Solaris - Sys Admin 1

  • Uploaded by: pradipgudale2000
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Solaris - Sys Admin 1 as PDF for free.

More details

  • Words: 17,279
  • Pages: 419
PART 1: Ch1

SYSTEM CONCEPTS

Pradip Gudale

1

Operating System • Definition : Set of programs that manage all computer operations and provides an interface between the User and the System Resources • Main parts of OS are Kernel, Shell and File structure

Pradip Gudale

2

Kernel • Manages devices, memory processes and daemons • controls the functions (transfer) between programs and hardware • schedules & executes processes • Manages swap & daemons

Pradip Gudale

3

H/W KERNEL

Shell

Pradip Gudale

4

OS shells • Bourne shell ($) : default, AT & T Unix • C shell (%) : similar features as Korn shell • Korn shell ($) : superset of Bourne shell; adds aliasing, history and command line editing

Pradip Gudale

5

FS structure • Directory hierarchy • topmost directory is root • /usr, /opt, /dev, /export/home, /kernel (genunix resides here)

Pradip Gudale

6

termionology • Host : a computer system • host name : unique; each on network must have hostname • Ip address : number used by networking s/w • client : host that uses services from other hosts • server : host that provides service • network : group of connected hosts Pradip Gudale

7

Examples of server • • • • • •

File server print server8 boot server install server name server mail server Pradip Gudale

8

PART 1:

Managing Users & Groups

Pradip Gudale

9

Solaris Users and Groups • role-based access control (RBAC) provides a flexible way to package superuser privileges • Special type of User Account called “Role”

Pradip Gudale

10

User Account Information • • • •

User Name Password User’s Home Directory Initialization Files

Pradip Gudale

11

User => Group • You add a User to a particular Group • This is to give access for a particular file or directory to a set of users

Pradip Gudale

12

User ID Numbers Login Accounts Reserved For … --------------------------------------------------------------0 - 99 root, daemon, bin, sys, etc. System accounts 100 - 2147483647 Regular users General purpose accounts 60001 nobody Unauthenticated users 60002 noaccess Compatibility with Solaris 2.0 and compatible versions and SVR4 releases Pradip Gudale

13

PASSWORD • Password aging feature • must be changed after specified period • cannot be changed within specified period

Pradip Gudale

14

Home directories • • • •

Usually /export/home/username Can be on local m/c or file server accessed via /home/username if automounter is used it does not allow you to vreate anything under /home

Pradip Gudale

15

User’s Initialization Files • • • •

.login .cshrc .profile System initialization files are /etc/.login and /etc/profile

Pradip Gudale

16

Groups…. Each group to have • group name • group ID • list of users that belong to the group

Pradip Gudale

17

groups • Each user can be assigned to two types of groups…. 1 Primary and 16 secondary • Files created by user are assigned GID of the group the user primarily belong to • secondary group not important for files…. It is useful for some applications like admintool which expects user to belong to sysadmin group GID 14 Pradip Gudale

18

Groups • groups command lists all groups user belongs to • primary group of the user can be temporarily changed using newgrp command to any other group user is a member of

Pradip Gudale

19

Management of users and groups • Local system… use admintool with CDE or commands like useradd, groupadd etc • local/remote system… use adminsuite with CDE Add a User Account NIS+ nistbladm  & nisclient NIS useradd & make None useradd Pradip Gudale

20

Where information is stored ? • /etc/passwd and /etc/shadow • username:password:uid:gid:commen t:home­directory:login-shell • e.g. root:x:0:1:Super­ User:/:/sbin/sh rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978 • e.g.

Pradip Gudale

21

PART 1:

Initialization Files

Pradip Gudale

22

Initialization Files example of .profile

PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/c cs/bin:. 1 MAIL=/var/mail/$LOGNAME 2 NNTPSERVER=server1 3 MANPATH=/usr/share/man:/usr/local/man 4 PRINTER=printer1 5 umask 022 6 export PATH MAIL NNTPSERVER MANPATH  PRINTER 7 Pradip Gudale

23

Customization of Environment • Solaris provides template files in /etc/skel • For Bourne Shell /$HOME/.profile • For C Shell /$HOME/.cshrc and /$HOME/.login • For korn Shell .profile and /$HOME/$ENV

Pradip Gudale

24

/etc/skel C Shell /etc/skel/local.login                                   /etc/skel/local.cshrc Bourne or Korn

/etc/skel/local.profile

Pradip Gudale

25

Job control History list No Yes No Yes No

Yes

BOURNE C Shell Korn Shell Yes Yes Yes No Yes Yes Yes Yes Yes

ng No

Yes

Yes

d                                  No             Yes                            No Yes Yes from                                     No Yes Pradip Gudale 26 No Yes No

Shell environment • Environment variables : upper case .. Use setenv command • shell (local) variables : lower case.. Use set command. E.g. user term home and path • C shell setenv VARIABLE value • Bourne or Korn shell VARIABLE=value; export  Pradip Gudale VARIABLE

27

Environment variables • LPDEST Sets the user’s default printer. • MAIL Sets the path to the user’s mailbox. • MANPATH Sets the hierarchies of man pages available. • OPENWINHOME Sets the path to the OpenWindows subsystem. Pradip Gudale

28

Variables… cntd • prompt Defines the shell prompt for the C shell. • PS1 Defines the shell prompt for the Bourne or Korn shell. • SHELL (or shell in • the C shell) • Sets the default shell used by make, vi, and other tools. Pradip Gudale

29

Variables.. cntd • PATH=/usr/bin:/usr/sbin:/opt/SUNWmd/ • CDPATH=/export/home/rajiv • TERM (or term in the C shell) Defines the terminal. This variable should be reset in /etc/profile or /etc/.login. When the user invokes an editor, the system looks for a file with the same name as the definition of this environment variable. Pradip Gudale

30

umask Default permissions given for file  or directory when created, by  subtracting umask value from 666 or  777           file            directory 0         rw­             rwx 1         rw­             rw­ 2         r­­               r­x 3         r­­               r­­ 4        ­w­              ­wx 5        ­w­              ­w­  6        ­­x               ­­x Pradip Gudale 7        ­­­ (none) ­­­ (none)

31

PART 1:

Booting & Run Levels

Pradip Gudale

32

Booting & Shutdown • What’s new in this release ? • What was the method used earlier ? • How do we boot Intel Platform Solaris ?

Pradip Gudale

33

Terminology • init state • run level • Which process helps change run-levels

Pradip Gudale

34

Types of Boot • Interactive • Reconfiguration • Recovery

Pradip Gudale

35

Shutdown commands • init • shutdown Which one is better ? Why ? Can anybody shutdown the system ?

Pradip Gudale

36

When do you need to change run_levels ? • • • • •

Add new h/w backup-restore retune kernel parameters repair system configuration file known power outage

Pradip Gudale

37

Run control How to Determine a System’s Run Level ? How to Use a Run Control Script to Stop or Start a Service ? How to Add a Run Control Script ? How to Disable a Run Control Script ?

Pradip Gudale

38

Current run level ? $ who -r . run­level 3  Sep 1 14:45 3  0  S Since when ?

Number of times at this RL since last boot Pradip Gudale

privious

39

/etc/inittab file Provides three important items to init process The system’s default run level What processes to start, monitor, and restart if they terminate What actions to be taken when the system enters a new run level

Pradip Gudale

40

/etc/inittab entries Each entry in the /etc/inittab file has the following fields:

id:rstate:action:process Unique id Applies to these run levels How the process is to be run

The command to execute

Pradip Gudale

41

/etc/inittab entries ap::sysinit:/sbin/autopush ­f  /etc/iu.ap is:3:initdefault: p3:s1234:powerfail:/usr/sbin/shutdown  ­y ­i5 ­g0 >/dev/msglog  2<>/dev/console sS:s:wait:/sbin/rcS >/dev/msglog  2<>/dev/msglog 
42

What happens when init runs 1. The init process is started and reads the /etc/default/init file to set any environment variables. By default, only the TIMEZONE variable is set. 2. Then init reads the inittab file to do the following: a. Identify the initdefault entry, which defines the default run level (3). b. Execute any process entries that have sysinit in the action field so that any special initializations can take place before users login. c. Execute any process entries that have 3 in the rstate  Pradip Gudalerun level, 3. 43 field, which matches the default

Run control scripts • Each associated with rc.x script in /sbin • there is a corresponding directory /etc/rcx.d which contains [KS] [0-9] [0-9] * scripts for starting or stopping various services • The scripts are kept in /etc/init.d and are linked to files in /etc/rcx.d

Pradip Gudale

44

Sample /etc/rc2.d # ls /etc/rc2.d K07dmi  S70uucp  S75cron  S91afbinit   K07snmpdx S71ldap.client  S75flashprom   S91ifbinit K28nfs.server S71rpc  S75savecore S92volmgt README  S71sysid.sys S76nscd  S93cacheos.finish  S01MOUNTFSYS S72autoinstall  S80PRESERVE   S94ncalogd S05RMTMPFILES  S72inetsvc  S80lp   S95IIim S20sysetup  S72slpd S80spc  S95amiserv   S21perf S73cachefs.daemon  S85power   Pradip Gudale 45 S95ocfserv

Adding scripts How would you add a script to start/stop some service ?

Pradip Gudale

46

Adding scripts….

# cp filename # cp /etc/init.d filename /etc/init.d # chmod 0744 /etc/init.d/filename                # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename                 # chown root:sys /etc/init.d/filename

# cd /etc/init.d # ln filename /etc/rc2.d/Snnfilename # ln filename /etc/rcn.d/Knnfilename Pradip Gudale

47

Summary of rc scripts /sbin/rc0 Performs the following tasks: Stops system services and daemons Terminates all running processes Unmounts all file systems

Pradip Gudale

48

/sbin/rc1 Stops system services and daemons Terminates all running processes Unmounts all file systems Brings the system up in single-user mode

Pradip Gudale

49

/sbin/rc2 Mounts all local file systems Enables disk quotas if at least one file system was mounted with the quota option Saves editor temporary files in /usr/preserve Removes any files in the /tmp directory Configures system accounting Configures default router Sets NIS domain and ifconfig netmask Reboots the system from the installation media or a boot server if either /.PREINSTALL or /AUTOINSTALL exists Starts inetd and rpcbind and named, if appropriate Pradip Gudale

50

/sbin/rc2…… cntd

Starts Kerberos client-side daemon, kerbd Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd), depending on whether the system is configured for NIS or NIS+, and whether the system is a client or a server Starts keyserv, statd, lockd, xntpd, and utmpd Mounts all NFS entries Starts nscd (name service cache daemon) Starts automount, cron, LP print service, sendmail, utmpd, and vold daemons Pradip Gudale

51

/sbin/rc3

bin/rc3 Runs the /etc/rc3.d scripts to perform the following tas Cleans up sharetab Starts nfsd Starts mountd If the system is a boot server, starts rarpd, rpc.bootparamd, and rpld Starts snmpdx (Solstice Enterprise Agents TM process).

Pradip Gudale

52

/sbin/rc5 and /sbin/rc6 /sbin/rc5 and / sbin/rc6 Runs the /etc/rc0.d/K* scripts to perform the following tasks: Kills all active processes Unmounts the file systems

Pradip Gudale

53

/sbin/rcS

Establishes a minimal network Mounts /usr, if necessary Sets the system name Checks the root (/) and /usr file systems Mounts pseudo file systems (/proc and /dev/fd) Rebuilds the device entries for reconfiguration boots Checks and mounts other file systems to be mounted in single-user mode

Pradip Gudale

54

Shutdown commands • • • •

Shutdown init reboot halt

Pradip Gudale

55

PART 1:

Booting of the system & BOOT PROM

Pradip Gudale

56

Prom monitor >n OK

Pradip Gudale

57

Prom monitor How to find PROM version ? How to change boot-device ? How to change boot-files ?

Pradip Gudale

58

Prom monitor : important commands • • • •

printenv setenv probe-scsi-all reset

Pradip Gudale

59

Boot command ok boot [boot-device] [boot-files] [boot options]

-a -s -r ………….Try it out Pradip Gudale

60

Boot over a network • Need to set up a boot server • rarp or dhcp protocols • for dhcp PROM version must be > 3.25 • ok nvalias net /pci@1f,4000/network@1,1:dhc p

Pradip Gudale

61

Stop system for recovery press Stop­a or L1­a. On terminals, press the Break key.

Pradip Gudale

62

Intel Solaris Solaris Boot Diskette Solaris Installation CD

Pradip Gudale

63

Boot process

Pradip Gudale

64

What all does a PROM do ?

