This article gathers a few notes concerning every day's administration of Solaris 10 or OpenSolaris. It does not tackle hardware issues nor partitions/boot loaders as those have separate pages.
System administration
SMF
Enable/disable services
Since Solaris 10, the old (but nice ?) start/stop script in rc?.d have been replaced by SMF, the Service Management Facility.
| svcs | |
|---|---|
| svcs -x | lists services encountering problems |
| svcs -a | lists all services including disabled ones |
| svcs -l <service> | provides information concerning a specific service |
| svcadm | |
| svcadm enable <service> | to enable a service. e.g svcadm enable svc:/network/samba:default |
| svcadm disable <service> | to disable a service. |
| svcadm -t enable <service> | temporary enabling/disabling a service (won't persist over reboot) |
| svcprop |
OpenSolaris uses the SMF too. It (unfortunately ?) ships with many services and will probably need some tuning if your host is a bit slow. A nice reading on that behalf: Solaris 10 Benchmark v4.0.
Useful services
| Name | Service Name | Comments |
|---|---|---|
| Apache | Solaris: apache2, OpenSolaris: svc:/network/http:apache22 | Enable to set up your own web server |
| CDE | svc:/application/graphical-login/cde-login:default | Disabled on Solaris: I use gdm. Does not exist on OpenSolaris |
| DHCP | dhcpagent | disabled: I use static address |
| Fiber Channel | svc:/system/device/fc-fabric:default | Keep enabled or the system won't reboot |
| GDM | Solaris: svc:/application/gdm2-login:default, OpenSolaris: svc:/application/graphical-login/gdm:default | enabled |
| GSS API | gss:default | Disable. The GSS API is a security abstraction layer that is designed to make it easier for developers to integrate with different authentication schemes. It is most commonly used in applications for sites that use Kerberos for network authentication, though it can also allow applications to interoperate with other authentication schemes (quoted from Solaris 10 Benchmark v4.0). |
| IPFilter's service | ipmon | Enabled. used for zones |
| IPv6 neighbour discovery daemon | svc:/network/routing/ndp:default | Disabled. I don't use IPv6 at home ! |
| Kerberos | svc:/network/security/ktkt_warn:default | “While Kerberos can be a security enhancement, if the local site is not currently using Kerberos then there is no need to enable this service” (according to here) |
| metainit | svc:/system/metainit:default | disable. SVM initialization |
| metasync | svc:/system/metasync:default | disable. SVM initialization |
| Multicast DNS and DNS Service Discovery | multicast:default | disable |
| N Port ID Virtualization | svc:/network/npiv_config:default | Do not disable or the syste, won't reboot. N_Port_ID Virtualization (NPIV) is a method for virtualizing a FibreChannel Port. With NPIV, one physical FibreChannel port can obtain many N_Port_IDs. |
| PPD Cache Update | svc:/application/print/ppd-cache-update:default | disable |
| Rlogin | network/login:rlogin | enable this for rlogin |
| Samba | Solaris: svc:/network/samba:default, OpenSolaris: svc:/network/smb/client:default | enabled. On OpenSolaris, the Samba client is necessary for smbfs. |
| Sendmail | svc:/network/smtp:sendmail | I don't need it. To remove sendmail packages, pkgrm SUNWsndmu and SUNWsndmr. Beware sendmail is required by fetchmail |
| Time Slider | svc:/application/time-slider:default | For ZFS Snapshots |
| VNC Configuration | svc:/system/xvm/vnc-config:default | disable |
List of online services
Currently, the list of online services on my OpenSolaris host are:
STATE STIME FMRI legacy_run 20:36:20 lrc:/etc/rcS_d/S50yukonx legacy_run 20:36:59 lrc:/etc/rc2_d/S20sysetup legacy_run 20:36:59 lrc:/etc/rc2_d/S47pppd legacy_run 20:36:59 lrc:/etc/rc2_d/S72autoinstall legacy_run 20:36:59 lrc:/etc/rc2_d/S73cachefs_daemon legacy_run 20:37:00 lrc:/etc/rc2_d/S81dodatadm_udaplt legacy_run 20:37:00 lrc:/etc/rc2_d/S89PRESERVE legacy_run 20:37:00 lrc:/etc/rc2_d/S98deallocate disabled 20:36:57 svc:/system/xvm/ipagent:default online 20:36:04 svc:/system/svc/restarter:default online 20:36:05 svc:/network/loopback:default online 20:36:05 svc:/network/datalink-management:default online 20:36:06 svc:/system/filesystem/root:default