Cover V07, I11


Questions and Answers

Bjorn Satdeva

 Q How do you configure sendmail?

 A This is a big question that Bryan Costales and Eric Allman took over a thousand pages to answer in the Sendmail book from O'Reilly and Associates. When discussing sendmail configuration, most people still think of the difficulties of writing the syntax for the file. However, this is really not the biggest issue any longer. If you know the sendmail topology you want across the network, then you can use Eric Allman's M4 macros to build the necessary sendmail configuration files without too much problem.

 Q Where do I get the latest version of rdist source code for Sun OS 4.1.4?

 A The original version of rdist, which is shipped by most vendors, was written many years ago, and is not very well implemented. In 1992, Michael A. Cooper ("Overhauling Rdist for the '90s", Proceedings of the Large Installation Systems Administration Conference, 1992) published a completely rewritten version of rdist that addressed all the known security and performance problems in the old version of rdist. You can get this version of rdist from It is compiled on a large number of platforms, and should be backwards compatible with most older versions of rdist.

 Q What command is used to display the internal date in UNIX in a format other than the number of seconds since the base date/time (for instance, in ddmmyyyy format)? (Yes, I admit that I'm a novice....)

 A There is nothing wrong in being a novice, or as I prefer to call it, a new guru. In UNIX, the internal time is kept as the number of seconds since 00:00:00 UTC, January 1, 1970. This date is sometimes referred to as the epoch. The date command will display the system date for you in a format that is more useable for a human. By default, the date will be in this format: Sun Jul 19 17:35:01 PDT 1998, where the three-letter code between the time and the year is the time zone.

You can also have the date command display the date in other formats. There are variations between different versions of UNIX, so you will need to check the man page for date on your system to see the exact syntax. However, to use the example in your question, if you want the date displayed as ddmmyy, on many versions the command:

date "+%d%m%y"

will display


which we instantly see is not a year 2000 compliant representation. On newer systems, such as newer releases of Solaris, you can use +%d%m%Y instead to get the requested format of ddmmyyyy.

The date command can also be used to set the system time. It is best if this is only done at boot time, because it can cause confusion for some programs if time suddenly changes. For example, a jump back in time will break programs such as make.

 Q I have one dedicated modem for a user application submitting simultaneous cu commands. Each command will dial up the same phone number, but submit variable data from the user. How can I configure the environment to queue the commands?

 A You will need some kind of a batch scheduler. To my knowledge, no such program is freely available, as batch schedulers are mostly used by IS organizations who prefer commercial software. There are a number of companies that offer such products, however, I have not used any of them, and thus cannot recommend any.

A better solution may be to test your applications' success on getting to the modem, retrying with reasonable delays until they have success. You may need some kind of random factor when you calculate the wait before a retry. This will ensure that if several programs try to access this resource at the same time, they will wait different amount of time to retry.

 Q Why is my computer making phone calls? My computer is connected to a modem and at various times during the day attempts to call out. Fortunately, the number is not working. I am running the Solstice PPP, but according to SUN's technicians PPP is not responsible because it is not recording these calls on the PPP.log. These calls are made even when no one is logged on. Please help.

 A You will need to look at what programs are running when the computer attempts to dial out. Try to run a ps while the dialout is in progress, and look for programs such as uucico (which is part of UUCP) or programs like cu, tip, or kermit, which are terminal emulators. Run ps a number of times, and store the output in files, so you can look at the output in your own time. Eliminate everything you know cannot do this (like maybe cc) and then take a closer look at the remaining programs.

Another way to keep an eye on what is running on your system is to use the publicly available tool top, which is available for a large number of UNIX architectures (it pokes around in in-memory kernel tables, so it is non-trivial to port). This program will give you a continuous view of which processes are running. It is good, not only as a troubleshooting tool, but also to get a feel for what kind of processes are normal on your system.

 Q How do I configure a UNIX system as network gateway?

 A You will need two network interface cards, each configured according to the network to which you are connected. If this is done correctly, then you will be able to contact the system on either network from the gateway. In order to have another system on either network contact a system on the opposite network, you will need to do two things. First, make sure that the gateway is configured to forward traffic from one network to another. Second, make sure that the routing between the network is set up correctly.

How you enable packet forwarding between the two interfaces on your gateway is very system dependent; however, most vendors ship their systems with this feature enabled (something to be aware of if you use the system for a dual home bastion host). If you only have these two networks, then the routing can simply be done by having every host use your gateway as their default route to all other hosts. However, you will most likely have a more complicated situation that cannot be covered in this column. If you need to learn about routing, the best place to start would be TCP/IP Network Administration by Craig Hunt, published by O'Reilly and Associates. This book will teach you the basic skills needed to administer IP networks.

 Q I read in the Sys Admin magazine that you have a script that does random restores from backups to make sure that what the backup system said it backed up actually exists and is restorable. Would you please tell me where I can find the script? Or if you don't have the script, can you tell me how to randomly select files/directories?

 A I have often repeated that part of a good backup routine must include quality control of the backups, and that a good way to do this is to perform a random restore every day. I have, however, never said that I had a script that could do this. You might be able to write a script to do this, but it would eliminate most of the intent behind my suggestion. You should have some human interaction in the backup loop to detect problems that may occur with your backup. The daily restore routine will also help ensure that your operators or junior system administrators know how to perform a restore.

Backups and restores should by all means be performed by the most junior members of your staff. This is a purely tactical operation, which can be simplified by creating appropriate procedures. You will, however, need to have somebody on your senior staff make sure the backup is being performed as intended, and that no failure, either human or equipment, is causing a system to be without any usable backup for an extended amount of time.

 Q I have an assortment of Solaris machines. Half of the machines can send email outside of our domain, and the other half can't. All the sendmail configuration files are the same and so is /etc/resolv.conf file. Can you help?

 A A number of possibilities can cause this situation, there is not enough information included in your question. Some things to check for would be whether the snswitch.conf file differs between the machines, and whether you are using the stock sendmail or using a recent version of sendmail. The file can also create problems, even if it is identical between the systems.

The best way is to make sure that you have a recent version of sendmail, currently version 8.9.1, and build your files from scratch, using the M4 macros provided as part of sendmail. Then make sure your /etc/nsswitch file is the same on all your systems. It is best if your local environment allows you to use DNS and entirely bypass NIS or NIS+, but in practice, that is not always possible. If you have to use the hosts file, either directly or through NIS/NIS+, then make sure that the first name is fully qualified.

When you make your file, use the nullclient version on any host that is not required to receive mail. Once you have done this, you are likely to see your problem go away. If it still lingers, you will need to take a hard look at how you have configured your DNS, because that could also make your email misbehave.

 Q Can you please tell me how to configure NIS on Solaris 2.5.1? Thanks in advance.

 A NIS has been unbundled under Solaris, because Sun wants us to use NIS+. You can still get NIS, if you order the Server Supplement 1.1 CDROM, which has a package called NSkit. This package contains the old NIS implementation for Solaris. The package is, according to Sun, provided to allow a smoother transition from NIS to NIS+, however, in reality it is used by many sites simply to continue to use NIS.

About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be reached at