Pradip Gudale

65

Boot phases • • • •

Boot prom phase boot program phase kernel initialization phase init phase

Pradip Gudale

66

Boot phases Boot prom :the PROM loads the primary boot program, bootblk bootblk program finds and executes the secondary boot program, ufsboot, and loads it into memory. ufsboot program loads the kernel. kernel initializes itself and begins loading modules kernel unmaps the ufsboot kernel creates a user process and starts the /sbin/init Pradip Gudale

67

PART 1:

Pradip Gudale

68

Volume Management Major Benefits

Pradip Gudale

69

/etc/init.d/volmgt • automatically mounts diskettes and CDs • enables you to access diskettes and CDs without having to become superuser. • allows you to give other systems on the network automatic access to any diskettes and CDs you insert into your Pradip Gudale 70 system

Manual mounting Steps Manual Mounting Automatic Mounting 1 Insert media. 2 Become superuser. 3 Determine the location of the media device. 4 Create a mount point. 5 Make sure you are not in the mount point directory. 6 Mount the device using the proper mount options. 7 Work with files 8 Become Superuser and unmount 9 Eject media Pradip Gudale

71

How to access from FDD/CD enter floppy and run volcheck Files on a diskette or Raw data on a diskette access through /vol/dev/aliases/floppy0 File Systems on floppy

access through /floppy/floppy0

Files on a CD : Enter The CD and wait for a few seconds

access through  /cdrom/cdrom0

Pradip Gudale

72

Files copied from CD Remember…….. Files copied to disk will not have write permissions WHY ?

Pradip Gudale

73

How do you find who are using the CD ? # fuser -u [-k] /cdrom/cdrom0

Pradip Gudale

74

..How do you use CDROM connected to another M/C ? Prerequisite ? CDROM on other M/C must be shared..

Pradip Gudale

75

$ showmount -e system-name export list for systemname: /cdrom/sol_8_sparc  (everyone) Become a superuser # mount -F nfs -o ro system-name:/cdrom/cd-name mountpoint

Pradip Gudale

…….Try this out 76

..How do you make CDROM on your system available to other systems ? Basically…. It-must-be-shared

Pradip Gudale

77

STEPS ….. # mkdir /dummy # vi /etc/dfs/dfstab ( Add the following line:) share -F nfs -o ro /dummy # eject cdrom0 # chmod 644 /etc/rmmount.conf # vi /etc/rmmount ( Add the following line to the File  System Sharing section:) share cdrom* # chmod 444 /etc/rmmount.conf ( Load a CD.) # share Pradip Gudale

78

Configure a System to Play Musical CDs Edit /etc/rmmount.conf and add action line # Actions action cdrom action_workman.so path/workman  Workman-options path The dir in which you have placed the Workman S/W workman-options The options allowed by the Workman S/W Pradip Gudale

79

“start and stop volume management” # /etc/init.d/volmgt start # /etc/init.d/volmgt stop

Pradip Gudale

80

Formatting floppies ...tasks • • • •

Load unformatted diskette Format diskette for dos Format diskette for ufs make ufs FS

Pradip Gudale

…...Try this out81

Known restriction.. Diskettes formatted for UFS are restricted to the hardware platform on which they were formatted. In other words, a UFS diskette formatted on a SPARC based platform cannot be used for UFS on an IA platform, nor can a diskette formatted on an IA platform be used on a SPARC based platform. This is because the SPARC and IA UFS formats are different. SPARC uses little-endian bit coding, IA uses big-endian. Pradip Gudale

82

Can format to 7 densities • 3.5” Extended • 5.25” High Density Density 2.88 Mbytes (HD) 1.2 Mbytes • 3.5” High Density • 5.25” Medium (HD) 1.44 Mbytes Density (DD) 720 Kbytes • 3.5” Medium Density • 5.25” Low Density (DD) 1.2 Mbytes 360 Kbytes • 3.5” Low Density 720 Kbytes Pradip Gudale

83

Formatting defaults... • the diskette drive formats a diskette to a like density unless instructed otherwise • a diskette can be formatted to its capacity or lower • a drive can format to its capacity or lower

Pradip Gudale

84

Use fdformat command with density option…. To Format a diskette as

In A Drive of

2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 720 Kbytes 1.2 Mbytes 720 Kbytes 720 Kbytes 360 Kbytes

2.88 Mbytes 2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 1.2 Mbytes 720 Kbytes Pradip Gudale 720 Kbytes

fdformat Density option −E −H none −t nec −M −D or −t dos −D none −D none 85 −D

fdformat • fdformat -z to view options • start fdformat w/o density option to find out drive’s default density

Pradip Gudale

86

Formatting for ufs FS $ fdformat -v -U [density-options convenience-options]

verify

e.g. -D 720KB -e eject -f force ..no questions

Unmount if mounted

-b label Pradip Gudale

-z just show options

87

How to Place a UFS File System on a Diskette ? Command to create FS

/usr/sbin/newfs

options to this command

Where to make FS Type of FS ufs taken as default Pradip Gudale

88

Creating FS

 /usr/sbin/newfs -v /vol/dev/aliases/floppy0

Displays status

Pradip Gudale

89

Auto mounting Invoke the volrmmount command using the −i  option to notify Volume Management that the diskette is inserted.

$ volrmmount -i floppy0 Use

#ls /floppy

to confirm mounted ufs FS

Pradip Gudale

90

Formatting for DOS $ fdformat -v -U [density-options convenienceoptions]

-d 1.44MB for MS-DOS -d -D 720KB for MS-DOS

Pradip Gudale

91

Things to remember • volcheck -v command to notify volume management • floppy0 is symbolic link to floppy name • if nothing is found under /floppy it means floppy not mounted or not formatted • /floppy is same as /vol/dev/diskette0 • fuser -u [-k] floppy0 to find user and [kill] • if formatted but without name system refers to it as unnamed_floppy Pradip Gudale 92 • # ls /floppy/floppy0 to see 

How to use floppy put in another M/C’s floppy drive ? Same as CDROM …… except…... Add the following lines to /etc/rmmount.conf on a system where floppy drive is  connected and to be shared # File System Sharing

share floppy*

Pradip Gudale

93

How Volume Management works?

Pradip Gudale

94

Volume management • All removable media made available under /vol/dev /vol/dev

Drive ---

rdiskette0

diskette0

Pradip Gudale

95

Volume management

/vol/dev

Drive ---

rdiskette0

diskette0

Diskette name

Diskette name Pradip Gudale

96

CDROMs /vol/dev

dsk c0t6

rdsk c0t6

cdrom drive

Pradip Gudale

97

CDROMs /vol/dev

dsk c0t6

rdsk c0t6

cdrom drive

cd name

Pradip Gudale cd name

98

To make access more convenient, Volume Management uses two special mount points, /floppy and /cdrom.

/

floppy

cdrom

Volume Management mounts the /vol/dev/diskette0 and /vol/dev/dsk/c0t6 directories onto /floppy and Pradip Gudale /cdrom

99

Convenient mount points /floppy and /cdrom However, these mount points depend on proper formatting. If a diskette is formatted, the mount succeeds, but if it is unformatted, the mount fails and the diskette is only available under

/vol/dev/diskette0.

Pradip Gudale

100

Additional convenience symbolic links /floppy/floppy0 ­­> /floppy/name ­­>  /vol/dev/diskette0/name /cdrom/cdrom0 ­­> /cdrom/cd-name ­­>  /vol/dev/dsk/c0t6d0/cd-name The symbolic links for file system access simply link the directories /floppy/floppy0 and /cdrom/cdrom0 to the diskette inserted into the first diskette drive and the CD inserted into the first CD-ROM drive: Pradip Gudale

101

What’s the advantage of symbolic links ? enable you to access floppies and CDs without knowing their names. You can use the link names, floppy0 or cdrom0, instead.

Pradip Gudale

102

Symbolic links for raw device access /vol/dev/aliases/floppy0 ­­>  /vol/dev/rdiskette0/diskette-name /vol/dev/aliases/cdrom0 ­­>  /vol/dev/rdsk/c0t6d0/cd-name

Pradip Gudale

103

Purpose of symbolic links to enable you to access a raw-character diskette or CD without knowing its name use /vol/dev/aliases/floppy0 or  /vol/dev/aliases/cdrom0 link names.

Pradip Gudale

104

compatibilities • Ufs : not compatible between Sparc and Intel • CDROM : HSFS type; No issues

Pradip Gudale

105

installation CDs, contain mixed formats; that is, part UFS, and part ISO 9660 standard the CD is split into slices 9660 portion : portable UFS portion : architecture-specific ISO 9660 UFS : Sparc UFS : Intel Pradip Gudale

106

Volume Management ignores un-related formats on CDs and mounts appropriate slice

Pradip Gudale

107

CD slices appear as…. $ ls /cdrom/cdrom0 S0 S2 $ ls /vol/dev/dsk/c0t6 S0 S2

Pradip Gudale

108

PART 1:

SOFTWARE ADMINISTRATION

Pradip Gudale

109

S/W administration • • • •

Adding and Removing S/W Checking Consistemncy understanding S/W packages Adding and removing patches

Pradip Gudale

110

What is a S/W Package ? Sun and other vendors distribute S/W in the form of Package package is a collection of files and directories in a defined format.

Pradip Gudale

111

Package Admin Commands Solaris provides utilities to understand the package format and istall, Remove and check packages pkgadd, pkgrm and pkgcheck Pradip Gudale

112

Admintool to manage S/W Add packages to a spool directory : Not possible Eliminate user interaction by using an administration file : Not possible

Pradip Gudale

113

S/W PACKAGE S/w files

Control files

Pkgadd interpretes

Pkadd uncompresses and installs in base directory Keeps track of what is installed

Pradip Gudale

114

#Pkgrm pkgname Removes all files for that package unless they are shared with another package

Pradip Gudale

115

Things to know…. How packages are named ? ….. SUNWutr, SUNWvolr How to see what are installed ? ….. Pkginfo / admintool How to install S/W for clients ? ….. Some part on server some on client Pradip Gudale

116

client-server scenario a piece of software might have a package with files that are installed on the client’s root file system and a package with files that are installed on the /usr file system, which the client typically mounts from a server.

Pradip Gudale

117

administration file Comes into play with -a option to pkgadd # pkgadd -a filename pkgname Looks for admin file in current dir OR in /var/sadm/install/admin Pradip Gudale

118

Uses of admin file... manipulate the base directory by setting the basedir keyword in a special file called an administration file. basedir=/usr/v5/sbin Avoid user interaction while adding or removing packages Quit installation if error encountered ……...etc.

Pradip Gudale

119

Response file…. Using a Response File A response file contains your answers to specific questions asked by an interactive package. An interactive package includes a request script that asks you questions prior to package installation, such as whether or not optional pieces of the package should be installed.

Pradip Gudale

120

Response file Use pkgask command to store your replies and use it as… pkgadd -r response-file …. To avoid user interaction Pradip Gudale

121

commands # pkgadd -a admin-file -d device-name pkgid ...

Default… /var/spool/pkg

Pradip Gudale

122

commands Verification of installed package... # pkgchk -v pkgid If pkgchk  determines there are no errors, it returns a list of installed files. Otherwise, it reports the error. Pradip Gudale

123

What do you understand from this.. # mount -F nfs -o ro package-server:/latestpackages /mnt # pkgadd -d /mnt SUNWaudio .

Pradip Gudale

124

..and what do you think is this ? # pkgadd -d /cdrom/sol_8_sparc/s0/Solaris_8/Product -s /var/spool/pkg SUNWaudio

Pradip Gudale

125

Is this command OK ? # pkgadd SUNWman

Pradip Gudale

126

pkginfo Tells what packages are installed on the system $ pkginfo system    SUNWaccr      System  Accounting, (Root) system    SUNWaccu     System Accounting,  (Usr) system    SUNWadmap  System  administration applications system    SUNWadmc    System  Pradip Gudale 127 administration core libraries

Integrity of installed packages # pkgchk -dspooldir pkgid ... # pkgchk [ -a -c -v ]    pkgid ... attributes

Default: both a & c

contents Pradip Gudale

128

$ pkginfo -l SUNWcar PKGINST: SUNWcar NAME: Core Architecture, (Root) CATEGORY: system ARCH: sparc.sun4u VERSION: 11.8.0,REV=1999.09.18.11.52 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: core software for a specific hardware  platform group PSTAMP: humbolt19990821191439 INSTDATE: Sep 18 1999 11:53 HOTLINE: Please contact your local service  provider STATUS: completely installed FILES: 95 installed pathnames 31 shared pathnames Pradip Gudale 129 35 directories

Removal of packages Always use #pkgrm [-s spooldir] pkgid Do not use “rm” to remove package files….. WHY ? Pradip Gudale

130

“Removal of packages” Can be done through admintool What is the prerequisite ? Be either super-user or member of sysadm group Pradip Gudale

131

patches • • • • •

What are they ? How are they distributed ? How are they numbered ? What happens when you install patches ? What happens when you remove patches ?

