Solaris - Sys Admin 1
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Solaris - Sys Admin 1 as PDF for free.
More details
- Words: 17,279
- Pages: 419
PART 1: Ch1
SYSTEM CONCEPTS
Pradip Gudale
1
Operating System • Definition : Set of programs that manage all computer operations and provides an interface between the User and the System Resources • Main parts of OS are Kernel, Shell and File structure
Pradip Gudale
2
Kernel • Manages devices, memory processes and daemons • controls the functions (transfer) between programs and hardware • schedules & executes processes • Manages swap & daemons
Pradip Gudale
3
H/W KERNEL
Shell
Pradip Gudale
4
OS shells • Bourne shell ($) : default, AT & T Unix • C shell (%) : similar features as Korn shell • Korn shell ($) : superset of Bourne shell; adds aliasing, history and command line editing
Pradip Gudale
5
FS structure • Directory hierarchy • topmost directory is root • /usr, /opt, /dev, /export/home, /kernel (genunix resides here)
Pradip Gudale
6
termionology • Host : a computer system • host name : unique; each on network must have hostname • Ip address : number used by networking s/w • client : host that uses services from other hosts • server : host that provides service • network : group of connected hosts Pradip Gudale
7
Examples of server • • • • • •
File server print server8 boot server install server name server mail server Pradip Gudale
8
PART 1:
Managing Users & Groups
Pradip Gudale
9
Solaris Users and Groups • role-based access control (RBAC) provides a flexible way to package superuser privileges • Special type of User Account called “Role”
Pradip Gudale
10
User Account Information • • • •
User Name Password User’s Home Directory Initialization Files
Pradip Gudale
11
User => Group • You add a User to a particular Group • This is to give access for a particular file or directory to a set of users
Pradip Gudale
12
User ID Numbers Login Accounts Reserved For … --------------------------------------------------------------0 - 99 root, daemon, bin, sys, etc. System accounts 100 - 2147483647 Regular users General purpose accounts 60001 nobody Unauthenticated users 60002 noaccess Compatibility with Solaris 2.0 and compatible versions and SVR4 releases Pradip Gudale
13
PASSWORD • Password aging feature • must be changed after specified period • cannot be changed within specified period
Pradip Gudale
14
Home directories • • • •
Usually /export/home/username Can be on local m/c or file server accessed via /home/username if automounter is used it does not allow you to vreate anything under /home
Pradip Gudale
15
User’s Initialization Files • • • •
.login .cshrc .profile System initialization files are /etc/.login and /etc/profile
Pradip Gudale
16
Groups…. Each group to have • group name • group ID • list of users that belong to the group
Pradip Gudale
17
groups • Each user can be assigned to two types of groups…. 1 Primary and 16 secondary • Files created by user are assigned GID of the group the user primarily belong to • secondary group not important for files…. It is useful for some applications like admintool which expects user to belong to sysadmin group GID 14 Pradip Gudale
18
Groups • groups command lists all groups user belongs to • primary group of the user can be temporarily changed using newgrp command to any other group user is a member of
Pradip Gudale
19
Management of users and groups • Local system… use admintool with CDE or commands like useradd, groupadd etc • local/remote system… use adminsuite with CDE Add a User Account NIS+ nistbladm & nisclient NIS useradd & make None useradd Pradip Gudale
20
Where information is stored ? • /etc/passwd and /etc/shadow • username:password:uid:gid:commen t:homedirectory:login-shell • e.g. root:x:0:1:Super User:/:/sbin/sh rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978 • e.g.
Pradip Gudale
21
PART 1:
Initialization Files
Pradip Gudale
22
Initialization Files example of .profile
PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/c cs/bin:. 1 MAIL=/var/mail/$LOGNAME 2 NNTPSERVER=server1 3 MANPATH=/usr/share/man:/usr/local/man 4 PRINTER=printer1 5 umask 022 6 export PATH MAIL NNTPSERVER MANPATH PRINTER 7 Pradip Gudale
23
Customization of Environment • Solaris provides template files in /etc/skel • For Bourne Shell /$HOME/.profile • For C Shell /$HOME/.cshrc and /$HOME/.login • For korn Shell .profile and /$HOME/$ENV
Pradip Gudale
24
/etc/skel C Shell /etc/skel/local.login /etc/skel/local.cshrc Bourne or Korn
/etc/skel/local.profile
Pradip Gudale
25
Job control History list No Yes No Yes No
Yes
BOURNE C Shell Korn Shell Yes Yes Yes No Yes Yes Yes Yes Yes
ng No
Yes
Yes
d No Yes No Yes Yes from No Yes Pradip Gudale 26 No Yes No
Shell environment • Environment variables : upper case .. Use setenv command • shell (local) variables : lower case.. Use set command. E.g. user term home and path • C shell setenv VARIABLE value • Bourne or Korn shell VARIABLE=value; export Pradip Gudale VARIABLE
27
Environment variables • LPDEST Sets the user’s default printer. • MAIL Sets the path to the user’s mailbox. • MANPATH Sets the hierarchies of man pages available. • OPENWINHOME Sets the path to the OpenWindows subsystem. Pradip Gudale
28
Variables… cntd • prompt Defines the shell prompt for the C shell. • PS1 Defines the shell prompt for the Bourne or Korn shell. • SHELL (or shell in • the C shell) • Sets the default shell used by make, vi, and other tools. Pradip Gudale
29
Variables.. cntd • PATH=/usr/bin:/usr/sbin:/opt/SUNWmd/ • CDPATH=/export/home/rajiv • TERM (or term in the C shell) Defines the terminal. This variable should be reset in /etc/profile or /etc/.login. When the user invokes an editor, the system looks for a file with the same name as the definition of this environment variable. Pradip Gudale
30
umask Default permissions given for file or directory when created, by subtracting umask value from 666 or 777 file directory 0 rw rwx 1 rw rw 2 r rx 3 r r 4 w wx 5 w w 6 x x Pradip Gudale 7 (none) (none)
31
PART 1:
Booting & Run Levels
Pradip Gudale
32
Booting & Shutdown • What’s new in this release ? • What was the method used earlier ? • How do we boot Intel Platform Solaris ?
Pradip Gudale
33
Terminology • init state • run level • Which process helps change run-levels
Pradip Gudale
34
Types of Boot • Interactive • Reconfiguration • Recovery
Pradip Gudale
35
Shutdown commands • init • shutdown Which one is better ? Why ? Can anybody shutdown the system ?
Pradip Gudale
36
When do you need to change run_levels ? • • • • •
Add new h/w backup-restore retune kernel parameters repair system configuration file known power outage
Pradip Gudale
37
Run control How to Determine a System’s Run Level ? How to Use a Run Control Script to Stop or Start a Service ? How to Add a Run Control Script ? How to Disable a Run Control Script ?
Pradip Gudale
38
Current run level ? $ who -r . runlevel 3 Sep 1 14:45 3 0 S Since when ?
Number of times at this RL since last boot Pradip Gudale
privious
39
/etc/inittab file Provides three important items to init process The system’s default run level What processes to start, monitor, and restart if they terminate What actions to be taken when the system enters a new run level
Pradip Gudale
40
/etc/inittab entries Each entry in the /etc/inittab file has the following fields:
id:rstate:action:process Unique id Applies to these run levels How the process is to be run
The command to execute
Pradip Gudale
41
/etc/inittab entries ap::sysinit:/sbin/autopush f /etc/iu.ap is:3:initdefault: p3:s1234:powerfail:/usr/sbin/shutdown y i5 g0 >/dev/msglog 2<>/dev/console sS:s:wait:/sbin/rcS >/dev/msglog 2<>/dev/msglog
42
What happens when init runs 1. The init process is started and reads the /etc/default/init file to set any environment variables. By default, only the TIMEZONE variable is set. 2. Then init reads the inittab file to do the following: a. Identify the initdefault entry, which defines the default run level (3). b. Execute any process entries that have sysinit in the action field so that any special initializations can take place before users login. c. Execute any process entries that have 3 in the rstate Pradip Gudalerun level, 3. 43 field, which matches the default
Run control scripts • Each associated with rc.x script in /sbin • there is a corresponding directory /etc/rcx.d which contains [KS] [0-9] [0-9] * scripts for starting or stopping various services • The scripts are kept in /etc/init.d and are linked to files in /etc/rcx.d
Pradip Gudale
44
Sample /etc/rc2.d # ls /etc/rc2.d K07dmi S70uucp S75cron S91afbinit K07snmpdx S71ldap.client S75flashprom S91ifbinit K28nfs.server S71rpc S75savecore S92volmgt README S71sysid.sys S76nscd S93cacheos.finish S01MOUNTFSYS S72autoinstall S80PRESERVE S94ncalogd S05RMTMPFILES S72inetsvc S80lp S95IIim S20sysetup S72slpd S80spc S95amiserv S21perf S73cachefs.daemon S85power Pradip Gudale 45 S95ocfserv
Adding scripts How would you add a script to start/stop some service ?
Pradip Gudale
46
Adding scripts….
# cp filename # cp /etc/init.d filename /etc/init.d # chmod 0744 /etc/init.d/filename # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename # chown root:sys /etc/init.d/filename
# cd /etc/init.d # ln filename /etc/rc2.d/Snnfilename # ln filename /etc/rcn.d/Knnfilename Pradip Gudale
47
Summary of rc scripts /sbin/rc0 Performs the following tasks: Stops system services and daemons Terminates all running processes Unmounts all file systems
Pradip Gudale
48
/sbin/rc1 Stops system services and daemons Terminates all running processes Unmounts all file systems Brings the system up in single-user mode
Pradip Gudale
49
/sbin/rc2 Mounts all local file systems Enables disk quotas if at least one file system was mounted with the quota option Saves editor temporary files in /usr/preserve Removes any files in the /tmp directory Configures system accounting Configures default router Sets NIS domain and ifconfig netmask Reboots the system from the installation media or a boot server if either /.PREINSTALL or /AUTOINSTALL exists Starts inetd and rpcbind and named, if appropriate Pradip Gudale
50
/sbin/rc2…… cntd
Starts Kerberos client-side daemon, kerbd Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd), depending on whether the system is configured for NIS or NIS+, and whether the system is a client or a server Starts keyserv, statd, lockd, xntpd, and utmpd Mounts all NFS entries Starts nscd (name service cache daemon) Starts automount, cron, LP print service, sendmail, utmpd, and vold daemons Pradip Gudale
51
/sbin/rc3
bin/rc3 Runs the /etc/rc3.d scripts to perform the following tas Cleans up sharetab Starts nfsd Starts mountd If the system is a boot server, starts rarpd, rpc.bootparamd, and rpld Starts snmpdx (Solstice Enterprise Agents TM process).
Pradip Gudale
52
/sbin/rc5 and /sbin/rc6 /sbin/rc5 and / sbin/rc6 Runs the /etc/rc0.d/K* scripts to perform the following tasks: Kills all active processes Unmounts the file systems
Pradip Gudale
53
/sbin/rcS
Establishes a minimal network Mounts /usr, if necessary Sets the system name Checks the root (/) and /usr file systems Mounts pseudo file systems (/proc and /dev/fd) Rebuilds the device entries for reconfiguration boots Checks and mounts other file systems to be mounted in single-user mode
Pradip Gudale
54
Shutdown commands • • • •
Shutdown init reboot halt
Pradip Gudale
55
PART 1:
Booting of the system & BOOT PROM
Pradip Gudale
56
Prom monitor >n OK
Pradip Gudale
57
Prom monitor How to find PROM version ? How to change boot-device ? How to change boot-files ?
Pradip Gudale
58
Prom monitor : important commands • • • •
printenv setenv probe-scsi-all reset
Pradip Gudale
59
Boot command ok boot [boot-device] [boot-files] [boot options]
-a -s -r ………….Try it out Pradip Gudale
60
Boot over a network • Need to set up a boot server • rarp or dhcp protocols • for dhcp PROM version must be > 3.25 • ok nvalias net /pci@1f,4000/network@1,1:dhc p
Pradip Gudale
61
Stop system for recovery press Stopa or L1a. On terminals, press the Break key.
Pradip Gudale
62
Intel Solaris Solaris Boot Diskette Solaris Installation CD
Pradip Gudale
63
Boot process
Pradip Gudale
64
What all does a PROM do ?
Pradip Gudale
65
Boot phases • • • •
Boot prom phase boot program phase kernel initialization phase init phase
Pradip Gudale
66
Boot phases Boot prom :the PROM loads the primary boot program, bootblk bootblk program finds and executes the secondary boot program, ufsboot, and loads it into memory. ufsboot program loads the kernel. kernel initializes itself and begins loading modules kernel unmaps the ufsboot kernel creates a user process and starts the /sbin/init Pradip Gudale
67
PART 1:
Pradip Gudale
68
Volume Management Major Benefits
Pradip Gudale
69
/etc/init.d/volmgt • automatically mounts diskettes and CDs • enables you to access diskettes and CDs without having to become superuser. • allows you to give other systems on the network automatic access to any diskettes and CDs you insert into your Pradip Gudale 70 system
Manual mounting Steps Manual Mounting Automatic Mounting 1 Insert media. 2 Become superuser. 3 Determine the location of the media device. 4 Create a mount point. 5 Make sure you are not in the mount point directory. 6 Mount the device using the proper mount options. 7 Work with files 8 Become Superuser and unmount 9 Eject media Pradip Gudale
71
How to access from FDD/CD enter floppy and run volcheck Files on a diskette or Raw data on a diskette access through /vol/dev/aliases/floppy0 File Systems on floppy
access through /floppy/floppy0
Files on a CD : Enter The CD and wait for a few seconds
access through /cdrom/cdrom0
Pradip Gudale
72
Files copied from CD Remember…….. Files copied to disk will not have write permissions WHY ?
Pradip Gudale
73
How do you find who are using the CD ? # fuser -u [-k] /cdrom/cdrom0
Pradip Gudale
74
..How do you use CDROM connected to another M/C ? Prerequisite ? CDROM on other M/C must be shared..
Pradip Gudale
75
$ showmount -e system-name export list for systemname: /cdrom/sol_8_sparc (everyone) Become a superuser # mount -F nfs -o ro system-name:/cdrom/cd-name mountpoint
Pradip Gudale
…….Try this out 76
..How do you make CDROM on your system available to other systems ? Basically…. It-must-be-shared
Pradip Gudale
77
STEPS ….. # mkdir /dummy # vi /etc/dfs/dfstab ( Add the following line:) share -F nfs -o ro /dummy # eject cdrom0 # chmod 644 /etc/rmmount.conf # vi /etc/rmmount ( Add the following line to the File System Sharing section:) share cdrom* # chmod 444 /etc/rmmount.conf ( Load a CD.) # share Pradip Gudale
78
Configure a System to Play Musical CDs Edit /etc/rmmount.conf and add action line # Actions action cdrom action_workman.so path/workman Workman-options path The dir in which you have placed the Workman S/W workman-options The options allowed by the Workman S/W Pradip Gudale
79
“start and stop volume management” # /etc/init.d/volmgt start # /etc/init.d/volmgt stop
Pradip Gudale
80
Formatting floppies ...tasks • • • •
Load unformatted diskette Format diskette for dos Format diskette for ufs make ufs FS
Pradip Gudale
…...Try this out81
Known restriction.. Diskettes formatted for UFS are restricted to the hardware platform on which they were formatted. In other words, a UFS diskette formatted on a SPARC based platform cannot be used for UFS on an IA platform, nor can a diskette formatted on an IA platform be used on a SPARC based platform. This is because the SPARC and IA UFS formats are different. SPARC uses little-endian bit coding, IA uses big-endian. Pradip Gudale
82
Can format to 7 densities • 3.5” Extended • 5.25” High Density Density 2.88 Mbytes (HD) 1.2 Mbytes • 3.5” High Density • 5.25” Medium (HD) 1.44 Mbytes Density (DD) 720 Kbytes • 3.5” Medium Density • 5.25” Low Density (DD) 1.2 Mbytes 360 Kbytes • 3.5” Low Density 720 Kbytes Pradip Gudale
83
Formatting defaults... • the diskette drive formats a diskette to a like density unless instructed otherwise • a diskette can be formatted to its capacity or lower • a drive can format to its capacity or lower
Pradip Gudale
84
Use fdformat command with density option…. To Format a diskette as
In A Drive of
2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 720 Kbytes 1.2 Mbytes 720 Kbytes 720 Kbytes 360 Kbytes
2.88 Mbytes 2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 1.2 Mbytes 720 Kbytes Pradip Gudale 720 Kbytes
fdformat Density option −E −H none −t nec −M −D or −t dos −D none −D none 85 −D
fdformat • fdformat -z to view options • start fdformat w/o density option to find out drive’s default density
Pradip Gudale
86
Formatting for ufs FS $ fdformat -v -U [density-options convenience-options]
verify
e.g. -D 720KB -e eject -f force ..no questions
Unmount if mounted
-b label Pradip Gudale
-z just show options
87
How to Place a UFS File System on a Diskette ? Command to create FS
/usr/sbin/newfs
options to this command
Where to make FS Type of FS ufs taken as default Pradip Gudale
88
Creating FS
/usr/sbin/newfs -v /vol/dev/aliases/floppy0
Displays status
Pradip Gudale
89
Auto mounting Invoke the volrmmount command using the −i option to notify Volume Management that the diskette is inserted.
$ volrmmount -i floppy0 Use
#ls /floppy
to confirm mounted ufs FS
Pradip Gudale
90
Formatting for DOS $ fdformat -v -U [density-options convenienceoptions]
-d 1.44MB for MS-DOS -d -D 720KB for MS-DOS
Pradip Gudale
91
Things to remember • volcheck -v command to notify volume management • floppy0 is symbolic link to floppy name • if nothing is found under /floppy it means floppy not mounted or not formatted • /floppy is same as /vol/dev/diskette0 • fuser -u [-k] floppy0 to find user and [kill] • if formatted but without name system refers to it as unnamed_floppy Pradip Gudale 92 • # ls /floppy/floppy0 to see
How to use floppy put in another M/C’s floppy drive ? Same as CDROM …… except…... Add the following lines to /etc/rmmount.conf on a system where floppy drive is connected and to be shared # File System Sharing
share floppy*
Pradip Gudale
93
How Volume Management works?
Pradip Gudale
94
Volume management • All removable media made available under /vol/dev /vol/dev
Drive ---
rdiskette0
diskette0
Pradip Gudale
95
Volume management
/vol/dev
Drive ---
rdiskette0
diskette0
Diskette name
Diskette name Pradip Gudale
96
CDROMs /vol/dev
dsk c0t6
rdsk c0t6
cdrom drive
Pradip Gudale
97
CDROMs /vol/dev
dsk c0t6
rdsk c0t6
cdrom drive
cd name
Pradip Gudale cd name
98
To make access more convenient, Volume Management uses two special mount points, /floppy and /cdrom.
/
floppy
cdrom
Volume Management mounts the /vol/dev/diskette0 and /vol/dev/dsk/c0t6 directories onto /floppy and Pradip Gudale /cdrom
99
Convenient mount points /floppy and /cdrom However, these mount points depend on proper formatting. If a diskette is formatted, the mount succeeds, but if it is unformatted, the mount fails and the diskette is only available under
/vol/dev/diskette0.
Pradip Gudale
100
Additional convenience symbolic links /floppy/floppy0 > /floppy/name > /vol/dev/diskette0/name /cdrom/cdrom0 > /cdrom/cd-name > /vol/dev/dsk/c0t6d0/cd-name The symbolic links for file system access simply link the directories /floppy/floppy0 and /cdrom/cdrom0 to the diskette inserted into the first diskette drive and the CD inserted into the first CD-ROM drive: Pradip Gudale
101
What’s the advantage of symbolic links ? enable you to access floppies and CDs without knowing their names. You can use the link names, floppy0 or cdrom0, instead.
Pradip Gudale
102
Symbolic links for raw device access /vol/dev/aliases/floppy0 > /vol/dev/rdiskette0/diskette-name /vol/dev/aliases/cdrom0 > /vol/dev/rdsk/c0t6d0/cd-name
Pradip Gudale
103
Purpose of symbolic links to enable you to access a raw-character diskette or CD without knowing its name use /vol/dev/aliases/floppy0 or /vol/dev/aliases/cdrom0 link names.
Pradip Gudale
104
compatibilities • Ufs : not compatible between Sparc and Intel • CDROM : HSFS type; No issues
Pradip Gudale
105
installation CDs, contain mixed formats; that is, part UFS, and part ISO 9660 standard the CD is split into slices 9660 portion : portable UFS portion : architecture-specific ISO 9660 UFS : Sparc UFS : Intel Pradip Gudale
106
Volume Management ignores un-related formats on CDs and mounts appropriate slice
Pradip Gudale
107
CD slices appear as…. $ ls /cdrom/cdrom0 S0 S2 $ ls /vol/dev/dsk/c0t6 S0 S2
Pradip Gudale
108
PART 1:
SOFTWARE ADMINISTRATION
Pradip Gudale
109
S/W administration • • • •
Adding and Removing S/W Checking Consistemncy understanding S/W packages Adding and removing patches
Pradip Gudale
110
What is a S/W Package ? Sun and other vendors distribute S/W in the form of Package package is a collection of files and directories in a defined format.
Pradip Gudale
111
Package Admin Commands Solaris provides utilities to understand the package format and istall, Remove and check packages pkgadd, pkgrm and pkgcheck Pradip Gudale
112
Admintool to manage S/W Add packages to a spool directory : Not possible Eliminate user interaction by using an administration file : Not possible
Pradip Gudale
113
S/W PACKAGE S/w files
Control files
Pkgadd interpretes
Pkadd uncompresses and installs in base directory Keeps track of what is installed
Pradip Gudale
114
#Pkgrm pkgname Removes all files for that package unless they are shared with another package
Pradip Gudale
115
Things to know…. How packages are named ? ….. SUNWutr, SUNWvolr How to see what are installed ? ….. Pkginfo / admintool How to install S/W for clients ? ….. Some part on server some on client Pradip Gudale
116
client-server scenario a piece of software might have a package with files that are installed on the client’s root file system and a package with files that are installed on the /usr file system, which the client typically mounts from a server.
Pradip Gudale
117
administration file Comes into play with -a option to pkgadd # pkgadd -a filename pkgname Looks for admin file in current dir OR in /var/sadm/install/admin Pradip Gudale
118
Uses of admin file... manipulate the base directory by setting the basedir keyword in a special file called an administration file. basedir=/usr/v5/sbin Avoid user interaction while adding or removing packages Quit installation if error encountered ……...etc.
Pradip Gudale
119
Response file…. Using a Response File A response file contains your answers to specific questions asked by an interactive package. An interactive package includes a request script that asks you questions prior to package installation, such as whether or not optional pieces of the package should be installed.
Pradip Gudale
120
Response file Use pkgask command to store your replies and use it as… pkgadd -r response-file …. To avoid user interaction Pradip Gudale
121
commands # pkgadd -a admin-file -d device-name pkgid ...
Default… /var/spool/pkg
Pradip Gudale
122
commands Verification of installed package... # pkgchk -v pkgid If pkgchk determines there are no errors, it returns a list of installed files. Otherwise, it reports the error. Pradip Gudale
123
What do you understand from this.. # mount -F nfs -o ro package-server:/latestpackages /mnt # pkgadd -d /mnt SUNWaudio .
Pradip Gudale
124
..and what do you think is this ? # pkgadd -d /cdrom/sol_8_sparc/s0/Solaris_8/Product -s /var/spool/pkg SUNWaudio
Pradip Gudale
125
Is this command OK ? # pkgadd SUNWman
Pradip Gudale
126
pkginfo Tells what packages are installed on the system $ pkginfo system SUNWaccr System Accounting, (Root) system SUNWaccu System Accounting, (Usr) system SUNWadmap System administration applications system SUNWadmc System Pradip Gudale 127 administration core libraries
Integrity of installed packages # pkgchk -dspooldir pkgid ... # pkgchk [ -a -c -v ] pkgid ... attributes
Default: both a & c
contents Pradip Gudale
128
$ pkginfo -l SUNWcar PKGINST: SUNWcar NAME: Core Architecture, (Root) CATEGORY: system ARCH: sparc.sun4u VERSION: 11.8.0,REV=1999.09.18.11.52 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: core software for a specific hardware platform group PSTAMP: humbolt19990821191439 INSTDATE: Sep 18 1999 11:53 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 95 installed pathnames 31 shared pathnames Pradip Gudale 129 35 directories
Removal of packages Always use #pkgrm [-s spooldir] pkgid Do not use “rm” to remove package files….. WHY ? Pradip Gudale
130
“Removal of packages” Can be done through admintool What is the prerequisite ? Be either super-user or member of sysadm group Pradip Gudale
131
patches • • • • •
What are they ? How are they distributed ? How are they numbered ? What happens when you install patches ? What happens when you remove patches ?
