Solaris Advanced System Administrator's Guide, Second Edition:Table of Contents

To access the contents, click the chapter and section titles.

Solaris Advanced System Administrator's Guide, Second Edition
(Imprint: Macmillan Technical Publishing)
(Publisher: Macmillan Computer Publishing)
Author: Janice Winsor
ISBN: 1578700396

INTRODUCTION

ACKNOWLEDGMENTS

PART 1—Mail Services

CHAPTER 1—Understanding Mail Services

Mail Services Terminology

Systems in a Mail Configuration

Relay Host
Gateway
Mailhost
Mail Client

User Agent
Mail Transport Agent
Mailers
Domains
Mail Addressing

Route-Based Addressing
Route-Independent Addressing

Mailbox
Aliases

Uses for Alias Files
Syntax of Aliases

Components of Mail Services

The Mail Services Programs

The sendmail Program
The sendmail Configuration File (sendmail.cf)
The sendmail Configuration Table
.forward Files

An Overview of the Mail Service

The Anatomy of the Mail Service
How the Mail Service Works
How sendmail Works

Argument Processing and Address Parsing
Message Collection
Message Delivery
Queuing for Retransmission
Return to Sender

How Mail Addressing Works

CHAPTER 2—Planning Mail Services

Local Mail Only
Local Mail and a uucp Connection
One Domain, Two Networks, and a Router
Two Domains and a Gateway

CHAPTER 3—Setting Up and Administering Mail Services

Preparing to Set Up Mail Services
Setting Up Mail Services

Setting Up a Mail Server
Setting Up a Mail Client
Setting Up a Mailhost
Setting Up a Relay Host
Setting Up a Gateway
Creating Mail Aliases
Setting Up NIS Alias Files
Setting Up Local Mail Alias Files
Setting Up DNS Alias Files
Setting Up the Postmaster Alias

Testing Your Mail Configuration
Administering Your Mail Configuration

Duties of Postmaster
The Mail Queue

Printing the Mail Queue
Format of Queue Files
Forcing the Queue
Running the Old Mail Queue

The System Log

Troubleshooting Your Mail Configuration

Checking Aliases
Testing sendmail
Verifying Connections to Other Systems
Other Diagnostic Information

CHAPTER 4—Customizing sendmail Configuration Files

Overview of sendmail Functions

Interfaces to the Outside World

Argument Vector/Exit Status
SMTP over Pipes
SMTP over a TCP Connection

How the sendmail Program Works

Argument Processing and Address Parsing
Message Collection
Message Delivery
Retransmission Queuing
Return to Sender

Message-Header Editing
Configuration File

How sendmail Is Implemented

Mail to Files and Programs
Message Collection
Message Delivery
Queued Messages
Configuration Overview

Macros
Header Declarations
Mailer Declarations
Name-Rewriting Rules
Option Setting

Introducing Arguments to sendmail

Queue Interval
Daemon Mode
An Alternative Configuration File

Tuning Configuration Parameters

Time Values

Queue Interval
Read Timeouts
Message Timeouts

Delivery Mode
Load Limiting
Log Level
File Modes

setuid
Temporary File Modes
Aliases Database Permissions

The Configuration File

Parts of the sendmail Configuration File
A Sample sendmail Configuration File
Configuration File Syntax

D and L (Define Macro)
C, F, and G (Define Classes)
O (Set Option)
P (Precedence Definitions)
T (Define Trusted Users)
H (Define Header)

Special Header Lines

S and R (Rewriting Rules)
M (Define Mailer)

Address Rewriting Rules

Special Macros, Conditionals
Special Classes
The Left Side
Right-Side Address Rewriting Rules
Semantics of Rewriting Rulesets
The error Mailer
Semantics of Mailer Descriptions

Building a New Configuration File

Domains and Policies
How to Proceed
Testing the Rewriting Rules--the -bt Flag

Command-Line Arguments
Configuration Options
Mailer Flags

PART 2—NIS+

CHAPTER 5—Introducing the NIS+ Environment

Comparison of NIS and NIS+
The NIS+ Namespace

Components of the NIS+ Namespace

Directory Objects
Domain Name Syntax
Table Objects

NIS+ Security

NIS+ Authentication
Access Rights

The NIS+ Updating Model
NIS and NIS+ Compatibility
The Name Service Switch
NIS+ Administration

AdminSuite
NIS+ Commands

Table Information Display

CHAPTER 6—Setting Up NIS+ Clients

Security Considerations
Prerequisites
Steps for Setting Up NIS+ Client Credentials
Steps for Setting Up an NIS+ Client
Verification of the Setup

