| || |
Solaris Advanced System Administrator's Guide
by Janice Winsor
If you are the author or the publisher, and would like to link to your site here, please contact us.
Solaris 8 Advanced System Administrator's Guide, Third Edition is the perfect hands-on tutorial and quick reference for experienced Solaris 8 system administration. World-renowned Solaris expert Janice Winsor provides indispensable tips, advice, and quick-reference tables for these essential aspects of system administration: mail services, NIS+, Automounter services, the Service Access Facility, software installation and removal, shell programming, system security, and volume management. Thoroughly revised to reflect the latest Solaris 8 features, this book targets the tasks experienced system administrators find most challenging. Winsor begins by introducing Solaris mail services: their components and behavior, and how to plan and customize sendmail. Next, she introduces the NIS+ nameservice environment, showing how to configure both NIS+ Servers and Clients. The book includes a completely new chapter on WebNFS: how it works, and how to configure and utilize it. You'll learn how to set up new Service Access Facility services for terminals, modems, and printers; how to administer and patch software; and much more. The book also includes in-depth coverage of security, including Authentication, the Automated Security Enhancement Tool (ASET), and Role-Based Access Control (RBAC), which allows administrators to assign partial superuser privileges to users as needed.
From the Publisher
A follow up to the Solaris System Administrator's Guide, this book assumes the reader has knowledge of basic, day-to-day functions of the Solaris operating environment. Useful as both a hands-on tutorial and quick reference, this book details how to perform increasingly complex system improvement, revision, and customization. Covers the tasks most crucial to advanced administration. The book is divided into several sections for easy reference, each section addressing a major service or task, including: Mail Services, NIS+ naming service, Automounter Services, Service Access Facility to set up access to printers, modems, and terminals, application software installation and sharing, shell programming to automate routine tasks, and system security.
The officially authorized guide for advanced Solaris system administration, written by an award-winning, recognized expert
Completely updated to cover Solaris 2.6 topics, including: x86 differences, patch administration, redesign of print packages, whole new sections on security and the Sun Web Server, and more
Task-oriented and easy to reference, this classic tutorial provides indispensable tips, advice, and quick-reference tables to help the more experienced Solaris administrator add system components, improve service access, and automate routine tasks
From the Back Cover
The widely used reference for experienced system administrators of the Solaris Operating Environmentânow fully updated for the Solaris 8 platform.
- Focuses on the tasks experienced sysadmins find most challenging
- Completely updated for the Solaris 8 Operating Environment!
- Includes extensive new coverage of WebNFS technology
Ready to leverage the full power of Solaris 8 software? Now there's a hands-on reference specifically for you. In Solaris 8 Advanced System Administrator's Guide, Third Edition, award-winning author Janice Winsor delivers hundreds of indispensible tips, step-by-step procedures, and quick reference tables, all focused on the features experienced administrators find most challenging. Thoroughly updated, this book's coverage includes:
- The Solaris platform mail services, including detailed procedures for planning and customizing sendmail
- Understanding the NIS+ nameservice environment, and configuring both servers and clients
- All-new coverage of WebNFS technologyâconcepts, configuration, and day-to-day management
- Advanced security coverageâauthentication, Role-Based Access Control (RBAC), and the Automated Security Enhancement Tool (ASET)
- New Service Access Facility services for terminals, modems, and printers
- Software managementâinstallation, removal, patching, and more
- Automounter services, volume management, shell programming, and much more
No matter how well you know Solaris, this book will make you far more effectiveâjust as it has for thousands of Solaris sysadmins worldwide.
About the Author
Excerpt. © Reprinted by permission. All rights reserved.
This book is for system administrators who are familiar with basic system administration and with the tasks described in the Solaris System Administrator's Guide, Third Edition, cited in the bibliography at the end of this book.
A Quick Tour of the Contents
This book is divided into seven parts, two appendixes, a glossary, and a bibliography.
Part 1, "Mail Services," describes the Solaris mail services in four chapters. Refer to the chapters in this part if you need to set up a new mail service or expand an existing one.
