D72896GC40 - Oracle Solaris 11 System Administration - EP

Oracle Solaris 11 System
Administration
Electronic Presentation
D72896GC40
Edition 4.0
September 2014
Author
Copyright 2014, Oracle and/or its affiliates. All rights reserved.
Vijetha M Malkai
Disclaimer
Technical Contributors
and Reviewers
Muhammad Aseel Khan
This document contains proprietary information and is protected by copyright and other intellectual
property laws. You may copy and print this document solely for your own use in an Oracle training
course. The document may not be modified or altered in any way. Except where your use constitutes
"fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part
without the express authorization of Oracle.
Rajesh Rajasekharan
Gary Riseborough
David Maxwell
The information contained in this document is subject to change without notice. If you find any
problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway,
Redwood Shores, California 94065 USA. This document is not warranted to be error-free.
Restricted Rights Notice
Editors
Vijayalakshmi Narasimhan
Smita Kommini
Graphic Designers
Maheshwari Krishnamurthy
James Hans
If this documentation is delivered to the United States Government or anyone using the
documentation on behalf of the United States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or disclose these
training materials are restricted by the terms of the applicable Oracle license agreement and/or the
applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be
trademarks of their respective owners.
Publishers
Nita Brozowski
Syed Imtiaz Ali
Introduction
Overview
1-2
Course goals
Course agenda
Introductions
Your learning center
Your lab environment
Course Goals
The goals of this course are to:
Enable you to perform basic Oracle Solaris 11 system
administration tasks successfully and efficiently
Present tasks that cover the full spectrum of system
administrative responsibilities:
1-3
OS installation
Package management
Network, data storage, zones, and user administration
Services and process management
Provide numerous and meaningful practice opportunities
Course Agenda: Day 1
Lesson 1: Introduction
Lesson 2: Installing the Oracle Solaris 11 Operating
System
Lesson 3: Managing Boot and Shutdown of a System
Lesson 4: Administering Services by Using SMF
Note: Class is from 9:00 AM to 5:00 PM each day. There will be

several short breaks throughout the day, plus one hour for lunch.
1-4
1-5
Lesson 4: Administering Services by Using SMF

(continued)
Lesson 5: Administering Software Packages by Using IPS
Lesson 6: Managing Data by Using ZFS
1-6
Lesson 6: Managing Data by Using ZFS (continued)

Lesson 7: Administering the Network
1-7
Lesson 8: Administering Oracle Solaris Zones

Lesson 9: Controlling Access to Systems and Files
1-8
Lesson 9: Controlling Access to Systems and Files

(continued)
Lesson 10: Administering User Accounts
Lesson 11: Managing System Processes and Scheduling
System Tasks
Introductions
1-9
Name
Company affiliation
Title, function, and job responsibility
Experience related to the topics presented in this course
Reasons for enrolling in this course
Expectations for this course
Your Learning Center
Logistics
Restrooms
Break rooms and designated smoking areas
1 - 10
Cafeterias and restaurants in the area

Emergency evacuation procedures
Instructor contact information
Cell phone usage
Online course attendance confirmation form
Your Lab Environment
1 - 11
Installing the Oracle Solaris 11

Operating System
Objectives
After completing this lesson, you should be able to:
Describe Oracle Solaris 11 OS
Implement a plan for an Oracle Solaris 11 OS installation
Install the Oracle Solaris 11 OS by using the Live Media
installer
Install the Oracle Solaris 11 OS by using the text installer
Verify the installed OS
2-2
Workflow Orientation
Introduction
Processes
Installation
Users
Boot and Shutdown
Security
Services
Zones
Packages
Network
2-3
Storage
Lesson Agenda
2-4
Introduction to Oracle Solaris 11 OS

Planning for an Oracle Solaris 11 OS Installation
Installing Oracle Solaris 11 OS by Using the Live Media
Installer
Installing Oracle Solaris 11 OS by Using the Text Installer
Verifying the OS Installation
2-5
Is supported by over 11,000 applications

Provides a complete, reliable, secure, and simple solution
for deploying your enterprise-grade clouds
Provides centralized cloud management with complete
OpenStack distribution
Delivers unique features to increase performance,
streamline management, and automate support for Oracle
deployments
Key Benefits of Oracle Solaris 11
2-6
Key Benefits of Oracle Solaris 11
2-7
Simplified administration
Built-in virtualization
Scalable data management
Advanced protection
Zero-to-complete cloud in minutes with Oracle Solaris and
OpenStack
Greater flexibility with independent and isolated Kernel Zones
virtualization
Fast and agile application provisioning with Unified Archives
Conformation with service-level agreements by using
application-driven software-defined networking
Risk reduction with comprehensive compliance checking and
reporting
Platforms Supported by Oracle Solaris 11 OS

Architecture Systems
SPARC
M6-32
M5-32
T-Series
x86
X86 (64-bit
processor)
Virtualization
OS Virtualization
Dynamic Domains,
Logical Domains
Oracle VM for SPARC
Oracle Solaris Zones
formerly known as LDoms
Oracle VM for x86
Note: Third-party virtualization offerings from vendors, including

VMware, Windows, and Red Hat, are also supported.
2-9
Integration of Oracle Solaris 11

with the Oracle Stack
2 - 10
Record performance in running Oracle

Database, Oracle Middleware, and Oracle
Applications
New high-performance, super scalable
virtual memory
Reduced down time with new Optimized
Shared Memory interface
Kernel Mode Acceleration for Oracle Real
Application Clusters (Oracle RAC)
Faster transparent hardware cryptography
acceleration
Unique observability with Oracle Solaris
DTrace
High availability and disaster recovery
across the Oracle Stack
Integrated development environment
Lesson Agenda
2 - 12

Installer
Planning is required to make sure that the operating

system is:
Installed properly
Configured to support business needs
Planning addresses and answers questions such as:
2 - 13
How many users will you need to support?

What applications will you be running?
What type of network will you be using?
What are your data storage needs?
What are your hardware needs?
Methods of Installing
Oracle Solaris 11 Operating System
Interactive
Live Media
SPARC
Automated
Text Installer
Automated
Installer (AI)
x86
Single system
Multiple-client
systems
2 - 14
Differences Between Live Media

and Text Installer
Feature
Live Media
Text Installer
Packages
Installs desktop-based
packages
Installs server-based set of

packages
Network
configuration
Defaults to automatic network

configuration
Allows both automatic and

manual configuration of the
network
root user
Always configures root as a

role
The root might or might not

be a role.
Memory
Requires more memory than

the text installer
Requires less memory than

the Live Media GUI installer
2 - 16
Installation Process
1
Request
2
Installation
Oracle Solaris 11 OS download website:

http://www.oracle.com/technetwork/server-storage/solaris11/downloads
2 - 17
Identifying Pre-Installation Tasks
Identify system requirements.
Identify additional installation considerations.
Check device drivers.
Best practice: Always review installation

documentation and release notes carefully
before performing an installation.
2 - 18
Identifying System Requirements
Installer
Package Group
Live Media
solaris-desktop
Memory
Recommended
Minimum Disk
Space
13 GB
2 GB
Text installer
2 - 19
solaris-large-server
9 GB
Identifying Additional Installation Considerations
The Live Media ISO image installer is only for 64-bit x86
platforms.
For SPARC-based systems, use the Text or Automated
Installer.
Interactive installers can perform an initial installation on:
The whole disk
The Oracle Solaris x86 partition
The SPARC slice (text installer)
2 - 20
(Caution): The installation overwrites all the existing data

on the targeted disk.
Checking Device Drivers
Device drivers enable communication between the

operating system and the systems devices.
Take a few minutes to verify that your system has the
appropriate drivers required to manage each of its devices.
Before or after an OS installation, use the Oracle Device Detection
Tool to determine whether a device driver is available.
After the OS installation, use Oracle Device Driver Utility (DDU) to
obtain information about devices and their drivers.
2 - 21
Lesson Agenda
2 - 22

Installing Oracle Solaris 11 OS by Using the Live
Media Installer
Selecting the Keyboard
2 - 23
Selecting the Language
2 - 24
Introducing the Live Media Desktop
Allows you to customize the installation disk layout before you

begin the OS installation
Detects whether the installation image contains all the drivers
required to install the OS on your system
2 - 25
Initiating the Installation with Live Media
Double-click to initiate the

installation.
2 - 26
Welcome Screen
2 - 27
Disk Discovery
2 - 28
Selecting a Disk
2 - 29
Setting the Time Zone, Date, and Time
2 - 30
Providing User Information
2 - 31
Support Registration
2 - 32
Reviewing Installation Specifications
2 - 33
Monitoring the Installation
Caution: After the installation starts, do not interrupt it. An incomplete

installation can leave a disk in an indeterminate state.
2 - 34
Verifying the Installation
Check the log for the following:

Error messages
Successful installation of major facilities
2 - 35
Reviewing the Installation Log
2 - 36
2 - 37
2 - 38
Rebooting the System
2 - 39
Login Screen
2 - 40
Practice 2-1 Overview: Installing Oracle Solaris 11

by Using the GUI Installer on Live Media
This practice covers the following topics:
Launching the GUI
Installing the OS
Verifying the installation by reviewing the installation log
Rebooting the system
2 - 41
Lesson Agenda
2 - 42

Installer
Installing Oracle Solaris 11 OS by Using the Text
Installer
Installing Oracle Solaris 11

by Using the Text Installer
Welcome to the Oracle Solaris installation menu
1
2
3
4
5
Install Oracle Solaris

Install Additional Drivers
Shell
Terminal type (currently sun-color)
Reboot
Please enter a number [1]: _
2 - 43
Initiating Installation with the Text Installer

Select option 1 to initiate installation.
Welcome to the Oracle Solaris installation menu
1
2
3
4
5
Install Oracle Solaris

Install Additional Drivers
Shell
Terminal type (currently sun-color)
Reboot
Please enter a number [1]: _
2 - 44
Welcome to Oracle Solaris
2 - 45
Selecting the Discovery Method
2 - 46
Selecting a Disk
2 - 47
Selecting an Fdisk Partition
2 - 48
Providing a System Identity
2 - 49
Selecting a Network
2 - 50
Manually Configuring the Network
2 - 51
DNS Name Service
2 - 52
Alternate Name Service
2 - 53
Selecting Time Zone: Regions
2 - 54
Setting Time Zone: Locations
2 - 55
Selecting the Time Zone
2 - 56
Selecting the Language
2 - 57
Selecting the Territory
2 - 58
Setting the Date and Time
2 - 59
Selecting the Keyboard
2 - 60
Providing User Information
2 - 61
Registering to My Oracle Support
2 - 62
Support Network Configuration
2 - 63
Reviewing the Installation Summary
2 - 64
Monitoring the Installation
Caution: After the installation starts, do not interrupt it. An

incomplete installation can leave a disk in an indeterminate
state.
2 - 65
Verifying the Installation
Check the log for the following:

Error messages
Successful installation of major facilities
2 - 66
2 - 67
Rebooting the System
2 - 68
Login Screen
SunOS Release 5.11 Version 11.2 64-bit

Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved.
Loading smf(5) service descriptions: 202/202
Configuring devices.
Hostname: solaris-text
solaris-text console login: _
2 - 69
Practice 2-2 Overview: Installing Oracle Solaris 11

by Using the Text Installer
Launching the installer
Manually configuring the network
Installing the OS
Verifying the installation
Rebooting the system
2 - 70
Lesson Agenda
2 - 71

Installer
Verifying the Operating System Installation
2 - 72
Verifying login information

Using first time login assistant
Verifying the systems host name and host ID
Displaying basic system information
Displaying a systems release information
Displaying disk configuration information
Displaying the installed memory size
Displaying the disk space information
Displaying information about network services
Displaying network interface information
Verifying the Login Username

Live Media
Text Installation
solaris-text console login:
2 - 73
Verifying the Login Password

Live Media
Text Installation
Password:
Oracle Corporation SunOS 5.11
oracle@solaris-text:~$
2 - 74
11.2
June 2014
Live Media GUI:

Using the First Time Login Assistant
2 - 75
Live Media GUI: Selecting a Login Session
2 - 76
Live Media GUI: Selecting a Keyboard Layout
2 - 77
Live Media GUI: Selecting a Language
2 - 78
Live Media GUI:

Accessing a Terminal Window from Gnome
To access a terminal window:

1. Right-click on the desktop
2. Select Open Terminal
2 - 79
Verifying the Host Name and Host ID

To display the host name, use the hostname command.
$ hostname
solaris-live
Note: The host name should match the computer name that
you provided during installation.
To display the host ID, use the hostid command.
$ hostid
00809442
2 - 80
Displaying Basic System Information

To display basic information about the system, run uname -a.
$ uname -a
SunOS solaris-live 5.11 11.2 i86pc i386 i86pc
This systems basic information is as follows:

Operating system: SunOS
Hostname: solaris-live
Release: 5.11
Version: 11.2
Node name: i86pc
Hardware name: i386
Processor type: i86pc
2 - 81
Displaying a Systems Release Information

To display the operating systems release information, run cat
/etc/release.
$ cat /etc/release
Oracle Solaris 11.2 X86
Copyright (c) 1983, 2014, Oracle and/or its affiliates.
All rights reserved.
Assembled 23 June 2014
2 - 82
Displaying Disk Configuration Information

To display disk information, switch to superuser and run
format.
$ su Password:
# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c1t0d0 <ATA- VBOX HARDDISK-1.0-16.00GB>
/pci@0,0/pci8086,2829@d/disk@0,0
Specify disk (enter its number): 0
selecting c1t0d0
[disk formatted]
/dev/dsk/c1t0d0s1 is part of active ZFS pool rpool. Please see
zpool(1M).
<continued on next page>
Note: The format utility requires root role privileges.
2 - 83
Displaying Disk Configuration Information:

Format Menu
To display disk partition information, select verify.
FORMAT MENU:
disk
type
partition
current
format
fdisk
repair
label
analyze
defect
backup
verify
save
inquiry
volname
!<cmd>
quit
format> verify
<continued on next
2 - 84
select a disk
select (define) a disk type
select (define) a partition table
describe the current disk
format and analyze the disk
run the fdisk program
repair a defective sector
write label to the disk
surface analysis
defect list management
search for backup labels
read and display labels
save new disk/partition definitions
show vendor, product and revision
set 8-character volume name
execute <cmd>, then return
page>
Displaying Disk Configuration Information:

Partition Table
Volume name = <

>
ascii name = <ATA-VBOX HARDDISK-1.0-16.00GB>
bytes/sector = 512
sectors =33554431
accessible sectors = 33554398
Part
Tag
0 BIOS_boot
1
usr
2 unassigned
3 unassigned
4 unassigned
5 unassigned
6 unassigned
8 reserved
format> quit
#
2 - 85
Flag
wm
wm
wm
wm
wm
wm
wm
wm
FIRST Sector
256
524544
0
0
0
0
0
3353801
Size
256.00MB
15.74GB
0
0
0
0
0
8.0MB
Last Sector
524543
33538014
0
0
0
0
0
33554398
Displaying Installed Memory Size

To display memory size, use the prtconf | grep Memory
command.
# prtconf | grep Memory
Memory size: 1024 Megabytes
2 - 86
Displaying Disk Space Information

To display space utilization for the file system, use the df -h
command.
# df -h
Filesystem
Size
Used Available Capacity Mounted on
rpool/ROOT/solaris
15G
4.0G
9.2G
31%
/
/devices
0K
0K
0K
0%
/devices
/dev
0K
0K
0K
0%
/dev
ctfs
0K
0K
0K
0%
/system/contract
proc
0K
0K
0K
0%
/proc
mnttab
0K
0K
0K
0%
/etc/mnttab
swap
661M
1.4M
659M
1%
/system/volatile
objfs
0K
0K
0K
0%
/system/object
sharefs
0K
0K
0K
0%
/etc/dfs/sharetab
/usr/lib/libc/libc_hwcap1.so.1
13G
4.0G
9.2G
31%
/lib/libc.so.1
fd
0K
0K
0K
0%
/dev/fd
rpool/ROOT/solaris/var
15G
292M
9.2G
4%
/var
swap
787M
128M
659M
17%
/tmp
rpool/VARSHARE
15G
48K
9.2G
1%
/var/share
rpool/export
15G
32K
9.2G
1%
/export
rpool/export/home
15G
32K
9.2G
1%
/export/home
rpool/export/home/oracle
15G
871K
9.2G
1%
/export/home/oracle
rpool
15G
5.0M
9.2G
1%
/rpool
...
(output truncated)
2 - 87
Displaying Information About Network Services

To display information about network connection configuration
services, run svcs network/physical.
# svcs network/physical
STATE
STIME
FMRI
online
15:35:09 svc:/network/physical:upgrade
online
15:35:09 svc:/network/physical:default
2 - 88
Displaying Network Interface Information

To display network interface information, run ipadm showaddr.
# ipadm show-addr
ADDROBJ
TYPE
lo0/v4
static
net0/v4
dhcp
lo0/v6
static
net0/v6
addrconf
2 - 89
STATE
ok
ok
ok
ok
ADDR
127.0.0.1/8
10.0.2.15/24
::1/128
fe80::a00:27ff:fe4c:d1cb/10
Baseline System
Information Commands: Summary
System Information
Command
Host name
hostname
Host ID
hostid
Basic system information
uname -a
Operating system release information
cat /etc/release
Disk configuration
format
Installed memory
prtconf | grep Memory
Disk space information
df -h
Network services information
svcs network/physical
Network interface information
ipadm show-addr
2 - 90
Quiz
The Oracle Device Detection Tool can be used to determine
whether:
a. The OS is installed correctly
b. There are errors on the internal or external hard disks
c. A device driver is available
2 - 91
Quiz
Live Media can be installed only on x86 (64-bit only) hardware.
a. True
b. False
2 - 92
Quiz
In the text installer, the root user _____________.
a. Is always configured as a role
b. Might or might not be configured as a role
c. Is never configured as a role
2 - 93
Quiz
The text installer is used for SPARC-based systems only.
a. True
b. False
2 - 94
Practice 2-3 Overview:

Verifying the Operating System Installation
Verifying login information
Verifying the systems host name
Displaying the following:
2 - 95
Basic system information

System release information
Boot disk configuration
Installed memory size
Network information
Summary
In this lesson, you should have learned how to:
Describe the Oracle Solaris 11 OS
Implement a plan for an Oracle Solaris 11 OS installation
Install the Oracle Solaris 11 OS by using the Live Media
installer
Install the Oracle Solaris 11 OS by using the text installer
Verify the installed OS
2 - 96
Managing Boot and Shutdown of a System
Objectives
Analyze the boot design and boot process
Boot a SPARC-based system
Boot an x86-based system
Shut down a system
3-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Security
Services
Zones
Packages
Network
3-3
Storage
Lesson Agenda
3-4
Analyzing the Boot Design and Boot Process

Booting a SPARC-Based System
Booting an x86-Based System
Shutting Down a System
Reasons to Shut Down and Boot a System
Turning off system power due to anticipated power outage

Changing kernel parameters in the /etc/system file
Performing file system maintenance, such as backing up

or restoring system data
Repairing a system configuration file, such as
/etc/system
3-5
Adding or removing hardware from the system

Booting a system for recovery purposes due to a lost root
password, or to fix a file system or a similar problem
(x86 only) Recovering from a problem with the GRUB
configuration
Recovering from a hung system by forcing a crash dump
Booting the system to track down a system problem
Oracle Solaris Boot Architecture: Overview
3-6
The SPARC and x86 boot design architectures are similar.

The differences are in how the boot device and arguments
are selected at boot time.
SPARC uses open boot PROM (OBP) and its commands.
x86 uses the GRUB menu.
By default, SPARC and x86 platforms have one primary
boot archive.
Boot PROM for SPARC Systems

The boot PROM firmware:
Provides basic hardware testing and initialization before
loading the operating system
Enables booting from a wide range of devices
Provides a user interface
Has access to a standard set of device drivers
3-8
Bootstrapping Process for SPARC Systems

(Boot PROM Initialization)
Boot PROM
System
Configuration
Information
Power-On
Self-Test
(POST)
Ethernet
Address
Built-in
Device Drivers
Configuration
Information
Command-Line
Interface
Host ID
EEPROM
Parameters
Default
Parameters
Binary Machine
Instructions
3-9
SPARC CPU
Bootstrapping Process for x86 Systems

(BIOS and GRUB Initialization)
BIOS
Power-On
Self-Test
(POST)
CPU
Initialized
Memory
Initialized
Platform
Hardware
Initialized
3 - 12
GRUB
GRUB 2
3 - 13
GRUB 2 uses an entirely different configuration than

GRUB Legacy.
It is managed through the grub.cfg file.
Unlike the menu.lst file used in GRUB Legacy,
grub.cfg file should never be edited.
GRUB 2 supports the Unified Extensible Firmware
Interface (UEFI) and the GUID Partition Table (GPT)
partitioning scheme.
Boot Process
Boot Loader Phase
Booter Phase
Ramdisk Phase
Kernel Phase
init Phase
svc.startd Phase
3 - 15
The root file system archive is loaded.
The boot archive is read and executed.
The kernel image is extracted and executed.
The OS is initialized and the root file system is

mounted.
The init daemon starts the svc.startd
daemon.
The svc.startd daemon starts the system
processes.
SMF and Booting

In Oracle Solaris 11, SMF provides an infrastructure that augments
the traditional UNIX startup scripts, init states, and configuration
files.
The boot process has become faster with multiple SMF services
started simultaneously.
Due to SMF, the boot process creates fewer messages now.
The SMF services do not display a message by default when
they are started during the boot process.
All information that was provided by the boot messages can now
be found in a log file for each SMF service under
/var/svc/log.
You can use the svcs command to diagnose boot problems.
3 - 17
To generate a message when each service is started during the

boot process, you use the -v option with the boot command.
How Oracle Solaris Boot Archives Are Managed
Boot archive updates and verification are handled

automatically by the bootadm command.
During an installation or upgrade, an initial boot archive is

created.
During normal shutdown, the boot archive contents are
compared with the root file system.
If inconsistencies are found, the boot archive is rebuilt to
make sure that the boot archive and the root file system
are synchronized.
3 - 18
Fast Reboot
Is supported on both SPARC and x86 platforms

Bypasses firmware and boot loader processes to provide
an extremely fast reboot
Is controlled by the SMF
Is implemented through a boot configuration service
(svc:/system/boot-config) based on the setting of
the fastreboot_default property:
Set to true on x86 systems by default
Set to false on SPARC systems by default
3 - 19
SMF Milestones
init State
SMF Milestone FMRI
milestone/single-user:default
milestone/multi-user:default
milestone/multi-user-server:default
3 - 21
Quiz
Which SMF service helps in implementing the Fast Reboot
feature?
a. svc:/system/boot-update:default
b. svc:/system/boot-archive:default
c. svc:/system/boot-archive-update:default
d. svc:/system/boot-config:default
e. svc:/system/boot-config-update:default
3 - 22
Quiz
In which phase of the boot process is the OS initialized and a
minimal root file system mounted on the RAM disk that was
constructed from the boot archive?
a. Kernel phase
b. Boot loader phase
c. svc.startd phase
d.
e.
f.
3 - 23
Booter phase
Ramdisk phase
init phase
Lesson Agenda
3 - 24

3 - 25
Booting a SPARC system to multiuser-server milestone

(init state 3)
Booting a SPARC system to single-user milestone (init
state S)
Booting a SPARC System to

Multiuser-Server Milestone (init State 3)
1. Boot the system to the multiuser-server milestone by using
the boot command at the ok prompt.
ok boot
Resetting ...
<output omitted>
2. When prompted, log in to the system.

3. Verify that the system has booted to the multiuser-server
milestone.
# who -r
. run-level 3 Nov 11 11:32 3 0 S
#
3 - 26
Booting a SPARC System to

Single-User Milestone (init State S)
Boot the system to the single-user milestone by using the

following command at the ok prompt:
ok boot -m milestone=single-user
When prompted, enter the root password.
SINGLE USER MODE

Root password for system maintenance (control-d to bypass): xxxxxx
Verify that the system is at the single-user milestone.
# who -r
. run-level S Nov 11 10:15 S 0 S
#
3 - 27
Initiating a Fast Reboot

of a SPARC-Based System
To initiate a fast reboot of a SPARC system, run reboot -f.
# reboot -f
3 - 28
Using the Basic Boot PROM Commands

Boot PROM Command
Description
banner
Displays a systems PROM revision number
setenv
Sets the specified NVRAM parameter to a value

For example, ok setenv auto-boot? false sets the
PROM auto-boot? value to false.
reset-all
Clears system registers and resets the entire system
sifting probe
Displays the probe commands that are available on your system
probe-device
Identifies the devices on the system
devalias
Identifies the device aliases and the associated paths of devices

that might be connected to the system
printenv
Displays all current and default parameter values
eeprom
Helps in displaying and modifying the value of parameters in

EEPROM
3 - 29

Booting and Shutting Down a SPARC Host
In this practice, you are given a demonstration of how to use
some of the bootprom commands on a SPARC-based host
machine.
3 - 30
Lesson Agenda
3 - 31

Booting an x86 System
3 - 32
Booting an x86 system to the multiuser-server milestone

Booting an x86 system to the single-user milestone
Booting an x86 System to

Multiuser-Server Milestone
1. Reboot the system by using the reboot command.
# reboot -p
2. When the GRUB menu appears, press Enter to boot the

default OS instance to the multiuser-server milestone.
3. When the login prompt appears, log in to the system as
root.
4. Verify that the system has booted to the multiuser-server
milestone (init state 3).
# who -r
. run-level 3 Nov 11 11:32 3 0 S
#
3 - 33
Booting an x86 System to

Single-User Milestone (init State S)
1. Reboot the system by using the reboot -p command.
2. When the GRUB menu appears, enter e to edit the GRUB
menu.
3. Use the arrow keys to choose the kernel $ line.
4. Enter e again to edit the boot entry.
5. To boot the system in single-user mode, enter -s at the
end of the boot entry line. Then press Return to go back to
the previous screen.
6. To continue to boot the system in single-user mode,
enter b.
7. When prompted, enter the root password.
8. Verify that the system is at the single-user milestone.
3 - 34
Initiating Fast Reboot on an x86-Based System

Because Fast Reboot is the default boot mode on an x86
system, you can use either the reboot command with the -f
option or the init 6 command to initiate the reboot.
# reboot -f
# init 6
3 - 35
Using the bootadm Command

bootadm Sub-command
Description
list-menu
Lists the contents of the grub.cfg file
generate-menu
Generates the grub.cfg file
set-menu
Sets a particular GRUB menu entry as the default and other

menu options and boot loader options; helps in maintaining the
GRUB menu
add-entry
Adds a boot entry to the GRUB menu
change-entry
Changes the attributes of a specified boot entry in the GRUB

menu
install-bootloader
Installs the system boot loader

Note: This subcommand applies to both x86 and SPARC
platforms.
remove-entry
Removes a boot entry from the GRUB menu
3 - 36
Practice 3-2 Overview: Booting an x86/64 Host

In this practice, you perform a hands-on exercise on how to
boot an x86/64 host system.
3 - 37
Lesson Agenda
3 - 38

Shutting down a server:

The shutdown command is used.
A clean shutdown is performed.
Superuser privileges are required.
Shutting down a stand-alone system:

The init command is used.
A clean shutdown is performed.
Superuser privileges are required.
3 - 39
Determining Who Is Logged In to a System

To determine who is logged in to a system, run who.
$ who
holly
kryten
lister
console
pts/0
pts/1
Nov 11 07:30
Nov 11 07:35 (starlite)
Nov 11 07:40 (bluemidget)
Best practice: Always send an additional email

notification to logged in users, indicating that the server is
going to be down for a specified amount of time.
3 - 41
Shutting Down a Server

1. Determine who is logged in to the system.
2. Shut down the system by using the shutdown command with
the -iinit-level, -g grace-period, and -y options.
3. When prompted, enter the superuser password.
4. Verify that the system is at the init state that you specified.
5. When you have completed your administration tasks, press Ctrl
+ D to return to the default system init state.
6. Verify that the system is at the init state that you specified in the
shutdown command.
Specified init State
SPARC System Prompt
x86 System Prompt
0 (exit the OS)
ok >
Press any key to reboot
s or S (single-user milestone)
3 (multiuser-server milestone)
hostname console login:
hostname console login:
3 - 42
Shutting Down a Stand-Alone System

To bring a stand-alone system to init state 0, run init 0.
# init 0
#
INIT: New run level: 0
The system is coming down.
<output omitted>
Please wait.
To bring a stand-alone system to init state S, run init S.

