.4% 0.1% 0.1% 0.4% 1.8% 0.1% 0.0% 7.4% 1.0% 0.0% 0.6% 0.4% 0.0% 0.1% 24.2%
Cost/Benefit Ratioa
2.830 0.025 0.021 0.143 0.131 0.245 0.038 0.049 0.026 0.053 0.023 0.134 0.085 0.121 0.098 0.190 0.271 0.273 0.017 0.052 0.015 0.143 0.011 0.017 0.000 0.007 0.053
a. In all cases, the cost/benefit ratio is the number of matches divided by the search size. The more words that needed to be tested for a match, the lower the cost/benefit ratio. b. The dictionary used for user/account name checks naturally changed for each user. Up to 130 different permutations were tried for each. c. While monosyllabic Chinese passwords were tried for all users (with 12 matches), polysyllabic Chinese passwords were tried only for users with Chinese names. The percentage of matches for this subset of users is 8% - a greater hit ratio than any other method. Because the dictionary size is over 16x106, though, the cost/benefit ratio is infinitesimal.
268
1998 Frank Fiamingo
File and Directory Permissions
28.6 File and Directory Permissions

Use the chmod, chgrp, and chown commands to set the correct file and directory permissions. Shell scripts should NOT be run setuid or setgid. Use nd to search your directories for setuid/setgid files, e.g.:
find / -type f -a $ -perm -4000 -o -perm -2000 $ -print
where nd looks for any regular file (-type f) that also (-a = and) has either permission bits set for setuid (4000) or (-o) setgid (2000), and prints the names of those found. When doing a long listing (ls -al) file permissions will look like:
Octal 755 4755 2755 644 4644 2644 Owner/Group/Other rwxr-xr-x rwsr-xr-x rwxr-sr-x rw-r--r-rwSr--r-rw-r-Sr--
In this listing the s and S indicate setuid/setgid permissions.
28.7 EEPROM Security

On Sun workstations and servers you can interact with the boot EEPROM (NVRAM) at any time by holding down the STOP (L1) key and pressing the "a" key. If youre using a dumb terminal as the console the "break" key has the same effect. You can remove this feature from the kernel, but otherwise, its there for anyone to use or abuse. This chip stores the configuration information for the machine, including the hostid and the ethernet address. Mark Hendersons change-sun-hostid package provides a lot of useful information about Sun NVRAMs, including how to change the hostid and how to recover should the NVRAM battery fail. It can be found at: http://www.squirrel.com/squirrel. Using STOP-A, or break, anyone can interrupt your machine and reboot from CDROM or their disk, and have complete access to your files. To help prevent this you should password protect your EEPROM. You are allowed 3 levels of EEPROM security, none-secure, command-secure, and fully-secure. The first one is the default, i.e. no security. Anyone can issue any command at the EEPROM prompt. With command-secure a password would have to be used to boot from anything other than the default device. The most secure is fully-secure, where the password has to be supplied to boot in all cases. The EEPROM password is different from the OS password. Should you forget your EEPROM password you wont be able to change it unless you have access to the running system; from there you can use the eeprom command to reset any EEPROM parameters. So whatever you choose for this password, make sure its easy to remember or you might just lock yourself out of your machine. In which case, you might have to buy a new EEPROM (which in some cases involves swapping the CPU).
1998 Frank Fiamingo
269
System Security
28.8 Secure the console port

28.8.1 SunOS 4.1.X Root can only login to ports labeled secure in /etc/ttytab. Unless your console is in a locked room all ports should be labeled unsecure. This will require you to first login as yourself and then su to root. It also requires that the root password be entered when booting in single user mode from the disk. 28.8.2 SunOS 5.X SunOS 5.X requires the root password whenever you enter single user mode, both when booting, and when using init to move to single user run levels. SunOS 5.X has the /etc/default directory which contains files that set the default policies for the system. They specify whether to allow remote root logins, what the minimum password length should be, whether to create an su log file, etc.
28.8.2.1 /etc/default/login
This file specifies login policy. A typical file might contain:

HZ=100 TIMEZONE=EST5EDT #ULIMIT=0 CONSOLE=/dev/console PASSREQ=YES ALTSHELL=YES SYSLOG=YES UMASK=022 # # set the timezone variable for the shell # set the file size limit for the shell, 0 -> no limit # root can only login on this device # Null passwords are not allowed # set the shell environment variable # log all root logins and multiple failed attempts # set the initial umask
To allow remote root logins comment out the CONSOLE entry. To prevent root logins everywhere, even the console, set the CONSOLE entry to "=/dev/null".
28.8.2.2 /etc/default/passwd
This file specifies the minimum password length and password aging restrictions.
MAXWEEKS= MINWEEKS= PASSLENGTH=6 # Length of time the password is valid # Minimum time between password changes # Minimum password length
28.8.2.3 /etc/default/su
This file specifies the notification procedure for when su is executed.

SULOG=/var/adm/sulog # Log all su attempts to this file #CONSOLE=/dev/console # Log successful su attempts to the console
270
1998 Frank Fiamingo
Security Loopholes
28.8.3 IRIX /etc/default/login defines the console and whether or not root login is permitted, as with SunOS 5.X. 28.8.4 Ultrix If the terminal is labelled "secure" in /etc/ttys root can login on that device. 28.8.5 Digital UNIX /etc/securettys is used to specify which terminals will allow root logins. When Enhanced Security mode is enabled the file, /etc/auth/system/ttys, contains the terminal access database and keeps records of the last access to the terminals.
28.9 Security Loopholes

