Today i work with Gianluca on local zone timezone problem.
Connecting from global to local zone through zlogin i obtain:

#date
Wed Jan 27 15:03:08 GMT 2010 <— not correct
# echo $TZ
MEST

same command from global zone:

#date
Wed Jan 27 16:03:25 CET 2010 <— correct
#echo $TZ
Europe/Rome

Connecting directly to local zone with ssh , i obtain the same output of global zone.

So, where is the problem? As suggested by gianluca we check /etc/default/login , where we found:

[...]
# Set the TZ environment variable of the shell.
#
TIMEZONE=MEST
[...]

we check /etc/default/init , where we found:

#tail -2 /etc/default/init
TZ=Europe/Rome
CMASK=022

So , modifying /etc/default/login is useful for solving this problem because zlogin read this file during connection

Recently i worked with file descriptors on Solaris 10.
The problem is originated from syslog-ng that wrote “too many open files” and someone spoke about Solaris problem.

During my analysis i have found:

- on Solaris 10 the default fd are 256 and they can be configured at MAXINT ( the value of this variable depends on system’s architecture , in this case can be two billion ).

- on this system file descriptor are configured as 70.000 ( current and max )

Altough they are configured as 70.000 , syslog-ng was started with only 4096 , as follow:

root@systembo # pgrep -lf syslog-ng
7313 /opt/syslog-ng/sbin/syslog-ng
7312 /opt/syslog-ng/sbin/syslog-ng

root@systembo # pfiles 7313 | head
7313: /opt/syslog-ng/sbin/syslog-ng
Current rlimit: 4096 file descriptors
0: S_IFCHR mode:0666 dev:345,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_RDONLY|O_LARGEFILE
/devices/pseudo/mm@0:null
1: S_IFCHR mode:0666 dev:345,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_WRONLY|O_LARGEFILE
/devices/pseudo/mm@0:null
2: S_IFCHR mode:0666 dev:345,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_WRONLY|O_LARGEFILE

I was really surprised about that and i wrote a script for testing fd use:

root@systembo # cat test.sh
#!/usr/bin/bash

while true;
do
sleep 1;
done

I ran it:

root@blora1bo # ./test.sh &
[1] 28905

root@systembo # pfiles 28905 | head
28905: /usr/bin/bash ./test.sh
Current rlimit: 70000 file descriptors
0: S_IFCHR mode:0620 dev:345,0 ino:12582918 uid:0 gid:7 rdev:24,1
O_RDWR|O_NOCTTY|O_LARGEFILE
/devices/pseudo/pts@0:1
1: S_IFCHR mode:0620 dev:345,0 ino:12582918 uid:0 gid:7 rdev:24,1
O_RDWR|O_NOCTTY|O_LARGEFILE
/devices/pseudo/pts@0:1
2: S_IFCHR mode:0620 dev:345,0 ino:12582918 uid:0 gid:7 rdev:24,1
O_RDWR|O_NOCTTY|O_LARGEFILE

Wow! The scripts is correctly started.
The problem was syslog-ng. I think that somewhere it had a fd configuration.

Some days ago i used RBAC with Gianluca.
The customer needed a specific profile for software installation ( as simple user , not administrator ) .

Follow the steps for implementation.

1) We saw the file /etc/security/exec_attr file and we founded an existent profile called “Software Installation”:

# grep pkg /etc/security/exec_attr
Software Installation:suser:cmd:::/usr/bin/pkginfo:uid=0
Software Installation:suser:cmd:::/usr/bin/pkgmk:uid=0
Software Installation:suser:cmd:::/usr/bin/pkgparam:uid=0
Software Installation:suser:cmd:::/usr/bin/pkgproto:uid=0
Software Installation:suser:cmd:::/usr/bin/pkgtrans:uid=0
Software Installation:suser:cmd:::/usr/sbin/pkgadd:uid=0;gid=bin
Software Installation:suser:cmd:::/usr/sbin/pkgask:uid=0
Software Installation:suser:cmd:::/usr/sbin/pkgchk:uid=0
Software Installation:suser:cmd:::/usr/sbin/pkgrm:uid=0;gid=bin

Very good !!

2) We saw roleadd syntax and defaults:

# roleadd
UX: roleadd: ERROR: invalid syntax.
usage: roleadd [-u uid [-o] | -g group | -G group[[,group]…] |-d dir |
-s shell | -c comment | -m [-k skel_dir] | -f inactive |
-e expire | -A authorization [, authorization ...] |
-P profile [, profile ...] | -K key=value ] login
roleadd -D [-g group | -b base_dir | -f inactive | -e expire
-A authorization [, authorization ...] |
-P profile [, profile ...]]]

# roleadd -D <— ( show default values )
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/pfsh inactive=0
expire= auths= profiles=All limitpriv=
defaultpriv= lock_after_retries=

3) we created role "package" with package password:

# roleadd -m -d /export/home/package -c "Installazione pacchetti" -P "Software Installation" package
64 blocks

# passwd package
New Password:
Re-enter new Password:
passwd: password successfully changed for package

# grep package /etc/passwd
package:x:104:1:Installazione pacchetti:/export/home/package:/bin/pfsh

# grep package /etc/user_attr
package::::type=role;profiles=Software Installation
#

4) we created user pkginst ( pkginst is the password ) and we assinged the “package” role:

# useradd -d /export/home/pkginst -m -R package pkginst
64 blocks
# passwd pkginst
New Password:
Re-enter new Password:
passwd: password successfully changed for pkginst

5) we verified that pkginst’s role:
# roles pkginst
package

# grep pkginst /etc/user_attr
pkginst::::type=normal;roles=package

6) we switched to pkginst user:

# su – pkginst
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$

7) from pkginst user we switched to role package:

$ su package
Password:
$

we verified the profiles:

$ profiles
Software Installation
Basic Solaris User
All

9) we verified UID and GID:

$ id -a
uid=104(package) gid=1(other) groups=1(other)
$

10) We tryed to use pkg* commands:

$ pkginfo | grep -i core
system SUNWadmc System administration core libraries
system SUNWcakr Core Solaris Kernel Architecture (Root)
system SUNWcar Core Architecture, (Root)
[...]

$ pwd
/tmp/etherdrivers-1.0.8/Packages/i386

$ /usr/sbin/pkgadd -d .

The following packages are available:
1 GEDenetd Garrett’s Solaris Ethernet Drivers
(i386) 1.0.8,REV=2006.10.16.19.30
2 GEDenetm Garrett’s Solaris Ethernet Drivers (Man Pages)
(i386) 1.0.8,REV=2006.10.16.19.30
3 GEDenetu Garrett’s Solaris Ethernet Drivers (Utility and Header)
(i386) 1.0.8,REV=2006.10.16.19.30

Select package(s) you wish to process (or ‘all’ to process
all packages). (default: all) [?,??,q]: q
$

Good!!

Obtaining kernel patch release date without sunsolve is possible!
On running system i can run these commands:

grep Date /var/sadm/patch/`uname -v | cut -f2 -d’_’ `/README.*|awk ‘{print $2}’

Example:

# grep Date /var/sadm/patch/`uname -v | cut -f2 -d’_’ `/README.*|awk ‘{print $2}’
Jun/08/2005

Today i upgrade this system

I encountered this error during a live upgrade activity.
After running lucreate command i had this error:

Discovering physical storage devices
Discovering logical storage devices
Cross referencing storage devices with boot environment configurations
Determining types of file systems supported
Validating file system requests
Preparing logical storage devices
Preparing physical storage devices
Configuring physical storage devices
Configuring logical storage devices
Analyzing system configuration.
No name for current boot environment.
Current boot environment is named .
Creating initial configuration for primary boot environment .
The device is not a root device for any boot environment; cannot get BE ID.
PBE configuration successful: PBE name PBE Boot Device .
Comparing source boot environment file systems with the file
system(s) you specified for the new boot environment. Determining which
file systems should be in the new boot environment.
Updating boot environment description database on all BEs.
Searching /dev for possible boot environment filesystem devices

Template entry -:/dev/dsk/c0t2d0s1:swap skipped.

luconfig: ERROR: Template filesystem definition failed for -, all devices are not applicable..
ERROR: Configuration of boot environment failed.

During my analsyis i found that c0t2d0s1 doesn’t have tag “swap” but “unassigned”.
I changed in swap , obtaining from format:

[...]
1 swap wu 5141 – 6683 3.00GB (1543/0/0) 6295440
[...]

I tried to run lucreate and all was fine!!!

On this system i must create a flash archive for backup.
Creating a flar is simple , in this case i use flarcreate command as follow:

flarcreate -n soapbo01fs_archive -c -x /mnt1 -S /mnt1/flar_soapbo01fs

where:
-n soapbo01fs_archive = the name of Flash archive
-c = the archive is compressed
-x /mnt1 = excludes /mnt1 ( in this case i use this directory as location of archive )
-S = do not include size information ( without this the creation of archive is quickly )
/mnt1/flar_soapbo01fs = the location where the archive is created

So:

# flarcreate -n soapbo01fs_archive -c -x /mnt1 -S /mnt1/flar_soapbo01fs
Full Flash
Checking integrity…
Integrity OK.
Running precreation scripts…
Precreation scripts done.
Creating the archive…
12023253 blocks
Archive creation complete.
Running postcreation scripts…
Postcreation scripts done.

Running pre-exit scripts…
Pre-exit scripts done.

Today on a Solaris 10 system ( global zone ) i discovered this error:

#zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
[...]
zoneadm: local13: could not get brand name: Wrong document type
[...]

What’s happend here!?!
It can be a problem related to the syntax of /etc/zones/local13.xml file or /etc/zones/index
In this case /etc/zones/local13.xml was missing… i don’t know why

When i run du -sh command i can see every file size , but if i want obtain a ordered list?
With these commands i can accomplish this:

[root@server]#pwd
/var

[root@server]# \du -sh * | tee /tmp/prova.txt | grep G | sort -rn ; cat /tmp/prova.txt | grep M | sort -rn ; cat /tmp/prova.txt | grep K | sort -rn ; rm /tmp/prova.txt
1.2G spool
1.1G sadm
239M apache2
139M opt
45M smop
38M tmp
[...]
983K cron
937K lib
552K lp
162K cache
153K ldap
131K snmp
128K run
74K preserve
[...]

GOOD!!!