Solaris Part1

INSTALLATION OF SOLARIS OPERATING SYSTEM

Your computer is composed of hardware and software. Software applications run

on the software system called the operating system, which in turn runs on the computer

hardware. To build a Solaris 10 system, you need to install Solaris 10 OS on a compatible

hardware machine and then install the applications that your system will be running. The

applications in the Sun Solaris world are distributed in the form of so-called packages.

Sometimes, in between the two releases of an OS, a problem needs to be fixed or a new

feature needs to be added to keep the system up to date.

This is accomplished through the use of what are called patches. So, the central

question to think about in this chapter is: how to install Solaris software and keep your

system up to date? In search of an answer, we will explore three thought streams: installing

Solaris 10 OS.

Hardware Compatibility:

An operating system controls the computer hardware - that is, it runs on top of

hardware architecture. Solaris 10 OS supports the SPARC and x86 families of processor

architectures: Ultra SPARC, SPARC64, IA-32, and AMD64.

To be more specific, the following SPARC systems are supported:

for workstation systems:

Sun Blade <n>, where <n> stands for 100, 150, 1000, 1500, 2000, or 2500.

Ultra <n>, where <n> stands for 2, 5, 10, 30, 60, 80, or 450.

For workgroup (entry level) servers:

Sun Fire <x>, where <x> stands for V100, V120, V210, V240, V250, 280R,

V440, V480, V490, V880, V890, B100s, or B10n.

Sun Enterprise <n>, where <n> stands for 2, Ultra 5S, Ultra 10S, 250, 450,

220R, or 420 R.

For midrange servers:

Sun Fire <x>, where <x> stands for V1280, 3800, 4800, 4810, 6800, E2900,

E4900, or E6900.

Sun Enterprise <n>, where <n> stands for 3000, 4000, 5000, 6000, 3500,

4500, 5500, or 6500.

For high-end servers:

Sun Fire <x>, where <x> stands for E20K, E25K, 12K, or 15K.

Sun Enterprise <n>, where <n> stands for 10000.

Netra Servers.

All these SPARC systems are 64-bit, but they support both 64-bit and 32-bit

applications. Also note that none of these platforms requires any special installation

instructions for Solaris 10 - that is, you can just follow the general procedure described in this

chapter.

Although Solaris was originally designed to run on SPARC hardware, the PC

hardware support has been improving gradually. This makes perfect business sense, because

PC hardware is cheaper than the SPARC hardware and has a larger customer base. Solaris 10

supports the PC hardware that in this book is referred to by the term x86 which includes the

Intel 32-bit family of microprocessors and compatible 64-bit and 32-bit microprocessors from

Advanced Micro Devices (AMD).

The minimum hardware requirements for installing Solaris 10 are listed below:

ITEM REQUIRMENTPlatform Various platforms based on SPARC or x86 systemsMemory for installation or upgrade Minimum: 64MB Recommended: 256MB For

GUI-based installation: 384 MB or higher

SWAP area

Default: 512MB. (You can select double of RAM) (the hard disk space used asmemory)

Processor SPARC: 200 MHz or faster. X 86: 120 MHz or faster.Disk space

Minimum: 12GB

Once you make sure that your machine meets the hardware requirements, you need to

determine which installation method to use.

Installation Options and Requirements:

There is a wide spectrum of installation options (methods) available to install Solaris

10. These options let you choose the installation media such as CD or DVD, the installation

environment such as standalone system or network installation, the installation programs such

as text or GUI installer, and so on.

Initial installation. If your machine does not have any OS installed on it, obviously

you will choose this method. If your machine does have a previous version of OS

installed on it, this method will overwrite the disk with the Solaris 10 OS.

We will describe one system installation using Solaris installation program from CD

or DVD. When you use the Solaris installation program, you have the option to

install in one of the following two modes:

Text installer mode. The Solaris text installer enables you to install interactively by

typing information in a terminal or a console window. You can run the text installer

either in a desktop session with a window environment or in a consolesession. In

addition to keyboard and monitor, the text installer will require a local DVD or CD-

ROM drive or a network connection.

Graphical user interface (GUI) mode. The Solaris GUI installer enables you to

interact with the installation program by using graphic elements such as windows,

pull-down menus, buttons, scrollbars, and icons. In addition to keyboard, monitor,

and video adapter, the GUI installer requires a local DVD or CD-ROM drive, or a

network connection. The minimum memory requirement for GUI installation is 384

MB.

Different installation methods:

1. Install one system interactively (locally) ---- Use the Solaris installation program

fromCD-ROM or DVD.

2. Automatic installation of multiple systems based on profiles created by the system

administrator that contain the installation requirements.

3. Use Custom JumpStart. Replicate the same software and configuration on multiple

systems.

4. Use Solaris flash archive. Install multiple systems over the wide area network (or

Internet).

Solaris Software Terminology:

When you install Solaris 10 on your machine, you install one flavor of Solaris from

several available flavors depending on your needs. In Solaris terminology, this flavor is

called a software group, which contains software clusters and packages. These terms are

described in the following list:

Package: Sun and its third-party vendors deliver software products in the form of

components called packages. A package is the smallest installable modular unit of

Solaris software. In other words, a package is a collection of software - that is, a set of

fi les and directories grouped into a single entity for modular installation and

functionality. For example, SUNWadmap is the name of the package that contains the

software used to perform system administration, and SUNWapchr contains the root

components of the Apache HTTP server.

Cluster: A cluster is a logical collection of packages (software modules) that are

related to each other by their functionality.

Software group: A software group is a grouping of software packages and clusters.

During initial installation, you select a software group to install based on the functions

you want your system to perform. For an upgrade, you upgrade the software group

installed on your system. Remember that in order to manage the disk space, you can

add or remove individual software packages from the software group that you select.

Patch: Generally speaking, a patch is a software component that offers a small

upgrade to an existing system such as an additional feature, a bug fi x, a driver. The

disk space requirement to install Solaris 10 depends on the software group that you

choose to install.

TABLE 2-4

Disk space requirements for installing different Solaris software groups:

Software Group Description sizeReduced Network Support Software Group

Contains the packages that provide the minimum

Contains the packages that provide the minimumContains the packages that provide the minimum with limited network service support. However, it does not activate the network services.

2.0GB

Core System Support Software Group

Contains the packages that provide the minimum support required to boot and run a networked Solaris system.

2.0GB

End User Solaris Software Group

Contains the packages that provide the minimum support required to boot and run a networked Solaris system and the Common Desktop Environment (CDE).

5.0GB

Developer Software Group Contains the packages for the End User Solaris

Software Group plus additional support for software development which includes libraries, man pages, and programming tools. Compilers are not included.

6.0GB

Entire Solaris Software Group

Contains the packages for the Developer Solaris Software Group and additional software to support the server functionality.

6.5GB

Entire Solaris Software Contains the packages for the Entire Solaris

Group plus Original Software Group plus additional hardware drivers, including drivers for hardware that may not be on the system at the installation time

6.7GB

Equipment Manufacturer(OEM) support

When you install Solaris, you install a Solaris software group that contains packages and clusters. It’s time to explore how the installation is performed.

Different software groups. Each group includes the functionality of the inner

groups

Performing Installation:

How to install Solaris 10 on SPARC- or x86-based machines interactively by using

the Solaris installation program from the Installation CD or DVD. Before you start

installation, obviously, you will make sure you have the installation CD or DVD appropriate

for the machine on which you are going to install it.

The other pre-installation requirement checks you should perform are the following:

Make sure your machine meets the hardware requirements described above.

Make sure your machine has one of the following media:

CD-ROM drive for an installation from CD

DVD drive for an installation from DVD

For a system that will not be connected to the network, keep the following

information ready:

The hostname that you will assign to the system you are installing

Language and locales that you plan to use for the system

The root password you are going to use for the root account

The required installation media and software

SPARC Solaris 10 Software CDs.

Solaris 10 Operating System for

SPARC Platforms DVD.

X 86 Solaris 10 Software CDs.

Solaris 10 Operating System for x86 Platforms DVD.

For a system that will be connected to a network, gather the following information:

The hostname that you plan to assign to the system you are installing

Language and locales that you plan to use for the system

The IP address for the machine

The subnet mask for the network

Domain name

The type of name services to be used such as DNS, NIS, or NIS+

The hostname and IP address of the name server

The root password you are going to assign to the root account

If you want to preserve any existing data or applications, you should back up the system.

Once you have checked all the installation requirements, and gathered the required

information, you are ready to install.

Installing on a SPARC Machine:

In order to install Solaris 10 on a standalone SPARC machine by using the installation

CD or DVD, use the following procedure:

1. Insert the installation media into the drive:

(a) If you are installing from the CD, insert the Solaris 10 Software for SPARC

Platforms 1 CD into the CD-ROM drive.

(b) If you are installing from the DVD, insert the Solaris 10 Operating System for

SPARC Platforms DVD into the DVD drive.

2. Boot the system:

(a) If the system is new—that is, nothing is installed on it, turn on the system.

(b) If you want to install a system that is currently running, shut down the system to

reboot from the CD-ROM (or DVD) drive. For example, bring the system to the

boot command prompt ok by issuing an init or halt command. The end result of

this step is the ok prompt;

3. Start the Solaris installation program by booting from the CD or DVD:

(a) If you want to use the Solaris installation GUI, boot from the local CD or DVD by

issuing the following command at the ok prompt: ok boot cdrom

(b) If you want to use the text installer in a desktop session, boot from the local CD or

DVD by issuing the following command at the ok prompt: ok boot cdrom –text

The -text option is used to override the default GUI installer with the text installer

in a desktop session.

(c) If you want to use the text installer in a console session, boot from the local CD or

DVD by issuing the following command at the ok prompt: ok boot cdrom –nowin

The -nowin option is used to override the default GUI installer with the text

installer in a console session. After you issue one of these boot commands, the

installation program starts; it prompts you to select a language to use during the

installation. To tell the installation program to move to the next step, you typically

click Next in a GUI and perform a similar action in the text installer. Here, we are

going to use the GUI terminology when it comes to saying continue or move to

next step. If you are using the text installer, just follow the instruction on the

monitor about what to do to continue.

4. Select the language you want to use during the installation, and press enter. After a

few seconds, the Solaris Installation Program Welcome message appears.

5. Click Next to begin the installation. If you are prompted, answer the system confi

guration questions about such matters as hostname, IP address, and so on. Use the

information that you gathered earlier in this chapter. After you get through the confi

guration questions, the Welcome to Solaris dialog box is displayed.

6. Select whether you want to reboot the system automatically and whether you want to

automatically eject the disc, and click Next. The Specify Media screen appears.

7. Specify the media you are using to install and click Next.

8. Select whether you want to perform an initial installation or an upgrade and click

Next. If you choose to upgrade the existing system, the Solaris installation program

will determine whether the system can be upgraded. For example, to be able to

upgrade, it must have an existing Solaris root (/) fi le system. After detecting the

necessary conditions, the installation program will upgrade the system.

9. Select the type of installation that you want to perform, as shown in the following:

(a) Select Default Install if you want to install the Entire Solaris Software Group and

the Sun Java™ Enterprise System software. This is a good choice if you are a

beginner and your machine has enough disk space.

(b) Select Custom Install if you want to perform the following tasks and you know

how to do it:

Install a specifi c software group

Install specifi c software packages

Install a specifi c locale

Customize the disk layout

Click Next.

10. Answer any additional confi guration questions, if you are prompted. Once you have

provided the required information, the Ready to Install screen is displayed.

11. Click Install Now to install the Solaris software including the OS, and follow the

instructions on the screen. When the installation program finishes installing the

Solaris software, the system will reboot automatically or it will prompt you to reboot

manually. If you chose to install additional products, you would be prompted to insert

the CD or DVD for those products. If you were performing an initial installation, the

installation is complete, and you can move on to the next step. If, on the other hand,

you were upgrading an existing system, you might need to make corrections to some

local modifi cations that were not preserved:

Review the contents of the /a/var/sadm/system/data/upgrade_cleanup file to

determine whether you need to make any correction to the local modifications

that the Solaris installation program could not preserve.

Make corrections to any local modifications that were not preserved.

12. If you did not select the automatic reboot option earlier, reboot the system by issuing

the following command: # reboot

Note that the text installer will not prompt you to select a default or custom

installation. Instead, you will be provided the text installer screens with default values.

Accept those values for default installation, or edit the values to customize the

installation. If you are planning to install Solaris on a PC (x 86 machine), follow the

installation steps presented in the next section.

Installing on an x86 Machine:

Just as on a SPARC machine, you can choose to install the Solaris OS on an x86

machine by using the Solaris installation program from the installation CD or DVD. Note that

the machine’s BIOS must support booting from a CD or DVD. You may need to manually set

your BIOS to boot from a DVD or CD. See your machine’s hardware documentation for

more information on how to set the BIOS.

The installation procedure is described here:

1. Insert the CD or DVD into appropriate drive:

(a) If you plan to boot from the CD drive, insert the Solaris 10 Software -1 CD into

the drive.

(b) If you plan to install from the DVD drive, insert the Solaris 10 Operating System

DVD into the drive.

2. Boot the system by shutting it down, turning it off, and then turning it back on. If you

need to manually set the BIOS to boot from CD or DVD, press the appropriate key

sequence to interrupt the system boot process. After modifying the boot priority in the

BIOS, exit the BIOS to return to the installation program. After executing the memory

test and hardware detection, the screen refreshes, and the Solaris Booting System

screen is displayed.

3. Decide whether you want to modify the device settings. You may need to do this if

you want to perform any of the following tasks:

Install device drivers or Install Time Updates (ITUs). Check your hardware

documentation to see whether you need any ITUs or additional drivers.

Disable Advanced Confi guration and Power Interface (ACPI).

Set up a serial console.

Reset the default boot device.

If you need to modify device settings with the Solaris Device Configuration Assistant

(DCA), press esc. Note that you must press esc within five seconds to interrupt the

installation in order to get the DCA screen displayed. To modify the device settings, follow

the instructions on the DCA screens. Subsequently, the Solaris installation program checks

the default boot disk for the requirements to install or upgrade the system. If the installation

program cannot detect the required system configuration, the program prompts you for any

missing information. When the check is complete, the installation selection screen is

displayed.

4. Select an installation type. The installation selection screen displays the following

options; Select the type of installation that you want to perform:

(a) Solaris Interactive

(b) Custom JumpStart

(c) Solaris Interactive Text (Desktop session)

(d) Solaris Interactive Text (Console session)

Enter the number of your choice (for example, 4 for the text console session) followed

by enter. Solaris Interactive (with GUI) is the default that will be started if you wait for more

than 30 seconds. After you make your selection, the system configures the devices and

interfaces and searches for configuration fi les. After a few seconds, the Solaris Installation

Program screen is displayed.

5. On the Solaris Installation Program screen, press f2 to Continue. Now, there are two

possible scenarios to proceed with:

If the installation program detects the types of display, keyboard, and mouse

on your system, the Select a Language screen is displayed, and you can go to

step 7.

If, on the other hand, the installation program does not detect the types of

display, keyboard, and mouse on your system, the Introduction screen from

the kdmconfig is displayed. In this case, go to step 6.

6. Choose one of the following two ways to go from here:

If you want to install the Solaris OS with the GUI, confi gure your system to

use the keyboard, display, and mouse, by following the instructions on the

screen.

If you want to do the text installation, press f4 to bypass the steps related to

GUI and go directly to step 7.

We are now at Select the Language screen.

7. Select the language you plan to use during the installation and press enter. Within

seconds, the Solaris Installation Program Welcome screen is displayed.

8. Click Next to begin the installation. If you are prompted, answer the remaining

system configuration questions. Use the information that you gathered as described

previously. After you get through the configuration questions, the Welcome to Solaris

dialog box is displayed.

9. Select whether you want to reboot the system automatically and automatically eject

the disc and click Next. The Specify Media screen appears.

10. Specify the media you are using to install and click Next.

11. Select whether you want to perform an initial installation or an upgrade and click

Next. If you choose to upgrade the existing system, the Solaris installation program

will determine whether the system can be upgraded. For example, to be able to

upgrade it must have an existing Solaris root (/) fi le system. After detecting the

necessary conditions, the installation program upgrades the system.

12. Select the type of installation that you want to perform, as shown here:

Select Default Install if you want to install the entire Solaris Software Group

and the Sun Java™ Enterprise System software. This is a good choice if you

are a beginner and your machine has enough disk space.

Select Custom Install if you want to perform the following tasks and you

know how to do it:

(a) Install a specific software group

(b) Install specific software packages

(c) Install a specific locale

(d) Customize the disk layout

We discuss software groups and packages later in this chapter. Click Next.

13. Answer any additional confi guration questions, if you are prompted. Once you have

provided the required information, the Ready to Install screen is displayed.

14. Click Install Now to install the Solaris software including the OS, and follow the

instructions on the screen.

When the installation program finishes installing the Solaris software, the system will

reboot automatically or prompt you to reboot manually. If you chose to install additional

products, you would be prompted to insert the CD or DVD for those products. If you were

performing an initial installation, the installation would complete and you could move on to

the next step. If, on the other hand, you were upgrading an existing system, you might need to

make corrections to some local modifications that were not preserved, which are discussed as

follows:

Review the contents of the /a/var/sadm/system/data/upgrade_ cleanup file to

determine whether you need to make any correction to the local modifications that the

Solaris installation program could not preserve.

Make corrections to any local modifications that were not preserved.

15. If you did not select the automatic reboot option earlier, reboot the system by issuing

the following command:

# reboot

After the installation is complete, you can fi nd the installation logs saved in the

/var/sadm/system/logs and /var/sadm/install/logs directories.

MANAGING FILE SYSTEMS

Files are an important resource supported by an operating system. The way an

operating system organizes files on a medium is called a file system. One of your tasks as a

Solaris system administrator will be managing the file systems supported by Solaris. There

are a number of file system types reflecting the media (e.g., disk or memory) on which the

files can be stored and the various ways of accessing the stored files (e.g., locally or remotely

over a network). Once the data has been stored in files, it is important to keep the data

consistent.

Therefore, handling file system inconsistencies is one of the important tasks that we

will explore in this chapter.

CERTIFICATION OBJECTIVE 4.01

Exploring the Solaris Directory Hierarchy:

As in other operating systems, the files on Solaris are grouped into a directory, and

the directories are organized into a hierarchy. A directory (called folder in the Windows

operating systems) may contain fi les and other directories, called subdirectories. In Solaris,

however, directories are just a special kind of fi le. In this section we explore the Solaris

Directory Hierarchy, beginning with the concept of a file.

File: The Atom of the Solaris World:

As in Java, it is said that everything is object; in Solaris everything is file. File is the

basic unit, the atom, in Solaris. Everything is treated as a file. Here are a few examples:

Commands. These are the executable files.

Devices. All devices on the system, such as disk drive, printer, or terminal, are

Exploring the Solaris Directory Hierarchy treated as files by the system—that

is, the system communicates with them through files.

Directories. The directories are special files that contain other files.

Documents. These are the regular files such as text file or a computer program

containing the source code.

A file occupies the space on disk in units of what is called a block. The blocks are

measured in two sizes: physical block size, which is the size of the smallest block that the

disk controller can read or write, and logical block size, which is the size of the block that

UNIX (Solaris in our case) uses to read or write files. The physical block size and the logical

block size may not be the same.

A file has a name that is a link to the file, and the user accesses the file by its name.

The name is stored inside a directory. All the other information about a file is stored in a data

structure called inode. An inode, which is 128KB in size and is stored in the cylinder

information block, contains the following information about the file:

The type of the file—regular, block special, character special, directory, FIFO named

pipe, socket, symbolic link, or other inode

The file modes (i.e., the read, write, and execute permissions)

The number of hard links to the file

The group ID to which the file belongs

The user ID of the user that owns the file

The number of bytes in the file

An array of addresses for 15 disk blocks

The date and time the file was last accessed

The date and time the file was last modified

The date and time the file was created

Note that the first 12 (0 to 11) of the 15 disk-block addresses point directly to the

blocks that store the file content. In other words, the first 12 elements of the address array

point directly to the logical blocks in which the file content is stored. If the fi le is larger than

12 logical blocks, the additional (up to 3) addresses point to indirect blocks that contain the

addresses of direct blocks. The physical block size is usually 512 bytes, and the logical block

size is set (by default) to the page size of the system, which is 8KB for a UFS file system, the

default file system for Solaris. Because each file needs an inode, the number of inodes on a

file system determines the maximum number of files that can be created on the system.

The maximum number of inodes you can create depends on the size of the file system.

For example, you can create one inode for each 2KB of disk space for a file system of size up

to 1GB. That means 1GB/2KB = 500,000 files can be created at maximum on a fi le system

of 1GB size. For larger file systems, the number of bytes needed on the disk per inode

increases, as shown in Table 4-1.

Files in Solaris are grouped into directories, and the directories are organized into a

directory hierarchy, which we explore next.

Directory Hierarchy in Solaris:

Just as in any other OS, fi les in Solaris are organized into directories, and directories

are organized into a hierarchy called a directory tree, which is an inverted tree with the root

directory (symbolized by /) on the top, which contains other directories. The root directories

and several other directories underneath it are created when you install Solaris. You must be

familiar with the following directories underneath the root:

/bin. Symbolic link to the /usr/bin directory.

/dev. Contains logical device names (defi ned in the next chapter) for the devices.

/devices. Device-related fi les controlled by the fi le system: devfs.

/lib. Contains shared libraries such as SMF executables.

/etc. Administrative and confi guration fi les.

/export. You can defi ne it according to your needs, but commonly used to hold user

home directories.

/home. This is the default mount point for user home directories.

/mnt. Default mount point used to temporarily mount fi le systems.

/sbin. Contains system administration commands and utilities. Used during booting

when /usr//bin has not yet been mounted.

/tmp. Contains temporary fi les that are deleted when the system is rebooted.

/usr. UNIX System Resources. Holds OS commands and programs.

Of course you can create your own directories and files in the already existing tree.

The user refers to the fi les and directories by their names. It can be advantageous not to

expose the real names of some directories and files to users. Instead create something that

points to the file, and if that pointer is deleted, the actual fi le is not (hence the advantage).

These pointers are called links, which we discuss next. Number of bytes per inode with

varying disk size

File system size (GB) No.of bytes per0–1 20481–2 40162–3 6144

3–1000 8192>1000 1084576

The directory tree in Solaris appears as one uniform file system to an ordinary user,

who can assume that it is true for all practical purposes. However, you, the system

administrator, must know that the tree is made of several file systems. Next, we explore the

file systems supported by Solaris.


Understanding Solaris File Systems:

Solaris 10 OS file system, including disk-based, distributed, devfs, and memory fi le

systems related to SMF, and create a new UFS file system using options for <1Tbyte and

>1Tbyte fi le systems.

A file system is a structure of directories that an operating system uses to store and

organize files. The Solaris directory tree, although it looks like one file system, consists of

several file systems connected to the tree, which is called mounting a file system. You will

learn more about mounting in the next chapter. When we refer to a file system, we may mean

any of the following:

A specific type of file system, such as a disk-based file system or a distributed file

system, which we will discuss in this section

The entire directory tree on the system, beginning with the root (/) directory

A subtree that is mounted to a point in the main directory tree

The data structure of a storage medium, such as a disk

The Solaris operating system uses the virtual file system (VFS) architecture, which

enables the kernel to handle basic file operations such as reading, writing, and listing files

within a specific file system. A user can work issuing the same commands across the file

systems—that is, the user does not have to know which specific file system is being used,

hence the name virtual file system. In addition to the VFS, Solaris can also use the memory-

based virtual file systems, which we discuss further on in this section.

There are several types of file systems supported by Solaris. Let’s begin our

exploration with disk-based file systems.

Disk-Based File Systems:

Disk-based file systems reside on, well, disks: hard disks, diskettes, and CD-ROMs.

Solaris supports the following disk-based file systems:

High Sierra fi le system (HSFS). High Sierra is the first file system for CD-ROMs. Its

official standard version is ISO9660 with the Rock Ridge extensions, which provide

all the UFS features and file types except the write and the hard links features. It is a

read-only file system.

PC f le system (PCFS). The personal computer file system is used to gain read and

write access to disks formatted for the disk operating system (DOS) running on the

PCs.

Universal disk format (UDF). The universal disk format fi le system is used to store

information on digital versatile disk or digital video disk (DVD). UNIX f le system

(UFS). The UNIX file system, based on the traditional UNIX fi le system known as

the BSD fast file system, is the default for Solaris.

We will explore this file system further on in this chapter.

Note: the general association of a file system with the specific media device: HSFS with

CD-ROM, PCFS with diskette, UDF with DVD, and UFS with hard disk.

A disk-based file system can be accessed by logging on to the machine to which the

disk is attached. (Everything is connected these days.) So, how can we access files across

systems over the network, or the Internet, which is just a big network? Solaris has the answer

to this question using the distributed fi le systems, which we explore next.

Distributed File Systems:

The distributed file systems, also called network-based file systems, are used to store

data that can be accessed across systems over a network. For example, the files could be

stored on a Solaris system called a server and can be accessed from other Solaris systems

over the network. Solaris 10 supports version 4 of the network file system (NFS), which

improves security by integrating file access, fi le locking, and mount protocols into a single

unified protocol.

So far, we have considered file systems that reside on a disk—that is, the permanent

storage medium. One can imagine storing files in a volatile storage medium—that is,

memory. There are file systems that do exactly that, and those files systems are called

memory-based file systems, which we discuss next.

Memory-Based File Systems:

Memory-based file systems use the physical memory rather than the disk and hence

are also called virtual file systems or pseudo file systems. Note, however, that some virtual

file systems may make use of disk space. For example, a cache fi le system uses a local disk

for cache, and a temporary file system may use a disk for swap space. In general, virtual file

systems provide access to special kernel information and facilities. Virtual file systems

supported by Solaris are listed here:

Cache file system (CacheFS). The cache file system uses the local disk drives to

cache the data from slow file systems such as CD-ROM drives or network fi le

systems. This helps improve system performance.

Loopback fi le system (LOFS). Let’s assume that for some reason you want to make a

fi le system available under an alternative path name. For example, you want to call

the root (/) directory /tmp/newroot. Solaris lets you do that by creating a new virtual fi

le system called loopback fi le system, which will make the entire root (/) fi le system

(in this example) appear as if it were duplicated under /tmp/newroot. In this example,

all the fi les in the root fi le system could be accessed by using a path name that

begins with either a / (forward slash) or /tmp/newroot.

Process fi le system (PROCFS). The process fi le system is used to contain a list of

active processes on the Solaris system by their process ID numbers, in the /proc

directory. This information in the /proc directory is used by commands such as ps.

Other tools such as debuggers can access the address space of the Processes by

making system calls. The PROCFS resides in memory.

Temporary fi le system (TEMPFS). When programs are executed, files are created

and manipulated that may involve significant reads and writes. The temporary file

system is designed to improve the performance of these programs by using the local

memory (and not the disk) for reads and writes. TEMPFS is the default fi le system

for the /tmp directory on Solaris. As a result, the files in the /tmp directory are deleted

when the file system is unmounted, or when the Solaris system is rebooted or

shutdown. You can, however, move these file elsewhere (just like any other file) if

you want to save them.

Other virtual file systems. There are other virtual file systems that do not require

administration. Some of them are listed here:

FIFOFS. First in first out file system. Contains named pipe fi les that are used to give

processes access to data.

MNTFS. Contains information about the mounted file systems.

SWAPFS. This file system is used by the kernel for swapping.

As you now know, everything in Solaris is a file. Solaris treats devices as files too,

and those fi les are managed by the device file system (devfs), which we discuss next.

Device File System (devfs):

The device file system (devfs) manages devices in Solaris 10 and is mounted to the

mount point /devices. Therefore, the content in the /devices directory is controlled by the

devfs, and the fi les in the /dev directory are symbolic links to the files in the /devices

directory. This way, you can continue to access all devices through entries in the /dev

directory.

However, the /devices directory contains fi les only for the currently accessible

devices on the system and dynamically represents the current state of these devices without

requiring any system administration. Note the following two features:

When a driver is loaded and attached to a device instance, a fi le is created in the

/devices directory. A symbolic link is created in the /dev directory and attached to the

file in the devices directory. Unused device entries are detached.

The files in the /proc directory are used by the system to maintain the active processes

on the system; do not delete these fi les. Even if you want to kill a process, deleting a fi le in

the /proc directory is not going to do it. Furthermore, remember that these fi les take no disk

space.

The devfs improves the system performance because only those device entries that are

needed to boot the system are attached. New entries are attached as new devices are

accessed.

The fi les under the /devices directory are entirely controlled by the devfs, and you

cannot change that. Also, the /devices namespace cannot be unmounted. Although Solaris

supports several file systems discussed in this section, the default file system for Solaris is

called UNIX file system (UFS). Most of the time you will be creating a UFS as opposed to

any other file system. Let’s now explore creating UFS file systems.

Creating UFS File Systems:

UNIX file system (UFS) is a disk-based fi le system, which is a default for Solaris. As

a system administrator, you will spend a considerable amount of your time with this system.

UFS offers the following features:

Extended Fundamental Types (EFTs). Provides a 32-bit user ID (UID), a group ID

(GID), and device numbers.

Large file systems. This fi le system can be up to 1 terabyte in size, and the largest file

size on a 32-bit system can be about 2 gigabytes.

Logging. Offers logging that is enabled by default in Solaris 10. This feature can be

very useful for auditing, troubleshooting, and security purposes.

Multiterabyte file systems. Solaris 10 provides support for mutiterabyte fi le systems

on machines that run a 64-bit Solaris kernel. In the previous versions, the support was

limited to approximately 1 terabyte for both 32-bit and 64-bit kernels. You can create

a UFS up to 16 terabytes in size with an individual file size of up to 1 terabyte.

State flags. Indicate the state of the file system such as active, clean, or stable. We

explore the state flags further on in this chapter.

In Solaris 10, logging is enabled by default for all UFS file systems unless there is

insufficient file system space for the log. A multiple number of UFSs are created on your

system disk during the installation of Solaris. These default Solaris file systems are organized

in a hierarchy with the root (/) file system at the top; TABLE 4-3

Default file systems created during Solaris installation:

Filesystem Type Description/ (root) UFS Contains directory and files critical for system operations:

kernel, device drivers, and programs to boot the system. Contains mount point directories for other (local and remote) file systems.

/etc/mnttab MNTFS Provides read-only access to the table of mounted file system only for the local system.

/export/home or /home

NFS, UFS

Mount point for user home directories.

/lib NFS, UFS

Provides mount point for directories that contains shared libraries such as Service Management Facility (SMF) executable fi les.

/opt NFS, UFS

Provides optional mount point, usually for third-party software.

/proc PROCFS Contains a list of active processes on the system by their ID

numbers./system/ CTFS Provides a virtual file system that contains the contract

information contract/system/object OBJFS Used by debuggers to access the information about kernel

symbols without accessing the kernel directly./tmp TMPFS Contains temporary non-system files that will be deleted when

the system is rebooted./usr UFS Contains system files and directories that all users share./var UFS Contains system files and directories that will likely grow,

such as system Logs./var/run TMPFS Contains temporary system files that will be deleted when the

system is rebooted.

Note the following additional points about these file systems:

Owing to their content, the root (/) and /usr file systems are required to run the Solaris

system on your machine, as they contain the system commands and programs.

You will notice that some of the commands in the /usr fi le system (such as mount)

are also included in the root fi le system because they will be needed during boot or in

the single-user mode, when the /usr fi le system has not been mounted yet.

There are two temporary file systems: /tmp for non-system files, probably created by

programs that are running, and /var/run for the system files. In addition to the file

systems created during installation, you can create new UFSs. Before creating a UFS

on the disk, you may need to perform the following tasks:

Format the disk and divide it into slices, if that has not already been done.

In case you are re-creating an existing UFS fi le system, unmount it.

Find out the device name of the slice that will contain the fi le system.

Make a backup of the disk as a protection against loss of data. E

CISE 4-1

Create a UFS File System:

1. Become superuser.

2. Issue the following commands:

To create a file system the command is “format”.

#format (it shows available disks)

Select a disk for example (0,1,2,3) after select a disk you can get format menu

Format>p ( type p it displays partition menu )

partition>p ( again type ‘p’ it displays partition table)

partition>4 (select partition number)

partition> (select defaults)

newstarting cylinder:

partition size : 200m

partition>l ( To save the partition table) yes or no

\partition>q (quit menu)

format>q (quit format menu)

After creation of partition by default the partition is in raw type. To use the partition

in solaris we have to format the partition into Ufs file system. Because solaris supports unix

file system.

To know the file system type:

#fstyp /dev/rdsk/<deviceName>

#fstyp /dev/rdsk/c0t0d0s4

To format the partition into ufs, command is ‘newfs’

#newfs /dev/rdsk/<devicename>

#newfs /dev/rdsk/c0t0d0s4

To use that filesystem we have to mount the filesystem with directory.

Step 1.

Create directory

#mkdir /oracle

To mount the filesystem command is ‘mount’

#mount /dev/dsk/c0t0d0s4 /oracle

To see the mounted file system you can use the following commands

#df –h or df –k

#mount –v (verbose)

#mountall –l (mounts all local filesystems that are listed in /etc/vfstab

#mountall –r (mounts all remote filesystems that are listed in /etc/vfstab

To save the mounted filesystem permanently we have to open the following file.

# vi /etc/vfstab (virtual file system table)

(device) (rawdevice) (mntpt) (fstyp) fsck mount at boot mount option

/dev/dsk/c0d0s4/dev/rdsk/c0d0s4 /oracle ufs1 yes Save the file and exit (:wq!)

All the permanently mount filesystems information saved under

#cat /etc/vfstab (virtual file system table)

#mount /oracle

All the presently mounted filesystems information saved under

#cat /etc/mnttab (mounted table)

To unmount the file system command is ‘umount’

#umount /oracle

Again to mount that filesystem give the following command

# mount /oracle

To mount all filesystems

#mountall

To unmount all filesystems

#umountall

Managing File System Inconsistencies and Disk Space:

Files, and hence file systems, hold data, and the operations are made on the data:

addition, deletion, and modification. During these operations, or for other reasons,

inconsistencies can occur, which we explore next.

File system data consistency is important to ensure that the content of the file system

is always available. To ensure consistency, file systems must be checked periodically. When

you boot a system, a consistency check on the file systems is automatically performed.

However, you can also perform the file system consistency check, when needed, after the

system has been booted. In order to facilitate the consistency check, Solaris offers the fsck

utility. In this section, we explore where the inconsistencies come from, how to detect them,

and how to repair them using the fsck command.

If the fsck command finds the f les and directories that are allocated but unreferenced

(that is, some inodes are allocated to files but not attached to any directory), it names them by

their inode numbers and places them in the lost+found directory. If the lost+found directory

did not exist, the fsck command would create it.

Understanding File System Inconsistencies:

The information about fi les is stored in inodes, and the data is stored in blocks. The

UFS fi le system uses a set of tables to keep track of used inodes and available blocks.

Inconsistencies will arise, for example, if these tables are not properly synchronized with the

data on disk. This condition can arise as a result of an abrupt termination of the operating

system. The reasons for inconsistencies are listed here:

A software error in the kernel

Turning off the system without the proper shutdown procedure (e.g., accidentally

unplugging the system), or through a power failure

Defective hardware, such as problems with the disk Solaris offers the fsck command,

which can be used to fi nd the inconsistencies and repair them. How does fsck know

that a file system needs to be checked for inconsistencies? It uses a flag, called the

state flag, to make this determination. The state fl ag for a fi le system is recorded in

the superblock (discussed in the next chapter). The possible values of the state flag

are:

TABLE 4-4

Possible values of a file system state flag:

State flag value

Description

FSACTIVE Mounted file system has modified data in memory. Data would be lost if power to the system were interrupted.

FSBAD The file system contains inconsistent data.FSCLEAN The file system was unmounted cleanly and doesn’t need to be checked for

consistency.FSLOG Logging is enabled for this file system.FSSTABLE The file system contains consistent data (i.e., no data would be lost if the

power to the system were interrupted).

There’s no need to run fsck before mounting.

The fsck utility makes multiple passes on a file system as listed here:

Phase 1. Checks blocks and sizes.

Phase 2. Checks path names.

Phase 3. Checks connectivity.

Phase 4. Checks reference counts.

Phase 5. Checks cylinder groups.