Pradip Gudale
132
What is a patch ? collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package
Pradip Gudale
133
Knowing what are applied # showrev -p # patchadd -p # pkgparam pkgid PATCHLIST # pkgparam pkgid PATCH_INFO_patchnumber Tells inst date and host from where applied Pradip Gudale
134
Patch distribution via www OR anonymous ftp http://www.sun.com For contract customers : Full sunsolve database and periodical CDs For others: general set of patches Pradip Gudale
135
ftp sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina).
Login as anonymous password as complete e-mail address pickup patches from /pubs/patches directory. Transfer mode : Pradip Gudale binary
136
Patch numbering 106925–02 Patch base code hyphen Patch revision Pradip Gudale
137
What happens when you install a patch ? • patchadd calls pkgadd • checks version of target system • updates patch packages pkginfo file with what are the patches getting obsoleted by this, what are other required patches by this and patches incompatible with this etc. • patch installation log is kept in /var/sadm/patch/patch138 number/log Pradip Gudale
Patch not installed if…... * The package is not fully installed on the host * The patch packages architecture differs from the system’s architecture *The patch packages version does not match the installed package’s version *There is already an installed patch with the same base code and a higher version number * The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file) * The patch being installed requires another patch that is not installed Pradip Gudale
139
Patch removal Means… backing out a patch All files modified by patch are restored back to original
Pradip Gudale
140
patchrm restores old files unless…. * The patch was installed with patchadd d (which instructs patchadd not to save copies of files being updated or replaced) * The patch has been obsoleted by a later patch * The patch is required by another patch patchrm keeps a log of the back out process in /tmp/backoutlog.process_id. This log file is removed if the patch backs Pradip out Gudale
141
PART 1:
DISK MANAGEMENT
Pradip Gudale
142
Disk geometry • • • • • • •
Bits and bytes Sectors Tracks Cylinders Heads Disk Controller Device drivers Pradip Gudale
143
……….more • • • •
Disk slices Disk Labels Cylinder Groups File Systems
Pradip Gudale
144
FS characteristics • Files are stored in FS • Each FS is assigned one slice i.e FS can not span multiple slices • In one slice only one FS can be go • To the OS each slice appears as independent disk • FS is a fully functional independent unit Pradip Gudale
145
Disk slices / partitions SPARC Platforms
IA Platforms
Whole disk given to the operating environment
FDISK partitioned Only one given to OE
8 slices maximum
one partition: 10 slices
slices are 0-7
slices are 0-9
Pradip Gudale
146
What gets stored ..where ? • • • • • • • •
Slice 0 : root--OS files and directories 1: Swap--workspace 2: Overlap 3: /export--diff arch os files for clients 4: /export/swap--swap for clients 5: /opt--applications added 6: /usr-- executables and library routines Pradip Gudale 7: /home or /export/home--user’s stuff
147
Intel specific…. • Slice 8: info that helps Solaris to boot from Hard Disk. Resides at the beginning of disk • Slice 9: alternate blocks for assignment in lieu of bad blocks
Pradip Gudale
148
Note on usage Do not use the following areas of the disk for raw data slices, which are sometimes created by thirdparty database applications: 1. Block 0, cylinder 0, where the disk label is stored. 2. Avoid cylinder 0 entirely for improved performance. 3. Slice 2, which represents the entire disk. A slice cannot be split between two or more disks. However, multiple swap slices on separate disks are allowed. Pradip Gudale 149
PART 1:
format utility
Pradip Gudale
150
format • • • •
Menu driven built-in utility For preparing hard disks for use does more than mere formatting disks Not for floppies, cdroms and mag tapes
Pradip Gudale
151
What all can “format” do ? • • • • • •
Search all connected devices and display display partition information modify partitions information label the disk analyze and repair the disk low level format the disk Pradip Gudale
152
Most common usage.. • Partition • label
Formatting is destructive process…. helps preparing unfromatted disk helps gather bad areas information Pradip Gudale
153
Disk Label
VTOC
Cylinder 0 Block 0 Sector 0
controller
geometry
Pradip Gudale
Partition tabel or slices 154
Partition tabel • Number : 0 to 7 • tag : 0=UNASSIGNED 1=BOOT 2=ROOT 3=SWAP 4=USR5=BACKUP 7=VAR 8=HOME numeric value that usually describes the file system mounted on this partition.
• flags : wm The partition is writable and mountable wu writable & unmountable -- swap rm read only & mountable
Pradip Gudale
155
Example partition table Total disk cylinders available: 2036 + 2 (reserved cylinders) Part Tag Flag Cylinders Size Blocks 0 root wm 0 300 148.15MB (301/0/0) 303408 1 swap wu 301 524 110.25MB (224/0/0) 225792 2 backup wm 0 2035 1002.9MB (2036/0/0) 2052288 3 unassigned wm 0 Pradip Gudale 156 0 (0/0/0) 0 sectors
# prtvtoc /dev/rdsk/c0t1d0s0 * /dev/rdsk/c0t1d0s0 partition map * Dimensions: * 512 bytes/sector * 72 sectors/track * 14 tracks/cylinder * 1008 sectors/cylinder * 2038 cylinders * 2036 accessible cylinders * Flags: * 1: unmountable * 10: readonly * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory Pradip Gudale 157 0 2 00 0
Formatting a disk Easiest way is to use “modify” option under format..partition
…try out extensively Pradip Gudale
158
Recovering the disk • • • •
Recover disk geometry i.e. label restore root FS if it is a boot disk restore usr FS if it is a boot disk ……..Then what ? Will it boot ?
Pradip Gudale
159
Put a boot block on the disk For Sparc: # installboot /usr/platform/sun4m/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0 `Uname -I`
For Intel:
# installboot /usr/platform/i86pc/lib/fs/ufs/pboot /usr/platform/i86pc/lib/fs/ufs/bootblk /dev/rdsk/c0t6d0s2 Pradip Gudale
160
Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup
Pradip Gudale
161
Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup
Pradip Gudale
162
Support for third party disks supply either a device driver, a format.dat entry, or both of these. Unrecognized disks cannot be formatted without precise information about the disk’s geometry and operating parameters. This information is supplied in the /etc/format.dat file.
Pradip Gudale
163
Disk parameters example.. disk_type = "SUN2.1G" \ : ctlr = SCSI : fmt_time = 4 \ : ncyl = 2733 : acyl = 2 : pcyl = 3500 : nhead = 19 : nsect = 80 \ : rpm = 5400 : bpt = 44823 No of physical cyl No of alternate cyl
Pradip Gudale
Data sec per track
164
Specifying block nos to format command... * Block number as an integer OR *Block number in the cylinder/head/sector format Enter defective block number: 12345 Enter defective block number: 34/2/3
Pradip Gudale
165
Thumb rules for slice sizes Disk Size
Root File System
0 - 180 Mbytes 16 Mbytes 180 Mb - 280 Mb 16 Mbytes 280 Mb - 380 Mb 24 Mbytes 380 Mb - 600 Mb 32 Mbytes 600 Mb - 1.0 Gb 32 Mbytes 1.0 Gb - 2.0 Gb 64 Mbytes More than 2.0 Gb 128 Mbytes Pradip Gudale
Swap Slice 16 Mbytes 32 Mbytes 32 Mbytes 32 Mbytes 64 Mbytes 128 Mbytes 128 Mbytes 166
Analyze and repair a disk # format format> analyze analyze> setup
.. Select parameters Starting block loop Stop on first error Assign alternate block
format> repair
Pradip Gudale
167
tips and tricks Invoke format M to enable extended and diagnostic messages for using the format utility with SCSI devices only.
For labeling multiple disks with same partition table... # for i in 1 2 3 5 > do > prtvtoc /dev/rdsk/c2t0d0s0 | fmthard -s /dev/rdsk/c2t${i}d0s2 > done Pradip Gudale
168
FORMAT MENU: disk select a disk type select (define) a disk type partition select (define) a partition table current describe the current disk format format and analyze the disk repair repair a defective sector label write label to the disk analyze surface analysis defect defect list management backup search for backup labels verify read and display labels save save new disk/partition definitions inquiry show vendor, product and revision volname set 8character volume name quit Pradip Gudale 169
PART 1:
INTRODUCTION TO FILE SYSTEM AND ITS MANAGEMENT
Pradip Gudale
170
Overview of FS • It’s a collection of files & directories • structure in the form of file tree • data structure of a disk slice
Pradip Gudale
171
Types of FS • • • •
Disk based Network based vertual FS Solaris provides virtual file system architecture……This ficilitates standard interface to any type of FS
Pradip Gudale
172
Disk based FS ufs
hsfs
Default
ISO9660
based on BSD fast FS
on CDROm
pcfs Read/wr of dos formatted disks
udfs On optical media DVD
read only
Pradip Gudale
173
Network-based FS Typically, network-based file systems reside on one system, typically a server, and are accessed by other systems across the network.
NFS is the only available network-based or distributed computing file system.
Pradip Gudale
174
Virtual FS Memory based most of them do not use disk space cachefs and tmpfs do Pradip Gudale
175
cachefs Think about What is cache ? When is that used ?
Pradip Gudale
176
TMPFS Default FS for /tmp dir use swap space as backup disk space *The TMPFS file system can run out of space, just as a regular file system can fill up. * Because TMPFS allocates swap space to save file data (if necessary), some programs might not execute because there is not enough swap space. Pradip Gudale
177
Loop back FS The Loopback File System (LOFS) lets you create a new virtual file system, so you can access files by using an alternative path name.
e.g. create / FS under /tmp/newroot Pradip Gudale
178
procfs • Resides in memory • contains list of active processes by process number • commands like ps use it • do not administer or remove files from this
Pradip Gudale
179
Few other virtual FS FIFOFS (first-in first-out): Named pipe files that give processes common access to data FDFS (file descriptors): Provides explicit names for opening files using file descriptors NAMEFS: Used mostly by STREAMS for dynamic mounts of file descriptors on top of files SPECFS (special): Provides access to character special and block devices SWAPFS: File system used by the kernel for swapping Pradip Gudale
180
FS related commands df
fsck
volcopy labelit
ff
clri Clear inodes
mount newfs
ncheck
fstyp
Lists file names with inode nos
Gudale List filePradip names with statistics
181
How commands decide FS type • -F option • match in vfstab entry • look in /etc/default/fs and /etc/fs/fstypes entries for local and remote FSs Note: # man mount # man mount_ufs Pradip Gudale
182
Default solaris FSs • root /: essential files to make system work; boot programs, kernel, device drivers, mount points • /usr: sharable files, library programs, those that run on specific platform • /export/home: user’s home directories • /var: changing/growing files, vi & ex backup, log files • /opt: third party application s/w Pradip Gudale 183
DEFAULT DIRECTORIES UNDER /DEV
/dev/cfg Symbolic links to physical ap_ids /dev/cua Device files for uucp /dev/dsk Block disk devices /dev/fbs Frame buffer device files /dev/md Logical volume management meta-disk devices /dev/fd File descriptors /dev/pts pty slave devices /dev/rdsk Raw disk devices /dev/rmt Raw tape devices /dev/sad Entry points for the STREAMS Administrative Dri /dev/sound Audio device and audio device control files /dev/swap Default swap device /dev/term Serial devices Pradip Gudale
184
Default directory under /etc /etc Host-specific sys admin config files & databases /etc/acct Accounting configuration information /etc/cron.d Configuration information for cron /etc/default Defaults information for various programs /etc/dmi Solstice Enterprise Agents /etc/dhcp DHCP config files configuration files /etc/fn Federated Naming Service and x.500 /etc/dfs Config information for shared file support files systems /etc/fs Binaries organized byFS types for operations required before /usr is mounted /etc/gss Generic Security Service (GSS) Appl Program Pradip Gudale 185 Interface configuration files /etc/inet Configuration files for Internet services
/etc/init.d Scripts for changing between run levels /etc/lib Dynamic linking libraries needed when /usr is not available /etc/llc2 Logical link control (llc2) driver configuration files /etc/lp Configuration information for the printer subsystem /etc/mail Mail subsystem configuration information /etc/net Configuration information for TI (transportindependent) network services /etc/nfs NFS server logging configuration file /etc/openwin OpenWindows configuration files /etc/opt Configuration information for optional packages /etc/rc0.d Scripts for entering/leaving run 186 level Pradip Gudale 0
/etc/rcS.d Scripts for bringing the system up in single user mode /etc/rpcsec This directory may contain a NIS+ authentication configuration file /etc/saf Service access facility files (including FIFOs) /etc/security Basic Security Module (BSM) configuration files /etc/skel Default profile scripts for new user accounts /etc/tm Trademark files; contents displayed at boot time /etc/uucp uucp configuration information 187 Pradip Gudale
/export Default directory for users’ home directories, client file systems, or other shared file systems /home Default directory or mount point for a user’s home directory on a standalone system. When AutoFS is running, you cannot create any new entries in this directory. /kernel Directory of platform-independent loadable kernel modules required as part of the boot process. It includes the generic part of the core kernel that is platform independent, /kernel/genunix. /platform and /usr/platform directory structure. /mnt Convenient, temporary mount point for file systems /opt Default directory or mount point for add-on application packages /sbin Essential executables used in the booting process and in manual system failure recovery /stand Standalone programs Pradip Gudale 188 /tmp Temporary files; cleared during boot sequence
/var Directory for varying files, which usually inclu temporary, logging, or status files /var/adm System logging and accounting files /var/audit Basic Security Module (BSM) audit files /var/crash Default depository for kernel crash dumps /var/cron cron’s log file /var/dmi Solstice Enterprise Agents Desktop Management Interface (DMI) run time components /var/dt dtlogin configuration files /var/ftp FTP server directory /var/inet IPv6 router state files /var/log System log files /var/lp Line printer subsystem logging information /var/mail Directory where users’ mail is kept /var/news Community service messages (note: not the same USENET-style news) /var/nis NIS+ databases Pradip Gudale 189
/var/nfs NFS server log files /var/ntp Network Time Protocol (NTP) server state directo /var/opt Root of a subtree for varying files associated with software packages /var/preserve Backup files for vi and ex /var/run Temporary system files that are not needed across system reboots. This is a TMPFSmounted directory. /var/sadm Databases maintained by the software package management utilities /var/saf saf (service access facility) logging and accounting files /var/spool Directories for spooled temporary files /var/spool/cron cron and at spool files Pradip Gudale lock files 190 /var/spool/locks pooling
/var/spool/lp Line printer spool files /var/spool/mqueue Mail queued for delivery /var/spool/pkg Spooled packages /var/spool/uucp Queued uucp jobs /var/spool/uucppublic Files deposited by uucp /var/statmon Network status monitor files /var/tmp Directory for temporary files; not cleared during boot sequence /var/uucp uucp log and status files /var/yp NIS databases (for backwards compatibility with NIS and unnecessary after full transition Pradip Gudale 191 to NIS+)
/usr 4lib SunOS 4.1 binary compatibility package libraries 5bin Symbolic link to the /usr/bin directory X Symbolic link to the /usr/openwin directory adm Symbolic link to the /var/adm directory aset Directory for Automated Security Enhancement Tools (ASET) programs and files bin Location for standard system commands ccs C compilation programs and libraries demo Demo programs and data dict Symbolic link to the /usr/share/lib/dict directo which contains the dictionary file used by the UNIX spell program dt Directory or mount point for CDE software games An empty directory, which is a remnant of the SunOS 4. 4.1 software Pradip Gudale
192
Under /usr
include Header files (for C programs, etc.) java* Directories containing Java prog and libraries kernel Additional kernel modules kvm Implementation architecture-specific binaries and libraries lib Various program libraries, architecturedependent databases, and binaries not invoked directly by the user local Commands local to a site mail Symbolic the /var/mail directory man Symbolic link tolink the to /usr/share/man directory
net Directory for network listener services news Symbolic link to the /var/news directory oasys Files pertaining to the Form and Menu Language Pradip Gudale 193 Interpreter (FMLI) execution environment
old Programs that are being phased out openwin Directory or mount point for OpenWindows S/W perl5 Perl 5 programs and documentation platform preserve Symbolic link to the /var/preserve directory proc Directory for the proc tools pub Files for online man page and character processing sadm Various files and directories related to sys admin sbin Executables for system administration sbin/static Statically linked version of selected programs from /usr/bin and /usr/sbin share Architecture-independent sharable files share/lib Architecture-independent databases share/src Source code for kernel, libraries, and utilities Gudale 194 snadm Programs andPradip libraries related to system and
Under /usr spool Symbolic link to the /var/spool directory src Symbolic link to the share/src directory tmp Symbolic link to the var/tmp directory ucb Berkeley compatibility package binaries ucbinclude Berkeley compatibility package header files ucblib Berkeley compatibility package libraries vmsys Directory Framed Access Pradipfor Gudale 195 Command Environment (FACE)
/platform & /usr/platform Dir /platform Contains a series of directories, one per supported platform that need to reside in the root (/) file system. /platform/*/kernel Contains platform-dependent kernel components, including the file unix, the core kernel that is /usr/platform Contains platformplatform dependent. dependent objects that do not need to reside in the root (/). /usr/platform/*/lib Contains platform-dependent objects similar to those found in the /usr/lib /platform/*/sbin Contains Pradip Gudale 196 platform-dependent objects similar
/var/run in Solaris 8 Temporary MEMORY based FS for systems files not required across boot /tmp continues to be temporary FS for non-system files Pradip Gudale
197
New in Sol 8 /etc/mnttab now MNTFS read only. Sync guarunteed. Earlier it was text-based and modifiable. Likely out of sync. Pradip Gudale
198
New in Sol 8 The Solaris 7 11/99 or the Solaris 8 release UDF FS the industry-standard format for storing information on the optical media technology called DVD (Digital Versatile Disc or Digital Video Disc) is included in this Solaris release.
Dynamically loadable modules
SUNWudfr — 32–bit kernel component SUNWudfrx — 64–bit kernel component Pradip Gudale
199
udf FS management Display FS parameters # mkfs -F udfs -m /dev/rdsk/device-name
Create UDF FS # mkfs -F udfs /dev/rdsk/device-name
Check it is UDF type .. # fstyp -v /rdev/dsk/device-name
Check its integrity.. # fsck -F udfs /dev/rdsk/device-name Mount .. Pradip Gudale
# mount -F udfs /dev/dsk/device-name /mount-
200
swap • Some disk slices used as swap instead of FS • used as virtual memory • plan how much swap space to allocate
Pradip Gudale
201
ufs FS features • State flags:Show the state of the file system: clean, stable, active, logging, or unknown. These flags eliminate unnecessary file system checks. If the file system is “clean,” “stable,” or “logging,” file system checks are not run.
• Large FS: Upto 1TB. How do you get this big slice ?
• Large Files: By default > 2Gb. How to make it < 2GB ? …. Use “nolargefiles” option
Pradip Gudale
202
What is ufs logging ? UFS logging is the process of storing transactions (changes that make up a complete UFS operation) in a log before the transactions are applied to the UFS file system.
Transcations can be applied later Like journalling in IBM Pradip Gudale
203
Advantages of ufs logging • Inconsistent transactions discarded; only complete transactions applied ensuring consistent FS and hence no fsck required at reboot • reboot is very fast; very useful on large FS Logging is not by default enable it using -o logging Pradip Gudale option to mount 204
Planing ufs FS • Distribute I/O load. /export/home and swap across disks • keep it logical.. Put all project or group files into one FS • have root, usr and swap on system disk • make no more than 2 or 3 FS on others. Make them roomier. (Less fragmentation and easy to backup) Pradip Gudale
205
PART 1:
MOUNTING FS
Pradip Gudale
206
mounting • root always mounted at boot time • others mounted and unmounted as required • you need a mount point
Pradip Gudale
207
Root /
/opt
usr
Mount point Unbundled
File system
app1 file1 file2
Pradip Gudale
208
mnttab and vfstab • Reside under /etc • mnttab tells what is mounted • vfstab specifies what is to be mounted, where and required parameters to do that
Pradip Gudale
209
Example mnttab $ more /etc/mnttab /dev/dsk/c0t0d0s0 / ufs rw,intr,largefiles,onerror=panic,suid,de v=2200000 938557523 /proc /proc proc dev=3180000 938557522 fd /dev/fd fd rw,suid,dev=3240000 938557524 mnttab /etc/mnttab mntfs dev=3340000 938557526 swap /var/run tmpfs dev=1 938557526 swap /tmp tmpfs dev=2 938557529 Pradip Gudale 210 /dev/dsk/c0t0d0s7 /export/home ufs
Example vfstab $ more /etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no /proc /proc proc no /dev/dsk/c0t0d0s1 Pradip Gudale 211 swap no
NFS features • File resource on server and others share it; server maintains list of shared resources • actual loaction of resource irrelevant to user • commonly used sharable s/w is accessed through nfs e.g. man files • upgradation/change to resource can be easily managed Pradip Gudale
212
autofs mounting for NFS • • • • • • •
Client side service in NFS resource gets mounted when you access it remains mounted as long as you are in it gets unmounted when not used for ... Time boot time saved user need not know root passwd to mount n/w trafic reduced Pradip Gudale
213
autofs serviced by... • Autofs service … automountd • can specify alternate server to mount same FS • can use NIS, NIS+ or files • /home is usually auto-mounted
Pradip Gudale
214
cachefs • • • • • • •
Want to improve performance of NFS ?… It is a layered FS One FS is mounted on another It’s a caching mechanism. Good for PPP. reduces server and network load. client per server ratio goes up combine autofs and cachefs to improve scalability & performance Pradip Gudale
215
Creating file systems • Need to create if you add a new disk, change partiotion structure, restore full from tapes • need contiguous formatted cylinders • use newfs device-name (front-end of mkfs)
Pradip Gudale
216
newfs # newfs [-N][-b size][-i bytes] /dev/rdsk/device-name Tells parameters that would get passed to mkfs without actually creating FS
Block size
Pradip Gudale
No of bytes per inode
217
*Creating tmpfs FS Do not use newfs …. # mount -F tmpfs [-o size=number ] swap mount-point
Note: creating multiple tmpfs has no benefit… why ? How will you create tmpfs at boot time ? Swap /export/test tmpfs Pradip Gudale yes
218
Creating loop back FS Do not use newfs # mount -F lofs loopback-directory mountpoint
How to make it at boot time ? / /tmp/newroot lofs yes Pradip Gudale
219
MOUNTING FILE SYSTEMS
Pradip Gudale
220
mounting • mount, mountall [-l|-r]commands • Inconsistent FS are not mounted • common options are:
Pradip Gudale
221
Mount options.. -o bg | fg NFS first attempt fails, retries in the background (bg) or in the foreground (fg). hard | soft NFS Specifies the procedure if the server does not respond. soft indicates that an error is returned. hard indicates that the retry request is continued until the server responds. The default is hard. intr | nointr NFS Specifies whether keyboard interrupts are delivered to a process that is hung while Gudale 222 waiting forPradip a response on a hard-mounted file system. The default is intr
Mount options.. -o For ufs -o logging
Log space used from FS; 1MB per 1GB; max 64MB
default nologging
-o nolargefiles default largefiles -o noatime
default atime
Pradip Gudale
223
-o options …. cntd Remount All Changes the mount options associated with an already-mounted file system. This option can be used with any option except ro, retry=n NFS Retries the mount operation when it fails. n ro | rw All Specifies read/write or read-only. The default is read/write. The default option for HSFS is ro. suid | nosuid All Allows or disallows setuid execution. The default is to allow setuid execution. Pradip Gudale 224
Entries in vfstab • Dev to mount : block dev, resource name or /proc for proc FS type • dev to fsck : raw device • mount point : directory • FS-type : type of file system • fsck pass: “-” not checked; “0” ufs not checked; “1” checked one at a time; ”>1” and -o preen then checked parallely Pradip Gudale
225
Entries in vfstab …. cntd • Mount at boot : yes/no specifies whether to mount at boot; “no” for /, /usr,/var,/proc and /dev/fd. These get mounted by other method and not by mountall command • mount options: “-” or comma separated list
Pradip Gudale
226
Remounting without large files option When you mount a file system, the largefiles option is selected by default, which enables you to create files larger than 2 Gbytes. Once a file system contains large files, you cannot remount the file system with the nolargefiles option or mount it on a system running Solaris 2.6 or compatible versions, until you remove any large files and run fsck to reset the state to nolargefiles.
