Web template
updated by
Christopher Spry
2 May 2014

Guide for configuring a SUN Blade 1000 with Solaris 8

This guide was started on 8 January 2002. I am updating it as I learn about Solaris and its implementation on my SUN Blade 1000 workstation. It is designed for people, like me, setting up this computer for the first time and who want to make best use of it. It contains settings that I have found to work for me. Please email cspry@cspry.co.uk with corrections and suggestions.

Index:


1. Books and information on the computer and software

Courses are available for those who want to obtain a Sun 'System Administrator Certificate' by passing the Sun 'Solaris 8 System Administration' Part I and II examinations. Sun's courses are: Solaris 8 System Administration I (SA-238), Solaris 8 System Administration II (SA-288) and Solaris 8 TCP/IP Network Administration (SA-389). The course books cost US$70 each. Topics for each course, which gives an idea of what the novice needs to learn, are:

Sun Solaris 8 System Administration Part I:
1: Introduction 
2: Adding Users 
3: System Security 
4: The Directory Hierarchy 
5: Device Configuration 
6: Disks, Slices and Format 
7: UFS File System 
8: Mounting File Systems 
9: Maintaining File Systems 
10: Scheduled Process Control 
11: LP Print Services 
12: The Boot PROM 
13: System Boot Process 
14: Installing Solaris 8 Operating Environment 
15: Administration of Software Packages 
16: Managing Software Patches 
17: Backup and Recovery 

Sun Solaris 8 System Administration Part II:
1: Introducing the Client-Server Relationship 
2: Introduction the Solaris Network Environment 
3: Solaris Operating Environment Syslog 
4: Introducing Disk Management 
5: Solaris Pseudo File Systems and Swap Space 
6: NFS 
7: AutoFS 
8: CacheFS 
9: Role-Based Access Control 
10: Solaris Management Console and Solaris AdminSuite 
11: Naming Services Overview 
12: NIS 
13: JumpStart - Automatic Installation 
14: Solaris Administrator Workshop 

Sun Solaris 8 TCP/IP Network Administration:
1: Network Models
2: Introduction to Local Area Networks
3: Ethernet Interface
4: ARP and RARP
5: Internet Layer
6: Routing
7: Transport Layer
8: Client-Server Model
9: DHCP
10: Introduction to Network Management Tools
11: Domain Name System
12: Introduction to NTP
13: Network Troubleshooting
14: Introduction to IPv6

Sample questions and answer are available.


2. Obtaining information about the computer and its software:

The Sun 'Handbook' provides information on the Blade 1000 computer. There are a collection of shell scripts at SunSolve that can be used to collect system information.


3. Administration, remote

It is possible to administer one Sun system from another on the same TCP/IP network, by remotely logging in as a user. Type 'rlogin -l <username> <systemname>'. Do not 'rlogin' as root, for security reasons. The remote system will ask for the username's password and login to a shell.

'Webmin' is a web based administration GUI that can add, delete and modify users, start and stop daemons, view and modify configuration files. 


4. Booting and shutdown options

The default boot device for Sun computers is SCSI ID 3. This can be an internal or an external drive. The default boot device can be changed at the 'OK' prompt, using 'devalias' / 'nvalias' commands.

(a) To boot into single user mode when the computer is off:

Without a CD-ROM, turn on the monitor then the computer. When you see Sparc information appear on the screen, hit 'stop-a'. At the 'ok' prom prompt, type 'boot -s' to enter single user mode.

(b) To boot the system with a CD-ROM when the computer is off, to mount a drive: 

First, shutdown the system. You may have to power off if you can not run 'shutdown'. Turn the power back on and, when OpenBoot starts, hit 'stop-a'. This will bring you to a prompt. Put the installation CD-ROM in the CD-ROM drive. Type 'boot cdrom -s' This will boot your system into single user mode from the CD-ROM and bring it to a # prompt. At that prompt, type 'mount /dev/dsk/c0t0d0s0 (or wherever your root slice is) /a'. If root's password needs to be changed, edit /a/etc/passwd, to change the shell to something valid (/sbin/sh is preferable). Reboot. In future, use 'vipw' if you are planning on manually altering the password file, as it prevents root's shell from being damaged.

(c) To boot without a keyboard, monitor or mouse when the computer is off:

Unplug the keyboard and monitor cables, then power up the system. Serial port A is then given access, by default, to the keyboard and mouse. Administration of a 'headless' computer is usually carried out through a serial port modem, which is considered to be a 'better' way to manage the computer, than using a KVM switch. 

Disable graphical processes in a running 'headless' computer (e.g. one without a monitor) by typing '/etc/rc2.d/s99dtlogin stop'. Then, prevent the graphical processes starting at boot-time, with the command: 'mv /etc/rc2.d/S99dtlogin /etc/rc2.d/s99dtlogin'.

(c) To reboot immediately and reload Solaris, as root, type 'reboot'. This is often done when patches have been installed, or other major work done on the software.

(d) To shutdown the system to the single user state ('-i s'), without questions ('y'), with an initial pause (grace) of 10 seconds ('-g 10'), as root, type 'shutdown -y -g 10 -i s'. To shutdown to other init states, such as 'init 6', type 'shutdown -i6'.

(e) To shutdown and power off the system:

either, run the '/usr/sbin/halt' (which is equivalent to init6) or '/usr/sbin/poweroff' (which is equivalent to 'init5') commands. They provided no 'grace' period to users before shutdown.

or, press the power button on the front of the computer and it will prompt for shutdown options. Pressing the power button for more than a few seconds will force a rapid shutdown and the system will power off immediately, but this is rarely needed and can cause problems.

(f) To shutdown a system and restart to detect new hardware automatically: 'reboot -- -r'. Note that the drivers for the new hardware should be installed already.

Note, that system and other log files are kept in directory '/var/adm' and '/var/log'. They are defined in '/etc/syslog.conf'.


5. CD-ROM

SUN computers need to read 512 byte blocks from a CD-ROM in order to boot from them. Some older CD-ROM drives only provide 2048 byte blocks. These will work with Solaris, but CDs may not be bootable. Some older CD drives provide 'block' jumper settings that can be altered to 512. Modern CD-ROM drives will 'step down' automatically to the 512  byte blocks needed to boot SunOS. The default SCSI ID of the CDROM drive in Sparc 5 system is 6. To boot from the CDROM drive, set the SCSI ID of CDROM to 6 and execute the command 'boot cdrom'  from the OK prompt. 

Normally, a CD-ROM will be mounted automatically by the 'Volume Manager' when a CD is inserted into the drive. To eject a CD, which mounted automatically under 'Volume Manager',  type 'eject cdrom'. The slices on the CD are mounted under '/cdrom directory.hostname/usr/local/bin/sysinfo'.

Software to play audio CD's under Solaris include xmms, alsaplayer, workman and Solaris 'audioplay', which is described at 'man audioplay' and can play an audio file using 'audioplay file.au'


6. Compilers

There are several C compliers (cc) that can be used under Solaris 8. The FAQ describes where to get these compilers. The Sun 'cc' is better optimised for Suns than 'gcc' and will run a little faster. If your programme is IO bound, not CPU bound, then this is probably unimportant. The Sun debugger is probably 'better' too. For instance, the gnu debugger (gdb) is not reliably able to debug multithreaded code, but the Sun one debugger can do so. The debugger and compiler better integrated in Sun tools. So there are probably some advantages in using Sun's 'cc' although many people are happy with 'gcc'.


7. cron

'Cron' provides a way to run programs automatically in the future, once or many times.

The commands that are run by 'root' are in a file called '/var/spool/cron/crontabs/root', which can be edited directly by 'root', (but see below). First, make a copy called 'root.def' of the 'root'. After editing the file, to alter or add more commands, make 'cron' re-read root's altered cron file by typing in a shell '/etc/init.d/cron stop; /etc/init.d/cron start'. If this fails, with a 'FIFO' error message, then a file called 'FIFO' will have to be deleted first in '/var/cron'.

It is preferable for each user to run his own cron jobs. To do so, first, type in the user's home directory 'crontab -l > cronfile'. The 'l' is an 'elle' to 'list' the jobs already set up. If you leave out the 'elle', all of this user's cron jobs already setup will be deleted, so take care! There may be none, in which case, there will be an error message but an empty file called 'cronfile' will be created in ~loginname. Edit '~loginname/cronfile' and add lines of commands for cron to execute. Read 'man cron' to learn more. The first part of the line contains the minute, hour, day, month, and day of the week when the job is to run. These are separated by 'tabs'. The rest of the line contains the commands. A command can be tested by entering it in a Bourne shell (type 'sh' in any other type of shell, to start the Bourne shell) and seeing if it runs. 'cron' is run by default in the Bourne shell, so you should always test cron jobs using the Bourne shell, not other shells which may give misleading errors messages. Several commands can be entered on one line, with a ';' (semicolon) between them. e.g. '0 20 * * 1    cp /tmp/aa /tmp/bb; cp /tmp/bb /tmp/aa' will copy 'aa' to 'bb' and back again at 20:00 on Mondays. The '*' means 'all' and hours are '1-24'. Several entries are separated by ',' ('comma') , so '1,2' in the month section means 'January' and 'February'. Use the full path names for files, or use 'cd directory;' at the start of the list of commands, if all the commands are to run in 'directory'.