A file system must be inactive when you use fsck to repair it. Otherwise, the fi le

system changes that were waiting to be written tothe system and the changes that occur

during the repair might cause the fi le system to be corrupted.

Now that you know about the inconsistencies, let’s see how to use the fsck command

to detect and fix them.

Using the fsck Command:

The syntax for the fsck command is presented here:

fsck [<options>] [<rawDevice>]

The <rawDevice> is the device interface in /dev/rdsk. If no <rawDevice> is specified,

fsck looks into the /etc/vfstab file, which lists the file systems. The file systems

represented by the entries in the /etc/vfstab with the following two properties will be

checked:

The value of the fsckdev field is a character-special device.

The value of the fsckpass field is a non-zero numeral.

The options for the fsck command are as follows:

-F <FSType>. Limit the check to the file systems specified by <FSType>.

-m. Check but do not repair—useful for checking whether the file system is suitable

for mounting.

-n | -N. Assume a “no” response to all questions that will be asked during the fsck

run.

-y | -Y. Assume a “yes” response to all questions that will be asked during the fsck

run.

Unmount a file systembefore you run the fsck command on it. This way you will ensure

that you don’t add any inconsistencies during the fsck repair.

EXERCISE 4-2

Checking a File System Manually:

1. Become superuser (e.g., login as root).

2. Unmount a local file system, say /export/home.

3. Use the fsck command by specifying the mount point directory or the

/dev/dsk/<deviceName as an argument to the command. If you provide no argument,

all the file systems with fsck pass field greater than 0 in the /etc/vfstab file will be

checked.

Ex: #fsck –F ufs /dev/rdsk/c0t0d0s4

4. Messages about the inconsistencies will be displayed.

5. The fsck command may not be able to fi x all errors in one run. If necessary, you can

run the fsck command again—for example, if you see a message that looks like the

following:

FILE SYSTEM STATE NOT SET TO OKAY or FILE SYSTEM MODIFIED

6. Mount the repaired file system.

7. Move the files in the lost+found directories to where they belong with their proper

names (you will rename them to their original names). The files and directories that

you cannot identify should eventually be removed to save space.

After you create the file systems, make sure the data on them stays consistent. You

need to monitor how these file systems are using the disks on which they reside. We explore

this system administration task next.

Monitoring Disk Space Usage:

Monitoring disk space usage is an important administrative task, not only to ensure

proper usage of disk space but also to ensure correct functioning of the system. For example,

think of the situation when the disk is full and, as a result, the running programs have no

space to store their data. The Solaris system allows you to get reports on disk space usage at

different levels. You can use commands to determine disk usage by fi le systems, fi les, and

users.

Using the DF Command: Solaris offers the df command to monitor disk space usage at

fi le system level. To be specifi c, the df command can be used to determine the following:

The amount of disk space occupied by currently mounted or unmounted fi le systems

The total amount of used and available space

The fraction of the fi le system’s total capacity that has been used

The file system is specified by referring to the device, or a file, or a directory on the

file system. The following is the syntax for the df command: df [-F <FSType>] [<options>]

[<fileSystem>]

The options are described here:

-a. Report on all file systems.

-b. Print the total number of kilobytes free.

-F <FSType>. Display disk usage information on the fi le systems with the specified

fi le system type.

<file System>. Display disk usage information on the fi le system specified by

referring to a device, fi le, or directory.

-k. Display disk usage information in kilobytes.

-t <type>. Display the total number of blocks along with blocks used for each

mounted file systems.

The output for the df command looks like the following:

Filesystem kbytes used avail capacity Mounted on

senate:/ 7450 4715 1985 70% /

senate:/usr 42280 35295 2756 93% /usr

The headings in the output are self-explanatory. The column after the output

represents total space size allocated to the file system, while the second and third columns

specify used and available space.

Note in the example that the amount of space in the file system (kbytes) is greater

than the sum of the used and available space, because the system reserves a fraction of the

space to ensure that its file system allocation routines work well. You can adjust the reserved

amount, which is typically about 10 percent, by using the tunefs command.

Suppose that with the df command you determine disk usage at the fi le system level.

Further suppose that you want to go into more detail and determine disk usage by directories.

In that case, you will need the du command, which we explore next.

Using the du Command:

The du command is used to get the report on disk usage at the directory and fi le

level. You can use the du command to determine the following:

Total space allocated to a directory

Total space allocated to a directory subtree

Total space allocated to a non-directory fi le—that is, a fi le that is not a directory

The syntax for the du command is presented here:

du [<options>] [<file>]

The operand <file> can be a directory or a non-directory fi le. If <file> is not

specified, the command is run on the current directory. The reported disk space size

allocated to a directory is the sum total of space allocated to the whole subtree of fi les

and directories with the specified directory as the root. The options are listed here:

-a. In addition to the default output, display the size of each non-directory fi le in the

subtree of the specified directory.

-h. Display the output in a human-readable format. All the subdirectories in the target

subtree with the full path name and disk usage information are listed.

-k. Display the fi le sizes in kilobytes rather than blocks (512 bytes), which is the

default. All the subdirectories in the target subtree with the full path name and disk

usage information are listed.

-s. Display only the total sum for the specified file/directory.

Now that you know how to get reports on disk usage at file system level and to go

down to the directories and files level, you can become more ambitious and ask: how can I

find out disk usage by user? Well, Solaris has an answer for you, and the answer is the quot

command, which we explore next.

Using the quot Command:

There will be times when you want to know how much space is being used by each

user on a given fi le system. The quot command is used to get the report on disk usage by

user name. The syntax for the quot command is as follows:

quot [<options>] [<fileSystem>]

The <fileSystem> specifi es the mount point for the fi le system(s) to be checked.

The options are listed here:

-a. Report on all mounted file systems.

-f. Display the output in three columns representing user name, total number of

blocks, and total number of fi les owned by the user.

-v. In addition to the default output, display the number of blocks not accessed during

the past 30, 60, and 90 days.

The quot command displays the disk space in kilobytes, and you can use it as

superuser.

The three most important takeaways from this chapter are the following:

Several file systems are created during Solaris installation, and these fi le systems are

organized into an inverted hierarchy tree with the root (/) fi le system at the top. The

consistency of these fi le systems is checked and maintained using the fsck command.

Most of the file systems reside on disk, and Solaris offers commands to monitor disk

space usage at different levels of detail: df at file system level, du at file level, and

quot at user level.

PERFORMING SYSTEM BOOT AND SHUTDOWN

Performing System Boot and Shutdown once installed, the Solaris operating system is

designed to run continuously so that its resources and services are available to users on a 24 _

7 basis. On occasion, however, you will need to shut down the system and reboot it for such

reasons as system confi guration changes, scheduled maintenance procedures, or anticipated

power outages.

Consequently, you need to be familiar with system boot and shutdown procedures.

The system boot process is controlled by the boot confi guration variables and the system is

shutdown by bringing it down to a level where the power can be turned off. At any given

time the system is running in a state called the run level defined by the services running on

the system.

In Solaris 10, most of the services are managed by the Service Management Facility

(SMF). So, the core question to think about in this chapter is: how to manage the system boot

and shutdown? In search of an answer to this question, we will explore three thought streams:

the boot and shutdown processes, the boot confi guration variables, and the relationship of

SMF to the run levels.


Understanding the Solaris Boot Process:

Exam Objective 3.1: Given a scenario, explain boot PROM fundamentals, including

Open Boot Architecture Standard, boot PROM, NVRAM, POST, Abort Sequence, and

displaying POST to serial port for SPARC.

Exam Objective 3.3: Execute basic boot PROM commands for a SPARC system. The

term booting has its origin in the phrase “pull yourself up by your bootstraps.” The physical

memory of your computer does not keep the program instructions or data when the system is

shutdown. When you just start up your Solaris machine, there is no operating system running

on it. The CPU wakes up, and there is nothing for it in the RAM; therefore, it starts by taking

instructions from a chip that has the instructions burned in. In other words, each

SPARCbased system has a programmable read-only memory (PROM) chip that contains a

program called the OpenBoot PROM monitor. The monitor controls the operation of the

system before the Solaris kernel is loaded into the memory. Understanding the Solaris Boot

Process 65 when a system is turned on, the monitor runs a quick self test to check the

hardware and memory on the system, called power-on self test (POST). If no errors are

found, the system continues the boot process.

The Basic Boot Process:

The boot process takes the machine from the point at which the machine is turned on

to the point at which the operating system (Solaris in this case) takes over the machine. To

understand the boot process, it is important to clearly understand the terms that are explained

in the following text.

The Basic Terms:

The basic terms involved in the boot process are described here:

OpenBoot PROM chip. This is a programmable read-only memory (PROM) chip

based on the OpenBoot architecture standard. It contains a program called OpenBoot

PROM Monitor. Such programs, stored in read-only memory (ROM) or PROM, are

also called fi rmware.

OpenBoot PROM monitor. The most important job of OpenBoot fi rmware

(OpenBoot PROM monitor) is to boot the system, which is the process of checking

the hardware devices and loading and starting the operating system. The boot process

is governed by a number of confi guration variables that are stored in NVRAM.

NVRAM. Non-Volatile Random Access Memory (NVRAM) is a chip that stores the

system confi guration variables whose values determine the startup machine confi

guration. If you modify the variable values, the modifi cations will survive across

system shutdowns and reboots (or across power cycles). That is why it’s called non-

volatile. The variables it stores, called NVRAM confi guration variables, control the

boot process.

OpenBoot confi guration variables. These are the variables that govern the boot

process. They are also called NVRAM confi guration variables.

eeprom. This is the utility that Solaris offers to change the values of the OpenBoot

confi guration variables.

Power cycle. The power cycle of a machine consists of powering on the machine,

booting it, working on it, shutting it down, and turning the power off. The data in

RAM does not persist across power cycles.

66 Chapter 3: Performing System Boot and Shutdown

Now that you can distinguish these terms related to the boot process from each other,

let’s take a look at the boot process itself.

The Boot Phases:

The different phases of the boot process on SPARC-based systems are described here:

Boot PROM phase. The PROM displays the system identification information and

then runs power-on self test (POST), which is a diagnostics routine that scans the

system to verify the installed hardware and memory. POST runs diagnostics on

hardware devices and builds a device tree, which is a data structure describing the

devices attached to the system. After the completion of POST, the PROM loads the

primary boot program bootblk.

Boot programs phase. The bootblk program loaded by PROM finds the secondary

boot program ufsboot located in the UFS file system on the default boot device and

loads it into the memory.

Kernel initialization phase. The ufsboot program loads the kernel into the memory.

The kernel initializes itself and uses the ufsboot program to locate and load OS

modules to control the system. A module is a piece of software with a specifi c

functionality, such as interfacing with a particular hardware device. After loading

enough modules to mount the root (/) file system, the kernel unmaps the ufsboot

program and continues gaining control of the system. At the end of the kernel

initialization phase, the kernel starts the /sbin/init process.

The init phase. The init phase starts when, after initializing itself, the kernel starts

the /sbin/init process, which in turn starts /lib/svc/bin /svc.startd to start the system

services to do the following:

Check and mount file systems.

Confi gure network and devices.

Start various processes and perform tasks related to system maintenance.

The svc.startd process also executes run control (rc) scripts for backward

compatibility. The steps in the boot process are illustrated in Figure 3-1. You might ask: how

can I control the boot process? The boot process is controlled by the boot confi guration

variables. If the value of the auto-boot? Variable is false, the system will display the Boot

PROM prompt: ok. On this prompt you can issue various Boot PROM commands.

Basic Boot PROM Commands:

When the system is turned on or reset, it fi rst runs POST, and then one of the following two

things can happen:

The system will automatically reboot if the value of the confi guration variable auto-

boot? is true, the value of the boot-command variable is boot, and OpenBoot is not in

diagnostic mode. In order to boot, the system will automatically load, and executes

the program and its arguments specified by the boot-file variable from the device

described by the boot-device variable.

If the confi guration variable auto-boot? is false, the system may stop at the OpenBoot

user interface without booting the system and will display the ok prompt.

Turn on

Boot PROM loads

Bootblk

bootblk loads

ufsboot

Kernel user ufsboot

to load modules

ufsboot loads

kernel

Checks system hardware

POST Kernel uses ufsboot to load

some modules and then start

the init process, which in turn starts svc.startd to start system services.

The kernel takes over the system

System services

System modules

Steps in the boot process

Understanding the Solaris Boot Process 67


You can issue the Boot PROM commands at the ok prompt. One obvious

command is the boot command to boot the system, which you can use in one of the

following ways:

Issue the boot command without any arguments if you want to boot the system from

the default boot device using the default boot arguments.

Issue the boot command with an explicit boot device as an argument if you want to

boot the system from the specified boot device using the default boot arguments.

Issue the boot command with explicit boot arguments if you want to boot the system

from the default device by using the specified arguments.

Issue the boot command with an explicit boot device and with explicit arguments if

you want to boot the system from the specified device with the specified arguments.

The general syntax of the boot command is shown here:

boot [<device>] [<arguments>]

Arguments and options are described here:

<device>. Specifi es the full path or the alias for the boot device. The typical values

are:

cdrom for CD-ROM drive

disk for hard disk

floppy for 3.5 inch diskette drive

net for network

tape for SCSI tape

<arguments>. Specify the arguments for the boot command such as the name of the

fi le that contains the program that will be started as a result of the command. The

name is relative to the selected device and partition. If this argument is not specified,

the boot program uses the value of the NVRAM parameter: boot-file.

In addition to the boot command there are other administrative and diagnostic

commands that you can issue at the Boot PROM prompt: ok. The commonly used OpenBoot

PROM commands issued from the ok prompt are described in Table 3-1.

ok banner Displays current power-on banner. –h

ok boot [<arguments>]

[<options>]

Boots the system. ok boot

Boots with default options.

ok .enet-addr Displays current Ethernet address of the machine.

ok .version Displays the version of the Boot PROM. —

ok eject <media> Ejects the media. ok eject floppy

ok eject cdrom

ok eject tape

ok help [<category>]

ok help [<command>]

The help command without arguments displays a list of command categories, and,

with a category as an argument, displays help for all the commands in that category.

ok help dump

Displays help for the dump command.

ok password Sets the security password.

ok printenv Displays a table showing the boot confi guration variable names, their

current values, and default values.

ok reset-all Resets the system. It’s equivalent to performing a power cycle.

ok set-default

<varName>

Sets the value of the specifi ed variable to its default value.

ok set-default autoboot?

ok setenv <varName>

<value>

Sets the value of a boot confi guration variable.

ok auto-boot? False

ok show-devs Displays the list of all the devices in the OpenBoot device tree.

ok test <device> Tests the specifi ed device. No message displayed means test

succeeded.

ok test floppy

ok test cdrom

ok test /memory

ok test tape

Commonly used OpenBoot PROM commands (do not type ok; it’s a command

prompt). You can issue the PROM commands either from the console (most commonly) or

from the serial terminal attached to the ttya or ttyb port on a Solaris machine. Table 3-2

presents some useful emergency commands related to booting. You can use the Stop-A

command to get the Boot PROM command prompt from the running system. You can also

use this command to reboot a hung system, as shown Understanding the Solaris Boot Process

69, 70 Chapter 3: Performing System Boot and Shutdown in the following exercise. If you

only want to allow the Stop-A key combination to work during the boot sequence and you

don’t want it to work when the system is up and running, uncomment the following line in

the /etc/default/kbd fi le: KEYBOARD_ABORT = disable

EXERCISE 3-1

Reboot the Hung System:

In order to reboot the hung system and force a crash dump, perform the following

steps. This procedure will work even if the system is not hung.

1. Press the stop key sequence for your system. The specifi c stop key sequence depends

on your keyboard type. For example, it could be Stop-A or L1-A. On terminals, press

the Break key. The system will go to the PROM phase and display the ok prompt.

2. Synchronize the fi le systems and write the crash dump.

N

ok sync

After the crash dump has been written to disk, the system will continue to

reboot.

3. Verify that the system boots to run level 3. The login prompt is displayed when the

boot process has fi nished successfully.

<login prompt>:

Stop Bypass POST.

Stop-A Abort.

Stop-D Enter diagnostic mode. Enter this command if your system bypasses

POST by default and you don’t want it to. Stop-N Reset NVRAM content to

default values.

Emergency commands from keyboard

(<key1>-<key2>

means hold down both keys at the same time)

4. Login as root, and issue the following command to force a crash dump: halt –d

5. At the ok prompt, issue the boot command to boot the system: ok boot

In this exercise, the sync command actually returns control to the OS, which performs

the data-saving operation. This is important because the system may have frozen (crashed)

without saving the data that was supposed to be saved to the disk. When a system is booted, a

certain number of services are started at the end of the boot process. Which services are

started depends on the run level to which the system boots.

Understanding Run Levels:

A run level denoted by a digit or a letter represents the state of a system. The Solaris

system always runs in one of a set of well-defined run levels. Run levels are also referred to

as init states because they are maintained by the init process. The Solaris system has eight run

levels described in Table 3-3. The default run level is specified in the /etc/inittab fi le by the

initdefault entry, and its value in the default version of the fi le is 3. However, note that this

value will be used by the init process only if the milestone property has not been specifi ed

for the SMF facility svc.startd; otherwise, the default run level specifi ed by the milestone

property will be used. You can determine the run level in which your system is currently

running by issuing the following command: who -r

The output will look like the following:

run-level 3 Jul 04 11:15 3 2 1

The parts of this sample output are described here:

run-level 3. The current run level of the system.

Jul 04 11 :15. Time of last run level change.



3. Current run level of the system, same as column one.

2. Number of times the system has been at this run level since the last reboot.

1. The previous run level.

Different run levels are distinguished from each other by the services or the processes

running on the system. When you boot the system or change the run level with the init (or the

shutdown) command, the init daemon starts processes by reading information from the

/etc/inittab fi le. This fi le contains two important pieces of information for the init process:

which processes to use to start monitor and restart if they terminate, and what to do if the

system enters a new run level. The default inittab fi le installed with Solaris 10 looks like the

following:

ap::sysinit:/sbin/autopush -f /etc/iu.ap

sp::sysinit:/sbin/soconfig -f /etc/sock2path

smf::sysinit:/lib/svc/bin/svc.startd >/dev/msglog 2<>/dev/msglog

p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 -g0 >/dev/msglog 2<>/dev/...

0 Power-down Shut down the operating system so that it will be safe to turn off the

power to the machine.

S or s Single-user Run the system in a single-user mode with some file systems

mounted and accessible.

1. Single-user administrative Run the system in a single-user administrative mode with

all available file systems accessible but user logins disabled.

2. Multiuser Run the system in multiuser mode. Multiple users can log in, all file

systems are accessible, but the NFS daemon is not running.

3. Multiuser with NFS Run the system in the standard mode: normal operations allowed,

NFS used to share resources. Default run level.

4. Alternative multiuser Unused by default, but you can define it according to your

needs.

5. Power-down same as run level 0; in addition it will automatically turn off the power if

the hardware supports that.

6. Reboot Shutdown the system to run level 0 and then reboot it to the default run level

specified in the inittab file.

TABLE 3-3

Solaris run levels:

An entry in the inititab fi le has the following general syntax:

id>:<runState>:<action>:<command>

The colon (:) separated fi elds are described here:

<id>. Specifi es one to four characters long id used to uniquely identify the entry.

<runState>. Specifi es a list of run levels for which this entry will be processed. If

this fi eld is left blank, then the entry is assumed to be valid for all run levels from 0

through 6.

<action>. Specifi es a keyword to tell init how to treat the process specified in this

entry. Some of the valid keywords for this fi eld include:

boot. The entry will be processed only when the init process reads it at boot-time. The

init will start the specified process, will not wait for its termination, and will not

restart it if it dies.

once. If the process specified in the entry is currently running (exists), do nothing and

continue scanning the inittab fi le. If the process does not already exist, start the

process, do not wait for its termination, and do not restart the process when it dies.

respawn. If the process specified in the entry is currently running (exists), do nothing

and continue scanning the inittab fi le. If the process does not already exist, start the

process, do not wait for its termination, and restart the process when it dies.

wait. Start the process and wait for its termination before proceeding further. This

will be done only once when the system enters the specified run level, and all the

subsequent readings of the inittab fi le during the time the system is in the same run

level will ignore this entry.

powerfail. Execute the specified process only if init receives the power fail signal:

SIGPWR.

sysinit. Execute the specified process before displaying the login prompt. Start the

process and wait for its completion before proceeding further. This entry is used only

to initialize the devices.

<command>. Specifi es a command to execute a process.



As an example, the fi elds of an entry in the /etc/inittab fi le are described in Figure 3-

2.

The Solaris system normally runs in run level 3. Following is the list of things that

happen when the system is brought to run level 3:

1. The init process is started, which reads the /etc/default/init fi le to set any environment

variables. By default, only the TIMEZONE variable is set.

2. The init process reads the inittab fi le and does the following:

Executes any process entries that have sysinit in the <action> fi eld so that any

special initializations can take place before users log in.

Passes the startup activities to the svc.startd daemon.

The init process initiates the core components of the service management

facility, svc.configd and svc.startd, and restarts these components if they fail.

Each run level <n> has a corresponding run control script /sbin/rc<n>:

/sbin/rc0 for run level 0, /sbin/rc1 for run level 1, and so on. When the system

enters a run level <n>, the init process runs the corresponding /sbin/rc<n>

script, which in turn executes the fi les in the /etc/rc<n>.d directory, which are

actually links to fi les in the /etc/init.d directory. This is illustrated in Figure 3-

3. Id: uniquely identifies this entry. This entry is to be processed for run levels

s, 1, 2, 3, and 4 The command to be executed Execute the process specified in

this entry only when the init process receives a power fail signal: SIGPWR

p3:s1234:powerfail:/usr/sbin/shutdown –y – i5 – g0> /dev/msglog Fields of an

entry in the /etc/ inittab file.

The initdefault entry is ignored in Solaris 10 if the milestone property for the

svc.startd facility has been specified to be used as the default run level. You can use the

“svcadm milestone -d” for the functionality similar to modifying the initdefault entry in

previous versions of Solaris.

The /etc/rc<n>.d scripts are always run in ASCII sort order. The scripts have names of

the form:

[K|S][0-9][0-9]*

For example, K03samba and S47pppd are two fi les (actually the links to the fi les in

the /etc/init.d directory) in the /etc/rc2.d directory. Files that begin with K are run to terminate

(kill) a system service, whereas fi les that begin with S are run to start a system service.

If you want to add a run control script to start or stop a service, copy the script into the

/etc/init.d directory and create links in the appropriate rc<n>.d directory corresponding to the

run level where you want the service to start or stop.

You can use the init command or the svcadm command to initiate a transition of the

system from current run level to another run level. The init command takes a run level as an

argument. For example, the following command will transition the system from the current

run level to run level 2: init 2

Now you have an overall view of the boot process, and shutting down the system is

just changing its run level to 0 or 5. However, as a system administrator, you can have more

control over the boot and shutdown procedures that we discuss next.

0 1 2 3 5 6 S

/sbin/rc0 /sbin/rc1 /sbin/rc2 /sbin/rc3 /sbin/rc5 /sbin/rc6 /sbin/rcS

/etc/rc0.d /etc/rc1.d /etc/rc2.d /etc/rc3.d

/etc/init.d

/etc/rc5.d /etc/rc6.d /etc/rcS.d

Run levels Scripts

Directories containing

the links

Links point to the scripts

in this directory

FIGURE 3-3

Relationship

between run

levels and run

control scripts




Performing Boot and Shutdown Procedures:

Exam Objective 3.5: Perform system boot and shutdown procedures, including

identifying the system’s boot device, creating and removing custom device aliases, viewing

and changing NVRAM parameters, and interrupting an unresponsive system. The Solaris

operating system is designed to run continuously, but there will be situations that will require

shutdown and reboot. Consequently, you need to know the shutdown and boot procedures

and how to control them by using appropriate commands and by setting the appropriate confi

guration variables.

Performing System Shutdown:

You would shut down a Solaris system only when some system administration task or

an emergency situation requires it, such as adding or removing hardware or preparing for an

anticipated power outage. Shutting down the system means bringing it down to a run level

where it is safe to turn off the power. Guess which command is used to shut down the system.

Yes, you are right, it is the shutdown command. Because shutting down a running system is

equivalent to changing its run level, the init command will work as well. When you shut

down a system, remember the following:

Obviously, you need the privileges of a superuser to shut down the system by using

the proper commands (that is, to shut down the system gracefully).

The commands that can be used for shutting down the system are init and shutdown.

You should use the shutdown command to shut down a server. That is because with

this command logged-in, users and systems that have mounted resources from the

server are notified before the server is actually shut down. Both the shutdown and init

commands take a run level as an argument. The appropriate run level to use for a

system shutdown depend on the situation. Different run levels to be used for different

situations are listed in Table 3-4.

The procedure for shutting down the system by using the shutdown command is

described here step by step:

1. Become a superuser.

2. Issue the following command to determine whether users are logged in to the system:

Who

3. The command will display the list of all users logged on to the system. You may want

to broadcast a message with the shutdown command to alert the users.

4. Issue the shutdown command which has the following syntax:

/usr/sbin/shutdown [-y] [-g <gracePeriod>] [-i <initState>] [<message>]


-y. Pre-answers the confi rmation questions so that the command continues without

asking for your intervention.

-g <gracePeriod>. Specifi es the number of seconds before the shutdown begins. The

default value is 60.

-i <initState>. Specifi es the run level to which the system will be shut down. Default

is the single-user level: S.

<message>. Specifi es the message to be appended to the standard warning message

that will be sent out. If the <message> contains multiple words, it should be enclosed

in single or double quotes.

For example:

shutdown -i 0 -g 120 “!!!! Power Outage Time Approaching!!!”

To turn off system power due to an anticipated power outage.

Shut down to run level 0 where it is safe to turn off the power, or shut down to run

level 5 where the power will be turned off automatically if the hardware supports this

feature.

Changed kernel parameters in the /etc/system fi le.

Shut down to run level 6 (reboot).

To perform tasks related to fi le system maintenance.

Shut down to single-user mode: run level S or 1, according to your need.

To reboot the system by using the kernel debugger (kmdb) in case the debugger can’t

be loaded at runtime.

Shut down to run level 6.

TABLE 3-4

Different ways of shutting down a system under different situations Performing Boot

and Shutdown Procedures 77


If you used the -y option in the command, you will not be prompted to confirm.

5. If you are asked for confi rmation, type y.

Do you want to continue? (y or n): y

6. Use Table 3-5 to verify that the system is at the run level that you specified in the

shutdown command.

7. If you brought the system to single-user mode, press ctrl-d to proceed with normal

startup after you are fi nished with the system administration tasks. This will bring the

system to default run level. There are several commands available to shut down the

system; these commands are summarized in Table 3-6.

8. Prompts for different run levels

Single-user level: S # #

Power-down level: 0 ok

>

Press any key to reboot

Multiuser level: 3 <loginPrompt> <loginPrompt>

TABLE 3-6

Different commands for shutting down the system under different situations init Kills

all active processes and synchronizes the fi le systems before changing to the target run level

(0 or 5).

Recommended for standalone systems when users will not be affected.

halt

poweroff

Synchronizes the fi le systems and stops the processor. Not recommended, because it

does not shut down all the processes. Not a clean shutdown, should be used only in an

emergency.

reboot Synchronizes the file systems and initiates a multiuser reboot.

The init command is the preferred command.

shutdown Calls the init program to shut down the system; the default target run level

is S.

Recommended for servers, because users are notified before the shutdown.

Now that you have learned about the run levels and the system shutdown procedures,

here are some practical scenarios and their solutions.

After you shut down a system, at some point you will need to boot it.

Performing System Boot:

The boot process was discussed in detail previously in this chapter. After a system has

been shut down, it is booted as described here:

By using the boot command on the boot PROM prompt if the system is on the

SPARC machine. If the value of the auto-boot? variable is true, the system will be

booted automatically. We discuss further on in this chapter how to fi nd out the values

of this and other variables.

By using the boot command at the Primary Boot Subsystem menu if the system is on

the x 86 machine.

You want to bring your server down for an anticipated power outage, and you want a

clean shutdown with a 5-minute warning to the users. Issue the shutdown command as

follows:

shutdown -i5 -g300 -y “System going down in 5 minutes.”

You have changed the kernel parameters on your server and want to apply the new

values. What command will you issue?

Reboot the system, for example: shutdown -i6 –y

You want to shut down your standalone system. init 0

You want to shut down a system immediately in an emergency.

Issue one of the following commands:

Halt

Poweroff

Performing Boot and Shutdown Procedures 79


It is possible to reboot a system by turning the power off and then back on. However,

use this method only in emergency situations when there is no graceful alternative. Note that

this method is likely to cause fi le system damage because system services and processes are

being terminated abruptly.

You can also boot a system from the network in the following cases:

When the system is installed.

If the system does not boot from the local disk or if the system is a diskless client.

Different methods for booting under different situations are listed in Table 3-7. As

you know by now, the fi rst step in the booting process is to check the hardware devices.

These devices have complicated names, and you can create aliases for them.

Creating and Removing Device Aliases:

OpenBoot directly deals with the hardware devices in the system. Each device is

identified by its full path, which includes the type of the device and where it is located. The

device path can be represented by a short name called a device alias. You can create a

temporary device alias with the devalias command or a permanent device alias with the

nvalias command.

The devalias command issued without any arguments displays all the device aliases

on the system: devalias

Different methods for booting under different situations

System power turned off, for example, due to anticipated power outage.

Turn the system power back on.

Changed the kernel parameters in the /etc/system fi le.

Reboot the system to run level 3. Performed administrative tasks in single-user run

level.

Press ctrl-d to transition the system back to run level 3.

Hardware added to or removed from the system.

Turn the power back on after the hardware addition or removal task is complete.

To recover from a hung system and force a crash dump.

Recovery boot: use Stop-A and halt -d. Take a look at the exercise in a previous

section.

To display the device path name corresponding to an alias, issue the following

command:

devalias <alias>

The <alias> argument specifi es the alias for which you want to know the device path.

To create an alias specifi ed by <alias> for a device path specifi ed by <devicePath>,

issue the following command: devalias <alias> <devicePath>

If the device path specifi ed by <devicePath> already has an alias, it is overwritten

with the new alias. The aliases created by the devalias command are temporary and

are lost when the system is reset or power-cycled.

To create permanent aliases that persist across power cycles, you can use the nvalias

command which has the following syntax: nvalias <alias> <devicePath>

The argument <alias> specifi es the alias, and the argument <devicePath> specifi es

the device path for which the alias is being created. An alias created by the nvalias

command will persist along system shutdowns (power-cycles) until the nvrunalias

command is used, which has the following syntax: nvrunalias <alias>

This will delete the alias specified by the <alias> argument.

The boot process is controlled by the confi guration variables stored in the

NVRAM chip, and therefore these variables are also called NVRAM parameters.

Working with NVRAM Parameters:

The system confi guration variables are stored in NVRAM and therefore are also

called NVRAM parameters. These variables determine the startup confi guration for the

system as well as some related communication characteristics. If you make changes to these

variables, the changes will persist across power cycles because they are stored in non-volatile

memory.

Commonly used NVRAM parameters are described in Table 3-8. The values of the

NVRAM confi guration variables can be viewed and changed by using the commands listed

in Table 3-9. Remember that these commands are issued at the OpenBoot PROM prompt: ok.


82 Chapter 3: Performing System Boot and Shutdown auto-boot? If true, boot

automatically after power-on or reset, else display the open boot prompt: ok, after

power-on or reset.

True

boot-command Execute this command if auto-boot? is true. Boot

boot-device The device from which the system boots. disk or net

boot-file Arguments passed to the boot program. Empty string

diag-device Diagnostic boot source device. Net

diag-file Arguments passed to the boot program in diagnostic mode. Empty string

diag-switch? If true, run in diagnostic mode, else not. False

fcode-debug If true, include name fi elds for plugin device FCodes. False

input-device Console input device such as keyboard, ttya, or ttyyb. Keyboard

nvramrc The NVRAMRC content. Empty

oem-banner Customized oem banner. Empty string

oem-banner? If true, use customized oem-banner specified by oem-banner. False

oem-logo Customized oem logo displayed in hexadecimal. No default

oem-logo? If true, display customized oem logo specifi ed by oem-logo. False

output-device Console output device such as screen, ttya, or ttyb. Screen

screen-#columns Number of columns on the screen: number of characters per line. 80

screen-#rows Number of on-screen rows (lines). 34

security-#badlogins Number of incorrect security password attempts. No default

security-mode Firmware security level: none, command, or full. None

security-password Firmware security password. It’s never displayed, for good. No

default

use-nvramc? If true, execute commands in NVRAMRC during system startup, else

not. false

A list of NVRAM parameters, also called openboot configuration variables For example,

the printenv command will generate an output like the one shown here:

ok printenv

Variable Name Value Default Value

oem-logo

oem-logo? false false

oem-banner? False false

output-device ttya screen

input-device ttya keyboard

The following command will display the current default boot device for the system:

ok printenv boot-device

To change the boot device, you can issue the following command:

ok setenv boot-device <value>

The <value> parameter specifi es the default device from which to boot such as disk

or net.

Many variable changes do not take effect during the current power cycle. The new values

will certainly be used during the next power cycle or after a system reset. You can also use

the eeprom command from the OS command line to display or change the boot confi guration

variables. For example, the following command will display the values of the boot confi

guration variables:

/usr/sbin/eeprom

Any user can use this command, but only the superuser can use the command to

change the values of a variable by using the following syntax of the command:

eeprom <parameter>=<value>

Commands to view and change the values of the NVRAM parameters

printenv Displays the current variables and their values.

printenv <var> Displays the current value of the variable specifi ed by <var>.

set-defaults Sets the values of all the variables to the factory default.

set-default <var> Sets the value of the variable specifi ed by <var> to its factory

default.

setenv <var>

<value>

Sets the value of the variable specifi ed by <var> to the value

specifi ed by <value>.



For example the following command will set the value of the auto-boot? variable to

false:

eeprom auto-boot?=false

You can fi nd out the OpenBoot PROM revision on your system by issuing the

following command:

prtconf –V

Although the read-only memory used to boot a SPARC machine is called PROM, the

read-only memory to boot an x86 (PC) machine is called BIOS, which we explore

next.


Understanding BIOS Settings and Confi guration:

Exam Objective 3.2: Given a scenario, explain the BIOS settings for booting, abort

sequence, and displaying POST, including BIOS confi guration for x64 and x86-based

system. Like SPARC machines, x86 (PC) machines go through a booting process before the

Solaris operating system takes control of the machine. The read-only memory that contains

the boot instructions is called the Basic Input /Output System (BIOS) in an x 86 machine as

opposed to Boot PROM in a SPARC machine. The functions of the BIOS include controlling

installed peripheral devices such as keyboard and mouse and to providing I /O services via

software interrupts.

The phases of the boot process on an x86 machine are described here:

BIOS. When the system is turned on, the BIOS runs the self-test diagnostics program

for the system’s hardware and memory. If problems are found, the error messages are

displayed with recovery options. If no errors are found, the BIOS boot program is

started automatically, and it attempts to fi nd and load what is called the master boot

record (MBR), mboot, from the fi rst sector in the boot device. An error is displayed if

the mboot fi le does not exist.

Boot programs. The mboot program loads the Solaris boot program called pboot,

which in turn loads the primary boot program, bootblk, whose purpose is to load the

secondary boot program located in the UFS fi le system. If there are more than one

bootable partitions on the system, the bootblk reads the fdisk table to determine the

default boot partition. It builds and displays a menu of available partitions and gives

you 30 seconds to select an alternative partition to boot from. The primary boot

program—bootblk—starts the secondary boot program boot.bin or ufsboot in the root

fi le system, which in turn starts a command interpreter that executes the /etc/bootrc

script. This script presents a menu of choices for booting the system, and you have 5

seconds to specify a boot option or to start the boot interpreter. The default choice is

to load the kernel.

