Tag: Uncategorized

Access Control List + Solaris

All the commands are fired from (% – user) prompt not (# – root) so do not confuse with the #es there with root prompt. They are the command output.

The ACL facility allows you to define more than just the usual eight permission bits for a file or directory. You can define a list of users (based on user-id or name) and groups (again, number or name) that you want to have access to a file. For each user or group getting special access, you can define read, write, or execute access permission.

There are only two commands that you need to learn for Solaris ACLs. They are setfacl for setting a file’s ACLs and getfacl for reading them. There are also a bunch of system and library calls that make the ACL facility available to programs. One confusing aspect of ACLs is that, in essence, every file already has an ACL entry. Running getfacl on a normal file reveals some ACL information:

% cd /usr/tmp% touch foo% ls -l foo-rw-r–r– 1 pbg staff 0 Jul 22 13:35 foo % getfacl foo

# file: foo# owner: pbg# group: staffuser::rw-group::r– #effective:r–mask:rwxother:r–

This ACL information is merely getfacl‘s interpretation of the Unix permissions on the file. The user, group and other information is a straightforward display of the permission bits for those fields. The mask field is very similar to the Unix umask method. It defines the maximum permissions allowed for users (other than the owner) and groups. Even if a user or group has permissions set that exceed the mask, the mask limits their access. The #effective display shows, for each user (except the owner) and group, the effect that the mask has on the permissions. The #effective output is the one to look at to determine exactly who can access the file and exactly what they are allowed to do.

To set an ACL for a file, use the command setfacl:

% setfacl -m user:jeff:rw- foo % ls -l foo-rw-r–r–+ 1 pbg staff 0 Jul 22 13:52 foo % getfacl foo

# file: foo# owner: pbg# group: staffuser::rw-user:jeff:rw- #effective:r–group::r– #effective:r–mask:r–other:r–

The -m option tells setfacl that I want to modify the ACLs for the file. Use the -s option to set the entire mode, but then you must type in the user, group, and other access bits as well:

% setfacl -s user::rw-,group::r–,other:—,mask:rw-,user:jeff:rw- foo

To set general user, group, and other permissions, use the field::perms identifier. To set ACLs for individual users and groups, use the field:uid or gid:perms identifier.

But back to our previous example. Notice that the effective access for user Jeff is unchanged, he can still only read the file, not write to it. That’s the result of the mask being applied to his permissions. To grant Jeff the access desired, I need to:

% setfacl -m mask:rw- foo% getfacl foo # file: foo# owner: pbg# group: staffuser::rw-user:jeff:rw- #effective:rw-group::r– #effective:r–mask:rw-other:r–

Now Jeff has read and write permissions to the file, while all others have only read access. Of note is the slight change in behavior of the ls command. Any file with specific ACL information is shown with a + at the end of the permission field. Unfortunately, find doesn’t seem to have an option to find all files with ACL lists.

As well as setting an ACL for the directory, you can set a default ACL for the directory. This default ACL is used to set the ACL on every file created within the directory. The only way I managed to get directory ACLs to work was using the -s option with a very-long parameter string:

% setfacl -s user::rwx,group::rw-,mask:r–,other:rw-,default:user::rw-,\default:group::r-x,default:mask:rwx,default:other:r-x bar % ls -ld bardrwxr–rw-+ 2 pbg staff 512 Jul 22 14:11 bar % getfacl bar # file: bar# owner: pbg# group: staffuser::rwxgroup::rw- #effective:r–mask:r–other:rw-default:user::rw-default:group::r-xdefault:mask:rwxdefault:other:r-x

Now set a default ACL, and create a file in the directory:

% setfacl -m default:user:jeff:rwx bar % getfacl bar # file: bar# owner: pbg# group: staffuser::rwxgroup::rw- #effective:r–mask:r–other:rw-default:user::rw-default:user:jeff:rwxdefault:group::r-xdefault:mask:rwxdefault:other:r-xdefault:user::rw-default:user:jeff:rwxdefault:group::r-xdefault:mask:rwxdefault:other:r-x % touch bar/test % getfacl bar/test # file: bar/test# owner: pbg# group: staffuser::rw-user:jeff:rwx #effective:r–group::r– #effective:r–mask:r–other:r–

There are several other aspects of ACLs, including deleting ACLs and using abbreviations and permission bit numbers (rather than symbols). This information is provided on the appropriate manual pages.

To use ACLs over an NFS mount, both the client and server must be running Solaris 2.5 or better. If the client is running 2.5 but the server is running 2.4 or lower, you’ll see an error such as:

% touch foo% getfacl foo # file: foo# owner: pbg# group: staffuser::rw-group::r– #effective:r–mask:rwxother:r– % setfacl -m user:jeff:rw- foofoo: failed to set acl entriessetacl error: Operation not applicable

You’ll get a similar error if you try to use ACLs in a swapfs-based directory (such as /tmp). Finally, there’s a “non-feature” of ACLs when used with tar. tar itself works well with files that have associated ACLs. Unfortunately, the tar file is not readable under previous SunOS and Solaris operating systems.

It is also important to note that ACLs “stick” to a file during copy and rename operations. To remove the ACL from a file use setfacl -d for each entry. When the last entry is removed, the “+” disappears from the file’s ls display.

July 12, 2007

File Permissions

Search Files on their file permissions.

World readable

Normal users should not have access to configuration files or passwords. An attacker can steal passwords from databases or web sites and use them to deface–or even worse, delete–data. This is why it is important that your file permissions are correct. If you are sure that a file is only used by root, assign it with the permissions 0600 and assign the file to the correct user with chown.

World/Group writable

Finding world-writable files and directories

# find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;writable.txt
# find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2&gt;/dev/null &gt;&gt;writable.txt

This will create a huge file with permission of all files having either write
permission set to the group or everybody. Check the permissions and eliminate
world writable files to everyone, by executing /bin/chmod o-w on the
files.

SUID/SGID files

Files with the SUID or SGID bit set execute with privileges of the owning
user or group and not the user executing the file. Normally these bits are used
on files that must run as root in order to do what they do. These files can lead
to local root compromises (if they contain security holes). This is dangerous
and files with the SUID or SGID bits set should be avoided at any cost. If you
do not use these files, use chmod 0 on them or unmerge the package that
they came from (check which package they belong to by using equery; if
you do not already have it installed simply type emerge
gentoolkit). Otherwise just turn the SUID bit off with chmod -s.

Finding setuid files

# find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;suidfiles.txt

This will create a file containing a list of all the SUID/SGID files.

List of setuid binaries

/bin/su
/bin/ping
/bin/mount
/bin/umount
/var/qmail/bin/qmail-queue
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/chage
/usr/bin/expiry
/usr/bin/sperl5.6.1
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/procmail
/usr/bin/suidperl
/usr/lib/misc/pt_chown
/usr/sbin/unix_chkpwd
/usr/sbin/traceroute
/usr/sbin/pwdb_chkpwd

By default Gentoo Linux does not have a lot of SUID files (though this depends
on what you installed), but you might get a list like the one above. Most of
the commands should not be used by normal users, only root. Switch off the SUID
bit on ping, mount, umount, chfn, chsh,
newgrp, suidperl, pt_chown and traceroute by
executing chmod -s on every file. Don’t remove the bit on su,
qmail-queue or unix_chkpwd. Removing setuid from those files will
prevent you from su‘ing and receiving mail. By removing the bit (where
it is safe to do so) you remove the possibility of a normal user (or an
attacker) gaining root access through any of these files.

