OpenSolaris Howto (2)

1. How to share dirs between Linux/Solaris and Windows

Create the shared dir on the filesystem.
#mkdir /fs1
#chmod 777 /fs1
Edit the samba configuration file. For Solaris, it is /etc/sfw/smb.conf; for Linux, it is /etc/samb/smb.conf. To fully sharing, the configuration file looks like:

# Samba config file created using SWAT
# Date: 2002/08/30 11:08:09

# Global parameters
[global]
workgroup = PVL
netbios name = SERVER
server string = server
security = SHARE
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
printing = lprng

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[e$]
path = /fs1
read only = No
guest ok = Yes

More sharing dirs can be appended to the end of the file.

Then, start the samba daemon. For Solaris,

#svcs -a | grep samba

if the output is something like
legacy_run 13:10:57 lrc:/etc/rc3_d/S90samba
It means samba is not managed by svcs, use the following commands to manage it:
# /etc/init.d/samba stop
# /etc/init.d/samba start
# /etc/init.d/samba restart

Else, the output should like this:
online 19:24:42 svc:/network/samba:default
This means samba is controlled by svcs, use the following commands to manage it:
# /usr/sbin/svcadm restart samba
# /usr/sbin/svcadm enable samba
# /usr/sbin/svcadm disable samba

For RedHat Linux, use the commands of,
#services smb restart
#services smb start
#services smb stop

For SUSE Linux, use the commands of
#rcsmb start
#rcsmb stop
#rcsmb restart

2. I have installed the man, but I can use man. What happens?

Try:
man -M /usr/man useradd
man -M /usr/share/man useradd

..the "-M /directory" shouldn't be required but solving that is a bigger problem than I'm willing to go into here.

The real issue with man pages, by the way, is to install them up front when you install the whole operating system. You can add them later, but it can be tricky for a newbie. This is a great weakness in Solaris, the absence of a easy-to-use software package management toolset.

To add those man pages after the fact, with Solaris Nevada snv_66 you would need to do the following :

(1) Gain access to the required packages from the Solaris Nevada DVD install image by one of two ways :

1.1 ) insert the DVD into your DVD drive and it should be automatically mounted for you under /media or /cdrom or similar. You may need to issue the 'df -ak' command to see where it is mounted.

1.2 ) Use lofiadm to mount the DVD ISO file thus :

lofiadm -a /path_to_file/sol-nv-b66-x86-dvd.iso

this should respond with :

/dev/lofi/1

then you mount that thus :

mount -F hsfs -o ro /dev/lofi/1 /media/dvd_1

the DVD will be available at /media/dvd_1

(2) Take a look in the directory /media/dvd_1/Solaris_11/Product to see a whole boatload of software packages. You can install them from there. Use the pkgadd command like so :

pkgadd -d /media/dvd_1/Solaris_11/Product

You will get an awesome long list of software to install. Sorry about the ugly line wrapping here but it should look like so :

bash-3.2# pkgadd -d /media/dvd_1/Solaris_11/Product

The following packages are available:
1 BRCMbnx Broadcom NetXtreme II Gigabit
Ethernet Adapter Driver
(i386) 11.11,REV=2007.06.01.10.25
2 CADP160 Adaptec Ultra160 SCSI Host Adapter
Driver
(i386) 1.21,REV=2007.05.31.23.50
3 HPFC Agilent Fibre Channel HBA Driver
(i386) 1.1.0,REV=2007.05.29.23.08
4 IPLTadcon Administration Server Console
(i386) 5.1,REV=2002.03.01.12.28
5 IPLTadman Administration Server Documentation
(i386) 5.1,REV=2002.03.01.12.28
6 IPLTadmin Administration Server
(i386) 5.1,REV=2002.03.01.12.29
7 IPLTcadcon Administration Server Console
Simplified Chinese Localization
(i386) 9.0,REV=2002.03.14.13.49
8 IPLTcadman Administration Server
Documentation Simplified Chinese Localization
(i386) 9.0,REV=2002.03.21.16.48
9 IPLTcadmin Administration Server Simplified
Chinese Localization
(i386) 9.0,REV=2002.03.14.13.49
10 IPLTccons Console Client Base Simplified
Chinese Localization
(i386) 9.0,REV=2002.03.14.13.49

... 1809 more menu choices to follow;
<RETURN> for more choices, <CTRL-D> to stop display:


There are easier ways ... but for a newbie you may want to scrool through there until you see manpages for various things. The manpages are all over the place for various software packages or groups. Be damned if I know why they can't be better organized but we have manpages for this and that in various places. Sorry. That's the way it is at the moment.

