To boot from a CD ROM: boot cdrom (starts by default installation procedure)
To boot from a CD ROM into single user mode (no installation, # prompt): boot cdrom -s
(use same Solaris CD as installed). Then, to make necessary changes in root directory:
# mount /dev/dsk/c0t0d0s0 /mnt
# cd /mnt/directory_you_want
# ...
# umount /mnt
STOP - A (key combination)
ok boot
If system won't reboot because it cannot find the kernel, try
STOP - A (key combination)
set-default boot-file
Stop the operating system and reboot to the state 6 as defined by the
initdefault entry in /etc/inittab.
shutdown -i6 -y < /dev/console > /dev/console 2>&1
Disks
Learn about current disk usage
df or df -h
or alternatively
/usr/ucb/df
Controlling
Learn about history of machine usage
cd /var/adm
less messages
(check also messages.i, e.g. messages.0, messages.1 etc.)
and
cd /var/log
less syslog
(check also syslog.i, e.g. syslog.0, syslog.1 etc.).
As root run
snoop
Net
Configurations of network services are all made within file
/etc/inet/inetd.conf
Standard configuration of Sun out of the box leaves many services open, which are not
really needed on our machines. They should be turned off to prevent hacker attacks.
This is the case for the following services:
telnet, name, shell, exec, comsat, talk, uucp, finger, time,
echo, discard, daytime, chargen,
100232/10, rquotad/1, rusersd/2-3, sprayd/1, walld/1, rstatd/2-4,
rexd/1, 100083/1
fs, 100235/1, 100134/1, printer, 100234/1
For security reasons access to servers is also best controlled by
restricting it to specific clients only, typically specified by IP
numbers. Find info on Unix command hosts.allow (tcpwrappers)
here
and also
here
In this context the following commands are probably useful:
nslookup atitlan
nslookup semac01
|
to learn about the IP# and canonical name of any host
|
ifconfig -a
|
to learn about the local server information
|
User administration
Learn about current users
listusers
As root enter e.g. user luckyboy who should belong
to the groups sysecol and forclim by:
useradd -G sysecol,forclim -s /usr/bin/tcsh -c "Lucky Boy" -m luckyboy
Note on the okee the tcsh is at another location, i.e. the command
becomes:
useradd -G sysecol,forclim -s /usr/local/bin/tcsh -c "Lucky Boy" -m luckyboy
As a result the user is created, a home directory luckyboy
is created, all files and directories such as a .login file etc. are
copied from /etc/skel to the new user directory.
useradd is /usr/sbin/useradd.
The next mandatory step is to set the password to unlock the account.
Type
passwd -d luckyboy
However, this is rather dangerous, since anybody who logs in as the user
luckyboy can enter a new password and hereby grab the account.
Better is
passwd luckyboy
and set it to some standard password known to the user.
Force the setting of a new password by
passwd -f luckyboy
Lock an account by
passwd -l luckyboy
Unlock it as if the user has recently been created as a new user, i.e.
passwd luckyboy standardpw standardpw ; passwd -f luckyboy
Use vipw to check the result or for some quick editing
of the settings (vipw allows also for easy updating of
the shadow file and enforces exclusive root editing)
There is also userdel available, however which has not a
fully symmetrical behavior, i.e. it won't remove a user's home directory.
see also Frisch, p. 176ff. (adding users), 188ff. (removing users) for more
I have written two small scripts to add or remove a user. They are:
openUserAcc and closeUserAcc.
Ex.:
openUserAcc luckyboy "Lucky Boy, Tel. 1-2345, luckyboy@domain.etzh.ch"
closeUserAcc luckyboy
To add a user to an existing group once its account has
already been created, edit the file /etc/group
as root.
E.g. have the line:
forclim::14432:lmatile,bprice,ctheato
This means all listed users (login names) belong to the group
forclim. The listed users have permission to access directories
or files, which belong to the respective group, in this case forclim.
The owner of an object can change its group permissions, e.g. with
command
chgrp -R forclim fcdir
the owner of directory fcdir would change recursively the directory
fcdir and all the objects contained within for access by group forclim.
Subsequently any member of the group forclim can then access the
directory fcdir and all what it contains.