# init s
#
INIT: New run level: S
The system is coming down for administration.
<output omitted>
3 - 44
Please wait.

Shutting Down an x86/64 Host
In this practice, you perform a hands-on exercise to learn how
to shut down an x86/64-based system.
3 - 45
Summary
Analyze the boot design and boot process
Boot a SPARC-based system
Boot an x86-based system
Shut down a system
3 - 46
Administering Services by Using SMF
Objectives
Explain the SMF feature and its components
Administer SMF services
Manage SMF services by using the graphical user
interface
4-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Services
Security
Zones
Packages
Network
4-3
Storage
Lesson Agenda
4-4
Describing SMF and Its Components

Administering SMF Services
Managing SMF Services by Using the GUI
Importance of Services Administration

Services administration is required to ensure that:
System and application services run smoothly and
efficiently
Systems continue to be available by providing all essential
services even during a system failure
4-5
Service Management Facility
Provides a framework for managing:

System and application services
Interaction of services with other dependent services
Contains information about:

Procedures to start, stop, and restart services
Service startup behavior and status
Misconfigured services (such as an explanation of why a
service is not running)
4-6
Provides an individual log file for each service
SMF Capabilities
Booting faster
Restarting failed services
Inspecting services
Managing services
Configuring services
Auditing service changes
Securely delegating tasks
Creating new services
Debugging service problems
Configuring failure notification
Converting inetd.conf configurations to SMF services
Converting SMF service properties to configuration files
4-7
SMF Service
An entity that provides a resource or list of capabilities to

applications and other resources
The software state of a device (for example, a configured
network device or mounted file system)
Structured within SMF by:
Category (examples: application, network, system)
Service name (examples: login, SSH server, hostid)
Instance name: Specific configuration of a service (example:
default)
Note: There can be multiple instances of a service.
4-9
Service Instance
Example FMRI:
svc:/system/filesystem/root:default
where:
The prefix svc indicates that this service is managed by SMF
The highest category of the service points to the system
facilities (system)
Within system, the next level category is filesystem
The next lower category is root, which points to the root file
system
The service name is system/filesystem/root:default
An instance of the service is default
4 - 10
Service Models
SMF services are one of the following three models:
SMF Model
Description
Transient service
The service performs some task, and then exits without starting any long
running processes.
Child or wait service
The service is restarted whenever its child process exits cleanly. A child
process that exits cleanly is not treated as an error.
Contract or daemon
service
The service starts a long-running daemon or starts several related

processes that are tied together as part of a service contract. The
contract service manages the processes that it starts and any dependent
services and their start order. You only need to manage the high-level
service.
4 - 11
Service States
A service instance can have different states, as listed in the
following table:
Service State
Description
online
Enabled and successfully started
offline
Enabled but not yet running or available to run
offline*
Process that is in the state of starting
disabled
Not enabled and not running
legacy_run
Running. The service is not directly managed by SMF, but it was started at
some point.
uninitialized
Starting up. This state is the initial state for all services before their
configuration has been read.
maintenance
Error encountered that requires administrative intervention
degraded
Enabled but running at limited capacity
4 - 12
Service Configuration Repository
4 - 13
Stores state and configuration information about each

service instance
Is named /etc/svc/repository.db
Is managed by the svc.configd daemon
SMF Master Restarter Daemon (svc.startd)
Manages service dependencies for the entire system

Makes sure that the system boots properly
Is responsible for starting services, restarting services, and
shutting down services
System
Boots
4 - 14
svc.startd
Daemon
svc.startd
Daemon
Quiz
What is the service category in the
svc:/network/ssh:default service FMRI?
a. svc
b. network
c. ssh
d. default
4 - 15
Quiz
Which of the following daemons is responsible for starting
services?
a. svc.startd
b. /etc/init
c. svc.configd
4 - 16
Quiz
If a service instance is in the state of starting, which of the
following states will it be identified with?
a. uninitialized
b. online
c. offline
d. offline*
4 - 17
Lesson Agenda
4 - 18

Monitoring services with svcs
Listing services information

Displaying the status of a service
Displaying the service dependents
Displaying the dependencies of a service
Administering services with svcadm

Disabling a service
Enabling a service
Restarting a service
Setting up service state transition notifications

Installing the smtp-notify package
Enabling the smtp-notify:default service
Configuring service state transition notifications
Service state transition notification: Example
Managing service state transition notifications

4 - 19
Listing Services Information

To list all the services currently running in the system, run the
svcs command.
# svcs
STATE
STIME
FMRI
legacy_run
1:25:08 lrc:/etc/rc2_d/S47pppd
legacy.run
1:25:08 lrc:/etc/rc2_d/S81dodatadm_udaplt
legacy_run
1:25:08 lrc:/etc/rc2_d/S89PRESERVE
<output omitted>
To list all the services defined in the system, run the svcs -a
command.
# svcs -a
STATE
STIME
legacy_run
1:25:08
legacy.run
1:25:08
legacy_run
1:25:08
disabled
1:23:38
<output omitted>
4 - 20
FMRI
lrc:/etc/rc2_d/S47pppd
lrc:/etc/rc2_d/S81dodatadm_udaplt
lrc:/etc/rc2_d/S89PRESERVE
svc:/system/device/mpxio-upgrade:default
Displaying the Status of a Service Instance

To display the status of a service, run the svcs -l FMRI
command.
# svcs -l svc:/network/ssh:default
fmri
svc:/network/ssh:default
name
SSH server
enabled
true
state
online
next_state
none
state_time
July 31, 2014 09:35:56 PM MDT
logfile
/var/svc/log/network-ssh:default.log
restarter
svc:/system/svc/restarter:default
contract_id 110
manifest
/etc/svc/profile/generic.xml
manifest
/lib/svc/manifest/network/ssh.xml
dependency
require_all/none svc:/system/filesystem/local (online)
dependency
optional_all/none svc:/system/filesystem/autofs (online)
dependency
require_all/none svc:/network/loopback (online)
dependency
require_all/none svc:/network/physical:default (online)
dependency
require_all/none svc:/system/cryptosvc (online)
dependency
require_all/none svc:/system/utmp (online)
dependency
optional_all/error svc:/network/ipfilter:default (disabled)
dependency
require_all/restart file://localhost/etc/ssh/sshd_config (online)
4 - 21
Displaying the Service Dependents

To display service dependents, run the svcs -D FMRI
command.
# svcs -D svc:/network/ssh:default
STATE
STIME
FMRI
online
1:25:05 svc:/milestone/self-assembly-complete:default
online
1:25:09 svc:/milestone/multi-user-server:default
4 - 22
Displaying the Dependencies of a Service

To display service dependencies, run the svcs -d FMRI
command.
# svcs -d svc:/network/ssh:default
STATE
STIME
FMRI
disabled
1:23:51 svc:/network/ipfilter:default
online
1:24:04 svc:/system/cryptosvc:default
online
1:24:09 svc:/network/loopback:default
online
1:24:11 svc:/system/utmp:default
online
online
1:24:36 svc:/system/filesystem/local:default
online
1:25:04 svc:/system/filesystem/autofs:default
4 - 23
Disabling a Service
1. Use the svcs -D FMRI command to check the dependents
of the service that you want to disable.
2. Use the svcadm disable FMRI command to disable the
service:
# svcadm disable svc:/network/ssh:default
3. Use the svcs -l FMRI command to verify that the service

has been disabled:
# svcs -l svc:/network/ssh:default
fmri
svc:/network/ssh:default
name
SSH server
enabled
false
state
disabled
<output omitted>
4 - 24
Enabling a Service
1. Use the svcs -l FMRI | grep online command to
determine whether service dependencies are satisfied.
2. Use the svcadm enable FMRI command to enable the
service:
# svcadm enable svc:/network/ssh:default
3. Use the svcs -x FMRI command to verify that the service

has been enabled:
# svcs -x svc:/network/ssh:default
svc:/network/ssh:default (SSH server)
State: online since July 31, 2014 09:35:56 PM MDT
See: sshd(1M)
See: /var/svc/log/network-ssh:default.log
Impact: None.
4 - 26
Refreshing and Restarting a Service

To refresh a service, run the svcadm refresh FMRI
command.
# svcadm refresh svc:/network/ssh:default
To restart a service, run the svcadm restart FMRI

command.
# svcadm restart svc:/network/ssh:default
4 - 28
Restoring a Service That Is in Maintenance State

1. Use the svcs -x FMRI command to determine why the service
is in maintenance state.
2. Use the svcs -l FMRI command to determine if any process
that is dependent to the service has not stopped.
3. Use the svcs -o CTID FMRI command to obtain the contract
ID of the service that you want to restore.
4. Use pkill -9 -c CTID to kill any remaining processes.
5. Use svcadm clear FMRI to restore the service.
4 - 29
Setting Up Service State Transition Notifications

To set up the notifications:
1. Ensure that the smtp-notify package is installed
2. Enable the notification service
3. Configure the notifications
Monitored Transition States
4 - 31
to-uninitialized
to-disabled
from-uninitialized
from-disabled
to-maintenance
to-online
from-maintenance
from-online
to-offline
to-degraded
from-offline
from-degraded
Installing the smtp-notify Package

Verify whether the system/fault-management/smtpnotify package is already installed.
# pkg info system/fault-management/smtp-notify
If the package is not installed, run the following command to

install the SMF notification feature:
# pkg install system/fault-management/smtp-notify
4 - 32
Enabling the smtp-notify:default Service

To enable the SMF notification service, run the following
command:
# svcadm enable svc:/system/fm/smtp-notify:default
To confirm whether the service is up and running, run the

following command:
# ps -ef | grep smtp-notify
root 3428 1724
0 11:23:37 pts/1
noaccess 1060
1
0 11:45:9 ?
4 - 33
0:00 grep smtp-notify

0:00 /usr/lib/fm/notify/smtp-notify
Configuring Service State Transition Notifications
To configure service state transition notifications for all services,

run the svccfg -s svc:/system/svc/global:default
setnotify -g service_transition_state
mailto:root@localhost command:
# svccfg -s svc:/system/svc/global:default setnotify -g \

from-online mailto:root@localhost
To configure notifications for a single service, run the svccfg s FMRI setnotify from-online
mailto:root@localhost command.
# svccfg -s svc:/network/http:apache22 setnotify \

from-online mailto:root@localhost
4 - 34
Service State Transition Notification: Example

# mail
From noaccess@solaris.local Mon Nov 11 03:34:49 2013
Date: Mon, 11 Nov 2013 03:03:49 +0100 (CET)
From: No Access User
Message-Id: <201211090334.qA93YnCJ001559@s11-server1.mydomain>
Subject: Fault Management Event: solaris:SMF-8000-YX
To: root@solaris.local
Content-Length: 776
SUNW-MSG-ID: SMF-8000-YX, TYPE: defect, VER: 1, SEVERITY: major
EVENT-TIME: Fri Nov 9 03:34:49 UTC 2012
PLATFORM: VirtualBox, CSN: 0, HOSTNAME: s11-server1
SOURCE: software-diagnosis, REV: 0.1
EVENT-ID: 473a1ae7-5619-ea1e-dd03-8da51db4fcee
DESC: A service failed - a start, stop or refresh method failed.
AUTO-RESPONSE: The service has been placed into the maintenance state.
IMPACT: svc:/network/http:apache22 is unavailable.
REC-ACTION: Run 'svcs -xv svc:/network/http:apache22' to determine the
generic reason why the service failed, the location of any logfiles, and
a list of other services impacted. Please refer to the associated
reference document at http://support.oracle.com/msg/SMF-8000-YX for the
latest service procedures and policies regarding this diagnosis.
? <Press Enter to see the next message>
4 - 35
Service State Transition Notification: Example

<continued from previous slide>
From noaccess@localhost.mydomain.com Mon Nov 11 03:34:21 2013
Date: Mon, 11 Nov 2013 03:34:21 GMT
From: No Access User <noaccess@s11-server1.mydomain.com>
Message-Id: <201211090334.qA93YLum001539@s11-server1.mydomain.com>
Subject: s11-server1: svc:/network/http:apache22 online->offline
To: root@s11-server1.mydomain.com
Content-Length:776
HOSTNAME: s11-server1
TIMESTAMP: Mon Nov 11 12:04:23 2013
FMRI: svc:/network/http:apache22
FROM-STATE: online
TO-STATE: offline
DESCRIPTION: The indicated service has transitioned to the offline state
REASON: a restart was requested
? q
#
4 - 36
Managing Service State Transition Notifications

To view the configured notifications, run the following
command:
# svccfg -s svc:/system/svc/global:default listnotify
Event: from-online (source: svc:/system/svc/global:default)
Notification Type: smtp
Active: true
to: root@localhost
To stop all notifications, run the following command:

# svccfg -s svc:/system/svc/global:default delnotify -g all
4 - 37
Quiz
Which of the following commands would you use to determine
why a service is in maintenance state?
a. svcadm
b. svccfg
c. svcs
4 - 38
Lesson Agenda
4 - 39

Managing SMF Services by Using

the Graphical User Interface
Introduction to the SMF Graphical User Interface (GUI)

Managing Service Instances by Using the SMF GUI
Viewing Service Properties by Using the SMF GUI

Managing User Credentials by Using the SMF GUI
4 - 40
Introduction to the SMF GUI
4 - 41
Managing Service Instances

by Using the SMF GUI
4 - 42
Viewing Service Properties

4 - 43
Managing User Credentials

4 - 44
Practice 4-1 and Practice 4-2 Overview:

Administering Services and SMF Notifications
Practice 4-1: This practice covers the following topics:
Enabling and disabling services
Displaying services
Exploring service dependencies
Practice 4-2: This practice covers the following topics:
Verifying the installation of required packages
Configuring the SMF notification
Examining a service in maintenance
4 - 45
Summary
Describe the SMF feature and its components
Administer SMF services
Manage SMF services by using the graphical user
interface
4 - 46
Administering Software Packages

by Using IPS
Objectives
Describe IPS, its components, and interfaces
Configure an IPS client to access the local IPS repository
Manage package publishers
Manage software packages
Manage signed packages and package properties
5-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Services
Security
Packages
Zones
Network
5-3
Storage
Lesson Agenda
5-4
Describing IPS, Its Components, and Interfaces

Configuring an IPS Client to Access the Local IPS
Repository
Managing Package Publishers
Managing Software Packages
Managing Signed Packages and Package Properties
Importance of IPS and Package Management

A local IPS repository provides the following benefits:
Performance and security
Replication
Customized packages
Oracles
Default
Repository
Local
Repository
Server
Client
CLI: pkg (1)
Desktop: Package Manager
Update Manager
5-5
Introducing IPS
Oracle Network
Repositories
Firewall
Mirrored Network
Repository
Operating System
Live Production
Environment
Cloned Production
Environment
ZFS Boot Environments
Oracle Solaris
Image Packaging System
5-6
Introducing IPS Components
Server
Client
5-8
Original
Repository
Mirror
Repository
Catalog
Repository
Package
Payload
CLI pkg(1)
Desktop Package Manager
Web Browser
Introducing the IPS Interfaces

IPS supports the following interfaces:
Command line
GUI
Package Manager
Update Manager
5 - 11
Brower User Interface (BUI)
Package Manager
To launch Package Manager, click the Add

More Software icon.
5 - 12
Package Manager
Select All Publishers from the Publisher drop-down menu.
5 - 13
Update Manager
Is used to update all installed packages to the latest

version
Can be invoked in several ways:
CLI command
Package Manager GUI
5 - 14
Update Manager
To access Update Manager:

Click the Updates button
Or
Select the Package > Updates menu option
5 - 15
Update Manager
5 - 16
Accessing the Package Repository with a BUI
5 - 17
Lesson Agenda
5 - 18

Repository
Configuring an IPS Client to Access

the Local IPS Repository
Required tasks:
1. Determining the client host and domain names
2. Checking network connectivity
3. Setting the publisher
4. Testing client access to the local IPS server
5 - 19
Determining the Client Host and Domain Names

Use the hostname and domainname commands to identify the
client machine.
# hostname
s11-desktop
# domainname
mydomain.com
5 - 20
Checking Network Connectivity

Verify DNS service access and connectivity with the local IPS
server.
# nslookup s11-server1
Server:
192.168.0.100
Address:
192.168.0.100#53
Name:
Address:
s11-server1.mydomain.com
192.168.0.100
# ping s11-server1
s11-server1 is alive
5 - 21
Setting the Publisher

Use the pkg set-publisher command to set the publisher to
point to the local IPS repository.
# pkg publisher
PUBLISHER
TYPE
solaris
origin
STATUS P LOCATION
online F http://pkg.oracle.com/solaris/release
# pkg set-publisher -G * -g http://s11-server1.mydomain.com/ solaris

# pkg publisher
PUBLISHER
TYPE
solaris
origin
5 - 22
STATUS P LOCATION
online F http://s11-server1.mydomain.com/
Testing Client Access to the Local IPS Server

To test client access to the IPS server, open the local publisher
URI in a browser.
5 - 23
Practice 5-1 Overview: Configuring an IPS Client

to Access the Local IPS Server
Verifying connectivity between the client and the IPS
server
Removing and adding publishers
Testing client access to the IPS server
Searching for packages by using the package repository
browser
5 - 24
Lesson Agenda
5 - 25

Repository

This section covers the following topics:
Displaying publisher information
Specifying publisher rankings
Specifying publisher stickiness
Setting the publisher search order
Disabling or enabling a publisher
Changing a publishers origin URI
5 - 26
Displaying Publisher Information
To display only the highest-ranked publisher in the search

order, run pkg publisher -P.
# pkg publisher -P
PUBLISHER
solaris
TYPE
origin
STATUS
online
P LOCATION
F http://s11-server1.mydomain.com/
To display information about a specific publisher,

run pkg publisher publisher_name.
# pkg publisher solaris

Publisher: solaris
Alias:
Origin URI: http://s11-server1.mydomain.com/
SSL Key: None
SSL Cert: None
Client UUID: 55dc8a86-fbe5-11e3-bc11-811d2d030777
Catalog Updated: June 25, 2014 03:55:23 AM
Enabled: Yes
5 - 27
Specifying Publisher Rankings

To set a publisher to be the highest-ranked publisher in the
search order, run pkg set-publisher -P publisher_name
or the --search-first option.
# pkg publisher
PUBLISHER
TYPE
solaris
origin
whoisit.com (non-sticky) origin
STATUS
online
online
P LOCATION
F http://s11-server1.mydomain.com
F http://pkg.example.com/release
# pkg set-publisher -P whoisit.com

# pkg publisher
PUBLISHER
whoisit.com
Solaris (non-sticky)
5 - 28
TYPE
origin
origin
STATUS
online
online
P LOCATION
F http://pkg.example.com/release
F http://s11-server1.mydomain.com
Specifying Publisher Stickiness

To make a publisher sticky, run pkg set-publisher
--sticky publisher_name.
# pkg set-publisher --sticky example.com
To make a publisher non-sticky, run pkg set-publisher

--non-sticky publisher_name.
# pkg set-publisher --non-sticky example.com
5 - 29
Setting the Publisher Search Order

To move a publisher higher in the search order, run pkg setpublisher --search-before publisher_name
publisher_name.
# pkg set-publisher --search-before example1.com example2.com
To move a publisher lower in the search order, run pkg setpublisher --search-after publisher_name
publisher_name.
# pkg set-publisher --search-after example1.com example2.com
5 - 30
Disabling and Enabling a Publisher

To disable a publisher, run pkg set-publisher -d
publisher_name.
# pkg set-publisher -d solaris.com
To enable a publisher, run pkg set-publisher -e

publisher_name.
# pkg set-publisher -e solaris.com
5 - 31
Changing a Publishers Origin URI

To change a publishers origin URI, run pkg set-publisher
-g newpublisher_URI -G oldpublisher_URI
newpublisher.
# pkg set-publisher -g http://pkg.example.com/support \
-G http://pkg.example.com/release solaris
5 - 32
Quiz
You want to set mypublisher.com as the highest-ranked
publisher for your local IPS repository. Which command would
you use to execute this task?
a. pkg publisher -P mypublisher.com
b. pkg publisher -n mypublisher.com
c. pkg set-publisher -P mypublisher.com
d. pkg set-publisher -e mypublisher.com
5 - 33
Quiz
You have three publishers listed in the following order:
mypublisher.com (the highest-ranked publisher), solaris,
and whoisit. For search order purposes, you want to move
the whoisit publisher before the solaris publisher. Which
command would you use to execute this task?
a. pkg set-publisher --search-before solaris
whoisit
b. pkg set-publisher --search-after solaris
whoisit
c. pkg set-publisher --search-before whoisit
solaris
5 - 34
Lesson Agenda
5 - 35

Repository
Managing Software Packages by Using the CLI
Listing package state information

Displaying package information
Displaying contents of a package
Updating and installing packages
Viewing a package installation action without installing
Verifying a package installation
Searching for a package
Uninstalling a package
5 - 36
Listing Package State Information

To list package state information, run pkg list pkg-fmri.
# pkg list entire
NAME (PUBLISHER)
entire
5 - 37
VERSION
0.5.11-0.175.2.0.0.42.0
IFO
i--
Displaying Package Information

To display package information, run pkg info pkg-fmri.
# pkg info -r apptrace
Name: developer/apptrace
Summary: Apptrace Utility
Description: Apptrace utility for application tracing, including
shared objects
Category: Development/System
State: Not installed
Publisher: solaris
Version: 0.5.11
Build Release: 5.11
Branch: 0.175.2.0.0.42.2
Packaging Date: June 24, 2014 06:39:19 PM
Size: 162.04 kB
FMRI: pkg://solaris/developer/apptrace@0.5.11,5.110.175.2.0.0.42.2:20140624T183919Z
5 - 39
Displaying the Contents of a Package

To display information about package contents, run pkg
contents pkg-fmri.
# pkg contents compress/zip
PATH
usr
usr/bin
usr/bin/zip
usr/bin/zipcloak
usr/bin/zipnote
usr/bin/zipsplit
usr/share
usr/share/man
<output omitted>
5 - 40
Updating an Installed Package

To update an installed package, run pkg update pkg-fmri.
# pkg update compress/zip
No updates available for this image.
5 - 41
Viewing an Installation Action Without Installing

To view an installation action without installing the package, run
pkg install -n pkg-fmri.
# pkg install -nv apptrace
Packages to install:
Estimated space available:
Estimated space to be consumed:
Create boot environment:
Create backup boot environment:
Rebuild boot archive:
1
31.96 GB
19.83 MB
No
No
No
Changed packages:
solaris
developer/apptrace
None -> 0.5.11,5.11-0.175.2.0.0.42.2:20140624T183919Z
5 - 42
Installing Packages
IPS checks
manifest.
Administrator
requests
package.
IPS downloads
packages.
5 - 43
Installing a Package
To install a package, run pkg install pkg-fmri.
# pkg install apptrace
Packages to install:
DOWNLOAD
Completed
PKGS
1/1
FILES
10/10
PHASE
Install new actions
Updating package state database
Updating package cache
Updating image state
Creating fast lookup database
Updating package cache
5 - 44
1
No
No
XFER (MB) SPEED
0.1/0.1
31.6k/s
ITEMS
29/29
Done
0/0
Done
Done
1/1
Verifying a Package Installation

To verify a package installation, run pkg verify pkg-fmri.
# pkg verify -v apptrace
PACKAGE
pkg://solaris/developer/apptrace
5 - 45
STATUS
OK
Searching for a Package

To search for a package, run pkg search pattern.
# pkg search -l bash
INDEX
basename
basename
basename
com.oracle.info.name
pkg.fmri
5 - 46
ACTION
dir
dir
file
set
set
VALUE
etc/bash
usr/share/bash
usr/bin/bash
bash
solaris/shell/bash
PACKAGE
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
pkg:/shell/bash@4.1.11-0.175.2.0.0.42.1
Uninstalling a Package
To uninstall a package, run pkg uninstall pkg-fmri.
# pkg uninstall apptrace
Packages to remove:
PHASE
Removing
Updating
Updating
Updating
Creating
Updating
5 - 47
old actions
package state database
package cache
image state
fast lookup database
package cache
1
No
No
ACTIONS
25/25
Done
1/1
Done
Done
1/1
Package Management Commands: Summary

Package Management Task
IPS Command
Display package state and version information.
pkg list
Display package information.
pkg info
Display the contents of a package.
pkg contents
Install package updates.
pkg update
Install the package.
pkg install
Verify the package installation.
pkg verify
Search for a package.
pkg search
Uninstall a package.
pkg uninstall
5 - 48
Managing Packages
by Using the Package Manager GUI
5 - 49
Managing Packages
5 - 51
Managing Packages
5 - 52
Displaying Package Information
5 - 53
Displaying the Files of a Package
5 - 54
Displaying Package Dependency Information
5 - 55
Displaying Package Notices
5 - 56
Displaying Package Versions
5 - 57
Installing and Updating a Package
5 - 58
Verifying a Package Installation
5 - 59
Uninstalling a Package
5 - 60
Practice 5-2 and Practice 5-3 Overview: Managing

Software Packages by Using CLI and Package
Manager
These practices cover the following topics:
Searching for a package
Performing a test run on the package installation
Installing a package
Verifying the package installation
Displaying information about the package and its contents
Uninstalling a package
5 - 61
Lesson Agenda
5 - 62

Repository
Introducing Signed Packages

Signed packages contain digital signatures that verify that:
The package came from the entity who signed it
The entity signed the package
The package has not been modified
The entity is trusted
Unsigned
5 - 63
Signed
Installing Signed Packages
5 - 64
Identifying image properties for signed packages

Configuring image properties for signed packages
Identifying publisher properties for signed packages
Configuring publisher properties for signed packages
Identifying Image Properties for Signed Packages
Property
Description
signature-policy Determines what checks will be performed on manifests

when you install a package into the operating system image:
ignore
verify
require-signatures
require-names
signaturerequired-names
Defines names that must be seen as common names of

certificates while validating the signatures of a package
trust-anchordirectory
Identifies the path name of the directory that contains the

trust anchors for the image
5 - 65
Configuring Image Properties

for Signed Packages
Use pkg with the following subcommands to configure package
signature properties for an image:
set-property
add-property-value
remove-property-value
unset-property
Examples:
#
#
#
#
5 - 67
pkg
pkg
pkg
pkg
set-property signature-policy verify

add-property-value signature-require-names trustedname
remove-property-value signature-require-names trustedname
unset-property signature-policy
Identifying Publisher Properties

for Signed Packages
Property
Description
signature-policy Determines the checks that will be performed on manifests

when installing a package into the image from a specified
publisher
signaturerequired-names
5 - 68
Defines names that must be seen as common names of

certificates while validating the signatures of a package from
a specified publisher
Configuring Publisher Properties

for Signed Packages
Use pkg set-publisher with the following subcommands to
configure package signature properties for a publisher:
--set-property
--add-property-value
--remove-property-value
--unset-property
Examples:
# pkg set-publisher --set-property signature-policy=requiresignatures whoisit.com
# pkg set-publisher --add-property-value signature-requirenames=trustedname whoisit.com
# pkg set-publisher --remove-property-value signature-requirenames=trustedname whoisit.com
# pkg set-publisher --unset-property signature-policy
whoisit.com
5 - 69
Introducing Variants and Facets
Variant: Mutually exclusive component of a package

Appears as a tag on IPS actions
Affects whether an IPS action is installable
Facet: Optional component of a package

Appears as a tag on IPS actions
Affects whether an IPS action is installable
5 - 70
Displaying and Changing Variants and Facets

Variants
To display the values of all variants, use pkg variant.
To display specific variants, use pkg variant
variant_spec.
To change a variant, use pkg change-variant
--accept variant_spec=instance.
Facets
To display the current values of all facets defined in the
current image, use pkg facet.
To display specific facets, use pkg facet facet_spec.
To change the current value of a facet, use pkg changefacet --accept facet_spec=True|False|None.
5 - 71
Managing Package History
To view package history, run pkg history.