online 20:36:06 svc:/network/physical:nwam online 20:36:07 svc:/system/scheduler:default online 20:36:07 svc:/system/boot-archive:default online 20:36:07 svc:/system/identity:node online 20:36:14 svc:/system/filesystem/usr:default online 20:36:14 svc:/system/device/local:default online 20:36:14 svc:/system/filesystem/minimal:default online 20:36:15 svc:/system/identity:domain online 20:36:15 svc:/system/hostid:default online 20:36:15 svc:/system/name-service-cache:default online 20:36:15 svc:/system/rmtmpfiles:default online 20:36:15 svc:/system/resource-mgmt:default online 20:36:15 svc:/system/cryptosvc:default online 20:36:15 svc:/network/ipfilter:default online 20:36:15 svc:/milestone/network:default online 20:36:15 svc:/system/sysevent:default online 20:36:16 svc:/system/power:default online 20:36:16 svc:/system/picl:default online 20:36:16 svc:/network/npiv_config:default online 20:36:16 svc:/system/device/fc-fabric:default online 20:36:16 svc:/milestone/devices:default online 20:36:17 svc:/system/manifest-import:default online 20:36:17 svc:/system/coreadm:default online 20:36:17 svc:/network/initial:default online 20:36:18 svc:/network/service:default online 20:36:18 svc:/network/dns/client:default online 20:36:18 svc:/milestone/name-services:default online 20:36:19 svc:/network/smb/client:default online 20:36:20 svc:/system/keymap:default online 20:36:20 svc:/milestone/single-user:default online 20:36:24 svc:/network/routing-setup:default online 20:36:24 svc:/network/routing/ndp:default online 20:36:55 svc:/system/filesystem/local:default online 20:36:56 svc:/system/sysidtool:net online 20:36:56 svc:/network/shares/group:default online 20:36:56 svc:/system/boot-archive-update:default online 20:36:56 svc:/system/cron:default online 20:36:56 svc:/network/shares/group:zfs online 20:36:56 svc:/network/rpc/bind:default online 20:36:56 svc:/application/stosreg:default online 20:36:56 svc:/system/sysidtool:system online 20:36:56 svc:/milestone/sysconfig:default online 20:36:56 svc:/system/sac:default online 20:36:57 svc:/system/dbus:default online 20:36:57 svc:/system/utmp:default online 20:36:57 svc:/system/filesystem/autofs:default online 20:36:57 svc:/network/inetd:default online 20:36:57 svc:/system/console-login:default online 20:36:57 svc:/system/filesystem/zfssnap-roleadd:default online 20:36:57 svc:/system/dumpadm:default online 20:36:57 svc:/application/desktop-cache/mime-types-cache:default online 20:36:58 svc:/application/desktop-cache/gconf-cache:default online 20:36:58 svc:/system/postrun:default online 20:36:58 svc:/application/desktop-cache/input-method-cache:default online 20:36:58 svc:/application/desktop-cache/pixbuf-loaders-installer:default online 20:36:58 svc:/application/opengl/ogl-select:default online 20:36:58 svc:/network/rpc/smserver:default online 20:36:58 svc:/network/login:rlogin online 20:36:58 svc:/application/pkg/update:default online 20:36:59 svc:/system/system-log:default online 20:36:59 svc:/network/ssh:default online 20:37:00 svc:/application/desktop-cache/desktop-mime-cache:default online 20:37:00 svc:/milestone/multi-user:default online 20:37:01 svc:/system/intrd:default online 20:37:01 svc:/system/fmd:default online 20:37:01 svc:/milestone/multi-user-server:default online 20:37:03 svc:/system/zones:default online 20:37:03 svc:/application/font/fc-cache:default online 20:37:10 svc:/application/desktop-cache/icon-cache:default online 20:37:12 svc:/system/filesystem/zfs/auto-snapshot:daily online 20:37:13 svc:/system/filesystem/zfs/auto-snapshot:monthly online 20:37:13 svc:/application/graphical-login/gdm:default online 20:37:13 svc:/network/http:apache22 online 20:37:13 svc:/system/filesystem/zfs/auto-snapshot:weekly online 20:37:19 svc:/system/hal:default online 20:37:19 svc:/system/filesystem/rmvolmgr:default online 20:37:28 svc:/system/filesystem/zfs/auto-snapshot:frequent online 20:37:28 svc:/system/filesystem/zfs/auto-snapshot:hourly online 20:37:28 svc:/application/time-slider:default
GUI
The host can be graphically administered using:
- SMC (Solaris Management Console): user management, hosts editing, cron batches, SMF. Launch /usr/sadm/bin/smc. On Solaris only (not OpenSolaris).
- Webmin: web-based administration. Pretty good.
