Solaris Miscellaneous Notes

How do I get and install patches?
See Sun's "Patches & Updates" site, but it appears that you have to have a Support contract with Sun to get these.
To apply patches, one probably uses the patchadd command.
How do I see what software is installed?
Use the pkginfo command. As a matter of fact, check out all the pkg commands,
How do I see what's on the 5 CDs that I could install?
   cd /export/install/sparc_10_606/Solaris_10/Product
   ls | cut -c1-4 | uniq  -c | sort -nr
will tell you the count of package prefixes, namely
   1265 SUNW  (Normal Sun packages)
     27 IPLT  (LDAP Admin & Directory Server?)
     18 FJSV  (Fujitsu things)
      3 TSIp  (Raptor GFX) System Software/Device Driver)
      3 JSat  (Japanese things)
      2 SMEv  (Support for Netra AX platforms?)
You can contrast that list with what's installed on sol1,
   pkginfo | awk '{print $2}' | cut -c1-4 | uniq -c | sort -nr
telling you the count of installed packages
   1011 SUNW
      8 SMC      (these 8 are the curl, gcc, gcc, nmap, subversion,
      1 FJSV      top & wget packages I installed manually)
I didn't see anything interesting in the list of of uninstalled software. It was mostly international languages and source code. You can look here at this Sun page to see their descriptions of all the packages on Solaris 10 6/06.
Check out all the different file systems. From this decent Solaris reference:
First of all, let's get the tmpfs issue (/tmp, /var/run) out of the way. The tmpfs filesystem is a filesystem that takes memory from the virtual memory pool. What it lists as size of swap is the sum of the space currently taken by the filesystem and the available swap space unless the size is limited with the size=xxxx option.

In other words, the "size" of a tmpfs filesystem has nothing to do with the size of swap; at most with the available swap.

The second confusing issue is what "swap" really is. Solaris defines swap as the sum total of physical memory not otherwise used and physical swap. This is confusing to some who believe that swap is just the physical swap space.

The "swap -l" command will list the swap devices and files configured and how much of them is already in use.

The "swap -s" command will list the size of virtual swap. Physical swap added to the physical memory. On systems with plenty of memory, "swap -l" will typically show little or no swap space use but "swap -s" will show a lot of swap space used.

There are some perhaps-useful tools in /usr/proc/bin. See man proc for some details. There are others, but I didn't find them that interesting.
Where's lsof? Solaris didn't come with it. I had to download it from then I
   bunzip2 -d lsof_4.77.bz2
   chmod +x lsof_4.77
   mv lsof_4.77 /usr/bin/lsof

Actually, Solaris 10 doesn't come with a lot of stuff. Where's a C compiler? curl or wget? top? nmap? subversion?
There's lots of stuff in /usr/sfw/bin including gcc, wget, mozilla, mysql, snmpwalk, Rick. You'll also find whoami in /usr/ucb.

I had to go to

   cd /pub/freeware/sparc/10
and like a child in a candy store, grab all kinds of goodies. I got (I should have probably gotten lsof from here as well, but Sun didn't have the latest. But see below.)

See this page for the list of what's on that FTP server and caveats for each.

Then for each,

   gzip -d  libgcc-3.4.6-sol10-sparc-local.gz
   pkgtrans libgcc-3.4.6-sol10-sparc-local    /var/spool/pkg
   pkgadd SMClgcc346

A further note on lsof. I had gotten lsof 4.77 from, but that had a problem displaying the proper port numbers on open, being-listened-to sockets. E.G.
   lsof -i |grep sendmail
   sendmail 8164 root 5u IPv4 0x3000040f500 0t0 TCP *:65535 (LISTEN)
   sendmail 8164 root 6u IPv6 0x300004100c0 0t0 TCP [0:300:40:f500::]:* (LISTEN)
   sendmail 8164 root 7u IPv4 0x30000410740 0t0 TCP *:65535 (LISTEN)
Note the 65535 for the port numbers instead of smtp (port 25). I tried the version Sun had on its ftp, 4.76, but that did the same thing.