To view verbose package history information, run pkg
history -l.
To specify the number of the most recent package history

operations to display, use the -n option.
To display log records for a comma-separated list of time

stamps, use the -t option.
To purge package history, run pkg purge-history.
$ pkg history
START
2014-06-24T15:20:16
2014-06-24T15:20:16
2014-06-24T15:20:16
# pkg purge-history
5 - 72
OPERATION
set-property
images-create
add-publisher
CLIENT
transfer module
transfer module
transfer module
OUTCOME
Succeeded
Succeeded
Succeeded
Quiz
Which command enables you to configure your current image
to ensure that all manifests with signatures are validly signed?
a. # pkg set-property signature-policy verify
b. # pkg set-property signature-policy
require-names
c. # pkg set-property signature-policy
require-signature
5 - 73
Quiz
Which pkg subcommand or option of the set-publisher
subcommand is used to configure publisher properties for
signed packages?
a. set-property
b. set-publisher
c. set-publisher property
d. --set-publisher
e. --set-property
5 - 74
Summary
Describe IPS, its components, and interfaces
Configure an IPS client to access the local IPS repository
Manage package publishers
Manage software packages
Manage signed packages and package properties
5 - 75
Managing Data by Using ZFS
Objectives
Explain the role of ZFS in data management
Administer ZFS storage pools
Administer ZFS file systems
Administer ZFS properties
Administer ZFS snapshots and clones
6-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Services
Security
Packages
Zones
Network
6-3
Storage
Lesson Agenda
6-4
Introducing ZFS
Administering ZFS Storage Pools
Administering ZFS File Systems
Administering ZFS Properties
Administering ZFS Snapshots and Clones
Importance of Data Management

Data management is required to ensure that:
The appropriate type of storage pool configuration is
selected that supports data redundancy and growth
Data can be accessed, backed up, and restored quickly
and easily
6-5
Introduction to ZFS
Two products in one:

Volume manager
File system
Most scalable file system ever:

128-bit file system
Up to 256 trillion directory entries allowed
No limit to the number of file systems or number of files
contained within a file system
Transactional file system:

File system state is always consistent on disk.
Data is never overwritten.
The file system can never be corrupted through accidental
loss of power or a system crash.
6-6
ZFS Terms
Term
Description
Checksum
A 256-bit hash of the data in a file system block
Clone
A file system with contents that are identical to the contents of a ZFS
snapshot
Dataset
A generic name for ZFS entities such as clones, file systems,

snapshots, and volumes
Resilvering
The process of transferring data from one device to another
Scrub
A tool that validates and repairs the ZFS file system (including the
metadata) while the file system is online and mounted
Snapshot
A read-only image of a file system or volume at a given point of time
zpool
A ZFS dataset that is mounted within the standard system

namespace and that behaves like other traditional file systems
6-8
ZFS Storage Pools
Storage pools are used to manage physical storage.

No volume manager is required.
Devices are aggregated into a storage pool.
The storage pool:
Describes the physical characteristics of the storage
Acts as an arbitrary data store
6-9
ZFS Storage Pool Components

The following components can be used in a ZFS storage pool:
Disks
Slices
Files
Virtual devices
6 - 10
ZFS Storage Pool Components: Disks
Any block device that is at least 128 MB in size

Typically, a hard drive that is visible to the system in the
/dev/dsk directory
Whole disk (c1t0d0) or an individual slice (c0t0d0s7)
Recommended mode of operation: Entire disk

No special formatting required
EFI label used to contain a single, large slice
Simplest way to create ZFS storage pools
6 - 11
ZFS Storage Pool Components: Disks
To use whole disks:

Use the /dev/dsk/cXtXdX naming convention
Specify the disk by using either the full path
(/dev/dsk/c1t0d0) or a shorthand name that consists of
the device name within the /dev/dsk directory (c1t0d0)
Examples of valid disk names:

c1t0d0
/dev/dsk/c1t0d0
6 - 13
ZFS Storage Pool Components: Slices
Disks can be labeled with an SMI label.

For the bootable ZFS root pool:
A disk must contain slices
An SMI label is required
Examples
On a SPARC-based system with 72-GB disk:
68 GB of usable space in slice 0
On an x86-based system with 72-GB disk:

68 GB of usable space in slice 0
Small amount of boot information contained in slice 8
6 - 14
No administration required
Not changeable
ZFS Storage Pool Components: Files
Not intended for production use

Recommended for:
Testing
Simple experimentation
6 - 16
Complete file path specification required

File size: At least 128 MB
ZFS Storage Pool Components: Virtual Devices
A virtual device is a logical device in a pool:

Disks
Disks slices
Files
Virtual devices at the top of a configuration are referred to

as top-level virtual devices or top-level vdevs.
Possible configurations:
Stand-alone (non-redundant)
Mirrored
RAID-Z
6 - 17
Top-level Virtual Devices
Virtual Devices and Dynamic Striping
Data is dynamically striped across all top-level virtual

devices.
Data placement is done at the time of write.
When a new virtual device is added, data is gradually
allocated to the new device.
Note: Although ZFS supports combining different types of virtual
devices within the same pool, the recommended practice is to
use top-level virtual devices of the same type with the same
redundancy level in each device.
6 - 18

ZFS dynamically stripes data across all the top-level virtual
devices.
Stripe 1
Data
Stripe
Stripe 3
Stripe 1
Stripe 2
Data
2
Mirror Device
36 GB
36 GB
36 GB
36 GB
36 GB
36 GB
Stand-alone Devices
6 - 19
Mirror Device
36 GB
36 GB
36 GB
Mirrored Devices
36 GB

Data is:
Dynamically striped across all virtual devices in a RAID-Z
pool
Redundant within each virtual device in the RAID-Z pool
Stripe 1
RAID-Z Device
6 - 20
Data
Stripe 2
RAID-Z Device
ZFS Storage Pool Types

Storage Pool Type
Description
Basic Storage Pool
A storage pool with a configuration that has a minimum of

one disk
Mirrored Storage Pool
A storage pool with a configuration that has at least two

disks, preferably on separate controllers. Many disks can
be used in a mirrored configuration.
RAID-Z Storage Pool
A storage pool that consists of a configuration with

single-, double-, or triple-parity fault tolerance, which
means that one, two, or three device failures can be
sustained respectively without any data loss.
6 - 21
ZFS File Systems
6 - 22
Are default disk-based and root file systems in Oracle

Solaris 11
Share space with all the file systems in the pool
Grow automatically within the space allocated to the
storage pool
Immediately use additional space when new storage is
added
Directory Structure of ZFS File System

File System or
Directory
Description
root (/)
Is the top of the hierarchical file tree and contains directories and files
that are critical for system operation
/dev
Contains device files, which include terminal devices, USB, or any

device attached to the system
/etc
Contains configuration files required by all programs
/usr
Contains system files and directories that can be shared with other
users
/export/home or
/home
Is the mount point for user home directories, which store user work
files. By default, the /home directory is an automounted file system.
/var
Includes system files and directories that are likely to change or grow
over the life of the local system. These include system logs.
/opt
Is the optional mount point for third-party software
6 - 23
Managing Data
As part of learning how to manage data, you will learn about
implementing the following in the next section:
ZFS storage pool functionality
ZFS file system functionality
ZFS snapshot and clone functionality
6 - 24
Lesson Agenda
6 - 25
Introducing ZFS
Determining Your
ZFS Storage Pool Requirements
As part of data management, you should identify your storage
pool device requirements:
Disks that are at least 128 MB in size
Disks not in use by other parts of the operating system
Entire disks that are formatted as a single, large slice or
individual slices on a preformatted disk
6 - 26
Creating ZFS Storage Pools
Use the zpool create command to create a basic

storage pool.
The zpool create command:
Accepts a pool name
Accepts any number of virtual devices
6 - 27
Creating a Basic Storage Pool

To create a basic ZFS pool, enter zpool create, followed by
the pool name and disks to include in the pool.
# zpool create hrpool c1t0d0 c1t1d0
Both disks are:

Found in /dev/dsk
6 - 28
Labeled by ZFS to contain a single, large slice

Dynamically striped across with data
Determining Local Storage Disk Availability

To display disk availability, run format.
# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c1t0d0 <ATA-VBOX HARDDISK-1.0-40.00GB>
/pci@0,0/pci8086,2829@d/disk@0,0
1. c1t2d0 <ATA-VBOX HARDDISK-1.0 cyl 1022
/pci@0,0/pci8086,2829@d/disk@2,0
/pci@0,0/pci8086,2829@d/disk@3,0
/pci@0,0/pci8086,2829@d/disk@4,0
/pci@0,0/pci8086,2829@d/disk@5,0
/pci@0,0/pci8086,2829@d/disk@7,0
/pci@0,0/pci8086,2829@d/disk@8,0
/pci@0,0/pci8086,2829@d/disk@9,0
6 - 29
alt 2 hd 64 sec 32>

alt 2 hd 64 sec 32>
alt 2 hd 64 sec 32>
alt 2 hd 64 sec 32>
alt 2 hd 64 sec 32>
alt 2 hd 64 sec 32>
alt 2 hd 64 sec 32>
Creating a Mirrored Storage Pool

To create a mirrored storage pool, enter zpool create,
followed by the pool name, the mirror keyword, and the
storage devices that will comprise the mirror.
# zpool create hrpool mirror c1t3d0 c1t4d0 mirror c1t5d0 c1t6d0
Data is:
Dynamically striped across both mirrors
Redundant between each disk within a mirror
6 - 30
Creating a ZFS Root Pool

To create a ZFS root pool, enter zpool create, followed by
the -B option to create a boot partition, the root pool name, and
the disk name to be included in the pool.
# zpool create -B rpool2 c1t2d0
6 - 31
Creating a RAID-Z Storage Pool

To create a ZFS RAID-Z storage pool, enter zpool create,
followed by the pool name, the raidz keyword, and the
storage devices that will be part of each RAID-Z pool.
# zpool create hrpool raidz c1t2d0 c1t3d0 c1t4d0 c1t5d0
/dev/dsk/c1t6d0
# zpool create datapool raidz2 c1t2d0 c1t3d0 c1t4d0 c1t5d0

c1t6d0 c1t7d0 raidz2 c1t8d0 c1t9d0 c1t10d0 c1t11d0 c1t12d0
c1t13d0
6 - 32
Default Mount Point for Storage Pools
The default mount point is /pool-name.
A directory is automatically created if it does not exist.

If a directory exists, it must be empty.
# zpool create home c1t2d0

default mountpoint /home exists and is not empty
use -m option to provide a different default
To change the default mount point, use -m with zpool

create.
# zpool create -m /export/zfs home c1t2d0
6 - 33
Destroying a ZFS Storage Pool

To destroy a pool, enter zpool destroy, followed by the pool
name.
# zpool destroy testpool
Caution: Be very careful when you destroy a pool. Make sure

that you are destroying the right pool and that you always have
copies of your data. If you accidentally destroy the wrong pool,
you can attempt to recover the pool.
6 - 34
ZFS Storage Pool Properties

Pool properties:
Determine the behavior of a pool feature, such as whether:
A pool is bootable
A property is enabled
Identify read-only attributes, such as:

Current pool size
Unique pool identifier (GUID)
6 - 35
Displaying Pool Properties

Use zpool get all, followed by the pool name to display all
property information for a pool.
# zpool
NAME
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
6 - 36
get all hrpool

PROPERTY
allocated
altroot
autoexpand
autoreplace
bootfs
cachefile
capacity
dedupditto
dedupratio
delegation
failmode
free
guid
health
listshares
listsnapshots
readonly
size
version
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default

# zpool
NAME
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
6 - 37
get all hrpool

PROPERTY
allocated
altroot
autoexpand
autoreplace
bootfs
cachefile
capacity
dedupditto
dedupratio
delegation
failmode
free
guid
health
listshares
listsnapshots
readonly
size
version
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default

# zpool
NAME
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
hrpool
6 - 38
get all hrpool

PROPERTY
allocated
altroot
autoexpand
autoreplace
bootfs
cachefile
capacity
dedupditto
dedupratio
delegation
failmode
free
guid
health
listshares
listsnapshots
readonly
size
version
VALUE
85K
off
off
0%
0
1.00x
on
wait
15.9G
13211416720083688767
ONLINE
off
off
off
15.9G
35
SOURCE
default
default
default
default
default
default
default
default
default
default
default
Querying ZFS Pool Status

You can request the following types of information about a
pool:
Basic usage information
I/O statistics
Health status
Command history
6 - 39
Displaying Basic Pool Usage Information

To display usage information about all the pools in the system,
use zpool list.
# zpool list
NAME
SIZE
hrpool
80.0G
datapool 1.2T
ALLOC
22.3G
384G
FREE
47.7G
816G
CAP
28%
32%
DEDUP
1.00x
1.00x
HEALTH
ONLINE
ONLINE
ALTROOT
-
Note: To gather statistics for a specific pool, specify the pool

name, as in the following example: zpool list hrpool.
6 - 40
Displaying Specific Pool Statistics

To display specific statistics, use zpool list with the -o
option.
# zpool list -o name,size
NAME
SIZE
hrpool
80.0G
datapool 1.2T
6 - 41
Displaying Specific Pool Statistics

Use the -H option to suppress column headings and to
separate fields by tabs rather than by spaces.
# zpool list -H -o name,size
hrpool
80.0G
datapool 1.2T
6 - 42
Viewing Pool I/O Statistics

Use zpool iostat with no options to display accumulated
statistics since boot for all the pools in the system.
# zpool iostat
pool
---------hrpool
datapool
----------
capacity
alloc free
----- ----100G
20.0G
12.3G 67.7G
----- -----
operations
read
write
----- ----1.2M
102K
132K
15.2K
----- -----
bandwidth
read
write
----- ----1.2M
3.45K
32.1K 1.20K
----- -----
Note: You can request a more accurate view of current

bandwidth usage by specifying an interval.
6 - 43

Use zpool iostat -v to request the complete virtual device
layout, as well as all I/O statistics.
# zpool iostat -v hrpool
capacity
pool
alloc free
-------------- ----hrpool
20.4G 59.6G
mirror
20.4G 59.6G
c1t3d0
c1t4d0
-------------- -----
6 - 44
operations
read
write
----- ----0
22
0
22
1
295
1
299
----- -----
bandwidth
read
write
----- ----0
6.00
0
6.00
11.2K
148
11.2K
148
----- -----

When viewing I/O statistics on a virtual device, remember the
following:
Space usage is available for top-level virtual devices only.
The numbers might not always add up as you expect.
This is most noticeable immediately after pool creation.
It should gradually equalize.
Broken, unresponsive, or offlined devices can affect
symmetry as well.
Note: You can also specify intervals when examining virtual

device statistics.
6 - 45
Determining the Health Status of a Pool
The health of a pool is:

Determined from the state of all its devices
Displayed by using the zpool status command
Potential pool and device failures are:

Reported by fmd
Displayed on the system console
Logged in the /var/adm/messages file
6 - 46

A pools health status is described by one of the following
four states:
State
Description
DEGRADED
A pool with one or more failed devices, whose data is still

available due to a redundant configuration
ONLINE
A pool that has all devices operating normally
SUSPENDED
A pool that is waiting for device connectivity to be restored. A

SUSPENDED pool remains in the wait state until the device issue
is resolved.
UNAVAIL
A pool with corrupted metadata, or one or more unavailable

devices, and insufficient replicas to continue functioning
6 - 47

Each device can fall into one of the following states:
State
Description
ONLINE
The device or virtual device is in normal working order.
DEGRADED
The virtual device has experienced failure but is still able to

function.
OFFLINE
The device has been explicitly taken offline by the administrator.
REMOVED
The device was physically removed while the system was

running.
UNAVAIL
The device or virtual device cannot be opened (that is, it is

unavailable).
6 - 48

The health of a pool is determined from the health of all its toplevel virtual devices:
State of Top-Level vdevs
State of Pool
Result
All vdevs ONLINE
ONLINE
No issues are present.
One or more vdevs

DEGRADED or UNAVAIL
DEGRADED
The pool continues to run but

the level of redundancy or data
throughput might be affected.
One or more vdevs

UNAVAIL or OFFLINE
UNAVAIL or
SUSPENDED
The pool is completely

inaccessible. No data recovery
is possible until devices are
attached or repaired.
6 - 49

Use zpool status -x to request a quick overview of pool
health status.
# zpool status -x
all pools are healthy
6 - 50

To examine the health of a specific pool, use zpool status,
followed by the pool name.
# zpool
pool:
state:
scan:
config:
status hrpool
hrpool
ONLINE
none requested
NAME
hrpool
mirror-0
c1t3d0
c1t4d0
STATE
ONLINE
ONLINE
ONLINE
ONLINE
READ
0
0
0
0
WRITE
0
0
0
0
CKSUM
0
0
0
0
errors: No known data errors
6 - 51

Use zpool status v, followed by the pool name to request a
more detailed summary of a pools health status.
# zpool status -v hrpool
pool: hrpool1
state: DEGRADED
status: One or more devices are unavailable in response to persistent errors.
Sufficient replicas exist for the pool to continue functioning in a degraded state.
action: Determine if the device needs to be replaced, and clear the errors using
'zpool clear' or 'fmadm repaired', or replace the device with 'zpool replace'.
Run 'zpool status -v' to see device specific details.
scan: none requested
config:
NAME
STATE
READ WRITE CKSUM
hrpool1
DEGRADED
0
0
0
mirror-0 DEGRADED
0
0
0
c1t3d0 ONLINE
0
0
0
c1t4d0 UNAVAIL
0
0
0
errors: No known data errors
6 - 52
Displaying Pool Command History

Use zpool history to display zpool commands that modify
pool state information.
# zpool history hrpool
History for hrpool:
2013-10-24.11:20:57 zpool create hrpool c1t3d0 c1t4d0
6 - 53
Quiz
What command is used to create a ZFS storage pool?
a. zpool start new pool
b. zpool storagepool
c. zpool create
d. zpool make
6 - 54
Quiz
After you have created a pool, you must manually create the
mount point for the pool.
a. True
b. False
6 - 55
Quiz
Which command is used to display all the property settings
within a pool?
a. zpool show all <poolname>
b. zpool get all <poolname>
c. zpool display all <poolname>
d. zpool set all <poolname>
6 - 56
Quiz
Which command is used to display basic pool usage
information?
a. zpool list
b. zpool iostat
c. zpool history
d. zpool status
6 - 57
Quiz
If a pool is in DEGRADED state, the data is completely
inaccessible.
a. True
b. False
6 - 58

In practice 6-1, you perform the following tasks on a whole disk:
Creating different types of ZFS pools
Querying the pool attributes
In practice 6-2, you perform the following tasks on disk slices:
Formatting a disk
Creating a ZFS pool
Examining the pools configuration
Creating a ZFS file system
Deleting the pool
6 - 59
Lesson Agenda
6 - 60
Introducing ZFS
Determining ZFS File System

Configuration Requirements
As part of data management, the file system configuration
requirements are determined.
Storage Pool
Financial
Marketing
Accounts
Receivable
Accounts
Payable
Documentation
Financial
Reports
(property=compressed)
6 - 61
Creating a ZFS File System

To create a file system, enter zfs create, followed by the
file system path name.
# zfs create hrpool/home/reports
The file system name is specified as a path name:

pool-name/[filesystem-name/]filesystem-name
The pool name and initial file system names identify the location
in the hierarchy where a new file system will be created.
The last name identifies the file system to be created.
Note: You can create missing intermediate file system names

automatically by using the zfs create -p command.
6 - 63
Creating a ZFS File System

A file system is mounted:
Automatically if it is created successfully
As /dataset
By using the path provided in the create subcommand
6 - 64
Destroying a ZFS File System

To destroy a file system, enter zfs destroy, followed by the
# zfs destroy hrpool/home/oldreports
Caution: No confirmation prompt appears with the destroy

subcommand.
6 - 65
Destroying a ZFS File System

If the zfs destroy command fails, use one of the options
shown in the following table:
Condition
Option Results
File system is busy.
-f
Can unmount, unshare, and destroy active

file systems, causing unexpected application
behavior
File system has children.
-r
Recursively destroys a file system and all its

descendents. This option also destroys
snapshots.
File system has indirect

dependents.
-R
Recursively destroys all dependents,

including cloned file systems outside the
target hierarchy
Caution: No confirmation prompts appear with the -f, -r, and

-R options.
6 - 66
Renaming a ZFS File System

To rename a file system, enter zfs rename, followed by the
# zfs rename hrpool/home/reviews hrpool/home/reviews_2014
You can use the rename subcommand to:
6 - 67
Change the name of a file system

Relocate the file system to a new location within the ZFS
hierarchy

Example of file system relocation:
# zfs rename hrpool/home/jobdesc hrpool/ws/jobdesc
The new location:

Must be within the same pool
Must have enough space to hold the new file system
6 - 68
The renaming operation attempts an unmount/remount

sequence for:
The file system
Any descendent file systems
If it is unable to unmount an active file system:

The rename operation fails
A forced unmount is required
6 - 69
Listing Basic ZFS Information

To display basic dataset information, use zfs list with no
options.
# zfs list
NAME
pool
pool/clone
pool/home
pool/home/data
pool/test
...
(output truncated)
6 - 70
USED
476K
18K
296K
277K
18K
AVAIL REFER
16.5G
21K
16.5G
18K
16.5G
19K
16.5G
277K
16.5G
18K
MOUNTPOINT
/pool
/pool/clone
/pool/home
/pool/home/data
/test
Listing Basic ZFS Information

You can also use zfs list to display the following:
Specific datasets by using the dataset name

Dataset descendents recursively with -r
# zfs list -r pool/home/data

NAME
USED
AVAIL REFER
pool/home/data
277K
16.5G
277K
6 - 71
MOUNTPOINT
/pool/home/data
Mounting ZFS File Systems

Use the zfs mount command to:
6 - 72
View ZFS-managed mounted file systems

Change mount options
Explicitly mount a file system
Mounting ZFS File Systems

To view all file systems currently mounted and managed by
ZFS, use zfs mount with no arguments.
# zfs mount
...
hrpool
hrpool/home
hrpool/home/reports
...
/hrpool
/hrpool/home
/hrpool/home/reports
To mount all ZFS-managed file systems, use zfs mount -a.

# zfs mount -a
Note: A mounted file system uses a set of mount options based

on the property values associated with the dataset.
6 - 73
Unmounting a ZFS File System

To unmount a ZFS file system, use zfs unmount, followed by
either the file system name or the mount point.
# zfs unmount hrpool/home/qarpts
# zfs unmount /export/home/qarpts
Note: If the file system is active or busy, zfs unmount fails.

You can use -f to force the unmount, but you should use this
option with caution.
6 - 74
Quiz
Which command is used to create a ZFS file system?
a. zfs make
b. zfs create
c. zpool create
d. zpool make
6 - 76
Quiz
Which option, when used with the zfs destroy command,
can destroy an active ZFS file system?
a. -a
b. -f
c. -r
d. -R
6 - 77
Quiz
When you relocate a file system through rename, the new
location must be within the same pool.
a. True
b. False
6 - 78

In this practice, you create ZFS file systems in the ZFS storage
pools.
6 - 79
Lesson Agenda
6 - 80
Introducing ZFS
6 - 81
ZFS Properties: Overview

Types of Native ZFS Properties
Querying ZFS Properties
Setting ZFS Properties
Inheriting ZFS Properties
ZFS Properties: Overview
Properties allow you to control the following:
File systems
Volumes
Snapshots
Clones
There are two property types:

Native
Export internal statistics

Control ZFS file system behavior
User-defined
6 - 82
Have no effect on ZFS file system behavior

Can be used to annotate datasets
Types of Native ZFS Properties
Read-only statistics
Can be retrieved but not set
Are not inherited
Settable
Can be both retrieved and set
Are inheritable (exceptions: quotas and reservations)
Note: An inheritable property is a property that, when set on a

parent, is propagated to all of its descendents.
6 - 83
Identifying Native ZFS Properties

Property
Name
Type
Default
Value
Description
compression
String
off
Enables or disables compression for a dataset
mountpoint
String
N/A
Controls the mount point used for this file system
quota
Number (or
none)
none
Limits the amount of disk space that a dataset and

its descendents can consume
readonly
Boolean
off
Controls whether a dataset can be modified. When

it is set to on, no modifications can be made.
sharenfs
String
off
Controls whether a ZFS dataset is published as an

NFS share
6 - 84
Querying ZFS Properties

You can query property values with:
zfs list
zfs get
Complex queries
Scripting
Any dataset property
6 - 85
Retrieving ZFS Properties

To retrieve any dataset property, use zfs get, followed by the
property name and the dataset name.
# zfs get checksum hrpool/ws
NAME
PROPERTY
hrpool/ws
checksum
6 - 86
VALUE
on
SOURCE
default

The source values in zfs get are shown in the following table:
Source Value
Definition
default
The property setting was not inherited or set locally.
local
The property was explicitly set on the dataset by using the zfs set
command.
inherited from
dataset-name
The property was inherited from the named ancestor.
temporary
This property value was set by using the zfs mount -o option, and is
valid only for the lifetime of the mount.
- (none)
This property is a read-only property. Its value is generated by ZFS.
6 - 87

To retrieve all properties for a specified dataset, use zfs get
all, followed by the dataset name.
# zfs get all hrpool
NAME
PROPERTY
hrpool
aclinherit
hrpool
aclmode
hrpool
atime
hrpool
available
hrpool
canmount
...
<output omitted>
6 - 88
VALUE
restricted
discard
on
15.6G
on
SOURCE
default
default
default
default

To specify the property types to display, use zfs get -s,
followed by the source value and the dataset name.
# zfs get -s local all hrpool
NAME
PROPERTY
VALUE
hrpool
compression
on
SOURCE
local
With the -s option, you can:
6 - 89
Specify the desired source types with a comma-separated

list
Use the following source types: default, local,
inherited, temporary, and none

The following zfs get options are designed for scripting:
-H
Omits header information
Presents all white space as tabs
-o
Allows customization of output
Takes a comma-separated list of literal fields to display,
together with a separate list of properties
# zfs get -H -o value compression hrpool/home

on
6 - 90
Setting ZFS Properties

To modify any settable dataset property, use zfs set, followed
by property=value and the dataset name.
# zfs set atime=off hrpool/home
Note: Only one property can be set or modified during each

zfs set invocation.
You can also set a property during the creation of a dataset by
using zfs create.
# zfs create -o atime=off hrpool/home
6 - 91
All settable properties inherit their values from their

parents.
All inheritable properties have an associated source.
Source Value
Definition
default
The property setting was not inherited or set

locally.
local
The property was explicitly set on the dataset

by using the zfs set command.
inherited from dataset-name
The property was inherited from the named

ancestor.
6 - 92
# zfs list
NAME
USED
datapool
176K
datapool/software
65K
datapool/software/solaris
42K
datapool/software/solaris/ar 21K
AVAIL
1.95G
1.95G
1.95G
1.95G
# zfs get -r compression datapool

NAME
PROPERTY
datapool
compression
datapool/software
compression
compression
datapool/software/solaris/ar compression
6 - 93
REFER
23K
23K
21K
21K
VALUE
off
off
off
off
MOUNTPOINT
/export/share
/export/share/software
/export/share/software/solaris
/export/share/software/solaris/ar
SOURCE
default
default
default
default
# zfs set compression=on datapool/software/solaris

NAME
PROPERTY
VALUE
datapool
compression off
datapool/software
compression off
compression on
datapool/software/solaris/ar compression on
6 - 94
SOURCE
default
default
local
inherited from datapool/software/solaris

To clear a property setting and have the setting inherited from
the parent, use zfs inherit, followed by the property name
and the system file name path.
# zfs inherit compression datapool/software/solaris
NAME
PROPERTY
VALUE
datapool
compression off
datapool/software
compression off
compression off
datapool/software/solaris/ar compression off
6 - 95
SOURCE
default
default
default
default
Lesson Agenda
6 - 96
Introducing ZFS
Administering ZFS Snapshots
Administering ZFS Clones
6 - 97
Creating a ZFS Snapshot

Displaying a ZFS Snapshot
Renaming a ZFS Snapshot
Holding a ZFS Snapshot
Rolling Back a ZFS Snapshot
Destroying a ZFS Snapshot
Snapshot Space Accounting
Identifying ZFS Snapshot Differences
Creating a ZFS Clone
Relationship of Clone and Snapshot
Replacing a ZFS File System with a ZFS Clone
Destroying a ZFS Clone
ZFS Snapshots
Are a read-only view of a file system or volume

Can be created quickly and easily
Unlimited number of snapshots are allowed.
Consume no additional space initially

Consume space as data within the active dataset changes
Prevent data from being freed back to the pool
When snapshots are destroyed, the consumed space is
released.
6 - 98

To create a snapshot, enter zfs snapshot followed by the
snapshot name.
The snapshot name is specified as follows:
filesystem@snapname
volume@snapname
# zfs snapshot hrpool/home/reports@friday
6 - 99

To create snapshots for all descendent file systems, use zfs
snapshot -r and the snapshot name.
# zfs snapshot -r hrpool/home@now
# zfs list -t snapshot
NAME
USED AVAIL
hrpool/home@now
0
hrpool/home/reports@now
0
hrpool/home/reviews@now
0
hrpool/home/jobdesc@now
0
hrpool/home/bonus@now
0
-
REFER
29.5K
2.15M
1.89M
1.89M
2.15M
MOUNTPOINT
-
Note: Snapshots have no modifiable properties and dataset

properties cannot be applied to a snapshot.
6 - 100

To display snapshots, enter zfs list -t snapshot.
# zfs list -t snapshot
NAME
USED AVAIL
hrpool/home/reports@tuesday
18K
hrpool/home/reports@wednesday 19K
hrpool/home/reports@thursday
0
-
REFER
21K
280K
538K
MOUNTPOINT
-
The listsnapshots pool property:
Is used to enable or disable the display of snapshots

Is disabled by default
Is enabled by using zpool set listsnapshot=on
<poolname>
6 - 101

To list the snapshots created for a specific file system, enter
zfs list -r -t snapshot followed by the file system name.
# zfs list -r -t snapshot -o name,creation hrpool/home
NAME
CREATION
hrpool/home/reports@tuesday
Thur Nov 28 10:08 2013
hrpool/home/reports@wednesday
Fri Nov 30 08:05 2013
hrpool/home/reports@thursday
Mon Dec 2 07:03 2013
hrpool/home/bonus@now
Tue Dec 3 06:15 2013
6 - 102

To rename a snapshot, use zfs rename followed by the
snapshot name.
# zfs rename hrpool/home/report@121014 hrpool/home/report@today
Note: Snapshots must be renamed within the same pool and

dataset from which they were created.
6 - 103

To recursively rename snapshots, use zfs rename -r
followed by the snapshot name.
# zfs list
NAME
USED
users
270K
users/home
76K
users/home@yesterday
0
users/home/jjones
18K
users/home/jjones@yesterday
0
# zfs rename -r users/home@yesterday
# zfs list -r users/home
NAME
USED
users/home
76K
users/home@2daysago
0
users/home/jjones
18K
users/home/jjones@2daysago
0
6 - 104
AVAIL REFER
16.5G
22K
16.5G
22K
22K
16.5G 18K
18K
@2daysago
MOUNTPOINT
/users
/users/home
/users/home/jjones
-
AVAIL REFER
16.5G 22K
22K
16.5G 18K
18K
MOUNTPOINT
/users/home
/users/home/jjones
-
The snapshot hold feature:

Prevents a snapshot from being destroyed by using zfs
destroy
Allows a snapshot with clones to be deleted pending the
removal of the last clone by using zfs destroy -d
The snapshot user-reference count:
6 - 105
Is initialized to zero
Increases by one whenever a hold is put on the snapshot
Decreases by one whenever a hold is released
Must be at zero before the snapshot can be destroyed

To hold a snapshot or a set of snapshots, use zfs hold keep
followed by the snapshot name.
# zfs hold keep hrpool/home/report@snap1
To recursively hold the snapshots of all descendant file

systems, use zfs hold with -r, followed by keep and the
snapshot name.
# zfs hold -r keep hrpool/home@now
Note: Each snapshot has its own tag namespace, and tags
must be unique within that space. keep is only a tag.
6 - 106

To display a list of held snapshots, use zfs holds followed by
the snapshot name.
# zfs holds hrpool/home@now
NAME
TAG
TIMESTAMP
hrpool/home@now keep Mon Mar 10 12:40:12 2014
To display a recursive list of held snapshots, use zfs holds

with -r, followed by the snapshot name.
# zfs holds -r hrpool/home@now
NAME
TAG
TIMESTAMP
hrpool/home/report@now keep Mon Mar 10 12:40:12 2014
hrpool/home/jjones@now keep Mon Mar 10 12:40:12 2014
hrpool/home@now
keep Mon Mar 10 12:40:12 2014
6 - 107

Two options to destroy a held ZFS snapshot:
1. Use zfs destroy d followed by the snapshot name, and
then release the snapshot hold, which removes the
snapshot.
2. Release the held snapshot, and then destroy it by using
zfs destroy.
To release a held snapshot or a set of snapshots, use zfs
release -r followed by keep and the snapshot name.
# zfs release -r keep hrpool/home@now
Note: -r enables a recursive release of the hold.
6 - 108

Snapshot hold properties:
defer_destroy: Set to on if the snapshot is marked for
deferred destruction by using the zfs destroy -d
command
Userrefs: Set to the number of holds on the snapshot
6 - 109

To view the ZFS snapshot hold properties, use zfs get -r
defer_destroy,userrefs followed by the file system
name.
# zfs get -r defer_destroy,userrefs hrpool/home
NAME
PROPERTY
VALUE
hrpool
defer_destroy hrpool
userrefs
hrpool/home
defer_destroy hrpool/home
userrefs
hrpool/home/report@now defer_destroy off
hrpool/home/report@now userrefs
1
hrpool/home/jjones@now defer_destroy off
hrpool/home/jjones@now userrefs
1
hrpool/home@now
defer_destroy off
hrpool/home@now
userrefs
1
6 - 110
SOURCE
-
Rolling Back a ZFS Snapshot

To discard all the changes made since a specific snapshot,
enter zfs rollback followed by the snapshot name.
# zfs rollback hrpool/home/qarpt@thursday
By default, zfs rollback rolls back only to the most recent

snapshot.
To destroy more recent snapshots, enter zfs rollback with r, followed by the snapshot name.
# zfs rollback -r hrpool/home/qarpt@tuesday
6 - 111
Destroying a ZFS Snapshot

To destroy a snapshot, use zfs destroy followed by the
snapshot name.
# zfs destroy hrpool/home/reports@now
Things to know when attempting to destroy a snapshot:

The dataset cannot be destroyed if snapshots of it exist.
Clones created from a snapshot must be destroyed before
the snapshot can be destroyed.
6 - 112
When a snapshot is created, its space:

Is initially shared between the snapshot and the file system
Is possibly shared with previous snapshots
As the file system changes, the previously shared space:

Becomes unique to the snapshot
Is counted in the snapshots used property
Deleting snapshots can increase the amount of space that

is unique to (and thus used by) other snapshots.
Note: A snapshots space referenced property is the same
as that of the file system when the snapshot was created.
6 - 113

To display how much space is consumed by snapshots and
descendant file systems, use zfs list -o space.
$ zfs list -o space
NAME
rpool
rpool/ROOT
rpool/ROOT/solaris
rpool/ROOT/solaris/var
rpool/VARSHARE
rpool/VARSHARE/pkg
rpool/VARSHARE/pkg/repositories
rpool/dump
rpool/export
rpool/export/IPS
rpool/export/home
rpool/export/home/oracle
rpool/swap
6 - 114
AVAIL
2.20G
2.20G
2.20G
2.20G
2.20G
2.20G
2.20G
2.22G
2.20G
2.20G
2.20G
2.20G
2.23G
USED
13.2G
4.49G
4.49G
354M
156K
63K
31K
792M
6.88G
6.77G
108M
108M
1.03G
USEDSNAP
0
0
70.2M
156M
0
0
0
0
0
0
0
0
0
USEDDS
4.97M
31K
4.08G
198M
93K
32K
31K
768M
34K
6.77G
32K
108M
1.00G
USEDREFRESERV
0
0
0
0
0
0
0
24.4M
0
0
0
0
32.5M
USEDCHILD
13.2G
4.49G
354M
0
63K
31K
0
0
6.88G
0
108M
0
0

To determine ZFS snapshot differences, use zfs diff
followed by the snapshot names.
# zfs snapshot datapool/hrdata@before
# touch /datapool/hrdata/newfile
# zfs snapshot datapool/hrdata@after
# zfs list -r -t snapshot -o name,creation
NAME
CREATION
datapool/hrdata@before
Thu Oct 24 14:54 2013
datapool/hrdata@after
Thu Oct 24 14:59 2013
rpool/ROOT/solaris@install
Tue Oct 24 22:33 2013
# zfs diff datapool/hrdata@before datapool/hrdata@after
M/datapool/hrdata/
+/datapool/hrdata/newfile
#
6 - 115

File or Directory Change
Identifier
File or directory is modified, or file or directory link has changed.
File or directory is present in the older snapshot but not in the

newer snapshot.
File or directory is present in the newer snapshot but not in the

older snapshot.
File or directory is renamed.
6 - 117
ZFS Clones
6 - 118
Writable volume or file system

Created from a snapshot
Nearly instantaneous creation
Initially consumes no additional disk space
Creating a ZFS Clone

To create a clone, enter zfs clone followed by the snapshot
name from which the clone is to be created and the name of
the new file system or volume.
# zfs snapshot hrpool/ws/gate@yesterday
# zfs clone hrpool/ws/gate@yesterday hrpool/home/reports/bug123
The new file system or volume:

Can be located anywhere in the ZFS hierarchy
Has the same dataset type (for example, file system or
volume) as the snapshot from which the clone was created
Note: A clone of a file system must be created in the same
pool where the original file system snapshot resides.
6 - 119
Relationship of Clone and Snapshot
A clone can be created only from a snapshot.

An implicit dependency exists between the clone and the
snapshot.
The original snapshot cannot be destroyed as long as the
clone exists.
The origin property exposes this dependency.
The zfs destroy command lists any such dependencies
(if they exist).
A clone does not inherit the properties of the dataset from

which it was created.
Note: Use the zfs get and zfs set commands to view and
change the properties of a cloned dataset.
6 - 120

With the clone replacement process, you can:
Clone and replace file systems so that the original file
system becomes the clone of the newly created file system
Destroy the file system from which the clone was originally
created
Note: Without clone promotion, you cannot destroy the original
file system of active clones.
6 - 121

To replace an active ZFS file system with a clone of that file
system, use zfs promote followed by the clone name.
# zfs snapshot hrpool/reviews/q4@today
# zfs clone hrpool/reviews/q4@today hrpool/reviews/q4sum
# zfs list -r hrpool/reviews
NAME
USED
AVAIL REFER MOUNTPOINT
hrpool/reviews
314K
8.24G 25.5K /hrpool/reviews
hrpool/reviews/q4
288K
8.24G 288K
/hrpool/reviews/q4
hrpool/reviews/q4@today
0
288K
hrpool/reviews/q4sum
0
8.24G 288K
/hrpool/reviews/q4sum
# zfs promote hrpool/reviews/q4sum

NAME
USED
AVAIL
hrpool/reviews
316K
8.24G
hrpool/reviews/q4
0
8.24G
hrpool/reviews/q4sum
288K
8.24G
0
-
6 - 122
REFER
27.5K
288K
288K
288K
MOUNTPOINT
/hrpool/reviews
/hrpool/reviews/q4
/hrpool/reviews/q4sum
-

To rename the promoted file systems to the original name, use
zfs rename followed by the current file system name and a
new file system name.
# zfs rename hrpool/reviews/q4 hrpool/reviews/q4legacy
# zfs rename hrpool/reviews/q4sum hrpool/reviews/q4
NAME
USED AVAIL
REFER
MOUNTPOINT
hrpool/reviews
316K 8.24G
27.5K
/hrpool/reviews
hrpool/reviews/q4
288K 8.24G
288K
/hrpool/reviews/q4
0
288K
hrpool/reviews/q4legacy
0 8.24G
288K
/hrpool/reviews/q4legacy
6 - 123
Destroying a ZFS Clone

To destroy a clone, use zfs destroy followed by the clone
name.
# zfs destroy hrpool/home/reports/bug123
6 - 124
Quiz
You want to create a snapshot named thursday of the file
system /hrpool/home/smith. Which of the following
commands would you use to do this?
a. zfs snapshot thursday hrpool/home/smith
b. zfs snapshot hrpool/home/smith thursday
c. zfs snapshot hrpool/home/smith@thursday
d. zfs snapshot hrpool/home/smith_thursday
6 - 125

This practice covers the following tasks:
Creating ZFS snapshots
Creating ZFS clones
6 - 126
Summary
Describe ZFS and its features
Administer ZFS storage pools
Administer ZFS file systems
Administer ZFS properties
Administer ZFS snapshots and clones
6 - 127
Administering the Network
Objectives
Explain some of the basic networking concepts
Administer a datalink configuration
Administer a network interface
Administer a profile-based network configuration
Configure a virtual network
Verify the network operations
Manage resources on the network
7-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Services
Security
Packages
Zones
Network
7-3
Storages
Lesson Agenda
7-4
Reviewing Networking Fundamentals

Administering Datalink Configuration
Administering the Network Interface
Administering Profile-Based Network Configuration
Configuring a Virtual Network
Verifying Network Operation
Managing Resources on the Virtual Network
Importance of Network Administration

It is important to administer the network in the Oracle Solaris
11 OS to address the following requirements:
IP addressing scheme
Network interfaces
Datalinks
Network configuration profiles
Virtual networks
Network resources
7-5
TCP/IP Protocol Architecture Model
OSI Ref. Layer

No.
OSI Layer
Equivalent
TCP/IP Layer
TCP/IP Protocol
Examples
5, 6, 7
Application, (7)
Presentation (6)
Session (5)
Application
telnet, ftp,
rlogin, DNS,
LDAP, and NFS
Transport
Transport
TCP
Network
Internet
IPv4, IPv6
Datalink (2)
Datalink
IEEE 802.2.
Ethernet (IEEE
802.3)
Physical
Physical Network
7-6
How TCP/IP Handles Data Communications

Source System
Destination System
Application X
Application Y
Encapsulation
Application
Layer
Transport Layer
TH
Internet Layer
Network
Interface Layer
Hardware Layer
IH
NH
Decapsulation
User Data
Message
or Stream
A-PDU
Segment
or Datagram
T-PDU
I-PDU
Datagram
NT Frame NH
TH
IH
User Data
Application
Layer
A-PDU
Transport Layer
Internet Layer
T-PDU
I-PDU
NT
Signal
Network
Interface Layer
Hardware Layer
Communication Path
Physical Transmission Medium
TH=Transport Header IH=Internet Header NH=Network Header NT=Network Trailer
7-9
Oracle Solaris 11 Networking Stack

Application Layer
pfiles
Transport Layer
TCP, UDP, SCTP
netstat -P
Network Layer
ipadm show-addr
ipadm show-if
Program
Naming/directory services
192.168.222.5.53428
net0/v4
192.168.222.5
net0
net0/v4a
192.168.222.6
vnic0/v4
192.168.222.7
vnic0
VNICs (dladm show-vnic)

vnic0
vnic1
net1
etherstub0
Datalink Layer
dladm show-link
net0
Physical VNICs
dladm show-phys
Hardware
7 - 10
ixgbe0
Etherstubs
dladm show-etherstub
nxge0
Configuring a Host for TCP/IP

Network configuration checklist:
7 - 12
IP addresses
Netmask
Domain name
Name service
Default router
IPv4 Addressing
The IPv4 address is:

A 32-bit number that uniquely identifies a network interface
on a system
Written in decimal digits
Divided into four 8-bit fields that are separated by periods
The component parts of an IPv4 address include:

Network part
Host part
Network prefix
192.168.3.56/24
Network part
7 - 13
Host part
Network prefix
IPv6 Addressing
Was developed to address:

IPv4 shortage
Manual address configuration
Uses 128-bit addressing

Divided into eight 16-bit fields, with each field bounded by a
colon
Written in hexadecimal numbers
Includes component parts such as:

Site prefix
Subnet ID
Interface ID
7 - 15
2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b
Site Prefix
Subnet ID
Interface ID
Unicast, Multicast, and Broadcast Addressing

For each type of data transmission, there is an associated IP
addressing type:
Unicast transmission: One host sends and the other receives.
Unicast
IP network
Broadcast
Source
Receiver
Multicast
Broadcast transmission: One sender to all receivers
IP network
Source
Receivers
Multicast transmission: One sender to a group of receivers
Multicast Group
IP network
Source
7 - 17
Receivers
Subnets, Netmasks, and Subnet Masks
7 - 18
Subnets:
Allow allocation of the host
address space to network
addresses
Are created by using a
netmask
Netmasks determine:
How many and which bits in
the host address space
represent the subnet number
How many and which bits
represent the host number
Subnet masks determine which bits
in the host address bytes are
applied to the subnet and host
addresses.
Internet
Subnet A
192.168.0.0
Subnet B
192.168.1.0
Network Configuration Modes

The network configuration modes refer to the ability of the
system to automatically adjust to changes in the current
network environment and not to whether static or fixed IP
addresses can be configured in these modes.
The following network configuration modes are supported in
Oracle Solaris 11:
Fixed
Reactive
7 - 19
Oracle Solaris 11
Network Administration Commands
Command
Description
dladm
Used to administer datalinks. It helps in managing physical interfaces (Ethernet,

wireless, and InfiniBand), virtual networking features (Etherstubs, VNICs, and IP
tunnels), switch features (link aggregations, VLANs, VXLANs, and bridging
technologies), and device characteristics (speed, duplexing, priority, and feature
negotiation).
ipadm
Used to administer IP interfaces and IP addresses
netcfg
Used to manage various types of profiles, for example, NCPs and location profiles
netadm
Used to enable and disable profiles and display information about profiles and their
states
7 - 20
Administering the Network

As part of network administration, you will now learn how to:
Administer datalink configuration
Administer the network interface
Administer profile-based network configuration
Verify network operation
Manage resources on the virtual network
7 - 21
Quiz
Which layer of the TCP/IP protocol stack is responsible for
accepting and delivering packets for the network?
a. Datalink
b. Transport
c. Internet
d. Application
7 - 22
Quiz
The TCP/IP protocol supports only IPv4 addressing.
a. True
b. False
7 - 23
Quiz
This is an example of an IPv4 address: 192.168.3.56/24
a. True
b. False
7 - 24
Lesson Agenda
7 - 25

Datalink Configuration in Oracle Solaris11
7 - 26
Administrators create IP interfaces on top of datalinks.

Each datalink represents a link object in the second layer
of the Open Systems Interconnection (OSI) model.
Datalinks can represent many different Layer 2 entities
such as physical network devices (termed physical links),
aggregations of physical datalinks, virtual network interface
cards (VNICs), and so on.
Determining Datalink Availability
Determining the physical links that are available

Determining the datalinks that are available
Verifying that the network service is running
(IP) Interface layer
configured for
IPv4 or IPv6 addresses
Interface
Datalink Layer
Link
Device Layer
Software
lo0
Device Instance
e1000g0
nxge
e1000g0
nxge
e1000g0
nxge3
nxge2
nxge1
nxge0
Hardware
7 - 27
NIC
e1000g
nxge
Determining the Physical Links

That Are Available
To display information about the physical attributes of datalinks,
use dladm show-phys.
# dladm show-phys
LINK
MEDIA
net1
Ethernet
net2
Ethernet
net0
Ethernet
net3
Ethernet
7 - 28
STATE
up
up
up
unknown
SPEED
1000
1000
1000
0
DUPLEX
full
full
full
unknown
DEVICE
e1000g1
e1000g2
e1000g0
e1000g3
Determining the Datalinks That Are Available

To check the status of the datalinks, use dladm show-link.
# dladm show-link
LINK
CLASS
net0
phys
net1
phys
net2
phys
net3
phys
7 - 29
MTU
1500
1500
1500
1500
STATE
up
up
up
unknown
OVER
-----
Verifying That the Network Service Is Running

To verify that the network service is running, use svcs
network/physical.
online
3:33:46 svc:/network/physical:upgrade
online
7 - 30
Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c. vniccfg
d. dlcfg
7 - 31
Lesson Agenda
7 - 32

Administering a Network Interface
7 - 33
Displaying network interface configuration information

Displaying network interface IP address information
Configuring a physical network interface manually
Taking down a network interface
Bringing up a network interface
Deleting a physical network interface manually
Displaying Network Interface

Configuration Information
To display information about the current network interface
configuration, use ipadm show-if.
# ipadm show-if
IFNAME
CLASS
lo0
loopback
net0
ip
net1
ip
net2
ip
7 - 34
STATE
ok
ok
ok
ok
ACTIVE
yes
yes
yes
yes
OVER
-----
Displaying Network Interface

IP Address Information
To display network interface IP address information, use
ipadm show-addr.
# ipadm show-addr
ADDROBJ
TYPE
lo0/v4
static
net0/v4
static
net1/v4
static
net2/v4
static
lo0/v6
static
net0/v6
addrconf
7 - 35
STATE
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
Configuring a Physical Network

Interface Manually
1. Check the current status of the
network/physical:default service by using svcs
network/physical. If the service is not up and running,
enable it by using svcadm enable
network/physical:default.
2. Create a network interface by using ipadm create-ip
interface.
3. Specify the IP address by using ipadm create-addr T static -a addrobj.
4. Verify the network interface configuration by using ipadm
show-if.
5. Verify the IP address information by using ipadm showaddr.
7 - 36
Configuring a Physical
Network Interface Manually: Example
STATE
STIME
FMRI
online
# ipadm create-ip net0
# ipadm create-addr -T static -a 192.168.0.100/24 net0/v4add1
# ipadm show-if
IFNAME
CLASS
STATE
ACTIVE OVER
lo0
loopback ok
yes
-net0
ip
ok
yes
-# ipadm show-addr
ADDROBJ
TYPE
STATE
ADDR
lo0/v4
static
ok
127.0.0.1/8
net0/v4add1
static
ok
192.168.0.100/24
lo0/v6
static
ok
::1/128
7 - 38
Taking Down a Network Interface

To take a network interface down, use ipadm down-addr
addrobj.
# ipadm down-addr net3/v4
# ipadm show-addr
ADDROBJ
TYPE
lo0/v4
static
net0/v4
static
net1/v4
static
net2/v4
static
net3/v4
static
lo0/v6
static
net0/v6
addrconf
7 - 39
STATE
ok
ok
ok
ok
down
ok
disabled
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
192.168.0.203/24
::1/128
::
Bringing Up a Network Interface

To bring up a network interface, use ipadm up-addr
addrobj.
# ipadm up-addr net3/v4
# ipadm show-addr
ADDROBJ
TYPE
lo0/v4
static
net0/v4
static
net1/v4
static
net2/v4
static
net3/v4
static
lo0/v6
static
net0/v6
addrconf
7 - 40
STATE
ok
ok
ok
ok
ok
ok
disabled
ADDR
127.0.0.1/8
192.168.0.100/24
192.168.0.201/24
192.168.0.202/24
192.168.0.203/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
Deleting a Physical Network Interface Manually

1. Delete the IP address by using ipadm delete-addr
addrobj.
2. Delete the network interface by using ipadm delete-ip
interface.
3. Verify that the network interface is deleted by using ipadm
show-if.
4. Verify that the IP address information is deleted by using
ipadm show-addr.
7 - 41
Deleting a Physical
Network Interface Manually: Example
# ipadm
# ipadm
# ipadm
IFNAME
lo0
# ipadm
ADDROBJ
lo0/v4
lo0/v6
7 - 42
delete-addr 192.168.0.100/24 net0/v4add1

delete-ip net0
show-if
CLASS
STATE
ACTIVE OVER
loopback ok
yes
-show-addr
TYPE
STATE
ADDR
static
ok
127.0.0.1/8
static
ok
::1/128
Summary of ipadm Commands

Network Interface Task
ipadm Command
Display network interface information.
ipadm show-if
Display IP address assignments to

network interfaces.
ipadm show-addr
Create a network interface.
ipadm create-ip interface
Assign a static IP address to a network

interface.
ipadm create-addr -T addresstype -a address/prefixlen

addrobj
Take down a network interface.
ipadm down-addr addrobj
Bring up a network interface.
ipadm up-addr addrobj
Delete an IP address assigned to a

network interface.
ipadm delete-addr addrobj
Delete a network interface.
ipadm delete-ip interface
7 - 43

Manually Configuring the Network Interface
Inspecting the datalinks
Inspecting the network service
Configuring the network interface
Disabling the network interface
Enabling the network interface
7 - 44
Lesson Agenda
7 - 45

Profile-Based Network Configuration
Provides a predetermined set of system-defined profiles

Provides capabilities for creating various types of user-defined
profiles
Provides the following profile types:
7 - 46
Network Configuration Profiles (NCPs)

Network Configuration Units (NCUs)
Location profiles
External Network Modifiers (ENMs)
Known WLANs
Reactive Network Configuration Mode
7 - 49
A reactive network configuration automatically configures

Ethernet and Wi-Fi connections.
The primary focus of a reactive network configuration is mobility.
A reactive network configuration automatically manages network
configuration by storing information in the form of profiles in the
system.
You use the netcfg and netadm commands to create and
customize new profiles.
How Reactive Network Profiles Work
7 - 50
The system provides the Automatic NCP and the

location profile as the default reactive profiles.
The automatic or reactive network configuration is
triggered by an event or activity.
The profiles perform a basic configuration of your wired or
wireless network automatically, without any user
interaction.
Interaction of Reactive Networking with Other

Oracle Solaris Networking Technologies
Network virtualization
Virtual machines: Oracle VM Server for SPARC (formerly
Logical Domains) and Oracle VM VirtualBox
Oracle Solaris zones and stack instances
7 - 52
Dynamic Reconfiguration (DR) and NCPs

Fixed network configuration mode commands
netcfg Command
netcfg Subcommand
Description
create
Create an in-memory profile of the specified type and name.
select object-type
Select the profiles that are available at the current scope level and move into that
objects scope.
walkprop
Walk each property associated with the current profile. For each property, the name
and current value are displayed, and a prompt is given to allow the user to change
the current value.
set prop-name=value1
Set the current (in-memory) value of the specified property. If the process is
performed in non-interactive mode, the change is also committed to persistent
storage.
list
List all profiles, property-value pairs, and resources that exist at the current or
specified scope.
verify
Verify that the current in-memory object has a valid configuration.
commit
Commit the current profile to persistent storage.
end
End the current profile specification, and move to the next higher scope.
exit
Exit the netcfg session. The current profile is verified and committed before
ending.
destroy
Remove the specified profile from memory and persistent storage.
7 - 54
netadm Command
netadm
Subcommand
Description
enable
Enable the specified profile. If the profile name is not unique, the profile type must be
specified to identify the profile that is to be enabled.
disable
Disable the specified profile. If the profile name is not unique, the profile type must be
specified to identify the profile that is to be disabled.
list
List all available profiles and their current state. If a profile is specified by name, list only
the current state of that profile.
show-events
Listen for a stream of events from the NWAM daemon and display them.
scan-wifi
Initiate a wireless scan on link linkname.
select-wifi
Select a wireless network to connect to, from the scan results on link linkname. You may
be prompted for selection, WiFi key, and so forth, if necessary.
help
Display a usage message with short descriptions for each subcommand.
7 - 55
SMF Network Services

In Oracle Solaris 11, network configuration is implemented by
multiple SMF services as follows:
Service
Description
svc:/network/loopback:default
Creates the IPv4 and IPv6 loopback interfaces
svc:/network/netcfg:default
Manages the network configuration repository, with its

primary function being to start the netcfgd daemon.
This service is a prerequisite for the
svc:/network/physical:default service.
svc:/network/physical:default
Brings up links and plumbs IP interfaces. This service

starts the network management daemon, nwamd.
svc:/network/location:default
Enables the location profile that is selected by the

nwamd daemon. This service is dependent on the
svc:/network/physical:default service.
7 - 56
Configuring a Reactive Network

Configuring network configuration profile
Creating a location profile
Listing a location profile
Modifying profiles
Listing reactive network profiles
Enabling and disabling profiles
Displaying profile states
Querying profile information
Creating a backup of a profile
Removing reactive network profiles
7 - 57
Creating a Network Configuration Profile

To create an NCP, use the netcfg utility.
# netcfg
netcfg> create ncp my_profile
netcfg:ncp:my_profile> create ncu phys net1
Created ncu 'net1'. Walking properties
activation-mode (manual) [manual|prioritized]> manual
mac-address> <ENTER>
autopush> <ENTER>
mtu> <ENTER>
netcfg:ncp:my_profile:ncu:net1> list
ncu:net1
type
link
class
phys
parent
my_profile
activation-mode
manual
enabled
true
netcfg:ncp:my_profile:ncu:net1> end
Committed changes
netcfg:ncp:my_profile> list
ncp:my_profile
management-type
reactive
NCUs:
phys net1
netcfg:ncp:my_profile> exit
7 - 58
Creating a Location Profile

Use the netcfg utility as follows:
# netcfg
netcfg> create loc office
Created loc office'. Walking properties ...
activation-mode (manual) [manual|conditional-any|conditional-all]> conditional-all
conditions> "system-domain is mydomain.com
nameservices (dns) [dns|files|nis|ldap]> dns
nameservices-config-file ("/etc/nsswitch.dns")> <ENTER>
dns-nameservice-configsrc (dhcp) [manual|dhcp]> manual
dns-nameservice-domain> "mydomain.com
dns-nameservice-servers> "192.168.0.100
dns-nameservice-search> <ENTER>
dns-nameservice-sortlist> <ENTER>
dns-nameservice-options> <ENTER>
nfsv4-domain> <ENTER>
ipfilter-config-file> <ENTER>
ipfilter-v6-config-file> <ENTER>
ipnat-config-file> <ENTER>
ippool-config-file> <ENTER>
ike-config-file> <ENTER>
ipsecpolicy-config-file> <ENTER>
netcfg:loc:office> list
7 - 59
Listing a Location Profile
netcfg:loc:office> list
loc:office
activation-mode
conditions
enabled
nameservices
nameservices-config-file
dns-nameservice-configsrc
dns-nameservice-domain
dns-nameservice-servers
netcfg:loc:office> verify
All properties verified
netcfg:loc:office> commit
Committed changes
netcfg:loc:office> end
netcfg> exit
7 - 60
conditional-all
"system-domain is mydomain.com
false
dns
"/etc/nsswitch.dns
manual
"mydomain.com
"192.168.0.100
Modifying Profiles
# netcfg
netcfg> select ncp my_profile
netcfg:ncp:my_profile> select ncu net1
ncu:net1
type
link
class
phys
parent
my_profile
activation-mode
manual
enabled
true
netcfg:ncp:my_profile:ncu:net1> set activation-mode=prioritized
ncu:net1
type
link
class
phys
parent
my_profile
activation-mode
prioritized
enabled
true
netcfg:ncp:my_profile:ncu:net1> commit
Committed changes
netcfg:ncp:my_profile:ncu:net1> end
netcfg:ncp:my_profile> exit
7 - 61
Listing Reactive Network Profiles

Use the netcfg utility to list all the NCPs and locations:
# netcfg list
NCPs:
Automatic
DefaultFixed
my_profile
Locations:
aces
Automatic
NoNet
DefaultFixed
office
7 - 62
Enabling and Disabling Reactive Network Profiles

Use the netadm utility to enable and disable an NCP or
location profile.
To enable newly created profiles:
# netadm
Enabling
# netadm
Enabling
enable office
loc office
enable my_profile
ncp my_profile
To disable newly created profiles:
# netadm disable office

Disabling loc office
# netadm enable -p ncp Automatic
Enabling ncp Automatic
7 - 63
Displaying Profile States

To list the reactive network profiles and their current states, use
the netadm utility.
# netadm list
TYPE
PROFILE
ncp
Automatic
ncp
DefaultFixed
ncp
my_profile
ncu:phys
net0
ncu:ip
net0
loc
office
loc
Automatic
loc
NoNet
loc
DefaultFixed
7 - 64
STATE
disabled
disabled
online
online
online
online
offline
offline
offline
Displaying Profiles and Their Auxiliary States

To list the reactive network profiles and their auxiliary states,
use netadm list -x.
# netadm list -x
TYPE
PROFILE
ncp
Automatic
ncp
DefaultFixed
ncp
my_profile
ncu:phys net0
ncu:ip
net0
loc
office
loc
Automatic
Loc
DefaultFixed
loc
NoNet
7 - 65
STATE
disabled
disabled
online
online
online
online
offline
offline
offline
AUXILIARY STATE
disabled by administrator
disabled by administrator
active
interface/link is up
interface/link is up
active
conditions for activation are unmet
Creating a Backup of a Profile

To create a backup of a reactive network profile, use netcfg
export -f profile.
# netcfg export -f oracle_ncp_backup ncp my_profile
# ls *backup
oracle_ncp_backup
7 - 66
Removing Reactive Network Profiles

To remove a profile, use netcfg destroy.
# netcfg destroy loc office
# netcfg destroy ncp my_profile
7 - 67
Practice 7-2 Overview: Administering ProfileBased Network Configuration

Assessing the current reactive network configuration
Creating and deploying a reactive network profile
7 - 68
Lesson Agenda
7 - 69

Network Virtualization and Virtual Networks
Network virtualization:
Is the process of combining hardware network resources
and software network resources
Provides efficient, controlled, and secure sharing of network
resources
Virtual networks:
External networks: Several local networks that are
administered by software as a single entity
Internal networks: One system that uses virtual machines
or zones that are configured over at least one pseudo
network interface
7 - 70
A special type of internal virtual network is the private virtual

network, which is a virtual network on a system that cannot be
accessed by external networks.
Virtual Network Components

A virtual network has the following components:
Virtual Network Interface Card (VNIC)

Virtual switch
Etherstub
Zone 1
Zone
VNIC 1
System
Zone 2
Zone 3
VNIC 2
VNIC 3
Virtual Switch
NIC
Switch
Internet
7 - 72
Creating a Virtual Network

Creating a virtual network switch
Creating the virtual network interfaces
Displaying the virtual network configuration
7 - 73
Creating a Virtual Network Switch

To create an etherstub, use dladm create-etherstub
etherstub.
# dladm create-etherstub stub0
To verify the creation of the etherstub, use dladm show

link.
# dladm show-link
LINK
CLASS
net0
phys
net1
phys
net2
phys
net3
phys
stub0
etherstub
7 - 74
MTU
1500
1500
1500
1500
9000
STATE
up
up
up
up
unknown
OVER
------
Creating the Virtual Network Interfaces

To create a VNIC and attach it to the etherstub, use dladm
create-vnic -l etherstub vnic.
# dladm create-vnic -l stub0 vnic0
7 - 75
Displaying the Virtual Network Configuration

To display the virtual network configuration, use dladm showvnic.
# dladm show-vnic
LINK
OVER
vnic0
stub0
vnic1
stub0
vnic2
stub0
7 - 76
SPEED
40000
40000
40000
MACADDRESS
2:8:20:70:d0:f8
2:8:20:80:65:0
2:8:20:1f:c5:bd
MACADDRTYPE
random
random
random
VID
0
0
0
The Virtual Network Configuration So Far
System
VNIC 1
VNIC 2
Etherstub
7 - 77
Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c. vniccfg
d. dlcfg
7 - 78
Quiz
A VNIC is a virtual network device with the same datalink
interface as a physical interface.
a. True
b. False
7 - 79
Quiz
In which order is a virtual network created?
a. Virtual switch, VNICs, zones
b. Zones, VNICs, virtual switch
c. VNICs, virtual switch, zones
7 - 80
Quiz
You have created an etherstub called stub2. You now want to
create vnic1 and attach it to stub2. Which set of commands
would you use to do this?
a. # dladm create-vnic1
b. # dladm create-vnic -l vnic1
c. # dladm create-vnic -l stub2 vnic0
d. # dladm create-vnic -l stub2 vnic1
7 - 81
Practice 7-3 Overview: Creating a Virtual Network

Creating a virtual network switch
Creating the virtual network interfaces
Displaying the virtual network configuration
7 - 82
Lesson Agenda
7 - 83

7 - 84
Examining the status of all network interfaces

Checking network interface traffic status
Verifying the status of network interfaces
Checking the routing table
Viewing user and process information
Viewing statistics on IP, TCP, and UDP traffic
Checking network connectivity and response times
Capturing packets from the network
Examining the Status of All Network Interfaces

To display all the network interfaces, their IP addresses, and
status, use ipadm show-addr.
# ipadm show-addr
ADDROBJ
TYPE
lo0/v4
static
net0/v4
static
net1/v4
static
net2/v4
static
net3/v4
static
lo0/v6
static
net0/v6
addrconf
7 - 85
STATE
ok
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
192.168.0.111/24
192.168.0.101/24
192.168.0.202/24
192.168.0.203/24
::1/128
fe80::a00:27ff:fe68:6f2d/10
Examining the Status of All Network Interfaces

To display network interface configuration information, use
ipadm show-if.
# ipadm show-if
IFNAME
CLASS
lo0
loopback
net0
ip
net1
ip
net2
ip
net3
ip
7 - 87
STATE
ok
ok
ok
ok
ok
ACTIVE
yes
yes
yes
yes
yes
OVER
------
Checking Network Interface Traffic Status

To check network traffic on the network interface, use
netstat -I interface interval count.
# netstat -I net0 -i 5
input
net0
output
packets errs packets errs colls
582
0
69
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
^C
7 - 89
input
packets
2732
0
1
5
0
0
(Total)
output
errs packets errs
0
1364
0
0
0
0
0
2
0
0
1
0
0
0
0
0
0
0
colls
0
0
0
0
0
0
Verifying the Status of Network Interfaces

To display the status of the network interfaces, use the
netstat -i command.
# netstat -i
Name
lo0
net0
Mtu Net/Dest
8232 loopback
1500 server1
Address
localhost
server1
Ipkts Ierrs Opkts Oerrs Collis Queue

845037 0
845037 0
0
0
87805 0
126771 0
0
0
...
(output truncated)
7 - 90
Checking the Routing Table

To view the known routes, use the netstat -r command.
# netstat -r
Routing Table: IPv4
Destination
Gateway
-----------------localhost
localhost
192.168.0.0
server1
. . .
(output truncated)
7 - 91
Flags
----UH
U
Ref
--2
4
Use
---2817
14293
Interface
--------lo0
net0
Viewing User and Process Information

To list the user, process ID, and the program that originally
created the network endpoint or controls it now, use the
netstat -u command.
# netstat -nauv
UDP: IPv4
Local Address
Remote Address
User
Pid
State
-------------------- -------------------- -------- ------ ---------*.*
root
79 Unbound
*.*
root
79 Unbound
*.*
netadm
308 Unbound
*.*
netadm
308 Unbound
*.631
root
430 Idle
/etc/cups/cupsd.conf
127.0.0.1.53
root
443 Idle
192.168.0.100.53
root
443 Idle
*.111
daemon
539 Idle
*.*
daemon
539 Unbound
*.52951
daemon
539 Idle
*.111
daemon
539 Idle
*.*
daemon
539 Unbound
*.36871
daemon
539 Idle
*.*
root
585 Unbound
*.520
root
782 Idle
*.68
root
787 Idle
*.546
root
787 Idle
. . .
(output truncated)
7 - 92
Command
---------------/lib/inet/in.mpathd
/lib/inet/in.mpathd
/lib/inet/nwamd
/lib/inet/nwamd
/usr/sbin/cupsd -C
/usr/sbin/named
/usr/sbin/named
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/sbin/rpcbind
/usr/lib/inet/in.ndpd
/usr/sbin/in.routed
/sbin/dhcpagent
/sbin/dhcpagent
Viewing Statistics on IP Traffic

To gather and report statistics on IP traffic based on the
selected output mode and sort order, use the ipstat
command.
# ipstat -l 5
SOURCE
DEST
s11-desktop.mydomain.com
s11-desktop.mydomain.com
Total: bytes in: 39.0 bytes out: 28.0
7 - 93
PROTO
UDP
UDP
INT
net0
net0
BYTES
39.0
28.0
Viewing Statistics on TCP and UDP Traffic

To gather and report statistics on TCP and UDP traffic based
on the selected output mode and sort order, use the tcpstat
command.
# tcpstat -l
ZONE
global
global
global
global
global
Total: bytes
7 - 94
5
PID
795
795
795
795
795
in:
PROTO SADDR
UDP
s11-server1.mydo
UDP
s11-desktop.mydo
UDP
s11-desktop.mydo
UDP
s11-desktop.mydo
UDP
s11-server1.mydo
34.0 bytes out: 23.0
SPORT
53
42857
59127
38509
53
DADDR
s11-desktop.mydo
s11-server1.mydo
s11-server1.mydo
s11-server1.mydo
s11-desktop.mydo
DPORT
42857
53
53
53
59127
BYTES
20.0
9.0
7.0
7.0
7.0
Checking Network Connectivity

and Response Times
To check connectivity between one host and another, use the
ping command.
# ping -s 192.168.0.112
PING 192.168.0.112: 56 data bytes
64 bytes from s11-serv1.mydomain.com (192.168.0.112):
icmp_seq=0. time=1.143 ms
^C
----192.168.0.112 PING Statistics---3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max/stdev = 1.639/0.724/1.143/0.649
7 - 95
Capturing Packets from the Network

To capture packets, use snoop.
# snoop -v
Using device net0 (promiscuous mode)
ETHER: ----- Ether Header ----ETHER: Packet 1 arrived at 13:52:2.50694
ETHER: Packet size = 106 bytes
ETHER: Destination = 0:7:e9:24:45:93, PCS Computer Systems GmbH
ETHER: Source
= 0:3:ba:45:a6:d4,
ETHER: Ethertype = 0800 (IP)
. . . . .
IP:
----- IP Header ----IP:
Version = 4
IP:
Header length = 20 bytes
IP:
Type of service = 0x00
IP:
xxx. .... = 0 (precedence)
IP:
...0 .... = normal delay
IP:
.... 0... = normal throughput
. . . . .
^C
7 - 96
Quiz
Which command can you use to display your systems current
network interface configuration?
a. ipadm
b. ping
c. netstat -I
7 - 97

Verifying connectivity between two hosts
Checking connectivity to the DNS server
Monitoring transaction traffic between two hosts
Checking traffic load on a network interface
7 - 98
Lesson Agenda
7 - 99

Network Resource Management: Overview
7 - 100
Network resource management is the process of

managing and allocating resources for networking
processes.
It is comparable to creating dedicated lanes for traffic.
You can assign resources differently depending on the
amount of network traffic that is being processed.
It helps in increasing the systems efficiency when
processing packets.
Methods of Managing Network Resources

The network resources on a system can be managed in one of
the following ways:
Datalink properties: Improves the systems efficiency in
processing packets
Flows: Controls how resources are used to process
network packets
7 - 102
Managing Virtual Network Resources

by Using Flows
Flows:
Are created on a per-VNIC basis
Are used to categorize network packets
Define and isolate packets with similar characteristics
Can be assigned specific resources
Bandwidth is assigned based on the usage policy for the
system.
7 - 103

Determining the configured VNIC states
Creating and adding a flow
Displaying flow controls
Creating flows and selecting flow properties
Setting flow properties
Displaying flow control properties
Setting a priority property
7 - 104
Determining the Configured VNIC States

To determine the current state of the VNICs on the system,
use dladm show-link.
# dladm show-link
net0
stub0
net3
net1
net2
vnic0
vnic1
vnic2
7 - 105
phys
etherstub
phys
phys
phys
vnic
vnic
vnic
1500
9000
1500
1500
1500
9000
9000
9000
up
unknown
up
up
up
up
up
up
-----stub0
stub0
stub0
Creating and Adding a Flow

1. Create a new VNIC by using dladm create-vnic -l
etherstub vnic.
2. Select the attribute on which you want to base the flow.
3. Determine how you want to customize the flows use of the
network resources.
4. Add the VNIC as a flow by using flowadm add-flow -l
link -a attribute=value flow.
# flowadm add-flow -l vnic3 -a transport=tcp,local_port=80 http1
7 - 106
Displaying Flow Controls

To display the flow controls that are currently configured in the
system, use flowadm show-flow.
# flowadm show-flow
FLOW
LINK
PROTO LADDR
http1
vnic3
tcp
--
7 - 107
LPORT RADDR
80
--
RPORT DSFLD
---
Creating Flows and Selecting Flow Properties
Flows are created according to attributes.

Attributes are classifications that are used to organize
network packets into a flow.
Flows use properties to control resources:
maxbw: Maximum amount of a links bandwidth that packets
identified with this flow can use
priority: Priority given to the packets in a flow:
7 - 108
Options: high, medium, or low

Default: medium
Setting Flow Properties

To set a flow property, use flowadm set-flowprop -p
property=value flow.
# flowadm set-flowprop -p maxbw=100M http1
7 - 109
Displaying Flow Control Properties

To display a flows control properties, use flowadm showflowprop flow.
# flowadm
FLOW
http1
http1
http1
7 - 110
show-flowprop
PROPERTY
maxbw
priority
hwflow
http1
PERM VALUE
rw
100
rw
medium
roff
DEFAULT
-medium
--
POSSIBLE
-low,medium,high
on,off
Setting a Priority Property

To set a link property, use dladm set-linkprop -p
property=high vnic.
# dladm set-linkprop -p priority=high vnic1
To view the priority property for a link, use dladm showlinkproperty -p priority vnic.
# dladm show-linkprop -p priority vnic1
LINK
PROPERTY
PERM VALUE
EFFECTIVE
vnic1
priority
rw
high
high
7 - 111
DEFAULT
medium
POSSIBLE
low,medium,high
Quiz
Which two properties do flows use to control resources?
1. speed and mtu
2. maxbw and priority
3. flowctrl and threshold
7 - 112
Practices 7-5 Overview:

Managing the Virtual Network Data Flow
In this practice, you manage resources on the virtual network
by using data flows.
7 - 113
Summary
Describe some of the basic networking concepts
Administer a datalink configuration
Administer a network interface
Administer a profile-based network configuration
Verify the network operations
Manage resources on the network
7 - 114
Administering Oracle Solaris Zones
Objectives
Explain the fundamentals of Oracle Solaris zones
Configure an Oracle Solaris zone
Determine an Oracle Solaris zone configuration
8-2
Introduction
Processes
Installation
Boot and Shutdown
Users
Services
Security
Zones
Packages
Network
8-3
Storage
Lesson Agenda
8-4
Introducing Oracle Solaris Zones

Configuring an Oracle Solaris Zone
Determining an Oracle Solaris Zone Configuration
Oracle Solaris 11 Virtualization Technologies
Virtualization technologies provide solutions to constantly

changing business conditions.
Data centers are using virtualization technologies to:
Consolidate applications and data onto fewer servers

Provide better flexibility for managing workloads
Support legacy applications on newer systems
Provision systems faster
Overcome scalability constraints
The Oracle Solaris 11 virtualization technologies include:

Server virtualization
Desktop virtualization
Integrated solutions
8-5
Server Virtualization
Oracle Solaris Zones

Provides isolated runtime environments for individual
applications by using flexible, software-defined boundaries
Oracle VM Server for SPARC

Is built for Oracle servers with chip multithreading (CMT)
technology
Is tightly integrated with the hardware
Reduces the overhead typically associated with softwarebased solutions
Dynamic Domains
Are available on Oracles Sun SPARC Enterprise M-Series
servers
Divide a single machine into multiple electrically isolated
partitions for efficient workload isolation
8-7
Desktop Virtualization
Oracle Secure Global Desktop Software

Provides secure access to centralized, server-hosted
Windows, UNIX, mainframe, and midrange applications from
a variety of clients, including Windows PCs, Mac OS X
systems, Oracle Solaris workstations, Linux PCs, thin clients,
and more
Oracle VM VirtualBox
Is an open-source solution that allows systems to run
multiple environments at the same time to get the most
flexibility and utilization
8-9
Integrated Solutions
Oracle Enterprise Manager provides a comprehensive
management solution for:
Managing virtual machines
Operating systems
Software
8 - 10
Oracle Solaris 11 Zones Technology: Overview

Zones:
Provide an isolated and secure environment for running
applications
Are virtualized operating system environments, each
created within a single instance of the OS
Are isolated from each other and the rest of the system
Enable a one-application-per-server deployment model to
be maintained while simultaneously sharing hardware
resources
Support installing and running Oracle Solaris Zones on
shared storage
8 - 11
When to Use Zones

apps zone (apps.com)
zone root: /zones/apps
exclusive-IP type
Global Zone (serviceprovider.com)

users zone (users.net)
work zone (work.org)
Network Services
(BIND 8.3, sendmail)
Network Services
(BIND 9.2, sendmail)
Core Services
(ypbind, automountd)
Core Services
(ypbind, inetd, rpcbind)
Core Services
(inetd, ldap_cachemgr)
zoneadmd
zcons
zcons
zoneadmd
bge1
Enterprise Services
(Oracle databases)
e1000g1
Web Services
(Apache 2.2.18)
bge0
Login Services
(OpenSSH sshd 3.4)
e1000g0
Web Services
(Apache 2.2.18, J2SE)
zcons
zone root: /zones/work

shared-IP type
/opt/yt
zone root: /zones/users

shared-IP type
zoneadmd
Zone Management (zonecfg(1M), zoneadm(1M), zlogin(1), so on)

Core Services
(inetd, rpcbind, ypbind,
automountd, snmpd,
sendmail, sshd, ...)
<>
Network Device (e1000g0)
Used exclusively by the apps zone
8 - 12
Remote Admin/monitoring
(SNMP, WBEM)
<>
Network Device (bge0)
Platform Administration
(syseventd, devfadm, ...)
Storage Complex
Application
Environment
Virtual
Platform
Network Virtualization with Zones

BEFORE CONSOLIDATION
Host 1
Host 2
Host 3
App 1
App 2
App 3
NIC Port
NIC Port
NIC Port
1 GB
1 GB
100 MB
AFTER CONSOLIDATION
Oracle Solaris
Oracle Solaris
Oracle Solaris
ZONE 1
ZONE 2
ZONE 3
VNIC
VNIC
VNIC
1 GB
300 MB
Physical NIC Port
10 GB
8 - 13
100 MB
Oracle Solaris Zones:

Requirements and Restrictions
Zones can be used on any machine that is running Oracle

Solaris 10 or later.
The number of zones is determined by the following:
Total resource requirement of the application software that is
running in all the zones
Size of the system
8 - 14
Zone Types
A global zone is:

The default zone for the system
Used for system-wide administration control
Used to configure, install, manage, or uninstall a non-global
zone
Bootable from the system hardware
Non-global zones enable:

Independent management of applications
Different versions of the same application to be run on the
system
Allocation of system resources
8 - 15
Characteristics of the Global

Zone and Non-Global Zones
Global Zone
Non-Global Zone
Is assigned ID 0 by the system
Is assigned a zone ID by the system

when the zone is booted
Provides a single instance of the Oracle

Solaris kernel that is bootable and
running on the system
Shares operations under the Oracle

Solaris kernel that is booted from the
global zone
Contains a complete installation of the

Oracle Solaris system software
packages
Contains an installed subset of the

complete Oracle Solaris operating system
software packages
Can contain additional software packages

or additional software, directories, files,
and other data that are not installed
through packages
Can contain additional software,

directories, files, and other data created
on the non-global zone that are not
installed through packages; can also
contain additional installed software
packages
8 - 16
Characteristics of the Global

Zone and Non-Global Zones
Global Zone
Non-Global Zone
Provides a complete and consistent

product database that contains
information about all the software
components installed in the global zone
Provides a complete and consistent

product database that contains
information about all the software
components installed in the zone
Holds configuration information that is

specific only to the global zone, such as
the global zone host name and file system
table
Has configuration information that is

specific only to that non-global zone, such
as the non-global zone host name and file
system table
Is the only zone that is aware of all device Is not aware of the existence of any other
file systems, and non-global zones along zones
with their configurations
Is the only zone from which a non-global
zone can be configured, installed,
managed, or uninstalled
8 - 17
Cannot install, manage, or uninstall other

zones, including itself
Branded Zones
Provide an extension of Oracle Solaris zones

Contain operating environments that are different from that
of the global zone
Run applications
Use a brand (for example, solaris10 brand) to:
Define the operating environment that can be installed in the
zone
Determine how the system will behave within the zone
Identify the correct application type at application launch time
8 - 18
Use extensions to the standard zone structure to perform

branded zone management
Immutable (Read-Only) Zone
A zone with a read-only root is called an Immutable Zone.

It preserves a zones integrity by using a read-only root file
system.
It blocks modifications to system binaries or system
configurations.
The file-mac-profile property:
Is used to configure a read-only root
Is set by using the zonecfg utility
Is not set by default
8 - 19
Zone Network Interfaces
Zones communicate through IP network interfaces.

The system administrator configures zone network
interfaces during zone configuration.
When a zone is booted, the network interfaces are set up
and placed in the zone.
Two IP types are available for non-global zones:
Shared-IP: A network interface is shared with the global
zone.
Exclusive-IP: A network interface is dedicated to the nonglobal zone.
8 - 21
Quiz
Which type of zone is the default zone for a system?
a. Global zone
b. Non-global zone
c. Branded zone
8 - 22
Quiz
Zones are isolated from each other and from the rest of the
system.
a. True
b. False
8 - 23
Quiz
A shared-IP zone must share a network interface with at least
one other non-global zone.
a. True
b. False
8 - 24
Quiz
Non-global zones can communicate only over a virtual network.
a. True
b. False
8 - 25
Lesson Agenda
8 - 26
Getting Started with Oracle Solaris Zones

Planning for Non-Global Zone Configuration

Before configuring your non-global zone, its important to do the
following:
Evaluate the applications running on your system to determine
the applications that you want to run in a zone.
Assess the availability of disk space to hold the files that are
unique in the zone.
Decide the naming convention you want to follow for your zone.
Determine the zone path.
Determine the type of zone (shared or exclusive) you want to set
up. Note that exclusive-IP is the default type for zones.
Determine the file system that you want to mount in the zone.
Determine the network interface that should be made available in
the zone.
8 - 27
Planning for a Virtual Network and Zones
Identify the virtual network configuration:

Virtual switch or etherstub
Number of VNICs and name assignments
Identify the zone configuration:

Number of zones
Zone configuration details
Zone and VNIC assignments
8 - 28
Configuring Zones by Using VNICs

1. Create the virtual switch or etherstub.
2. Create the VNICs.
3. Configure the zones to use the VNICs.
System
Zone 1
Zone 2
Zone 3
VNIC 1
VNIC 2
VNIC 3
Virtual Switch
8 - 29
Non-Global Zone
Configuration Process: Overview
Start
Plan the zone strategy.
Create a ZFS file system for all

the zones.
Exit the zone configuration

utility.
Install the zone.
Boot the zone.

Configure the zone.
Complete the initial internal
zone configuration.
Verify and commit the zone
configuration.
End
8 - 31
Non-Global Zone States

install, attach, or
clone
create
Undefined
Configured
delete
Installed
uninstall
uninstall
halt
attach failure
attach
Unavailable
storage unavailable, incompatible software
halt / shutdown
ready
reboot
Running
8 - 32
boot
Ready
Planning the Zone Strategy
8 - 34
Virtual network configuration: Two VNICs vnic1 and

vnic2
Two zones: hrzone and itzone
Zone paths: /zones/hrzone and /zones/itzone
IP type: Exclusive-IP
VNIC to zone association: vnic1 for hrzone; vnic2 for
itzone
Creating a ZFS File System for Zones in rpool

To create a ZFS file system for zones in rpool, use the
following command:
# zfs create -o mountpoint=/zones rpool/zones
To verify that the file system exists and that it has been
mounted, use the following command:
# zfs list rpool/zones
NAME
USED AVAIL
rpool/zones
31K 22.6G
8 - 35
REFER
31K
MOUNTPOINT
/zones
Configuring the Zone

To configure a zone, use zonecfg -z zonename.
# zonecfg -z hrzone
hrzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:hrzone> create
create: Using system default template SYSdefault
zonecfg:hrzone> set zonepath=/zones/hrzone
zonecfg:hrzone> set autoboot=true
zonecfg:hrzone> add net
zonecfg:hrzone:net> set physical=vnic1
zonecfg:hrzone:net> end
zonecfg:hrzone> verify
zonecfg:hrzone> commit
zonecfg:hrzone> exit
8 - 36
Verifying That a Zone Is in configured State

To list all configured and running zones in the system, use
zoneadm list -cv.
# zoneadm list -cv
ID NAME STATUS
0 global running
- hrzone configured
- itzone configured
8 - 39
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
Installing the Zone

To install a zone, use zoneadm -z <zone_name> install.
# zoneadm -z hrzone install
The following ZFS file system(s) have been created:
rpool/zones/hrzone
Progress being logged to /var/log/zones/zoneadm.20131037T065334Z.hrzone.install
Image: Preparing at /zones/hrzone/root.
AI Manifest: /tmp/manifest.xml.fXai_f
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: hrzone
Installation: Starting ...
Creating IPS image
Startup linked: 1/1 done
Installing packages from:
solaris
origin: http://s11-server1.mydomain.com/
DOWNLOAD
PKGS
FILES
XFER (MB)
SPEED
Completed
255/255
51394/51394
341.6/341.6
2.8M/s
...
...
Log saved in non-global zone as
/zones/hrzone/root/var/log/zones/zoneadm.20131027T235442Z.hrzone.install
8 - 40
Booting the Zone

To list all running and installed zones on the system, use
zoneadm list -iv.
# zoneadm list
ID NAME
0 global
- hrzone
- itzone
-iv
STATUS
running
installed
installed
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
To boot a zone, use zoneadm -z zonename boot.

# zoneadm -z hrzone boot
# zoneadm -z itzone boot
# zoneadm list -v
ID NAME
STATUS
0 global
running
1 hrzone
running
2 itzone
running
8 - 42
PATH
/
/zones/hrzone
/zones/itzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
Logging In to a Zone
To log in to a zone, use zlogin followed by the zone name.
# zlogin -C hrzone
[Connected to zone hrzone console]
8 - 43
Gathering Information for

the System Configuration Tool
Computer Name: hrzone

DNS Name service: Do not configure DNS
Alternate Name Service: None
Time Zone, Region, and Location: Use your specific

location.
Locale Language and Territory: Use your specific locale.
Users, username, and password
8 - 44
Checking the Virtual Network

Configuration in a Zone
To display the network interface address information for a
zone, log in to the zone, and then use ipadm show-addr.
# zlogin hrzone
[Connected to zone 'hrzone' pts/2]
Oracle Corporation
SunOS 5.12
root@hrzone:~# ipadm show-addr
ADDROBJ
TYPE
STATE
lo0/v4
static
ok
vnic1/v4
static
ok
lo0/v6
static
ok
vnic1/v6
addrconf ok
8 - 45
11.2
June 2014
ADDR
127.0.0.1/8
192.168.1.100/24
::1/128
fe80::8:20ff:fe43:7986/10
Exiting a Non-Global Zone

To exit a non-global zone from a pseudo terminal or terminal
login, use exit.
# exit
To disconnect from a zone from a virtual console or console

login, use ~..
# ~.
8 - 46
Halting a Zone
To halt a zone, run zoneadm -z <zone_name> halt.
global# zoneadm -z hrzone halt
To verify that the zone has been halted, run zoneadm

list -v.
global# zoneadm list -iv
ID NAME
STATUS
0 global
running
2 itzone
running
- hrzone
installed
8 - 47
PATH
/
/zones/itzone
/zones/hrzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
Shutting Down a Non-Global Zone

To shut down a zone, use zoneadm -z <zone_name>
shutdown.
global# zoneadm -z hrzone shutdown
8 - 48
Administering Immutable Zones
Setting a strict Immutable Zone
zonecfg:hrzone> set file-mac-profile=strict
Setting a fixed-configuration Immutable Zone
zonecfg:itzone> set file-mac-profile=fixed-configuration
Setting a flexible-configuration Immutable Zone
zonecfg:userszone> set file-mac-profile=flexible-configuration
Displaying zone properties
# zoneadm list -p
0:global:running:/::solaris:shared:-:none
1:hrzone:running:/zones/hrzone:<UUID>:solaris:excl:R:strict
2:itzone:running:/zones/itzone:<UUID>:solaris:excl:R:fixed-configuration
3:userszone:running:/zones/userszone:<UUID>:solaris:shared:R:flexibleconfiguration
8 - 49
Booting Immutable Zones

You can temporarily override the zone restrictions in the readonly root file system by booting the zone with the -w option.
# zoneadm -z hrzone boot
8 - 51
-w
Delegating Zone Administration

Delegate zones administration to different users.
The auth property:
login (solaris.zone.login)
manage (solaris.zone.manage)
clone (solaris.zone.clonefrom)
The admin zone property:

zonecfg:zone1> add admin
zonecfg:zone1:admin> set user=oracle
zonecfg:zone1:admin> set auths=login,manage
zonecfg:zone1:admin> end
8 - 52
Quiz
The privileges of a zone administrator are confined to a nonglobal zone.
a. True
b. False
8 - 53
Quiz
After you have run the zonecfg -z zonename command,
which command would you use to start the configuration of a
new zone?
a. add zone
b. begin
c. create
d. start
8 - 54
Quiz
To use VNICs, as which IP type must a zone be configured?
a. Shared-IP
b. Exclusive-IP
c. Either shared or exclusive
8 - 55
Quiz
You have created the configuration for a new zone. What is the
next step?
a. Boot the new zone.
b. Commit the configuration.
c. Exit the configuration.
d. Verify the configuration.
8 - 56
Quiz
Which command is used to perform a clean shutdown of a
zone?
a. exit
b. zoneadm -z zonename shutdown
c. zoneadm -z zonename halt
d. ~.
8 - 57
Practice 8-1 Overview: Configuring Zones

Configuring three zones to use VNICs
Displaying the zone configuration, including the interfaces
8 - 58
Lesson Agenda
8 - 59
Getting Started with Oracle Solaris Zones

8 - 60
Displaying the status of zones

Displaying a zone configuration
Displaying zone network information
Determining a zones resource utilization
Determining a zones kernel file system statistics
Displaying the Status of Zones

The zoneadm list subcommand helps in verifying the status
of all the zones running in the system.
list options include the following:
-c displays all the configured zones in the system.
-i expands the display to all installed zones.
-v displays verbose information, including zone name, ID,
current state, root directory, brand type, IP-type, and
options.
# zoneadm list -cv
ID NAME
STATUS
0 global
running
2 itzone
running
- hrzone
installed
8 - 61
PATH
/
/zones/itzone
/zones/hrzone
BRAND
solaris
solaris
solaris
IP
shared
excl
excl
Displaying a Zone Configuration

To display a non-global zone configuration, use zonecfg -z
zonename info.
# zonecfg -z finzone info
zonename: finzone
zonepath: /zones/finzone
brand: solaris
autoboot: true
bootargs:
file-mac-profile:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
fs-allowed:
<output continued on next slide>
8 - 62
Displaying a Zone Configuration

<output continued from previous slide>
fs:
dir: /local/finzone
special: rpool/finzone
raw not specified
type: lofs
options: []
net:
address: 192.168.0.20
allowed-address not specified
configure-allowed-address: true
physical: net0
defrouter not specified
rctl:
name: zone.max-lwps
value: (priv=privileged,limit=500,action=deny)
8 - 63
Displaying Zone Network Information

To display network interface address information, use ipadm
show-addr.
# ipadm show-addr
ADDROBJ
lo0/v4
lo0/zoneadmd-v4
net0/v4
net0/zoneadmd-v4
lo0/v6
lo0/zoneadmd-v6
net0/v6
8 - 64
TYPE
static
static
static
static
static
static
addrconf
STATE
ok
ok
ok
ok
ok
ok
ok
ADDR
127.0.0.1/8
127.0.0.1/8
192.168.0.100/24
192.168.0.10/24
::1/128
::1/128
fe80::a00:27ff:fe68:6f2d/10
Determining a Zones Resource Utilization

To determine a zones resource utilization, use the zonestat
utility.
# zonestat -r summary 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARYInterval: 3, Duration: 0:00:15
SUMMARY
Cpus/Online: 1/1
---CPU---- --PhysMem-ZONE USED %PART USED %USED
[total] 1.00 100% 658M 64.3%
[system] 0.18 18.9% 373M 36.5%
choczone 0.68 68.8% 44.0M 4.30%
global 0.11 11.0% 133M 13.0%
QA 0.00 0.40% 53.5M 5.23%
grandmazone 0.00 0.81% 53.3M 5.21%
...
...
...
(output truncated)
8 - 65
PhysMem: 1023M VirtMem: 2047M

--VirtMem-- --PhysNet-USED %USED PBYTE %PUSE
839M 41.0% 1431 0.00%
521M 25.4%
49.6M 2.42%
0 0.00%
167M 8.16% 1431 0.00%
50.3M 2.46%
0 0.00%
51.4M 2.51%
0 0.00%
Determining a Zones
Kernel File System Statistics
# fsstat -z
new name
file remov
93
82
248
237
12.0K 1.90K
12.0K 1.90K
# fsstat -A
new name
file remov
360K 1.79K
359K 1.48K
93
82
248
237
60.0K 41.9K
49.4K 38.1K
5.28K 1.90K
5.25K 1.90K
8 - 67
s10 -z s10u9 zfs tmpfs

name attr attr lookup rddir read read write write
chng
get set
ops
ops
ops bytes
ops bytes
6 163K 110
507K
148 69.7K 67.9M 4.62K 13.7M zfs:s10
158 188K 101
612K
283 70.6K 68.6M 4.71K 15.2M zfs:s10u9
10.1K 35.4K
12 60.3K
4 25.7K 29.8M 36.6K 31.0M tmpfs:s10
10.1K 35.6K
14 60.2K
2 28.4K 32.1M 36.5K 30.9M tmpfs:S10u9
-Z zfs tmpfs
name attr attr lookup rddir read read write write
chng
get
set
ops
ops
ops bytes
ops bytes
20.2K 4.20M 1.02M 25.0M 145K 5.42M 2.00G 1.07M 8.10g zfs
20.1K 4.04M 1.02M 24.5M 144K 5.31M 1.88G 1.06M 8.08G zfs:global
6 74.8K
107
250K
144 54.8K 60.5M 4.61K 13.7M zfs:s10
158 90.2K
101
336K
283 53.0K 58.3M 4.71K 15.2M zfs:s10u9
17.7K 410K
515
216K
426 1022K 1.02G 343K 330M tmpfs
11.0K 366K
489
172K
420 968K 979M 283K 273M tmpfs:global
3.36K 21.9K
12 21.7K
4 25.7K 29.8M 29.9K 28.3M tmpfs:s10
3.34K 22.1K
14 21.6K
2 28.4K 32.1M 29.8K 28.2M tmpfs:s10u9
Quiz
If you want to see additional information about all configured,
running, and installed zones on a system, which command
would you use?
a. zoneadm list
b. zoneadm list -c
c. zoneadm list -civ
8 - 68
Quiz
Which command would you use to display configuration
information about a zone named myzone?
a. zoneadm myzone status
b. zoneadm myzone info
c. zonecfg -z myzone info
d. zonecfg -z myzone verify
8 - 69
Practice 8-2 Overview: Determining an Oracle

Solaris Zones Configuration
Examining the configuration of the current zones
Determining the current zone resource allocation
8 - 70
Summary
Explain the fundamentals of Oracle Solaris zones
Configure an Oracle Solaris zone
Determine an Oracle Solaris zone configuration
8 - 71
Controlling Access to Systems and Files
Objectives
Establish system and file access control
Control access to systems
Control access to files
Secure access to a remote host
9-2
Introduction
Processes
Installation
Users
Boot and Shutdown
Security
Services
Packages
Zones
Network
9-3
Storage
Importance of System and File Access Control

It is important to control access to systems and files to prevent:
Unauthorized user access
Intruders gaining remote access
9-4
Implementing System and File Access Control

As part of implementing system and file access control, you will
learn how to:
Set up and test system and file access controls
Verify that the controls are working
Set up and test Secure Shell
9-5
Lesson Agenda
9-6
Controlling Access to Systems

Controlling Access to Files
Securing Access to Remote Host

You can control a users access to the system by:
Securing logins and passwords
Changing the password algorithm
9-7
Login and Password Security
Use login control and password assignment to prevent

unauthorized logins to a system or the network.
The login command:
Verifies the username and password
Denies access to the system if the username and/or
password are incorrect
Ensure that all the accounts on a system have a password.

Passwords are kept secure through:
Encryption
Placement in a separate file from username and other
information
9-8
Password Algorithms and the

/etc/security/policy.conf File
#
# crypt(3c) Algorithms Configuration

#
# CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to
# be used for new passwords. This is enforced only in crypt_gensalt(3c).
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
# To deprecate use of the traditional unix algorithm, uncomment below
# and change CRYPT_DEFAULT= to another algorithm. For example,
# CRYPT_DEFAULT=1 for BSD/Linux MD5.
#
#CRYPT_ALGORITHMS_DEPRECATE=__unix__
# The OpenSolaris default is SHA256 based algorithm. To revert to
# the policy present in Solaris releases set CRYPT_DEFAULT=__unix__,
# which is not listed in crypt.conf(4) since it is internal to libc.
#
CRYPT_DEFAULT=5
#
9-9
/etc/security/crypt.conf File
#
#ident
"%Z%%M%
%I%
%E% SMI"
#
# The algorithm name __unix__ is reserved.
1
2a
md5
5
6
crypt_bsdmd5.so.1
crypt_bsdbf.so.1
crypt_sunmd5.so.1
crypt_sha256.so.1
crypt_sha512.so.1
Identifier
Description
MD5 algorithm
2a
Blowfish algorithm
md5
Sun MD5 algorithm
SHA256 algorithm
SHA512 algorithm
_unix_
Traditional UNIX encryption algorithm
9 - 10
Controlling and Monitoring System Activities

It is your responsibility to control and monitor system activity by
performing the following:
Setting limits on who can use what resources
Logging resource use
Monitoring who is using the resources
Note: The system tracks real and effective user and group ID
logins. To determine the real UID, use who am i. To determine
the effective UID, use whoami.
9 - 11
Securing Logins and Passwords
9 - 12
Displaying a users login status

Displaying users without passwords
Disabling user logins temporarily
Monitoring failed login attempts
Monitoring all failed login attempts
Verifying the password algorithm change
Monitoring who is using the su command
Displaying a Users Login Status

To display a users login status, use logins -x -l
loginname.
# logins -x -l jjones
jjones
1003
9 - 13
itadmin
110
/export/home/jjones
/usr/bin/bash
PS 010170 -1 -1 -1
joe jones
Displaying Users Without Passwords

To display users without passwords, use logins p.
# logins -p
omai
mhatter
tbone
1016
1009
501
staff
staff
other
10
10
1
olin mai
maddy hatter
terry bone
# grep omai /etc/shadow

omai::15310::::::
9 - 15
Disabling User Logins Temporarily

To temporarily block any non-administrative users from logging
in to the system, run init S.
# init S
To enable general user login, run init 3.

# init 3
9 - 16
Monitoring Failed Login Attempts

1. Create the loginlog file in the /var/adm directory.
2. Set read and write permissions for the root user on the
loginlog file.
3. Change group membership to sys on the loginlog file.
4. Verify that the log works.
# touch /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# chgrp sys /var/adm/loginlog
# cat /var/adm/loginlog
jjones:/dev/pts/2:Mon Nov 11 23:21:10
9 - 17
2013
2013
2013
2013
2013
Monitoring All Failed Login Attempts

1. Edit the /etc/default/login file with SYSLOG=YES
and SYSLOG_FAILED_LOGINS=0.
2. Create a file with the correct permissions to hold the
logging information.
a. Create the authlog file in the /var/adm directory.
b. Set read and write permissions for the root user on the
authlog file.
c. Change group membership to sys on the authlog file.
3. Edit the syslog.conf file to log failed password attempts.

a. Make the auth.notice entry into the syslog.conf file.
b. Refresh the system-log service.
4. Verify that the log works.
9 - 18
Monitoring All Failed Login Attempts: Example

# vi /etc/default/login
# more /etc/default/login
SYSLOG=YES
SYSLOG_FAILED_LOGINS=0
# touch /var/adm/authlog
# chmod 600 /var/adm/authlog
# chgrp sys /var/adm/authlog
# vi /etc/syslog.conf
# grep auth.notice /etc/syslog.conf
*.err;kern.notice;auth.notice
/dev/sysmsg
auth.notice
/var/adm/authlog
#auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
# svcadm refresh system/system-log
<Test the entry by attempting to log in as user using an incorrect
password>
# cat /var/adm/authlog
Dec 2 16:57:27 client1 su: [ID 810491 auth.crit] 'su jdoe' failed for
oracle on /dev/pts/1
9 - 20
Changing the Password Algorithm

1. View the available password-encrypting algorithms in the
/etc/security/crypt.conf file and determine which
algorithm you want to use.
2. Using a text editor, change the password algorithm in the
/etc/security/policy.conf file by:
a. Commenting out the current default entry
b. Specifying a different encryption algorithm from the list of
available algorithms
9 - 21
Changing the Password Algorithm: Example

# cat /etc/security/crypt.conf
#
#ident
"%Z%%M% %I%
%E% SMI"
#
# The algorithm name __unix__ is reserved.
1
crypt_bsdmd5.so.1
2a
crypt_bsdbf.so.1
md5
crypt_sunmd5.so.1
5
crypt_sha256.so.1
6
crypt_sha512.so.1
# vi /etc/security/policy.conf
#
CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
#
# Passwords previously encrypted with SHA256 will be encrypted with
SHA512
# when users change their passwords.
#
#CRYPT_DEFAULT=5
CRYPT_DEFAULT=6
9 - 22
Verifying the Password Algorithm Change

# grep jjones /etc/shadow
jjones:$5$ABL6xEPA$NZ6SOesHBOas7/kJPWsdUyMTzbBvWo4L6lmkqx4YX8B:15310:56:70:7:::
<Changed password algorithm in /etc/security/policy.conf>
# passwd jjones
New Password:
Re-enter new Password:
passwd: password successfully changed for jjones
jjones:$5$ABL6xDJBA$NZ6SOesHBOas7/kABCsdUyMTzbBvWo4L6lmkqx4YX8B:15310:56:70:7:::
# passwd -d jjones
passwd: password information changed for jjones
jjones::15310:56:70:7:::
# passwd jjones
New Password:
Re-enter new Password:
passwd: password successfully changed for jjones
jjones:$6$peJpli9l$N.lDkvtuNInL42iV2Y7Pno6MJiI.CPWXSvFvs.vynTQx22u9ivnb.cwpYSyncXAT
Qia/pXwfzwCn//LOTTw9n1:15310:56:70:7:::
9 - 23
Monitoring Who Is Using the su Command
By default, su logging is enabled in /var/adm/sulog.

