0 Managing Disk Spaces with LVM in Linux.

By omp on Sunday, July 22, 2007

Bryce Harrington and Kees Cook have come together to write this informative article titled 'Managing Disk Space with LVM' which explains the ins and outs creating, modifying and deleting of LVM in Linux.

The Linux Logical Volume Manager (LVM) is a mechanism for virtualizing disks. It can create "virtual" disk partitions out of one or more physical hard drives, allowing you to grow, shrink, or move those partitions from drive to drive as your needs change. It also allows you to create larger partitions than you could achieve with a single drive.

Traditional uses of LVM have included databases and company file servers, but even home users may want large partitions for music or video collections, or for storing online backups. LVM and RAID 1 can also be convenient ways to gain redundancy without sacrificing flexibility.

This article looks first at a basic file server, then explains some variations on that theme, including adding redundancy with RAID 1 and some things to consider when using LVM for desktop machines.

LVM Installation

An operational LVM system includes both a kernel filesystem component and userspace utilities. To turn on the kernel component, set up the kernel options as follows:

Device Drivers --> Multi-device support (RAID and LVM)

    [*] Multiple devices driver support (RAID and LVM)
    < >   RAID support
    <*>   Device mapper support
    < >     Crypt target support (NEW)

You can usually install the LVM user tools through your Linux distro's packaging system. In Gentoo, the LVM user tools are part of the lvm2 package. Note that you may see tools for LVM-1 as well (perhaps named lvm-user). It doesn't hurt to have both installed, but make sure you have the LVM-2 tools.

LVM Basics

To use LVM, you must understand several elements. First are the regular physical hard drives attached to the computer. The disk space on these devices is chopped up into partitions. Finally, a filesystem is written directly to a partition. By comparison, in LVM, Volume Groups (VGs) are split up into logical volumes (LVs), where the filesystems ultimately reside (Figure 1).

Each VG is made up of a pool of Physical Volumes (PVs). You can extend (or reduce) the size of a Volume Group by adding or removing as many PVs as you wish, provided there are enough PVs remaining to store the contents of all the allocated LVs. As long as there is available space in the VG, you can also grow and shrink the size of your LVs at will (although most filesystems don't like to shrink).

Thumbnail, click for full-size image.
Figure 1. An example LVM layout (Click to view larger image)

Example: A Basic File Server

A simple, practical example of LVM use is a traditional file server, which provides centralized backup, storage space for media files, and shared file space for several family members' computers. Flexibility is a key requirement; who knows what storage challenges next year's technology will bring?

For example, suppose your requirements are:

400G  - Large media file storage
 50G  - Online backups of two laptops and three desktops (10G each)
 10G  - Shared files

Ultimately, these requirements may increase a great deal over the next year or two, but exactly how much and which partition will grow the most are still unknown.

Disk Hardware

Traditionally, a file server uses SCSI disks, but today SATA disks offer an attractive combination of speed and low cost. At the time of this writing, 250 GB SATA drives are commonly available for around $100; for a terabyte, the cost is around $400.

SATA drives are not named like ATA drives (hda, hdb), but like SCSI (sda, sdb). Once the system has booted with SATA support, it has four physical devices to work with:

/dev/sda  251.0 GB
/dev/sdb  251.0 GB
/dev/sdc  251.0 GB
/dev/sdd  251.0 GB

Next, partition these for use with LVM. You can do this with fdisk by specifying the "Linux LVM" partition type 8e. The finished product looks like this:

# fdisk -l /dev/sdd

Disk /dev/sdd: 251.0 GB, 251000193024 bytes
255 heads, 63 sectors/track, 30515 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device            Start   End      Blocks      Id  System
/dev/sdd1         1       30515    245111706   8e  Linux LVM

Notice the partition type is 8e, or "Linux LVM."

Creating a Virtual Volume

Initialize each of the disks using the pvcreate command:

# pvcreate /dev/sda /dev/sdb /dev/sdc /dev/sdd

This sets up all the partitions on these drives for use under LVM, allowing creation of volume groups. To examine available PVs, use the pvdisplay command. This system will use a single-volume group named datavg:

# vgcreate datavg /dev/sda1 /dev/sdb1 /dev/sdc1 /dev/sdd1

Use vgdisplay to see the newly created datavg VG with the four drives stitched together. Now create the logical volumes within them:

# lvcreate --name medialv  --size 400G
# lvcreate --name backuplv --size  50G
# lvcreate --name sharelv  --size  10G

Without LVM, you might allocate all available disk space to the partitions you're creating, but with LVM, it is worthwhile to be conservative, allocating only half the available space to the current requirements. As a general rule, it's easier to grow a filesystem than to shrink it, so it's a good strategy to allocate exactly what you need today, and leave the remaining space unallocated until your needs become clearer. This method also gives you the option of creating new volumes when new needs arise (such as a separate encrypted file share for sensitive data). To examine these volumes, use the lvdisplay command.

Now you have several nicely named logical volumes at your disposal:

/dev/datavg/backuplv     (also /dev/mapper/datavg-backuplv)
/dev/datavg/medialv      (also /dev/mapper/datavg-medialv)
/dev/datavg/sharelv      (also /dev/mapper/datavg-sharelv)
 

Selecting Filesystems

Now that the devices are created, the next step is to put filesystems on them. However, there are many types of filesystems. How do you choose?

For typical desktop filesystems, you're probably familiar with ext2 and ext3. ext2 was the standard, reliable workhorse for Linux systems in years past. ext3 is an upgrade for ext2 that provides journaling, a mechanism to speed up filesystem checks after a crash. ext3's balance of performance, robustness, and recovery speed makes it a fine choice for general purpose use. Because ext2 and ext3 have been the defaults for such a long time, ext3 is also a good choice if you want great reliability. For storing backups, reliability is much more important than speed. The major downside to ext2/ext3 is that to grow (or shrink) the filesystem, you must first unmount it.

However, other filesystems provide advantages in certain situations, such as large file sizes, large quantities of files, or on-the-fly filesystem growth. Because LVM's primary use is for scenarios where you need extreme numbers of files, extremely large files, and/or the need to resize your filesystems, the following filesystems are well worth considering.

For large numbers of small files, ReiserFS is an excellent choice. For raw, uncached file I/O, it ranks at the top of most benchmarks, and can be as much as an order of magnitude faster than ext3. Historically, however, it has not proven as robust as ext3. It's been tested enough lately that this may no longer be a significant issue, but keep it in mind.

If you are designing a file server that will contain large files, such as video files recorded by MythTV, then delete speed could be a priority. With ext3 or ReiserFS, your deletes may take several seconds to complete as the filesystem works to mark all of the freed data blocks. If your system is recording or processing video at the same time, this delay could cause dropped frames or other glitches. JFS and XFS are better choices in this situation, although XFS has the edge due to greater reliability and better general performance.

With all these considerations in mind, format the partitions as follows:

# mkfs.ext3 /dev/datavg/backuplv
# mkfs.xfs /dev/datavg/medialv
# mkfs.reiserfs /dev/datavg/sharelv

Mounting

Finally, to mount the file systems, first add the following lines to /etc/fstab:

/dev/datavg/backuplv   /var/backup     ext3       rw,noatime    0 0
/dev/datavg/medialv    /var/media      xfs        rw,noatime    0 0
/dev/datavg/sharelv    /var/share      reiserfs   rw,noatime    0 0

and then establish and activate the mount points:

# mkdir /var/media /var/backup /var/share
# mount /var/media /var/backup /var/share

Now your basic file server is ready for service.

Adding Reliability With RAID

So far, this LVM example has been reasonably straightforward. However, it has one major flaw: if any of your drives fail, all of your data is at risk! Half a terabyte is not an insignificant amount to back up, so this is an extremely serious weakness in the design.

To compensate for this risk, build redundancy into the design using RAID 1. RAID, which stands for Redundant Array of Independent Disks, is a low-level technology for combining disks together in various ways, called RAID levels. The RAID 1 design mirrors data across two (or more) disks. In addition to doubling the reliability, RAID 1 adds performance benefits for reads because both drives have the same data, and read operations can be split between them.

Unfortunately, these benefits do not come without a critical cost: the storage size is cut in half. The good news is that half a terabyte is still enough for the present space requirements, and LVM gives the flexibility to add more or larger disks later.