Pradip Gudale
227
How do you find files > 2GB ? # cd mount-point # find . -xdev -size +20000000 -exec ls -l {} \;
Pradip Gudale
228
Mounting NFS File System # mount -F nfs [-o mount-options] server:/directory mount-pt
Pradip Gudale
229
Mounting pcfs (DOS) FS # mount -F pcfs [-o rw | ro] /dev/dsk/devicename:logical-drive mount-point
Dos logical drive letter or number c to z or 1 to 24
Device name of whole disk /dev/dsk/c0t0d0p0
c or 1 : primary DOS slice rest : extended DOS slice Pradip Gudale
230
unmounting FS • • • •
umount or umountall you must be superuser FS must be available for unmounting FS must not be busy or in use : Changing to a directory in a different file system. Logging out of the system. Using the fuser command to list all processes accessing the file system and to stop them if necessary. # fuser -c [-u] [-k] mount-point Unsharing the file system Pradip Gudale
231
PART 1:
File System structure
Pradip Gudale
232
File system Disk Disk slice Cylinder groups
Pradip Gudale
Addressable blocks UFS has 4 types 233
Ufs blocks • Boot block : info for booting; only in first cylinder group;cyl 0; 8k size • super block : info on file system • inodes : info on file • data block : data inside the file
Pradip Gudale
234
superblock Replicated in each cylinder group * Size and status of the file system * Label (file system name and volume name) * Size of the file system logical block * Date and time of the last update * Cylinder group size * Number of data blocks in a cylinder group * Summary data block * File system state: clean, stable, or active * Path name of the last mount point A summary information block is kept with the superblock. Pradipchanges Gudale It is not replicated. Records as FS is used. 235
inode Keeps all info on file except its name. 128 Bytes The type of the file (regular.dir,char, block,link,fifo,socket) The mode of the file (the set of read-write-execute permissions) The number of hard links to the file The user ID of the owner of the file The group ID to which the file belongs The number of bytes in the file An array of 15 disk-block addresses The date and time the file was last accessed The date and time the file was last modified The date and time the file was created Array of 15 addresses Pradip Gudale 236
Inode contents
Type of file
uid Direct pointer to data block
No of bytes
8k data block 8k data block
12 direct
8k data block
pointers Indirect pointer
8k data block
2k pointers
Pradip Gudale
Double indirect pointer Triple indirect pointer
237
Data blocks • • • • • •
Rest of the space allocated to data blocks block size decided at FS creation time default is 8k fragmentation is 1k blocks contain data for file blocks contain files names & their inode number in a directory Pradip Gudale
238
Cylinder group 0
Cylinder group 1
Bootblock (8 Kbytes) Superblock
Storage Blocks
Cylinder Group Map
Superblock
Inodes
Cylinder Group Map
Storage Blocks
Inodes Storage Blocks
Pradip Gudale
239
FS parameters • Block size: logical that kernel uses (physical • • • • •
that disk controller uses is 512 bytes) Fragment size Minimum free space Rotational delay Optimization type Number of files Pradip Gudale
240
“block size” What should I consider while deciding block size ? How does it impact ? Do I want to increase efficiency ?.. And I don’t care much for disk space Do I have many small files in my FS ? Pradip Gudale
241
Fragment size • Smaller than block-size is allocated during file expansion • trade of between time and space • decide based on number & size of files
Pradip Gudale
242
“Minimum free space” • Kept aside in reserve (1% to 10%) • As users go on consuming FS space, ufs efficiency goes down; df reports available space excluding reserve • only superuser can use reserve space When will df report more than 100% usage ? What command to use to change free space value ? Pradip Gudale
….tunefs
243
Rotational delay • Principle: knowing CPU data transfer speed and disk rotational speed, block allocation routine can place next block address to block just coming under the head & ready for read/write • Not very useful in modern disk with cache
Pradip Gudale
244
Number of files • Depends on number of inodes… Why ? • You can specify number of bytes per inode (i.e number of bytes per file and not number of bytes required to store inode info) • FS size/bytes per inode gives no of files Conventional defaults FS Less than or equal to 1 Gbyte FS Less than 2 Gbytes FS Less than 3 Gbytes Pradip Gudale FS 3 Gbytes or greater
2048 4096 6144 8192
245
Creating FS newfs [Nv] [mkfs_options] raw_device -s size -t ntrack
Tracks per cyl
-b bsize -f fragsize -c cgsize Cylinder per cyl group -m free ..etc Pradip Gudale
see man page 246
PART 1:
FSCK
Pradip Gudale
247
File system integrity • It is the consistency and integrity of internal tables of FS. This is lost if Sudden power failure accidental unplugging of system system crash improper shutdown
Pradip Gudale
248
Principle behind fsck • Uses redundant information available across various tables in the FS • Goes through superblock, inodes and data blocks • runs in phases -- means reads tables multiple number of times • salvages as far as possible • ever noticed lost+found directory under Pradip Gudale 249 newly created directory ?
Probable recovery.. The fsck program places files and directories that are allocated but unreferenced in the lost+found directory. The inode number of each file is assigned as the name.
Pradip Gudale
250
FS state flag • • • •
Stored in super block flag checked by /sbin/rcS while booting flag checked by fsck when run Flags FSACTIVE: mounted & modified FSBAD : / mounted when state not FSCLEAN/FSSTABLE FSCLEAN: mounted properly FSSTABLE:mounted & unmodified FSLOG: mounted with logging Pradip Gudale
251
How fsck tries to salvage • Due to buffering in memory FS state on disk always lags behind that in core • written to disk when buffer is required or kernel runs fsflush periodically • fsck reads summary info in superblock--FS size, no of inodes, free blocks count and free inode count • checks free block map. Cross checks that Gudale 252 free blocks are notPradip claimed ny files
Salvage……. cntd • No of free + no claimed by inodes=total blk • count of free inodes in summary=actual free inodes ?.. NO.. Modify summary info • link count in inode.. No directory entry exists for that inode no although inode contains valid info. Put file in lost+found • Duplicate blocks: data block claimed by 253 inodes of two filesPradip Gudale
Sample fsck output.. # fsck /dev/rdsk/c0t0d0s7 ** /dev/rdsk/c0t0d0s7 ** Last Mounted on /export/home ** Phase 1 Check Blocks and Sizes ** Phase 2 Check Pathnames ** Phase 3 Check Connectivity ** Phase 4 Check Reference Counts ** Phase 5 Check Cyl groups 2 files, 9 used, 2833540 free (20 frags, 354190 blocks, 0.0% fragmentation) No of frags No of inodes
Number of unused fragments
Pradip Gudale
Number of unused full blocks
% frag 254
How to see if FS need checking.. # fsck -m /dev/rdsk/c0t0d0s6 ** /dev/rdsk/c0t0d0s6 ufs fsck: sanity check: /dev/rdsk/c0t0d0s6 needs checking To check FS interactively…. #fsck Pradip Gudale
255
Preening ufs file system The preen option to fsck (fsck o p) checks UFS file systems and automatically fixes the simple problems that normally result from an unexpected system shutdown. It exits immediately if it encounters a problem that requires operator intervention. The preen option also permits parallel checking of file systems. Pradip Gudale
256
How to restore superblock Find back-up superblock # newfs -N /dev/rdsk/device-name
run fsck with another superblock # fsck -F ufs -o b=block-number /dev/rdsk/dev-name
Pradip Gudale
257
Fixing that fsck could not.. • • • •
Run fsck multiple times carefully read error messages and act use fsdb, clri, ff, ncheck etc…. See man if could not fully recover try mounting read only and retrieve data
Pradip Gudale
258
PART 1:
BACKUP & RESTORE
Pradip Gudale
259
*Why do you need backup ? • • • • •
System crashes accidental deletion natural disaster hardware failures mistakes in installation or upgrade
Pradip Gudale
260
Backup methods • Backup file systems : ufsdump • backup NIS+ server : nisbackup • backup all on N/W from server : solstice backup s/w • backup/list files : cpio, tar, pax • backup as raw dump : dd Pradip Gudale
261
Backup devices • • • • •
1/2-inch reel tape 140 Mbytes (6250 bpi) 2.5-Gb 1/4 inch cartridge (QIC) tape 2.5 GB DDS3 4-mm cartridge tape (DAT) 12 - 24 GB 14-Gbyte 8-mm cartridge tape 14 Gbytes DLT 7000 1/2-inch cartridge tape 35 - 70 GB
Pradip Gudale
262
How do you decide what to backup ? • Don’t need to backup full everytime • monitor what FSs change often • which are critical FSs so… /export/home must be backed-up regularly, whereas /usr need not be and /var although changing need not be backed-up very frequently. Pradip Gudale
263
What all you can do with ufsdump • Take backup of full FS on local or remote tape device • Take incremental backup (those that have changed since previous backup) • Backup groups of systems (remote shell) • Automate backup (use crontab)
Pradip Gudale
264
Dump level concept • This is the number between 0 and 9 • 0 is full backup • no specific meaning to level number. Meaning is attached when looked at in relation to other level. • 1-9 specify hierarchy of incremental backup • dump levels are specified in ufsdump command Pradip Gudale
265
Dump level usage Monthly Monday Tuesday Wednesday Thursday Friday 0 9 9 9 9 5
Incremental Backup: Daily Cumulative Pradip Gudale
266
How this scheme looks 9(Mon) 9
9
9
5(Fri)
Wk 1
ab
abc
abcd
abcde
abcdef
Wk 2
g
gh
ghI
ghij
a b c d e f g h i jk
In this scheme … How many tapes will be required? Pradip Gudale What tapes are required to restore ?
267
Answers.. With this schedule, you need six tapes (if you want to reuse daily tapes), or nine tapes (if you want to use four different daily tapes): one for the level 0, four for the Fridays, and one or four daily tapes. If you need to restore a complete file system, you will need the following tapes: the level 0, the most recent Friday tape, and the most recent daily tape since the last Friday tape (if any).
Pradip Gudale
268
Dump level usage Monthly Monday Tuesday Wednesday Thursday Friday 0 3 4 5 6 2
Incremental Backup: Daily Discrete (incremental) Pradip Gudale
269
Daily cumulative, weekly incremental Floating 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2
Mon
Tues
Wed
9 9 9 9
9 9 9 9
9 9 9 9
ab g
abc gh
Thurs
Fri
0
abcd ghI
9 9 9 9 abcde ghij
3 4 5 6 abcdef ghijk
To restore you need level 0, all Friday & most Pradip Gudale 270 recent daily tape
Daily incremental, weekly cumulative Floating Mon 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2
Tues
Wed
Thurs
Fri
0 3 3 3 3 ab gh
4 4 4 4 cd i
5 5 5 5 e jk
6 6 6 6 f lm
2 2 2 2 abcdef abcdefghijklm
To restore you need level 0, recent Friday & all Pradip Gudale 271 daily tapes
Taking backup • Keep tape drive ready • decide on file systems- use mount command • find number of tapes required # ufsdump S filesystem gives you bytes. Calculate tapes required.
• Become superuser and bring system to single user mode Pradip Gudale
272
usdump command examples • #ufsdump 0ucf /dev/rmt/0 / • #ufsdump 9ucf /dev/rmt/0 /export/home • #ufsdump 0ucf pluto:/dev/rmt/0 /export/home Dump file (tape)
Update /etc/dumpdates
Verify using #ufsrestore tf /dev/rmt/0 Pradip Gudale
273
ufsrestore • The ufsrestore command copies files to disk, relative to the current working directory, from backups created using the ufsdump command. • Can restore individual files • when run from root restore with original ownerships and permissions Pradip Gudale
274
Relative to current working directory….. explanation files backed up from the /export/doc/books directory (where /export is the file system), would be saved relative to /export. In other words, the book1 file in the docs directory would be saved as ./doc/books/book1 on the tape. Later on, if you restored the ./doc/books/book1 file to the /var/tmp directory, the file would be restored to Pradip Gudale 275 /var/tmp/doc/books/book1.
note Note - Do not restore files in the /tmp directory even temporarily. The /tmp directory is usually mounted as a TMPFS file system and TMPFS does not support UFS file system attributes such as ACLs.
Pradip Gudale
276
ufsrestore • # ufsrestore ta archive-name ./path/filename • # ufsrestore tf device-name ./path/filename • the above two check to see if filename exists on backed-up media; first using online archive and second using tape contents Pradip Gudale
277
Running ufsrestore interactively • • • • • • • • •
# ufsrestore if /dev/rmt/n ufsrestore> ls directory ufsrestore> cd directory-name ufsrestore> add filename1 filename2 ufsrestore> delete filename ufsrestore> verbose ufsrestore> extract Specify next volume #: 1 ufsrestore> quit Pradip Gudale
278
Restoring specific file not interactively # ufsrestore xvf filename …
/dev/rmt/n
Specify next volume #: 1 (giving vol no) set owner/mode for ’.’? [yn] n (to keep mode of current directory unchanged) Pradip Gudale
279
Restoring complete File System • • • • • • • •
# umount /dev/rdsk/device-name # newfs /dev/rdsk/device-name # mount /dev/dsk/device-name /mnt # cd /mnt # ufsrestore rvf /dev/rmt/n (use levels..starting with 0 and going up) # rm restoresymtable # cd /; unmount /mnt; # ufsdump 0uf /dev/rmt/n Pradip Gudale /dev/rdsk/device-name
280
“What more you need to do to restore root / and /usr” • Boot from cdrom (as you don’t have os disk) • restore root file system from tape as for any other file system • install boot block # installboot /usr/platform/‘uname-i‘ /lib/fs/ufs/bootblk /dev/rdsk/devicename Pradip Gudale
281
How ufsdump works.. • Makes two passes • In first pass it scans through raw device and builds directory & file structure in memory; writes table to tape in-core stuff may get skipped in active FS • In second pass goes through inode numbers in order & writes data to tape • Neither free blocks nor slice image gets backed-up Pradip Gudale 282
/etc/dumpdates role • Each line in /etc/dumpdates shows the file system backed up, the level of the last backup, and the day, date, and time of the backup. • /dev/rdsk/c0t0d0s0 9 Tue Jul 13 10:58:12 2001 /dev/rdsk/c0t0d0s0 0 Tue Jul 13 10:46:09 2001
• during incremental backup ufsdump consults this to find Pradip Gudale 283 date of most recent backup of
Ufsdump command format /usr/sbin/ufsdump [options][arguments] filesto-back-up
0-9,a,b,c,d,D,f,s,u,v archive
destination To diskette Tape density To cartridge No of 512 byte blocks Pradip Gudale at a time
284
Ufsrestore command format ufsrestore [options][arguments][filename …]
i,r,R,x,t table extract Resume restoring; restarts from checkpoint when full restore interrupted recursive interactive
Pradip Gudale
285
Other ways to take backup • Want to take full FS backups..& restore ? -- ufsdump more suitable • Want to take selective backup..? Or transfer files between systems..? -- tar,cpio,pax suitable • Want to do disk to disk copy..? -- dd is more suitable • Want to copy on diskette..? Pradip Gudale 286 -- tar would do the job
Type & characteristics Command FS boundries Multi-Volume Type volcopy Yes Yes Physical tar No No Logical cpio No Yes Logical pax Yes Yes Logical dd Yes No Physical Pradip Gudale 287 ufsdump/ Yes Yes
dd • $ dd < /floppy/floppy0 > /tmp/output.file 2400+0 records in 2400+0 records out • …so you can specify dev names for stdin & stdout • $ dd if=input-file of=output-file bs=nnK Write a command to clone a full system
disk & boot from it
Pradip Gudale
288
d if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=12 sck /dev/rdsk/c0t2d0s2 mount /dev/dsk/c0t2d0s2 /mnt d /mnt/etc i vfstab dify entries for the new disk) d/ mount /mnt nit 0 oot disk2 -s ys-unconfig oot disk2
Notice : intallboot not required. Why ? Pradip Gudale
289
cpio • Archiving program • copies list of files into single large output file • inserts headers between files to facilitate restoration • can copy to other slice or media • can detect End-Of-Media & prompts to insert next media Pradip Gudale
290
Exapmle copying from one FS to another # find . -print -depth | cpio -updm Sets modification filesystem2 Descends directory
times
lists
Creates directories
Unconditional older will replace newer
Pradip Gudale
291
Copying to tapes • Use either cpio, tar or pax .. Depends on precision & flexibility you want • all use raw device. (You don’t make FS on tapes !) • pax: better portability on POSIX compliant sys • tar:available on most unix systems,No multi-vol • cpio:packs data more efficiently; skips over bad spots on tape while restoring; option for different header formats (tar,crc,odc,bar),multi-vol Pradip Gudale
292
tar • tar with -c destroys current data on tape • can use * or ? As wildcards while backup • cannot use wildcards while extracting • $ tar cvf /dev/rmt/0 reports (reports is dir) a reports/ 0 tape blocks a reports/reportA 59 tape blocks a reports/reportB 61 tape blocks a reports/reportC 63 tape blocks Pradip Gudale 293
pax • $ pax -w -f /dev/rmt/0 filename … Enable write mode
$ pax -f /dev/rmt/0 (verifies files on tape filea fileb filec
Pradip Gudale
294
Copying all files with cpio $ ls | cpio -oc > /dev/rmt/n
Copy-out mode
Header in ASCII character
Pradip Gudale
295
Restoring with cpio Listing files on tape $ cpio -civt < /dev/rmt/n
Restoring all files from tape in current dir $ cpio -icvd
Restoring specific file
296
How to take back-up on remote tape • Take care of permissions to use tape on other machine. Your hostname and username should be entitled to do the job • use commands that work on stdin and stdout • connect them properly
Pradip Gudale
297
Backup on remote tape... Check appropriate permissions $ rsh remotehost echo test if successful… $ tar cf - files | rsh remotehost dd of=/dev/rmt/n obs=blocksize to extract… $ rsh remotehost dd if=/dev/rmt/n | tar Pradip Gudale 298 xvBpf -
Copying to diskette • Insert formatted diskette in writable mode • $ volcheck • $ fdformat -U /vol/dev/aliases/floppy0 • $ tar cvf /vol/dev/rdiskette0/unlabeled filename … • $ tar tvf Pradip Gudale /vol/dev/rdiskette0/unlabeled
299
Copying files with different headers
• When do you have to do this ? e.g. Sol 8 cpio archive may not be compatible with earlier SunOS. So create archive with different header • $ cpio -oH odc < file-list > /dev/rmt/n odc is ASCII header with small device number Pradip Gudale
300
Cpio -H [tar,odc,bar,crc,ustar] • While restoring use same -H option as that used while archiving • $ find . -print | cpio -oH tar > /tmp/test 113 blocks • $ cpio -iH bar < /tmp/test • write command syntax on media label Pradip Gudale
301
Tape media names /dev/rmt/XAbn X is Drive number 0 1 2 3 4 n etc Optional l m h u c Density low medium high ultra compressed “b” Berkeley (SunOS 4.x) Compatibility Pradip Gudale
“n” Optional No-rewind
302
Tape drive commands • # mt -f /dev/rmt/n status Archive QIC150 tape drive:sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 0 block no= 0 • $ mt -f /dev/rmt/n retension | rewind Pradip Gudale
303
PART 1:
PRINTER ADMINISTRATION
Pradip Gudale
304
What are the ways.. GUI
N/W printers
Solaris Print Manager Solaris 8 and Solaris Easy Access Server 3.0 Yes Admintool Solaris 8 & compatible versions Yes LP commands Solaris 8 & compatible versions No Yes Pradip Gudale
manages
uses NIS
serv & clien NIS+
Yes
Yes
Yes
No
Yes
No
Yes
Yes 305
LP print Service • Set of s/w utilities that allow users to print jobs while they work • Earlier called LP spooler (system peripheral operation offline) • LP print service includes S/W, spooler, filters and h/w associated with printer
Pradip Gudale
306
Network printer • • • • •
H/w device directly connected to network device has its own name & IP address print jobs are transferred across network driver support expected from vendor Sun provides generic drivers. Good enough but they don’t exploit all capabilities of the printer Pradip Gudale
307
Admin tasks for printers • Setup server & clients for printing • Deleting a printer and remote printer access • Checking the status of printers • Restarting the print scheduler
Pradip Gudale
308
Print process • 1. A user submits a print request from a print client. • 2. The print command checks a hierarchy of print configuration resources to determine where to send the print request. • 3. The print command sends the print request directly to the appropriate print server. A print server can be any server that accepts BSD printing protocol, • 4. The print server sends the print request to the appropriate printer. • 5. The print request is printed. Pradip Gudale
309
Heirarchy of print config resources • Command line option lp -d • A user’s LPDEST or PRINTER variables • The _default variable in the sources configured for the printers database in the /etc/nsswitch.conf file • The $HOME/.printers file for users • The local /etc/printers.conf file for the NIS name service • The printers.org_dir table for the NIS+ Pradip Gudale 310 name service
How users specify printer on command line • Three ways (1) atomic (2)POSIX and (3) context based as in FNS • lp -d hp660c filename • lpr -P galaxy:neptune filename • lpr -d finance/wages/printer/modi410 filename Pradip Gudale
311
Print server • a system that has a local printer connected to it and makes the printer available to other systems on the netwok • schedules & controls print jobs • They use BSD print protocol : Industry standard and widely used • server & client can have different 312 versions of OS Pradip Gudale
Spooling • Spooling space is a disk space to store print jobs in a queue • They are stored in /var/spool/lp • Better if /var is separate FS. Can be mounted locally on print server or remotely from file server • 30Mb for small (text messages) print jobs and upto 600Mb for bit map big jobs Pradip Gudale
313
Overview of printing-setup • Setup printer name, definition, port • Selecting a printer type and file content type • Setting up fault notification and default printer destination • Determining whether you want to print banner pages or limit user access to a printer • Setting up printer classes and fault recovery Pradip Gudale
314
lpadmin command • lpadmin allows you to do all the tasks • printer manager allows you to do most tasks and some with limited functionality… tasks like file content, fault notification, banner printing and user access control and some like printer class and fault recovery you cannot. Pradip Gudale
315
lpadmin • Basic command is lpadmin -p printer-name • lpadmin -p hp400tn -D “lasrjet” to add description • lpstat -D -p hp400tn to find out description • lpadmin -p .. -v port-no /dev/term/a or /dev/term/b
Pradip Gudale
316
For intel platforms • Only first port is enabled by default.. So.. • For additional port you need to edit device driver configuration files of additional ports…(serial & parallel) • /platform/i86pc/kernel/drv/as y.conf • /platform/i86pc/kernel/drv/lp .conf Pradip Gudale
317
Printer type • The printer type is a generic name for a type of printer. It identifies the terminfo database entry that contains various control sequences for the printer. • specify the printer type by using the lpadmin T command • For a local PostScript printer, use a printer type of either PostScript (PS) or Reverse Pradip Gudale PostScript (PSR).
318
terminfo • /usr/share/lib/terminfo : printer capabilities and initialization control data for each printer • cd /usr/share/lib/terminfo/e • ls • $ ls • emots ep2500+high ergo4000 Pradip Gudale
319
File content type & print filters • File content type tells print service type of file contents that gets printed directly without requiring modification • Print filters convert the content type of a file to a content type that is acceptable to the destination printer. • specify the file content type for a printer by using the lpadmin I Pradip Gudale 320 e.g. lpadmin p .. I
Solaris print manager • • • •
You need bit mapped display running X-windows or CDE run it from CDE workspace menu OR # /usr/sadm/admin/bin/printmgr & pkg SUNWppm must be installed Pradip Gudale
321
Adding through lpadmin..example # chown lp /dev/term/b On server # chmod 600 /dev/term/b # lpadmin -p luna -v /dev/term/b # lpadmin -p luna -T PS -I postscript # lpadmin -p luna -D “training-lab-ps” # accept luna destination ‘‘luna’’ now accepting requests # enable luna printer ‘‘luna’’ now enabled # lpstat -p luna printer luna is idle. enabled since Jul 12 Pradip Gudale 322 11:17 20019. available.
Adding access to printer # lpadmin -p luna -s saturn
On client
Printer server # lpadmin -p luna -D ”training-lab-ps" name # lpadmin -d luna
Makes it default
# lpstat -p luna printer luna is idle. enabled since Jul 12 11:17 2001. available.
Pradip Gudale
323
*Adding network printer • Although printer not connected to any M/C it is necessary to define & configure print server….. WHY ? The print server provides queuing capabilities, filtering, and printing administration for the network printer.
Pradip Gudale
324
Network printer : few terms • Print server • printer host : s/w & h/w that makes nonnetwork printers “Network Printers” • printer node : printer itself if it is built-in N/W printer. Printer host if that is external box; Unique node name and IP address • printer name: name entered on command line. Selected by sys sdmin while installing; Pradip Gudale 325 one printer can have many names.
