System Administration: The Complete Reference

ORACLE

Oracle

Press

Oracle Solaris

11

System

Administration:

The

_Complete

Reference

Michael

_Jang

and

_Harry

Foxwell

with Christine

Tran

and Alan

_Formy-Duval,

_Contributing

Writers

Mc

Graw

Hill

NewYork

_Chicago

San Francisco

Lisbon London Madrid Mexico

_City

Milan

Contents

at

a

Glance

1 The Basics of Oracle Solaris 11 I

2

_{Getting Ready}

for Solaris 11 17

3 Installation

_Options

'W

4 AlternativeOracle Solaris 11 Installation Methods f>3

5 The Solaris

_{Graphical Desktop}

Environment

6 Service

_Management

143

7 The

_Image

_Packaging

_System

(IPS) K' <

8 Solaris at the Command Line 1M7

9

_Filesystems

and ZFS 207

10 Customize the Solaris Shells 229

11 Usersand

_Groups

249

12 Solaris 11

_Security

275

13

_System

Performance 295

14 Solaris Visualization 511 15 Print

_Management

*45

16 DNS and DHCP ^1

17 Mail Services 5<,y

18 Solaris Trusted Extensions 419

19 The Network File

_System

441

20 The FTP and Secure Shell Services 457

vi

Oracle Solaris 11

_System

Administration:The

_Complete

Reference

21 Solarisand Samba 481

22

_Apache

and the Web Stack 513

A Oracle Solaris 11 11/11

_Quick

Command Reference 543

B OracleSolaris 11 11/11 Information

_Library

Files 549

Contents

Foreword xix

Acknowledgments

xxi

Introduction xxiii

1 The Basics of Oracle Solaris 11 I

Welcome to Oracle Solaris 11 •'

So,

Why

Should You Use Oracle Solaris 11? .' A NewName,a NewOwner,a FamiliarOperating System i

Solaris Now "Goesto 11" -t

A Short Review of

_{Solaris'Long History}

!i

The Future of Solaris H

Solaris 11

_Licensing

()

Solaris Communities

Solaris11 Documentation M

For Those

_Moving

from Solaris 10 toSolaris 11 1 r>

Summary Ir'

Reference Ir'

2

_{Getting Ready}

for Solaris 11 17

Where Solaris 11 Runs: Hardware

_Requirements

IB

The

_Application

Guarantee

_Program

2 1

Testing

Yourx86

_System

forSolaris 11

_{Compatibility}

2 I

The Oracle Solaris 11 Live Media 2(>

Running

the Solaris 11 Live Media 27

Preparing

Your x86

_System

forSolaris 11 Installation 50

Disk Partitions '

Other Installation Methods i7

Summary

!"

References M

viii

OracleSolaris 11

_System

Administration: The

Complete

Reference

3 Installation

_Options

39

Howto Get Solaris 11 40

Downloads 40

Licensing

4^

WritetoDVD 41

Writetoa USB Key 43

A FocusonWorkstations 43

A

_Range

of Installation Scenarios 43

New

_Systems

43

Linux 44

Microsoft Windows 44

Solaris 10

NotesonVirtualMachines 45

The GUIInteractive Installation 4&

Boot the LiveMedia 47

AnswerBasicQuestions 48

Start the Interactive GUI Installation 48

Basic Parameters 48

Risks 50

Partitionsfor Solaris and More 50 Time Zonesand Locales 52

Users and Hostnames 52

Final

_Step

52

MultibootSituations 54

GRUBon Solaris 54

A GRUB

_Option

for Windows 56

AGRUB

_Option

for Linux 57

Configure

a GRUB Password 58

A

_Triple-Boot

Scenario 59

Summary

61

References 61

4 Alternative Oracle Solaris 11 Installation Methods 63

SPARC and x86

_Systems

64

Solaris11 on x86 and SPARC

_Systems:

What's the Same? 64

Solaris11 on x86and SPARCSystems:What's Different? 64

The Text Install Method 65

The Automated Installer 73

The DistributionConstructor 74

Booting

Client

_Systems

from theAlServer 77

Transitioning

from

_JumpStart

toAutomated Installer

forSolaris 10 Administrators 78

Configuring

Oracle Solaris 11 79

Unconfiguring

aSolaris 11

System

79

Contents

ix

Installing

Solarisas aVirtual Machine Guest W

The Oracle Solaris 11 VM for OracleVMVirtualBox H7

OracleVM for SPARC fi(!

Summary

l)t)

References

The Solaris

_{Graphical Desktop}

Environment l> *

The Default Solaris GUI '>•>

A.Fully

Featured

_Desktop

Environment <)ri

The UNIX Client Server Model for GUIs <><>

Command-line Access 1,15

The GNOME

_Desktop

Environment c)f!