Kernel initialization. After the kernel has been loaded, it initializes itself and uses the

secondary boot program boot.bin (or ufsboot) to load system modules. When the

kernel loads enough modules to mount the root (/) fi le system, it unmaps the

secondary boot program and continues taking over the system. It creates a user

process and starts the /sbin/init process, which then starts other processes by reading

the /etc/inittab file.

init. In Solaris 10, the init process starts /lib/svc/bin/svc.startd, which in turn starts

system services to perform the following tasks:

Check and mount fi le systems

Confi gure network and devices

Start various processes and perform system maintenance tasks

The svc.startd daemon also executes the run control (rc) scripts for backward

compatibility. During the booting process, you have some control over the way in which the

system is booted. Two menus are displayed for you: the Boot Solaris menu and the Current

Boot Parameters menu. The Boot Solaris menu allows you to select the device from which to

boot the Solaris OS. At this point, you can also perform some optional tasks such as viewing

and editing autoboot and property settings. Once you select a boot device Understanding

BIOS Settings and Confi guration 85

86 Chapter 3: Performing System Boot and Shutdown and choose Continue, the

Solaris kernel begins to boot. The menu looks like the following:

Boot Solaris

Select one of the identified devices to boot the Solaris kernel and choose Continue.

To perform optional features, such as modifying the autoboot and property settings,

choose Boot Tasks.

An asterisk (*) indicates the current default boot device.

> To make a selection use the arrow keys, and press Enter to mark it [X].

[X] DISK: (*) Target 0:QUANTUM FIREBALL1280A on Bus Mastering IDE

controller on Board PCI at Dev 7, Func 1

[ ] DISK: Target 1:ST5660A on Bus Mastering IDE controller on Board PCI at Dev 7,

Func 1

[ ] DISK: Target 0:Maxtor 9 0680D4 on Bus Mastering IDE controller on Board PCI

at Dev 7, Func 1

[ ] CD : Target 1:TOSHIBA CD-ROM XM-5602B 1546 on Bus Mastering IDE

controller on Board PCI at Dev 7, Func 1

F2_Continue F3_Back F4_Boot Tasks F6_Help

The second menu that you are offered is the current boot parameter menu, which looks

like the following:

<<< Current Boot Parameters >>>

Boot path: /pci@0,0/pci-ide@7,1/ide@0/cmdk@0,0:a

Boot args:

Type b [file-name] [boot-flags] <ENTER> to boot with options

or i <ENTER> to enter boot interpreter

or <ENTER> to boot with defaults

<<< timeout in 5 seconds >>>

Select (b)oot or (i)nterpreter:

The following fi le contains the eeprom variables used to set up the boot environment on

an x86 machine:

/boot/solaris/bootenv.rc

All directories and fi les needed to boot an x86-based system are contained in the

/boot directory.

In addition to BIOS confi gurations, there may be situations in which you will need to

confi gure (or reconfi gure) some devices such as keyboard, display, and mouse.


Confi guring Devices:

Exam Objective 3.4: Use the Xorg confi guration fi les or kdmconfi g utility to confi

gure the keyboard, display, and mouse devices for an x64 and x86-based system. You can use

the kdmconfig command to confi gure or unconfi gure keyboard, display, and mouse devices

for OpenWindows and internationalization. This command can be used for any of the

following tasks:

To confi gure or unconfi gure the /etc/openwin/server/etc/OWconfig file with the

keyboard, display, and mouse information that is relevant to a client’s machine on

x86-based systems.

To set up the display, pointer, and keyboard entries in the /etc/bootparams

file on a server machine. The information that you enter is stored in the

/etc/bootparams fi le, which contains one entry per client. The entry for a client

contains the client’s name and the values for the boot parameters for that client.

Diskless clients, while booting, retrieve this information by issuing requests to the

server running the rpc.bootparamd.

To set up the monitor, keyboard, display, and pointer keywords in a system identifi

cation confi guration (sysidcfg) fi le. When a diskless client boots for the fi rst time,

or a system installs over the network, the booting software tries to obtain the confi

guration information about the system, such as the system’s root password or name

service, fi rst from a sysidcfg fi le and then from the name service databases.

The kdmconfig command has the following syntax:

kdmconfig [-fv] [-s <hostname>]-c | -t | -u | -d <filename>

The command will display screens for you to enter the information. The options are

described here:

-c. Execute the program in the confi guration mode used to create or update the

/etc/openwin/server/etc/OWconfig fi le. It then displays the screens for you to enter

the information.

Confi guring Devices 87


-d <filename>. This option is used to create a system confi guration identification file

that will be used when a diskless client boots for the first time or when you install a

system over the network. It is used to avoid prompts for the user and provide a totally

hands-off booting process. This command displays the same screens as -c option.

The argument <filename> specifies the system identifi cation confi guration fi lename

under which the information will be saved.

-f. Forces screen mode; no network probing will be performed. This option can be

used when you want to debug the client’s confi guration environment.

-s <hostname>. This option is used to set up confi guration information on this

machine for the diskless clients.

-t. Run the command in test mode.

-u. Unconfi gure the system.

-v. Enable verbose mode.

If you issue the kdmconfig command without any options, it will edit the confi

guration information from the OWconfig fi le—that is, it will run like -c option.

You can also use the following commands to reconfi gure the system:

/usr/X11/bin/xorgconfig

/usr/X11/bin/Xorg –configure

As mentioned previously, the services at the init phase of the boot process are started

by the SMF facility svc.startd. Nevertheless, the /etc/rc<n>.d continues to be started

as well, for backward compatibility reasons.


Service Management Facility and Run Levels:

Exam Objective 3.6: Explain the Service Management Facility and the phases of the

boot process. Exam Objective 3.7: Use SMF or legacy commands and scripts to control both

the boot and shutdown procedures. Solaris 10 offers Service Management Facility (SMF) to

provide an infrastructure that augments the traditional UNIX startup scripts, init run levels,

and confi guration fi les. In the init phase, the unit process starts the svc.startd process, which

is an SMF process, and it starts the system services.

Although many standard Solaris services are now managed by SMF, the scripts

placed in the /etc/rc<n>.d directories continue to be executed when a run level transition

occurs. Even though most of these scripts from the previous Solaris releases have been

removed as a result of moving to SMF, the ability to continue running the remaining scripts

allows for third-party applications and services to be added without the need to convert the

services to use SMF.

There is another reason to keep the run-script infrastructure intact for now: the need to

make the /etc/inittab and /etc/inetd.conf fi les available for packages to amend with post

install scripts, called legacy-run services. You can use the inetconv command to convert these

services to the SMF, which will add these services to the service confi guration repository

(the place where SMF maintains the confi guration information). After a service has been

converted to SMF, it will not need to make modifi cations to the /etc/inittab and

/etc/inetd.conf fi les, and it will obviously not use the /etc/rc<n>.d scripts. SMF offers the

svcadm command to administer the SMF services. This command can also be used to change

the run level of a system by selecting what is called a milestone at which to run.

The svcadm command to change the run level has the following syntax:

/usr/sbin/svcadm [-v] milestone [-d] <milestone_FMRI>

If you do not use the -d option, this command will transition the system to the run

level specified by <milestone_FMRI>. If you use the -d option, it will make the run

level specified by the <milestone_FMRI> as the default run level for the system at

boot time. The relationship between the values of <milestone_FMRI> and run levels

is shown in Table 3-10.

S milestone/single-user:default

2 milestone/multi-user:default

3 milestone/multi-user-server:default

Relationship between the init run levels and the SMF milestones

Service Management Facility and Run Levels 89


The Fault Management Resource Identifi er (FMRI) is a string that is used to identify

a particular resource for which Solaris can perform automated fault management. You

will learn more about SMF further on in this book. For example, the following

command restricts the running services to a single-user mode:

# svcadm milestone milestone/single-user

The following command restores all the running services:

svcadm milestone all Therefore, you can use the init command or the svcadm command to

initiate a run-level transition. As an alternative to the initdefault entry in the inititab fi le, the

following command will make run level 3 as the default run level:

svcadm milestone -d milestone/multi-user-server

The default milestone defined by the initdefault entry in the inittab fi le is not

recognized in Solaris 10.

The three most important takeaways from this chapter are the following:

A number of programs are executed in the boot process in this order: POST to check

the hardware and memory, the boot programs bootblk and ufsboot, kernel, init, and svc.startd.

Shutting down a system means changing its run level to a level (0 or 5) from which it is safe

to turn off the power.

The boot confi guration variables can be managed with a number of commands issued

at the Boot PROM command prompt ok, such as setenv command to set the value of a

variable. You can also change the values of these variables at the OS command line

by using the eeprom command.

In Solaris 10, most of the services are managed by the Service Management

Facility (SMF), but the run control scripts are still executed to provide backward

compatibility. Do not count on the initdefault entry in the inittab fi le; instead use the

svcadm command to set (or change) the default run level of the system.

Service Management Facility and Run Levels 91

Certification Summary:

There will be situations in which you will need to shut down the Solaris system and

reboot it—for example, scheduled maintenance procedures or an anticipated power outage.

The system boot is controlled by the boot confi guration variables. If the value of the auto-

boot? variable is true, the system will boot automatically by using the default values;

otherwise the Boot PROM command prompt ok will be displayed.

You can manage the boot confi guration variables by using a number of commands at

this prompt, such as printenv to display the current values of the variables and setenv

command to change the value of a variable. You can also use the eeprom command to change

the values of the variables at the OS command line. At the end of the boot process the system

enters the default run level determined by the milestone property of the SMF service:

svc.startd. If this property is set, the initdefault entry in the inittab fi le is ignored in Solaris

10. You can change the default run level of the system by using the svcadm command. A run

level determines which services will be running on the system. You can change the run level

of a running system by using the init command or the svcadm command.

Shutting down the system means changing its run level to a level from which it is safe

to turn off the power. Although most of the services in Solaris 10 are managed by SMF, the

run control scripts are still executed for compatibility and to support legacy services.

Everything in UNIX (and hence in Solaris) is represented by fi les, and fi les are one of the

most important resources supported by an operating system. In the next chapter, you will

explore how to manage fi le systems in Solaris. 92 Chapter 3: Performing System Boot and

Shutdown

INSIDE THE EXAM

Comprehend:

The values of the confi guration variables stored in the NVRAM chip persist across

the power cycles.

In Solaris 10, you should use the SMF command svcadm with the milestone as the

argument to change (or set) the default run level.

You can use either the svcadm or the init command to change the run level of a

system.

Look Out:

In Solaris 10, the initdefault entry in the /etc/inittab fi le is used for the default run

level only if the milestone property for the svc.startd facility has not been defined.

Both the init 0 and init 5 commands will shut down the system, but init 5 will also

attempt to turn off the power if the hardware supports it.

To display and change the NVRAM parameters, the eeprom command is used from

the OS command line, whereas the setenv and printenv commands are used at the

Boot PROM prompt ok.

Memorize:

You push the Stop-A keys to recover form a hung system. The Stop-D keys are used

to force the POST execution if your system bypasses it by default.

The halt -d command is used to force a crash dump.

The devalias command is used to create a device alias that will not persist across

power cycles, and the nvalias command is used to create a device alias that will

persist across power cycles.

The kdmconfig command can be used to confi gure or unconfi gure the /etc

/openwin/server/etc/OWconfig file with the keyboard, display, and mouse information

relevant to a client’s machine on x86-based systems. Two-Minute Drill 93

TWO-MINUTE DRILL

Understanding the Solaris Boot Process

When the system is fi rst turned on, the OpenBoot PROM runs the power-on self test

(POST) to check the hardware and the memory.

The phases of the boot process are Boot PROM, boot programs, kernel initialization,

and the init, in the order given.

During the boot process, programs run in this order: POST, bootblk, ufsboot, kernel,

and init.

Performing Boot and Shutdown Procedures:

After POST, the Boot PROM command prompt ok is displayed if the auto-boot?

variable is false; otherwise the system boots by using default values. At the ok

prompt, you can issue the boot command and some other commands such as test

<device> to test a device.

The setenv command at the ok prompt is used to set the values of the NVRAM

parameters, while the printenv command is used to display the values of the NVRAM

parameters.

Understanding BIOS Settings and Confi guration:

Solaris always runs in one of the available run levels, which are represented by

integers and letters: 0 to 6, and S (for single user).

The default run level is defined by the initdefault entry in the /etc/inittab fi le.

However, in Solaris 10 the initdefault entry is used only if the milestone property for

the svc.startd facility has not been defined, which is preferably used as the default run

level.

Most of the services in Solaris 10 are managed by the Service Management Facility

(SMF), but the run control (rc) scripts are started for backward compatibility.

You can use the init or the svcadm command to change the run levels, and the init or

the shutdown command to shut down the system.


Confi guring Devices:

NVRAM parameters are the Boot confi guration variables stored in the NVRAM

chip.

You can use the printenv and setenv commands at the Boot prompt ok to display and

change the NVRAM parameters, respectively, and you can use the eeprom command

at the OS command line to do the same thing.

The set-defaults command at the ok prompt set the value of the NVRAM parameters

to the factory default.

The devalias command is used to create a device alias that will not persist across

power cycles, and the nvalias command is used to create a device alias that will

persist across power cycles.

Service Management Facility and Run Levels:

The svcadm command to change the run level has the syntax:

svcadm milestone <milestone_FMRI>

The svcadm command to change the default run level has the syntax:

svcadm milestone -d <milestone_FMRI>

Self Test 95

SELF TEST

The following questions will help you measure your understanding of the material

presented in this chapter. Read all the choices carefully because there might be more than one

correct answer.

Choose all correct answers for each question.

1. The system confi guration variables that determine the startup system confi guration

are stored in which of the following?

(a) OpenBoot PROM

(b) NVRAM

(c) Boot device

(d) File in the /etc directory

2. Which tasks are performed during the Boot PROM phase of the system startup?

(a) Kernel initialization

(b) Loading ufsboot

(c) Loading bootblk

(d) Executing power-on self test (POST)

3. Which order of tasks best describes the boot process on a SPARC machine?

(a) Executing POST, loading bootblk, loading ufsboot, executing init, starting svc.startd

(b) Executing POST, loading bootblk, loading ufsboot, starting svc.startd, executing init

(c) Executing POST, loading ufsboot, loading bootblk, executing init, starting svc.startd

(d) Loading bootblk, executing POST, loading ufsboot, executing init, starting svc.startd

4. Your Solaris system is hung? Which of the following actions should you take?

(a) Shut the power down

(b) Push Stop-A

(c) Push Stop-D

(d) Push Stop-N

5. Which sequence represents the phases of the boot process on an x86 machine in the

correct order?

(a) Boot PROM, Boot Programs, Kernel Initialization, init

(b) Boot PROM, BIOS, Boot Programs, Kernel Initialization, init

(c) Boot PROM, BIOS, Boot Programs, Kernel Initialization, init

(d) BIOS, Boot Programs, Kernel Initialization, init

6. Which of the following programs is responsible for starting svc.startd?

(a) Svcadm

(b) Svcs

(c) Init

(d) ufsboot

7. In Solaris 10 what would you do to change the default run level of the system,

assuming that the milestone property is set in svc.startd?

(a) Change the value of the initdefault entry in the inittab file.

(b) Use the svcadm command with -d option.

(c) Use the init command.

(d) Use the initdefault command.

8. Which command would you use to change the value of an OpenBoot confi guration

variable at the OpenBoot PROM command prompt ok?

(a) Eeprom

(b) Setvar

(c) Set

(d) Setenv

9. Which of the following commands creates a device alias that will persist across power

cycles?

(a) Devalias

(b) Nvalias

(c) Setenv

(d) dev-alias

10. Which of the following commands can be used to change the run level of the Solaris

system?

(a) Init

(b) Shutdown

(c) Halt

(d) run-level


Self Test 97

11. When the SPARC system is being turned on, you push the STOP-D key combination.

What is the effect of you action?

(a) It puts the fi rmware in the diagnostic mode.

(b) It resets the NVRAM parameters to their default values.

(c) It displays a GUI for you so that you can reset the NVRAM parameters.

(d) It resets the NVRAM parameters to their factory default values.

12. Which of the following are the boot phases of an x86-based system?

(a) BIOS loads the MBR program mboot.

(b) The mboot program runs POST.

(c) The mboot program loads the Solaris boot program, pboot.

(d) The pboot program starts ufsboot.

13. Consider the following command and output at OpenBoot prompt:

>ok setenv auto-boot? False

auto-boot? = false

What is the effect of this command on the system?

(a) The syntax for the command is incorrect because the name of the variable is auto-boot

and not auto-boot? So there will be no effect.

(b) The next time you turn the system on, it will not boot until you set the auto-boot?

variable back to true.

(c) The next time you turn the system on, it will boot into single-user mode.

(d) The next time you turn the system on, it will display the OpenBoot prompt ok and you

will need to give the boot command to boot it.

SELF TEST ANSWERS

1. B. The boot confi guration variables are stored in the non-volatile random access

memory (NVRAM) chip.

A is incorrect because OpenBoot PROM contains the OpenBoot PROM

monitor program and not the boot confi guration variables. C is incorrect

because a boot confi guration variable determines which boot device to use,

and D is incorrect because the system must be booted before it has access to

the /etc directory.

2. C and D. The two main tasks of the Boot PROM phase are to execute POST followed

by loading the primary boot program bootblk.

A is incorrect because Kernel Initialization is done in the kernel initialization

phase, and

B is incorrect because ufsboot is loaded in the Boot Programs phase.

A. When you turn the machine on, fi rst the Power- On Self Test (POST) is

run; then the primary boot program bootblk is loaded, which in turn loads the

secondary boot program ufsboot. The ufsboot program loads the kernel, which

starts the init process; then the init process starts the SMF utility svc.startd.

3. B is incorrect because the init process starts the svc.startd, so it has to be started

before svc.startd. C is incorrect because bootblk is the primary boot program and must

be started before the secondary boot program ufsboot. D is incorrect because POST is

the fi rst program that is run when the machine is turned on.

4. B. Pushing the Stop-A combination will eventually take you to the ok prompt, where

you can issue command if you want to synchronize the fi le system and then boot.

A is incorrect because shutting the power down is likely to damage the fi le

system. Never do this unless there is an emergency and you have no other

choice. C is incorrect because pushing Stop-D is used during startup to put the

system into diagnostic mode—that is, to force POST to run, if POST was

bypassed by default. D is incorrect because Stop-N is used to reset the

NVRAM content to default values.

5. D. The phases of the boot process on an x86 machine are BIOS, Boot Programs,

Kernel Initialization, and init.

A, B, and C are incorrect because Boot PROM does not exist in an x86

machine.

6. C. The kernel starts the init program and the init program starts the SMF utility

svc.startd.

A is incorrect because the svcadm command is used to administer the SMF

services such as to disable or enable them. B is incorrect because the svcs

command is used to fi nd the status of services. D is incorrect because ufsboot

starts the kernel and not the svc.startd.


7. B. The svcadm command with -d option will change the default run level in Solaris

10.

A is incorrect because the initdefault entry is not used in Solaris 10 if the

milestone property is set for svc.startd. C is incorrect because the init

command can be used to change the run level but not to change the default run

level. D is incorrect because there is no such command as initdefault.

8. D. The setenv command is used to change the value of a boot confi guration

variable at the OpenBoot PROM command prompt ok.

A is incorrect because the eeprom command is used to change the value of a

boot confi guration variable at the OS command line and not at the OpenBoot

prompt.

B and C are incorrect because there are no set and setvar commands at the ok

prompt to change the value of a boot confi guration variable.

9. B. A device alias created with the nvalias command will persist across power cycles.

A is incorrect because a device alias created with the devalias command will

not persist across power cycles. C is incorrect because the setenv command is

used to change the value of a boot confi guration variable. D is incorrect

because there is no such command as dev-alias.

10. A, B, and C. Any of these commands (init, shutdown, and halt) will change the run

level of the system.

D is incorrect because there is no such command as run-level.

11. A. Pushing the Stop-D key combination at startup of a SPARC system will put the

system into diagnostic mode. It is useful to force the POST to run, if the POST was

bypassed by default.

B is incorrect because you need to push the Stop-N key combination to set the

NVRAM parameters to their default values. C is incorrect because no key

press will give you the GUI to reset the NVRAM parameters. D is incorrect

because there is no key combination that you can push to reset the NVRAM

parameters to their factory defaults.

12. A and C. BIOS loads the master boot record program, mboot, which loads pboot.

B is incorrect because POST is run by BIOS, and D is incorrect because the

secondary boot program ufsboot is started by the primary boot program

bootblk, which is started by the Solaris boot program pboot.

13. D. The auto-boot? Parameter is a Boolean whose value determines whether or not the

system will be automatically booted when it is turned on.

A is incorrect because the name auto-boot? Is the correct name for this

parameter?

B is incorrect because even if the auto-boot? Is false, you can boot the system

by issuing the boot command at the ok prompt. C is incorrect because the

auto-boot? Parameter does not determine the run level of the system.

Self Test Answers 99

PERFORMING USER ADMINISTRATION

Managing users on a Solaris system, a significant responsibility of a system

administrator, includes creating, modifying, and deleting the user accounts on the system by

using both the command and the GUI tools. In addition to learning how to accomplish this

task, you will also explore the files in which the user accounts live after you create them.

Furthermore, each user works on a system in a certain environment with a global component

and a customized local component. We will explore the shell initialization files that are used

to set up this environment when the user logs in.

Basics of User Accounts:

Before a user can access and use a system, you need to create an account for that user

on the system. A user account contains the identification and the permissions attached to it,

which allows the user to access and use the system. After logging on to a system, a user can

do things such as accessing files and directories according to the permissions granted to that

user by the system administrator. Multiple users who need identical permission can be

organized into a group, and the permissions can be granted to the group. A permission

granted to a group applies to all the users who are members of the group. This makes security

management more efficient.

In this section, we will explore the structure of a user account and the files in which

the user accounts live. Let’s begin with exploring the structure of a user account.

Structure of a User Account:

A user is required to have a user account on a system in order to log in and use system

resources. A user account contains a set of components, such as the user login name and

password.

Multiple users can be organized into a logical group that has a group name, a group

ID (GID), and of course a list of users. A user must belong to a primary group and can belong

to a maximum of 15 secondary groups. Any permission for a resource granted to the group

apply to each user in the group. A user must belong to at least one group called the user’s

primary group.

Let’s further explore the components of a user account, beginning with the component

called user name or login name.

User Name:

A user name, also called a login name, is a mandatory component of a user account,

which you, the system administrator, create. The user employs the user name and the

password associated with it for logging into a local or a remote system.

The components of user account as follows:

Component DescriptionUser login

nameA unique name for a user on a system; two to eight characters in length. The characters can be letters and numerals; the first character must be a letter and at least one character must be a lowercase letter.

Password A component of a user account that must be kept secret and known only to the user. The user uses it to log into the system along with the user login name.

User ID (UID)

A required unique integer associated with the user name. The numbers from 0 to 99 are reserved for system accounts. Regular users should be assigned UIDs from 100 to 60,000, but they can go as high as the largest 32-bit signed positive number: 2147483647.

Group name A collection of users who share the same set of permissions to the resources. The maximum length of a group name is eight characters. A group has a name, a group ID, and a list of users that belong to it.

Home directory

The root of the subtree of the file system that belongs to the user.

You should not use a user name identical to a mail alias known to the system or an

NIS domain because it may deliver the user’s mail to the alias.

You must exercise the following rules in specifying a user name:

Each user name on a system must be unique.

A user name should be two to eight characters long; a character being a letter or a

numeral.

A user name should begin with a letter, and it should contain at least one lowercase

letter.In order to log in to a system, a user needs a password in addition to a login

name. Let’s take a closer look at the password component.

Password:

A password is a secret component of a user account that is known only to the user of

the account. As a system administrator, you have two choices: specify a password when you

create a user, or force the user to specify a password when the user logs into the system for

the fi rst time. The following are the rules for specifying a password:

The password length, by default, may be six to eight characters long, including letters,

numerals, and special characters.

The minimum and maximum allowed length mentioned previously may be changed

by editing the files /etc/default/passwd and /etc/policy.conf, respectively.

The first six characters of a password must contain at least one numeric or special

character, and at least two alphabets.

A good password is a tradeoff between two opposing requirements: the password

should be easy enough for the user to remember but hard enough to keep a hacker

Do not use the word “password” as your password, as it is too trivial to crack even if

you replace the character “s” with the symbol $.

Avoid the use of proper nouns, login names, the names of a spouse or pet, or anything

related to the user that can be easily guessed.

Avoid using car license numbers, telephone numbers, employee numbers, and Social

Security numbers.

Avoid using words related to a hobby or interest.

Avoid using any word in the dictionary.

Avoid using any of the preceding choices spelled backwards.

Words with numbers or special characters embedded in them make good passwords—

for example, goofyboys is a bad password but g00fyboy$ is a good one.

Each user account has a user ID, and each group of users has a group ID, both of

which we explore next.

User ID and Group ID

User Id’s are defined as follows:

Uid Description

0 – 99 System accounts such as root, sys, daemon, and bin.

100 – 60,000 General-purpose accounts for regular users.

60,000 –

2,147,483,647

Accounts that do not have full functionality such as anonymous

users.

The user ID (UID) is a unique integer associated with a user and is used by the system

to keep track of the user account. Theoretically speaking, a UID is any positive integer that

you can make out of a signed 32-bit (i.e., 231 − 1 = 2147483647). However, some of these

numbers are reserved.

The numbers from 0 to 99 are reserved for system accounts such as root, daemon, sys,

and bin: 0 for root, 1 for daemon, 2 for bin. The accounts with UID number greater than

60,000 do not have full functionality—for example, 60,001 for the anonymous user nobody,

65,534 for the anonymous user nobody4, and 60,002 for the non-trusted user noaccess. A

general-purpose user account should be assigned a UID number within the range from 100 to

60,000.

Just like a user, a group has an ID too, called the group ID (GID). The rules for the

GID numbers are the same as for the UID numbers; a GID on a system should be unique and

should not be greater than 60,000.

A user account is created to let the user use the system resources including the fi le

system. The user enters the fi le system through the home directory, which we explore next.

Home Directory:

Users have their own subtrees, which are parts of the whole directory tree on the

system. The home directory for a user makes the root of this subtree. The user can access the

home directory locally or remotely. The naming convention for the home directory is:

/export/home/<username>; thus, a user jkerry on a system will have the home directory

/export/home/jkerry.

A user should access the home directory through a mount point /home/ <username>.

Furthermore, because /export/home/<username> is machine specifi c, the home directories

should always be referred to by the environment variable $HOME in order to use them

anywhere on the network. The symbolic links created in the user home directory should use

relative paths and not absolute paths to make them independent of the home directory’s

mount point. In this case, changing the mount point will not invalidate the links.

If you have a large number of user accounts on a server, distribute them over different

file systems and use a different name /export/<homen> for each file system for the home

directories—for example, /export/home1 on one fi le system, /export/home2 on another file

system, and so on. This facilitates tasks such as backing up and restoring the home

directories.

The maximum value of a UID can be 231 − 1. A regular user account has a UID

number within the range of 100 to 60,000, and the UID numbers in the range from 0 to 99

belong to the system accounts—for example, the root account has a UID of 0.

Where User Accounts Live:

Once a user account has been created, the account information is saved in three files

in the /etc directory: passwd, shadow, and group. Let’s examine these files one by one.

The passwd File:

Most of the information about a user account is stored in the /etc/passwd fi le. Each

line in this file represents a user account and contains multiple fields with the following

syntax:

<username>:<password>:<uid>:<gid>:<comment>:<home directory>:<login shell>

Any two fields are separated by a colon (:). For example, an entry in the passwd fi le

is explained as follows. The fields of an entry in the passwd file are described as follows:

The default passwd file created by Solaris 10 is shown here.

root:x:0:1:Super-User:/:/sbin/sh

daemon:x:1:1::/:

bin:x:2:2::/usr/bin:

sys:x:3:3::/:

adm:x:4:4:Admin:/var/adm:

lp:x:71:8:Line Printer Admin:/usr/spool/lp:

uucp:x:5:5:uucp Admin:/usr/lib/uucp:

nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico

smmsp:x:25:25:SendMail Message Submission Program:/:

listen:x:37:4:Network Admin:/usr/net/nls:

gdm:x:50:50:GDM Reserved UID:/:

webservd:x:80:80:WebServer Reserved UID:/:

nobody:x:60001:60001:NFS Anonymous Access User:/:

noaccess:x:60002:60002:No Access User:/:

nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:

Entries in the /etc/passwd file contains as follows :

<username> The unique user name, also called the login name, for the account.

<password> The user password for this account.

<UID> A unique user ID number for the user account. Each account has a UID.

<GID> A unique group ID number for the group to which the user of this account

belongs.

<comment> An optional informational fi eld. You can basically type any

information here; usually it contains the user’s full name.

<home directory> Home directory for the user of this account.

<login shell> The default login shell for the user such as / bin /sh or / bin /csh.

The default passwd file contains entries for standard processes, also called daemons,

that are usually started at boot time to perform system-level tasks such as printing, network

administration, and port monitoring. Two adjacent colons (::) in the passwd file represents a

blank fi eld. This is also true for other fi les such as the shadow file and the group file.

If the password for a user is encrypted, the entry in the passwd file contains only an x.

The encrypted password along with other user information goes into the shadow file, which

we examine next.

The shadow File:

The shadow file contains detailed information about the password. The syntax for an

entry in the shadow file is similar to that of the passwd file and is shown here:

<username>:<password>:<lastchg>:<min>:<max>:<warn>:<inactive>:<expire>

As an example, an entry in the shadow file is explained. The fields in the shadow file

entries are described as follows:

Remember that the shadow file can be viewed only by a superuser (e.g., the root account).

Entry in the /etc/shadow

The fields in shadow file as follows:

siri:86K G/MNT /DGU.:9675: 0: 90: 7: 10: 5905

By seeing the above example the fields are separates by colons:

<username> The unique user name, also called the login name, for the account.

<password> The user password. May contain one of the following: an encrypted user

password 13 characters long, the string *LK* indicating that the account is locked and

hence not accessible, or the string NP indicating that this account has no password.

<lastchg> The number of days between January 1, 1970, and the date when the

password was modifi ed last.

<min> The minimum number of days required between two consecutive password

changes.

<warn> The number of days before the password expiration date when the user is

warned.

<inactive> The number of days for which a user account can be inactive before being

locked.

<expire> The user account expiration date, after which the user will be unable to log

into the system using this account.

The /etc/passwd file contains most of the user account information, including a place

holder for the password, whereas the detailed password information is contained in the

/etc/shadow file. The passwd file and the shadow file contain the user account information,

and the group file contains the information about user groups.

The group File:

Multiple users can be organized into a group for ease of administration. Entries in the

group file contain information about groups. The syntax of an entry in the /etc/group file is

similar to an entry in the passwd file and is shown here:

<group name>:<group password>:<gid>:<user-list>

As an example, an entry in the group file. The fields in a group file entry are

described as follows. The group password field is generally not used—that is, it is left empty.

It is a legacy from the earlier days of UNIX. If a group does have a group password, the

newgrp command will prompt the user to enter the password. However, note that there is no

utility to set the group password. The default group file created by the Solaris 10 system is

shown here.

root::0:

other::1:

bin::2:root,daemon

sys::3:root,bin,adm

adm::4:root,daemon

uucp::5:root

mail::6:root

tty::7:root,adm

lp::8:root,adm

nuucp::9:root

staff::10:

daemon::12:root

smmsp::25:

sysadmin::14:

gdm::50:

webservd::80:

nobody::60001:

noaccess::60002:

nogroup::65534:

Fields in the /etc/group

<group name> The name assigned to the group: maximum length eight characters.

<group password> Optional fi eld, usually contains an asterisk or is left empty.

<GID> The group ID number.

<user list> The list of users who are members of this group; any two members are

separated by a comma.

The default group file contains the system groups that support some system level

tasks—printing, network administration, and email. Note that many of these groups have

corresponding entries in the passwd file.

Now that you have explored the structure of a user account and you know where the

user account information is stored, it is time to get more practical, that is, to learn how to

create, modify, and delete user accounts.


Managing User and Group Accounts with the Shell Command Line

Solaris offers several shell commands to manage user and group accounts. In this

section we explore these commands to create, modify, and delete user and group accounts.

Adding a Group A group account is created by using the groupadd command which has the

following syntax:

groupadd [-g <gid> [-o]] <group_name>

examples:

#groupadd –g 600 oracle

#groupadd –g 700 dba

#groupadd –g 800 accounts

The options supported by the groupadd are described as follows:

-g <gid>. Specifi es the group ID. If not used, the group ID will default to the next

available number greater than the one already assigned to a group.

-o. Specifi es that the GID can be duplicated—that is, more than one group can share

this GID, which is helpful in modifying the group.

The <group_name> obviously is the name of the group and is a character string that

may contain lowercase letters and numerals. You can modify an existing group account, and

this is discussed next.

Modifying a Group You modify a group by using the groupmod command, which has the

following syntax:

groupmod [-g <gid> [-o]] [-n <new_name>] <group_name>

Examples:

To modify group id:

#groupdmod –g <newid> <groupname>

#groupmod –g 1200 oracle

To modify group name

#groupmod –n <newname> <oldname>

#groupmod –m ora oracle

Deleting a Group You can delete an existing group by using the groupdel command, which

has the following trivial syntax:

groupdel <group_name>

For example, the following command will delete the group named gop:

#groupdel ora

#groupdel accounts

Note that the groupdel command deletes only the group account and not the users that

belong to the group. That means that although the group membership of the users is deleted

with the deletion of a group, the user accounts still exist.

As opposed to Windows, in UNIX you always use the command line tools for system

administration. Nevertheless, there are some GUI tools available for beginners. For example,

on the Solaris 10 system, you can use the Solaris Management Console (SMC) GUI tool for

user administration. We explore this tool next.

Managing User Accounts:

The useradd Command:

You use the useradd command to create a new user account—that is, to add a new

user to the system. The account information will automatically go to the passwd, shadow, and

group files as you create the account.

The syntax for the useradd command is shown here:

#useradd –u <uid> -g <pgid> -G <sgid> -d <homedir> -m –s <shell> -c <comment>

-e <expiry> -f <inactive> username

The options for this command are explained in the following list:

-u <uid> user id number

-g <pgid> primary group id

-G <sgid> secondary group id

-d <homedir> user’s home directory

-m <make> make directory

-s <shell> user’s shell

-c <comment> a short description of the user (e.g., full name of the user).

-e <expire>. Specifi es the expiration date for the user account.

-f <inactive>. user does not log into the account for days more than the value of

<inactive>, the account will be locked. The default for this option is 0. This

information goes into the shadow file.

Example of useradd command

#useradd –u 500 –g 501 –G 600 –d /home/siri –m –s /bin/ksh –c “siritech”

-e 09122009 –f 5 siri

The usermod Command:

You can use the usermod command to modify an account—that is, to modify the

value for an option that either was specified by you when the account was originally created

or a default value was assigned to it. Solaris lets you modify most of the options as follows:

usermod –l To modify the users login name

-u To modify the user id

-g To modify user’s primary group id

-G To modify or create the user’s secondary group id

-d To modify user’s home directory

-s To modify user’s shell

-c To modify the comment about user

-e To modify expiry date of user account

-f To modify inactive days of user login

Examples:

To modify user login name:

#usermod –l <newname> <oldname>

#usermod –l siritech siri

To modify user id

#usermod –u <newid> <username>

#usermod –u 1000 siritech

To modify user’s primary group id

#usermod –g <newid> <username>

#usermod –g 800 siritech

To modify user’s secondary group id

#usermod –G <newid> <username>

#usermod –G 850 siritech

To modify user’s home directory

#usermod –d <newdir> -m <username>

#usermod –d /home/siritech –m siritech

To modify user’s expiry date

#usermod –e <newdate> <username>

#usermod –e 10282009 siritech

To modify user’s inactive days login

#usermod –f <newdays> <username>

#usermod –f 7 siritech

The userdel Command:

You use the userdel command to delete a user account from the system. The syntax

for the userdel command is shown here:

userdel [-r] <login_name>

The option -r is used to delete the user home directory along with the account. For

example, the following command deletes the account of user jkerry along with the home

directory (and all directories underneath it recursively):

userdel -r siritech

There may be important company files in the home directory of the employee who has

just left. In that case, you can delete the user account without the -r option, and the user

account will be deleted without deleting the home directory.

A user must have a primary group. In addition to this, a user can become a member of

up to 15 (the default maximum number) secondary groups. Before a user can become a

member of a group, the group account must exist. In the next section, we discuss how to

manage group accounts.

Managing User and Group Accounts with the SMC GUI:

You can use the Solaris Management Console (SMC) to manage user and group

accounts. In this section, you will do two hands-on exercises using SMC.

EXERCISE 6-1

Creating a User Account with the SMC GUI Tool:

Perform the following steps to create a user account with the SMC GUI tool:

1. Become the superuser or assume an equivalent role (e.g., log in as root).

2. Start the SMC by issuing the following command:

/usr/sadm/bin/smc &

3. Click the This Computer icon under the Management Tools icon in the Navigation

panel. A list of categories is displayed.