N/W printer invoking s/w support • The software support for network printers is called through the interface script. Netstandard • lpadmin p pr_name m netstandard • lpadmin p pr_name o protocol=bsd | tcp • Now printer subsystem needs Node name Port number 326 Pradip Gudale access name
N/W printer : lpadmin • # lpadmin -p printer-name -v /dev/null -m netstandard -o dest=pn1:9100, protocol=tcp, timeout=value No of seconds to wait between attempting connection # lpadmin -p printer-name -I content-type -T printertype #accept printer-name #enable printer-name
Pradip Gudale
327
Managing Printers AND print Schedulers
Pradip Gudale
328
Deleting printer • Do it on both server and client • print-client# lpadmin -x printer-name • print-client# lpsystem -r print-server this deletes info about print-server also. • print-server# reject printer-name • print-server# disable printer-name • print-server# lpadmin -x printer- 329 Pradip Gudale name
Checking printer status $ lpstat [-d][-p printer-name [-D][-l]] [-t] Shows default
Shows characteristics
Shows status of print service
Pradip Gudale
330
Example.. lpstat -t $ lpstat -p luna -l printer luna is idle. enabled since Mon Jul 12 15:02:32 ... Form mounted: Content types: postscript Printer types: PS Description: Connection: direct Interface: /usr/lib/lp/model/standard After fault: continue Users allowed: (all) Forms allowed: (none) Banner not required Character sets: Default pitch: Pradip Gudale 331 Default page size: 80 wide 66 long
lpscheduler • Check if it is running.. Login as root OR lp • # lpstat -r • # /usr/lib/lp/lpshut … to stop scheduler • # /usr/lib/lp/lpsched … to start scheduler
Pradip Gudale
332
Banner pages • Gets printed for every job • helps identify print-job • prints who-submitted, request-ID and time-it-got-printed • can have modifiable title • Not desirable if few users & small printouts OR using special forms like pay-cheques Pradip Gudale
333
Banner printing control • Both lpadmin and lp commands take banner printing related parameters On by default; can be disabled in lp • lpadmin -p pr1 [-o banner=always | optional | never ] applies to printer • lp -o nobanner applies to the job ignored for regular user; Honored for root or lp user and overrides lpadmin -o Pradip-o Gudale 334 banner OR lpadmin banner=always
banner • Banner setting is stored in /etc/lp/printers/prname/configuration file. • Check this using lpstat -p pr-name -l
Pradip Gudale
335
Printer classes • Print service enables you to group various printers into a class • can be done only by lpadmin -c • Once set-up users can specify printer class instead of printer for print jobs • The first free printer in the class is used resulting in better turnaround; checked in order in which they were put in a class Pradip Gudale 336 • make classes based on location or type
Defining class • # lpadmin -p pr-name -c printerclass /etc/lp/classes/printer-class • gets added at the end of list in the class in the file • $ lpstat To see -c what are the printers in a class printer-class
Pradip Gudale
337
Printer fault notification • Print service can notify in different ways when print operation encounters problems • Write a message to the terminal on which root is logged in • Electronic mail to root • No notification • Can be configured by lpadmin OR Print Manager Also allows to get msg from program of your choice; allows disabling fault notificationPradip forGudale known problem 338
Fault notification: lpadmin -A • • • • •
’mail [user-name]’ ’write [user-name]’ ’command’ (run the command) quiet (stop alert unitl fault is fixed) none ( do not send any alerts)
Alert settings are entered in Pradip Gudale 339 /etc/lp/printers/printer-name/alert.sh
Fault Recovery • You can define the fault recovery options for a printer only by using the lpadmin F command. This task is not available in Solaris Print Manager. • After fixing the fault active print request begins printing… ..from beginning of the job ..from top of page where stopped ..from top of page where stopped after you Both require filter enable the printer
• lpadmin -F beginning | continue | wait Recovery settings go in /etc/lp/printers/prPradip Gudale name/configuration file.
340
Access control • Can prevent some users from accessing some printers • make allow and deny lists using lpadmin -u • with print manager you can make only allow list • # lpadmin -p printer-name -u allow:user-list [ deny:user-list] • /etc/lp/printers/printername/users.allow Pradip Gudale 341
Managing print requests • • • •
Get status cancel jobs change priorities Login to server and use lp commands • $ lpstat -o [printerlist] | -u [user-list] • lp -i This request-id hold | resume | immediate changes-H priority Pradip Gudale
342
priority • You can also change priority relatively using lp -q command • # lp -i request-id -q 3 0 to 39 0 top priority 39 lowest priority Pradip Gudale
343
Managing filters • Filters are programs that convert one typoe of file to another • programs that manage double sided or landscape printing, draft & letter quality • detect printer faults and notify print service • LP print service provides postscript filters and are loacted/usr/lib/lp/postscript directory. in Pradip Gudale
344
filters • lpfilter command used to manage list of available filters • filter descriptors are in /etc/lp/fd directory. • Filters themselves are in /usr/lib/lp. /etc/lp/filter.table file. • System information about filters is stored in Pradip Gudale 345 Your chosen name Definition name in /etc/lp/fd • # lpfilter -f daisytroff -F
What do enable/disable accept/rejet do ? enable/disable : start or stop printing of jobs that are in queue accept/reject : start or stop accepting jobs for queuing These two are different and independent operations Pradip Gudale
346
Canceling print request • • • •
By request Id For specific user on any or specified printer The one currently being printed You can cancel provided if its your printjob or if you are superuser or lp • $ cancel request-id | printer-name • $ cancel -u user-list [printer-name] Pradip Gudale
347
Moving print requests • If you want to take the printer out of service • move requests to different printer having similar capabilities • print request IDs remain same • first check if destination printer is accepting requests…# lpstat -p prn2 • move requests.. # lpmove prn1 prn2 this stops acceptance of new Pradip Gudale 348 requests on prn1 automatically.
Print port characteristics • Print service sets defaults for printer ports like…. • −9600 Set baud to 9600 ∀ ∀ ∀ ∀ ∀ ∀
−cs8 Set 8-bit bytes −cstopb Send one stop bit per byte −parity Do not generate parity −ixon Enable XON/XOFF −olcuc Do not map lowercase to uppercase −onlcr Change line feed to carriage return/line feed Pradip Gudale
349
Port characteristics • You can change if defaults not suitable • use stty to display and set characteristics • # lpadmin -p prn -o "stty=options” • # lpadmin -p luna -o "stty=’parenb parodd cs7’” • # lpadmin -p venus -o "stty=19200" Pradip Gudale
350
Print service directories /usr/bin The LP print service user commands /etc/lp A hierarchy of LP server configuration files /usr/share/lib The terminfo database directory /usr/sbin The LP print service administrative commands /usr/lib/lp The LP daemons; directories for binary files and PostScript filters; and the model directory (which contains the standard printer interface program) /var/lp/logs The logs for LP activities: lpsched.n – Messages fromlpsched and requests.n – Information about completed print requests /var/spool/lp The spooling directory where files are Pradip Gudale 351 queued for printing
/usr/lib/lp directory • bin : Contains files for generating printing alerts, queue management prog • lpsched : schedular daemon • model : standard interface programs • postscript : contains all postscript interface programs
Pradip Gudale
352
How print service works • Print scheduler on print server is started in /etc/rc2.d/S801p • scheduler lpsched updates print config files, queues jobs, tracks printer status • print client communicates directly with a print sever over the network. • Print servers listen for print request with the Internet services daemon (inetd). • inetd starts a program “protocol adaptor” Pradip Gudale 353 (in.lpd) --communicates with spooler
What the Printer Interface Program Does • • • •
Initialize the printer port --use stty Initialize the printer -- use terminfo Print a banner page, if necessary. Print the correct number of copies specified by the print request.
Standard interface program is found in /usr/lib/lp/model Pradip Gudale
354
PART 1:
SYSTEM SECURITY
Pradip Gudale
355
Security Aspects • Maintaining physical site security (don’t leave • • • • • • • •
logged-in terminal unattended) Maintaining login control (password must) Restricting access to data in files -permission Maintaining network control Monitoring system usage (mormal load ..?) Setting PATH variable correctly (trojan horse Securing files (use ACLs and care setuids) Installing a firewall Gudale 356 Reporting securityPradip problems
Firewall or Secured Gateway • Dedicated system separating two networks • each appoaches another as Untrusted • also useful between two internal networks .. Will not send packet unless origin or destination address is of Gateway system • packets of specific protocol only can be allowed to be forwarded-- say mail and not of telnet or rlogin Pradip Gudale
357
firewall • • • •
System should not have any trusted hosts everyone must be made to type password it acts as a passage as well as barrier it makes internal user to log-in to gateway system before he can send packets to outside N/W and also external user to login before he can reach internal N/W Pradip Gudale
358
File related commands • • • •
ls chown chgrp chmod
Pradip Gudale
359
ACL • Traditional Unix allows permissions setting to owner, group and others • ACL allows greater & finer control… you can set permissions for all above & for specific users and groups and default permissions to each of these • setfacl & getfacl Pradip Gudale
360
Special logins • root 0 Has almost no restrictions and overrides all other logins, protections, and permissions. The root account has access to the entire system. • daemon 1 Controls background processing. • bin 2 Owns some of the Solaris commands. • sys 3 Owns many system files. • adm 4 Owns certain administrative files. • lp 71 Owns the object & spooled data files for printer. • uucp 5 Owns the object & spooled data files of UUCP nuucp 9 Is used by remote systems to log in to the system fileGudale transfers. 361 Gids inand redstartPradip
password • Sources to check password are three • /etc/nsswitch.conf entry decides which of NIS+ tables, NIS map or /etc files to look for password • /etc files are passwd and shadow • Only superuser can read shadow file
Pradip Gudale
362
shell Normal shell
Restricted shell
/usr/bin/sh
/usr/lib/rsh Notice :Not /usr/sbin/rsh (remote shell) Access limited to home directory; can’t use cd Can use commands only in PATH variable Can use files only in HOME dir & subdirectories Pradip Gudale with > or >> cannot redirect output
363
Tracking SuperUser Login • Requires root password • By default, user cannot login as root remotely; He needs to login as ordinary user and then switch-over to root. This policy helps tracking “who is trying to become SuperUser” • The command to switch-over to different user is su Pradip Gudale
364
Switch user : su • su user-name • su - user-name
Pradip Gudale
365
Network security • Firewall • authentication • authorization How do you differentiate between authentication and authorization ? Can I log-in ?
Athentication
Can I copy this file ? Pradip Gudale
Authorization 366
Network security • Firewall • for NFS : you can decide what to share (through /etc/dfs/dfstab) and whom to give what authority (read/write or read only) through share command. • By deafult, superuser access is not given by NFS. (it is implemented to change userId of requester to that of nobody-60001) Pradip Gudale
367
Automated Security Enhancement Tool : ASET • enable you to control and monitor your system’s security. • specify a security level—low, medium, or high—at which ASET will run. • At each higher level, ASET’s file-control functions increase to reduce file access and tighten your system security. Pradip Gudale
368
File permissions • Read, write and execute permissions to each of three types of users - owner (the one who creates file or directory), a group and others (all those who are neither owner nor member of the group) • Only owner or root can decide and modify these permissions Pradip Gudale
369
Permissions of directory List files in the • r Read directory. Add or remove files or • w Write links in the directory. • x Execute Open or execute files in the directory. Also can make the directory and the directories beneath it current. Pradip Gudale
370
Special file permissions • setuid • setgid • stickyBit Applicable to executables and public directories
Pradip Gudale
371
setuid • When set on a program, it grants the process running that program aceess based on owner of that program rather than the user who is running it. • This allows user to access files that are normally available only to owner. e.g /etc/shadow file rsrsrx 3 root sys 104580 Jul 16 12:02 Pradip Gudale 372
setgid • Similar to setuid except…. • process’s effective groupID is changed to that of a group owner of a program and user is granted access based on permissions available to the group • When applied to directory, the files created under it belong to the same group as directory belongs and not group of the process creating it.(e.g directory containing373 Pradip Gudale all project files)
Sticky Bit • Permission bit that protects files within a directory.. So its applied to only directories • Files can be deleted only by 1)Owner of the file 2)Owner of the directory 3)root • Prevents users from deleting other user’s files from public directory like /tmp • drwxrwxrwt 7 root sys 400 JUL 3 13:37 tmp Pradip Gudale
374
*Default Permissions • What are the effective permissions when you create a file or a directory ? • What decides these defaults permissions ? A value set for umask in system file /etc/profile or .cshrc or .login
Pradip Gudale
375
System defaults
files = 666 directories & executables = 777
Subtract umask = 022
Effective permissions
files = 644 directories & executables = 755 Pradip Gudale
376
Display information on files :ls • • • • • • • •
Text or program d Directory b Block special file c Character special file p Named pipe (FIFO) l Symbolic link s Socket
Type of files Permissions Number of hard links Owner of the file Group of the file Size of the file, in bytes Date the file was created or last date it was changed Name of the file
Pradip Gudale
377
$ cd /sbin $ ls -la total 13456 drwxrxrx 2 root sys 512 Sep 1 14:11 . drwxrxrx 29 root root 1024 Sep 1 15:40 .. rxrxrx 1 root bin 218188 Aug 18 15:17 autopush lrwxrwxrwx 1 root root 21 Sep 1 14:11 bpgetfile > ... rxrxrx 1 root bin 505556 Aug 20 13:24 dhcpagent rxrxrx 1 root bin 456064 Pradip Gudale 378 Aug 20 13:25 dhcpinfo
Changing file ownership • Command is chown • By default owner cannot change ownership; Only Superuser can • workaround… set rstchown = 0 in /etc/system & reboot • # chown newowner filename Pradip Gudale
379
Changing group ownership • Only superuser or owner can change • owner can change it to a group of which he is a member • $ chgrp group filename
Pradip Gudale
380
Changing permissions • chmod command • two modes 1) absolute mode : use octal numbers (triplet) to set permissions 2) symbolic mode: use combination of letters & signs • for setting special permissions use additional octal number to the left of the triplet Pradip Gudale
381
chmod Special perm X
Y
Z
owner R
W X
1
1
group
others
R W X
R W X
0
setuid setgid Stick bit
Octal 6 Pradip Gudale
382
examples • $ chmod 700 my_prog • $ ls -l my_prog rwx 1 mahesh staff 6023 Jul 5 12:06 my_prog • $ chmod 755 public_dir • $ ls -ld public_dir • drwxrxrx 1 omni staff 6023 Pradip Gudale 383 Jul 5 12:06 public_dir
examples • $ chmod 4555 dbprog • $ ls -l dbprog • rsrxrx 1 db staff 12095 May 6 09:29 dbprog • $ chmod o-r filea (takes away read permissions from others) • $ chmod a+rx fileb (adds r & x to all) Pradip Gudale 384 • $ chmod g=rwx filec (adds rwx
To create shared directories • A setgid bit on a directory must be set or changed using symbolic notation # chmod g+s project_dir Write a command to find all files in a specified directory having owner as root and setuid bit set on them Pradip Gudale
385
# find directory -user root -perm -4000 -exec ls -ldb {} \; >/tmp/filename Display in ls -ldb format
Output stored here
# ls l /tmp/filename sx 1 root rar 45376 Aug 18 15:11 /usr/rar/bin/sh rsrxrx 1 root bin 12524 Aug 11 01:27 /usr/bin/df rwsrxrx 1 root sys 21780 Aug 11 01:27 Pradip Gudale 386 /usr/bin/newgrp
ACL • Salient feature is you can assign permissions to specific user e.g. you can give read permission to a group and read/write permission to a specific member in that group • ACL contains entries which are defind using setfacl • entry_type:[uid|gid]:perms Pradip Gudale
387
ACL Entries for files u[ser]::perms File owner permissions. g[roup]::perms File group permissions. o[ther]:perms Permissions for users other than the file owner or members of file group. m[ask]:perms The ACL mask. The mask entry indicates the maximum permissions allowed for users (other than the owner) and for groups. The mask is a quick way to change permissions on all the users and groups. u[ser]:uid:perms Permissions for a specific user. For uid, you can specify either a user name or a numeric UID. g[roup]:gid:perms Permissions for a specific group. For Gudale gid, you can specify eitherPradip a group name or a numeric 388 GID.
Default ACL on directory You can set default ACL on directories; All created under it will have same permissions as default; When you set for specific user first time you also need to set for owner, group & mask d[efault]:u[ser]::perms Default file owner permissions. d[efault]:g[roup]::perms Default file group permissions. d[efault]:o[ther]:perms Default permissions for users other than the file owner or members of the file group. d[efault]:m[ask]:perms Default ACL mask. d[efault]:u[ser]:uid:perms Default permissions for a specific user. For uid, you can specify either a user name or a numeric UID. Pradip Gudale d[efault]:g[roup]:gid:perms Default permissions389
setfacl Sets or replaces ACL
$ setfacl -s user::perms,group::perms,other:per ms,mask:perms,acl_entry_list filename ...
List of one or more ACL entries for specific user or group OR default on directory
$ setfacl -s user::rw-,group::r--,other:---, mask:rw-,user:mahesh:rw- ch1.doc $ ls -l Indicates file has an ACL total 124 Pradip Gudale 390 rwr+ 1 rajiv sysadmin 34816 Jul 11
Display ACLs Use the command getfacl $ getfacl ch1.doc # file: ch1.doc # owner: rajiv # group: sysadmin user::rw user:mahesh:rw #effective:rw group::r #effective:r mask:rw other: Pradip Gudale 391
ACL example $ setfacl -s u::7,g::4,o:0,m:4,u:mahesh:7 ch2.doc $ getfacl ch2.doc # file: ch2.doc # owner: rajiv # group: sysadmin user::rwx user:mahesh:rwx #effective:r group::r #effective:r Pradip Gudale mask:r
392
Copying ACL of one file to another $ getfacl ch2.doc | setfacl -f ch3.doc Taken from here and applied there
Pradip Gudale
Implies : Take from file
393
Modifying/ Deleting ACL entry $ setfacl -m acl_entry_list filename1 [filename2 ...] $ setfacl -m user:mahesh:6 ch3.doc $ setfacl -d acl_entry_list filename1 ... Pradip Gudale
394
Login information • Use logins command • # logins -x -l username (x:extended info) • # logins -x -l mahesh • mahesh 500 staff 10 Mahesh Kulkarni Picks info from or NIS • /export/home/mahesh/etc/passwd or NIS+ • /bin/sh 395 Password agingPradip infoGudale
Finding users not having passwords • # logins -p
Disabling logins temporarily Create /etc/nologin file with a message you want to display for login attempts and reboot the M/C Pradip Gudale
root login is not affected
396
Saving failed logins • Create /var/adm/loginlog file with read/write permissions to root only • failed login activity will be written to this file automatically after five failed attempts. • user’s login name, tty device, and time of the failed attempt is recorded. Pradip Gudale
397
Dial-up password • Another layer of security for users logging in via modem • only superuser can create or change • two files involved: /etc/dialups & /etc/d_passwd. list of shell programs that require an encrypted password /usr/lib/uucp/uucico:encrypted_ password: /usr/bin/csh:encrypted_password : Pradip Gudale /usr/bin/ksh:encrypted_password
list of ports that require a dial-up password /dev/term/a /dev/term/b 398
Mahesh logs in on /dev/term/b
Check the presence of port in this file... /etc/d_passwd Check “login shell” field of /etc/passwd & look for match in /etc/d_passwd Prompt for password Pradip Gudale
/etc/dialups /dev/term/a /dev/term/b
If no match found password entry of /usr/bin/sh is used Dial-up logins are disabled if /etc/d_passwd has only the following entry: 399 /usr/bin/sh:*:
Creating files for dialup password • With editor create files with entries • # chown root /etc/dialups /etc/d_passwd • # chgrp root /etc/dialups /etc/d_passwd • # chmod 600 /etc/dialups /etc/d_passwd • add some user with password with useradd 400 Delete all exceptPradip thisGudale And copy
Superuser login • From security angle it should be allowed only on console • Edit the /etc/default/login file. • Uncomment a line and make it CONSOLE=/dev/console • On other terminals users will have to login as some other user and do su to root which Pradip Gudale 401 can be monitored
Monitoring su attempts • Through the /etc/default/su file you can enable the /var/adm/sulog file to monitor all su attempts. Uncomment & keep SULOG=/var/adm/sulog • To get message on console also.. CONSOLE=/dev/console in /etc/default/su • Entry shows datePradip&Gudale time, success or 402
Sample /var/adm/sulog # more /var/adm/sulog SU 12/20 16:26 + pts/0 maheshroot SU 01/12 11:11 + pts/0 rootjoebob SU 01/12 14:56 pts/2 anuroot
Pradip Gudale
403
PART 1:
Scheduling Jobs
Pradip Gudale
404
Tasks at specific times • Task to be carried out only once at a specified time…. Use at command • Tasks to be executed repeatedly at regular intervals…( e.g. taking backup, removing contents of log files, probing system load).. Use crontab command • Files kept in /var/spool/cron • Files that control access to these command Pradip Gudale 405 are in /etc/cron.d
Entries inside crontab cron daemon scedules jobs according to entries found in crontab files; reads /var/spool/cron/crontabs directory every 15 minutes to take-up new files/changes 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog (run newsyslog at 3:10 every Sunday) 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ x /usr/sbin/rtc ] && /usr/sbin/rtc c > /dev/null 2>&1 30 3 * * * [ x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean Min hours day-of-month month day-of-the-week command Pradip Gudale
406
/var/spool/cron/crontabs/.. • Crontab file for root and few other users like adm, lp, sys, uucp exist • other users can create crontab files and they are named after their username e.g. /var/spool/cron/crontabs/mahesh • you need to be superuser to modify someone else’s crontab file Pradip Gudale
407
Creating crontab file • Use crontab -e command • crontab e invokes the text editor (default is ED) set up for your system environment EDITOR=vi; export EDITOR; • # crontab -e [username]… only superuser can create for other users Pradip Gudale
408
Check existence & display & remove • #cd /var/spool/cron/crontabs • #ls -l
rwrr 1 root sys 190 Feb 26 16:23 adm rw 1 root staff 225 Mar 1 9:19 mahesh rwrr 1 root root 1063 Feb 26 16:23 lp
• $ crontab l [username] … if superuser • $ crontab -l
13 13 * * * cp /home/anu/work_files Pradip Gudale /usr/backup/. > /dev/null
409
Controlling access to crontab • Accomplished through two files (in /etc/cron.d ) cron.allow and cron.deny • allowed users can create, edit, display and remove crontab files • By default cron.deny exists but not cron.allow • Only superuser can make these files Pradip Gudale
410
cron.allow & .deny rules • If cron.allow exists only the users listed in this • • • •
file can work with crontab files. If cron.allow doesn’t exist, all users may submit crontab files, except for users listed in cron.deny. If neither cron.allow nor cron.deny exists, superuser privileges are required to run crontab. So.. by default all users except listed in .deny are allowed to work with crontab So.. to deny a user, just add his name to cron.deny Pradip Gudale
411
In /etc/cron.d cron.allow exists ? So… to limit access to few users add their names to allow list. Don’t forget to add root there.
yes
no
cron.deny exists ? no Allow only superuser to work with crontab Pradip Gudale
Allow Allow not listed in this listed412users to work to work
*Error message for crontab -l • What do you make out of these ? crontab: can’t open your crontab file crontab: you are not authorized to use cron. Sorry. In the first case : crontab file doesnot exist In the second case: You are denied use of crontab Pradip Gudale
413
at
jobs
• Execution at a later time • executed only once • By default, users can create, display, and remove their own at job files. • When submitted an at job, it is assigned a job identification number along with the .a extension that becomes its file name. Pradip Gudale
414
How to submit an at job • Invoke at command with time as argument • enter the command to be executed later make sure to send output to a file if required • press control-d to come out to prompt $ at 11:45pm July 31 at> rm /home/export/mahesh/*core* at> Press Control-d commands will be executed using /bin/csh job 933486300.a at Sat Jul 31 23:45:00 Pradip Gudale 415 2001
Submitting at job $ at [-m] time [date] Sends mail once job is done $ at 4 am Saturday at> sort -r /usr/dict/words > /export/home/anu/big.file cntrl-d
Pradip Gudale
416
Displaying at jobs $ atq Rank Execution Date Owner Job Queue Job Name 1st Jul 12, 1999 19:30 anu 897355800.a a stdin 2nd Jul 14, 1999 23:45 anu 897543900.a a stdin $ at -l [job-id] shows execution times 3rd Jul 17, 1999 04:00 anu of your job 897732000.a a stdin $ at -l 897543900.a Mon Jul 16 23:45:00 2001 897355800.a Tue Jul 17 19:30:00 2001 897732000.a Wed Jul 18 04:00:00 2001 Pradip Gudale
417
Removal of at jobs $ at -l 897543900.a Wed Jul 14 23:45:00 1999 897355800.a Mon Jul 12 19:30:00 1999 897732000.a Sat Jul 17 04:00:00 1999 $ at -r 897732000.a $ at -l 897732000.a at: 858142000.a: No such file or directory Pradip Gudale
418
Access to at command • The policy is similar to one for crontab • it is done through at.allow and at.deny lists under /etc/cron.d directory • print server • boot server • install server • name server • mail server Pradip Gudale 419
SYSTEM CONCEPTS
Pradip Gudale
1
Operating System • Definition : Set of programs that manage all computer operations and provides an interface between the User and the System Resources • Main parts of OS are Kernel, Shell and File structure
Pradip Gudale
2
Kernel • Manages devices, memory processes and daemons • controls the functions (transfer) between programs and hardware • schedules & executes processes • Manages swap & daemons
Pradip Gudale
3
H/W KERNEL
Shell
Pradip Gudale
4
OS shells • Bourne shell ($) : default, AT & T Unix • C shell (%) : similar features as Korn shell • Korn shell ($) : superset of Bourne shell; adds aliasing, history and command line editing
Pradip Gudale
5
FS structure • Directory hierarchy • topmost directory is root • /usr, /opt, /dev, /export/home, /kernel (genunix resides here)
Pradip Gudale
6
termionology • Host : a computer system • host name : unique; each on network must have hostname • Ip address : number used by networking s/w • client : host that uses services from other hosts • server : host that provides service • network : group of connected hosts Pradip Gudale
7
Examples of server • • • • • •
File server print server8 boot server install server name server mail server Pradip Gudale
8
PART 1:
Managing Users & Groups
Pradip Gudale
9
Solaris Users and Groups • role-based access control (RBAC) provides a flexible way to package superuser privileges • Special type of User Account called “Role”
Pradip Gudale
10
User Account Information • • • •
User Name Password User’s Home Directory Initialization Files
Pradip Gudale
11
User => Group • You add a User to a particular Group • This is to give access for a particular file or directory to a set of users
Pradip Gudale
12
User ID Numbers Login Accounts Reserved For … --------------------------------------------------------------0 - 99 root, daemon, bin, sys, etc. System accounts 100 - 2147483647 Regular users General purpose accounts 60001 nobody Unauthenticated users 60002 noaccess Compatibility with Solaris 2.0 and compatible versions and SVR4 releases Pradip Gudale
13
PASSWORD • Password aging feature • must be changed after specified period • cannot be changed within specified period
Pradip Gudale
14
Home directories • • • •
Usually /export/home/username Can be on local m/c or file server accessed via /home/username if automounter is used it does not allow you to vreate anything under /home
Pradip Gudale
15
User’s Initialization Files • • • •
.login .cshrc .profile System initialization files are /etc/.login and /etc/profile
Pradip Gudale
16
Groups…. Each group to have • group name • group ID • list of users that belong to the group
Pradip Gudale
17
groups • Each user can be assigned to two types of groups…. 1 Primary and 16 secondary • Files created by user are assigned GID of the group the user primarily belong to • secondary group not important for files…. It is useful for some applications like admintool which expects user to belong to sysadmin group GID 14 Pradip Gudale
18
Groups • groups command lists all groups user belongs to • primary group of the user can be temporarily changed using newgrp command to any other group user is a member of
Pradip Gudale
19
Management of users and groups • Local system… use admintool with CDE or commands like useradd, groupadd etc • local/remote system… use adminsuite with CDE Add a User Account NIS+ nistbladm & nisclient NIS useradd & make None useradd Pradip Gudale
20
Where information is stored ? • /etc/passwd and /etc/shadow • username:password:uid:gid:commen t:homedirectory:login-shell • e.g. root:x:0:1:Super User:/:/sbin/sh rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978 • e.g.
