The widely used reference for experienced system administrators of the
Solaris Operating Environment—now fully updated for the Solaris 8 platform.
- Focuses on the tasks experienced sysadmins find most challenging
- Completely updated for the Solaris 8 Operating Environment!
- Includes extensive new coverage of WebNFS technology
Ready to leverage the full power of Solaris 8 software? Now there's a
hands-on reference specifically for you. In Solaris 8 Advanced System
Administrator's Guide, Third Edition, award-winning author Janice Winsor
delivers hundreds of indispensible tips, step-by-step procedures, and quick
reference tables, all focused on the features experienced administrators find
most challenging. Thoroughly updated, this book's coverage includes:
- The Solaris platform mail services, including detailed procedures for
planning and customizing sendmail
- Understanding the NIS+ nameservice environment, and configuring both
servers and clients
- All-new coverage of WebNFS technology—concepts, configuration, and
day-to-day management
- Advanced security coverage—authentication, Role-Based Access Control
(RBAC), and the Automated Security Enhancement Tool (ASET)
- New Service Access Facility services for terminals, modems, and printers
- Software management—installation, removal, patching, and more
- Automounter services, volume management, shell programming, and much
more
No matter how well you know Solaris, this book will make you far more
effective—just as it has for thousands of Solaris sysadmins worldwide.
Table of Contents
Preface.
Acknowledgments.
I. MAIL SERVICES.
1. Understanding Mail Services.
New Mail Service Features. Systems in a Mail
Configuration. Gateway. Mail Hub. Mail Client. Mail Service Programs. Mail User
Agents (MUAs). Mail Transport Agent (MTA). Mailbox. DNS and sendmail. Aliases.
Uses for Alias Files. Syntax of Aliases. Mail Addressing. UUCP Route-Based
Addressing. Route-Independent Addressing. How Mail Addressing Works. Mail
Services Files and Programs.
2. Customizing sendmail Configuration Files.
How the sendmail Program Works. Message-Header
Editing. Configuration File. How sendmail Is Implemented. Mail to Files and
Programs. Message Collection. Message Delivery. Queued Messages. Introducing the
m4 Macro Processor. Comments. Quoting. Including Macro Files. Diversions.
Writing a Custom Macro Configuration File. Including the Sendmail m4 Macro
Definitions. Defining Your OS Type. Masquerading. Features. Configuration
Options. Mailers. External Configuration Files. Generating the sendmail
Configuration File. Testing the Rewriting Rules-the -bt Flag. Using the sendmail
Restricted Shell. Reference Tables. Command-Line Arguments. Configuration
Options. Mailer Flags. Processing Options.
3. Planning Mail Services.
Single DNS Domain with an Internet Connection.
The Client Configuration. The Mail Hub/Gateway Configuration. The DNS
Configuration. Single DNS Domain with Internet Connection and Separate Gateway.
The Gateway Configuration. The Mail Hub Configuration. The DNS Configuration.
DNS Domain and a Subdomain with One Internet Connection. The Gateway
Configuration. The Corporate Mail Hub Configuration. The Corporate Client
Configuration. The Engineering Mail Hub Configuration. The Engineering Client
Configuration. The DNS Configuration. DNS Domain with a UUCP Gateway.
4. Setting Up and Administering Mail Services.
Preparing to Set Up Mail Services. Setting Up
Mail Services. Setting Up a Mail Hub. Setting Up a Mail Client from a Command
Line. Setting Up a Gateway Host. Creating Mail Aliases. Listing the Contents of
an NIS+ mail_aliases Table. Creating a New NIS+ mail_aliases Table. Adding
Aliases to an NIS+ mail_aliases Table. Changing Aliases in an NIS+ mail_aliases
Table. Deleting Entries from an NIS+ mail_aliases Table. Setting Up the NIS
mail.aliases Map. Setting Up Local Mail Alias Files. Configuring Hosts to Use
DNS Mail Exchange Records. Setting Up the Postmaster Alias. Testing Your Mail
Configuration. Administering Your Mail Configuration. Duties of Postmaster. The
Mail Queue. The System Log. Troubleshooting Your Mail Configuration. Checking
Aliases. Testing sendmail. Verifying Connections to Other Systems. Obtaining
Other Diagnostic Information.