Chapter 1, "Understanding Mail Services," describes the components of the mail service, defines mail service terminology, and explains how the programs in the mail service interact.
Chapter 2, "Customizing sendmail Configuration Files," describes how sendmail works, introduces the m4 macro processor, and describes how to write a custom macro configuration file and generate the sendmail configuration file.
Chapter 3, "Planning Mail Services," describes how to create sendmail configuration files for a number of different mail services configurations.
Chapter 4, "Setting Up and Administering Mail Services," describes how to set up, test, administer, and troubleshoot mail services.
Part 2, "NIS+," introduces the NIS+ nameservice environment. Refer to the chapters in this part if you want to familiarize yourself with the basics of the NIS+ nameservice and its administrative commands. Also refer to these chapters for instructions for setting up an NIS+ client. This part provides only the basic information for a system administrator who must set up and support an NIS+ environment.
Chapter 5, "Introducing the NIS+ Environment," provides an overview of NIS+, explains how NIS+ differs from the NIS nameservice, and introduces the NIS+ commands.
Chapter 6, "Setting up NIS+ Servers and Clients," describes how to use the nisserver, nispopulate, and nisclient scripts to set up one Solaris system as a root master server and others as NIS+ clients.
Part 3, "Automounter and WebNFS Services," describes the Solaris automount services and introduces WebNFS. Refer to the chapters in this part if you need to set up a new automount service or modify an existing one.
Chapter 7, "Understanding the Automounter," describes automount terminology and the components of automounting, explains how the automounter works, recommends automounting policies, and tells you how to plan your automount services.
Chapter 8, "Setting Up the Automounter," describes how to set up and administer automount maps.
Chapter 9, "Introducing WebNFS," contains a description of how WebNFS works and describes how to set up WebNFS files.
Part 4, "Service Access Facility," describes the Solaris Service Access Facility (SAF). Refer to the chapters in this part if you need to set up a new SAF service for terminals, modems, or printers or if you need to modify an existing one.
Chapter 10, "Understanding the Service Access Facility," provides an overview of SAF and describes the port monitors and services used by the SAF.
Chapter 11, "Setting Up Modems and Character Terminals," describes how to set up and administer SAF for modems and terminals.
Chapter 12, "Setting Up Printing Services," describes how to set up and administer SAF for printers and how to troubleshoot printing problems.
Part 5, "Application Software," describes how to install and delete application software. Refer to this part for guidelines on setting up an application server and for information on installing and removing application software and patches.
Chapter 13, "Installing and Managing Application Software," provides an overview of the installation, introduces the package commands and the Software Manager for installation, recommends a policy for installing software on an application server, and describes how to access files from a CD-ROM drive.
Chapter 14, "Package Commands," describes how to use the package commands to administer application software and how to set up the users' environment.
Chapter 15, "Admintool: Software Manager," describes how to use Admintool to administer application software.
Chapter 16, "Solaris Product Registry," describes how to use Solaris Product Registry to install and uninstall software.
Chapter 17, "Installing and Managing Software Patches," describes how to use the patchadd and patchrm commands.
Part 6, "Introduction to Shell Programming," familiarizes you with the basics of shell programming. Use the information in this part to decide which shell language you want to use to perform a specific task. This part does not provide in-depth instructions for writing scripts in the three basic shells.
Chapter 18, "Writing Shell Scripts," introduces the basic concepts of shell programming and the three basic shells available with the Solaris Operating Environment. It describes how shells work and describes the programming elements.
Chapter 19, "Reference Tables and Example Scripts," provides reference tables comparing shell syntax. It also contains examples of shell scripts.
Part 7, "System Security," provides information about creating and administering secure systems. Refer to these three chapters if you want to familiarize yourself with the basics of system security and if you want to use authentication services and ASET security.
Chapter 20, "Understanding System Security," introduces the basic concepts of system security, including file, system, and network security.
Chapter 21, "Using the Automated Security Enhancement Tool (ASET)," describes how to set up and use automated security enhancement tool (ASET).