With four drives, RAID 5 is another option. It restores some of the disk space but adds even more complexity. Also, it performs well with reads but poorly with writes. Because hard drives are reasonably cheap, RAID 5's benefits aren't worth the trouble for this example.

Although it would have made more sense to start with a RAID, we waited until now to introduce them so we could demonstrate how to migrate from raw disks to RAID disks without needing to unmount any of the filesystems.

In the end, this design will combine the four drives into two RAID 1 pairs: /dev/sda + /dev/sdd and /dev/sdb + /dev/sdc. The reason for this particular arrangement is that sda and sdd are the primary and secondary drives on separate controllers; this way, if a controller were to die, you could still access the two drives on the alternate controller. When the primary/secondary pairs are used, the relative access speeds are balanced so neither RAID array is slower than the other. There may also be a performance benefit to having accesses evenly distributed across both controllers.

First, pull two of the SATA drives (sdb and sdd) out of the datavg VG:

# modprobe dm-mirror 
# pvmove /dev/sdb1 /dev/sda1 
# pvmove /dev/sdd1 /dev/sdc1 
# vgreduce datavg /dev/sdb1 /dev/sdd1 
# pvremove /dev/sdb1 /dev/sdd1

Then, change the partition type on these two drives, using filesystem type fd (Linux raid autodetect):

Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1       30515    245111706  fd  Linux raid autodetect

Now, build the RAID 1 mirrors, telling md that the "other half" of the mirrors are missing (because they're not ready to be added to the RAID yet):

# mdadm --create /dev/md0 -a -l 1 -n 2 /dev/sdd1 missing
# mdadm --create /dev/md1 -a -l 1 -n 2 /dev/sdb1 missing

Add these broken mirrors to the LVM:

# pvcreate /dev/md0 /dev/md1
# vgextend datavg /dev/md0 /dev/md1

Next, migrate off of the raw disks onto the broken mirrors:

# pvmove /dev/sda1 /dev/md0 
# pvmove /dev/sdc1 /dev/md1 
# vgreduce datavg /dev/sda1 /dev/sdc1 
# pvremove /dev/sda1 /dev/sdc1

Finally, change the partition types of the raw disks to fd, and get the broken mirrors on their feet with full mirroring:

# fdisk /dev/sda1
# fdisk /dev/sdc1
# mdadm --manage /dev/md0 --add /dev/sda1
# mdadm --manage /dev/md1 --add /dev/sdc1

That's quite a few steps, but this full RAID 1 setup protects the LVM system without having to reinstall, copy or remount filesystems, or reboot.

 

Network Access of Files

A file server isn't much use if you can't get files off of it. There are many ways to serve files, but the most common and powerful is Network File System (NFS). NFS allows other *nix machines to mount the file shares for direct use. It's also pretty easy to set up on Linux.

First, make sure the file server has NFS enabled in the kernel (2.6.15 in this example):

File systems
 Network File Systems

 <*> NFS file system support
  [*]   Provide NFSv3 client support
  <*> NFS server support
  [*]   Provide NFSv3 server support

Rebuild and reinstall the kernel and then reboot the file server. If you'd like to avoid rebooting, build NFS as a module and then load it with modprobe nfsd.

Next, start the NFS service. Your Linux distro will have an init script to do this. For instance, on Gentoo, you'll see:

/etc/init.d/nfs start 
 * Starting portmap ...      [ ok ]
 * Mounting RPC pipefs ...   [ ok ]
 * Starting NFS statd ...    [ ok ]
 * Starting NFS daemon ...   [ ok ]
 * Starting NFS mountd ...   [ ok ]

You can double-check that NFS is running by querying portmapper with the command rpcinfo -p | grep nfs:

program  vers proto port  service
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs

Next, you must specify which directories the NFS service should export. Add the following to /etc/exports:

/var/backup    192.168.0.0/24(rw,sync)
/var/media     192.168.0.0/24(rw,sync)
/var/share     192.168.0.0/24(rw,sync)

This lists the directories to share, the machines (or networks) to permit to mount the files, and a set of options to control how the sharing works. The options include rw to allow read-write mounts and sync to force synchronous behavior. sync prevents data corruption if the server reboots in the middle of a file write, but sacrifices the performance advantages that async would provide.

Next, export these file shares from the NFS service:

# exportfs -av
exporting 192.168.0.0/24:/var/backup
exporting 192.168.0.0/24:/var/media
exporting 192.168.0.0/24:/var/share

Now, mount these file shares on each machine that will use them. Assuming the file server is named fileserv, add the following lines to the client machines' /etc/fstab files:

# Device               mountpoint    fs-type   options    dump  fsckorder
fileserv:/var/backup   /var/backup   nfs       defaults   0     0
fileserv:/var/media    /var/media    nfs       defaults   0     0
fileserv:/var/share    /var/share    nfs       defaults   0     0

Finally, create the mountpoints and mount the new shares:

# mkdir /var/backup /var/media /var/share
# mount /var/backup /var/media /var/share

Now all the machines on your network have access to large, reliable, and expandable disk space!

Backup Strategies

As you rely more heavily on this new LVM-enabled disk space, you may have concerns about backing it up. Using RAID ensures against basic disk failures, but gives you no protection in the case of fire, theft, or accidental deletion of important files.

Traditionally, tape drives are used for backups of this class. This option is still viable and has several advantages, but it can be an expensive and slow solution for a system of this size. Fortunately, there other options using today's technology.

rsync is a powerful utility for copying files from one system to another, and it works well across the Internet. You could set up a backup system at a friend's house in a different city and arrange to periodically send backups there. This is easy to do with cronjob:

04 4 * * 4  rsync --delete -a /var/backup/ fileserv.myfriend.org:/backup/myself/backup \
    > /var/log/crontab.backup.log 2>&1

Another approach is to attach a pair of external RAID 1 hard drives to your file server using Firewire, USB, or eSATA. Add one drive to /dev/md0 and the other to /dev/md1. Once the mirroring is complete, remove the drives and store them in a safe place offsite. Re-mirror weekly or monthly, depending on your needs.

 

Growth and Reallocation

Suppose that over the next year, the storage system fills up and needs to be expanded. Initially, you can begin allocating the unallocated space. For instance, to increase the amount of space available for shared files from 10GB to 15GB, run a command such as:

# lvextend -L15G /dev/datavg/sharelv
# resize_reiserfs /dev/datavg/sharelv

But over time, all the unallocated disk space will be used. One solution is to replace the four 250G drives with larger 800G ones.

In the case where you use RAID 1, migration is straightforward. Use mdadm to mark one drive of each of the RAID 1 mirrors as failed, and then remove them:

# mdadm --manage /dev/md0 --fail /dev/sda1
# mdadm --manage /dev/md0 --remove /dev/sda1
# mdadm --manage /dev/md0 --fail /dev/sdc1
# mdadm --manage /dev/md0 --remove /dev/sdc1

Pull out the sda and sdc hard drives and replace them with two of the new 800G drives. Split each 800G drive into a 250G partition and a 550G partition using fdisk, and add the partitions back to md0 and md1:

# fdisk /dev/sda
# fdisk /dev/sdc
# mdadm --manage /dev/md0 --add /dev/sda1
# mdadm --manage /dev/md1 --add /dev/sdc1

Repeat the above process with sdd and sdb to move them to the other two new drives, then create a third and fourth RAID device, md2 and md3, using the new space:

# mdadm --create /dev/md2 -a -l 1 -n 2 /dev/sda2 /dev/sdd2
# mdadm --create /dev/md3 -a -l 1 -n 2 /dev/sdb2 /dev/sdc2

Finally, add these to LVM:

# pvcreate /dev/md2 /dev/md3
# vgextend datavg /dev/md2 /dev/md3

The file server now has 1.6TB of fully redundant storage.

LVM and Desktops

So far, we've talked only about LVM and RAID for secondary disk space via a standalone file server, but what if you want to use LVM to manage the space on a regular desktop system? It can work, but there are some considerations to take into account.

First, the installation and upgrade procedures for some Linux distributions don't handle RAID or LVM, which may present complications. Many of today's distros do support it, and even provide tools to assist in creating and managing them, so check this first.

Second, having the root filesystem on LVM can complicate recovery of damaged file systems. Because boot loaders don't support LVM yet, you must also have a non-LVM /boot partition (though it can be on a RAID 1 device).

Third, you need some spare unallocated disk space for the new LVM partition. If you don't have this, use parted to shrink your existing root partition, as described in the LVM HOWTO.

For this example, assume you have your swap space and /boot partitions already set up outside of LVM on their own partitions. You can focus on moving your root filesystem onto a new LVM partition in the partition /dev/hda4. Check that the filesystem type on hda4 is LVM (type 8e).

Initialize LVM and create a new physical volume:

# vgscan
# pvcreate /dev/hda4
# vgcreate rootvg /dev/hda4

Now create a 5G logical volume, formatted into an xfs file system:

# lvcreate rootvg ---name rootlv -size 5G
# mkfs.xfs /dev/rootvg/rootlv

Copy the files from the existing root file system to the new LVM one:

# mkdir /mnt/new_root
# mount /dev/rootvg/rootlv /mnt/new_root
# cp -ax /. /mnt/new_root/

Next, modify /etc/fstab to mount / on /dev/rootvg/root instead of /dev/hda3.

The trickiest part is to rebuild your initrd to include LVM support. This tends to be distro-specific, but look for mkinitrd or yaird. Your initrd image must have the LVM modules loaded or the root filesystem will not be available. To be safe, leave your original initrd image alone and make a new one named, for example, /boot/initrd-lvm.img.

Finally, update your bootloader. Add a new section for your new root filesystem, duplicating your original boot stanza. In the new copy, change the root from /dev/hda3 to /dev/rootvg/rootlv, and change your initrd to the newly built one. If you use lilo, be sure to run lilo once you've made the changes. For example, with grub, if you have:

title=Linux
  root (hd0,0)
  kernel /vmlinuz root=/dev/hda3 ro single
  initrd /initrd.img

add a new section such as:

title=LinuxLVM

  root (hd0,0)
  kernel /vmlinuz root=/dev/rootvg/root ro single
  initrd /initrd-lvm.img

Conclusion

LVM is only one of many enterprise technologies in the Linux kernel that has become available for regular users. LVM provides a great deal of flexibility with disk space, and combined with RAID 1, NFS, and a good backup strategy, you can build a bulletproof, easily managed way to store, share, and preserve any quantity of files.

Read more

0 Replace a bad disk in a mirrored volume group

By omp on Saturday, July 21, 2007

 

1. unmirrorvg workvg hdisk7
2. reducevg workvg hdisk7
Note: migrate the lv copies of the disk if you get any errors like lvcopies on disk.

3. rmdev -l hdisk7 -d

replace the disk drive, let the drive be renamed hdisk7

4. extendvg workvg hdisk7
5. mirrorvg workvg hdisk7

Note: By default in this example, mirrorvg will try to create 2 copies for logical volumes in workvg. It will try to create the new mirror

Read more

0 Access Control List (ACL's) on AIX.

By omp on Wednesday, July 18, 2007

 
           Well. We speak so much of security and make secure system, in concerns of that here I am explaining how to put ACL's on AIX system. As I presume its just the brief description of ACL on AIX system. You can also find how to put ACL's on my previous article.

          As there is an interactive way to do it but well here I'll be only trying it to do with files.

1. Create/Identify the file on which we need to put acl's
# touch alctest2

2. Get the acl's which exist on the file.
# ls -l acltest2
-rw-r--r-- 1 root system 0 Jul 18 17:15 acltest2
# aclget acltest2
*
* ACL_type AIXC
*
attributes:
base permissions
owner(root): rw-
group(system): r--
others: r--
extended permissions
disabled

3. Now we will collect all the acl's permission in an outputfile called as acldefs.
# aclget -o acldefs acltest2

4. Edit the file acldefs. and make the necessary changes as you want in the file.
for eg:
Base permissions
AIXC ACL specific base permissions are the traditional file-access modes assigned to the file
owner, file group, and other users. The access modes are read (r), write (w), and execute/search
(x).
Note: AIXC ACL type Base Permissions will be same as the file mode bits stored in the file
system object’s inode headers. That is, the information in base mode bits is same as the
value returned by file system when stat is performed on the file system object.
In an access control list, base permissions are in the following format, with the Mode parameter
expressed as rwx (with a hyphen (-) replacing each unspecified permission):
base permissions:
owner(name): Mode
group(group): Mode
others: Mode

Attributes
Three attributes can be added to an access control list:
setuid (SUID)
Set-user-ID mode bit. This attribute sets the effective and saved user IDs of the process to
the owner ID of the file on execution.
setgid (SGID)
Set-group-ID mode bit. This attribute sets the effective and saved group IDs of the process
to the group ID of the file on execution.
savetext (SVTX)
Saves the text in a text file format.
above attributes are added in the following format:
The attributes: SUID, SGID, SVTX

Extended permissions
AIXC ACL extended permissions allow the owner of a file to more precisely define access to that
file. Extended permissions modify the base file permissions (owner, group, others) by permitting,
denying, or specifying access modes for specific individuals, groups, or user and group
combinations. Permissions are modified through the use of keywords.
The permit, deny, and specify keywords are defined as follows:
permit
Grants the user or group the specified access to the file deny Restricts the user or group from using the specified access to the file specify Precisely defines the file access for the user or group a user is denied a particular access by either a deny or a specify keyword, no other entry can If override that access denial.
The enabled keyword must be specified in the ACL for the extended permissions to take effect.
The default value is the disabled keyword.
In an AIXC ACL, extended permissions are in the following format:
extended permissions:
enabled | disabled
permit Mode UserInfo...:
deny Mode UserInfo...:
specify Mode UserInfo...:

Use a separate line for each permit, deny, or specify entry. The Mode parameter is expressed as
rwx (with a hyphen (-) replacing each unspecified permission). The UserInfo parameter is
expressed as u:UserName, or g:GroupName, or a comma-separated combination of u:UserName and
g:GroupName.
Note: If more than one user name is specified in an entry, that entry cannot be used in an access
control decision because a process has only one user ID.

 5. After changing the files for necessary ACL permission's save the file as we are going to use this file for our future input values.

6. Now to put the acl on the other file with as per the changes you made in your file.

# aclput -i acldefs acltest3

This will put the acl's on the file with the values specfied in the acldefs file. and now you can play with acl's

 

Note: To copy acl's from one file to another.

# aclget filename | aclput filename1

 

That's all for ACL's for now. Will write about NFS4 ACL's on AIX

Read more

0 Access Control List + Solaris

By omp on Thursday, July 12, 2007

All the commands are fired from (% - user) prompt not (# - root) so do not confuse with the #es there with root prompt. They are the command output.


The ACL facility allows you to define more than just the usual eight permission bits for a file or directory. You can define a list of users (based on user-id or name) and groups (again, number or name) that you want to have access to a file. For each user or group getting special access, you can define read, write, or execute access permission.

There are only two commands that you need to learn for Solaris ACLs. They are setfacl for setting a file's ACLs and getfacl for reading them. There are also a bunch of system and library calls that make the ACL facility available to programs. One confusing aspect of ACLs is that, in essence, every file already has an ACL entry. Running getfacl on a normal file reveals some ACL information:

% cd /usr/tmp
% touch foo
% ls -l foo
-rw-r--r--   1 pbg      staff          0 Jul 22 13:35 foo

% getfacl foo
# file: foo
# owner: pbg
# group: staff
user::rw-
group::r--              #effective:r--
mask:rwx
other:r--

This ACL information is merely getfacl's interpretation of the Unix permissions on the file. The user, group and other information is a straightforward display of the permission bits for those fields. The mask field is very similar to the Unix umask method. It defines the maximum permissions allowed for users (other than the owner) and groups. Even if a user or group has permissions set that exceed the mask, the mask limits their access. The #effective display shows, for each user (except the owner) and group, the effect that the mask has on the permissions. The #effective output is the one to look at to determine exactly who can access the file and exactly what they are allowed to do.

To set an ACL for a file, use the command setfacl: 

% setfacl -m user:jeff:rw- foo

% ls -l foo
-rw-r--r--+  1 pbg      staff          0 Jul 22 13:52 foo

% getfacl foo

# file: foo
# owner: pbg
# group: staff
user::rw-
user:jeff:rw-           #effective:r--
group::r--              #effective:r--
mask:r--
other:r--

The -m option tells setfacl that I want to modify the ACLs for the file. Use the -s option to set the entire mode, but then you must type in the user, group, and other access bits as well: 

% setfacl -s user::rw-,group::r--,other:---,mask:rw-,user:jeff:rw- foo

To set general user, group, and other permissions, use the field::perms identifier. To set ACLs for individual users and groups, use the field:uid or gid:perms identifier.

But back to our previous example. Notice that the effective access for user Jeff is unchanged, he can still only read the file, not write to it. That's the result of the mask being applied to his permissions. To grant Jeff the access desired, I need to: 

% setfacl -m mask:rw- foo
% getfacl foo

# file: foo
# owner: pbg
# group: staff
user::rw-
user:jeff:rw-           #effective:rw-
group::r--              #effective:r--
mask:rw-
other:r--

Now Jeff has read and write permissions to the file, while all others have only read access. Of note is the slight change in behavior of the ls command. Any file with specific ACL information is shown with a + at the end of the permission field. Unfortunately, find doesn't seem to have an option to find all files with ACL lists.

As well as setting an ACL for the directory, you can set a default ACL for the directory. This default ACL is used to set the ACL on every file created within the directory. The only way I managed to get directory ACLs to work was using the -s option with a very-long parameter string: 

% setfacl -s user::rwx,group::rw-,mask:r--,other:rw-,default:user::rw-,\
default:group::r-x,default:mask:rwx,default:other:r-x bar

% ls -ld bar
drwxr--rw-+  2 pbg      staff        512 Jul 22 14:11 bar

% getfacl bar

# file: bar
# owner: pbg
# group: staff
user::rwx
group::rw-              #effective:r--
mask:r--
other:rw-
default:user::rw-
default:group::r-x
default:mask:rwx
default:other:r-x

Now set a default ACL, and create a file in the directory: 

% setfacl -m default:user:jeff:rwx bar

% getfacl bar

# file: bar
# owner: pbg
# group: staff
user::rwx
group::rw-              #effective:r--
mask:r--
other:rw-
default:user::rw-
default:user:jeff:rwx
default:group::r-x
default:mask:rwx
default:other:r-x
default:user::rw-
default:user:jeff:rwx
default:group::r-x
default:mask:rwx
default:other:r-x

% touch bar/test

% getfacl bar/test

# file: bar/test
# owner: pbg
# group: staff
user::rw-
user:jeff:rwx           #effective:r--
group::r--              #effective:r--
mask:r--
other:r--

There are several other aspects of ACLs, including deleting ACLs and using abbreviations and permission bit numbers (rather than symbols). This information is provided on the appropriate manual pages.

To use ACLs over an NFS mount, both the client and server must be running Solaris 2.5 or better. If the client is running 2.5 but the server is running 2.4 or lower, you'll see an error such as: 

% touch foo
% getfacl foo

# file: foo
# owner: pbg
# group: staff
user::rw-
group::r--              #effective:r--
mask:rwx
other:r--

% setfacl -m user:jeff:rw- foo
foo: failed to set acl entries
setacl error: Operation not applicable

You'll get a similar error if you try to use ACLs in a swapfs-based directory (such as /tmp). Finally, there's a "non-feature" of ACLs when used with tar. tar itself works well with files that have associated ACLs. Unfortunately, the tar file is not readable under previous SunOS and Solaris operating systems.

It is also important to note that ACLs "stick" to a file during copy and rename operations. To remove the ACL from a file use setfacl -d for each entry. When the last entry is removed, the "+" disappears from the file's ls display.



Powered by ScribeFire.

Read more

0 File Permissions

By omp on Monday, June 18, 2007

Search Files on their file permissions.



World readable

Normal users should not have access to configuration files or passwords. An attacker can steal passwords from databases or web sites and use them to deface--or even worse, delete--data. This is why it is important that your file permissions are correct. If you are sure that a file is only used by root, assign it with the permissions 0600 and assign the file to the correct user with chown.

World/Group writable



Finding world-writable files and directories

# find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;writable.txt

# find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2&gt;/dev/null &gt;&gt;writable.txt



This will create a huge file with permission of all files having either write
permission set to the group or everybody. Check the permissions and eliminate
world writable files to everyone, by executing /bin/chmod o-w on the
files.

SUID/SGID files


Files with the SUID or SGID bit set execute with privileges of the owning
user or group and not the user executing the file. Normally these bits are used
on files that must run as root in order to do what they do. These files can lead
to local root compromises (if they contain security holes). This is dangerous
and files with the SUID or SGID bits set should be avoided at any cost. If you
do not use these files, use chmod 0 on them or unmerge the package that
they came from (check which package they belong to by using equery; if
you do not already have it installed simply type emerge
gentoolkit). Otherwise just turn the SUID bit off with chmod -s.





Finding setuid files

# find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;suidfiles.txt



This will create a file containing a list of all the SUID/SGID files.






List of setuid binaries

/bin/su

/bin/ping

/bin/mount

/bin/umount

/var/qmail/bin/qmail-queue

/usr/bin/chfn

/usr/bin/chsh

/usr/bin/crontab

/usr/bin/chage

/usr/bin/expiry

/usr/bin/sperl5.6.1

/usr/bin/newgrp

/usr/bin/passwd

/usr/bin/gpasswd

/usr/bin/procmail

/usr/bin/suidperl

/usr/lib/misc/pt_chown

/usr/sbin/unix_chkpwd

/usr/sbin/traceroute

/usr/sbin/pwdb_chkpwd




By default Gentoo Linux does not have a lot of SUID files (though this depends
on what you installed), but you might get a list like the one above. Most of
the commands should not be used by normal users, only root. Switch off the SUID
bit on ping, mount, umount, chfn, chsh,
newgrp, suidperl, pt_chown and traceroute by
executing chmod -s on every file. Don't remove the bit on su,
qmail-queue or unix_chkpwd. Removing setuid from those files will
prevent you from su'ing and receiving mail. By removing the bit (where
it is safe to do so) you remove the possibility of a normal user (or an
attacker) gaining root access through any of these files.




The only SUID files that I have on my system are su, passwd,
gpasswd, qmail-queue, unix_chkpwd and pwdb_chkpwd.
But if you are running X, you might have some more, since X needs the elevated
access afforded by SUID.

SUID/SGID binaries and Hard links


A file is only considered deleted when there are no more links pointing to it.
This might sound like a strange concept, but consider that a filename like
/usr/bin/perl is actually a link to the inode where the data is
stored. Any number of links can point to the file, and until all of them are
gone, the file still exists.




If your users have access to a partition that isn't mounted with nosuid
or noexec (for example, if /tmp, /home, or
/var/tmp are not separate partitions) you should take care to
ensure your users don't create hard links to SUID or SGID binaries, so that
after Portage updates they still have access to the old versions.

To check how many links a file has, you can use the stat command.





Stat command

$ stat /bin/su

  File: `/bin/su'

  Size: 29350           Blocks: 64         IO Block: 131072 regular file

Device: 900h/2304d      Inode: 2057419     Links: 1

Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)

Access: 2005-02-07 01:59:35.000000000 +0000

Modify: 2004-11-04 01:46:17.000000000 +0000

Change: 2004-11-04 01:46:17.000000000 +0000




To find the SUID and SGID files with multiple links, you can use find.





Finding multiply linked suid/sgid binaries

$ find / -type f \( -perm -004000 -o -perm -002000 \) -links +1 -ls






Powered by ScribeFire.

Read more

1 Configure a Physical Interface After System Installation

By omp on Sunday, June 17, 2007

* Determine the IPv4 addresses that you want to use for the additional interfaces.

* Ensure that the physical interface to be configured has been physically installed onto the system.

* If you have just installed the interface, perform a reconfiguration boot before proceeding with the next task.

Determine which interfaces are currently configured on the system.
# dladm show-link

Configure and plumb each interface
# ifconfig plumb up

for eg. for interface name pcn0 type:
# ifconfig pcn0 plumb up

Assign an IP address.
# ifconfig netmask +

for eg. you would do:
# ifconfig pcn0 192.168.84.3 netmask + 255.255.255.0

Verify that the newly configured interfaces are plumbed and configured, or “UP.”
# ifconfig -a

Check the status line for each interface that is displayed. Ensure that the output contains an UP flag on the status line, for example:
pcn0: flags=1000843 mtu 1500 index 2


To make the interface configuration persist across reboots, perform the following steps:

1. Create an /etc/hostname.interface file for each interface to be configured. For example, to add a pcn0 interface, you would create the following file:
# vi /etc/hostname.pcn0

2. Edit the /etc/hostname.interface file.
At a minimum, add the IPv4 address of the interface to the file.

3. Add entries for the new interfaces into the /etc/inet/ipnodes file.

4. Add entries for the new interfaces into the /etc/inet/hosts file.

5. Perform a reconfiguration boot.
# reboot -- -r
6. Verify that the interface you created in the /etc/hostname.interface file has been configured.
# ifconfig -a





Read more
,

0 Ethernet Bonding

By omp on Tuesday, June 05, 2007

First thing to know is that this stuff is in the kernel and there is a good doc in your kernel source tree under Documentation/networking/bonding.txt this has a lot more detail than I am going to provide here.

A virtual network interface gets created, bond0 in my case, this gets done in /etc/modules.conf

alias bond0 bonding
options bond0 miimon=100 mode=balance-rr

The above creates the bond0 interface and sets some options. It will check the MII state of the card every 100 milliseconds for state change notification. It will also use their round robin balancing policy. More on the various options for these and many more in bonding.txt

RedHat's RC scripts support this bonding configuration without much modification though there aren't any GUI tool to configure it. RedHat network config gets stored in /etc/sysconfig/network-scripts/ifcfg-int

You need to create a config file for the bond0 interface, ifcfg-bond0

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.70.101
NETMASK=255.255.255.0
NETWORK=192.168.70.0
BROADCAST=192.168.70.255
GATEWAY=192.168.70.1

And for each network card that belongs to this group you need to modify the existing files to look more or less like this:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes

Once you created these for each of your ethernet cards you can reboot or restart your networking using service network restart and you should see something like this:

bond0     Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       inet addr:192.168.70.101  Bcast:192.168.70.255 Mask:255.255.255.0
       UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
       RX packets:58071 errors:0 dropped:0 overruns:0 frame:0
       TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:0
       RX bytes:4315472 (4.1 Mb)  TX bytes:120360 (117.5 Kb)

eth0      Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
       RX packets:26447 errors:0 dropped:0 overruns:0 frame:0
       TX packets:1262 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:1992430 (1.9 Mb)  TX bytes:95078 (92.8 Kb)
       Interrupt:16

eth1      Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
       RX packets:31624 errors:0 dropped:0 overruns:0 frame:0
       TX packets:203 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:2323042 (2.2 Mb)  TX bytes:25282 (24.6 Kb)
       Interrupt:17

You can tcpdump the individual interfaces to confirm that traffic goes shared between them, weirdly though on my machine my tcpdump on eth0 and eth1 does not show incoming traffic just outgoing, dumping bond0 works a charm though.

To test it I just turned the power off to one of my switch modules, the networking dies for a couple of seconds but soon resumes without a problem. I am sure I could tweak the times a bit but for now this is all I need.

Read more
,

0 UNIX Questions and Answers

By omp on Wednesday, May 09, 2007





UNIX Questions and Answers



Most answers refer to Solaris 2.x systems



Hardware Issues



Configuration Issues



NFS Issues



General Issues



Software issues



Networking issues





Security issues





Firewall issues





Performance tuning issues




E10000








How do i view and set the open boot prom settings



From the unix prompt use eeprom. From the ok prompt use devaliases, printenv, nvedit and nvalias.

Back to Contents

How do i stop people logging in ?



If the file /etc/nologin exists then only root can login. Whatever the contents of the file are are displayed to whoever is attempting a login.

Back to Contents


How do i boot over the net via a different interface



From the ok prompt type



show-nets


This will display the possible interfaces. Select an interface then type



nvalias net ^Y


This will set the selected interface to the alias net.

Back to Contents

How do I solve Keyboard Translation
Errors?



The most likely cause of this is an incorrect XKeysymDB file or an
incorrect pointer to it. Try looking in /usr/openwin/lib or
/usr/openwin/lib/X11. The Installation and Administration
manual for the application should have some information about this.



If logged in as root from another system try
/usr/openwin/bin/kbd-mode -a

Back to Contents


Why do I get the error Stale NFS
Handle?



This was probably caused by a directory being deleted while another
system was NFS mounted into it. The best action is to cd
out of the directory and perform a umount. Sometimes
halting and restarting the automount daemon is reqired, for example:



/etc/rc2.d/S74autofs [stop/start]. or


/etc/init.d/nfs.server [stop/start].


If none of these work, then it might have to be a reboot.

Back to Contents


How can I configure new devices without
rebooting?



It is advisable to halt and power off the system whenever you attach new
scsi devices. However, if this is not possible try this:


  1. If possible stop the system with &lt; STOP &gt; &lt; A &gt;, connect the device and
    type go
  2. Type:


    drvconfig


    devlinks


    tapes / disks (depending on the device attached)

Back to Contents


What does the error RPC Program not registered
mean?



Probably the NFS server has got itself a little confused. Check there is
an entry in /etc/dfs/dfstab


Try stopping and restarting the daemon, for example:


/etc/init.d/nfs.server [stop/start]


If this doesn't work, try a reboot.

Back to Contents

How do I tar to a remote system?



Tar to a remote drive:


tar cvfb - 20 filenames | rsh host dd of=/dev/rmt0 obs=20b



Tar from a remote drive:


rsh -n host dd if=/dev/rmt0 bs=20b | tar xvBfb - 20
filenames


Copying directory trees:


cd fromdir; tar cf - . | (cd todir; tar xfBp -)


Copy directory tree to another host:


cd fromdir; tar cf - * | rsh host "cd todir ; tar xf -"


Back to Contents

How do I copy directory structure with cpio?



Use find and cpio


cd fromdir; find . -name -print | cpio -pmd /todir




Back to Contents


How can I increase swap space?



Swapping onto a file system is faster than swapping to a file. If
possible, partition an area of disk as the additional swap area.
Otherwise, create a swap file with the command mkfile (see
man page), for example:


mkfile 100m swappy


Add the swap area with the command swap (see man page) for
example:


swap -a swappy


Back to Contents

Cetting a non sun cdrom to work



The main secret is to get the cdrom to talk in 512 byte sectors. If the cdrom does this then it will work.


Saturn.tlug.org This is a good FAQ to start with or try the Sun CD FAQ. or of course your manafacturs instruction book.


Back to Contents


How do I find out the speed of my machine?



Use the command psrinfo -v

Back to Contents


How do I carry out NFS performance tuning?



Start with the SMCC NFS Server Performance and Tuning Guide


This is a pkgadd of SUNWabhdw and adds the guide to answerbook


SUNWadhdw is on the "Software Supplement for the Solaris 2.6 Operating
Environment" CD.


Use the command /usr/bin/nfsstat to view the NFS statistics


Back to Contents


What hardware diagnostic programs are
there?



Use SunVTS. This is available on the Software Supplement for the Solaris
2.6 Operating Environment CD.


If you have a fibre problem then try STORtools. You will probably need
a fibre loopback cable in order to get the most out of this.

Back to Contents


How do I make a file system bootable after a
restore?



If you have reinstalled the / file system from backup (ie
ufsdump) then you will need to recreate the boot block on
the boot disk. This is done using the installboot command (
read the man page ), for example:

installboot
/usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c?t?d?s?

Back to Contents


How do I dual host a system?



  1. Install the network card and cable it up. Make sure that any
    jumpersettings are set.
  2. Add the second interface name and IP to the hosts file and Name
    Service.
  3. Edit the file /etc/hostname.interface where
    interface is the type, for example, le1 hme1
  4. Reboot the sysyem or manually set it up with ifconfig
    (see manual page)


    ifconfig hmse1 plumb


    ifconfig hmse1 IP-Address

You may also need to perform an add route (see manual page)


route add net destination gateway metric
Back to Contents


How do I find out what patches are on a
system?