When you are sure that all the jobs are entered correctly, type 'crontab cronfile'. This will overwrite all the cron jobs that you have already setup, with the jobs listed in 'cronfile'. Then make a copy of 'cronfile' called 'cronfile.def' in case you forget to type 'crontab' with an 'elle', later on. Type 'crontab -l' to list all your jobs. Do not forget that 'elle'!. Finally restart the 'cron' daemon with the command '/etc/init.d/cron stop; /etc/init.d/cron start'. 

The standard output and standard error of commands in cron jobs, which are not piped or redirected elsewhere, are sent as emails to the owner of the cron job. You can prevent emails being sent by redirecting to '/dev/null' the command's standard output: '1>/dev/null' or the command's standard error: '2>/dev/null' or both: '>/dev/null 2>&1'. 

You can run these kinds of jobs just once, at a set time using the 'at' command. See how to do this by typing 'man at'. 

Using cron to back up users' files daily

Here is an example of how I use cron. I set up cron so that each weekday evening, at 19:00 a compressed 'tar' file called '/usr/people.tar.gz' is made of all the users' files in '/usr/people'. The files are compressed by about 50%. The program it uses is GNU's 'gtar'. '/usr/people.tar.gz' is then copied at 20:00, using Samba's 'smbtar', to a PC running Windows NT, elsewhere on the network. I use WinZip v 7 service pack 1 on the PC to open 'people.tar.gz' and extract any files that I need to recover.
The entry in my '/var/spool/cron/crontabs/root' to create the '/usr/people.tar.gz' file is:

0 19 * * 1,2,3,4,5 '/usr/bin/gtar czf /usr/people.tar.gz /usr/people > /dev/null 2>&1 (one long line)

The entry in '/var/spool/cron/crontabs/myuser' (my login is 'myuser') that copies on Mondays at 20:00 the '/usr/people.tar.gz' file to my PC (called 'mypc', share 'mypc_d', password 'mypassword', user 'myuser') is: 

0 20 * * 1 cd /usr; /usr/local/samba/bin/smbclient //mypc/mypc_d mypassword -U myuser -c 'put people.tar.gz ; del people.tar.gz.Mon ; rename people.tar.gz people.tar.gz.Mon' >/dev/null 1>&2' (one long line)

I have four more similar lines in '/var/spool/cron/crontabs/myuser' for the other four weekdays, so that there are five daily backups of the users' files on the PC at any one time. In them, I have replaced the '1' with '2', '3', '4' and '5'. You can make more backup files, if you need to, by making a line that specifies the month and so on. If you want to follow this approach, to save time you can use 'nedit' as 'root', to open your cron files. Make a backup of the original files first! Then cut and past the above lines into the files.  Customize the lines to suit your needs.


8. Directory listings

'ls -al' is the standard one in alphabetical order including 'hidden' files (.files).
'ls -alcr' gives a listing with the last file which has been altered, at the bottom of the list. 
I have set up an alias for 'ls -alcr' called 'd', to save me remembering the command. You can type this in a shell at any time: 'alias d 'ls -alcr', then use 'd' for the rest of that login session. If an alias is in a muddle, type 'alias ls ls' to set 'ls', for example, back to its default setting. 
'find / -mount -type f -size +4000 -ls' is a useful way to find files 2-GB or more.
To find text (a 'string') in many files: find / * -exec grep -l <string> {} \;


9. Drives: adding a new drive

Solaris 8 10/00 or later is required for EIDE drives larger than 32 GB. Run 'man newfs' to see the options. Installation takes about 30 mins for a new 36-GB drive. 

First attach the new drive then run the following commands in a shell:

drvconfig 
disks 
format - OK the label process - Select partition - Create the desired partitions - label the disk again and exit 
newfs /dev/rdsk/c0t0d0s0 Obviously, you will want to 'newfs' the proper drive and partition instead of c0t0d0s0, which is possibly your "/" filesystem.
newfs /dev/rdsk/c0t0d0s1

A 'Master Sun format.dat' file is available for formatting a variety of drives, if low level formatting is needed. All new SCSI drives are pre-formatted before purchase.


10. Drives: RAID

Software RAID  is included as the Solstice DiskSuite RAID, which has documents.


11. email

starting and stopping  `mail' (mediamail)

Run in a shell ‘/etc/init.d/mail stop' then ‘/etc/init.d/mail start', to do each separately,
or  ‘/etc/init.d/mail stop; /etc/init.d/mail start' to run both 'stop' and 'start'.

`Vacation' message

I setup my Blade 1000 so that it could send replies to email messages when I was away. I followed the instructions in ‘man vacation'. The message is in ‘.vacation.msg' ready to use. The databases that /usr/sbin/vacation' will use was setup by invoking /usr/sbin/vacation –I'. These are ‘.vacation.dir and .vacation.pag'. I prepared a ‘.forward.vacation' file containing the line: \myuser "|/usr/sbin/vacation myuser" (my login name is 'myuser'). To use the ‘vacation' facility just copy ‘.forward.vacation' to ‘.forward'.


12. Firewalls

The Solaris 8 Operating Environment (Solaris OE) offers built-in firewall functionality with SunScreen Secure Net 3.1 Software, a full-featured firewall product, and SunScreen 3.1 Lite, a firewall product designed to protect individual servers or very small workgroups. There are many ways to setup a firewall for Solaris 8 computers:


13. Firewire and USB ports

Firewire port

The only firewire device Sun provides a driver for is their video camera. No firewire storage devices are supported by Sun, nor has anyone heard of third party vendors writing Solaris drivers for their firewire devices.

USB

USB devices are hot-pluggable, including the mouse and keyboard, which are connected to USB ports, on the Blade 1000. Devices corresponding to plugged-in peripherals are supposed to show up in /dev somewhere. As long as the device conforms to the USB Bulk-Only Mass Storage Spec 1.0 it has a chance of working, see the scsa2usb(7D) man page for details. SUN has a list of some of the USB storage devices that are known to work. It includes some of the IoMega Zip and Jaz products, the ORB 2.2GB disks, a few other devices. No CD-RW drives are listed but the scsa2usb man page mentions them, so some of them should work as well. A driver for Epson scanners is available. There are no USB video drivers (December 2001).

When a new USB device appears on an USB port, the USB host controller / driver sends out an GET_DESCRIPTOR request for the new device and the device answers with an usb_device_descr_t structure (/usr/include/sys/usb/usbai.h), describing the device's basic capabilities. A new device node is then added to the kernel's device tree for the new usb device, and it's "compatible" device property is filled with device names generated from the data returned by the USB device, using the bDeviceClass, bDeviceSubClass, bDeviceProtocol, idVendor, idProduct and bcdDevice fields from the usb_device_descr_t structure. The kernel tries to match one of these names against /etc/driver_aliases to find an USB client device driver for the new UCB device. Example for a no-name USB mouse, attached to a no-name OHCI USB PCI card ("OPTi Inc.") in an Ultra-60 (prtconf -Dv output): pci1045,c861, instance #0 (driver name: ohci) ... mouse, instance #0 (driver name: hid) Hardware properties: name <low-speed> length <0> -- <no value>. name <compatible> length <127> value 'usb603,7132.100' + 'usb603,7132' + 'usbif603,class3.1.2' + 'usbif603,class3.1' + 'usbif603,class3' + 'usbif,class3.1.2' + 'usbif, class3.1' + 'usbif,class3' name <reg> length <4> value <0x00000002>. name <assigned-address> length <4> value <0x00000002>. This USB mouse probably returned the following data in the usb_device_descr_t: bDeviceClass 3 (HID_CLASS_CODE "Human interface device") bDeviceSubClass 1 (HID_SUBCLASS) bDeviceProtocol 2 (HID_MOUSE_PROTOCOL) idVendor 603 (http://www.usb.org/app/pub/dump/comp_dump/  "1539|Novatek Microelectronics Corp.") idProduct 7132 bcdDevice 100 (1.0) The following entry from /etc/driver_aliases maps this USB mouse to the hid (/kernel/drv/hid) USB device driver: hid "usbif,class3.1"


14. Floppy drive

Normally, a floppy disk will be mounted automatically by 'Volume Manager' when a diskette is inserted into the drive and the user uses 'File Manager' to click on 'File | Open Floppy'. This will open a new window showing the files on the floppy diskette or offer to format the diskette. Solaris understands and can show files created on Microsoft Windows computers. It calls them 'pcfs' files and can use them in the same way as its own UFS files. Files on the floppy disk are mounted automatically on '/floppy' and this directory is removed when the floppy is ejected. Before removing a mounted diskette from the drive, use 'File Manager' to click on 'File | Eject''. Alternatively, at a console you can type  'eject floppy' to have the same action. Then take the floppy diskette out of the drive. Note that the floppy drive is usually the default device which is automatically ejected by 'Volume Manager'. 

If 'File Manager' can not be used, to mount a DOS floppy disk in Solaris 8, type in  a terminal window 'mount "file system type" /vol/dev/diskette0/"label_name_of_diskette" /floppy/"label_name_of_diskette"'.  If the floppy disk is not labelled, the command line is 'mount -F pcfs /vol/dev/diskette0/noname /floppy/noname', or run manually 'mount -F pcfs /dev/fd0 /floppy'. Also, in the CDE open file manager, you can select 'File | Open Floppy', then in a terminal window type 'cat /etc/mnttab' and the floppy mount parameters are shown.