- Visual Panels: this is an additional piece of software. I'm not a fan, but it's there if you want it.
How to add a new user
To add a new user,
- use the graphical Solaris Management Console (smc&)
- or manually:
- make sure the home dir exists and is readable by the group,
- then type:
useradd -d <homedir> -g <group> -s /usr/bin/bash <username>
Authentication
Log failed logins
Set SYSLOG_FAILED_LOGINS in /etc/default/login
Password policy
The password policy is configured in /etc/default/passwd. The default settings are reasonable. Several parameters are commented out, but they have a default value. On the contrary, an unsecure setting could be as follows:
MAXWEEKS= MINWEEKS= PASSLENGTH=4 HISTORY=0 MINDIFF=0 MINDIGIT=0
See more information here.
Automatic login
On Solaris 10, to have the host automatically log in as a given user:
# gdmsetup & --> set up for user you wish to log in # vi /etc/X11/gdm/gdm.conf ... SystemMenu=true # /etc/init.d/dtlogin stop # /usr/dt/bin/dtconfig -d # svcadm enable gdm2-login
Now, automatic login is a bit disappointing, because you still have to provide user's password… 
On OpenSolaris 2008.11, no such issue ! Use gdmsetup and it works.
System Path
The default path for Solaris 10 should be set in /etc/default/login:
PATH=/usr/sfw/bin:/opt/csw/bin:/usr/sbin:/sbin:/usr/bin:/usr/openwin/bin SUPATH=/usr/sbin:/usr/bin
PATH is the default path for users.
SUPATH is the default path for root when running su.
Both paths are overriden by user's .profile, .login, .cshrc or .bashrc. So, check those files out too.
System Locale
The configuration of locales is stored in /etc/default/init. To add a new locale, use localeadm
For compilation messages in English:
export LC_MESSAGES=en_US
System Date
To set/correct time, do:
date 1334.00
to set clock to 13:34.00
Networking
- To add a new computer, use the Solaris Management Console, Computers & Network, Computers, then selection Action / Add Computer. This basically adds an entry to /etc/hosts.
- Check out files /etc/hostname, /etc/hostname.<SOMETHING> (hme0, yukonx…), /etc/nodename, /etc/inet/hosts, /etc/inet/ipnodes.
- List possible interfaces: ifconfig -a plumb, then ifconfig
- List routes: routeadm
- GUI: network-admin
Static IP address
Specifying a static IP address consists in:
- ethernet interface: an ether interface must exist and be named. I use the default name for mine: yukonx0
- make sure the networking service is enabled: either physical:default or physical:nwam. The former is the most 'basic' networking service. The latter is a networking daemon that automatically configures your host. It's worth a try: on my OpenSolaris host, it worked straight out of the box and I consequently did not have to configure networking manually. On Solaris u5, however, I add to do it manually.
- configure a few files (with nwam, most of these steps should be automatically done):
- /etc/hostname.<INTERFACE NAME>: specify your host's name:cify your host's name:
$ more /etc/hostname.yukonx0 boureautic
- /etc/hosts: set the loopback address and your static IP address:
$ cat /etc/hosts # # Internet host table # #::1 localhost loghost boureautic 127.0.0.1 localhost loghost 192.168.0.2 boureautic
- /etc/resolv.conf: set the appropriate DNS servers (those are the ones used by Free):
nameserver 212.27.40.240 nameserver 212.27.40.241
- /etc/nsswitch.conf: make sure the line hosts sets “files” before “dns”.
hosts: files dns
- for physical:default, set the default gateway: route add default 192.168.0.254. And then, automatically add the route at each reboot writing a script /etc/rc2.d/S99route
- For a manual try, add the network interface with ifconfig:
ifconfig yukonx0 192.168.0.2 netmask 255.255.255.0 up
Rlogin
To add the rlogin network service:
svcs -l rlogin svcadm enable network/login:rlogin
Note that svcadm enable -t network/login:rlogin only performs a temporary enable of rlogin (won't persist over reboot).
X
Display windows remotely
This is basic on X Window, but from time to time I however encounter problems to do it.
For remote display:
export DISPLAY=:0.0
Also use /usr/openwin/bin/xauth list to list which entities are authorized.
XScreensaver
There's a known bug on Solaris 10 u5: when you log on, a message is displayed: “failed to execute child process “xscreensaver” (no such file or directory) screesaver functionality will not work in this session”.
To get rid of this message, do
ln -s /usr/openwin/bin/xscreensaver /usr/bin/xscreensaver
GDM
On Solaris 10, stop dtlogin to use gdm:
# /etc/init.d/dtlogin stop # /usr/dt/bin/dtconfig -d # svcadm disable cde-login # svcadm enable gdm2-login
On OpenSolaris 2008.11, gdm refers to the service svc:/application/graphical-login/gdm:default. There is no CDE login.
