CERTguide Solaris 9 SA1 Study Guide
What is Solaris?
According to webopedia.com:
"An Unix -based operating environment developed by Sun Microsystems. Originally developed to run on Sun's SPARC workstations, Solaris now runs on many workstations from other vendors.
Solaris includes the SunOS operating system and a windowing system (either OpenWindows or CDE). Solaris currently supports multithreading, symmetric multiprocessing (SMP), integrated TCP/IP networking, and centralized network administration. A Wabi emulator is available to run Windows applications." http://www.webopedia.com/TERM/S/Solaris.html
Currently the latest release is Solaris 9. It has 2 versions: one for X86 and one for Sparc.
What is Sparc?
"Short for Scalable Processor Architecture, a RISC technology developed by Sun Microsystems. The term SPARC® itself is a trademark of SPARC International, an independent organization that licenses the term to Sun for its use. Sun's workstations based on the SPARC include the SPARCstation, SPARCserver, Ultra1, Ultra2 and SPARCcluster." http://www.webopedia.com/TERM/S/SPARC.html
What does the SA1 exam cover?
n Manage File Systems
n Install Software
n Perform System Boot Procedures
n Perform User and Security Administration
n Manage Network Printers and System Processes
n Perform System Backups and Restores
File Systems
n a structure of directories that is used to organize and store files
n Solaris uses the virtual file system (VFS) architecture to provide a standard interface for different file system types
n VFS enables the kernel to handle basic file operations
n UFS - hard disk
n HSFS - CD-ROM
n PCFS - diskette
n UDF - DVD
UFS
n UNIX file system
n based on the BSD Fast File system that was provided in the 4.3 Tahoe release
n default disk-based file system for Solaris
n before you can create a UFS file system on a disk, you must format the disk and divide it into slices
HSFS
n High Sierra, Rock Ridge, and ISO 9660 file system
n High Sierra - first CD-ROM file system
n ISO 9660 - the official standard version of the High Sierra File System
n used on CD-ROMs
n read-only
n Solaris HSFS supports Rock Ridge extensions to ISO 9660 - provide all UFS file system features and file types, except for writability and hard links.
PCFS
n PC file system
n allows read and write access to data and programs on DOS-formatted disks
UDF
n Universal Disk Format
n industry-standard format for storing information on the optical media technology
n used for DVD
Virtual File Systems
n memory-based file systems
n provide access to special kernel information and facilities
n mostly do not use file system disk space
CacheFS File System
n designed as a layered file system
n provides the ability to cache one file system on another.
n best to combine a CacheFS file system with the AutoFS service to help boost performance and scalability
n improve performance of remote file systems or slow devices
n when a file system is cached, the data read is stored in a cache on the local system.
Temporary file system
n TMPFS
n default file system type for the /tmp directory
n uses local memory for file system reads and writes
n typically much faster than a UFS file system
n files in TMPFS file systems are not permanent
n files are deleted when the file system is unmounted and when the system is shut down or rebooted.
n you can copy or move files into or out of the /tmp directory
n uses swap space as a temporary backing store
n can run out of space
Loopback file system
n LOFS
n lets you create a new virtual file system so that you can access files by using an alternative path name
Process File System
n PROCFS
n resides in memory
n contains a list of active processes by process number in the /proc directory.
Other file systems as described by Sun:
Install Software
What is software management?
According to Sun: “Software management involves installing or removing software products. Sun and its third-party vendors deliver products in a form called a software package.” http://docs.sun.com/db?p=/doc/806-4073/6jd67r95p&a=view
How about Package? “The term packaging generically refers to the method for distributing and installing software products to systems where the products will be used. A package is a collection of files and directories in a defined format. This format conforms to the Application Binary Interface (ABI), which is a supplement to the System V Interface Definition.” http://docs.sun.com/db?p=/doc/806-4073/6jd67r95p&a=view
The tools included for adding and removing software packages from a system after the Solaris release is installed are:
n Solaris Web Start – you may add products included in the Solaris 9 media pack. You cannot add individual software packages.
n Solaris Product Registry - remove or display information about software products that were originally installed by using the Solaris Web Start program or the Solaris pkgadd command.
n Package commands (pkgadd, pkgrm, pkginfo) – the best thing to do: incorporate these commands into scripts, set up optional files to avoid user interaction or perform special checks, and copy software packages to spool directories.
n Admintool - easiest to use Admintool to add and remove software if you are:
How about removing a package? Sun has something to say about package removal:
“You should use one of these tools to remove a package, even though you might be tempted to use the rm command instead. For example, you could use the rm command to remove a binary executable file, but that is not the same as using the pkgrm command to remove the software package that includes that binary executable. Using the rm command to remove a package's files will corrupt the software products database.” http://docs.sun.com/db?p=/doc/806-4073/6jd67r961&a=view
System Boot Procedures
Boot types
n Interactive boot - You are prompted to provide information about how the system is booted
n Reconfiguration boot - system is reconfigured to support newly added hardware or new pseudo devices.
n Recovery boot - system is hung or an invalid entry is prohibiting the system from booting successfully or from allowing users to log in.
