Tuesday, 14 October 2008

Solaris Admininstror’s Command

Solaris Admininstror’s
Quick Reference

User Initialization
/etc/profile ($HOME/.profile)
sh, bash, ksh system wide (per user) init
(system wide init has no effect in CDE environment).
/etc/.login ($HOME/.login)
csh, tcsh system wide (per user) init
(system wide init has no effect in CDE environment).
per user csh, tcsh init (order: /etc/.login ? $HOME/.cshrc ?
system wide init for CDE environment (a script in Xsession.d).
per user init for CDE environment.
Templete files (local.cshrc, local.login, local.profile) copied to
new user’s home directory.

Network Configuration
NIS/NIS+ domain name.
IP address of the default router.
Internet domain name, name server and search order.
An example of resolv.conf
domain la.asu.edu
search la.asu.edu asu.edu
specifying information source from files, NIS, NIS+, or DNS.
Ipv4 hostname.
IPv6 hostname.
Host name file (/etc/hosts is a link to this file).
TCP/IP subnet masks.
Network protocols.
Network service name and port number.
create this file prevent in.routed or in.rdiscd from starting at
boot time.
Internet super daemon configuration file.

Change hostname/IP address

Setup Printer
Local printer
lpadmin –p prt_name –v /dev/ecpp0 -D “description” –T PS
-I postscript
parallel port: {/dev/ecpp0 | /dev/bpp0}
serial port: {/dev/term/a | /dev/term/b}

Printer connected to a computer
lpadmin –p prt_name –s host_name –T unknow –I any

Network capable printer
lpadmin –p prt_name –m netstandard –v /dev/null
-D “description” -o protocol={bsd | tcp}
-o dest=prtIP:9100 ? port needed for tcp protocol
-o banner={never | optional | always}
-o timeout=300

Misc printing commands
lpadmin –d prt_name
set prt_name as the default printer.
lpstat –d
show current default printer.
lpstat –p prt_name –l
show prt_name configuration.
lpstat –t
show all printer status.

Environment variables
User default printer.
_default in /etc/printers.conf
system default printer.

Disable banner
edit file /etc/lp/interfaces/prt_name

Common setting stored in file

File Sharing
File mount table (local or NFS).
File sharing table (NFS server).
Automounter master map, sample as follow
#### Master map for automounter ####
/home auto_home -nobrowse
/- auto_direct -ro
Automount home (indirect) map, sample as follow
#### mount home directory #####
jialong bluebear:/export/home/jialong
Automount direct map, sample as follow
#### mount /usr/local from a server ####
/usr/local bluebear:/usr/local
Volume manager configuration.

share [options] pathname
export NFS file systems to other computers.

mount [options] filesrv:/pathname /mnt
Mount remote file system. For security, when possible, mount
system as readonly and nosuid.
Removable disk configuration.
Sendmail Configuration
sendmail configuration file.
aliases file. Must run newaliases after modifying aliases file.

Configure a mail server
Generate new configuration file
cd /usr/lib/mail/cf
cp main -v7sun.mc foo.mc
/usr/ccs/bin/make foo.cf
Test new mail configuration file
/usr/lib/sendmail –C foo.cf –v email_address Install configuration file
cd /etc/mail
cp sendmail.cf sendmail.sav
cp /usr/lib/foo.cf sendmail.cf
pkill –HUP sendmail

Anti -spam
make sure FEATURE(access_db) is in sendmail.mc
create /etc/mail/access with something like
cyberpromo.com REJECT
sendmail.org RELAY
spam@buyme.com 550 Spammers shan't see sunlight here
makemap hash /etc/mail/access < /etc/mail/access
CDE configuration
per user CDE init file, gemerated from
desktop manager configuration file (pop-up menu when right
click mouse). From /{usr|etc}/dt/config/C/sys.dtwmrc
copy to $HOME/.dt/types/myname.fp and modify it.

per user CDE session start file (script with execute perm).
per user CDE exit file (script with execute permission).
/{usr | etc}/dt/config/C/Xresources
control attribute of login screen, for example, to disable session
menu, uncomment following line
Dtlogin*session_menus*sensitive: False
/{usr | etc}/dt/config/C/sys.resources
session resource, for example, to disable automatic screen lock,
set timout to 0
dtsession*lockTimeout: 0
$HOME/.dt/sessions/{current | home}
current (home) session files.
/{usr | etc}/dt/config/Xconfig
configuration file for login screen (dtconfig), after change use
dtconfig –reset
this script run after user login but before user session.
Control access to Xserver.
start CDE session
Scripts auto executed by Xsession.
start OpenWindow session.
Command executed after the session end.
/usr/dt/bin/dtconfig –e|-d|-kill
-e|-d: enable (disable) autostart login server.
-kill: kill dtlogin and all its child process.
default icons search path.