The only SUID files that I have on my system are su, passwd,
gpasswd, qmail-queue, unix_chkpwd and pwdb_chkpwd.
But if you are running X, you might have some more, since X needs the elevated
access afforded by SUID.

SUID/SGID binaries and Hard links

A file is only considered deleted when there are no more links pointing to it.
This might sound like a strange concept, but consider that a filename like
/usr/bin/perl is actually a link to the inode where the data is
stored. Any number of links can point to the file, and until all of them are
gone, the file still exists.

If your users have access to a partition that isn’t mounted with nosuid
or noexec (for example, if /tmp, /home, or
/var/tmp are not separate partitions) you should take care to
ensure your users don’t create hard links to SUID or SGID binaries, so that
after Portage updates they still have access to the old versions.

To check how many links a file has, you can use the stat command.

Stat command

$ stat /bin/su
  File: `/bin/su'
  Size: 29350           Blocks: 64         IO Block: 131072 regular file
Device: 900h/2304d      Inode: 2057419     Links: 1
Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2005-02-07 01:59:35.000000000 +0000
Modify: 2004-11-04 01:46:17.000000000 +0000
Change: 2004-11-04 01:46:17.000000000 +0000

To find the SUID and SGID files with multiple links, you can use find.

Finding multiply linked suid/sgid binaries

$ find / -type f \( -perm -004000 -o -perm -002000 \) -links +1 -ls

June 19, 2007

UNIX Questions and Answers
UNIX Questions and Answers

Most answers refer to Solaris 2.x systems

Hardware Issues
Configuration Issues
NFS Issues
General Issues
Software issues
- Jumpstart setup and configuration (currently unavailable – being re-written)
- Veritas command line arguments
- Legato command line commands
- Raid Manager 6.22 and A1000
- Solstice Disksu
  ite (SDS) setup and configuration
- Solstace Disksuite (SDS) mirror root disk
- Samba setup and config
- SSH steup (currently unavailable – being re-written)
- clearcase checkin
- Read audio player for Solaris
- how can i build a html page of system configurations
- Graphical FTP programs for X
- What X windows Managers are there
- Free X server for 95/98/2000/NT”
- Microsoft Internet explorrer and outlook express for solaris
Networking issues
- X25 Packet Overhead Modulo 8 LAPB) or Modulo 128 (LAPBE)
- Perl script to get the tunable tcpip parameters (uses ndd)
Security issues
- Security issues and solaris
Firewall issues
- Firewall info
Performance tuning issues
- Proformance tuning
E10000
- Rename an E10000 domain
How do i view and set the open boot prom settings

From the unix prompt use eeprom. From the ok prompt use devaliases, printenv, nvedit and nvalias.

Back to Contents

How do i stop people logging in ?

If the file /etc/nologin exists then only root can login. Whatever the contents of the file are are displayed to whoever is attempting a login.

Back to Contents

How do i boot over the net via a different interface

From the ok prompt type

show-nets

This will display the possible interfaces. Select an interface then type

nvalias net ^Y

This will set the selected interface to the alias net.

Back to Contents

How do I solve Keyboard Translation
Errors?

The most likely cause of this is an incorrect XKeysymDB file or an
incorrect pointer to it. Try looking in /usr/openwin/lib or
/usr/openwin/lib/X11. The Installation and Administration
manual for the application should have some information about this.

If logged in as root from another system try
/usr/openwin/bin/kbd-mode -a

Back to Contents

Why do I get the error Stale NFS
Handle?

This was probably caused by a directory being deleted while another
system was NFS mounted into it. The best action is to cd
out of the directory and perform a umount. Sometimes
halting and restarting the automount daemon is reqired, for example:

/etc/rc2.d/S74autofs [stop/start]. or

/etc/init.d/nfs.server [stop/start].

If none of these work, then it might have to be a reboot.

Back to Contents

How can I configure new devices without
rebooting?

It is advisable to halt and power off the system whenever you attach new
scsi devices. However, if this is not possible try this:
1. If possible stop the system with < STOP > < A >, connect the device and
  type go
2. Type:
  drvconfig
  
  devlinks
  
  tapes / disks (depending on the device attached)
Back to Contents

What does the error RPC Program not registered
mean?

Probably the NFS server has got itself a little confused. Check there is
an entry in /etc/dfs/dfstab

Try stopping and restarting the daemon, for example:

/etc/init.d/nfs.server [stop/start]

If this doesn’t work, try a reboot.

Back to Contents

How do I tar to a remote system?

Tar to a remote drive:

tar cvfb - 20 filenames | rsh host dd of=/dev/rmt0 obs=20b

Tar from a remote drive:

rsh -n host dd if=/dev/rmt0 bs=20b | tar xvBfb - 20 filenames

Copying directory trees:

cd fromdir; tar cf - . | (cd todir; tar xfBp -)

Copy directory tree to another host:

cd fromdir; tar cf - * | rsh host "cd todir ; tar xf -"

Back to Contents

How do I copy directory structure with cpio?

Use find and cpio

cd fromdir; find . -name -print | cpio -pmd /todir

Back to Contents

How can I increase swap space?

Swapping onto a file system is faster than swapping to a file. If
possible, partition an area of disk as the additional swap area.
Otherwise, create a swap file with the command mkfile (see
man page), for example:

mkfile 100m swappy

Add the swap area with the command swap (see man page) for
example:

swap -a swappy

Back to Contents

Cetting a non sun cdrom to work

The main secret is to get the cdrom to talk in 512 byte sectors. If the cdrom does this then it will work.

Saturn.tlug.org This is a good FAQ to start with or try the Sun CD FAQ. or of course your manafacturs instruction book.

Back to Contents

How do I find out the speed of my machine?

Use the command psrinfo -v

Back to Contents

How do I carry out NFS performance tuning?

Start with the SMCC NFS Server Performance and Tuning Guide

This is a pkgadd of SUNWabhdw and adds the guide to answerbook

SUNWadhdw is on the “Software Supplement for the Solaris 2.6 Operating
Environment” CD.

Use the command /usr/bin/nfsstat to view the NFS statistics

Back to Contents

What hardware diagnostic programs are
there?

Use SunVTS. This is available on the Software Supplement for the Solaris
2.6 Operating Environment CD.

If you have a fibre problem then try STORtools. You will probably need
a fibre loopback cable in order to get the most out of this.

Back to Contents

How do I make a file system bootable after a
restore?

If you have reinstalled the / file system from backup (ie
ufsdump) then you will need to recreate the boot block on
the boot disk. This is done using the installboot command (
read the man page ), for example:
installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c?t?d?s?

