Training Professional Training Professional CenterCenter
11
หลั�กสู�ตรหลั�กสู�ตรUNIX Solaris System & UNIX Solaris System & Network Administrator Network Administrator
วิทยากรวิทยากร: : ขจร สูนอภิรมย�สูราญขจร สูนอภิรมย�สูราญ
Training Professional Training Professional CenterCenter
22
IntroductionIntroduction
แนะน��ก�รฝึกอบรม แนะน��วิ�ทย�กร และผู้��ช่�วิยวิ�ทย�กร แนะน��ผู้��เข้��ฝึกอบรม
ควิ�มค�ดหวิ�ง จุ�ดประสงค"และเน#$อห�ข้องหล�กส�ตร
Training Professional Training Professional CenterCenter
33
แนะน�าวิทยากร แลัะผู้��เร�ยน แนะน�าวิทยากร แลัะผู้��เร�ยน วิ�ทย�กร
ข้จุร ส�นอภิ�รมย"สร�ญ Unix System and Network Administration
(Solaris, Linux, FreeBSD) Microsoft Windows 2003
System Environment, Active Directory, Network Infrastructure
Cisco Network Fundamental Information Security Consultant
Training Professional Training Professional CenterCenter
44
แนะน�าผู้��เข�าฝึ�กอบรมแนะน�าผู้��เข�าฝึ�กอบรม ช่#)อ-น�มสก�ล ต��แหน�ง หน��ท*)ร �บผู้�ดช่อบ ควิ�มค�ดหวิ�ง
Training Professional Training Professional CenterCenter
55
จ!ดประสูงค์�จ!ดประสูงค์� หล�กส�ตรน*$เหม�ะส��หร�บ
Unix System Administrator (Solaris) น�กวิ�ช่�ก�รท*)สนใจุ
ควิ�มร� �พื้#$นฐ�น ควิรม*ประสบก�รณ์"เก*)ยวิก�บระบบคอมพื้�วิเตอร" Unix Perform basic Unix tasks Understand basic Unix commands Use vi text editor Interact with a windowing system
Training Professional Training Professional CenterCenter
66
เน&'อหาของหลั�กสู�ตรเน&'อหาของหลั�กสู�ตร
Day 1 Introduction Solaris System Administration Basic OS Commands Understanding Shells User Accounts and Groups Rights and Roles File Systems, Backup and Recovery Administering Devices
Training Professional Training Professional CenterCenter
77
เน&'อหาของหลั�กสู�ตรเน&'อหาของหลั�กสู�ตร ((ต(อต(อ))
Day 2 Administering Systems Printing Service Network Service & Remote access Software Packages & Patches Tuning & Recognizing File Access Problems New Feature Enhancements in Solaris 10
Training Professional Training Professional CenterCenter
88
Day1Day1
1. Introduction Solaris System Admin
2. Basic OS Commands
3. Understanding Shells
4. User Accounts and Groups
5. Rights and Roles
6. File Systems
Training Professional Training Professional CenterCenter
99
1. Introduction Solaris System Admin
Training Professional Training Professional CenterCenter
1010
Path StructurePath Structure
data
KenJohn
/
bin dev etc Home tmp usr
datadoc
sbin
export var
mnt
Training Professional Training Professional CenterCenter
1111
DemonstrationDemonstration
Login with root root Password
# pwd cd / ls –l ls –l h*
Training Professional Training Professional CenterCenter
1212
LAB1-1: Server Preparation1-1: Server Preparation
1. Enable 3 Solaris systems (By VMWare) Duplicate 3 VMs Introduce VMWare with Solaris 10 Introduce Solaris 10 (CDE, Java Desktop System-Gnome)
2. Set server information vi command
Command Mode ESC
Edit Mode Key – i Insert Key –a Append
Exit vi ESC :q! , ZZ
Save text EST :wq!
Define host name /etc/hosts
suwit001, suwit002, suwit003 /etc/hostname.<Interface> /etc/nodename
Training Professional Training Professional CenterCenter
1313
LAB1-1: Server Preparation1-1: Server Preparation
1. Set network properties Define IP addresses
/etc/hosts
/etc/hosts (Map IP – Hostname)Type 192.168.1.73 suwit001
/etc/hostname.pcn0 (ก�าหนด IP ให� NIC)Type suwit001 (ก�าหนดให�ตรงก�บไฟลั� /etc/hosts)
/etc/nodename (hostname)Type suwit001 (ก�าหนดให�ตรงก�บไฟลั� /etc/hosts)
$> init 6 (reboot)
Training Professional Training Professional CenterCenter
1414
1.1 SPARC and IA System Admin Difference1.1 SPARC and IA System Admin Difference
CategoryCategory SPARCSPARC IAIASystem operation before kernel load
OpenBoot PROM BIOSSolaris Device Config Assistant MDB (Multiple Device Boot)
Booting system Command Option at PROM Command Option at MDB
Training Professional Training Professional CenterCenter
1515
1.1 SPARC and IA System Admin Difference1.1 SPARC and IA System Admin Difference
CategoryCategory SPARCSPARC IAIABoot Program bootblk (Pri. boot program)
ufsboot (Sec. boot program)load kernel
mboot (MBR) pboot (Solaris Partition boot program) bootblk
(Pri. boot program)ufsboot (Sec. boot program)load kernel
Training Professional Training Professional CenterCenter
1616
1.1 SPARC and IA System Admin Difference1.1 SPARC and IA System Admin Difference
CategoryCategory SPARCSPARC IAIASystem Shutdown shutdown,init w/o
interventionshutdown,init w/ intervention
Disk Controller SCSI, IDE SCSI and IDE
Disk slice and partition Max. 8 slices (0-7) DiskMax. 4 fdisk partition
Sol fdisk 10 slices (0-9) but 0-7 store data
Diskette drive 3.5-inch diskette drive 3.5, 5.25-inch
Training Professional Training Professional CenterCenter
1717
1.2 Solaris System Software Evolution1.2 Solaris System Software Evolution
ReleaseRelease FeatureFeatureSolaris 1.0 (SunOS 4.x) Berkeley (BSD) Unix
Solaris 2.0 (SunOS 5.0) SVR4 (AT&T) and BSD
Solaris 2.1 (SunOS 5.1) Admin ToolsGUI, Print/Accout Manager,
Solaris 2.2 (SunOS 5.2) Vol ManagerCDROM
Solaris 2.3 (SunOS 5.3) VFS,Online Backup, PAM, PPP, CacheFS (NFS), NIS+
Solaris 2.4 (SunOS 5.4) Motif GUI (Installation)
Solaris 2.5 (SunOS 5.5) PAX,Soltice Admin Suite, Process Tool (/proc), Telnet client (4.4 BSD version), Improve rlogind, telnetd
Solaris 2.5.1 (SunOS 5.5.1) UserID,GroupID extend to max. sign integer
Solaris 2.6 (SunOS 5.6) Printing Software (NIS,NIS+), Large file support (UFS,NFS, CacheFS), NFS Kerberos use DES, RPC (GSS-API), Y2K compliance, WebNFS, JVM 1.1
Training Professional Training Professional CenterCenter
1818
ReleaseRelease FeatureFeatureSolaris 7 (SunOS 5.7) 64bits (SPARC only), LDAP, Dynamic reconfiguration, AnswerBook2,
Unicode, RPC security, CDE (new tools)
Solaris 8 (SunOS 5.8) IPv6, Naming LDAP, Java2, Wizard (Installation), UDF (Universal Disk Format), DVD, Smart card, PDA, Multilanguage (90 locals,37 langs), XServer (X11R6.4), RBAC (Role-Based Access Control)
Solaris 8 (SunOS 5.8) (6/00) Mobile IP, Removable Media (DVD,Zip,Jaz,CDROM,diskette)
Solaris 8 (SunOS 5.8) (10/00) IP Multipathing with NICs, WBEM (Web-Based Enterprise Management, Print USB
Solaris 8 (SunOS 5.8) (1/01) LDAP+iPlanet WebServer, SMC 2.0 (RBAC), WBEB (init.wbem, update security, SMC Log viewer), USB (Sun Blade 100, 1000 and Sun Ray system)
Solaris 8 (SunOS 5.8) (4/01) New BIND, sendmail 8.10, IP multipathing with dynamic reconfiguration (DR), Mobile IP (reverse tunnel)
Solaris 8 (SunOS 5.8) (7/01) PPP 4.0 (async,sync comm., PAP, CHAP), NCA (Solaris Network Cache Accelerator), IP Multipathing (IPMP reboot safe)
Solaris 8 (SunOS 5.8) (10/01) DR 3.0 (Automated DR), USB (KB,Mouse,Printer,Audio)
Solaris 8 (SunOS 5.8) (2/02) RPC (Sun ONC+ async protocol)
1.2 Solaris System Software Evolution1.2 Solaris System Software Evolution
Training Professional Training Professional CenterCenter
1919
ReleaseRelease FeatureFeatureSolaris 9 (SunOS 5.9) Resource Manager (allocate resource), Fixed-priority (FX), Web Start
Flash Install (master,clone), Live Upgrade, New option (df, du, ls, 1K unit), pargs and preap (process debugging), NIS+ LDAP, Sun Internet FTP Server, sendmail 8.12, Improve NCA, IPMP (link-up-down), Mobile IP (advertise dynamic if), BIND 8.2.4, Solaris volume manager, SMC 2.1 (6 new tools), smpatch, Solaris Secure Shell, cdrw (Write CD)
Solaris 10 (SunOS 5.10) X86/X64, SPARC
Solaris Container – Grid Container (Isolate App, Service, Allocate resource, Increase resource utilization)
Solaris Secure Execution (File Integrity and Secure Execution, User&Process Right Management, IP Filter Firewall, Cyptographic Service/Secure, Enterprise Authentication – LDAP,PW,MD5,Kerberos,Smartcard)
Solaris Dynamic Tracing (easy to analyze, debug, optimize system, App in Realtime, Patch Management)
Solaris Predictive Self Healing (Auto diagnostic, isolate recovery from H/W, App fault)
1.2 Solaris System Software Evolution1.2 Solaris System Software Evolution
Training Professional Training Professional CenterCenter
2020
1.3 Understanding Superuser Statusnding Superuser Status
Special UID = 0 (/etc/passwd) Root Perform system admin tasks
mount/unmount file system change ownership or permission backup/restore create device file shutdown system
Training Professional Training Professional CenterCenter
2121
LAB1-2: Become Superuser (su) LAB1-2: Become Superuser (su)
1. Switch user at shell prompt Shell prompt ($>, %>), type su Enter password (root) Environment enable, type su –
su – root su – user1
Exit Superuser status, type exit
Training Professional Training Professional CenterCenter
2222
LAB1-2: Become Superuser (su) LAB1-2: Become Superuser (su)
2. Logging in as Root Login prompt,
type root (Enter) type password (Enter)
Add user $> useradd –d /export/home/username username
Check logon user $> who am i $> id $> w $> finger
Training Professional Training Professional CenterCenter
2323
ScreenshotScreenshot
Training Professional Training Professional CenterCenter
2424
1.4 Communicating with Users1.4 Communicating with Users
Message Of The Day (motd) /etc/motd
Send Message to Individual User write username write username < filename
Send Message to All Users on System or Network wall rwall –n group
walld /etc/inetd.conf
Send Message by E-mail
Training Professional Training Professional CenterCenter
2525
1.5 Starting Up Systems1.5 Starting Up Systems
Choosing and Init State 0 – Go to Firmware S or s – Single mode (single logon) 1 – Single admin mode – mount all file system 2 – Multi-user without NFS (Network File System) 3 – Multi-user with NFS 4 – No use 5 – Power off (shutdown running services) 6 – Reboot (shutdown running services and restart)
Training Professional Training Professional CenterCenter
2626
1.5 Starting Up Systems1.5 Starting Up Systems
The /etc/inittab file Default run level for system Process start, monitor, and restart if terminate Action to take when system enter new run level
id:rstate:action:processid:rstate:action:process
Training Professional Training Professional CenterCenter
2727
1.5 Starting Up Systems1.5 Starting Up Systems
Run Control Scripts /sbin/rc0 /sbin/rc1 /sbin/rc2 /sbin/rc3 /sbin/rc5 and /sbin/rc6 /sbin/rcS
Finding Run Level for System who -r
Training Professional Training Professional CenterCenter
2828
1.5 Starting Up Systems1.5 Starting Up Systems
Run Control Script Form
S,K[0-9][a-z][A-Z] S10webserver S20dbserver
/etc/rc3.d S10webserver S20dbserver
Training Professional Training Professional CenterCenter
2929
1.5 Starting Up Systems1.5 Starting Up Systems
Using Run Level Run Level 0 Run Level s and S Run Level 1 Run Level 2 Run Level 3 Run Level 4 Run Level 5 Run Level 6
Training Professional Training Professional CenterCenter
3030
1.5 Starting Up Systems1.5 Starting Up Systems
Change Run Level Become superuser $> telinit [run level] (Recommend) $> init [run level] shutdown –y –g [period] –i [run level] [message]
Example shutdown –y –g 30 –i 6 “System will shutdown”
Training Professional Training Professional CenterCenter
3131
1.5 Starting Up Systems1.5 Starting Up Systems
Booting Protocols SPARC Platform (OpenBoot PROM)
bootblk ufsboot kernel init
IA Platform (PC BIOS) mboot (Master Boot Record) pboot (Partition boot program) bootblk ufsboot kernel init
Training Professional Training Professional CenterCenter
3232
1.5 Starting Up Systems1.5 Starting Up Systems
Booting System Turn off system power because of power outage Change kernel parameters in /etc/system Perform system maintenance, backup or restore
system data Repair system configuration file /etc/system Changing pseudo device parameters in /etc/system Add or remove hardware from system Boot kernel debugger to track down system problem
Training Professional Training Professional CenterCenter
3333
1.5 Starting Up Systems1.5 Starting Up Systems
view Boot Message /var/adm/messages
Crash Dump & Reboot system halt –d (save in swap file system) dumpadm (configure crash dump) savecore (/var/crash/hostname)
Boot System for Recovery Purpose SPARC IA
Training Professional Training Professional CenterCenter
3434
1.5 Starting Up Systems1.5 Starting Up Systems
Boot System for Recovery Purpose SPARC IA
Boot from Solaris 10 Installation CD Screen selection mode
b –s $> mount /dev/dsk/c0d0s0 /a $> cd /a/etc $> vi passwd $> vi shadow (in case of password recovery)
Training Professional Training Professional CenterCenter
3535
1.5 Starting Up Systems1.5 Starting Up Systems
Search text in file grep “search string” filename $> grep “Aug 22 13:56” /var/adm/message $> grep –i “Aug 22 13:56” /var/adm/message egrep
Create file with zero byte $> cat > filename $> touch filename $> vi filename (save and exit)
Training Professional Training Professional CenterCenter
3636
1.5 Starting Up Systems1.5 Starting Up Systems
Shutdown System Turn off system power Install a new release Prepare power outage Add hardware to system Perform maintenance file system
Training Professional Training Professional CenterCenter
3737
1.5 Starting Up Systems1.5 Starting Up Systems
Shutdown System Recommendation
/usr/sbin/shutdown /etc/telinit and /sbin/init
Not Recommendation /usr/sbin/halt /usr/sbin/reboot
/usr/sbin/uadmin 2 0
Training Professional Training Professional CenterCenter
3838
1.5 Monitoring Processes1.5 Monitoring Processes
$> ps $> ps –ef | grep userid $> prstat
Training Professional Training Professional CenterCenter
3939
Check boot configurationCheck boot configuration
$> cd /usr/platform/i86pc$> eeprom
Training Professional Training Professional CenterCenter
4040
Desktop Resolution SettingDesktop Resolution Setting
1. Command Login prompt2. Login as root3. $> kdmconfig4. Follow step
- Xsun server- XF86 VMWare- MutipleFrequency 56kHz- 800x600 @16777777
Training Professional Training Professional CenterCenter
4141
Review all exercisesReview all exercises
System startup Vi Su Adduser
Training Professional Training Professional CenterCenter
4242
2. Basic OS Commands
Training Professional Training Professional CenterCenter
4343
List file in directoryList file in directory
$> pwd (Check current pathname) $> ls $> ls –l
Show detail of file Permission Ownership/Group File size Last update date Link (symbolic link)
$> ls –la Show hidden file (prefix (.) )
Training Professional Training Professional CenterCenter
4444
Monitoring Disk usageMonitoring Disk usage
df หร#อ df /dev/dsk/c1d0d2
Training Professional Training Professional CenterCenter
4545
Monitoring Disk usage (cont.)Monitoring Disk usage (cont.)
du
Training Professional Training Professional CenterCenter
4646
File permissionFile permission
rwxrwxrwx filenamer = Readw = Writex = Execute
Ownershipu = Userg = Groupo = Other
Example:rw-rw-rw- root superuser /etc/hosts110110110 666rwxrwxrwx 777r-xr-xr-x 555
Training Professional Training Professional CenterCenter
4747
Changing File permissionChanging File permission
chmod1. $> chmod 777 filename
rwxrwxrwx filename $> chmod 744 filename
rwxr--r--2. $> chmod u-w filename
r-xrwxrwx3. $> chmod u+w filename
rwxr--r--
Sign ‘+’ = add permissionSign ‘-’ = del permission
Training Professional Training Professional CenterCenter
4848
User mask (umask)User mask (umask)
Setting default permission with umask It’s subtract 666-umask value (666-222=444, 222 is umask
value)
Example Umask 022 touch data.txt ls -l
Training Professional Training Professional CenterCenter
4949
Sticky bit permissionsSticky bit permissions
Protected files from being deleted by other users Should be set on the top-level directory Example
chmod +t somedir
Training Professional Training Professional CenterCenter
5050
Access Control ListAccess Control List
getfacl
setfacl
Example setfacl –m user:username:r– secret.doc
Training Professional Training Professional CenterCenter
5151
Change ownership of fileChange ownership of file
Chown $> chown userid:groupid filename
Finding file in system find <path> -name filename –print $> find / -name passwd –print
view content of file $> more filename Key ‘/’ search-text Key ‘n’ next search-text
Training Professional Training Professional CenterCenter
5252
view at the end of file (tail)view at the end of file (tail)
$> tail filename (show last 10 lines) $> tail –f filename (view last update
information)
view at the beginning of file (head)
$> head filename (show first 10 lines)
Training Professional Training Professional CenterCenter
5353
Solaris Management Console (SMC)Solaris Management Console (SMC)
$> smc & (background running) $> smc (forground running)
Key ‘Ctrl-Z’ Key ‘bg’ Key ‘fg’
Find Disk space $> df –k (1K block) $> df –h (1K unit – KB, MB,GB)
Find Disk Usage $> du –k [pathname] (1k block) $> du –h [pathname] (1K unit – KB, MB,GB)
Training Professional Training Professional CenterCenter
5454
2.1 Finding User Information
$> who -r
Training Professional Training Professional CenterCenter
5555
2.2 Creating & Editing Files
$> vi filename Command mode (Key ‘ESC’) Edit mode (Key ‘i’, ‘a’)
$> cat > filename $> touch filename
Training Professional Training Professional CenterCenter
5656
2.3 Using Manual Page
$> man [keyword] $> man useradd $> man mkdir $> man man
Training Professional Training Professional CenterCenter
5757
2.4 Finding Disk Information2.4 Finding Disk Information
$> df –k $> df –h
$> man df
Training Professional Training Professional CenterCenter
5858
Set EnvironmentSet Environment
set command
Training Professional Training Professional CenterCenter
5959
Set ParameterSet Parameter
Training Professional Training Professional CenterCenter
6060
3. Understanding Shells3. Understanding Shells
Training Professional Training Professional CenterCenter
6161
3.1 Tasks Common to All Shells3.1 Tasks Common to All Shells
Aliases History list .profile .cshrc
Training Professional Training Professional CenterCenter
6262
AliasesAliases
Example Alias dir = “ls –al”
Training Professional Training Professional CenterCenter
6363
History listHistory list
Example History ![number] for calling
Training Professional Training Professional CenterCenter
6464
.profile.profile
.profile can contain any commands and environment settings
Example TERM=vt220; export TERM Define in /etc/skel/profile.local
Training Professional Training Professional CenterCenter
6565
.cshrc.cshrc
Training Professional Training Professional CenterCenter
6666
Environment VariablesEnvironment Variables
Environment Variable
Example:
Training Professional Training Professional CenterCenter
6767
Shell commandShell command
Source (.) Basename Cat Cd Chgrp Date Find Grep
Training Professional Training Professional CenterCenter
6868
Shell command (cont.)Shell command (cont.)
Head Less Ls Mkdir More Pwd Rmdir tail
Training Professional Training Professional CenterCenter
6969
Source (.)Source (.)
Common Path /etc/myscript.sh
Source Path .myscript.sh sh myscript.sh ./myscript.sh
Training Professional Training Professional CenterCenter
7070
DemonstrationDemonstration
Shell Command Source (.) Basename Cat Cd Chgrp Date Find Grep
Grep Head Less Ls Mkdir More Pwd Rmdir Tail wc
Training Professional Training Professional CenterCenter
7171
Changing Shells from command lineChanging Shells from command line
$> csh $> ksh $> sh $> bash $> tcsh
Exit from Shells $> exit
Training Professional Training Professional CenterCenter
7272
Shell ScriptsShell Scripts
.Profile script Shell argument
Training Professional Training Professional CenterCenter
7373
Demonstration: Shell script #1Demonstration: Shell script #1
touch count_line.sh Chmod +x count_lines.sh vi count_lines.sh
#!/bin/sh Echo “Number of lines infile” $1 wc –l $1
Execute ./count_lines.sh /etc/group
Training Professional Training Professional CenterCenter
7474
Demonstration: Shell script #2Demonstration: Shell script #2
vi count_lines.sh #!/bin/sh If test –a $1 then echo “Number of lines infile” $1 wc –l $1 Else
Echo “the file” $1” does not exist” fi
Execute ./count_lines.sh /etc/group
Training Professional Training Professional CenterCenter
7575
Demonstration: Shell script #3Demonstration: Shell script #3
vi count_lines.sh #!/bin/sh If test –r $1 then echo “I can read the file” $1 else
Echo “I can’t read the file” $1
fi Execute
./count_lines.sh /etc/group
Training Professional Training Professional CenterCenter
7676
Test facility Test facility
-a All -b file is a special block file. -c file is a special character file. -d file is a directory. -f File is a normal file -h File is a symbolic link. -p File is a named pipe. -s File has nonzero size. -w File is writable by the current user. -x File is executable by the current user.
Training Professional Training Professional CenterCenter
7777
Demonstration: Shell script Looping #1Demonstration: Shell script Looping #1
touch loop1.sh vi loop1.sh
#!/bin/sh For i in apple orange lemon kiwi guava Do
DATAFILE=$i”.dat” echo “Checking” $DATAFILE if test –s $DATAFILE then
echo $DATAFILE “is OK” else
echo $DATAFILE “has zero-length” fi
done
Training Professional Training Professional CenterCenter
7878
4. User Accounts and Groups4. User Accounts and Groups
Training Professional Training Professional CenterCenter
7979
Database User&Group InfrastructureDatabase User&Group Infrastructure
/etc/passwd
/etc/shadow
/etc/group
Root
Training Professional Training Professional CenterCenter
8080
4.1 Tools for Adding and Admin User Accounts4.1 Tools for Adding and Admin User Accounts
$> smc & $> useradd $> userdel
Creating password for user $> passwd username
Training Professional Training Professional CenterCenter
8181
4.2 Adding an user Account (smc)4.2 Adding an user Account (smc)
Training Professional Training Professional CenterCenter
8282
Adding an user account (useradd)Adding an user account (useradd)
Example
Training Professional Training Professional CenterCenter
8383
How to use useraddHow to use useradd
Training Professional Training Professional CenterCenter
8484
Create Multiple UsersCreate Multiple Users (smc)(smc)
Training Professional Training Professional CenterCenter
8585
Create Multiple Users (cont.)Create Multiple Users (cont.)
Training Professional Training Professional CenterCenter
8686
Delete user (userdel)Delete user (userdel)
Example Userdel –r user1
Training Professional Training Professional CenterCenter
8787
4.3 Setting Up & Admin Groups (smc)4.3 Setting Up & Admin Groups (smc)
Training Professional Training Professional CenterCenter
8888
GroupaddGroupadd
Example Groupadd office Groupadd –g 120 engineer
/etc/group
Training Professional Training Professional CenterCenter
8989
GroupmodGroupmod
Training Professional Training Professional CenterCenter
9090
Change PasswordChange Password
Password
root
owner
Training Professional Training Professional CenterCenter
9191
5. Rights and Roles5. Rights and Roles
Training Professional Training Professional CenterCenter
9292
5.1 Using SMC to Grant Access Rights to Users5.1 Using SMC to Grant Access Rights to Users
Training Professional Training Professional CenterCenter
9393
5.2 Using SMC to Admin Role Accounts5.2 Using SMC to Admin Role Accounts
Training Professional Training Professional CenterCenter
9494
Using SMC to Admin Role Accounts (cont.)Using SMC to Admin Role Accounts (cont.)
Training Professional Training Professional CenterCenter
9595
5.3 RBAC Databases5.3 RBAC Databases
/etc/user_attr/etc/security/auth_attr
Root
RolesRights
Training Professional Training Professional CenterCenter
9696
5.4 Command to Manage RBAC5.4 Command to Manage RBAC
Training Professional Training Professional CenterCenter
9797
6. File Systems
Training Professional Training Professional CenterCenter
9898
File System OverviewFile System Overview
New Disk
Controller
SCSI/IDE
target No target
DiskCwTxDySz
Slice0
Slice1
Training Professional Training Professional CenterCenter
9999
Disk arrangementDisk arrangement
Cwtxdysz Example
C0t0d0s0 C : Controller T : Target D : Disk S : Slice (partition)
Training Professional Training Professional CenterCenter
100100
FormattingFormatting
Example Format , Press Enter key.
Training Professional Training Professional CenterCenter
101101
TypeType of File Systemsof File Systems
Disk based Network based virtual (formerly pseudo)
Disk based file system UFS (Unix File System) HSFS (ISO 9660)
CDROM Readonly PCFS (PC File System)
DOS-format, Floppy disk UDFS (Universal Disk Format file system)
(CDRW, DVD-ROM)
Training Professional Training Professional CenterCenter
102102
TypeType of File Systemsof File Systems
Network based NFS (Network File System)
NFS Server NFS Client
virtual File System CacheFS
Boot CDROM, mount file system store in Memory TMPFS (Temporary File System)
/tmp, /var/run
Training Professional Training Professional CenterCenter
103103
TypeType of File Systemsof File Systems
virtual File System CacheFS
Boot CDROM, mount file system store in Memory
TMPFS (Temporary File System) /tmp, /var/run
PROCFS (Process file system) /proc
Training Professional Training Professional CenterCenter
104104
Example: FormattingExample: Formatting
IDE
Disk
Fdisk
Partition
NewFS > mnt
Training Professional Training Professional CenterCenter
105105
Adding new HarddiskAdding new Harddisk
$> touch /reconfigure $> telinit 5 Install new HDD+ Power on $> format
0: c0d0 1: c0d1 2: c0d2
Training Professional Training Professional CenterCenter
106106
Adding new HarddiskAdding new Harddisk
$> format format> partition partition> help partition> 0 (0-7) partition> tag id partition> permission flag (wm) partition> size (Cylinder) partition> label (Save partition) partition> quit
Training Professional Training Professional CenterCenter
107107
Adding new HarddiskAdding new Harddisk
$> newfs /dev/rdsk/c0d[1]s[0] $> man newfs
Mounting file system Create mount point $> mkdir /export/software
/export/software /dev/dsk/c0d1s0 $> mount /dev/dsk/c0d1s0 /export/software
Training Professional Training Professional CenterCenter
108108
Adding new HarddiskAdding new Harddisk
Mount on booting Edit in file /etc/vfstab
Training Professional Training Professional CenterCenter
109109
Setting up Disk SlicesSetting up Disk Slices
SliceSlice File systemFile system DescriptionDescription Client/ServerClient/Server
0 Root Hold files and directories that make OS Both
1 Swap Provide virtual memory or swap space Both
2 Backup Refer to the entire disk, by format command Both
3 - Up to design Both
4 - Up to design Both
5 /opt Hold App software added to the system Both
6 /usr Hold OS command, run by users, document, system program
Both
7 /export/home Hold home folder from remote system Both
8 - Contain the boot slice info at the beginning of Solaris partition – enable boot from HDD
Both
9 - Provide area reserved for alternative disk block. Alternative sector slice.
Both
Training Professional Training Professional CenterCenter
110110
Day 2Day 2
7. Administering Systems8. Printing Service9. Network Service & Remote access10. Software Packages & Patches11. Tuning & Recognizing File Access Problems12. New Feature Enhancements in Solaris 10
Training Professional Training Professional CenterCenter
111111
7. Administering Systems
Training Professional Training Professional CenterCenter
112112
Determine HostidDetermine Hostid
$> hostid $> sysdef –h $> sysdef > /tmp/sysdef.txt
Host information $> uname –a
Display System Information $> prtconf
Training Professional Training Professional CenterCenter
113113
How long a system has been upHow long a system has been up
$> uptime
Find system was booted $> who –b
System date / time $> dateSetting date / time $> date mmddHHMMyy
Training Professional Training Professional CenterCenter
114114
Changing TimezoneChanging Timezone
Edit in file /etc/TIMEZONE TZ=“Asia/Bangkok”
The complete list of time zone variables /usr/share/lib/zoneinfo
Training Professional Training Professional CenterCenter
115115
Checking the data consistency of File systemChecking the data consistency of File system
$> fsck /dev/rdsk/c0d1s0
Finding whether need to checking /dev/rdsk/c0d1s0 /export/data $> umount /export/data $> fsck –m /dev/rdsk/c0d1s0 If need, init S or s $> fsck /dev/rdsk/c0d1s0 $> man fsck
Training Professional Training Professional CenterCenter
116116
Backup & Restore File SystemBackup & Restore File System
Tape Device /dev/rmt/0 Tape 1 /dev/rmt/1 Tape 2
Backup file system $> ufsdump 0cuf /dev/rmt/0 /dev/dsk/c0d0s0 $> man ufsdump
Restore file system $> ufsrestore $> man ufsrestore
Training Professional Training Professional CenterCenter
117117
Ufsdump CommandUfsdump Command
Training Professional Training Professional CenterCenter
118118
Ufsdump parameterUfsdump parameter
/usr/sbin/ufsdump [options] [arguments] files to dump Options
-f : dump to file -u: update the dump record -v: verify -c: Cartridge Example
Entire Slice> Tape : ufsdump 5fuv /dev/rmt/1 /dev/rdsk/c0t3d0s6
Training Professional Training Professional CenterCenter
119119
Ufsrestore CommandUfsrestore Command
Training Professional Training Professional CenterCenter
120120
Ufsrestore parameterUfsrestore parameter
/usr/sbin/ufsrestore -i : Interfactive -f : Restore selected file -t : Testing -a: archive_file
Example Restore Entire Media: ufsrestore if /tmp/backup.dat
Training Professional Training Professional CenterCenter
121121
Ufsrestore (Interactive)Ufsrestore (Interactive)
Training Professional Training Professional CenterCenter
122122
Backup & Restore File SystemBackup & Restore File System
Backup Strategy Full Backup Differential Backup Incremental Backup
Full
Full
Full
D
TUEMON WED THU FRI
DIFF
INC
NORM Full Full Full Full
D D D
I I I I
Training Professional Training Professional CenterCenter
123123
Backup & Restore File SystemBackup & Restore File System
/dev/dsk/c0d0s0 /dbasefile
/dev/dsk/c0d1s0 /backup
$> ufsdump 0a /backup/full.dat /dev/dsk/c0d0s0 /backup/full.dat
$> ufsdump 0c /dev/rmt/0 /dev/dsk/c0d0s0
Training Professional Training Professional CenterCenter
124124
Backup & Restore File SystemBackup & Restore File System
List Table of content $> ufsrestore ta /backup/full.dat
Extract data from backup device $> ufsrestore ia /backup/full.dat ufsrestore> help ufsrestore> ls ufsrestore> add [filename] ufsrestore> extract
Training Professional Training Professional CenterCenter
125125
Backup & Restore File SystemBackup & Restore File System
Disk Duplicate Backup full disk space $> dd if=/dev/dsk/c0d0s2 of=/dev/dsk/c0d1s2
Tar file $> cd / $> tar cvf /export/data/full.tar ./etcUntar file $> cd /export/extract $> tar xvf /export/data/full.tar [.]