You can use 'volcheck' to see if there is media in the drive, e.g. 'volcheck -v /dev/diskette'.

Information is available on how to copy a floppy disk to a second floppy disk, in Solaris.

If a floppy fails to mount, type:

/etc/init.d/volmgt stop
<wait a couple of seconds>
pkill -9 `pgrep vold`
pkill -9 `pgrep volcheck`
/etc/init.d/volmgt start

Then try mounting it again with 'volcheck -v'. If that fails, the floppy disk may not be formatted correctly. Sometimes, there appears to be no good reason for a floppy to have failed to mount.


15. ftp automatic

Using ftp It is possible to use ‘at' and a script to ftp download files automatically to the Blade 1000 at say 02:00. Further details can be found by `man ftp'.

(a) Make a file in ~myuser (my login name is 'myuser') called ‘.netrc' containing the line:

default login anonymous password cspry@cspry.co.uk (use your own email here)

This should be set to chmod 600 and will login to any anonymous ftp resource.

(b) a script in the directory where I want the file downloaded called ‘ftp.input' containing the lines:

lcd
lcd mydirectory
cd pub/whatever
bin
hash
reget thefiletodownload

( c) start the ftp command at 02:00 by first logging to ~myuser/mydirectory, then entering in a shell:

at 02:00         (use a generic ‘at time date' e.g. ‘at 14:42 Mar 22')
ftp ftp-europe.sgi.com < ftp.input
^D

This runs as a cron job without any user being logged in. You can see what jobs are ready to run using the command

at -l.

I edited /etc/cron.d files ‘at.allow' and ‘at.deny' to say that only ‘myuser' could run ‘at' commands. The cron job will run, even when no one is logged in.

Using scp Because ftp sends passwords in clear text across networks, it is usually preferable to use 'scp', which encrypts them. 

1. login as a user on the local server (This example uses 'myuser')

2. execute $/usr/local/bin/ssh-keygen to create your public & private keys

3. $ /usr/local/bin/ssh-keygen
   Generating RSA keys:  Key generation complete.
   Enter file in which to save the key (/export/home/myuser/.ssh/identity):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /export/home/myuser/.ssh/identity.
   Your public key has been saved in /export/home/myuser/.ssh/identity.pub.
   The key fingerprint is: (fake Key)
   bd:23:5w:ds:dd:7f:2d:sc:dh:ff:a0:aa:9a:e9:b6 myuser@myaddress 

4. cd .ssh

5. copy identity.pub onto the remote server and rename it
/export/home/myuser/.ssh/authorized_keys.

6. chmod 644 authorized_keys to add permissions only to the user

7. You should be able to login from local server to the remote server without being prompt for a password.

8. use scp to ftp your files securely. This can be added as an 'at' job, as described above.

   #/usr/local/bin/scp filename username@ipaddress:/directory/


16. Graphical file managers

  • Internet Explorer, Microsoft. Microsoft's' Internet Explorer for Solaris' comes with 'Outlook Express'. They will run under Solaris 8 but only in 8-bit, not 24-bit, colour depth. The two programs can not be run simultaneously.
  • mc (Midnight Commander) for console use.
  • GMC (Gnome Midnight Commander) for the XWindows
  • Emacs in either X or tty mode is probably the most powerful directory/file browser. It has built in ftp support and a package called `tramp' supplies support for seamless editing with ssh, rsh, rsync and even telnet. Not sure if it opens plain zip files but with out first having to decompress, but has a compress/decompress key. Definitely looks into tar files. Colour coding for many many types of files and languages is built in (in X).

  • 17. Graphics card software

    To determine what graphics card is installed on a system, look in the '/dev/fbs' directory, which should contain links to the system's graphics card(s) if they have been linked with 'devlink'.  You can see these in other ways as well. For instance, if you run 'prtconf' on a system with an 'ffb' graphics accelerator, you might see:

    $ prtconf
    [...]
          SUNW,ffb, instance #0

    'ffb' is one of several types of graphics card. There may have an M64 or another type of graphics card.  If it were an 'ffb' card, such as the 'Creator3D' graphics card, you can view and change it's parameters with '/usr/sbin/ffbconfig'.  M64 cards use '/usr/sbin/m64config'.  You can do a 'man' for whichever card you have. Sun provide a Solaris Handbook for Sun Frame Buffers and other documents, which describe Sun graphics accelerators.


    18. Hostname and networking

    To check the hostname, type '/sbin/hostconfig -p bootparams -n -v'.
    To add or change the hostname, do one of the following and restart the computer:

    • run /usr/sbin/sys-unconfig or
    • edit directly /etc/nodename; /etc/hostname.<interface> and /etc/hosts. I.e. for an 'hme0' interface, with a hostname of 'testbox' and an IP address of '192.168.0.1', '/etc/nodename' would contain 'testbox', '/etc/hostname.hme0' would contain 'testbox', '/etc/hosts' would have an entry of '192.168.0.1'. 'testbox' also change '/etc/net/*/hosts' and there are three of them there.

    Your computer's name, IP address and the DNS servers that it uses

    The name of the SGI computer is held in '/etc/sys_id'. This can be altered with an editor. Mine contains the line 'sprysgi.sghms.ac.uk', without the apostrophes. Make a backup of the file first, such as 'sys_id.def'. (Always do this before you edit a file. Only delete the '*def' file when you have shown that the new file works properly.)

    The IP address of the computer is set in '/etc/hosts'. Type in a shell 'man hosts' to find out more. Edit '/etc/hosts' so that it contains the host names and IP addresses of your own computer and the computers that you connect to often. Do not add computer names and IP addresses if they change often, unless you are prepared to alter them manually in this file. Your DNS server will contain the names and IP addresses of the computers you can connect to. It must contain the name and IP address of your computer, if TCP/IP is to work properly for you and people who want to connect to or send items to your computer. 

    The DNS servers are listed in /etc/resolv.conf. Each DNS server should be on a separate line of the form:

        nameserver 192.153.12.1
        nameserver 192.153.12.2

    Local resources

    Use 'nsloookup' to find the following TCP/IP resources on your network

    First type 'nslookup'. Then, at the '>' prompt type:

    > ls -t cname sghms.ac.uk      (This gives the `canonical names' at domain 'sghms.ac.uk')

    > ls -t mx sghms.ac.uk    (This gives the `mail exchangers' for `sghms.ac.uk')

    > ls -t ns sghms.ac.uk   (This gives the `name servers' at `sghms.ac.uk')

    > ls -t soa sghms.ac.uk    (This gives the sghms.ac.uk 'start-of-authority' at `sghms.ac.uk')

    End the 'nslookup' session by entering 'ctrl-D'

            Network settings in Solaris

    Unfortunately there is no GUI administration tool to configure something as essential and basic as networking in Solaris. Sun either expects you to learn how to do it yourself, or use the '/usr/sbin/sys-unconfig' command each time you need to change networking settings. For the uninitiated, the 'sys-unconfig' command is probably the best option. The system will automatically reboot and ask you networking questions. After that, you need to manually add the default router to '/etc/defaultrouter' and reboot, or add it to '/etc/defaultrouter', then manually add the route, if you want to do it the right way. Details of the files that are altered by 'sys-unconfig' are found in the man pages and these files can be altered manually, by more advanced users. 


    19. Java

    The current version of Java for Solaris is available from SUN. `.bin' is a shell script, which asks where to install the package. It is normally present in /usr/java. Updates can be installed in other directories such as /usr/local/java<version> or /opt/java<version>. 

    'Java 2' normally means 'Java v1.2 and later' while 'Java 3' normally means 'Java v1.3'.


    20. Keyboards and fonts

    The Blade 1000 can have many different keyboards, including PS2 keyboards attached to an USB port. However, it will only boot with a 'SUN' USB keyboard attached. Once the login screen is reached, the SUN keyboard can be replaced with other makes of keyboard, including a PS2 keyboard attached with a PS2->USB adapter.

    There are many 'extra' keys on a SUN keyboard compared to others:

    • The 'Front' key is used to alter the relative position of multiple windows so that hidden ones are visible.
    • The 'Stop' key if pressed with the 'a' key will cause the operating system to generate a 'panic' so that a dump is generated and the user is put into the 'OK' prompt. To resume, type 'go'. This will return the system to the previous state, providing it has not 'hung'.
    • The 'Open' key
    • The 'Copy' and 'Paste' keys take the highlighted text, and copy it to memory or paste it back to the cursor position.

    To disable a keyboard, before connecting another one, type 'kbd -a disable'. Add DISABLE to '/etc/default/kbd' if you want to disable the keyboard permanently.

    PFU America Inc. sells a variety of types of Solaris compatible keyboards.

    The € ( euro) symbol can be typed on many Sun and PC keyboards in a standard cmdtool window by holding down the altGraph key (lower right corner of main keys) and typing '4'. Note that some keyboards may be unable to generate a € symbol and in netscape/staroffice/xterm and many other applications, font support is missing for the € (euro) symbol, despite LANG=8859-15.' 

    PC keyboards do not have the 'STOP' key found on SUN keyboards, but the following can be used:

    For 'STOP-A' on a Sun, type 'Ctrl-Break' on a PC keyboard

    Keyboard mapping utilities have been available for many years. `xmodmap' is a standard and generally works throughout X. Solaris also has some other utility for doing console rearrangement of keys -- look at the /etc/init.d/keymap script, and the manpages for dumpkeys and loadkeys.


    21. KVM switches and serial port console switches

    Two or more SUN Blade 1000 computers, or other types of computer, can be controlled using either KVM switches or serial port console switches.

    KVM switches

    These are generally used when the user is close to the computers and wants to use one Keyboard, one Video monitor and one Mouse (KVM) to interact with several computers, particularly PCs, which can not be administered using terminal servers. There are many KVM switches, depending on the range of computers to be controlled. The Blade 1000 has USB ports for the keyboard and mouse, so KVM switches should be selected that connect to and can use USB keyboards and mice. You may need to buy a 13W3 > HD15 adapter (also called a '13W3-VGA-Adapter') Sun code X3872A, so that the video port can connect to the KVM connector. The adapter enables a 15-pin connector on the video cable to attach to the 13W3 connector on the graphics card. 

    • AdderView AVMP4 port CPU switch, type SPU with Adder VADD-USB-A-2M 2m cable for Multi-Platform combo keyboard (USB), Video (VGA), 2 x 3.5mm mini jack (Audio). Additional cables are needed for other computers. This is the KVM switch that I bought.
    • Sun's Special Products Group in the UK can provide to resellers, supported KVM switches for use with all Sun servers. 
    • BlackBox sell KVM switches.
    • Raritan 42U has details and advice on KVM switches from many US companies. They supply a KVM to connect PC, SUN and HP-UX computers.
    • PH Design Systems supply KMV2M switches.
    • Network Tech's KVMs have been recommended
    • Avocent has a number of KVM products.

    Serial port console switches

    Two computers can be connected with a null modem (serial port connector). This enables one to dispense with a keyboard and monitor. If the computer to become 'headless' is a SUN, running Solaris, make sure that the null-modem cable is connected to the "A" port and not the "//" port. Log in as root and type this command: 'eeprom | grep device'. There should be at least two lines, the "input-device" and "output-device" lines which should be 'output-device=screen' and 'input-device=keyboard'. Now shut the SUN computer to the "ok" prompt: 'init 0'. Now power the SUN computer off. Unplug the SUN keyboard and monitor and power up again. After a short time, you should see the boot messages coming out of serial port "A".  The default port settings are 9600 bps, 8 data bits, no parity, 1 stop bit, XON/XOFF flow control.

    Devices are used when there are more than one computer to link in this way, without a keyboard or monitor. These are 'serial port console switches'. They are preferred to KVM switches, when the user is some distance from the computers and when there are many computers to administer, usually using XWindows over a TCP/IP network. They are not usually used with PCs, although they can be.

    • Raritan supply serial port console switches.
    • Cyclades TS series servers have been recommended.
    • Avocent sell terminal servers.

    It is possible to connect a PC running Microsoft's Windows, to a SUN system with a null-modem (crossover) cable between a SUN computer's serial port A and the serial port of the PC. Open the 'Hyperterminal' application on the PC and set the terminal settings to 9600 bps, 8 data bits, 1 stop bit, no parity, xon/xoff. If an ASCII terminal is being used, select 'full duplex' instead of xon/xoff. Select 'File | Properties | Settings' and select emulate VT100. Note that 'Control-Break' typed on the PC keyboard may not be able to return to the 'OK' prompt. In that case, install 'TeraTerm Pro' and use it instead of 'Hyperterminal'.

    If you are using a PC connected to a SUN computer through a serial port, when you reset/reboot you PC the serial port on the SUNs see this as a BREAK. Also, this may happen when you unplug and connect a serial cable into the console port.  To disable this feature, in '/etc/system' add 'set abort_enable=0'. This will take effect after rebooting.


    22. Login defaults

    When ordinary users log in, /etc/default/login and /etc/profile are run, followed by ~/.profile, followed by whatever (if anything) is defined in $ENV.  Conventionally, for ordinary users, $ENV contains .kshrc. Subsequent Korn shell invocations (i.e. not the login shell itself) invoke the contents of .kshrc only. So, for instance, if you log in with ksh as your login shell then start up a dtterm window '.kshrc' will be run for that dtterm window. So, put anything that applies globally to all Korn (and Bourne) shell users in /etc/profile, put things that apply to all shells run by a user in ~/.profile and put things that apply only to a single invocation of a shell in ~/.kshrc.

    Root's login directory is normally set to use '/'. Check some of root's default settings in '/etc/default/su' and '/.profile'. Important: Do not alter the default shell used by 'root' to any other shell. If you want to work in another shell while logged in as 'root', type 'exec /usr/bin/bash' or the equivalent command to start another shell. Alternatively, you can set up a different shell in /.profile. For example /.profile can contain:
        stty istrip
        RUNLEVEL=`/usr/bin/who -r | awk '{print $3}'`
        if [ 3 = $RUNLEVEL -a -x /bin/bash ]; then
            exec /bin/bash
        fi
    If you log in as root at the console or via su - the standard /sbin/sh starts, reads the .profile and starts bash if the system is operational. If bash is unable to start you still have your regular shell so you won't lock out yourself in case of an error.

    If you want to run as root on a remote computer, first log in as another user and then 'su' to root. A less satisfactory way is to modify /etc/default/login:

        # If CONSOLE is set, root can only login on that device.
        # Comment this line out to allow remote login by root.
        #
        CONSOLE=/dev/console

    but ensure that you connect using a 'secure' protocol such as 'ssh'. Note that 'sudo' is an application to control what things your users can do as root. It is available from Sun Freeware.

    If you would like the 'C shell' login to show, for every user

    (a) whether you have 'new' mail and
    (b) display unformatted pages with 'awf'
    (c) have 'file completion' so that pressing 'esc esc' will complete an entered name

    cut and paste the following lines into the system's /etc/cshrc file:

    #
    # /etc/cshrc - Default settings for all csh users
    #
    # This is 'sourced' before $HOME/.cshrc, which in turn precedes $HOME/.login
    # when a csh user logs in or invokes /bin/su with the `-' option.
    # Tell the shell to print the '/etc/motd', look for mail and show ‘You have new mail'
    if (! $?MAIL) setenv MAIL /var/mail/$USER
    set mail=$MAIL
    if (! $?ENVONLY) then
          # Print the message of the day.
          cat -s /etc/motd
          # Check for 'mail' and 'new mail'
          /bin/perl -e '$mail = $ENV{"MAIL"}; \
                  if (-s $mail) \
                    {printf ("You have %smail\n", (-M _ < -A _ ? "new " : ""));}'
                  endif
    endif
    setenv MSGVERB text:action
    setenv NOMSGLABEL 1
    setenv NOMSGSEVERITY 1
    # Set unformatted man pages to be displayed using 'awf'
    setenv MANFMTCMD 1
    set filec

    Note that (a) requires the presence of 'perl'. Install it if necessary from one of the free distributions, see perl5 below.

    'last' will interrogate the /var/adm/wtmp file which records all logins and will print a list of users who have logged in. It will show who is currently logged in.
    'finger @host.name' will give information on people connected to 'host.name'.

    The default actions for the potentially dangerous commands 'rm', 'mv' and 'cp' do not include the 'interrogate' function, which will show the command again and ask for confirmation. For this reason, many people 'alias' these commands to safer versions, before they use them, e.g 'alias rm 'rm -i'. If you want to revert the alias to its default setting, just type 'alias command command', e.g. 'alias rm rm'. Alternatively, precede the aliased command with a '\', which will ignore the alias.


    23. Login scripts for `telnet' and `ftp' and `message of the day'

    The 'telnet' login script, which is provided when you login, is in `/etc/issue'. The `ftp' login script is in `/usr/people/ftp/README' and the 'message of the day' is in `/etc/motd'. you can edit these files to give messages to people when they telnet, use ftp or log into the computer. 


    24. Mice

    There is support for two- or three-button mice under Solaris 8 and the 'wheel', often found on mice for PCs, is not supported, although the buttons work normally with mice designed for PCs.


    25. Monitors and screen resolution

    Most monitors that are designed for PCs will work with Sun Blade 1000 computers. You may need to buy a 13W3 > HD15 adapter (also called a '13W3-VGA-Adapter') Sun code X3872A, so that a standard PC video cable can be used to connect the computer to the monitor.

    TFT and other flat panel monitors often work 1024 x 768 x 60 pixels. You will have to alter the display from the graphics card, to use one. Type 'prtconf -F' at a command prompt to see what type of graphic card is present. Then use the card's configuration command to reconfigure it. For example, the Sun 'Creator3D' graphics cards can also use one of these monitors at 75-Hz (60, 70 and 77-Hz can also be used) when given the command: 'ffbconfig -res 1024x768x75 try'. It may reply 'ffbconfig: Cannot verify that 1024x768x75 is a supported video resolution for this monitor ffbconfig: Use 1024x768x75 anyway (yes/no) ?". Reply ' yes'. It will state "ffbconfig: About to change video resolution to 1024x768x75 for 10 seconds ffbconfig: Continue (yes/no) ?" Answer 'yes'. If, after a second or two of blank, it gives you a stable picture (even if the contents of the picture is unreadable), then you have found a resolution that works. If the resolution does not work, then the monitor is either blank or shows poor sync for ten seconds. In any case, after ten seconds it will blank again, then revert to the original resolution and prompt: "ffbconfig: Do you want 1024x768x75 to become the new setting (yes/no) ?". Type 'no' and it will state "ffbconfig: video resolution is now set to 1280x1024x76". If you do chose 'yes', then you should log back in again, in order for the change to take effect cleanly. You can use the 'now' option for the command, but some things may get confused, if you do. Altering the resolution may leave some artefacts in the frame buffer; such as persistent white pixels. These disappear after logging in again. 'Creator3D'  can provide refresh rates at 1024x768 resolution of 60, 70, 75 and 77-Hz.


    26. Partitions, swap files and directories

    Partitions:

    Make only one partition (also called a 'slice'), unless there is not enough RAM, when a second swap partition can be useful. A single partition is the default in new installations of Solaris 8. Unnecessary partitioning used to be a major reason for technical support calls and they are now are rarely found: an historical leftover from the days when the entire operating system would not fit on a single disk. They have not been necessary or advisable since Solaris v 1.3G and when larger drives became available in about 1993. Sun, internally, gives their employees and contractors systems with a single partition. However, some disagree still and consider that a separate partition (sometimes called a 'slice') is needed for the root partition. The command that views, sets up and alters partitions is 'format'. *The 'format' command does not alter data on a hard disk, unlike 'format' under Microsoft 'Windows', until the user tells it to. Solaris 'format' reads the volume table of contents (VTOC) from sector zero of the disk into memory. It allows you to modify the information in memory but does not write any changes to the disk until you label it. At this point, it writes the new VTOC back out onto sector zero. No data on the disk is touched (other than sector zero), so any slices that have not been modified will be entirely unaffected by this operation. To see the partition table of a mounted drive, run 'format', select the drive, then type 'verify'.

    Repartitioning a hard disk:

    While planning and executing this process, use the man pages.
    1. Unmount '/space' and comment out its entry in /etc/vfstab
    2. As root, run format(1m), select the right disk, select 'partition', look at the existing table with 'print'. Then use the commands 0..7 as appropriate to get rid of the slice that was '/space', and define others using that space, always being careful to preserve the slices for '/' and '/var' (and 'swap', if you have a swap partition). Use 'print' again, and make sure you haven't got any overlapping slice definitions. Use 'label' to commit the new partition table to disk, and exit from format.
    3. It might be worth running prtvtoc(1m) against the disk at this point, to confirm that the slices are now as you expect.
    4. Use newfs(1m) to create filing systems in the new slices.
    5. Use mount(1m) to mount the new filing systems where you want them: remember that the mount-point directory needs to pre-exist.
    6. Add entries to /etc/vfstab so that these mounts will be done on subsequent reboots.

     

    Swap files:

    It is possible to alter the swap file space, or create a new swap file. There is information on how to do this in the 'Answerbooks', which are usually installed on the system from the Documentation CD. There is also information at http://docs.sun.com/.  Do not have more than one active swap area on the same spindle (drive). It is best to have the swap partition on a second disk, if one is available, separate from the system disk.

    1. if you have an unallocated part of a disk, such as '/dev/dsk/c0t1d0s1', you can use 'format' to mark it for swap. Swap files can also be created in a slice that already contains a file system. If you want to retain the file system, create a swap file in a single file within it, using 'mkfile', with a command such as 'mkfile 500m  /export/swap/swapfile'.  If you do not need the file system, swap to the raw partition device, when the file system on the partition will be destroyed.
    2. Tell the system about the new swap space, using a command, such as: 'swap -a  /export/swap/swapfile' or 'swap -a /dev/dsk/c0t1d0s1
    3. Update '/etc/vfstab' by adding a line, such as:  '/export/swap/swapfile - - swap - no -' or '/dev/dsk/c0t1d0s1 - - swap - no -'.

    Directories:

    If you want to conform to the SVR4 rules on which the Solaris file system structure is based, all the optional packages which are unbundled from the operating system, including all 3rd party software, go into directory /opt. That is exactly what it was created for. The /usr directory should belong exclusively to the operating system and bundled products. Hence /usr/local does not exist in SVR4. Part of the reasoning for this is that you can then reinstall the operating system and bundled products during which /usr can be safely deleted, but this does not remove any of the unbundled software installations, which are all held separately in /opt, presuming that they are in a separate file systems. However, If you look at the SUN Freeware packages, you will see a mixture of "installs into /opt" and "installs into /usr/local". From a disk space management point of view, if you are inclined to try and simplify, you could consider making /opt/local and make a link from /usr/local to /opt/local.

    By default, /home is an automount point for user directories and it is not a 'real' directory. A good way to identify an automount point is the fact that its size is only 2 bytes in an 'ls -'l listing.

    Automount a hard disks or 'slice':

    If you add an automount point, as root, enter 'automount' to 'install autofs mount points and associate an automount map with each mount point'. See also 'man automount' Make sure you have entered the new mount point in /etc/dfs/dfstab and 'share' it. automountd, even after consulting the new map, requires that automount be run before automountd can access a new mount point. automountd ignore HUP signals. A reboot of the system is not necessary. See also /etc/init.d/autofs 


    27. Passwords

    Lost root password

    Download a copy of the Solaris 8 'Software 1 boot CD' from Sun, and burn it to a CD. Run "boot cdrom -s" from the OK prompt. Mount the internal drive, which is probably /dev/dsk/c0t0d0s0, as '/a'. Use an editor such as 'vi' to edit '/a/etc/shadow' and delete the root password entry. Restart.

    OBP password

    If the OBP password is not known, you will have to replace the NVRAM or change the eeprom password.  To change the eeprom password, boot the system and login. Then modify the eeprom password with eeprom commands.


    28. Patches and maintenance updates for Solaris

    There are a variety of ways to handle patches:

    Martin Paul, has written "I do not use patch clusters at all. Usually, with a new release of Solaris, I start by installing it on one machine, then I use patchcheck to get a list of all Recommended and Security patches, which are missing or not up to date. I download these one by one, making up my base patchlist. This patchlist is used in the jumpstart finish script for all reinstalls. The patchlist is kept up-to-date like this: nearly every day I download the updated patchdiag.xref file, and look at the diffs. All patches applying to the OS release(s) I have installed on my machines are checked manually (i.e. I inspect the README to see what they fix). R/S patches always are downloaded, installed on a test machine and added to the patchlist. Other patches are only added if the fix they provide is needed. Now and then, either all workstations are either reinstalled (and get the newest patch set like that), or I just install the newest patchlist. Of course, some security patches are installed immediately on all machines. When a new H/W release (e.g. Solaris 8 10/01) is made available, I compare the list of preinstalled patches with my patchlist, and remove all that are not needed anymore. Sounds like it is a lot of work, but it is not more than 10-15 minutes of work per day (sometimes more, when there are a lot of new patches, often just one minute, when no new patches are there). In my humble opinion, this time is well invested. I would not install a patch without looking at its 'README' before.
    Reg Quinton at the University of Waterloo, Ontario, Canada, has provided Solaris patch management advice and scripts."

    Joe Shamblin at Duke University has a Perl script called 'PatchReport' to help automate patch installation. A web version is available. Once 'PatchReport' is installed with its additional libraries, and patches have been placed in an archive directory, patches can be installed, using 'cron' with the command 'PatchReport -n -r -l -p /path-to-your-patch-archive'. 

    Caspar Dik and colleagues at Amsterdam University have provided a range of scripts called 'fastpatch', to install patches and updates.

    Security and recommended patches can be obtained from SunSolve. Go to the 'Find Patch' search button on the top left and then it will take you to the Patch Download page. In the centre of the page you will see a menu for all the flavours of Solaris.  Select the Cluster you want to download, such as the 'Recommended 8 cluster'. As 'root', download the patch cluster you need as a 'zip' file to /tmp/. Type 'unzip <filename> to  uncompress the patch cluster to a directory with the patch cluster's name. This will be a subdirectory of the directory where the patch cluster was downloaded. 

    If you are going to use all the patches in the cluster, change directories to the newly created patch cluster's directory and add the cluster of patches using the 'install_cluster' script that was unzipped there. As 'root', type './install_cluster' to do this. 

    If you are going to install your own selection of patches and wish to perform the install unattended, I recommend using the install_cluster script the comes with the Patch Cluster(above) and modify the patch_order file.

    Individual patches can be added using the '/usr/sbin/patchadd <filename>'command. See 'man patchadd' for details of adding one patch or many and other options.

    Maintenance Updates for SPARC Solaris are available. Register using 'solregis' as username and password. Documentation is included but is also available and information about Solaris 8 10/01 is at SunDocs and Sun. Take care that updates do not cause problems with software already installed. If you reinstall an application, patches that were applied to it previously will be lost. 

    Use '/usr/sbin/patchadd -p' (as 'Root') or '/bin/showrev -p' to list the patches which are already applied. (/etc/release contains information on what software was installed, but not patch information).

    Solaris Live Upgrade can be installed as a set of applications that enables the Solaris 8, 7, and 2.6 Operating Environment to continue to run while an administrator upgrades to the latest release of the Operating Environment, applies patches or does routine maintenance on the inactive or duplicate boot environment. When satisfied with the process, the administrator may reboot the system to run the latest or updated operating environment. See SUN's LiveUpgrade page for general information, links to a new datasheet, and links to the download.

    There is a SunSolve resource to check the installed patches against the Recommended and Security patch list. 

