Tag: World

Access Control List + Solaris

All the commands are fired from (% – user) prompt not (# – root) so do not confuse with the #es there with root prompt. They are the command output.

The ACL facility allows you to define more than just the usual eight permission bits for a file or directory. You can define a list of users (based on user-id or name) and groups (again, number or name) that you want to have access to a file. For each user or group getting special access, you can define read, write, or execute access permission.

There are only two commands that you need to learn for Solaris ACLs. They are setfacl for setting a file’s ACLs and getfacl for reading them. There are also a bunch of system and library calls that make the ACL facility available to programs. One confusing aspect of ACLs is that, in essence, every file already has an ACL entry. Running getfacl on a normal file reveals some ACL information:

% cd /usr/tmp% touch foo% ls -l foo-rw-r–r– 1 pbg staff 0 Jul 22 13:35 foo % getfacl foo

# file: foo# owner: pbg# group: staffuser::rw-group::r– #effective:r–mask:rwxother:r–

This ACL information is merely getfacl‘s interpretation of the Unix permissions on the file. The user, group and other information is a straightforward display of the permission bits for those fields. The mask field is very similar to the Unix umask method. It defines the maximum permissions allowed for users (other than the owner) and groups. Even if a user or group has permissions set that exceed the mask, the mask limits their access. The #effective display shows, for each user (except the owner) and group, the effect that the mask has on the permissions. The #effective output is the one to look at to determine exactly who can access the file and exactly what they are allowed to do.

To set an ACL for a file, use the command setfacl:

% setfacl -m user:jeff:rw- foo % ls -l foo-rw-r–r–+ 1 pbg staff 0 Jul 22 13:52 foo % getfacl foo

# file: foo# owner: pbg# group: staffuser::rw-user:jeff:rw- #effective:r–group::r– #effective:r–mask:r–other:r–

The -m option tells setfacl that I want to modify the ACLs for the file. Use the -s option to set the entire mode, but then you must type in the user, group, and other access bits as well:

% setfacl -s user::rw-,group::r–,other:—,mask:rw-,user:jeff:rw- foo

To set general user, group, and other permissions, use the field::perms identifier. To set ACLs for individual users and groups, use the field:uid or gid:perms identifier.

But back to our previous example. Notice that the effective access for user Jeff is unchanged, he can still only read the file, not write to it. That’s the result of the mask being applied to his permissions. To grant Jeff the access desired, I need to:

% setfacl -m mask:rw- foo% getfacl foo # file: foo# owner: pbg# group: staffuser::rw-user:jeff:rw- #effective:rw-group::r– #effective:r–mask:rw-other:r–

Now Jeff has read and write permissions to the file, while all others have only read access. Of note is the slight change in behavior of the ls command. Any file with specific ACL information is shown with a + at the end of the permission field. Unfortunately, find doesn’t seem to have an option to find all files with ACL lists.

As well as setting an ACL for the directory, you can set a default ACL for the directory. This default ACL is used to set the ACL on every file created within the directory. The only way I managed to get directory ACLs to work was using the -s option with a very-long parameter string:

% setfacl -s user::rwx,group::rw-,mask:r–,other:rw-,default:user::rw-,\default:group::r-x,default:mask:rwx,default:other:r-x bar % ls -ld bardrwxr–rw-+ 2 pbg staff 512 Jul 22 14:11 bar % getfacl bar # file: bar# owner: pbg# group: staffuser::rwxgroup::rw- #effective:r–mask:r–other:rw-default:user::rw-default:group::r-xdefault:mask:rwxdefault:other:r-x

Now set a default ACL, and create a file in the directory:

% setfacl -m default:user:jeff:rwx bar % getfacl bar # file: bar# owner: pbg# group: staffuser::rwxgroup::rw- #effective:r–mask:r–other:rw-default:user::rw-default:user:jeff:rwxdefault:group::r-xdefault:mask:rwxdefault:other:r-xdefault:user::rw-default:user:jeff:rwxdefault:group::r-xdefault:mask:rwxdefault:other:r-x % touch bar/test % getfacl bar/test # file: bar/test# owner: pbg# group: staffuser::rw-user:jeff:rwx #effective:r–group::r– #effective:r–mask:r–other:r–

There are several other aspects of ACLs, including deleting ACLs and using abbreviations and permission bit numbers (rather than symbols). This information is provided on the appropriate manual pages.

To use ACLs over an NFS mount, both the client and server must be running Solaris 2.5 or better. If the client is running 2.5 but the server is running 2.4 or lower, you’ll see an error such as:

% touch foo% getfacl foo # file: foo# owner: pbg# group: staffuser::rw-group::r– #effective:r–mask:rwxother:r– % setfacl -m user:jeff:rw- foofoo: failed to set acl entriessetacl error: Operation not applicable

You’ll get a similar error if you try to use ACLs in a swapfs-based directory (such as /tmp). Finally, there’s a “non-feature” of ACLs when used with tar. tar itself works well with files that have associated ACLs. Unfortunately, the tar file is not readable under previous SunOS and Solaris operating systems.

It is also important to note that ACLs “stick” to a file during copy and rename operations. To remove the ACL from a file use setfacl -d for each entry. When the last entry is removed, the “+” disappears from the file’s ls display.

July 12, 2007

File Permissions

Search Files on their file permissions.

World readable

Normal users should not have access to configuration files or passwords. An attacker can steal passwords from databases or web sites and use them to deface–or even worse, delete–data. This is why it is important that your file permissions are correct. If you are sure that a file is only used by root, assign it with the permissions 0600 and assign the file to the correct user with chown.

World/Group writable

Finding world-writable files and directories

# find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;writable.txt
# find / -type d \( -perm -2 -o -perm -20 \) -exec ls -ldg {} \; 2&gt;/dev/null &gt;&gt;writable.txt

This will create a huge file with permission of all files having either write
permission set to the group or everybody. Check the permissions and eliminate
world writable files to everyone, by executing /bin/chmod o-w on the
files.

SUID/SGID files

Files with the SUID or SGID bit set execute with privileges of the owning
user or group and not the user executing the file. Normally these bits are used
on files that must run as root in order to do what they do. These files can lead
to local root compromises (if they contain security holes). This is dangerous
and files with the SUID or SGID bits set should be avoided at any cost. If you
do not use these files, use chmod 0 on them or unmerge the package that
they came from (check which package they belong to by using equery; if
you do not already have it installed simply type emerge
gentoolkit). Otherwise just turn the SUID bit off with chmod -s.

Finding setuid files

# find / -type f \( -perm -004000 -o -perm -002000 \) -exec ls -lg {} \; 2&gt;/dev/null &gt;suidfiles.txt

This will create a file containing a list of all the SUID/SGID files.

List of setuid binaries

/bin/su
/bin/ping
/bin/mount
/bin/umount
/var/qmail/bin/qmail-queue
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/crontab
/usr/bin/chage
/usr/bin/expiry
/usr/bin/sperl5.6.1
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/procmail
/usr/bin/suidperl
/usr/lib/misc/pt_chown
/usr/sbin/unix_chkpwd
/usr/sbin/traceroute
/usr/sbin/pwdb_chkpwd

By default Gentoo Linux does not have a lot of SUID files (though this depends
on what you installed), but you might get a list like the one above. Most of
the commands should not be used by normal users, only root. Switch off the SUID
bit on ping, mount, umount, chfn, chsh,
newgrp, suidperl, pt_chown and traceroute by
executing chmod -s on every file. Don’t remove the bit on su,
qmail-queue or unix_chkpwd. Removing setuid from those files will
prevent you from su‘ing and receiving mail. By removing the bit (where
it is safe to do so) you remove the possibility of a normal user (or an
attacker) gaining root access through any of these files.

The only SUID files that I have on my system are su, passwd,
gpasswd, qmail-queue, unix_chkpwd and pwdb_chkpwd.
But if you are running X, you might have some more, since X needs the elevated
access afforded by SUID.

SUID/SGID binaries and Hard links

A file is only considered deleted when there are no more links pointing to it.
This might sound like a strange concept, but consider that a filename like
/usr/bin/perl is actually a link to the inode where the data is
stored. Any number of links can point to the file, and until all of them are
gone, the file still exists.

If your users have access to a partition that isn’t mounted with nosuid
or noexec (for example, if /tmp, /home, or
/var/tmp are not separate partitions) you should take care to
ensure your users don’t create hard links to SUID or SGID binaries, so that
after Portage updates they still have access to the old versions.

To check how many links a file has, you can use the stat command.

Stat command

$ stat /bin/su
  File: `/bin/su'
  Size: 29350           Blocks: 64         IO Block: 131072 regular file
Device: 900h/2304d      Inode: 2057419     Links: 1
Access: (4711/-rws--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2005-02-07 01:59:35.000000000 +0000
Modify: 2004-11-04 01:46:17.000000000 +0000
Change: 2004-11-04 01:46:17.000000000 +0000

To find the SUID and SGID files with multiple links, you can use find.

Finding multiply linked suid/sgid binaries

$ find / -type f \( -perm -004000 -o -perm -002000 \) -links +1 -ls

June 19, 2007

Configure a Physical Interface After System Installation

* Determine the IPv4 addresses that you want to use for the additional interfaces.

* Ensure that the physical interface to be configured has been physically installed onto the system.

* If you have just installed the interface, perform a reconfiguration boot before proceeding with the next task.

Determine which interfaces are currently configured on the system.
# dladm show-link

Configure and plumb each interface
# ifconfig plumb up

for eg. for interface name pcn0 type:
# ifconfig pcn0 plumb up

Assign an IP address.
# ifconfig netmask +

for eg. you would do:
# ifconfig pcn0 192.168.84.3 netmask + 255.255.255.0

Verify that the newly configured interfaces are plumbed and configured, or “UP.”
# ifconfig -a

Check the status line for each interface that is displayed. Ensure that the output contains an UP flag on the status line, for example:
pcn0: flags=1000843 mtu 1500 index 2

To make the interface configuration persist across reboots, perform the following steps:

1. Create an /etc/hostname.interface file for each interface to be configured. For example, to add a pcn0 interface, you would create the following file:
# vi /etc/hostname.pcn0

2. Edit the /etc/hostname.interface file.
At a minimum, add the IPv4 address of the interface to the file.

3. Add entries for the new interfaces into the /etc/inet/ipnodes file.

4. Add entries for the new interfaces into the /etc/inet/hosts file.

5. Perform a reconfiguration boot.
# reboot — -r
6. Verify that the interface you created in the /etc/hostname.interface file has been configured.
# ifconfig -a

June 17, 2007
AIX Training Center in Mumbai

Dear Friends,

We have been working in UNIX platform since the last 3-4 years and we realized that industry is in need of quality training in IBM AIX. Till now we could’nt find any IBM AIX Training centers in our premises. So we decided to take the responsibility of imparting the knowledge we earned to the upcoming unix generation.