$> compress –f full.tar full.tar.Z $> uncompress full.tar.Z tar xvf full.tar
$> tar cvf - ./etc | gzip - > /export/data/full.tgz $> gunzip full.tgz tar xvf full.tar
Training Professional Training Professional CenterCenter
126126
Creating data CDsCreating data CDs
$> cdrw
Training Professional Training Professional CenterCenter
127127
8. Printing Service
Training Professional Training Professional CenterCenter
128128
Printer OverviewPrinter Overview
ServerPrinter
Print Device
Print DeviceClient
Desktop
Training Professional Training Professional CenterCenter
129129
Solaris Print ManagerSolaris Print Manager
Training Professional Training Professional CenterCenter
130130
Printer ManagerPrinter Manager
$> /usr/sadm/admin/bin/printmgr & Name service = File Click Menu Printer
Add Attached Printer Add Network Printer
$> lpadmin $> lpq
Training Professional Training Professional CenterCenter
131131
New Attach PrinterNew Attach Printer
Training Professional Training Professional CenterCenter
132132
Setting Print Server (P421-422)Setting Print Server (P421-422)
Printer Name Server Name Network printer access name IP address for the printer Protocol (TCP)
Training Professional Training Professional CenterCenter
133133
How to Set Printer with command lineHow to Set Printer with command line
Install printer Install Printer Device Lpadmin Accept (Print Queue) Enable (Activate Printer for Lp)
Monitoring Lpstat
Using Printer Lp, Lpr
Training Professional Training Professional CenterCenter
134134
Lpadmin commandLpadmin command
Training Professional Training Professional CenterCenter
135135
Example: Lpadmin Example: Lpadmin
Training Professional Training Professional CenterCenter
136136
Accept CommandAccept Command
Training Professional Training Professional CenterCenter
137137
Enable CommandEnable Command
Training Professional Training Professional CenterCenter
138138
Lpstat CommandLpstat Command
Training Professional Training Professional CenterCenter
139139
Lp commandLp command
Training Professional Training Professional CenterCenter
140140
Setting Print Server Step by StepSetting Print Server Step by Step
Login as root $> lpadmin –p HPLJ4050 –v /dev/null $> accept HPLJ4050 $> enable HPLJ4050 $> lpstat –p HPLJ4050 $> lpstat –p HPLJ4050 –l For more Information
Printing $> lp –d HPLJ4050 –n 1 filename
Cancelling Printing $> lpstat –p HPLJ4050 Find request-id $> cancel [request-id]
Training Professional Training Professional CenterCenter
141141
9. Network Services & Remote Access9. Network Services & Remote Access
Training Professional Training Professional CenterCenter
142142
Configure Host and IP address w/ Multi-NICsConfigure Host and IP address w/ Multi-NICs
$> touch /reconfigure $> init 5 Install Network Cards Power On $> cd /etc $> vi hosts
IP address0 hostname0 IP address1 hostname1 IP address2 hostname2
/etc/hostname.[interface] hostname.pcn0 hostname0 hostname.pcn1 hostname1 hostname.pcn2 hostname2
Training Professional Training Professional CenterCenter
143143
Configure Host and IP address w/ Multi-IPConfigure Host and IP address w/ Multi-IP
$> cd /etc $> vi hosts
IP address1 hostname1 IP address2 hostname2 IP address3 hostname3
/etc/hostname.[interface]:[1-99] hostname.pcn0:1 hostname1 hostname.pcn0:2 hostname2 hostname.pcn0:3 hostname3
Training Professional Training Professional CenterCenter
144144
NFS (Network File System)NFS (Network File System)
Server Login as root $> ps –ef | grep nfsd $> mkdir /export/share $> share –F nfs –o rw /export/share
/etc/init.d/nfs.server start $> share Check sharing $> dfshares Check sharingClient $> mkdir /export/share $> mount –F nfs hostname:/export/share /export/share $> mount Check mounting $> df Check mounting
Training Professional Training Professional CenterCenter
145145
ExampleExample
Training Professional Training Professional CenterCenter
146146
Start / Stop processStart / Stop process
$> processname [&] [&] is for running as background process
$> processname CTRL-Z $> bg $> fg (For running as forground process
$> ps –ef | grep processname $> kill [process id] $> pkill [processname]
Training Professional Training Professional CenterCenter
147147
Network Setting UpNetwork Setting Up
Define IP address [Static IP] Edit /etc/hosts
192.168.1.200 suwit001 Edit /etc/hostname.pcn0
suwit001 Edit /etc/nodename
suwit001
DHCP Client $> /sbin/dhcpagent
Request Network Information from DHCP Server
Training Professional Training Professional CenterCenter
148148
Checking Network SetupChecking Network Setup
$> ifconfig –a Check ip address
$> netstat –rn netstat –r –n Check routing table (Look for line default)
$> more /etc/resolv.conf Check nameserver (DNS)
$> more /etc/defaultrouter [Static ip]
Manually add routing table route add default [gateway ip]
$> route add default 192.168.1.1
Training Professional Training Professional CenterCenter
149149
Network Setting with Multiple NICsNetwork Setting with Multiple NICs
ServerServer
pcn0 pcn1
203.151.100.0 / 24203.151.100.0 / 24 192.168.1.0 / 24192.168.1.0 / 24
203.151.100.1203.151.100.1 .10.10
Route add [NetworkID] [Gateway IP]Route add [NetworkID] [Gateway IP]$> route add 0.0.0.0 203.151.100.1$> route add 0.0.0.0 203.151.100.1$> route add default 203.151.100.1 $> route add default 203.151.100.1
192.168.1.1192.168.1.1
192.168.9.0 / 24192.168.9.0 / 24
Route add [NetworkID] [Gateway IP]Route add [NetworkID] [Gateway IP]$> route add 192.168.9.0 192.168.1.1$> route add 192.168.9.0 192.168.1.1$> route add 192.168.9.9 192.168.1.1$> route add 192.168.9.9 192.168.1.1
.10.10
File /etc/rc3.d/S69staticrouteFile /etc/rc3.d/S69staticrouteRoute add [networkid] [gateway ip] Route add [networkid] [gateway ip]
Training Professional Training Professional CenterCenter
150150
Remote LoginRemote Login
Desktop Manager Click Remote Login Click Choose from list…
Terminal Remote Login $> rlogin hostname [ip address of remote system] $> telnet hostname [ip address]
Root for remote login Edit file /etc/default/login Comment line “#CONSOLE=….”
Training Professional Training Professional CenterCenter
151151
Check remote system how long be upCheck remote system how long be up
$> rup hostname [ip address]
Check remote system alive $> ping hostname [ip address] $> ping –s hostname (infinity loop)
Training Professional Training Professional CenterCenter
152152
FTP – File Transfer ProtocolFTP – File Transfer Protocol
/etc/ftpd/*.* $> ftp hostname [ip address]
Login / password ftp> help ftp> get [filename] download ftp> mget [filename *.*] multiple get ftp> put [filename] upload ftp> mput [filename *.*] multiple put ftp> binary Binary file (exe, jpg, gif) ftp> ascii Text file (txt) ftp> prompt Toggle interactive mode ftp> hash Show Progress print ‘#’ ftp> quit / bye
Training Professional Training Professional CenterCenter
153153
Checking Packet from NetworkChecking Packet from Network
$> snoop $> snoop –o /tmp/packet.txt Capture to file $> snoop –d pcn1 $> snoop | grep hostname1[192.168.1.190] $> ethereal & $> nmap
Read from captured file $> snoop –i /tmp/packet.txt
Training Professional Training Professional CenterCenter
154154
Check which Port binding by ProcessCheck which Port binding by Process
http://www.sunfreeware.com $> /usr/local/bin.lsof –l | grep TCP | more
Process name Binding Port
Installation Get file lsof.4.74*local.gz $> gunzip lsof4.74.gz $> lsof4.74*local $> pkgadd –d lsof*local
/usr/local/bin /usr/local/man
$> man –M /usr/local/man lsof
Training Professional Training Professional CenterCenter
155155
Package InstallationPackage Installation
Source CDROM Software Companion CD NFS Sharing
Installation $> cd Package $> installer
Select package
Training Professional Training Professional CenterCenter
156156
Setting EnvironmentSetting Environment
Edit .profile> PATH=$PATH:/opt/sfw/bin:.