Personally I suggest that you install just about anything that looks like this :

330 SUNWdtma CDE man pages
(i386) 1.7,REV=10.2007.04.25

There is probably half a dozen man page packages to install and you are 95% covered for most things.

3. Create a user account on OpenSolaris with useradd.

# useradd -c "User Person" -d /export/home/uperson -e "" -f 0 -g user -m -u 32000 -s /bin/bash uperson
64 blocks

#passwd uperson
New Password:
Re-enter new Pasword:
passwd: password successfully changed for uperson

-c “User Person”

This should be a real name here. With first name and last name just like how you expect normal people to have. Not Prince with some silly symbol.

-d /export/home/loginname

The defacto standard way to do things is to take the first letter of the persons first name and then seven letters of their last name and make a “login” name. Arguments break out all the time over this and people just seem to want user login names that are 32 characters long as well as mixed with spaces and special characters. If I may quote the Bard here “O, that way madness lies; let me shun that; No more of that.” Keep it simple!

-e ""

The user account expiry date after which thou shalt not login at all. This is where I do things my way and you may choose to be different if you wish. I give the useradd command a parameter here that is commonly called the “null string”. That means the account will never expire. If you look on your system ( with the ls command ) then you should see a file called /etc/datemsk. That file has a whole stack of fairly unreadable date format specifications which dictate how your system may interpret a date provided in some parameter to some command somewhere. Take note of the fact that the filename could have just been /etc/datetypes or /etc/datemask but no, this is UNIX, and things are often obfuscated or spelled wrong just 'cause. I don't know why and I often wax on for hours about this but don't get me started now. Suffice it to say that you can look in that file of date and time string formats and see gobblydy gook like “%m/%d/%y %H:%M:%S”. So feel free to come back and create accounts that expire in 30 secs from now if you choose just to play with this feature. Playing is learning and I think that you should give it a whirl. Try a date like "04/08/2007 15:55:54" which is right now for me but the past for you. Experiment. Have fun.

-f 0

This is another parameter that controls access to the account. This is the number of days that this account may be idle, unused, not accessed before the system declares the account invalid. Stick with positive integers and keep it simple. There is nothing wrong with a zero here because that just
means the account will never be written off simply because no one ever logs in anymore. For those of you that are pedantic I want to point out that this does not mean the same thing as idle time in which the user may actually be logged in and doing nothing. That is not what this means.

-g user

Remember when we created a thing called a “group”? Well this is one of those places where we use it. This user is a member of the group “user”. Not very fascinating but it does allow you to assign users to various groups and then you can grant access to resources based on groups and not just individual users. This account may be a member of multiple groups also. You may also use the group id number here in place of the character name. So that means we could have typed -g 16000 here to get the same result. Without getting really verbose here I want to point out that this group is considered to be the primary group for this account. You may have many other groups down the road but this is the primary one. Remember that.

-m

This seems to be a really silly thing to specify. It means that you want to actually make the home directory if it does not already exist. There may be some reason why you want to dump a pile of users that are all members of the same primary group into one place. If that directory for a given group already exists and the security is setup correctly for that primary group then hey, why specify the silly -m here? I don't need to make anything in that case. This makes little sense often times and I am probably missing something after using UNIX since the mid-80's. I do know that if you do not specify the -m here then you can not be assured that the users directory will be created. Go figure. Just specify the –m and then move along.

-u 32000

This is critical. This is what is called the users id number and you need to be sure that you do not create an account for a user all over the place on various servers with varying user id numbers. Stay consistent and if you know that the user has an account elsewhere then please try to use the
same user id number. In the case of a new server and a new user then just go incrementally upwards from the highest numbered user. You can achieve this result by simply dropping this parameter entirely and then the system will automagically create the next user id number for you. Word of warning here :
Never use user id numbers lower than 100.

Unless you are a guru and master of the realm then do not mess with low uid numbers.

-s /bin/bash

This is called the users “shell” and it determines how the user will deal with entering commands, issue jobs and control jobs, deal with prompts and generally it's about as personal and critical as breathing air. There are a number of different shells and some have been around since what seems like the dawn of time for UNIX. Like the C Shell which is selected as /bin/csh or /usr/bin/csh. I prefer the simple Bourne Shell which is /sbin/sh or possibly /bin/sh or even /usr/bin/sh. Seem confused? Good. That seems to be the point often times. Suffice it to say that the shell is important to the user and they can do nothing without it. Every user has their own preference and often times a pile of software written with that shell. These are called “shell scripts” and users like them to actually work as expected. Think of the users shell preference as their chosen country and language of origin. This is how they work and what they are accustomed to. Never draw the wrath of the users on yourself by swithing their shells around on them. Give them what they want. Please take a look in the file /etc/shells to see a list of all the supported options. There are a pile of them most likely.