System Configuration
/etc/passwd, /etc/shadow, /etc/group
user account information.
users NOT allowed to use FTP.
Kernel parameters
Example: disable execution in stack
set noexec_user_stack=1
set noexec_user_stack_log=1
set maxuprc = 128 # maximum no. of user process
set sys:coredumpsize = 0 # prevent core dump
/etc/hosts.equiv, ($HOME/.rhosts)
system wide (per user) trust hosts.
/etc/motd, (/etc/issue)
message after (before) login.
allowed shell program.
run level configuration.
/etc/rc{S, | 1 | 2 | 3 | 5 | 6}.d
scripts for different run levels.
rpc.bootparamd configuration file.
pluggable authentication configuration file.
power configuration.
BSD printer configuration.
used by “file” command to determine file type.
security audit related files.
system log daemon configuration file.
specify this host is not a router.
Default info for various program
power management parameters.
put DISABLE=1 to disable solaris registration screen.
settings for “su” command.
users permitted to put system in suspend mode.
minimum password length.
login related settings, put CONSOLE=/dev/console
disable root login by telnet (rlogin).
time zone, CMASK (default 022)
Application Configuration
/etc/ssh2/ssh2_configure ($HOME/.ssh2/ssh2_config)
SSH client system wide (per user) configuration file.
/etc/ssh2/sshd2_config ($HOME/.ssh2/sshd2_config)
SSH server system wide (per user) configuration file.

Setup SSH2 to accept hostbased authtication
(1) Server side
In sshd2_config, includes hostbased, like this
AllowedAuthentications hostbased, publickey, password
In /etc/hosts, use client’s full qualified domain name (FQDN).
In .rhosts (.shosts), also use FQDN, make user these files are
owned by that user and not writeble by other users.
Copy client’s hostkey.pub to server’s /etc/ssh2/knownhosts and
name it as FQDN.ssh -dss.pub (e.g., bluebear.la.asu.edu.sshdss.
(2) Client side
In ssh2_config, includes hostbased authentication, like this
AllowedAuthentications hostbased, publickey, password
Also need to set DefaultDomain keyword, like
DefaultDomain la.asu.edu
system wide PINE configuration, overwrite by $HOME/.pinerc
system wide PINE configuration, NOT overwrite by ~/.pinerc
httpd.conf (https.conf)
Apache web server configuration file. (www.apache.org)
Samba (window server) configuration file. (www.samba.org)

Miscellaneous Commands
SUN patch files and freeware
Forget root password
boot –s cdrom
find out root partition with “format” command
mount /dev/dsk/c0t0d0s0 /mnt (suppose c0t0d0s0 is root part.)
edit /mnt/etc/shadow

Disable auto-logout feature for tcsh
Put following line in .cshrc or .tcshrc
unset autologout
edit /etc/inittab
remove sc:234:respawn:/usr/lib/saf/sac –t 300
disable serial device (modem) login.
showmount –e host_name
show export file systems on host_name.
rpcinfo –p host_name
check RPC services on host_name.
ldd program
show what dynamic libraries needed by program.
LD_LIBRARY_PATH is the search path for dynamic libraries.
useradd –d homedir –u UID –g GID –c “comment” –s shell
add new user account.
man foo | col –b > foo.txt
save manual page for command “foo” in pure text.
pkgadd –d pkgfile
add solaris package file.
boot –r
Reconfiguration system after adding new hardware.
who –r
show current run level.
volcheck –v
check if new floppy/cdrom is inserted.
fuser –u [-k] /cdrom
Show which program is using the cdrom (or floppy).
show settings in eeprom.
/usr/sbin/prtconf –vb
show system information.
find / -type f –perm -4000 –user root –print
find set UID to root program.
m64config –res 1024x768x75 –depth 24
set screen resolution, color depth for M64 frame buffer.
(ffbconfig on Ultra -60)
fsck –F ufs –y /dev/rdsk/c0t0d0s0
file system check, answer “y” to all questions.
xv –root –quit foo.gif
set CDE screen background.
/etc/init.d/script {start | stop}
run a script in /etc/init.d directory.
newfs –v /dev/rdsk/c0t0d0s6
construct new file system after format.
/usr/sbin/sys-unconfi g
reconfiguring the system.

patchadd [options] patch
apply patch to system.

ufsdump 0uf /dev/rmt/0 /
backup of all files.

ufsrestore xf /dev/rmt/0 etc/inetd.conf
restore inetd.conf file from backup

install_cluster –q -nosave
install recommended patch cluster.

set TCP/IP parameters

change settings in eeprom, like
eeprom security-mode=full

Shell Programming
i f-then-else
sh, bash, ksh
if condition; then
action_1; else
action_2; fi
csh, tcsh
if (condition) then
sh, bash, ksh
for key in list… ; do
actions; done
csh, tcsh
foreach key (list)
Rename files
foreach i (*)
mv $i $i.old
sh, bash, ksh
while condition; do
actions; done
csh, tcsh
while (condition)

Author: Jialong He
Email: Jialong_he@bigfoot.com

No comments: