Reviewing Essential Administration Tools

The Solaris Operating Environment provides two groups of administration tools.

• The usual collection of operating system commands.

• Solaris Management Console (SMC) tools. SMC, introduced in the Solaris 8 1/01 update release, is a collection of network-aware system administration tools. See "Tools in the Solaris Management Console" on page 80 for more information.

Frequently Used Commands

The following sections briefly introduce basic Solaris commands that you are likely to use regularly as part of routine system administration; they are grouped by tasks. See Chapter 2, "Using Basic OS Commands," for additional frequently used commands.

Getting Around in the File System (pwd, cd)

The Solaris Operating Environment has a hierarchical file system. When administering systems, you need to know where you are in the file hierarchy and how to change to a different directory.

Finding Where You Are in the File System

To find out where you are in the file system hierarchy, type pwd and press Return. The print working directory command displays the current directory.

oak& pwd
/etc
oak%

Changing Directories

To change directories, type cd pathname and press Return. The change directory command moves the focus to the directory whose name you type.

oak% cd /usr
oak% pwd
/usr
oak%

If you type cd and press Return without typing a path name, focus is returned to the login home directory.

Finding Information About Files

With the ls command, you can list the contents of a directory and display permissions, links, ownership, group, size (in bytes), modification date and time, and file name for files. Many user problems related to accessing files can be traced to problems with incorrect permissions or ownership. See Chapter 12, "Recognizing File Access Problems," for more information.

Table 17 shows the options to the ls command.

Table 17. Options to the ls Command

Option	Description
-@	The same as -l except that extended attribute information supersedes ACL information. An at sign (@) is displayed after the file permission bits for files that have extended attributes. New in the Solaris 9 release.
-a	List all entries, including those that begin with a dot (.), which are normally not listed.
-A	List all entries, including those that begin with a dot (.) with the exception of the working directory (.) and the parent directory (..).
-b	Force printing of nonprintable characters to be in the octal \ ddd notation.
-c	Use time of last modification of the inode (file created, mode changed, and so forth) for sorting (-t) or printing (-l or -n).
-C	Display multicolumn output, and sort entries down the columns. This format is the default.
-d	If an argument is a directory, list only its name (not its contents); often used with -l to get the status of a directory.
-f	Force each argument to be interpreted as a directory, and list the name found in each slot. This option turns off -l, -t, -s, and -r, and turns on -a; the order is the order in which entries appear in the directory.
-F	Mark directories with a trailing slash (/), doors with a trailing greater-than sign (>), executable files with a trailing asterisk (*), FIFOs with a trailing vertical bar (|), symbolic links with a trailing at-sign (@), and AF_UNIX address family sockets with a trailing equal sign (=).
-g	The same as -l, except do not print the owner.
-i	For each file, print the inode number in the first column of the report.
-l	List in long format, giving mode, ACL indication, number of links, owner, group, size in bytes, and time of last modification for each file. If the file is a special file, the size field contains the major and minor device numbers. If the time of last modification is greater than six months ago, it is shown in the format month date year for the POSIX locale. When the LC_TIME locale category is not set to the POSIX locale, a different format of the time field can be used. Files modified within six months show month date time. If the file is a symbolic link, the file name is printed, followed by -> and the path name of the referenced file.
-L	If an argument is a symbolic link, list the file or directory the link references instead of the link itself.
-m	Stream output format; list files across the page, separated by commas and spaces.
-n	The same as -l, except print the owner UID and group GID numbers instead of the associated character strings.
-o	The same as -l, except do not print the group.
-p	Put a slash (/) after each file name if the file is a directory.
-q	Force printing of nonprintable characters in file names as the character question mark (?).
-r	Reverse the order of sort to get reverse alphabetic or oldest first as appropriate.
-R	Recursively list subdirectories.
-s	Give size in blocks, including indirect blocks, for each entry.
-t	Sort by time stamp (latest first) instead of by name. The default is the last modification time. (See -u and -c.)
-u	Use time of last access instead of last modification for sorting (with the -t option) or printing (with the -l option).
-x	Display multicolumn output, and sort entries across instead of down the page.
-1	Print one entry per line of output.

Displaying File Information (ls)

To display information about an individual file, type ls -l filename and press Return. Permissions, links, owner, group, file size in bytes, modification date and time, and the file name are displayed.

oak% ls -l /etc/passwd
-r--r--r--    1 root     sys        659 Feb 24 17:28 /etc/passwd
oak%

The mode printed with the -l option consists of ten characters. The first character is one of the following.

-	The entry is an ordinary file.
b	The entry is a block special file.
c	The entry is a character special file.
d	The entry is a directory.
D	The entry is a door.
l	The entry is a symbolic link.
p	The entry is a FIFO (or named pipe) special file.
s	The entry is an AF_UNIX address family socket.

The next nine characters are interpreted as three sets of three bits each. The first set refers to the owner's permissions; the next, to permissions of others in the user-group of the file; and the last, to all others. Within each set, the three characters indicate permission to read, to write, and to execute the file as a program. For a directory, execute permission is interpreted as permission to search the directory for a specified file.

For user and group permissions, the third position can be occupied by x (execute) or - (deny access). For user permissions, s denotes the set-user-ID bit. For group permissions, it denotes the set-group-ID bit. For example, the ability to assume the same user ID as the program owner during execution is used during login when you begin the process as root but then assume the identity of your user login.

For group permissions, l can occupy the third position. l refers to mandatory file and record locking. This permission describes a file's ability to allow other files to lock its reading or writing permissions during access.

For others permissions, the third position can be occupied by t or T. These refer to the state of the sticky bit and execution permissions.

The permissions are described below.

r	The file is readable.
w	The file is writable.
x	The file is executable.
-	The indicated permission is not granted.
s	The setuid or setgid bit is on, and the corresponding user or group execution bit is also on.
S	Undefined bit state (the setuid or setgid bit is on, and the user or group execution bit is off).
t	The 1000 (octal) bit, or sticky bit, is on (see chmod(1)), and execution is on.
T	The 1000 bit is on, and execution is off (undefined bit state).
l	Mandatory locking occurs during access (the setgid bit is on, and the group execution bit is off) (/usr/bin/ls).
L	Mandatory locking occurs during access (the setgid bit is on and the group execution bit is off) (/usr/xpg4/bin/ls).

When you use the ls -l command, any file that has an access control list (ACL) displays a plus (+) sign to the right of the mode field. See the getfacl(1) and setfacl(1) manual pages or the Solaris Advanced System Administrator's Guide, published by Sun Microsystems Press and Prentice Hall, for more information about ACLs.

To see a complete list of all files in the directory, type ls -l and press Return.

See the ls(1) manual page for a complete list of options.

Finding a File (find)

To find a file by searching from the home directory, type find $HOME -name filename -print and press Return. The $HOME variable starts the search with the home directory. The -name option looks for the name specified in the filename variable. The -print option displays the results of the find. If the named file is not found, the prompt is redisplayed.

The following example shows the results of find looking for core files.

oak% find $HOME -name core -print
/home/ignatz/core
oak%

Table 18 shows some of the options to the find command that you can use to focus your searches.

Table 18. Options to the find Command

Option	Description
-fstype type	Find files of the file system type you specify (typically ufs or nfs).
-prune	Limit the search to the specified directory.
-nouser	Find files that belong to a user not in the /etc/passwd database.
-nogroup	Find files that belong to a group not in the /etc/group database.
-atime n	Find files that have been accessed within the last n days.
-mtime n	Find files that have been modified within the last n days.
-ctime n	Find files that have been changed within the last n days. Changes can include changes to a file's attributes such as the number of links, its owner, or its group.
-xdev	Restrict search to one file system.

See the find(1) manual page for a complete list of options.

Finding the Type of a File (file)

Sometimes you need to determine the type of a file. To find the type of a file, type file filename and press Return. The output of the command makes an educated guess about the type of the file.

For example, if you are trying to execute an ASCII file that does not have execute permissions or to execute an empty file, displaying the file type tells you whether the system recognizes the file as a command.

In the following example, the file is empty.

anastasia% file junk1
junk1: empty file
anastasia%

In the following example, the file is an ASCII text file.

anastasia% file junk2
junk2: ascii text
anastasia%

In the following example, the file is a text file with executable permissions, so the file command reports that the file contains commands and is text.

anastasia% chmod 777 junk3
anastasia% file junk3
junk: commands text
anastasia%

To show the file type for all files in a directory, type file * and press Return. The files are listed in alphabetical order followed by the file type.

$ file *
coterie:      directory
course:       ascii text
dead.letter   ascii text
ksyms         English text
people:       directory
personal:     directory
showrev:      ascii text
status:       directory
text:         directory
todo:         ascii text
$

Finding Information in Files (grep, egrep)

You can use the grep and egrep commands to search files and command output for specific information.

Searching Files for Text Strings

To search files for a specific text string, type grep search-string filename and press Return. Lines in the files containing the string are displayed.

In the following example, the passwd file is searched for lines containing csh.

oak% grep csh /etc/passwd
ignatz::6693:10:Iggy Ignatz 64607:/home/ignatz:/bin/csh
fred::14072:10:Fred Lux:/home/fred:/bin/csh
oak%

You can search more than one file by specifying a series of file names separated by spaces or by using metacharacters such as the asterisk (*) or question mark (?) together with (or in place of) the file name.

To print lines that do not contain the specified string, type grep -v search-string filename and press Return. Lines in the file that do not contain the string are displayed.

Searching Input for Lines with a Given Pattern

You can use the grep command with pipes in combination with many administrative commands. For example, if you want to find all of a user's current processes, pipe the output of the ps command to grep and search for the user name, type ps -e | grep name and press Return. The listing for the name you specify is displayed. See "Combining Commands (|)" on page 122 for more information.

The following example finds the OpenWindows process.

oak% ps -e | grep openwin
PID TTY      TIME COMD
2212 pts/0    0:00 openwin
oak%

Looking at Files

You undoubtedly will spend lots of time looking at the content of files. When you need to look at the entire file, use the more command. When the information you need is at the end of the file (for example, in a log file), use the tail command to display the last lines (10 by default) of the file. When important information is at the beginning of the file, use the head command to display the first lines (10 by default) of the file.

Viewing a File (more)

To view a file, type more filename and press Return. The file is displayed one screen at a time. Press Return to display the next line. Press space to view the next screen.

To search for a specific string in a file you are viewing with more, type /search-string and press Return. The text scrolls to display the place in the file that contains the text of the search-string variable and displays the search string and the message . . . skipping at the top of the window. If no match is found, the message Pattern not found is displayed at the bottom of the window and the text does not scroll.

For example, to find the words Local aliases in the /etc/mail/aliases file, type /Local aliases and press Return.

/Local aliases
...skipping

#######################
# Local aliases below #
#######################

To search for the next occurrence of the search string, type n. To quit more, type q. The shell prompt is redisplayed.

Another way to quit more, if Control-C is set as your shell kill character, is to press Control-C. The shell prompt is redisplayed.

To display the shell intr (interrupt) character, type stty -a and press Return. A list of the stty settings is displayed. In the following example, ^c is the shell intr character.

castle% stty -a
ispeed 88840 baud; ospeed 88824 baud;
rows = 36; columns = 113; ypixels = 478; xpixels = 801;
eucw 1:0:0:0, scrw 1:0:0:0
intr = ^c; quit = <undef>; erase = ^h; kill = ^u;
eof = ^d; eol = <undef>; eol2 = <undef>; swtch = <undef>;
start = ^q; stop = ^s; susp = ^z; dsusp = ^y;
rprnt = ^r; flush = ^o; werase = ^w; lnext = ^v;
-parenb parodd cs8 cstopb hupcl cread -clocal loblk crtscts crtsxoff parext
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl -iuclc
ixon -ixany ixoff -imaxbel
isig icanon -xcase echo echoe echok -echonl -noflsh
-tostop echoctl -echoprt echoke -defecho -flusho -pendin iexten
opost -olcuc onlcr -ocrnl -onocr -onlret -ofill -ofdel
castle%

Looking at the End of a File (tail)

To look at the end of a file, type tail filename and press Return. The last 10 lines of the file are displayed.