4. Click the System Confi guration icon.

5. Click the User Accounts icon.

6. Type in your password.

7. Click the Users icon.

8. Select the Add User with Wizard from the Action menu. Click Next between each of

the steps that follow.

9. Type in the user login name at the User Name prompt (following the rules for

specifying the user names that you have learned in this chapter)—for example, agore.

10. Optional step. Type in the user full name at the Full Name prompt—for example, Al

Gore.

11. Optional step. Type in a further description of this user at the Description prompt.

12. Specify the user ID at the User ID Number prompt—for example, 420.

13. Select the option: User Must Use This Password at First Login, and type in a

password for the user at the password prompt. Confi rm the password at the Confi rm

Password prompt.

14. Select the primary group for the user.

15. Create the home directory for the user by accepting the defaults at the Server and Path

prompts.

16. Specify the mail server.

17. Review the information you provided and go back to correct the information, if

necessary. Otherwise, click Finish.

Congratulations! You have a added a user to the system by using the SMC GUI tool.

But before opening the champagne, attempt to log in as the user that you created to be sure

that it works.

Groups contain users. You have two choices regarding adding users to a group: you

can add the existing users to the group during the group creation, or you could add a user to

the group when you create the user account. Once a user has been created on the system, the

user can log into the system and work. Each user works in a certain work environment on the

system, which is set up when the user logs in.

Shell Initialization Files:

As a part of setting up a user account, you need to set up some initialization files that

will set up the work environment when the user logs in. These initialization files, also called

the shell initialization files, are essentially the shell scripts that set up the characteristics of

the user’s work environment, such as search path, windowing environment, and environment

variables. There are two kinds of initialization files: user initialization files, whose scope is a

specific user; and site initialization files, whose scope is the system.

User Initialization Files:

The user initialization files live in the home directory of a user. A user works in a

specific shell. Each shell has its own set of initialization files, which exist in the home

directory of the user.

A question arises: where do these files come from, and how do they end up in the

user’s home directory? Solaris 10 offers the skeletons for the user initialization fi les in the

/etc/skel directory.

When you create a user with the useradd command by using the –m option, this set of

skeleton fi les, depending upon the user’s login shell, is copied into the user’s home directory

and renamed to the names.

Including $path (C shell) and $PATH (Bourne and Korn shell) in the command that

sets the path includes the existing path value before the command is issued. This is used to

append the user’s path settings to the ones that are already set in the site initialization fi le. If

you do not use $PATH or $path, the existing path settings will be replaced with the new ones.

Login shell user initialization file

Bourne .profile

C .login

.cshrc Korn

.profile

$ENV It is the environment variable that specifi es the fi le (usually .kshrc) that will

define the user’s environment.

User initialization files for the Bourne, C, and Korn shells (the files are copied into

the user’s home directory at the time the account is created)

Login shell Default initialization files

Bourne /etc/skel/local.profile

C /etc/skel/local.login

/etc/local.cshrc

Korn /etc/skel/local.profile

Of course, you can edit the initialization files in the /etc/skel directory and edit the

initialization files in the home directory to customize them. Typically, the user will customize

the local work environment by editing the user initialization fi les, whereas you will

customize the user’s work environment by providing the systemwide site initialization files,

which we discuss next.

HOW TO CONFIGURE FILE SYSTEMS FOR QUOTAS:

Become superuser

Edit the /etc/vfstab file and add rq to the mount options field for each UFS file system that

will have quotas.

Change directory to the root of the file systemthat will have quotas.

Create a file named quotas.

# touch quotas

Change permissions to read/write for superuser access only.

# chmod 600 quotas

Configuring File Systems for Quotas

The following /etc/vfstab example shows that the /export/home directory from the

system pluto is mounted as an NFS file system on the local system. You can tell that quotas

are enabled by the rq entry under the mount options column.

# device device mount FS fsck mount mount

# to mount to fsck point type pass at boot options

# pluto:/export/home - /export/home nfs - yes rq

The following example line from the /etc/vfstab file shows that the local /work directory

is mounted with quotas enabled, signified by the rq entry under the mount options column.

#device device mount FS fsck mount mount

#to mount to fsck point type pass at boot options

#/dev/dsk/c0t4d0s0 /dev/rdsk/c0t4d0s0 /work ufs 3 yes rq

How to Set Up Quotas for a User:

Become super user or assume an equivalent role. Use the quota editor to create a temporary

file that contains one line of quota information for each mounted UFS file system that has a

quotas file in the file system's root directory.

# edquota username where username is the user for whom you want to set up quotas.

Change the number of 1-Kbyte disk blocks, both soft and hard, and the number of

inodes, both soft and hard, from the default of 0, to the quotas that you specify for

each file system.

Verify the user's quota.

# quota -v username

-v Displays the user's quota information on all mounted file systems where quotas

exist. username Specifies the user name to view quota limits.

Setting Up Quotas for a User

The following example shows the contents of the temporary file opened by edquota

on a system where /files is the only mounted file system that contains a quotas file in the root

directory.

fs /files blocks (soft = 0, hard = 0) inodes (soft = 0, hard = 0)

The following example shows the same line in the temporary file after quotas have

been set up.


Howto Set UpQuotas for MultipleUsers:

Become superuser

Use the quota editor to apply the quotas you already established for a prototype user

to the additional users that you specify.

# edquota -p prototype-user username ... prototype-user Is the user name of the

account for which you have set up quotas username ... Specifies one or more user

names of additional accounts.More than one user name is specified by separating each

user name with a space.

Setting Up Prototype Quotas for Multiple Users

The following example shows how to apply the quotas established for user bob to

users mary and john.

# edquota -p bob mary john

Howto CheckQuota Consistency:

The quotacheck command is run automatically when a system is rebooted. You

generally do not have to run the quotacheck command on an empty file system with

quotas.However, if you are setting up quotas on a file system with existing files, you need to

run the quotacheck command to synchronize the quota database with the files or inodes that

already exist in the file system.

Also keep in mind that running the quotacheck command on large file systems can be

time-consuming.

Note – To ensure accurate disk data, the file systems being checked should be quiescent when

you run the quotacheck command manually. Become superuser or assume an equivalent role.

Run a consistency check on UFS file systems.

# quotacheck [-va] filesystem

-v (Optional) Identifies the disk quotas for each user on a particular file system.

-a Checks all file systems with an rq entry in the /etc/vfstab file.

filesystem Specifies the file system to check.

See the quotacheck(1M) man page for more information.

Checking Quota Consistency

The following example shows how to check quotas for the /export/home file system

on the /dev/rdsk/c0t0d0s7 slice. The /export/home file system is the only file system with an

rq entry in the /etc/vfstab file.

# quotacheck -va

*** Checking quotas for /dev/rdsk/c0t0d0s7 (/export/home)

How to Turn On Quotas

Become superuser

Turn on file systemquotas.

# quotaon [-v] -a filesystem ...

-v Displays a message for each file system after quotas are turned on.

-a Turns on quotas for all file systems with an rq entry in the /etc/vfstab file. filesystem ...

Turns on quotas for one or more file systems that you specify.More than one file system is

specified by separating each file system name with a space.

Turning On Quotas

The following example shows how to turn quotas on for the file systems on the

/dev/dsk/c0t4d0s7 and /dev/dsk/c0t3d0s7 slices.

# quotaon -v /dev/dsk/c0t4d0s7 /dev/dsk/c0t3d0s7

/dev/dsk/c0t4d0s7: quotas turned on

/dev/dsk/c0t3d0s7: quotas turned on

MaintainingQuotas

CheckingQuotas

After you have set up and turned on disk quotas and inode quotas, you can check for

users who exceed their quotas. In addition, you can check quota information for entire file

systems.

The following table describes the commands that you use to check quotas.

Commands for Checking Quotas

Command Task

quota(1M) Displays user quotas and current disk use, and information about users who are

exceeding their quotas repquota(1M) Displays quotas, files, and the amount of space that is

owned for specified file systems

Howto Check for ExceededQuotas:

You can display the quotas and disk use for individual users on file systems on which

quotas have been activated by using the quota command.

Become superuser

Display user quotas for mounted file systems where quotas are enabled.

# quota [-v] username

-v Displays one or more users' quotas on all mounted file systems that have quotas.

username Is the login name or UID of a user's account.

Checking for Exceeded Quotas

The following example shows that the user account identified by UID 301 has one 1–

Kbyte quota but has not used any disk space.

# quota -v 301

Disk quotas for bob (uid 301):

Filesystem usage quota limit timeleft files quota limit timeleft

/export/home 0 1 2 0 2 3

Filesystem Is the mount point for the file system.

usage Is the current block usage.

quota Is the soft-block limit.

limit Is the hard-block limit.

timeleft Is the amount of time, in days, left on the quota timer.

files Is the current inode usage.

quota Is the soft-inode limit.

limit Is the hard-inode limit.

time left Is the amount of time, in days, left on the quota timer.

Howto CheckQuotas on a File System:

Display the quotas and disk use for all users on one or more file systems by using the

repquota command.

Become superuser

Display all quotas for one or more file systems, even if there is no usage.

# repquota [-v] -a filesystem

-v Reports on quotas for all users, even those users who do not consume resources.

-a Reports on all file systems.

filesystem Reports on the specified file system.

Checking Quotas on a File System

The following example shows output from the repquota command on a system that has

quotas enabled on only one file system (/export/home).

# repquota -va

/dev/dsk/c0t3d0s7 (/export/home):

Block limits File limits

User used soft hard timeleft used soft hard timeleft

#301 -- 0 1 2.0 days 0 2 3

#341 -- 57 50 60 7.0 days 2 90 100

Block limits Definition

used Is the current block usage.

soft Is the soft-block limit.

hard Is the hard-block limit.


File limits Definition

used Is the current inode usage.

soft Is the soft-inode limit.

hard Is the hard-inode limit.


Changing and Removing Quotas:

You can change quotas to adjust the amount of disk space or the number of inodes

that users can consume. You can also remove quotas, for individual users or from entire file

systems, as needed.

edquota edquota(1M) Changes the hard limits and soft limits on the number

of inodes or amount of disk space for each user. Also,

changes the soft limit for each file system with a quota.

quotaoff quotaon(1M) Turns off quotas for specified file systems.

Howto Change the Soft Limit Default:

By default, users can exceed the soft time limits for their quotas for one week. So,

after a week of repeated violations of the soft time limits of either disk space quotas or inode

quotas, the system prevents users from using any more inodes or disk blocks.

You can change the length of time that users can exceed their disk space quotas or

inode quotas by using the edquota command.

Become superuser

Use the quota editor to create a temporary file that contains soft time limits.

# edquota -t

where the -t option specifies the editing of the soft time limits for each file system.

Change the time limits from0 (the default) to the time limits that you specify. So, use

numbers and the keywords month, week, day, hour, min, or sec.

Note – This procedure does not affect current quota violators.

Changing the Soft Limit Default

The following example shows the contents of the temporary file opened by the

edquota command on a system where /export/home is the only mounted file system with

quotas. The default value, 0, means that the default time limit of one week is used.

fs /export/home blocks time limit = 0 (default), files time limit = 0 (default)

The following example shows the same temporary file after the time limit for

exceeding the blocks quota has been changed to 2 weeks. Also, the time limit for exceeding

the number of files has been changed to 16 days.

fs /export/home blocks time limit = 2 weeks, files time limit = 16 days

Howto ChangeQuotas for aUser

Become superuser or assume an equivalent role.

Roles contain authorizations and privileged commands. For more information about roles, see

“Configuring RBAC (TaskMap)” in System Administration Guide: Security Services.

Use the quota editor to open a temporary file that contains one line for each mounted file

systemthat has a quotas file in the file system's root directory.

# edquota username

where username specifies the user name whose quota you want to change.

Caution – You can specify multiple users as arguments to the edquota command.However,

the

user that this information belongs to, is not displayed. To avoid confusion, specify only one

user

name.

Specify the number of 1-Kbyte disk blocks, both soft and hard, and the number of inodes,

both

soft and hard.

Verify that a user's quota has been correctly changed.

# quota -v username

-v Displays user quota information on all mounted file systems with quotas enabled.

username Specifies the user name whose quota you want to check.

Changing Quotas for a User

The following example shows the contents of the temporary file opened by the edquota

command. This temporary file is opened on a system where /files is the only mounted file

system containing a quotas file in the file system's root directory.


The following output shows the same temporary file after quotas have been changed.


Verifying That Hard Quotas Have Been Changed

The following example shows how to verify that the hard quotas for user smith have been

changed to 500 1-Kbyte blocks, and 100 inodes.

# quota -v smith

Disk quotas for smith (uid 12):

Filesystem usage quota limit timeleft files quota limit timeleft

/files 1 0 500 1 0 100

HowtoDisableQuotas for aUser

Become superuser

Use the quota editor to create a temporary file containing one line for each mounted file

system

that has a quotas file in its top-level directory.

# edquota username

Where username specifies the user name whose quota you want to disable.

Caution – You can specify multiple users as arguments to the edquota command.However,

the

user that this information belongs to, is not displayed. To avoid confusion, specify only one

user

name.

Change the number of 1-Kbyte disk blocks, both soft and hard, and the number of inodes,

both

soft and hard, to 0.

Note – Ensure that you change the values to zero.Do not delete the line from the text file.

Verify that you have disabled a user's quota.

# quota -v username

-v Displays user quota information on all mounted file systems with quotas enabled.

username Specifies the user name (UID) whose quota you want to check.

Disabling Quotas for a User

The following example shows the contents of the temporary file opened by the edquota

command on a system where /files is the only mounted file system that contains a quotas file

in the file system's root directory.


The following example shows the same temporary file after quotas have been disabled.


HowtoTurnOffQuotas

Become superuser

# quotaoff [-v] -a filesystem ...

-v Displays a message from each file system when quotas are turned off.

-a Turns off quotas for all file systems.

filesystem Turns off quotas for one or more file systems that you specify.More than one file

system is specified by separating each file system name with a space.

Turning Off Quotas

The following example shows how to turn off the quotas for the /export/home file system.

# quotaoff -v /export/home

/export/home: quotas turned off

Howto Check if a File Has an ACL

Check if a file has an ACL.

% ls -l filename where filename specifies the file or directory.

In the output, a plus sign (+) to the right of the mode field indicates that the file has an

ACL.

Note – Unless you have added ACL entries that extend UNIX file permissions, a file is

considered to have a “trivial” ACL and the plus sign (+) does not display.

Checking if a File Has an ACL

In the following example, the ch1.sgm file has an ACL. The ACL is indicated by the

plus sign (+) to the right of the mode field.

% ls -l ch1.sgm

-rwxr-----+ 1 stacey techpubs 167 Nov 11 11:13 ch1.sgm

Howto Add ACL Entries to a File:

Set an ACL on a file by using the setfacl command.

% setfacl -s user::perms,group::perms,other:perms,mask:perms,acl-entry-list filename ...

-s Sets an ACL on the file. If a file already has an ACL, it is replaced. This option requires at

least the user::, group::, and other:: entries.

user::perms Specifies the file owner permissions.

group::perms Specifies the group ownership permissions.

other:perms Specifies the permissions for users other than the file owner or members of the

group.

mask:perms Specifies the permissions for the ACL mask. The mask indicates the maximum

permissions that are allowed for users (other than the owner) and for groups.

acl-entry-list Specifies the list of one or more ACL entries to set for specific users and groups

on the file or directory. You can also set default ACL entries on a directory.

filename ... Specifies one or more files or directories on which to set the ACL.Multiple

filenames are separated by spaces.

Caution – If an ACL already exists on the file, the -s option replaces the entire ACL with the

new ACL.

Verify that the ACL entrieswere set on the file.

% getfacl filename

Setting an ACL on a File

In the following example, the file owner permissions are set to read and write, file

group permissions are set to read only, and other permissions are set to none on the ch1.sgm

file. In addition, the user anusha is given read and write permissions on the file. The ACL

mask permissions are set to read and write, which means that no user or group can have

execute permissions.

# setfacl -s user::rw-,group::r--,other:---,mask:rw-,user:anusha:rw- ch1.sgm

# ls -l

total 124

-rw-r-----+ 1 stacey techpubs 34816 Nov 11 14:16 ch1.sgm

-rw-r--r-- 1 stacey techpubs 20167 Nov 11 14:16 ch2.sgm

-rw-r--r-- 1 stacey techpubs 8192 Nov 11 14:16 notes

% getfacl ch1.sgm

# file: ch1.sgm

# owner: stacey

# group: techpubs

user::rwuser:

anusha:rw- #effective:rwgroup::

r-- #effective:r--

mask:rwother:---

In the following example, the file owner permissions are set to read, write, and

execute, file group permissions are set to read only, other permissions are set to none. In

addition, the ACL mask permissions are set to read on the ch2.sgm file. Finally, the user

anusha is given read and write permissions.However, due to the ACL mask, the permissions

for anusha are read only.

% setfacl -s u::7,g::4,o:0,m:4,u:anusha:7 ch2.sgm

% getfacl ch2.sgm

# file: ch2.sgm

# owner: stacey

# group: techpubs

user::rwx

user:anusha:rwx #effective:r--

group::r-- #effective:r--

mask:r--

other:---

How to Copy an ACL:

Copy a file's ACL to another file by redirecting the getfacl output.

% getfacl filename1 | setfacl -f - filename2

filename1 Specifies the file from which to copy the ACL.

filename2 Specifies the file on which to set the copied ACL.

Copying an ACL

In the following example, the ACL on ch2.sgm is copied to ch3.sgm.

% getfacl ch2.sgm | setfacl -f - ch3.sgm

Howto Change ACL Entries on a File:

Modify ACL entries on a file by using the setfacl command.

% setfacl -m acl-entry-list filename ...

-m Modifies the existing ACL entry.

acl-entry-list Specifies the list of one or more ACL entries to modify on the file or directory.

You can also modify default ACL entries on a directory.

filename ... Specifies one or more files or directories, separated by a space.

Verify that the ACL entrieswere modified on the file.

% getfacl filename

Modifying ACL Entries on a File

In the following example, the permissions for the user anusha are modified to read and write.

% setfacl -m user:anusha:6 ch3.sgm

% getfacl ch3.sgm

# file: ch3.sgm

# owner: stacey

# group: techpubs

user::rwuser::

anusha:rw- #effective:r--

group::r- #effective:r--

mask:r--

other:r-

In the following example, the default permissions for the group staff are modified to

read on the book directory. In addition, the default ACL mask permissions are modified to

read and write.

% setfacl -m default: group: staff:4, default:mask:6 book

Howto Delete ACL Entries Froma File

Delete ACL entries froma file.

% setfacl -d acl-entry-list filename ...

-d Deletes the specified ACL entries.

acl-entry-list Specifies the list of ACL entries (without specifying the permissions) to delete

from the file or directory. You can only delete ACL entries and default ACL entries for

specific users and groups. Table 6–7 and Table 6–8 show the valid ACL entries.


Alternatively, you can use the setfacl -s command to delete all the ACL entries on a file and

replace them with the new ACL entries that are specified.

Verify that the ACL entrieswere deleted fromthe file.

% getfacl filename

Deleting ACL Entries on a File

In the following example, the user anusha is deleted from the ch4.sgm file.

% setfacl -d user: anusha ch4.sgm

How to Display ACL Entries for a File:

Display ACL entries for a file by using the getfacl command.

% getfacl [-a | -d] filename ...

-a Displays the file name, file owner, file group, and ACL entries for the specified

file or directory.

-d Displays the file name, file owner, file group, and the default ACL entries, if they

exist, for the specified directory.


If you specify multiple file names on the command line, the ACL entries are displayed with a

blank line between each entry.

Displaying ACL Entries for a File

In the following example, all the ACL entries for the ch1.sgm file are displayed. The

#effective: note beside the user and group entries indicates what the permissions are after

being modified by the ACL mask.

% getfacl ch1.sgm

# file: ch1.sgm

# owner: stacey

# group: techpubs

user::rwuser:

anusha:r- #effective:r--

group::rw- #effective:rwmask:

rwother:---

In the following example, the default ACL entries for the book directory are displayed.

% getfacl -d book

# file: book

# owner: stacey

# group: techpubs

user::rwx

user:anusha:r-x #effective:r-x

group::rwx #effective:rwx

mask:rwx

other:---

default:user::rwdefault:

user:anusha:r--

default:group::rwdefault:

mask:rwdefault:

other:---

ABOUT SWAP SPACE

You should understand the features of the SunOSTM swap mechanism to determine the

following:

Swap space requirements

The relationship between swap space and the TMPFS file system

How to recover from error messages related to swap space

Swap Space and Virtual Memory:

Solaris software uses some disk slices for temporary storage rather than for file

systems. These slices are called swap slices. Swap slices are used as virtual memory storage

areas when the system does not have enough physical memory to handle current processes.

The virtual memory system maps physical copies of files on disk to virtual addresses

in memory. Physical memory pages that contain the data for these mappings can be backed

by regular files in the file system, or by swap space. If the memory is backed by swap space it

is referred to as anonymous memory because no identity is assigned to the disk space that is

backing the memory.

The Solaris OS uses the concept of virtual swap space, a layer between anonymous

memory pages and the physical storage (or disk-backed swap space) that actually back these

pages. A system's virtual swap space is equal to the sum of all its physical (disk-backed)

swap space plus a portion of the currently available physical memory.

Virtual swap space has these advantages:

The need for large amounts of physical swap space is reduced because virtual swap

space does not necessarily correspond to physical (disk) storage.

A pseudo file system called SWAPFS provides addresses for anonymous memory

pages.

Because SWAPFS controls the allocation of memory pages, it has greater flexibility

in deciding what happens to a page. For example, SWAPFS might change the page's

requirements for disk-backed swap storage.

How Do YOU Know If YOU Need More Swap Space?

Use the swap -l command to determine if your system needs more swap space. For

example, the following swap -l output shows that this system's swap space is almost entirely

consumed or at 100% allocation.

% swap -l

swapfile dev swaplo blocks free

/dev/dsk/c0t0d0s1 136,1 16 1638608 88

When a system's swap space is at 100% allocation, an application's memory pages

become temporarily locked. Application errors might not occur, but system performance will

likely suffer.

Swap-Related Error Messages:

These messages indicate that an application was trying to get more anonymous

memory. However, no swap space was left to back it.

application is out of memory

malloc error O

messages.1:Sep 21 20:52:11 mars genunix: [ID 470503 kern.warning]

WARNING: Sorry, no swap space to grow stack for pid 100295 (myprog)

TMPFS-Related Error Messages:

The following message is displayed if a page could not be allocated when a file was

being written. This problem can occur when TMPFS tries to write more than it is allowed or

if currently executed programs are using a lot of memory.

directory: File system full, swap space limit exceeded

The following message means that TMPFS ran out of physical memory while attempting to

create a new file or directory:

directory: File system full, memory allocation failed

How Swap Space Is Allocated:

Initially, swap space is allocated as part of the Solaris installation process. If you use

the installation program's automatic layout of disk slices and do not manually change the size

of the swap slice, the Solaris installation program allocates a default swap area of 512

Mbytes.

Starting in the Solaris 9 release, the installation program allocates swap space starting

at the first available disk cylinder (typically cylinder 0). This placement provides maximum

space for the root (/) file system during the default disk layout and enables the growth of the

root (/) file system during an upgrade.

Swap Areas and the /etc/vfstab File

After the system is installed, swap slices and swap files are listed in the /etc/vfstab

file. They are activated by the /sbin/swapadd script when the system is booted.

An entry for a swap device in the /etc/vfstab file contains the following:

The full path name of the swap slice or swap file

File system type of the swap slice or swap file

The file system that contains a swap file must be mounted before the swap file is

activated. So, in the /etc/vfstab file, ensure that the entry that mounts the file system comes

before the entry that activates the swap file.

Planning for Swap Space:

The most important factors in determining swap space size are the requirements of the

system's software applications. For example, large applications such as computer-aided

design simulators, database management products, transaction monitors, and geologic

analysis systems can consume as much as 200–1000 Mbytes of swap space.

Consult your application vendors for swap space requirements for their applications.

If you are unable to determine swap space requirements from your application vendors, use

the following general guidelines based on your system type to allocate swap space.

System type swap size

Workstation with about 4 Gbytes of physical memory

1 Gbyte

Mid-range server with about 8Gbytes of physical memory

2 Gbytes

High-end server with about 16 to128 Gbytes of physical memory

4 Gbytes

In addition to these general guidelines, consider allocating swap space or disk space

for the following:

A dedicated dump device.

Determine whether large applications (such as compilers) will be using the /tmp

directory.

Then, allocate additional swap space to be used by TMPFS. For information about

TMPFS, The /usr/sbin/swap command is used to manage swap areas. Two options, -l and -s,

display information about swap resources.

Use the swap -l command to identify a system's swap areas. Activated swap devices

or files are listed under the swapfile column.

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1638608 1600528

Use the swap -s command to monitor swap resources.

# swap -s

total: 57416k bytes allocated + 10480k reserved = 67896k used,

833128k available

The used value plus the available value equals the total swap space on the system,

which includes a portion of physical memory and swap devices (or files).

You can use the amount of available and used swap space (in the swap -s output) as a

way to monitor swap space usage over time. If a system's performance is good, use swap -s to

determine how much swap space is available.

When the performance of a system slows down,check the amount of available swap

space to determine if it has decreased. Then you can identify what changes to the system

might have caused swap space usage to increase. When using this command, keep in mind

that the amount of physical memory available for swap usage changes dynamically as the

kernel and user processes lock down and release physical memory.

Note – The swap -l command displays swap space in 512-byte blocks. The swap -s

command displays swap space in 1024-byte blocks. If you add up the blocks from swap -l

and convert them to Kbytes, the result is less than used + available (in the swap -s output).

The reason is that swap -l does not include physical memory in its calculation of swap space.

The output from the swap -s command is summarized in the following table.

Output of the swap -s Command

Adding More Swap Space:

As system configurations change and new software packages are installed, you might

need to add more swap space. The easiest way to add more swap space is to use the mkfile

and swap commands to designate a part of an existing UFS or NFS file system as a

supplementary swap area. These commands, described in the following sections, enable you

to add more swap space without repartitioning a disk.

Alternative ways to add more swap space are to repartition an existing disk or to add

another disk.

Creating a Swap File:

You can create a swap file to be used in a UFS root file system. Swap files are

currently not supported in a ZFS root environment. The following general steps are involved

in creating a swap file:

Creating a swap file by using the mkfile command.

Activating the swap file by using the swap command.

Adding an entry for the swap file in the /etc/vfstab file so that the swap file is

activated automatically when the system is booted.

mkfile Command

The mkfile command creates a file that is suitable for use as either an NFS-mounted

swap area or a local swap area. The sticky bit is set, and the file is filled with zeros. You can

specify the size of the swap file in bytes (the default) or in Kbytes, blocks, or Mbytes by

using the k, b, or m suffixes, respectively.

The following table shows the mkfile command options.

Options to the mkfileCommand

Option Description

-n Creates an empty file. The size is noted.However, the disk blocks are not

allocated until data is written to them.

-v Reports the names and sizes of created files.

Note – Use the -n option only when you create an NFS swap file.

Howto Create a Swap File and Make It Available:

Become superuser.

You can create a swap file without root permissions.However, to avoid accidental

overwriting, root should be the owner of the swap file. Create a directory for the swap file, if

needed.

Create the swap file.

# mkfile nnn[k|b|m] filename

The swap file of the size nnn (in Kbytes, bytes, or Mbytes) with the filename you specify is

created.

Activate the swap file.

# /usr/sbin/swap -a /path/filename

You must use the absolute path name to specify the swap file. The swap file is added

and available until the file system is unmounted, the system is rebooted, or the swap file is

removed.

Keep in mind that you cannot unmount a file system while some process or program

is swapping to the swap file.

Add an entry for the swap file to the /etc/vfstab file that specifies the full path name of

the file, and designates swap as the file systemtype.

/path/filename - - swap - no -

Verify that the swap file is added.

$ /usr/sbin/swap -l

Note – If a swap file does not get activated, make sure that the following service is running:

# svcs nfs/client

STATE STIME FMRI

enabled 14:14:34 svc:/network/nfs/client:default

Creating a Swap File and Making It Available

The following examples shows how to create a 100-Mbyte swap file called /files/swapfile.

# mkdir /files

# mkfile 100m /files/swapfile

# swap -a /files/swapfile

# vi /etc/vfstab

(An entry is added for the swap file):

/files/swapfile - - swap - no -

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1638608 1600528

/files/swapfile - 16 204784 204784

Removing a Swap File From Use:

If you have unneeded swap space, you can remove it.

Howto Remove Unneeded Swap Space:

Become superuser.

Remove the swap space.

# /usr/sbin/swap -d /path/filename

The swap file name is removed so that it is no longer available for swapping. The file itself is

not deleted.

Edit the /etc/vfstab file and delete the entry for the swap file.

Recover the disk space so that you can use it for something else.

# rm /path/filename

If the swap space is a file, remove it. Or, if the swap space is on a separate slice and you are

sure you will not need it again, make a new file system and mount the file system. Verify that

the swap file is no longer available.

# swap –l

Removing Unneeded Swap Space

The following examples shows how to delete the /files/swapfile swap file.

# swap -d /files/swapfile

# (Remove the swap entry from the /etc/vfstab file)

# rm /files/swapfile

# swap -l


/dev/dsk/c0t0d0s1 136,1 16 1638608 1600528

MANAGING REMOVABLE MEDIA

Formatting Diskettes:

You can use the rmformat command to format and protect rewritable diskettes. This

utility does not require superuser privilege unless vold is not running. File systems are

mounted automatically. So, you might have to unmount media before you can format it, if the

media contains an existing file system.

The rmformat command has three formatting options:

quick – This option formats diskettes without certification or with limited certification

of certain tracks on the media.

long – This option completely formats diskettes. For some devices, the use of this

option might include the certification of the whole media by the drive. force – This

option formats completely without user confirmation. For diskettes with a password-

protection mechanism, this option clears the password before formatting. This feature

is useful when a password is forgotten. On diskettes without password protection, this

option forces a long format.

Removable Media Hardware Considerations:

Keep the following restrictions in mind when working with diskettes:

SPARC and x86 UFS formats are different. SPARC uses little-endian bit coding, x86

uses big-endian.Media formatted for UFS is restricted to the hardware platform on

which they were formatted. So, a diskette formatted for UFS on a SPARC based

platform cannot be used for UFS on an x86 platform. Likewise, a diskette formatted

for UFS on an x86 platform cannot be used on a SPARC platform.

A complete format for SunOS file systems consists of the basic “bit” formatting in

addition the structure to support a SunOS file system. A complete format for a DOS

file system consists of the basic “bit” formatting in addition the structure to support

either an MS-DOS or an NEC-DOS file system. The procedures required to prepare a

media for each type of file system are different. Therefore, before you format a

diskette, consider which procedure to follow.

Keep the following in mind when formatting diskettes:

Diskettes that are not named (that is, they have no “label”) are assigned the default

name of unnamed_floppy.

Diskettes that are not named (that is, they have no “label”) are assigned the default

name of floppy.

A Solaris system can format the following diskette types:

UFS

MS-DOS or NEC-DOS (PCFS)

UDFS

On a Solaris system (either SPARC or x86), you can format diskettes with the following

densities.

Diskette Size Diskette Density Capacity

3.5” High density (HD) 1.44 Mbytes

3.5” Double density (DD) 720 Kbytes

By default, the diskette drive formats a diskette to a like density. This default means

that a 1.44 Mbyte drive attempts to format a diskette for 1.44 Mbytes, regardless of whether

the diskette is, in fact, a 1.44 Mbyte diskette, unless you instruct it otherwise. In other words,

a diskette can be formatted to its capacity or lower, and a drive can format to its capacity or

lower.

How to Format a Diskette (rmformat)

You can use the rmformat command to format a diskette. By default, this command

creates two partitions on the media: partition 0 and partition 2 (the whole media). Verify that

removable media service is running. If so, you can use the shorter nickname for the device

name.

$ svcs volfs

STATE STIME FMRI

online 10:39:12 svc:/system/filesystem/volfs:default

Format the diskette.

$ rmformat -F [ quick | long | force ] device-name

(Optional) Label the diskette with an 8-character label.

$ rmformat -b label device-name

This example shows how to format a diskette.

$ rmformat -F quick /dev/rdiskette

Formatting will erase all the data on disk.

Do you want to continue? (y/n) y

Howto Create a File System on Removable Media:

Format the diskette.

$ rmformat -F quick device-name

Create an alternate Solaris partition table.

$ rmformat -s slice-file device-name

A sample slice file appears similar to the following:

slices: 0 = 0, 30MB, "wm", "home":

1 = 30MB, 51MB:

2 = 0, 94MB, "wm", "backup":

6 = 81MB, 13MB

Become superuser.

Determine the appropriate file systemtype and select one of the following:

Create a UFS file system. For example:

# newfs /vol/dev/aliases/floppy0

Create a PCFS file system. For example:

# mkfs -F pcfs /dev/rdsk/c0t4d0s2:c

Create aUDFS file system. For example:

# mkfs -F udfs /dev/rdsk/c0t1d0s1

Formatting a Diskette for a UFS File System

The following example shows how to format a diskette and create a UFS file system

on the diskette.

#rmformat -F quick /vol/dev/aliases/floppy 0



# /usr/sbin/newfs /vol/dev/aliases/floppy0

newfs: construct a new file system /dev/rdiskette: (y/n)? y

/dev/rdiskette: 2880 sectors in 80 cylinders of 2 tracks, 18 sectors

1.4MB in 5 cyl groups (16 c/g, 0.28MB/g, 128 i/g)

super-block backups (for fsck -F ufs -o b=#) at:

32, 640, 1184, 1792, 2336,

#

# rmformat -F quick /dev/rdiskette


Do you want to continue? (y/n)y

# /usr/sbin/newfs /dev/rdiskette

newfs: construct a new file system /dev/rdiskette: (y/n)? y

/dev/rdiskette: 2880 sectors in 80 cylinders of 2 tracks, 18 sectors



32, 640, 1184, 1792, 2336,

Formatting a Diskette for a PCFS File System

This example shows how to create a PCFS file system with an alternate fdisk partition. In

these examples, vold is not running.

# rmformat -F quick /dev/rdsk/c0t4d0s2:c



# fdisk /dev/rdsk/c0t4d0s2:c

# mkfs -F pcfs /dev/rdsk/c0t4d0s2:c

Construct a new FAT file system on /dev/rdsk/c0t4d0s2:c: (y/n)? y

#

This example shows how to create a PCFS file system without an fdisk partition.

# rmformat -F quick /dev/rdiskette



# mkfs -F pcfs -o nofdisk,size=2 /dev/rdiskette

Construct a new FAT file system on /dev/rdiskette: (y/n)? y

#

How to Create a File System on a DVD-RAM:

Currently, vold doesn't support DVD-RAM devices. So, if you disable vold to use

aDVD-RAM device, you cannot use CD-R, CD-RW, DVD-R,DVD-RW,DVD+R,DVD+RW

devices because vold is not available during the time that it is disabled.

Become superuser.

Stop vold.

# svcadm disable volfs

Create a file systemon the DVD-RAMdevice.

Create a UFS file system. For example:

# newfs /dev/rdsk/c0t0d0s2

Create aUDFS file system. For example:

# mkfs -F udfs /dev/rdsk/c0t0d0s2

Mount the file system.

Mount a UFS file system. For example:

# mount -F ufs /dev/dsk/c0t0d0s2 /mnt

Mount aUDFS file system. For example:

# mount -F udfs /dev/dsk/c0t0d0s2 /mnt

Verify that you can read or write to the file system.

When finished, eject the DVD-RAM.

Restart vold.

# svcadm enable volfs

How to Check a File Systemon Removable Media:

Become superuser.

Identify the file systemtype and select one of the following:

Check a UFS file system.

# fsck -F ufs device-name

Check aUDFS file system.

# fsck -F udfs device-name

Check a PCFS file system.

# fsck -F pcfs device-name

Checking a PCFS File System on Removable Media

The following example shows how check the consistency of a PCFS file system on

media. In this example, vold is not running.

# fsck -F pcfs /dev/rdsk/c0t4d0s2

** /dev/rdsk/c0t4d0s2

** Scanning file system meta-data

** Correcting any meta-data discrepancies

1457664 bytes.

0 bytes in bad sectors.

0 bytes in 0 directories.

0 bytes in 0 files.

1457664 bytes free.

512 bytes per allocation unit.

2847 total allocation units.

2847 available allocation units.

How to Repair Bad Blocks on Removable Media:

You can only use the rmformat command to verify, analyze, and repair bad sectors

that are found during verification if the drive supports bad block management.Most diskettes

and USB memory sticks do not support bad block management.

If the drive supports bad block management, a best effort is made to rectify the bad

block. If the bad block cannot be rectified despite the best effort mechanism, a message

indicates the failure to repair the media.

Repair bad blocks on removable media.

$ rmformat -c block-numbers device-name

Supply the block number in decimal, octal, or hexadecimal format from a previous rmformat

session.

Verify the media.

$ rmformat -V read device-name

Accessing Removable Media

This chapter describes how to access removable media from the command line in the Solaris

OS.

Accessing Removable Media:

You can access information on removable media with or without using volume

management. For information on accessing information on removable media withGNOME's

FileManager, see theGNOME desktop documentation.

Volume management (vold) actively manages all removable media devices. So, any

attempt to access removable media with device names such as /dev/rdsk/cntndnsn or

/dev/dsk/cntndnsn will be unsuccessful.

Using Removable Media Names:

You can access all removable media with different names. The following table

describes the different media names that can be accessed with or without volume

management.

Guidelines for Accessing Removable Media Data:

Most CDs andDVDs are formatted to the ISO 9660 standard, which is portable. So,

most CDs andDVDs can be mounted by volume management.However, CDs orDVDs with

UFS file systems are not portable between architectures. So, they must be used on the

architecture for which they were designed.

Howto Add aNewRemovable Media Drive:

Generally, most modern bus types support hot-plugging. If your system's bus type

supports hot-plugging, you might only need to do step 5 below. If your system's bus type

does not support hot-plugging, you might have to do the following tasks,

Reboot the system so that volume management recognizes the new media drive.

For more information about hot-plugging devices, see Chapter 6, “Dynamically Configuring

Devices (Tasks).”

Become superuser.

Create the /reconfigure file.

# touch /reconfigure

Bring the systemto run level 0.

# init 0

Turn off power to the system.

Connect the new media drive.

See your hardware handbook for specific instructions.

Turn on power to the system.

The system automatically comes up to multiuser mode.

How to Disable or Enable Removable Media Services:

Occasionally, you might want to manage media without using removable media

services. This section describes how to disable and enable removable media services.

Disabling these services means that you would have to mount all media manually by

using the mount command.

Ensure that the media is not being used.

If you are not sure whether you have found all users of the media, use the fuser command, see

Become superuser.

Select one of the following:

Disable removable media services.

# svcadm disable volfs

Enable removable media services.

# svcadm enable volfs

volume management starting.

Howto Access Information on Removable Media

Insert the media.

The media is mounted after a few seconds.

List the contents of the media.

% ls /media

Use the appropriate device name to access information by using the command-line interface.

# ls /floppy

My file

This example shows how to access information on a USB memory stick.

# ls /rmdisk

rmdisk0/ rmdisk1/

This example shows how to access information on aDVD or CD.

# ls /cdrom

cdrom0 sol_10_1008_sparc

This example shows how to view the symbolic links on aDVD or CD.

# ls -lL /cdrom/cdrom0

total 929

-r--r--r-- 1 root root 6557 Jul 31 2008 Copyright

-r--r--r-- 1 root root 460262 Jul 31 2008 JDS-THIRDPARTYLICENSEREADME

drwxr-xr-x 2 root bin 2048 Oct 27 13:20 License

drwxr-xr-x 7 root root 2048 Oct 27 13:21 Solaris_10

drwxr-xr-x 2 root root 2048 Oct 27 13:21 boot

-rwxr-xr-x 1 root root 257 Oct 27 12:57 installer

drwxr-xr-x 5 root root 2048 Oct 27 13:21 platform

Howto Copy Information From Removable Media:

You can access files and directories on removable media as with any other file

system. The only significant restrictions are related to ownership and permissions.

For instance, if you copy a file from a CD into your file system, you are the owner.

However, you won't have write permissions because the file on the CD never had them. You

must change the permissions yourself.

Ensure that the media is mounted.

$ ls /media

The ls command displays the contents of a mounted media. Copy the files or directories.

For example, for aDVD, you would do the following:

# cp /cdrom/sol_10_1008_sparc/Solaris_10/Tools/add_install_client .

# ls -l

-rwxr-xr-x 1 pmorph gelfs 64065 Jul 25 2008 add_install_client

How to Determine If Removable Media Is Still inUse:

Become superuser.

Identify the processes that are accessing the media.

# fuser -u /media

The -u displays the user of the media.

For more information, see fuser(1M).

kill the process accessing the media.

# fuser -u -k /media

The -k kills the processes accessing the media.

Caution – Killing the processes that are accessing the media should only be used in

emergency situations.

Verify that the process is gone.

# pgrep process-ID

Determining If the Media Is Still in Use

The following example shows that the user siritech, is accessing the

/cdrom/sol_10_1008_sparc/Solaris_10/Tools directory.

# fuser -u /cdrom/sol_10_1008_sparc/Solaris_10/Tools

/cdrom/sol_10_1008_sparc/Solaris_10/Tools: 902c(pmorph) 339c(pmorph)

Howto Eject Removable Media:

Ensure that the media is not being used.

Remember, media is “being used” if a shell or an application is accessing any of its

files or directories. If you are not sure whether you have found all users of a CD(for example,

a shell hidden behind a desktop tool might be accessing it), use the fuser command.

Eject the media.

# eject media

For example, for a CD, you would do the following:

# eject cdrom

For example, for a USB memory stick, you would do the following:

# eject rmdisk0

Tip – You can view the removable device name with the eject -l command.

Accessing Removable Media on a Remote System

How to Make Local Media Available to Other Systems

You can configure your system to share its media drives to make any media in those

drives available to other systems. One exception is musical CDs. Once your media drives are

shared, other systems can access the media they contain simply by mounting them. For

instructions, see Become superuser.

Confirm that the media is loaded.

Add the following entry to the /etc/dfs/dfstab file.

For example:

share -F nfs -o ro /cdrom/sol_10_1008_sparc

Determine whether the NFS server service is running.

# svcs *nfs*

The following output is returned from the svcs command if NFS server service is running:

online 14:28:43 svc:/network/nfs/server:default

Identify the NFS server status, and select one of the following:

If the NFS server service is running, go to Step 7.

If the NFS server service is not running, go to the next step.

Start the NFS server service.

# svcadm enable network/nfs/server

Verify that the NFS daemons are running.

For example:

# svcs -p svc:/network/nfs/server:default

Verify that the media is indeed available to other systems.

If the media is available, its share configuration is displayed.

# share

/cdrom/sol_10_1008_sparc ro ""

Making Local DVDs or CDs Available to Other Systems

The following example shows how to make any localDVDor CDavailable to other systems

on the network.

# vi /etc/dfs/dfstab

(Add the following line:)

# share -F nfs -o ro /media

# svcs *nfs*



# share

-/cdrom/sol_10_1008_sparc ro ""

Making Local Diskettes Available to Other Systems

The following example shows how to make any local diskette available to other

systems on the network.

# vi /etc/dfs/dfstab

(Add the following line, for example)

share -F nfs -o ro /floppy/myfiles

# svcs *nfs*



# volcheck –v

media was found

# share

- /floppy/myfiles rw ""

Howto Access Removable Media on Remote Systems:

You can access media on a remote system by manually mounting the media into your

file system. Also, the remote system must have shared its media according to the instructions

in Select an existing directory to serve as the mount point. Or create a mount point.

$ mkdir /directory where /directory is the name of the directory that you create to serve as a

mount point for the remote system's CD.

Find the name of the media you want to mount.

$ showmount -e system-name

As superuser, mount the media.

# mount -F nfs -o ro system-name:/media/media-name local-mount-point

system-name: Is the name of the system whose media you will mount.

media-name Is the name of the media you want to mount.

local-mount-point Is the local directory onto which you will mount the remote media.

Verify that the media has been mounted.

# ls /media

Accessing DVDs or CDs on Remote Systems

The following example shows how to automatically access the remoteDVDnamed

sol_10_1008_sparc from the remote system starbug using AutoFS.

#showmount -e siri2

export list for siri2:

/cdrom/sol_10_1008_sparc (everyone)

#/net/starbug/cdrom/sol_10_1008_sparc

Accessing Diskettes on Other Systems

The following example shows how to automatically access myfiles from the remote system

mars using AutoFS.

#showmount -e siri2

#cd /net/siri

#ls /floppy

Floppy 0 myfiles

Howto RestrictUser Access to Removable Media With RBAC


Start the Solaris Management Console.

$ /usr/sadm/bin/smc &

For more information on starting the console, see “Starting the SolarisManagement Console”

in System Administration Guide: Basic Administration.

Set up a role that includes the Device Management rights.

Add users who need to use the cdrw command to the newly created role.

Comment the following line in the /etc/security/policy.conf file:

AUTHS_GRANTED=solaris.device.cdrw

If you do not do this step, all users still have access to the cdrw command, not just the

members of the device management role.

After this file is modified, the device management role members are the only users who can

use the cdrw command. Everyone else is denied access with the following message:

Authorization failed, Cannot access disks.

How to Create an ISO 9660 File Systemfor a Data CDor DVD:

Insert a blank CD or DVD into the drive.

Create the ISO 9660 file system on the new CD OR DVD

$ mkisofs -r /pathname > cd-file-system

-r Creates Rock Ridge information and resets file ownerships to zero.

/pathname Identifies the path name used to create the ISO 9660 file system.

> cd-file-system Identifies the name of the file system to be put on the CD orDVD.

Copy the file systemonto the CD or DVD.

$ cdrw -i cd-file-system

The -i cd-file-system specifies the image file for creating a data CD orDVD.

Creating an ISO 9660 File System for a Data CD or DVD

The following example shows how to create an ISO 9660 file system for a data CD orDVD.

$ mkisofs -r /home/dubs/ufs_dir > ufs_cd

Total extents actually written = 56

Total translation table size: 0

Total rockridge attributes bytes: 329

Total directory bytes: 0

Path table size(bytes): 10

Max brk space used 8000

56 extents written (0 Mb)

Then, copy the file system onto the CD orDVD.

$ cdrw -i ufs_cd

Initializing device...done.

Writing track 1...done.

Finalizing (Can take several minutes)...done.

COMMANDS FOR MANAGING SYSTEM PROCESSES

The following table describes the commands for managing system processes.

Command Description

ps, pgrep,

prstat, pkill

Checks the status of active processes on a system, as well as displays

detailed information about the processes

pkill Functions identically to pgrep but finds or signals processes by name or

other attribute and terminates the process. Each matching process is

signaled as if by the kill command, instead of having its process ID

printed.

pargs, preap Assists with processes debugging

dispadmin Lists default process scheduling policies

priocntl Assigns processes to a priority class and manages process priortities

nice Changes the priority of a timesharing process

psrset Binds specific process groups to a group of processors rather than to just a

single processor

Using the ps Command:

The ps command enables you to check the status of active processes on a system, as

well as display technical information about the processes. This data is useful for

administrative tasks such as determining how to set process priorities.

Depending on which options you use, the ps command reports the following

information:

Current status of the process

Process ID

Parent process ID

User ID

Scheduling class

Priority

Address of the process

Memory used

CPU time used

Summary of Fields in ps Reports

Field Description

UID The effective user ID of the process's owner.

PID The process ID.

PPID The parent process ID.

C The processor xutilization for scheduling. This field is not displayed when the -c

option is used.

CLS The scheduling class to which the process belongs such as real-time, system, or

timesharing. This field is included only with the -c option.

PRI The kernel thread's scheduling priority.Higher numbers indicate a higher priority.

NI The process's nice number, which contributes to its scheduling priority. Making a

process “nicer” means lowering its priority.

ADDR The address of the proc structure.

SZ The virtual address size of the process.

WCHAN The address of an event or lock for which the process is sleeping.

STIME The starting time of the process in hours, minutes, and seconds.

TTY The terminal from which the process, or its parent, was started. A question mark

indicates that there is no controlling terminal.

TIME The total amount of CPU time used by the process since it began.

CMD The command that generated the process.

UID The effective user ID of the process's owner

PID The process ID

PPID The parent process ID.

C The processor xutilization for scheduling. This field is not displayed when the -

c option is used.

CLS The scheduling class to which the process belongs such as real-time, system, or

timesharing. This field is included only with the -c option

PRI The kernel thread's scheduling priority.Higher numbers indicate a higher

priority

NI The process's nice number, which contributes to its scheduling priority.

SZ The virtual address size of the process

WCHA

N

The address of an event or lock for which the process is sleeping.

STIME The starting time of the process in hours, minutes, and seconds

TTY The terminal from which the process, or its parent, was started. A question

mark indicates that there is no controlling terminal

TIME The total amount of CPU time used by the process since it began

CMD The command that generated the process

Using the /proc File Systemand Commands:

You can display detailed information about the processes that are listed in the /proc

directory by using process commands. The following table lists the /proc process commands.

The /proc directory is also known as the process file system (PROCFS). Images of active

processes are stored here by their process ID number.

TABLE 12–3 ProcessCommands (/proc)

Process Command Description

pcred Displays process credential information

pfiles Reports fstat and fcntl information for open files in a process

pflags Prints /proc tracing flags, pending signals and held signals, and

other status information

pldd Lists the dynamic libraries that are linked into a process

pmap Prints the address space map of each process

psig Lists the signal actions and handlers of each process

prun Starts each process

pstack Prints a hex+symbolic stack trace for each lwp in each process

pstop Stops each process

ptime Times a process by using microstate accounting

ptree Displays the process trees that contain the process

pwait Displays status information after a process terminates

pwdx Displays the current working directory for a process

The process tools are similar to some options of the ps command, except that the output that

is provided by these commands is more detailed.

In general, the process commands do the following:

Display more information about processes, such as fstat and fcntl, working

directories, and trees of parent and child processes Provide control over processes by

allowing users to stop or resume them

Howto List Processes:

Use the ps command to list all the processes on a system.

$ ps [-efc]

ps Displays only the processes that are associated with your login session.

-ef Displays full information about all the processes that are being executed on the system.

-c Displays process scheduler information.

Listing Processes

The following example shows output from the ps command when no options are used.

$ ps

PID TTY TIME COMD

1664 pts/4 0:06 csh

2081 pts/4 0:00 ps

The following example shows output from the ps -ef command. This output shows

that the first process that is executed when the system boots is sched (the swapper) followed

by the init process, pageout, and so on.

$ ps -ef

UID PID PPID C STIME TTY TIME CMD

root 0 0 0 Dec 20 ? 0:17 sched

root 1 0 0 Dec 20 ? 0:00 /etc/init -

root 2 0 0 Dec 20 ? 0:00 pageout

root 3 0 0 Dec 20 ? 4:20 fsflush

root 374 367 0 Dec 20 ? 0:00 /usr/lib/saf/ttymon

root 367 1 0 Dec 20 ? 0:00 /usr/lib/saf/sac -t 300

root 126 1 0 Dec 20 ? 0:00 /usr/sbin/rpcbind

root 54 1 0 Dec 20 ? 0:00 /usr/lib/sysevent/syseventd

root 59 1 0 Dec 20 ? 0:00 /usr/lib/picl/picld

root 178 1 0 Dec 20 ? 0:03 /usr/lib/autofs/automountd

root 129 1 0 Dec 20 ? 0:00 /usr/sbin/keyserv

root 213 1 0 Dec 20 ? 0:00 /usr/lib/lpsched

root 154 1 0 Dec 20 ? 0:00 /usr/sbin/inetd -s

root 139 1 0 Dec 20 ? 0:00 /usr/lib/netsvc/yp/ypbind ...

root 191 1 0 Dec 20 ? 0:00 /usr/sbin/syslogd

root 208 1 0 Dec 20 ? 0:02 /usr/sbin/nscd

root 193 1 0 Dec 20 ? 0:00 /usr/sbin/cron

root 174 1 0 Dec 20 ? 0:00 /usr/lib/nfs/lockd

daemon 175 1 0 Dec 20 ? 0:00 /usr/lib/nfs/statd

root 376 1 0 Dec 20 ? 0:00 /usr/lib/ssh/sshd

root 226 1 0 Dec 20 ? 0:00 /usr/lib/power/powerd

root 315 1 0 Dec 20 ? 0:00 /usr/lib/nfs/mountd

root 237 1 0 Dec 20 ? 0:00 /usr/lib/utmpd

HowtoDisplay Information About Processes

Obtain the process ID of the process that youwant to display more information about.

# pgrep process

where process is the name of the process you want to display more information about.

The process ID is displayed in the first column of the output.

Display the process information that you need.

# /usr/bin/pcommand pid

pcommand Is the (/proc) command that you want to run. Table 12–3 lists and describes

these commands.

pid Identifies the process ID.

Displaying Information About Processes

The following example shows how to use process commands to display more information

about a cron process.

# pgrep cron

4780

# pwdx 4780

4780: /var/spool/cron/atjobs

# ptree 4780

4780 /usr/sbin/cron

# pfiles 4780

4780: /usr/sbin/cron

Current rlimit: 256 file descriptors

0: S_IFCHR mode:0666 dev:290,0 ino:6815752 uid:0 gid:3 rdev:13,2

O_RDONLY|O_LARGEFILE

/devices/pseudo/mm@0:null

1: S_IFREG mode:0600 dev:32,128 ino:42054 uid:0 gid:0 size:9771

O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE

/var/cron/log

2: S_IFREG mode:0600 dev:32,128 ino:42054 uid:0 gid:0 size:9771

O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE

/var/cron/log

3: S_IFIFO mode:0600 dev:32,128 ino:42049 uid:0 gid:0 size:0

O_RDWR|O_LARGEFILE

/etc/cron.d/FIFO


O_RDWR|O_NONBLOCK


O_RDWR

Howto Control Processes

Obtain the process ID of the process that youwant to control.

# pgrep process

where process is the name of the process you want to control.

The process ID displayed in the first column of the output.

Use the appropriate process command to control the process.

# /usr/bin/pcommand pid

pcommand Is the process (/proc) command that you want to run.

pid Identifies the process ID.

Verify the process status.

# ps -ef | grep pid

Controlling Processes

The following example shows how to use process command to stop and restart the dtpad

process.

# pgrep dtpad

2921

# pstop 2921

# prun 2921

Terminating a Process (pkill, kill)

Sometimes, you might need to stop (kill) a process. The process might be in an

endless loop. Or, you might have started a large job that you want to stop before it is

completed. You can kill any process that you own. Superuser can kill any process in the

system except for those processes with process IDs of 0, 1, 2, 3, and 4. Killing these

processes most likely will crash the system.

HowtoTerminate a Process (pkill)

(Optional) Become superuser or assume an equivalent role to terminate the process of another

user.

Obtain the process ID for the process that youwant to terminate.

$ pgrep process

where process is the name of the process that you want to terminate.

For example:

$ pgrep netscape

587

566

The process ID is displayed in the output.

Note – To obtain process information on a Sun RayTM, use the following commands:

# ps -fu user

This command lists all user processes.

# ps -fu user | grep process

This command locates a specific process for a user.

Terminate the process.

$ pkill [signal] process

signal When no signal is included in the pkill command-line syntax, the default signal that is

used is –15 (SIGKILL). Using the –9 signal (SIGTERM) with the pkill command ensures

that the process terminates promptly. However, the –9 signal should not be used to kill

certain processes, such as a database process, or an LDAP server process. The result is that

data might be lost.

process Is the name of the process to stop.

Tip – When using the pkill command to terminate a process, first try using the command by

itself, without including a signal option. Wait a few minutes to see if the process terminates

before using the pkill command with the -9 signal. Verify that the process has been

terminated.

$ pgrep process

The process you terminated should no longer be listed in the output of the pgrep command.

HowtoTerminate a Process (kill)

(Optional) Become superuser or assume an equivalent role to terminate the process of another

user.

Obtain the process ID of the process that youwant to terminate.

$ ps -fu user

where user is the user that you want to display processes for.

For example:

$ ps -fu userabc

userabc 328 323 2 Mar 12 ? 10:18 /usr/openwin/bin/Xsun

:0 -nobanner -auth /var/dt/A:0-WmayOa

userabc 366 349 0 Mar 12 ? 0:00 /usr/openwin/bin/fbconsole

userabc 496 485 0 Mar 12 ? 0:09 /usr/dt/bin/sdtperfmeter

-f -H -t cpu -t disk -s 1 -name fpperfmeter

userabc 349 332 0 Mar 12 ? 0:00 /bin/ksh /usr/dt/bin/Xsession

userabc 440 438 0 Mar 12 pts/3 0:00 -csh -c unsetenv _ PWD;

unsetenv DT; setenv DISPLAY :0;

userabc 372 1 0 Mar 12 ? 0:00 /usr/openwin/bin/speckeysd

userabc 438 349 0 Mar 12 pts/3 0:00 /usr/dt/bin/sdt_shell -c

unset

The process ID is displayed in the first column of the output.

Terminate the process.

$ kill [signal-number] pid

signal When no signal is included in the kill command-line syntax, the default signal that

is used is –15 (SIGKILL). Using the –9 signal (SIGTERM) with the kill command

ensures that the process terminates promptly.However, the –9 signal should not be

used to kill certain processes, such as a database process, or an LDAP server process.

The result is that data might be lost.

pid Is the process ID of the process that you want to terminate.

Tip – When using the kill command to stop a process, first try using the command by itself,

without including a signal option. Wait a few minutes to see if the process terminates before

using the kill command with the -9 signal.

Verify that the process has been terminated.

$ pgrep pid

The process you terminated should no longer be listed in the output of the pgrep command.

Debugging a Process (pargs, preap)

The pargs command and the preap command improve process debugging. The pargs

command prints the arguments and environment variables associated with a live process or

core file. The preap command removes defunct (zombie) processes. A zombie process has

not yet had its exit status claimed by its parent. These processes are generally harmless but

can consume system resources if they are numerous. You can use the pargs and preap

commands to examine any process that you have the privileges to examine. As superuser, you

can examine any process.

The pargs command solves a long-standing problem of being unable to display with

the ps command all the arguments that are passed to a process. The following example shows

how to use the pargs command in combination with the pgrep command to display the

arguments that are passed to a process.

# pargs ‘pgrep ttymon‘

579: /usr/lib/saf/ttymon -g -h -p system-name console login:

-T sun -d /dev/console -l

argv[0]: /usr/lib/saf/ttymon

)

argv[1]: -g

argv[2]: -h

argv[3]: -p

argv[4]: system-name console login:

argv[5]: -T

argv[6]: sun

argv[7]: -d

argv[8]: /dev/console

argv[9]: -l

argv[10]: console

argv[11]: -m

argv[12]: ldterm,ttcompat

548: /usr/lib/saf/ttymon

argv[0]: /usr/lib/saf/ttymon

The following example shows how to use the pargs -e command to display the environment

variables that are associated with a process.

$ pargs -e 6763

6763: tcsh

envp[0]: DISPLAY=:0.0

Managing Process Class Information:

The following list identifies the process scheduling classes that can be configured on

your system. Also included is the user priority range for the timesharing class.

The possible process scheduling classes are as follows:

Fair share (FSS)

Fixed (FX)

System (SYS)

Interactive (IA)

Real-time (RT)

Timesharing (TS)

The user-supplied priority ranges from -60 to +60.

The priority of a process is inherited from the parent process. This priority is referred

to as the user-mode priority.

The system looks up the user-mode priority in the timesharing dispatch parameter

table.

Then, the system adds in any nice or priocntl (user-supplied) priority and ensures a

0–59 range to create a global priority.

Changing the Scheduling Priority of Processes

(priocntl)

Display process scheduling classes and priority ranges with the priocntl -l command.

$ priocntl –l

Displaying Basic Information About Process Classes (priocntl)

The following example shows output from the priocntl -l command.

# priocntl -l

CONFIGURED CLASSES

SYS (System Class)

TS (Time Sharing)

Configured TS User Priority Range: -60 through 60

FX (Fixed priority)

Configured FX User Priority Range: 0 through 60

IA (Interactive)

Configured IA User Priority Range: -60 through 60

How to Display the Global Priority of a Process:

Display the global priority of a process by using the ps command.

$ ps –ecl

The global priority is listed under the PRI column.

Displaying the Global Priority of a Process

The following example shows ps -ecl command output. The values in the PRI column show

that the pageout process has the highest priority, while the sh process has the lowest priority.

$ ps –ecl

F S UID PID PPID CLS PRI ADDR SZ WCHAN TTY TIME COMD

19 T 0 0 0 SYS 96 f00d05a8 0 ? 0:03 sched

8 S 0 1 0 TS 50 ff0f4678 185 ff0f4848 ? 36:51 init

19 S 0 2 0 SYS 98 ff0f4018 0 f00c645c ? 0:01 pageout

19 S 0 3 0 SYS 60 ff0f5998 0 f00d0c68 ? 241:01 fsflush

8 S 0 269 1 TS 58 ff0f5338 303 ff49837e ? 0:07 sac

8 S 0 204 1 TS 43 ff2f6008 50 ff2f606e console 0:02 sh

Howto Designate a Process Priority (priocntl)

Assume the Primary Administrator role, or become superuser.

The Primary Administrator role includes the Primary Administrator profile.

# priocntl -e -c class -m user-limit -p pri command-name

-e Executes the command.

-c class Specifies the class within which to run the process. The valid classes

are TS (timesharing), RT (real time), IA (interactive), FSS (fair share),

and FX (fixed priority).

-m user-limit When you use the -p option, specifies the maximum amount you

can raise or lower your priority,

-p pri command-name Lets you specify the relative priority in the RT class for a real-time

thread. For a timesharing process, the -p option lets you specify the

user-supplied priority, which ranges from -60 to +60.


# ps -ecl | grep command-name

Designating a Process Priority (priocntl)

The following example shows how to start the find command with the highest possible

user-supplied priority.

# priocntl -e -c TS -m 60 -p 60 find . -name core -print

# ps -ecl | grep find

Howto Change Scheduling Parameters of a Timesharing Process (priocntl)

(Optional) Assume the Primary Administrator role, or become superuser. The Primary

Administrator role includes the Primary Administrator profile. To create the role and assign

the role to a user, see Chapter 2, “Working With the SolarisManagement Console (Tasks),” in

System Administration Guide: Basic Administration.

Change the scheduling parameters of a running timesharing process.

# priocntl -s -m user-limit [-p user-priority] -i idtype idlist

-s Lets you set the upper limit on the user priority range and change the

current priority.

-m user-limit When you use the -p option, specifies the maximum amount you can raise

or lower the priority.

-p user-priority Allows you to designate a priority.

-i xidtype xidlist Uses a combination of xidtype and xidlist to identify the process or

processes. The xidtype specifies the type of ID, such as the process ID or

the user ID. Use xidlist to identify a list of process IDs or user IDs.


# ps -ecl | grep idlist

Changing Scheduling Parameters of a Timesharing Process (priocntl)

The following example shows how to execute a command with a 500-millisecond time slice,

a priority of 20 in the RT class, and a global priority of 120.

# priocntl -e -c RT -m 500 -p 20 myprog

# ps -ecl | grep myprog

Howto Change the Class of a Process (priocntl)

(Optional) Become superuser or assume an equivalent role.

Change the class of a process.

# priocntl -s -c class -i idtype idlist

-s Lets you set the upper limit on the user priority range and change the current

priority.

-c class Specifies the class, TS for time-sharing or RT for real-time, to which you

are changing the process.

-i idtype idlist Uses a combination of xidtype and xidlist to identify the process or processes.

The xidtype specifies the type of ID, such as the process ID or user

ID. Use xidlist to identify a list of process IDs or user IDs.

Note – You must be superuser or working in a real-time shell to change a process from, or to,

a real-time process. If, as superuser, you change a user process to the real-time class, the user

cannot subsequently change the real-time scheduling parameters by using the priocntl –s

command.


# ps -ecl | grep idlist

Changing the Class of a Process (priocntl)

The following example shows how to change all the processes that belong to user 15249 to

real-time processes.

# priocntl -s -c RT -i uid 15249

# ps -ecl | grep 15249

Changing the Priority of aTimesharing Process (nice)

The nice command is only supported for backward compatibility to previous Solaris

releases. The priocntl command provides more flexibility in managing processes. The priority

of a process is determined by the policies of its scheduling class and by its nice number. Each

timesharing process has a global priority. The global priority is calculated by adding the user-

supplied priority, which can be influenced by the nice or priocntl commands, and the system-

calculated priority.

The execution priority number of a process is assigned by the operating system. The

prioritynumber is determined by several factors, including the process's scheduling class, how

much CPU time it has used, and in the case of a timesharing process, its nice number. Each

timesharing process starts with a default nice number, which it inherits from its parent

process. The nice number is shown in the NI column of the ps report.

A user can lower the priority of a process by increasing its user-supplied priority.However,

only superuser can lower a nice number to increase the priority of a process. This restriction

prevents users from increasing the priorities of their own processes, thereby monopolizing a

greater share of the CPU.

The nice numbers range from 0 to +39, with 0 representing the highest priority. The

default nice value for each timesharing process is 20. Two versions of the command are

available: the standard version, /usr/bin/nice, and the C shell built-in command.

Howto Change the Priority of a Process (nice)

Using this procedure, a user can lower the priority of a process. However, superuser

can raise or lower the priority of a process. Note – This section describes the syntax of the

/usr/bin/nice command and not the C-shell built-in nicecommand. For information about the

C-shell nice command, see the csh (1) man page.

Determine whether youwant to change the priority of a process, either as a user or as

superuser. Then, select one of the following:

As a user, followthe examples in Step 2 to lower the priority of a command.

As a superuser, followthe examples in Step 3 to raise or lower priorities of a

command.

As a user, lower the priority of a command by increasing the nice number.

The following nice command executes command-name with a lower priority by raising the

nice number by 5 units.

$ /usr/bin/nice -5 command-name

In the preceding command, the minus sign designates that what follows is an option. This

command could also be specified as follows:

% /usr/bin/nice -n 5 command-name

The following nice command lowers the priority of command-name by raising the nice

number by the default increment of 10 units, but not beyond the maximum value of 39.

% /usr/bin/nice command-name

As superuser or assuming an equivalent role, raise or lower the priority of a command by

changing the nice number.

The following nice command raises the priority of command-name by lowering the nice

number by 10 units, but not below the minimum value of 0.

# /usr/bin/nice --10 command-name

In the preceding command, the first minus sign designates that what follows is an option. The

second minus sign indicates a negative number.

The following nice command lowers the priority of command-name by raising the nice

number by 5 units, but not beyond the maximum value of 39.

# /usr/bin/nice -5 command-name

WORKING WITH PACKAGES AND PATCHES

Solaris 10 OS package administration using command-line interface commands and

manage software patches for the Solaris OS, including preparing for patch administration and

installing and removing patches using the patchadd and patchrm commands.

Installing and removing software products, an essential part of software management,

is one of many responsibilities of a system administrator. Sun and its third-party vendors

deliver software products in the form of components called packages.

Furthermore, between the two releases of the OS, you also need to deal with patches,

which present either new features or fixes to existing problems.

Performing Package Administration:

The application software for Solaris OS is delivered in units called packages. A

package is a set of files and directories in a defined format. The package format conforms to

the application binary interface (ABI), which is a supplement to the System V Interface

Definition. An ABI describes the low-level interface between an application program and the

operating system, between an application and its libraries, or between different parts of the

application. An ABI is like an Application Programming Interface (API): an API defines the

interface between the application source code and libraries, thereby enabling the same source

code to compile on any system supporting that API. Similarly, an ABI allows compiled

object code to function without changes or the need to recompile on all systems using

compatible ABIs.

Building a software product in units of one or more packages makes it easier to

transfer it to a medium, to mass produce it, and to install and manage it. To build a package,

an application developer must provide the following package components:

Required components:

Package objects. These are the files and directories of the application software.

Control files. These are the information files and installation scripts. Only two control

files, which are the information files, are required: the pkginfo and prototype files.

Optional components:

Optional information files

Installation scripts

The Solaris OS provides a set of utilities (commands) that can interpret the package

format (ABI) to perform tasks such as installing a package, verifying a package installation,

and removing a package. The commonly used commands to manage packages are listed

below:

Making a package work on your system requires more than simply copying it to your

system; you need to install it. Installing and uninstalling packages are the two most important

tasks involved in package management.

Installing a Package:

To install a package, you can use the pkgadd command, which uncompresses the files

in the package, copies them from the installation media to a local system’s disk, and does

other necessary things. Note that the package fi les are delivered in package.

TABLE 2-6

Some commands for package management:

pkgask Used to save the responses (to the questions that will be asked by the

pkgadd command from the user) in a fi le that can later be used by a

pkgadd command instead of user needing to type the responses.

pkgadd Adds (installs) a software package.

pkgchk Checks a package installation.

pkginfo Lists the package information.

pkgparam Displays the parameter values for a software package.

pkgrm Removes a software package.

pkgtrans Translates a package from one format to another.

format and are unusable in the form they are delivered. Therefore, the pkgadd

command interprets the control files of the software package and then uncompresses

them and installs the product files onto the system’s local disk. The pkgadd

command has the following syntax:

pkgadd [-n] [-a <admin>] [-d <device>] [-G] [-r <response>]

[-R <rootPath>] [<source>] [<instances>]

The options and arguments are described here:

-a <admin>. This indicates to use the installation administration file specified by

<admin> instead of the default file. If the full path is not specified, the file is first

looked for in the current working directory; if not found there, it is then looked for in

the /var/sadm/install/admin directory.

-d <device>. This indicates that the package to be installed should be copied from the

device specifi ed by <device>, which could be a full path name to a directory or the

identifi er for a tape, fl oppy disk, or removable disk such as /var/tmp or

/floppy/<floppy_name> . The <device> can also specify a device alias or a datastream

created by the pkgtrans command.

-G. This instructs the user to add the package only to the current zone.

-n. This specifi es the installation mode to be non-interactive, and the list of the

installed fi les is not displayed. The default mode is interactive.

-r <response>. This specifies the full path to the file that contains the responses from

the previous pkgask command. These responses can be used by the pkgadd command

instead of requiring the user to type the responses.

-R <rootPath>. This specifies the full path to the directory to be used as the root for

installation.

<source>. This is an alternative to the -d <device> option; it is to specify the source

of the packages to be installed.

<instances>. This lists the package instances to be installed. By default, the command

searches for the instances on the source and presents the list for you to select the

instances for installation. Think of an instance of a package as a working copy of the

package.

An instance of a package is created by opening the package; it contains a working

copy of all the private data of the package. Opening a package allocates memory for the

instance’s data and sets the data to the initial values stored in the package. The package

instance exists until it is terminated by closing the package, which frees the memory used to

hold the package data. Multiple instances, which can exist simultaneously, can be created

from the same package.

On occasion you may just want to copy the packages to the system for a possible

installation at a later time. You can do this by using the pkgadd command with the spool

option that follows:

pkgadd -d <deviceName> -s <spoolDir> <pkgid>

This form of the command copies the packages from the device specified by

<deviceName> to the directory specified by <spoolDir>. The argument <pkgid> specifi es a

space-delimited list of packages that need to be copied; the default is to copy all the packages

from the specified device.

If the -d <device> option is not specified, the pkgadd command looks for the packages in

the spool directory /var/spool/pkg.

Once you’ve installed a package, you need to verify the accuracy of the installation.

Checking a Package:

You can use the pkgchk command to check the accuracy of installed fi les, including

the integrity of directory structures and fi les in a package. You can also use this command to

display the information about the package fi les. The detected discrepancies are written to the

standard error device along with a detailed explanation of the problem. The syntax for the

pkhchk command is as follows:

pkgchk [-a|-c] -l] [-p <pathName>[-v] <pkgid>


-a|c. The -a option means check the fi le attributes only and not the file contents,

whereas the -c option means check the fi le contents only and not the file attributes.

The default is to check both the fi le attributes and the file contents.

-l. This option specifies to list the information about the fi les contained in the

package.

-p <pathName>. This option specifies to limit the check to the fi les whose path

names are given in a comma or white space-delimited list specified by <pathName>.

-v. This option specifi es the verbose mode.

<pkgid>. This option specifies the space-delimited list of packages. By default, all the

installed packages on the system are checked.

