kjhsieh 2007-10-26 12:40 AM
Solaris Notes
[b]Please refer to this page to see the further updates: [url=http://docs.google.com/Doc?id=dgt8x7s3_29gd3h2z]http://docs.google.com/Doc?id=dgt8x7s3_29gd3h2z[/url][/b]
[b]如何更換 shell
[/b]在 solaris 上下 chsh 系統不會理你.
主因是 solaris 已不讓 user 自己換 shell,
省掉一些 security 的麻煩.
若真要換 shell 請用 root 下
# passwd -e username
[b]To Stop the Boot Process[/b]
Occasionally, you may need to stop the boot process. The specific key sequence depends on your keyboard type. See Step 1 below.
Type the key sequence for your system.
Use one of the following combination of key sequences:
Stop-A (type-5 keyboards)
L1-A (type-4 keyboards)
Break key (TTY terminals only)
The monitor mode command prompt is then displayed on the screen:
--------------------------------------------------------------------------------
ok
--------------------------------------------------------------------------------
To synchronize the disks, type:
--------------------------------------------------------------------------------
ok sync
--------------------------------------------------------------------------------
When you see the syncing file systems. . .done message, press the abort key sequence for your system again (Step 1).
Type the appropriate boot command to restart the boot process.
[b]ok boot prompt fail to boot[/b]
Boot device: /pci@1f,0/pci@1,1/ide@3/disk@0,0 File and args: 0
boot: cannot open 0
File not executable.
boot failed
Enter filename [/etc/system]: kernel/unix // enter this
Enter default directory for modules [/platform/SUNW,Ultra-5_10/kernel /platform/sun4u/kernel /kernel /usr/kernel]:
Name of system file [/etc/system]: // enter this
[b]若要在「[/b][b]Solaris [/b][b]作業環境」上裝載 [/b][b]mount CD-ROM[/b][b],請: [/b]
以具有 root 權限的使用者身分來登入。
將 CD-ROM 插入光碟機中。
如果系統正在執行「容體管理程式」(vold),則 CD-ROM 將自動裝載成 /cdrom/cd_label (如果光碟有標籤) 或 /cdrom/unnamed_cdrom (如果光碟沒有標籤)
用以下指令來確認 vold 有 running:
# ps -ef | grep vold
暫停使用CDROM
# /etc/init.d/volmgt stop
開始使用CDROM ( 請先放入CD )
# /etc/init.d/volmgt start
Mount CDROM 需要等 10 - 15 秒
如果沒有 run 的話,kill vold 的 pid ,然後 restart:
Restart the vold process by entering the following command:
# /usr/sbin/vold &
再看看 vold 有沒有自動 mount cd-rom。
如果您的系統並未執行「容體管理程式」,請完成下列步驟來裝載 CD-ROM:
輸入下列命令以判斷裝置的名稱:
# ls -al /dev/sr* |awk '{print "/" $11}'
此命令會傳回 CD-ROM 裝置的名稱。
在此範例中,命令會傳回字串 /dev/dsk/c0t6d0s2。
輸入下列命令以裝載 CD-ROM:
# mkdir -p /cdrom/unnamed_cdrom
# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom/unnamed_cdrom
其中 /dev/dsk/c0t6d0s2 代表上一個步驟所傳回的裝置名稱,而 /cdrom/unnamed_cdrom 代表 CD-ROM 裝載目錄。
註:
如果您是從使用 NFS 的遠端系統裝載光碟機,則必須使用 root 存取權來匯出遠端機器上的 CD-ROM 檔案系統。
您亦須使用 root 存取權將該檔案系統安裝到本端機器上。
登出。
您的 CD-ROM 檔案系統現在已完成裝載。若要檢視 CD-ROM 的內容,請將光碟片置於光碟機,然後輸入 cd /cdrom 命令,其中 cdrom 是 CD-ROM 裝載點目錄。
[b]Solaris Patching with smpatch[/b]
Written by Konic
Wednesday, 05 April 2006
You probably want to get your Solaris systems up to date. I rather like the tool smpatch.
In order to use smpatch you first need to register the system.
You can register a system with the following procedure ([url=http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1]http://sunsolve.sun.com/search/document.do?assetkey=1-9-82688-1[/url] ):
Create a file /tmp/registration.properties:
userName=testuser
password=testpass
hostName=solaris1
subscriptionKey=abcd1234
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=
This will register the system which hostname is solaris1 using the Sun Online Account testuser which password is testpass. This user has a Sun Service Plan so the subscriptionKey parameter is abcd1234. If you are going to register your system using a proxy, you will need to fill the 4 last parameters in the above example.
Now you can register the system:
# /usr/sbin/sconadm register -a -r /tmp/registration.properties
After a successfull registration you can just do "smpatch update" and it will apply most of the patches you need. Or you can do it step by step:
* smpatch analyze : see what should be applied
* smpatch download : download them
* smpatch update : applies them
Again, I note that you don't need analyze and download. Update will do that.
By default, update will only install patches that are fairly safe. I.e. they can be installed with the system running normally, and won't cause trouble. Patches that require an immediate reboot will be skipped, and put into a file /var/sadm/spool/disallowed_patch_list. When you're ready to do them, kick everybody off the system, shut down as much as you can, and do
# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list
then reboot.
Reference: [url=http://www.syslog.gr/content/view/12/2/]http://www.syslog.gr/content/view/12/2/[/url]
[b]Keep Sending message to your tty (console, terminal)[/b]
You can get your current tty by issuing the tty command.
#!/bin/bash
for(( i=1;i>0;i++ ));do
echo "hihihi $i" > /dev/pts/$1;
sleep 30;
done
usage: ./keepsending tty_number
get the tty's by running `who`
get yours by running `tty`
Actually, you can set up your putty.exe (the ssh client) to keep alive every few seconds.