Chapter 22, "Using Authentication Services," describes how to use authentication services. It provides an overview of secure RPC and explains how to use pluggable authentication modules (PAM).
Chapter 23, "Role-Based Access Control," introduces the Role-Based Access Control (RBAC) security feature, new in the Solaris 8 Operating Environment, that enables you to assign a subset of superuser privileges to one or more users. It also describes new RBAC functionality added with the Solaris 8 Update 3 (01/01) release.
Appendix A, "Volume Management," describes the volume management feature introduced in the Solaris 2.2 system software. Volume management automates the mounting of CD-ROMs, diskettes, and DVD-ROM drives. You no longer need to have superuser permission to mount a CD-ROM, a diskette, or a DVD-ROM drive.
Appendix B, "Celeste's Tutorial on Solaris 2.x Modems and Terminals," describes how to set up modems and character terminals if the basic configuration instructions provided in Chapter 11, "Setting Up Modems and Character Terminals," are not sufficient.
This book also provides a glossary of common system administration terms and a bibliography of useful reference books and URLs.
Important: Read This Before You Begin
Because we assume that the root path includes the
/etc directories, the steps show the commands in these directories without absolute path names. Steps that use commands in other, less common directories show the absolute path in the example.
The examples in this book are for a basic Solaris software installation without the Binary Compatibility Package installed and without
/usr/ucb in the path.
/usr/ucb is included in a search path, it should always be at the end. Commands like
df are duplicated in
/usr/ucb with formats and options different from those of Solaris commands.
This book does not contain all the information you need to administer systems. Refer to the complete system administration documentation for comprehensive information.
Because the Solaris Operating Environment provides the Bourne (default), Korn, and C shells, examples in this book show prompts for each of the shells. The default C shell prompt is
system-name%. The default Bourne and Korn shell prompt is
$. The default root prompt for all shells is a pound sign (
#). In examples that affect more than one system, the C shell prompt (which shows the system name) is used to make it clear when you change from one system to another.
SPARC and IA Information
This book provides system administration information for both SPARC and IA systems. Unless otherwise noted, information throughout this book applies to both types of systems. Table 1 summarizes the differences between the SPARC and IA system administration tasks.
Table 1 SPARC and IA System Administration Differences
|Category ||SPARC Platform ||IA Platform |
|System operation before kernel is loaded ||A programmable read-only memory (PROM) chip with a monitor program runs diagnostics and displays device information. The PROM is also used to program default boot parameters and to test the devices connected to the system. ||The basic input/output system (BIOS) runs diagnostics and displays device information. A Solaris Device Configuration Assistant boot diskette with the Multiple Device Boot (MDB) program is used to boot from nondefault boot partitions, the network, or the CD-ROM. |
|System booting ||Commands and options at the PROM level are used to boot the system. ||Commands and options at the MBD, primary, and secondary boot subsystems level are used to boot the system. |
|Boot programs || |
bootblk, the primary boot program, loads
ufsboot, the secondary boot program, loads the kernel.
mboot, the master boot record, loads
pboot, the Solaris partition boot program, loads
bootblk, the primary boot program, loads
ufsboot, the secondary boot program, loads the kernel.
|System shutdown ||The |
init commands can be used without additional operator intervention.
init commands are used but require operator intervention to type any key to continue the prompt.
|Disk controllers ||SCSI and IDE. ||SCSI and IDE. |
|Disk slices and partitions ||A disk may have a maximum of eight slices, numbered 0-7. ||A disk may have a maximum of four |
fdisk partitions. The Solaris
fdisk partition may contain up to 10 slices, numbered 0-9, but only 0-7 can store user data.
|Diskette drives ||Desktop systems usually contain one 3.5-inch diskette drive. ||Systems may contain two diskette drives: a 3.5-inch and a 5.25-inch drive. |
Solaris Operating Environment Evolution
To help you understand how Solaris is evolving, Table 2 provides a list of the major system administration feature differences for each release.