Back to Contents

How do I dual host a system?
1. Install the network card and cable it up. Make sure that any
  jumpersettings are set.
2. Add the second interface name and IP to the hosts file and Name
  Service.
3. Edit the file /etc/hostname.interface where
  interface is the type, for example, le1 hme1
4. Reboot the sysyem or manually set it up with ifconfig
  (see manual page)
  ifconfig hmse1 plumb
  
  ifconfig hmse1 IP-Address
You may also need to perform an add route (see manual page)

route add net destination gateway metric
Back to Contents

How do I find out what patches are on a
system?

Use the command showrev -p

Use the command patchdiag -l this also lists patches you should install.
You
will need do download a copy from sun. If you have access try
downloading from http://sunsolve.sun.com.sunsolve/patchdiag this is a
tar compressed file.
There is a tar file of patchdiag on this site but i have not set up ftp at the moment of writing this page.

Back to Contents

How much memory does my system have?

Use the command prtconf and grep for the
memory, for example:

prtconf |grep Memory

If you need to know what memory sims are in what slot use the perl script from Micron. A sample script is.

Sample of Memcom Script Remeber to get an official copy.

Back to Contents

How can I play audio CDs and MP3 on my system?

For CD

Download a copy of Workman from Midwinter.com

If you have problems with sound then it might be that you cannot use
the internal sound card and will have to plug speekers int the cd
plater itself.

However this might work

edit /etc/rmmount.conf and add

action cdrom action_workman.so

/usr/local/bin/workman

try this before any other cdrom actions

For MP3 files look to the following site

Opensound

If you wish to read an audio cd under solaris and copy the files to
wav, mpeg, etc then you need the program galette available from Galette

Once you have the files stored as wav files you need to convert them to MP3 using Blade

Back to Contents

What useful Solaris commands are there
for finding out what’s going on?

This is a definite RTFM, but start with these:

ps, iostat, nfsstat,
sar, netstat, snoop,
mpstat, rpcinfo, truss,
prtdiag, crash, psrinfo,
prtconf, arp and uptime

try looking at the enclosed perl script to get an idea of wht to look for.

Perl script to look at how the system is performing

Back to Contents

How do I connnect a Zip Drive?

Helpful info from Iomega at

Zip Drives on Sun

basically edit /etc/format.dat and add :-
```
disk_type = "Zip" \
	: ctlr = SCSI\
	: ncyl = 2046 : acyl = 2 : pcyl = 2048 : nhead = 2\
	: nsect = 40 : rpm : bpt = 20480                   

partition = "Zip" \
        : disk = "Zip" : ctlr = SCSI \
        : 2 = 0, 192480 : 2 = 0, 1159168   
                                                      
```
Jazz Drives on Sun
Back to Contents

Why do I get .nfsxxxx files on NFS mounted
filesystems?

These are temporary files used by the system to guarantee data
reliability over the unreliable nfs mount. These can be left behind by
an application or process that has terminated abnormally.

Back to Contents

How do I stop printing a banner page?

If this is for just one print, use the -o option, for
example:

lp -o nobanner name

Otherwise, edit the file /etc/lp/interfaces/printername and
change the option nobanner to yes.

Back to Contents

How can I find out and set shared memory?

Use the command ipcs to view what is set.

If you wish to change them, edit /etc/systems and reboot
with -r.

Typically, you would edit one or more of msgsys,
semsys, shmsys.

Check out the sun docunemt on shared memory sunworld document on shared memory

Back to Contents

Number of inodes used and free

use the command df -F ufs -o i

Back to Contents

What block size is my file system

use the command mkfs -m /dev/dsk/c?t?d?s?

look at the bsize value (you need to be root to run this)

Back to Contents

How do I find out which clients are NFS mounting
a server?

Use the command dfmounts

Back to Contents

How do I get rid of defunct processes?

These are caused by an application or process crashing, terminating
abnormally, getting confused
etc. Look for the parent process of these and kill or refresh it.

Back to Contents

What version of bind am I running?

try /usr/ccs/bin/what /usr/sbin/in.named |grep named
```
Solaris 2.6 bind 4.9.4-P1 

Solaris 2.5.1 bind 4.9.3-P1 
```
Back to Contents

How can I change the hostid?

There are several ways to do this, try:

Squirrel
FAQ

Back to Contents

Why am I having problems mounting a floppy?

Back to Contents

How do I configure dtlogin for other window managers?

You need to create an Xresourses file to start the window manager.

cd /usr/dt/config/C/Xresources.d
copy Xresources.ow to a new name of your window manager ie Xresourses.kde.

Now edit your Xresources.kde file. Making the changes for your window manager

I.e.

Dtlogin*altDtsIncrement: True

Dtlogin*altDtName: KDE Desktop

Dtlogin*altDtKey: /usr/local/kde/bin/startkde

Dtlogin*altDtStart: /usr/local/kde/bin/startkde

Dtlogin*altDtLogo: KDElogo

copy the KDE logo KDElogo.pm to /usr/dt/appconfig/icons/C/KDElogo.pm

Back to Contents

Dual headed sun system

Try looking at infodoc 11669.

OPenwin
openwin -dev /dev/cgsix0 left -dev /dev/cgsix1 right

CDE

edit Xservers with

:0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -dev /dev/cgsix0 -dev /dev/cgsix1 right

How do I configure CDE?

The control panel

In this example I will add the workman cd player to the control panel.

Copy the CDE config file dtwm.fp from /usr/dt to your homedirectory/.dt/types

Create an icon and place it in ~.dt/icons. it should have a .m.pm extension.

ie. Player.m.pm

Edit the dtwm.fp file
and add following. In this case I am adding it between the help and
trash areas. the position hints is 13 so it should appear towards the
right between the help (book) icon and the trash (waste bin) icon.
```
CONTROL cdplayer
{
  TYPE                  icon
  CONTAINER_NAME        Top
  CONTAINER_TYPE        BOX
  POSITION_HINTS        13
  PUSH_ACTION           cdplayer
  ICON                  Player
}
```
Create a file for what to do when the button is pushed. In the example
it is called cdplayer. The file has a .dt extension IE cdplayer.dt. The
contents of this file are.
```
ACTION cdplayer
{
     LABEL         cdplayer
     TYPE          COMMAND
     EXEC_STRING   /usr/local/bin/workman
     ICON          somename
     WINDOW_TYPE   NO_STDIO
     DESCRIPTION   starts cdplayer
}
```
The mouse menu
```
copy the mouse menu from /usr/dt/config/C/sys.dtwmrc to you home directory ~/.dt/types/dtwmrc.

edit the dtwnrc file adding or removing mouse options. In this case we will create an applications submenu and put the cdplayer in that submenu. 

Firstly add the applications menu to the main menu by instering a line like this

"Applications"                      f.menu apps
in the DtRootMenu section.  approx line 38
then  hgo to the botton of the file and create the application menu. ie. 

Menu apps
{
APPLICATIONS" f.title
"CD Player" f.exec "/usr/local/bin/workman"
}
```
Back to Contents

How do I stop colour flashing?