Here starts our training centre.

Shubham Computers
Opposite RANA Towers
Kalwa.

We will be very glad and thankful if you pass this info to your friend circle.

Sijo James
sijojamesn@gmail.com

*****The pessimist sees difficulty in every opportunity. The optimist sees opportunity in every difficulty****

June 9, 2007
Ethernet Bonding
First thing to know is that this stuff is in the kernel and there is a good doc in your kernel source tree under Documentation/networking/bonding.txt this has a lot more detail than I am going to provide here.

A virtual network interface gets created, bond0 in my case, this gets done in /etc/modules.conf

alias bond0 bonding
options bond0 miimon=100 mode=balance-rr

The above creates the bond0 interface and sets some options. It will check the MII state of the card every 100 milliseconds for state change notification. It will also use their round robin balancing policy. More on the various options for these and many more in bonding.txt

RedHat’s RC scripts support this bonding configuration without much modification though there aren’t any GUI tool to configure it. RedHat network config gets stored in /etc/sysconfig/network-scripts/ifcfg-int

You need to create a config file for the bond0 interface, ifcfg-bond0

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.70.101
NETMASK=255.255.255.0
NETWORK=192.168.70.0
BROADCAST=192.168.70.255
GATEWAY=192.168.70.1

And for each network card that belongs to this group you need to modify the existing files to look more or less like this:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
MASTER=bond0
SLAVE=yes

Once you created these for each of your ethernet cards you can reboot or restart your networking using service network restart and you should see something like this:
```
bond0     Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       inet addr:192.168.70.101  Bcast:192.168.70.255 Mask:255.255.255.0
       UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
       RX packets:58071 errors:0 dropped:0 overruns:0 frame:0
       TX packets:1465 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:0
       RX bytes:4315472 (4.1 Mb)  TX bytes:120360 (117.5 Kb)

eth0      Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
       RX packets:26447 errors:0 dropped:0 overruns:0 frame:0
       TX packets:1262 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:1992430 (1.9 Mb)  TX bytes:95078 (92.8 Kb)
       Interrupt:16

eth1      Link encap:Ethernet  HWaddr 00:0D:60:9D:24:68
       UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
       RX packets:31624 errors:0 dropped:0 overruns:0 frame:0
       TX packets:203 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:2323042 (2.2 Mb)  TX bytes:25282 (24.6 Kb)
       Interrupt:17
```
You can tcpdump the individual interfaces to confirm that traffic goes shared between them, weirdly though on my machine my tcpdump on eth0 and eth1 does not show incoming traffic just outgoing, dumping bond0 works a charm though.

To test it I just turned the power off to one of my switch modules, the networking dies for a couple of seconds but soon resumes without a problem. I am sure I could tweak the times a bit but for now this is all I need.
June 5, 2007
UNIX Questions and Answers
UNIX Questions and Answers

Most answers refer to Solaris 2.x systems

Hardware Issues
Configuration Issues
NFS Issues
General Issues
Software issues
- Jumpstart setup and configuration (currently unavailable – being re-written)
- Veritas command line arguments
- Legato command line commands
- Raid Manager 6.22 and A1000
- Solstice Disksu
  ite (SDS) setup and configuration
- Solstace Disksuite (SDS) mirror root disk
- Samba setup and config
- SSH steup (currently unavailable – being re-written)
- clearcase checkin
- Read audio player for Solaris
- how can i build a html page of system configurations
- Graphical FTP programs for X
- What X windows Managers are there
- Free X server for 95/98/2000/NT”
- Microsoft Internet explorrer and outlook express for solaris
Networking issues
- X25 Packet Overhead Modulo 8 LAPB) or Modulo 128 (LAPBE)
- Perl script to get the tunable tcpip parameters (uses ndd)
Security issues
- Security issues and solaris
Firewall issues
- Firewall info
Performance tuning issues
- Proformance tuning
E10000
- Rename an E10000 domain
How do i view and set the open boot prom settings

From the unix prompt use eeprom. From the ok prompt use devaliases, printenv, nvedit and nvalias.

Back to Contents

How do i stop people logging in ?

If the file /etc/nologin exists then only root can login. Whatever the contents of the file are are displayed to whoever is attempting a login.

Back to Contents

How do i boot over the net via a different interface

From the ok prompt type

show-nets

This will display the possible interfaces. Select an interface then type

nvalias net ^Y

This will set the selected interface to the alias net.

Back to Contents

How do I solve Keyboard Translation
Errors?

The most likely cause of this is an incorrect XKeysymDB file or an
incorrect pointer to it. Try looking in /usr/openwin/lib or
/usr/openwin/lib/X11. The Installation and Administration
manual for the application should have some information about this.

If logged in as root from another system try
/usr/openwin/bin/kbd-mode -a

Back to Contents

Why do I get the error Stale NFS
Handle?

This was probably caused by a directory being deleted while another
system was NFS mounted into it. The best action is to cd
out of the directory and perform a umount. Sometimes
halting and restarting the automount daemon is reqired, for example:

/etc/rc2.d/S74autofs [stop/start]. or

/etc/init.d/nfs.server [stop/start].

If none of these work, then it might have to be a reboot.

Back to Contents

How can I configure new devices without
rebooting?

It is advisable to halt and power off the system whenever you attach new
scsi devices. However, if this is not possible try this:
1. If possible stop the system with < STOP > < A >, connect the device and
  type go
2. Type:
  drvconfig
  
  devlinks
  
  tapes / disks (depending on the device attached)
Back to Contents

What does the error RPC Program not registered
mean?

Probably the NFS server has got itself a little confused. Check there is
an entry in /etc/dfs/dfstab

Try stopping and restarting the daemon, for example:

/etc/init.d/nfs.server [stop/start]

If this doesn’t work, try a reboot.

Back to Contents

How do I tar to a remote system?

Tar to a remote drive:

tar cvfb - 20 filenames | rsh host dd of=/dev/rmt0 obs=20b

Tar from a remote drive:

rsh -n host dd if=/dev/rmt0 bs=20b | tar xvBfb - 20 filenames

Copying directory trees:

cd fromdir; tar cf - . | (cd todir; tar xfBp -)

Copy directory tree to another host:

cd fromdir; tar cf - * | rsh host "cd todir ; tar xf -"

Back to Contents

How do I copy directory structure with cpio?

Use find and cpio

cd fromdir; find . -name -print | cpio -pmd /todir

Back to Contents

How can I increase swap space?

Swapping onto a file system is faster than swapping to a file. If
possible, partition an area of disk as the additional swap area.
Otherwise, create a swap file with the command mkfile (see
man page), for example:

mkfile 100m swappy

Add the swap area with the command swap (see man page) for
example:

swap -a swappy

Back to Contents

Cetting a non sun cdrom to work

The main secret is to get the cdrom to talk in 512 byte sectors. If the cdrom does this then it will work.

Saturn.tlug.org This is a good FAQ to start with or try the Sun CD FAQ. or of course your manafacturs instruction book.

Back to Contents

How do I find out the speed of my machine?

Use the command psrinfo -v

Back to Contents

How do I carry out NFS performance tuning?

Start with the SMCC NFS Server Performance and Tuning Guide

This is a pkgadd of SUNWabhdw and adds the guide to answerbook

SUNWadhdw is on the “Software Supplement for the Solaris 2.6 Operating
Environment” CD.

Use the command /usr/bin/nfsstat to view the NFS statistics

Back to Contents

What hardware diagnostic programs are
there?

Use SunVTS. This is available on the Software Supplement for the Solaris
2.6 Operating Environment CD.

If you have a fibre problem then try STORtools. You will probably need
a fibre loopback cable in order to get the most out of this.

Back to Contents

How do I make a file system bootable after a
restore?

If you have reinstalled the / file system from backup (ie
ufsdump) then you will need to recreate the boot block on
the boot disk. This is done using the installboot command (
read the man page ), for example:
installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c?t?d?s?

Back to Contents

How do I dual host a system?
1. Install the network card and cable it up. Make sure that any
  jumpersettings are set.
2. Add the second interface name and IP to the hosts file and Name
  Service.
3. Edit the file /etc/hostname.interface where
  interface is the type, for example, le1 hme1
4. Reboot the sysyem or manually set it up with ifconfig
  (see manual page)
  ifconfig hmse1 plumb
  
  ifconfig hmse1 IP-Address
You may also need to perform an add route (see manual page)

route add net destination gateway metric
Back to Contents

How do I find out what patches are on a
system?

Use the command showrev -p

Use the command patchdiag -l this also lists patches you should install.
You
will need do download a copy from sun. If you have access try
downloading from http://sunsolve.sun.com.sunsolve/patchdiag this is a
tar compressed file.
There is a tar file of patchdiag on this site but i have not set up ftp at the moment of writing this page.

Back to Contents

How much memory does my system have?

Use the command prtconf and grep for the
memory, for example:

prtconf |grep Memory

If you need to know what memory sims are in what slot use the perl script from Micron. A sample script is.

Sample of Memcom Script Remeber to get an official copy.

Back to Contents

How can I play audio CDs and MP3 on my system?

For CD

Download a copy of Workman from Midwinter.com

If you have problems with sound then it might be that you cannot use
the internal sound card and will have to plug speekers int the cd
plater itself.

However this might work

edit /etc/rmmount.conf and add

action cdrom action_workman.so

/usr/local/bin/workman

try this before any other cdrom actions

For MP3 files look to the following site

Opensound

If you wish to read an audio cd under solaris and copy the files to
wav, mpeg, etc then you need the program galette available from Galette

Once you have the files stored as wav files you need to convert them to MP3 using Blade

Back to Contents

What useful Solaris commands are there
for finding out what’s going on?

This is a definite RTFM, but start with these:

ps, iostat, nfsstat,
sar, netstat, snoop,
mpstat, rpcinfo, truss,
prtdiag, crash, psrinfo,
prtconf, arp and uptime

try looking at the enclosed perl script to get an idea of wht to look for.

Perl script to look at how the system is performing

Back to Contents

How do I connnect a Zip Drive?

Helpful info from Iomega at

Zip Drives on Sun

basically edit /etc/format.dat and add :-
```
disk_type = "Zip" \
	: ctlr = SCSI\
	: ncyl = 2046 : acyl = 2 : pcyl = 2048 : nhead = 2\
	: nsect = 40 : rpm : bpt = 20480                   

partition = "Zip" \
        : disk = "Zip" : ctlr = SCSI \
        : 2 = 0, 192480 : 2 = 0, 1159168   
                                                      
```
Jazz Drives on Sun
Back to Contents

Why do I get .nfsxxxx files on NFS mounted
filesystems?

These are temporary files used by the system to guarantee data
reliability over the unreliable nfs mount. These can be left behind by
an application or process that has terminated abnormally.

Back to Contents

How do I stop printing a banner page?