28.9.1 /etc/hosts.equiv In SunOS 4.1.X this file is distributed with the contents "+", i.e. every host on the network is trusted. Any wildcard characters should be removed from this file. Use specific host names. If youre not going to have any trusted hosts just delete the file. If you are going to use it be careful. Entries such as:
machine_name user_name
mean that user, user_name, from machine_name can login as any user on your host. Also, contrary to the manual "-" acts as "+". 28.9.2 .rhosts This file is similar to /etc/hosts.equiv, but for a specific user. Each user may create their own .rhosts file and allow the indicated account from another machine access to their login without a password. A .rhosts file in the root directory allows root access, which may occasionally be necessary for network backups. 28.9.3 /etc/exports If no access is specified in /etc/exports for a file system, then every host has access to that file system. Avoid entries such as:
/home
28.9.4 NFS mounts When mounting file systems via NFS, if you cant trust the system youre mounting from, always make sure you mount the file systems with the nosuid, or dont mount it. This prevents anyone from running suid programs from those file systems.
# mount -o nosuid,bg,intr untrusted:/home /u_home
1998 Frank Fiamingo
271
System Security
28.9.5 FTP FTP is often used for anonymous login and sharing of files (e.g. archives). This should be done in a secure manner (see the Manual). Put an "*" in the password field of user ftp, do a change root to ~ftp, and use a non-valid shell, e.g. /bin/false for the user ftp. You can limit password ftp access to your system with the /etc/ftpusers and /etc/shells files. If the users name is in the ftpusers file access is denied. If the users shell is not in the shells file access is denied. 28.9.6 Trivial FTP, TFTP This is used to allow diskless workstations, X-terminals, and network routers to boot from servers without authentication. Again this should be done by using a change root to /tftpboot. The entry below in /etc/inetd.conf will do this.
tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot
28.9.7 Mail Remove the decode aliases from /etc/aliases (SunOS 4.1.X) and /etc/mail/aliases (SunOS 5.X). Should there be any other aliases that pipe programs through commands make sure that there is no way to obtain a shell or send commands to a shell from the alias. Make sure your sendmail doesnt support the debug command. Check this by telneting to your SMTP port and typing "debug". 28.9.8 PATH Your executable path, and that of root should not contain ".", i.e. the present directory. It should only contain directories that are known to be secure. e.g. a PATH such as
PATH=.:/bin:/usr/bin:/usr/ucb
will first check in the present directory for the specified file. Should a user put an executable file in /tmp with a common name, e.g. "ls", typing "ls" when in /tmp will execute their command, /tmp/ls. Some people advocate putting "." at the end of your PATH. Thats not sufficient, especially if youre prone to typing mistakes, e.g. typing mroe instead of more will not be found in one of the system files, but a thoughtful cracker could have one lying in wait for you. 28.9.9 /etc/inetd.conf This file controls access to many of the services on your system. Some of these services you may not want to provide access to. Remove or comment out entries to such services and then send inetd a hangup signal (kill -HUP on the process) so that it will reread this file. You could also install TCPwrapper so that you control which machines or networks can access individual services. 28.9.10 tmpfs, /tmp When tmpfs is used /tmp is re-created after each reboot. Make sure that the sticky bit is set i.e.; the mode should be 1777. The sticky bit must be set so that users cant change files they dont own.
272
1998 Frank Fiamingo
Additional Security Features in SunOS 5.X
28.9.11 /etc/utmp Login accounting records are written in /etc/utmp. This file should NOT be writable by everyone, as it is commonly distributed, e.g. SunOS 4.1.X, this is often the case. Remove general write permission from this file by setting it to mode 644.
28.10 Additional Security Features in SunOS 5.X

SunOS 5.X includes a number of security features not present in SunOS 4.X. Some are set by default, others can be set using the Automated Security Enhancement Tool (ASET). Among the new features are:

shadow password file, /etc/shadow /etc/default directory containing files that set system access security controls restricted shell, /usr/lib/rsh ASET optional Kerberos support Solstice AdminSuite (solstice) security levels password is required when entering single-user mode 28.10.1Restricted Shell
Restricted shells allow you to control the users environment. The restricted shell, rsh, allows the user to do everything allowed by sh, except: change directory set the value of $PATH specify the path of command names containing / redirect output (> and >>)
The restricted shell is /usr/lib/rsh. This should not be confused with the remote shell, which is /usr/bin/rsh. Dont rely too heavily on the restricted shell. Its not that restricted. While you cant specify a command name that begins with "/", you can specify arguments that do. So if cat is in your path you could type:
% cat /etc/passwd
and have a look at the password file. Also, some programs, such as editors and telnet, allow you to escape out to a shell and editors can edit/view any file with read access allowed on the system.
1998 Frank Fiamingo
273
System Security
28.10.2 Automated Security Enhancement Tool ASET allows you to monitor and restrict access to system files. It can be configured for three security levels: low, medium, and high. At low level ASET doesnt modify any system files, but reports on potential security weaknesses. At medium level some system files may be modified to restrict access. This should not affect system services. It will report on security weaknesses and changes performed. At high level further restrictions are made to provide a secure system. System parameters are changed to provide minimal access. Most system applications should still work normally, but security is considered more important than applications at this level. At the highest level the checks performed by ASET are:

verify appropriate permissions for system files verify contents of system files check consistency and integrity of entries in passwd and group check contents of system configuration files check environment files: .profile, .cshrc, .login verify appropriate eeprom settings to restrict console login access disables IP packet forwarding so that the system can be used as a firewall or gateway machine
It checks files such as: /etc/hosts.equiv /etc/inetd.conf /etc/aliases /etc/default/login /etc/vfstab /etc/dfs/dfstab /etc/ftpusers /var/adm/utmp /var/adm/utmpx /.rhosts
for "+" entries for tftp, ps, netstat, and rexd entries for the decode alias for root access via the CONSOLE= entry for world-readable/writable file systems for files shared without restrictions at high security places root in this file to disallow access for root changes world-writable access at high security level " removes this for medium and high security levels
ASET uses the directory /usr/aset for its scripts and reports. Some of the scripts used to control ASET actions are tune.low, tune.medium, and tune.high in the /usr/aset/masters directory, which specify file ownership and permissions. ASET requires the package SUNWast be installed on the system.
274
1998 Frank Fiamingo
SRI Security Report
28.11 SRI Security Report

SRI International released (April 1990) a report on system security: Improving the Security of your UNIX System, by David A. Curry. This is available as ftp://www-wks.acs.ohiostate.edu/pub/security/security-doc.tar.Z. The final security checklist of this document, Appendix A is reproduced here.
SECURITY CHECKLIST
This checklist summarizes the information presented in the paper (Improving the Security of your UNIX System, by David A. Curry), and can be used to verify that you have implemented everything described. Account Security [] Password policy developed and distributed to all users [] All passwords checked against obvious choices [] Expiration dates on all accounts [] No idle guest accounts [] All accounts have passwords or * in the password field [] No group accounts [] + lines in passwd and group checked if running Yellow Pages Network Security [] hosts.equiv contains only local hosts, and no + [] No .rhosts files in users home directories [] Only local hosts in root .rhosts file, if any [] Only console labeled as secure in ttytab (servers only) [] No terminals labeled as secure in ttytab (clients only) [] No NFS file systems exported to the world [] ftpd version later than December, 1988 [] No decode alias in the aliases file [] No wizard password in sendmail.cf [] No debug command in sendmail [] fingerd version later than November 5, 1988 [] Modems and terminal servers handle hangups correctly File System Security [] No setuid or setgid shell scripts [] Check all nonstandard setuid and setgid programs for security [] Setuid bit removed from /usr/etc/restore [] Sticky bits set on world-writable directories [] Proper umask value on root account [] Proper modes on devices in /dev Backups [] Level 0 dumps at least monthly [] Incremental dumps at least bi-weekly
1998 Frank Fiamingo
275
System Security
28.12 CERT Security Advisories