Back to Contents

How do i communicate between systems using scokets
```
There are several ways to do this.  Below is an example of a perl program that sends the string 
"hey now hey now now. Sing this corrosion to me " to port 1250 on a system called mission.
On the mission server there is a program which is called via inetd that picks up this incomming 
line and writes it to a file /tmp/outfile.  the program is called read-socket.pl


Sample /etc/inetd.conf entry
read-socket stream tcp nowait neville /export/home/neville/read-socket.pl

Sample /etc/services entry
read-socket     1250/tcp

Sample sending program  (send-line.pl)
#!/usr/bin/perl
use IO::Socket;
$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',
                              PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                             );
die "Socket could not be created.  Reason $! \n"  unless $sock;
print $sock "hey now hey now now. Sing this corrosion to me\n";
close ($sock);

Sample sending program  (send-file.pl)
#!/usr/bin/perl
use IO::Socket;
my $FILETOSEND = "/tmp/crappy";
open (INFILE, $FILETOSEND) || die "cannot open file: $FILETOSEND \n";
$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',
                              PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                             );
die "Socket could not be created.  Reason $! \n"  unless $sock;
#now do the sending
select  ($sock);
while (&lt; INFILE &gt; )
	{	
	print $_;
}
close ($sock);
close ($INFILE);

Sample reading program  (read-socket.pl)
#!/usr/bin/perl
open (OUT,  "&gt;/tmp/outfile") || die "cannot open output file \n";
print OUT &lt; STDIN &gt;
close (OUT);

Sample reading program as a deamon (not using /etc/system and /etc/services)
#!/usr/
bin/perl
use IO::Socket;
$sock = new IO::Socket::INET (PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                              Listen   =&gt; 10,
                              Reuse    =&gt; 1,
                             );
die "Cannot start deamon on socket  Reason $! \n"  unless $sock;
while ($this_connection = $server-&gt;accept())
{
print $this_connection;
}
close ($sock);
```
Back to Contents

How do i find out what resources a running process is using
```
Use the proc commands below and others. 
/usr/proc/bin/pmap -x $PID   (see what memory is used)
/usr/proc/bin/pldd $PID         (see what shared libraries are used)
/usr/proc/bin/pwdx $PID         (see what the working directory is)

Download a copy of memtool from Sun.  ftp://playground.sun.com/pub/memtool
```
Back to Contents

How can i program in curses?

If you plan to use curses to do an interface try looking at this site. It might make life easier for you

SCRMGR curses interface

Back to Contents

Get system hardware configuration

Run the command /usr/platform/arch-type/sbin/prtdiag -V

Back to Contents

Run jobs in background during times of light system loading

Try this site
Idalize program

Back to Contents

System stats in html format

Get a copy of DHTMLR (Do HTML Report) forom the belew site.

this is a shell script that gets system info and builds web pages.
DHTMLR program from the Sunsolve site Belgium

Back to Contents

Graphical FTP front ends for X

There are quite a few graphical front ends for ftp available. Below are
a couple of them. Also try looking at the KDE and GNOME sites.

GNU licenses Graphical ftp

llnl xdir

Back to Contents

Security issues and Solaris

Um yes well probably quite a few bits to add here. lets try
- Security FAQ Page
Back to Contents

Info on old sun hardware

This is a 7 part document
- Part 1
- Part 2
- Part 3
- Part 4
- Part 5
- Part 6
- Part 7
Back to Contents

Microsoft Internet Explorer and Outlook express for Solaris

Download it from

Internet Explorer

Back to Contents

How to prevent stack overflow

add noexec_user_stack to the file /etc/system

Back to Contents

How to tell if you are in 32 or 64 bit mode

use the command isainfo -v

Back to Contents

Disable CDROM popup under CDE

comment out the stdvolcheck stuff from

/usr/dt/config/sessionetc

Back to Contents

Stop FTP users from logging in

Set their shell in /etc/passwd to /bin/false. Then edit /etc/shells and add a line /bin/false.

Back to Contents

Check for disk errors

Use the commands

iostat -e or iostst -E or netstat -k

Back to Contents

Firewall information

Probably a lot to say here lets start with
- Commonly scanned firewall sockets
Back to Contents

Performance tuning information

Probably a lot to say here lets start with
- Performance tuning and look see stuff
Back to Contents

Xerox NeWSprinter20 Toner

As far as i can tell this is the toner Xerox XP 15/20

Back to Contents

Connecting a Sun Monitor to a PC

You will need to get a fixed frequency card. Look at this site.

Monitor world

Back to Contents

Connecting a PC Monitor to a Sun

You will need to get a 13W3 to VGA connector.

Some monitors (Notably Sony based ones) will just work. Plug it it and reboot.

If not you will need to set up your monitor configurations at the NVRAM.

To set the NVRAM you need the following info.

Back to Contents

Pinouts for Scsi, Video, Audio, Parallel, serial, etc

A good site to start looking at is:

Pinouts.com

Back to Contents

What is my screen resolution, etc

Under the X11 environment run the command xdpyinfo. If not running X
then you will need to look at one of the frame buffer config commands.

Unfortunatly these are framebuffer specific but try
```
System/Framebuffer	Command

Sparc4, Sparcx5 tcx	tcxconfig
x86			kdmconfig
Ultra creator		ffbconfig
Ultra PGX/M64		m64config
sparc ZX/TZX		leoconfig
sparc SX		cg14config
```
If you do not have the OS running but are at the OK pronpt try using nvedit.

Back to Contents

Upper to lower case traanslation using tr
```
#!/bin/sh
#translate filenames in uppercase to lowercase

for FILE in `ls`
do
        NEWNAME=`echo $FILE |tr [A-Z] [a-z]`
        mv $FILE $NEWNAME
done                                                          
```
Back to Contents

How to create solaris pkg’d

read this good article.

creating solaris packages

Back to Contents

Mb/Mhz rpm rule of thumb

A vague rule of thumb when looking at disk arrays is MB transfered is 10% of Mhz

for every 1000 rpm of disk you will get about 9 I/O’s second therefore a 10,000rpm disk will have 90 I/O second

If these are in a stripe configuration of 5 working disks the the throughput

could be 400 I/O second

At the time of writing a fully populated D1000 could yeald up to 3000 I/O second

Back to Contents

Online & Offline processors and what running on a processor

useful commnads are mpstat, psrinfo, psrset, pbind

Back to Contents

Rename an e10000 domain

Take a look at this page to show how to remane a domain. The main thing
to remember is to rename the domain on the ssp as well as the domain
itself.
Renaming an E1000 Domain

Back to Contents

geovisit();