If this is for just one print, use the -o option, for
example:

lp -o nobanner name

Otherwise, edit the file /etc/lp/interfaces/printername and
change the option nobanner to yes.

Back to Contents

How can I find out and set shared memory?

Use the command ipcs to view what is set.

If you wish to change them, edit /etc/systems and reboot
with -r.

Typically, you would edit one or more of msgsys,
semsys, shmsys.

Check out the sun docunemt on shared memory sunworld document on shared memory

Back to Contents

Number of inodes used and free

use the command df -F ufs -o i

Back to Contents

What block size is my file system

use the command mkfs -m /dev/dsk/c?t?d?s?

look at the bsize value (you need to be root to run this)

Back to Contents

How do I find out which clients are NFS mounting
a server?

Use the command dfmounts

Back to Contents

How do I get rid of defunct processes?

These are caused by an application or process crashing, terminating
abnormally, getting confused
etc. Look for the parent process of these and kill or refresh it.

Back to Contents

What version of bind am I running?

try /usr/ccs/bin/what /usr/sbin/in.named |grep named
```
Solaris 2.6 bind 4.9.4-P1 

Solaris 2.5.1 bind 4.9.3-P1 
```
Back to Contents

How can I change the hostid?

There are several ways to do this, try:

Squirrel
FAQ

Back to Contents

Why am I having problems mounting a floppy?

Back to Contents

How do I configure dtlogin for other window managers?

You need to create an Xresourses file to start the window manager.

cd /usr/dt/config/C/Xresources.d
copy Xresources.ow to a new name of your window manager ie Xresourses.kde.

Now edit your Xresources.kde file. Making the changes for your window manager

I.e.

Dtlogin*altDtsIncrement: True

Dtlogin*altDtName: KDE Desktop

Dtlogin*altDtKey: /usr/local/kde/bin/startkde

Dtlogin*altDtStart: /usr/local/kde/bin/startkde

Dtlogin*altDtLogo: KDElogo

copy the KDE logo KDElogo.pm to /usr/dt/appconfig/icons/C/KDElogo.pm

Back to Contents

Dual headed sun system

Try looking at infodoc 11669.

OPenwin
openwin -dev /dev/cgsix0 left -dev /dev/cgsix1 right

CDE

edit Xservers with

:0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -dev /dev/cgsix0 -dev /dev/cgsix1 right

How do I configure CDE?

The control panel

In this example I will add the workman cd player to the control panel.

Copy the CDE config file dtwm.fp from /usr/dt to your homedirectory/.dt/types

Create an icon and place it in ~.dt/icons. it should have a .m.pm extension.

ie. Player.m.pm

Edit the dtwm.fp file
and add following. In this case I am adding it between the help and
trash areas. the position hints is 13 so it should appear towards the
right between the help (book) icon and the trash (waste bin) icon.
```
CONTROL cdplayer
{
  TYPE                  icon
  CONTAINER_NAME        Top
  CONTAINER_TYPE        BOX
  POSITION_HINTS        13
  PUSH_ACTION           cdplayer
  ICON                  Player
}
```
Create a file for what to do when the button is pushed. In the example
it is called cdplayer. The file has a .dt extension IE cdplayer.dt. The
contents of this file are.
```
ACTION cdplayer
{
     LABEL         cdplayer
     TYPE          COMMAND
     EXEC_STRING   /usr/local/bin/workman
     ICON          somename
     WINDOW_TYPE   NO_STDIO
     DESCRIPTION   starts cdplayer
}
```
The mouse menu
```
copy the mouse menu from /usr/dt/config/C/sys.dtwmrc to you home directory ~/.dt/types/dtwmrc.

edit the dtwnrc file adding or removing mouse options. In this case we will create an applications submenu and put the cdplayer in that submenu. 

Firstly add the applications menu to the main menu by instering a line like this

"Applications"                      f.menu apps
in the DtRootMenu section.  approx line 38
then  hgo to the botton of the file and create the application menu. ie. 

Menu apps
{
APPLICATIONS" f.title
"CD Player" f.exec "/usr/local/bin/workman"
}
```
Back to Contents

How do I stop colour flashing?

Back to Contents

How do i communicate between systems using scokets
```
There are several ways to do this.  Below is an example of a perl program that sends the string 
"hey now hey now now. Sing this corrosion to me " to port 1250 on a system called mission.
On the mission server there is a program which is called via inetd that picks up this incomming 
line and writes it to a file /tmp/outfile.  the program is called read-socket.pl


Sample /etc/inetd.conf entry
read-socket stream tcp nowait neville /export/home/neville/read-socket.pl

Sample /etc/services entry
read-socket     1250/tcp

Sample sending program  (send-line.pl)
#!/usr/bin/perl
use IO::Socket;
$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',
                              PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                             );
die "Socket could not be created.  Reason $! \n"  unless $sock;
print $sock "hey now hey now now. Sing this corrosion to me\n";
close ($sock);

Sample sending program  (send-file.pl)
#!/usr/bin/perl
use IO::Socket;
my $FILETOSEND = "/tmp/crappy";
open (INFILE, $FILETOSEND) || die "cannot open file: $FILETOSEND \n";
$sock = new IO::Socket::INET (PeerAddr =&gt; 'mission',
                              PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                             );
die "Socket could not be created.  Reason $! \n"  unless $sock;
#now do the sending
select  ($sock);
while (&lt; INFILE &gt; )
	{	
	print $_;
}
close ($sock);
close ($INFILE);

Sample reading program  (read-socket.pl)
#!/usr/bin/perl
open (OUT,  "&gt;/tmp/outfile") || die "cannot open output file \n";
print OUT &lt; STDIN &gt;
close (OUT);

Sample reading program as a deamon (not using /etc/system and /etc/services)
#!/usr/
bin/perl
use IO::Socket;
$sock = new IO::Socket::INET (PeerPort =&gt; 1250,
                              Proto    =&gt; 'tcp',
                              Listen   =&gt; 10,
                              Reuse    =&gt; 1,
                             );
die "Cannot start deamon on socket  Reason $! \n"  unless $sock;
while ($this_connection = $server-&gt;accept())
{
print $this_connection;
}
close ($sock);
```
Back to Contents

How do i find out what resources a running process is using
```
Use the proc commands below and others. 
/usr/proc/bin/pmap -x $PID   (see what memory is used)
/usr/proc/bin/pldd $PID         (see what shared libraries are used)
/usr/proc/bin/pwdx $PID         (see what the working directory is)

Download a copy of memtool from Sun.  ftp://playground.sun.com/pub/memtool
```
Back to Contents

How can i program in curses?

If you plan to use curses to do an interface try looking at this site. It might make life easier for you

SCRMGR curses interface

Back to Contents

Get system hardware configuration

Run the command /usr/platform/arch-type/sbin/prtdiag -V

Back to Contents

Run jobs in background during times of light system loading

Try this site
Idalize program

Back to Contents

System stats in html format

Get a copy of DHTMLR (Do HTML Report) forom the belew site.

this is a shell script that gets system info and builds web pages.
DHTMLR program from the Sunsolve site Belgium

Back to Contents

Graphical FTP front ends for X

There are quite a few graphical front ends for ftp available. Below are
a couple of them. Also try looking at the KDE and GNOME sites.

GNU licenses Graphical ftp

llnl xdir

Back to Contents

Security issues and Solaris

Um yes well probably quite a few bits to add here. lets try
- Security FAQ Page
Back to Contents

Info on old sun hardware

This is a 7 part document
- Part 1
- Part 2
- Part 3
- Part 4
- Part 5
- Part 6
- Part 7
Back to Contents

Microsoft Internet Explorer and Outlook express for Solaris

Download it from

Internet Explorer

Back to Contents

How to prevent stack overflow

add noexec_user_stack to the file /etc/system

Back to Contents

How to tell if you are in 32 or 64 bit mode

use the command isainfo -v

Back to Contents

Disable CDROM popup under CDE

comment out the stdvolcheck stuff from

/usr/dt/config/sessionetc

Back to Contents

Stop FTP users from logging in

Set their shell in /etc/passwd to /bin/false. Then edit /etc/shells and add a line /bin/false.

Back to Contents

Check for disk errors

Use the commands

iostat -e or iostst -E or netstat -k

Back to Contents

Firewall information

Probably a lot to say here lets start with
- Commonly scanned firewall sockets
Back to Contents

Performance tuning information

Probably a lot to say here lets start with
- Performance tuning and look see stuff
Back to Contents

Xerox NeWSprinter20 Toner

As far as i can tell this is the toner Xerox XP 15/20

Back to Contents

Connecting a Sun Monitor to a PC

You will need to get a fixed frequency card. Look at this site.

Monitor world

Back to Contents

Connecting a PC Monitor to a Sun

You will need to get a 13W3 to VGA connector.

Some monitors (Notably Sony based ones) will just work. Plug it it and reboot.

If not you will need to set up your monitor configurations at the NVRAM.

To set the NVRAM you need the following info.

Back to Contents

Pinouts for Scsi, Video, Audio, Parallel, serial, etc

A good site to start looking at is:

Pinouts.com

Back to Contents

What is my screen resolution, etc

Under the X11 environment run the command xdpyinfo. If not running X
then you will need to look at one of the frame buffer config commands.

Unfortunatly these are framebuffer specific but try
```
System/Framebuffer	Command

Sparc4, Sparcx5 tcx	tcxconfig
x86			kdmconfig
Ultra creator		ffbconfig
Ultra PGX/M64		m64config
sparc ZX/TZX		leoconfig
sparc SX		cg14config
```
If you do not have the OS running but are at the OK pronpt try using nvedit.