The

_Desktop

_Pop-up

Menu

Applications

Menu

PlacesMenu ' '(l

Installing

the

_{OpenOffice.org}

Suite llfi

System

Menu ' '''

System

Preferences 'I1'

System

Administration Menu I

Summary

''"

References

Service

_Management

!4 i

Solaris Service

_Concepts

'

WhatIs aSolaris 11 Service? | :'

Service

_Naming

'''''>

Service

_Categories

I'1'1

Service States |,,'»

SMF

_Programs

I4(»

Listing

Services I'"1

Starting

and

_Stopping

Services

Defining

Services ' >~

Service Manifests ' r'~

Creating

aService Manifest Ir>1

BootServices 'r'

BootMilestone Services lr>''

Other SMF Tools I r>'1

inetd Services ' r'fl

Service

_{Troubleshooting}

1 r>'!

Using

the sves Program for Service

Diagnostics

I r>'i

Summary

References 1

The

_Image

_{Packaging System}

(IPS)

1 <> '• IPS Basics 1(>'1

IPS

_Repositories

''";

X Oracle Solaris 11

_System

Administration: The

_Complete

Reference

Installing Application

Software 168

Using

the

_pkg

Command 169

Updating Application

Software 170

OtherUseful

_pkg

Subcommands 172

Configuring

Local

_Repositories

173

Bool Environments 175

Managing

Boot Environments 176

Updating

the

_{Operating System}

Kernel 1 78 The IPS GUI 179

Software Installation and

_Update

_(Using

the GUI) 179 Boot Environment

_{Management (Using}

theGUI) 182

Summary 185

References 185

8 Solaris at the Command Line 187

Basic _Navigation 188

Command Manuals 189

The Current

_{Working Directory}

189

Changing

Directories 189

File Lists 190

The PATH 191

Special

Characters 192

File

_Management

193

The Basic touch Command 193

File

_Copies

193

Moving

a File 1 94

Deleting

a File 195

File Links 195

Directory Management

196

Reading

Text Files 196

Identifying

File

_Types

197

Outputting

Files tothe Screen 197

top

and Bottom File Readers 198

The File

_Pagers

₁₉₈

File

_Manipulation

₁₉₈

Lines, Words, and Characters 199

Finding

Files

_Locally

199

SearchWithina File 200

File Redirection and More ₂₀₁

Options

for File

_Editing

₂₀₁

Thevi Editor ₂₀₂

One Other Text Editor 204

Summary 205

Contents

xi

9

_Filesystems

and ZFS 207 Disk Structure and

_Naming

Conventions 208

Introduction toZFS 211

Some ZFS

_Terminology

212

ZFS Commands 2 12

Using

ZFS 215

ZFS as the Root/Boot

Filesystem

220

ZFSfor

_Managing

HOME Directories -21

ZFS

_Snapshots

222

ZFSDevices 224 TimeSlider 224

Summary

228

References 228

10 Customize the Solaris Shells 229

Shell

_Management

2.50

AChoiceof Shells 2.S0

Interactivity

-* I

Command

_Completion

252

Configuration

Files 2 5 5

Shell

_Tips

and Tricks 2 57

Data FlowsInand Out 2 57

When There's

_Only

One CommandLine 2 5')

All Mannerof ShellCharacters 2.5<)

Scripts

and the Shell 24 I

The Basics of Shell

_Scripts

242

Study

Available

_Scripts

24r>

Sample Scripts

24(>

Summary

247

References 247

11 Usersand

_Groups

249

User

_Concepts

2r>0

Standard Users 25 I

System

Accounts 2r>1

The Root Account 252

Role BasedAccess Control (RBAC) and Administrative

_Privileges

252

Local

_{Configuration}

Files 257

Commands Used for

_Managing

Users and

_Groups

258

Command-lineAccount

_Management

2.58 GUIAccount

_Management

20 5

Basic LDAP UserDatabase '<''

LDAP and NIS 20 5

An LDAPData

Interchange

Format File 271

xii

Oracle Solaris 11

_System

Administration: The

_Complete

Reference

Extend LDAP to aNetwork 273

LDAP and Other Services 274

Summary

274

References 274

12 Solaris 1 I

_Security

275

installation and Initial

_{Configuration Security}

276

root Isa Role 276

Hardening

and

_Minimizing

the OS Installation 276

Managing FileAccess 277 Basic UNIX FileAccess Permissions 277

Additional File Protections: umask 280 Additional File Prolections: encryption 281 Password

_Management

282

Changing

Passwords 282

Setting

Password Policies 28.?