XDMCP
To configure XDMCP, launch gdmsetup then click on the remote tabs and activate “same as local”
Fonts
- To display usable fonts, use xfontsel
- To use a given font in a xterm, use -fn:
xterm -fn -*-fixed-medium-*-*-*-14-*-*-*-*-*-*-* &
or create an ~/XTerm file (or in ~/.Xdefaults) and specify the fonts, size (etc) you wish to use:
XTerm*font: 9x15
Software management
| Commands | Typical install directories | Local package database | Comments |
|---|---|---|---|
| pkgadd -d <unzipped-package> | /usr, /usr/sfw, /opt/sfw | /var/sadm/pkg | Default package management utility on Solaris. Does not handle dependencies. |
| pkg-get <blastwave-package> | /opt/csw | Blastwave package management. Close to apt-get. Handles dependencies | |
| pkg install <IPS package> | Default package management utility for OpenSolaris |
Patches
On Solaris: use the Sun Connection Update Manager (last version is currently 1.0.4). To do so, it is mandatory to register Solaris. The command line tool is /usr/sbin/updatemanager (run as root). This will ask for registration if you haven't done so yet). This is a graphical interface.
I encountered a serious problem with patches: I patched the system with security or recommended patches, some of those patches failed, and then at the next reboot: kernel crash (impossible to boot, except in single user mode) So beware… See Sun's Forums and Google Groups: looks like others encountered the same problem…
On OpenSolaris: launch /usr/sbin/updatemanager
pkgadd, pkginfo etc
This is Solaris's default package management utilities.
Typical prefixes:
- Sun's packages are prefixed with SUNW (e.g SUNWvbox, SUNWless).
- Blastwave's package are prefixed with CSW (e.g CSWperl, CSWpkgutil). Those packages can be installed with Solaris's package tools (pkgadd, pkgrm etc) or with Blastwave's higher level utility pkg-get or pkgutil.
Typical installation directories: /usr, /usr/sfw and /opt/sfw
- by default, mozilla is in /usr/sfw/bin/mozilla on Solaris 10.
- by default, java is in /usr/bin/java on Solaris 10.
Install a pre-compiled package: 1/ unzip it (gunzip, bunzip2, unzip…) and 2/ pkgadd. For example:
$ pfexec pkgadd -d pkgutil-1.4\,REV\=2009.01.20-SunOS5.8-i386-CSW.pkg
The following packages are available:
1 CSWpkgutil pkgutil - installs Solaris packages easily
(i386) 1.4,REV=2009.01.20
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
List all packages: pkginfo. For example:
$ pkginfo [..] system SUNWopenssl-commands OpenSSL Commands (Usr) system SUNWopenssl-include OpenSSL Header Files system SUNWopenssl-libraries OpenSSL Libraries (Usr) [..]
Get details of a package: pkginfo -l. For example:
$ pkginfo -l SUNWopenssl-commands
PKGINST: SUNWopenssl-commands
NAME: OpenSSL Commands (Usr)
CATEGORY: system
ARCH: i386
VERSION: 11.11,REV=2008.10.30.20.37
VENDOR: Sun Microsystems, Inc.
DESC: OpenSSL Commands (Use)
HOTLINE: Please contact your local service provider
STATUS: completely installed
Listing the contents of a package: pkgchk -l <package>
pkgchk -l CSWpkgutil
Pathname: /opt/csw
Type: directory
Expected mode: 0755
Expected owner: root
Expected group: bin
Referenced by the following packages:
CSWpkgutil CSWcommon CSWzlib
Current status: installed
Pathname: /opt/csw/bin
Type: directory
[..]
Removing a package: pkgrm <packagename>
Installed packages are located in /var/sadm/pkg.
On Solaris, to search in which package a given command is included, search in /var/sadm/install/contents. For example
grep xxx /var/sadm/install/contents
pkg-get
pkg-get should be seen as a front-end to Solaris's default package management commands. It
- automatically downloads a given package
- automatically installs its dependencies
… two tasks pkgadd does not handle. Unfortunately, pkg-get will only work for Blastwave-like package (ibiblio).
To install pkg-get,
- Get pkg-get from Blastwave.