Back to Contents

Upper to lower case traanslation using tr
```
#!/bin/sh
#translate filenames in uppercase to lowercase

for FILE in `ls`
do
        NEWNAME=`echo $FILE |tr [A-Z] [a-z]`
        mv $FILE $NEWNAME
done                                                          
```
Back to Contents

How to create solaris pkg’d

read this good article.

creating solaris packages

Back to Contents

Mb/Mhz rpm rule of thumb

A vague rule of thumb when looking at disk arrays is MB transfered is 10% of Mhz

for every 1000 rpm of disk you will get about 9 I/O’s second therefore a 10,000rpm disk will have 90 I/O second

If these are in a stripe configuration of 5 working disks the the throughput

could be 400 I/O second

At the time of writing a fully populated D1000 could yeald up to 3000 I/O second

Back to Contents

Online & Offline processors and what running on a processor

useful commnads are mpstat, psrinfo, psrset, pbind

Back to Contents

Rename an e10000 domain

Take a look at this page to show how to remane a domain. The main thing
to remember is to rename the domain on the ssp as well as the domain
itself.
Renaming an E1000 Domain

Back to Contents

geovisit();

Powered by ScribeFire.
May 9, 2007
Unix Interview Questions???
Linux admin interview questions
1. How do you take a single line of input from the user in a shell script?
2. Write a script to convert all DOS style backslashes to UNIX style slashes in a list of files.
3. Write
  a regular expression (or sed script) to replace all occurrences of the
  letter ‘f’, followed by any number of characters, followed by the
  letter ‘a’, followed by one or more numeric characters, followed by the
  letter ‘n’, and replace what’s found with the string “UNIX”.
4. Write a script to list all the differences between two directories.
5. Write a program in any language you choose, to reverse a file.
6. What are the fields of the password file?
7. What does a plus at the beginning of a line in the password file signify?
8. Using the man pages, find the correct ioctl to send console output to an arbitrary pty.
9. What is an MX record?
10. What is the prom command on a Sun that shows the SCSI devices?
11. What is the factory default SCSI target for /dev/sd0?
12. Where is that value controlled?
13. What happens to a child process that dies and has no parent process to wait for it and what’s bad about this?
14. What’s wrong with sendmail? What would you fix?
15. What command do you run to check file system consistency?
16. What’s wrong with running shutdown on a network?
17. What can be wrong with setuid scripts?
18. What value does spawn return?
19. Write
  a script to send mail from three other machines on the network to root
  at the machine you’re on. Use a ‘here doc’, but include in the mail
  message the name of the machine the mail is sent from and the disk
  utilization statistics on each machine?
20. Why can’t root
  just cd to someone’s home directory and run a program called a.out
  sitting there by typing “a.out”, and why is this good?
21. What is the difference between UDP and TCP?
22. What is DNS?
23. What does nslookup do?
24. How do you create a swapfile?
25. How would you check the route table on a workstation/server?
26. How do you find which ypmaster you are bound to?
27. How do you fix a problem where a printer will cutoff anything over 1MB?
28. What is the largest file system size in solaris? SunOS?
29. What are the different RAID levels?
Interview questions for Linux admin
1. Advantages/disadvantages of script vs compiled program.
2. Name a replacement for PHP/Perl/MySQL/Linux/Apache and show main differences.
3. Why have you choosen such a combination of products?
4. Differences between two last MySQL versions. Which one would you choose and when/why?
5. Main differences between Apache 1.x and 2.x. Why is 2.x not so popular? Which one would you choose and when/why?
6. Which Linux distros do you have experience with?
7. Which distro you prefer? Why?
8. Which tool would you use to update Debian / Slackware / RedHat / Mandrake / SuSE ?
9. You’re asked to write an Apache module. What would you do?
10. Which tool do you prefer for Apache log reports?
11. Your portfolio. (even a PHP guest book may work well)
12. What does ‘route’ command do?
13. Differences between ipchains and iptables.
14. What’s eth0, ppp0, wlan0, ttyS0, etc.
15. What are different directories in / for?
16. Partitioning scheme for new webserver. Why?
Unix/Linux programming interview questions

Question 1: What is the major advantage of a hash table? (Asked by Silicon Magic Corp. people)

Answer:
The major advantage of a hash table is its speed. Because the hash
function is to take a range of key values and transform them into index
values in such a way that the key values are distributed randomly
across all the indices of a hash table.

Question 2: What are the techniques that you use to handle the collisions in hash tables?(Asked by Silicon Magic Corp. people)

Answer:
We can use two major techniques to handle the collisions. They are open
addressing and separate chaining. In open addressing, data items that
hash to a full array cell are placed in another cell in the array. In
separate chaining, each array element consist of a linked list. All
data items hashing to a given array index are inserted in that list.

Question 3: In Unix OS, what is the file server? (Asked by Silicon Magic Corp. people)

Answer: The file server is a machine that shares its disk storage and files with other machines on the network.

Question 4: What is NFS? What is its job?(Asked by Silicon Magic Corp. people)

Answer:
NFS stands for Network File System. NFS enables filesystems physically
residing on one computer system to be used by other computers in the
network, appearing to users on the remote host as just another local
disk.

Question 5: What is CVS? List some useful CVS commands.(Asked by Silicon Magic Corp.people)

Anser:
CVS is Concurrent Version System. It is the front end to the RCS
revision control system which extends the notion of revision control
from a collection of files in a single directory to a hierarchical
collection of directories consisting of revision controlled files.
These directories and files can be combined together to form a software
release.
There are some useful commands that are being used very often. They are

cvs checkout
cvs update
cvs add
cvs remove
cvs commit

Unix/Linux administration interview questions

What is LILO?

LILO
stands for Linux boot loader. It will load the MBR, master boot record,
into the memory, and tell the system which partition and hard drive to
boot from.

What is the main advantage of creating links to a file instead of copies of the file?

A:
The main advantage is not really that it saves disk space (though it
does that too) but, rather, that a change of permissions on the file is
applied to all the link access points. The link will show permissions
of lrwxrwxrwx but that is for the link itself and not the access to the
file to which the link points. Thus if you want to change the
permissions for a command, such as su, you only have to do it on the
original. With copies you have to find all of the copies and change
permission on each of the copies.

Write a command to find all of the files which have been accessed within the last 30 days.

find / -type f -atime -30 > December.files

This
command will find all the files under root, which is ‘/’, with file
type is file. ‘-atime -30′ will give all the files accessed less than
30 days ago. And the output will put into a file call December.files.

What is the most graceful way to get to run level single user mode?

A: The most graceful way is to use the command init s.
If you want to shut everything down before going to single user mode then do init 0 first and from the ok prompt do a boot -s.

What does the following command line produce? Explain each aspect of this line.

$ (date ; ps -ef | awk ‘{print $1}’ | sort | uniq | wc -l ) >> Activity.log

A:
First let’s dissect the line: The date gives the date and time as the
first command of the line, this is followed by the a list of all
running processes in long form with UIDs listed first, this is the ps
-ef. These are fed into the awk which filters out all but the UIDs;
thes
e UIDs are piped into sort for no discernible reason and then onto
uniq (now we see the reason for the sort – uniq only works on sorted
data – if the list is A, B, A, then A, B, A will be the output of uniq,
but if it’s A, A, B then A, B is the output) which produces only one
copy of each UID.

These UIDs are fed into wc -l which counts the lines – in this
case the number of distinct UIDs running processes on the system.
Finally the results of these two commands, the date and the wc -l, are
appended to the file “Activity.log”. Now to answer the question as to
what this command line produces. This writes the date and time into the
file Activity.log together with the number of distinct users who have
processes running on the system at that time. If the file already
exists, then these items are appended to the file, otherwise the file
is created.

Solaris interview questions
1. List the files in current directory sorted by size ? – ls -l | grep ^- | sort -nr
2. List the hidden files in current directory ? – ls -a1 | grep “^\.”
3. Delete blank lines in a file ? – cat sample.txt | grep -v ‘^$’ > new_sample.txt
4. Search for a sample string in particular files ? – grep .Debug. *.confHere grep uses the string .Debug. to search in all files with extension..conf. under current directory.
5. Display the last newly appending lines of a file during appendingdata to the same file by some processes ? – tail .f Debug.logHere tail shows the newly appended data into Debug.log by some processes/user.
6. Display the Disk Usage of file sizes under each directory in currentDirectory ? – du -k * | sort .nr (or) du .k . | sort -nr
7. Change to a directory, which is having very long name ? – cd CDMA_3X_GEN*Here original directory name is . .CDMA_3X_GENERATION_DATA..
8. Display the all files recursively with path under current directory ? – find . -depth -print
9. Set the Display automatically for the current new user ? – export
  DISPLAY=`eval ‘who am i | cut -d”(” -f2 | cut -d”)” -f1′`Here in above
  command, see single quote, double quote, grave ascent is used. Observe
  carefully.
10. Display the processes, which are running under yourusername ? – ps .aef | grep MaheshvjHere, Maheshvj is the username.
11. List some Hot Keys for bash shell ? – Ctrl+l . Clears the Screen. Ctrl+r . Does a search in previously given commands in shell. Ctrl+u – Clears the typing before the hotkey. Ctrl+a . Places cursor at the beginning of the command at shell. Ctrl+e . Places cursor at the end of the command at shell. Ctrl+d . Kills the shell. Ctrl+z . Places the currently running process into background.
12.  Display the files in the directory by file size ? – ls .ltr | sort .nr .k 5
13. How to save man pages to a file ? – man <command> | col .b > <output-file>Example : man top | col .b > top_help.txt
14. How to know the date & time for . when script is executed ? – Add
  the following script line in shell script.eval echo “Script is executed
  at `date`” >> timeinfo.infHere, .timeinfo.inf. contains date
  & time details ie., when script is executed and history related to
  execution.
15. How do you find out drive statistics ? – iostat -E
16. Display disk usage in Kilobytes ? – du -k
17. Display top ten largest files/directories ? – du -sk * | sort -nr | head
18. How much space is used for users in kilobytes ? – quot -af
19. How to create null file ? – cat /dev/null > filename1
20. Access common commands quicker ? – ps -ef | grep -i $@
21. Display the page size of memory ? – pagesize -a
22. Display Ethernet Address arp table ? – arp -a
23. Display the no.of active established connections to localhost ? – netstat -a | grep EST
24. Display the state of interfaces used for TCP/IP traffice ? – netstat -i
25. Display the parent/child tree of a process ? – ptree <pid> Example: ptree 1267
26. Show the working directory of a process ? – pwdx <pid> Example: pwdx 1267
27. Display the processes current open files ? – pfiles <pid> Example: pfiles 1267
28. Display the inter-process communication facility status ? – ipcs
29. Display the top most process utilizing most CPU ? – top .b 1
30. Alternative for top command ? – prstat -a
Powered by ScribeFire.
May 9, 2007
Blogging using Livewriter.

Indeed after doing a search in google i am able to find out a blogging tool for windows thats live write. Well, it is a product of microsoft and it is good. As i haven’t tested it a lot. but i am finding it usual till now. After downloading it from here and some teawking in my proxy settings i am able to configure it to work on my office’s XP machine.

The original link for Live writer

May 9, 2007
Blogging using Livewriter.

Indeed after doing a search in google i am able to find out a blogging tool for windows thats live write. Well, it is a product of microsoft and it is good. As i haven’t tested it a lot. but i am finding it usual till now. After downloading it from here and some teawking in my proxy settings i am able to configure it to work on my office’s XP machine.

May 9, 2007

Converting delimited text to Excel

Description Google Results

Non-technical people need to be able to work with data. They usually end up reaching for Excel or Access because we live in a malevolent Universe.

Fortunately for the Perl kids there are a couple excellent modules already done for you by our friends John McNamara (Spreadsheet::WriteExcel) and Kawai Takanori (Spreadsheet::ParseExcel). Here is an example of how you can turn Excel into delimited plain text: converting Excel to text.

Below is a very useful and fairly generic subroutine that can take all kinds of delimited files and turn them into straightforward Excel files.