Below is a truncated version of one of the more recent CERT advisories. All CERT advisories are available at ftp://cert.org/pub/cert_advisories. 28.12.1rdist Vulnerability
============================================================================= CERT(sm) Advisory CA-96.14 July 24, 1996 Topic: Vulnerability in rdist This advisory supersedes CA-91:20.rdist.vulnerability and CA-94:04.SunOS.rdist.vulnerability. - ----------------------------------------------------------------------------The CERT Coordination Center has received reports that a new vulnerability in rdist has been found and an exploitation script is widely available. Current reports indicate that the script works on x86-based versions of the UNIX Operating System; however, we believe that it would not be difficult to write variants that work on other instruction sets and configurations. The CERT/CC Staff recommends following the steps in Section III.A. to determine if your system is vulnerable and to disable vulnerable programs, then following your vendor's instructions (Section III.B and Appendix A). Until you can install a vendor patch, you may want to install a freely available version of rdist, noted in Section III.C. As we receive additional information relating to this advisory, we will place it in ftp://info.cert.org/pub/cert_advisories/CA-96.14.README We encourage you to check our README files regularly for updates on advisories that relate to your site. - ----------------------------------------------------------------------------I. Description The rdist program is a UNIX Operating System utility used to distribute files from one host to another. On most systems, rdist is installed as set-user-id root, a necessity due to its design. Unfortunately, this setting makes it a favorite target for vulnerability investigation. A new vulnerability in rdist has been discovered and reported. The vulnerability lies in the lookup() subroutine where the value of a command line argument is used to overflow the subroutine call stack. If that argument is specially crafted with native machine code lookup() returns control to the code added to the call stack instead of the subroutine that called lookup(). If, for example, this added code uses a member of the exec system call family and names /bin/sh as the program to be executed, that shell is then run with set-user-id root privileges. No matter what code is added, the code runs with set-user-id root privileges. An exploitation program, which is circulating on the Internet, take advantage of this vulnerability. While it purports to work only on x86-based versions of the UNIX Operating System, variants tuned to other instruction sets and configurations are straightforward to write. II. Impact On unpatched systems, anyone with access to a local account can gain root access. III. Solution We urge you to follow the steps in Section A to determine if your system is potentially vulnerable and, if it is, to turn off rdist while you decide how to proceed. If you need the functionality that rdist provides, install a vendor patch (Sec. B). Until you can do so, you may want to install a freely available version of rdist that does not need to be installed as set-user-id root and is, therefore, not susceptible to the exploitation described in this advisory (Sec. C). ...
276
1998 Frank Fiamingo
C H A P T E R 29
Secure Shell, SSH
29.1 Secure SHell

Normal IP traffic has the following weaknesses that can be exploited to compromise security:
weak authentication no privacy no integrity protection based on IP addresses that can be spoofed or reusable passwords that can be sniffed packets can be sniffed connections can be hijacked
Secure SHell (SSH) was designed to address these problems by providing a stronger authentication mechanism to identify both hosts and users and to enable secure connections between machines for executing commands and remote shells between them. It can be used to directly replace the functions of rsh, rcp and rlogin. It can also be used, in many cases, instead of telnet and ftp and to forward other connections, such as those between X, pop or nntp servers and clients. The current method of communicating between machines allows anyone to sniff the packets on the network. Passwords and all data are sent along in plain text and can be readily captured and analyzed. Secure shell foils sniffing attempts by encrypting the packets (using ciphers) and by only allowing connections with known machines (using RSA public key technology to authenticate). In general, it never trusts the network. Should an attacker gain root access to your machine through another means, however, SSH can then be compromised also. The encryption method, and indeed whether or not encryption is even turned on, is a setable parameter. Make sure you choose the values that will properly protect your system. SSH can be used to replace the rsh/rcp/rlogin programs, or to work with them. If you always want to have a secure connection, then replace them. If you want to allow connections to remote machines that dont have SSH, then let it work with them. If the remote machine doesnt support ssh it will then fall back to using the r-programs, after first informing the user that the communication will not encrypted. More information about ssh can be obtained from the SSH home page http://www.cs.hut./ssh/ and from the documentation files that come with the source code. Ssh was developed by Tatu Ylonen at the Helsinki University of Technology, [email protected]. There is an SSH mailing list. You can get information about how to subscribe to the list by sending mail to [email protected]. Im writing this report as an aid to the novice administrator to install, configure, and make use of this unique security tool. A script for easy installation is included at the end of this Chapter.
277
Secure Shell, SSH
29.1.1 Description of SSH Secure SHell is designed to provide strong authentication and secure communications over what are normally insecure channels. It allows remote logons, remote execution of commands, and remote copies, acting as a direct replacement for rlogin, rsh, rcp, and rdist. It provides the following features:

Strong authentication Improved privacy SSH can use .rhosts together with RSA based host authentication, and pure RSA authentication. Encryption of all communications are automatic and transparent. Key exchange is done with RSA. The session is encrypted with a cipher (IDEA, DES, or triple-DES). Encryption is started before authentication so that no passwords are ever sent in the clear. DISPLAY is automatically set on the server machine, forwarding any X11 connections over the secure channel. Bi-directional redirection of arbitrary TCP/IP ports can be done through the encrypted channel. Replace the insecure programs with secure ones and everything happens automatically for the users. Old .rhosts files will still be valid, but with strong authentication, if the system administrator installs host key files. With RSA authentication nothing but the private key is trusted. The client and the server each use RSA to authenticate the other. The client authenticates the server at the start of each connection, and the server authenticates the client before it allows .rhosts or /etc/hosts.equiv access. This prevents DNS, routing, or IP-spoofing and man-in-the-middle attacks. typically 1024 bits. These can be generated and distributed centrally and automatically or manually by each user for their own use. Both the central and per-user host keys are used. typically 1024 bits. Each user can create any number of RSA user authentication keys for their own use. The public keys are stored in a private file. The user provides the private key to authenticate. The server regenerates its RSA key (normally 768 bits) automatically every hour (configurable) and never saves it in a file. Session keys are exchanged after encryption using both the server key and the server host key. This prevents capturing a session and deciphering it at a later time. can hold the users RSA authentication keys. These would typically be running on the user's laptop or local machine and there is no need to store the RSA authentication keys anywhere else. SSH automatically forwards the connection to the authentication agent, never revealing the keys. The protocols are only used to verify that the agent has a users key. The client has customizable configuration files, both system-wide and per-user. Different options can be specified for different hosts. If the server machine is not running sshd a warning is displayed and then ssh automatically falls back to using conventional rsh. gzip compression of all data, including forwarded X11 and TCP/IP port data, is optional.
Secure X11 sessions Port forwarding Automatic
Never trusts the network Prevents spoofing
Host authentication key
User authentication keys
Server key regeneration
Authentication agents
Customizable rsh fallback Compression
278
SSH Programs
29.1.2 What SSH Does Not Do SSH does not protect you from anyone having root access on your local machine or on the server machine. Root on either of these machines could monitor your session or replace programs with trojan horses. So basic security on the client and server machines still needs to be maintained.
29.2 SSH Programs