    However, the only patches you should install in a production environment are Security and Performance patches. Patches that Sun tells you to install *IF* you are having any kind of problem and want their support Patches that your application tells you to install. Also, always check with your application vendors to see if the patch level you want is supported by the application. Patches, very often, install a new kernel version on your system, installing patches 'just because' it would be like upgrading your OS just because a new version is out!

    The script 'getpatches' uses ksh, not Perl, fetches patches and any non-bundled security patches.

    It is generally best to leave 'old' patches on a computer and not remove them.

    Maintenance updates When you log in on your user account you are presented with a pretty obvious registration window. Configure dtmail, the mail user agent on your CDE desktop. Then fill out the registration form and e-mail it. Sun will respond with an e-mail message to you with the information you need. You will be given an opportunity to create an account at http://access1.sun.com/ with a user name and password. Once you have done that you can access the maintenance upgrades. If you are running the FCS version of Solaris (1/00) you will want to install MU-2 first, then MU-5. You should have the package SUNWdtdst installed on your system. That is the one which has /usr/dt/bin/dtmail in it. If is is not installed # pkginfo | grep SUNWdtdst then install it from Software CD 1 # pkgadd -d /cdrom/sol_8_701_ia/s2/Solaris_8/Product SUNWdtdst. When you run an upgrade from a "Update release" CD, you get not just the new patched packages but also any new packages containing new features.


    29. Paths

    The PATH

     Type 'set | grep PATH' in a Bourne shell or 'setenv | grep PATH' in a C shell, to view the current settings for the 'PATH and 'MANPATH'.

    The PATH variable can be set for either the (a) 'environment' or for the (b) 'internal shell'.

    (a) The 'environment' PATH setting is defined in '/etc/default/login' for users and '/etc/default/su' for root, where it is entered in the form 'PATH=/usr/bin:/usr/local/bin' and 'SUPATH=/usr/sbin/:/usr/bin/'.

    (b) Users of the Bourne shells can also add PATHs by adding the line 'setenv PATH $PATH:<new path> ; export PATH' to  to their '.profile' file. In the same way, they can alter temporarily the PATH environment in a shell, by typing the command 'setenv PATH ${PATH}:<new path>'. 
    Users of the C shells can also add PATHs by adding the line 'set path = $path <new path>' to their '.cshrc' file. In the same way, they can alter temporarily the PATH environment in a shell, by typing the command 'set path = $path <new path>'.

    Consider adding some or all of the following paths, if you need to access them directly:

    • /usr/xpg4/bin
    • /usr/bin
    • /usr/ccs/bin
    • /usr/dt/bin
    • /usr/openwin/bin
    • /opt/SUNWspro/bin
    • /opt/sfw/bin
    • /usr/dt/bin/Xsession/        for '/usr/dt/bin/Xsession/xinit' to start 'CDE' with the command 'xinit'
    • usr/openwin/bin        
    • /usr/perl5/bin
    • /usr/apache/bin
    • /usr/local/bin
    • /usr/j2se/bin

    It is a security risk for root to have the logged directory '.' in the path.

    If you want to find the path to a known program, use 'pkginfo' 'which <pkg>', 'whereis <pkg>' and 'find' to determine it.

    '/var/sadm/install/contents' contains a list of software added by ' pkgadd' to the local machine. Do not alter this file. Locally compiled copies of gcc and other software installed as packages may not be listed. Compilers and programs mounted via NFS from other machines will also not be listed there.

    The MANPATH

    The MANPATH shows where '/bin/man' can find the 'man' pages.  If no 'MANPATH' variable is set, 'man' will only search the default directory path '/usr/share/man' using the entries in '/usr/share/man/man.cf' for the default section search path. The nroff sources are located in the /usr/share/man/man* directories. The SGML sources are located in the /usr/share/man/sman* directories. 

    The MANPATH is set in two ways, for the Bourne and for the C shells.

    (a) For the default Bourne shell: Type 'echo $MANPATH' to see if this variable is set.  If no 'MANPATH' is set, 'man' will default to /usr/local/man. This may miss out man pages in unusual places. For example, if you add software from the Software Companion CD you should add '/opt/sfw/man' to your MANPATH and if you add software from www.sunfreeware.com you should add '/usr/local/man' to that MANPATH.  The MANPATH variable is most easily set for each user with an entry in each user's '.profile' file, including root's. To enable MANPATH to show all the current man pages, first find the path to all man pages: Type in a shell: 'find / -type d -name man -print'. Edit out the directories you do not want for the MANPATH and run the paths into a single line, with each path separated with ':' without spaces. Edit the user's '.profile' and add to it the single line:

    MANPATH=$MANPATH:<add here the additional man paths you found> ; export MANPATH

    Typing 'echo $MANPATH' will then show the MANPATH, which will usually begin with : '/usr/dt/man:/usr/man:/usr/openwin/share/man'. 

    (b) For the C shell: The '.profile' file is not read when C shells are opened. For this reason, it is usual to add the MANPATH variable to a file called '.cshrc' in the user's directory. The entry there is of the form 'set MANPATH = /usr/dt/man:/usr/man'  The '.cshrc' file can also contain the path variable, with a line of the form 'setpath = (/usr/bin /usr/local/bin), although this is usually set in '/etc/default/login'.


    30. PCI cards

    Solaris 8 SPARC has OHCI support. There is a list of "ohci" (and "uhci") PCI cards. If an USB device is to be connected to the card, a driver for the card, and the USB device have to be installed. Sun sells a wide range of compatible PCI I/O cards. There is a number of third party PCI boards that are supported on Sun platform and they are often more affordable than Sun's own PCI cards. LSI, Antares, Znyx, etc to name a few. You can search Google for previous discussions about third-party PCI cards on the Solaris/SPARC platform. 


    31. Perl v 5

    Download perl5.003-6.2.tardist 5.99MB, and install it into /usr/freeware/bin/. Note that there is perl v 4 in /usr/sbin and that is the only Perl known to the 'default' system, so perl5 has to be started with '/usr/freeware/bin/perl'. Other files are in /usr/freeware/lib/perl5.


    32. Printers

    SUN has a simple guide on how to create and administer print servers and clients.  It  has a troubleshooting section, to locate exactly where a printing problem occurs and how to fix it.

    To install a new network printer, start '/usr/bin/admintool' and select 'networked printers'.  Setup a BSD-style remote printer. You will need the hostname assigned to the IP address for the printer and the name of the queue in the printer. Check other systems that are accessing the printer for this. 

    You can add a new printer directly using '/usr/sbin/lpadmin', see 'man lpadmin' and 'man printers.conf'. The options for 'lpadmin' depend on the kind of printer you have and whether the printer is connected to the parallel port, to another Unix machine on the network, or directly to the network.
    The command 'lpadmin -p printer-name -v /dev/null -m pulsenet -o dest=ip:port -o protocal=tcp' will create an entry for a printer called 'printer-name' in /etc/printers.conf and a remote printer spool.
    ->The {port} used for HP JetDirect printers is 9100.
    ->The {port} used for XEROX printers is 515.
    Then, 'accept' and 'enable' the printer with the commands '/usr/sbin/accept printer-queue' and '/usr/bin/enable printer-queue'.

    Is there a way to send print requests (from Solaris) to Linux box for printing? See "man printers.conf". lpadmin -p solaris-name -s linux-box\!linux-name Replace "solaris-name" with the name you want to use for the printer on the Solaris machine. Replace "linux-box" with the hostname or IP address of the Linux machine. Replace "linux-name" with the name that the Linux box uses for the printer. "Solaris-name" can be the same as "linux-name", or it can be different. It's your decision.


    33. Robots and Spiders

    If you have a web server, the "Standard for Robots Exclusion (SRE)" sets the rules by which robots and spiders view a web site. It is possible to put instructions in a file '/usr/local/netscape/docs/robots' to exclude robots and spiders. The presence of an empty file will prevent an error messages about robot.txt being logged in the web log. See the `Byte' magazine article about this.


    34. Root logins limited to local users

    I recommend that you prevent 'root' from logging in to your Blade 1000 from other computers. This is a security measure. You will still be able to login from other computers under other usernames, then invoke 'su' to work at 'Superuser', once connected. Edit '/etc/default/login' and unhash the line at the top that says 'CONSOLE=/dev/console'. For further details see 'man 1 login'. Now, users have to be at the computer's own keyboard to be able to login as 'root'.

    If are considering 'telnet' to the Blade 1000, then work as 'Superuser', I strongly recommend that you use 'ssh'. I have a guide on how to set up SSH on Microsoft Windows computers to be able to access Solaris securely.


    35. Security for the system and network

    SUN has advice on security and a 'Security Toolkit', also called the JumpStart Architecture and Security Scripts (JASS), which simplifies setting up a secure software environment.

    Descriptions of current or past software bugs and fixes in Solaris are available at Sunsolve, where there is important new security information and where patches can be downloaded with a list of the bugs that they fix. A support contract is needed to access the complete bugs' database. 

    Disable all unwanted scripts in /etc/rc2.d and /etc/rc3.d. (The normal run level is 3).

    Then, make a copy of /etc/inetd.conf and comment out all the 'unwanted' services in there. Some are:

    • discard - Discards everything you send to it.  Comment it out.
    • daytime - Gives you a time stamp.  Comment it out.
    • chargen - Sends you the same string of characters over and over again.  Comment it out.
    • telnet - Sends passwords in clear text. Network 'sniffer' programs can collect them. Comment it out. Use 'ssh' instead of 'telnet' and 'rsh'.
    • ftp - Sends passwords in clear text. Network 'sniffer' programs can collect them. Comment it out. Use 'sftp' instead. Note also that it is also better to use 'scp' than 'rcp'.