Verify That the Cache Manager Is Running
Check the Contents of the /var/nis Directory
Verify That the NIS+ Commands Succeed

PART 3—Automounter Services

CHAPTER 7—Understanding the Automounter

NFS Terminology

Server and Client Systems
Mount Points
The Virtual File System Table
Mount and Unmount
The Mount Table (/etc/mnttab)

NIS+ Terminology
Automount Terminology

Automounter
Automount Maps

The Master Map
Indirect and Direct Maps

Automount Maps and Mount Points

The Default Automount Maps

The Master Map
The Home Directory Map

Indirect Maps
Direct Maps
Syntax and Shortcuts for Map Entries

Specifying Multiple Servers
Specifying Multiple Servers with the Same Path
Specifying Weighting Factors for Each Server
Using Map Variables

How the Automounter Works
How to Plan for Automounting

Recommended Automounting Policies
Prerequisites for Using the Automounter

Servers and the Automounter
Clients and the Automounter
NIS+ Maps

CHAPTER 8—Setting Up the Automounter

Setting Up Automount Server Systems
Setting Up Automount Client Systems
Displaying Information about NIS+ Automount Maps

Displaying the Format of NIS+ Automount Maps
Displaying the Contents of NIS+ Automount Maps

Setting Up NIS+ Automount Maps

Setting Up the auto_home Map
Setting Up Indirect Maps
Setting Up a Direct Map
Setting Up the Master Map
Administering NIS+ Automount Maps

Modifying NIS+ Automount Maps
Deleting Entries from NIS+ Automount Maps

PART 4—Service Access Facility

CHAPTER 9—Understanding the Service Access Facility

Benefits of the SAF
The SAF Daemons
The SAF Commands
SAF Architecture

The init Process
Service Access Controller
Port Monitors

The ttymon Port Monitor
The listen Port Monitor

Service Invocations
Port Monitor States

Operational States
Transitional States
Inactive States

The Line Control Model

The /etc/ttydefs File
The terminfo Database
The tput Utility
The stty Command

UUCP Files

The /etc/uucp/Dialers File
The /etc/uucp/Devices File

SAF Log Files

Reference to SAF Commands, Tasks, and Options

Quick Reference to SAF Variables
Quick Reference to Service Access Control (sacadm)
Quick Reference to Port Monitor Administration (pmadm)

Admintool: Serial Ports and SAF
Templates
Starting Admintool: Serial Ports

CHAPTER 10—Setting Up Modems and Character Terminals

Tools for Setting Up Modems and Character Terminals
Using Variables in SAF Commands

The Port Monitor Tag (pmtag)
The Service Tag (svctag )
The Device Path (dev-path)
The Baud Rate and Line Discipline (ttylabel)
Type of Modem
Comments

Setting Up Modems

Hardware Carrier Detect Setting
Modem Connection and Switch Settings

Hayes-compatible Modem Settings

Variables Used to Set Up Modems
SAF Configuration for Modems
Dial-Out Modem Service Configuration
Modem Connection Troubleshooting
Using Admintool: Serial Ports to Configure Modems

Setting Up the SAF for Character Terminals

Terminal Connection
SAF Configuration for Character Terminals
Terminal Connection Troubleshooting
Using Admintool: Serial Ports to Add a Character Terminal
Initializing Ports Without Configuring
Removing Port Services

CHAPTER 11—Setting Up Printing Services

What's New in Printing

Redesign of Print Packages
Print Protocol Adaptor
SunSoft Print Client
Enhanced Network Printer Support

Print Administration Tools in the Solaris 2.6 Environment

Choosing a Method to Manage Printers

System Requirements for a Print Server
Printer Configuration Information

Printer Device Name
Printer Name
Printer Port
Printer Type
File Content Type
Print Filters
Universal Address for the Print Server
Printer Description (Optional)
Default Printer (Optional)

Local PostScript Printer Setup
Print Server Setup

Adding the listen Service
Creating the listen Services
Specifying the Print Client Systems

Print Client Setup
Using the SunSoft Print Client

Printer Configuration Resources
Submitting Print Requests
Summary of the SunSoft Print Client Process
Setting Up a Print Client by Using Admintool
Setting Up a Local Printer by Using Admintool

Printing Problems

No Output (Nothing Prints)

Check the Hardware
Check the Network
Check the LP Print Service
How to Check and Start the Scheduler
How to Enable Printers and Accept Print Requests
How to Check the Port Connection
How to Check Printer Configurations
How to Check for Printer Faults on the Print Server
How to Check Printing from a Solaris 2.x Client to a Solaris 2.x Print Server
How to Check Printing from a Solaris 2.x Client to a SunOS 4.x Print Server

Incorrect Output

Check the Printer Type
Check the stty Settings
Check the Baud Settings
Check the Parity Setting
Check the Tab Settings
Check the Return Setting

Hung LP Print Service Commands
Idle (Hung) Printers

Check the Print Filters
Check Printer Faults
Check Network Problems
Check for Jobs Backed Up in the Local Client Queue
Check for Jobs Backed Up in the Remote Server Queue

Conflicting Status Messages

PART 5—Application Software

CHAPTER 12—Installing and Managing Application Software

Overview of Installing and Managing Application Software

Using Package Commands
Using Admintool
Using Installation Scripts

User Access to Applications

Automating Your Application Environment

Benefits of a Standardized Application Server Setup
Benefits of a Standardized User Environment

Using Wrapper Technology

Wrappers and Dot Files
Additional Wrapper Advantages
Wrapper Overhead and Costs
Introduction of Wrappers into an Existing Environment

Designing an Application Server

Server Configuration
User Capacity
Compatible Services
Disk Allocation
File System Configuration
File System Sharing

Installing and Configuring Packages

Changes to the Default Package Version

Developing Wrappers

Interpreter Choice
Wrapper Directory and Naming
Command Name Evaluation
Environment Variables
Platform Evaluation
Command Path Construction
Exec/Argument Passing
A Basic Wrapper

Using a Common Command Directory
Setting User Configurations

Mount Points
Mounts
Path
Migration Considerations

Understanding Distribution Issues
Licensing

CD-ROM Mounts

Using a Local CD-ROM Drive (Solaris 2.2 and Later System Software)
Using a Local CD-ROM Drive (Solaris 2.0 or 2.1 System Software)
Accessing Files from a Remote CD-ROM

How to Share CD Files from a Remote CD-ROM Drive
How to Access Shared CD-ROM Files
How to Unmount Shared CD-ROM Files

CHAPTER 13—Package Commands

Package Command-Line Utilities
Setting Up Package Configuration Files

Setting Up the Installation Base Directory
Installing a Package with an Alternative Admin File

Adding Packages
Checking the Installation of a Package
Listing Packages
Removing Packages
Package System Log File

CHAPTER 14—Admintool: Software Manager

Starting Admintool
Installing Software

Accessing Files from a Local CD-ROM Drive
Customizing Installation
Beginning Installation

Removing Software

CHAPTER 15—Installing and Managing System Software Patches

Patch Distribution

Requirements to Access Sun Patches
Accessing Patches from the Web
Accessing Patches by ftp

Patch Numbering
Installing a Patch
Removing Patches

PART 6—Introduction to Shell Programming

CHAPTER 16—Writing Shell—Scripts

Basic Concepts

Introducing Bourne, Korn, and C Shells

Bourne Shell
Korn Shell
C Shell

Understanding How Shells Process Commands
Naming Shell Scripts
Identifying the Shell
Making Scripts Executable
Storing Shell Scripts
Writing Shell Scripts: The Process

Variables

Shell Variables

Displaying Variables from a Command Line
Setting and Displaying Shell Variables
Unsetting Shell Variables
Stripping Filenames
Korn Shell Path Stripping
C Shell Path Stripping

Built-In Shell Variables
Environment Variables

Input and Output

Standard In, Standard Out, and Standard Error
Command-Line Input

Shifting Command-Line Arguments

Interactive Input
Here Documents
Generating Output

The Echo and Print Commands
Quoting

Command Substitution

Testing for Conditions

if-then-else-elif
if-else-else if-endif
Nested if Constructs
Multi-Branching

Controlling the Flow

Using for/foreach Loops
Using while Loops
Using Until Loops
Breaking Loops

Exit Status
Mathematical Operations
User-Defined Functions
Debugging Shell Scripts

Using Debugging Flags
Understanding Shell Parsing Order

CHAPTER 17—Reference Tables and Example Scripts

Reference Tables

Environment Files
First Line of Script
Korn Shell Path Operators
C Shell Path Modifiers
Variables Initialized by Shell
Shell Built-In Commands
Bourne and Korn Shell Redirection
C Shell Redirection Metacharacters
C Shell $argv Notation
Quoting
Metacharacter Shell Syntax
Variable Shell Syntax
I/O Redirection and Piping
Printing to the Screen
Reading from the Keyboard
Math and Calculations
Command Substitution
Tilde Expansion
Alias Syntax
History Syntax
Function Syntax
Programming Statement Syntax
Test and C Shell Built-In Test
Bourne Shell Mathematical Operators
C Shell Mathematical Operators