You can also use the pkgchk command with the -d <device> option to check the

content of the packages that have not yet been installed but were spooled on the device

specified by <device>, which could be a directory, tape, or floppy disk.

Now that you know how the pkgchk command works, here are some practical

scenarios and their solutions:

At times you may just want some information about packages; you can get that by

using the pkginfo command.

Retrieving Information about Packages:

You can use the pkginfo command to retrieve information about software packages

that are installed on the system or about the packages that reside on a particular device such

as a directory or a tape. Without options (that is, by default),

You want to check the content of an installed package SUNWbash.

Issue the command

pkgchk -c SUNWbash.

You want to check the file attributes of an installed package SUNWPython.

Issue the command

pkgchk -a SUNWPython.

You want to check the software packages that have not yet been installed but were spooled in

the

/var/install/packages directory.

Issue the command

pkgchk -d /var/install/packages.

the pkginfo command displays the primary category, package instance, and the names of all

completely and partially installed packages—one line per package.

The command has the following syntax:

pkginfo [-i|-p] [-l |-q|-x] [-c <category>] [<instances>]


-i|-p. The -i option means display information only about the fully installed packages,

whereas the -p option means display information only about the partially installed

packages.

-l|-q|-x. The -l option specifies the long display format, the -q option specifies do not

display any information (used by programs), and the -x option specifies an extracted

listing of package information.

-c <category>. This option only displays packages whose category is included in the

list specifi ed by <category>. The category is a package attribute whose value is defi

ned in the pkginfo file of the package.

You can also use the pkginfo command with the -d <device> option to get the

information about the packages that have not yet been installed but were spooled on a device

specified by <device>, which could be a directory, tape, or fl oppy disk.

On occasion, you may want to remove a package from your system, and you can do

that by using the pkgrm command.

Removing a Package:

You can use the pkgrm command to remove a completely or partially installed

package from the system. If the command fi nds a dependency of another package on the

package under removal, an action defined in the admin fi le is taken. The default mode for the

command is interactive, which means that the prompt messages are displayed to allow you to

confi rm the actions to be taken. However, while issuing the command, you can override the

default interactive mode with the non-interactive mode by using the -n option. Also, by

default, the pkgrm command deletes all the files that compose the package except those

shared by other packages. The pkgrm command has the following syntax:

pkgrm [-a <admin>] [-A] [-n] [<pkgid>]

The operand <pkgid> specifi es the space-delimited list of packages that will be

removed. The default is to remove all the available packages. The options are described here:

-a <admin>. This option indicates to use the installation administration fi le specified

by <admin> instead of the default fi le. If the full path is not specified, the fi le is fi rst

looked for in the current working directory; if not found there, it is then looked for in

the /var/sadm/install/admin directory.

-A. This option instructs to remove all the fi les of the package including those shared

by other packages.

-n. This option specifi es the non-interactive mode; the default is the interactive mode.

You already know that you can spool (store) packages without installing them by

using the pkgadd command. Accordingly, you can remove the spooled packages by using the

pkgrm command as follows:

pkgrm -s <spoolDir>

The argument <spoolDir> specifi es the full path to the spool directory from which

the packages are to be removed. The default spool directory is /var/sadm/pkg.

The application packages are independent modules of software offering additional

functionality, and their task does not include modifying the existing fi les on the system. The

software components (special packages) that may update or replace the existing fi les are

called patches. In addition to managing the packages, you will also need to manage patches.

Performing Patch Administration:

A patch is a collection of fi les and directories that may replace or update existing

fi les and directories that are preventing proper execution of the existing software.

A patch is identifi ed by its unique patch ID, which is an alphanumeric string that

consists of a patch base code and a number that represents the patch revision

number; both separated by a hyphen (e.g., 108528-10). You can get Solaris patches

from the following web site:

http://sunsolve.sun.com

If the patches you downloaded are in a compressed format, you will need to use the

unzip or the tar command to uncompress them before installing them. You do not have to

install each available patch. The strategy for updating software (applying patches)

recommended by Sun includes these practices:

Analyze the need to apply patches (or update your software) based on risk, cost,

availability, and timing.

http://sunsolve.sun.com/

Minimize change to your environment whenever possible.

Address Sun Alert notifi cations and other critical issues as soon as possible.

Make other changes to your environment only to address known problems.

Keep your environment as current as appropriate for your business and application

needs.

You can install and uninstall the patches on your system by using the patchadd and patchrm

commands, respectively.

Managing Patches with the patchadd Command:

You can use the patchadd command to install patches and to find out which patches

are already installed on your system. You can use this command only on Solaris 2.x or higher

version. Remember that to apply a patch means to install it, and the fi les to be patched refer

to the already installed fi les that are being modified or replaced as a result of installing the

patch. The patchadd command used to apply (install) a patch has the following syntax:

patchadd [-d] [-G] [-u] [-B <backoutDir>] <source> [<destination>]

The options and operands are described here:

-d. Do not back up the fi les to be patched (changed or removed due to patch

installation). When this option is used, the patch cannot be removed once it has been

added. The default is to save (back up) the copy of all fi les being updated as a result

of patch installation so that the patch can be removed if necessary.

-G. Adds patches to the packages in the current zone only.

-u. Turns off fi le validation. That means that the patch is installed even if some of the

fi les to be patched have been modified since their original installation.

-B <backoutDir>. Saves the backout data to a directory whose full path is specified

by <backoutDir>. The backout data is the data created when a patch is applied to

enable the system to return to its previous state if the patch is removed—that is,

backed out.

<source>. Specifi es the source from which to retrieve the patch, such as a directory

and a patch id.

<destination>. Specifi es the destination to which the patch is to be applied. The

default destination is the current system.

The following form of the patchadd command can be used to find out which patches are

currently installed:

patchadd -p <destination>

Now that you know how to use the patchadd command to manage patches, here are some

practical scenarios and their solutions:

Obtain information about all the patches that have already been applied on your system.

Issue the command patchadd -p.

Find out if a particular patch with the base number 113029 has been applied on your system.

Use patchadd -p | grep 113029.

Install a patch with patch id 105754-03 from the /var/sadm/spool directory on the current

standalone system.

# patchadd /var/sadm/spool/105754-03.

Verify that the patch has been installed.

#patchadd -p | 105754.

SCENARIO & SOLUTION

While you install a patch, the patchadd command logs information into the following file:

/var/sadm/patch/<patch-ID>/log

Note that the patchadd command cannot apply a patch under the following conditions:

The package is not fully installed on the system.

The architecture of the patch package differs from the architecture of the system on

which it is being installed.

The version of the patch package does not match the version of the corresponding

installed package.

A patch with the same base code and a higher revision number has already been

applied.

A patch that makes this patch obsolete has already been applied.

The patch to be applied is incompatible with a patch that has already been applied to

the system. Each installed patch keeps this information in its pkginfo file.

The patch to be applied depends on another patch that has not yet been applied.

You can issue the following command to get the revision information about the patches

installed on your system:

showrev –p

In general, the showrev command is meant for displaying the machine, software

revision, and patch revision information. If issued without any argument and option, this

command displays the system revision information in general, including hardware provider,

hostname, hostid, domain, release, kernel architecture and version, and application

architecture.

Clearly, installing a patch is more involved than installing a package, because when

you install a patch you might be updating or overwriting some existing fi les. Consequently,

there are issues of saving those fi les and restoring them if you need to uninstall the patch at a

later time.

Removing Patches:

You can remove (uninstall) a patch and restore the previously saved fi les by using the

patchrm command. This command can be used only on Solaris 2.x or higher versions. The

command has the following syntax:

patchrm [-f] [-G] -B <backoutDir>] <patchID>

The operand <patchID> specifi es the patch ID such as 105754-03. The options are described

here:

-f. Forces the patch removal even if the patch was superseded by another patch.

-G. Removes the patch from the packages in the current zone only. Zones are

discussed in Chapter 15.

-B <backoutDir>. Specifi es the backout directory for a patch to be removed so that

the saved fi les could be restored. This option is needed only if the backout data has

been moved from the directory where it was saved during the execution of the

patchadd command.

For example, the following command removes a patch with patch ID 105975-03 from a

standalone system:

patchrm 105975-03

PREPARING FOR FILE SYSTEM BACKUPS

The preparation for backing up file systems begins with planning, which is described in the

following:

The file systems to back up

The type of backup (full or incremental) to perform

A backup schedule

A tape drive

This section describes two other tasks you might need to perform before you back up file

systems:

Finding the names of file systems to back up

Determining the number of tapes that are needed for a full backup

How to Find UFS File System Names:

Display the contents of the /etc/vfstab file.

$ more /etc/vfstab

Look in the mount point column for the name of the file system. Use the directory name

listed in the mount point column when you back up the file system.

Finding File System Names

In this example, the file systems to be backed up are root (/), /usr, and and /export/home.

# more /etc/vfstab

#device device mount FS fsck mount mount

#to mount to fsck point type pass at boot options

#

Fd - /dev/fd fd - no -

/proc - /proc proc - no -

/dev/dsk/c0t0d0s1 - - swap - no -

/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no -

/dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr ufs 1 no -

/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /export/home ufs 2 yes -

/devices - /devices devfs - no -

sharefs - /etc/dfs/sharetab sharefs - no -

ctfs - /system/contract ctfs - no -

objfs - /system/object objfs - no -

swap - /tmp tmpfs - yes –

Howto Determine the Number of Tapes Needed for a

Full Backup

Become superuser

Estimate the size of the backup in bytes.

# ufsdump [0]S file-system

Use the S option to display the estimated number of bytes that are needed to do the

backup if this is the first backup of the file system. Use the 0S option to display the estimated

number of bytes that are needed to do the backup if this is not the first backup of the file

system.

Divide the estimated size by the capacity of the tape to determine howmany tapes you

need. Determining the Number of Tapes

In this example, the file system easily fits on a 150-Mbyte tape.

# ufsdump S /export/home

178176

Backing Up a UFS File System:

The following are general guidelines for performing backups:

Use single-user mode or unmount the file system, unless you are creating a snapshot of a file

system.

Be aware that backing up file systems when directory-level operations (such as

creating, removing, and renaming files) and file-level activity are occurring

simultaneously means that some data will not be included in the backup.

You can run the ufsdump command from a single system and remotely back up

groups of systems across the network through remote shell or remote login. In

addition, you can direct the output to the system on which the tape device is located.

Typically, the tape device is located on the system from which you run the ufsdump

command, but it does not have to be.

Another way to back up files to a remote device is to pipe the output from the

ufsdump command to the dd command.

If you are doing remote backups across the network, the system with the tape device

must have entries in its /.rhosts file for each client that will be using the device. Also,

the system that initiates the backup must be included in the /.rhosts file on each

system that it will back up.

Howto Back Up a UFS File System to Tape:

The following are general steps for backing up file systems by using the ufsdump

command. The examples show specific uses of options and arguments.

Become superuser

Bring the system to run level S (single-user mode).

For example:

# shutdown -g30 -y

Check the file system for consistency.

For example:

# fsck -m /dev/rdsk/c0t0d0s7

The fsck -m command checks for the consistency of file systems.

If you need to back up file systems to a remote tape drive, follow these steps:

(a) On the system to which the tape drive is attached (the tape server), add the following

entry to its /.rhosts file:

host root

The host entry specifies the name of the system on which you will run the ufsdump

command to perform the backup.

(b) On the tape server, verify that the host added to the /.rhosts file is accessible through

the name service.

Identify the device name of the tape drive.

The default tape drive is the /dev/rmt/0 device.

Insert a tape that is write-enabled into the tape drive.

Back up file systems.

# ufsdump options arguments filenames

You can back up file systems or directories, or files within file systems.

Performing a Full Backup of a UFS root (/) File system

The following example shows how to do a full backup of the root (/) file system. The system

in this example is brought to single-user mode before the backup. The following ufsdump

options are included:

0 specifies a 0 level dump (or a full backup).

u specifies that the /etc/dumpdates file is updated with the date of this backup.

c identifies a cartridge tape device.

f /dev/rmt/0 identifies the tape device.

/ is the file system being backed up.

For example:

# init 0

ok boot -s

# ufsdump 0ucf /dev/rmt/0 /

DUMP: Date of this level 0 dump: Wed Jul 16 13:28:02 2008

DUMP: Date of last level 0 dump: the epoch

DUMP: Dumping /dev/rdsk/c0t0d0s0 (starbug:/) to /dev/rmt/0.

DUMP: Mapping (Pass I) [regular files]

DUMP: Mapping (Pass II) [directories]

DUMP: Writing 63 Kilobyte records

DUMP: Estimated 1843276 blocks (900.04MB).

DUMP: Dumping (Pass III) [directories]

DUMP: Dumping (Pass IV) [regular files]

DUMP: 1843252 blocks (900.03MB) on 1 volume at 6602 KB/sec

DUMP: DUMP IS DONE

DUMP: Level 0 dump on Wed Jul 16 13:28:02 2008

To verify the backup is successful.

# ufsrestore tf /dev/rmt/0

./lost+found

./usr

./var

./export

./bin

./dev

# (Press Control-D to bring system to run level 3)

Performing an Incremental Backup of a UFS root (/) File System The following

example shows how to do an incremental backup of the root (/) file system in single-user

mode. The following ufsdump options are included:

9 specifies a 9 level dump (or an incremental backup).




/ is the file system being backed up.

# init 0

ok boot –s

# ufsdump 9ucf /dev/rmt/0 /


DUMP: Date of last level 0 dump: Wed Jul 16 13:28:02 2008

DUMP: Dumping /dev/rdsk/c0t0d0s0 (starbug:/) to /dev/rmt/0.






DUMP: Estimated 422 blocks (211KB).



DUMP: 376 blocks (188KB) on 1 volume at 1843 KB/sec

DUMP: DUMP IS DONE



2 .

9 ./etc

304 ./etc/dumpdates

1117 ./devices

1118 ./devices/pseudo

3381 ./devices/pseudo/pts@0:1

Performing a Full Backup of a UFS Home Directory

The following example shows how to do a full backup of the /export/home/siri home

directory. The following ufsdump options are included:

0 specifies that this is a 0 level dump (or a full backup).




/export/home/siri is the directory being backed up.

# ufsdump 0ucf /dev/rmt/0 /export/home/siri



DUMP: Dumping /dev/rdsk/c0t0d0s7 (starbug:/export/home) to /dev/rmt/0.








DUMP: DUMP IS DONE


232 ./siri

233 ./siri/filea

234 ./siri/fileb

235 ./siri/filec

236 ./siri/letters

237 ./siri/letters/letter1



240 ./siri/reports

241 ./siri/reports/reportA

242 ./siri/reports/reportB

243 ./siri/reports/reportC

Performing a Full Backup to a Remote System(Solaris 10 Data to Solaris 10 System)

The following example shows how to do a full backup of a local /export/home file system on

a Solaris 10 system (mars) to a tape device on a remote Solaris 10 system (siri1) in single-

user mode. The systems must be set up so that remote access is enabled. The following

ufsdump options are included:

0 specifies a 0 level dump (or a full backup).



f siri1:/dev/rmt/0 identifies the remote system name and tape device.

/export/home is the file system being backed up.

# ufsdump 0ucf siri1:/dev/rmt/0 /export/home



DUMP: Dumping /dev/rdsk/c0t0d0s7 (mars:/export/home) to siri1:/dev/rmt/0.








DUMP: DUMP IS DONE


# ufsrestore tf siri1:/dev/rmt/0

2 .

3 ./lost+found

4 ./siri

5 ./siri/filea

6 ./siri/fileb

7 ./siri/filec

8 ./siri/letters




12 ./siri/reports

Using UFS Snapshots

This chapter describes how to create and back up UFS snapshots.

Using UFS Snapshots:

1. Create a UFS snapshot. Create a read-only copy of a file system by using the fssnap

command.

2. Display UFS snapshot information. Identify UFS snapshot information such as the

raw snapshot device.

3. Delete a UFS snapshot. Delete a snapshot that is already backed up or no longer

needed.

4. (Optional) Back up a UFS snapshot.

Choose one of the following backup methods:

Create a full backup of a UFS snapshot by using the ufsdump command.

Create an incremental backup of a UFS snapshot by using the ufsdump command.

UFS SNAPSHOT BACKUP:

You can use the fssnap command to back up file systems while the file system is

mounted. This command to creates a read-only snapshot of a file system. A snapshot is a file

system's temporary image that is intended for backup operations.

When the fssnap command is run, it creates a virtual device and a backing-store file.

You can back up the virtual device, which looks and acts like a real device, with any of the

existing Solaris backup commands. The backing-store file is a bitmap file that contains copies

of pre snapshot data that has been modified since the snapshot was taken.

Keep the following key points in mind when specifying backing-store files:

The destination path of the backing store files must have enough free space to hold

the file system data. The size of the backing store files vary with the amount of activity on the

file system.

The backing store file location must be different from the file system that is being

captured in a snapshot.

The backing-store files can reside on any type of file system, including another UFS

file system or an NFS file system.

Multiple backing-store files are created when you create a snapshot of a UFS file

system that is larger than 512 Gbytes.

Backing-store files are sparse files. The logical size of a sparse file, as reported by the

ls command, is not the same as the amount of space that has been allocated to the

sparse file, as reported by the du command.

Why Use UFS Snapshots?

The UFS snapshots feature provides additional availability and convenience for

backing up a file system because the file system remains mounted and the system remains in

multiuser mode during backups. Then, you can use the tar or cpio commands to back up a

UFS snapshot to tape for more permanent storage. If you use the ufsdump command to

perform backups, the system should be in single-user mode to keep the file system inactive

when you perform backups.

The fssnap command gives administrators of non enterprise-level systems the power

of enterprise-level tools, such as Sun StorEdgeTM Instant Image, without the large storage

demands. The UFS snapshots feature is similar to the Instant Image product. Although UFS

snapshots can make copies of large file systems, Instant Image is better suited for enterprise-

level systems. UFS snapshots is better suited for smaller systems. Instant Image allocates

space equal to the size of the entire file system that is being captured.However, the backing-

store file that is created by UFS snapshots occupies only as much disk space as needed.

Creating and Deleting UFS Snapshots:

When you use the fssnap command to create a UFS snapshot, observe how much disk

space the backing-store file consumes. The backing-store file initially uses no space, and then

it grows quickly, especially on heavily used systems.Make sure that the backing-store file has

enough space to expand. Or, limit its size with the -o maxsize=n [k,m,g] option, where n

[k,m,g] is the maximum size of the backing-store file.

Caution – If the backing-store file runs out of space, the snapshot might delete itself,

which causes the backup to fail. Check the /var/adm/messages file for possible snapshot

errors. You can also specify a directory for the backing-store path, which means a backing

store file is created in the directory specified. For example, if /var/tmp is specified for the

backing-store path, the following backing-store file is created.

/var/tmp/snapshot0

If you created one large root (/) file system instead of creating separate file systems

for /export/home, /usr, and so on, you will be unable to create a snapshot of those separate

file systems. For example, this system does not have a separate file system for /usr as

indicated under the Mounted on column:

# df -k /usr

Filesystem kbytes used avail capacity Mounted on

/dev/dsk/c0t0d0s0 3618177 2190002 1391994 62% /

If you attempt to create a snapshot for the /usr file system, you will see a message similar to

the following:

# fssnap -F ufs -o bs=/snaps/usr.back.file /usr

snapshot error: Invalid backing file path

This message indicates that you cannot have the backing store file on the same file

system as the file system being snapped, which is the case for the /usr file system, in this

example.

Creating a Multiterabyte UFS Snapshot:

Creating a multiterabyte UFS snapshot is identical to creating a snapshot for a smaller

UFS file system. The only difference is that multiple backing store files are created for each

512 Gbytes of file system space.

Keep the following key points in mind when creating a snapshot for a file system that

is larger than 512 Gbytes:

Multiple backing store files are created.

If you specify a backing store file name when the snapshot is created, then the

subsequent backing store file names will be interated based on the file name that you

specify. The subsequent backing-store files will have the same name, but with the

suffixes .2, .3, and so on.

If you only specify a backing store file destination (or directory) and not a backing

store file name, then multiple backing store file names will be created and iterated

with the suffixes .2, .3, and so on.

The fssnap -i command only reports the first backing store file name even if multiple

backing store files have been created. However, the reported backing-store length is

the combined sizes of all the backing store files for the snapshot.

Note – Backing-store files are sparse files. The logical size of a sparse file, as reported

by the ls command, is not the same as the amount of space that has been allocated to

the sparse file, as reported by the du command.

After you have backed up the snapshot or you would just like to remove the snapshot,

you will have to remove the backing store files manually if you did not use the unlink

option when the snapshot was created.

Howto Create a UFS Snapshot:

Become superuser

Make sure that the file systemhas enough disk space for the backing-store file.

# df -k

Make sure that a backing-store file of the same name and location does not already exist.

# ls /backing-store-file

Create the UFS snapshot.

# fssnap -F ufs -o bs=/backing-store-file /file-system

Note – The backing-store file must reside on a different file system than the file system that is

being captured using UFS snapshots.

Verify that the snapshot has been created.

# /usr/lib/fs/ufs/fssnap -i /file-system

Creating a UFS Snapshot

The following example shows how to create a snapshot of the /usr file system. The

backing-store file is /scratch/usr.back.file. The virtual device is /dev/fssnap/1.

# fssnap -F ufs -o bs=/scratch/usr.back.file /usr

/dev/fssnap/1

The following example shows how to limit the backing-store file to 500 Mbytes.

# fssnap -F ufs -o maxsize=500m,bs=/scratch/usr.back.file /usr

/dev/fssnap/1

Creating a Multiterabyte UFS Snapshot

The following example shows how to create a snapshot of a 1.6 Tbyte UFS file

system.

# fssnap -F ufs -o bs=/var/tmp /datab

/dev/fssnap/2

# /usr/lib/fs/ufs/fssnap -i /datab

Snapshot number : 2

Block Device : /dev/fssnap/2

Raw Device : /dev/rfssnap/2

Mount point : /datab

Device state : idle

Backing store path : /var/tmp/snapshot3

Backing store size : 0 KB

Maximum backing store size : Unlimited

Snapshot create time : Wed Jul 16 14:43:32 2008

Copy-on-write granularity : 32 KB

HowtoDisplay UFS Snapshot Information:

You can display the current snapshots on the system by using the fssnap -i option. If

you specify a file system, you see detailed information about that file system snapshot. If you

don't specify a file system, you see information about all of the current UFS snapshots and

their corresponding virtual devices.

Note – Use the UFS file system-specific fssnap command to view the extended snapshot

information as shown in the following examples.

Become superuser.

List all current snapshots.

For example:

# /usr/lib/fs/ufs/fssnap -i

Snapshot number : 0



Mount point : /export/home

Device state : idle






Display detailed information about a specific snapshot.

For example:

# /usr/lib/fs/ufs/fssnap -i /export

Snapshot number : 1



Mount point : /export

Device state : idle






Deleting a UFS Snapshot:

When you create a UFS snapshot, you can specify that the backing-store file is

unlinked. An unlinked backing-store file is removed after the snapshot is deleted. If you don't

specify the -o unlink option when you create a UFS snapshot, you must manually delete the

backing-store file.

The backing-store file occupies disk space until the snapshot is deleted, whether you

use the -o unlink option to remove the backing-store file or you manually delete the file.

Howto Delete a UFS Snapshot:

You can delete a snapshot either by rebooting the system or by using the fssnap -d

command. When you use this command, you must specify the path of the file system that

contains the UFS snapshot.

Become superuser

Identify the snapshot to be deleted.

# /usr/lib/fs/ufs/fssnap -i

Delete the snapshot.

# fssnap -d /file-system

Deleted snapshot 1.

If you did not use the -o unlink option when you created the snapshot, manually delete

the backing-store file.

# rm /file-system/backing-store-file

Deleting a UFS Snapshot

The following example shows how to delete a snapshot and assumes that the -o unlink

option was not used.

# fssnap -i

0 /export/home

1 /export

# fssnap -d /export

Deleted snapshot 1.

# rm /var/tmp/snapshot1

Backing Up a UFS Snapshot:

You can create a full backup or an incremental backup of a UFS snapshot. You can

use the standard Solaris backup commands to back up a UFS snapshot.

The virtual device that contains the UFS snapshot acts as a standard read-only device.

So, you can back up the virtual device as if you were backing up a file system device. If you

are using the ufsdump command to back up a UFS snapshot, you can specify the snapshot

name during the backup. See the following procedure for more information.

Howto Create a Full Backup of a UFS Snapshot

(ufsdump)


Identify the UFS snapshot to be backed up.

# /usr/lib/fs/ufs/fssnap -i /file-system

For example:

# /usr/lib/fs/ufs/fssnap -i /usr

Snapshot number : 1



Mount point : /usr

Device state : idle






Back up the UFS snapshot.

# ufsdump 0ucf /dev/rmt/0 /snapshot-name

For example:

# ufsdump 0ucf /dev/rmt/0 /dev/rfssnap/1

Verify that the snapshot has been backed up.

For example:


Howto Create an Incremental Backup of a UFS

Snapshot (ufsdump)

Backing up a UFS snapshot incrementally means that only the files that have been

modified since the last snapshot are backed up. Use the ufsdump command with the N option.

This option specifies the file system device name to be inserted into the /etc/dumpdates file

for tracking incremental dumps.

The following ufsdump command specifies an embedded fssnap command to create

an incremental backup of a file system.


Create an incremental backup of a UFS snapshot.

For example:

# ufsdump 1ufN /dev/rmt/0 /dev/rdsk/c0t1d0s0 ‘fssnap -F ufs -o raw,bs=

/export/scratch,unlink /dev/rdsk/c0t1d0s0‘

In this example, the -o raw option is used to display the name of the raw device instead of the

block device. By using this option, you make it easier to embed the fssnap command in

commands (such as the ufsdump command) that require the raw device instead.

Verify that the snapshot has been backed up.

# ufsrestore ta /dev/rmt/0

Howto Back Up a UFS Snapshot (tar)

If you are using the tar command to back up the snapshot, mount the snapshot before backing

it up.


Create a mount point for the snapshot.

For example:

# mkdir /backups/home.bkup

Mount the snapshot.

# mount -F ufs -o ro /dev/fssnap/1 /backups/home.bkup

Change to the mounted snapshot directory.

# cd /backups/home.bkup

Back up the snapshot with the tar command.

# tar cvf /dev/rmt/0 .

Restoring Data Froma UFS Snapshot Backup

The backup created from the virtual device is essentially just a backup of what the

original file system looked like when the snapshot was taken. When you restore a file system

from the backup, restore as if you had taken the backup directly from the original file system.

Such a restore uses the ufsrestore command. For information on using the ufsrestore

command to restore a file or file system, see Chapter 26, “Restoring UFS Files and File

Systems (Tasks).”

Preparing to Restore UFS Files and File Systems:

The ufsrestore command copies files to disk, relative to the current working directory,

from backups that were created by using the ufsdump command. You can use the ufsrestore

command to reload an entire file system hierarchy from a level 0 dump and incremental

dumps that follow it. You can also use this command to restore one or more single files from

any backup tape. If you run the ufsrestore command as superuser, files are restored with their

original owner, last modification time, and mode (permissions).

Before you start to restore files or file systems, you need to know the following:

The tapes (or diskettes) you need to restore from

The raw device name on which you want to restore the file system

The type of tape device you will use

The device name (local or remote) for the tape device

Determining the UFS File System Name:

If you have properly labeled your backup tapes, you should be able to use the file

system name

(/dev/rdsk/device-name) from the tape label

Determining theType of Tape Device You Need:

You must use a tape device that is compatible with the backup media to restore the

files. The format of the backup media determines which drive you must use to restore files.

For example, if your backup media is 8-mm tape, you must use an 8-mm tape device to

restore the files.

Determining theTape Device Name:

You might have specified the tape device name (/dev/rmt/n) as part of the backup tape

label information. If you are using the same drive to restore a backup tape, you can use the

device name from the label

Restoring UFS Files and File Systems:

When you back up files and directories, you save them relative to the file system in

which they belong. When you restore files and directories, the ufsrestore command re-creates

the file hierarchy in the current working directory.

For example, files backed up from the /export/doc/books directory (where /export is

the file system) are saved relative to /export. In other words, the book1 file in the books

directory is saved as ./doc/books/book1 on the tape. Later on, if you restored the

./doc/books/book1 file to the /var/tmp directory, the file would be restored to

/var/tmp/doc/books/book1.

When you restore individual files and directories, you should restore them to a

temporary location, such as the /var/tmp directory. After you verify the files, you can move

them to their proper locations. However, you can restore individual files and directories to

their original locations. If you do so, be sure you are not overwriting newer files with older

versions from the backup tape.

To avoid conflicts with other users, you might want to create and change to a

subdirectory, such as the/var/tmp/restore file, in which to restore the files.

If you are restoring a hierarchy, you should restore the files to a temporary directory

on the same file system where the files will reside. Then, you can use the mv command to

move the entire hierarchy where it belongs after it is restored.

Note –Do not restore files in the /tmp directory even temporarily. The /tmp directory

is usually mounted as a TMPFS file system. TMPFS does not support UFS file system

attributes such as ACLs.

How to DetermineWhichTapes to Use:

Ask the user for the approximate date the files to be restored were last modified. Refer

to your backup plan to find the date of the last backup that contains the file or file system. To

retrieve the most recent version of a file, work backward through the incremental backups

from highest to lowest dump level and from most recent to least recent date, unless the user

requests otherwise.

If you have online archive files, identify the correct media.

# ufsrestore ta archive-name ./path/filename ./path/filename

t Lists each file on the tape.

a Reads the table of contents from the online archive file instead of from the tape.

archive-name Identifies the online archive file name.

./path/filename Identifies the file name or file names you are looking for on the online

archive. If successful, the ufsrestore command prints out the inode

number and file name. If unsuccessful, ufsrestore prints an error message.

For more information,

Insert the media that contains the files to be restored in the drive and verify the correct media.

# ufsrestore tf /dev/rmt/n ./path/filename ./path/filename

Be sure to use the complete path for each filename. If a file is in the backup, its name and

inode number are listed. Otherwise, a message states that the file is not on the volume.

If you have multiple backup files on the same tape, position the tape at the backup file

youwant to use.

# ufsrestore xfs /dev/rmt/n tape-number

DeterminingWhichTapes to Use

The following example shows how to check if the /etc/passwd file is in the online archive.

# ufsrestore ta /var/tmp/root.archive ./etc/passwd

The following example shows how to verify that the /etc/passwd file is on the backup tape.

# ufsrestore tf /dev/rmt/0 ./etc/passwd

Howto Restore UFS Files Interactively

Become superuser

Write-protect the tapes for safety.

Insert the volume 1 tape into the tape drive.

Change to a directory that will be used to restore the files to temporarily.

# cd /var/tmp

Start the interactive restoration.

# ufsrestore if /dev/rmt/n

Some informational messages and the ufsrestore> prompt are displayed.

Create a list of files to be restored.

(a) List the contents of a directory.

ufsrestore> ls [directory-name]

(b) Change to a directory.

ufsrestore> cd directory-name

(c) Create a list of files and directories that youwant to restore.

ufsrestore> add filenames

(d) (Optional) Remove any directory or file fromthe list of files to be restored, if

necessary.

ufsrestore> delete filename

(Optional) Display the file names as they are being restored.

ufsrestore> verbose

Restore the files.

ufsrestore> extract

The ufsrestore command asks you which volume number to use.

Type the volume number and press Return. If you have only one volume, type 1 and press

Return.

Specify next volume #: 1

The files and directories in the list are extracted and restored to the current working directory.

To maintain the mode of the current directory, enter n at the set owner/mode prompt. set

owner/mode for ‘.’? [yn] n

You must wait while the ufsrestore command performs its final cleanup.

Quit the ufsrestore program.

ufsrestore> quit

You then see the shell prompt.

Verify the restored files.

(a) List the restored files and directories.

# ls –l

A list of files and directories is displayed.

(b) Check the list to be sure that all the files and directories you specified in the list have

been restored.

Move the files to the proper directories.

Restoring UFS Files Interactively

The following example shows how to extract the /etc/passwd and /etc/shadow files from the

backup tape.

# cd /var/tmp

# ufsrestore if /dev/rmt/0

ufsrestore> ls

.:

.:

.sunw/ export/ net/ sbin/ usr/

Sources/ etools/ opt/ scde/ var/

b/ home/ ptools/ set/ vol/

bin kernel/ pkg/ share/

dev/ lib/ platform/ shared/

devices/ lost+found/ proc/ src/

etc/ mnt/ rtools/ tmp/

ufsrestore> cd etc

ufsrestore> add passwd shadow

ufsrestore> verbose

verbose mode on

ufsrestore> extract

Extract requested files

You have not read any volumes yet.

Unless you know which volume your file(s) are on you should start with the last volume and

work towards the first.


extract file ./etc/shadow

extract file ./etc/passwd

Add links

Set directory mode, owner, and times.

set owner/mode for ‘.’? [yn] n

ufsrestore> quit

# cd etc

# mv passwd /etc

# mv shadow /etc

# ls -l /etc

Howto Restore Specific UFS Files Noninteractively

Become superuser

Write-protect the tape for safety.

Insert the volume 1 tape into the tape drive.

Change to a directory that will be used to restore files to temporarily.

# cd /var/tmp

Restore the file or files.

# ufsrestore xvf /dev/rmt/n filename

x Tells ufsrestore to copy specific files or directories in the filename

argument.

v Displays the file names as they are restored.

f /dev/rmt/n Identifies the tape device name.

filename Specifies one or more file names or directory names, separated by spaces. For

example: ./export/home/user1/mail ./export/home/user2/mail.

Type the volume number where files are located. Press Return.


The file or files are restored to the current working directory.

To maintain the mode of the current directory, type n and press Return at the set owner/mode

prompt.

set owner/mode for ’.’? [yn] n

Verify the restored files.

(a) List the restored files and directories.

# ls –l

A list of files and directories is displayed.

(b) Check the list to be sure that all the files and directories you specified in the list have

been restored.

Move the files to the proper directories.

Restoring Specific Files Noninteractively

The following example shows how to noninteractively restore the passwd and shadow files to

the

/var/tmp directory.

# cd /var/tmp

# ufsrestore xvf /dev/rmt/0 ./etc/passwd ./etc/shadow

Verify volume and initialize maps

Media block size is 126

Dump date: Wed Jul 28 16:13:52 2004

Dumped from: the epoch

Level 0 dump of / on starbug:/dev/dsk/c0t0d0s0

Label: none

Extract directories from tape

Initialize symbol table.

Extract requested files

You have not read any volumes yet.

Unless you know which volume your file(s) are on you should start

with the last volume and work towards the first.




Add links


Specify next volume #:1



Add links


set owner/mode for ‘.’? [yn] n

# cd etc

# mv passwd /etc

# mv shadow /etc

# ls -l /etc

Restoring Files Froma Remote Tape Device

You can restore files from a remote tape drive by adding remote-host: to the front of the tape

device name, when using the ufsrestore command.

The following example shows how to restore files by using a remote tape drive /dev/rmt/0 on

the system venus.

# ufsrestore xf venus:/dev/rmt/0 ./etc/hosts

Howto Restore a Complete UFS File System:

Occasionally, a file system becomes so damaged that you must completely restore it.

Typically, you need to restore a complete file system after a disk failure. You might need to

replace the hardware before you can restore the software.

Full restoration of a file system such as /export/home can take a lot of time. If you

have consistently backed up file systems, you can restore them to their state from the time of

the last incremental backup.

Note – You cannot use this procedure to restore the root (/) or /usr file systems. For

instructions on restoring these file systems

Become superuser

If necessary, unmount the file system.

# umount /dev/rdsk/device-name

Or:

# umount /file-system

Create the new file system.

# newfs /dev/rdsk/device-name

You are asked if you want to construct a new file system on the raw device. Verify

that the device-name is correct so that you don't destroy the wrong file system.

For more information,

Confirm that the new file systemshould be created.

newfs: construct a new file system /dev/rdsk/cwtxdysz:(y/n)? y

The new file system is created.

Mount the new file systemon a temporary mount point.

# mount /dev/dsk/device-name /mnt

Change to the mount point directory.

# cd /mnt

Insert the first volume of the level 0 tape into the tape drive.

Restore the files.

# ufsrestore rvf /dev/rmt/n

The dump level 0 backup is restored. If the backup required multiple tapes, you are prompted

to load each tape in numeric order.

Remove the tape and load the next level tape in the drive.

Always restore tapes starting with dump level 0 and continuing until you reach the highest

dump level.