II. NIS+.
5. Introducing the NIS+ Environment.
Comparison of NIS and NIS+. The NIS+ Namespace.
Components of the NIS+ Namespace. NIS+ Security. NIS+ Authentication. Access
Rights. The NIS+ Updating Model. NIS and NIS+ Compatibility. The Nameservice
Switch. NIS+ Administration. NIS+ Commands. NIS+ Installation Scripts.
6. Setting Up NIS+ Servers and Clients.
Setting Up an NIS+ Namespace. Introducing the
NIS+ Installation Scripts. Preparing for Setup and Configuration. Preparing an
Existing Namespace. Setting Up an NIS+ Root Server. Preparing to Run the
nisserver Command. Creating a Root Master Server. Populating the NIS+ Tables.
Preparing to Run the nispopulate Command. Populating the Root Master Server
Tables from Files. Populating the Root Master Server Tables from NIS Maps.
Setting Up NIS+ Client Systems. Preparing to Run the nisclient Command. Security
Considerations. DES Authentication. Initializing a New Client System.
Verification of the Setup. Verifying That the Cache Manager Is Running. Checking
the Contents of the /var/nis Directory. Verifying That the NIS+ Commands
Succeed.
III. AUTOMOUNTER AND WEBNFS SERVICES.
7. Understanding the Automounter.
NFS Terminology. Server and Client Systems.
Mount Points. The Virtual File System Table. Mount and Unmount. The Mount Table
(/etc/mnttab). NIS+ Terminology. Automount Terminology. Automounter. Automount
Maps. Automount Maps and Mount Points. Indirect Maps. The Direct Map. Syntax and
Shortcuts for Map Entries. Metacharacters. Components of the Automounter. The
automount Command. The Autofs File System. The automountd Daemon. How the
Automounter Works. Automounter Behavior. Hierarchical Mounting and Unmounting.
How to Plan for Automounting. Recommended Automounting Policies. Prerequisites
for Using the Automounter.
8. Setting Up the Automounter.
Setting Up Automount Server Systems. Setting Up
Automount Client Systems. Displaying Information About NIS+ Automount Maps.
Displaying the Format of NIS+ Automount Maps. Displaying the Contents of NIS+
Automount Maps. Setting Up NIS+ Automount Maps. Setting Up the auto_home Map.
Setting Up Indirect Maps. Setting Up a Direct Map. Setting Up the NIS+ Master
Map. Creating a Project Automount Map. Creating Hierarchical Maps. Administering
NIS+ Automount Maps. Using a Public File Handle with the Automounter. Using NFS
URLs with the Automounter. Disabling Automounter Browsability. Troubleshooting
Automounter Problems. Automounter Error Messages. automount -v Error Messages.
Miscellaneous Error Messages. Other Errors with the Automounter.
9. Introducing WebNFS.
The WebNFS Service. WebNFS Security Negotiation.
WebNFS Limitations with Web Browsers. Planning for WebNFS Access. WebNFS Access.
IV. SERVICE ACCESS FACILITY.
10. Understanding the Service Access Facility.
Benefits of the SAF. The SAF Daemons. The SAF
Commands. SAF Architecture. The init Process. Service Access Controller. Port
Monitors. Service Invocations. Port Monitor States. The Line Control Model. UUCP
Files. SAF Log Files. Reference to SAF Commands, Tasks, and Options. Quick
Reference to SAF Variables. Quick Reference to Service Access Control (sacadm).
Quick Reference to Port Monitor Administration (pmadm). Admintool: Serial Ports
and SAF. Templates. Starting Admintool: Serial Ports. Starting the SMC Serial
Ports Tool.