Table 2 Solaris Operating Environment Evolution
|Release ||New Features |
|Solaris 1.0 (SunOS 4.x) ||Berkeley (BSD) UNIX contains SunOS 4.x functionality. |
|Solaris 2.0 (SunOS 5.0) ||A merger of AT&T System V Release 4 (SVR4) and BSD UNIX. To facilitate customer transition, Solaris uses SVR4 as the default environment, with BSD commands and modes as an option. Administration Tool provides a graphical user interface Database Manager and Host Manager. |
|Solaris 2.1 (SunOS 5.1) ||Administration Tool adds a graphical user interface Printer Manager and User Account Manager. |
|Solaris 2.2 (SunOS 5.2) ||Volume management integrates access to CD-ROM and diskette files with the File Manager and provides a command-line interface. Users no longer need superuser privileges to mount CD-ROMs and diskettes. Solaris 2.0 and 2.1 procedures do not work with volume management because volume management controls and owns the devices. |
|Solaris 2.3 (SunOS 5.3) ||Volume management changes Solaris 2.2 mount point naming conventions. |
| ||Administration Tool adds a graphical user interface Serial Port Manager with templates that provide default settings, which makes adding character terminals and modems much easier. |
| ||The automounter is split into two programs: an automountd daemon and a separate automount program. Both are run when the system is booted. The |
/tmp_mnt mount point is not displayed as part of the path name, and the local path is displayed as
/home/username. Additional predefined automount map variables are provided. (Refer to the Solaris Advanced System Administrator's Guide.)
| ||Online: Backup 2.1 is included with the release. (Not documented in this book.) |
| ||Pluggable Authentication Model (PAM) is included with the release. PAM provides a consistent framework to enable access control applications, such as |
login, to be able to choose any authentication scheme available on a system, without concern for implementation details. (Not documented in this book.)
| ||C2 Security is included in this release. (Not documented in this book.) |
| ||The |
format(1) command changes for SCSI disks. (Not documented in this book.)
| ||PPP network protocol product that provides IP network connectivity over a variety of point-to-point connections is included in this release. (Not documented in this book.) |
| ||Cache File System (CacheFS) for NFS is included in this release. CacheFS is a generic, nonvolatile caching mechanism to improve performance of certain file systems by using a small, fast, local disk. |
| ||New NIS+ setup scripts are included in this release. The |
nisclient(1M) scripts enable you to set up an NIS+ domain much more quickly and easily than if you used the individual NIS+ commands to do so. With these scripts, you can avoid a lengthy manual setup process.
|Solaris 2.4 (SunOS 5.4) ||New Motif GUI for Solaris software installation is added. (Not documented in this book.) |
|Solaris 2.5 (SunOS 5.5) ||New |
pax(1M) portable archive interchange command for copying files and file systems to portable media is added.
| ||Admintool is used to administer only local systems. Solstice AdminSuite product is available for managing systems in a network for SPARC and IA systems. |
| ||New process tools are available in |
/usr/proc/bin that display highly detailed information about the active processes stored in the process file system in the
| ||Telnet client is upgraded to the 4.4 BSD version. |
telnetd remote login capacity are improved. (Not documented in this book.)
|Solaris 2.5.1 (SunOS 5.5.1) ||The limit on user ID and group ID values is raised to 2147483647, or the maximum value of a signed integer. The nobody user and group (60001) and the no access user and group (60002) retain the same UID and GID as in previous Solaris releases. |
|Solaris 2.6 (SunOS 5.6) ||Changes to the Solaris 2.6 printing software provide a better solution than the LP print software in previous Solaris releases. You can easily set up and manage print clients by using the NIS or NIS+ nameservices to enable centralization of print administration for a network of systems and printers. New features include redesign of print packages, print protocol adapter, bundled SunPrint? client software, and network printer support. |
| ||New nisbackup and nisrestore commands provide a quick and efficient method of backing up and restoring NIS+ namespaces. |
| ||New patch tools, including patchadd and patchrm commands, add and remove patches. These commands replace the |
backoutpatch commands that were previously shipped with each individual patch. (Refer to the Solaris Advanced System Administrator's Guide.)