Code

sub text_to_excel {
# %args should look something like...
# ( delimiter => "\t",
#   recordsep => "\n",
#        file => "/path/to/file.txt"
#        name => "Sheet Title" )
# the only required args are delimiter and file

# we require instead of use to save on if we never end up using it in
# a larger script or CGI, but use statements at the top of the script
# are clearer for other programmers to follow.
  require Spreadsheet::WriteExcel;
  require IO::Scalar;

  my %args = @_;
  my ( $delimiter, $recordsep, $file, $name ) =
      @args{qw( delimiter recordsep file name )};

  $delimiter and $file or
      die "Must provide at least delimiter and file as args to" .
          "delimited_text_to_excel().";

  -e $file or
      die "There is no file: $file\n";

  open F, "< ", $file or croak("Can't open $file: $!");
  $/ = $recordsep || "\n";
  my @data = < F>;
  close F;
  $/ = "\n";

  my $xls_str;
  tie *XLS, 'IO::Scalar', \$xls_str;

  my $workbook  = Spreadsheet::WriteExcel->new(\*XLS)
;

  my $worksheet = $workbook->addworksheet($name||'Page 1');

  for ( my $row = 0; $row <  @data; $row++ ) {

      chomp( my @line = split /$delimiter/, $data[$row] );

      for ( my $col = 0; $col <  @line; $col++ ) {
          $worksheet->write_string($row, $col, $line[$col] || "");
      }
  }
  $workbook->close();
  return $xls_str;
}

Usage

use MIME::Lite;  # we want to mail our excel sheet

my $file     = '/data/profit_forcast';
my $name     = '2006 Profit Forcast';
my $xls_data = text_to_excel( file      => $file,
                            delimiter => "\t",
                            name      => $name );

# we've done all the work. $xls_data IS the excel file in a raw
# format. we could do anything with it now, including writing it to a
# file, but let's send it via email.

my $msg = MIME::Lite->new(From    => 'traitor@sedition.com',
                        To      => 'tuna@fish.net',
                        Cc      => 'traitor@sedition.com',
                        Subject => $name,
                        Type    => 'multipart/mixed')
  or die "PROBLEM opening MIME object: $!";

$msg->attach(Type        => 'application/vnd.ms-excel',
           Disposition => 'attachment',
           Data        => $xls_data,
           Filename    => $name . '.xls')
  or die "PROBLEM attaching Excel file: $!";

$msg->send() or die "PROBLEM sending MIME mail: $!";

print "Sent $name!\n";

Discussion

Anyone who’s dealt with delimited files before knows that this approach is missing a way to balance delimiters. Eg: If your field delimiter is a tab and your record delimiter is a newline and one of the text fields has a tab or a return character in it, it will wreck the results.

To work with this, I often use the NULL character (””) as a field delimiter and a double (””) as a record delimiter. It will never appear in regular files so you don’t have to resort to Text::Balanced or something to ensure your data integrity.

If you will ever have empty fields that cause the field delimiter to double up, you’ll have to get crafty and do something like “”.‘_RS_’.”” for the record separator.

$xls_data = text_to_excel( file      => '/path/to/file.txt',
                         delimiter => "",
                         recordsep => "",
                         name      => 'NULL delimited file' );

May 7, 2007

Commands.txt

solaris commands

wipro-bby
wiprobby

1. /usr/bin/uname – display current OS name, versin, Architecture

2. /usr/bin/uptime – Display how long the system has been up

3. /usr/bin/prtconf – Displays out detailed hardware info.

4. /usr/bin/prstat – Display active process statistics with the top process taking the most resource.

5. /usr/platform/sun4u/sbin/prtdiag – Displays very detailes hardware info such as CPU speed, CPU chache and on what slots memory chips is installed.

6. /usr/bin/showrev – displays machine and software version info.

7. /usr/bin/w – display info on currently logged on users.

8. Adding users –
#useradd -d /export/home/username -m -s /bin/ksh
the -m option tells the useradd command to automatically create the home directory.
NOte: do not store user directory in /home as this directory is used by solaris automounter. the automountwer gives the user to login to many machines and automatically ahve their home directories mounted on that machines /home area.

9. to delete users. – /usr/bin/userdel
for eg. userdel -r – will delete the users home directory as well.

10. psrinfo -v – processor info.

11. netstat -rn – show the routing table.

12. ifconfig -a – show the network iface info.

13. explorer output
/opt/SUNWexplo/bin/explorer – it is an executable file used to generate the explorer output
/opt/SUNWexplo/etc/ – directory contains the explorer tar files.

14. passwd -sa — for checking all system users password.

Network Configuration in Solaris.
1. to set the machine’s name – /etc/nodename

2. using DNS edit: /etc/nsswitch.conf – look for line that starts with “hosts:”
add “dns” to the end of the line.
you can add the “dns” entry to the very beginning of the line, which changes the order in which solaris will do the name lookups. for eg. if you have “nis” before “dns” it will check in nis database first and try to resolve it from there and if you have files before dns it will look in the /etc/hosts files before it look in dns.

3. adding entries in /etc/resolv.conf
file: /etc/resolv.conf
search domainname.com
domain domainname.com
nameserver ns1
nameserver ns2

4. adding machines info in /etc/hosts file.
file:/etc/hosts
ipaddr hostame

5. edit the following files.
/etc/net/ticlts/hosts
/etc/net/ticolts/hosts
/etc/net/ticotsnord/hosts

6. editing the interface name files.
sun systems can have multiple network cards, and each of those cards answer to a different hostname you may also have to edit a file to assign the hostname to the main network card.. you may want a single server to respond to many hostnames. the main network interface is mainly “hme0”.
to edit interface: /etc/hostname-interface

7. to edit netmask.
/etc/inet/netmasks
—————————————————————————————————————————-
###Exporting Display
##logging on server A using VNC.
1.ssh server B
2.xhost server B
3.export display server A:1.0

##for automatic color schemes.
ls –color=auto

##for time styling
ls –time-style=+%d-%m-%y\&H%M

##adding alias in .profile
alias variable=”alias name”
here “alias name” refers to any command which can be used in conjugtion.

##to show all the hidden files in one directory.
ls -d .*

##to remove empty lines using sed.
sed `/^$/d’

##password aging script in linux if chage is not working.
chage -l usernaem – most appropriate condition.
else
login as root.
grep the users in /etc/passwd file using:
#cut -d: -f1 /etc/passwd
#while read line do
#chage -l $users | grep “password expires” and line
#disply $users- your password will expire on

###Configuring Network.
##adding net up on command line.
#ifconfig eth0 netmask brodcast up

##adding the default gateway.
#route add default gw

##add the nameserver entries.
file: /etc/resolv.conf

#nmblookup -A -d1
#smblookup -LBC8 -I -U knopix % -w workcener name -d3

AIX commands.
#lscfg -vp | grep -p Cabinet — to check the cabinet no. on IBM/AIX

#lsdev -Cc Tape — to list the tape devices.

#rmdev -dl /dev/rmt0 — to delete rmt0 device.

#cfgmgr -v — reread the system hardware components and if iut finds any new thing. it will configure it accordingly.

#lsdev -Cc Tape — configure the tape drive.

#cfgmgr — same as above

#cat /etc/exclude.rootvg — filesystems to exclude while taking complete system backup.

#lsvg -l rootvg — list the volumme group called as rootvg

#smit mksysb — the smit interface to take the system backup

#tail smit.log — tail the log files to see smit is working fine.

#tctl -f /dev/rmt0 rewoffl -eject — this will rewind the tape and will eject the tape device.

#restore -tvf /dev/rmt0 — to list the contents of the tape device

#find ./log ./out -print | backup -ivf /dev/rmt0 | tee /tmp/log — to take backup of some files from ./log and ./out directory on tape device rmt0 while logging and printing the output on the screen.

#restore -xqdvf /dev/rmt0 — restoring the complete backup on the harddisk directory. the command must be fired from the parent directory to avoid confusions in where to restore dir. name.

########Grub.conf — How it works
####Manually loading through the bootloader.

###This will boot the windows partition.
rootnoverify (hd0,0)
makeactive
chainloader +1
boot

###booting linux fron /dev/hda3 device
root (hd0,2)
kernel /boot/vmlinuz root=/dev/hda3 -s
boot
initrd /boot/initrd

####SHUTTING DOWN ORACLE 9i

1. ps -aef | grep pmon -> to check orcale instances running.
2. sqlplus /as sysdba
3. shutdown immediately
4. exit
5. ps -aef | grep ora
6. ps -aef | grep tltns
10. kill -9 ora9ibrn

### copies a single 1024 block from /dev/zero(a continuous stream of zero bytes) to the file new file.
dd if=/dev/zero of=new_file bs=1024 count=1

iostat -En will show the devices like c0t0d0.
product :- the last line gives the size of the disk
mount -F hsfs /dev/dsk/c0t0d0s0 /mnt

To see all of the slices on all of the disks the easiest thing is:
prtvtoc /dev/rdsk/*s2
To see all disks do this:
format /dev/null 2>&1 redirecting the cron log to /dev/null
hwclock –systohc sync date with hwclock

df -g |awk ‘{print $1}’
df -g |awk ‘{print $7}’
df -g |awk ‘{print $4}’

To Change the username and home permission of a user
groupmod -n sysadmin santosh
usermod -d /home/sysadmin -m -g sysadmin -l sysadmin santosh

vncserver -kill :1

psrinfo will give number of cpus in Sun Solar
is

OGL Backup
cd /oraapps/oracle/prodcomn/admin

# find ./out ./log print | backup ivf /dev/rmtn

pscp.exe -pw ‘password’ “local machine path” user@host:/path/to/home/

df -g refresh
while :^Jdo^Jdf -g /kcf1dr /kcfdrvg^Jsleep 2^Jclear^Jdone

stopping one spd device
setsp -T -l3

3 is SPD number.

TIP
tip -9600 /dev/ttya
tip -9600 /dev/ttyb

changing users unsuccessful login attempt using sudo
sudo chsec -f /etc/security/lastlog -s username -a unsuccessful_login_count=0

mount -t ext3 -o acl

give rwx privileges to a user which does not belong to the group
setfacl -m u:prod:rwx test
checked the privileges using

getfacl -a test

opensssl rand -base64 6
—————————————————————————-
Restoration of backup
# restore -xdvgf /dev/rmtn
n-> no. of the tape drive attached.

To rewind and ejject the tape
# tctl -f /dev/rmtn rewoffl

To list the contents of the tape drive
# restore -Tl -vf /dev/rmt0

To check user account status like locked, unlocked and when the password expires etc.. use
on
AIX:
chuser

Solaris
passwd -s username

Linux
Chage -l username

April 25, 2007

Building DVD Images Of Ubuntu Repositories

1 Preliminary Note

This tutorial was inspired by an articles I read at http://cargol.net/~ramon/ubuntu-dvd-en. So many thanks to Ramon Acedo (the one who made this HowTo, originally)

The pages are not reachable from some weeks, now. I saved the page to read it off-line. So…

I found it useful. I hope it will be the same for you.