Role BasedAccessControl (RBAC) 284

The All-Powerful root User 284

What'sa Role-' 284

Privileged

Execution with sudo 286

System Auditing

287

The auclitd Daemon 287

The IP Filter Firewall 288

Configuring

IP Filter 288

Remote Access 290

The ssh Server 291

The ssh Client 291

Another_SecurityFeature 293

Summary

293

References 293

13

_System

Performance 295

First, Know Your

_System!

296

What Hardware Do I Flave? 296

What OSSoftware Do I Have? 298

Observing

Your

_System

298

What toLook For 298

H(jwto Look:

_{Observability}

Tools 299

Log

Files 303

System Tuning 304

Kernel Parameters 504

OtherResourceControls 304

DTrace 305

Some DTrace Tools 305

Some DTrace

_Examples

505

Some

_{Performance-Monitoring}

Guidelines 307

Contents

xiii

Oracle Hardware and Software

_Support

it)1)

Summary

>I 0

References

14 Solans Virtualization _'II

Introduction: Zonesand Virtualization 11 •'

Quick

Tourwith Zones * I—

Basic Zones Administration ill

Creating

Zones _{! I}

>

Zone

_Login,

_Boot, and Shutdown MS

Resources and Zones 51•

Zones and ZFS Datasets >'<'*

Adding

a

Directory

from the Clobal Zone M()

ZoneAccess to the DVD-ROM Drive _i.M>

Removing

a Resource _CO

Adding

anNFS Mount I

Advanced Zones Administration _Ci

CPU Allocation

CPU Shares and theFairShare Scheduler ••'11

Observing

CPU Allocation '<-'r

Memory

Allocation C'H

Zone Performance and Statistics _Cli

Zones and Discrete

_Privileges

_{( ! I}

More ZonesAdministration 1 >I

Cloning

! !1

Changing

a Zone's Name andlis Root Dataset i ! i

Zone

_Backup

and Restore ''LI

Zone

_Rehosting

! 1(!

SolarisK)Branded Zones 111

Tips,

Tricks, and Pitfalls hostid

Profile for Automatic Installer '

Interactive

_sysconfig

to Create ProfileXML _LL!

Summary

•1

Reference

15 Print

_Management

_5'lr>

Print Service

_Options

LK>

CUPS, the Print Service _M<>

Related

_Packages

M7

The Internet Print Protocol (IPP) andCUPS M» Basic _{Components Llfi}

Basic Commands LI'!

Set Upa PrinterAdministrator ir>()

ThePrinter

_{Contiguration}

Tool '_St)

xiv

Oracle Solaris 11

_System

Administration: The

_Complete

Reference

Print Server

_{Configuration}

358

Connecttoa Remote Print Server 360

The Other Printer

_{Configuration}

Tool 360

The Files of CUPS 361

The Main CUPS Server

_{Configuration}

File:

_cupsd.conf

361 Additional CUPS

_{Configuration Options}

363

Configured

Printers in

_{printers.conf}

364

Configured Groups

of Printers 367

PrintersShared via Samba 367

Print Server

_Log

Files 368

Summary

369

16 DNS and DHCP 371

The Domain Name Service 372

DNS

_Background

372

DNS

_{Configuration Concepts}

373

A

_Key

SolarisDifference 373

Different DNS Servers 374

DNS

_Packages

374

Key

DNSCommands 374

A New

_Way

to

_Configure

a DNS Client 375

DNS Client

_{Configuration}

Files 378

DNSServer

_{Configuration}

378

DNS Server

_{Configuration}

in SMF 380

Creating

a DNS

Forwarding

Name Server 380

Extending

DNSfor a

Primary

or

Secondary

Server 381

DNS

_Logging

382

DNS Database Files 383

Troubleshooting

388

The

_Dynamic

Host

_{Configuration}

Protocol (DHCP) 389

The DHCP

_Management

Tool 390

DHCP

_{Configuration}

Files 395

The ISC DHCP Server 395

The DHCP Client 396

Summary

397

References 398

17 Mail Services 399

A sendmail

_{Configuration}

Plan 400

Customizing

sendmail 400

Basic Procedures 401

Customizing

the

_{Configuration}

fora Local

System

401

Mail Clientsona Network ₄₀₁

Contents XV

Virtual Hosts and sendmail 406

sendmail and

_Transport

_Layer

_Security

40(>

Files that .forward 410

Alias

_Management

insendmail 410

Postmaster Aliases 4 11

Local Aliases 411

Alias

_Maps

and NIS 411

Mail Queue

Management

411

Contents of the Mail _Queue 412

Processing

the Mail Queue 4 12

Changing

Mail

_Queues

4 12

Troubleshooting

sendmail 41 i

Testing

Basic

_Operation

41 i

Testing

the

_{Configuration}

4 14

Reviewing

Aliases 414

Mail

_Logs

4 IS

Error

_Messages

4 I .'>

Summary

4 17

References 4 IH

18

Solaris

Trusted Extensions 410

Overview of Trusted Extensions 420

Enabling

Trusted Extensions 421

ZonesandTrusted Extensions 421

Enabling

Trusted Extensions 42 1

The

_{label_encodings}

File 422

Trusted Extensions

_Tips

and Pitfalls 42(>

Creating

and

_Installing

a LabeledZone 427

A Detour intothe

_Shared-ip

and

_Exclusive-ip

Zones 4 ii

SomeObservations, More

_Tips,

and Pitfalls 444

Adding

Roles and Users 4 ) ')