| ||New |
filesync command ensures that data is moved automatically between a portable computer and a server. (Not documented in this book.)
| ||The previous flat |
/proc file system is restructured into a directory hierarchy that contains additional subdirectories for state information and control functions. This release also provides a watchpoint facility to monitor access to and modifications of data in the process address space. The adb(1) command uses this facility to provide watchpoints.
| ||Large files are supported on UFS, NFS, and CacheFS file systems. Applications can create and access files up to one Tbyte on UFS-mounted file systems and up to the limit of the NFS server for NFS- and CacheFS-mounted file systems. A new |
-mount option disables the large-file support on UFS file systems. Using the
-mount option enables system administrators to ensure that older applications that are not able to safely handle large files do not accidentally operate on large files.
| ||NFS Kerberos authentication now uses DES encryption to improve security over the network. The kernel implementations of NFS and RPC network services support a new RPC authentication flavor that is based on the Generalized Security Services API (GSS-API). This support contains the hooks for future stronger security of the NFS environment. (Refer to the Solaris Advanced System Administrator's Guide.) |
| ||The PAM authentication modules framework enables you to "plug in" new authentication technologies. (Refer to the Solaris Advanced System Administrator's Guide.) |
| ||Font Admin enables easy installation and use of fonts for the X Window System. It supports TrueType, Type0, Type1, and CID fonts for multibyte languages and provides comparative font preview capability. It is fully integrated into the CDE desktop. (Not documented in this book.) |
| ||TrueType fonts are supported through X and Display PostScript. Font Admin enables easy installation and integration of third-party fonts into the Solaris environment. (Not documented in this book.) |
| ||The Solaris 2.6 Operating Environment is year 2000 ready. It uses unambiguous dates and follows the X/Open guidelines where appropriate. (Not documented in this book.) |
| ||WebNFS software enables file systems to be accessed through the Web with the NFS protocol. This protocol is very reliable and provides greater throughput under a heavy load. (Not documented in this book.) |
| ||The Java Virtual Machine 1.1 integrates the Java platform for the Solaris Operating Environment. It includes the Java runtime environment and the basic tools needed to develop Java applets and applications. (Not documented in this book.) |
| ||For IA systems, the Configuration Assistant interface is part of the new booting system for the Solaris (Intel Platform Edition) software. It determines which hardware devices are in the system, accounts for the resources each device uses, and enables users to choose which device to boot from. |
| ||For IA systems, the |
kdmconfig program configures the mouse, graphics adapter, and monitor. If an owconfig file already exists,
kdmconfig extracts any usable information from it. In addition,
kdmconfig retrieves information left in the
devinfo tree by the
defconf program and uses that information to automatically identify devices. (Not documented in this book.)