I tried recompiling the 4.77 from its source, but had compile problems.

   tar xf lsof_4.77.tar
   cd lsof_4.77
   tar xf lsof_4.77_src.tar
   cd lsof_4.77_src
   ./Configure solaris
   (cd lib; make DEBUG="-O" CFGF="-Dsolaris=100000 -DHASPR_GWINDOWS ... )
   gcc  -Dsolaris=100000  -DHASPR_GWINDOWS ...  -O  -c  ckkv.c
   In file included from /usr/include/sys/vnode.h:47,
                    from /usr/include/sys/stream.h:22,
                    from /usr/include/netinet/in.h:66,
                    from ../machine.h:80,
                    from ckkv.c:33:
   /usr/include/sys/kstat.h:434: error: syntax error before "caddr32_t"
   /usr/include/sys/kstat.h:463: error: syntax error before '}' token
   /usr/include/sys/kstat.h:464: error: syntax error before '}' token
   /usr/include/sys/kstat.h:771: error: syntax error before '*' token
   /usr/include/sys/kstat.h:775: error: syntax error before '*' token

I found this web page which pointed to this still-open Solaris bug, which said

When attempting to compile lsof, the kstat header bailed out in 64 bit mode with "syntax error near caddr32_t". Turns out that kstat.h really needs sys/types32.h

As a work around, they said to add this line

to their machine.h file (in the ~/lsof_4.77/lsof_4.77_src directory). This fixed things just fine.
What is a "door" file? For example,
ls -l /var/run/name_service_door
Dr--r--r--   1 root     root           0 Oct 25 23:20 /var/run/name_service_door
According to 2002 "Survey of Process Environments",
A door descriptor is only found on Solaris machines. This is another interprocess communication mechanism that programs may use. Its use is similar to Remote Procedure Calls (RPS). One process, the server, makes a function available to client programs. It takes arguments and returns a status back to the client program. It has been documented as the fastest way to perform IPC between unrelated programs. The form of IPC only works within a machine and not across a network.

Similarly, a "p" is a FIFO or "named pipe" special file, but what is a "P" file?
According to "man ls", it's "an event port", whatever that is.
According to this "Solaris 10 OS Adoption Kit" -> "What's new?" -> "Features",
Event ports is an event completion framework that provides a scalable way for multiple threads or processes to wait for multiple pending asynchronous events from multiple objects.
So, are there any real examples of an "event port"? Only one that I could find, belonging to the svc.startd process.
   # find /proc/[1-9]*/fd ! -type f ! -type s ! -type c ! -type D ! -type d ! -type l ! -type p -ls
   0    0 ?---------   2 root     root            0 Oct 25 23:20 /proc/7/fd/5
Interesting that find doesn't show the "P". It has a question mark instead. The ls command shows it properly.
   # ls -l /proc/7/fd/5
   P---------   2 root     root           0 Oct 25 23:20 /proc/7/fd/5
So what is process 7?
   # ps -ef|grep ' 7 ' |grep svc
   root     7     1   0 23:19:59 ?           0:07 /lib/svc/bin/svc.startd

By the way, there are two pipe files in /etc,
   ls -l /etc/*pipe
   prw-------   1 root     root           0 Oct 31 14:37 /etc/initpipe
   prw-------   1 root     root           0 Nov  1 15:52 /etc/utmppipe
that get in the way of otherwise routine grep commands, e.g.
  grep foo /etc/*
   find /etc -type f -exec grep foo {} 2>/dev/null \; -ls
Both of the above commands will hang when grep gets to either of those /etc/*pipe files. There's this Solaris bug opened for this.
One solution is to use find,
find /etc -type f -exec grep foo {} \; ...
but then that goes down subdirectories and you may not want that.
Another workaround to
for i in *;do if [[ ! -p $i ]];then grep foo $i;fi;done