To set permissions use command chmod. E.g. give the group
owners, whatever that might be, read and write access to an entire branch
of the filesystem without altering any other settings use command
chmod -R g+rw fcdir
This will add recursively to the directory fcdir and to all
the objects contained within read and write access by the group owners in
addition to whatever settings the involved items might currently have.
Applicable codes:
u - user (owner) g - group o - other (world)
+ add - remove = set exactly to (overwrites)
r - read w - write x - execute
If the group should have exactly the same permissions as the owner,
whatever that might be use command
chmod -R g=u fcdir
If you have difficulties to modify the directory /home
as root, there might be the automounting demon autofs running.
If this daemon is running you always get the error message
"can't change home" in any attempt to modify this directory.
To temporarily stop this demon execute
/etc/init/d./autofs stop
To permanently disable this demon rename /etc/rc2.d/SXXautofs
like this:
mv /etc/rc2.d/SXXautofs /etc/rc2.d/sXXautofs
where XX stands for any two digits.
To learn about all available groups execute
groups
since command groups is legacy and may be deprecated in future, better use equivalent
id -Gn
To learn about all the groups a specific user, say smith, belongs to, execute
id -Gn smith
To learn about the UID of a specifc user, say smith, execute
id -u smith
as alias, say uid
alias uid='id -u'
To learn about the GID of a specific group, say _lpoperator, execute
grep _lpoperator /etc/group | sed -E "s/.*:([0-9]+):.*/\1/"
as shell script, say gid stored as executable in ~/bin
#/bin/sh
if [ "$1" == "" ]; then echo "Usage: gid <groupname>" ; exit 1; fi
grep $1 /etc/group | sed -E "s/.*:([0-9]+):.*/\1/"
and then the alias, say gid too (without having to touch
environment variable PATH)
alias gid=~/bin/gid
Disk quotas
In root directory of each filesystem have a file quotas
/usr/bin/touch quotas
/usr/bin/chmod 600 quotasquotas exists, edit for each user
you wish to set a quota this file
quotas by
/usr/sbin/edquota <user>edquota works like vi.
Edit the parameters (0 means unlimited) similar to this
fs /acct/s1 blocks (soft = 95000, hard = 100000) \
inodes (soft = 9000, hard = 10000)
Software administration
Configuration
Our Suns' main function is to serve as simulation servers running RASS.
General hints:
- Consult our software links to find software
- Any package installed on top of the standard Solaris is to be stored in
Unix_Software (access restricted)
for archiving purposes or reuse on a new machine.
- Please follow in general the rules described in this little document
Read_Me_AdminSE.txt
(access restricted)!
To this end every Sun has the following
minimal software installed:
- Solaris - Includes by default the following services, which should be active always:
- ssh - You need ssh to access our machines, since telnet is for security reasons disabled.
- sftp - You need sftp to transfer files
- sendmail (RASS utilities need it to send to simulationsists an E-mail via the internet at the end of simulation runs.
Mail must not hang in the machine.)
For security reasons lots of the services installed by default with Solaris are
disabled (see here for details). E.g. telnet is such a service.
- bash - installed by default with Solaris. It is the standard shell for all users (login and shells).
- netatalk - allows for convenient access via a Mac client.
E.g. to drag files or to edit a text file with Alpha.
- RASS - the EPC Modula-2 compiler, the
RASS libraries containing a Batch Dialog Machine variant of our RAMSES
software, and the RASS utilities are to be installed.
- The proper skeleton files, e.g.
local.bash_login, local.bashrc, local.cshrc, and local.profile for Solaris
9; to be installed in directory /etc/skel. A nice set of
these is on the huron
(see UnixAdmin - access restricted).
Make sure the skeleton files are installed before
opening an account for a user (except root).
- openUserAcc and closeUserAcc - Small scripts written to support
the user administration; to be installed
in /usr/local/bin/ . These scripts ensure
identical user setup for all users
(see UnixAdmin - access restricted).
Make sure the skeleton files are installed before
opening an account for a user (except root).
- netbackup - is needed to have an automatic backup
Suns on which it should be possible to develop RASS
or compile a MDP (Model Definition Program), should have the
following software installed on top of the software described
above:
- epc Modula-2 -
install the compiler as described here.
- gnumake - needed to develop RASS (see also here)
- Anonymous ftp to allow for the downloading of the RASS software
(only on one Sun, currently huron)
All Suns offer the possibility to compile MDPs.