    Run 'kill HUP inetd' when you have finished editing inetd.conf.

    Install ssh  as a secure replacement for 'telnet'. I have a guide on how to set 'ssh' up under Solaris and on Microsoft Windows computers. SunFreeware has detailed advice and links to software to set up 'OpenSSH'  . Use zlib libraries v 1.1.4 or later, to overcome security bugs in earlier versions.

    Read the Security Blueprints

    Consider using 'aset'. For example, type '/usr/aset/aset -l high -n you@your.at.youremachine' will check security settings and if necessary improve them, see 'man aset'.

    Use bugtraq.

    Read about "packetstorm" on Google

    Check the Carnegie Mellon University Software Engineering Institute's 'CERT Coordination Centre' for information and advice on current security issues.

    snmpxdmi is a resource that is started by default. Hackers can use this vulnerability to install a commonly available "rootkit" that replaces 'ls' with a version that does not list files with "01" in them. If you do not want to use snmpxdmi, rename /etc/rc3.d/S77dmi s77dmi, after doing a /etc/rc3.d/S77dmi stop. 

    If one or more programs or files have been 'hacked', carry out a 'checksum' analysis of the programs by downloading, installing and running Sun's 'md5' program. Compare the hash data with Sun's 'fingerprint' database of original programs and files.

    Check CIAC Bulletins regularly for  Solaris current security issues. You can arrange for these to be emailed to you as soon as they are released. For example there is a CIAC Bulletin that many `setuid/setgid' programs did not set limits in memory so that local users could write to its memory and gain root privileges. I found out what these programs were with:

    find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -l {} \;

    You can alter the permissions on these programs, if you consider that they are likely to be misused by a user.

    Many people consider that 'su' logins should be limited to people working at the computer itself. Network logins as 'su' are a potential security hazard. To limit 'su' logins in this way, edit ‘/etc/default/login' and add the line ‘CONSOLE=/dev/console'.

    Consider using 'tripwire' v 1.3 which provides file integrity checks to monitor program and file alterations.

    Consider disabling unwanted ports to guard' the computer against deliberate attacks, see a guide for Solaris users. Consider using a program to search for these ports and any loopholes in your computer's configuration.

    Use /usr/openwin/bin/xlock to lock the console, when the user is away from the computer for a short time. Occasionally the power management packages can prevent the user from unlocking the console. To get round this, using the CDE Front Panel, click the little mouse/pallette/font icon and then click screen. It may be necessary to uninstall the power management packages.

    Consider installing a good quality commercial firewall such as SonicWALL 'DMZ', see Firewalls.

    If you think that a Solaris system has been hacked, there is often little that can be done, except to take the system down and reinstall it from scratch and reapply the backups. There are few ways to be sure that a system has been compromised. You can boot from the CD-ROM, manually bring up network services, then check the native file systems of the target machine for intrusion, but this is laborious and can fail to detect an intrusion. This is the strongest reason for keeping backups and for testing backup procedures before they have to be used, to ensure that they will work as planned. 

      'xhost' command to restrict access to your monitor

    It is possible for people at other computers that use X-Windows, to send the content of their windows to your computer. You would see the window that they were viewing. This can be a nuisance and it is easily prevented using the 'xhost' command. Type 'xhost -' to prevent other computers from sending their X-Windows to your computer. 'xhost +' will allow any host to send you their X-Windows. I recommend that you type 'xhost -' then run commands to allow specified hosts to send you their X-Windows. This is done using the command 'xhost +<computername>'. For example I want to be able to 'ssh' to 'ramindy.sghms.ac.uk' and see its X-Windows. I typed 'xhost +ramindy.sghms.ac.uk' to enable this. You can see what the settings are by typing 'xhost'. For further information see 'man xhost'. There is a mini-Howto on how to run remote X applications.


    36. Shells

    To find out what shell is running at login, type 'env | grep SHELL'. 

    Do not change root's login shell from the default Bourne shell (sh). If you do, unpredictable results can follow. You can use other shells without problems, once you have logged in as root and started 'sh'.

    The command "passwd -e" will allow the administrator to assign a new login shell to a user. Or, to make 'bash' the default for a user, root needs to edit the 7th field in that user's line in /etc/passwd to read: /bin/bash or root can use the Admintool to modify that user's account information. Select the option `other' for the user's default login shell and type in '/bin/bash' in the field. Make sure permissions are properly set on `/usr/bin/bash'. Additionally, `/etc/shells' will have to be created, before the user can telnet into the system from a remote host or use the system as an ftp server for a remote client.

    sh the Bourne shell (sh). Knowledge of a Bourne-type shell (which include sh and its superset, called ksh, bash and zsh) is often considered an important requirement for SUN systems administration. Most, if not all scripts shipped with the Solaris operating system are written in Bourne shell. Spending some time to learn the basics of the Bourne shell is worth every minute. Every UNIX system has the Bourne shell or a superset of it. It is predictable and more flexible than the C shell. If you want a script that has no hidden syntax errors, properly cleans up after itself, and gives you precise control over the elements of the script, and allows you to combine several parts into a large script, use the Bourne shell.

    bash (the Bourne again shell), ksh and zsh are the standard shells used under Solaris 8. Other, different shells are available, including the csh and tcsh shells: see below. 'bash' is the commonest shell on SUN systems is 'bash'. Start 'bash' at the command prompt with '/bin/bash' or /usr/local/bin/bash. The 'up-arrow' key is used to re-enter the previous line entry. If you are using another shell, return to 'bash' by typing 'sh'.

    'ksh' There is a 'ksh' tutorial

    'csh' This is the 'C' shell and has a derived shell: 'tcsh'.

    'tcsh'. Type 'tcsh' to start it. It is available for Solaris 8, in Software CD 2 and may not installed by default. The 'up-arrow' key is used to re-enter the previous line entry at the command prompt. You can also 'autocomplete' the name of a file or directory that is being entered at the command prompt, by pressing the 'Esc' key twice. 

    • If you want to see the usernam@host and directory, at the command prompt in tcsh and in the heading for the shell window, type
                  set prompt="%{\e]2\;%n@%m: %~ ^g\e]1\;%n@%m^g\r%}%U%B[%m]%b%u %S%~%s "
      (cut and paste the above line into the command prompt)
    • If you see ^H characters on screen when you hit the backspace key, put this in your .login file: stty erase ^H Or you can use tset: tset -e ^H and Man xmodmap: One of the more simple, yet convenient, uses of xmodmap is to set the keyboard's "rubout" key to generate an alternatekeysym. This frequently involves exchanging Backspace with Delete to be more comfortable to the user. If the ttyModes resource in xterm is set as well, all terminal emulator windows will use the same key for erasing characters: % xmodmap -e "keysym BackSpace = Delete" % echo "XTerm*ttyModes: erase ^?" | xrdb -merge

    37. Software, installing Solaris 8

    Note that Solaris 8 is the operating environment (OE), which includes the operating system (OS), which is called SunOS 5.8, the graphical user interface called CDE, and other standard software. The 'Solaris 8 Advanced Installation Guide' provides information on how to plan and implement an installation of Solaris 8. The 'Solaris 8 2/02 Update Collection' describes the latest distribution of the software (February 2002). It is available on both CDs and a DVD. Solaris is available on-line, free of charge. Solaris CDs can be copied using the command: 'dd if=/dev/<cdrom> of=image.iso';  transfer this 'image to a computer with a CD writer and create the CD using Nero or similar programs.

    When the Blade 1000 computer is booted for the first time, it will search the CD and then the network for an installation image of Solaris. If it cannot find this, it will default to an image that has been pre-installed on the hard drive. The installation procedure is easy, asking a few network and locale questions, and then completing the installation. The software bundle preinstalled on a Blade 1000 purchased from Sun is 'complete', so you do not get a chance to customize exactly what you want to install. Most of this is either freely available on the Net or is a demo, or 'light' version of a more capable package. Note that Sun provide a default partition of 6-GB, which is 86% used up by entire distribution with OEM support. While the default installation will probably suit most customers, many will reinstall Solaris from the media kit or download the latest binaries and build the machine exactly to their needs. The Solaris2 FAQ is always a good place to learn about configuring Solaris when it is first installed. There is also a useful SecurityFocus page, which talks about the default Solaris processes and security.

    To install Solaris, assuming you have a Sun keyboard attached, type 'Stop/A' or 'L1/A' together (that is, press the upper most top left key or the ley keypad, this should either be marked L1 or Stop, and, at the same time, press the A key). This should get you to the OBP which would either display 'ok' or '>'. If it displays '>' type 'n' for new command mode. When at the 'ok' prompt type 'boot cdrom -s'.  

    For details about 'admin' files, which define the ways that software is installed, type in  a shell 'man -s 4 admin'. See '/var/sadm/install/admin/default' and the 'pkgadd -a xxx' option. you will be able to install most of SMC packages with an admin file like this :

    mail=admin@rhugga.net
    instance=unique
    partial=quit
    runlevel=nocheck
    idepend=quit
    rdepend=quit
    space=quit
    setuid=nocheck
    conflict=overwrite
    action=nocheck
    basedir=default

    Solaris 9, which will be released in the second quarter of 2002, will be supported on Sun's hardware versions 'sun4m' (except Voyager) & 'sun4u' (all UltraSPARC's) and not earlier versions.