Pradip Gudale

132

What is a patch ? collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package

Pradip Gudale

133

Knowing what are applied # showrev -p # patchadd -p # pkgparam pkgid PATCHLIST # pkgparam pkgid PATCH_INFO_patchnumber Tells inst date and host from where applied Pradip Gudale

134

Patch distribution via www OR anonymous ftp http://www.sun.com For contract customers : Full sunsolve database and periodical CDs For others: general set of patches Pradip Gudale

135

ftp sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina).

Login as anonymous password as complete e-mail address pick­up patches from  /pubs/patches directory. Transfer mode : Pradip Gudale binary

136

Patch numbering 106925–02 Patch base code hyphen Patch revision Pradip Gudale

137

What happens when you install a patch ? • patchadd calls pkgadd • checks version of target system • updates patch packages pkginfo file with what are the patches getting obsoleted by this, what are other required patches by this and patches incompatible with this etc. • patch installation log is kept in /var/sadm/patch/patch138 number/log Pradip Gudale

Patch not installed if…... * The package is not fully installed on the host * The patch packages architecture differs from the system’s architecture *The patch packages version does not match the installed package’s version *There is already an installed patch with the same base code and a higher version number * The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file) * The patch being installed requires another patch that is not installed Pradip Gudale

139

Patch removal Means… backing out a patch All files modified by patch are restored back to original

Pradip Gudale

140

patchrm restores old files unless…. * The patch was installed with patchadd ­d (which instructs patchadd not to save copies of files being updated or replaced) * The patch has been obsoleted by a later patch * The patch is required by another patch patchrm keeps a log of the back out process in /tmp/backoutlog.process_id. This log file is removed if the patch backs Pradip out Gudale

141

PART 1:

DISK MANAGEMENT

Pradip Gudale

142

Disk geometry • • • • • • •

Bits and bytes Sectors Tracks Cylinders Heads Disk Controller Device drivers Pradip Gudale

143

……….more • • • •

Disk slices Disk Labels Cylinder Groups File Systems

Pradip Gudale

144

FS characteristics • Files are stored in FS • Each FS is assigned one slice i.e FS can not span multiple slices • In one slice only one FS can be go • To the OS each slice appears as independent disk • FS is a fully functional independent unit Pradip Gudale

145

Disk slices / partitions SPARC Platforms

IA Platforms

Whole disk given to the operating environment

FDISK partitioned Only one given to OE

8 slices maximum

one partition: 10 slices

slices are 0-7

slices are 0-9

Pradip Gudale

146

What gets stored ..where ? • • • • • • • •

Slice 0 : root--OS files and directories 1: Swap--workspace 2: Overlap 3: /export--diff arch os files for clients 4: /export/swap--swap for clients 5: /opt--applications added 6: /usr-- executables and library routines Pradip Gudale 7: /home or /export/home--user’s stuff

147

Intel specific…. • Slice 8: info that helps Solaris to boot from Hard Disk. Resides at the beginning of disk • Slice 9: alternate blocks for assignment in lieu of bad blocks

Pradip Gudale

148

Note on usage Do not use the following areas of the disk for raw data slices, which are sometimes created by thirdparty database applications: 1. Block 0, cylinder 0, where the disk label is stored. 2. Avoid cylinder 0 entirely for improved performance. 3. Slice 2, which represents the entire disk. A slice cannot be split between two or more disks. However, multiple swap slices on separate disks are allowed. Pradip Gudale 149

PART 1:

format utility

Pradip Gudale

150

format • • • •

Menu driven built-in utility For preparing hard disks for use does more than mere formatting disks Not for floppies, cdroms and mag tapes

Pradip Gudale

151

What all can “format” do ? • • • • • •

Search all connected devices and display display partition information modify partitions information label the disk analyze and repair the disk low level format the disk Pradip Gudale

152

Most common usage.. • Partition • label

Formatting is destructive process…. helps preparing unfromatted disk helps gather bad areas information Pradip Gudale

153

Disk Label

VTOC

Cylinder 0 Block 0 Sector 0

controller

geometry

Pradip Gudale

Partition tabel or slices 154

Partition tabel • Number : 0 to 7 • tag : 0=UNASSIGNED 1=BOOT 2=ROOT  3=SWAP  4=USR5=BACKUP  7=VAR 8=HOME  numeric value that usually describes the file system mounted on this partition.

• flags : wm The partition is writable and mountable wu writable & unmountable -- swap rm read only & mountable

Pradip Gudale

155

Example partition table Total disk cylinders available: 2036 + 2  (reserved cylinders) Part  Tag           Flag    Cylinders     Size Blocks 0     root            wm       0 ­ 300      148.15MB (301/0/0) 303408 1     swap           wu    301 ­ 524     110.25MB (224/0/0) 225792 2     backup       wm     0 ­ 2035   1002.9MB (2036/0/0) 2052288 3     unassigned wm       0                 Pradip Gudale 156     0         (0/0/0)         0 sectors

# prtvtoc /dev/rdsk/c0t1d0s0 * /dev/rdsk/c0t1d0s0 partition map * Dimensions: * 512 bytes/sector * 72 sectors/track * 14 tracks/cylinder * 1008 sectors/cylinder * 2038 cylinders * 2036 accessible cylinders * Flags: * 1: unmountable * 10: read­only *                                 First       Sector    Last * Partition Tag Flags Sector   Count     Sector  Mount Directory Pradip Gudale 157 0                 2     00       0       

Formatting a disk Easiest way is to use “modify” option under format..partition

…try out extensively Pradip Gudale

158

Recovering the disk • • • •

Recover disk geometry i.e. label restore root FS if it is a boot disk restore usr FS if it is a boot disk ……..Then what ? Will it boot ?

Pradip Gudale

159

Put a boot block on the disk For Sparc: # installboot /usr/platform/sun4m/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0 `Uname -I`

For Intel:

# installboot /usr/platform/i86pc/lib/fs/ufs/pboot /usr/platform/i86pc/lib/fs/ufs/bootblk /dev/rdsk/c0t6d0s2 Pradip Gudale

160

Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.

Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup

Pradip Gudale

161

Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.

Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup

Pradip Gudale

162

Support for third party disks supply either a device driver, a format.dat entry, or both of these. Unrecognized disks cannot be formatted without precise information about the disk’s geometry and operating parameters. This information is supplied in the /etc/format.dat file.

Pradip Gudale

163

Disk parameters example.. disk_type = "SUN2.1G" \ : ctlr = SCSI : fmt_time = 4 \ : ncyl = 2733 : acyl = 2 : pcyl = 3500 :  nhead = 19 : nsect = 80 \ : rpm = 5400 : bpt = 44823 No of physical cyl No of alternate cyl

Pradip Gudale

Data sec per track

164

Specifying block nos to format command... * Block number as an integer OR *Block number in the cylinder/head/sector format Enter defective block number: 12345 Enter defective block number: 34/2/3

Pradip Gudale

165

Thumb rules for slice sizes Disk Size

Root File System

0 - 180 Mbytes 16 Mbytes 180 Mb - 280 Mb 16 Mbytes 280 Mb - 380 Mb 24 Mbytes 380 Mb - 600 Mb 32 Mbytes 600 Mb - 1.0 Gb 32 Mbytes 1.0 Gb - 2.0 Gb 64 Mbytes More than 2.0 Gb 128 Mbytes Pradip Gudale

Swap Slice 16 Mbytes 32 Mbytes 32 Mbytes 32 Mbytes 64 Mbytes 128 Mbytes 128 Mbytes 166

Analyze and repair a disk # format format> analyze analyze> setup

.. Select parameters Starting block loop Stop on first error Assign alternate block

format> repair

Pradip Gudale

167

tips and tricks Invoke format ­M to enable extended and diagnostic messages for using the format  utility with SCSI devices only.

For labeling multiple disks with same partition table... # for i in 1 2 3 5 > do > prtvtoc /dev/rdsk/c2t0d0s0 | fmthard -s /dev/rdsk/c2t${i}d0s2 > done Pradip Gudale

168

FORMAT MENU: disk ­ select a disk type ­ select (define) a disk type partition ­ select (define) a partition table current ­ describe the current disk format ­ format and analyze the disk repair ­ repair a defective sector label ­ write label to the disk analyze ­ surface analysis defect ­ defect list management backup ­ search for backup labels verify ­ read and display labels save ­ save new disk/partition definitions inquiry ­ show vendor, product and revision volname ­ set 8­character volume name quit Pradip Gudale 169

PART 1:

INTRODUCTION TO FILE SYSTEM AND ITS MANAGEMENT

Pradip Gudale

170

Overview of FS • It’s a collection of files & directories • structure in the form of file tree • data structure of a disk slice

Pradip Gudale

171

Types of FS • • • •

Disk based Network based vertual FS Solaris provides virtual file system architecture……This ficilitates standard interface to any type of FS

Pradip Gudale

172

Disk based FS ufs

hsfs

Default

ISO9660

based on BSD fast FS

on CDROm

pcfs Read/wr of dos formatted disks

udfs On optical media DVD

read only

Pradip Gudale

173

Network-based FS Typically, network-based file systems reside on one system, typically a server, and are accessed by other systems across the network.

NFS is the only available network-based or distributed computing file system.

Pradip Gudale

174

Virtual FS Memory based most of them do not use disk space cachefs and tmpfs do Pradip Gudale

175

cachefs Think about What is cache ? When is that used ?

Pradip Gudale

176

TMPFS Default FS for /tmp dir use swap space as backup disk space *The TMPFS file system can run out of space, just as a regular file system can fill up. * Because TMPFS allocates swap space to save file data (if necessary), some programs might not execute because there is not enough swap space. Pradip Gudale

177

Loop back FS The Loopback File System (LOFS) lets you create a new virtual file system, so you can access files by using an alternative path name.

e.g. create / FS under /tmp/newroot Pradip Gudale

178

procfs • Resides in memory • contains list of active processes by process number • commands like ps use it • do not administer or remove files from this

Pradip Gudale

179

Few other virtual FS FIFOFS (first-in first-out): Named pipe files that give processes common access to data FDFS (file descriptors): Provides explicit names for opening files using file descriptors NAMEFS: Used mostly by STREAMS for dynamic mounts of file descriptors on top of files SPECFS (special): Provides access to character special and block devices SWAPFS: File system used by the kernel for swapping Pradip Gudale

180

FS related commands df

fsck

volcopy labelit

ff

clri Clear inodes

mount newfs

ncheck

fstyp

Lists file names with inode nos

Gudale List filePradip names with statistics

181

How commands decide FS type • -F option • match in vfstab entry • look in /etc/default/fs and /etc/fs/fstypes entries for local and remote FSs Note: # man mount # man mount_ufs Pradip Gudale

182

Default solaris FSs • root /: essential files to make system work; boot programs, kernel, device drivers, mount points • /usr: sharable files, library programs, those that run on specific platform • /export/home: user’s home directories • /var: changing/growing files, vi & ex backup, log files • /opt: third party application s/w Pradip Gudale 183

DEFAULT DIRECTORIES UNDER /DEV

/dev/cfg    Symbolic links to physical ap_ids /dev/cua    Device files for uucp /dev/dsk    Block disk devices /dev/fbs    Frame buffer device files /dev/md    Logical volume management meta-disk devices /dev/fd     File descriptors /dev/pts    pty slave devices /dev/rdsk  Raw disk devices /dev/rmt  Raw tape devices /dev/sad   Entry points for the STREAMS Administrative Dri /dev/sound Audio device and audio device control files /dev/swap  Default swap device /dev/term  Serial devices Pradip Gudale

184

Default directory under /etc /etc     Host-specific sys admin config files & databases /etc/acct     Accounting configuration information /etc/cron.d   Configuration information for cron /etc/default  Defaults information for various programs /etc/dmi       Solstice Enterprise Agents /etc/dhcp    DHCP config files configuration files /etc/fn      Federated Naming Service and x.500 /etc/dfs       Config information for shared file support files systems /etc/fs       Binaries organized byFS types for operations required before /usr is mounted /etc/gss    Generic Security Service (GSS) Appl Program Pradip Gudale 185 Interface configuration files /etc/inet    Configuration files for Internet services

/etc/init.d  Scripts for changing between run levels /etc/lib             Dynamic linking libraries needed when /usr is not available /etc/llc2           Logical link control (llc2) driver configuration files /etc/lp              Configuration information for the printer subsystem /etc/mail          Mail subsystem configuration information /etc/net             Configuration information for TI (transportindependent) network services /etc/nfs            NFS server logging configuration file /etc/openwin   OpenWindows configuration files /etc/opt           Configuration information for optional packages /etc/rc0.d        Scripts for entering/leaving run 186 level Pradip Gudale 0