User

_Logins

and Roles 4 '.S

Multilevel

_Workspace

4 i(>

Switching

Roles 4!7

Managing Devices inTrusted Extensions 4S7

NetworkAccesswith TrustedExtensions 4 19

Summary

440

References

19 The Network File

_System

441

AvailableVersions 442

NFS Version 2 442

NFS Version 3 442

xvi

Oracle Solaris 11

_System

Administration: The

_Complete

Reference

Additional Common Features 443

NFS Service

_{Configuration}

443

NFS

_{Configuration}

Files 447

Options

for

_Sharing

448

Basic NFS

_{Filesystem Sharing}

448 Client

_{Configuration Options}

449

Mount from the Command Line 450

During

the Boot Process 450

Automounton Demand 451

Log Management

454 VersionControl 454 Firewall Considerations 455

Summary

455 References 455

20 The FTPand Secure Shell Services 457 Secure and InsecureCommunications 458

Insecure Remote Connections 458

FTPand SFTP ClientCommands 459

Configure

anFTP Server 460

FTP ServerFiles and Utilities 460

Review the Default FTP Server

_{Configuration}

File 460

Set

_Up

a Basic

Anonymous

FTP Server 463

Achrootjailfor ProFTPD 463

Set

_Up

Guest Users 464

Basic

_Security

on FTP 464

User_{Security 465}

Host

_Security

₄₆₅

Virtual HostsonFTP 466

The

_{Configuration}

ofan SSH Server ₄₆₆

General

_{Configuration}

466

Secure Shell Client Commands 467

The MainClient

_{Configuration}

File 468

Additional Files in the /etc/ssh _Directory 470

Private and Public _Key Pairsfor SSH 471 The MainSSH Server

_{Configuration}

File 471

Additional

_Security

in theSSH Server

_{Configuration}

₄₇₅ More

_Security

withTCP

_Wrappers

₄₇₅ More _Securitywith

_Passphrases

₄₇₆ Different

_Algorithms

₄₇₇

Send That

_Passphrase

to an SSH Server ₄₇₈

More

_Security

with Hashed Hosts ₄₇₉

Summary

480

Contents XVII

21 Solaris and Samba 481 Basic Features

UNIXSamba onSolaris -Ifii

The Basicsof UNIX Samba ->8-l

The Standard Samba

_{Configuration}

File -liU>

Client Commands

The SWATTool -'<)7

Solaris CIFS '<'<"

Make SureUNIX SambaIs "Off"

The SolarisCIFS

_Packages

-Il>'>

Configure

a

Mapping

_Strategy

r,|> !

Set

_Up

_Membership

in a

Workgroup

orDomain r>('ri

Set

_Up

WINS and Related Servic¬es ",()(>

Configure

CIFS Usersand Groups "i'"'

Mapping

Usersand

_Groups

r,(>7

Create aZFS Share for Solaris CIFS r'"7 Usethe

_sharemgr

Commandto Create aCIFS Share r>d'l

MountaShare r>'()

TheAutomouterand Home Directories r> I "

Troubleshooting

Issues r>' '

Summary

r>' '

References r''

-22

_Apache

and the Web Stack r> H

Basic

_Components

'»''

TheAMPStack '' '

GUI AMP Installation ^ '

Keep

Modulestoa Minimum r>-'I

Basic

_{Apache Configuration}

"'^ !

Configuration

Files 5

Apache

as a

Regular

Host r>--l

Apache

with Virtual Hosts "i-1*1 Secure Hosts r> !l) I r >

Apache Security

Firewall Review r>11 Host-based

_Security

>!*' User-based

_Security

r'^r> Secure Certificates r'^7

Isolating Apache

Within a Zone r>

Summary

^'

wiii

Oracle Solaris 11

_System

Administration: The

_Complete

Reference

A Oracle Solaris 11 11/11

_Quick

Command Reference 543

System

Information 544

Services (SMF) 544

Package

Management (IPS) 544

Boot Environments 545

ZFS

_Filesystem

₅₄₅

Users and Roles 546

Network Administration 546

Performance

_Monitoring

546

Zones(Containers-^) 547

References 547

B Oracle Solaris11 11/11 Information

_Library

File 549