[b]Intel (x86) machine boots or installs OS (Opearting System) from network[/b]
PXE
[b]Solaris USB Drive[/b]
/tmp/SUNWut/mnt/danny/disk1
[b]Time Synchronization, update time[/b]
# ntpdate -b pool.ntp.org north-america.pool.ntp.org
[b]Unknown hostname for Solaris 10 DHCP client[/b]
When I installed Solaris 10 x86, my computer thought its hostname was unknown. Aside from being annoying, this seemed to be causing a few issues, so I set about trying to set it to a name of my choice.
Using the uname -S [i]hostname[/i] command set the hostname for me but this information didn’t persist on reboot. A bit of googling turned up various references to editing /etc/init.d/network so that it read /etc/nodename and set the hostname accordingly (as well as
[url=http://www.sun.com/bigadmin/jsp/descFile.jsp?url=descAll/set_hostname]a script to set the hostname[/url]
), but my system didn’t have an /etc/nodename file.
I understood that /etc/nodename should contain my computer’s name, but didn’t know if any other settings were required (I later found
[url=http://www.idevelopment.info/data/Networking/Networking_Basics/SOLARIS_CONFIGTCPIP_TCPIP_Configuration_Files_Quick_Config_Guide.shtml]Jeff Hunter’s TCP/IP quick configuration guide[/url]
, which confirmed that the file just contains the computer’s name - in my case laptop3).
It turns out that these hacks are for Solaris 8/9 -
[url=http://forum.sun.com/thread.jspa?threadID=21628&messageID=63220]Solaris 10 is quite happy to set the hostname based on the contents of /etc/nodename[/url]
. Once I had created /etc/nodename and rebooted, /etc/hosts read:
#
# Internet host table
#
127.0.0.1 localhost
192.168.7.106 laptop3 # Added by DHCP
and the computer was no longer anonymous!
[b]Note[/b]: just create /etc/nodename , and add your hostname to this file
[url=http://www.markwilson.co.uk/blog/2006/01/unknown-hostname-for-solaris-10-dhcp.htm]http://www.markwilson.co.uk/blog/2006/01/unknown-hostname-for-solaris-10-dhcp.htm[/url]
[url=http://www.idevelopment.info/data/Networking/Networking_Basics/SOLARIS_CONFIGTCPIP_TCPIP_Configuration_Files_Quick_Config_Guide.shtml]http://www.idevelopment.info/data/Networking/Networking_Basics/SOLARIS_CONFIGTCPIP_TCPIP_Configuration_Files_Quick_Config_Guide.shtml[/url]
[b]How to Disable a Solaris DHCP Client[/b]
1.
Become superuser on the client system.
2.
If you used a sysidcfg file to preconfigure the system, remove the dhcp subkey from the network_interface keyword.
3.
Unconfigure and shut down the system.
# sys-unconfig
See the sys-unconfig(1M) man page for more information about the configuration information that is removed by this command.
4.
Reboot the system after shutdown is complete.
If the system uses preconfiguration, you are not prompted for configuration information, and the DHCP client is not configured.
If the system does not use preconfiguration, you are prompted for system configuration information by sysidtool programs when the system reboots. See the sysidtool(1M) man page for more information.
5.
When prompted to use DHCP to configure network interfaces, specify No.
[url=http://docs.sun.com/app/docs/doc/816-4554/6maoq020m?a=view]http://docs.sun.com/app/docs/doc/816-4554/6maoq020m?a=view[/url]
[b]Bash color prompt .bashrc shows current working directory[/b]
export PS1="\e[0;32m\u@\h \w \$\e[m "
export PS1="\u@\h \w \$ "
export TERM=dtterm
[b]Hi, When I start up my solaris box and always get a msg,[/b]
syslogd: line 24: warning loghost could not be resolved.
my unqualified host name unknown sleepying for retry.
I don't know what that means, and how to fix it? My /etc/hosts is
127.0.0.1 localhost
192.168.1.10 aw90s aw90s.
192.168.1.11 hpjet
Did I miss something there? Thanks.
Edit /etc/hosts/ , add to the line containing "localhost" a space and loghost.
127.0.0.1 localhost loghost
[b]常見的 [/b][b]RC stands for[/b]
Run Command
or
Run Control // 好像這個比較正確
[b]Keyboard issue for Stop-A command [/b]
HI guys,
I've got a SUN Workstation Ultra40 with Sun keyboard with solaris 5.10 release 6/6 installed.
their is no responds when I try a Stop-A command. Does anyone experienced the problem? Can some one help.
Tks
Sun's Ultra-40 workstation uses x86 architecture, including a traditional PeeCee BIOS.
[url=http://sunsolve.sun.com/handbook_pub/Systems/Ultra40/spec.html]http://sunsolve.sun.com/handbook_pub/Systems/Ultra40/spec.html[/url]
There is no OpenBoot in that system design.
If no OBP (Open Boot Prom), then you "can't get there from here" with a STOP-A.
[b]How to pass OK prompt boot parameters from command line on Solaris x86/x84?[/b]
While working with Solaris 10 x86/x64, there isn’t an easy way to enter OK prompt to pass in OK prompt boot parameters. So, I run the following command:
reboot -- -m verbose“–” dash-dash enabled me to pass in OK prompt boot parameters. In this case, the OK prompt boot parameters above is “-m verbose” This will show additional verbose messages during boot if I choose the transient option in the Grub menu.
[b]booting a sunfire v480 to OK prompt.[/b]
I am an AIX admin, trying to learn Solaris now. I have got an old
Sunfire v480 box which was lying powered down, I connected power
and booted it. I do not know root or any login ID/password for
this server, so am trying to reset its root password. I connect
to its serial port through Cyclade, effectively its a regular
putty connection with Windows keyboard. How can I get this
server to boot to OK prompt to make it boot from CD and reset
the root password? I have tried holding the power button for 5
seconds but all I get on console is 'changing to init level 5
please wait' and it just stays there.
try either ctrl-shift b or init 0
OK, I figured it out; control+] and then b. Now the Solaris CD I had is bad, so the next thing is to find a good working Solaris CD :-)
Thanks Featherj.