2 Introduction

This howto offers a simple way of creating DVD images of Debian or Ubuntu http/ftp repositories.

Ubuntu doesn’t offer DVDs ready to download with its main, universe, multiverse and/or restricted repositories. With the contents of this howto you can do it yourself.

Having the Ubuntu or Debian repositories on DVD can be useful for those users who don’t have access to the Internet where they have their Ubuntu installed but have access somewhere else to download the repository and build and burn the DVDs.

3 Building a local mirror

We have to install debmirror:

sudo apt-get install debmirror

Now we get the Ubuntu repositories in a local directory. In the example below we get main, universe and multiverse sections of the repository in the i386 architecture.

debmirror –nosource -m –passive –host=archive.ubuntulinux.org –root=ubuntu/ –method=ftp –progress –dist=dapper –section=main,multiverse,universe –arch=i386 ubuntu/ –ignore-release-gpg

You could change the options below as you prefer:

–host – the URL of the repository.
–dist – the distro of your OS (dapper, edgy, sarge, … ).
–section – the section you want to mirror locally.
–arch – the architecture of your box.

4 Separating the archive into DVD-sized directories

The repositories we got are too big (about 30Gb) to burn them to a DVD so we have to separate them into volumes.

The tool debpartial will do it for us.

sudo apt-get install debpartial

We make the directory where the volumes will reside.

mkdir ubuntu-dvd

and we make it to construct the package descriptors to every volume.

debpartial –nosource –dirprefix=ubuntu –section=main,universe,multiverse –dist=dapper –size=DVD ubuntu/ ubuntu-dvd/

Now we have to put the packages into the directories debpartial has just created. The script debcopy which also comes with the debpartial package will do it. The script needs ruby.

sudo apt-get install ruby

If everything is ok…

ruby debcopy ubuntu/ ubuntu-dvd/ubuntu0
ruby debcopy ubuntu/ ubuntu-dvd/ubuntu1
ruby debcopy ubuntu/ ubuntu-dvd/ubuntu2

Where ubuntu/ is the directory with the complete repository created with debmirror and ubuntu-dvd/* are the directories ready to host the new DVD-ready repository.
If we want to make soft links from the complete repository instead of copying the packages we can call debcopy with the option -l:

ruby -l debcopy ubuntu/ ubuntu-dvd/ubuntu0
ruby -l debcopy ubuntu/ ubuntu-dvd/ubuntu1
ruby -l debcopy ubuntu/ ubuntu-dvd/ubuntu2

Now every directory (ubuntu0, ubuntu1 and ubuntu2) fits on one DVD.

5 Making iso images

To get the directories ubuntu0, ubuntu1, ubuntu2 into an iso image ready to burn we can use mkisofs:

mkisofs -f -J -r -o ubuntu-dvd-0.iso ubuntu-dvd/ubuntu0
mkisofs -f -J -r -o ubuntu-dvd-1.iso ubuntu-dvd/ubuntu1
mkisofs -f -J -r -o ubuntu-dvd-2.iso ubuntu-dvd/ubuntu2

Now you can burn the iso images or mount them. Add them to the /etc/apt/source.list with the command:

sudo apt-cdrom add

Now we can verify the new repositories…

sudo apt-get update
sudo apt-get upgrade

… and, if I explain in the right way, you should have your box upgraded.

6 About the script ‘debcopy’

I heard about someone who can not find the script debcopy, above described.
In that case, create a new file called debcopy where you want:

gedit /your_path_to/debcopy

and copy the lines below inside it:

#!/usr/bin/ruby
#
# debcopy - Debian Packages/Sources partial copy tool
#
# Usage: debcopy [-l]  
#
#  where  is a top directory of a debian archive,
#  and  is a top directory of a new debian partial archive.
#
#  debcopy searches all Packages.gz and Sources.gz under /dists
#  and copies all files listed in the Packages.gz and Sources.gz
#  files into  from . -l creates symbolic links
#  instead of copying files.
#
# Copyright (C) 2002  Masato Taruishi 
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License with
#  the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL;
#  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
#  Suite 330, Boston, MA  02111-1307  USA
#
require 'getoptlong'
require 'zlib'
require 'ftools'
$link = false
def usage
  $stderr.puts "Usage: #{__FILE__} [-l]  "
   exit 1
end
def each (file, &block)
  fin = Zlib::GzipReader.open(file)
  fin.each do |line|
    yield line
  end
  fin.close
end
def each_file (file, &block)
  each(file) do |line|
    if /Filename: (.*)/ =~ line
      yield $1
    end
  end
end
def each_sourcefile (file, &block)
  dir = nil
  each(file) do |line|
    case line
    when /^Directory: (.*)$/
      dir = $1
    when /^ \S+ \d+ (\S+)$/
      yield dir + "/" + $1
    end
  end
end
def calc_relpath (source, dest)
  pwd = Dir::pwd
  Dir::chdir source
  source = Dir::pwd
  Dir::chdir pwd
  Dir::chdir dest
  dest = Dir::pwd
  Dir::chdir pwd
  src_ary = source.split("/")
  src_ary.shift
  dest_ary = dest.split("/")
  dest_ary.shift
  return dest if src_ary[0] != dest_ary[0]
  src_ary.clone.each_index do |i|
    break if src_ary[0] != dest_ary[0]
    src_ary.shift
    dest_ary.shift
  end
  src_ary.size.times do |i|
    dest_ary.unshift("..")
  end
  dest_ary.join("/")
end
def do_copy(path)
  if $link
    pwd=calc_relpath(File.dirname($dest_dir + "/" + path), $source_dir)
    File.symlink(pwd + "/" + path, $dest_dir + "/" + path)
  else
    File.copy($source_dir + "/" + path, $dest_dir + "/" + path)
  end
end
def copy(path)
  s=$source_dir + "/" + path
  d=$dest_dir + "/" + path
  if FileTest.exist?(d)
    $stats["ignore"] += 1
    return
  end
  if FileTest.exist?(s)
    File.mkpath(File.dirname(d))
    do_copy(path)
    $stats["copy"] += 1
  else
    $stats["notfound"] += 1
    $stderr.puts s + " not found."
  end
end
opts = GetoptLong.new(["--symlink", "-l", GetoptLong::NO_ARGUMENT],
		      ["--help", "-h", GetoptLong::NO_ARGUMENT])
opts.each do |opt,arg|
  case opt
  when "--symlink"
    $link = true
  when "--help"
    usage
  end
end
usage if ARGV.size != 2
$source_dir = ARGV.shift
$dest_dir = ARGV.shift
if $link
  $source_dir = Dir::pwd + "/" + $source_dir unless $source_dir =~ /\A\//
  $dest_dir = Dir::pwd + "/" + $dest_dir unless $dest_dir =~ /\A\//
end
$stats = {}
$stats["ignore"] = 0
$stats["copy"] = 0
$stats["notfound"] = 0
open("|find #{$dest_dir}/dists -name Packages.gz") do |o|
  o.each_line do |file|
    file.chomp!
    print "Processing #{file}... "
    $stdout.flush
    each_file(file) do |path|
      copy(path)
    end
    puts "done"
  end
end
open("|find #{$dest_dir}/dists -name Sources.gz") do |o|
  o.each_line do |file|
    file.chomp!
    print "Processing #{file}... "
    $stdout.flush
    each_sourcefile(file.chomp) do |path|
      copy(path)
    end
    puts "done"
  end
end
puts "Number of Copied Files: " + $stats["copy"].to_s
puts "Number of Ignored Files: " + $stats["ignore"].to_s
puts "Number of Non-existence File: " + $stats["notfound"].to_s

April 21, 2007

How to turn on rsh and rlogin on RedHat Enterprise Linux (RHEL 2.1/ 3.0)

Enable them:

Turn on these three using chkconfig on both the nodes: rexec, rsh and rlogin.

# chkconfig rexec on
# chkconfig rsh on
# chkconfig rlogin on

xinetd

Restart xinetd to be sure.

# service xinetd restart

.rhosts

On hostA’s root home directory (usually /root), create a .rhosts file, which has hostB in it.

# cat .rhosts
hostB

Similarly, create a .rhosts on hostB’s root home directory which has hostA in it.

# cat .rhosts
hostA

hosts.allow

Now, edit /etc/hosts.allow on hostA:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
ALL : hostB

Edit /etc/hosts.allow on hostB:

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the ‘/usr/sbin/tcpd’ server.
#
ALL : hostA

hosts.equiv

Edit /etc/hosts.equiv on hostA to have

# cat /etc/hosts.equiv
hostB

Edit /etc/hosts.equiv on hostB to have

# cat /etc/hosts.equiv
hostA

/etc/securetty

And finally, knock off /etc/securetty (rename it or worse, purge it) on both hostA and hostB

Now you are good to go.

Disclaimer: Use at your own risk. Don’t flame me. It sure worked for me. Actual results may vary. Use ssh in place of rlogin/rsh/telnet and the like, as ssh is more secure.

April 18, 2007
Fail Login Configuration

1. Open the /etc/pam.d/system-auth file for editing.
ensure that a backup done for the file which you are editing.

2. Add the following lines:

auth required pam_tally.so no_magic_root
account required pam_tally.so deny=2 no_magic_root

here the value of deny implies how many login attempts should faillog wait before locking the account for login.

3. Save the file and exit.
4. Test the configuration by attempting to login as a normal user, but using a wrong password.
5. Verify the failed count increments by running the command:

faillog -u
6. To disable faillog for one particular user faillog -m -1 -u username

April 17, 2007
ssh using keys.

Here i will try to demonstrate how to use ssh keys to login to machines without password.
Since i did not got it to work with putty now. i will do it with two unix machines and will soon continue this post on to configure it with putty.

1. Check the ssh-server installed on your machine or not. if not download the packages openssh-clients and openssh-server from the respective downloads site.

2. create public and private keys using ssh-keygen

user@home$ ssh-keygen -t dsa ##this will create public and privatye keys.

3. scp the public key to the remote host on which you want to gain the access without password.
user@home$ scp .ssh/id_dsa.pub user@machineB:~/.ssh/authorized_keys ## from machine a to machine b.

4. Now login from Machine A to Machine B and check. it will work without password.

Points:
1. you must login from the account where you have kept the private key. since, you try to login from a diferent account you private key wo0n’t be there and that time you will be thrown to a password prompt.
2. Check the permissions of the directory .ssh to be 700 and the permission of the authorized_keys files must be 600. or else it won’t work.

March 13, 2007
Do we know the world.

Indeed a very good article from Sunday Times which talks about our views of changing perception with time. How much we know and how much we have to learn. Basically, we have to see a lot more to understand.