The SSH package includes the server program, r-program replacements, a program to generate and register the keys, and a perl script to probe and report the public keys of hosts on a network or DNS subdomain.
TABLE 29.1
Ssh Programs Description Server program - listens for connections from client machines, authenticates the connection and starts the service Client program - used to send remote commands (rsh replacement) of remotely login (rlogin replacement) to another machine Symbolic link to ssh replacing rlogin Copy files to another machine (rcp replacement) Create authentication keys for hosts and users Authentication agent - holds RSA authentication keys Register new keys with the agent Script to probe hosts on a network for their public keys. Used to populate /etc/ssh_known_hosts.
Program sshd ssh slogin scp ssh-keygen ssh-agent ssh-add make-ssh-known-hosts
29.2.1 Usage The user connects to other machines with commands similar to:
% ssh remote_host command % ssh remote_host % xterm -e ssh remote_host &
29.2.2 Debugging To get debugging information you can run the server process with "-d" or the user process with "-v":
# sshd -d % ssh -v host
279
29.3 Control Files
280
Files used by SSH File
machine private key, accessible only by root machine public key. This file has one line of the form: 1024 37 94512...(lots of numbers)...34891 root@this_machine seed for the random number generator, accessible only by root system-wide known public host keys of machines. Public keys are put here, one per line, with a format similar to ~/.ssh/authorized_keys: system name, number of bits in modulus, public exponent, modulus, and optional comment field, all separated by spaces. The system name can include aliases and IP addresses separated by commas, e.g. (all on one line) nyssa,nyssa.acs.ohio-state.edu,128.146.116.4 1024 41 50812...(lots of numbers)...72391 root@nyssa These can be obtained from the /etc/ssh_host_key.pub of each other host. If you have enabled StrictHostKeyChecking in /etc/ssh_config then you must manually add the desired host's public key to this file so that sshd will allow an RSA authenticated connection. Otherwise, if the host's entry is not in this file ssh will add it to the users local file, ~/.ssh/known_hosts. Generate the entries as root on the host, with ssh-keygen. system-wide ssh configuration file. Provides defaults for parameters not specified in the users' ~/.ssh/config. See the table below for a list of keywords and default arguments. sshd (ssh server daemon) configuration file. Lines beginning with # and empty lines are comments. Configuration lines have the form: "keywords arguments", where the keywords are case sensitive. See the table below for a list of keywords and default arguments. process id number of the latest sshd. limits logins to root user only, if it exists. The contents of this file will be displayed to any user trying to login in. environment variables to set at login. Lines should be of the form "name=value". lists hosts and users allowed to use rlogin/rsh if RhostsAuthentication or RhostRSAAuthentication is set. same as /etc/hosts.equiv, but only for ssh. commands to execute when the user logs in before starting the user's shell.
The following table lists the les used by SSH to hold information necessary to verify the host or user and to congure the connection. Not all of these les are necessarily used. This depends on the restrictions you specify for the server options.
TABLE 29.2
Directory
Usage
/etc
ssh_host_key
ssh_host_key.pub
ssh_random_seed
ssh_known_hosts
Secure Shell, SSH
ssh_config
sshd_config
sshd.pid
nologin
environment
hosts.equiv
shosts.equiv
sshrc
TABLE 29.2
Files used by SSH File