Pradip Gudale
21
PART 1:
Initialization Files
Pradip Gudale
22
Initialization Files example of .profile
PATH=$PATH:$HOME/bin:/usr/local/bin:/usr/c cs/bin:. 1 MAIL=/var/mail/$LOGNAME 2 NNTPSERVER=server1 3 MANPATH=/usr/share/man:/usr/local/man 4 PRINTER=printer1 5 umask 022 6 export PATH MAIL NNTPSERVER MANPATH PRINTER 7 Pradip Gudale
23
Customization of Environment • Solaris provides template files in /etc/skel • For Bourne Shell /$HOME/.profile • For C Shell /$HOME/.cshrc and /$HOME/.login • For korn Shell .profile and /$HOME/$ENV
Pradip Gudale
24
/etc/skel C Shell /etc/skel/local.login /etc/skel/local.cshrc Bourne or Korn
/etc/skel/local.profile
Pradip Gudale
25
Job control History list No Yes No Yes No
Yes
BOURNE C Shell Korn Shell Yes Yes Yes No Yes Yes Yes Yes Yes
ng No
Yes
Yes
d No Yes No Yes Yes from No Yes Pradip Gudale 26 No Yes No
Shell environment • Environment variables : upper case .. Use setenv command • shell (local) variables : lower case.. Use set command. E.g. user term home and path • C shell setenv VARIABLE value • Bourne or Korn shell VARIABLE=value; export Pradip Gudale VARIABLE
27
Environment variables • LPDEST Sets the user’s default printer. • MAIL Sets the path to the user’s mailbox. • MANPATH Sets the hierarchies of man pages available. • OPENWINHOME Sets the path to the OpenWindows subsystem. Pradip Gudale
28
Variables… cntd • prompt Defines the shell prompt for the C shell. • PS1 Defines the shell prompt for the Bourne or Korn shell. • SHELL (or shell in • the C shell) • Sets the default shell used by make, vi, and other tools. Pradip Gudale
29
Variables.. cntd • PATH=/usr/bin:/usr/sbin:/opt/SUNWmd/ • CDPATH=/export/home/rajiv • TERM (or term in the C shell) Defines the terminal. This variable should be reset in /etc/profile or /etc/.login. When the user invokes an editor, the system looks for a file with the same name as the definition of this environment variable. Pradip Gudale
30
umask Default permissions given for file or directory when created, by subtracting umask value from 666 or 777 file directory 0 rw rwx 1 rw rw 2 r rx 3 r r 4 w wx 5 w w 6 x x Pradip Gudale 7 (none) (none)
31
PART 1:
Booting & Run Levels
Pradip Gudale
32
Booting & Shutdown • What’s new in this release ? • What was the method used earlier ? • How do we boot Intel Platform Solaris ?
Pradip Gudale
33
Terminology • init state • run level • Which process helps change run-levels
Pradip Gudale
34
Types of Boot • Interactive • Reconfiguration • Recovery
Pradip Gudale
35
Shutdown commands • init • shutdown Which one is better ? Why ? Can anybody shutdown the system ?
Pradip Gudale
36
When do you need to change run_levels ? • • • • •
Add new h/w backup-restore retune kernel parameters repair system configuration file known power outage
Pradip Gudale
37
Run control How to Determine a System’s Run Level ? How to Use a Run Control Script to Stop or Start a Service ? How to Add a Run Control Script ? How to Disable a Run Control Script ?
Pradip Gudale
38
Current run level ? $ who -r . runlevel 3 Sep 1 14:45 3 0 S Since when ?
Number of times at this RL since last boot Pradip Gudale
privious
39
/etc/inittab file Provides three important items to init process The system’s default run level What processes to start, monitor, and restart if they terminate What actions to be taken when the system enters a new run level
Pradip Gudale
40
/etc/inittab entries Each entry in the /etc/inittab file has the following fields:
id:rstate:action:process Unique id Applies to these run levels How the process is to be run
The command to execute
Pradip Gudale
41
/etc/inittab entries ap::sysinit:/sbin/autopush f /etc/iu.ap is:3:initdefault: p3:s1234:powerfail:/usr/sbin/shutdown y i5 g0 >/dev/msglog 2<>/dev/console sS:s:wait:/sbin/rcS >/dev/msglog 2<>/dev/msglog
42
What happens when init runs 1. The init process is started and reads the /etc/default/init file to set any environment variables. By default, only the TIMEZONE variable is set. 2. Then init reads the inittab file to do the following: a. Identify the initdefault entry, which defines the default run level (3). b. Execute any process entries that have sysinit in the action field so that any special initializations can take place before users login. c. Execute any process entries that have 3 in the rstate Pradip Gudalerun level, 3. 43 field, which matches the default
Run control scripts • Each associated with rc.x script in /sbin • there is a corresponding directory /etc/rcx.d which contains [KS] [0-9] [0-9] * scripts for starting or stopping various services • The scripts are kept in /etc/init.d and are linked to files in /etc/rcx.d
Pradip Gudale
44
Sample /etc/rc2.d # ls /etc/rc2.d K07dmi S70uucp S75cron S91afbinit K07snmpdx S71ldap.client S75flashprom S91ifbinit K28nfs.server S71rpc S75savecore S92volmgt README S71sysid.sys S76nscd S93cacheos.finish S01MOUNTFSYS S72autoinstall S80PRESERVE S94ncalogd S05RMTMPFILES S72inetsvc S80lp S95IIim S20sysetup S72slpd S80spc S95amiserv S21perf S73cachefs.daemon S85power Pradip Gudale 45 S95ocfserv
Adding scripts How would you add a script to start/stop some service ?
Pradip Gudale
46
Adding scripts….
# cp filename # cp /etc/init.d filename /etc/init.d # chmod 0744 /etc/init.d/filename # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename # chown root:sys /etc/init.d/filename
# cd /etc/init.d # ln filename /etc/rc2.d/Snnfilename # ln filename /etc/rcn.d/Knnfilename Pradip Gudale
47
Summary of rc scripts /sbin/rc0 Performs the following tasks: Stops system services and daemons Terminates all running processes Unmounts all file systems
Pradip Gudale
48
/sbin/rc1 Stops system services and daemons Terminates all running processes Unmounts all file systems Brings the system up in single-user mode
Pradip Gudale
49
/sbin/rc2 Mounts all local file systems Enables disk quotas if at least one file system was mounted with the quota option Saves editor temporary files in /usr/preserve Removes any files in the /tmp directory Configures system accounting Configures default router Sets NIS domain and ifconfig netmask Reboots the system from the installation media or a boot server if either /.PREINSTALL or /AUTOINSTALL exists Starts inetd and rpcbind and named, if appropriate Pradip Gudale
50
/sbin/rc2…… cntd
Starts Kerberos client-side daemon, kerbd Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd), depending on whether the system is configured for NIS or NIS+, and whether the system is a client or a server Starts keyserv, statd, lockd, xntpd, and utmpd Mounts all NFS entries Starts nscd (name service cache daemon) Starts automount, cron, LP print service, sendmail, utmpd, and vold daemons Pradip Gudale
51
/sbin/rc3
bin/rc3 Runs the /etc/rc3.d scripts to perform the following tas Cleans up sharetab Starts nfsd Starts mountd If the system is a boot server, starts rarpd, rpc.bootparamd, and rpld Starts snmpdx (Solstice Enterprise Agents TM process).
Pradip Gudale
52
/sbin/rc5 and /sbin/rc6 /sbin/rc5 and / sbin/rc6 Runs the /etc/rc0.d/K* scripts to perform the following tasks: Kills all active processes Unmounts the file systems
Pradip Gudale
53
/sbin/rcS
Establishes a minimal network Mounts /usr, if necessary Sets the system name Checks the root (/) and /usr file systems Mounts pseudo file systems (/proc and /dev/fd) Rebuilds the device entries for reconfiguration boots Checks and mounts other file systems to be mounted in single-user mode
Pradip Gudale
54
Shutdown commands • • • •
Shutdown init reboot halt
Pradip Gudale
55
PART 1:
Booting of the system & BOOT PROM
Pradip Gudale
56
Prom monitor >n OK
Pradip Gudale
57
Prom monitor How to find PROM version ? How to change boot-device ? How to change boot-files ?
Pradip Gudale
58
Prom monitor : important commands • • • •
printenv setenv probe-scsi-all reset
Pradip Gudale
59
Boot command ok boot [boot-device] [boot-files] [boot options]
-a -s -r ………….Try it out Pradip Gudale
60
Boot over a network • Need to set up a boot server • rarp or dhcp protocols • for dhcp PROM version must be > 3.25 • ok nvalias net /pci@1f,4000/network@1,1:dhc p
Pradip Gudale
61
Stop system for recovery press Stopa or L1a. On terminals, press the Break key.
Pradip Gudale
62
Intel Solaris Solaris Boot Diskette Solaris Installation CD
Pradip Gudale
63
Boot process
Pradip Gudale
64
What all does a PROM do ?
Pradip Gudale
65
Boot phases • • • •
Boot prom phase boot program phase kernel initialization phase init phase
Pradip Gudale
66
Boot phases Boot prom :the PROM loads the primary boot program, bootblk bootblk program finds and executes the secondary boot program, ufsboot, and loads it into memory. ufsboot program loads the kernel. kernel initializes itself and begins loading modules kernel unmaps the ufsboot kernel creates a user process and starts the /sbin/init Pradip Gudale
67
PART 1:
Pradip Gudale
68
Volume Management Major Benefits
Pradip Gudale
69
/etc/init.d/volmgt • automatically mounts diskettes and CDs • enables you to access diskettes and CDs without having to become superuser. • allows you to give other systems on the network automatic access to any diskettes and CDs you insert into your Pradip Gudale 70 system
Manual mounting Steps Manual Mounting Automatic Mounting 1 Insert media. 2 Become superuser. 3 Determine the location of the media device. 4 Create a mount point. 5 Make sure you are not in the mount point directory. 6 Mount the device using the proper mount options. 7 Work with files 8 Become Superuser and unmount 9 Eject media Pradip Gudale
71
How to access from FDD/CD enter floppy and run volcheck Files on a diskette or Raw data on a diskette access through /vol/dev/aliases/floppy0 File Systems on floppy
access through /floppy/floppy0
Files on a CD : Enter The CD and wait for a few seconds
access through /cdrom/cdrom0
Pradip Gudale
72
Files copied from CD Remember…….. Files copied to disk will not have write permissions WHY ?
Pradip Gudale
73
How do you find who are using the CD ? # fuser -u [-k] /cdrom/cdrom0
Pradip Gudale
74
..How do you use CDROM connected to another M/C ? Prerequisite ? CDROM on other M/C must be shared..
Pradip Gudale
75
$ showmount -e system-name export list for systemname: /cdrom/sol_8_sparc (everyone) Become a superuser # mount -F nfs -o ro system-name:/cdrom/cd-name mountpoint
Pradip Gudale
…….Try this out 76
..How do you make CDROM on your system available to other systems ? Basically…. It-must-be-shared
Pradip Gudale
77
STEPS ….. # mkdir /dummy # vi /etc/dfs/dfstab ( Add the following line:) share -F nfs -o ro /dummy # eject cdrom0 # chmod 644 /etc/rmmount.conf # vi /etc/rmmount ( Add the following line to the File System Sharing section:) share cdrom* # chmod 444 /etc/rmmount.conf ( Load a CD.) # share Pradip Gudale
78
Configure a System to Play Musical CDs Edit /etc/rmmount.conf and add action line # Actions action cdrom action_workman.so path/workman Workman-options path The dir in which you have placed the Workman S/W workman-options The options allowed by the Workman S/W Pradip Gudale
79
“start and stop volume management” # /etc/init.d/volmgt start # /etc/init.d/volmgt stop
Pradip Gudale
80
Formatting floppies ...tasks • • • •
Load unformatted diskette Format diskette for dos Format diskette for ufs make ufs FS
Pradip Gudale
…...Try this out81
Known restriction.. Diskettes formatted for UFS are restricted to the hardware platform on which they were formatted. In other words, a UFS diskette formatted on a SPARC based platform cannot be used for UFS on an IA platform, nor can a diskette formatted on an IA platform be used on a SPARC based platform. This is because the SPARC and IA UFS formats are different. SPARC uses little-endian bit coding, IA uses big-endian. Pradip Gudale
82
Can format to 7 densities • 3.5” Extended • 5.25” High Density Density 2.88 Mbytes (HD) 1.2 Mbytes • 3.5” High Density • 5.25” Medium (HD) 1.44 Mbytes Density (DD) 720 Kbytes • 3.5” Medium Density • 5.25” Low Density (DD) 1.2 Mbytes 360 Kbytes • 3.5” Low Density 720 Kbytes Pradip Gudale
83
Formatting defaults... • the diskette drive formats a diskette to a like density unless instructed otherwise • a diskette can be formatted to its capacity or lower • a drive can format to its capacity or lower
Pradip Gudale
84
Use fdformat command with density option…. To Format a diskette as
In A Drive of
2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 720 Kbytes 1.2 Mbytes 720 Kbytes 720 Kbytes 360 Kbytes
2.88 Mbytes 2.88 Mbytes 1.44 Mbytes 1.44 Mbytes 1.44 Mbytes 1.2 Mbytes 1.2 Mbytes 720 Kbytes Pradip Gudale 720 Kbytes
fdformat Density option −E −H none −t nec −M −D or −t dos −D none −D none 85 −D
fdformat • fdformat -z to view options • start fdformat w/o density option to find out drive’s default density
Pradip Gudale
86
Formatting for ufs FS $ fdformat -v -U [density-options convenience-options]
verify
e.g. -D 720KB -e eject -f force ..no questions
Unmount if mounted
-b label Pradip Gudale
-z just show options
87
How to Place a UFS File System on a Diskette ? Command to create FS
/usr/sbin/newfs
options to this command
Where to make FS Type of FS ufs taken as default Pradip Gudale
88
Creating FS
/usr/sbin/newfs -v /vol/dev/aliases/floppy0
Displays status
Pradip Gudale
89
Auto mounting Invoke the volrmmount command using the −i option to notify Volume Management that the diskette is inserted.
$ volrmmount -i floppy0 Use
#ls /floppy
to confirm mounted ufs FS
Pradip Gudale
90
Formatting for DOS $ fdformat -v -U [density-options convenienceoptions]
-d 1.44MB for MS-DOS -d -D 720KB for MS-DOS
Pradip Gudale
91
Things to remember • volcheck -v command to notify volume management • floppy0 is symbolic link to floppy name • if nothing is found under /floppy it means floppy not mounted or not formatted • /floppy is same as /vol/dev/diskette0 • fuser -u [-k] floppy0 to find user and [kill] • if formatted but without name system refers to it as unnamed_floppy Pradip Gudale 92 • # ls /floppy/floppy0 to see
How to use floppy put in another M/C’s floppy drive ? Same as CDROM …… except…... Add the following lines to /etc/rmmount.conf on a system where floppy drive is connected and to be shared # File System Sharing
share floppy*
Pradip Gudale
93
How Volume Management works?
Pradip Gudale
94
Volume management • All removable media made available under /vol/dev /vol/dev
Drive ---
rdiskette0
diskette0
Pradip Gudale
95
Volume management
/vol/dev
Drive ---
rdiskette0
diskette0
Diskette name
Diskette name Pradip Gudale
96
CDROMs /vol/dev
dsk c0t6
rdsk c0t6
cdrom drive
Pradip Gudale
97
CDROMs /vol/dev
dsk c0t6
rdsk c0t6
cdrom drive
cd name
Pradip Gudale cd name
98
To make access more convenient, Volume Management uses two special mount points, /floppy and /cdrom.
/
floppy
cdrom
Volume Management mounts the /vol/dev/diskette0 and /vol/dev/dsk/c0t6 directories onto /floppy and Pradip Gudale /cdrom
99
Convenient mount points /floppy and /cdrom However, these mount points depend on proper formatting. If a diskette is formatted, the mount succeeds, but if it is unformatted, the mount fails and the diskette is only available under
/vol/dev/diskette0.
Pradip Gudale
100
Additional convenience symbolic links /floppy/floppy0 > /floppy/name > /vol/dev/diskette0/name /cdrom/cdrom0 > /cdrom/cd-name > /vol/dev/dsk/c0t6d0/cd-name The symbolic links for file system access simply link the directories /floppy/floppy0 and /cdrom/cdrom0 to the diskette inserted into the first diskette drive and the CD inserted into the first CD-ROM drive: Pradip Gudale
101
What’s the advantage of symbolic links ? enable you to access floppies and CDs without knowing their names. You can use the link names, floppy0 or cdrom0, instead.
Pradip Gudale
102
Symbolic links for raw device access /vol/dev/aliases/floppy0 > /vol/dev/rdiskette0/diskette-name /vol/dev/aliases/cdrom0 > /vol/dev/rdsk/c0t6d0/cd-name
Pradip Gudale
103
Purpose of symbolic links to enable you to access a raw-character diskette or CD without knowing its name use /vol/dev/aliases/floppy0 or /vol/dev/aliases/cdrom0 link names.
Pradip Gudale
104
compatibilities • Ufs : not compatible between Sparc and Intel • CDROM : HSFS type; No issues
Pradip Gudale
105
installation CDs, contain mixed formats; that is, part UFS, and part ISO 9660 standard the CD is split into slices 9660 portion : portable UFS portion : architecture-specific ISO 9660 UFS : Sparc UFS : Intel Pradip Gudale
106
Volume Management ignores un-related formats on CDs and mounts appropriate slice
Pradip Gudale
107
CD slices appear as…. $ ls /cdrom/cdrom0 S0 S2 $ ls /vol/dev/dsk/c0t6 S0 S2
Pradip Gudale
108
PART 1:
SOFTWARE ADMINISTRATION
Pradip Gudale
109
S/W administration • • • •
Adding and Removing S/W Checking Consistemncy understanding S/W packages Adding and removing patches
Pradip Gudale
110
What is a S/W Package ? Sun and other vendors distribute S/W in the form of Package package is a collection of files and directories in a defined format.
Pradip Gudale
111
Package Admin Commands Solaris provides utilities to understand the package format and istall, Remove and check packages pkgadd, pkgrm and pkgcheck Pradip Gudale
112
Admintool to manage S/W Add packages to a spool directory : Not possible Eliminate user interaction by using an administration file : Not possible
Pradip Gudale
113
S/W PACKAGE S/w files
Control files
Pkgadd interpretes
Pkadd uncompresses and installs in base directory Keeps track of what is installed
Pradip Gudale
114
#Pkgrm pkgname Removes all files for that package unless they are shared with another package
Pradip Gudale
115
Things to know…. How packages are named ? ….. SUNWutr, SUNWvolr How to see what are installed ? ….. Pkginfo / admintool How to install S/W for clients ? ….. Some part on server some on client Pradip Gudale
116
client-server scenario a piece of software might have a package with files that are installed on the client’s root file system and a package with files that are installed on the /usr file system, which the client typically mounts from a server.
Pradip Gudale
117
administration file Comes into play with -a option to pkgadd # pkgadd -a filename pkgname Looks for admin file in current dir OR in /var/sadm/install/admin Pradip Gudale
118
Uses of admin file... manipulate the base directory by setting the basedir keyword in a special file called an administration file. basedir=/usr/v5/sbin Avoid user interaction while adding or removing packages Quit installation if error encountered ……...etc.
Pradip Gudale
119
Response file…. Using a Response File A response file contains your answers to specific questions asked by an interactive package. An interactive package includes a request script that asks you questions prior to package installation, such as whether or not optional pieces of the package should be installed.
Pradip Gudale
120
Response file Use pkgask command to store your replies and use it as… pkgadd -r response-file …. To avoid user interaction Pradip Gudale
121
commands # pkgadd -a admin-file -d device-name pkgid ...
Default… /var/spool/pkg
Pradip Gudale
122
commands Verification of installed package... # pkgchk -v pkgid If pkgchk determines there are no errors, it returns a list of installed files. Otherwise, it reports the error. Pradip Gudale
123
What do you understand from this.. # mount -F nfs -o ro package-server:/latestpackages /mnt # pkgadd -d /mnt SUNWaudio .
Pradip Gudale
124
..and what do you think is this ? # pkgadd -d /cdrom/sol_8_sparc/s0/Solaris_8/Product -s /var/spool/pkg SUNWaudio
Pradip Gudale
125
Is this command OK ? # pkgadd SUNWman
Pradip Gudale
126
pkginfo Tells what packages are installed on the system $ pkginfo system SUNWaccr System Accounting, (Root) system SUNWaccu System Accounting, (Usr) system SUNWadmap System administration applications system SUNWadmc System Pradip Gudale 127 administration core libraries
Integrity of installed packages # pkgchk -dspooldir pkgid ... # pkgchk [ -a -c -v ] pkgid ... attributes
Default: both a & c
contents Pradip Gudale
128
$ pkginfo -l SUNWcar PKGINST: SUNWcar NAME: Core Architecture, (Root) CATEGORY: system ARCH: sparc.sun4u VERSION: 11.8.0,REV=1999.09.18.11.52 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: core software for a specific hardware platform group PSTAMP: humbolt19990821191439 INSTDATE: Sep 18 1999 11:53 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 95 installed pathnames 31 shared pathnames Pradip Gudale 129 35 directories
Removal of packages Always use #pkgrm [-s spooldir] pkgid Do not use “rm” to remove package files….. WHY ? Pradip Gudale
130
“Removal of packages” Can be done through admintool What is the prerequisite ? Be either super-user or member of sysadm group Pradip Gudale
131
patches • • • • •
What are they ? How are they distributed ? How are they numbered ? What happens when you install patches ? What happens when you remove patches ?
Pradip Gudale
132
What is a patch ? collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package
Pradip Gudale
133
Knowing what are applied # showrev -p # patchadd -p # pkgparam pkgid PATCHLIST # pkgparam pkgid PATCH_INFO_patchnumber Tells inst date and host from where applied Pradip Gudale
134
Patch distribution via www OR anonymous ftp http://www.sun.com For contract customers : Full sunsolve database and periodical CDs For others: general set of patches Pradip Gudale
135
ftp sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina).