/etc/rcS.d   Scripts for bringing the system up in single user mode /etc/rpcsec This directory may contain a NIS+ authentication configuration file /etc/saf       Service access facility files (including FIFOs) /etc/security   Basic Security Module (BSM) configuration files /etc/skel         Default profile scripts for new user accounts /etc/tm           Trademark files; contents displayed at boot time /etc/uucp       uucp configuration information 187 Pradip Gudale

/export Default directory for users’ home directories, client file systems, or other shared file systems /home Default directory or mount point for a user’s home directory on a standalone system. When AutoFS is running, you cannot create any new entries in this directory. /kernel Directory of platform-independent loadable kernel modules required as part of the boot process. It includes the generic part of the core kernel that is platform independent, /kernel/genunix. /platform and /usr/platform directory structure. /mnt Convenient, temporary mount point for file systems /opt Default directory or mount point for add-on application packages /sbin Essential executables used in the booting process and in manual system failure recovery /stand Standalone programs Pradip Gudale 188 /tmp Temporary files; cleared during boot sequence

/var           Directory for varying files, which usually inclu temporary, logging, or status files /var/adm  System logging and accounting files /var/audit  Basic Security Module (BSM) audit files /var/crash  Default depository for kernel crash dumps /var/cron   cron’s log file /var/dmi   Solstice Enterprise Agents Desktop Management Interface (DMI) run time components /var/dt      dtlogin configuration files /var/ftp     FTP server directory /var/inet    IPv6 router state files /var/log     System log files /var/lp      Line printer subsystem logging information /var/mail  Directory where users’ mail is kept /var/news  Community service messages (note: not the same USENET-style news) /var/nis     NIS+ databases Pradip Gudale 189

/var/nfs    NFS server log files /var/ntp   Network Time Protocol (NTP) server state directo /var/opt   Root of a subtree for varying files associated with software packages /var/preserve  Backup files for vi and ex /var/run          Temporary system files that are not needed across system reboots. This is a TMPFSmounted directory. /var/sadm       Databases maintained by the software package management utilities /var/saf           saf (service access facility) logging and accounting files /var/spool       Directories for spooled temporary files /var/spool/cron     cron and at spool files Pradip Gudale lock files 190 /var/spool/locks     pooling

/var/spool/lp                 Line printer spool files /var/spool/mqueue      Mail queued for delivery /var/spool/pkg             Spooled packages /var/spool/uucp           Queued uucp jobs /var/spool/uucppublic Files deposited by uucp /var/statmon                Network status monitor files /var/tmp                       Directory for temporary files; not cleared during boot sequence /var/uucp uucp            log and status files /var/yp                         NIS databases (for backwards compatibility with NIS and unnecessary after full transition Pradip Gudale 191 to NIS+)

/usr 4lib     SunOS 4.1 binary compatibility package libraries 5bin    Symbolic link to the /usr/bin directory X        Symbolic link to the /usr/openwin directory adm   Symbolic link to the /var/adm directory aset    Directory for Automated Security Enhancement Tools (ASET) programs and files bin      Location for standard system commands ccs      C compilation programs and libraries demo  Demo programs and data dict     Symbolic link to the /usr/share/lib/dict directo which contains the dictionary file used by the UNIX spell program dt        Directory or mount point for CDE software games An empty directory, which is a remnant of the SunOS 4. 4.1 software Pradip Gudale

192

Under /usr

include   Header files (for C programs, etc.) java* Directories containing Java prog and libraries kernel    Additional kernel modules kvm        Implementation architecture-specific binaries and libraries lib          Various program libraries, architecturedependent databases, and binaries not invoked directly by the user local      Commands local to a site mail       Symbolic the /var/mail directory man     Symbolic link tolink the to /usr/share/man directory

net       Directory for network listener services news    Symbolic link to the /var/news directory oasys    Files pertaining to the Form and Menu Language Pradip Gudale 193 Interpreter (FMLI) execution environment

old          Programs that are being phased out openwin Directory or mount point for OpenWindows S/W perl5       Perl 5 programs and documentation platform  preserve Symbolic link to the /var/preserve directory proc       Directory for the proc tools pub        Files for online man page and character processing sadm     Various files and directories related to sys admin sbin       Executables for system administration sbin/static   Statically linked version of selected programs from /usr/bin and /usr/sbin share         Architecture-independent sharable files share/lib   Architecture-independent databases share/src  Source code for kernel, libraries, and utilities Gudale 194 snadm      Programs andPradip libraries related to system and

Under /usr spool           Symbolic link to the /var/spool  directory src               Symbolic link to the share/src  directory tmp             Symbolic link to the var/tmp  directory ucb              Berkeley compatibility package binaries ucbinclude Berkeley compatibility package header files ucblib         Berkeley compatibility package libraries vmsys         Directory Framed Access Pradipfor Gudale 195 Command Environment (FACE)

/platform & /usr/platform Dir /platform                    Contains a series of directories, one per supported platform that need to reside in the root (/) file system. /platform/*/kernel    Contains platform-dependent kernel components, including the file unix, the core kernel that is /usr/platform             Contains platformplatform dependent. dependent objects that do not need to reside in the root (/). /usr/platform/*/lib    Contains platform-dependent objects similar to those found in the /usr/lib /platform/*/sbin        Contains Pradip Gudale 196 platform-dependent objects similar

/var/run in Solaris 8 Temporary MEMORY based FS for systems files not required across boot /tmp continues to be temporary FS for non-system files Pradip Gudale

197

New in Sol 8 /etc/mnttab now MNTFS read only. Sync guarunteed. Earlier it was text-based and modifiable. Likely out of sync. Pradip Gudale

198

New in Sol 8 The Solaris 7 11/99 or the Solaris 8 release UDF FS the industry-standard format for storing information on the optical media technology called DVD (Digital Versatile Disc or Digital Video Disc) is included in this Solaris release.

Dynamically loadable modules

SUNWudfr — 32–bit kernel component SUNWudfrx — 64–bit kernel component Pradip Gudale

199

udf FS management Display FS parameters # mkfs -F udfs -m /dev/rdsk/device-name

Create UDF FS # mkfs -F udfs /dev/rdsk/device-name

Check it is UDF type .. # fstyp -v /rdev/dsk/device-name

Check its integrity.. # fsck -F udfs /dev/rdsk/device-name Mount .. Pradip Gudale

# mount -F udfs /dev/dsk/device-name /mount-

200

swap • Some disk slices used as swap instead of FS • used as virtual memory • plan how much swap space to allocate

Pradip Gudale

201

ufs FS features • State flags:Show the state of the file system: clean, stable, active, logging, or unknown. These flags eliminate unnecessary file system checks. If the file system is “clean,” “stable,” or “logging,” file system checks are not run.

• Large FS: Upto 1TB. How do you get this big slice ?

• Large Files: By default > 2Gb. How to make it < 2GB ? …. Use “nolargefiles” option

Pradip Gudale

202

What is ufs logging ? UFS logging is the process of storing transactions (changes that make up a complete UFS operation) in a log before the transactions are applied to the UFS file system.

Transcations can be applied later Like journalling in IBM Pradip Gudale

203

Advantages of ufs logging • Inconsistent transactions discarded; only complete transactions applied ensuring consistent FS and hence no fsck required at reboot • reboot is very fast; very useful on large FS Logging is not by default enable it using -o logging Pradip Gudale option to mount 204

Planing ufs FS • Distribute I/O load. /export/home and swap across disks • keep it logical.. Put all project or group files into one FS • have root, usr and swap on system disk • make no more than 2 or 3 FS on others. Make them roomier. (Less fragmentation and easy to backup) Pradip Gudale

205

PART 1:

MOUNTING FS

Pradip Gudale

206

mounting • root always mounted at boot time • others mounted and unmounted as required • you need a mount point

Pradip Gudale

207

Root /

/opt

usr

Mount point Unbundled

File system

app1 file1 file2

Pradip Gudale

208

mnttab and vfstab • Reside under /etc • mnttab tells what is mounted • vfstab specifies what is to be mounted, where and required parameters to do that

Pradip Gudale

209

Example mnttab $ more /etc/mnttab /dev/dsk/c0t0d0s0 / ufs  rw,intr,largefiles,onerror=panic,suid,de v=2200000 938557523 /proc /proc proc dev=3180000 938557522 fd /dev/fd fd rw,suid,dev=3240000  938557524 mnttab /etc/mnttab mntfs dev=3340000  938557526 swap /var/run tmpfs dev=1 938557526 swap /tmp tmpfs dev=2 938557529 Pradip Gudale 210 /dev/dsk/c0t0d0s7 /export/home ufs 

Example vfstab $ more /etc/vfstab #device            device     mount  FS       fsck  mount  mount #to mount        to fsck     point     type    pass at boot options /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 /  ufs 1   no         ­ /proc                    ­           /proc    proc      ­        no          ­ /dev/dsk/c0t0d0s1 ­            ­        Pradip Gudale 211 swap     ­        no         ­

NFS features • File resource on server and others share it; server maintains list of shared resources • actual loaction of resource irrelevant to user • commonly used sharable s/w is accessed through nfs e.g. man files • upgradation/change to resource can be easily managed Pradip Gudale

212

autofs mounting for NFS • • • • • • •

Client side service in NFS resource gets mounted when you access it remains mounted as long as you are in it gets unmounted when not used for ... Time boot time saved user need not know root passwd to mount n/w trafic reduced Pradip Gudale

213

autofs serviced by... • Autofs service … automountd • can specify alternate server to mount same FS • can use NIS, NIS+ or files • /home is usually auto-mounted

Pradip Gudale

214

cachefs • • • • • • •

Want to improve performance of NFS ?… It is a layered FS One FS is mounted on another It’s a caching mechanism. Good for PPP. reduces server and network load. client per server ratio goes up combine autofs and cachefs to improve scalability & performance Pradip Gudale

215

Creating file systems • Need to create if you add a new disk, change partiotion structure, restore full from tapes • need contiguous formatted cylinders • use newfs device-name (front-end of mkfs)

Pradip Gudale

216

newfs # newfs [-N][-b size][-i bytes]  /dev/rdsk/device-name Tells parameters that would get passed to mkfs without actually creating FS

Block size

Pradip Gudale

No of bytes per inode

217

*Creating tmpfs FS Do not use newfs …. # mount -F tmpfs [-o size=number ] swap mount-point

Note: creating multiple tmpfs has no benefit… why ? How will you create tmpfs at boot time ? Swap   ­    /export/test tmpfs   ­  Pradip Gudale   yes    ­

218

Creating loop back FS Do not use newfs # mount -F lofs loopback-directory mountpoint

How to make it at boot time ? /    ­     /tmp/newroot   lofs     ­     yes    ­Pradip Gudale

219

MOUNTING FILE SYSTEMS

Pradip Gudale

220

mounting • mount, mountall [-l|-r]commands • Inconsistent FS are not mounted • common options are:

Pradip Gudale

221

Mount options.. -o bg | fg   NFS first attempt fails, retries in the background (bg) or in the foreground (fg). hard | soft   NFS Specifies the procedure if the server does not respond. soft indicates that an error is returned. hard indicates that the retry request is continued until the server responds. The default is hard. intr | nointr NFS Specifies whether keyboard interrupts are delivered to a process that is hung while Gudale 222 waiting forPradip a response on a hard-mounted file system. The default is intr

Mount options.. -o For ufs -o logging

Log space used from FS; 1MB per 1GB; max 64MB

default nologging

-o nolargefiles default largefiles -o noatime

default atime

Pradip Gudale

223

-o options …. cntd Remount     All Changes the mount options associated with an already-mounted file system. This option can be used with any option except ro, retry=n NFS Retries the mount operation when it fails. n ro | rw         All      Specifies read/write or read-only. The default is read/write. The default option for HSFS is ro. suid | nosuid  All  Allows or disallows setuid  execution. The default is to allow setuid execution. Pradip Gudale 224

Entries in vfstab • Dev to mount : block dev, resource name or /proc for proc FS type • dev to fsck : raw device • mount point : directory • FS-type : type of file system • fsck pass: “-” not checked; “0” ufs not checked; “1” checked one at a time; ”>1” and -o preen then checked parallely Pradip Gudale

225

Entries in vfstab …. cntd • Mount at boot : yes/no specifies whether to mount at boot; “no” for /, /usr,/var,/proc and /dev/fd. These get mounted by other method and not by mountall command • mount options: “-” or comma separated list

Pradip Gudale

226

Remounting without large files option When you mount a file system, the largefiles option is selected by default, which enables you to create files larger than 2 Gbytes. Once a file system contains large files, you cannot remount the file system with the nolargefiles  option or mount it on a system running Solaris 2.6 or compatible versions, until you remove any large files and run fsck to reset the state to nolargefiles.