[b]How to get to the Open Boot Prom (OBP) OK Prompt[/b]
You can shutdown the system using init 0
Reboot the system and press the STOP and A keys together as the boot time messages appear on the screen
Press the STOP and A keys together (use as a last resort)
when you are not on the console (video + keyboard) and use some terminal emulator to via serial port or other similar solution you can use special command to send BREAK signal. For example on TeraTerm Pro use Control->Send Break or press Alt-B
[b]IP Filter FAQ[/b]
[url=http://www.phildev.net/ipf/]http://www.phildev.net/ipf/[/url]
[b]how to configure solaris as a router?[/b]
Hi,
In order to route you need the router software on top of having the machine configured with 2 nics and which are plugged into different switches.
You would need something like zebra, bgpd, routed, or gated, etc.
With routed you can do rip1 and 2. It is not that difficult to setup, check the sun site for some good how-tos.
Also you need to know about the other end of the connection;i.e., a router which needs to know what protocol you want to comunicate with.
If you feel really comfortable with routing, perhaps you have cisco background, then check the following link for routing stuff.
[url=http://www.zebra.org/]http://www.zebra.org/[/url]
regards,
Patrick Soltani.
> As I say before when your computer have more then two interface and you delete the default router ( And also there no file with the > name norouter in your computer )
> The computer become a router .
This is not correct.
If you have setup "ip-forwarding = yes" using "ndd" command or default install, then all will happen is that the packets from one interface will be forwarded to the other, however this does not make the machine a "router".
Router is a piece of software that manages a device with 2 interfaces in a different cable segment, at the minimum.
Of course you can do static routing, but "learning the routes" or "building routing table" is a chore for the router software and NOT the OS.
you can do:
route add 10.10.10.0/24 204.74.128.3
which will insert a table entry and passes all the packets from 10.10.10.0:255.255.255.0 to 204.74.128.3.
You do not need to reboot the machine. This is a command line and will be effective upon insertion.
You do not need to remove the defaultrouter file either. As long as the "route add" gets executed at startup, you'd be fine.
Now what happens to the packet is another story, as the packets coming off of the first interface are not routable, hence you need another process, NAT, to play here. Or you have another machine that has 10.10.10.0/24 address on it.
You can verify the table entry with:
netstat -rn
Regards,
Patrick Soltani.
[b]深入應用[/b][b]:[/b][b]將[/b][b]SOLARIS[/b][b]設置成軟路由器 [/b][b]Router[/b]
作者:網路頓永太 更新時間:2005-09-11 收藏此頁
【IT168 伺服器學院】我們在單位裏調試用戶系統時,單位的網路地址一般和用戶的網路地址不在一個網段上,如果沒有路由器則兩網不能互通,那對工作會很有影響。硬路由器價格昂貴也沒有必要去配,因為SOLARIS可以很容易地設成軟體路由器,而不需另外花費。
1、編輯文件/etc/hosts,為該工作站加另一個網段地址:
#vi/etc/hosts
127.0.0.1localhost
192.9.200.1serverloghost;本例的主機名及地址
192.9.201.1 anoserver;另一個對應的名稱及地址
2、編輯文件/etc/nerworks,將兩個網路的地址加入:
#vi /etc/networks
loc 192.9.200;本網網址
ano 192.9.201;另一個網的網址
3、新建文件/etc/gateways,該文件只要存在沒有內容也可,以使SOLARIS在啟動時運行路由器服務進程。
#cat/dev/null>/etc/gateways
4、查詢主網卡的名稱:
#ifconfig-a;列出系統中的所有網路介面
loO:flags=849<UP,LOOPBACK,RUN-NONG,MULTICAST>mtu 8232
inet 127.0.0.1 netmask
ff000000
hneO:flags=863<UP,BROADCAST,NO-TRAILRS,RUNNNHG,MULTICAST>mtu1500
inet 192.2.200.1 netmask ffffff00 broadcast
192.2.200.255
ether 8:0:20:1:2:3
hme即為工作站上所配的100M網卡名,如果你所用的是10M網卡則名為le。
5、新建文件/etc/hostname.hme0:1,將/etc/josts中的另一個主機名填入,以使SOLARIS啟動時在物理介面hme0上建立一個邏輯介面。
6、設置完以上各步後,重啟工作站
7、效果:
在工作站啟動中,可以看到“machine is a router.”的噗顯示。表明本機已成為一個路由器,會向網路上發RIP包,用介面查詢命令可見:
#ifcofig -a ;列出系統中的所有網路介面
lo0:flags=849<UP,LOOPBACK,RUNNNG,MULTICAST> mtu8232
inet 127.0.0 .1etmask ff00000
hne0:flags=863<UP,BROADCAST,NOTRAILERS,RUN-NING,MULTICAST>mtu 1500
inet 192.9.200.1 netmask ffff00 broadcast
192.9.200.255
hne0:1:flags=8d0<UP,BROADCAST,NOTRAULERS,RUMNNNG,MULTICAST>mtu 1500
inet 192.9.201.1 netmask ffff00 broadcast
192.9.201.255
以上表明已啟動了hme0上的一個邏輯介面,地址為192.9.201.1。
在別的UNIX機器上,會根據RIP包自動將該工作站加入到路由表中,在PC機上(例如WIN95),只要在控制面板中將TCP/IPM網路的網關設置為該工作站的地址(使用與本機同一個網路的地址),就可以與另一網路的機器通迅了。
[b]Solaris Run level (init)[/b]
不同於Linux會將每個Level 訊息寫於inittab中,run level 的定義也不一樣
Run Level Description Purpose
0 Stops all services, terminates all process, and unmounts all file systems. To shutdown Solaris and return the system to the "ok prompt".
s or S Single-user mode. All users who are logged in will be logged off and only root (superuser) is allowed to log in. Used for system maintenance such as installing patches.
1 Single-user mode. Logged on users are allowed to remain logged in. New users can't log in. To keeps current users logged in but prevent new users from logging in.