- Install it: pkgadd -d pkg_get-3.8.4-SunOS5.8-all-CSW.pkg. The procedure is perfectly described on Blastwave's site. Check its digest with:
digest -v -a md5 pkg_get.pkg
- Then configure it in /opt/csw/etc/pkg-get.conf. Set up the mirror to use, the tree version (stable, unstable, testing), and the download directory (by default: /var/pkg-get/donwloads).
url=http://ibiblio.org/pub/packages/solaris/csw/unstable PKGGET_DOWNLOAD_DIR=/tmp
- Then use pkg-get to install Blastwave packages.
To install a package: pkg-get install <packagename>, e.g
pkg-get install gnupg pkg-get install bzip2
To remove a package:
pkg-get remove <packagename>
To upgrade a package:
pkg-get upgrade
This will upgrade all packages for which a new version exists. It consists in uninstalling the old version (remove) and then installing the new version (install). At first, seeing a remove operation may be surprising, but in the end, it works 
pkgutil
Blastwave has recently replaced pkg-get by pkgutil. To install pkgutil,
- get the package
- do: pkgadd -d <pkgutil-pkg>
- then use pkgutil to handle other packages.
IPS
OpenSolaris introduces a new package management system. Perhaps I don't know how to use it, but I don't like it very much It takes ages to run…
IPS packages are typically prefixed by IPS (e.g IPSgnutls, IPSiconv…), but IPS commands will also display other packages (SUNW, CSW…)
- install a package: pkg install <package>
- in which package is a given command: pkg search -r <command>
There's a nice comparison between Debian's apt-get and IPS or pkgadd / IPS: here.
Using other packages
Unpack a debian package:
/usr/xpg4/bin/ar x package.deb gunzip data.tar.gz tar -xvf data.tar
Developer's corner
Bash
A very simple .bashrc on Solaris:
export PATH=/usr/bin/amd64:$PATH:/opt/csw/bin:. export PS1="[\u@\w] "
on OpenSolaris:
PS1='${LOGNAME}@$(/usr/bin/hostname):$(
[[ "${LOGNAME}" == "root" ]] && printf "%s" "${PWD/${HOME}/~}# " ||
printf "%s" "${PWD/${HOME}/~}\$ ")'
export PATH=$PATH:/usr/local/bin:/usr/share/bin
32-bit vs 64-bit
To know whether your architecture is 32 or 64 bit: isainfo -b
There's a very interesting article on Blog'o thnet.
To summarize, on 64-bit processors, the kernel, device drivers and some key applications (or those with a high performance issue) are 64-bit, but all other applications are usually 32-bit. There are no emulation libraries on Solaris 64 to run 32-bit libraries: there are two different system calls.
To check whether a given application is 32 or 64 bit, run file:
$ file /usr/bin/amd64/ls /usr/bin/amd64/ls: ELF 64-bit LSB executable AMD64 Version 1, dynamically linked, stripped
This also means that on 64-bit hosts, you should set your PATH to locate 64-bit applications before 32-bit ones. For example /usr/bin/amd64 should be set before /usr/bin.
Compilers etc
For Solaris, there's a very interesting article on the subject here. Mainly, what I get of out it is:
- no need to install a gcc package (such as CSWgcc) because gcc is usually installed by default in /usr/sfw (mine is version 3.4.3).
- no need to install gmake (3.80) either: it's already installed in /usr/sfw.
- put /usr/sfw/bin at the top of your path, and remove /usr/ucb (or leave it at the end of your path - because it points to an 'old' cc).
- install Sun Studio to get cc (among other things). Actually, cc is said to be better than gcc (faster code), but gcc is perhaps better known by GNU/Free addicts. Anyway, if cc is installed, add /opt/SUNWspro/bin to your path.
For example,
export PATH=/usr/bin/amd64:/usr/sfw/bin:/opt/csw/bin:/usr/ccs/bin:/usr/openwin/bin:/usr/bin:/bin:. export LD_LIBRARY_PATH=/usr/sfw/lib/amd64:/lib/amd64:/usr/lib/amd64:/usr/sfw/lib:/lib:/usr/lib:/opt/csw/lib:. export MAKE=gmake
For OpenSolaris, install SUNWgcc and SUNWgmake.
Library path
According to Rich Teer's article, programs should actually be linked with the -R option. This strategy reduces the need for a LD_LIBRARY_PATH.
However, in situations where the program hasn't been linked that way, there are 2 different ways to configure your library path on Solaris:
- set the common LD_LIBRARY_PATH and LD_LIBRARY_PATH_64 environment variables
- or use the crle (Configuration Runtime Linker Environment) command.
To list your current paths: crle or crle -64 To set new paths: crle -l <a path> -l <another path> …
Typical required paths are: /lib, /usr/lib, /opt/csw/lib, /opt/SUNWspro/lib.
(c) A. Apvrille - 2009