unix system administration n.
Skip this Video
Loading SlideShow in 5 Seconds..
Unix System Administration PowerPoint Presentation
Download Presentation
Unix System Administration

Unix System Administration

203 Vues Download Presentation
Télécharger la présentation

Unix System Administration

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Unix System Administration Solaris Management Console Chuck Hauser 2006-10-13

  2. Presentation Conventions • Names (files, users, daemons) are usually in bold:/etc/syslog.conf • System dependent or variable items are usually in italics: /var/sadm/patch/patchnumber/log • File entries and output are in mono-spaced type:> root 8036 c Tue Apr 26 23:59:00 2005 < root 8036 c Tue Apr 26 23:59:59 2005 • Ämarks a line wrapped to fit on the slide:mv Solaris_9_Recommended_Patch_Cluster_log ÄSolaris_9_Recommended_Patch_Cluster_log.yyyymmdd • ð marks a horizontal tab (09 hex) • Reference OE for programs and documentation is Solaris 9

  3. Introduction • “The Solaris Management Console is a graphical user interface that provides access to Solaris system administration tools.” • Replaces both AdminSuite and Admintool. • The Solaris Management Console (abbreviated as SMC from here forward) first appeared in Solaris 2.6. • SMC continues at least through Solaris 10.

  4. Admintool and Java Web Console • Solaris 9 includes admintool, but it opens with this message. Admintool is not in Solaris 10. • The browser-based Java Web Console was introduced in Solaris 10 as a future replacement for SMC, but currently it has almost no functionality.

  5. SMC Advantages Over admintool • Replaces the root-privileges of admintool with more flexible role-based access control (RBAC) if desired. • Based on a toolbox concept; different collections of tools and folders can be grouped for user’s role or experience. • Can be extended with JavaBeans, legacy apps, commands, etc. • Has context-sensitive help.

  6. Role-Based Access Control (RBAC) • Replaces the all-or-nothing superuser model with least-privilege security; allows separation of superuser capabilities. • A role account is created with specific rights that are granted to a set of users. • See System Administration Guide: Security Services (817-0365) Chapters 5-7.

  7. Solaris Management Tools History See System Administration Guide: Basic Administration (817-3814) Chapter 1 Solaris Management Tools (Roadmap) for a matrix of Solaris management tools support.

  8. Solaris Management Console 2. 1 Packages

  9. Solaris Management 2.1 Packages

  10. Solaris Volume Management Packages Because Solstice DiskSuite has been incorporated in Solaris 9 as the Solaris Volume Manager, the DiskSuite Tool (metatool) has been removed and SMC is now the graphical interface for Solaris Volume Management.

  11. SMC Documentation • There is no Sun manual that covers only SMC. • The System Administration Guide: Basic Administration (817-3814) introduces SMC in Chapter 2 Working With the Solaris Management Console (Tasks) • Other references are scattered in the various System Administration Guides. • BigAdmin has SMC 2.0 Frequently Asked Questions which also has 2.1 tips at • SunSolve has a Solaris Management Console Support Document (70475).

  12. Solaris Management Console Tools • Solaris Management Console Tools by Janice Winsor (Sun Microsystems Press, 2002) covers SMC 2.0 and is out of print. • Three sample chapters are online: • Networked System Administration Tools from Sun Microsystems • SMC Toolbox Editor: Creating and Editing the SMC Toolbox • Using SMC Tools

  13. SMC Help • Online help is available. The currently selected tool will determine the help shown. • A simple non-boolean search is available. • Help can be printed.

  14. SMC Components • SMC Server: provides tools for console and services such as authentication, authorization, logging, messaging, etc. • SMC Toolbox Editor: used to modify or create toolboxes. • SMC client (the ‘Console’): interface that contains the GUI tools used to perform management tasks.

  15. SMC Server Components • The SMC server is a Java-based daemon. • Although it is a single process, it is a server for both the Solaris Management Console and Solaris Web-Based Enterprise Management (WBEM). • If server crashes or console never loads, stop and restart the server using the init.wbem command (next slide).

  16. Running the SMC Server • The script /etc/init.d/init.wbem is used to start smcboot, a small proxy server (see Initial Server Configurationslide). • In addition to the usual start and stop arguments, init.wbem also takes a status argument:# /etc/init.d/init.wbem statusSolaris Management Console serverÄversion 2.1.0 running on port 898. • For startup, init.wbem is linked to /etc/rc2.d/S90wbem and the shutdown scripts are /etc/rc0.d/K36wbem, /etc/rc1.d/K36wbem, and /etc/rcS.d/K36wbem.

  17. Running the Console Locally • Choose Solaris Management Console from the CDE Tools Menu (see right) • Or double-click the SMC icon in CDE Applications Manager or File Manager

  18. Starting the Console Locally by Command Line • Must be in an X11 terminal window, i.e., xterm. • Use the following command:/usr/sadm/bin/smc& • The command line is also used when using a PC X server to remotely run SMC.

  19. Running SMC in Web Browser • Despite what some of the documentation implies, SMC cannot be run in a web browser. • Java Web Console (Solaris 10) can.

  20. Options for Running SMC Remotely • Use a Unix box with SSH and Xwindows • Run Xwindows on a PC • Run Solaris or other Unix in a PC virtual machine such as VMware (right)

  21. Remote X Server to Run on PC • Use commercial product or download free Cygwin environment ( • Cygwin provides both X11 and OpenSSH for running SMC.

  22. Install OpenSSH and X11from Cygwin

  23. SSH X11 Tunneling • The Secure Shell (SSH) can be used to encrypt X11 traffic by forwarding through an SSH tunnel. • Neither Xhosts nor Xauth are necessary when using SSH to tunnel.