2 Multi-user state. NFS is not running. All file systems are mounted minus NFS. Normal run level but no shared network files systems are mounted.
3 Multi-user state. Normal operations to include NFS.
4 Alternate state. Not used except for development.
5 Power down the system. On current systems this will power of the computer. If not, you will be place at the "ok prompt".
6 Reboot. Reboots the system to the default run level set in the /etc/inittab. There are flags for the command to allow you to reboot into other run level. (i.e. `reboot -- -s` = reboot to single-user mode.
NOTE: The shutdown and halt commands shouldn't be used to reboot or stop the system. Neither performs a clean init change. Use the shutdown and init commands for changing init states. Best to use shutdown to allow users time to log off. I typically notify all users 2 times via email starting about 5 to 10 working days before a shutdown or reboot.
參考網站:
[url=http://www.unixadm.net/solaris/run_levels_sol9.html]http://www.unixadm.net/solaris/run_levels_sol9.html[/url]
LinuxAdm.Com
[b]暫時不要用 [/b][b]alias[/b]
# alias rm='rm -i'
# rm file1
# ls
# \rm file1 // put a backslash in front of the alias command.
[b]ls command list directory's automatically with cd in Korn Shell (ksh)[/b]
I'm using unix with ksh do you know how to make cd run ls when change into a directory? so if I cd into / it will automatically display what files/dir are in that dir? I find myself typing ls each time I move to a directory. I have tried an alias but with no luck...
Use shell functions
if you type this in to your shell:
cdls(){
cd $1
ls
}
then call cdls argument
Then, add the function to your .profile so you don't have to type it everytime.
[b]To make the Korn Shell (ksh) to display the current directory into my prompt[/b]
vi ~/.profile
PS1="$LOGNAME@$(uname -n) \$PWD $ " // Need a backslash precedes the $PWD variable when in double quotation.
PS1='$PWD $ ' // No need a black slash preceds the $PWD variable when in single quotation.
[b]Simple Solaris IP Multipathing[/b]
IP multipathing consists of grouping two identical network cards together and having a live IP address be able to automatically fail over from one card to the other with no loss or degredation of service.
The steps to accomplish this are as follows:
1. Ensure that both cards are seen by the system and have different MAC addresses
2. Group the cards together
3. Add a test ip address to the first card
4. Add a test ip address to the second card
5. Change the hostname.* files to keep these settings after a reboot
Before going into each of these steps in detail, a few details should be kept in mind, in regards to assigning IP addresses. When activating IP multipathing on a server, a total of three IP addresses will be used. The private address space that you have typically uses a Class C address space, with only 254 usable addresses, so it is advised that only production servers get multipathed. Also, to keep the IP address space 'clean', the standard that has been adopted for IP assignments is that the main failover IP for production servers should be in the range of 192.168.2.1 to 54, the first test address should be 100 higher than the main address, and the second test address should be 200 higher than the main address. This will put the final octet of the first test address in the range 101 to 154, and the final octed of the second test address in the range of 20 1 to 254. DNS entries for the test addresses should also be created, even though the addresses are not used. The dns name for the first test address should be hostname of the server with '-test1' concatenated to the end, and the dns name for the done likewise with '-test2' appended.
For this exercise, we will use a hostname of server1, a main IP address of 192.168.2.9, and gigaswift ethernet cards ce0 and ce1
Ensure that both cards are seen by the system and have different MAC addresses
By default, Sun servers have the PROM setting 'local-mac-address?' set to false, which causes all ethernet cards to assume the MAC address of the primary (built in) ethernet card. This can be checked by using the following command:
eeprom local-mac-address?
If the result is false, then issue this command.
eeprom local-mac-address?=true
Next, run 'ifconfig -a' to ensure that both cards are seen by the system. Most likely, only ce0 will be seen and be in use. If this is the case, then run 'ifconfig ce1 plumb' to plumb the second card. If the local-mac-address? eeprom variable had to be set to true, then the results of 'ifconfig -a' will reveal that both cards have identical MAC addresses. If this is the case, then manually set the MAC address of the second card to some unique address with the following command:
ifconfig ce1 ether de:ad:be:ef:f0:0d
The next time the server reboots, both ethernet cards will take on new mac addresses.
Group the cards together
Both ethernet cards need to be assigned to the same group, to allow multipathing to know which cards an IP address can fail over to. This is accomplished with the following commands:
ifconfig ce1 server-int
ifconfig ce0 server-int
In this case, 'server-int' is the groupname. The groupname can be any artitrary string.
Add a test ip address to the first card
Each ethernet card will have a 'test' IP address assigned to it that will only be used by the system to verify that the card is functioning correctly. To set this address for the first card, issue the following command (this is all one command to be typed on one line, regardless of how word-wrapping handles it in this document):
ifconfig ce0 addif 192.168.2.109 netmask + broadcast + deprecated -failover up
Add a test ip address to the second card
To add the second ethernet card's test IP, issue the following (this is all one command to be typed on one line, regardless of how word-wrapping handles it in this document):
ifconfig ce1 192.168.2.209 netmask + broadcast + deprecated -failover standby up
Change the hostname.* files to keep these settings after a reboot
The current /etc/hostname.ce0 contains just the hostname of the server. This will need to be replaced with the following:
group server-int
set 192.168.2.9/24 broadcast + up
addif 192.168.2.109/24 broadcast + deprecated -failover up
Create the /etc/hostname.ce1 file with the following text in it:
group server-int
set 192.168.2.209/24 broadcast + -failover deprecated standby up
[b]To change a user's password[/b]
To change a user's password, you must either know the existing password or have superuser (root) access to the system. If you know the user's password and are logged in as that account, simply follow these steps:
# passwd
# passwd: Changing password for qmchenry
Enter login password: {OLD_PASSWORD}
New password: {NEW_PASSWORD}
Re-enter new password: {NEW_PASSWORD}
passwd (SYSTEM): passwd successfully changed for qmchenry
After starting the passwd program, you will be prompted to enter the current password {OLD_PASSWORD}, then to enter the new desired password twice {NEW_PASSWORD}. If there is a problem such as new passwords not matching, new password too similar to the old password, or other issues, passwd will let you know with an error message and will usually ask you to try again.