> export $PATH Enable in current terminal
$> . /.profile
Training Professional Training Professional CenterCenter
157157
10. Software Packages & Patches10. Software Packages & Patches
Training Professional Training Professional CenterCenter
158158
Package InstallationPackage Installation
Web Start Insert CDROM package $> ./installer Select desire to install
Command Line $> pkginfo [Package Name] check if exist. $> pkgrm [Package Name] remove package $> pkgadd –d [Path] [Package Name] install package
Training Professional Training Professional CenterCenter
159159
Installer Installer
Training Professional Training Professional CenterCenter
160160
Installer (Cont.)Installer (Cont.)
Training Professional Training Professional CenterCenter
161161
Pkginfo commandPkginfo command
Training Professional Training Professional CenterCenter
162162
Pkgrm commandPkgrm command
Training Professional Training Professional CenterCenter
163163
Pkgadd commandPkgadd command
Training Professional Training Professional CenterCenter
164164
Scheduler with CrontabScheduler with Crontab
$> man cron /usr/sbin/cron
$> man crontab $> cd
/var/spool/cron/crontabs root username
$> cd /etc/cron.d File cron.allow File cron.deny
Training Professional Training Professional CenterCenter
165165
LAB:LAB: Cron vs At commandCron vs At command
Edit file crontab $> vi
/var/spool/cron/crontab/root 30 11 * * * /tmp/echo.sh $> chmod +x /tmp/echo.sh
$> ps –ef | grep cron $> kill [cron pid] restart
cron to read new crontab $> date check time/date Execute /tmp/echo.sh
/var/spool/cron/atjobs/[jobid] $> at –m 1141 at> /tmp/echo.sh CTRL-D
Training Professional Training Professional CenterCenter
166166
11. Tuning & Recognizing File Access Problems11. Tuning & Recognizing File Access Problems
Training Professional Training Professional CenterCenter
167167
Recognize Problem with Search PathsRecognize Problem with Search Paths
Problem: Command not found $> echo $PATH
Borne/Korn Shell PATH=$PATH:/sbin:/opt/sfw/bin:. export PATH $> . [.profile] Full Path of profileC Shell setenv PATH ( $PATH /sbin /opt/sfw/bin . ) $> source [.cshrc] Full Path of profile
$> which [command] Show fullpath of command
Training Professional Training Professional CenterCenter
168168
Recognize Problem with Permission, OwnershipRecognize Problem with Permission, Ownership
Change permission of file for execution Create Shell script $> chmod [nnn] [shell script]
nnn = 755 rwxr-xr-x
$> chmod +x [shell script] Change ownership of file/directory
$> chown [userid]:[groupid] [file, directory] $> chown –R [userid]:[groupid] [file, directory]
Training Professional Training Professional CenterCenter
169169
12. New Features Enhancement in Solaris 1012. New Features Enhancement in Solaris 10
Training Professional Training Professional CenterCenter
170170
Solaris Zone Partitioning TechnologySolaris Zone Partitioning Technology
Create virtual OE (Operating Environment) Zone
sOwn file system, device, network, resource, security
Training Professional Training Professional CenterCenter
171171
Zone configurationZone configuration
Training Professional Training Professional CenterCenter
172172
Zone configurationZone configuration
Training Professional Training Professional CenterCenter
173173
NIS Setting upNIS Setting up
NIS Server $> svcadm enable network/nis/server $> svcs network/nis/server $> domainname suwit.com $> ypinit –m $> ypstart
Training Professional Training Professional CenterCenter
174174
NIS Setting upNIS Setting up
NIS Client $> domainname suwit.com $> ypinit –c $> ypstart Edit file /etc/nsswitch.conf
passwd: nis file hosts: dns file
Training Professional Training Professional CenterCenter
175175
Solaris Web Server (Apache)Solaris Web Server (Apache)
Start script file /etc/rc3.d/S50apache [start|stop]
Configuration file $> cp /etc/apache/httpd.conf-example httpd.conf $> /etc/rc3.d/S50apache start
Check http running $> ps –ef | grep httpd
Web Browser IE, Webbrowser http://[hostname, ip address]
Training Professional Training Professional CenterCenter
176176
Configuration file - /etc/apache/httpd.confConfiguration file - /etc/apache/httpd.conf
Web page location
Training Professional Training Professional CenterCenter
177177
Solaris IP Filter FirewallSolaris IP Filter Firewall
http://www.muine.org/~hoang/solnat.html Lock down the box Setup network interfaces in the Solaris box Enable packet forwarding, dhcp, firewall and
network address translation Configure machines behind NAT Familiarize with IPFilter IPsec Reference
Training Professional Training Professional CenterCenter
178178
SAMBASAMBA
Script file location $> /etc/rc3.d/S90samba [start|stop]
Create configuration file $> cp /etc/sfw/smb.conf-example smb.conf $> /etc/rc3.d/S90samba start
Training Professional Training Professional CenterCenter
179179
Wrapping up SessionWrapping up Session
Further information www.sun.com www.bigadmin.com Discussion/Forum www.sunfreeware.com Free Software sunsolve.sun.com Patche docs.sun.com Document
Keeping in touch with Instructor [email protected]