11. Setting Up Modems and Character Terminals.
Tools for Setting Up Modems and Character
Terminals. Using Variables in SAF Commands. The Port Monitor Tag (pmtag). The
Service Tag (svctag ). The Device Path (dev-path). The Baud Rate and Line
Discipline (ttylabel). Type of Modem. Comments. Setting Up Modems. Modem
Connection and Switch Settings. Using Admintool: Serial Ports to Configure
Modems. Using the SMC Serial Ports Tool to Configure Modems. Using SAF Commands
to Set Up Modems. Troubleshooting Modem Connections. Setting Up SAF for
Character Terminals. Connecting the Terminal Cable. Using Admintool: Serial
Ports to Add a Character Terminal. Using the SMC Serial Ports Tool to Add a
Character Terminal. Using SAF Commands to Set Up Character Terminals.
Troubleshooting the Terminal Connection.
12. Setting Up Printing Services.
New Printing Features in the Solaris 8 Operating
Environment. Solaris Print Manager. Print Naming Enhancement to the Nameservice
Switch File. Enabling or Disabling Global Banner Page Printing. Solaris Print
Package Redesign. Redesign of Print Packages. Print Protocol Adaptor. Print
Client Software. Enhanced Network Printer Support. Print Administration Tools in
the Solaris Operating Environment. Choosing a Method to Manage Printers. System
Requirements for a Print Server. Printer Configuration Information. Printer
Name. Printer Port. Printer Type. File Content Type. Print Filters. Printer
Description (Optional). Default Printer (Optional). Introducing Solaris Print
Manager. Solaris Print Manager Prerequisites. Identifying the NIS+ Group That
Owns the printers Table. Identifying the NIS+ (xfn) Group That Owns the printers
Table. Starting Solaris Print Manager. Adding a New Attached Printer with Print
Manager. Adding a New Network Printer with Print Manager. Adding Access to a
Printer with the Print Manager. Converting Printer Configuration in NIS+ (xfn)
to NIS+ Format. Adding a Network Printer. Adding a Network Printer with
Vendor-Supplied Tools. Adding a Network Printer with Solaris Print Manager.
Adding a Network Printer with LP Commands. Using Print Client Commands. Printer
Configuration Resources. Print Request Submission. Summary of the Print Client
Process. Solving Printing Problems. No Output (Nothing Prints). Incorrect
Output. Hung LP Print Service Commands. Idle (Hung) Printers. Conflicting Status
Messages.
V. APPLICATION SOFTWARE.
13. Installing and Managing Application Software.
Overview of Installing and Managing Application
Software. Using Package Commands. Using Admintool. Using Installation Scripts.
User Access to Applications. Automating Your Application Environment. Using
Wrapper Technology. Designing an Application Server. Installing and Configuring
Packages. Developing Wrappers. Using a Common Command Directory. Setting User
Configurations. Understanding Distribution Issues. Licensing.
14. Package Commands.
Reviewing Package Commands. Package Formats.
Setting Up Package Administration Files. Setting Up the Installation Base
Directory. Installing a Package with an Alternative Administration File. Adding
Packages. Checking the Installation of a Package. Displaying Package Parameters.
Listing Packages. Removing Packages. Using the Package System Log File.
Translating Package Formats.
15. Admintool: Software Manager.
Starting Admintool. Installing Software.
Accessing Files from a Local CD-ROM Drive. Customizing Installation. Beginning
Installation. Removing Software.
16. Solaris Product Registry.
Introducing the Product Registry Tool.
Installing Software with the Product Registry Tool. Uninstalling Products with
the Product Registry Tool.
17. Installing and Managing System Software Patches.
Patch Distribution. Requirements to Access Sun
Patches. Accessing Patches from the Web. Patch Numbering. Installing a Patch.
Removing Patches.
VI. INTRODUCING SHELL PROGRAMMING.
18. Writing Shell Scripts.
Basic Concepts. Introducing the Bourne, Korn,
and C Shells. Understanding How Shells Process Commands. Naming Shell Scripts.