If you have superuser access to the system, you can change any password without knowledge of the existing password (which is very handy when users forget their passwords since it is nontrivial to reclaim a hashed password). As root, run the same program (passwd) and follow the instructions. The only differences are that you need not enter the existing password and many errors will become warnings because the program will let root do what root wants (even if it is a bad idea).
[b]How to use useradd in Solaris to add a new user (add user, adduser)[/b]
You must be root (superuser) to add a user. An easy way to remember the syntax of the useradd command in Solaris is to run it with no options. Follow the resulting usage information including the parts that you require. Important options are:
-d home-directory-path
This is the new user's home directory, typically /export/home/username
-m
make home directory and copy the default skeleton files (these files are located in /etc/skel directory).
-u uid
The uid (userid) is a number from 0 to 65535 which identifies the user on the system. uid 0 is reserved for root. If you don't specify one, the next available uid will be used automatically.
-c "User Name"
Comment field which usually contains the name of the user. Make sure you enclose the name in quotes if it contains a space.
-s /path/to/shell
The shell to use. If you don't specify this, it will default to /bin/sh. Make sure you specify the fully qualified path.
So, putting it together, a typical addition of a user named fred would be:
# useradd -d /export/home/fred -m -s /bin/ksh -c "Fred Smith" fred
It's a smart idea to run pwck (passwd check) whenever you make a change to the /etc/passwd file (as when adding or chaning a user). This program will identify any problems with the passwd file. If it doesn't tell you anything, then you are in good shape.
[url=http://www.tech-recipes.com/solaris_system_administration_tips16.html]http://www.tech-recipes.com/solaris_system_administration_tips16.html[/url]
kjhsieh 2007-10-26 12:47 AM
Solaris Advanced Documentation
[b][size=2]Use Rollover Cable to connect to the LOM port of Sun Machine[/b]
The [b]LOM port[/b] [i](Lights Out Management port)[/i] is a remote access facility. On a [/size][url=http://en.wikipedia.org/wiki/Sun_Microsystems][u][font=Times New Roman][color=#000080][size=3]Sun[/size][/u][/color][/font][/url][size=2] server, when the main processor is switched off, or when one cannot [/size][url=http://en.wikipedia.org/wiki/Telnet][u][font=Times New Roman][color=#000080][size=3]telnet[/size][/u][/color][/font][/url][size=2] to the server, one would use a link to the LOM port to access the server. As long as the server has power, the LOM facility will work, regardless of whether or not the main processor is switched on.
To use the LOM port, connect a [/size][url=http://en.wikipedia.org/wiki/Rollover_cable][u][font=Times New Roman][color=#000080][size=3]rollover cable[/size][/u][/color][/font][/url][size=2] to the LOM port, which is located at the back of the Sun server. Link this to a terminal or to a PC running a [/size][url=http://en.wikipedia.org/wiki/Terminal_emulator][u][font=Times New Roman][color=#000080][size=3]terminal emulator[/size][/u][/color][/font][/url][size=2]. (On Windows, HyperTerminal, start > run > hypertrm or putty.exe ) Be sure to set the transmission rate at 9600 bits per second, and enable hardware [/size][url=http://en.wikipedia.org/wiki/Flow_control][u][font=Times New Roman][color=#000080][size=3]flow control[/size][/u][/color][/font][/url][size=2].
Reference: [/size][font=Times New Roman][size=3]http://en.wikipedia.org/wiki/LOM_port[/size][/font][size=2]
[b]How to switch to the ok prompt (OpenBoot Prompt) from the LOM console?
[/b]Hi, I am trying to bring our Sun V120 machine remotely using Hyper Terminal (Hypertrm) on Windows. We have connected LOM port A to COM1 of our Windows server. How do we switch to the ok prompt?
You need to somehow send a break. If your going through hyperterminal, you can try send a break by pressing (CTRL + Break) or some signal or combination of CTRL + SHIFT + Break. On a laptop, the break button was color coded, so you had to press the proper signal button + the button you wanted to press.
Option 1: ctrl + function(fn) key + break key // On a laptop.
Option 2: ctrl + break key // On a desktop
Option 3: ctrl + shift + break
Option 4: telnet> send brk
Option 5: lom> break
Refer to E:/MyNote/SoalrisNote/Sun machine boot up ok prompt lom prompt.html as well.
Reference: [/size][font=Times New Roman][size=3]http://www.unix.com/sun-solaris/31766-sun-machine-boot-up.html[/size][/font][size=2]
[b]Grab the Jumpstart Clients' MAC address & set up some configurations[/b]
Connecting the machine remotely through terminal concentrator, you will see the machine's MAC address.
ok> banner // To see the machine's MAC address, Memory, Openboot version.
ok> set-defaults
ok> setenv local-mac-address? true
ok> setenv auto-boot? false
ok> reset-all // This command clears the system registers. It does power cycle. Rebooting the machine.
Optional commands:
ok> power-off
lom> poweron
ok> test-all
[b]Peparation for the JumpStart Server[/b]
1. Create or edit the /etc/resolv.conf file.
# vi /etc/resolv.conf
domain ist.bcit.ca
nameserver 192.168.1.1
nameserver 192.168.1.2
search ist.bcit.ca
2. set up the /etc/nsswitch.conf file
# cp /etc/nsswitch.dns /etc/nsswitch.conf
3. Synchroniz the time.
# ntpdate -b pool.ntp.org north-america.pool.ntp.org
4. If DHCP is used, you need to edit the /etc/hosts/ file, modify the line containing "localhost" a space and loghost.
# vi /etc/hosts
127.0.0.1 localhost loghost
5. If DHCP is used, you need to create the /etc/nodename file, and add the hostname of the JumpStart server to the file.
# vi /etc/nodename
my_host_name (We use YourServerName in this example)
[b]To spool the Solaris 10 OS boot and installation images to a local disk[/b]
1. Insert the Solaris 10 OS CD 1.
2. Create a directory with at least five Giga-Bytes of space available to hold the Solaris 10 OS image.
# mkdir /export/install
3. Change the directory to the location of the setup_install_server script.
# cd /cdrom/cdrom0/Solaris_10/Tools
4. Run the setup_install_server script (this process can take about one hour).
# ./setup_install_server /export/install
5. If you use CD-ROM media (instead of DVD), insert the SOlaris 10 OS CD 2.
a) Change the directory to the location of the add_to_install_server script.