provides .rhosts authentication if enabled by the ssh configuration files. same as ~/.rhosts, but only for ssh. used by ssh to store the authorization cookie for the X11 server. Ssh verifies that X11 forwarded connections carry this cookie. When the connection is opened the real cookie replaces this one. All X11 displays automatically go through the encrypted channel via a proxy X server created by ssh. Ssh will set the DISPLAY environment variable pointing to the server machine with a display number greater than zero. used in conjunction with /etc/ssh_known_hosts. This is ignored if StrictHostKeyChecking is enabled list of public keys of users that are allowed access to this account without a password. Generate the entries as the user on the host with ssh-keygen and provide a passphrase. Additional security options can be specified here. The user's local public key, kept in ~/.ssh/identity.pub, should be in this authorized_keys file on the remote machine. This file replaces the function of ~/.rhosts when using RSA authentication. It allows the user to login without providing a password. This file has one key per line, each in the form: 1024 37 44765081...(lots of numbers)...86828 frank@other_machine local private key of the user. local public key of the user. This should be copied to ~/.ssh/authorized_keys on the remote machine. This file has one line of the form: 1025 35 5574508...lots of numbers)...74727 frank@this_machine contains the seed for the random number generator. It should be read/write only for the user and should not be changed by the user. configuration file for the user. The format is the same as for the system-wide ssh configuration file, /etc/ssh_config. environment variables to set at login for this user. Similar to /etc/environment and read after that file. same as /etc/sshrc, but for the individual user.
Directory
Usage
$HOME
.rhosts
(~)
.shosts
.Xauthority
$HOME/.ssh
known_hosts.
(~/.ssh)
authorized_keys
identity
Control Files
identity.pub
random_seed
config
environment
rc
29.3.1 Configuration Options SSH allows you to specify command line options and will read configuration options from a user file (~/.ssh/cong) and a systemwide configuration file (/etc/ssh_cong and /etc/sshd_cong), with preference in the order: option, user, system. Valid keywords and their arguments for the options to the ssh and sshd configuration parameters are in the following table.
281
282
Keywords and Arguments
Arguments host_names host_ipaddresses yes/no idea/des/3des/arcfour/tss/none yes/no 1-9 integer hostname host_ipaddress ~/^<char>/none yes/no yes/no yes/no yes/no file host_names host_ipaddresses host_key_file hostname file yes/no yes/no yes no ~/.ssh/identity /etc/ssh_host_key command line option none Client /etc/ssh_known_hosts Client yes Client yes Client no Server yes Client ~ Client The escape character to use. Should the connection fall back to rsh if connection is refused by the remote host (i.e. no sshd is running) Should verbose logging be enabled. Should the connection to the authentication agent be forwarded to the remote machine. Should X11 connections be forwarded over the secure channel and have DISPLAY set. File to use instead of the default. Restrict the configuration options following, up to the next Host declaration, to the desired host(s). Wildcards: "*" and "?" are accepted for pattern matches. Server Client Client Server Both File to use instead of the default. Nicknames or abbreviations for hosts File(s) containing users authentication identity Should ~/.rhosts and ~/.shosts be used. /etc/hosts.equiv and /etc/shosts.equiv are still used. Should the system send keepalive messages to the remote connection. Both client and server should agree on this. none Server ? Client 6 Client no Client Compress the session data Compress using the gzip algorithm: 1->fast (poor); 9->slow (best) Number of tries per second to attempt before falling back to rsh or exiting. Deny login from these hosts. Space separated list of hostname or IP addresses. idea Client Specifies the cipher to use for encryption of the session no Client Should passphrase/password querying be disabled all hosts Server Default Server or Client Comment Hosts allowed to login. Space separated list of hostname or IP addresses. Wildcards: "*" and "?" are accepted for pattern matches
TABLE 29.3
Keyword
AllowHosts
BatchMode
Cipher
Compression
CompressionLevel
ConnectionAttempts
DenyHosts
EscapeChar
FallBackToRsh
Secure Shell, SSH
FascistLogging
ForwardAgent
ForwardX11
GlobalKnownHostsFile
Host
HostKey
HostName
IdentityFile
IgnoreRhosts
KeepAlive
TABLE 29.3
Keywords and Arguments
Keyword time local_port remote_host:port time yes/no yes/no yes/nopwd/no pid_file port# yes/no command_string yes/no random_seed_file remote_port local_host:port yes/no yes/no yes/no #bits yes/no yes/no syslog_code remote_user file yes/no yes/no yes yes DAEMON your_login_id ~/.ssh/known_hosts yes no 768 yes Both Server Client Server Server Client Client Client Server yes Both no Both none Client /etc/ssh_random_seed Server no Server none Client yes Server 22 Both /etc/sshd.pid Server File to use instead of the default. yes Server yes Server Should empty passwords by permitted. yes Both Should password authentication be allowed. 600 Server none Client 3600 Server Automatic key regeneration interval, in seconds
Arguments
Default
Server or Client Comment The local tcp/ip port is forwarded to the remote host:port on the remote machine via the secure channel Successful login must be accomplished within this period, in seconds.
KeyRegenerationInterval
LocalForward

Should root logins be permitted. "nopwd" disallows password authenticated root logins. Port to connect to on the remote host or to listen to on this machine Should /etc/motd be printed at login. Command to connect to the remote server Should the system run in quiet mode, i.e. log only fatal errors. File to use instead of the default. The remote tcp/ip port is forwarded to local host:port via the secure channel Should rhosts based authentication be tried Should rhosts based authentication with RSA host authentication be tried Should RSA authentication be tried. The identity file must exist or an authentication agent must be running Specify the number of bits to use in the server key, minimum 512. If yes, hosts will not be automatically added to ~/.ssh/known_hosts and connections will be rejected to a host whose host key has changed Should strict checking of permissions be done on authentication files. Specify the logging code to use. Become a different user on the remote end of the ssh connection File to use for the users' known hosts Should rlogin/rsh be used for this host Should X11 forwarding be permitted.
LoginGraceTime
PasswordAuthentication
PermitEmptyPasswords
PermitRootLogin
PidFile
Port
PrintMotd
ProxyCommand
QuietMode
Control Files
RandomSeed
RemoteForward
RhostsAuthentication
RhostsRSAAuthentication
RSAAuthentication
ServerKeyBits
StrictHostKeyChecking
StrictModes
SyslogFacility
User
UserKnownHostsFile
UseRsh
283
X11Forwarding
Secure Shell, SSH
29.4 Setting up the Service

29.4.1 Files necessary to trust a user across the network To trust a user from host A on host B /etc/ssh_known_hosts on both A and B should have the public keys of the other machine and the user should have their public key from host A in their ~/.ssh/authorized_keys file on host B. Since the RSA authentication uses the private key, contained in ~/.ssh/identity, if hosts A and B share the same NFS mounted home directory for the user putting the public key for the user, from ~/.ssh/identity.pub, in ~/.ssh/authorized_keys will mean that the user is trusted in both directions, i.e. from AB and from BA. Root is treated as any other user, with its files in the directory /.ssh. For root and other system logins you may want to use an empty passphrase when creating the key. This is especially true if you want to run cron jobs between machines as this user, because there will not be anyone there to provide the passphrase when the job runs. The passphrase does provide an additional level of security. Should someone break into your system the private key could be stolen, but without the passphrase they would not be able to exploit it on the remote system. These files will have entries similar to the following, where the keys have been truncated for brevity and each entry should be on a single line.
File Contents /etc/ssh_known_hosts hostname,list,of,aliases,IP_addr key_size exponent host_key root@hostname ~/.ssh/known_hosts hostname,list,of,aliases,IP_addr key_size exponent host_key root@hostname e.g., the two files above might contain: nyssa,nyssa.acs.ohio-state.edu,128.146.116.4 1024 37 12086835009060408900597155700226478152381878812729625690964751596049798262746 root@nyssa susan,susan.acs.ohio-state.edu,www-wks.acs.ohio-state.edu,128.146.116.32 1024 35 206297116078594680112446644696531356796278353005287817794587469777554961618889 root@susan ~/.ssh/authorized_keys key_size exponent host_key user@hostname e.g.: 1024 37 287615623236504102828255516467970261345966571750574014601611091414106110923656 frank@nyssa 1024 35 261345966557401405287817795875946801144664466539060089057970263596571750574014 frank@susan ~/.ssh/identity.pub key_size exponent host_key user@hostname e.g.: 1024 37 287615623236504102828255516467970261345966571750574014601611091414106110923656 frank@nyssa
In these files aliases are separated by commas (,) and fields are separated by spaces.
Setting up the Service
29.4.2 Configuration Files The server (sshd) configuration file is /etc/sshd_cong. To allow hosts from a couple of subnets, use RSA authentication, but not Rhosts authentication, try a configuration file similar to the following:
# This is ssh server system-wide configuration file. Port 22 AllowHosts 128.146.226.* 128.146.116.* ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes QuietMode no FascistLogging no PrintMotd no SyslogFacility LOCAL6 RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no
The client (ssh) configuration files are: /etc/ssh_cong for the system, and ~/.ssh/cong for a user. This configuration file disallows Rhosts authentication, but sets RSA and Password authentication, and enables StrictHostKeyChecking.
# This is ssh client system-wide configuration file. This file provides defaults for users, and the values # can be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. Thus, host-specific definitions should # be at the beginning of the configuration file, and defaults at the end. # Site-wide defaults for various options RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes StrictHostKeyChecking yes
285
Secure Shell, SSH
29.4.3 Generating the keys, ssh-keygen To generate the keys use ssh-keygen. It will populate the files: ~/.ssh/identity and ~/.ssh/identity.pub for the user. If the user is root do this without a passphrase, and then you can copy these to: /etc/ssh_host_key and /etc/ssh_host_key.pub. Then to allow hosts and users to connect you copy the public keys from the remote hosts and users to the comparable files on this host, and for the desired user. Host: /etc/ssh_host_key.pub /etc/ssh_known_hosts This is required if StrictHostKeyChecking is turned on in sshd_cong. If this is not turned on than the user's ~/.ssh/known_hosts file will be updated when they connect to other hosts. User: ~/.ssh/identity.pub ~/.ssh/authorized_keys Each user must use ssh-keygen to generate their own unique set of keys. For additional security they should provide a passphrase. 29.4.4 Authentication and Encryption The default authentication mechanism is RSA, based on public key cryptography. This scheme has separate keys for encryption and decryption. With sufficiently large keys it is not possible to guess the decryption key given the encryption key. This allows one to publicly provide the encryption key so that other users or machines can encrypt their message with it. Then only the holder of the private decryption key should be able to decrypt the message. This private key can be optionally protected with a passphrase for additional security. Several encryption algorithms are available. The default, and most secure, is idea.
29.5 Login Process