Login as anonymous password as complete e-mail address pickup patches from /pubs/patches directory. Transfer mode : Pradip Gudale binary
136
Patch numbering 106925–02 Patch base code hyphen Patch revision Pradip Gudale
137
What happens when you install a patch ? • patchadd calls pkgadd • checks version of target system • updates patch packages pkginfo file with what are the patches getting obsoleted by this, what are other required patches by this and patches incompatible with this etc. • patch installation log is kept in /var/sadm/patch/patch138 number/log Pradip Gudale
Patch not installed if…... * The package is not fully installed on the host * The patch packages architecture differs from the system’s architecture *The patch packages version does not match the installed package’s version *There is already an installed patch with the same base code and a higher version number * The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file) * The patch being installed requires another patch that is not installed Pradip Gudale
139
Patch removal Means… backing out a patch All files modified by patch are restored back to original
Pradip Gudale
140
patchrm restores old files unless…. * The patch was installed with patchadd d (which instructs patchadd not to save copies of files being updated or replaced) * The patch has been obsoleted by a later patch * The patch is required by another patch patchrm keeps a log of the back out process in /tmp/backoutlog.process_id. This log file is removed if the patch backs Pradip out Gudale
141
PART 1:
DISK MANAGEMENT
Pradip Gudale
142
Disk geometry • • • • • • •
Bits and bytes Sectors Tracks Cylinders Heads Disk Controller Device drivers Pradip Gudale
143
……….more • • • •
Disk slices Disk Labels Cylinder Groups File Systems
Pradip Gudale
144
FS characteristics • Files are stored in FS • Each FS is assigned one slice i.e FS can not span multiple slices • In one slice only one FS can be go • To the OS each slice appears as independent disk • FS is a fully functional independent unit Pradip Gudale
145
Disk slices / partitions SPARC Platforms
IA Platforms
Whole disk given to the operating environment
FDISK partitioned Only one given to OE
8 slices maximum
one partition: 10 slices
slices are 0-7
slices are 0-9
Pradip Gudale
146
What gets stored ..where ? • • • • • • • •
Slice 0 : root--OS files and directories 1: Swap--workspace 2: Overlap 3: /export--diff arch os files for clients 4: /export/swap--swap for clients 5: /opt--applications added 6: /usr-- executables and library routines Pradip Gudale 7: /home or /export/home--user’s stuff
147
Intel specific…. • Slice 8: info that helps Solaris to boot from Hard Disk. Resides at the beginning of disk • Slice 9: alternate blocks for assignment in lieu of bad blocks
Pradip Gudale
148
Note on usage Do not use the following areas of the disk for raw data slices, which are sometimes created by thirdparty database applications: 1. Block 0, cylinder 0, where the disk label is stored. 2. Avoid cylinder 0 entirely for improved performance. 3. Slice 2, which represents the entire disk. A slice cannot be split between two or more disks. However, multiple swap slices on separate disks are allowed. Pradip Gudale 149
PART 1:
format utility
Pradip Gudale
150
format • • • •
Menu driven built-in utility For preparing hard disks for use does more than mere formatting disks Not for floppies, cdroms and mag tapes
Pradip Gudale
151
What all can “format” do ? • • • • • •
Search all connected devices and display display partition information modify partitions information label the disk analyze and repair the disk low level format the disk Pradip Gudale
152
Most common usage.. • Partition • label
Formatting is destructive process…. helps preparing unfromatted disk helps gather bad areas information Pradip Gudale
153
Disk Label
VTOC
Cylinder 0 Block 0 Sector 0
controller
geometry
Pradip Gudale
Partition tabel or slices 154
Partition tabel • Number : 0 to 7 • tag : 0=UNASSIGNED 1=BOOT 2=ROOT 3=SWAP 4=USR5=BACKUP 7=VAR 8=HOME numeric value that usually describes the file system mounted on this partition.
• flags : wm The partition is writable and mountable wu writable & unmountable -- swap rm read only & mountable
Pradip Gudale
155
Example partition table Total disk cylinders available: 2036 + 2 (reserved cylinders) Part Tag Flag Cylinders Size Blocks 0 root wm 0 300 148.15MB (301/0/0) 303408 1 swap wu 301 524 110.25MB (224/0/0) 225792 2 backup wm 0 2035 1002.9MB (2036/0/0) 2052288 3 unassigned wm 0 Pradip Gudale 156 0 (0/0/0) 0 sectors
# prtvtoc /dev/rdsk/c0t1d0s0 * /dev/rdsk/c0t1d0s0 partition map * Dimensions: * 512 bytes/sector * 72 sectors/track * 14 tracks/cylinder * 1008 sectors/cylinder * 2038 cylinders * 2036 accessible cylinders * Flags: * 1: unmountable * 10: readonly * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory Pradip Gudale 157 0 2 00 0
Formatting a disk Easiest way is to use “modify” option under format..partition
…try out extensively Pradip Gudale
158
Recovering the disk • • • •
Recover disk geometry i.e. label restore root FS if it is a boot disk restore usr FS if it is a boot disk ……..Then what ? Will it boot ?
Pradip Gudale
159
Put a boot block on the disk For Sparc: # installboot /usr/platform/sun4m/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0 `Uname -I`
For Intel:
# installboot /usr/platform/i86pc/lib/fs/ufs/pboot /usr/platform/i86pc/lib/fs/ufs/bootblk /dev/rdsk/c0t6d0s2 Pradip Gudale
160
Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup
Pradip Gudale
161
Recovering corrupted disk label Step 1: is to put back disk geometry automatic configuration or manual disk type specification. Select disk type number.
Step 2: use verify command to check backup label format> verify Step 3: backup label is put format> backup
Pradip Gudale
162
Support for third party disks supply either a device driver, a format.dat entry, or both of these. Unrecognized disks cannot be formatted without precise information about the disk’s geometry and operating parameters. This information is supplied in the /etc/format.dat file.
Pradip Gudale
163
Disk parameters example.. disk_type = "SUN2.1G" \ : ctlr = SCSI : fmt_time = 4 \ : ncyl = 2733 : acyl = 2 : pcyl = 3500 : nhead = 19 : nsect = 80 \ : rpm = 5400 : bpt = 44823 No of physical cyl No of alternate cyl
Pradip Gudale
Data sec per track
164
Specifying block nos to format command... * Block number as an integer OR *Block number in the cylinder/head/sector format Enter defective block number: 12345 Enter defective block number: 34/2/3
Pradip Gudale
165
Thumb rules for slice sizes Disk Size
Root File System
0 - 180 Mbytes 16 Mbytes 180 Mb - 280 Mb 16 Mbytes 280 Mb - 380 Mb 24 Mbytes 380 Mb - 600 Mb 32 Mbytes 600 Mb - 1.0 Gb 32 Mbytes 1.0 Gb - 2.0 Gb 64 Mbytes More than 2.0 Gb 128 Mbytes Pradip Gudale
Swap Slice 16 Mbytes 32 Mbytes 32 Mbytes 32 Mbytes 64 Mbytes 128 Mbytes 128 Mbytes 166
Analyze and repair a disk # format format> analyze analyze> setup
.. Select parameters Starting block loop Stop on first error Assign alternate block
format> repair
Pradip Gudale
167
tips and tricks Invoke format M to enable extended and diagnostic messages for using the format utility with SCSI devices only.
For labeling multiple disks with same partition table... # for i in 1 2 3 5 > do > prtvtoc /dev/rdsk/c2t0d0s0 | fmthard -s /dev/rdsk/c2t${i}d0s2 > done Pradip Gudale
168
FORMAT MENU: disk select a disk type select (define) a disk type partition select (define) a partition table current describe the current disk format format and analyze the disk repair repair a defective sector label write label to the disk analyze surface analysis defect defect list management backup search for backup labels verify read and display labels save save new disk/partition definitions inquiry show vendor, product and revision volname set 8character volume name quit Pradip Gudale 169
PART 1:
INTRODUCTION TO FILE SYSTEM AND ITS MANAGEMENT
Pradip Gudale
170
Overview of FS • It’s a collection of files & directories • structure in the form of file tree • data structure of a disk slice
Pradip Gudale
171
Types of FS • • • •
Disk based Network based vertual FS Solaris provides virtual file system architecture……This ficilitates standard interface to any type of FS
Pradip Gudale
172
Disk based FS ufs
hsfs
Default
ISO9660
based on BSD fast FS
on CDROm
pcfs Read/wr of dos formatted disks
udfs On optical media DVD
read only
Pradip Gudale
173
Network-based FS Typically, network-based file systems reside on one system, typically a server, and are accessed by other systems across the network.
NFS is the only available network-based or distributed computing file system.
Pradip Gudale
174
Virtual FS Memory based most of them do not use disk space cachefs and tmpfs do Pradip Gudale
175
cachefs Think about What is cache ? When is that used ?
Pradip Gudale
176
TMPFS Default FS for /tmp dir use swap space as backup disk space *The TMPFS file system can run out of space, just as a regular file system can fill up. * Because TMPFS allocates swap space to save file data (if necessary), some programs might not execute because there is not enough swap space. Pradip Gudale
177
Loop back FS The Loopback File System (LOFS) lets you create a new virtual file system, so you can access files by using an alternative path name.
e.g. create / FS under /tmp/newroot Pradip Gudale
178
procfs • Resides in memory • contains list of active processes by process number • commands like ps use it • do not administer or remove files from this
Pradip Gudale
179
Few other virtual FS FIFOFS (first-in first-out): Named pipe files that give processes common access to data FDFS (file descriptors): Provides explicit names for opening files using file descriptors NAMEFS: Used mostly by STREAMS for dynamic mounts of file descriptors on top of files SPECFS (special): Provides access to character special and block devices SWAPFS: File system used by the kernel for swapping Pradip Gudale
180
FS related commands df
fsck
volcopy labelit
ff
clri Clear inodes
mount newfs
ncheck
fstyp
Lists file names with inode nos
Gudale List filePradip names with statistics
181
How commands decide FS type • -F option • match in vfstab entry • look in /etc/default/fs and /etc/fs/fstypes entries for local and remote FSs Note: # man mount # man mount_ufs Pradip Gudale
182
Default solaris FSs • root /: essential files to make system work; boot programs, kernel, device drivers, mount points • /usr: sharable files, library programs, those that run on specific platform • /export/home: user’s home directories • /var: changing/growing files, vi & ex backup, log files • /opt: third party application s/w Pradip Gudale 183
DEFAULT DIRECTORIES UNDER /DEV
/dev/cfg Symbolic links to physical ap_ids /dev/cua Device files for uucp /dev/dsk Block disk devices /dev/fbs Frame buffer device files /dev/md Logical volume management meta-disk devices /dev/fd File descriptors /dev/pts pty slave devices /dev/rdsk Raw disk devices /dev/rmt Raw tape devices /dev/sad Entry points for the STREAMS Administrative Dri /dev/sound Audio device and audio device control files /dev/swap Default swap device /dev/term Serial devices Pradip Gudale
184
Default directory under /etc /etc Host-specific sys admin config files & databases /etc/acct Accounting configuration information /etc/cron.d Configuration information for cron /etc/default Defaults information for various programs /etc/dmi Solstice Enterprise Agents /etc/dhcp DHCP config files configuration files /etc/fn Federated Naming Service and x.500 /etc/dfs Config information for shared file support files systems /etc/fs Binaries organized byFS types for operations required before /usr is mounted /etc/gss Generic Security Service (GSS) Appl Program Pradip Gudale 185 Interface configuration files /etc/inet Configuration files for Internet services
/etc/init.d Scripts for changing between run levels /etc/lib Dynamic linking libraries needed when /usr is not available /etc/llc2 Logical link control (llc2) driver configuration files /etc/lp Configuration information for the printer subsystem /etc/mail Mail subsystem configuration information /etc/net Configuration information for TI (transportindependent) network services /etc/nfs NFS server logging configuration file /etc/openwin OpenWindows configuration files /etc/opt Configuration information for optional packages /etc/rc0.d Scripts for entering/leaving run 186 level Pradip Gudale 0
/etc/rcS.d Scripts for bringing the system up in single user mode /etc/rpcsec This directory may contain a NIS+ authentication configuration file /etc/saf Service access facility files (including FIFOs) /etc/security Basic Security Module (BSM) configuration files /etc/skel Default profile scripts for new user accounts /etc/tm Trademark files; contents displayed at boot time /etc/uucp uucp configuration information 187 Pradip Gudale
/export Default directory for users’ home directories, client file systems, or other shared file systems /home Default directory or mount point for a user’s home directory on a standalone system. When AutoFS is running, you cannot create any new entries in this directory. /kernel Directory of platform-independent loadable kernel modules required as part of the boot process. It includes the generic part of the core kernel that is platform independent, /kernel/genunix. /platform and /usr/platform directory structure. /mnt Convenient, temporary mount point for file systems /opt Default directory or mount point for add-on application packages /sbin Essential executables used in the booting process and in manual system failure recovery /stand Standalone programs Pradip Gudale 188 /tmp Temporary files; cleared during boot sequence
/var Directory for varying files, which usually inclu temporary, logging, or status files /var/adm System logging and accounting files /var/audit Basic Security Module (BSM) audit files /var/crash Default depository for kernel crash dumps /var/cron cron’s log file /var/dmi Solstice Enterprise Agents Desktop Management Interface (DMI) run time components /var/dt dtlogin configuration files /var/ftp FTP server directory /var/inet IPv6 router state files /var/log System log files /var/lp Line printer subsystem logging information /var/mail Directory where users’ mail is kept /var/news Community service messages (note: not the same USENET-style news) /var/nis NIS+ databases Pradip Gudale 189
/var/nfs NFS server log files /var/ntp Network Time Protocol (NTP) server state directo /var/opt Root of a subtree for varying files associated with software packages /var/preserve Backup files for vi and ex /var/run Temporary system files that are not needed across system reboots. This is a TMPFSmounted directory. /var/sadm Databases maintained by the software package management utilities /var/saf saf (service access facility) logging and accounting files /var/spool Directories for spooled temporary files /var/spool/cron cron and at spool files Pradip Gudale lock files 190 /var/spool/locks pooling
/var/spool/lp Line printer spool files /var/spool/mqueue Mail queued for delivery /var/spool/pkg Spooled packages /var/spool/uucp Queued uucp jobs /var/spool/uucppublic Files deposited by uucp /var/statmon Network status monitor files /var/tmp Directory for temporary files; not cleared during boot sequence /var/uucp uucp log and status files /var/yp NIS databases (for backwards compatibility with NIS and unnecessary after full transition Pradip Gudale 191 to NIS+)
/usr 4lib SunOS 4.1 binary compatibility package libraries 5bin Symbolic link to the /usr/bin directory X Symbolic link to the /usr/openwin directory adm Symbolic link to the /var/adm directory aset Directory for Automated Security Enhancement Tools (ASET) programs and files bin Location for standard system commands ccs C compilation programs and libraries demo Demo programs and data dict Symbolic link to the /usr/share/lib/dict directo which contains the dictionary file used by the UNIX spell program dt Directory or mount point for CDE software games An empty directory, which is a remnant of the SunOS 4. 4.1 software Pradip Gudale
192
Under /usr
include Header files (for C programs, etc.) java* Directories containing Java prog and libraries kernel Additional kernel modules kvm Implementation architecture-specific binaries and libraries lib Various program libraries, architecturedependent databases, and binaries not invoked directly by the user local Commands local to a site mail Symbolic the /var/mail directory man Symbolic link tolink the to /usr/share/man directory
net Directory for network listener services news Symbolic link to the /var/news directory oasys Files pertaining to the Form and Menu Language Pradip Gudale 193 Interpreter (FMLI) execution environment
old Programs that are being phased out openwin Directory or mount point for OpenWindows S/W perl5 Perl 5 programs and documentation platform preserve Symbolic link to the /var/preserve directory proc Directory for the proc tools pub Files for online man page and character processing sadm Various files and directories related to sys admin sbin Executables for system administration sbin/static Statically linked version of selected programs from /usr/bin and /usr/sbin share Architecture-independent sharable files share/lib Architecture-independent databases share/src Source code for kernel, libraries, and utilities Gudale 194 snadm Programs andPradip libraries related to system and
Under /usr spool Symbolic link to the /var/spool directory src Symbolic link to the share/src directory tmp Symbolic link to the var/tmp directory ucb Berkeley compatibility package binaries ucbinclude Berkeley compatibility package header files ucblib Berkeley compatibility package libraries vmsys Directory Framed Access Pradipfor Gudale 195 Command Environment (FACE)
/platform & /usr/platform Dir /platform Contains a series of directories, one per supported platform that need to reside in the root (/) file system. /platform/*/kernel Contains platform-dependent kernel components, including the file unix, the core kernel that is /usr/platform Contains platformplatform dependent. dependent objects that do not need to reside in the root (/). /usr/platform/*/lib Contains platform-dependent objects similar to those found in the /usr/lib /platform/*/sbin Contains Pradip Gudale 196 platform-dependent objects similar
/var/run in Solaris 8 Temporary MEMORY based FS for systems files not required across boot /tmp continues to be temporary FS for non-system files Pradip Gudale
197
New in Sol 8 /etc/mnttab now MNTFS read only. Sync guarunteed. Earlier it was text-based and modifiable. Likely out of sync. Pradip Gudale
198
New in Sol 8 The Solaris 7 11/99 or the Solaris 8 release UDF FS the industry-standard format for storing information on the optical media technology called DVD (Digital Versatile Disc or Digital Video Disc) is included in this Solaris release.
Dynamically loadable modules
SUNWudfr — 32–bit kernel component SUNWudfrx — 64–bit kernel component Pradip Gudale
199
udf FS management Display FS parameters # mkfs -F udfs -m /dev/rdsk/device-name
Create UDF FS # mkfs -F udfs /dev/rdsk/device-name
Check it is UDF type .. # fstyp -v /rdev/dsk/device-name
Check its integrity.. # fsck -F udfs /dev/rdsk/device-name Mount .. Pradip Gudale
# mount -F udfs /dev/dsk/device-name /mount-
200
swap • Some disk slices used as swap instead of FS • used as virtual memory • plan how much swap space to allocate
Pradip Gudale
201
ufs FS features • State flags:Show the state of the file system: clean, stable, active, logging, or unknown. These flags eliminate unnecessary file system checks. If the file system is “clean,” “stable,” or “logging,” file system checks are not run.
• Large FS: Upto 1TB. How do you get this big slice ?
• Large Files: By default > 2Gb. How to make it < 2GB ? …. Use “nolargefiles” option
Pradip Gudale
202
What is ufs logging ? UFS logging is the process of storing transactions (changes that make up a complete UFS operation) in a log before the transactions are applied to the UFS file system.
Transcations can be applied later Like journalling in IBM Pradip Gudale
203
Advantages of ufs logging • Inconsistent transactions discarded; only complete transactions applied ensuring consistent FS and hence no fsck required at reboot • reboot is very fast; very useful on large FS Logging is not by default enable it using -o logging Pradip Gudale option to mount 204
Planing ufs FS • Distribute I/O load. /export/home and swap across disks • keep it logical.. Put all project or group files into one FS • have root, usr and swap on system disk • make no more than 2 or 3 FS on others. Make them roomier. (Less fragmentation and easy to backup) Pradip Gudale
205
PART 1:
MOUNTING FS
Pradip Gudale
206
mounting • root always mounted at boot time • others mounted and unmounted as required • you need a mount point
Pradip Gudale
207
Root /
/opt
usr
Mount point Unbundled
File system
app1 file1 file2
Pradip Gudale
208
mnttab and vfstab • Reside under /etc • mnttab tells what is mounted • vfstab specifies what is to be mounted, where and required parameters to do that
Pradip Gudale
209
Example mnttab $ more /etc/mnttab /dev/dsk/c0t0d0s0 / ufs rw,intr,largefiles,onerror=panic,suid,de v=2200000 938557523 /proc /proc proc dev=3180000 938557522 fd /dev/fd fd rw,suid,dev=3240000 938557524 mnttab /etc/mnttab mntfs dev=3340000 938557526 swap /var/run tmpfs dev=1 938557526 swap /tmp tmpfs dev=2 938557529 Pradip Gudale 210 /dev/dsk/c0t0d0s7 /export/home ufs
Example vfstab $ more /etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no /proc /proc proc no /dev/dsk/c0t0d0s1 Pradip Gudale 211 swap no
NFS features • File resource on server and others share it; server maintains list of shared resources • actual loaction of resource irrelevant to user • commonly used sharable s/w is accessed through nfs e.g. man files • upgradation/change to resource can be easily managed Pradip Gudale
212
autofs mounting for NFS • • • • • • •
Client side service in NFS resource gets mounted when you access it remains mounted as long as you are in it gets unmounted when not used for ... Time boot time saved user need not know root passwd to mount n/w trafic reduced Pradip Gudale
213
autofs serviced by... • Autofs service … automountd • can specify alternate server to mount same FS • can use NIS, NIS+ or files • /home is usually auto-mounted
Pradip Gudale
214
cachefs • • • • • • •
Want to improve performance of NFS ?… It is a layered FS One FS is mounted on another It’s a caching mechanism. Good for PPP. reduces server and network load. client per server ratio goes up combine autofs and cachefs to improve scalability & performance Pradip Gudale
215
Creating file systems • Need to create if you add a new disk, change partiotion structure, restore full from tapes • need contiguous formatted cylinders • use newfs device-name (front-end of mkfs)
Pradip Gudale
216
newfs # newfs [-N][-b size][-i bytes] /dev/rdsk/device-name Tells parameters that would get passed to mkfs without actually creating FS
Block size
Pradip Gudale
No of bytes per inode
217
*Creating tmpfs FS Do not use newfs …. # mount -F tmpfs [-o size=number ] swap mount-point
Note: creating multiple tmpfs has no benefit… why ? How will you create tmpfs at boot time ? Swap /export/test tmpfs Pradip Gudale yes
218
Creating loop back FS Do not use newfs # mount -F lofs loopback-directory mountpoint
How to make it at boot time ? / /tmp/newroot lofs yes Pradip Gudale
219
MOUNTING FILE SYSTEMS
Pradip Gudale
220
mounting • mount, mountall [-l|-r]commands • Inconsistent FS are not mounted • common options are:
Pradip Gudale
221
Mount options.. -o bg | fg NFS first attempt fails, retries in the background (bg) or in the foreground (fg). hard | soft NFS Specifies the procedure if the server does not respond. soft indicates that an error is returned. hard indicates that the retry request is continued until the server responds. The default is hard. intr | nointr NFS Specifies whether keyboard interrupts are delivered to a process that is hung while Gudale 222 waiting forPradip a response on a hard-mounted file system. The default is intr
Mount options.. -o For ufs -o logging
Log space used from FS; 1MB per 1GB; max 64MB
default nologging
-o nolargefiles default largefiles -o noatime
default atime
Pradip Gudale
223
-o options …. cntd Remount All Changes the mount options associated with an already-mounted file system. This option can be used with any option except ro, retry=n NFS Retries the mount operation when it fails. n ro | rw All Specifies read/write or read-only. The default is read/write. The default option for HSFS is ro. suid | nosuid All Allows or disallows setuid execution. The default is to allow setuid execution. Pradip Gudale 224
Entries in vfstab • Dev to mount : block dev, resource name or /proc for proc FS type • dev to fsck : raw device • mount point : directory • FS-type : type of file system • fsck pass: “-” not checked; “0” ufs not checked; “1” checked one at a time; ”>1” and -o preen then checked parallely Pradip Gudale
225
Entries in vfstab …. cntd • Mount at boot : yes/no specifies whether to mount at boot; “no” for /, /usr,/var,/proc and /dev/fd. These get mounted by other method and not by mountall command • mount options: “-” or comma separated list
Pradip Gudale
226
Remounting without large files option When you mount a file system, the largefiles option is selected by default, which enables you to create files larger than 2 Gbytes. Once a file system contains large files, you cannot remount the file system with the nolargefiles option or mount it on a system running Solaris 2.6 or compatible versions, until you remove any large files and run fsck to reset the state to nolargefiles.