Powered by ScribeFire.
May 9, 2007
Unix Interview Questions???
Linux admin interview questions
1. How do you take a single line of input from the user in a shell script?
2. Write a script to convert all DOS style backslashes to UNIX style slashes in a list of files.
3. Write
  a regular expression (or sed script) to replace all occurrences of the
  letter ‘f’, followed by any number of characters, followed by the
  letter ‘a’, followed by one or more numeric characters, followed by the
  letter ‘n’, and replace what’s found with the string “UNIX”.
4. Write a script to list all the differences between two directories.
5. Write a program in any language you choose, to reverse a file.
6. What are the fields of the password file?
7. What does a plus at the beginning of a line in the password file signify?
8. Using the man pages, find the correct ioctl to send console output to an arbitrary pty.
9. What is an MX record?
10. What is the prom command on a Sun that shows the SCSI devices?
11. What is the factory default SCSI target for /dev/sd0?
12. Where is that value controlled?
13. What happens to a child process that dies and has no parent process to wait for it and what’s bad about this?
14. What’s wrong with sendmail? What would you fix?
15. What command do you run to check file system consistency?
16. What’s wrong with running shutdown on a network?
17. What can be wrong with setuid scripts?
18. What value does spawn return?
19. Write
  a script to send mail from three other machines on the network to root
  at the machine you’re on. Use a ‘here doc’, but include in the mail
  message the name of the machine the mail is sent from and the disk
  utilization statistics on each machine?
20. Why can’t root
  just cd to someone’s home directory and run a program called a.out
  sitting there by typing “a.out”, and why is this good?
21. What is the difference between UDP and TCP?
22. What is DNS?
23. What does nslookup do?
24. How do you create a swapfile?
25. How would you check the route table on a workstation/server?
26. How do you find which ypmaster you are bound to?
27. How do you fix a problem where a printer will cutoff anything over 1MB?
28. What is the largest file system size in solaris? SunOS?
29. What are the different RAID levels?
Interview questions for Linux admin
1. Advantages/disadvantages of script vs compiled program.
2. Name a replacement for PHP/Perl/MySQL/Linux/Apache and show main differences.
3. Why have you choosen such a combination of products?
4. Differences between two last MySQL versions. Which one would you choose and when/why?
5. Main differences between Apache 1.x and 2.x. Why is 2.x not so popular? Which one would you choose and when/why?
6. Which Linux distros do you have experience with?
7. Which distro you prefer? Why?
8. Which tool would you use to update Debian / Slackware / RedHat / Mandrake / SuSE ?
9. You’re asked to write an Apache module. What would you do?
10. Which tool do you prefer for Apache log reports?
11. Your portfolio. (even a PHP guest book may work well)
12. What does ‘route’ command do?
13. Differences between ipchains and iptables.
14. What’s eth0, ppp0, wlan0, ttyS0, etc.
15. What are different directories in / for?
16. Partitioning scheme for new webserver. Why?
Unix/Linux programming interview questions

Question 1: What is the major advantage of a hash table? (Asked by Silicon Magic Corp. people)

Answer:
The major advantage of a hash table is its speed. Because the hash
function is to take a range of key values and transform them into index
values in such a way that the key values are distributed randomly
across all the indices of a hash table.

Question 2: What are the techniques that you use to handle the collisions in hash tables?(Asked by Silicon Magic Corp. people)

Answer:
We can use two major techniques to handle the collisions. They are open
addressing and separate chaining. In open addressing, data items that
hash to a full array cell are placed in another cell in the array. In
separate chaining, each array element consist of a linked list. All
data items hashing to a given array index are inserted in that list.

Question 3: In Unix OS, what is the file server? (Asked by Silicon Magic Corp. people)

Answer: The file server is a machine that shares its disk storage and files with other machines on the network.

Question 4: What is NFS? What is its job?(Asked by Silicon Magic Corp. people)

Answer:
NFS stands for Network File System. NFS enables filesystems physically
residing on one computer system to be used by other computers in the
network, appearing to users on the remote host as just another local
disk.

Question 5: What is CVS? List some useful CVS commands.(Asked by Silicon Magic Corp.people)

Anser:
CVS is Concurrent Version System. It is the front end to the RCS
revision control system which extends the notion of revision control
from a collection of files in a single directory to a hierarchical
collection of directories consisting of revision controlled files.
These directories and files can be combined together to form a software
release.
There are some useful commands that are being used very often. They are

cvs checkout
cvs update
cvs add
cvs remove
cvs commit

Unix/Linux administration interview questions

What is LILO?

LILO
stands for Linux boot loader. It will load the MBR, master boot record,
into the memory, and tell the system which partition and hard drive to
boot from.

What is the main advantage of creating links to a file instead of copies of the file?

A:
The main advantage is not really that it saves disk space (though it
does that too) but, rather, that a change of permissions on the file is
applied to all the link access points. The link will show permissions
of lrwxrwxrwx but that is for the link itself and not the access to the
file to which the link points. Thus if you want to change the
permissions for a command, such as su, you only have to do it on the
original. With copies you have to find all of the copies and change
permission on each of the copies.

Write a command to find all of the files which have been accessed within the last 30 days.

find / -type f -atime -30 > December.files

This
command will find all the files under root, which is ‘/’, with file
type is file. ‘-atime -30′ will give all the files accessed less than
30 days ago. And the output will put into a file call December.files.

What is the most graceful way to get to run level single user mode?

A: The most graceful way is to use the command init s.
If you want to shut everything down before going to single user mode then do init 0 first and from the ok prompt do a boot -s.

What does the following command line produce? Explain each aspect of this line.

$ (date ; ps -ef | awk ‘{print $1}’ | sort | uniq | wc -l ) >> Activity.log

A:
First let’s dissect the line: The date gives the date and time as the
first command of the line, this is followed by the a list of all
running processes in long form with UIDs listed first, this is the ps
-ef. These are fed into the awk which filters out all but the UIDs;
thes
e UIDs are piped into sort for no discernible reason and then onto
uniq (now we see the reason for the sort – uniq only works on sorted
data – if the list is A, B, A, then A, B, A will be the output of uniq,
but if it’s A, A, B then A, B is the output) which produces only one
copy of each UID.

These UIDs are fed into wc -l which counts the lines – in this
case the number of distinct UIDs running processes on the system.
Finally the results of these two commands, the date and the wc -l, are
appended to the file “Activity.log”. Now to answer the question as to
what this command line produces. This writes the date and time into the
file Activity.log together with the number of distinct users who have
processes running on the system at that time. If the file already
exists, then these items are appended to the file, otherwise the file
is created.