Network boot
n You can boot Solaris (Intel Platform Edition) directly from a network without the Solaris boot diskette on IA based systems that support the Preboot Execution Environment (PXE) network booting protocol.
n PXE network boot is available only for devices that implement the Intel Preboot Execution Environment specification.
n You can enable the PXE network boot on the client system by using the BIOS setup program in the system BIOS, the network adapter BIOS, or both.
n On some IA systems you must adjust the boot device priority list so that a network boot is attempted before a boot from other devices.
n Some early versions of PXE firmware cannot boot the Solaris system. If this problem occurs, upgrade the PXE firmware on the adapter.
n You might need to boot a system from the network when:
u When the system is first installed.
u If the system won't boot from the local disk.
u If the system is a diskless client.
n two network configuration boot strategies:
u RARP (Reverse Address Resolution Protocol and ONC+ RPC Bootparams Protocol)
u DHCP (Dynamic Host Configuration Protocol)
What is RARP?
"Short for Reverse Address Resolution Protocol, a TCP/IP protocol that permits a physical address, such as an Ethernet address, to be translated into an IP address. Hosts such as diskless workstations often only know their hardware interface addresses, or MAC address, when booted but not their IP addresses. They must discover their IP addresses from an external source, usually a RARP server. RARP is defined in RFC 903." http://www.webopedia.com/TERM/R/RARP.html
How about DHCP?
"Short for Dynamic Host Configuration Protocol, a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task." http://www.webopedia.com/TERM/D/DHCP.html
Boot process
Pay attention to the SPARC boot process. The following information is extracted from Sun’s site:
|
SPARC: Description of the Boot Process (extracted from Sun’s document site) |
|
|
Boot Phase |
Description |
|
Boot PROM |
1. The PROM displays system identification information and then runs self-test diagnostics to verify the system's hardware and memory. |
|
2. Then, the PROM loads the primary boot program, bootblk, whose purpose is to load the secondary boot program (that is located in the ufs file system) from the default boot device. |
|
|
Boot Programs |
3. The bootblk program finds and executes the secondary boot program, ufsboot, and loads it into memory. |
|
4. After the ufsboot program is loaded, the ufsboot program loads the kernel. |
|
|
Kernel Initialization |
5. The kernel initializes itself and begins loading modules by using ufsboot to read the files. When the kernel has loaded enough modules to mount the root (/) file system, the kernel unmaps the ufsboot program and continues, using its own resources. |
|
6. The kernel creates a user process and starts the /sbin/init process, which starts other processes by reading the /etc/inittab file. |
|
|
init |
7. The /sbin/init process starts the run control (rc) scripts, which execute a series of other scripts. These scripts (/sbin/rc*) check and mount file systems, start various processes, and perform system maintenance tasks. |
Run level
n also referred to as init states because the init process is used to perform transitions between run levels
n a letter or digit that represents a system state in which a particular set of system services are available
n system is always running in one of a set of well-defined run levels
n you use the init command to initiate a run-level transition
User Management
User names
n also called login names
n let users access their own systems and remote systems that have the appropriate access privileges
n you must choose a user name for each user account you create
n User names must:
n Be unique within your organization
n Contain from two to eight letters and numerals
n user names can include a period (.), underscore (_), or hyphen (-)
n best to establish a standard way of forming user names
n the names should be easy for users to remember
n each new user name must be distinct from any mail aliases known to the system or to an NIS or NIS+ domain
User ID Numbers
n associated with each user name
n identifies the user name to any system on which the user attempts to log in
n used by systems to identify the owners of files and directories
n
must be a whole number less than or equal to 2147483647
required for both regular user accounts and special system accounts
|
Reserved UID Numbers (extracted from Sun’s document site) |
||
|
User ID Numbers |
User/Login Accounts |
Description |
|
0 - 99 |
root, daemon, bin, sys, etc. |
System accounts |
|
100 - 2147483647 |
Regular users |
General purpose accounts |
|
60001 and 65534 |
nobody and nobody4 |
Anonymous users |
|
60002 |
noaccess |
Non-trusted users |
n UID numbers 0 through 99 are reserved - you can still add a user with one of these numbers
n root always has UID 0
n you should adopt a scheme to assign unique UIDs
Password Security
n passwords must be kept secret and known only to users
n a combination of six to eight letters, numbers, or special characters
n you can set a user's password when you create the user account and have the user change it when logging in to a system for the first time.