Sshd controls the login process through the following steps:
1.
2. 3. 4. 5. 6. 7. 8. 9.
10.
Print the last login time (if the login is via tty and a command was not specified) and /etc/motd (if not prevented by the configuration file or by ~/.hushlogin). Record the login time (if the login is via tty). If /etc/nologin exists, print the file and quit (except for root login). Convert to run with privileges of the user. Configure the environment. If /etc/environment exists, read it and add it to the environment. If ~/.ssh/environment exists, read it and add it to the environment. Change directory to the user's $HOME. If ~/.ssh/rc exists, run it with the users shell; if not, if /etc/sshrc exists, run it; otherwise run xauth. When X11 spoofing is enabled the rc files are fed an X11 authentication protocol ($proto), cookie ($cookie) and $DISPLAY and the script is expected to call xauth to store the cookie. Run the user's shell or command.
286
Installation
29.6 Installation
The source can be obtained from a number of places, including ftp://ftp.net.ohiostate.edu/pub/security/ssh/, with the latest version being 1.2.26. To compile the source and install the software do the following:
1. 2.
3. 4. 5.
zcat ssh-1.2.26.tar.gz | tar -xvBf - ; cd ssh-1.2.26 # Open up the files Configure the setup, (see the files README, OVERVIEW, INSTALL and the man pages). The default is to put the client files will be installed in the bin directory under the prefix (default is /usr/local) and the server in sbin, e.g.: ./configure --prefix=/opt/local --with-rsh=/bin/rsh make make install Set the daemon up to run at boot. The following script should do this for you. It can be found as: ftp://wks.uts.ohio-state.edu/pub/solaris2/src/setup_ssh.sh. This script will: a enable the daemon to be started at boot time b generate the host key for the machine c sets up default configuration files for clients and server d log server connections using LOCAL6 through syslogd to /var/log/sshd_log e start the server Later you can edit the control files as desired. Should you change entries in /etc/sshd_cong you will need to send a HUP signal to sshd so that it will reread this file.
#!/bin/sh # Frank Fiamingo March 15, 1996 # Script to setup sshd # name: ssh # vers: 1.2.13 # source: ftp://ftp.net.ohio-state.edu/pub/security/ssh date=`date +%m/%d/%y` top=/usr OS=`uname -s` OSlevel=`uname -r|cut -c1` if [ "$OSlevel" = "5" ]; then if [ "$OS" = "SunOS" ]; then top=/opt fi fi if [ "$OSlevel" = "5" ]; then # Solaris 2.X or IRIX 5.X if [ ! -f /etc/init.d/sshd ];then cat << EOF_init.d > /etc/init.d/sshd #!/bin/sh # # start up sshd, installed by $USER, $date # case "\$1" in 'start')
287
Secure Shell, SSH

if [ -x $top/local/sbin/sshd ]; then $top/local/sbin/sshd && \\ echo "Starting sshd daemon, takes about 1 minute... " fi ;; 'stop') [ ! -f /etc/sshd.pid ] && exit 0 syspid=\`cat /etc/sshd.pid\` if [ "\$syspid" -gt 0 ]; then echo "Stopping the sshd daemon." kill -15 \$syspid 2>&1 | /bin/grep -v "no such process" fi ;; *) echo "Usage: /etc/init.d/sshd { start | stop }" ;; esac exit 0 EOF_init.d chmod 755 /etc/init.d/sshd (cd /etc/rc2.d ; ln -s ../init.d/sshd S99sshd ) fi fi # end if for OSlevel=5 if [ "$OSlevel" = "4" ]; then # Solaris 1.X if [ -f /etc/rc.local ]; then grep $top/local/sbin/sshd /etc/rc.local >/dev/null 2>&1 || cat << EOF_rc.local >> /etc/rc.local # # sshd daemon, installed by $USER, $date if [ -x $top/local/sbin/sshd ]; then $top/local/sbin/sshd && echo ' Starting sshd ' fi EOF_rc.local else echo "/etc/rc.local not found ..." fi fi # end if for OSlevel=4 if [ ! -f /etc/ssh_host_key ];then echo "" echo "We're now going to generate the host key for this machine." echo "We'll use a null passphrase." echo "This will take a little while ..." rm -f /.ssh/identity /.ssh/identity.pub (echo /.ssh/identity | ssh-keygen -N "" ) && echo "Done." cp /.ssh/identity /etc/ssh_host_key && chmod 600 /etc/ssh_host_key cp /.ssh/identity.pub /etc/ssh_host_key.pub fi # Configure the client service with the file /etc/ssh_config if [ ! -f /etc/ssh_config ];then cat << EOF_ssh > /etc/ssh_config
288
Secure Shell, SSH