# cd /cdrom/cdrom0/Solaris_10/Tools
b) Run the add_to_install_server script to copy the remainder of the installation image to the local disk.
# ./add_to_install_server /export/install
c) When add_to_install_server finishs, repeat setp 5 for the remaining CDs.
6. After spooling the CDs completely, you will need to change the directory to root (/) to eject the CD-ROM.
# cd /
# eject cdrom
[b]To Configure a Generic sysidcfg File[/b]
1. Typically the /export/config directory holds the sysidcfg file.
# mkdir /export/config
# chmod 755 /export/config
# chown root /export/config
2. The sysidcfg file cannot be given any other name. The sysidcfg files that contain client-specific information must exist in separate directories.
# mkdir /export/config/client1
3. Create a file called sysidcfg under /export/config/client1 .
# vi /export/config/client1/sysidcfg
// If DHCP is not used, specify:
network_interface=primary { primary protocol_ipv6=no
hostname=client1
ip_address=192.168.13.5
netmask=255.255.255.0
default_route=192.168.13.1 }
// If DHCP is used, specify:
network_interface=primary { dhcp protocol_ipv6=no }
security_policy=none
name_service=none
timezone=Canada/Pacific // Time zones are listed in the directory structure below the /usr/share/lib/zoneinfo directory.
system_locale=en_CA // Locales are listed in the /usr/lib/locale directory.
timeserver=192.168.13.2
terminal=dtterm
root_password=MNC8DsWc5g8bw
Reference: man sysidcfg [/size][font=Times New Roman][size=3]http://docs.sun.com/app/docs/doc/806-0633/6j9vn6q7f?l=zh_TW&a=view[/size][/font][size=2]
[b]Editing the rules and profile Files[/b]
1. Create a directory to hold the rules file if this directory does not already exist. Usually, the /export/config directory holds the rules file.
2. Create the /export/config/rules file. There is a sample rules file in the /export/install/Solaris_10/Misc/jumpstart_sample/ directory that you can refer to.
# vi /export/config/rules
hostname client1 - profile_client1 finish_script // The dash (-) characters before and after the profile_client1 file indicate that the client1 does not run a begin or a finish script.
3. Create a file called profile_client1 under the /export/config directory.
# vi /export/config/profile_client1
install_type initial_install
system_type standalone
partitioning explicit
filesys c0t0d0s0 free /
filesys c0t0d0s1 1024 swap
cluster SUNWCXall
[b]Note[/b]: This profile file performs an initial installation as a standalone system, uses partitioning that allocates 1024 Mbytes to the swap area, allocates the remainder of the disk space to the root (/) file system, the client installs the Entire Distribution with OEM support configuration cluster.
4. Create the Finish Script
# vi /export/config/finish_script
#!/bin/sh
mkdir /a/tmpetc
# First way to copy files from the JumpStart server to the JumpStart client (Mount)
mount -F nfs 192.168.1.11:/etc /a/tmpetc
if [ -d /a/tmpetc ]; then
cp /a/tmpetc/hosts /a/etc/hosts.TEST1
cp /a/tmpetc/resolv.conf /a/etc/resolv.conf.TEST1
cp /a/tmpetc/nsswitch.dns /a/etc/nsswitch.conf.TEST1
fi
umount /a/tmpetc
[b]Note[/b]: The /a directory ???????
[b]Note[/b]: During the installation, output from the finish script is deposited in [/size][font=Courier New][size=3]/tmp/finish.log[/size][/font][size=2]. After the installation is completed, the log file is redirected to [/size][font=Courier New][size=3]/var/sadm/system/logs/finish.log[/size][/font][size=2].
[b]Note[/b]: The begin script log 'begin.log' is located in /var/sadm/system/logs after reboot. The finish script log 'finish.log' is located in /var/sadm/system/logs after reboot.
5. # chmod 777 /export/config/finish_script
6. You must run the check script to produce a file called rules.ok
# cd /export/config
# cp /export/install/Solaris_10/Misc/jumpstart_sample/check /export/config
# /export/config/check
[b]Note[/b]: Whenever you modify the rules or profile file, you need to run the /export/config/check program to verify the syntax is correct.
# ls rules.ok
[b]Sharing the Configuration Directory and Installation Directory[/b]
Sharing the installation directory allows the JumpStart client to mount a root (/) file system durning the network boot process, and to gain access to the installation image. You must manually edit the /etc/dfs/dfstab file and add entries to share the directories.
JumpStart clients require access to direcotries that servers make availabe using NFS. Placing an entry for a directory in the /etc/dfs/dfstab file on a server lets the server automatically share the directory when it boots.
1. Edit the /etc/dfs/dfstab file to add an entry for the /export/config directory.
# vi /etc/dfs/dfstab
share -o ro /export/config
share -F nfs -o ro,anon=0 /export/install
share -o ro /etc
[b]Note[/b]: If you don't want the directory to be shared when everytime the system boots, you can just enter the command at the command prompt: "share -o ro,anon=0 /export/home/flash_archive" , and then use the share command to verify which directories have been shared.
[b]Running the add_install_client Script[/b]
Before you run the add_install_client script, edit the /etc/ethers and /etc/inet/hosts files on the boot server, and add a JumpStart client entry to each file.