I chose the Bash shell for this user only because its popular these days and for no other reason. It is a good place to start if you are wandering in from the Linux world.

uperson

This last parameter is not really a parameter at all. Good luck doing anything without it however. This is the actual login name that the user will use. It is a nice simple string and you should stick with the defacto standard that I mentioned above : eight characters with a first initial and then seven letters from the last name. Whatever makes the most sense. Keep it simple.

4. How to share a NFS filesystem between OpenSolaris and Linux

On the OpenSolaris side:

#share -F nfs -o ro /export/home

On the Linux side:
#mount –t nfs opensolaris_ip:/path_to_share /mnt

5．What’s New in Patching

Today Sun BIG ADMIN website posted an article by Lynne Thompson entitled "What's New in Patching "

See http://www.sun.com/bigadmin/sundocs/articles/patch-wn.jsp

".........Now, deferred-activation patching uses the loopback file system (lofs) to ensure the stability of the running system. When a patch is applied to the running system, the lofs preserves stability during the patching process. These large kernel patches have always required a reboot, but now the required reboot activates the changes made by the lofs."…

Hopefully I can get one of those who actually did the work to post a blog entry about it. Anyway, the executables and libraries which need to remain stable during the entire duration of the patching application and would be affected by the patch operation are copied into a temporary location, lofs is used to mount them up into the original location, and then we can patch the originals without adversely affecting the binaries in use. You must reboot at the end of such a patch application to get the system back into a consistent state.

Live Upgrade for patching is still recommended, since it's at least as safe and doesn't require quiescing the system to apply such patches, but this provides an alternative when that is not an option.

6．Out of disk space messages

I am running Solaris 10 and am getting 'out of disk space' messages from the kernel but a df -k sh
ow that only 90% is used and that around 4Gb is available.
I cannot write to this partition though! What could be the cause of this?

=======================================

If it's an UFS partition it could be one of two things:

out of inodes
overly fragmented filesystem

The system log messages likely hold a clue.

Symptom of the former:
- cannot create any new file
Symptom of the latter:
- can create file, but not write more than a few K to it.

You can run fsck on the filesystem in order to find out whether there are still whole blocks available and check the message for "out of inode" error ("df -F ufs -oi" will also inform about inodes)

=======================================

>I did a basic fsck but it did not report any errors.

It's not about errors; sorry I should have added "and then look at the summary line; it says something like Y blocks, X fragments; blocks may be 0.

>I also upped the file descriptors in an attempt to resolve the issue.

Won't help.

>As you mentioned I have the former situation where I cannot create a file which does sugest an inode issue.

Ah, yes.

>I only got to look at this system today (new job :-) ) I am wondering if there are two many files 4,100,000 for standard block size but have not done the math as yet. Oh and it is UFS.

It would not have happened on ZFS.

Anyway: please add for our benefit:

fsck summary output
output of df -F ufs -oi

7. /usr in none-global zone is read-only

I continue to install php,gmake 's problem is resolved. but when i implement gmake install, system warning that /usr is read-only system.can't copy file to there?! i try to chmod +w /usr,but /usr can't be modified.what can i do?
in global zone i install php successful.

(1) /usr is shared from the global zone and is supposed to be read-only. Can you install to /opt instead?
Pass --prefix=/opt to your configure script.

(2) There are two models for non-global zones, termed "sparse root" and "whole root."

In the sparse root model -- the default for zonecfg's "create" – the zone's configuration includes /lib, /platform, /sbin, and /usr as inherit-pkg-dir entries. This means that these four directories are mounted as read-only copies (lofs) of the global zone. As documented in the zonecfg(1M) man page:

inherit-pkg-dir

Directory inherited from the global zone. Software pack-
ages whose contents have been transferred into that
directory are inherited in read-only mode by the non-
global zone and the non-global zone's packaging database
is updated to reflect those packages. Such resources are
not modifiable or removable once a zone has been
installed with zoneadm.

In the whole root model -- "create -b" -- you get your own local, writable file systems in the non-global zone, but at the expense of copying everything over. It's much slower to create and manage zones like that.

An alternative is to make /usr/local writable inside the zone by adding an explicit lofs mount of read-write storage. In fact, in searching on google for this very issue, the Zones FAQ is the first hit, and it has this entry:
http://www.opensolaris.org/os/community/zones/faq/#cfg_io_usrlocal