The SULOG=/var/adm/sulog entry in
/etc/default/su enables su logging.
To monitor su logging, use more /var/adm/sulog.
# more /var/adm/sulog
SU 12/01 10:26 - pts/0
SU 12/01 10:59 + pts/0
SU 12/02 11:11 + pts/0
SU 12/02 14:56 - pts/0
SU 12/02 14:57 + pts/0
9 - 24
jjones-root
jjones-root
root-omai
jdoe-root
jdoe-root
Quiz
In which file can you specify the password algorithms
configuration?
a. /etc/passwd
b. /etc/shadow
c. /etc/security/crypt.conf
d. /etc/security/policy.conf
9 - 25

Securing logins and passwords
9 - 26
Lesson Agenda
9 - 27


To secure files and directories in Oracle Solaris 11, you can
use:
UNIX file permissions
Access control lists (ACLs)
Command
Description
ls
Lists the files in a directory and information about the files
chown
Changes the ownership of a file
chgrp
Changes the group ownership of a file
chmod
Changes permissions on a file. You can use either symbolic mode,

which uses letters and symbols, or absolute mode, which uses
octal numbers, to change the permissions on a file.
9 - 28
File Types
Symbol
Description
Block special file
Character special file
Directory
Symbolic link
Socket
Door
Named pipe
- (minus sign)
Regular text file or a program
9 - 29
UNIX File Permissions

Symbol Permission Object
r
9 - 30
Read
Write
Execute
Denied
Description
File
Designated users can open and read the contents of a

file.
Directory
Designated users can list the files in the directory.
File
Designated users can modify the contents of the file or

delete the file.
Directory
Designated users can add files or add links in the

directory. They can also remove files or remove links in
the directory.
File
Designated users can execute the file, if it is a program

or shell script.
Directory
Designated users can open files or execute files in the

directory. Users can cd into the directory.
File and
Directory
Designated users cannot read, write, or execute the file.
Interpreting File Permissions

Permissions
Interpretation
-rwx------
This file has read, write, and execute permissions set only for the
file owner. Permissions for the class group and other are denied.
dr-xr-x---
This directory has read and execute permissions set only for
the directory owner and the group.
-rwxr-xr-x
This file has read, write, and execute permissions set for the file
owner. Read and execute permissions are set for
the class group and other.
9 - 31
Special File Permissions
The special permission types for executable files and

public directories are:
setuid: Grants access to the files and directories that are
normally available only to the owner
setgid: Grants access based on the permissions that are
granted to a particular group
sticky bit: Protects the files within a directory
9 - 32
When special permissions are used, a user who runs an

executable file assumes the ID of the owner (or group) of
the executable file.
Special permissions present a security risk.
The system should be monitored for any unauthorized use
of the setuid and setgid permissions.
File Permission Modes

You use chmod to set permissions in either of two modes:
9 - 34
Symbolic Mode: Combinations of letters and symbols are

used to add permissions or remove permissions.
Absolute Mode: Numbers are used to represent file
permissions. This is the most commonly used method to
set permissions.
Setting File Permissions in Symbolic Mode

Symbol
Function
Description
who
User (owner)
who
Group
who
Others
who
All
operator
Assign
operator
Add
operator
Remove
permissions
Read
permissions
Write
permissions
Execute
permissions
Mandatory locking, setgid bit is on, group execution bit is off.
permissions
setuid or setgid bit is on.
permissions
Sticky bit is on; execution bit for others is on.
9 - 35
Setting File Permissions in Absolute Mode

Octal Value
File Permissions Set
Permissions Description
---
No permissions
--x
Execute permission only
-w-
Write permission only
-wx
Write and execute permissions
r--
Read permission only
r-x
Read and execute permissions
rw-
Read and write permissions
rwx
Read, write, and execute permissions
9 - 36
Setting Special File Permissions

in Symbolic or Absolute Mode
To set special permissions on a file, you can use either

symbolic or absolute mode.
To set or remove the setuid permission on a directory,
you must use symbolic mode.
To set special permissions in absolute mode, you add a
new octal value.
Octal Value
Special File Permissions
Sticky bit
setgid
setuid
9 - 37
Protecting Files with Basic UNIX Permissions
9 - 38
Displaying file permissions

Changing file ownership
Changing the group ownership of a file
Changing file permissions in symbolic mode
Changing file permissions in absolute mode
Setting special file permissions in absolute mode
Displaying File Permissions

To display file permissions for all the files in a directory, use
ls -la.
# cd /sbin
# ls -la
total 4960
drwxr-xr-x
drwxr-xr-x
-r-xr-xr-x
lrwxrwxrwx
...
4
33
1
1
root
root
root
root
bin
sys
bin
root
454
45
12772
10
Oct
Oct
Oct
Oct
28
27
19
27
05:10
10:00
20:55
10:00
.
..
autopush*
accept -> cupsaccept
To display the permissions for a directory, use ls -ld.

# cd ..
# ls -ld sbin
lrwxrwxrwx
1 root
9 - 39
root
10
Oct 27
10:03 sbin -> ./usr/sbin
Changing File Ownership

1. Display the permissions on a file by using ls -l
filename.
2. Change the owner of the file by using chown loginname
filename.
3. Verify that the owner of the file has changed by using
ls -l filename.
# ls -l test-file
-rw-r--r-1 mhatter
# chown omai test-file
# ls -l test-file
-rw-r--r-1 omai
9 - 40
staff
112640 Nov 2 10:49 test-file
staff
112640 Nov 2 08:50 test-file
Changing the Group Ownership of a File

filename.
2. Change the group ownership of the file by using chgrp
groupname filename.
3. Verify that the group ownership of the file has changed by
using ls -l filename.
# ls -l test-file
-rw-r--r-1 omai
staff
112640 Nov 6 08:50 test-file
# chgrp itadmin test-file
# ls -l test-file
-rw-r--r-1 omai itadmin 112640 Nov 6 08:50 test-file
9 - 41
Changing File Permissions in Symbolic Mode

filename.
2. Change the file permissions by using chmod who
operator permissions filename.
3. Verify that the permissions of the file have changed by
# ls -l test-file
-rw-r--r-1 omai itadmin
# chmod g+wx test-file
# ls -l test-file
-rw-rwxr-1 omai itadmin
# chmod u-w test-file
# ls -l test-file
-r--rwxr-1 omai itadmin
9 - 42
112640 Nov 6 08:50 test-file
112640 Nov 6 09:00 test-file
112640 Nov 6 09:05 test-file
Changing File Permissions in Absolute Mode

filename.
2. Change the file permissions by using chmod nnn
filename.
# ls -l test-file
# chmod 674 test-file
# ls -l test-file
-rw-rwxr-1 omai itadmin
# ls -l test-file
-r--rwxr-1 omai itadmin
9 - 43
112640 Nov 7 08:50 test-file
112640 Nov 7 09:10 test-file
112640 Nov 7 09:15 test-file
Setting Special File Permissions

in Absolute Mode
filename.
2. Change the special file permissions by using chmod nnnn
filename.
# ls -l test-file
# ls -l test-file
-rwsr--r-1 omai itadmin
9 - 44
112640 Nov 8 09:50 test-file
112640 Nov 8 10:10 test-file
Protecting Against Programs with Security Risk
9 - 46
Finding files with special file permissions

Disabling programs from using executable stacks
Finding Files with Special File Permissions

1. To find files with setuid permissions, use find
directory -user root -perm -4000 -exec ls
-ldb {} \; > /tmp/filename.
2. To display the results, use more /tmp/filename.
# find / -perm -4000 -exec ls -ld {} \; > /var/tmp/suidcheck
find: /proc/1476/fd/4: No such file or directory
# more /var/tmp/suidcheck
-r-sr-xr-x 1 omai itsupport 0 Sept 19 13:44 /home/omai/test-file
-rwsr-xr-x 1 root bin
64588 Sept 19 09:03 /sbin/wificonfig
-r-sr-xr-x 1 root bin 206676 Sept 19 09:02 /usr/lib/ssh/ssh-keysign
-r-sr-xr-x 1 root bin
19452 Sept 19 09:02 /usr/lib/fs/smbfs/mount
...
9 - 47
Disabling Programs
from Using Executable Stacks
1. Save a copy of the /etc/system file.
2. Edit the /etc/system file and add the following system
directives:
set noexec_user_stack=1
set noexec_user_stack_log=0
3. Reboot the system by using init 6.
# vi /etc/system
# cat /etc/system
set noexec_user_stack=1
set noexec_user_stack_log=0
# init 6
9 - 49
Quiz
Which command enables you to change permissions on a file
that is owned by a group?
a. chown
b. chgrp
c. chmod
9 - 50
Quiz
The chmod command can be used only with the absolute
mode.
a. True
b. False
9 - 51
Quiz
Which permission gives the following?
This file has read, write, and execute permissions set for the file
owner. Read and execute permissions are set for the group
and other.
a. -rwx-----b. dr-xr-x--c. -rwxr-xr-x
9 - 52
Quiz
The special permission types setuid and setgid constitute a
risk.
a. True
b. False
9 - 53

Controlling Access to File Systems
Protecting files with basic permissions
Protecting against programs with security risk
9 - 54
Lesson Agenda
9 - 55

Oracle Solaris Authentication Services

Oracle Solaris offers the following authentication services:
Authentication Service
Description
Secure RPC
An authentication mechanism that protects NFS

mounts and a naming service
Pluggable Authentication
Module (PAM)
A framework that enables various authentication

technologies to be plugged in to a system entry
service without recompiling the service
Simple Authentication and

Security Layer (SASL)
A framework that provides authentication and security

services to network protocols
Secure Shell
A secure remote login and transfer protocol that

encrypts communications over an unsecure network
Kerberos service
A client/server architecture that provides encryption

with authentication
9 - 56
Secure Shell
9 - 58
Is the default remote access control protocol on a newly

installed Oracle Solaris 11 system
Is a program for logging in to a remote system and
executing commands on that system
Enables users to securely access a remote host over an
unsecured network
Provides commands for remote login and remote file
transfer
Provides authentication by the use of passwords, public
keys, or both
Encrypts all network traffic
Secure Shell
With Secure Shell, you can:
Log in to another host securely over an unsecured network
Copy files securely between the two hosts
Run commands securely on the remote host
Login
SSH
Client
SSH
Server
OK
9 - 59
Server
Secure Shell and the Secure Shell Protocol
9 - 60
SSH supports both versions 1 and 2 of the Secure Shell

protocol.
Sites are encouraged to use only version 2.
Secure Shell Protocol Version 2: Parts

Protocol
Description
SSH Transfer
Protocol
Is used for server authentication, algorithm negotiation, and

key exchange. When this part of the SSH protocol completes,
an encrypted communication channel is established between
the server and the client.
SSH Authentication
Protocol
Is used to verify the identity of the user that runs the ssh
client. This protocol uses the established transfer protocol.
SSH Channel
Protocol
Multiplexes the encrypted channel into logical connections.

These connections can be used, for example, for user shell
sessions, port forwarding, or X11 forwarding. This protocol
uses the authentication protocol that the user established.
9 - 61
Secure Shell Authentication Methods

Method
Description
GSS-API
Uses credentials for GSS-API mechanisms
Host-based
authentication
Uses host keys
Public key
authentication
Authenticates users with their RSA and DSA public/private

keys
Password
authentication
Uses PAM to authenticate users
9 - 62
Host-Based Authentication
Authentication
Method
(Protocol
Version)
Local Host (Client1)

Requirements
Remote Host (Server1)

Requirements
Host-based (v2)
User account
Local host private and public key in
the /etc/ssh directory
ssh_host_rsa_key
ssh_host_rsa1_key
ssh_host_dsa_key
HostbasedAuthentication yes in
the /etc/ssh/sshd_config
directory
Private key in ~/.ssh/id_rsa or
~/.ssh/id_dsa
User account
Local host public key in the /etc/ssh
directory
HostbasedAuthentication yes in
/etc/ssh/sshd_config
User's public key in

~/.ssh/id_rsa.pub or
~/.ssh/id_dsa.pub
9 - 63
Client1 entry in
/etc/ssh/shosts.equiv,
/etc/hosts.equiv, ~/.rhosts, or
~/.shosts
Client1 host name in
/etc/ssh/ssh_known_hosts or
~/.ssh/known_hosts
IgnoreRhosts no in
/etc/ssh/sshd_config
Identifying the Secure Shell Defaults
9 - 64
Only protocol version 2 is in effect.

Port forwarding is disabled for the server and client sides.
X11 forwarding is disabled on the server side.
All authentication methods are enabled, including GSS-API
(preferred authentication method).
Secure Shell sshd Daemon
The sshd daemon is the daemon program for the secure

shell client (ssh).
ssh provides secure, encrypted communication between
two untrusted hosts over an unsecure network.
You can use the SMF to start, stop, or restart the sshd
daemon.
To notify the sshd daemon to read its configuration files
again, use:
# svcadm restart svc:/network/ssh:default
or
# svcadm restart ssh
9 - 65
Configuring Secure Shell

1. Verifying that users have access to both the client and the
server.
2. Logging in to a remote host with Secure Shell.
3. Generating the public/private RSA key pair.
4. Copying the RSA public key to the remote host.
5. Verifying that the RSA public key is functioning.
6. Generating the public/private DSA key pair.
7. Copying the DSA public key to the remote host.
8. Verifying the authentication process.
9 - 66
Verifying That Users Have Access

to Both the Client and the Server
Server side
# grep jjones /etc/passwd
jjones:x:1003:110:joe jones:/export/home/jjones:/usr/bin/bash
Client side
9 - 67
Logging In to a Remote Host with Secure Shell

# su - jjones
Oracle Corporation
SunOS 5.11
11.2
June 2014
jjones@server1:$ ssh client1
The authenticity of host client1 (192.168.0.111)' can't be established.
RSA key fingerprint is 38:d3:8a:bb:be:d4:b8:93:08:7a:b5:99:5d:7f:04:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added client1,192.168.0.111' (RSA) to the list of
known hosts.
Password: <password>
Last login: Tue Jul 29 08:17:26 2014 from server1
Oracle Corporation
SunOS 5.11
11.2
June 2014
jjones@client1:~$ exit
Connection to client1 closed.
9 - 68
Generating the Public/Private RSA Key Pair

jjones@server1:$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/jjones/.ssh/id_rsa):
Press Enter Key
Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <passphrase>
Your identification has been saved in /export/home/jjones/.ssh/id_rsa.
Your public key has been saved in /export/home/jjones/.ssh/id_rsa.pub.
The key fingerprint is:
51:28:86:f9:3b:55:d3:bf:eb:a9:5d:af:0d:f5:2a:8f jjones@server1
jjones@server1:$ ls .ssh
id_rsa id_rsa.pub
9 - 69
Copying the RSA Public Key to the Remote Host
jjones@server1:$ scp .ssh/id_rsa.pub jjones@client1:id_rsa.pub

id_rsa.pub
100% |*****************************|
401
jjones@server1:$ ssh client1
Last login: Tue July 29 08:19:04 2014 from server1
Oracle Corporation
SunOS 5.11
11.2
June 2014
jjones@client1:~$ ls
id_rsa.pub local.cshrc local.login local.profile
jjones@client1:~$ mkdir -p .ssh
id_rsa.pub local.cshrc local.login local.profile
jjones@client1:~$ cat ./id_rsa.pub >> .ssh/authorized_keys
jjones@client1:~$ rm ./id_rsa.pub
9 - 70
00:00
Verifying That the RSA Public Key Is Functioning

jjones@server1:~$ ssh client1
Enter passphrase for key /export/home/jjones/.ssh/id_rsa': <passphrase>
9 - 72
Generating the Public/Private DSA Key Pair

jjones@server1:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/jjones/.ssh/id_dsa):
<Press Enter Key>
Enter passphrase (empty for no passphrase): <passphrase>
Enter same passphrase again: <passphrase>
Your identification has been saved in /export/home/jjones/.ssh/id_dsa.
Your public key has been saved in /export/home/jjones/.ssh/id_dsa.pub.
The key fingerprint is:
7a:b8:cb:f8:33:e5:fb:02:a5:c3:b2:53:cc:75:90:9e jjones@server1
jjones@server1:~$ ls -a .ssh
.
id_dsa
id_rsa
known_hosts
..
Id_dsa.pub
id_rsa.pub
9 - 73
Copying the DSA Public Key to the Remote Host
jjones@server1:~$ scp .ssh/id_dsa.pub jjones@client1:id_dsa.pub

Enter passphrase for key '/export/home/jjones/.ssh/id_rsa': <passphrase>
id_dsa.pub
100% |*****************************|
609
00:00
Oracle Corporation
SunOS 5.11
11.2
June 2014
id_dsa.pub local.cshrc local.login local.profile
jjones@client1:~$ cat ./id_dsa.pub >> .ssh/authorized_keys
jjones@client1:~$ rm ./id_dsa.pub
9 - 74
Verifying the Authentication Process

Enter passphrase for key /export/home/jjones/.ssh/id_rsa': <Press Enter
Key>
Enter passphrase for key /export/home/jjones/.ssh/id_dsa': <passphrase>
Oracle Corporation
SunOS 5.11
11.2
June 2014
jjones@server1:~$ exit
logout
Connection to client1 is closed.
9 - 75
Using the Secure Shell
9 - 76
Reducing password prompts

Locking and unlocking the authentication agent
Reducing Password Prompts

jjones@server1: ~$ eval `ssh-agent`
Agent pid 1886
jjones@server1: ~$ pgrep ssh-agent
1886
jjones@server1: ~$ env | grep SSH
SSH_AGENT_PID=1886
SSH_AUTH_SOCK=/tmp/ssh-XXXXJqaWVf/agent.1885
jjones@server1: ~$ ssh-add
Enter passphrase for /export/home/jjones/.ssh/id_rsa: <passphrase>
Identity added: /export/home/jjones/.ssh/id_rsa (/export/home/jjones/.ssh/id_rsa)
Identity added: /export/home/jjones/.ssh/id_dsa (/export/home/jjones/.ssh/id_dsa)
jjones@server1:~$ ssh-add -l
2048 51:28:86:f9:3b:55:d3:bf:eb:a9:5d:af:0d:f5:2a:8f /export/home/jjones/.ssh/id_rsa
(RSA)
1024 7a:b8:cb:f8:33:e5:fb:02:a5:c3:b2:53:cc:75:90:9e /export/home/jjones/.ssh/id_dsa
(DSA)
jjones@server1: ~$ ssh client1
Oracle Corporation
SunOS 5.11
11.2
June 2014
9 - 77
Locking and Unlocking the Authentication Agent

jjones@server1:~$ ssh-add -x
Enter lock password: <password>
Again: <password>
Agent locked.
Oracle Corporation
SunOS 5.11
11.2
June 2014
jjones@server1:~$ exit
jjones@server1:~$ ssh-add -X
Enter lock password: <password>
Agent unlocked.
Oracle Corporation
SunOS 5.11
11.2
9 - 78
June 2014
Quiz
Secure Shell is an authentication service that _______.
a. Enables a user to securely access a remote host over an
unsecure network
b. Provides authentication and security services to network
protocols
c. Protects NFS mounts and a naming service
9 - 79
Quiz
If you do not want to type your passphrase and your password
to use Secure Shell, which of the following should you use?
a. ssh-add
b. ssh-agent
c. ssh-keygen
9 - 80

Configuring Secure Shell
Setting up host-based authentication
Verifying host-based authentication for SSH
Configuring SSH for public key authentication
Using SSH with no password prompt
9 - 81
Summary
Establish system and file access control
Control access to systems
Control access to files
Secure access to remote host
9 - 82
Administering User Accounts
Objectives
Get started with user administration
Set up user accounts
Manage user accounts
Manage user initialization files
Configure user disk quotas
Use shell metacharacters
10 - 2
Introduction
Processes
Installation
Users
Boot and Shutdown
Services
Security
Packages
Zones
Network
10 - 3
Storage
Lesson Agenda
10 - 4
Getting Started with User Administration

Setting Up User Accounts
Maintaining User Accounts
Managing User Initialization Files
Configuring User Disk Quotas
Using Shell Metacharacters
Importance of User Administration

It is important to administer users to address the requirements
of the user community, such as:
Setting up new accounts
Maintaining accounts
Providing access to the system and system resources
10 - 5
Types of User Accounts

A user can have the following types of accounts:
Account
Description
User
An individual account that provides a user with a unique account

name, a user identification (UID) number, a home directory, and a
login shell
Group
A collection of individual users that have a shared set of permissions

on files and other system resources
Role
A special account that can be assigned to one or more users and that
provides a set of functions and permissions that are specific to the
role
10 - 6
Main Components of a User Account

Component
Description
Username
Unique name that a user enters to log in to a system
Password
Combination of up to 256 letters, numbers, or special characters that

a user enters with the login name to gain access to a system
User identification (UID)

number
User accounts unique numerical identification within the system
Group identification (GID)

number
Unique numerical identification of the group to which a user belongs
Comment
Information that identifies a user
Users home directory
Directory into which a user is placed after login
Users login shell
Users work environment as set up by the initialization files that are

defined by the users login shell
10 - 8
System Files That Store

User Account Information
System File for User
Account Information
Description
/etc/passwd
Contains login account entries for authorized system

users
/etc/shadow
Contains encrypted passwords
/etc/default/passwd
Contains entries for controlling all the user passwords

on the system
/etc/group
Defines the default system group entries
10 - 10
Interpreting the /etc/passwd File

root:x:0:0:Super-User:/root:/usr/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
dladm:x:15:65:Datalink Admin:/:
netadm:x:16:65:Network Admin:/:
netcfg:x:17:65:Network Configuration Admin:/:
smmsp:x:25:25:SendMail Message Submission Program:/:
gdm:x:50:50:GDM Reserved UID:/var/lib/gdm:
zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh
upnp:x:52:52:UPnP Server Reserved UID:/var/coherence:/bin/ksh
xvm:x:60:60:xVM User:/:
mysql:x:70:70:MySQL Reserved UID:/:
openldap:x:75:75:OpenLDAP User:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
unknown:x:96:96:Unknown Remote UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ikeuser:x:67:12:IKE Admin:/:
aiuser:x:61:61:AI User:/:
pkg5srv:x:97:97:pkg(5) server UID:/:
10 - 11
Interpreting an /etc/passwd File Entry

Each entry in the /etc/passwd file contains seven fields.
loginID:x:UID:GID:comment:home_directory:login_shell
Field
Description
loginID
Represents the users login name
Represents a placeholder for the users encrypted password
UID
Contains the UID number that is used by the system to identify the user
GID
Contains the GID number that is used by the system to identify the users
primary group
comment
Typically contains the users full name
home_directory
Contains the autofs-mounted directory name of the users home directory
login_shell
Defines the users login shell
10 - 13
Interpreting the /etc/shadow File

root:$5$A9EW6h0R$B9cdXEPFGS8F2g4gEAWwlzUI40LBYUs7CRb9saMqx8XA:16283::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
dladm:*LK*:::::::
netadm:*LK*:::::::
netcfg:*LK*:::::::
smmsp:NP:6445::::::
gdm:*LK*:::::::
zfssnap:NP:::::::
upnp:NP:::::::
xvm:*LK*:6445::::::
mysql:NP:::::::
openldap:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
unknown:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
ikeuser:*LK*:15992::::::
aiuser:*LK*:15992::::::
pkg5srv:NP:15992::::::
10 - 15
Interpreting an /etc/shadow File Entry

Each entry in the /etc/shadow file contains nine fields:
loginID:password:lastchg:min:max:warn:inactive:expire:flag
Field
Description
loginID
The users login name
password
A variable-length encrypted password
lastchg
The number of days between January 1, 1970 and the last password modification date
min
The minimum number of days required between password changes
max
The maximum number of days that the password is valid before the user is prompted to enter a new
password at login
warn
Number of days that the user is warned before the password expires
inactive
Number of inactive days allowed for the user before the users account is locked
expire
Date when the user account expires
flag
Used to track failed logins
10 - 16
Interpreting the /etc/default/passwd File

<header and comment output omitted>
#
MAXWEEKS=
MINWEEKS=
PASSLENGTH=6
#
#NAMECHECK=NO
#HISTORY=0
#
#MINDIFF=3
#MINALPHA=2
#MINNONALPHA=1
#MINUPPER=0
#MINLOWER=0
#MAXREPEATS=0
#MINSPECIAL=0
#MINDIGIT=0
#WHITESPACE=YES
#
#
#DICTIONLIST=
#DICTIONDBDIR=/var/passwd
#DICTIONMINWORDLENGTH=3
10 - 18
Interpreting the /etc/group File

root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
tty::7:root,adm
lp::8:root,adm
nuucp::9:root
staff::10:
daemon::12:root
sysadmin::14:
games::20:
smmsp::25:
gdm::50:
upnp::52:
xvm::60:
netadm: 65:
mysql::70:
openldap::75:
webservd::80:
postgres::90:
unknown::96:
nobody::60001:
noaccess::60002:
nogroup::65534:
aiuser::61:
pkg5srv:97:
mlocate::95:
vboxsf::100:
10 - 20
Interpreting an /etc/group File Entry

Each entry in the /etc/group file contains four fields:
groupname:group-password:GID:username-list
Field
Description
groupname
Contains the name assigned to the group
group-password
Usually contains an empty field or an asterisk
GID
Contains the groups GID number
username-list
Contains a comma-separated list of usernames that represent

the users secondary group memberships
10 - 22
Implementing User Administration

As part of user administration implementation, you will now
learn how to:
Set up a few user accounts
Maintain these user accounts
10 - 23
Quiz
A user must belong to at least one group.
a. True
b. False
10 - 24
Quiz
Which file contains encrypted user passwords?
a. /etc/shadow
b. /etc/default/passwd
c. /etc/skel
10 - 25
Lesson Agenda
10 - 26
Getting Started with the User Administration

10 - 27
Gathering user information

Creating and modifying the user accounts default file
Adding a group
Adding a user account
Verifying the user account setup
Setting a password to expire immediately
Gathering User Information
10 - 28
Creating the User Accounts Default File

To check whether the user accounts default file exists, use ls
/usr/sadm/defadduser.
# ls /usr/sadm/defadduser
/usr/sadm/defadduser: No such file or directory
To create the user accounts default file, use useradd -D.

# useradd -D
group=staff,10 project=default,3 basedir=/export/home
skel=/etc/skel shell=/usr/bin/bash inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
10 - 29
Modifying the User Accounts Default File

To modify the user accounts default file, use useradd -D
value.
# useradd -D -s /bin/ksh
skel=/etc/skel shell=/bin/ksh inactive=0
# useradd -D
skel=/etc/skel shell=/bin/ksh inactive=0
10 - 31
Adding a Group
To add a group, use groupadd -g GID groupname.
# groupadd -g 110 support
To verify that the group has been created, use grep

groupname /etc/group.
# grep support /etc/group
support::110:
10 - 32
Adding a User Account

To add a user account, use useradd user_attributes.
# useradd -u 1003 -g support -G itgroup \
-d /export/home/jsmith -m -c joe smith jsmith
10 - 33
Verifying the User Account Setup

As you create a user account, the information is sent to these
files:
/etc/passwd
/etc/shadow
/etc/group
10 - 35
Verifying User Account Creation

in the /etc/passwd File
To verify that a user account has been added to /etc/passwd,
use grep loginname /etc/passwd.
# grep jsmith /etc/passwd
jsmith:x:1003:110:joe smith:/home/jsmith:/usr/bin/bash
10 - 36

in the /etc/shadow File
To verify that a user account has been added to
/etc/shadow, use grep loginname /etc/shadow.
# grep jsmith /etc/shadow
jsmith:UP:::::::
To create a new password for the user account, use passwd

loginname.
# passwd jsmith
New Password: <password>
Re-enter new Password: <password>
passwd: password successfully changed for jsmith
10 - 37

in the /etc/shadow File
To view the user account in /etc/shadow after the password
is changed, use grep loginname /etc/shadow.
jsmith:$5$x0aftZOd$d8hbuX/rb9vS485/9OlH63EkPbLzL8eDtFL/LVtbAp3:15168::::::
10 - 38

in the /etc/group File
To verify that a user has been added to /etc/group, first
confirm whether the group exists by using grep groupname
/etc/group, and then use id loginname.
# grep support /etc/group
support::110:
# id jsmith
uid=1003(jsmith) gid=110(support)
10 - 39
Setting a Password to Expire Immediately

To set a password to expire immediately, use passwd -f
loginname.
# passwd -f jsmith
passwd: password information changed for jsmith
To see the effect of passwd command changes, use grep

loginname /etc/shadow.
jsmith:$5$iJM6uDL8$1C28YFeERBKOFkA.eE3JCJEjLKkp4r.HBdGqiA7Ql96:0::::::
10 - 40
Quiz
/var/sadm/defadduser is the file that you use to add new
users.
a. True
b. False
10 - 42
Quiz
When you create a new user, which of the following files
receives user-related information?
a. /etc/skell
b. /etc/shaddow
c. /etc/group
d. /etc/password
10 - 43
Lesson Agenda
10 - 44
Getting Started with the User Administration

10 - 45
Modifying a user account

Deleting a user account
Modifying a group entry
Deleting a group entry
Modifying a User Account

To modify a user account, use usermod user_attributes.
# usermod -u 1003 -m -d /export/home/jjones -c joe jones \
-l jjones jsmith
# zfs list
..
rpool/export/home/jsmith
35K 4.32G
35K /export/home/jjones
...
# zfs rename rpool/export/home/jsmith rpool/export/home/jjones
# zfs list
...
rpool/export/home/jjones
35K 4.32G
35K /export/home/jjones
...
10 - 46
Deleting a User Account

To delete a user account, use userdel -r loginname.
# userdel -r ckent
10 - 48
Modifying a Group Entry

To modify a group entry, use groupmod group_attribute.
# groupmod -n itadmin support
# grep itadmin /etc/group
itadmin::110::
# grep itadmin /etc/group
itadmin::110::
# id jjones
uid=1003(jjones) gid=110(itadmin)
10 - 49
Deleting a Group Entry

To reassign a user account to a valid group, use usermod -u
UID -g GID loginname.
# usermod -u 1004 -g 120 jdoe
# grep jdoe /etc/passwd
jdoe:x:1004:120:jane doe:/home/jdoe:/bin/bash
To delete a group entry, use groupdel groupname.