Written by : Shobhan Saxena
[ 11 Feb, 2007 0046hrs ISTTIMES NEWS NETWORK ]

Reality is a question of perspective. It depends on your location on the GPS. Earlier, people with yellow hair and blue eyes believed that all Indians had a tiger in their backyard and filthy men made venomous cobras dance. We hated this kind of Orientalism.

We always believed that we had too much culture here and we didn't need to learn anything from anyone, at least not from the "ignorant" West which saw us as a nation of medieval freaks. Now, with the changing times, the perceptions about us have changed.

Now the world probably thinks we all live in slums, smell of curry, speak in funny accents, work in call centres and leak customer data for money. We don't like this. We feel others do not understand us. But we seem to be more ignorant of the world than the world is of us.

That's why when two Indian hacks go to Kabul to make a film, they get into trouble with the quintessential side-kick Arshad Warsi cracking some jokes about Afghan men liking other men and the Hazaras being ruthless barbarians who kill people by "stroking long, rusted nails into their heads".

Funny, isn't it? Not for the Afghans who banned Kabul Express. Imagine going to Afghanistan, standing in a fallow land which has turned red due to an eternal war and indulging in some gay-bashing.
Our angle is so skewed that we miss the complete picture: This land has been a crucible of global wars from the Great Game between the Tsars and the British, the Cold War, the bloody battles between the Russians and the Mujahideen and the ideological clashes between the leftists and the religious zealots.

We know nothing about their music, poetry and food. We know nothing about their customs and language. The only thing we know about them is that they like to kill each other and they love to play Buzkashi, a game where wild horsemen fight over a dead goat.

We know that much because we saw Mr Stallone playing the game in Rambo III. We understand our next-door neighbours through Hollywood.

We cry till hoarse about the world stereotyping us as "the Indians", but the fact is that we don't understand the world as it exists. Forget Paraguay and Morocco, our understanding of China is quite warped.

Ask an average Indian about China and he would probably say: chow mein. We see China, the world's biggest nation, as the land of noodles, fried cockroaches and snake soup.
The middle classes may associate China with new age mumbo-jumbo like Feng Shui, Tai-chi and the Laughing Buddha, and a booming economy that shines in the Shanghai skyscrapers. But that's it. We dismiss Japan, the world's second biggest economy, in a few words: judo-karate, Su-Doku, haiku, sushi, saké, kamikazes and harakiri.

Of course, we know about their cars and electronic watches. That's it. For us, Brazil, the biggest Latin country, that's three times the size of India, is a nation of semi-nude, samba dancers and crazy footballers. In our imagination, Argentina means Maradona. That's it.

A nation is an imagined community. The world lives in our imagination. The "others" are imagined people. But, so limited is our imagination about the others that we don't think beyond certain stereotypes.

We associate the Australians with kangaroos, the Russians with vodka, the French with romance, the Italians with fashion, the Latinos with sex and the Africans with HIV. And the Middle East is all about oil and beauties behind the veil. You cannot have an imagination worse than this.

We don't know what we are missing. China's rich culture rivals ours: thoughts from Confucius to Mao Zedong, writers from Zhuang Zi to Nobel laureate Gao Xingjian, short poetry, long operas, Mandarin guitar and classical music. It's quite sickening to reduce Brazil to a carnival of hot babes on its beaches.
It's a melting pot of cultures: from Europe, Africa, Asia and Amazon jungles. The beach is the most democratic place in Rio, where the rich and poor, homeless and intellectual, musicians and writers all meet and mix with each other.

The country has great traditions of music and arts. And politics: one entire generation grew up fighting the military dictatorship. But we don't care to know and understand all this.

In the age of globalisation, such a little understanding of the world is dangerous. Not for us, but for others: a white man straying into an Indian village is beaten to death for no reason; two Africans carrying meat in their bags are attacked for having "beef with them".

It's a dangerous way of looking at other people. At one level, people are the same everywhere. They are all trapped in their human condition: living, liking and helping each other; loving, hating and destroying each other. But if we do not know the details of their life, they don't look real. They look like freaks.

—
Anyone who has the power to make you believe absurdities has the power to make you commit injustices.
<b>Voltaire </b>
http://om-prakash.blogspot.com

February 21, 2007

The 10 Commands we never use.

It takes years maybe decades to master the commands available to you at the Linux shell prompt. Here are 10 that you will have never heard of or used. They are in no particular order. My favorite is mkfifo.

pgrep, instead of:

# ps -ef | egrep '^root ' | awk '{print $2}'
1
2
3
4
5
20
21
38
39
...

You can do this:

# pgrep -u root
1
2
3
4
5
20
21
38
39
...

pstree, list the processes in a tree format. This can be VERY useful when working with WebSphere or other heavy duty applications.

# pstree
init-+-acpid
     |-atd
     |-crond
     |-cups-config-dae
     |-cupsd
     |-dbus-daemon-1
     |-dhclient
     |-events/0-+-aio/0
     |          |-kacpid
     |          |-kauditd 

     |          |-kblockd/0
     |          |-khelper
     |          |-kmirrord
     |          `-2*[pdflush]
     |-gpm
     |-hald
     |-khubd
     |-2*[kjournald]
     |-klogd
     |-kseriod 

     |-ksoftirqd/0
     |-kswapd0
     |-login---bash
     |-5*[mingetty]
     |-portmap
     |-rpc.idmapd
     |-rpc.statd
     |-2*[sendmail]
     |-smartd
     |-sshd---sshd---bash---pstree 

     |-syslogd
     |-udevd
     |-vsftpd
     |-xfs
     `-xinetd

bc is an arbitrary precision calculator language. Which is great. I found it useful in that it can perform square root operations in shell scripts. expr does not support square roots.

# ./sqrt
Usage: sqrt number
# ./sqrt 64
8
# ./sqrt 132112
363
# ./sqrt 1321121321
36347

Here is the script:

# cat sqrt
#!/bin/bash
if [ $# -ne 1 ]
then
        echo 'Usage: sqrt number'
        exit 1
else
        echo -e "sqrt($1)\nquit\n" | bc -q -i
fi

split, have a large file that you need to split into smaller chucks? A mysqldump maybe? split is your command. Below I split a 250MB file into 2 megabyte chunks all starting with the prefix LF_.

# ls -lh largefile
-rw-r--r--  1 root root 251M Feb 19 10:27 largefile
# split -b 2m largefile LF_
# ls -lh LF_* | head -n 5
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_aa
-rw-r--r--  1 root root 2.0M 
 Feb 19 10:29 LF_ab
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ac
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ad
-rw-r--r--  1 root root 2.0M Feb 19 10:29 LF_ae
# ls -lh LF_* | wc -l
126

nl numbers lines. I had a script doing this for me for years until I found out about nl.

# head wireless.h
/*
 * This file define a set of standard wireless extensions
 *
 * Version :    20      17.2.06
 *
 * Authors :    Jean Tourrilhes - HPL
 * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved. 

 */

#ifndef _LINUX_WIRELESS_H
# nl wireless.h | head
     1  /*
     2   * This file define a set of standard wireless extensions
     3   *
     4   * Version :    20      17.2.06
     5   * 
      6   * Authors :    Jean Tourrilhes - HPL
     7   * Copyright (c) 1997-2006 Jean Tourrilhes, All Rights Reserved.
     8   */

     9  #ifndef _LINUX_WIRELESS_H

mkfifo is the coolest one. Sure you know how to create a pipeline piping the output of grep to less or maybe even perl. But do you know how to make two commands communicate through a named pipe?
First let me create the pipe and start writing to it:

Then read from it:

ldd, want to know which Linux thread library java is linked to?

# ldd /usr/java/jre1.5.0_11/bin/java
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00bd4000)
        libdl.so.2 => /lib/libdl.so.2 (0x00b87000)
        libc.so.6 => /lib/tls/libc.so.6 (0x00a5a000) 

        /lib/ld-linux.so.2 (0x00a3c000)

col, want to save man pages as plain text?
```
# PAGER=cat
# man less | col -b > less.txt
```

xmlwf, need to know if a XML document is well formed? (A configuration file maybe..)

# curl -s 'http://bashcurescancer.com' > bcc.html
# xmlwf bcc.html
# perl -i -pe 's@<br/>@<br>@g'  bcc.html
# xmlwf bcc.html
bcc.html
:104:2: mismatched tag

lsof lists open files. You can do all kinds of cool things with this. Like find which ports are open:

# lsof | grep TCP
portmap    2587   rpc    4u     IPv4       5544                 TCP *:sunrpc (LISTEN)
rpc.statd  2606  root    6u     IPv4       5585                 TCP *:668 (LISTEN)
sshd       2788  root    3u     IPv6       5991                 TCP *:ssh (LISTEN) 

sendmail   2843  root    4u     IPv4       6160                 TCP badhd:smtp (LISTEN)
vsftpd     9337  root    3u     IPv4      34949                 TCP *:ftp (LISTEN)
cupsd     16459  root    0u     IPv4      41061                 TCP badhd:ipp (LISTEN) 

sshd      16892  root    3u     IPv6      61003                 TCP badhd.mshome.net:ssh->kontiki.mshome.net:4661  (ESTABLISHED)

Or find the number of open files a user has. Very important for running big applications like Oracle, DB2, or WebSphere:

# lsof | grep ' root ' | awk '{print $NF}' | sort | uniq | wc -l
179

–

February 21, 2007

A myth Called the Indian Software Programmer.

This article has been taken from sunday times – mumbai edition dt: 18/02/2006

I am posting it here as it gives a lot of meaning to the indian software industry and the boom which we had seen in the past because of this.

They are the poster boys of matrimonial classifieds. They are paid handsomely, perceived to be intelligent and travel abroad frequently. Single-handedly, they brought purpose to the otherwise sleepy city of Bangalore.

Indian software engineers are today the face of a third-world rebellion. But what exactly do they do? That’s a disturbing question. Last week, during the annual fair of the software industry’s apex body Nasscom, no one uttered a word about India’s programmers.

The event, which brought together software professionals from around the world, used up all its 29 sessions to discuss prospects to improve the performance of software companies. Panels chose to debate extensively on subjects like managing innovation, business growth and multiple geographies.

But there was nothing on programmers, who you would imagine are the driving force behind the success of the Indian software companies. Perhaps you imagined wrong. “It is an explosive truth that local software companies won’t accept.

Most software professionals in India are not programmers, they are mere coders,” says a senior executive from a global consultancy firm, who has helped Nasscom in researching its industry reports.

In industry parlance, coders are akin to smart assembly line workers as opposed to programmers who are plant engineers. Programmers are the brains, the glorious visionaries who create things. Large software programmes that often run into billions of lines are designed and developed by a handful of programmers.

Coders follow instructions to write, evaluate and test small components of the large program. As a computer science student in IIT Mumbai puts it if programming requires a post graduate level of knowledge of complex algorithms and programming methods, coding requires only high school knowledge of the subject.