Use the command showrev -p



Use the command patchdiag -l this also lists patches you should install.

You
will need do download a copy from sun. If you have access try
downloading from http://sunsolve.sun.com.sunsolve/patchdiag this is a
tar compressed file.

There is a tar file of patchdiag on this site but i have not set up ftp at the moment of writing this page.

Back to Contents


How much memory does my system have?



Use the command prtconf and grep for the
memory, for example:


prtconf |grep Memory





If you need to know what memory sims are in what slot use the perl script from Micron. A sample script is.


Sample of Memcom Script Remeber to get an official copy.

Back to Contents


How can I play audio CDs and MP3 on my system?



For CD


Download a copy of Workman from Midwinter.com


If you have problems with sound then it might be that you cannot use
the internal sound card and will have to plug speekers int the cd
plater itself.


However this might work



edit /etc/rmmount.conf and add


action cdrom action_workman.so


/usr/local/bin/workman





try this before any other cdrom actions




For MP3 files look to the following site


Opensound


If you wish to read an audio cd under solaris and copy the files to
wav, mpeg, etc then you need the program galette available from Galette


Once you have the files stored as wav files you need to convert them to MP3 using Blade


Back to Contents


What useful Solaris commands are there
for finding out what's going on?



This is a definite RTFM, but start with these:


ps, iostat, nfsstat,
sar, netstat, snoop,
mpstat, rpcinfo, truss,
prtdiag, crash, psrinfo,
prtconf, arp and uptime






try looking at the enclosed perl script to get an idea of wht to look for.


Perl script to look at how the system is performing

Back to Contents


How do I connnect a Zip Drive?



Helpful info from Iomega at


Zip Drives on Sun




basically edit /etc/format.dat and add :-


disk_type = "Zip" \

	: ctlr = SCSI\

	: ncyl = 2046 : acyl = 2 : pcyl = 2048 : nhead = 2\

	: nsect = 40 : rpm : bpt = 20480                   



partition = "Zip" \

        : disk = "Zip" : ctlr = SCSI \

        : 2 = 0, 192480 : 2 = 0, 1159168



Jazz Drives on Sun
Back to Contents


Why do I get .nfsxxxx files on NFS mounted
filesystems?



These are temporary files used by the system to guarantee data
reliability over the unreliable nfs mount. These can be left behind by
an application or process that has terminated abnormally.

Back to Contents


How do I stop printing a banner page?



If this is for just one print, use the -o option, for
example:


lp -o nobanner name


Otherwise, edit the file /etc/lp/interfaces/printername and
change the option nobanner to yes.

Back to Contents


How can I find out and set shared memory?



Use the command ipcs to view what is set.


If you wish to change them, edit /etc/systems and reboot
with -r.


Typically, you would edit one or more of msgsys,
semsys, shmsys.





Check out the sun docunemt on shared memory sunworld document on shared memory


Back to Contents

Number of inodes used and free



use the command df -F ufs -o i

Back to Contents

What block size is my file system



use the command mkfs -m /dev/dsk/c?t?d?s?


look at the bsize value (you need to be root to run this)

Back to Contents


How do I find out which clients are NFS mounting
a server?



Use the command dfmounts

Back to Contents


How do I get rid of defunct processes?



These are caused by an application or process crashing, terminating
abnormally, getting confused
etc. Look for the parent process of these and kill or refresh it.

Back to Contents


What version of bind am I running?



try /usr/ccs/bin/what /usr/sbin/in.named |grep named




Solaris 2.6 bind 4.9.4-P1 



Solaris 2.5.1 bind 4.9.3-P1






Back to Contents


How can I change the hostid?



There are several ways to do this, try:


Squirrel
FAQ


Back to Contents



Why am I having problems mounting a floppy?






Back to Contents


How do I configure dtlogin for other window managers?



You need to create an Xresourses file to start the window manager.



cd /usr/dt/config/C/Xresources.d
copy Xresources.ow to a new name of your window manager ie Xresourses.kde.





Now edit your Xresources.kde file. Making the changes for your window manager


I.e.


Dtlogin*altDtsIncrement: True





Dtlogin*altDtName: KDE Desktop


Dtlogin*altDtKey: /usr/local/kde/bin/startkde


Dtlogin*altDtStart: /usr/local/kde/bin/startkde


Dtlogin*altDtLogo: KDElogo





copy the KDE logo KDElogo.pm to /usr/dt/appconfig/icons/C/KDElogo.pm





Back to Contents


Dual headed sun system



Try looking at infodoc 11669.


OPenwin
openwin -dev /dev/cgsix0 left -dev /dev/cgsix1 right




CDE


edit Xservers with


:0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -dev /dev/cgsix0 -dev /dev/cgsix1 right

How do I configure CDE?





The control panel



In this example I will add the workman cd player to the control panel.


Copy the CDE config file dtwm.fp from /usr/dt to your homedirectory/.dt/types


Create an icon and place it in ~.dt/icons. it should have a .m.pm extension.


ie. Player.m.pm


Edit the dtwm.fp file
and add following. In this case I am adding it between the help and
trash areas. the position hints is 13 so it should appear towards the
right between the help (book) icon and the trash (waste bin) icon.


CONTROL cdplayer

{

  TYPE                  icon

  CONTAINER_NAME        Top

  CONTAINER_TYPE        BOX

  POSITION_HINTS        13

  PUSH_ACTION           cdplayer

  ICON                  Player

}


Create a file for what to do when the button is pushed. In the example
it is called cdplayer. The file has a .dt extension IE cdplayer.dt. The
contents of this file are. 

ACTION cdplayer

{

     LABEL         cdplayer

     TYPE          COMMAND

     EXEC_STRING   /usr/local/bin/workman

     ICON          somename

     WINDOW_TYPE   NO_STDIO

     DESCRIPTION   starts cdplayer

}




The mouse menu


copy the mouse menu from /usr/dt/config/C/sys.dtwmrc to you home directory ~/.dt/types/dtwmrc.



edit the dtwnrc file adding or removing mouse options. In this case we will create an applications submenu and put the cdplayer in that submenu. 



Firstly add the applications menu to the main menu by instering a line like this



"Applications"                      f.menu apps

in the DtRootMenu section.  approx line 38

then  hgo to the botton of the file and create the application menu. ie. 



Menu apps

{

APPLICATIONS" f.title

"CD Player" f.exec "/usr/local/bin/workman"

}

Back to Contents


How do I stop colour flashing?





Back to Contents

How do i communicate between systems using scokets


There are several ways to do this.  Below is an example of a perl program that sends the string 

"hey now hey now now. Sing this corrosion to me " to port 1250 on a system called mission.

On the mission server there is a program which is called via inetd that picks up this incomming 

line and writes it to a file /tmp/outfile.  the program is called read-socket.pl





Sample /etc/inetd.conf entry

read-socket stream tcp nowait neville /export/home/neville/read-socket.pl



Sample /etc/services entry

read-socket     1250/tcp



Sample sending program  (send-line.pl)

#!/usr/bin/perl

use IO::Socket;

$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',

                              PeerPort =&gt; 1250,

                              Proto    =&gt; 'tcp',

                             );

die "Socket could not be created.  Reason $! \n"  unless $sock;

print $sock "hey now hey now now. Sing this corrosion to me\n";

close ($sock);



Sample sending program  (send-file.pl)

#!/usr/bin/perl

use IO::Socket;

my $FILETOSEND = "/tmp/crappy";

open (INFILE, $FILETOSEND) || die "cannot open file: $FILETOSEND \n";

$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',

                              PeerPort =&gt; 1250,

                              Proto    =&gt; 'tcp',

                             );

die "Socket could not be created.  Reason $! \n"  unless $sock;

#now do the sending

select  ($sock);

while (&lt; INFILE &gt; )

	{	

	print $_;

}

close ($sock);

close ($INFILE);



Sample reading program  (read-socket.pl)

#!/usr/bin/perl

open (OUT,  "&gt;/tmp/outfile") || die "cannot open output file \n";

print OUT &lt; STDIN &gt;

close (OUT);



Sample reading program as a deamon (not using /etc/system and /etc/services)

#!/usr/bin/perl

use IO::Socket;

$sock = new IO::Socket::INET (PeerPort =&gt; 1250,

                              Proto    =&gt; 'tcp',

                              Listen   =&gt; 10,

                              Reuse    =&gt; 1,

                             );

die "Cannot start deamon on socket  Reason $! \n"  unless $sock;

while ($this_connection = $server-&gt;accept())

{

print $this_connection;

}

close ($sock);




Back to Contents

How do i find out what resources a running process is using


Use the proc commands below and others. 