Example Scripts

Anonymous ftp Script
arch.sh.fctn Function
array.sh.fctn Function
hostname.sh.fctn Function
osr.sh.fctn Function
whoami.sh.fctn Function

PART 7—System Security

CHAPTER 18—Understanding System Security

New Security Features in the Solaris 2.6 Release

Pluggable Authentication Module (PAM)
Executable Stacks and Security

Disabling Programs from Using Executable Stacks
Disabling Executable Stack Message Logging

Overview of System Security

Maintaining Physical Site Security
Maintaining Login and Access Control
Restricting Access to Data in Files
Maintaining Network Control
Monitoring System Use
Setting the Correct Path
Monitoring setuid Programs
Installing a Firewall
Reporting Security Problems

File Security

User Classes
File Permissions
Directory Permissions
Octal Values for Permissions
Default umask
File Types
File Administration Commands

Displaying File Information
Changing File Ownership
Changing Group Ownership of a File
Changing File Permissions

Special File Permissions (setuid, setgid, and Sticky Bit)

setuid Permission
setgid Permission
Sticky Bit
Searching for Files with Special Permissions

Access Control Lists (ACLs)

ACL Commands
ACL Permissions for Files
ACL Permissions for Directories
Determining If a File Has an ACL
Setting ACL File Permissions
Setting Permissions for a File from a Command Line
Using an ACL Configuration File to Set Permissions
Adding and Modifying ACL Permissions
Deleting an ACL Entry
Copying ACL File Permissions

Network Security

Firewall Systems
Authentication and Authorization

Monitoring Login Security Information
Displaying a User's Login Status
Temporarily Disabling User Logins
Saving Failed Login Attempts

Sharing Files
Restricting Superuser (root) Access

Controlling and Monitoring Superuser Access
Restricting Superuser Logins to the Console
Monitoring Who Is Using the su Command

Using Privileged Ports
Automated Security Enhancement Tool (ASET)

CHAPTER 19—Using Authentication Services

DES Encryption
Diffie-Hellman Authentication

How Diffie-Hellman Authentication Works

Generating the Public and Secret Keys
Running the keylogin Command
Generating the Conversion Key
First Contact with the Server
Decrypting the Conversation Key
Storing Information on the Server
Verifier Returned to the Client
Client Authenticates the Server
Additional Transactions

Administering Diffie-Hellman Authentication

Secure RPC Commands
Restarting the Keyserver
Setting Up NIS+ Credentials for Diffie-Hellman Authentication
Setting Up NIS Credentials for Diffie-Hellman Authentication
Sharing and Mounting Files with Diffie-Hellman Authentication

Kerberos Version 4

How Kerberos Authentication Works with NFS
Administering Kerberos Version 4 Authentication

Acquiring a Kerberos Ticket for Superuser on a Client
Sharing and Mounting Files with Kerberos Authentication
Logging In to Kerberos Service
Listing Kerberos Tickets
Accessing a Directory with Kerberos Authentication
Destroying a Kerberos Ticket

The Pluggable Authentication Module (PAM) Framework

PAM Module Types
Stacking Feature
Password-Mapping Feature
How PAM Works

PAM Library and Modules

PAM Configuration File
Valid Service Names
Control Flags

The required Flag
The requisite Flag
The optional Flag
The sufficient Flag

Planning for PAM
Configuring PAM

Preventing Unauthorized Access from Remote Systems with PAM
Initiating PAM Error Reporting
Adding a PAM Module

CHAPTER 20—Using Automated Security Enhancement Tool (ASET)

ASET Tasks
ASET Master Files
ASET Security Levels
How ASET Tasks Work

System Files Permissions Verification
System Files Checks
User/Group Checks
System Configuration Files Check
Environment Check
eeprom Check
Firewall Setup

ASET Execution Log
ASET Reports

Format of Report Files
Examining and Comparing Report Files

ASET Master Files

Tune Files
The uid_aliases File
The Checklist Files

ASET Environment File (asetenv)

ASET Shell Environment Variables
PERIODIC_SCHEDULE Variable
TASKS Variable
UID_ALIASES Variable
YPCHECK Variable
CKLISTPATH_level Variable

Running ASET

Running ASET Interactively
Running ASET Periodically
Stopping Running ASET Periodically
Collecting Reports on a Server

Restoring System Files Modified by ASET
ASET Error Messages

BIBLIOGRAPHY
APPENDIX A
APPENDIX B
GLOSSARY
INDEX