# This is the ssh client system-wide configuration file. # It provides the defaults, whose values can be changed in # the user's own configuration file or on the command line. RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication yes StrictHostKeyChecking yes EOF_ssh fi # Configure the daemon with the file /etc/sshd_config if [ ! -f /etc/sshd_config ];then cat << EOF_sshd > /etc/sshd_config # This is the ssh server system-wide configuration file. Port 22 AllowHosts 128.146.226.* 128.146.116.* ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes QuietMode no FascistLogging no PrintMotd no SyslogFacility LOCAL6 RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no EOF_sshd fi # If the daemon configuration file was set up at install, make sure # that we log to local6 grep "SyslogFacility LOCAL6" /etc/sshd_config >/dev/null 2>&1 || if sed -e 's/DAEMON/LOCAL6/' /etc/sshd_config > tmp_sshd_config then mv tmp_sshd_config /etc/sshd_config else echo "SyslogFacility LOCAL6" >> /etc/sshd_config fi # If the daemon's currently running, stop it. if [ -f /etc/sshd.pid ];then kill -15 `cat /etc/sshd.pid` fi # Make sure that syslog logs sshd reports to a separate file # In the following we use tabs, not spaces, as separators. grep local6 /etc/syslog.conf >/dev/null 2>&1 || (echo "local6.debug /var/log/sshd_log" >> /etc/syslog.conf;\ touch /var/log/sshd_log; \ kill -HUP `cat /etc/syslog.pid` ) # Start the daemon
289
Secure Shell, SSH

$top/local/sbin/sshd echo "" echo "This host should now be running the sshd daemon." echo "You will still need to edit /etc/ssh_known_hosts to put the " echo "desired public host keys for the machines you want to trust."
290
PART IV
Summary
SunOS/Solaris Command Summary UTS UNIX Workstation Support
291
Summary
292
C H A P T E R 30
Summary of SunOS/Solaris Differences
30.1 SunOS 4.1.X and 5.X Administrative Command Differences

The summary of SunOS administrative command differences is given in the following table.
TABLE 30.1
Administrative Commands SunOS 5.X pkgadd swmtool uname -m at automount NA chmod o+x /dev/tty chmod o-x /dev/tty NA /opt/SUNWspro/bin/cc chown Comments Add software packages. Determine the system architecture. Security is more restricted under SunOS 5.X. The new master file names are auto_master and auto_home. The default home directory is /export/home/<username>. Use tar or cpio -H bar to replace bar. Set the tty permissions, as biff is not available. Set the tty permissions, as biff is not available. Block I/O daemon. Separate product. How it treats symbolic links is changed. The command now follows the link and changes permissions on the file. To change the ownership of the link use chown -h. File system directory consistency check. Now uses 2-byte, rather than 4-byte words. Information reported has been changed. Output format and options are changed. Reports similar information; privileged command in SunOS5.4-. RFS commands.
SunOS 4.X add_services arch at automount bar biff -y biff -n biod cc chown
dcheck dd devinfo df dkinfo dorfs
NA dd devinfo sysdef -d df -k prtvtoc rfstart/rfstop
293
TABLE 30.1
Administrative Commands SunOS 5.X du -k ufsdump snoop share NA NA pkgadd swmtool init 6 init 0 file find fsck sysdef -h uname -n init NA iostat NA lpsched lpadmin lpstat lp cancel NA ls uname -p make NA mkfs mknod modinfo mount ncheck Comments Now reports in 512 byte, rather than 1024 byte blocks. Some new options. Now recognizes end-of-media. Similar functions. For both NFS and RFS. Extract files from installation media. Extract patches from installation media. Add software packages. Run level 6. Run level 0. No longer has the -L option. No longer has the -n cpio option. Changed. Sysdef is used to report the current system definitions, including peripherals attached and drivers loaded. Uname prints current system definitions. Many changes, including run levels, etc. Allow the following command to be interruptible. Some options are changed. Configure the cache for the run-time link editor, ld.so. LP scheduler. LP configuration command. Status of LP jobs. Some different options. Cancel an LP job. Generate a test pattern for the line printer. Some options are changed. Report the machine type. Now located in /usr/ccs/bin (package SUNWsprot). Generate an encryption key. Changed to support additional file system types. No longer have to be root to create character and block special files. Displays information about the kernel modules loaded. Changed to include additional file system types. Changed to include additional file system types.
SunOS 4.X du dump etherfind exportfs extract_files extract_patch extract_unbundled fastboot fasthalt file find fsck hostid hostname init intr iostat ldconfig lpc lpd lpq lpr lprm lptest ls mach make makekey mkfs mknod modstat mount ncheck
294
SunOS 4.1.X and 5.X Administrative Command Differences
TABLE 30.1
Administrative Commands SunOS 5.X rpcbind env ps sar swap -s ufsdump ufsrestore NA lockd mountd rquotad statd rpc.yppasswdd ufsrestore NA shutdown stty suninstall swap -a NA NA umount pkgrm fsflush /usr/ucb/vipw vmstat who id passwd yppasswd nispasswd Comments Maps universal addresses to RPC program number. Print the users environment variables. Options are changed, e.g. use ps -ef instead of ps aux. Reports on system activity. Reports on swap space available. Remote drives can be specified. File system restore program. Server for ethernet statistics. File locking daemon. Mount daemon. Server for remote quotas. Network status monitor. NIS password daemon; install NIS compatibility package, SUNWnsktu. Remote drives can be specified. Resource usage for the specified command. Significant changes. Some options have been changed. Significant changes. Add swap space. Modem carrier control. Timezone setup. Set with the /etc/default/init file. Changed to include additional file system types. Remove a software package. Flush the memory buffers. /etc/passwd editing; also allows editing of /etc/shadow. Some options are changed. Additional options available. Print the username. The yppasswd command is still available for changing password information on an NIS server. Use nispasswd to access NIS+ servers. NIS daemon (install package SUNWnsktu). NIS+ uses this daemon to service requests for information.
SunOS 4.X portmap printenv ps pstat pstat -s rdump restore rpc.etherd rpc.lockd rpc.mountd rpc.rquotad rpc.statd rpc.yppasswdd rrestore rusage shutdown stty suninstall swapon ttysoftcar tzsetup umount unload update vipw vmstat who whoami yppasswd
ypserv
/usr/lib/netsvc/yp/ypserv rpc.nisd
295
30.2 SunOS 4.1.X and 5.X Administrative File Differences