/usr/proc/bin/pmap -x $PID   (see what memory is used)

/usr/proc/bin/pldd $PID         (see what shared libraries are used)

/usr/proc/bin/pwdx $PID         (see what the working directory is)



Download a copy of memtool from Sun.  ftp://playground.sun.com/pub/memtool


Back to Contents

How can i program in curses?



If you plan to use curses to do an interface try looking at this site. It might make life easier for you


SCRMGR curses interface


Back to Contents

Get system hardware configuration



Run the command /usr/platform/arch-type/sbin/prtdiag -V


Back to Contents

Run jobs in background during times of light system loading



Try this site
Idalize program

Back to Contents

System stats in html format



Get a copy of DHTMLR (Do HTML Report) forom the belew site.


this is a shell script that gets system info and builds web pages.
DHTMLR program from the Sunsolve site Belgium

Back to Contents


Graphical FTP front ends for X



There are quite a few graphical front ends for ftp available. Below are
a couple of them. Also try looking at the KDE and GNOME sites.


GNU licenses Graphical ftp


llnl xdir

Back to Contents


Security issues and Solaris



Um yes well probably quite a few bits to add here. lets try


Back to Contents

Info on old sun hardware



This is a 7 part document



Back to Contents

Microsoft Internet Explorer and Outlook express for Solaris



Download it from


Internet Explorer


Back to Contents

How to prevent stack overflow



add noexec_user_stack to the file /etc/system

Back to Contents


How to tell if you are in 32 or 64 bit mode



use the command isainfo -v

Back to Contents


Disable CDROM popup under CDE



comment out the stdvolcheck stuff from


/usr/dt/config/sessionetc

Back to Contents


Stop FTP users from logging in



Set their shell in /etc/passwd to /bin/false. Then edit /etc/shells and add a line /bin/false.

Back to Contents


Check for disk errors



Use the commands


iostat -e or iostst -E or netstat -k

Back to Contents


Firewall information



Probably a lot to say here lets start with



Back to Contents


Performance tuning information



Probably a lot to say here lets start with



Back to Contents


Xerox NeWSprinter20 Toner



As far as i can tell this is the toner Xerox XP 15/20

Back to Contents


Connecting a Sun Monitor to a PC



You will need to get a fixed frequency card. Look at this site.




Monitor world




Back to Contents



Connecting a PC Monitor to a Sun



You will need to get a 13W3 to VGA connector.


Some monitors (Notably Sony based ones) will just work. Plug it it and reboot.


If not you will need to set up your monitor configurations at the NVRAM.


To set the NVRAM you need the following info.




Back to Contents


Pinouts for Scsi, Video, Audio, Parallel, serial, etc



A good site to start looking at is:


Pinouts.com




Back to Contents


What is my screen resolution, etc



Under the X11 environment run the command xdpyinfo. If not running X
then you will need to look at one of the frame buffer config commands.


Unfortunatly these are framebuffer specific but try

System/Framebuffer	Command



Sparc4, Sparcx5 tcx	tcxconfig

x86			kdmconfig

Ultra creator		ffbconfig

Ultra PGX/M64		m64config

sparc ZX/TZX		leoconfig

sparc SX		cg14config


If you do not have the OS running but are at the OK pronpt try using nvedit.




Back to Contents


Upper to lower case traanslation using tr


#!/bin/sh

#translate filenames in uppercase to lowercase



for FILE in `ls`

do

        NEWNAME=`echo $FILE |tr [A-Z] [a-z]`

        mv $FILE $NEWNAME

done






Back to Contents

How to create solaris pkg'd



read this good article.


creating solaris packages


Back to Contents


Mb/Mhz rpm rule of thumb



A vague rule of thumb when looking at disk arrays is MB transfered is 10% of Mhz





for every 1000 rpm of disk you will get about 9 I/O's second therefore a 10,000rpm disk will have 90 I/O second


If these are in a stripe configuration of 5 working disks the the throughput


could be 400 I/O second


At the time of writing a fully populated D1000 could yeald up to 3000 I/O second


Back to Contents


Online & Offline processors and what running on a processor



useful commnads are mpstat, psrinfo, psrset, pbind


Back to Contents


Rename an e10000 domain



Take a look at this page to show how to remane a domain. The main thing
to remember is to rename the domain on the ssp as well as the domain
itself.
Renaming an E1000 Domain


Back to Contents





1




Powered by ScribeFire.

Read more

0 Unix Interview Questions???

By omp on

Linux admin interview questions
  1. How do you take a single line of input from the user in a shell script?
  2. Write a script to convert all DOS style backslashes to UNIX style slashes in a list of files.
  3. Write
    a regular expression (or sed script) to replace all occurrences of the
    letter ‘f’, followed by any number of characters, followed by the
    letter ‘a’, followed by one or more numeric characters, followed by the
    letter ‘n’, and replace what’s found with the string “UNIX”.
  4. Write a script to list all the differences between two directories.
  5. Write a program in any language you choose, to reverse a file.
  6. What are the fields of the password file?
  7. What does a plus at the beginning of a line in the password file signify?
  8. Using the man pages, find the correct ioctl to send console output to an arbitrary pty.
  9. What is an MX record?
  10. What is the prom command on a Sun that shows the SCSI devices?
  11. What is the factory default SCSI target for /dev/sd0?
  12. Where is that value controlled?
  13. What happens to a child process that dies and has no parent process to wait for it and what’s bad about this?
  14. What’s wrong with sendmail? What would you fix?
  15. What command do you run to check file system consistency?
  16. What’s wrong with running shutdown on a network?
  17. What can be wrong with setuid scripts?
  18. What value does spawn return?
  19. Write
    a script to send mail from three other machines on the network to root
    at the machine you’re on. Use a ‘here doc’, but include in the mail
    message the name of the machine the mail is sent from and the disk
    utilization statistics on each machine?
  20. Why can’t root
    just cd to someone’s home directory and run a program called a.out
    sitting there by typing “a.out”, and why is this good?
  21. What is the difference between UDP and TCP?
  22. What is DNS?
  23. What does nslookup do?
  24. How do you create a swapfile?
  25. How would you check the route table on a workstation/server?
  26. How do you find which ypmaster you are bound to?
  27. How do you fix a problem where a printer will cutoff anything over 1MB?
  28. What is the largest file system size in solaris? SunOS?
  29. What are the different RAID levels?
Interview questions for Linux admin

  1. Advantages/disadvantages of script vs compiled program.
  2. Name a replacement for PHP/Perl/MySQL/Linux/Apache and show main differences.
  3. Why have you choosen such a combination of products?
  4. Differences between two last MySQL versions. Which one would you choose and when/why?
  5. Main differences between Apache 1.x and 2.x. Why is 2.x not so popular? Which one would you choose and when/why?
  6. Which Linux distros do you have experience with?
  7. Which distro you prefer? Why?
  8. Which tool would you use to update Debian / Slackware / RedHat / Mandrake / SuSE ?
  9. You’re asked to write an Apache module. What would you do?
  10. Which tool do you prefer for Apache log reports?
  11. Your portfolio. (even a PHP guest book may work well)
  12. What does ‘route’ command do?
  13. Differences between ipchains and iptables.
  14. What’s eth0, ppp0, wlan0, ttyS0, etc.
  15. What are different directories in / for?
  16. Partitioning scheme for new webserver. Why?



Unix/Linux programming interview questions


Question 1: What is the major advantage of a hash table? (Asked by Silicon Magic Corp. people)



Answer:
The major advantage of a hash table is its speed. Because the hash
function is to take a range of key values and transform them into index
values in such a way that the key values are distributed randomly
across all the indices of a hash table.