n you should require users to change their passwords every six weeks - once every three months is adequate for lower levels of security
n system administration logins such as root and sys should be changed monthly or whenever a person who knows the root password leaves the company or is reassigned
n Good choices for passwords include:
u Phrases
u Nonsense words made up of the first letters of every word in a phrase
u Words with numbers or symbols substituted for letters
n Password Aging
u enables you to force users to change their passwords periodically
u prevent a user from changing a password before a specified interval
u you can also set a password expiration date when the account become disabled
u you can set password aging attributes with the passwd command or the Solaris Management Console's Users Tool
n Home Directories
u portion of a file system allocated to a user for storing private files
u can be located either on the user's local system or on a remote file server
u by convention the home directory should be created as /export/home/username
u users usually access their home directories through a mount point named /home/username
u when AutoFS is used to mount home directories, you are not permitted to create any directories under the /home mount point on any system
u to use the home directory anywhere on the network, you should always refer to it as $HOME
u besides having a home directory to create and store files, users need an environment that gives them access to the tools and resources they need to do their work - determined by initialization files that are defined by the user's startup shell, such as the C, Korn, or Bourne shell.
u a good way to manage the user's work environment is to provide customized user initialization files, such as .login, .cshrc, .profile, in the user's home directory.
Backup
Backup types:
Backup commands:
|
Backup Task |
Command |
|
Back up one or more file systems to a local tape device or a remote tape device |
ufsdump |
|
Create read-only copies of file systems |
fssnap |
|
Back up all file systems for systems on a network from a backup server |
Solstice Backup(TM) software |
|
Back up and restore an NIS+ master server |
nisbackup and nisrestore |
|
Copy, list, and retrieve files on tape or diskette |
tar, cpio, or pax |
|
Copy master disk to a clone disk |
dd |
|
Restore complete file systems or individual files from removable media to a working directory |
ufsrestore |
When creating a backup schedule, keep in mind the following:
n minimize the number of tapes used for backups
n check the time available for doing backups
n check the time available for doing a full restore of a damaged file system
n check the time available for retrieving individual files that are accidentally deleted
Dump levels:
n you can have the dump level specified in the ufsdump command (0-9)
n determines which files are backed up
n Dump level 0 creates a full backup
n Levels 1-9 are used to schedule incremental backups
n only meaning levels 1-9 have is in relationship to each other as a higher or lower number.
Printing
|
Solaris Printing Component Features (extracted from Sun’s document site) |
||||
|
Component |
Graphical User Interface? |
Configures Network Printers? |
Manages Print Clients and Servers? |
Uses LDAP, NIS, NIS+, or NIS+ (xfn)? |
|
Solaris Print Manager |
Yes |
Yes |
Yes |
Yes |
|
Admintool |
Yes |
No |
Yes |
No |
|
LP commands |
No |
Yes |
Yes |
Yes |
Place your focus on the LP commands!!! GUI is not heavily tested.
|
Command |
Task |
|
enable |
Activate a printer |
|
cancel |
Cancel a print request |
|
lp |
Send one or more file(s) to a printer |
|
lpstat |
Report the status of the LP print service |
|
disable |
Deactivate one or more printers |
|
accept |
Permit print requests to be queued for a specific destination |
|
reject |
Prevent print requests from being queued for a specific destination |
|
lpadmin |
Set up or change printer configuration |
|
lpfilter |
Set up or change filter definitions |
|
lpforms |
Set up or change preprinted forms |
|
lpadmin |
Mount a form |
|
lpmove |
Move output requests from one destination to another |
|
lpsched |
Start the LP print service scheduler |
|
lpshut |
Stop the LP print service scheduler |
|
lpusers |
Set or change the default priority and priority limits that can be requested by users of the LP print service |
Reference Readings
by Mark G. Sobell (Paperback - June 1999)
SolarisTM Solutions for System Administrators: Time-Saving Tips, Techniques, and Workarounds
by Sandra Henry-Stocker, Evan R. Marks (Paperback)
Boot Disk Management: A Guide for the Solaris Operating Environment
by David Deeths, John S. Howard (Paperback)
Solaris 9: The Complete Reference
by Paul A. Watters (Paperback)
This study guide is developed by Michael Yu Chak Tin. He can be reached at Michael@examreview.net.