Identifying the Shell. Making Scripts Executable. Storing Shell Scripts. Writing
Shell Scripts: The Process. Variables. Displaying Bourne and Korn Shell
Variables. Displaying C Shell Environment Variables. Setting Bourne and Korn
Shell Variables. Unsetting Bourne and Korn Shell Variables. Setting C Shell
Variables. Unsetting C Shell Variables. File Name Stripping. Korn Shell Path
Stripping. C Shell Path Stripping. Built-in Shell Variables. Bourne and Korn
Shells Built-in Variables. C Shell Built-in Variables. Built-in Commands.
Environment Variables. Bourne and Korn Shell Environment Variables. C Shell
Environment Variables. Input and Output. Standard In, Standard Out, and Standard
Error. Command-Line Input. Interactive Input. Here Documents. Output Generation.
Command Substitution. Testing for Conditions. if-then-else-elif. if-else-else
if-endif. Nested if Constructs. Multibranching. The Bourne Shell test Command.
The Korn Shell ... Command. Controlling the Flow. Using Bourne and Korn Shell
for Loops. Using C Shell foreach Loops. Using while Loops. Using Bourne and Korn
Shell until Loops. Breaking Loops. Exit Status. Bourne Shell Exit Status. C
Shell Exit Status. Mathematical Operations. Bourne Shell Mathematical
Operations. Korn Shell Mathematical Operations. C Shell Mathematical Operations.
User-Defined Functions. Debugging Shell Scripts. Using Debugging Flags.
Understanding Shell Parsing Order.
19. Reference Tables and Example Scripts.
Reference Tables. Environment Files. First Line
of Script. Korn Shell Path Operators. C Shell Path Modifiers. Bourne and Korn
Shell Built-in Variables Initialized by Shell. C Shell Built-in Variables
Initialized by Shell. Shell Built-in Commands. Bourne and Korn Shell
Redirection. C Shell Redirection Metacharacters. C Shell $argv Notation.
Quoting. Metacharacter Shell Syntax. Variable Shell Syntax. I/O Redirection and
Piping. Printing to the Screen. Reading from the Keyboard. Math and
Calculations. Command Substitution. Tilde Expansion. Alias Syntax. History
Syntax. Function Syntax. Programming Statement Syntax. Test and C Shell Built-in
Test. Bourne Shell Mathematical Operators. C Shell Mathematical Operators.
Example Scripts. Anonymous ftp Script. arch.sh.fctn Function. array.sh.fctn
Function. hostname.sh.fctn Function. osr.sh.fctn Function. whoami.sh.fctn
Function.
VII. SYSTEM SECURITY.
20. Understanding System Security.
New Security Features in the Solaris 8 Release.
New Default Ownership and Permissions on System Files and Directories.
Role-Based Access Control. Sun Enterprise Authentication Mechanism (SEAM) or
Kerberos V5 Client Support. New Security Features in the Solaris 2.6 Release.
Pluggable Authentication Module (PAM). Executable Stacks and Security. Overview
of System Security. Maintaining Physical Site Security. Maintaining Login and
Access Control. Restricting Access to Data in Files. Maintaining Network
Control. Monitoring System Use. Setting the Correct Path. Monitoring setuid and
setgid Programs. Installing a Firewall. Reporting Security Problems. Using the
Automated Security Enhancement Tool (ASET). Using Role-Based Access Control
(RBAC). File Security. User Classes. File Permissions. Directory Permissions.
Octal Values for Permissions. Default umask. File Types. File Administration
Commands. Special File Permissions (Setuid, Setgid, and Sticky Bit). Access
Control Lists (ACLs). Network Security. Firewall Systems. Authentication and
Authorization. Sharing Files. Restricting Superuser (root) Access. Using
Privileged Ports. Automated Security Enhancement Tool (ASET).
21. Using the Automated Security Enhancement Tool (ASET).
ASET Master Files. ASET Security Levels. How
ASET Tasks Work. System Files Permissions Verification. System Files Checks.
User/Group Checks. System Configuration Files Check. Environment Check. eeprom
Check. Firewall Setup. ASET Execution Log. ASET Reports. Format of Report Files.
Examining and Comparing Report Files. ASET Master Files. File Tuning. The
uid_aliases File. The Checklist Files. ASET Environment File (asetenv). ASET
Shell Environment Variables. PERIODIC_SCHEDULE Variable. TASKS Variable.