# grep quality /etc/group
quality::130:
# groupdel quality
# grep quality /etc/group
# grep 130 /etc/group
10 - 50
User Account Management Commands: Summary

User Account Management Task
Command
Add a user account.
useradd
Modify a user account.
usermod
Delete a user.
userdel
Add a group.
groupadd
Modify a group.
groupmod
Delete a group.
groupdel
10 - 51

Setting Up and Maintaining User Accounts
These practices cover the following topics:
Setting account defaults
Adding a group
Adding a user
Mounting the users home directory
Setting a password to expire immediately
Verifying the user account setup
Modifying a user account
Deleting a user account
Modifying a group
Deleting a group
10 - 52
Lesson Agenda
10 - 53
Getting Started With the User Administration

Oracle Solaris 11 Shell Features

Shell
Path
Comments
Bourne-Again Shell /usr/bin/bash

(bash)
Default shell for users that are

created by an installer, as well as the
root role
Korn Shell
/usr/bin/ksh
ksh93 is the default shell in this

Oracle Solaris release.
C Shell and
enhanced C Shell
/usr/bin/csh and
/usr/bin/tcsh
C Shell and enhanced C Shell
POSIX-compliant
Shell
/usr/xpg4/bin/sh
POSIX-compliant shell
Z Shell
/usr/bin/zsh
Z Shell
10 - 54
Working with the bash and ksh93 Shells

Both shells feature:
Command-line editing
Command history on a per-user basis
Environment variables
To view a list of bash variables, use the declare
command.
To view a list of ksh93 variables, use the set command.
10 - 56
Initialization Files
Oracle Solaris 11 provides two types of initialization files:
Site initialization files: Enable you to introduce new
functionality to the users work environment
User initialization files: Enable both you and the user to
customize the users work environment
10 - 58
Site Initialization Files
You are responsible for maintaining the site initialization

files.
Site initialization files:
Provide an environment for all users who log in to the system
Reside in the /etc directory: /etc/profile and
/etc/.login
10 - 59
Bash Shell Initialization Files

For the Bash shell, initialization files are run in the following
sequence:
1. Commands in /etc/profile are executed if present.
2. Commands from the $HOME/.bash_profile,
$HOME/.bash_login, and $HOME/.profile file are
executed.
3. When an interactive shell that is not a login shell is started, bash
reads and executes commands from the $HOME/.bashrc file if
it is present.
4. When startup processing is complete, the bash shell begins
reading commands from the default input device, the terminal.
5. Upon exiting the shell, bash reads and executes
$HOME/.bash_logout.
10 - 60
10 - 61
Setting up site-wide initialization files

Setting up the user initialization files
Customizing the users work environment
Viewing the Default /etc/profile

Site Initialization File
To view the /etc/profile file, use more /etc/profile.
$ more /etc/profile
<output is presented in the Notes>
10 - 62
Modifying the Site Initialization Files

To edit a site initialization file, use vi or any other UNIX editor.
# vi /etc/.login
To make the modified file and configuration available to the

users on the system, use the source command.
# source /etc/.login
<or>
# . .login
10 - 64
User Initialization Files

When you create a user account by using useradd -D, you
can modify the contents of the default file or accept the system
default files.
# useradd -D
group=staff,10 project=default,3 basedir=/home
skel=/etc/skel shell=/usr/bin/bash inactive=0
The user initialization files:

Define a users work environment
Can be changed or customized by the owner or root user
10 - 65
User Initialization Files

The initialization files presented in the following table are
necessary for each primary shell.
Shell
User Initialization File
Purpose
bash
/etc/profile
$HOME/.bash_profile
$HOME/.bash_login
Defines the users environment at login
$HOME/.profile
ksh93
10 - 66
/etc/profile
$HOME/.profile
Defines the users environment at login
$ENV
Defines the users environment at login in the

file, and is specified by the Korn shells ENV
environment variable
Customizing the Users Work Environment

The initialization file templates:
Are located in /etc/skel
Can be modified by the system administrators to create:

A standard working environment that is common to all users
Working environments for different types of users
Can be used by the user to further customize

environments
Shell
Initialization File
Templates
User Initialization File
bash
/etc/skel/local.profile
$HOME/.profile
ksh93
/etc/skel/local.profile
$HOME/.profile
10 - 67
Accessing the Initialization File Templates
To see the initialization file templates in /etc/skel,

change to the /etc/skel directory, and then run ls.
# cd /etc/skel
# ls
local.cshrc local.login
local.profile
To see the contents of a template, use more

template_name.
# more local.profile
<header output omitted>
stty istrip
PATH=/usr/bin:/usr/sbin
export PATH
#
10 - 68
Setting Environment Variables

in the User Initialization Files
To set environment variables in the user initialization files, use
VARIABLE=value ; export VARIABLE.
PS1="$HOSTNAME "; export PS1
10 - 69
Quiz
Which of the following is an enhanced C shell?
a.
b.
c.
d.
10 - 70
/usr/bin/csh
/usr/bin/tcsh
/usr/bin/ksh
/usr/bin/bash

Setting up site initialization files
Setting up user initialization files
Customizing user work environments
10 - 71
Lesson Agenda
10 - 72


The ZFS quota property:
Sets a space limit on the amount of space used by a file
system and user
Applies to:
The dataset that it is set on
All descendents of that dataset
10 - 73
Setting Quotas for ZFS File Systems

To set a quota on a file system, use zfs set followed by
quota=, the space amount, and the file system name.
# zfs set quota=10g rpool/export/home/jjones
To display the quota setting for a file system, use zfs get
followed by quota and the file system name.
# zfs get quota rpool/export/home/jjones
NAME
PROPERTY VALUE
rpool/export/home/jjones quota
10g
SOURCE
local
Note: The quota cannot be less than the current dataset usage.
10 - 74
Setting and Displaying a User Quota

To set a user quota on a file system, use zfs set followed by
userquota@<name>=, the space amount, and the file system
name.
# zfs create students/compsci
# zfs set userquota@student1=10g students/compsci
To display the user quota setting for a file system, use zfs get
followed by userquota@<name> and the file system name.
# zfs get userquota@student1 students/compsci
NAME
PROPERTY
VALUE
students/compsci
userquota@student1 10g
10 - 75
SOURCE
local
Displaying General Space Usage

To display general user space usage, use zfs userspace
followed by the file system name.
# zfs
TYPE
POSIX
POSIX
POSIX
10 - 76
userspace students/compsci
NAME
USED
User
jjones
7K
User
root
227M
User
student1 455M
QUOTA
10g
none
10g
Identifying Individual User Space Usage

To identify individual user space usage, use zfs
userused@<name> followed by the file system name.
# zfs get userused@student1 students/compsci
NAME
PROPERTY
VALUE
students/compsci
userused@student1
455M
10 - 77
SOURCE
local
Removing User Quotas

To remove a user quota, use zfs set
userquota@<name>=none followed by the file system name.
# zfs set userquota@student1=none students/compsci
10 - 78
Lesson Agenda
10 - 79

Path name metacharacters include:

The tilde (~) character
The dash (-) character
File name substitution metacharacters include:

The asterisk (*) character
The question mark (?) character
The bracket ([]) characters
10 - 80
Using the Tilde (~) Character
The tilde character represents the home directory of the

current user.
To change directories, use cd ~/directory_name.
$ cd ~/dir1
$ pwd
/home/student/dir1/
$
10 - 81
Using the Dash (-) Character
Represents the previous working directory

Is used to switch between two specific directories
$ cd
$ pwd
/home/student
$ cd /tmp
$ pwd
/tmp
$ cd /home/student
$ cd /tmp
$
10 - 82
Using the Asterisk (*) Character
The asterisk character represents zero or more characters,

except the leading period (.) of a hidden file.
To list all the files and directories that start with a specific
letter, followed by zero or more other characters, use ls
letter*.
$ cd
$ ls f*
feathers file.1 file.2 file.3 file4 fruit2
feathers_6 file1 file2 file3 fruit
$
10 - 83
Using the Question Mark (?) Character
The question mark character represents any single

character, except the leading period (.) of a hidden file.
To list all the files and directories that start with the string
dir and are followed by one other character, use ls
dir?.
$ ls dir?
dir1:
coffees fruit trees
dir2:
beans notes recipes
dir3:
cosmos moon planets space sun vegetables
dir5:
$
10 - 84
Using the Bracket ([]) Characters

Represents a set or range of characters for a single character
position
A set of characters is any number of specific characters.
A range of characters is a series of ordered characters.
$ ls [a-f]*
brands dante_1 file.1 file2 file4
celery feathers file1 file.3 fruit
dante feathers_6 file.2 file3 fruit2
dir1:
coffees fruit trees
dir10:
planets
dir2:
beans notes recipes
dir3:
cosmos moon planets space sun vegetables
$
10 - 85
Quiz
If you want to change to your home directory, which of the
following characters helps you do that?
a. Tilde (~) character
b. Dot (.) character
c. Asterisk (*) character
d. Dash (-) character
10 - 86
Practice 10-4 Overview: Exploring Shell

Metacharacters and User Quotas
Exploring shell metacharacters
Creating disk quotas for users
Monitoring the quotas
10 - 87
Summary
Get started with user administration
Set up user accounts
Manage user accounts
10 - 88
Managing System Processes

and Scheduling System Tasks
Objectives
Explain system processes management
Manage system processes
Schedule system administration tasks
11 - 2
Introduction
Processes
Installation
Users
Boot and Shutdown
Services
Security
Packages
Zones
Network
11 - 3
Storage
Lesson Agenda
11 - 4

Scheduling System Administration Tasks
Importance of System Processes Management

System processes management ensures that you can:
Determine what processes are running in the system
Determine what state a process is in
Determine which processes are using the greatest
percentage of system resources
Control processes
Terminate unwanted processes
Schedule routine tasks
11 - 5
System Processes: Overview

A process is:
Any program that is running in the system
Assigned a unique process identification (PID) number that
is:
Used by the kernel to track, control, and manage a process
Displayed by using the ps or pgrep command
11 - 6
Parent and Child Processes
When one process creates another:

The first process is considered the parent process, which is
identified by a parent process ID (PPID) number
The new process is called the child process
The parent and child processes interact as follows:

While the child process runs, the parent process waits.
When the child process finishes its task, it informs the parent
process.
The parent process then terminates the child process.
If the parent process is an interactive shell, a prompt
appears, indicating that it is ready for a new command.
11 - 7
Identifying the Process Subsystems
Oracle Solaris 11 Kernel
Disk I/O
Subsystem
11 - 8
Network
Subsystem
Memory
Subsystem
CPU
Subsystem
Identifying the Process States

A process can be in one of the following states:
State
Description
run
The process is in the run queue and running on a CPU.
sleep
The process is waiting for work.
zombie
The parent process has terminated.
stop
The process is stopped.
11 - 9
Commands for Managing Processes

Command
Description
ptree
Displays the process trees for the specified process ID
ps
Displays detailed information about the active processes in the

system
pgrep
Displays information about a process based on specific criteria
prstat
Displays statistics for the active processes in a system
pstop
Stops each process
prun
Starts each process
11 - 10
Terminating Unwanted Processes
Users can terminate any process that they own.

Users with the root role can kill any process in the
system.
Two commands are used to terminate processes:
kill and pkill.
Signal Number
Signal Name
Event
Default Action
SIGHUP
Hangup
Exit
SIGINT
Interrupt
Exit
SIGKILL
Kill
Exit
15
SIGTERM
Terminate
Exit
11 - 11
11 - 13
Viewing the parent/child process relationship

Listing system processes
Displaying information about processes
Displaying active process statistics
Stopping and starting a system process
Killing a process
Viewing the Parent/Child Process Relationship

To view the parent/child process relationship, use ptree pid.
# ps -ef
UID
PID PPID
----oracle
1345 1280
-----
STIME TTY
Jul 31 ?
TIME CMD
0:01 gnome-panel
# ptree 1345
1032
/usr/sbin/gdm-binary
1046
/usr/lib/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displa
1258
/usr/lib/gdm-session-worker
1280
gnome-session
1345
gnome-panel
11 - 14
Listing System Processes

To list the active processes in a system, use ps.
# ps
PID
4605
4604
5880
11 - 15
TTY
pts/4
pts/4
pts/4
TIME
0:00
0:00
0:00
CMD
bash
su
ps
Listing System Processes

To generate a full listing of every process that is currently
running, use ps -ef.
# ps -ef
UID
PID
root
0
root
5
root
6
root
1
...
...
...
11 - 17
PPID
0
0
0
0
C
0
0
0
0
STIME
06:50:42
06:50:40
06:50:40
06:50:43
TTY
?
?
?
?
TIME
0:02
0:02
0:02
0:00
CMD
sched
zpool-rpool
kmem_task
usr/sbin/init
Displaying Information About Processes

To display the PID of a particular process, use pgrep
process.
# pgrep sched
0
9179
29414
# pgrep -l manager
4238 updatemanagerno
4283 nwam-manager
11 - 18
Displaying Active Process Statistics

To display statistical information about running processes, use
prstat.
# prstat
PID USERNAME SIZE
RSS STATE
PRI NICE
TIME CPU PROCESS/NLWP
-------------------------------------------------------------------------26264 root
38M 372K run
10
0 183:40:15 95% sysconfig/1
4297 oracle
99M
75M run
49
0
2:33:14 0.8% java/20
739 root
39M 9552K sleep
59
0
2:14:44 0.6% pkg.depotd/64
4668 oracle
131M
20M sleep
59
0
0:01:40 0.6% gnome-terminal/2
832 oracle
73M
46M sleep
59
0
0:04:55 0.5% Xorg/3
4327 oracle
13M 2320K sleep
59
0
1:26:15 0.4% VBoxClient/3
5890 root
11M 3244K cpu0
49
0
0:00:00 0.3% prstat/1
516 root
11M 916K sleep
59
0
0:08:21 0.1% VBoxService/7
519 root
19M 6212K sleep
59
0
0:09:17 0.1% named/4
4185 oracle
128M
16M sleep
59
0
0:00:07 0.0% metacity/1
4605 root
10M 2672K run
39
0
0:00:00 0.0% bash/1
4289 oracle
134M
19M sleep
59
0
0:04:33 0.0% isapython2.6/1
7605 root
14M 4408K sleep
59
0
0:02:40 0.0% nscd/120
15 root
20M
16M sleep
59
0
0:04:55 0.0% svc.configd/27
4238 oracle
62M
27M sleep
12
19
0:04:43 0.0% updatemanagerno/1
Total: 198 processes, 1075 lwps, load averages: 1.42, 1.39, 1.43
11 - 19
Displaying Active Process Statistics

# prstat -s cpu 20 3
PID USERNAME SIZE
RSS STATE
PRI NICE
-----------------------------------------------------------------------------26264 root
38M 372K run
30
0 186:38:44 96% sysconfig/1
4297 oracle
99M
75M sleep
49
0
2:34:36 0.8% java/20
739 root
39M 9552K run
59
0
2:15:45 0.6% pkg.depotd/64
4327 oracle
13M 2320K run
59
0
1:27:00 0.5% VBoxClient/3
4668 oracle
131M
20M sleep
59
0
0:01:41 0.2% gnome-terminal/2
5987 root
11M 3620K cpu0
59
0
0:00:00 0.2% prstat/1
<output omitted>
# prstat -s rss 20 3
PID USERNAME SIZE
RSS STATE
PRI NICE
-----------------------------------------------------------------------------4297 oracle
99M
75M run
39
0
2:34:38 0.8% java/20
528 root
61M
58M sleep
59
0
0:00:52 0.0% hald-addon-acpi/1
832 oracle
74M
47M sleep
59
0
0:05:00 0.3% Xorg/3
26129 oracle
142M
43M sleep
49
0
0:01:13 0.0% nautilus/3
4210 oracle
147M
31M sleep
49
0
0:00:04 0.0% nautilus/1
1354 root
141M
29M sleep
59
0
0:00:03 0.0% gedit/1
4238 oracle
62M
27M run
12
19
0:04:46 0.0% updatemanagerno/1
5894 oracle
138M
25M sleep
49
0
0:00:01 0.0% gedit/1
<output omitted>
11 - 21
Stopping and Starting a System Process

1. Using pgrep process, obtain the process ID of the
process that you want to control.
2. Temporarily stop the process by using pstop pid.
3. Verify that the process has stopped by using
ps -ef | grep pid.
4. Restart the process by using prun pid.
5. Verify that the process has restarted by using
ps -ef | grep pid.
11 - 22
Stopping and Starting

a System Process: Example
# pgrep rptpgm
3366
# pstop 3366
# ps -ef | grep 3366
root 3366 2864 47 16:09:54 pts/2
root 3366 2864 47 16:09:54 pts/2
# prun 3366
root 3366 2864 47 16:10:17 pts/2
root 3366 2864 47 16:10:20 pts/2
11 - 23
0:48 dd if=/dev/zero of=/dev/null


Killing a Process
1. Obtain the process ID of the process that you want to
terminate by using pgrep process.
2. Terminate the process by using kill [-signal] pid
or pkill [-signal] process.
3. Verify that the process has been terminated by using
pgrep pid or pgrep process.
$ pgrep -l mail
215 sendmail
470 dtmail
$ pkill dtmail
$ pgrep -l mail
215 sendmail
$
11 - 24
Process Management Commands: Summary

Command
Description
ps
Displays information about the active processes in a system
pgrep
Displays information about a process based on specific criteria
prstat
Displays statistics for the active processes in a system
kill, pkill
Terminates a process
11 - 25
Quiz
What state is a parent process in when it is waiting for an event
to complete?
a. run
b. sleep
c. zombie
d. stop
11 - 26
Quiz
When used with kill or pkill, which signal terminates a
process instantly with no opportunity to perform an orderly
shutdown?
a. 1, SIGHUP
b. 2, SIGINT
c. 9, SIGKILL
d. 15, SIGTERM
11 - 27

Listing system processes
Verifying process status
Terminating a process
Controlling a process
11 - 28
Lesson Agenda
11 - 29

Scheduling a Single Job Using the at Command
You can schedule a job for execution at a later time by

using the at command.
The job can consist of a single command or a script.

The at command allows you to schedule the automatic
execution of routine tasks.
at files execute their tasks once after which they are
removed from their directory.
The at command is most useful for running simple
commands or scripts that direct output into separate files
for later examination.
11 - 30
Creating an at Job
1. Start the at utility, specifying the time you want your job to
be executed.
2. At the at prompt, type the commands or scripts that you
want to execute, one per line.
3. Press Control-D to exit the at utility and save the at job.
$ at -m 1930
at> rm /home/jones/*.backup
at> <Press Control-D>
job 897355800.a at Thu Jul 12 19:30:00 2004
11 - 31
at Commands
Command
Description
atq
Displays status information about the at jobs that

you have created
Note: You can also use this command to verify that
you have created an at job.
at -l [job-id]
Displays information about the execution times of

your at jobs
at -r [job-id]
Removes the at job from the queue before the job is

executed
11 - 32
Denying Access to the at Command

1. Assume the root role.
2. Edit the /etc/cron.d/at.deny file by using the
pfedit command.
3. Add the names of users, one username per line, that you
want to prevent from using the at commands.
$ pfedit /etc/cron.d/at.deny
daemon
bin
smtp
nuucp
listen
nobody
noaccess
username1
username2
username3
...
11 - 34
Scheduling Repetitive System Tasks
Repetitive tasks can be:

Executed automatically by using the cron facility
Scheduled to run daily, weekly, or monthly
The cron facility:

Uses crontab files for scheduling and maintaining routine
tasks
Is controlled by the clock daemon, cron
The cron daemon:

Checks for new crontab files
Reads the execution times that are listed within the files
Submits the commands for execution at proper times
Listens for notifications from the crontab commands about
updated crontab files
11 - 36
Interpreting the crontab File Format
10 3 * * 0 /usr/sbin/logadm
Field
Range of Values
minute
0 to 59; * means every minute.
hour
0 to 23; * means every hour.
day of month
1 to 31; * means every day of the month.
month
1 to 12; * means every month.
day of week
0 to 6; * means every day of the week. Sunday is 0.
command
This is the full path name to the command to be run.
11 - 37
Displaying the Default root cron File
# crontab -l
#ident "%Z%%M% %I%
%E% SMI"
<header and copyright content omitted>
#
# The root crontab should be used to perform accounting data
collection.
#
#
10 3 * * * /usr/sbin/logadm
15 3 * * 0 [ -x /usr/lib/fs/nfs/nfsfind ] &&
/usr/lib/fs/nfs/nfsfind
30 3 * * * [ -x /usr/lib/gss/gsscred_clean ] &&
/usr/lib/gss/gsscred_clean
30 0,9,12,18,21 * * * /usr/lib/update-manager/update-refresh.sh
11 - 38
crontab Files
The files are maintained in

/var/spool/cron/crontabs.
Access to the files is controlled through:

/etc/cron.d/cron.allow
/etc/cron.d/cron.deny
Only specified users are permitted to perform crontab

tasks based on the access files, as follows:
If the cron.allow file exists, only the users listed in this file
can create, edit, display, or remove the crontab files.
If the cron.allow file does not exist, all users, except the
users listed in the cron.deny file, can create, edit, display,
or remove the crontab files.
If neither file exists, only the user with the root role can run
the crontab command.
11 - 40
Default cron.deny File
# cat /etc/cron.d/cron.deny
daemon
bin
nuucp
11 - 41
11 - 42
Scheduling repetitive system tasks

Administering crontab files
Scheduling Repetitive System Tasks

1. Set up vi as the default editor by using EDITOR=vi.
2. Create a new crontab file by using
crontab -e [username].
3. Verify that your crontab file changes by using
crontab -l [username].
4. Verify that the crontab file exists by using
ls -l /var/spool/cron/crontabs.
11 - 43
Scheduling Repetitive System Tasks: Example
# EDITOR=vi
# export EDITOR
# crontab -e jjones
30 17 * * 5 /usr/bin/banner "Time to go!" >
:wq
# crontab -l jjones
30 17 * * 5 /usr/bin/banner "Time to go!" >
# ls -l /var/spool/cron/crontabs
-rw-r--r-- 1 root
sys
190 Sep
-rw------- 1 root
staff
225 Nov
-rw-r--r-- 1 root
root
1063 Nov
-rw-r--r-- 1 root
sys
441 Sep
-rw------- 1 root
staff
60 Nov
-rw-r--r-- 1 root
sys
308 Sep
11 - 45
/dev/console
/dev/console
19
5
5
19
5
19
16:23
09:19
16:23
16:25
09:15
16:23
adm
jjones
lp
root
smith
sys
Administering crontab Files
Removing a crontab file

Denying crontab command access
Limiting crontab command access to specified users
11 - 46
Removing a crontab File

To remove a crontab file, use crontab -r username.
# crontab -r jjones
To verify that the crontab file has been removed, use ls -l

/var/spool/cron/crontabs.
# ls -l /var/spool/cron/crontabs
-rw-r--r-- 1 root
sys
-rw-r--r-- 1 root
root
-rw-r--r-- 1 root
sys
-rw------- 1 root
staff
-rw-r--r-- 1 root
sys
11 - 47
190
1063
441
60
308
Sep 19
Nov 5
Sep 19
Nov 5
Nov 19
16:23
16:23
16:25
09:15
16:23
adm
lp
root
smith
sys
Denying crontab Command Access

1. Change directories to /etc/cron.d.
2. Using the vi text editor, add an entry to the cron.deny
file for each user.
3. Verify that the users are listed in the file.
# cd /etc/cron.d
/etc/cron.d# vi cron.deny
daemon
bin
smtp
nuucp
jjones
/etc/cron.d# grep jjones cron.deny
jjones
11 - 48
Limiting crontab Access to Specified Users

1. Change directories to/etc/cron.d.
2. Using the vi text editor, create the cron.allow file and
add an entry for each additional user.
3. Verify that root and the other users are listed in the file by
using cat cron.allow.
# cd /etc/cron.d
/etc/cron.d# vi cron.allow
omai
jsmith
tbone
/etc/cron.d# cat cron.allow
omai
jsmith
tbone
11 - 49
Quiz
If the cron.allow file does not exist, all users (except the
users listed in the cron.deny file) can create, edit, display, or
remove the crontab files.
a. True
b. False
11 - 50
Practice 11-2 Overview: Scheduling System Tasks

Scheduling a repetitive task with the cron utility
11 - 51
Scheduling a user task as a superuser
Summary
Explain system processes management
Manage system processes
Schedule system administration tasks
11 - 52

D72896GC40 - Oracle Solaris 11 System Administration - EP

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

D72896GC40 - Oracle Solaris 11 System Administration - EP

Încărcat de

Drepturi de autor:

Formate disponibile

Oracle Solaris 11 System

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Provide numerous and meaningful practice opportunities

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Course Agenda: Day 1

Note: Class is from 9:00 AM to 5:00 PM each day. There will be

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Course Agenda: Day 2

Lesson 4: Administering Services by Using SMF

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Course Agenda: Day 3

Lesson 6: Managing Data by Using ZFS (continued)

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Course Agenda: Day 4

Lesson 8: Administering Oracle Solaris Zones

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Course Agenda: Day 5

Lesson 9: Controlling Access to Systems and Files

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Your Learning Center

Cafeterias and restaurants in the area

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Your Lab Environment

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Installing the Oracle Solaris 11

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Boot and Shutdown

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Introduction to Oracle Solaris 11 OS

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Introduction to Oracle Solaris 11 OS

Is supported by over 11,000 applications

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Key Benefits of Oracle Solaris 11

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Key Benefits of Oracle Solaris 11

Platforms Supported by Oracle Solaris 11 OS

Note: Third-party virtualization offerings from vendors, including

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Integration of Oracle Solaris 11

Record performance in running Oracle

Introduction to Oracle Solaris 11 OS

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Planning for an Oracle Solaris 11 OS Installation

Planning is required to make sure that the operating

Planning addresses and answers questions such as:

How many users will you need to support?

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Differences Between Live Media

Installs server-based set of

Defaults to automatic network

Allows both automatic and

Always configures root as a

The root might or might not

Requires more memory than

Requires less memory than

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Oracle Solaris 11 OS download website:

Copyright 2014, Oracle and/or its affiliates. All rights reserved.