Solaris interview questions
1. List the files in current directory sorted by size ? – ls -l | grep ^- | sort -nr
2. List the hidden files in current directory ? – ls -a1 | grep “^\.”
3. Delete blank lines in a file ? – cat sample.txt | grep -v ‘^$’ > new_sample.txt
4. Search for a sample string in particular files ? – grep .Debug. *.confHere grep uses the string .Debug. to search in all files with extension..conf. under current directory.
5. Display the last newly appending lines of a file during appendingdata to the same file by some processes ? – tail .f Debug.logHere tail shows the newly appended data into Debug.log by some processes/user.
6. Display the Disk Usage of file sizes under each directory in currentDirectory ? – du -k * | sort .nr (or) du .k . | sort -nr
7. Change to a directory, which is having very long name ? – cd CDMA_3X_GEN*Here original directory name is . .CDMA_3X_GENERATION_DATA..
8. Display the all files recursively with path under current directory ? – find . -depth -print
9. Set the Display automatically for the current new user ? – export
  DISPLAY=`eval ‘who am i | cut -d”(” -f2 | cut -d”)” -f1′`Here in above
  command, see single quote, double quote, grave ascent is used. Observe
  carefully.
10. Display the processes, which are running under yourusername ? – ps .aef | grep MaheshvjHere, Maheshvj is the username.
11. List some Hot Keys for bash shell ? – Ctrl+l . Clears the Screen. Ctrl+r . Does a search in previously given commands in shell. Ctrl+u – Clears the typing before the hotkey. Ctrl+a . Places cursor at the beginning of the command at shell. Ctrl+e . Places cursor at the end of the command at shell. Ctrl+d . Kills the shell. Ctrl+z . Places the currently running process into background.
12.  Display the files in the directory by file size ? – ls .ltr | sort .nr .k 5
13. How to save man pages to a file ? – man <command> | col .b > <output-file>Example : man top | col .b > top_help.txt
14. How to know the date & time for . when script is executed ? – Add
  the following script line in shell script.eval echo “Script is executed
  at `date`” >> timeinfo.infHere, .timeinfo.inf. contains date
  & time details ie., when script is executed and history related to
  execution.
15. How do you find out drive statistics ? – iostat -E
16. Display disk usage in Kilobytes ? – du -k
17. Display top ten largest files/directories ? – du -sk * | sort -nr | head
18. How much space is used for users in kilobytes ? – quot -af
19. How to create null file ? – cat /dev/null > filename1
20. Access common commands quicker ? – ps -ef | grep -i $@
21. Display the page size of memory ? – pagesize -a
22. Display Ethernet Address arp table ? – arp -a
23. Display the no.of active established connections to localhost ? – netstat -a | grep EST
24. Display the state of interfaces used for TCP/IP traffice ? – netstat -i
25. Display the parent/child tree of a process ? – ptree <pid> Example: ptree 1267
26. Show the working directory of a process ? – pwdx <pid> Example: pwdx 1267
27. Display the processes current open files ? – pfiles <pid> Example: pfiles 1267
28. Display the inter-process communication facility status ? – ipcs
29. Display the top most process utilizing most CPU ? – top .b 1
30. Alternative for top command ? – prstat -a
Powered by ScribeFire.
May 9, 2007
Blogging using Livewriter.

Indeed after doing a search in google i am able to find out a blogging tool for windows thats live write. Well, it is a product of microsoft and it is good. As i haven’t tested it a lot. but i am finding it usual till now. After downloading it from here and some teawking in my proxy settings i am able to configure it to work on my office’s XP machine.

The original link for Live writer

May 9, 2007
Blogging using Livewriter.

Indeed after doing a search in google i am able to find out a blogging tool for windows thats live write. Well, it is a product of microsoft and it is good. As i haven’t tested it a lot. but i am finding it usual till now. After downloading it from here and some teawking in my proxy settings i am able to configure it to work on my office’s XP machine.

May 9, 2007
How to turn on rsh and rlogin on RedHat Enterprise Linux (RHEL 2.1/ 3.0)

Enable them:

Turn on these three using chkconfig on both the nodes: rexec, rsh and rlogin.

# chkconfig rexec on
# chkconfig rsh on
# chkconfig rlogin on

xinetd

Restart xinetd to be sure.

# service xinetd restart

.rhosts

On hostA’s root home directory (usually /root), create a .rhosts file, which has hostB in it.

# cat .rhosts
hostB

Similarly, create a .rhosts on hostB’s root home directory which has hostA in it.

# cat .rhosts
hostA

hosts.allow

Now, edit /etc/hosts.allow on hostA:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
ALL : hostB

Edit /etc/hosts.allow on hostB:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
ALL : hostA

hosts.equiv

Edit /etc/hosts.equiv on hostA to have

# cat /etc/hosts.equiv
hostB

Edit /etc/hosts.equiv on hostB to have

# cat /etc/hosts.equiv
hostA

/etc/securetty

And finally, knock off /etc/securetty (rename it or worse, purge it) on both hostA and hostB

Now you are good to go.

Disclaimer: Use at your own risk. Don’t flame me. It sure worked for me. Actual results may vary. Use ssh in place of rlogin/rsh/telnet and the like, as ssh is more secure.

April 18, 2007
ssh using keys.

Here i will try to demonstrate how to use ssh keys to login to machines without password.
Since i did not got it to work with putty now. i will do it with two unix machines and will soon continue this post on to configure it with putty.

1. Check the ssh-server installed on your machine or not. if not download the packages openssh-clients and openssh-server from the respective downloads site.

2. create public and private keys using ssh-keygen

user@home$ ssh-keygen -t dsa ##this will create public and privatye keys.

3. scp the public key to the remote host on which you want to gain the access without password.
user@home$ scp .ssh/id_dsa.pub user@machineB:~/.ssh/authorized_keys ## from machine a to machine b.

4. Now login from Machine A to Machine B and check. it will work without password.

Points:
1. you must login from the account where you have kept the private key. since, you try to login from a diferent account you private key wo0n’t be there and that time you will be thrown to a password prompt.
2. Check the permissions of the directory .ssh to be 700 and the permission of the authorized_keys files must be 600. or else it won’t work.

March 13, 2007
Do we know the world.

Indeed a very good article from Sunday Times which talks about our views of changing perception with time. How much we know and how much we have to learn. Basically, we have to see a lot more to understand.

Written by : Shobhan Saxena
[ 11 Feb, 2007 0046hrs ISTTIMES NEWS NETWORK ]

Reality is a question of perspective. It depends on your location on the GPS. Earlier, people with yellow hair and blue eyes believed that all Indians had a tiger in their backyard and filthy men made venomous cobras dance. We hated this kind of Orientalism.

We always believed that we had too much culture here and we didn't need to learn anything from anyone, at least not from the "ignorant" West which saw us as a nation of medieval freaks. Now, with the changing times, the perceptions about us have changed.

Now the world probably thinks we all live in slums, smell of curry, speak in funny accents, work in call centres and leak customer data for money. We don't like this. We feel others do not understand us. But we seem to be more ignorant of the world than the world is of us.

That's why when two Indian hacks go to Kabul to make a film, they get into trouble with the quintessential side-kick Arshad Warsi cracking some jokes about Afghan men liking other men and the Hazaras being ruthless barbarians who kill people by "stroking long, rusted nails into their heads".

Funny, isn't it? Not for the Afghans who banned Kabul Express. Imagine going to Afghanistan, standing in a fallow land which has turned red due to an eternal war and indulging in some gay-bashing.
Our angle is so skewed that we miss the complete picture: This land has been a crucible of global wars from the Great Game between the Tsars and the British, the Cold War, the bloody battles between the Russians and the Mujahideen and the ideological clashes between the leftists and the religious zealots.

We know nothing about their music, poetry and food. We know nothing about their customs and language. The only thing we know about them is that they like to kill each other and they love to play Buzkashi, a game where wild horsemen fight over a dead goat.

We know that much because we saw Mr Stallone playing the game in Rambo III. We understand our next-door neighbours through Hollywood.

We cry till hoarse about the world stereotyping us as "the Indians", but the fact is that we don't understand the world as it exists. Forget Paraguay and Morocco, our understanding of China is quite warped.