  24. X11 Forwarding Configuration • /etc/ssh/sshd_config must be modified to allow X11 forwarding by the ssh server. • Find Line with X11 tunneling options:# X11 tunneling optionsð# X11Forwarding noï X11DisplayOffset 10 • Change to allow forwarding:X11Forwarding yes

  25. Getting sshd to reread sshd_config • Send a SIGHUP signal to the sshd daemon to reread the configuration file. • There may be multiple instances of sshd running if using privilege separation:ps -ef | grep sshd root 304 702 0 19:36:22 ? 0:00 /usr/lib/ssh/sshdroot 702 1 0 Oct 05 ? 0:00 /usr/lib/ssh/sshdcfhauser 308 304 0 19:36:30 ? 0:00 /usr/lib/ssh/sshdcfhauser 178 175 0 19:25:32 ? 0:01 /usr/lib/ssh/sshd root 175 702 0 19:25:25 ? 0:00 /usr/lib/ssh/sshd • Signal process 702 (whose parent is process 1):kill -1 702

  26. SSH X11 Tunneling Example

  27. Possible Missing Font Message • This message may appear when using a remote X server on a PC to run SMC:Warning: Cannot convert string"-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1" to type FontStruct • The Java Virtual Machine running SMC on the server is requesting a font that is not in the font set of the remote X server. • This message may be safely ignored, but it can be fixed by aliasing the font (see following).

  28. Removing Font Error Message in Cygwin • Edit /usr/X11R6/lib/X11/fonts/75dpi/fonts.alias • Add the following as one complete line:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1 • In an xterm window, force X server to re-read fonts: xset fp rehash

  29. Removing Font Error Message in X-Win32 (Hummingbird) • Open the X-Util32 configuration utility. • Select FontsðAlias • Double-click 75dpi; double-click fonts.alias to open Font Alias dialog box. • Enter in the Alias from field:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 • Enter in the Alias to field: -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1 • Click Add

  30. Running su When Tunnelling • Although a normal user can start SMC, usually want to run as root (if not using RBAC) to avoid problems with loading some tools. • When using su to switch to root, do not use the ‘–’ option, otherwise the DISPLAY variable defining the local display will be lost:

  31. Initial Server Configuration • The smcboot native program waits for a connection from a console program on port 898. • When a connection is received for the first time, the real java-based server is called and displays the above while the server initializes.

  32. Console Elements • The default console consists of three main panes: Navigation, View, and Information. • There is a menu bar, tool bar, status bar, and if enabled, a location bar. • Context Help and Console Event tabs are at the bottom.

  33. Console Preferences Choose ConsoleèPreferences to change: • Console (toolbox used) • Appearance • Toolbar • Fonts • Tool Loading • Authentication

  34. Navigation Pane • Acts similar to a frame in a web page. • Clicking on in item in this pane will display this item in the View pane. • Double-click on an item or click on the turner icon ( ) to expand tree.

  35. View and Information Panes • View Pane – shows information related to selected node in navigation pane. • Information Pane – on bottom; either displays context-sensitive help or console events depending on selected button.

  36. Default Toolbox The default toolbox contains tools for: • System Status • System Configuration • Services • Storage • Devices and Hardware

  37. Logging In Even when running as root, selecting a tool will require logging in as root. If using RBAC, login as a role name and password.

  38. System Status – System Information

  39. System Status – Log Viewer • The log view defaults to events logged by the WBEM logging service (/var/sadm/wbem/log). • Syslog files may be chosen by selecting drop down box labeled Log File, but view must be manually refreshed. Note: the OpenWindows xconsole program provides a continually updated display of console messages in an Xwindow; it should be run as root:/bin/su root –c “/usr/openwin/bin/xconsole –daemon –verbose”

  40. System Status – Performance • Displays performance data based on projects, user, or summary. • Basically useless in System Performance Summary mode: the display blanks while system gathers new data, information appears briefly, then blanks for next cycle. Project and User screens are more useful. • Before running: be sure to change Preferences è General from default 30 seconds to longer time period to have a chance of seeing data.

  41. System Status – Processes • Use View è Filter to search for an individual process. • Right-click on an individual process to see process properties, suspend a process, resume a suspended process, or kill (‘delete’) a process.

  42. System Configuration – User Accounts • Allows viewing or modification of individual user accounts. • Probably best method for working with RBAC. • Multiple users can be added in a batch operation (see Adding Multiple Users).

  43. User Properties (1)

  44. User Properties (2)

  45. User Properties – Home Directory Modifying the user’s home directory will change the entry in /etc/passwd for the user and rename the old home directory to the new name.

  46. Users – Adding Multiple Users • An SMC wizard can be used to add multiple users by • User types each name • Generate automatic prefix followed by numeric sequence • Use text file in a format similar to /etc/passwd; minimum should have: newdudeid:New Dude • Other batch operations on users (add, delete, modify) can be performed at the command line using the smmultiuser command.

  47. Users – User Templates User templates are a named collection of user properties that can be used as the starting point for creating new users.

  48. Users – Rights • Actually RBACRights Profiles, a collection of commands, authorizations, or other rights. • Rights could be directly assigned to a user, but better to assign to a role, then assign the role to users. • The next slide shows a rights profile for User Security.

  49. Right Properties for User Security

  50. Users – Administrative Roles • No roles are predefined. • Sun suggests creating Primary Administrator, System Administrator, and Operator rights profiles. • This example adds a password.operator role for handling user password requests.