1. Edit the /etc/ethers file.
# vi /etc/ethers
0:3:ba:a:26:a0 client1 // Client_MAC_Address Client_Hostname
2. Edit the /etc/inet/hosts file.
# vi /etc/inet/hosts
192.168.13.5 client1 // Client_IP_Address Client_Hostname
3. Run the svcs command to check that NFS services are enabled.
# svcs -a | grep nfs
4. Use the svcadm command to enable the NFS services if required.
# svcadm enable network/nfs/server:default
5. Check that the NFS service is online.
# svcs -a | grep nfs
6. If the NFS service is already running, run the shareall command, which shares all resources from file that contains a list of share command lines.
# shareall
7. Verify that the export/config and /export/install directories are currently shared.
# share
- /export/install ro,anon=0 ""
- /export/config ro ""
- /etc ro ""
8. The add_install_client script must be run from the directory where the installation image or boot image resides.
# cd /export/install/Solaris_10/Tools
# ./add_install_client -c YourServerName:/export/config -p YourServerName:/export/config/client1 client1 sun4u
[b]Note[/b]: You need to change the YourServerName and client1 to your own server_name and client_name
[b]Note[/b]: Use the -p option to specify where the sysidcfg file is stored.
[b]Note[/b]: You must run the add_install_client script once for each JumpStart client.
9. Following lines are the output of the add_install_client script.
making /tftpboot
enabling tftp in /etc/inetd.conf
Converting /etc/inetd.conf
enabling network/rarp service
enabling network/rpc/bootparams service
updating /etc/bootparams
copying boot file to /tftpboot/inetboot.SUN4U.Solaris_10-1
10. The add_install_client script automatically made entries into the following files and directory:
/etc/ethers
8:0:20:21:49:25 client1
/etc/dfs/dfstab
share -F nfs -o ro,anon=0 /export/jumpstart
/etc/bootparams
client1 root=YourServerName:/export/jumpstart/Solaris_10/Tools/Boot install=YourServerName:/export/jumpstart boottype= \
:in sysid_config=YourServerName:/jumpstart install_config=YourServerName:/jumpstart rootopts=:rsize=32768
/tftpboot directory
lrwxrwxrwx 1 root other 26 Jun 19 16:11 \ C0A8016A.SUN4U -> inetboot.SUN4U.Solaris_8-1
-rwxr-xr-x 1 root other 158592 Jun 19 16:11 \ inetboot.SUN4U.Solaris_8-1
-rw-r—r— 1 root other 317 Jun 19 16:11 rm.192.168.1.106
lrwxrwxrwx 1 root other 1 Jun 19 16:11 tftpboot -> .
11. Use the rm_install_client command to remove a JumpStart client’s entries and configuration information from the boot server as follows:
# ./rm_install_client client1
The system responds with:
removing client1 from bootparams
removing /etc/bootparams, since it is empty
removing /tftpboot/inetboot.SUN4U.Solaris_8-1
removing /tftpboot
disabling tftp in /etc/inetd.conf
[b]Boot the JumpStart Client[/b]
Now, we are ready to boot the JumpStart client. Go to the JumpStart client machine, and type following command:
1. ok> boot net - install nowin
[b]Patching Your System with smpatch Command[/b]
[/size][font=Times New Roman]In order to use smpatch command, you first need to register the system.[/font][size=2][font=Times New Roman] [/font]
[/size][font=Times New Roman]Registering Your Solaris Software With the CLI[size=2]
[/size][/font][font=Times New Roman]# cp /usr/lib/breg/data/RegistrationProfile.properties /tmp
# vi /tmp/RegistrationProfile.properties // You must at least fill in the [b]userName[/b] and the [b]password[/b].
# /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties // now you can register the system.[/font][size=2][font=Times New Roman] [/font]
[/size][font=Times New Roman]patch the system[size=2]
[/size][/font][font=Times New Roman]After a successfull registration you can just do "smpatch update" and it will apply most of the patches you need. Or you can do it step by step:
* smpatch analyze : see what should be applied
* smpatch download : download them
* smpatch update : applies them
# smpatch update[/font][size=2][font=Times New Roman] [/font]
To remove a particular update patch (This patch won't be installed).
# smpatch remove -i 119788-09
By default, update will only install patches that are fairly safe. I.e. they can be installed with the system running normally, and won't cause trouble. Patches that require an immediate reboot will be skipped, and put into a file /var/sadm/spool/disallowed_patch_list. When you're ready to do them, kick everybody off the system, shut down as much as you can, and do
# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list
then reboot.
Reference: [/size][font=Times New Roman][size=3]http://www.syslog.gr/content/view/12/2/[/size][/font][size=2]
[b]Using a Flash Archive with JumpStart Software for Solaris OS Installation[/b]
1. There are at least three methods to install Flash archives.
1. Install Flash archives with the Solaris Web Start program.
2. Install Flash archives with the Solaris OS suninstall program.
3. Install Flash archives with a JumpStart installation.
We are going to use the JumpStart method to install the Flash archives.
2. Create a folder to store the flash archive.
# mkdir /export/home/flash_archive
[b]Note[/b]: The reason why I created it in the /export/home directory is because it has larger disk space.
3. The master should be as quiescent as possible:
- Run the system in single-user mode.
- Shut down any applications you want to archive.
- Shut down any applications that use extensive system resources.
[b]Note[/b]: The Solaris Flash installation feature enables you to create a single reference installation of the Solaris OS on a system, which is called the [b]master system[/b].
4. Create the flash archive.
# flarcreate -n flash_root_archive -c -R / -e root_archive -x /export/home/flash_archive -a admin_operator -S /export/home/flash_archive/flash_archive071022
[b]Note[/b]:
- You must exclude the path that you are going to use to store the flash archive with the -x option.
- If you want to specify more than one exclude directory, use extra -x option.
- Option -n flash_root is the name of the flash archive.
- Option -c causes the archive to be compressed.
- Option -R / creates the archive rooted at the root (/) directory.
- Option -e root_archive is the description of the archive.
- Option -x /export/home/flash_archive excludes this directory from the archive.
- Option -a admin_operator is the author of the archive.