Ask an average Indian about China and he would probably say: chow mein. We see China, the world's biggest nation, as the land of noodles, fried cockroaches and snake soup.
The middle classes may associate China with new age mumbo-jumbo like Feng Shui, Tai-chi and the Laughing Buddha, and a booming economy that shines in the Shanghai skyscrapers. But that's it. We dismiss Japan, the world's second biggest economy, in a few words: judo-karate, Su-Doku, haiku, sushi, saké, kamikazes and harakiri.

Of course, we know about their cars and electronic watches. That's it. For us, Brazil, the biggest Latin country, that's three times the size of India, is a nation of semi-nude, samba dancers and crazy footballers. In our imagination, Argentina means Maradona. That's it.

A nation is an imagined community. The world lives in our imagination. The "others" are imagined people. But, so limited is our imagination about the others that we don't think beyond certain stereotypes.

We associate the Australians with kangaroos, the Russians with vodka, the French with romance, the Italians with fashion, the Latinos with sex and the Africans with HIV. And the Middle East is all about oil and beauties behind the veil. You cannot have an imagination worse than this.

We don't know what we are missing. China's rich culture rivals ours: thoughts from Confucius to Mao Zedong, writers from Zhuang Zi to Nobel laureate Gao Xingjian, short poetry, long operas, Mandarin guitar and classical music. It's quite sickening to reduce Brazil to a carnival of hot babes on its beaches.
It's a melting pot of cultures: from Europe, Africa, Asia and Amazon jungles. The beach is the most democratic place in Rio, where the rich and poor, homeless and intellectual, musicians and writers all meet and mix with each other.

The country has great traditions of music and arts. And politics: one entire generation grew up fighting the military dictatorship. But we don't care to know and understand all this.

In the age of globalisation, such a little understanding of the world is dangerous. Not for us, but for others: a white man straying into an Indian village is beaten to death for no reason; two Africans carrying meat in their bags are attacked for having "beef with them".

It's a dangerous way of looking at other people. At one level, people are the same everywhere. They are all trapped in their human condition: living, liking and helping each other; loving, hating and destroying each other. But if we do not know the details of their life, they don't look real. They look like freaks.

—
Anyone who has the power to make you believe absurdities has the power to make you commit injustices.
<b>Voltaire </b>
http://om-prakash.blogspot.com

February 21, 2007

The 10 Commands we never use.

It takes years maybe decades to master the commands available to you at the Linux shell prompt. Here are 10 that you will have never heard of or used. They are in no particular order. My favorite is mkfifo.

pgrep, instead of:

# ps -ef | egrep '^root ' | awk '{print $2}'
1
2
3
4
5
20
21
38
39
...

You can do this:

# pgrep -u root
1
2
3
4
5
20
21
38
39
...

pstree, list the processes in a tree format. This can be VERY useful when working with WebSphere or other heavy duty applications.

# pstree
init-+-acpid
     |-atd
     |-crond
     |-cups-config-dae
     |-cupsd
     |-dbus-daemon-1
     |-dhclient
     |-events/0-+-aio/0
     |          |-kacpid
     |          |-kauditd 

     |          |-kblockd/0
     |          |-khelper
     |          |-kmirrord
     |          `-2*[pdflush]
     |-gpm
     |-hald
     |-khubd
     |-2*[kjournald]
     |-klogd
     |-kseriod 

     |-ksoftirqd/0
     |-kswapd0
     |-login---bash
     |-5*[mingetty]
     |-portmap
     |-rpc.idmapd
     |-rpc.statd
     |-2*[sendmail]
     |-smartd
     |-sshd---sshd---bash---pstree 

     |-syslogd
     |-udevd
     |-vsftpd
     |-xfs
     `-xinetd

bc is an arbitrary precision calculator language. Which is great. I found it useful in that it can perform square root operations in shell scripts. expr does not support square roots.

# ./sqrt
Usage: sqrt number
# ./sqrt 64
8
# ./sqrt 132112
363
# ./sqrt 1321121321
36347

Here is the script:

# cat sqrt
#!/bin/bash
if [ $# -ne 1 ]
then
        echo 'Usage: sqrt number'
        exit 1
else
        echo -e "sqrt($1)\nquit\n" | bc -q -i
fi

split, have a large file that you need to split into smaller chucks? A mysqldump maybe? split is your command. Below I split a 250MB file into 2 megabyte chunks all starting with the prefix LF_.

# ls -lh largefile
-rw-r--r--  1 root root 251M Feb 19 10:27 largefile
# split -b 2m largefile LF_
# ls -lh LF_* | head -n 5
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_aa
-rw-r--r--  1 root root 2.0M 
 Feb 19 10:29 LF_ab
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ac
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ad
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ae
# ls -lh LF_* | wc -l
126

nl numbers lines. I had a script doing this for me for years until I found out about nl.

# head wireless.h
/*
 * This file define a set of standard wireless extensions
 *
 * Version :    20      17.2.06
 *
 * Authors :    Jean Tourrilhes - HPL
 * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved. 

 */

#ifndef _LINUX_WIRELESS_H
# nl wireless.h | head
     1  /*
     2   * This file define a set of standard wireless extensions
     3   *
     4   * Version :    20      17.2.06
     5   * 
      6   * Authors :    Jean Tourrilhes - HPL
     7   * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved.
     8   */

     9  #ifndef _LINUX_WIRELESS_H

mkfifo is the coolest one. Sure you know how to create a pipeline piping the output of grep to less or maybe even perl. But do you know how to make two commands communicate through a named pipe?
First let me create the pipe and start writing to it:

Then read from it:

ldd, want to know which Linux thread library java is linked to?

# ldd /usr/java/jre1.5.0_11/bin/java
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00bd4000)
        libdl.so.2 => /lib/libdl.so.2 (0x00b87000)
        libc.so.6 => /lib/tls/libc.so.6 (0x00a5a000) 

        /lib/ld-linux.so.2 (0x00a3c000)

col, want to save man pages as plain text?
```
# PAGER=cat
# man less | col -b > less.txt
```

xmlwf, need to know if a XML document is well formed? (A configuration file maybe..)

# curl -s 'http://bashcurescancer.com' > bcc.html
# xmlwf bcc.html
# perl -i -pe 's@<br/>@<br>@g'  bcc.html
# xmlwf bcc.html
bcc.html
:104:2: mismatched tag

lsof lists open files. You can do all kinds of cool things with this. Like find which ports are open:

# lsof | grep TCP
portmap    2587   rpc    4u     IPv4       5544                 TCP *:sunrpc (LISTEN)
rpc.statd  2606  root    6u     IPv4       5585                 TCP *:668 (LISTEN)
sshd       2788  root    3u     IPv6       5991                 TCP *:ssh (LISTEN) 

sendmail   2843  root    4u     IPv4       6160                 TCP badhd:smtp (LISTEN)
vsftpd     9337  root    3u     IPv4      34949                 TCP *:ftp (LISTEN)
cupsd     16459  root    0u     IPv4      41061                 TCP badhd:ipp (LISTEN) 

sshd      16892  root    3u     IPv6      61003                 TCP badhd.mshome.net:ssh->kontiki.mshome.net:4661  (ESTABLISHED)

Or find the number of open files a user has. Very important for running big applications like Oracle, DB2, or WebSphere:

# lsof | grep ' root ' | awk '{print $NF}' | sort | uniq | wc -l
179

–

February 21, 2007

A myth Called the Indian Software Programmer.