Pradip Gudale

227

How do you find files > 2GB ? # cd mount-point # find . -xdev -size +20000000 -exec ls -l {} \;

Pradip Gudale

228

Mounting NFS File System # mount -F nfs [-o mount-options] server:/directory mount-pt

Pradip Gudale

229

Mounting pcfs (DOS) FS # mount -F pcfs [-o rw | ro] /dev/dsk/devicename:logical-drive mount-point

Dos logical drive letter or number c to z or 1 to 24

Device name of whole disk /dev/dsk/c0t0d0p0

c or 1 : primary DOS slice rest : extended DOS slice Pradip Gudale

230

unmounting FS • • • •

umount or umountall you must be superuser FS must be available for unmounting FS must not be busy or in use : Changing to a directory in a different file system. Logging out of the system. Using the fuser command to list all processes accessing the file system and to stop them if necessary. # fuser -c [-u] [-k] mount-point Unsharing the file system Pradip Gudale

231

PART 1:

File System structure

Pradip Gudale

232

File system Disk Disk slice Cylinder groups

Pradip Gudale

Addressable blocks UFS has 4 types 233

Ufs blocks • Boot block : info for booting; only in first cylinder group;cyl 0; 8k size • super block : info on file system • inodes : info on file • data block : data inside the file

Pradip Gudale

234

superblock Replicated in each cylinder group * Size and status of the file system * Label (file system name and volume name) * Size of the file system logical block * Date and time of the last update * Cylinder group size * Number of data blocks in a cylinder group * Summary data block * File system state: clean, stable, or active * Path name of the last mount point A summary information block is kept with the superblock. Pradipchanges Gudale It is not replicated. Records as FS is used. 235

inode Keeps all info on file except its name. 128 Bytes The type of the file (regular.dir,char, block,link,fifo,socket) The mode of the file (the set of read-write-execute permissions) The number of hard links to the file The user ID of the owner of the file The group ID to which the file belongs The number of bytes in the file An array of 15 disk-block addresses The date and time the file was last accessed The date and time the file was last modified The date and time the file was created Array of 15 addresses Pradip Gudale 236

Inode contents

Type of file

uid Direct pointer to data block

No of bytes

8k data block 8k data block

12 direct

8k data block

pointers Indirect pointer

8k data block

2k pointers

Pradip Gudale

Double indirect pointer Triple indirect pointer

237

Data blocks • • • • • •

Rest of the space allocated to data blocks block size decided at FS creation time default is 8k fragmentation is 1k blocks contain data for file blocks contain files names & their inode number in a directory Pradip Gudale

238

Cylinder group 0

Cylinder group 1

Bootblock (8 Kbytes) Superblock

Storage Blocks

Cylinder Group Map

Superblock

Inodes

Cylinder Group Map

Storage Blocks

Inodes Storage Blocks

Pradip Gudale

239

FS parameters • Block size: logical that kernel uses (physical • • • • •

that disk controller uses is 512 bytes) Fragment size Minimum free space Rotational delay Optimization type Number of files Pradip Gudale

240

“block size” What should I consider while deciding block size ? How does it impact ? Do I want to increase efficiency ?.. And I don’t care much for disk space Do I have many small files in my FS ? Pradip Gudale

241

Fragment size • Smaller than block-size is allocated during file expansion • trade of between time and space • decide based on number & size of files

Pradip Gudale

242

“Minimum free space” • Kept aside in reserve (1% to 10%) • As users go on consuming FS space, ufs efficiency goes down; df reports available space excluding reserve • only superuser can use reserve space When will df report more than 100% usage ? What command to use to change free space value ? Pradip Gudale

….tunefs

243

Rotational delay • Principle: knowing CPU data transfer speed and disk rotational speed, block allocation routine can place next block address to block just coming under the head & ready for read/write • Not very useful in modern disk with cache

Pradip Gudale

244

Number of files • Depends on number of inodes… Why ? • You can specify number of bytes per inode (i.e number of bytes per file and not number of bytes required to store inode info) • FS size/bytes per inode gives no of files Conventional defaults FS Less than or equal to 1 Gbyte FS Less than 2 Gbytes FS Less than 3 Gbytes Pradip Gudale FS 3 Gbytes or greater

2048 4096 6144 8192

245

Creating FS newfs [­Nv] [mkfs_options] raw_device -s size -t ntrack

Tracks per cyl

-b bsize -f fragsize -c cgsize Cylinder per cyl group -m free ..etc Pradip Gudale

see man page 246

PART 1:

FSCK

Pradip Gudale

247

File system integrity • It is the consistency and integrity of internal tables of FS. This is lost if Sudden power failure accidental unplugging of system system crash improper shutdown

Pradip Gudale

248

Principle behind fsck • Uses redundant information available across various tables in the FS • Goes through superblock, inodes and data blocks • runs in phases -- means reads tables multiple number of times • salvages as far as possible • ever noticed lost+found directory under Pradip Gudale 249 newly created directory ?

Probable recovery.. The fsck program places files and directories that are allocated but unreferenced in the lost+found  directory. The inode number of each file is assigned as the name.

Pradip Gudale

250

FS state flag • • • •

Stored in super block flag checked by /sbin/rcS while booting flag checked by fsck when run Flags FSACTIVE: mounted & modified FSBAD : / mounted when state not FSCLEAN/FSSTABLE FSCLEAN: mounted properly FSSTABLE:mounted & unmodified FSLOG: mounted with logging Pradip Gudale

251

How fsck tries to salvage • Due to buffering in memory FS state on disk always lags behind that in core • written to disk when buffer is required or kernel runs fsflush periodically • fsck reads summary info in superblock--FS size, no of inodes, free blocks count and free inode count • checks free block map. Cross checks that Gudale 252 free blocks are notPradip claimed ny files

Salvage……. cntd • No of free + no claimed by inodes=total blk • count of free inodes in summary=actual free inodes ?.. NO.. Modify summary info • link count in inode.. No directory entry exists for that inode no although inode contains valid info. Put file in lost+found • Duplicate blocks: data block claimed by 253 inodes of two filesPradip Gudale

Sample fsck output.. # fsck /dev/rdsk/c0t0d0s7 ** /dev/rdsk/c0t0d0s7 ** Last Mounted on /export/home ** Phase 1 ­ Check Blocks and Sizes ** Phase 2 ­ Check Pathnames ** Phase 3 ­ Check Connectivity ** Phase 4 ­ Check Reference Counts ** Phase 5 ­ Check Cyl groups 2 files, 9 used, 2833540 free (20 frags,  354190 blocks, 0.0% fragmentation) No of frags No of inodes

Number of unused fragments

Pradip Gudale

Number of unused full blocks

% frag 254

How to see if FS need checking.. # fsck -m /dev/rdsk/c0t0d0s6 ** /dev/rdsk/c0t0d0s6 ufs fsck: sanity check:  /dev/rdsk/c0t0d0s6 needs checking To check FS interactively…. #fsck Pradip Gudale

255

Preening ufs file system The preen option to fsck (fsck ­o p) checks UFS file systems and automatically fixes the simple problems that normally result from an unexpected system shutdown. It exits immediately if it encounters a problem that requires operator intervention. The preen option also permits parallel checking of file systems. Pradip Gudale

256

How to restore superblock Find back-up superblock # newfs -N /dev/rdsk/device-name

run fsck with another superblock # fsck -F ufs -o b=block-number /dev/rdsk/dev-name

Pradip Gudale

257

Fixing that fsck could not.. • • • •

Run fsck multiple times carefully read error messages and act use fsdb, clri, ff, ncheck etc…. See man if could not fully recover try mounting read only and retrieve data

Pradip Gudale

258

PART 1:

BACKUP & RESTORE

Pradip Gudale

259

*Why do you need backup ? • • • • •

System crashes accidental deletion natural disaster hardware failures mistakes in installation or upgrade

Pradip Gudale

260

Backup methods • Backup file systems : ufsdump • backup NIS+ server : nisbackup • backup all on N/W from server : solstice backup s/w • backup/list files : cpio, tar, pax • backup as raw dump : dd Pradip Gudale

261

Backup devices • • • • •

1/2-inch reel tape 140 Mbytes (6250 bpi) 2.5-Gb 1/4 inch cartridge (QIC) tape 2.5 GB DDS3 4-mm cartridge tape (DAT) 12 - 24 GB 14-Gbyte 8-mm cartridge tape 14 Gbytes DLT 7000 1/2-inch cartridge tape 35 - 70 GB

Pradip Gudale

262

How do you decide what to backup ? • Don’t need to backup full everytime • monitor what FSs change often • which are critical FSs so… /export/home must be backed-up regularly, whereas /usr need not be and /var although changing need not be backed-up very frequently. Pradip Gudale

263

What all you can do with ufsdump • Take backup of full FS on local or remote tape device • Take incremental backup (those that have changed since previous backup) • Backup groups of systems (remote shell) • Automate backup (use crontab)

Pradip Gudale

264

Dump level concept • This is the number between 0 and 9 • 0 is full backup • no specific meaning to level number. Meaning is attached when looked at in relation to other level. • 1-9 specify hierarchy of incremental backup • dump levels are specified in ufsdump command Pradip Gudale

265

Dump level usage Monthly   Monday Tuesday Wednesday Thursday  Friday 0 9 9 9 9 5

Incremental Backup: Daily Cumulative Pradip Gudale

266

How this scheme looks 9(Mon) 9

9

9

5(Fri)

Wk 1

ab

abc

abcd

abcde

abcdef

Wk 2

g

gh

ghI

ghij

a b c d e f g h i jk

In this scheme … How many tapes will be required? Pradip Gudale What tapes are required to restore ?

267

Answers.. With this schedule, you need six tapes (if you want to reuse daily tapes), or nine tapes (if you want to use four different daily tapes): one for the level 0, four for the Fridays, and one or four daily tapes. If you need to restore a complete file system, you will need the following tapes: the level 0, the most recent Friday tape, and the most recent daily tape since the last Friday tape (if any).

Pradip Gudale

268

Dump level usage Monthly   Monday Tuesday Wednesday Thursday  Friday 0 3 4 5 6 2

Incremental Backup: Daily Discrete (incremental) Pradip Gudale

269

Daily cumulative, weekly incremental Floating 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2

Mon

Tues

Wed

9 9 9 9

9 9 9 9

9 9 9 9

ab g

abc gh

Thurs

Fri

0

abcd ghI

9 9 9 9 abcde ghij

3 4 5 6 abcdef ghijk

To restore you need level 0, all Friday & most Pradip Gudale 270 recent daily tape

Daily incremental, weekly cumulative Floating Mon 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2

Tues

Wed

Thurs

Fri

0 3 3 3 3 ab gh

4 4 4 4 cd i

5 5 5 5 e jk

6 6 6 6 f lm

2 2 2 2 abcdef abcdefghijklm

To restore you need level 0, recent Friday & all Pradip Gudale 271 daily tapes

Taking backup • Keep tape drive ready • decide on file systems- use mount command • find number of tapes required # ufsdump S filesystem gives you bytes. Calculate tapes required.

• Become superuser and bring system to single user mode Pradip Gudale

272

usdump command examples • #ufsdump  0ucf  /dev/rmt/0  / • #ufsdump 9ucf /dev/rmt/0  /export/home • #ufsdump 0ucf pluto:/dev/rmt/0  /export/home Dump file (tape)

Update /etc/dumpdates

Verify using #ufsrestore tf /dev/rmt/0 Pradip Gudale

273

ufsrestore • The ufsrestore command copies files to disk, relative to the current working directory, from backups created using the ufsdump command. • Can restore individual files • when run from root restore with original ownerships and permissions Pradip Gudale

274

Relative to current working directory….. explanation files backed up from the /export/doc/books  directory (where /export is the file system), would be saved relative to /export. In other words, the book1 file in the docs directory would be saved as ./doc/books/book1 on the tape. Later on, if you restored the ./doc/books/book1 file to the /var/tmp  directory, the file would be restored to Pradip Gudale 275 /var/tmp/doc/books/book1.

note Note - Do not restore files in the /tmp  directory even temporarily. The /tmp directory is usually mounted as a TMPFS file system and TMPFS does not support UFS file system attributes such as ACLs.