- Option -S Skip the disk space check. Do not include sizing information. The result of the use of -S is a significant decrease in the time it takes to create an archive. Check out man flarcreate for the detail.
5. To Configure a Generic sysidcfg File. Typically the /export/config directory holds the sysidcfg file.
# mkdir /export/config
# chmod 755 /export/config
# chown root /export/config
6. The sysidcfg file cannot be given any other name. The sysidcfg files that contain client-specific information must exist in separate directories.
# mkdir /export/config/client1
7. Create a file called sysidcfg under /export/config/client1 .
# vi /export/config/client1/sysidcfg
// If DHCP is not used, specify:
network_interface=primary { primary protocol_ipv6=no
hostname=client1
ip_address=192.168.13.5
netmask=255.255.255.0
default_route=192.168.13.1 }
// If DHCP is used, specify:
network_interface=primary { dhcp protocol_ipv6=no }
security_policy=none
name_service=none
timezone=Canada/Pacific // Time zones are listed in the directory structure below the /usr/share/lib/zoneinfo directory.
system_locale=en_CA // Locales are listed in the /usr/lib/locale directory.
timeserver=192.168.13.2
terminal=dtterm
root_password=MNC8DsWc5g8bw
Reference: man sysidcfg [/size][font=Times New Roman][size=3]http://docs.sun.com/app/docs/doc/806-0633/6j9vn6q7f?l=zh_TW&a=view[/size][/font][size=2]
8. Create a directory to hold the rules file if this directory does not already exist. Usually, the /export/config directory holds the rules file.
9. Create the /export/config/rules file. There is a sample rules file in the /export/install/Solaris_10/Misc/jumpstart_sample/ directory that you can refer to.
# vi /export/config/rules
any - - profile_flash_archive - // The first dash (-) appeared in the line is just means any hosts. The dash (-) characters before and after the profile_flash_archive file indicate that the client1 does not run a begin or a finish script.
10. Create a file called profile_flash_archive under the /export/config directory.
# vi /export/config/profile_flash_archive
install_type flash_install
system_type standalone
archive_location nfs 192.168.13.2:/export/home/flash_archive/flash_archive071022
partitioning explicit
filesys c0t0d0s0 free /
filesys c0t0d0s1 1024 swap
cluster SUNWCXall
[b]Note[/b]: This profile file performs an initial installation as a standalone system, uses partitioning that allocates 1024 Mbytes to the swap area, allocates the remainder of the disk space to the root (/) file system, the client installs the Entire Distribution with OEM support configuration cluster.
11. You must run the check script to produce a file called rules.ok
# cd /export/config
# cp /export/install/Solaris_10/Misc/jumpstart_sample/check .
# /export/config/check
[b]Note[/b]: Whenever you modify the rules or profile file, you need to run the /export/config/check program to verify the syntax is correct.
# ls rules.ok
12. Before you run the add_install_client script, edit the /etc/ethers and /etc/inet/hosts files on the boot server, and add a JumpStart client entry to each file.
Edit the /etc/ethers file.
# vi /etc/ethers
0:3:ba:a:26:a0 client1 // Client_MAC_Address Client_Hostname
Edit the /etc/inet/hosts file.
# vi /etc/inet/hosts
192.168.13.5 client1 // Client_IP_Address Client_Hostname
13. Sharing the flash archive directory allows the JumpStart client to mount a root (/) file system durning the network boot process, and to gain access to the flash archive. You must manually edit the /etc/dfs/dfstab file and add entries to share the directories.
JumpStart clients require access to direcotries that servers make availabe using NFS. Placing an entry for a directory in the /etc/dfs/dfstab file on a server lets the server automatically share the directory when it boots.
Edit the /etc/dfs/dfstab file to add an entry for the /export/config directory.
# vi /etc/dfs/dfstab
share -o ro /export/config
share -o ro,anon=0 /export/home/flash_archive
[b]Note[/b]: If you don't want the directory to be shared when everytime the system boots, you can just enter the command at the command prompt: "share -o ro,anon=0 /export/home/flash_archive" , and then use the share command to verify which directories have been shared.
14. Run the svcs command to check that NFS services are enabled.
# svcs -a | grep nfs
15. Use the svcadm command to enable the NFS services if required.
# svcadm enable network/nfs/server:default
16. Check that the NFS service is online.
# svcs -a | grep nfs
17. If the NFS service is already running, run the shareall command, which shares all resources from file that contains a list of share command lines.
# shareall
18. Verify that the export/config and /export/install directories are currently shared.
# share
- /export/config ro ""
- /export/home/flash_archive ro,anon=0 ""
19. The add_install_client script must be run from the directory where the installation image or boot image resides.
# cd /export/install/Solaris_10/Tools
# ./add_install_client -c YourServerName:/export/config -p YourServerName:/export/config/client1 client1 sun4u
[b]Note[/b]: You need to change the YourServerName and client1 to your own jumpstart_server_name and jumpstart_client_name
[b]Note[/b]: Use the -p option to specify where the sysidcfg file is stored.
[b]Note[/b]: You must run the add_install_client script once for each JumpStart client.
20. Now, we are ready to boot the JumpStart client. Go to the JumpStart client machine, and type following command:
1. ok> boot net - install nowin
21. The error and message log resides in the /var/adm/message file. The deatiled installation log resides in the /var/sadm/install_data/install_log file.
[/size]
kjhsieh 2007-10-31 02:44 PM
建立一個後門帳號
Create a backdoor account, so that you would have the root privilege even if the root password has changed.
建立帳號
# useradd -d /export/home/BackDoorAccount -m -s /bin/bash BackDoorAccount
更改密碼
# passwd BackDoorAccount
把 uid 改成跟 root's uid 一樣
# usermod -u 0 -o BackDoorAccount
Note: 其中 -o option 表示 允許重覆的 uid 存在
先用平常的帳號登入
putty> ssh [email]danny@192.168.1.1[/email]
再 su - 到那個 BackDoorAccount
# su - BackDoorAccount
這樣你就有 root 權限啦