This article has been taken from sunday times – mumbai edition dt: 18/02/2006

I am posting it here as it gives a lot of meaning to the indian software industry and the boom which we had seen in the past because of this.

They are the poster boys of matrimonial classifieds. They are paid handsomely, perceived to be intelligent and travel abroad frequently. Single-handedly, they brought purpose to the otherwise sleepy city of Bangalore.

Indian software engineers are today the face of a third-world rebellion. But what exactly do they do? That’s a disturbing question. Last week, during the annual fair of the software industry’s apex body Nasscom, no one uttered a word about India’s programmers.

The event, which brought together software professionals from around the world, used up all its 29 sessions to discuss prospects to improve the performance of software companies. Panels chose to debate extensively on subjects like managing innovation, business growth and multiple geographies.

But there was nothing on programmers, who you would imagine are the driving force behind the success of the Indian software companies. Perhaps you imagined wrong. “It is an explosive truth that local software companies won’t accept.

Most software professionals in India are not programmers, they are mere coders,” says a senior executive from a global consultancy firm, who has helped Nasscom in researching its industry reports.

In industry parlance, coders are akin to smart assembly line workers as opposed to programmers who are plant engineers. Programmers are the brains, the glorious visionaries who create things. Large software programmes that often run into billions of lines are designed and developed by a handful of programmers.

Coders follow instructions to write, evaluate and test small components of the large program. As a computer science student in IIT Mumbai puts it if programming requires a post graduate level of knowledge of complex algorithms and programming methods, coding requires only high school knowledge of the subject.

Coding is also the grime job. It is repetitive and monotonous. Coders know that. They feel stuck in their jobs. They have fallen into the trap of the software hype and now realise that though their status is glorified in the society, intellectually they are stranded.
Companies do not offer them stock options anymore and their salaries are not growing at the spectacular rates at which they did a few years ago.

“There is nothing new to learn from the job I am doing in Pune. I could have done it with some training even after passing high school,” says a 25-year-old who joined Infosys after finishing his engineering course in Nagpur.

A Microsoft analyst says, “Like our manufacturing industry, the Indian software industry is largely a process driven one. That should speak for the fact that we still don’t have a domestic software product like Yahoo or Google to use in our daily lives.”

IIT graduates have consciously shunned India’s best known companies like Infosys and TCS, though they offered very attractive salaries. Last year, from IIT Powai, the top three Indian IT companies got just 10 students out of the 574 who passed out.

The best computer science students prefer to join companies like Google and Trilogy. Krishna Prasad from the College of Engineering, Guindy, Chennai, who did not bite Infosys’ offer, says, “The entrance test to join TCS is a joke compared to the one in Trilogy. That speaks of what the Indian firms are looking for.”

A senior TCS executive, who requested anonymity, admitted that the perception of coders is changing even within the company. It is a gloomy outlook. He believes it has a lot to do with business dynamics.

The executive, a programmer for two decades, says that in the late ’70s and early ’80s, software drew a motley set of professionals from all kinds of fields.

In the mid-’90s, as onsite projects increased dramatically, software companies started picking all the engineers they could as the US authorities granted visas only to graduates who had four years of education after high school.
“After Y2K, as American companies discovered India’s cheap software professionals, the demand for engineers shot up,” the executive says. Most of these engineers were coders. They were almost identical workers who sat long hours to write line after line of codes, or test a fraction of a programme.

They did not complain because their pay and perks were good. Now, the demand for coding has diminished, and there is a churning.

Over the years, due to the improved communication networks and increased reliability of Indian firms, projects that required a worker to be at a client’s site, say in America, are dwindling in number. And with it the need for engineers who have four years of education after high school.

Graduates from non-professional courses, companies know, can do the engineer’s job equally well. Also, over the years, as Indian companies have already coded for many common applications like banking, insurance and accounting, they have created libraries of code which they reuse.

Top software companies have now started recruiting science graduates who will be trained alongside engineers and deployed in the same projects. The CEO of India’s largest software company TCS, S Ramadorai, had earlier explained, “The core programming still requires technical skills.

But, there are other jobs we found that can be done by graduates.” NIIT’s Arvind Thakur says, “We have always maintained that it is the aptitude and not qualifications that is vital for programming. In fact, there are cases where graduate programmers have done better than the ones from the engineering stream.”

Software engineers, are increasingly getting dejected. Sachin Rao, one of the coders stuck in the routine of a job that does not excite him anymore, has been toying with the idea of moving out of Infosys but cannot find a different kind of “break”, given his coding experience.

He sums up his plight by vaguely recollecting a story in which thousands of caterpillars keep climbing a wall, the height of which they don’t know. They clamber over each other, fall, start again, but keep climbing. They don’t know that they can eventually fly.

Rao cannot remember how the story ends but feels the coders of India today are like the caterpillars who plod their way through while there are more spectacular ways of reaching the various destinations of life.

February 19, 2007
How do I lock out a user after a set number of login attempts?
The PAM (Pluggable Authentication Module) module pam_tally keeps track of unsuccessful login attempts then disables user accounts when a preset limit is reached. This is often referred to as account lockout.

To lock out a user after 4 attempts, two entries need to be added in the /etc/pam.d/system-auth file:
```
auth        required        /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
account     required        /lib/security/$ISA/pam_tally.so deny=3 no_magic_root reset
```
The options used above are described below:
- onerr=fail
  If something strange happens, such as unable to open the file, this determines how the module should react.
- no_magic_root
  This is used to indicate that if the module is invoked by a user with uid=0, then the counter is incremented. The sys-admin should use this for daemon-launched services, like telnet/rsh/login.
- deny=3The deny=3 option is used to deny access if tally for this user exceeds 3.
- reset
  The reset option instructs the module to reset count to 0 on successful entry.
See below for a complete example of implementing this type of policy:
```
auth        required      /lib/security/$ISA/pam_env.so
auth        required      /lib/security/$ISA/pam_tally.so onerr=fail
no_magic_root auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so 
account     required      /lib/security/$ISA/pam_tally.so deny=5
no_magic_root reset  password    requisite     /lib/security/$ISA/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/$ISA/pam_unix.so nullok use_authtok md5 shadow password
required      /lib/security/$ISA/$ISA/pam_deny.so  session
required      /lib/security/$ISA/$ISA/pam_limits.so session
required      /lib/security/$ISA/$ISA/pam_unix.so
```
For more detailed information on the PAM system please see the documentation contained under /usr/share/doc/pam-

For information on how to unlock a user that has expired their deny tally see additional Knowledgebase articles regarding unlocking a user account and seeing failed logins with the faillog command.

contributed by David Robinson
February 16, 2007

Tag: Uncategorized

UNIX Questions and Answers

Hardware Issues

Configuration Issues

NFS Issues

General Issues

Software issues

Networking issues

Security issues

Firewall issues

Performance tuning issues

E10000

Unix/Linux programming interview questions

Unix/Linux administration interview questions

Solaris interview questions