To patch the kernel (this was an interview question), you update the /etc/system file.
For example, to increase the number of file descriptors per process, add the following lines to /etc/system:
   * set hard limit on file descriptors
   set rlim_fd_max = 4096
   * set soft limit on file descriptors
   set rlim_fd_cur = 1024
See this list of possible tunable kernel parameters for Solaris 10.
How do I boot single user from CD?
In order to recover from some problems, you will need to boot single user from CDrom. On SPARC systems with Openboot PROMs, this is done by typing
   boot cdrom -s
at the ok prompt.
You can boot an interactive installation and escape to a shell window. This method has the advantage of usually mounting your filesystems under /a.
How do you start & stop daemons? Ala, AIX's startsrc/stopsrc/restart and Linux's service/chkconfig?

First some definitions:

Some common tasks,
The Apache web server comes disabled by default, but the webadmin userid & group (cutely, both uid & gid = 80) are there. To get it started up, I had to
Solaris uses special characters in file names that need to be escaped in a shell command. For example, the at-sign (@) and colon (:)
   ls -ld /devices/pci\@1f\,4000 /var/mail/\:saved
   drwxr-xr-x   6 root   sys    512 Oct 21 13:55 /devices/pci@1f,4000
   drwxrwxr-x   2 root   mail   512 Oct 21 01:17 /var/mail/:saved

To see your hardware configuration, use
   prtvtoc /dev/dsk/c0t0d0s2

To get tricky and echo out some words in bold,
   bold=`tput smso` 
   offbold=`tput rmso` 
   echo "You must be the \"${bold}root${offbold}\" user to run this script." 

From this web page
To install a patch, installpatch .
To check to see if a patch has been installed showrev –p |grep package name
To make use of the second disk drive on sol1, one needs to
  1. Format it.
  2. Make a file system on it.
  3. Create the mount point.
  4. Add a line to /etc/vfstab.
  5. Mount it.

To format it, use the format command;

   Searching for disks...done

   c0t1d0: configured with capacity of 16.86GB

          0. c0t0d0 
          1. c0t1d0 
   Specify disk (enter its number): 1
   selecting c0t1d0
   [disk formatted]
   Disk not labeled.  Label it now? y

           disk       - select a disk
           type       - select (define) a disk type
           partition  - select (define) a partition table
           current    - describe the current disk
           format     - format and analyze the disk
           repair     - repair a defective sector
           label      - write label to the disk
           analyze    - surface analysis
           defect     - defect list management
           backup     - search for backup labels
           verify     - read and display labels
           save       - save new disk/partition definitions
           inquiry    - show vendor, product and revision
           volname    - set 8-character volume name
           !     - execute , then return
   format> volname
   Enter 8-character volume name (remember quotes)[""]:"2ndDrive"
   Ready to label disk, continue? yes

   format> inquiry
   Vendor:   SEAGATE
   Product:  ST318203LSUN18G
   Revision: 034A

   format> verify

   Primary label contents:

   Volume name = <2ndDrive>
   ascii name  = 
   pcyl        = 7508
   ncyl        = 7506
   acyl        =    2
   nhead       =   19
   nsect       =  248
   Part      Tag    Flag     Cylinders        Size            Blocks
     0       root    wm     223 - 3531        7.43GB    (3309/0/0) 15592008
     1       swap    wu       0 -  222      513.07MB    (223/0/0)   1050776
     2     backup    wm       0 - 7505       16.86GB    (7506/0/0) 35368272
     3 unassigned    wm       0               0         (0/0/0)           0
     4 unassigned    wm       0               0         (0/0/0)           0
     5 unassigned    wm       0               0         (0/0/0)           0
     6 unassigned    wm       0               0         (0/0/0)           0
     7       home    wm    3532 - 7505        8.93GB    (3974/0/0) 18725488

   format> quit
This partitioning it did was all wrong. I could use the backup partition to create my file system, but I thought it better to clean up those extra, unneeded partitions (root, swap, backup, and home), and consolidate everything into one partition. So with a little more format work, I got the partition table to be
   format> verify

   Primary label contents:

   Volume name = <2ndDrive>
   ascii name  = 
   pcyl        = 7508
   ncyl        = 7506
   acyl        =    2
   nhead       =   19
   nsect       =  248
   Part      Tag    Flag   Cylinders     Size            Blocks
     0        usr    wm     0 - 7505    16.86GB    (7506/0/0) 35368272
     1 unassigned    wm     0            0         (0/0/0)           0
     2     backup    wm     0 - 7505    16.86GB    (7506/0/0) 35368272
     3 unassigned    wm     0            0         (0/0/0)           0
     4 unassigned    wm     0            0         (0/0/0)           0
     5 unassigned    wm     0            0         (0/0/0)           0
     6 unassigned    wm     0            0         (0/0/0)           0
     7 unassigned    wm     0            0         (0/0/0)           0
As far as that "Partition ID Tag" goes, the possibilities include unassigned, boot, root, swap, usr, backup, stand, var, home, alternates, and reserved. According to this web page,
It doesn't actually matter (though I'd stay away from "swap" unless it really is a swap partition, and stay away from "stand", "boot", "alternates" and "reserved" altogether).
So I made it usr.

Create the new file system over that new slice.

   newfs /dev/rdsk/c0t1d0s0

Create the mount point,

   mkdir /extra

Add this line to /etc/vfstab.

   /dev/dsk/c0t1d0s0       /dev/rdsk/c0t1d0s0      /extra  ufs     2       yes     -

Mount the new file system.

   mount /extra

A note regarding that device name syntax. c0t1d0s0 stands for controller 0, target id 1, disk group 0 and slice 0.

To get Solaris to be more verbose during its boot process, before booting, intercept (by providing a key) the boot process, and at the "ok" prompt, enter
   ok boot -m verbose

What's the expected normal user creation process as far as home directories go and initial files (eg, .bashrc)? One can use the smc (Solaris Management Console) tool to add userids, administer systems, networks, disks, RAID drives,etc. When adding userids, it starts at userid 100 and hints you to put their home directories under /export/home. But even following their lead, the home directory was indeed mkdir'd on /export/home/mel, but the home directory inside /etc/passwd was /home/mel. What they did was also add this line
   mel sol1:/export/home/mel
to the bottom of the /etc/auto_home file and recycled the autofs (automount) daemon. I guess the idea is to have all home directories NFS-mounted on demand from some NFS server, starting at /home and managed by the automounter. If the directory is local to this system when you create the id, the smc tool does the mkdir /export/home/mel for you. If the real home directory is on some other NFS server, it doesn't. Either way, the proper line is added to /etc/auto_home.

To get other systems to share the id once it's created on the NFS server,

  1. Add the /etc/passwd line,
  2. Add the /etc/group line if necessary (usually it's not),
  3. Add the /etc/shadow line,
  4. Add the /etc/auto_home line.
  5. Refresh the autofs daemon via svcadm refresh autofs

To break into a Solaris system (this according to this web page),
  1. boot cdrom -s
  2. mkdir /tmp/a
  3. mount /dev/c0t0d0s0 /tmp/a
  4. vi /tmp/a/etc/shadow

You can use dd to create a sparse file (IMO, useful in answering job interview questions only). As you can see, this created a 2GB file that, according to df -k, only occupies 24 blocks on my Solaris 10 system.
   df -k .
   Filesystem            kbytes    used   avail capacity  Mounted on
   /dev/dsk/c0t0d0s0    7677689 6490144 1110769    86%    /

   echo foo | dd of=raj obs=100000000 oseek=20

   ls -l raj
   -rw-r--r--   1 root     root     2000000004 Nov  6 13:03 raj

   df -k .
   Filesystem            kbytes    used   avail capacity  Mounted on
   /dev/dsk/c0t0d0s0    7677689 6490168 1110745    86%    /

But when you move it to another file system or copy it anywhere, even to the same file system, it gets expanded and looses its sparseness. You can use the GNU tar command, which has the –S or –sparse option to preserve sparseness (only linux has the -S or --sparse option in their default tar command).