The following table lists some of the important files that have been changed.
TABLE 30.2
Administrative Files SunOS 5.X /ufsboot /etc/auto_master /etc/auto_home /etc/dfs/dfstab /etc/vfstab /etc/ttydefs /etc/passwd /etc/shadow /usr/share/lib/terminfo /etc/lp /etc/printers.conf Comments Boot program. Automounter configuration file. Automounter configuration file. Files shared by NFS and RFS. Table of files to mount. Terminal definitions. Shadow password file is now used. Database of printer and terminal characteristics. Directory of printer information. Database of configured printers (5.6+). The /etc/rc#.d subdirectory scripts are now used, which each rc# script and rc#.d directory controlling the run-level #. " " " Database of printer and terminal characteristics. Table of services to be started by init. Directory of SAF services. Defaults for login. Root login limited to console. Man page organization has been changed. System administration man pages are in 1M. You can set an environment variable to specify the order of search for directories and sections. Mail spool directory. The hardware independent UNIX kernel. The hardware dependent part of the kernel.
SunOS 4.X /boot /etc/auto.master /etc/auto.home /etc/exports /etc/fstab /etc/gettytab /etc/passwd /etc/printcap
/etc/rc
/sbin/rc# /etc/rc#.d/
/etc/rc.boot /etc/rc.local /etc/rc.single /etc/termcap /etc/ttytab NA NA /usr/share/man
" " " /usr/share/lib/terminfo /etc/inittab /etc/saf /etc/default/login /usr/share/man
/var/spool/mail /vmunix
/var/mail /kernel/unix /platform/\uname -m/kernel/unix
296
C H A P T E R 31
UTS UNIX Workstation Support
31.1 UTS WORKSTATION SUPPORT TEAM

The Ohio State University / University Technology Services (UTS) Workstation Support Team consists of: Alan Albertus - Manager, Consultation ([email protected]) Rob Funk - Sun/SunOS & Solaris, general Unix (Baker Systems 452, 2-7802, [email protected]) Bob Debula - SGI/IRIX, DEC/Ultrix, Digital UNIX (Baker Systems 454, 2-4843, [email protected]) We can also draw on the expertise of other UTS staff, including: Harpal Chohan - X-Windows, Usenet news, Packet audio/video ([email protected]) Mohammed Rahman - SAS and statistical applications ([email protected]) Jerry Martin - Network Information Center, network planning ([email protected]) Clifford Collins, Steve Romig, Mowgli Assor - Security concerns ([email protected]) HP (HP-UX) - Support is provided by the College of Engineering. Contact Jim Gaynor ([email protected]). IBM RS6000 (AIX) - Tom Merrick in Engineering may be able to provide help ([email protected]).
297
UTS UNIX Workstation Support
31.2 Software
University Technology Services has site-licensed software from Sun Microsystems for Sun SPARC hardware. This software can be borrowed from the Information Center (Baker 512, 2-2626). This software includes:
SunOS C/C++ Fortran Pascal SunNet Manager PC-NFS
For DEC workstations we have Ultrix 4.5, Digital UNIX (formerly OSF/1) (for Alpha) and the DEC applications FORTRAN, DECNet, SQL, and DECFUSE. Also, on CD we have the Ultrix Consolidated Software Distribution (2 CDs), and DECwindows for OSF/MOTIF. You need to buy into the CSLG program to have access to this software; contact Chuck Sechler, 2-4843, for details.
For SGI workstations we have IRIX 5.3, 6.2, 6.3, 6.4, and 6.5, and the Varsity Pack software. OS maintenance and the Varsity Pack software need to be purchased through the Bookstore. For details contact Bob DeBula.
This and other workstation software we have are available through the Information Center Additional software includes: OSF/Motif 1.2.2 source, DECwrite for Sun workstations, Maple for most workstations of interest, NCAR graphics, NQS, SAS for Sun and HP workstations, and WordPerfect 5.1 for Sun workstations. Of these, only SAS and WordPerfect have a cost involved.
SunOS software patches can be obtained from Sun Support by workstation support staff. When obtained these are put up for anonymous ftp at ftp://wks.uts.ohio-state.edu/pub/sunpatches/.
IRIX software patches can be obtained from SGI directly, at http://support.sgi.com/. Other SGI related information can be found via anonymous ftp and www on araminta.acs.ohio-state.edu.
If you need further information, contact one of us above.
298

Unix Sysadmin

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unix Sysadmin

Uploaded by

Copyright:

Available Formats

UNIX System Administration

University Technology Services The Ohio State University

September 23, 1998

1998 University Technology Services, The Ohio State University

UNIX System Administration

Disk Structure and Partitions ..........................................17

The UNIX File System ......................................................33

File System Management .................................................45

UNIX System Administration

5.4 5.5 5.6 5.7 5.8 5.9 5.10

Startup and Shutdown .................................................... 55

Operating System Installation ........................................ 71

Kernel Configuration ...................................................... 91

Adding Hardware .......................................................... 103

Special Files .................................................................... 111

System Directories ......................................................... 115

1998 University Technology Services, The Ohio State University

User accounts ..................................................................123

Daily System Administration .........................................127

Administration Tool & Solstice Adminsuite ................131

Package Administration .................................................141

Backup Procedures .........................................................155

Network Services ...........................................161

The Network ....................................................................173

UNIX System Administration

1998 University Technology Services, The Ohio State University

Network Administration ............................................... 181

Distributed File System Administration ...................... 195

Network Information Services (NIS and NIS+) .......... 209

Adding Clients ................................................................ 219

PART III Selected Topics ..............................................223

Useful Utilities ................................................................ 229

1998 University Technology Services, The Ohio State University

UNIX System Administration

Print Service ....................................................................241

World Wide Web ............................................................257

System Security ...............................................................265

Secure Shell, SSH ............................................................277

PART IV Summary ........................................................291

Summary of SunOS/Solaris Differences ...................... 293

UTS UNIX Workstation Support ................................. 297

1998 University Technology Services, The Ohio State University

UNIX System Administration

UNIX System Administration

1998 University Technology Services, The Ohio State University

1998 University Technology Services, The Ohio State University

UNIX System Administration

1.1 What is UNIX System Administration?

1.2 Daily Tasks of a System Administrator

1.3 Startup and Shutdown

1.4 Periodic Processes

1.5 Managing File Systems

1.6 Responsibilities to the users

1.7 Hardware responsibilities

1.8 Types of SunOS Systems

1998 University Technology Services, The Ohio State University

UNIX System Administration

Resources for System Administrators

1.9 Resources for System Administrators

1998 University Technology Services, The Ohio State University

UNIX System Administration

UTS Software Support

1.10 UTS Software Support

UNIX System Administration