Pradip Gudale
227
How do you find files > 2GB ? # cd mount-point # find . -xdev -size +20000000 -exec ls -l {} \;
Pradip Gudale
228
Mounting NFS File System # mount -F nfs [-o mount-options] server:/directory mount-pt
Pradip Gudale
229
Mounting pcfs (DOS) FS # mount -F pcfs [-o rw | ro] /dev/dsk/devicename:logical-drive mount-point
Dos logical drive letter or number c to z or 1 to 24
Device name of whole disk /dev/dsk/c0t0d0p0
c or 1 : primary DOS slice rest : extended DOS slice Pradip Gudale
230
unmounting FS • • • •
umount or umountall you must be superuser FS must be available for unmounting FS must not be busy or in use : Changing to a directory in a different file system. Logging out of the system. Using the fuser command to list all processes accessing the file system and to stop them if necessary. # fuser -c [-u] [-k] mount-point Unsharing the file system Pradip Gudale
231
PART 1:
File System structure
Pradip Gudale
232
File system Disk Disk slice Cylinder groups
Pradip Gudale
Addressable blocks UFS has 4 types 233
Ufs blocks • Boot block : info for booting; only in first cylinder group;cyl 0; 8k size • super block : info on file system • inodes : info on file • data block : data inside the file
Pradip Gudale
234
superblock Replicated in each cylinder group * Size and status of the file system * Label (file system name and volume name) * Size of the file system logical block * Date and time of the last update * Cylinder group size * Number of data blocks in a cylinder group * Summary data block * File system state: clean, stable, or active * Path name of the last mount point A summary information block is kept with the superblock. Pradipchanges Gudale It is not replicated. Records as FS is used. 235
inode Keeps all info on file except its name. 128 Bytes The type of the file (regular.dir,char, block,link,fifo,socket) The mode of the file (the set of read-write-execute permissions) The number of hard links to the file The user ID of the owner of the file The group ID to which the file belongs The number of bytes in the file An array of 15 disk-block addresses The date and time the file was last accessed The date and time the file was last modified The date and time the file was created Array of 15 addresses Pradip Gudale 236
Inode contents
Type of file
uid Direct pointer to data block
No of bytes
8k data block 8k data block
12 direct
8k data block
pointers Indirect pointer
8k data block
2k pointers
Pradip Gudale
Double indirect pointer Triple indirect pointer
237
Data blocks • • • • • •
Rest of the space allocated to data blocks block size decided at FS creation time default is 8k fragmentation is 1k blocks contain data for file blocks contain files names & their inode number in a directory Pradip Gudale
238
Cylinder group 0
Cylinder group 1
Bootblock (8 Kbytes) Superblock
Storage Blocks
Cylinder Group Map
Superblock
Inodes
Cylinder Group Map
Storage Blocks
Inodes Storage Blocks
Pradip Gudale
239
FS parameters • Block size: logical that kernel uses (physical • • • • •
that disk controller uses is 512 bytes) Fragment size Minimum free space Rotational delay Optimization type Number of files Pradip Gudale
240
“block size” What should I consider while deciding block size ? How does it impact ? Do I want to increase efficiency ?.. And I don’t care much for disk space Do I have many small files in my FS ? Pradip Gudale
241
Fragment size • Smaller than block-size is allocated during file expansion • trade of between time and space • decide based on number & size of files
Pradip Gudale
242
“Minimum free space” • Kept aside in reserve (1% to 10%) • As users go on consuming FS space, ufs efficiency goes down; df reports available space excluding reserve • only superuser can use reserve space When will df report more than 100% usage ? What command to use to change free space value ? Pradip Gudale
….tunefs
243
Rotational delay • Principle: knowing CPU data transfer speed and disk rotational speed, block allocation routine can place next block address to block just coming under the head & ready for read/write • Not very useful in modern disk with cache
Pradip Gudale
244
Number of files • Depends on number of inodes… Why ? • You can specify number of bytes per inode (i.e number of bytes per file and not number of bytes required to store inode info) • FS size/bytes per inode gives no of files Conventional defaults FS Less than or equal to 1 Gbyte FS Less than 2 Gbytes FS Less than 3 Gbytes Pradip Gudale FS 3 Gbytes or greater
2048 4096 6144 8192
245
Creating FS newfs [Nv] [mkfs_options] raw_device -s size -t ntrack
Tracks per cyl
-b bsize -f fragsize -c cgsize Cylinder per cyl group -m free ..etc Pradip Gudale
see man page 246
PART 1:
FSCK
Pradip Gudale
247
File system integrity • It is the consistency and integrity of internal tables of FS. This is lost if Sudden power failure accidental unplugging of system system crash improper shutdown
Pradip Gudale
248
Principle behind fsck • Uses redundant information available across various tables in the FS • Goes through superblock, inodes and data blocks • runs in phases -- means reads tables multiple number of times • salvages as far as possible • ever noticed lost+found directory under Pradip Gudale 249 newly created directory ?
Probable recovery.. The fsck program places files and directories that are allocated but unreferenced in the lost+found directory. The inode number of each file is assigned as the name.
Pradip Gudale
250
FS state flag • • • •
Stored in super block flag checked by /sbin/rcS while booting flag checked by fsck when run Flags FSACTIVE: mounted & modified FSBAD : / mounted when state not FSCLEAN/FSSTABLE FSCLEAN: mounted properly FSSTABLE:mounted & unmodified FSLOG: mounted with logging Pradip Gudale
251
How fsck tries to salvage • Due to buffering in memory FS state on disk always lags behind that in core • written to disk when buffer is required or kernel runs fsflush periodically • fsck reads summary info in superblock--FS size, no of inodes, free blocks count and free inode count • checks free block map. Cross checks that Gudale 252 free blocks are notPradip claimed ny files
Salvage……. cntd • No of free + no claimed by inodes=total blk • count of free inodes in summary=actual free inodes ?.. NO.. Modify summary info • link count in inode.. No directory entry exists for that inode no although inode contains valid info. Put file in lost+found • Duplicate blocks: data block claimed by 253 inodes of two filesPradip Gudale
Sample fsck output.. # fsck /dev/rdsk/c0t0d0s7 ** /dev/rdsk/c0t0d0s7 ** Last Mounted on /export/home ** Phase 1 Check Blocks and Sizes ** Phase 2 Check Pathnames ** Phase 3 Check Connectivity ** Phase 4 Check Reference Counts ** Phase 5 Check Cyl groups 2 files, 9 used, 2833540 free (20 frags, 354190 blocks, 0.0% fragmentation) No of frags No of inodes
Number of unused fragments
Pradip Gudale
Number of unused full blocks
% frag 254
How to see if FS need checking.. # fsck -m /dev/rdsk/c0t0d0s6 ** /dev/rdsk/c0t0d0s6 ufs fsck: sanity check: /dev/rdsk/c0t0d0s6 needs checking To check FS interactively…. #fsck Pradip Gudale
255
Preening ufs file system The preen option to fsck (fsck o p) checks UFS file systems and automatically fixes the simple problems that normally result from an unexpected system shutdown. It exits immediately if it encounters a problem that requires operator intervention. The preen option also permits parallel checking of file systems. Pradip Gudale
256
How to restore superblock Find back-up superblock # newfs -N /dev/rdsk/device-name
run fsck with another superblock # fsck -F ufs -o b=block-number /dev/rdsk/dev-name
Pradip Gudale
257
Fixing that fsck could not.. • • • •
Run fsck multiple times carefully read error messages and act use fsdb, clri, ff, ncheck etc…. See man if could not fully recover try mounting read only and retrieve data
Pradip Gudale
258
PART 1:
BACKUP & RESTORE
Pradip Gudale
259
*Why do you need backup ? • • • • •
System crashes accidental deletion natural disaster hardware failures mistakes in installation or upgrade
Pradip Gudale
260
Backup methods • Backup file systems : ufsdump • backup NIS+ server : nisbackup • backup all on N/W from server : solstice backup s/w • backup/list files : cpio, tar, pax • backup as raw dump : dd Pradip Gudale
261
Backup devices • • • • •
1/2-inch reel tape 140 Mbytes (6250 bpi) 2.5-Gb 1/4 inch cartridge (QIC) tape 2.5 GB DDS3 4-mm cartridge tape (DAT) 12 - 24 GB 14-Gbyte 8-mm cartridge tape 14 Gbytes DLT 7000 1/2-inch cartridge tape 35 - 70 GB
Pradip Gudale
262
How do you decide what to backup ? • Don’t need to backup full everytime • monitor what FSs change often • which are critical FSs so… /export/home must be backed-up regularly, whereas /usr need not be and /var although changing need not be backed-up very frequently. Pradip Gudale
263
What all you can do with ufsdump • Take backup of full FS on local or remote tape device • Take incremental backup (those that have changed since previous backup) • Backup groups of systems (remote shell) • Automate backup (use crontab)
Pradip Gudale
264
Dump level concept • This is the number between 0 and 9 • 0 is full backup • no specific meaning to level number. Meaning is attached when looked at in relation to other level. • 1-9 specify hierarchy of incremental backup • dump levels are specified in ufsdump command Pradip Gudale
265
Dump level usage Monthly Monday Tuesday Wednesday Thursday Friday 0 9 9 9 9 5
Incremental Backup: Daily Cumulative Pradip Gudale
266
How this scheme looks 9(Mon) 9
9
9
5(Fri)
Wk 1
ab
abc
abcd
abcde
abcdef
Wk 2
g
gh
ghI
ghij
a b c d e f g h i jk
In this scheme … How many tapes will be required? Pradip Gudale What tapes are required to restore ?
267
Answers.. With this schedule, you need six tapes (if you want to reuse daily tapes), or nine tapes (if you want to use four different daily tapes): one for the level 0, four for the Fridays, and one or four daily tapes. If you need to restore a complete file system, you will need the following tapes: the level 0, the most recent Friday tape, and the most recent daily tape since the last Friday tape (if any).
Pradip Gudale
268
Dump level usage Monthly Monday Tuesday Wednesday Thursday Friday 0 3 4 5 6 2
Incremental Backup: Daily Discrete (incremental) Pradip Gudale
269
Daily cumulative, weekly incremental Floating 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2
Mon
Tues
Wed
9 9 9 9
9 9 9 9
9 9 9 9
ab g
abc gh
Thurs
Fri
0
abcd ghI
9 9 9 9 abcde ghij
3 4 5 6 abcdef ghijk
To restore you need level 0, all Friday & most Pradip Gudale 270 recent daily tape
Daily incremental, weekly cumulative Floating Mon 1st of Month Week 1 Week 2 Week 3 Week 4 Week 1 Week 2
Tues
Wed
Thurs
Fri
0 3 3 3 3 ab gh
4 4 4 4 cd i
5 5 5 5 e jk
6 6 6 6 f lm
2 2 2 2 abcdef abcdefghijklm
To restore you need level 0, recent Friday & all Pradip Gudale 271 daily tapes
Taking backup • Keep tape drive ready • decide on file systems- use mount command • find number of tapes required # ufsdump S filesystem gives you bytes. Calculate tapes required.
• Become superuser and bring system to single user mode Pradip Gudale
272
usdump command examples • #ufsdump 0ucf /dev/rmt/0 / • #ufsdump 9ucf /dev/rmt/0 /export/home • #ufsdump 0ucf pluto:/dev/rmt/0 /export/home Dump file (tape)
Update /etc/dumpdates
Verify using #ufsrestore tf /dev/rmt/0 Pradip Gudale
273
ufsrestore • The ufsrestore command copies files to disk, relative to the current working directory, from backups created using the ufsdump command. • Can restore individual files • when run from root restore with original ownerships and permissions Pradip Gudale
274
Relative to current working directory….. explanation files backed up from the /export/doc/books directory (where /export is the file system), would be saved relative to /export. In other words, the book1 file in the docs directory would be saved as ./doc/books/book1 on the tape. Later on, if you restored the ./doc/books/book1 file to the /var/tmp directory, the file would be restored to Pradip Gudale 275 /var/tmp/doc/books/book1.
note Note - Do not restore files in the /tmp directory even temporarily. The /tmp directory is usually mounted as a TMPFS file system and TMPFS does not support UFS file system attributes such as ACLs.
Pradip Gudale
276
ufsrestore • # ufsrestore ta archive-name ./path/filename • # ufsrestore tf device-name ./path/filename • the above two check to see if filename exists on backed-up media; first using online archive and second using tape contents Pradip Gudale
277
Running ufsrestore interactively • • • • • • • • •
# ufsrestore if /dev/rmt/n ufsrestore> ls directory ufsrestore> cd directory-name ufsrestore> add filename1 filename2 ufsrestore> delete filename ufsrestore> verbose ufsrestore> extract Specify next volume #: 1 ufsrestore> quit Pradip Gudale
278
Restoring specific file not interactively # ufsrestore xvf filename …
/dev/rmt/n
Specify next volume #: 1 (giving vol no) set owner/mode for ’.’? [yn] n (to keep mode of current directory unchanged) Pradip Gudale
279
Restoring complete File System • • • • • • • •
# umount /dev/rdsk/device-name # newfs /dev/rdsk/device-name # mount /dev/dsk/device-name /mnt # cd /mnt # ufsrestore rvf /dev/rmt/n (use levels..starting with 0 and going up) # rm restoresymtable # cd /; unmount /mnt; # ufsdump 0uf /dev/rmt/n Pradip Gudale /dev/rdsk/device-name
280
“What more you need to do to restore root / and /usr” • Boot from cdrom (as you don’t have os disk) • restore root file system from tape as for any other file system • install boot block # installboot /usr/platform/‘uname-i‘ /lib/fs/ufs/bootblk /dev/rdsk/devicename Pradip Gudale
281
How ufsdump works.. • Makes two passes • In first pass it scans through raw device and builds directory & file structure in memory; writes table to tape in-core stuff may get skipped in active FS • In second pass goes through inode numbers in order & writes data to tape • Neither free blocks nor slice image gets backed-up Pradip Gudale 282
/etc/dumpdates role • Each line in /etc/dumpdates shows the file system backed up, the level of the last backup, and the day, date, and time of the backup. • /dev/rdsk/c0t0d0s0 9 Tue Jul 13 10:58:12 2001 /dev/rdsk/c0t0d0s0 0 Tue Jul 13 10:46:09 2001
• during incremental backup ufsdump consults this to find Pradip Gudale 283 date of most recent backup of
Ufsdump command format /usr/sbin/ufsdump [options][arguments] filesto-back-up
0-9,a,b,c,d,D,f,s,u,v archive
destination To diskette Tape density To cartridge No of 512 byte blocks Pradip Gudale at a time
284
Ufsrestore command format ufsrestore [options][arguments][filename …]
i,r,R,x,t table extract Resume restoring; restarts from checkpoint when full restore interrupted recursive interactive
Pradip Gudale
285
Other ways to take backup • Want to take full FS backups..& restore ? -- ufsdump more suitable • Want to take selective backup..? Or transfer files between systems..? -- tar,cpio,pax suitable • Want to do disk to disk copy..? -- dd is more suitable • Want to copy on diskette..? Pradip Gudale 286 -- tar would do the job
Type & characteristics Command FS boundries Multi-Volume Type volcopy Yes Yes Physical tar No No Logical cpio No Yes Logical pax Yes Yes Logical dd Yes No Physical Pradip Gudale 287 ufsdump/ Yes Yes
dd • $ dd < /floppy/floppy0 > /tmp/output.file 2400+0 records in 2400+0 records out • …so you can specify dev names for stdin & stdout • $ dd if=input-file of=output-file bs=nnK Write a command to clone a full system
disk & boot from it
Pradip Gudale
288
d if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=12 sck /dev/rdsk/c0t2d0s2 mount /dev/dsk/c0t2d0s2 /mnt d /mnt/etc i vfstab dify entries for the new disk) d/ mount /mnt nit 0 oot disk2 -s ys-unconfig oot disk2
Notice : intallboot not required. Why ? Pradip Gudale
289
cpio • Archiving program • copies list of files into single large output file • inserts headers between files to facilitate restoration • can copy to other slice or media • can detect End-Of-Media & prompts to insert next media Pradip Gudale
290
Exapmle copying from one FS to another # find . -print -depth | cpio -updm Sets modification filesystem2 Descends directory
times
lists
Creates directories
Unconditional older will replace newer
Pradip Gudale
291
Copying to tapes • Use either cpio, tar or pax .. Depends on precision & flexibility you want • all use raw device. (You don’t make FS on tapes !) • pax: better portability on POSIX compliant sys • tar:available on most unix systems,No multi-vol • cpio:packs data more efficiently; skips over bad spots on tape while restoring; option for different header formats (tar,crc,odc,bar),multi-vol Pradip Gudale
292
tar • tar with -c destroys current data on tape • can use * or ? As wildcards while backup • cannot use wildcards while extracting • $ tar cvf /dev/rmt/0 reports (reports is dir) a reports/ 0 tape blocks a reports/reportA 59 tape blocks a reports/reportB 61 tape blocks a reports/reportC 63 tape blocks Pradip Gudale 293
pax • $ pax -w -f /dev/rmt/0 filename … Enable write mode
$ pax -f /dev/rmt/0 (verifies files on tape filea fileb filec
Pradip Gudale
294
Copying all files with cpio $ ls | cpio -oc > /dev/rmt/n
Copy-out mode
Header in ASCII character
Pradip Gudale
295
Restoring with cpio Listing files on tape $ cpio -civt < /dev/rmt/n
Restoring all files from tape in current dir $ cpio -icvd
Restoring specific file
296
How to take back-up on remote tape • Take care of permissions to use tape on other machine. Your hostname and username should be entitled to do the job • use commands that work on stdin and stdout • connect them properly
Pradip Gudale
297
Backup on remote tape... Check appropriate permissions $ rsh remotehost echo test if successful… $ tar cf - files | rsh remotehost dd of=/dev/rmt/n obs=blocksize to extract… $ rsh remotehost dd if=/dev/rmt/n | tar Pradip Gudale 298 xvBpf -
Copying to diskette • Insert formatted diskette in writable mode • $ volcheck • $ fdformat -U /vol/dev/aliases/floppy0 • $ tar cvf /vol/dev/rdiskette0/unlabeled filename … • $ tar tvf Pradip Gudale /vol/dev/rdiskette0/unlabeled
299
Copying files with different headers
• When do you have to do this ? e.g. Sol 8 cpio archive may not be compatible with earlier SunOS. So create archive with different header • $ cpio -oH odc < file-list > /dev/rmt/n odc is ASCII header with small device number Pradip Gudale
300
Cpio -H [tar,odc,bar,crc,ustar] • While restoring use same -H option as that used while archiving • $ find . -print | cpio -oH tar > /tmp/test 113 blocks • $ cpio -iH bar < /tmp/test • write command syntax on media label Pradip Gudale
301
Tape media names /dev/rmt/XAbn X is Drive number 0 1 2 3 4 n etc Optional l m h u c Density low medium high ultra compressed “b” Berkeley (SunOS 4.x) Compatibility Pradip Gudale
“n” Optional No-rewind
302
Tape drive commands • # mt -f /dev/rmt/n status Archive QIC150 tape drive:sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 0 block no= 0 • $ mt -f /dev/rmt/n retension | rewind Pradip Gudale
303
PART 1:
PRINTER ADMINISTRATION
Pradip Gudale
304
What are the ways.. GUI
N/W printers
Solaris Print Manager Solaris 8 and Solaris Easy Access Server 3.0 Yes Admintool Solaris 8 & compatible versions Yes LP commands Solaris 8 & compatible versions No Yes Pradip Gudale
manages
uses NIS
serv & clien NIS+
Yes
Yes
Yes
No
Yes
No
Yes
Yes 305
LP print Service • Set of s/w utilities that allow users to print jobs while they work • Earlier called LP spooler (system peripheral operation offline) • LP print service includes S/W, spooler, filters and h/w associated with printer
Pradip Gudale
306
Network printer • • • • •
H/w device directly connected to network device has its own name & IP address print jobs are transferred across network driver support expected from vendor Sun provides generic drivers. Good enough but they don’t exploit all capabilities of the printer Pradip Gudale
307
Admin tasks for printers • Setup server & clients for printing • Deleting a printer and remote printer access • Checking the status of printers • Restarting the print scheduler
Pradip Gudale
308
Print process • 1. A user submits a print request from a print client. • 2. The print command checks a hierarchy of print configuration resources to determine where to send the print request. • 3. The print command sends the print request directly to the appropriate print server. A print server can be any server that accepts BSD printing protocol, • 4. The print server sends the print request to the appropriate printer. • 5. The print request is printed. Pradip Gudale
309
Heirarchy of print config resources • Command line option lp -d • A user’s LPDEST or PRINTER variables • The _default variable in the sources configured for the printers database in the /etc/nsswitch.conf file • The $HOME/.printers file for users • The local /etc/printers.conf file for the NIS name service • The printers.org_dir table for the NIS+ Pradip Gudale 310 name service
How users specify printer on command line • Three ways (1) atomic (2)POSIX and (3) context based as in FNS • lp -d hp660c filename • lpr -P galaxy:neptune filename • lpr -d finance/wages/printer/modi410 filename Pradip Gudale
311
Print server • a system that has a local printer connected to it and makes the printer available to other systems on the netwok • schedules & controls print jobs • They use BSD print protocol : Industry standard and widely used • server & client can have different 312 versions of OS Pradip Gudale
Spooling • Spooling space is a disk space to store print jobs in a queue • They are stored in /var/spool/lp • Better if /var is separate FS. Can be mounted locally on print server or remotely from file server • 30Mb for small (text messages) print jobs and upto 600Mb for bit map big jobs Pradip Gudale
313
Overview of printing-setup • Setup printer name, definition, port • Selecting a printer type and file content type • Setting up fault notification and default printer destination • Determining whether you want to print banner pages or limit user access to a printer • Setting up printer classes and fault recovery Pradip Gudale
314
lpadmin command • lpadmin allows you to do all the tasks • printer manager allows you to do most tasks and some with limited functionality… tasks like file content, fault notification, banner printing and user access control and some like printer class and fault recovery you cannot. Pradip Gudale
315
lpadmin • Basic command is lpadmin -p printer-name • lpadmin -p hp400tn -D “lasrjet” to add description • lpstat -D -p hp400tn to find out description • lpadmin -p .. -v port-no /dev/term/a or /dev/term/b
Pradip Gudale
316
For intel platforms • Only first port is enabled by default.. So.. • For additional port you need to edit device driver configuration files of additional ports…(serial & parallel) • /platform/i86pc/kernel/drv/as y.conf • /platform/i86pc/kernel/drv/lp .conf Pradip Gudale
317
Printer type • The printer type is a generic name for a type of printer. It identifies the terminfo database entry that contains various control sequences for the printer. • specify the printer type by using the lpadmin T command • For a local PostScript printer, use a printer type of either PostScript (PS) or Reverse Pradip Gudale PostScript (PSR).
318
terminfo • /usr/share/lib/terminfo : printer capabilities and initialization control data for each printer • cd /usr/share/lib/terminfo/e • ls • $ ls • emots ep2500+high ergo4000 Pradip Gudale
319
File content type & print filters • File content type tells print service type of file contents that gets printed directly without requiring modification • Print filters convert the content type of a file to a content type that is acceptable to the destination printer. • specify the file content type for a printer by using the lpadmin I Pradip Gudale 320 e.g. lpadmin p .. I
Solaris print manager • • • •
You need bit mapped display running X-windows or CDE run it from CDE workspace menu OR # /usr/sadm/admin/bin/printmgr & pkg SUNWppm must be installed Pradip Gudale
321
Adding through lpadmin..example # chown lp /dev/term/b On server # chmod 600 /dev/term/b # lpadmin -p luna -v /dev/term/b # lpadmin -p luna -T PS -I postscript # lpadmin -p luna -D “training-lab-ps” # accept luna destination ‘‘luna’’ now accepting requests # enable luna printer ‘‘luna’’ now enabled # lpstat -p luna printer luna is idle. enabled since Jul 12 Pradip Gudale 322 11:17 20019. available.
Adding access to printer # lpadmin -p luna -s saturn
On client
Printer server # lpadmin -p luna -D ”training-lab-ps" name # lpadmin -d luna
Makes it default
# lpstat -p luna printer luna is idle. enabled since Jul 12 11:17 2001. available.
Pradip Gudale
323
*Adding network printer • Although printer not connected to any M/C it is necessary to define & configure print server….. WHY ? The print server provides queuing capabilities, filtering, and printing administration for the network printer.
Pradip Gudale
324
Network printer : few terms • Print server • printer host : s/w & h/w that makes nonnetwork printers “Network Printers” • printer node : printer itself if it is built-in N/W printer. Printer host if that is external box; Unique node name and IP address • printer name: name entered on command line. Selected by sys sdmin while installing; Pradip Gudale 325 one printer can have many names.