Pradip Gudale

276

ufsrestore • # ufsrestore ta archive-name ./path/filename • # ufsrestore tf device-name ./path/filename • the above two check to see if filename exists on backed-up media; first using online archive and second using tape contents Pradip Gudale

277

Running ufsrestore interactively • • • • • • • • •

# ufsrestore if /dev/rmt/n ufsrestore> ls directory ufsrestore> cd directory-name ufsrestore> add filename1 filename2 ufsrestore> delete filename ufsrestore> verbose ufsrestore> extract Specify next volume #: 1 ufsrestore> quit Pradip Gudale

278

Restoring specific file not interactively # ufsrestore xvf filename …

/dev/rmt/n

Specify next volume #: 1 (giving vol no) set owner/mode for ’.’? [yn] n (to keep mode of current directory unchanged) Pradip Gudale

279

Restoring complete File System • • • • • • • •

# umount /dev/rdsk/device-name # newfs /dev/rdsk/device-name # mount /dev/dsk/device-name /mnt # cd /mnt # ufsrestore rvf /dev/rmt/n (use levels..starting with 0 and going up) # rm restoresymtable # cd /; unmount /mnt; # ufsdump 0uf /dev/rmt/n Pradip Gudale /dev/rdsk/device-name

280

“What more you need to do to restore root / and /usr” • Boot from cdrom (as you don’t have os disk) • restore root file system from tape as for any other file system • install boot block # installboot /usr/platform/‘uname-i‘ /lib/fs/ufs/bootblk /dev/rdsk/devicename Pradip Gudale

281

How ufsdump works.. • Makes two passes • In first pass it scans through raw device and builds directory & file structure in memory; writes table to tape in-core stuff may get skipped in active FS • In second pass goes through inode numbers in order & writes data to tape • Neither free blocks nor slice image gets backed-up Pradip Gudale 282

/etc/dumpdates role • Each line in /etc/dumpdates shows the file system backed up, the level of the last backup, and the day, date, and time of the backup. • /dev/rdsk/c0t0d0s0 9 Tue Jul 13  10:58:12 2001 /dev/rdsk/c0t0d0s0  0 Tue Jul 13 10:46:09 2001

• during incremental backup  ufsdump consults this to find  Pradip Gudale 283 date of most recent backup of 

Ufsdump command format /usr/sbin/ufsdump [options][arguments] filesto-back-up

0-9,a,b,c,d,D,f,s,u,v archive

destination To diskette Tape density To cartridge No of 512 byte blocks Pradip Gudale at a time

284

Ufsrestore command format ufsrestore  [options][arguments][filename …]

i,r,R,x,t table extract Resume restoring; restarts from checkpoint when full restore interrupted recursive interactive

Pradip Gudale

285

Other ways to take backup • Want to take full FS backups..& restore ? -- ufsdump more suitable • Want to take selective backup..? Or transfer files between systems..? -- tar,cpio,pax suitable • Want to do disk to disk copy..? -- dd is more suitable • Want to copy on diskette..? Pradip Gudale 286 -- tar would do the job

Type & characteristics Command FS boundries Multi-Volume Type volcopy          Yes Yes Physical tar                  No No Logical cpio                No Yes Logical pax                 Yes Yes Logical dd                   Yes No Physical Pradip Gudale 287 ufsdump/       Yes Yes

dd • $ dd < /floppy/floppy0 > /tmp/output.file 2400+0  records in 2400+0 records out • …so you can specify dev names  for stdin & stdout • $ dd if=input-file of=output-file bs=nnK Write a command to clone a full system

disk & boot from it

Pradip Gudale

288

d if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=12 sck /dev/rdsk/c0t2d0s2 mount /dev/dsk/c0t2d0s2 /mnt d /mnt/etc i vfstab dify entries for the new disk) d/ mount /mnt nit 0 oot disk2 -s ys-unconfig oot disk2

Notice : intallboot not required. Why ? Pradip Gudale

289

cpio • Archiving program • copies list of files into single large output file • inserts headers between files to facilitate restoration • can copy to other slice or media • can detect End-Of-Media & prompts to insert next media Pradip Gudale

290

Exapmle copying from one FS to another # find . -print -depth | cpio -updm Sets modification filesystem2 Descends directory

times

lists

Creates directories

Unconditional older will replace newer

Pradip Gudale

291

Copying to tapes • Use either cpio, tar or pax .. Depends on precision & flexibility you want • all use raw device. (You don’t make FS on tapes !) • pax: better portability on POSIX compliant sys • tar:available on most unix systems,No multi-vol • cpio:packs data more efficiently; skips over bad spots on tape while restoring; option for different header formats (tar,crc,odc,bar),multi-vol Pradip Gudale

292

tar • tar with -c destroys current data on tape • can use * or ? As wildcards while backup • cannot use wildcards while extracting • $ tar cvf /dev/rmt/0 reports (reports is dir) a reports/ 0  tape blocks a  reports/reportA 59 tape blocks a reports/reportB 61 tape  blocks a  reports/reportC 63 tape blocks Pradip Gudale 293

pax • $ pax -w -f /dev/rmt/0 filename … Enable write mode

$ pax -f /dev/rmt/0 (verifies files on tape filea fileb filec

Pradip Gudale

294

Copying all files with cpio $ ls | cpio -oc > /dev/rmt/n

Copy-out mode

Header in ASCII character

Pradip Gudale

295

Restoring with cpio Listing files on tape $ cpio -civt < /dev/rmt/n

Restoring all files from tape  in current dir $ cpio -icvd
Restoring specific file

296

How to take back-up on remote tape • Take care of permissions to use tape on other machine. Your hostname and username should be entitled to do the job • use commands that work on stdin and stdout • connect them properly

Pradip Gudale

297

Backup on remote tape... Check appropriate permissions $ rsh remotehost echo test if successful… $ tar cf - files | rsh remotehost dd of=/dev/rmt/n obs=blocksize to extract… $ rsh remotehost dd if=/dev/rmt/n | tar Pradip Gudale 298 xvBpf -

Copying to diskette • Insert formatted diskette in writable mode • $ volcheck • $ fdformat -U /vol/dev/aliases/floppy0 • $ tar cvf /vol/dev/rdiskette0/unlabeled filename … • $ tar tvf Pradip Gudale /vol/dev/rdiskette0/unlabeled

299

Copying files with different headers

• When do you have to do this ? e.g. Sol 8 cpio archive may not be compatible with earlier SunOS. So create archive with different header • $ cpio -oH odc < file-list > /dev/rmt/n odc is ASCII header with small device number Pradip Gudale

300

Cpio -H [tar,odc,bar,crc,ustar] • While restoring use same -H option as that used while archiving • $ find . -print | cpio -oH tar > /tmp/test 113 blocks • $ cpio -iH bar < /tmp/test • write command syntax on media label Pradip Gudale

301

Tape media names /dev/rmt/XAbn X is Drive number 0 1 2 3 4  n etc Optional l          m         h          u       c   Density       low medium high ultra compressed “b” Berkeley (SunOS 4.x) Compatibility Pradip Gudale

“n” Optional No-rewind

302

Tape drive commands • # mt -f /dev/rmt/n status Archive QIC­150 tape  drive:sense key(0x0)= No  Additional Sense residual= 0  retries= 0 file no= 0 block  no= 0 • $ mt -f /dev/rmt/n retension | rewind Pradip Gudale

303

PART 1:

PRINTER ADMINISTRATION

Pradip Gudale

304

What are the ways.. GUI

N/W printers

Solaris Print Manager Solaris 8 and Solaris Easy Access Server 3.0 Yes Admintool Solaris 8 & compatible versions Yes LP commands Solaris 8 & compatible versions No Yes Pradip Gudale

manages

uses NIS

serv & clien NIS+

Yes

Yes

Yes

No

Yes

No

Yes

Yes 305

LP print Service • Set of s/w utilities that allow users to print jobs while they work • Earlier called LP spooler (system peripheral operation offline) • LP print service includes S/W, spooler, filters and h/w associated with printer

Pradip Gudale

306

Network printer • • • • •

H/w device directly connected to network device has its own name & IP address print jobs are transferred across network driver support expected from vendor Sun provides generic drivers. Good enough but they don’t exploit all capabilities of the printer Pradip Gudale

307

Admin tasks for printers • Setup server & clients for printing • Deleting a printer and remote printer access • Checking the status of printers • Restarting the print scheduler

Pradip Gudale

308

Print process • 1. A user submits a print request from a print client. • 2. The print command checks a hierarchy of print configuration resources to determine where to send the print request. • 3. The print command sends the print request directly to the appropriate print server. A print server can be any server that accepts BSD printing protocol, • 4. The print server sends the print request to the appropriate printer. • 5. The print request is printed. Pradip Gudale

309

Heirarchy of print config resources • Command line option lp -d • A user’s LPDEST or PRINTER variables • The _default variable in the sources configured for the printers database in the /etc/nsswitch.conf file • The $HOME/.printers file for users • The local /etc/printers.conf file for the NIS name service • The printers.org_dir table for the NIS+ Pradip Gudale 310 name service

How users specify printer on command line • Three ways (1) atomic (2)POSIX and (3) context based as in FNS • lp -d hp660c filename • lpr -P galaxy:neptune filename • lpr -d finance/wages/printer/modi410 filename Pradip Gudale

311

Print server • a system that has a local printer connected to it and makes the printer available to other systems on the netwok • schedules & controls print jobs • They use BSD print protocol : Industry standard and widely used • server & client can have different 312 versions of OS Pradip Gudale

Spooling • Spooling space is a disk space to store print jobs in a queue • They are stored in /var/spool/lp • Better if /var is separate FS. Can be mounted locally on print server or remotely from file server • 30Mb for small (text messages) print jobs and upto 600Mb for bit map big jobs Pradip Gudale

313

Overview of printing-setup • Setup printer name, definition, port • Selecting a printer type and file content type • Setting up fault notification and default printer destination • Determining whether you want to print banner pages or limit user access to a printer • Setting up printer classes and fault recovery Pradip Gudale

314

lpadmin command • lpadmin allows you to do all the tasks • printer manager allows you to do most tasks and some with limited functionality… tasks like file content, fault notification, banner printing and user access control and some like printer class and fault recovery you cannot. Pradip Gudale

315

lpadmin • Basic command is lpadmin -p printer-name • lpadmin -p hp400tn -D “lasrjet” to add description • lpstat -D -p hp400tn to find out description • lpadmin -p .. -v port-no /dev/term/a or /dev/term/b

Pradip Gudale

316

For intel platforms • Only first port is enabled by default.. So.. • For additional port you need to edit device driver configuration files of additional ports…(serial & parallel) • /platform/i86pc/kernel/drv/as y.conf • /platform/i86pc/kernel/drv/lp .conf Pradip Gudale

317

Printer type • The printer type is a generic name for a type of printer. It identifies the terminfo database entry that contains various control sequences for the printer. • specify the printer type by using the lpadmin ­T command • For a local PostScript printer, use a printer type of either PostScript (PS) or Reverse Pradip Gudale PostScript (PSR).

318

terminfo • /usr/share/lib/terminfo :  printer capabilities and  initialization control data  for each printer • cd /usr/share/lib/terminfo/e • ls  • $ ls • emots  ep2500+high  ergo4000   Pradip Gudale

319

File content type & print filters • File content type tells print service type of file contents that gets printed directly without requiring modification • Print filters convert the content type of a file to a content type that is acceptable to the destination printer. • specify the file content type for a printer by using the lpadmin ­I Pradip Gudale 320 e.g. lpadmin ­p .. ­I 

Solaris print manager • • • •

You need bit mapped display running X-windows or CDE run it from CDE workspace menu OR #  /usr/sadm/admin/bin/printmgr & pkg SUNWppm must be installed Pradip Gudale

321

Adding through lpadmin..example # chown lp /dev/term/b On server # chmod 600 /dev/term/b # lpadmin -p luna -v /dev/term/b # lpadmin -p luna -T PS -I postscript # lpadmin -p luna -D “training-lab-ps” # accept luna destination ‘‘luna’’ now accepting  requests # enable luna printer ‘‘luna’’ now enabled # lpstat -p luna printer luna is idle. enabled since Jul 12  Pradip Gudale 322 11:17 20019. available.

Adding access to printer # lpadmin -p luna -s saturn

On client

Printer server # lpadmin -p luna -D ”training-lab-ps" name # lpadmin -d luna

Makes it default

# lpstat -p luna printer luna is idle. enabled since Jul 12  11:17 2001. available.

Pradip Gudale

323

*Adding network printer • Although printer not connected to any M/C it is necessary to define & configure print server….. WHY ? The print server provides queuing capabilities, filtering, and printing administration for the network printer.

Pradip Gudale

324

Network printer : few terms • Print server • printer host : s/w & h/w that makes nonnetwork printers “Network Printers” • printer node : printer itself if it is built-in N/W printer. Printer host if that is external box; Unique node name and IP address • printer name: name entered on command line. Selected by sys sdmin while installing; Pradip Gudale 325 one printer can have many names.