The following example shows the tail of the /etc/lp/Systems file. Because the file contains only seven lines, the entire file is displayed.

castle% /usr/bin/tail /etc/lp/Systems
#
#ident  ''@(#)Systems   1.8   97/06/09 SMI''   /* SVr4.0 1.2   */
# This file previously contained an LP private interface. It's
# contents are no longer used by the printing system and therefore
# obsolete. Expect the file to be removed in a subsequent release
# of Solaris, along with the lpsystem(1M) command.
+:x:-:bsd:-:n:10:-:-:Allow all connections
castle%

By default, the head and tail commands display 10 lines. You can change the number of lines displayed by using the -n option. Substitute the number of lines you want to display for the letter n. For example, to display the last 20 lines of a file, type tail -20 filename and press Return.

Looking at the Beginning of a File (head)

To look at the beginning of a file, type head filename and press Return. The first 10 lines of the file are displayed.

The following example shows the head of the /etc/passwd file.

paperbark% head /etc/passwd
root:x:0:1:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:Nobody:/:
paperbark%

Changing File Ownership or Permissions (chown, chmod, chgrp)

Many user problems can be traced to file ownership or permissions problems. Use the ls command to check the permissions and ownership on a file. If you need to change one or both, use the chown, chmod, and chgrp commands.

Changing File Ownership

You must own a file or directory (or have root permission) to be able to change its owner.

The operating system has a configuration option, {_POSIX_CHOWN_RESTRICTED}, to restrict ownership changes. When this option is in effect, even the owner of the file cannot change the owner ID of the file. Only superuser can arbitrarily change owner IDs regardless of whether this option is in effect. To set the {_POSIX_CHOWN_RESTRICTED} configuration option, include the following line in the /etc/system file.

set rstchown = 1

To disable the {_POSIX_CHOWN_RESTRICTED} option, include the following line in /etc/system.

set rstchown = 0

{_POSIX_CHOWN_RESTRICTED} is enabled by default. See system(4) and fpathconf(2).

Use the following steps to change the ownership of a file.

oak% ls -l quest
-rw-r--r-- 1 fred staff 6023 Aug 5 12:06 quest
oak% su
Password:
# chown ignatz quest
# ls -l quest
-rw-r--r-- 1 ignatz staff 6023 Aug 5 12:06 quest
#

See Chapter 12, "Recognizing File Access Problems," for more information.

Changing File Permissions

You can change file permissions by using the symbolic values r, w, x, and -. You can also change file permissions by using a set of octal numbers. Table 19 shows the octal values for setting file permissions. You use these numbers in sets of three to set permissions for owner, group, and other. For example, the value 644 sets read/write permissions for owner and read-only permissions for group and other.

Table 19. Octal Values for File Permissions

Value	Description
0	No permissions.
1	Execute-only.
2	Write-only.
3	Write, execute.
4	Read-only.
5	Read, execute.
6	Read, write.
7	Read, write, execute.

The following example changes the permissions of a file from 666 (read/write, read/write, read/write) to 644 (read/write, read-only, read-only).

oak% ls -l quest
-rw-rw-rw- 1 ignatz staff 6023 Aug 5 12:06 quest
oak% chmod 644 quest
oak% ls -l
-rw-r--r-- 1 ignatz staff 6023 Aug 5 12:06 quest
oak%

Changing File Group Ownership (chgrp)

To change the group ownership of a file, type chgrp gid filename and press Return. The group ID for the file you specify is changed.

$ ls -lg junk
-rw-r--r-- 1 other 0 Oct 31 14:49 junk
$ chgrp 10 junk
$ ls -lg junk
-rw-r--r-- 1 staff 0 Oct 31 14:49 junk
$

Group IDs are defined in the nameservice group database or the local /etc/group file. See Chapter 5, "Administering User Accounts and Groups," for more information about groups.

Setting or Displaying the System Environment

The shell maintains an environment with a set of specifications that it gets from the shell initialization files. Users can also modify the shell environment for a session by issuing commands directly to the shell. The shell receives its information about the environment from environment variables. See "Setting Aliases, Paths, and Environment Variables" on page 116 for more information.

CDE Environment Variables

The Common Desktop Environment (CDE) has its own set of environment variables. Desktop search paths are created at login by the desktop command dtsearchpath. The dtsearchpath command uses a combination of environment variables and built-in locations to create the search paths.

The environment variables that dtsearchpath reads are called input variables. These are variables set by the system administrator or end user. The input variables use the naming convention DTSP *, which is an abbreviation for desktop search path.