N/W printer invoking s/w support • The software support for network printers is called through the interface script. Netstandard • lpadmin p pr_name m netstandard • lpadmin p pr_name o protocol=bsd | tcp • Now printer subsystem needs Node name Port number 326 Pradip Gudale access name
N/W printer : lpadmin • # lpadmin -p printer-name -v /dev/null -m netstandard -o dest=pn1:9100, protocol=tcp, timeout=value No of seconds to wait between attempting connection # lpadmin -p printer-name -I content-type -T printertype #accept printer-name #enable printer-name
Pradip Gudale
327
Managing Printers AND print Schedulers
Pradip Gudale
328
Deleting printer • Do it on both server and client • print-client# lpadmin -x printer-name • print-client# lpsystem -r print-server this deletes info about print-server also. • print-server# reject printer-name • print-server# disable printer-name • print-server# lpadmin -x printer- 329 Pradip Gudale name
Checking printer status $ lpstat [-d][-p printer-name [-D][-l]] [-t] Shows default
Shows characteristics
Shows status of print service
Pradip Gudale
330
Example.. lpstat -t $ lpstat -p luna -l printer luna is idle. enabled since Mon Jul 12 15:02:32 ... Form mounted: Content types: postscript Printer types: PS Description: Connection: direct Interface: /usr/lib/lp/model/standard After fault: continue Users allowed: (all) Forms allowed: (none) Banner not required Character sets: Default pitch: Pradip Gudale 331 Default page size: 80 wide 66 long
lpscheduler • Check if it is running.. Login as root OR lp • # lpstat -r • # /usr/lib/lp/lpshut … to stop scheduler • # /usr/lib/lp/lpsched … to start scheduler
Pradip Gudale
332
Banner pages • Gets printed for every job • helps identify print-job • prints who-submitted, request-ID and time-it-got-printed • can have modifiable title • Not desirable if few users & small printouts OR using special forms like pay-cheques Pradip Gudale
333
Banner printing control • Both lpadmin and lp commands take banner printing related parameters On by default; can be disabled in lp • lpadmin -p pr1 [-o banner=always | optional | never ] applies to printer • lp -o nobanner applies to the job ignored for regular user; Honored for root or lp user and overrides lpadmin -o Pradip-o Gudale 334 banner OR lpadmin banner=always
banner • Banner setting is stored in /etc/lp/printers/prname/configuration file. • Check this using lpstat -p pr-name -l
Pradip Gudale
335
Printer classes • Print service enables you to group various printers into a class • can be done only by lpadmin -c • Once set-up users can specify printer class instead of printer for print jobs • The first free printer in the class is used resulting in better turnaround; checked in order in which they were put in a class Pradip Gudale 336 • make classes based on location or type
Defining class • # lpadmin -p pr-name -c printerclass /etc/lp/classes/printer-class • gets added at the end of list in the class in the file • $ lpstat To see -c what are the printers in a class printer-class
Pradip Gudale
337
Printer fault notification • Print service can notify in different ways when print operation encounters problems • Write a message to the terminal on which root is logged in • Electronic mail to root • No notification • Can be configured by lpadmin OR Print Manager Also allows to get msg from program of your choice; allows disabling fault notificationPradip forGudale known problem 338
Fault notification: lpadmin -A • • • • •
’mail [user-name]’ ’write [user-name]’ ’command’ (run the command) quiet (stop alert unitl fault is fixed) none ( do not send any alerts)
Alert settings are entered in Pradip Gudale 339 /etc/lp/printers/printer-name/alert.sh
Fault Recovery • You can define the fault recovery options for a printer only by using the lpadmin F command. This task is not available in Solaris Print Manager. • After fixing the fault active print request begins printing… ..from beginning of the job ..from top of page where stopped ..from top of page where stopped after you Both require filter enable the printer
• lpadmin -F beginning | continue | wait Recovery settings go in /etc/lp/printers/prPradip Gudale name/configuration file.
340
Access control • Can prevent some users from accessing some printers • make allow and deny lists using lpadmin -u • with print manager you can make only allow list • # lpadmin -p printer-name -u allow:user-list [ deny:user-list] • /etc/lp/printers/printername/users.allow Pradip Gudale 341
Managing print requests • • • •
Get status cancel jobs change priorities Login to server and use lp commands • $ lpstat -o [printerlist] | -u [user-list] • lp -i This request-id hold | resume | immediate changes-H priority Pradip Gudale
342
priority • You can also change priority relatively using lp -q command • # lp -i request-id -q 3 0 to 39 0 top priority 39 lowest priority Pradip Gudale
343
Managing filters • Filters are programs that convert one typoe of file to another • programs that manage double sided or landscape printing, draft & letter quality • detect printer faults and notify print service • LP print service provides postscript filters and are loacted/usr/lib/lp/postscript directory. in Pradip Gudale
344
filters • lpfilter command used to manage list of available filters • filter descriptors are in /etc/lp/fd directory. • Filters themselves are in /usr/lib/lp. /etc/lp/filter.table file. • System information about filters is stored in Pradip Gudale 345 Your chosen name Definition name in /etc/lp/fd • # lpfilter -f daisytroff -F
What do enable/disable accept/rejet do ? enable/disable : start or stop printing of jobs that are in queue accept/reject : start or stop accepting jobs for queuing These two are different and independent operations Pradip Gudale
346
Canceling print request • • • •
By request Id For specific user on any or specified printer The one currently being printed You can cancel provided if its your printjob or if you are superuser or lp • $ cancel request-id | printer-name • $ cancel -u user-list [printer-name] Pradip Gudale
347
Moving print requests • If you want to take the printer out of service • move requests to different printer having similar capabilities • print request IDs remain same • first check if destination printer is accepting requests…# lpstat -p prn2 • move requests.. # lpmove prn1 prn2 this stops acceptance of new Pradip Gudale 348 requests on prn1 automatically.
Print port characteristics • Print service sets defaults for printer ports like…. • −9600 Set baud to 9600 ∀ ∀ ∀ ∀ ∀ ∀
−cs8 Set 8-bit bytes −cstopb Send one stop bit per byte −parity Do not generate parity −ixon Enable XON/XOFF −olcuc Do not map lowercase to uppercase −onlcr Change line feed to carriage return/line feed Pradip Gudale
349
Port characteristics • You can change if defaults not suitable • use stty to display and set characteristics • # lpadmin -p prn -o "stty=options” • # lpadmin -p luna -o "stty=’parenb parodd cs7’” • # lpadmin -p venus -o "stty=19200" Pradip Gudale
350
Print service directories /usr/bin The LP print service user commands /etc/lp A hierarchy of LP server configuration files /usr/share/lib The terminfo database directory /usr/sbin The LP print service administrative commands /usr/lib/lp The LP daemons; directories for binary files and PostScript filters; and the model directory (which contains the standard printer interface program) /var/lp/logs The logs for LP activities: lpsched.n – Messages fromlpsched and requests.n – Information about completed print requests /var/spool/lp The spooling directory where files are Pradip Gudale 351 queued for printing
/usr/lib/lp directory • bin : Contains files for generating printing alerts, queue management prog • lpsched : schedular daemon • model : standard interface programs • postscript : contains all postscript interface programs
Pradip Gudale
352
How print service works • Print scheduler on print server is started in /etc/rc2.d/S801p • scheduler lpsched updates print config files, queues jobs, tracks printer status • print client communicates directly with a print sever over the network. • Print servers listen for print request with the Internet services daemon (inetd). • inetd starts a program “protocol adaptor” Pradip Gudale 353 (in.lpd) --communicates with spooler
What the Printer Interface Program Does • • • •
Initialize the printer port --use stty Initialize the printer -- use terminfo Print a banner page, if necessary. Print the correct number of copies specified by the print request.
Standard interface program is found in /usr/lib/lp/model Pradip Gudale
354
PART 1:
SYSTEM SECURITY
Pradip Gudale
355
Security Aspects • Maintaining physical site security (don’t leave • • • • • • • •
logged-in terminal unattended) Maintaining login control (password must) Restricting access to data in files -permission Maintaining network control Monitoring system usage (mormal load ..?) Setting PATH variable correctly (trojan horse Securing files (use ACLs and care setuids) Installing a firewall Gudale 356 Reporting securityPradip problems
Firewall or Secured Gateway • Dedicated system separating two networks • each appoaches another as Untrusted • also useful between two internal networks .. Will not send packet unless origin or destination address is of Gateway system • packets of specific protocol only can be allowed to be forwarded-- say mail and not of telnet or rlogin Pradip Gudale
357
firewall • • • •
System should not have any trusted hosts everyone must be made to type password it acts as a passage as well as barrier it makes internal user to log-in to gateway system before he can send packets to outside N/W and also external user to login before he can reach internal N/W Pradip Gudale
358
File related commands • • • •
ls chown chgrp chmod
Pradip Gudale
359
ACL • Traditional Unix allows permissions setting to owner, group and others • ACL allows greater & finer control… you can set permissions for all above & for specific users and groups and default permissions to each of these • setfacl & getfacl Pradip Gudale
360
Special logins • root 0 Has almost no restrictions and overrides all other logins, protections, and permissions. The root account has access to the entire system. • daemon 1 Controls background processing. • bin 2 Owns some of the Solaris commands. • sys 3 Owns many system files. • adm 4 Owns certain administrative files. • lp 71 Owns the object & spooled data files for printer. • uucp 5 Owns the object & spooled data files of UUCP nuucp 9 Is used by remote systems to log in to the system fileGudale transfers. 361 Gids inand redstartPradip
password • Sources to check password are three • /etc/nsswitch.conf entry decides which of NIS+ tables, NIS map or /etc files to look for password • /etc files are passwd and shadow • Only superuser can read shadow file
Pradip Gudale
362
shell Normal shell
Restricted shell
/usr/bin/sh
/usr/lib/rsh Notice :Not /usr/sbin/rsh (remote shell) Access limited to home directory; can’t use cd Can use commands only in PATH variable Can use files only in HOME dir & subdirectories Pradip Gudale with > or >> cannot redirect output
363
Tracking SuperUser Login • Requires root password • By default, user cannot login as root remotely; He needs to login as ordinary user and then switch-over to root. This policy helps tracking “who is trying to become SuperUser” • The command to switch-over to different user is su Pradip Gudale
364
Switch user : su • su user-name • su - user-name
Pradip Gudale
365
Network security • Firewall • authentication • authorization How do you differentiate between authentication and authorization ? Can I log-in ?
Athentication
Can I copy this file ? Pradip Gudale
Authorization 366
Network security • Firewall • for NFS : you can decide what to share (through /etc/dfs/dfstab) and whom to give what authority (read/write or read only) through share command. • By deafult, superuser access is not given by NFS. (it is implemented to change userId of requester to that of nobody-60001) Pradip Gudale
367
Automated Security Enhancement Tool : ASET • enable you to control and monitor your system’s security. • specify a security level—low, medium, or high—at which ASET will run. • At each higher level, ASET’s file-control functions increase to reduce file access and tighten your system security. Pradip Gudale
368
File permissions • Read, write and execute permissions to each of three types of users - owner (the one who creates file or directory), a group and others (all those who are neither owner nor member of the group) • Only owner or root can decide and modify these permissions Pradip Gudale
369
Permissions of directory List files in the • r Read directory. Add or remove files or • w Write links in the directory. • x Execute Open or execute files in the directory. Also can make the directory and the directories beneath it current. Pradip Gudale
370
Special file permissions • setuid • setgid • stickyBit Applicable to executables and public directories
Pradip Gudale
371
setuid • When set on a program, it grants the process running that program aceess based on owner of that program rather than the user who is running it. • This allows user to access files that are normally available only to owner. e.g /etc/shadow file rsrsrx 3 root sys 104580 Jul 16 12:02 Pradip Gudale 372
setgid • Similar to setuid except…. • process’s effective groupID is changed to that of a group owner of a program and user is granted access based on permissions available to the group • When applied to directory, the files created under it belong to the same group as directory belongs and not group of the process creating it.(e.g directory containing373 Pradip Gudale all project files)
Sticky Bit • Permission bit that protects files within a directory.. So its applied to only directories • Files can be deleted only by 1)Owner of the file 2)Owner of the directory 3)root • Prevents users from deleting other user’s files from public directory like /tmp • drwxrwxrwt 7 root sys 400 JUL 3 13:37 tmp Pradip Gudale
374
*Default Permissions • What are the effective permissions when you create a file or a directory ? • What decides these defaults permissions ? A value set for umask in system file /etc/profile or .cshrc or .login
Pradip Gudale
375
System defaults
files = 666 directories & executables = 777
Subtract umask = 022
Effective permissions
files = 644 directories & executables = 755 Pradip Gudale
376
Display information on files :ls • • • • • • • •
Text or program d Directory b Block special file c Character special file p Named pipe (FIFO) l Symbolic link s Socket
Type of files Permissions Number of hard links Owner of the file Group of the file Size of the file, in bytes Date the file was created or last date it was changed Name of the file
Pradip Gudale
377
$ cd /sbin $ ls -la total 13456 drwxrxrx 2 root sys 512 Sep 1 14:11 . drwxrxrx 29 root root 1024 Sep 1 15:40 .. rxrxrx 1 root bin 218188 Aug 18 15:17 autopush lrwxrwxrwx 1 root root 21 Sep 1 14:11 bpgetfile > ... rxrxrx 1 root bin 505556 Aug 20 13:24 dhcpagent rxrxrx 1 root bin 456064 Pradip Gudale 378 Aug 20 13:25 dhcpinfo
Changing file ownership • Command is chown • By default owner cannot change ownership; Only Superuser can • workaround… set rstchown = 0 in /etc/system & reboot • # chown newowner filename Pradip Gudale
379
Changing group ownership • Only superuser or owner can change • owner can change it to a group of which he is a member • $ chgrp group filename
Pradip Gudale
380
Changing permissions • chmod command • two modes 1) absolute mode : use octal numbers (triplet) to set permissions 2) symbolic mode: use combination of letters & signs • for setting special permissions use additional octal number to the left of the triplet Pradip Gudale
381
chmod Special perm X
Y
Z
owner R
W X
1
1
group
others
R W X
R W X
0
setuid setgid Stick bit
Octal 6 Pradip Gudale
382
examples • $ chmod 700 my_prog • $ ls -l my_prog rwx 1 mahesh staff 6023 Jul 5 12:06 my_prog • $ chmod 755 public_dir • $ ls -ld public_dir • drwxrxrx 1 omni staff 6023 Pradip Gudale 383 Jul 5 12:06 public_dir
examples • $ chmod 4555 dbprog • $ ls -l dbprog • rsrxrx 1 db staff 12095 May 6 09:29 dbprog • $ chmod o-r filea (takes away read permissions from others) • $ chmod a+rx fileb (adds r & x to all) Pradip Gudale 384 • $ chmod g=rwx filec (adds rwx
To create shared directories • A setgid bit on a directory must be set or changed using symbolic notation # chmod g+s project_dir Write a command to find all files in a specified directory having owner as root and setuid bit set on them Pradip Gudale
385
# find directory -user root -perm -4000 -exec ls -ldb {} \; >/tmp/filename Display in ls -ldb format
Output stored here
# ls l /tmp/filename sx 1 root rar 45376 Aug 18 15:11 /usr/rar/bin/sh rsrxrx 1 root bin 12524 Aug 11 01:27 /usr/bin/df rwsrxrx 1 root sys 21780 Aug 11 01:27 Pradip Gudale 386 /usr/bin/newgrp
ACL • Salient feature is you can assign permissions to specific user e.g. you can give read permission to a group and read/write permission to a specific member in that group • ACL contains entries which are defind using setfacl • entry_type:[uid|gid]:perms Pradip Gudale
387
ACL Entries for files u[ser]::perms File owner permissions. g[roup]::perms File group permissions. o[ther]:perms Permissions for users other than the file owner or members of file group. m[ask]:perms The ACL mask. The mask entry indicates the maximum permissions allowed for users (other than the owner) and for groups. The mask is a quick way to change permissions on all the users and groups. u[ser]:uid:perms Permissions for a specific user. For uid, you can specify either a user name or a numeric UID. g[roup]:gid:perms Permissions for a specific group. For Gudale gid, you can specify eitherPradip a group name or a numeric 388 GID.
Default ACL on directory You can set default ACL on directories; All created under it will have same permissions as default; When you set for specific user first time you also need to set for owner, group & mask d[efault]:u[ser]::perms Default file owner permissions. d[efault]:g[roup]::perms Default file group permissions. d[efault]:o[ther]:perms Default permissions for users other than the file owner or members of the file group. d[efault]:m[ask]:perms Default ACL mask. d[efault]:u[ser]:uid:perms Default permissions for a specific user. For uid, you can specify either a user name or a numeric UID. Pradip Gudale d[efault]:g[roup]:gid:perms Default permissions389
setfacl Sets or replaces ACL
$ setfacl -s user::perms,group::perms,other:per ms,mask:perms,acl_entry_list filename ...
List of one or more ACL entries for specific user or group OR default on directory
$ setfacl -s user::rw-,group::r--,other:---, mask:rw-,user:mahesh:rw- ch1.doc $ ls -l Indicates file has an ACL total 124 Pradip Gudale 390 rwr+ 1 rajiv sysadmin 34816 Jul 11
Display ACLs Use the command getfacl $ getfacl ch1.doc # file: ch1.doc # owner: rajiv # group: sysadmin user::rw user:mahesh:rw #effective:rw group::r #effective:r mask:rw other: Pradip Gudale 391
ACL example $ setfacl -s u::7,g::4,o:0,m:4,u:mahesh:7 ch2.doc $ getfacl ch2.doc # file: ch2.doc # owner: rajiv # group: sysadmin user::rwx user:mahesh:rwx #effective:r group::r #effective:r Pradip Gudale mask:r
392
Copying ACL of one file to another $ getfacl ch2.doc | setfacl -f ch3.doc Taken from here and applied there
Pradip Gudale
Implies : Take from file
393
Modifying/ Deleting ACL entry $ setfacl -m acl_entry_list filename1 [filename2 ...] $ setfacl -m user:mahesh:6 ch3.doc $ setfacl -d acl_entry_list filename1 ... Pradip Gudale
394
Login information • Use logins command • # logins -x -l username (x:extended info) • # logins -x -l mahesh • mahesh 500 staff 10 Mahesh Kulkarni Picks info from or NIS • /export/home/mahesh/etc/passwd or NIS+ • /bin/sh 395 Password agingPradip infoGudale
Finding users not having passwords • # logins -p
Disabling logins temporarily Create /etc/nologin file with a message you want to display for login attempts and reboot the M/C Pradip Gudale
root login is not affected
396
Saving failed logins • Create /var/adm/loginlog file with read/write permissions to root only • failed login activity will be written to this file automatically after five failed attempts. • user’s login name, tty device, and time of the failed attempt is recorded. Pradip Gudale
397
Dial-up password • Another layer of security for users logging in via modem • only superuser can create or change • two files involved: /etc/dialups & /etc/d_passwd. list of shell programs that require an encrypted password /usr/lib/uucp/uucico:encrypted_ password: /usr/bin/csh:encrypted_password : Pradip Gudale /usr/bin/ksh:encrypted_password
list of ports that require a dial-up password /dev/term/a /dev/term/b 398
Mahesh logs in on /dev/term/b
Check the presence of port in this file... /etc/d_passwd Check “login shell” field of /etc/passwd & look for match in /etc/d_passwd Prompt for password Pradip Gudale
/etc/dialups /dev/term/a /dev/term/b
If no match found password entry of /usr/bin/sh is used Dial-up logins are disabled if /etc/d_passwd has only the following entry: 399 /usr/bin/sh:*:
Creating files for dialup password • With editor create files with entries • # chown root /etc/dialups /etc/d_passwd • # chgrp root /etc/dialups /etc/d_passwd • # chmod 600 /etc/dialups /etc/d_passwd • add some user with password with useradd 400 Delete all exceptPradip thisGudale And copy
Superuser login • From security angle it should be allowed only on console • Edit the /etc/default/login file. • Uncomment a line and make it CONSOLE=/dev/console • On other terminals users will have to login as some other user and do su to root which Pradip Gudale 401 can be monitored
Monitoring su attempts • Through the /etc/default/su file you can enable the /var/adm/sulog file to monitor all su attempts. Uncomment & keep SULOG=/var/adm/sulog • To get message on console also.. CONSOLE=/dev/console in /etc/default/su • Entry shows datePradip&Gudale time, success or 402
Sample /var/adm/sulog # more /var/adm/sulog SU 12/20 16:26 + pts/0 maheshroot SU 01/12 11:11 + pts/0 rootjoebob SU 01/12 14:56 pts/2 anuroot
Pradip Gudale
403
PART 1:
Scheduling Jobs
Pradip Gudale
404
Tasks at specific times • Task to be carried out only once at a specified time…. Use at command • Tasks to be executed repeatedly at regular intervals…( e.g. taking backup, removing contents of log files, probing system load).. Use crontab command • Files kept in /var/spool/cron • Files that control access to these command Pradip Gudale 405 are in /etc/cron.d
Entries inside crontab cron daemon scedules jobs according to entries found in crontab files; reads /var/spool/cron/crontabs directory every 15 minutes to take-up new files/changes 10 3 * * 0,4 /etc/cron.d/logchecker 10 3 * * 0 /usr/lib/newsyslog (run newsyslog at 3:10 every Sunday) 15 3 * * 0 /usr/lib/fs/nfs/nfsfind 1 2 * * * [ x /usr/sbin/rtc ] && /usr/sbin/rtc c > /dev/null 2>&1 30 3 * * * [ x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean Min hours day-of-month month day-of-the-week command Pradip Gudale
406
/var/spool/cron/crontabs/.. • Crontab file for root and few other users like adm, lp, sys, uucp exist • other users can create crontab files and they are named after their username e.g. /var/spool/cron/crontabs/mahesh • you need to be superuser to modify someone else’s crontab file Pradip Gudale
407
Creating crontab file • Use crontab -e command • crontab e invokes the text editor (default is ED) set up for your system environment EDITOR=vi; export EDITOR; • # crontab -e [username]… only superuser can create for other users Pradip Gudale
408
Check existence & display & remove • #cd /var/spool/cron/crontabs • #ls -l
rwrr 1 root sys 190 Feb 26 16:23 adm rw 1 root staff 225 Mar 1 9:19 mahesh rwrr 1 root root 1063 Feb 26 16:23 lp
• $ crontab l [username] … if superuser • $ crontab -l
13 13 * * * cp /home/anu/work_files Pradip Gudale /usr/backup/. > /dev/null
409
Controlling access to crontab • Accomplished through two files (in /etc/cron.d ) cron.allow and cron.deny • allowed users can create, edit, display and remove crontab files • By default cron.deny exists but not cron.allow • Only superuser can make these files Pradip Gudale
410
cron.allow & .deny rules • If cron.allow exists only the users listed in this • • • •
file can work with crontab files. If cron.allow doesn’t exist, all users may submit crontab files, except for users listed in cron.deny. If neither cron.allow nor cron.deny exists, superuser privileges are required to run crontab. So.. by default all users except listed in .deny are allowed to work with crontab So.. to deny a user, just add his name to cron.deny Pradip Gudale
411
In /etc/cron.d cron.allow exists ? So… to limit access to few users add their names to allow list. Don’t forget to add root there.
yes
no
cron.deny exists ? no Allow only superuser to work with crontab Pradip Gudale
Allow Allow not listed in this listed412users to work to work
*Error message for crontab -l • What do you make out of these ? crontab: can’t open your crontab file crontab: you are not authorized to use cron. Sorry. In the first case : crontab file doesnot exist In the second case: You are denied use of crontab Pradip Gudale
413
at
jobs
• Execution at a later time • executed only once • By default, users can create, display, and remove their own at job files. • When submitted an at job, it is assigned a job identification number along with the .a extension that becomes its file name. Pradip Gudale
414
How to submit an at job • Invoke at command with time as argument • enter the command to be executed later make sure to send output to a file if required • press control-d to come out to prompt $ at 11:45pm July 31 at> rm /home/export/mahesh/*core* at> Press Control-d commands will be executed using /bin/csh job 933486300.a at Sat Jul 31 23:45:00 Pradip Gudale 415 2001
Submitting at job $ at [-m] time [date] Sends mail once job is done $ at 4 am Saturday at> sort -r /usr/dict/words > /export/home/anu/big.file cntrl-d
Pradip Gudale
416
Displaying at jobs $ atq Rank Execution Date Owner Job Queue Job Name 1st Jul 12, 1999 19:30 anu 897355800.a a stdin 2nd Jul 14, 1999 23:45 anu 897543900.a a stdin $ at -l [job-id] shows execution times 3rd Jul 17, 1999 04:00 anu of your job 897732000.a a stdin $ at -l 897543900.a Mon Jul 16 23:45:00 2001 897355800.a Tue Jul 17 19:30:00 2001 897732000.a Wed Jul 18 04:00:00 2001 Pradip Gudale
417
Removal of at jobs $ at -l 897543900.a Wed Jul 14 23:45:00 1999 897355800.a Mon Jul 12 19:30:00 1999 897732000.a Sat Jul 17 04:00:00 1999 $ at -r 897732000.a $ at -l 897732000.a at: 858142000.a: No such file or directory Pradip Gudale
418
Access to at command • The policy is similar to one for crontab • it is done through at.allow and at.deny lists under /etc/cron.d directory • print server • boot server • install server • name server • mail server Pradip Gudale 419
Related Documents
Solaris - Sys Admin 1
May 2020 7
Egate Sys Admin Guide
November 2019 15
Solaris Admin Commands
April 2020 5
Solaris Admin Guide
November 2019 13
Servicenow-sys-admin-course-outline.pdf
May 2020 1
Mssql Server Sys Admin Guide
November 2019 11More Documents from ""