Here's a list of all the Sun Solaris releases.
O.S. LevelReleases
Solaris 10 10, 10 01/06, 10 06/06
Solaris 99, 9 05/02, 9 09/02, 9 12/02, 9 04/03, 9 08/03, 9 12/03
Solaris 88, 8 06/00, 8 10/00, 8 01/01, 8 04/01, 8 07/01, 8 10/01, 8 02/02, 8 12/02, 8 03/03, 07/03
Solaris 77, 7 03/99, 7 05/99, 7 08/99, 7 11/99
Solaris 2.62.6 03/98, 2.6 05/98
Solaris 11/97

LDAP on Solaris 10

See the online Solaris 10 System Administration documentation from Sun, especially the "DNS, NIS, and LDAP" section.

This "QuickStart to Solaris 10 LDAP Authentication" page gives a short rundown of what's required. He has you

  1. Update /etc/pam.conf.
    1. cp -p /etc/pam.conf /etc/pam.conf.orig
    2. vi /etc/pam.conf
      Add these 6 lines where appropriate
      • login auth sufficient
      • rlogin auth sufficient
      • other auth sufficient
      • passwd auth sufficient
      • other account sufficient
      • other session sufficient
    3. Update /etc/nsswitch.conf
      1. cp -p /etc/nsswitch.conf /etc/nsswitch.conf.orig
      2. cp -p /etc/nsswitch.ldap /etc/nsswitch.conf
      3. vi /etc/nsswitch.conf
        and remove all the "[NOTFOUND=return]" from 9 lines
      4. Add "dns" to the "hosts: ldap files" line.
    4. Verify the LDAP client (ldapcachemgr) is down.
         svcs ldap/client
      should report that svc:/network/ldap/client:default is disabled.
    5. Enable the LDAP client (ldapcachemgr) for SMF.
         svcadm enable svc:/network/ldap/client:default 
      *Note: Enabling the ldapclient service only prepares it for SMF management. The ldapcachmgr service will only begin running after the client is initialized.
    6. Initialize the LDAP Client.
         ldapclient -v init -a ldap
      The first time I did this, I got
         Arguments parsed:
                 defaultServerList: ldap
         Handling init option
         About to configure machine by downloading a profile
         No profile specified. Using "default"
         findBaseDN: begins
         findBaseDN: ldap not running
         findBaseDN: calling __ns_ldap_default_config()
         found 1 namingcontexts
         findBaseDN: __ns_ldap_list(NULL, "(&(objectclass=nisDomainObject)("
         rootDN[0] dc=jasperfamily,dc=org
         found_cxt = -1
         findBaseDN: Err exit
         Failed to find defaultSearchBase for domain
      It's apparently looking for something in my LDAP schema with objectclass=nisDomainObject. Either that or it wants a profile.

      Googling the above error led me to how to use ldapclient genprofile to create a profile in LDIF format that can be loaded into the LDAP server.

         ldapclient genprofile -a profileName=default \
             -a authenticationMethod=none \
             -a defaultSearchBase=dc=jasperfamily,dc=org \
             -a \
             -a "" > default.profile.ldif
      gave me this default.profile.ldif file
         dn: cn=default,ou=profile,dc=jasperfamily,dc=org
         ObjectClass: top
         ObjectClass: DUAConfigProfile
         defaultSearchBase: dc=jasperfamily,dc=org
         authenticationMethod: none
         cn: default
      and to add it to my LDAP database,
         ldapadd -h ldap -v -D "cn=Manager,dc=jasperfamily,dc=org" -w secret -f default.profile.ldif

      On the other hand, there's this version of the ldapclient command

         ldapclient manual -a authenticationMethod=none \
                           -a defaultSearchBase=dc=jasperfamily,dc=org \
      but that didn't work either.
    7. Verify the LDAP Client is running.
         svcs ldap/client
      should say the ldap/client is online.

    This page was last updated: Wednesday, 08-Nov-2006 09:49:10 Pacific Standard Time