Repeat Step 8 through Step 10 for each dump level, fromthe lowest to the highest level.

Verify that the file systemhas been restored.

# ls

Remove the restoresymtable file.

# rm restoresymtable

The restoresymtable file that is created and used by the ufsrestore command to check-point

the restore is removed.

Change to another directory.

# cd /

Unmount the newly restored file system.

# umount /mnt

Remove the last tape and insert a new tape that is not write-protected in the tape drive.

Make a level 0 backup of the newly restored file system.

# ufsdump 0ucf /dev/rmt/n /dev/rdsk/device-name

A level 0 backup is performed. Always immediately do a full backup of a newly created file

system because the ufsrestore command repositions the files and changes the inode

allocation.

Mount the restored file system.

# mount /dev/dsk/device-name mount-point

The restored file system is mounted and available for use.

Verify that the restored and mounted file systemis available.

# ls mount-point

Restoring a Complete UFS File System

The following example shows how to restore the /export/home file system.

# newfs /dev/rdsk/c0t0d0s7

newfs: /dev/rdsk/c0t0d0s7 last mounted as /export/home

newfs: construct a new file system /dev/rdsk/c0t0d0s7: (y/n)? y

819314 sectors in 867 cylinders of 15 tracks, 63 sectors



32, 15216, 30400, 45584, 60768, 75952, 91136, 106320, 121504, 136688,

681264, 696448, 711632, 725792, 740976, 756160, 771344, 786528, 801712,

816896,

# mount /dev/dsk/c0t0d0s7 /mnt

# cd /mnt

# ufsrestore rvf /dev/rmt/0

Verify volume and initialize maps

Media block size is 126

Dump date: Thu Jul 29 10:14:00 2004

Dumped from: the epoch

Level 0 dump of /export/home on starbug:/dev/dsk/c0t0d0s7

Label: none

Begin level 0 restore

Initialize symbol table.

Extract directories from tape

Calculate extraction list.

Warning: ./lost+found: File exists

Make node ./siri

Make node ./siri/wdir

Make node ./lister

Make node ./pmorph

Make node ./inquisitor

Make node ./siri

Make node ./siri/letters

Make node ./siri/reports

Extract new leaves.

Check pointing the restore

extract file ./siri/words

extract file ./siri/words1



extract file ./siri/wdir/words

extract file ./siri/wdir/words1



Add links


Check the symbol table.

Check pointing the restore


# cd /

# umount /mnt

# ufsdump 0ucf /dev/rmt/0 /export/home

# mount /dev/dsk/c0t0d0s7 /export/home

# ls /export/home

How to Restore a UFS root (/) and /usr File System:


Add a new systemdisk to the systemwhere the root (/) and /usr file systems will be restored.

Mount the new file systemon a temporary mount point.


Change to the /mnt directory.

# cd /mnt

Create the links for the tape device.

# tapes

Restore the root (/) file system.


The dump level 0 tape is restored.

Remove the tape and load the next level tape in the drive.

Always restore tapes starting with dump level 0 and continuing from the lowest to highest

dump level.

Continue restoring as needed.


The next level tape is restored.

Repeat Step 8 and Step 9 for each additional tape.

Verify that the file systemhas been restored.

# ls

Remove the restoresymtable file.


The restoresymtable file that is created and used by the ufsrestore command to check-point

the restore is removed.

Change to the root (/) directory.

# cd /

Unmount the newly created file system.

# umount /mnt

Check the new file system.

# fsck /dev/rdsk/device-name

The restored file system is checked for consistency.

Create the boot blocks on the root partition.

On a SPARC system:

# installboot /usr/platform/‘uname-i‘/lib/fs/ufs/bootblk /dev/rdsk/device-name

On an x86 system:

# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/cwtxdysz

Back up the new file system.

# ufsdump 0uf /dev/rmt/n /dev/rdsk/device-name

A dump level 0 backup is performed. Always immediately do a full backup of a

newly created file system because the ufsrestore command repositions the files and changes

the inode allocation.

The system is rebooted.

SPARC: Restoring a UFS root (/) File System

This example shows how to restore the root (/) file system on a SPARC system. This example

assumes that the system is booted from a local CD or from the network.


# cd /mnt

# tapes


# ls


# cd /

# umount /mnt

# fsck /dev/rdsk/c0t3d0s0

# installboot /usr/platform/sun4u/lib/fs/ufs/bootblk

/dev/rdsk/c0t3d0s0

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t3d0s0

# init 6

x86: Restoring a UFS root (/) File System

This example shows how to restore the root (/) file system on an x86 system. This

example assumes that the system is booted from a GRUB failsafe boot session, local CD, or

from the network.


# cd /mnt

# tapes


# ls


# cd /

# umount /mnt


# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c0t3d0s0

stage1 written to partition 0 sector 0 (abs 2016)

stage2 written to to partition 0, 227 sectors starting 50 (abs 2066)

# ufsdump 0uf /dev/rmt/0 /dev/rdsk/c0t3d0s0

# init 6

If you run the ufsdump command without any options, use this syntax:

# ufsdump filenames

The ufsdump command uses these options and arguments, by default:

ufsdump 9uf /dev/rmt/0 filenames

These options do a level 9 incremental backup to the default tape drive at its preferred

density.

For a description of the ufsdump options, see ufsdump (1M).

The ufsdump Commandand Security Issues

If you are concerned about security, you should do the following:

Require superuser access for the ufsdump command.

Ensure superuser access entries are removed from /.rhosts files on clients and servers

if you are doing centralized backups.

For general information on security, see System Administration Guide: Security Services.

Specifying ufsdump Command Options and Arguments

System Administration Guide: Devices and File Systems • 496 April 2009

Specifying ufsrestore Options and Arguments

The syntax of the ufsrestore command is as follows:

/usr/sbin/ufsrestore options arguments filenames

options Is a single string of one-letter option names. You must choose one and only one of

these options: i, r, R, t, or x. For a description of the ufsrestore options, see

ufsrestore(1M).

arguments Follows the option string with the arguments that match the options. The option

letters and their associated arguments must be in the same order.

filenames Specifies the file or files to be restored as arguments to the x or t options. These

arguments must always come last, separated by spaces.

Specifying ufsrestore Options and Arguments

Chapter 27 UFS Backup and Restore Commands (Reference) 497

498

Copying UFS Files and File Systems (Tasks)

This chapter describes how to copy UFS files and file systems to disk, tape, and diskettes by

using various backup commands.

This is a list of the step-by-step instructions in this chapter.

“How to Copy a Disk (dd)” on page 502

“How to Copy Directories Between File Systems (cpio)” on page 506

“How to Copy Files to a Tape (tar)” on page 508

“How to List the Files on a Tape (tar)” on page 509

“How to Retrieve Files From a Tape (tar)” on page 509

“Copying Files to a Tape With the pax Command” on page 510

“How to Copy All Files in a Directory to a Tape (cpio)” on page 511

“How to List the Files on a Tape (cpio)” on page 512

“How to Retrieve All Files From a Tape (cpio)” on page 513

“How to Retrieve Specific Files From a Tape (cpio)” on page 514

“How to Copy Files to a Remote TapeDevice (tar and dd)” on page 515

“How to Extract Files From a Remote TapeDevice” on page 516

“How to Copy Files to a Single Formatted Diskette (tar)” on page 517

“How to List the Files on a Diskette (tar)” on page 518

“How to Retrieve Files From a Diskette (tar)” on page 519

Commands for Copying File Systems:

When you need to back up and restore complete UFS file systems, use the ufsdump

and ufsrestore commands described in Chapter 27, “UFS Backup and Restore Commands

(Reference).” When you want to copy or move individual files, portions of file systems, or

complete file systems, you can use the procedures described in this chapter instead of the

ufsdump and ufsrestore commands.

The following table describes when to use the various backup commands.

28 C H A P T E R 2 8

499

TABLE 28–1 When to Use Various BackupCommands

Task Command ForMore Information

Back up UFS file systems to tape. ufsdump “How to Back Up a UFS File System to

Tape” on page 458

Create a file system snapshot. fssnap Chapter 25, “Using UFS Snapshots

(Tasks)”

Restore UFS file systems from tape. ufsrestore “How to Restore a Complete UFS File

System” on page 483

Transport files to other systems. pax, tar, or cpio “Copying Files and File Systems to

Tape” on page 507

Copy files or file systems between

disks.

dd “How to Copy a Disk (dd)” on

page 502

Copy files to diskette. tar “How to Copy Files to a Single

Formatted Diskette (tar)” on page 517

The following table describes various backup and restore commands.

TABLE 28–2 Summary of Various BackupCommands

Command Name

Aware of File System

Boundaries?

Supports MultipleVolume

Backups? Physical or Logical Copy?

volcopy Yes Yes Physical

tar No No Logical

cpio No Yes Logical

pax Yes Yes Logical

dd Yes No Physical

ufsdump/ufsrestore Yes Yes Logical

fssnap N/A N/A Logical

The following table describes the advantages and disadvantages of some of these commands.

Commands for Copying File Systems

System Administration Guide: Devices and File Systems 500 April 2009

TABLE 28–3 Advantages and Disadvantages of tar, pax, and cpio Commands

Command Function Advantages Disadvantages

tar Use to copy files and

directory subtrees to a single

tape.

Available on most UNIX operating systems

Public domain versions are readily available

Is not aware of file system boundaries

Length of full path name cannot exceed 255 characters

Cannot be used to create multiple tape volumes pax Use to copy files, special files, or

file systems that require multiple tape volumes. Or, use when you want to copy files

to and from POSIX-compliant systems.

Better portability than the tar or cpio commands for POSIX-compliant systems

Multiple vendor support Same disadvantages as the tar command, except that the pax

command can create multiple tape volumes.

cpio Use to copy files, special files, or file systems that require multiple tape volumes.

Or, use when you want to copy files from systems running current Solaris releases

systems to systems running SunOS 4.0/4.1 releases.

Packs data onto tape more efficiently than the tar command

Skips over any bad spots in a tape when restoring

Provides options for writing files with different header formats, such as ( tar, ustar,

crc, odc, bar), for portability between different system types

Creates multiple tape volumes

The command syntax is more difficult than the tar or pax commands. The following

sections describes step-by-step instructions and examples of how to use these commands.

Commands for Copying File Systems

Chapter 28 • Copying UFS Files and File Systems (Tasks) 501

Copying File Systems Between Disks:

Two commands are used to copy file systems between disks:

Volcopy

dd

Making a Literal File System Copy:

The dd command makes a literal (block-level) copy of a complete UFS file system to

another file system or to a tape. By default, the dd command copies standard input to standard

output.

Note –Do not use the dd command with variable-length tape drives without first specifying

an appropriate block size.

You can specify a device name in place of standard input or standard output, or both.

In this example, the contents of the diskette are copied to a file in the /tmp directory:

$ dd < /floppy/floppy0 > /tmp/output.file

2400+0 records in

2400+0 records out

The dd command reports on the number of blocks it reads and writes. The number after the +

is a count of the partial blocks that were copied. The default block size is 512 bytes. The dd

command syntax is different from most other commands. Options are specified as

keyword=value pairs, where keyword is the option you want to set and value is the argument

for that option. For example, you can replace standard input and standard output with this

syntax:

$ dd if=input-file of=output-file

To use the keyword=value pairs instead of the redirect symbols, you would type the

following:

$ dd if=/floppy/floppy0 of=/tmp/output.file

How to Copy a Disk (dd)

Keep the following key points in mind when you consider copying a disk:

Do not use this procedure to copy a disk that is under the control of a volume

manager.

The primary methods for copying UFS file system data from one disk or system to

another disk or system is by using the ufsdump and ufsrestore commands.

You can clone systems by creating a flash archive and copying it to destination

systems. For more information about creating a flash archive.

Make sure that the source disk and destination disk have the same disk geometry.

Check the UFS file systems on the disk to be copied with the fsck utility.

Make sure the system is in single-user mode when copying a disk with the dd

command.


(Optional) Create the /reconfigure file so that the systemwill recognize the destination disk to

be added when it reboots, if necessary.


Shut downthe system.

# init 0

Attach the destination disk to the system.

Boot the system.

ok boot –s

Copy the source disk to the destination disk.

# dd if=/dev/rdsk/device-name of=/dev/rdsk/device-name bs=block-size

if=/dev/rdsk/device-name Represents the overlap slice of the master disk device, usually

slice 2.

of=/dev/rdsk/device-name Represents the overlap slice of the destination disk device,

usually slice 2.

bs=blocksize Identifies the block size, such as 128 Kbytes or 256 Kbytes. A

large block size decreases the time it takes to copy the disk.

For more information, see dd(1M).

Check the new file system.

# fsck /dev/rdsk/device-name

Mount the destination disk's root (/) file system.


Change to the directory where the /etc/vfstab file is located.

# cd /mnt/etc

Using a text editor, edit the destination disk's /etc/vfstab file to reference the correct device

names.

For example, change all instances of c0t3d0 to c0t1d0.

Change to the destination disk's root (/) directory.

# cd /

Unmount the destination disk's root (/) file system.

# umount /mnt

Shut downthe system.

# init 0

Boot fromthe destination disk to single-user mode.

# boot diskn –s

Note – The installboot command is not needed for the destination disk because the boot

blocks are copied as part of the overlap slice.

Unconfigure the destination disk.

# sys-unconfig

The system is shut down after it is unconfigured.

Boot fromthe destination disk again and provide its systeminformation, such as host name,

time zone, and so forth.

# boot diskn

After the systemis booted, log in as superuser to verify the systeminformation. hostname

console login:

Copying a DiskWith aVTOC Label (dd)

This example shows how to copy the master disk (with a VTOC label) /dev/rdsk/c0t0d0s2 to

the destination disk /dev/rdsk/c0t2d0s2.


# init 0

ok boot

# dd if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t2d0s2 bs=128k



# cd /mnt/etc

# vi vfstab

(Modify entries for the new disk)

# cd /

# umount /mnt

# init 0

# boot disk2 -s

# sys-unconfig

# boot disk2

Copying Directories Between File Systems (cpio Command):

You can use the cpio (copy in and out) command to copy individual files, groups of

files, or complete file systems. This section describes how to use the cpio command to copy

complete file systems.

The cpio command is an archiving program that copies a list of files into a single,

large output file. This command inserts headers between the individual files to facilitate

recovery. You can use the cpio command to copy complete file systems to another slice,

another system, or to a media device, such as a tape or diskette.

Because the cpio command recognizes end-of-media and prompts you to insert

another volume, it is the most effective command, other than ufsdump, to use to create

archives that require multiple tapes or diskettes.

With the cpio command, you frequently use the ls and find commands to list and

select the files you want to copy, and then to pipe the output to the cpio command.

Howto Copy Directories Between File Systems (cpio):

Become superuser

Change to the appropriate directory.

# cd filesystem1

Copy the directory tree fromfilesystem1 to filesystem2 by using a combination of the find

and cpio commands.

# find . -print -depth | cpio -pdm filesystem2

. Starts in the current working directory.

-print Prints the file names.

-depth Descends the directory hierarchy and prints file names from the bottom up.

-p Creates a list of files.

-d Creates directories as needed.

-m Sets the correct modification times on directories.

You might also specify the -u option. This option forces an unconditional copy.

Otherwise, older files do not replace newer files. This option might be useful if you want an

exact copy of a directory, and some of the files being copied might already exist in the target

directory. Verify that the copywas successful by displaying the contents of the destination

directory.

# cd filesystem2

# ls

If appropriate, remove the source directory.

# rm -rf filesystem1

Copying Directories Between File Systems (cpio)

# cd /data1

# find . -print -depth | cpio -pdm /data2

19013 blocks

# cd /data2

# ls

# rm -rf /data1

Copying Files and File Systems toTape:

You can use the tar, pax, and cpio commands to copy files and file systems to tape.

The command that you choose depends on how much flexibility and precision you require for

the copy. Because all three commands use the raw device, you do not need to format or make

a file system on tapes before you use them.

Copying Files to Tape (tar Command):

Here is information that you should know before you copy files to tape with the tar

command:

Copying files to a tape with the -c option to the tar command destroys any files

already on the tape at or beyond the current tape position.

You can use file name substitution wildcards (? and *) as part of the file names that

you specify when copying files. For example, to copy all documents with a .doc

suffix, type .doc as the file name argument.

You cannot use file name substitution wildcards when you extract files from a tar

archive.

Howto Copy Files to aTape (tar)

Change to the directory that contains the files youwant to copy.

Insert a write-enabled tape into the tape drive.

Copy the files to tape.

$ tar cvf /dev/rmt/n filenames

c Indicates that you want to create an archive.

v Displays the name of each file as it is archived.

f /dev/rmt/n Indicates that the archive should be written to the specified device or file.

filenames Indicates the files and directories that you want to copy. Separate multiple files

with spaces.

The file names that you specify are copied to the tape, overwriting any existing files on the

tape.

Remove the tape fromthe drive.Write the names of the files on the tape label.

Verify that the files you copied are on the tape.

$ tar tvf /dev/rmt/n

For more information on listing files on a tar tape, see “How to List the Files on a Tape (tar)”

on page 509.

Copying Files to a Tape (tar)

The following example shows how to copy three files to the tape in tape drive 0.

$ cd /export/home/siri

$ ls reports

reportA reportB reportC

$ tar cvf /dev/rmt/0 reports

a reports/ 0 tape blocks

a reports/reportA 59 tape blocks

a reports/reportB 61 tape blocks

a reports/reportC 63 tape blocks

$ tar tvf /dev/rmt/0

How to List the Files on aTape (tar)

Insert a tape into the tape drive.

Display the tape contents.

$ tar tvf /dev/rmt/n

t Lists the table of contents for the files on the tape.

v Used with the t option, and provides detailed information about the files on the tape.

f /dev/rmt/n Indicates the tape device.

Listing the Files on a Tape (tar)

The following example shows a listing of files on the tape in drive 0.

$ tar tvf /dev/rmt/0

drwxr-xr-x 0/1 0 Jul 28 15:00 2004 reports/

-r--r--r-- 0/1 206663 Jul 28 15:00 2004 reports/reportA

-r--r--r-- 0/1 206663 Jul 28 15:00 2004 reports/reportB

-r--r--r-- 0/1 206663 Jul 28 15:00 2004 reports/reportC

Howto Retrieve Files FromaTape (tar)

Change to the directory where youwant to put the files.

Insert the tape into the tape drive.

Retrieve the files fromthe tape.

$ tar xvf /dev/rmt/n [filenames]

x Indicates that the files should be extracted from the specified archive file. All

files on the tape in the specified drive are copied to the current directory.

v Displays the name of each file as it is retrieved.

f /dev/rmt/n Indicates the tape device that contains the archive.

File names Specifies a file to retrieve. Separate multiple files with spaces.

Verify that the files have been copied.

$ ls –l

Retrieving Files on a Tape (tar)

The following example shows how to retrieve all the files from the tape in drive 0.

$ cd /var/tmp

$ tar xvf /dev/rmt/0

x reports/, 0 bytes, 0 tape blocks

x reports/reportA, 0 bytes, 0 tape blocks

x reports/reportB, 0 bytes, 0 tape blocks

x reports/reportC, 0 bytes, 0 tape blocks

x reports/reportD, 0 bytes, 0 tape blocks

$ ls -l

The names of the files extracted from the tape must exactly match the names of the files that

are stored on the archive. If you have any doubts about the names or paths of the files, first

list the files on the tape.

Copying Files to a Tape With the pax Command

Howto Copy Files to aTape (pax)

Change to the directory that contains the files youwant to copy.



$ pax -w -f /dev/rmt/n filenames

-w Enables the write mode.

-f /dev/rmt/n Identifies the tape drive.

filenames Indicates the files and directories that you want to copy. Separate multiple files

with spaces.

Verify that the files have been copied to tape.

$ pax -f /dev/rmt/n


Copying Files to a Tape (pax)

The following example shows how to use the pax command to copy all the files in the current

directory.

$ pax -w -f /dev/rmt/0 .

$ pax -f /dev/rmt/0

filea fileb filec

Copying Files to Tape With the cpio Command

Howto Copy All Files in a Directory to a Tape (cpio)

Change to the directory that contains the files you want to copy.



$ ls | cpio -oc > /dev/rmt/n

ls Provides the cpio command with a list of file names.

cpio -oc Specifies that the cpio command should operate in copy-out mode (-o) and

write header information in ASCII character format (-c). These options

ensure portability to other vendors' systems.

> /dev/rmt/n Specifies the output file.

All files in the directory are copied to the tape in the drive you specify, overwriting any

existing files on the tape. The total number of blocks that are copied is shown.

Verify that the files have been copied to tape.

$ cpio -civt < /dev/rmt/n

-c Specifies that the cpio command should read files in ASCII character

format.

-i Specifies that the cpio command should operate in copy-in mode, even

though the command is only listing files at this point.

-v Displays the output in a format that is similar to the output from the ls -l

command.

-t Lists the table of contents for the files on the tape in the tape drive that you

specify.

< /dev/rmt/n Specifies the input file of an existing cpio archive.


Copying All Files in a Directory to a Tape (cpio)

The following example shows how to copy all of the files in the /export/home/siri directory to

the tape in tape drive 0.

$ cd /export/home/siri

$ ls | cpio -oc > /dev/rmt/0

16 blocks

$ cpio -civt < /dev/rmt/0

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, filea

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, fileb

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, filec

drwxr-xr-x 2 root other 0 Jul 28 14:59 2004, letters

drwxr-xr-x 2 root other 0 Jul 28 15:00 2004, reports

16 blocks

Howto List the Files on aTape (cpio)

Note – Listing the table of contents on a tape takes a long time because the cpio command

must process the entire archive.

Insert an archive tape into the tape drive.

List the files on the tape.

$ cpio -civt < /dev/rmt/n

Listing the Files on a Tape (cpio)

The following example shows how to list the files on the tape in drive 0.

$ cpio -civt < /dev/rmt/0

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, filea

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, fileb

-rw-r--r-- 1 root other 0 Jul 28 14:59 2004, filec

drwxr-xr-x 2 root other 0 Jul 28 14:59 2004, letters

drwxr-xr-x 2 root other 0 Jul 28 15:00 2004, reports

16 blocks

$

Howto Retrieve All Files From a Tape (cpio)

If the archive was created using relative path names, the input files are built as a

directory within the current directory when you retrieve the files. If, however, the archive was

created with absolute path names, the same absolute paths are used to re-create the file on

your system.

Caution – The use of absolute path names can be dangerous because you might overwrite

existing files on your system.



Extract all files fromthe tape.

$ cpio -icvd < /dev/rmt/n

-i Extracts files from standard input.

-c Specifies that the cpio command should read files in ASCII character

format.

-v Displays the files as they are retrieved in a format that is similar to the output

from the ls command.

-d Creates directories as needed.

< /dev/rmt/n Specifies the output file.

Verify that the fileswere copied.

$ ls –l

Retrieving All Files Froma Tape (cpio)

The following example shows how to retrieve all files from the tape in drive 0.

$ cd /var/tmp

cpio -icvd < /dev/rmt/0

answers

sc.directives

tests

8 blocks

$ ls -l

How to Retrieve Specific Files FromaTape (cpio)



Retrieve a subset of files from the tape.

$ cpio -icv "*file" < /dev/rmt/n

-i Extracts files from standard input.

-c Specifies that the cpio command should read headers in ASCII character format.

-v Displays the files as they are retrieved in a format that is similar to the output from the ls

command.

"*file" Specifies that all files that match the pattern are copied to the current directory. You

can specify multiple patterns, but each pattern must be enclosed in double quotation marks.

< /dev/rmt/n Specifies the input file.

For more information, see the cpio(1) man page.

Verify that the fileswere copied.

$ ls -l

Retrieving Specific Files Froma Tape (cpio)

The following example shows how to retrieve all files with the chapter suffix from the tape in

drive 0.

$ cd /home/smith/Book

$ cpio -icv "*chapter" < /dev/rmt/0

Boot.chapter

Directory.chapter

Install.chapter

Intro.chapter

31 blocks

$ ls -l

Copying Files to a RemoteTape Device

How to Copy Files to a RemoteTape Device (tar anddd)

The following prerequisites must be met to use a remote tape drive:

(a) The local host name and optionally, the user name of the user doing the copy, must

appear in the remote system's /etc/hosts.equiv file.Or, the user doing the copy must

have his or her home directory accessible on the remote machine, and have the local

machine name in

$HOME/.rhosts.

For more information, see the hosts.equiv(4) man page.

(b) An entry for the remote systemmust be in the local system's /etc/inet/hosts file or in

the name service hosts file.

To test whether you have the appropriate permission to execute a remote command, try the

following:

$ rsh remotehost echo test

If test is echoed back to you, you have permission to execute remote commands. If

Permission denied is echoed back to you, check your setup as described in Step 1.



Copy the files to a remote tape drive.

$ tar cvf - filenames | rsh remote-host dd of=/dev/rmt/n obs=block-size

tar cf Creates a tape archive, lists the files as they are archived, and specifies the

tape device.

v Provides additional information about the tar file entries.

- (Hyphen) Represents a placeholder for the tape device.

filenames Identifies the files to be copied. Separate multiple files with spaces.

rsh | remote-host Pipes the tar command's output to a remote shell.

dd of= /dev/rmt/n Represents the output device.

obs=block-size Represents the blocking factor.


Copying Files to a Remote Tape Drive (tar and dd)

# tar cvf - * | rsh mercury dd of=/dev/rmt/0 obs=126b

a answers/ 0 tape blocks

a answers/test129 1 tape blocks

a sc.directives/ 0 tape blocks

a sc.directives/sc.190089 1 tape blocks

a tests/ 0 tape blocks

a tests/test131 1 tape blocks

6+9 records in

0+1 records out

How to Extract Files Froma RemoteTape Device:


Change to a temporary directory.

$ cd /var/tmp

Extract the files froma remote tape device.

$ rsh remote-host dd if=/dev/rmt/n | tar xvBpf -

rsh remote-host Indicates a remote shell that is started to extract the files from the tape

device by using the dd command.

dd if=/dev/rmt/n Indicates the input device.

| tar xvBpf - Pipes the output of the dd command to the tar command, which is used

to restore the files.

Verify that the files have been extracted.

$ ls -l

Extracting Files Froma Remote Tape Drive

$ cd /var/tmp

$ rsh mercury dd if=/dev/rmt/0 | tar xvBpf -

x answers/, 0 bytes, 0 tape blocks

x answers/test129, 48 bytes, 1 tape blocks

20+0 records in

20+0 records out

x sc.directives/, 0 bytes, 0 tape blocks

x sc.directives/sc.190089, 77 bytes, 1 tape blocks

x tests/, 0 bytes, 0 tape blocks

x tests/test131, 84 bytes, 1 tape blocks

$ ls -l

ManagingTape Drives

This chapter describes how to manage tape drives in the Solaris Operating System (Solaris

OS).

Choosing Which Media to Use:

You typically back up Solaris systems by using the following tape media:

1/2-inch reel tape

1/4-inch streaming cartridge tape

8-mm cartridge tape

4-mm cartridge tape (DAT)

You can perform backups with diskettes, but doing so is time-consuming and

cumbersome. The media that you choose depends on the availability of the equipment that

supports it and of the media (usually tape) that you use to store the files. Although you must

do the backup from a local system, you can write the files to a remote device.

The following table shows typical tape devices that are used for backing up file

systems. The storage capacity for each device depends on the type of drive and the data being

written to the tape.

Media StorageCapacities

Backup Media Storage Capacity1/2-inch reel tape 140 Mbytes (6250 bpi)2.5-Gbyte 1/4-inch cartridge (QIC) tape 2.5 GbytesDDS3 4-mm cartridge tape (DAT) 12–24 Gbytes14-Gbyte 8-mm cartridge tape 14 GbytesDLT 7000 1/2-inch cartridge tape 35–70 Gbytes

Backup Device Names:

You specify a tape or diskette to use for backup by supplying a logical device name.

This name points to the subdirectory that contains the “raw” device file and includes the

logical unit number of the drive. Tape drive naming conventions use a logical, not a physical,

device name.

The following table shows this naming convention.

Basic DeviceNames for Backup Devices

Device Type Name

Tape /dev/rmt/n

Diskette /vol/dev/rdiskette0/unlabeled

If you don't specify the density, a tape drive typically writes at its “preferred” density.

The preferred density usually means the highest density the tape drive supports.Most SCSI

drives can automatically detect the density or format on the tape and read it accordingly. To

determine the different densities that are supported for a drive, look at the /dev/rmt

subdirectory. This subdirectory includes the set of tape device files that support different

output densities for each tape.

Also, a SCSI controller can have a maximum of seven SCSI tape drives.

DisplayingTape Drive Status:

You can use the status option with the mt command to get status information about

tape drives. The mt command reports information about any tape drives that are described in

the

/kernel/drv/st.conf file.

How to Display Tape Drive Status:

Load a tape into the drive youwant information about.

Display the tape drive status.

# mt -f /dev/rmt/n status

Displaying Tape Drive Status

The following example shows the status for aQIC-150 tape drive (/dev/rmt/0):

$ mt -f /dev/rmt/0 status

Archive QIC-150 tape drive:

sense key(0x0)= No Additional Sense residual= 0 retries= 0

file no= 0 block no= 0

The following example shows the status for an Exabyte tape drive (/dev/rmt/1):

$ mt -f /dev/rmt/1 status

Exabyte EXB-8200 8mm tape drive:

sense key(0x0)= NO Additional Sense residual= 0 retries= 0


The following example shows a quick way to poll a system and locate all of its tape drives:

$ for drive in 0 1 2 3 4 5 6 7

> do

> mt -f /dev/rmt/$drive status

> done

Archive QIC-150 tape drive:

sense key(0x0)= No Additional Sense residual= 0 retries= 0


/dev/rmt/1: No such file or directory







$

Handling MagneticTape Cartridges:

If errors occur when a tape is being read, you can retension the tape, clean the tape

drive, and then try again.

Retensioning aMagneticTape Cartridge

Retension a magnetic tape cartridge with the mt command.

For example:

$ mt -f /dev/rmt/1 retension

$

Note –Do not retension non-QIC tape drives.

Rewinding aMagneticTape Cartridge

To rewind a magnetic tape cartridge, use the mt command.

For example:

$ mt -f /dev/rmt/1 rewind

$

SCHEDULE JOBS

You can set up many system tasks to execute automatically. Some of these tasks

should occur at regular intervals. Other tasks need to run only once, perhaps during off hours

such as evenings or weekends.

We have two commands, those are crontab and at, which enable you to schedule

routine tasks to execute automatically. The crontab command schedules repetitive commands.

The at command schedules tasks that execute once.

For Scheduling Repetitive Jobs: crontab:

You can schedule routine system administration tasks to execute daily, weekly, or

monthly by using the crontab command.

Daily crontab system administration tasks might include the following:

Removing files more than a few days old from temporary directories

Executing accounting summary commands

Taking snapshots of the system by using the df and ps commands

Performing daily security monitoring

Running system backups

Weekly crontab system administration tasks might include the following:

Running the fsck -n command to list any disk problems

Monthly crontab system administration tasks might include the following:

Listing files not used during a specific month

Producing monthly accounting reports

Additionally, users can schedule crontab commands to execute other routine system

tasks, such as sending reminders and removing backup files.

For Scheduling a Single Job: at

The at command allows you to schedule a job for execution at a later time. The job

can consist of a single command or a script.

Similar to crontab, the at command allows you to schedule the automatic execution of

routine tasks.However, unlike crontab files, at files execute their tasks once. Then, they are

removed from their directory. Therefore, the at command is most useful for running simple

commands or scripts that direct output into separate files for later examination.

The at command stores the command or script you ran, along with a copy of your

current environment variable, in the /var/spool/cron/atjobs directory. Your at job file name is

given a long number that specifies its location in the at queue, followed by the .a extension,

such as 793962000.a.

The cron daemon checks for at jobs at startup and listens for new jobs that are

submitted. After the cron daemon executes an at job, the at job's file is removed from the

atjobs directory.

Scheduling a Repetitive SystemTask (cron):

The following sections describe how to create, edit, display, and remove crontab files,

as well as how to control access to them.

Inside a crontab File:

The cron daemon schedules system tasks according to commands found within each

crontab file. A crontab file consists of commands, one command per line, that will be

executed at regular intervals. The beginning of each line contains date and time information

that tells the cron daemon when to execute the command.

For example, a crontab file named root is supplied during SunOS software installation. The

file's contents include these command lines:

10 3 * * * /usr/sbin/logadm

15 3 * * 0 /usr/lib/fs/nfs/nfsfind

1 2 * * * [ -x /usr/sbin/rtc ] && /usr/sbin/rtc -c > /dev/null 2>&1

30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean

The following describes the output for each of these command lines:

The first line runs the logadm command at 3:10 a.m. every day.

The second line executes the nfsfind script every Sunday at 3:15 a.m.

The third line runs a script that checks for daylight savings time (and make

corrections, if necessary) at 2:10 a.m. daily.

If there is no RTC time zone, nor an /etc/rtc_config file, this entry does nothing.

X 86 only – The /usr/sbin/rtc script can only be run on an x86 based system.

The fourth line checks for (and removes) duplicate entries in the Generic Security

Service table, /etc/gss/gsscred_db, at 3:30 a.m. daily.

The crontab files are stored in the /var/spool/cron/crontabs directory. Several crontab

files besides root are provided during SunOS software installation.

Besides the default crontab files, users can create crontab files to schedule their own

system tasks. Other crontab files are named after the user accounts in which they are created,

such as bob, mary, smith, or jones.

To access crontab files that belong to root or other users, superuser privileges are

required. Procedures explaining how to create, edit, display, and remove crontab files are

described in subsequent sections.

How the cron Daemon Handles Scheduling:

The cron daemon manages the automatic scheduling of crontab commands. The role

of the cron daemon is to check the /var/spool/cron/crontab directory for the presence of

crontab files.

The cron daemon performs the following tasks at startup:

Checks for new crontab files.

Reads the execution times that are listed within the files.

Submits the commands for execution at the proper times.

Listens for notifications from the crontab commands regarding updated crontab files.

In much the same way, the cron daemon controls the scheduling of at files. These files

are stored in the /var/spool/cron/atjobs directory. The cron daemon also listens for

notifications from the crontab commands regarding submitted at jobs.

Syntax of crontab File Entries:

A crontab file consists of commands, one command per line, that execute automatically at the

time specified by the first five fields of each command line. These five fields, described as

follows

Time Field Values

Minute 0-59

Hour 0-23

Day of month 1-31

Month 1-12

Day of week 0-6 (0 = Sunday)

Follow these guidelines for using special characters in crontab time fields:

Use a space to separate each field.

Use a comma to separate multiple values.

Use a hyphen to designate a range of values.

Use an asterisk as a wildcard to include all possible values.

Use a comment mark (#) at the beginning of a line to indicate a comment or a blank

line.

For example, the following crontab command entry displays a reminder in the user's console

window at 4 p.m. on the first and fifteenth days of every month.

0 16 1, 15 * * echo Timesheets Due > /dev/console

Each command within a crontab file must consist of one line, even if that line is very long.

The crontab file does not recognize extra carriage returns.

Creating and Editing crontab Files:

The simplest way to create a crontab file is to use the crontab -e command. This

command invokes the text editor that has been set for your system environment. The default

editor for your system environment is defined in the EDITOR environment variable. If this

variable has not been set, the crontab command uses the default editor, ed. Preferably, you

should choose an editor that you know well.

The following example shows how to determine if an editor has been defined, and

how to set up vi as the default.

$ which $EDITOR

$

$ EDITOR=vi

$ export EDITOR

When you create a crontab file, it is automatically placed in the /var/spool/cron/crontabs

directory and is given your user name. You can create or edit a crontab file for another user,

or root, if you have superuser privileges.

How to Create or Edit a crontab File:

If you are creating or editing a crontab file that belongs to root or another user you

must become superuser or assume an equivalent role.

You do not need to become superuser to edit your own crontabfile.

Create a new crontab file, or edit an existing file.

$ crontab -e [username]

where username specifies the name of the user's account for which you want to create or edit

a crontab file. You can create your own crontab file without superuser privileges, but you

must have superuser privileges to creating or edit a crontab file for root or another user.

Verify your crontab file changes.

# crontab -l [username]

Creating a crontab File

The following example shows how to create a crontab file for another user.