N/W printer invoking s/w support • The software support for network printers is called through the interface script. Netstandard • lpadmin ­p pr_name ­m  netstandard • lpadmin ­p pr_name ­o  protocol=bsd | tcp • Now printer subsystem needs  Node name Port number 326 Pradip Gudale access name

N/W printer : lpadmin • # lpadmin -p printer-name -v /dev/null -m netstandard -o dest=pn1:9100, protocol=tcp, timeout=value No of seconds to wait between attempting connection # lpadmin -p printer-name -I content-type -T printertype #accept printer-name #enable printer-name

Pradip Gudale

327

Managing Printers AND print Schedulers

Pradip Gudale

328

Deleting printer • Do it on both server and client • print-client# lpadmin -x printer-name • print-client# lpsystem -r print-server this deletes info about print-server also. • print-server# reject printer-name • print-server# disable printer-name • print-server# lpadmin -x printer- 329 Pradip Gudale name

Checking printer status $ lpstat [-d][-p printer-name [-D][-l]]  [-t] Shows default

Shows characteristics

Shows status of print service

Pradip Gudale

330

Example.. lpstat -t $ lpstat -p luna -l printer luna is idle. enabled since Mon Jul  12 15:02:32 ... Form mounted: Content types: postscript Printer types: PS Description: Connection: direct Interface: /usr/lib/lp/model/standard After fault: continue Users allowed: (all) Forms allowed: (none) Banner not required Character sets: Default pitch: Pradip Gudale 331 Default page size: 80 wide 66 long

lpscheduler • Check if it is running.. Login as root OR lp • # lpstat -r • # /usr/lib/lp/lpshut … to stop scheduler • # /usr/lib/lp/lpsched … to start scheduler

Pradip Gudale

332

Banner pages • Gets printed for every job • helps identify print-job • prints who-submitted, request-ID and time-it-got-printed • can have modifiable title • Not desirable if few users & small printouts OR using special forms like pay-cheques Pradip Gudale

333

Banner printing control • Both lpadmin and lp commands take banner printing related parameters On by default; can be disabled in lp • lpadmin -p pr1 [-o banner=always | optional | never ] applies to printer • lp -o nobanner applies to the job ignored for regular user; Honored for root or lp user and overrides lpadmin -o Pradip-o Gudale 334 banner OR lpadmin banner=always

banner • Banner setting is stored in /etc/lp/printers/prname/configuration file. • Check this using lpstat -p pr-name -l

Pradip Gudale

335

Printer classes • Print service enables you to group various printers into a class • can be done only by lpadmin -c • Once set-up users can specify printer class instead of printer for print jobs • The first free printer in the class is used resulting in better turnaround; checked in order in which they were put in a class Pradip Gudale 336 • make classes based on location or type

Defining class • # lpadmin -p pr-name -c printerclass /etc/lp/classes/printer-class • gets added at the end of list in the class in the file • $ lpstat To see -c what are the printers in a class printer-class

Pradip Gudale

337

Printer fault notification • Print service can notify in different ways when print operation encounters problems • Write a message to the terminal on which root is logged in • Electronic mail to root • No notification • Can be configured by lpadmin OR Print Manager Also allows to get msg from program of your choice; allows disabling fault notificationPradip forGudale known problem 338

Fault notification: lpadmin -A • • • • •

’mail [user-name]’ ’write [user-name]’ ’command’ (run the command) quiet (stop alert unitl fault is fixed) none   ( do not send any  alerts)

Alert settings are entered in Pradip Gudale 339 /etc/lp/printers/printer-name/alert.sh 

Fault Recovery • You can define the fault recovery options for a printer only by using the lpadmin ­F command. This task is not available in Solaris Print Manager. • After fixing the fault active print request begins printing… ..from beginning of the job ..from top of page where stopped ..from top of page where stopped after you Both require filter enable the printer

• lpadmin -F beginning | continue | wait Recovery settings go in /etc/lp/printers/prPradip Gudale name/configuration file.

340

Access control • Can prevent some users from accessing some printers • make allow and deny lists using lpadmin -u • with print manager you can make only allow list • # lpadmin -p printer-name -u allow:user-list [ deny:user-list] • /etc/lp/printers/printername/users.allow Pradip Gudale 341

Managing print requests • • • •

Get status cancel jobs change priorities Login to server and use lp commands • $ lpstat -o [printer­list] | -u [user-list] • lp -i This request-id hold | resume | immediate changes-H priority Pradip Gudale

342

priority • You can also change priority relatively using lp -q command • # lp -i request-id -q 3 0 to 39 0 top priority 39 lowest priority Pradip Gudale

343

Managing filters • Filters are programs that convert one typoe of file to another • programs that manage double sided or landscape printing, draft & letter quality • detect printer faults and notify print service • LP print service provides postscript filters and are loacted/usr/lib/lp/postscript directory. in Pradip Gudale

344

filters • lpfilter command used to manage list of available filters • filter descriptors are in /etc/lp/fd  directory. • Filters themselves are in /usr/lib/lp. /etc/lp/filter.table file. • System information about filters is stored in Pradip Gudale 345 Your chosen name Definition name in /etc/lp/fd • # lpfilter -f daisytroff -F

What do enable/disable accept/rejet do ? enable/disable : start or stop printing of jobs that are in queue accept/reject : start or stop accepting jobs for queuing These two are different and independent operations Pradip Gudale

346

Canceling print request • • • •

By request Id For specific user on any or specified printer The one currently being printed You can cancel provided if its your printjob or if you are superuser or lp • $ cancel request-id | printer-name • $ cancel -u user-list [printer-name] Pradip Gudale

347

Moving print requests • If you want to take the printer out of service • move requests to different printer having similar capabilities • print request IDs remain same • first check if destination printer is accepting requests…# lpstat -p prn2 • move requests.. # lpmove prn1 prn2 this stops acceptance of new Pradip Gudale 348 requests on prn1 automatically.

Print port characteristics • Print service sets defaults for printer ports like…. • −9600     Set baud to 9600 ∀ ∀ ∀ ∀ ∀ ∀

−cs8         Set 8-bit bytes −cstopb    Send one stop bit per byte −parity     Do not generate parity −ixon       Enable XON/XOFF −olcuc Do not map lowercase to uppercase −onlcr Change line feed to carriage return/line feed Pradip Gudale

349

Port characteristics • You can change if defaults not suitable • use stty to display and set characteristics • # lpadmin -p prn -o "stty=options” • # lpadmin -p luna -o "stty=’parenb parodd cs7’” • # lpadmin -p venus -o "stty=19200" Pradip Gudale

350

Print service directories /usr/bin            The LP print service user commands /etc/lp               A hierarchy of LP server configuration files /usr/share/lib    The terminfo database directory /usr/sbin           The LP print service administrative commands /usr/lib/lp         The LP daemons; directories for binary files and PostScript filters; and the model directory (which contains the standard printer interface program) /var/lp/logs      The logs for LP activities: lpsched.n – Messages fromlpsched and requests.n – Information about completed print requests /var/spool/lp   The spooling directory where files are Pradip Gudale 351 queued for printing

/usr/lib/lp directory • bin : Contains files for generating printing alerts, queue management prog • lpsched : schedular daemon • model : standard interface programs • postscript : contains all postscript interface programs

Pradip Gudale

352

How print service works • Print scheduler on print server is started in /etc/rc2.d/S801p • scheduler lpsched updates print config files, queues jobs, tracks printer status • print client communicates directly with a print sever over the network. • Print servers listen for print request with the Internet services daemon (inetd). • inetd starts a program “protocol adaptor” Pradip Gudale 353 (in.lpd) --communicates with spooler

What the Printer Interface Program Does • • • •

Initialize the printer port --use stty Initialize the printer -- use terminfo Print a banner page, if necessary. Print the correct number of copies specified by the print request.

Standard interface program is found in /usr/lib/lp/model Pradip Gudale

354

PART 1:

SYSTEM SECURITY

Pradip Gudale

355

Security Aspects • Maintaining physical site security (don’t leave • • • • • • • •

logged-in terminal unattended) Maintaining login control (password must) Restricting access to data in files -permission Maintaining network control Monitoring system usage (mormal load ..?) Setting PATH variable correctly (trojan horse Securing files (use ACLs and care setuids) Installing a firewall Gudale 356 Reporting securityPradip problems

Firewall or Secured Gateway • Dedicated system separating two networks • each appoaches another as Untrusted • also useful between two internal networks .. Will not send packet unless origin or destination address is of Gateway system • packets of specific protocol only can be allowed to be forwarded-- say mail and not of telnet or rlogin Pradip Gudale

357

firewall • • • •

System should not have any trusted hosts everyone must be made to type password it acts as a passage as well as barrier it makes internal user to log-in to gateway system before he can send packets to outside N/W and also external user to login before he can reach internal N/W Pradip Gudale

358

File related commands • • • •

ls chown chgrp chmod

Pradip Gudale

359

ACL • Traditional Unix allows permissions setting to owner, group and others • ACL allows greater & finer control… you can set permissions for all above & for specific users and groups and default permissions to each of these • setfacl & getfacl Pradip Gudale

360

Special logins • root 0 Has almost no restrictions and overrides all other logins, protections, and permissions. The root account has access to the entire system. • daemon 1 Controls background processing. • bin 2 Owns some of the Solaris commands. • sys 3 Owns many system files. • adm 4 Owns certain administrative files. • lp 71 Owns the object & spooled data files for printer. • uucp 5 Owns the object & spooled data files of UUCP nuucp 9 Is used by remote systems to log in to the system fileGudale transfers. 361 Gids inand redstartPradip

password • Sources to check password are three • /etc/nsswitch.conf entry decides which of NIS+ tables, NIS map or /etc files to look for password • /etc files are passwd and shadow • Only superuser can read shadow file

Pradip Gudale

362

shell Normal shell

Restricted shell

/usr/bin/sh

/usr/lib/rsh Notice :Not /usr/sbin/rsh (remote shell) Access limited to home directory; can’t use cd Can use commands only in PATH variable Can use files only in HOME dir & subdirectories Pradip Gudale with > or >> cannot redirect output

363

Tracking SuperUser Login • Requires root password • By default, user cannot login as root remotely; He needs to login as ordinary user and then switch-over to root. This policy helps tracking “who is trying to become SuperUser” • The command to switch-over to different user is su Pradip Gudale

364

Switch user : su • su user-name • su - user-name

Pradip Gudale

365

Network security • Firewall • authentication • authorization How do you differentiate between authentication and authorization ? Can I log-in ?

Athentication

Can I copy this file ? Pradip Gudale

Authorization 366

Network security • Firewall • for NFS : you can decide what to share (through /etc/dfs/dfstab) and whom to give what authority (read/write or read only) through share command. • By deafult, superuser access is not given by NFS. (it is implemented to change userId of requester to that of nobody-60001) Pradip Gudale

367

Automated Security Enhancement Tool : ASET • enable you to control and monitor your system’s security. • specify a security level—low, medium, or high—at which ASET will run. • At each higher level, ASET’s file-control functions increase to reduce file access and tighten your system security. Pradip Gudale

368

File permissions • Read, write and execute permissions to each of three types of users - owner (the one who creates file or directory), a group and others (all those who are neither owner nor member of the group) • Only owner or root can decide and modify these permissions Pradip Gudale

369

Permissions of directory List files in the • r     Read directory. Add or remove files or • w   Write links in the directory. • x    Execute Open or execute files in the directory. Also can make the directory and the directories beneath it current. Pradip Gudale

370

Special file permissions • setuid • setgid • stickyBit Applicable to executables and public directories

Pradip Gudale

371

setuid • When set on a program, it grants the process running that program aceess based on owner of that program rather than the user who is running it. • This allows user to access files that are normally available only to owner. e.g /etc/shadow file ­r­sr­sr­x 3 root sys  104580 Jul 16 12:02  Pradip Gudale 372

setgid • Similar to setuid except…. • process’s effective groupID is changed to that of a group owner of a program and user is granted access based on permissions available to the group • When applied to directory, the files created under it belong to the same group as directory belongs and not group of the process creating it.(e.g directory containing373 Pradip Gudale all project files)

Sticky Bit • Permission bit that protects files within a directory.. So its applied to only directories • Files can be deleted only by 1)Owner of the file 2)Owner of the directory 3)root • Prevents users from deleting other user’s files from public directory like /tmp • drwxrwxrwt 7 root sys 400 JUL 3  13:37 tmp Pradip Gudale

374

*Default Permissions • What are the effective permissions when you create a file or a directory ? • What decides these defaults permissions ? A value set for umask in system file /etc/profile or .cshrc or .login

Pradip Gudale

375

System defaults

files = 666 directories & executables = 777

Subtract umask = 022

Effective permissions

files = 644 directories & executables = 755 Pradip Gudale

376

Display information on files :ls • • • • • • • •

­     Text or program d    Directory b    Block special file c    Character special file p    Named pipe (FIFO) l    Symbolic link s    Socket

Type of files Permissions Number of hard links Owner of the file Group of the file Size of the file, in bytes Date the file was created or last date it was changed Name of the file