When dtsearchpath runs at login, it assembles the values assigned to these variables, adds built-in locations, and creates values for output variables. Each search path has an output variable, as shown in Table 20.

Table 20. CDE Search Path Environment Variables

Search Path	Output Environment Variable	Systemwide Input Variable	Personal Input Variable
Applications	DTAPPSEARCHPATH	DTSPSYSAPPHOSTS	DTSPUSERAPPHOSTS
Database: actions, data types, and front panel definitions	DTDATABASESEARCHPATH	DTSPSYSDATABASEHOSTS	DTSPUSERDATABASEHOSTS
Icons	XMICONSEARCHPATH, XMICONBMSEARCHPATH	DTSPSYSICON	DTSPUSERICON
Help data	DTHELPSEARCHPATH	DTSPSYSHELP	DTSPUSERHELP

CDE components use the values of the output variables. For example, Application Manager uses the value of the application search path (DTAPPSEARCHPATH) to locate application groups. For more information about CDE, refer to Solaris Common Desktop Environment: Advanced User's and System Administrator's Guide.

Tools in the Solaris Management Console

The Solaris Management Console (SMC)—introduced in the Solaris 8 Update 3 (1/01) release—is your access point for system administration tools.

SMC software provides a consistent, easy-to-use interface for managing and administering a Solaris server, the clients of the server, and the applications running on the server. With SMC, you can manage a Solaris server from almost anywhere—from a browser, from any Solaris workstation or server, from an NT server, or as a stand-alone system. You can also plug SMC into other systems' consoles.

By default, SMC manages accounts on the local system. You can create a nameservice domain toolbox to manage accounts in the LDAP, DNS, NIS+, or NIS nameservices. Refer to the Solaris Management Console Tools book available from Sun Microsystems Press and Prentice Hall for instructions on how to create a nameservice domain toolbox.

Refer to the Solaris Management Console Tools book, published by Sun Microsystems Press and Prentice Hall, for complete information about SMC 2.0, including how to create or edit an SMC toolbox, create a toolbox that is shared by other toolboxes, or create a toolbox that includes all tools on a number of servers for a particular functionality.

SMC Tools Available in SMC 2.1

Table 21 describes the tools available in SMC 2.1, available in the Solaris 9 release.

Table 21. Solaris SMC Tools

Category	Tool	Description
System Status
	System Information	View read-only information about your system's host, hardware, software, memory, and network. New in SMC 2.1.
	Log Viewer	View and manage log files for SMC.
	Processes	View and manage system processes.
System Configuration
	Users	Create and manage user account information, including user templates, rights, administrative roles, groups, and mailing lists.
	Computer and Networks	View, define, modify, delete, find, sort, and filter computers, networks, and subnetworks. New in SMC 2.1.
	Projects	Manage the Solaris project database (/etc/project). New in SMC 2.1.
	Patches	Display the patches installed on your system. New in SMC 2.1.
Services
	Scheduled Jobs	Schedule jobs that are run at predetermined times (UNIX cron jobs).
Storage
	Mounts and Shares	View and manage mounts, shares, and usage information in the current management domain (single server only).
	Disks	Display disk information, display partition information, partition disks, copy disk layouts from one disk to a disk of the same size and manufacture, create fdisk partitions, and change the active fdisk partition on an IA computer.
	Enhanced Storage	Create and manage RAID0 volumes, including stripes and concatenation; RAID! volumes, including mirrors; RAID5 volumes; soft partitions; hot spare pools; disksets; and the state configuration database (metab). New in SMC 2.1.
Devices and Hardware
	Serial Ports	Configure and manage serial ports for modems and alphanumeric terminals.
Performance		Monitor system performance on the local system. New in SMC 2.1.

Starting SMC

You can start SMC in any one of the following ways.

• By choosing Solaris Management Console from the Tools menu of the CDE front panel.

• By double-clicking on the SMC icon in CDE Applications Manager or File Manager.

• From a command line by typing /usr/sadm/bin/smc& and pressing Return.

Figure 1 shows the elements of the default console.

Refer to the Solaris Management Console Tools book by Janice Winsor, published by Sun Microsystems Press and Prentice Hall, for complete information about SMC, including how to create or edit an SMC toolbox, create a toolbox that is shared by other toolboxes, or create a toolbox that includes all tools on a number of servers for a particular functionality.