# crontab -e jones

The following command entry added to a new crontab file automatically removes any log

files from the user's home directory at 1:00 a.m. every Sunday morning. Because the

command entry does not redirect output, redirect characters are added to the command line

after *.log.Doing so ensures that the command executes properly.

How to Verify That a crontab File Exists:

To verify that a crontab file exists for a user, use the ls -l command in the

/var/spool/cron/crontabs directory. For example, the following output shows that crontab files

exist for users jones and smith.

$ ls -l /var/spool/cron/crontabs

-rw-r--r-- 1 root sys 190 Feb 26 16:23 adm

-rw------- 1 root staff 225 Mar 1 9:19 jones

-rw-r--r-- 1 root root 1063 Feb 26 16:23 lp

-rw-r--r-- 1 root sys 441 Feb 26 16:25 root

-rw------- 1 root staff 60 Mar 1 9:15 smith

-rw-r--r-- 1 root sys 308 Feb 26 16:23 sys

Verify the contents of user's crontab file by using the crontab -l command

Displaying crontab Files:

The crontab -l command displays the contents of a crontab file much the same way

that the cat command displays the contents of other types of files. You do not have to change

the directory to /var/spool/cron/crontabs directory (where crontab files are located) to use this

command.

By default, the crontab -l command displays your own crontab file. To display

crontab files that belong to other users, you must be superuser.

HowtoDisplay a crontab File:

Become superuser or assume an equivalent role to display a crontab file that belongs

to root or another user.

You do not need to become superuser or assume an equivalent role to display your

own crontab file.

Display the crontab file.

$ crontab -l [username]

where username specifies the name of the user's account for which you want to display a

crontab file. Displaying another user's crontab file requires superuser privileges.

Caution – If you accidentally type the crontab command with no option, press the

interrupt character for your editor. This character allows you to quit without saving changes.

If you instead saved changes and exited the file, the existing crontab file would be

overwritten with an empty file.

Displaying a crontab File

This example shows how to use the crontab -l command to display the contents of the

user's default crontab file.

$ crontab -l

13 13 * * * chmod g+w /home1/documents/*.book > /dev/null 2>&1

Displaying the Default root crontab file.

This example shows how to display the default root crontab file.

# crontab -l

#ident "@ (#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */

#

# The root crontab should be used to perform accounting data collection.

#

#

10 3 * * * /usr/sbin/logadm

15 3 * * 0 /usr/lib/fs/nfs/nfsfind

30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean

#10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___

Removing crontab Files:

By default, crontab file protections are set up so that you cannot inadvertently delete a

crontab file by using the rm command. Instead, use the crontab -r command to remove

crontab files.

By default, the crontab -r command removes your own crontab file. You do not have

to change the directory to /var/spool/cron/crontabs (where crontab files are located) to use

this command.

Howto Remove a crontab File:

Become superuser or assume an equivalent role to remove a crontab file that belongs

to root or another user.

You do not need to become superuser or assume an equivalent role to remove your

own crontab file.

Remove the crontab file.

$ crontab -r [username]

where username specifies the name of the user's account for which you want to remove a

crontab file. Removing crontab files for another user requires superuser privileges.

Caution – If you accidentally type the crontab command with no option, press the interrupt

character for your editor. This character allows you to quit without saving changes. If you

instead saved changes and exited the file, the existing crontab file would be overwritten with

an empty file.

Verify that the crontab file has been removed.

# ls /var/spool/cron/crontabs

Removing a crontab File

The following example shows how user smith uses the crontab -r command to remove his

crontab file.

$ ls /var/spool/cron/crontabs

adm jones lp root smith sys uucp

$ crontab -r

$ ls /var/spool/cron/crontabs

adm jones lp root sys uucp

Controlling Access to the crontab Command:

You can control access to the crontab command by using two files in the /etc/cron.d

directory: cron.deny and cron.allow. These files permit only specified users to perform

crontab command tasks such as creating, editing, displaying, or removing their own crontab

files.

The cron.deny and cron.allow files consist of a list of user names, one user name per

line. These access control files work together as follows:

If cron.allow exists, only the users who are listed in this file can create, edit, display,

or remove crontab files.

If cron.allow does not exist, all users can submit crontab files, except for users who

are listed in cron.deny.

If neither cron.allow nor cron.deny exists, superuser privileges are required to run the

crontab command.

Superuser privileges are required to edit or create the cron.deny and cron.allow files. The

cron.deny file, which is created during SunOS software installation, contains the following

user names:

$ cat /etc/cron.d/cron.deny

daemon

bin

smtp

nuucp

listen

nobody

noaccess

None of the user names in the default cron.deny file can access the crontab command.

You can edit this file to add other user names that will be denied access to the crontab

command.

No default cron.allow file is supplied. So, after Solaris software installation, all users

(except users who are listed in the default cron.deny file) can access the crontab command. If

you create a cron.allow file, only these users can access the crontab command.

Howto Deny crontab CommandAccess:


Edit the /etc/cron.d/cron.deny file and add user names, one user per line. Include users who

will be denied access to the crontab commands.

daemon

bin

smtp

nuucp

listen

nobody

noaccess

username1

username2

username3

Verify that the /etc/cron.d/cron.deny file contains the new entries.

# cat /etc/cron.d/cron.deny

daemon

bin

nuucp

listen

nobody

noaccess

How to Limit crontab CommandAccess to Specified:

Users


Create the /etc/cron.d/cron.allow file.

Add the root user name into the cron.allow file.

If you do not add root to the file, superuser access to crontab commands will be denied.

Add the user names, one user name per line. Include users that will be allowed to use the

crontab command.

root

username1

username2

username3

Limiting crontab Command Access to Specified Users

The following example shows a cron.deny file that prevents user names jones, temp, and

visitor from accessing the crontab command.

$ cat /etc/cron.d/cron.deny

daemon

bin

smtp

nuucp

listen

nobody

noaccess

jones

temp

visitor

The following example shows a cron.allow file. The users root, jones, lp, and smith are the

only users who can access the crontab command.

$ cat /etc/cron.d/cron.allow

root

jones

lp

smith

Scheduling a Single SystemTask (at):

The following sections describe how to use the at command to perform the following tasks:

Schedule jobs (command and scripts) for execution at a later time

How to display and remove these jobs

How to control access to the at command

By default, users can create, display, and remove their own at job files. To access at

files that belong to root or other users, you must have superuser privileges.

When you submit an at job, it is assigned a job identification number along with the .a

extension. This designation becomes the job's file name, as well as its queue number.

Description of the at Command:

Submitting an at job file involves these steps:

1. Invoking the at utility and specifying a command execution time.

2. Typing a command or script to execute later.

Note – If output from this command or script is important, be sure to direct the output to a file

for later examination.

For example, the following at job removes core files from the user account smith near

midnight on the last day of July.

$ at 11:45pm July 31

at> rm /home/smith/*core*

at> Press Control-d

commands will be executed using /bin/csh

job 933486300.a at Tue Jul 31 23:45:00 2004

Controlling Access to the at Command:

You can set up a file to control access to the at command, permitting only specified

users to create, remove, or display queue information about their at jobs. The file that controls

access to the at command, /etc/cron.d/at.deny, consists of a list of user names, one user name

per line. The users who are listed in this file cannot access at commands.

The at.deny file, which is created during SunOS software installation, contains the

following

user names:

daemon

bin

smtp

nuucp

listen

nobody

noaccess

With superuser privileges, you can edit the at.deny file to add other user names whose at

command access you want to restrict.

How to Create an at Job:

Start the at utility, specifying the time you want your job executed.

$ at [-m] time [date]

-m Sends you email after the job is completed.

time Specifies the hour that you want to schedule the job. Add am or pm if you do not specify

the hours according to the 24-hour clock. Acceptable keywords are midnight, noon, and now.

Minutes are optional.

date Specifies the first three or more letters of a month, a day of the week, or the keywords

today or tomorrow.

At the at prompt, type the commands or scripts that youwant to execute, one per line.

You may type more than one command by pressing Return at the end of each line.

Exit the at utility and save the at job by pressing Control-D.

Your at job is assigned a queue number, which is also the job's file name. This number is

displayed when you exit the at utility.

Creating an at Job

The following example shows the at job that user jones created to remove her backup files at

7:30 p.m. She used the -m option so that she would receive an email message after her job

completed.

$ at -m 1930

at> rm /home/jones/*.backup

at> Press Control-D

job 897355800.a at Thu Jul 12 19:30:00 2004

She received a email message which confirmed the execution of her at job.

Your “at” job “rm /home/jones/*.backup”

completed.

The following example shows how jones scheduled a large at job for 4:00 a.m. Saturday

morning. The job output was directed to a file named big.file.

$ at 4 am Saturday

at> sort -r /usr/dict/words > /export/home/jones/big.file

How to Display the atQueue:

To check your jobs that arewaiting in the at queue, use the atq command.This

command displays status information about the at jobs that you have created.

$ atq

How toVerify an at Job:

To verify that you have created an at job, use the atq command. In the following

example, the at q command confirms that at jobs that belong to jones have been submitted to

the queue.

$ atq

Rank Execution Date Owner Job Queue Job Name

1st Jul 12, 2004 19:30 jones 897355800.a a stdin

2nd Jul 14, 2004 23:45 jones 897543900.a a stdin

3rd Jul 17, 2004 04:00 jones 897732000.a a stdin

How to Display at Jobs:

To display information about the execution times of your at jobs, use the at -l command.

$ at -l [job-id]

where the -l job-id option identifies the identification number of the job whose status you

want to display.

Displaying at Jobs

The following example shows output from the at -l command, which provides information on

the status of all jobs submitted by a user.

$ at -l

897543900.a Sat Jul 14 23:45:00 2004

897355800.a Thu Jul 12 19:30:00 2004

897732000.a Tue Jul 17 04:00:00 2004

The following example shows the output that is displayed when a single job is specified with

the at -l command.

$ at -l 897732000.a

897732000.a Tue Jul 17 04:00:00 2004

How to Remove at Jobs:

Become superuser or assume an equivalent role to remove an at job that belongs to

root or another user. Roles contain authorizations and privileged commands. For more

information about roles, see “Configuring RBAC (TaskMap)” in System Administration

Guide: Security Services.

You do not need to become superuser or assume an equivalent role to remove your

own at job.

Remove the at job fromthe queue before the job is executed.

$ at -r [job-id]

where the -r job-id option specifies the identification number of the job you want to remove.

Verify that the at job is removed by using the at -l (or the atq) command.

The at -l command displays the jobs remaining in the at queue. The job whose identification

number you specified should not appear.

$ at -l [job-id]

Removing at Jobs:

In the following example, a user wants to remove an at job that was scheduled to

execute at 4 a.m. on July 17th. First, the user displays the at queue to locate the job

identification number.

Next, the user removes this job from the at queue. Finally, the user verifies that this

job has been removed from the queue.

$ at -l

897543900.a Sat Jul 14 23:45:00 2003

897355800.a Thu Jul 12 19:30:00 2003

897732000.a Tue Jul 17 04:00:00 2003

$ at -r 897732000.a

$ at -l 897732000.a

at: 858142000.a: No such file or directory

Howto Deny Access to the at Command:


Edit the /etc/cron.d/at.deny file and add the names of users, one user name per line, that will

be prevented fromusing the at commands.

daemon

bin

smtp

nuucp

listen

nobody

noaccess

username1

username2

username3

Denying at Access

The following example shows an at.deny file that has been edited so that the users smith and

jones cannot access the at command.

$ cat at.deny

daemon

bin

smtp

nuucp

listen

nobody

noaccess

jones

smith

How toVerifyThat at CommandAccess Is Denied:

To verify that a usernamewas added correctly to the /etc/cron.d/at.deny file, use the at

–l command while logged in as the user. If the user smith cannot access the at command, the

following message is displayed.

# su smith

Password:

$ at -l

at: you are not authorized to use at. Sorry.

Likewise, if the user tries to submit an at job, the following message is displayed:

$ at 2:30pm

at: you are not authorized to use at. Sorry.

This message confirms that the user is listed in the at.deny file.

If at command access is allowed, then the at -l command returns nothing.

STARTING SOLARIS PRINTMANAGER

To start Solaris PrintManager, use either of the following methods:

Type the appropriate command from the command line.

How to Start Solaris Print Manager:

Verify that the following prerequisites are met.To use Solaris Print Manager, you

must meet the following requirements:

Have a bitmapped display monitor, such as the standard display monitor that comes

with a Sun workstation. Solaris Print Manager can be used only on a system with a

console that is a bitmapped screen.

Be running an X Window System, such as COMMON desktop Environment, or be

using the remote display feature on a system running an xhost environment.

Be logged in as superuser or an equivalent role on the print server to install an

attached or network printer, or on the print client to add access to a printer.

Have the SUNWppm package installed.

# pkginfo | grep SUNWppm

system SUNWppm Solaris Print Manager

Start Solaris PrintManager by using one of the following methods:

# /usr/sbin/printmgr &

Note – You can also start Solaris Print Manager by using the original path of the printmgr

command:

# /usr/sadm/admin/bin/printmgr &

It will open one graphical window there you can select the printer

Which you want to add.

Add a New Directly Attached Printer by Using

LP Print Commands

Printers are divided into three types:

1. Local printer

2. Remote printer

3. Network printer

1. Local printer: The printer directly attached to local system is called local printer.

2. Remore printer: The printer connected across the LAN with a shared folder is called

Remote printer.

3. Nework printer: The printer which has its own ip address and hostname and directly

to the LAN is called network printer. So every system in the network they can access

this printer.

To manage printers in solaris we have the following command:

#lpadmin

This command will configure the lp print services by defining printer names and devices.

It is used to add, change or delete a printer.

To configure a new printer in solaris you can follow the steps:

#lpadmin –p wipro –v /dev/lp1

Options:

-p printer name

-v printer device name

To make the printer as default you can use the following command

#lpadmin –d wipro (-d default printer)

To enable the printer in solaris environment

#enable wipro

To accept the print jobs of printer you have to give the following command

#accept wipro

To see the status of printer

#lpstat –v

To see the status information about all printers with accepting print requests

#lpstat –t

To see the characteristics of printer

#lpstat –p wipro

To take print out on solaris you can use the command

#lp (by using lp command we can take print outs of files)

Ex:

#lp /etc/passwd

Here you are taking the print out of password file.

To see the jobs queue:

#lpq

To stop the print services you can use the following command

#lpshut wipro

To remove a printer

#lpadmin –x wipro

How to Add a New Network-Attached Printer by Using LP Print Commands:

This procedure describes how to add a new network printer with the expanded printer

support that is available in this release. There are two examples that follow this procedure.

The first example shows you how to add a new network printer with PPD files by using lp

commands.

The second example shows you how to add a new network printer without PPD files

by using lp commands.

The following steps are necessary to set up a network printer by using the network

printer support software. The use of this software is intended for printers that do not come

with vendor-supplied software.

This step is equivalent to adding any node to the network.

1. Collect the information that is required to configure a new network printer with PPD

files.

Printer name and port device

Network printer access name

Protocol

Timeout

File content type

PPD file

To determine the PPD file, first define the printer make, model, and driver that the

printer will use.

Define the printer name, port device, file content type, and PPD file that the printer

will use. When using PPD files, the file content type is usually PostScript.

(a) Specify the printer name and the port device that the printer will use.

# lpadmin -p printer-name -v /dev/null

The device to use is /dev/null.

(b) Specify the interface script that the printer will use.

# lpadmin -p printer-name -m netstandard_foomatic

The interface script that is supplied with the support software for network printer is

/usr/lib/lp/model/netstandard_foomatic.

(c) Specify the file content type and PPD file that the printer will use.

When using PPD files, the file content type is usually PostScript.

# lpadmin -p printer-name -I content-type –n

/path/ppdfile

The PPD file that you specify is located in the /path directory.

Note – If /path is not a PPD file repository on the system, then a copy of PPD file is placed in

the user label directory in the user PPD file repository. For more information, see

(d) Specify the printer description.

# lpadmin -p printer-name -D "printer-description"

Set the printer destination, protocol, and timeout values.

# lpadmin -p printer-name -o dest=access-name:port -o protocol=protocol

-o timeout=value

-p printer-name Specifies the network printer name.

-o dest=access-name:port Sets the printer destination to the network printer access name and

a designated printer vendor port, if the port is defined in the printer vendor documentation.

-o protocol=protocol Sets the over-the-wire protocol used to communicate with the printer.

Both BSD and raw TCP are supported.

-o timeout=value Sets a retry timeout value that represents a number of seconds to wait

between attempting connections to the printer.

Add filters to the print server.

# cd /etc/lp/fd

# for filter in *.fd;do

> name=‘basename $ filter .fd‘

> lpfilter -f $name -F $ filter

> done

Enable the printer to accept print requests and to print those requests.

# accept printer-name

# enable printer-name

Verify that the printer is correctly configured.

# lpstat -p printer-name

Adding a New Network-Attached Printer With PPD Files by Using LP Print Commands

This example shows how to add a new network printer with PPD files. The -n option

to the lpadmin command enables you to add a new print queue by specifying PPD files. The

commands used in this example must be executed on the print server. The following

information is used as an example only. The information that you provide will vary.

Printer name : luna1

Device: /dev/null

Interface: /usr/lib/lp/model/netstandard_foomatic

Network printer access name: nimquat:9100

Protocol: tcp

Timeout: 5

File content type: postscript

PPD file: /path/ppdfile

# lpadmin -p luna1 -v /dev/null (1)

# lpadmin -p luna1 -m netstandard_foomatic (2)

# lpadmin -p luna1 -o dest=nimquat:9100 -o protocol=tcp

-o timeout=5 (3)

# lpadmin -p luna1 -I postscript (4)

# lpadmin -p luna1 -n /path/ppdfile (5)

# lpadmin -p luna1 -D "Second floor color printer" (6)

# cd /etc/lp/fd

# for filterin *.fd;do

> name =‘basename $ filter .fd‘

> lpfilter -f $ name -F $ filter

> done (7)

# accept luna1

destination "luna1" now accepting requests

# enable luna1 (8)

printer "luna1" now enabled

# lpstat -p luna1 (9)

printer luna1 is idle. enabled since Mon Apr 19 15:31:15 2004. available.

1. Defines printer name and sets the device to /dev/null

2. Defines the interface script for network printers

3. Sets the destination, protocol, and timeout

4. Specifies the file content types to which the printer can print to directly

5. Specifies the PPD file to use

6. Adds a description for the printer

7. Adds print filters to the print server

8. Accepts print requests for the printer and enables the printer

9. Verifies that the printer is ready for printing

Adding a New Network-Attached Printer Without PPD Files by Using LP Print Commands

This example shows how to add a new network printer without PPD files. Thse commands

must be executed on the print server.

The following information is used as an example:

Printer name: luna1

Device: /dev/null

Interface: /usr/lib/lp/model/netstandard

Network printer access name: nimquat:9100

Protocol: tcp

Timeout: 5

File content type: postscript

Printer type: PS

# lpadmin -p luna1 -v /dev/null (1)

# lpadmin -p luna1 -m netstandard (2)

# lpadmin -p luna1 -o dest=nimquat:9100 -o protocol=tcp

-o timeout=5 (3)

# lpadmin -p luna1 -I postscript -T PS (4)

# lpadmin -p luna1 -D "Room 1954 ps" (5)

# cd /etc/lp/fd

# for filter in *.fd;do

> name =‘basename $ filter .fd‘

> lpfilter -f $ name -F $ filter

> done (6)

# accept luna1

destination "luna1" now accepting requests

# enable luna1 (7)

printer "luna1" now enabled

# lpstat -p luna1 (8)

printer luna1 is idle.enabled since Feb 28 11:21 2003.available.

1. Defines printer name and sets the device to /dev/null

2. Defines the interface script for network printers

3. Sets the destination, protocol, and timeout

4. Specifies the file content type to which the printer can print directly, and the printer

type

5. Adds a description for the printer

6. Adds print filters to the print server

7. Accepts print requests for the printer and enables the printer

8. Verifies that the printer is ready for printing

How to Delete a Printer and Remove Printer Access by Using LP Print Commands:

Use this procedure when you remove a printer from service, and you want to remove

the printer access from the print clients. Then, remove the printer information from the print

server.

Log in as superuser, lp, or assume an equivalent role on a print client that has access

to the printer youwant to delete. On the systemthat is the print client, delete information about

the printer.

# lpadmin -x printer-name

-x Deletes the specified printer.

printer-name Specifies the name of the printer you want to delete.

Log in as superuser, lp, or assume an equivalent role on the print server.

On the systemthat is the printer server, stop accepting print requests for the printer.

# reject printer-name

reject printer-name rejects print requests for the specified printer.

On the systemthat is the print server, stop the printer.

# disable printer-name

On the systemthat is the print server, delete the printer.

# lpadmin -x printer-name

Verify that the printer information has been deleted:

(a) Confirm that the printer information has been deleted on the print client.

$ lpstat -p printer-name -l

In the command output, you should receive an error indicating that the printer does not

exist.

(a) Confirm that the printer information has been deleted on the print server.

$ lpstat -p printer-name –l

In the command output, you should receive an error indicating that the printer does not exist.

Deleting a Printer and Remote Printer Access

The following example shows how to delete the printer luna from the print client terra

and from the print server jupiter. This example also shows how to delete the print client terra

from the print server.

terra# lpadmin -x luna

Removed “luna”.

terra# lpstat -p luna -l

jupiter# lpadmin -x luna

Removed “terra”.

jupiter# lpstat -p luna –l

How to Check the Status of Printers:

Log in to any system on the network.

Check the status of printers.

Only the most commonly used options are shown here. For other options, see thelpstat(1)

man page.

$ lpstat [-d] [-p] printer-name [-D] [-l] [-t]

-d Shows the system's default printer.

-p printer-name Shows if a printer is active or idle, when the printer was enabled or disabled,

and whether the printer is accepting print requests.

You can specify multiple printer names with this command. Use a space or a comma to

separate printer names. If you use spaces, enclose the list of printer names in quotation marks.

If you don't specify printer-name, the status of all printers is displayed.

-D Shows the description of the specified printer-name.

-l Shows the characteristics of the specified printer-name.

-t Shows status information about the LP print service, including the status of all printers,

such as whether they are active and whether they are accepting print requests.

Checking the Status of Printers

The following example shows how to display the system's default printer.

$ lpstat -d

system default destination: luna

The following example shows how to display the status of the printer luna.

$ lpstat -p luna

printer luna is idle. enabled since Jul 12 11:17 2001. available.

$ lpstat -p "asteroid luna" –D

printer asteroid faulted. enabled since Jan 5 11:35 2004. available.

unable to print: paper misfeed jam

Description: Printer by break room

printer luna is idle. enabled since Jan 5 11:36 2004. available.

Description: Printer by server room.

The following example shows how to display the characteristics of the printer luna.

$ lpstat -p luna –l

printer luna is idle. enabled since Thu Jul 12 15:02:32 PM PDT

Form mounted:

Content types: postscript

Printer types: PS

Description:

Connection: direct

Interface: /usr/lib/lp/model/standard

PPD: none

After fault: continue

Users allowed:

(all)

Forms allowed:

(none)

Banner not required

Character sets:

(none)

Default pitch:

Default page size: 80 wide 66 long

Default port settings:

Stopping and Restarting the Print Scheduler

The print scheduler, lpsched, handles print requests on print servers.However, the

print scheduler might sometimes stop running on a system, so print requests stop being

accepted or printed. The lpadmin command automatically enables the lpsched service when

local printers are added to the system and disables it when the last local printer is removed.

How to Stop the Print Scheduler:


Determine if the print scheduler is running.

# svcs application/print/server

You can also use the lpstat -r command to determine if the print scheduler is running.

If the print scheduler is not running, the message scheduler is not running is displayed.

If the print scheduler is running, stop it.

# svcadm disable application/print/server

You can also use the lpshut command to stop the print scheduler.

How to Restart the Print Scheduler:


Determine if the print scheduler is running.

# svcs application/print/server

You can also use the lpstat -r command to determine if the print scheduler is running.

If the print scheduler is not running, the message scheduler is not running is displayed.

If the print scheduler is not running, start it.

# svcadm enable application/print/server

You can also use the /usr/lib/lpsched command to start the print scheduler. For more

information about the difference between starting the print scheduler by using the

/usr/lib/lpsched command or by using the svcadm enable application/print server command,

see “Starting the Print Scheduler With Options” on page 117.

Starting the Print Scheduler With Options:

There are two ways to pass options to the print scheduler by using SMF:

By modifying option values only for the duration of a call.

Use the /usr/lib/lpsched command with the appropriate options when you only want to

pass options to the print scheduler for the duration of a call.

By maintaining option values over a system reboot, or if the print scheduler is

restarted.

The SMF manifest for the print server contains properties that are utilized by the print

server start-up script. These property values are passed on to the print scheduler and represent

the options, which are set by using the svccfg command.

The properties are as follows:

lpsched/num_filters

lpsched/num_notifiers

lpsched/fd_limit

lpsched/reserved_fds

Any options that are not set with the svccfg command will use the default values that

are in the print scheduler

How to Set Printer Option Values That Remain Over a System Reboot:

Become superuser, lp,

# svccfg

svc:> select svc:/application/print/server

svc:/application/print/server> setprop property = value

svc:/application/print/server> quit

For each option that you want to set, repeat the setprop property = value command on

a separate line.

Verify that the option has been correctly set by displaying the current values of the print

server properties.

# svcprop svc:/application/print/server

Restart the print scheduler.

If the print scheduler is not running, use the following commands:

# svcadm refresh svc:/application/print/server

# svcadm enable svc:/application/print/server

If the print scheduler is running, use the following commands:

# svcadm refresh svc:/application/print/server

# svcadm restart svc:/application/print/server

To determine if the print scheduler is running, run the svcs application/print/server command.

Setting Printer Option Values That Remain Over a System Reboot

This example shows how to set the number of filters to 1. This option will remain set over a

system reboot, or if you restart the print scheduler.

# svccfg


svc:/application/print/server> setprop lpsched/num_filters = count: 1


This example shows how to set all options.

# svccfg


svc:/application/print/server> setprop lpsched/num_filters = count: 1

svc:/application/print/server> setprop lpsched/num_notifiers = count: 1

svc:/application/print/server> setprop lpsched/fd_limit = count: 4096

svc:/application/print/server> setprop lpsched/reserved_fds = count: 2


The following is a sample script that sets all options.

#!/bin/ksh

svccfg <<-EOF

select svc:/application/print/server

setprop lpsched/num_filters = count: 1

setprop lpsched/num_notifiers = count: 1

setprop lpsched/fd_limit = count: 4096

setprop lpsched/reserved_fds = count: 2

EOF

How to Add a Printer Description byUsing LP Print Commands:


Add a printer description.

# lpadmin -p printer-name -D "comment"

-p printer-name Specifies the name of the printer for which you are adding a description.

-D "comment" Specifies the characteristics of the printer, such as the location or

administrative contact. Enclose characters that the shell might interpret, such as *, ?, \, !, ^, in

single quotation marks.

Verify that the Description information is correct.

# lpstat -p printer-name -l

Adding a Printer Description

The following example shows how to add a printer description for the printer luna.

# lpadmin -p luna -D "Nathans office"

Setting Up a Default Printer Destination byUsing LP:

Print Commands:

You can specify a default printer destination for a user so that the user does not need

to type the printer name when using the print commands. Before you can designate a printer

as the default, the printer must be known to the print service on the system.

Set a user's default printer destination by setting any of the following:

LPDEST environment variable

PRINTER environment variable

The _default variable in the user's .PRINTERS file

The system's default printer by using the lpadmin -d command or Solaris

PrintManager

When an application provides a printer destination, that destination is used by the

print service, regardless of whether you have set a system's default printer destination. If an

application doesn't provide a printer destination or if you don't provide a printer name when

using a print command, the print command searches for the default printer in a specific order.

The following table shows the search order for a system's default printer destination.

How to Set a System's Default Printer Destination by Using LP Print Commands:

Log in as superuser, lp, or assume an equivalent role on the systemwhere youwant to set a

default printer.

Set the system's default printer.

# lpadmin -d [printer-name]

-d printer-name specifies the name of the printer you are assigning as the system's default

printer. If you don't specify printer-name, the system is set up with no default printer.

Check the system's default printer.

# lpstat –d

Setting a System's Default Printer Destination

The following example shows how to set the printer luna as the system's default

printer. The printer luna is used as the system's default printer if the LPDEST or the

PRINTER environment variables are not set.

# lpadmin -d luna

# lpstat -d

system default destination: luna

How to Limit User Access to a Printer by Using LP Print Commands:


Allowor deny users access to a printer.

# lpadmin -p printer-name -u allow:user-list [deny:user-list]

-p printer-name Specifies the name of the printer to which the allow or deny access list

applies.

-u allow:user-list Specifies the user names to be added to the allow access list. You can

specify multiple user names with this command. Use a space or a comma to separate names.

If you use spaces, enclose the list of names in quotation marks.

-u deny:user-list Specifies user names to be added to the deny user access list. You can

specify multiple user names with this command. Use a space or a comma to separate names.

If you use spaces, enclose the list of names in quotation marks.

The specified users are added to the allow or deny list for the printer in one of the following

files on the print server:

Note – If you specify none as the value for user-list in the allow list, the following files are

not created on the print server:

Verify that information is correct under the Users allowed or the Users denied heading in the

following command output:

# lpstat -p printer-name –l

Limiting User Access to a Printer

The following example shows how to allow only the users nathan and george access to the

printer luna.

# lpadmin -p luna -u allow:nathan,george

The following example shows how to deny the users nathan and george access to the printer

asteroid.

# lpadmin -p asteroid -u deny:"nathan george"

How to Check the Status of Print Requests:

Log in on any system on the network.

Check the status of printers and print requests.

Only the most commonly used options are shown here.

$ lpstat -o [list] | -u [user-list]

-o list Shows the status of print requests on a specific printer. list can be one or more printer

names, printer class names, or print request IDs.

To specify multiple printer names, class names, and IDs for list, use a space or a comma to

separate values. If you use spaces, enclose the list of values in quotation marks.

If you don't specify list, the status of print requests sent to all printers is displayed.

-u user-list Shows the status of print requests for a specific user. user-list can be one or more

user names.

To specify multiple users with this command, use a space or a comma to separate user

names. If you use spaces, enclose the list of names in quotation marks.

If you don't specify user-list, the status of print requests for all users is displayed.

When used to check the status of print requests, the lpstat command displays one line for

each print request.

From left to right, the line shows the following information:

Request ID

User

Output size in bytes

Date and time of the request,

Information about the request, such as “being filtered.”

Checking the Status of Print Requests

The following example shows that user fred has one print request queued on the printer luna.

$ lpstat

luna-1 fred 1261 Jul 12 17:34

The following example shows that the user paul currently has no print requests in queue.

$ lpstat -u paul

The following example shows that two print requests are queued on the printer moon.

$ lpstat -o moon

moon-78 root 1024 Jul 14 09:07

moon-79 root 1024 Jul 14 09:08

How to Enable or Disable a Printer:


Stop printing print requests.

# disable [-c | -W] [-r "reason"] printer-name

disable Cancels the current job, then disables the printer. The current job is saved to reprint

when the printer is enabled.

-c Cancels the current job, then disables the printer. The current job is not

printed later.

-W Waits until the current job is finished before disabling the printer.

-r "reason" Provides users with a reason why the printer is disabled. The reason is stored and

displayed whenever a user checks on the status of the printer by using the lpstat -p command.

printer-name Specifies the name of the printer that will stop printing print requests.

Note – You cannot enable or disable classes of printers. Only individual printers can be

enabled or disabled.

Start printing print requests.

# enable printer-name

Verify that the printer is enabled.

# lpstat -p printer-name

Enabling or Disabling a Printer

The following example shows how to stop the current job on the printer luna, save the job to

print later, and provide a reason why the printer has stopped printing print requests.

# disable -r "changing the form" luna

The following example shows how to start printing print requests on the printer luna.

# enable luna

printer "luna" enabled

How to Accept or Reject Print Requests for a Printer:


Stop accepting print requests for the printer.

# reject [-r "reason"] printer-name

-r "reason" Provides users with a reason why the printer is rejecting print requests. The reason

is stored and displayed whenever a user checks on the status of the printer by using the lpstat

-p command.

Start accepting print requests for the printer.

# accept printer-name

Check that the status of the printer to see whether it is accepting or rejecting print requests.

$ lpstat -p printer-name

Accepting or Rejecting Print Requests for a Printer

The following example shows how to stop the printer luna from accepting print requests.

# reject -r "luna is down for repairs" luna

destination "luna" will no longer accept requests

The following example shows how to set the printer luna to accept print requests.

# accept luna

destination "luna" now accepting requests

How to Cancel a Print Request:

If you are going to cancel the print requests of other users, then become superuser, lp,

or assume an equivalent role.

Determine the request IDs of the print requests to cancel.

# lpstat

# cancel request-id | printer-name

request-id Specifies the request ID of a print request to be canceled. You can specify multiple

request IDs with this command. Use a space or a comma to separate request IDs. If you use

spaces, enclose the list of request IDs in quotation marks.

printer-name Specifies the printer for which you want to cancel the currently printing print

request.

You can specify multiple printer names with this command. Use a space or a comma to

separate printer names. If you use spaces, enclose the list of printer names in quotation marks.

Verify that the print requests are canceled.

$ lpstat -o printer-name

The following example shows how to cancel the luna-3 and luna-4 print requests.

$ cancel luna-3 luna-4

request "luna-3" cancelled


The following example shows how to cancel the print request that is currently printing on the

printer luna.

# cancel luna


How to Cancel a Print Request Froma Specific User:

(Optional) Become superuser, lp, or assume an equivalent role if you are going to cancel the

print requests of other users.

Cancel a print request froma specific user.

$ cancel -u user-list [printer-name]

-u user-list Cancels the print request for a specified user.

user-list can be one or more user names. Use a space or a comma to separate user names. If

you use spaces, enclose the list of names in quotation marks

printer-name Specifies the printer for which you want to cancel the print requests for a

specified user.

printer-name can be one or more printer names. Use a space or a comma to separate printer

names. If you use spaces, enclose the list of printer names in quotation marks.

If you don't specify the printer-name, the print requests for the specified user is canceled on

all printers.

Canceling a Print Request From a Specific User

The following example shows how to cancel all the print requests submitted by the user

George on the printer luna.

# cancel -u george luna


The following example shows how to cancel all the print requests submitted by the user

George on all printers.

# cancel -u george

request "asteroid-3" cancelled


HowtoMove Print Requests to Another Printer:

To move all print requests from one printer to another printer, you do not need to

know the request IDs.However, first determine how many print requests are affected before

you move them.


(Optional) Determine if the request IDs of the print requests on the original printer.

# lpstat -o printer-name1

(Optional) Check to see if the destination printer is accepting print requests.

# lpstat -a printer-name2

-a printer-name2 reports whether print destinations are accepting requests.

Move all the print requests fromthe original printer to the destination printer.

# lpmove printer-name1 printer-name2

printer-name1 Specifies the name of the printer from which all print requests will be moved.

printer-name2 Specifies the name of the printer to which all print requests will be moved.

If some requests cannot be printed on the destination printer, the requests are left in

the original printer's queue. By using request IDs, you can also move specific print requests

to another printer by using the lpmove command.

Start accepting print requests on the original printer.

If you move all the print requests to another printer, the lpmove command

automatically stops accepting print requests for the printer. This step is necessary if you want

to begin accepting new print requests for the printer.

# accept printer-name1

Check for any remaining print requests in the original printer's queue.


Ensure that all specified print requests were moved to the destination printer's queue.


Moving Print Requests to Another Printer

The following example shows how to move print requests from the printer luna to the printer

terra. Then, the original printer, luna, is instructed to resume accepting print requests.

# lpmove luna terra

# accept luna

How to Change the Priority of a Print Request:

Log in as superuser, lp, or assume an equivalent role on the print server that is holding the

print request.

Determine the request IDs of the print requests whose priority youwant to change.

# lpstat

# lp -i request-id -H change-priority

-i request-id Specifies the request ID of a print request you want to change.

You can specify multiple request IDs with this command. Use a space or a comma to separate

request IDs. If you use spaces, enclose the list of request IDs in quotation marks.

-H change-priority Specifies one of the three ways to change the priority of a print request:

hold, resume, immediate.

The following example shows how to change a print request with the request ID asteroid-79,

to priority level 1.

# lp -i asteroid-79 -q 1

Solaris Part1

Documents

Transcript of Solaris Part1