| ||Release is fully compliant with X/Open UNIX 95, POSIX standards. (Not documented in this book.) |
|Solaris 7 (SunOS 5.7) ||Solaris 64-bit operating environment is added (SPARC Platform Edition only). (Not documented in this book.) |
| ||UFS logging improves file system support. |
| ||Lightweight Directory Access Protocol (LDAP) protocol improves managing name databases. (Not documented in this book.) |
| ||Java Development Kit for Solaris significantly improves scalability and performance for Java applications. (Not documented in this book.) |
| ||Dynamic reconfiguration significantly decreases system downtime. |
| ||AnswerBook2 server runs on a Web server. (Not documented in this book.) |
| ||Unicode locales enhanced with multiscript capabilities and six new Unicode locales are added. |
| ||RPC security is enhanced with integrity and confidentiality. (Not documented in this book.) |
| ||The Solaris Common Desktop Environment (CDE) contains new tools to make it easy to find, manipulate, and manage address cards, applications, e-mail addresses, files, folders, hosts, processes, and Web addresses. (Not documented in this book.) |
|Solaris 8 (SunOS 5.8) ||IPv6 adds increased address space and improves Internet functionality by using a simplified header format, support for authentication and privacy, autoconfiguration of address assignments, and new quality-of-service capabilities. |
| ||The Solaris Operating Environment provides the Naming Service switch back-end support directory service based on Lightweight Directory Access Protocol (LDAP). (Not documented in this book.) |
| ||The Java2 Software Development Kit for Solaris significantly improves scalability and performance of Java applications. (Not documented in this book.) |
| ||The Solaris 8 Installation CD provides a graphical, wizard-based, Java-powered application to install the Solaris Operating Environment and other software. (Not documented in this book.) |
| ||The Solaris 8 Operating Environment supports the Universal Disk Format (UDF) file system, enabling users to exchange data stored on CD-ROMs, disks, diskettes, DVDs, and other optical media. |
| ||The Solaris Smart Card feature enables security administrators to protect a computer desktop or individual application by requiring users to authenticate themselves by means of a smart card. (Not documented in this book.) |
| ||The PDA Synchronization (PDA Sync) application synchronizes the data from applications such as Desktop Calendar, Desktop Mail, Memo, and Address, with data in similar applications on a user's Personal Digital Assistant (PDA). (Not documented in this book.) |
| ||The Solaris 8 Software CDs and Languages CD include support for more than 90 locales, covering 37 languages. (Not documented in this book.) |
| ||The Solaris Common Desktop Environment (CDE) contains new and enhanced features that incorporate easy-to-use desktop productivity tools, PC interoperability, and desktop management tools. (Not documented in this book.) |
| ||The X Server is upgraded to the X11R6.4 industry standard that includes features to increase user productivity and mobility, including remote execution of X applications through a Web browser on any Web-based desktop, Xinerama, Color Utilization Policy, EnergyStar support, and new APIs and documentation for the developer tool kits. (Not documented in this book.) |
| ||Role-Based Access Control (RBAC) enables system administrators to create specific roles by which they can assign superuser privileges for specific tasks to one or more individual users. |
|Solaris 8 Update 3 ||Role-Based Access Control (RBAC) functionality is enhanced with the addition of a complete set of Solaris Management Console tools used to manage RBAC. |
| ||Solaris AdminSuite 3.0 functionality, previously available as a separate free download, has been integrated with the Solaris 8 Update 3 release. This functionality is now provided with the Solaris Management Console set of tools. |
| ||Internet Protocol version 6 (IPv6) adds increased address space and improved Internet functionality with support for authentication and privacy and autoconfiguration of address assignments. IPv6 uses a simplified header format and enables new quality-of-service capabilities. |
| ||The CDE mailer provides the capability to add attachments to mail messages in the Compose window. |
| ||The UFS file system has been enhanced to improve the performance of direct I/O to enable concurrent read and write access to regular UFS files. |
| ||During installation, systems can be configured by the system identification commands to be LDAP clients. Previous releases enabled only the configuration of a system as an NIS, NIS+, or DNS client. |
| ||The Solaris WebStart 3.0 installation has been updated to enable you to modify selected Solaris Software Group by adding or removing packages. |
| ||A new version of the Solaris Product Registry enables you to uninstall individual system packages, display all installed localized Solaris system products in the System Software Localizations folder, and make registry compatible with more installation wizards. |
| ||Diskless Client management provides the new |
smdiskless(1M) commands to manage diskless clients.
The following freeware tools and libraries are included in the Solaris 8 release.
bashsh-compatible command language interpreter.
bzip2Block-sorting file compressor.
gpatchApplies patch files to originals.
gzipGNU zip compression command.
lessA pager similar to more.
libzAlso known as
zlib. A library that performs compression, specifically, RFCs 1950-1952.
mkisofsBuilds a CD image, using an iso9660 file system.
rpm2cpioTransforms a package in RPM format (Red Hat Package Manager) to a cpio archive.
tcshC shell with file-name completion and command-line editing.
zipCompression and file packaging command.
zshCommand interpreter (shell) usable as an interactive login shell and as a shell script command processor.
Related Free eBooks