    38. Software , installing optional software

     Although the Sun Blade 1000 runs SunOS with a '64 bit kernel', 32-bit applications also run correctly under the operating system.

    A wide range of precompiled free software is available on the 'Software Companion CD', which is provided with new computers, and online at Sun Freeware, Solaris FreewarePatriotSoft and at the Danish site Solaris4you, which is also a rich source of information and resources. Start with the 'Software Companion CD'. Put it in the CD drive and software will start to enable you to select and install the software. Some of it is already installed, so check first.

    Most compiled software for Solaris is provided in the form of 'packages'. '/usr/sbin' contains the commands for working with 'packages': pkgadd, pkgask, pkgchk, pkgmv and pkgrm. Their 'man pages' have good descriptions of their uses. Type 'pkginfo -d' to list the full package names.

    'Packages' are installed using the 'pkgadd' command. The following example installs a package from a Solaris CD-ROM. You are prompted for the name of the package you want to install (-d refers to the device to use):

    /usr/sbin/pkgadd -d /cdrom/cdrom0/s0/Solaris_2.8

    If you want to Install packages in non-default directories, use 'pkgadd' with the -R option. You can modify the root directory for the installation using this option. e.g. 'pkgadd -d <directory or device where package is> -R <directory where the package should go> pkgname'. See 'man pkgadd' for details. Phil Brown's pkgreloc also works well and it is slightly nicer than the 'pkgadd -R /opt' option. 

    You can check the details of a file and the package it was installed from, using 'pkgchk'. For example, 'pkgchk -l -p /usr/lib/libC.so.5' will give details of the file '/usr/lib/libC.so.5' including the packages that reference it.

    Packages may sometimes install software in '/opt/sfw/bin', rather than '/usr/local/bin'. If there is insufficient space in /opt for the installer for the packages in the 'Companion CD' to work, the packages can be directly from the package directory on the CD '/cdrom/cdrom0/components/sparc/Packages'.

    Note that, after installing Solaris, or adding new software with ' man' pages,  it is necessary to run '/bin/catman -w' in a shell to create or update the 'windex' database with their locations. The 'windex' databases are used by whatis(1) and the man(1) -f and -k options to find programs.

    'Shareware' is rarely available for Unix-style systems, but 'freeware' is widely used. Most freeware for Linux will also be run under Solaris, and vice-versa.

    I have begun to make a list of the additional programs that I have installed on my SUN Blade 1000, with links to where I obtained them.


    39. SunPCi IIpro co-processor

    The 733MHz 'SunPCi IIpro Coprocessor Card' is Sun's preferred solution for the integration of Microsoft Windows into Solaris. It provides software emulation of 'Windows 2000 Professional' and 'XP'. A card with a 2.2-MHz processor is expected in third quarter 2002.


    40. Thermal management

    The fan noise in a Blade 1000 computer is quiet compared to many PCs, as long as the thermal management software is used to control the fan speed. The disks are quiet too. Without thermal management, the fans are kept at nearly full speed when they are noisy. Thermal management is a plugin for the 'picld' program (see 'man picld'). Make sure the 'picl' packages are installed and that 'picld' is running. It runs by default. Do not disable it or the computer can overheat and be damaged.


    41. Time and TimeZone

    Setting the time, using the 'date' command

    Simply use the ' date' command to set the correct time. However, if ' date -u' gives the correct UTC date and time but your displayed date is wrong, then something (possibly your timezone) is wrong. ' date -u' should always display the correct UTC (aka GMT) date and time. See SunSolve Infodoc 19164 for further details.
    ' date 1432' would set the time without upsetting the date. ' date 200109281432' would set time and date 2001 09 28 14:32, or ' rdate 216.34.144.7' should set the time and date synchronized to internet time.

    Maintaining the time, using xntpd

    'xntpd', which synchronizes the computer's time to other time servers,  is included in Solaris 8. It is explained in 'man xntpd'. The configuration file is '/etc/inet/ntp.conf', in which you will point the machine to ntp servers. Entries should be of the kind:

    server ntp-2.mcs.anl.gov
    server everest.cclabs.missouri.edu
    driftfile /etc/ntp.drift

    Restart the local 'xntpd' daemon, with the command: '/etc/init.d/xntpd stop ; /etc/init.d/xntpd start'. 

    TIMEZONE

    There is advice by Casper Dik on how to set up Solaris for any time zone. The timezone file knows how to handle Daylight Saving Time (DST). The TZ variable is defined in '/etc/default/init'. '/etc/TIMEZONE' is linked to '/etc/default/init'. 


    42. UFS file system

    To prevent file corruption in the event of a crash, turn on logging on all your UFS file systems. Edit '/etc/vfstab' and on each line where the file system is UFS, replace the '-' in the 7th column with 'logging' (without the quotation marks). Then reboot and your file systems are protected and 'fsck' on boot, will no longer be required. 

    Disk space Check available space on drives with the command 'df -k'. If most of a root drive is used, check where space can be made. Some processes create large files in '/var/adm'. Extra space can be obtained if large files in '/var/adm' are reduced to zero bytes with the command: 'cat /dev/null > /var/adm/[insert file name here]'. Do not delete the files because active processes may require them to be available.


    43. Users: adding new users

    (1) Either use '/usr/bin/admintool', the graphical administration tool, to add users etc.

    (2) Or, use 'useradd' at the command line, to add users. See man useradd, usermod, userdel, groupadd, groupdel, groupmod. Test with 'su', new entries after creating them. Here is an example of what to enter:

    useradd -c 'User's Real Name' -d /export/home/user_name -g staff -m -s /usr/bin/ksh user_name

    passwd user_name

    Note, that only the first eight characters in passwords are used to identify users. The rest are ignored.


    44. Web servers

    Apache

    Microsoft's 'FrontPage 98 Server Extensions'

    Apache web servers are supported by Microsoft's ‘FrontPage' server extensions, which allow the 'web' pages to be worked on and updated from a PC running 'FrontPage'.


    45. Windows managers, wallpaper, clock

    The commands to alter the display on a monitor on a SPARC computer depend on the device and graphics frame buffer which it is using. Type 'prtconf -F' to show the frame buffer device being used. If you have the Creator3D video card, it shows '/SUNW,ffb@1e,0:ffb0', so the video card is 'ffb'. In this case, type '/usr/sbin/ffbconfig -dev /dev/ffb0 -res 1280x1024x76 now' to alter the resolution to these settings.  With the M64 video, use the '/usr/sbin/m64config' command instead

    Windows managers

    • CDE (which includes the Motif graphical user interface and a range of applications) and OpenWindows (which is based on AT&T's 'Open Look') are both available to be selected by users when they log in. In 'CDE', if you want to make an application available in all the workspaces, select 'Occupy All Workspaces' in the top left menu in the application's title bar. However, OpenWindows Desktop is being phased out from Solaris and it is not included in Solaris 9 beta versions.
    • KDE There is information on how to obtain and install it.
    • GNOME v 1.4 is available from Sun. It is a simple install, although it can be slow.
    • There is a HOW TO: Add Non-CDE Window Managers to CDE's Dtlogin, including FVWM.
    • Others are afterstep, blackbox, and icewm, which all work well.
    • fvwm (as used in IRIX) can be installed 

    Wallpaper

    There are several ways to provide 'wallpaper'

    • If you have 'xv' installed (it is available from SUNFreeware), then use ' xv -root -quit -rmode 5 FILENAME.jpeg'. Note that if you have a background on CDE, you will not be able to see it. You will have to remove the background of the CDE to see the wallpaper. You can also use 'xv' with the random option, so the backdrop changes every hour using the 'at' command. An 'at' command produces the 'at job' file in '/var/spool/cron/atjobs', and you can copy the_at_job_file to some other directory with some other name, for example /home/backdrop. You have to copy it before at_job executed and disappeared. Then execute it every hour with cron. So crontab has the line '0 * * * * /home/backdrop'.
    • Information on how to setup wallpaper is at Rootshow
    • Look under Applications -> Image Viewer. Use this to suck in the image, then save it as XPM. Copy the XPM image into ${HOME}/.dt/backdrops and use the Style Manager to activate it.

    Clock

    If you do not want 'xclock' to show the title, see 'dtwmrc'.


    46.  XWindows

    The Solaris XServer is called 'Xsun' and runs as '/usr/openwin/bin/Xsun'. The OpenWindows & CDE desktops and the new Gnome manager will run on top of it. Other X servers can be used such as XFree86.

    VNCserver and VNCviewer perform quite nicely to share a window.  The viewers can even be on different OS platforms.  You could be working on a
    Sun console while the other viewer was on a Windows PC. It's free, runs on Unix, Windows, Mac. 

    To capture the image of an X window: In a blank part of the Openwin screen, right click and select Programs/Snapshot. This will let you capture the window, the region, or the screen. If a particular window is not selectable, then the whole screen will be captured. When you select 'region', you outline an area with the left button and middle click to 'take' the snapshot. It saves the image as {file}.rs - a Sun Rasterfile, which you can convert with 'xv' or any of a number other image manipulation utilities.

    Return to the 'home page'

    Return to the `Computing index page'

    Return to the 'Blade 1000 administration page'