Question 2: What are the techniques that you use to handle the collisions in hash tables?(Asked by Silicon Magic Corp. people)


Answer:
We can use two major techniques to handle the collisions. They are open
addressing and separate chaining. In open addressing, data items that
hash to a full array cell are placed in another cell in the array. In
separate chaining, each array element consist of a linked list. All
data items hashing to a given array index are inserted in that list.


Question 3: In Unix OS, what is the file server? (Asked by Silicon Magic Corp. people)


Answer: The file server is a machine that shares its disk storage and files with other machines on the network.




Question 4: What is NFS? What is its job?(Asked by Silicon Magic Corp. people)


Answer:
NFS stands for Network File System. NFS enables filesystems physically
residing on one computer system to be used by other computers in the
network, appearing to users on the remote host as just another local
disk.



Question 5: What is CVS? List some useful CVS commands.(Asked by Silicon Magic Corp.people)


Anser:
CVS is Concurrent Version System. It is the front end to the RCS
revision control system which extends the notion of revision control
from a collection of files in a single directory to a hierarchical
collection of directories consisting of revision controlled files.
These directories and files can be combined together to form a software
release.

There are some useful commands that are being used very often. They are


cvs checkout

cvs update

cvs add

cvs remove

cvs commit



Unix/Linux administration interview questions


What is LILO?



LILO
stands for Linux boot loader. It will load the MBR, master boot record,
into the memory, and tell the system which partition and hard drive to
boot from.


What is the main advantage of creating links to a file instead of copies of the file?


A:
The main advantage is not really that it saves disk space (though it
does that too) but, rather, that a change of permissions on the file is
applied to all the link access points. The link will show permissions
of lrwxrwxrwx but that is for the link itself and not the access to the
file to which the link points. Thus if you want to change the
permissions for a command, such as su, you only have to do it on the
original. With copies you have to find all of the copies and change
permission on each of the copies.


Write a command to find all of the files which have been accessed within the last 30 days.


find / -type f -atime -30 &gt; December.files



This
command will find all the files under root, which is ‘/’, with file
type is file. ‘-atime -30′ will give all the files accessed less than
30 days ago. And the output will put into a file call December.files.


What is the most graceful way to get to run level single user mode?


A: The most graceful way is to use the command init s.

If you want to shut everything down before going to single user mode then do init 0 first and from the ok prompt do a boot -s.


What does the following command line produce? Explain each aspect of this line.



$ (date ; ps -ef | awk ‘{print $1}’ | sort | uniq | wc -l ) &gt;&gt; Activity.log


A:
First let’s dissect the line: The date gives the date and time as the
first command of the line, this is followed by the a list of all
running processes in long form with UIDs listed first, this is the ps
-ef. These are fed into the awk which filters out all but the UIDs;
these UIDs are piped into sort for no discernible reason and then onto
uniq (now we see the reason for the sort - uniq only works on sorted
data - if the list is A, B, A, then A, B, A will be the output of uniq,
but if it’s A, A, B then A, B is the output) which produces only one
copy of each UID.

These UIDs are fed into wc -l which counts the lines - in this
case the number of distinct UIDs running processes on the system.
Finally the results of these two commands, the date and the wc -l, are
appended to the file "Activity.log". Now to answer the question as to
what this command line produces. This writes the date and time into the
file Activity.log together with the number of distinct users who have
processes running on the system at that time. If the file already
exists, then these items are appended to the file, otherwise the file
is created.


Solaris interview questions


  1. List the files in current directory sorted by size ? - ls -l | grep ^- | sort -nr
  2. List the hidden files in current directory ? - ls -a1 | grep "^\."
  3. Delete blank lines in a file ? - cat sample.txt | grep -v ‘^$’ &gt; new_sample.txt
  4. Search for a sample string in particular files ? - grep .Debug. *.confHere grep uses the string .Debug. to search in all files with extension..conf. under current directory.
  5. Display the last newly appending lines of a file during appendingdata to the same file by some processes ? - tail .f Debug.logHere tail shows the newly appended data into Debug.log by some processes/user.
  6. Display the Disk Usage of file sizes under each directory in currentDirectory ? - du -k * | sort .nr (or) du .k . | sort -nr
  7. Change to a directory, which is having very long name ? - cd CDMA_3X_GEN*Here original directory name is . .CDMA_3X_GENERATION_DATA..
  8. Display the all files recursively with path under current directory ? - find . -depth -print
  9. Set the Display automatically for the current new user ? - export
    DISPLAY=`eval ‘who am i | cut -d"(" -f2 | cut -d")" -f1′`Here in above
    command, see single quote, double quote, grave ascent is used. Observe
    carefully.
  10. Display the processes, which are running under yourusername ? - ps .aef | grep MaheshvjHere, Maheshvj is the username.
  11. List some Hot Keys for bash shell ? - Ctrl+l . Clears the Screen. Ctrl+r . Does a search in previously given commands in shell. Ctrl+u - Clears the typing before the hotkey. Ctrl+a . Places cursor at the beginning of the command at shell. Ctrl+e . Places cursor at the end of the command at shell. Ctrl+d . Kills the shell. Ctrl+z . Places the currently running process into background.
  12. &nbsp;Display the files in the directory by file size ? - ls .ltr | sort .nr .k 5
  13. How to save man pages to a file ? - man &lt;command&gt; | col .b &gt; &lt;output-file&gt;Example : man top | col .b &gt; top_help.txt
  14. How to know the date & time for . when script is executed ? - Add
    the following script line in shell script.eval echo "Script is executed
    at `date`" &gt;&gt; timeinfo.infHere, .timeinfo.inf. contains date
    & time details ie., when script is executed and history related to
    execution.
  15. How do you find out drive statistics ? - iostat -E
  16. Display disk usage in Kilobytes ? - du -k
  17. Display top ten largest files/directories ? - du -sk * | sort -nr | head
  18. How much space is used for users in kilobytes ? - quot -af
  19. How to create null file ? - cat /dev/null &gt; filename1
  20. Access common commands quicker ? - ps -ef | grep -i $@
  21. Display the page size of memory ? - pagesize -a
  22. Display Ethernet Address arp table ? - arp -a
  23. Display the no.of active established connections to localhost ? - netstat -a | grep EST
  24. Display the state of interfaces used for TCP/IP traffice ? - netstat -i
  25. Display the parent/child tree of a process ? - ptree &lt;pid&gt; Example: ptree 1267
  26. Show the working directory of a process ? - pwdx &lt;pid&gt; Example: pwdx 1267
  27. Display the processes current open files ? - pfiles &lt;pid&gt; Example: pfiles 1267
  28. Display the inter-process communication facility status ? - ipcs
  29. Display the top most process utilizing most CPU ? - top .b 1
  30. Alternative for top command ? - prstat -a






Powered by ScribeFire.

Read more

Popular Posts

  • Unix Interview Questions???
    Linux admin interview questions How do you take a single line of input from the user in a shell script? Write a script to convert all DO...
  • Network Storage - II
    Network-Attached Storage 1. Introduction 2. What is a NAS Device? 3. What is a Filer? 4. Network-Attached Storage Versus Sto...
  • Converting delimited text to Excel
    Description Google Results Non-technical people need t...
  • Managing Disk Spaces with LVM in Linux.
    Bryce Harrington and Kees Cook have come together to write this informative article titled ' Managing Disk Space with LVM ' which ...
  • Lo
    for Expand words, and execute commands once for each member in the resultant list, with name bound to the current member. SYNTAX for...
  • Configure a Physical Interface After System Installation
    * Determine the IPv4 addresses that you want to use for the additional interfaces. * Ensure that the physical interface to be configured has...
  • (no title)
    Global Menu - Ubuntu Lucid Setting up global menu in lucid install the global menu package.
  • UNIX Questions and Answers
    UNIX Questions and Answers Most answers refer to Solaris 2.x systems Hardware Issues How can I configure new devices without rebooting? What...
  • Generate passwords with openssl
    write 6 random bits of base64-encoded data. This will produce an eight character string making a good unix (crypt based) password: $ openssl...
  • Blade server
    IBM HS20 blade server. Two bays for SCSI hard drives can be noticed in the upper left area of the image. Blade servers are self-contained co...

Linux Gazette