UID_ALIASES Variable. YPCHECK Variable. CKLISTPATH_level Variable. Running ASET.
Running ASET Interactively. Running ASET Periodically. Stopping Running ASET
Periodically. Collecting Reports on a Server. Restoring System Files Modified by
ASET. ASET Error Messages.
22. Using Authentication Services.
Example: Diffie-Hellman. Example: Secure RPC.
DES Encryption. Diffie-Hellman Authentication. How Diffie-Hellman Authentication
Works. Administering Diffie-Hellman Authentication. The Pluggable Authentication
Module (PAM) Framework. PAM Module Types. Stacking Feature. Password-Mapping
Feature. How PAM Works. PAM Configuration File. Valid Service Names. Control
Flags. Planning for PAM. Configuring PAM.
23. Role-Based Access Control.
What Is a Role? Administrative Rights. Primary
Administrator Capabilities. Granting Primary Administrator Rights. Granting
Rights to a User. Creating a Role. Regular User Rights. Rights Hierarchies. Real
and Effective UIDs and GIDs. The RBAC Databases. Extended User Attributes
Database (user_attr). Syntax of the user_attr Database. Authorizations Database
(auth_attr). Rights Profiles (prof_attr). Execution Attributes (exec_attr).
Policy Configuration File (policy.conf). Commands That Use Role-Based Access
Control Authorizations. Commands for Managing Role-Based Access Control.
A: Volume Management.
What's New with Volume Management. Volume
Management Files. The /etc/vold.conf File. The /etc/rmmount.conf File. Volume
Management Files. Volume Management Log Messages. Volume Management Mount
Points. Removable Media Manager. Starting Removable Media Manager. Supported
Media Classes. Local and Remote CD-ROMs. Mounting a Local CD-ROM. Sharing Files
from a Remote CD-ROM Drive. Diskettes and Volume Management. Formatting
Diskettes. Diskette Command-Line Access. Diskette CDE Front Panel Access.
Diskette CDE File Manager Access. Using the tar and cpio Commands with
Diskettes. Accessing Jaz or Zip Drives. Creating An Alternate fdisk Partition.
Accessing DVD-ROM Drives. Hardware and Software Requirements. UDF Compatibility
Issues. Connecting a DVD-ROM De~134wevice. Accessing Files on a DVD-ROM Device.
Troubleshooting. Using Workman with Volume Management. Disabling Volume
Management.
B: Celeste's Tutorial on Solaris 2.x Modems and Terminals.
Introduction. Which Modem Should You Use? Types
of Modem Usage. Modem Programming. Modem Speed. Flow Control and Parity.
Celeste's Strategy for Configuring Modems and Terminals. Ok, So What Do I Do?
Tip and /etc/remote. /etc/remote Example. Basic Modem Programming. Useful Modem
Register Settings. USRobotics Courier V.Everything Settings. Enabling Solaris
for a Bidirectional Modem. Enabling Solaris for a Dial-out-only Modem. Setting
Up a Terminal on Solaris 2.x. Setting Serial Port Modes. /etc/ttydefs Examples.
Configuring Serial Ports for UUCP. Parity in UUCP. Flow Control with UUCP. File
format: /etc/saf/{pmtag}/_pmtab and /etc/saf/_sactab. Customizing the Login
Message (Solaris 2.0-2.3). Customizing the Login Message (Solaris 2.4-higher).
Solaris IA Issues. Solaris IA 2.0-2.5 and COM2. Solaris IA 2.6 and COM2. Solaris
7 IA (2.7) and COM2. Automatic Method, Using Device Configuration Assistant.
More Manual Method, Using Device Configuration Assistant. PC Serial Ports and
Internal Modems. Serial Device Naming in Solaris IA. Vendor List. Serial Cards.
Modems. PPP. Kermit/C-Kermit. Terminal Servers. Publishers.
Glossary.
Bibliography.
General References.
Electronic Mail References. SAF References. NIS+
Reference. Printing Reference. Patch Reference. Shell References. Programming
Languages. System Security.
Index.