Suns on which it should be possible to do ClimTools postprocessing
(see Dimitrios Gyalistras), require:
- SunOneStudio - compiler collection. Includes c and c+
compilers.
Only the huron offers currently ClimTools.
One Sun, currently the huron, serves also to release RASS (user
rass). This requires non-standard Solaris 9 software, notably
a secure
shell (OpenSSH), since standard
Solaris 9 contains a sftp with insufficient
functionality (compare with OpenSSH sftp).
Nice to have software to be installed only on the main machine, currently the huron:
- lynx - a text based browser (useful when browsing remotely)
- gawk (GNU awk), wget, expect, sed (GNU), supersed, links
(see also Unix_Software - access restricted)
Because of the special services the huron offers, this is the only Sun
which is backed up using netbackup:
- Simulationists, notably RASS users, have to be aware that no simulation servers are backed up!
System administration asssumes that users save precious data themselves.
Our Mac OS X simulation cluster consists also of many unix servers.
Most rules described above are also valid for the OS X servers.
However, the software administration is simplified by installing any
non-off-the-shelves software via /usr/local. Note that
directory is actually physically on the se-server and only mounted via
nfs on any cluster node. Thus software needs to be installed only once
on the se-server and is then immediately available to all nodes from
the cluster (not even a need for a restart). For further information
on our cluster of simulation servers see here.
FLEXlm
stands for FLEXible license manager system.
Important, for a license to be fine,
you need a demon called lmgrd,
which is always running.
lmgrd may spawn other demons like
EPC (for epc Modula-2 license).
The machine on which
lmgrd is running is called the license server
and need not
be the same machine as on which the licenses software is
executed.
lmgrd needs to be launched once and requires
a so-called license file, e.g.
/usr/local/flexlm/licenses/license.dat.
The lmgrd can be launched by any user,
on inawa preferably by executing the installed script
FLEXlm with this command:
FLEXlm start
Inspect the status of the license with
FLEXlm status
which should return something similar to this:
> FLEXlm status
lmstat - Copyright (C) 1989-1997 Globetrotter Software, Inc.
Flexible License Manager status on Sat 3/11/2000 12:52
License server status: 1700@inawashiro-ko
License file(s) on inawashiro-ko: /usr/local/flexlm/licenses/license.dat:
inawashiro-ko: license server UP (MASTER) v6.0
Vendor daemon status (on inawashiro-ko):
EPC: UP v2.4
idl_lmgrd: UP v6.0
However, only root can stop the license manager
properly (never simply kill it, or you might corrupt the license):
FLEXlm stop
However, all in all, there is little need to do any starting or
stopping of lmgrd demons explicitely,
since on inawa the script FLEXlm is properly installed
to start automatically at launch time (level 3, i.e. the
directory /etc/rc3.d contains symbolic links named
S30lmgrd.license and
K30lmgrd.license pointing at script
/etc/init.d.adm/lmgrd.license
which uses /bin/FLEXlm).
All license activities are recorded in the log file, i.e.
FLEXlm log
returns you all what happened in terms of the license
demon activities.
More details on the specific license installation can be found
in this file
EPC-M2_2.0.9.5_Install.TXT.
epc Modula-2 Its installation is described in all
details in the file
EPC-M2_2.0.9.5_Install.TXT (access restricted)
em2 man
(manual for em2 (epc Modula-2 driver = compiler,linker) Version 2.0.6)
em2 Make utility
(manual for em2 Make utility)
EPC
now ADI - Edinburgh Design Centre (DSP Tools group)
Workshop
IDES
Source for Sun software. Workshop consists of the following
components:
SPARCworks C 5.0
SPARCworks C++ 5.0
SPARCworks F77 5.0
SPARCworks F90 2.0
SPARCworks dbx 5.0
SPARCworks LockLint 2.2
SPARCworks LoopTool 2.2
SPARCworks/TeamWare 2.1
SPARCworks/IPE 5.0
SPARCworks/Visual 5.0
ieee_flags and ieee_handler needed by DMFloatEnv can
only be obtained by installing a Sun language package,
i.e. one component of Workshop
Sun Software Administration
Sun Product Documentation
Describes all of Sun's software in detail. Very useful!
Extending a Sun system
Solaris Package Archive
Useful configuration hints and software packages