Pradip Gudale

377

$ cd /sbin $ ls -la total 13456 drwxr­xr­x    2      root     sys        512       Sep 1 14:11 . drwxr­xr­x  29      root    root      1024       Sep 1 15:40 .. ­r­xr­xr­x      1      root     bin   218188       Aug 18 15:17  autopush lrwxrwxrwx  1     root     root          21       Sep 1 14:11    bpgetfile ­> ... ­r­xr­xr­x      1     root       bin  505556       Aug 20 13:24 dhcpagent ­r­xr­xr­x      1     root       bin  456064    Pradip Gudale 378     Aug 20 13:25 dhcpinfo

Changing file ownership • Command is chown • By default owner cannot change ownership; Only Superuser can • workaround… set rstchown = 0 in  /etc/system & reboot • # chown newowner filename Pradip Gudale

379

Changing group ownership • Only superuser or owner can change • owner can change it to a group of which he is a member • $ chgrp group filename

Pradip Gudale

380

Changing permissions • chmod command • two modes 1) absolute mode : use octal numbers (triplet) to set permissions 2) symbolic mode: use combination of letters & signs • for setting special permissions use additional octal number to the left of the triplet Pradip Gudale

381

chmod Special perm X

Y

Z

owner R

W X

1

1

group

others

R W X

R W X

0

setuid setgid Stick bit

Octal 6 Pradip Gudale

382

examples • $ chmod 700 my_prog • $ ls -l my_prog ­rwx­­­­­­ 1 mahesh  staff 6023 Jul 5 12:06  my_prog • $ chmod 755 public_dir • $ ls -ld public_dir • drwxr­xr­x 1 omni staff 6023  Pradip Gudale 383 Jul 5 12:06 public_dir

examples • $ chmod 4555 dbprog • $ ls -l dbprog • ­r­sr­xr­x 1 db staff 12095  May 6 09:29 dbprog • $ chmod o-r filea (takes away read permissions from others) • $ chmod a+rx fileb (adds r & x to all) Pradip Gudale 384 • $ chmod g=rwx filec (adds rwx

To create shared directories • A setgid bit on a directory must be set or changed using symbolic notation # chmod g+s project_dir Write a command to find all files in a specified directory having owner as root and setuid bit set on them Pradip Gudale

385

# find directory -user root -perm -4000 -exec ls -ldb {} \; >/tmp/filename Display in ls -ldb format

Output stored here

# ls ­l /tmp/filename ­­­s­­x­­­ 1 root rar 45376 Aug 18 15:11  /usr/rar/bin/sh ­r­sr­xr­x 1 root bin 12524 Aug 11 01:27  /usr/bin/df ­rwsr­xr­x 1 root sys 21780 Aug 11 01:27  Pradip Gudale 386 /usr/bin/newgrp

ACL • Salient feature is you can assign permissions to specific user e.g. you can give read permission to a group and read/write permission to a specific member in that group • ACL contains entries which are defind using setfacl • entry_type:[uid|gid]:perms Pradip Gudale

387

ACL Entries for files u[ser]::perms File owner permissions. g[roup]::perms File group permissions. o[ther]:perms Permissions for users other than the file owner or members of file group. m[ask]:perms The ACL mask. The mask entry indicates the maximum permissions allowed for users (other than the owner) and for groups. The mask is a quick way to change permissions on all the users and groups. u[ser]:uid:perms Permissions for a specific user. For uid, you can specify either a user name or a numeric UID. g[roup]:gid:perms Permissions for a specific group. For Gudale gid, you can specify eitherPradip a group name or a numeric 388 GID.

Default ACL on directory You can set default ACL on directories; All created under it will have same permissions as default; When you set for specific user first time you also need to set for owner, group & mask d[efault]:u[ser]::perms Default file owner permissions. d[efault]:g[roup]::perms Default file group permissions. d[efault]:o[ther]:perms Default permissions for users other than the file owner or members of the file group. d[efault]:m[ask]:perms Default ACL mask. d[efault]:u[ser]:uid:perms Default permissions for a specific user. For uid, you can specify either a user name or a numeric UID. Pradip Gudale d[efault]:g[roup]:gid:perms Default permissions389

setfacl Sets or replaces ACL

$ setfacl -s user::perms,group::perms,other:per ms,mask:perms,acl_entry_list filename ...

List of one or more ACL entries for specific user or group OR default on directory

$ setfacl -s user::rw-,group::r--,other:---, mask:rw-,user:mahesh:rw- ch1.doc $ ls -l Indicates file has an ACL total 124 Pradip Gudale 390 ­rw­r­­­­­+ 1 rajiv sysadmin 34816 Jul 11 

Display ACLs Use the command getfacl $ getfacl ch1.doc # file: ch1.doc # owner: rajiv # group: sysadmin user::rw­ user:mahesh:rw­ #effective:rw­ group::r­­ #effective:r­­ mask:rw­ other:­­­ Pradip Gudale 391

ACL example $ setfacl -s u::7,g::4,o:0,m:4,u:mahesh:7 ch2.doc $ getfacl ch2.doc # file: ch2.doc # owner: rajiv # group: sysadmin user::rwx user:mahesh:rwx #effective:r­­ group::r­­ #effective:r­­ Pradip Gudale mask:r­­

392

Copying ACL of one file to another $ getfacl ch2.doc | setfacl -f ch3.doc Taken from here and applied there

Pradip Gudale

Implies : Take from file

393

Modifying/ Deleting ACL entry $ setfacl -m acl_entry_list filename1 [filename2 ...] $ setfacl -m user:mahesh:6 ch3.doc $ setfacl -d acl_entry_list filename1 ... Pradip Gudale

394

Login information • Use logins command • # logins -x -l username (x:extended info) • # logins -x -l mahesh • mahesh 500 staff 10 Mahesh  Kulkarni Picks info from or NIS • /export/home/mahesh/etc/passwd or NIS+ • /bin/sh 395 Password agingPradip infoGudale

Finding users not having passwords • # logins -p

Disabling logins temporarily Create /etc/nologin file with a message you want to display for login attempts and reboot the M/C Pradip Gudale

root login is not affected

396

Saving failed logins • Create /var/adm/loginlog file with read/write permissions to root only • failed login activity will be written to this file automatically after five failed attempts. • user’s login name, tty device, and time of the failed attempt is recorded. Pradip Gudale

397

Dial-up password • Another layer of security for users logging in via modem • only superuser can create or change • two files involved: /etc/dialups &  /etc/d_passwd. list of shell programs that require an encrypted password /usr/lib/uucp/uucico:encrypted_ password: /usr/bin/csh:encrypted_password : Pradip Gudale /usr/bin/ksh:encrypted_password

list of ports that require a dial-up password /dev/term/a /dev/term/b 398

Mahesh logs in on /dev/term/b

Check the presence of port in this file... /etc/d_passwd Check “login shell” field of  /etc/passwd & look for  match in /etc/d_passwd Prompt for password Pradip Gudale

/etc/dialups /dev/term/a /dev/term/b

If no match found password entry of /usr/bin/sh is used Dial-up logins are disabled if /etc/d_passwd  has only the following entry: 399 /usr/bin/sh:*:

Creating files for dialup password • With editor create files with entries • # chown root /etc/dialups /etc/d_passwd • # chgrp root /etc/dialups /etc/d_passwd • # chmod 600 /etc/dialups /etc/d_passwd • add some user with password with useradd 400 Delete all exceptPradip thisGudale And copy

Superuser login • From security angle it should be allowed only on console • Edit the /etc/default/login file. • Uncomment a line and make it CONSOLE=/dev/console • On other terminals users will  have to login as some other  user and do su to root which  Pradip Gudale 401 can be monitored 

Monitoring su attempts • Through the /etc/default/su file you can enable the /var/adm/sulog  file to monitor all su attempts. Uncomment & keep SULOG=/var/adm/sulog • To get message on console also.. CONSOLE=/dev/console in  /etc/default/su • Entry shows datePradip&Gudale time, success or 402

Sample /var/adm/sulog # more /var/adm/sulog SU 12/20 16:26 + pts/0 mahesh­root SU 01/12 11:11 + pts/0 root­joebob SU 01/12 14:56 ­ pts/2 anu­root

Pradip Gudale

403

PART 1:

Scheduling Jobs

Pradip Gudale

404

Tasks at specific times • Task to be carried out only once at a specified time…. Use at command • Tasks to be executed repeatedly at regular intervals…( e.g. taking backup, removing contents of log files, probing system load).. Use crontab command • Files kept in /var/spool/cron • Files that control access to these command Pradip Gudale 405 are in /etc/cron.d

Entries inside crontab cron daemon scedules jobs according to entries found in crontab files; reads /var/spool/cron/crontabs directory every 15 minutes to take-up new files/changes 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog  (run newsyslog  at 3:10 every Sunday) 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ ­x /usr/sbin/rtc ] &&  /usr/sbin/rtc ­c > /dev/null 2>&1 30 3 * * * [ ­x /usr/lib/gss/gsscred_clean ]  && /usr/lib/gss/gsscred_clean Min hours day-of-month month day-of-the-week command Pradip Gudale

406

/var/spool/cron/crontabs/.. • Crontab file for root and few other users like adm, lp, sys, uucp exist • other users can create crontab files and they are named after their username e.g. /var/spool/cron/crontabs/mahesh • you need to be superuser to modify someone else’s crontab file Pradip Gudale

407

Creating crontab file • Use crontab -e command • crontab ­e invokes the text editor (default is ED) set up for your system environment EDITOR=vi; export EDITOR; • # crontab -e [username]… only  superuser can create for  other users Pradip Gudale

408

Check existence & display & remove • #cd /var/spool/cron/crontabs • #ls -l

­rw­r­­r­­ 1 root sys 190 Feb 26 16:23  adm    ­rw­­­­­­­ 1 root staff 225  Mar 1 9:19 mahesh    ­rw­r­­r­­ 1  root root 1063 Feb 26 16:23 lp

• $ crontab ­l [username]  … if  superuser • $ crontab -l

13 13 * * * cp  /home/anu/work_files  Pradip Gudale /usr/backup/. > /dev/null   

409

Controlling access to crontab • Accomplished through two files (in /etc/cron.d ) cron.allow and cron.deny • allowed users can create, edit, display and remove crontab files • By default cron.deny exists but not cron.allow • Only superuser can make these files Pradip Gudale

410

cron.allow & .deny rules • If cron.allow exists only the users listed in this • • • •

file can work with crontab files. If cron.allow doesn’t exist, all users may submit crontab files, except for users listed in cron.deny. If neither cron.allow nor cron.deny exists, superuser privileges are required to run crontab. So.. by default all users except listed in .deny are allowed to work with crontab So.. to deny a user, just add his name to cron.deny Pradip Gudale

411

In /etc/cron.d cron.allow exists ? So… to limit access to few users add their names to allow list. Don’t forget to add root there.

yes

no

cron.deny exists ? no Allow only superuser to work with crontab Pradip Gudale

Allow Allow not listed in this listed412users to work to work

*Error message for crontab -l • What do you make out of these ? crontab: can’t open your  crontab file crontab: you  are not authorized to use  cron. Sorry. In the first case : crontab file doesnot exist In the second case: You are denied use of crontab Pradip Gudale

413

at

jobs

• Execution at a later time • executed only once • By default, users can create, display, and remove their own at job files. • When submitted an at job, it is assigned a job identification number along with the .a extension that becomes its file name. Pradip Gudale

414

How to submit an at job • Invoke at command with time as argument • enter the command to be executed later make sure to send output to a file if required • press control-d to come out to prompt $ at 11:45pm July 31 at> rm /home/export/mahesh/*core* at> Press Control-d commands will be executed using /bin/csh job 933486300.a at Sat Jul 31 23:45:00  Pradip Gudale 415 2001

Submitting at job $ at [-m] time [date] Sends mail once job is done $ at 4 am Saturday at> sort -r /usr/dict/words > /export/home/anu/big.file cntrl-d

Pradip Gudale

416

Displaying at jobs $ atq Rank   Execution Date     Owner      Job         Queue    Job Name 1st      Jul 12, 1999 19:30  anu    897355800.a   a           stdin 2nd     Jul 14, 1999 23:45  anu   897543900.a    a          stdin $ at -l [job-id]       shows execution times  3rd     Jul 17, 1999 04:00  anu    of your job 897732000.a   a           stdin $ at -l 897543900.a Mon Jul 16 23:45:00 2001 897355800.a Tue Jul 17 19:30:00 2001 897732000.a Wed Jul 18 04:00:00 2001 Pradip Gudale

417

Removal of at jobs $ at -l 897543900.a Wed Jul 14 23:45:00 1999 897355800.a Mon Jul 12 19:30:00 1999 897732000.a Sat Jul 17 04:00:00 1999 $ at -r 897732000.a $ at -l 897732000.a at: 858142000.a: No such file or  directory Pradip Gudale

418

Access to at command • The policy is similar to one for crontab • it is done through at.allow and at.deny lists under /etc/cron.d directory • print server • boot server • install server • name server • mail server Pradip Gudale 419

Related Documents


More Documents from ""