Coding is also the grime job. It is repetitive and monotonous. Coders know that. They feel stuck in their jobs. They have fallen into the trap of the software hype and now realise that though their status is glorified in the society, intellectually they are stranded.
Companies do not offer them stock options anymore and their salaries are not growing at the spectacular rates at which they did a few years ago.

“There is nothing new to learn from the job I am doing in Pune. I could have done it with some training even after passing high school,” says a 25-year-old who joined Infosys after finishing his engineering course in Nagpur.

A Microsoft analyst says, “Like our manufacturing industry, the Indian software industry is largely a process driven one. That should speak for the fact that we still don’t have a domestic software product like Yahoo or Google to use in our daily lives.”

IIT graduates have consciously shunned India’s best known companies like Infosys and TCS, though they offered very attractive salaries. Last year, from IIT Powai, the top three Indian IT companies got just 10 students out of the 574 who passed out.

The best computer science students prefer to join companies like Google and Trilogy. Krishna Prasad from the College of Engineering, Guindy, Chennai, who did not bite Infosys’ offer, says, “The entrance test to join TCS is a joke compared to the one in Trilogy. That speaks of what the Indian firms are looking for.”

A senior TCS executive, who requested anonymity, admitted that the perception of coders is changing even within the company. It is a gloomy outlook. He believes it has a lot to do with business dynamics.

The executive, a programmer for two decades, says that in the late ’70s and early ’80s, software drew a motley set of professionals from all kinds of fields.

In the mid-’90s, as onsite projects increased dramatically, software companies started picking all the engineers they could as the US authorities granted visas only to graduates who had four years of education after high school.
“After Y2K, as American companies discovered India’s cheap software professionals, the demand for engineers shot up,” the executive says. Most of these engineers were coders. They were almost identical workers who sat long hours to write line after line of codes, or test a fraction of a programme.

They did not complain because their pay and perks were good. Now, the demand for coding has diminished, and there is a churning.

Over the years, due to the improved communication networks and increased reliability of Indian firms, projects that required a worker to be at a client’s site, say in America, are dwindling in number. And with it the need for engineers who have four years of education after high school.

Graduates from non-professional courses, companies know, can do the engineer’s job equally well. Also, over the years, as Indian companies have already coded for many common applications like banking, insurance and accounting, they have created libraries of code which they reuse.

Top software companies have now started recruiting science graduates who will be trained alongside engineers and deployed in the same projects. The CEO of India’s largest software company TCS, S Ramadorai, had earlier explained, “The core programming still requires technical skills.

But, there are other jobs we found that can be done by graduates.” NIIT’s Arvind Thakur says, “We have always maintained that it is the aptitude and not qualifications that is vital for programming. In fact, there are cases where graduate programmers have done better than the ones from the engineering stream.”

Software engineers, are increasingly getting dejected. Sachin Rao, one of the coders stuck in the routine of a job that does not excite him anymore, has been toying with the idea of moving out of Infosys but cannot find a different kind of “break”, given his coding experience.

He sums up his plight by vaguely recollecting a story in which thousands of caterpillars keep climbing a wall, the height of which they don’t know. They clamber over each other, fall, start again, but keep climbing. They don’t know that they can eventually fly.

Rao cannot remember how the story ends but feels the coders of India today are like the caterpillars who plod their way through while there are more spectacular ways of reaching the various destinations of life.

February 19, 2007
Bash Tips and Tricks

February 16, 2007
Remote Logins – Telnet
An answer found from Linux Gazette for the question on Remote Logins and su.

Q. i am running red hat linux 6.1 and am encountering some problems i can login as root from the console but not from anywhere else i have to login as webmaster on all other machines on ntwk from nowhere, including the console, can i su once logged in as webmaster any help would be appreciated

Ans. :
Any of these should allow you to access your system through cryptographically secured authentication and session protocols that protect you from a variety of sniffing, spoofing, TCP hijacking and other vulnerabilties that are common using other forms of remote shell access (such as telnet, and the infamous rsh and rlogin packages).

If you really insist on eliminating these policies from your system you can edit files under /etc/pam.d that are used to configure the options and restrictions of the programs that are compiled against the PAM (pluggable authentication modules) model and libraries. Here’s an example of one of them (/etc/pam.d/login which is used by the in.telnetd service):
```
#
# The PAM configuration file for the Shadow `login' service
#
# NOTE: If you use a session module (such as kerberos or NIS+)
# that retains persistent credentials (like key caches, etc), you
# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
# in order for login to stay around until after logout to call
# pam_close_session() and cleanup.
#

# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth       required   pam_issue.so issue=/etc/issue

# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth       requisite  pam_securetty.so

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth       required   pam_nologin.so

# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
# (Replaces the `ENVIRON_FILE' setting from login.defs)
auth       required   pam_env.so

# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth       required   pam_unix.so nullok

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please uncomment and edit /etc/security/group.conf if you
# wish to use this.
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
# auth       optional   pam_group.so

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account    requisite  pam_time.so

# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account  required       pam_access.so

# Standard Un*x account and session
account    required   pam_unix.so
session    required   pam_unix.so

# Sets up user limits, please uncomment and read /etc/security/limits.conf
# to enable this functionality.
# (Replaces the use of /etc/limits in old login)
# session    required   pam_limits.so

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session    optional   pam_lastlog.so

# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session    optional   pam_motd.so

# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
# can also enable a MAIL environment variable from here, but it
# is better handled by /etc/login.defs, since userdel also uses
# it to make sure that removing a user, also removes their mail
# spool file.
session    optional   pam_mail.so standard noenv

# The standard Unix authentication modules, used with NIS (man nsswitch) as
# well as normal /etc/passwd and /etc/shadow entries. For the login service,
# this is only used when the password expires and must be changed, so make
# sure this one and the one in /etc/pam.d/passwd are the same. The "nullok"
# option allows users to change an empty password, else empty passwords are
# treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5 passwords the same way that
# `MD5_CRYPT_ENAB' would do under login.defs).
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the "min" and "max" options enforce the length of the
# new password.

password   required   pam_unix.so nullok obscure min=4 max=8

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
#
# password required       pam_cracklib.so retry=3 minlen=6 difok=3
# password required       pam_unix.so use_authtok nullok md5
```
This is from Debian machine (mars.starshine.org) and thus has far more comments (all those lines starting with “#” hash marks) than those that Red Hat installs. It’s good that Debian comments these files so verbosely, since that’s practically the only source of documentation for PAM files and modules.

In this case the entry that you really care about is the one for ‘securetty.so’ This module checks the file /etc/securetty which is classically a list of those terminals on which your system will allow direct root logins.

You could comment out this line in /etc/pam.d/login to disable this check for those services which call the /bin/login command. You can look for similar lines in the various other /etc/pam.d files so see which other services are enforcing this policy.

This leads us to the question of why your version of ‘su’ is not working. Red Hat’s version of ‘su’ is probably also “PAMified” (almost certainly, in fact). So there should be a /etc/pam.d/su file that controls the list of policies that your copy of ‘su’ is checking. You should look through that to see why ‘su’ isn’t allowing your ‘webmaster’ account to become ‘root’.

It seems quite likely that your version of Red Hat contains a line something like:
```
# Uncomment this to force users to be a member of group root
# before than can use `su'. You can also add "group=foo" to
# to the end of this line if you want to use a group other
# than the default "root".
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
auth       required   pam_wheel.so
```
Classically the ‘su’ commands on most versions of UNIX required that a user be in the “wheel” group in order to attain ‘root’ The traditional GNU implementation did not enforce this restriction (since rms found it distasteful).

On my system this line was commented out (which is presumably the Debian default policy, since I never fussed with that file on my laptop). I’ve uncommented here for this exa
mple.

Note that one of the features of PAM is that it allows you to specify any group using a command line option. It defaults to “wheel” because that is an historical convention. You can also use the pam_wheel.so module on any of the PAMified services --- so you could have programs like ‘ftpd’ or ‘xdm’ enforce a policy that restricted their use to members of arbitrary groups.

Finally note that most recent versions of SSH have PAM support enabled when they are compiled for Linux systems. Thus you may find, after you install any version of SSH, that you have an /etc/pam.d/ssh file. You may have to edit that to set some of your preferred SSH policies. There is also an sshd_config file (mine’s in /etc/ssh/sshd_config) that will allow you to control other ssh options).

In generall the process of using ssh works something like this:
1. Install the sshd (daemon) package on your servers (the systems that you want to access)
2. Install the ssh client package on your clients (the systems from which you’d like to initiate your connections).
3. Generate Host keys on all of these systems (normally done for you by the installation).
…. you could stop at this point, and just start using the ssh and slogin commands to access your remote accounts using their passwords. However, for more effective and convenient use you’d also:
1. Generate personal key pairs for your accounts.
2. Copy/append the identity.pub (public) keys from each of your client accounts into the ~/.ssh/authorized_keys files on each of the servers.
This allows you to access those remote accounts without using your passwords on them. (Actually sshd can be configured to require the passwords AND/OR the identity keys, but the default is to allow access without a password if the keys work).

Another element you should be aware of is the “passphrases” and the ssh-agent. Basically it is normal to protect your private key with a passphrase. This is sort of like a password --- but it is used to decrypt or “unlock” your private key. Obviously there isn’t much added convenience if you protect your private key with a passphrase so that you have to type that every time you use an ssh/slogin or scp (secure remote copy) command.

ssh-agent allows you to start a shell or other program, unlock your identity key (or keys), and have all of the ssh commands you run from any of the descendents of that shell or program automatically use any of those unlocked keys. (The advantage of this is that the agent automatically dies when you exit the shell program that you started. That automatically “locks” the identity --- sort of.

There are alot of other aspects to ssh. It can be used to create tunnels, through which one can use all sorts of traffic. People have created PPP/TCP/IP tunnels that run through ssh tunnels to support custom VPNs (virtual private networks). When run under X, ssh automatically performs “X11 forwarding” through one of the these tunnels. This is particularly handy for running X clients on remote systems beyond a NAT (IP Masquerading) router or through a proxying firewall.

In other words ssh is a very useful package quite apart from its support for cryptographic authentication and encryption.

In fairness I should point out that there are a number of alternatives to ssh. Kerberos is a complex and mature suite of protocols for performing authentication and encryption. STEL is a simple daemon/client package which functions just like telnetd/telnet --- but with support for encrypted sessions. And there are SSL enabled versions telnet and ftp daemons and clients.
February 16, 2007

Tag: World

UNIX Questions and Answers

Hardware Issues

Configuration Issues

NFS Issues

General Issues

Software issues

Networking issues

Security issues

Firewall issues

Performance tuning issues

E10000

Unix/Linux programming interview questions

Unix/Linux administration interview questions

Solaris interview questions