Article

Questions and Answers

Bjorn Satdeva

Let me start this column with an email I received from Linda Nagy about finding out how filesystems have been configured:

Thanks for the great column that you write in Sys Admin magazine, I learn something every time I read it!

Here's a tip about how to find the filesystem block size (I've tested it on HP-UX and Solaris). It came in handy when I had to build 25 hardware RAID boxes with various filesystem sizes and blocking factors. It worked great when I had to go back and document work that someone else had done after they left the company.

    #mkfs -F ufs -m /dev/dsk/c0t0d0s6

The -m option will tell you what options and block sizes you used to create the filesystem. The output looks something like this:

    # mkfs -F vxfs -m /dev/vx/dsk/raid1_dg/proj_vol05
    mkfs -F vxfs -o ninode=unlimited,bsize=1024,version=4,inosize=256, \
      logsize=1024,nolargefiles /dev/vx/dsk/raid1_dg/proj_vol05 1500000

The mkfs man pages explain the -m option:

-m - Return the command line which was used to create the filesystem. The filesystem must already exist. This option provides a means of determining the command used in constructing the filesystem.

Somebody must have added the -m option to mkfs when I wasn't looking (things like that seem to happen all the time). This is a very useful option I could have used many times in the past, so I thought it worthwhile to spread the good news with the readers of the magazine.

On the same topic, Chris Adams writes:

A way to find the filesystem block size on every UNIX filesystem I have used is to make a new directory, which will take one block. Then do a ls -ld on the directory and see how big it is.

I like this solution. While it is not as effective as Linda's above, it shows true craftsmanship, utilizing knowledge of the underlying system to make a command do things its author never thought of.

John Place sent me a small Perl script that can be used for time synchronization. He writes:

This is in response to the reader that asked for a non-UDP solution for time synchronizing. Attached is a script that I wrote some time ago that uses port 37. I use this script to sync once a day to NIST and then use XNTP to sync all the servers behind the firewall. It is not as accurate as NTP (subsecond is not realistic), but it generally is close enough for most. Also, for better accuracy you can make modifications to some kernels to keep the drift down.

Place's script is shown in Listing 1. However, one note of caution: when somebody depends on a source on the Internet for time synchronization, they are opening themselves up to the possibility of time attacks. However, this script seems less sensitive to those than several other solutions I have seen. Still, if you need to be really secure, get an internal time source.

How do I configure Sendmail to allow users outside the local area network to send their mail through my server? All users have accounts on the server, but when they connect from their houses they must first connect to a public ISP and then use my server as their mail server. Then they can receive messages but can't send to anyone. They get error message 551: "We do not relay ....".

By default, the newer Sendmail (as far as I remember 8.9.1 and later) will by default not permit mail relaying (that is, accepting mail from outside your domain and sending it to another host outside your domain). You can disable this feature, but to do so without restrictions is very unwise indeed, because you will soon find that unscrupulous email spammers will use your site to relay email to the world at large. They will consume a large amount of your network and CPU resources to do so.

If you are using the M4 configuration language for Sendmail, you can control the relaying more carefully. The M4 macros to do this are the RELAY_DOMAIN or RELAY_DOMAIN_FILE macros.

Oops... I have changed root's shell in the password file to /sbin/csh. Unfortunately, there is no /sbin/csh, and I can't login as root or su now. What can I do to fix this?

You will need to boot from the distribution media, unless you have one of the now rare versions of UNIX that allows you to boot the system in single user mode without a root password. After you have the system up in single user, you will most likely need to mount the root filesystem, and then edit the passwd file to use a shell that exists on the root drive. If it is a System V system, you are best off leaving the shell as the Bourne shell. Changing the root shell to another shell might cause problems.

How you boot the system from CD-ROM will depend on the type of system you are using. On a Sun, type boot cdrom -s from the OK boot prompt.

Please provide information on any tool that gives reports on usage of system resoures, such as CPU, memory, etc.

The best tool for this is the vmstat command, which will provide you with ongoing reports on the status of memory, paging, and CPU usage.

How do I configure Sendmail bundled with Solaris 2.6 running on Intel and SPARC? I would like to configure Sendmail for user@domain instead of user@host.domain (Version number of configuration file #ident "@(#)version.m4 1.17). I tried tweaking the rulesets but to no avail. Can I use this version of Sendmail, or do I need an upgrade? I have tried it in conjunction with DNS, NIS, and NIS+; however, I still cannot get it to work.

The reason you have problems getting the Sendmail on your Solaris box to work correctly is because the configuration shipped from Sun is braindead. Download Sendmail 8.9.3 from sendmail.org and use the M4 configuration language to build a sendmail.cf that works according to what you really need. Unless you are very good at Sendmail macros and rewrite rules, you can modify the Sun configuration till the cows come home and still not have anything that works.

I can change hostname using command hostname xyz, but I want to know where this hostname "xyz" gets stored.

It gets stored in the kernel memory. If you check the boot scripts on your system, you will see that the hostname command is executed every time you reboot the system. If you want to know where the information is stored between reboots, that is highly vendor dependent, but if you look at your rc scripts, you should be able to find where it is. For example, on a Solaris system, this information is stored in /etc/hostname.<net-interface>, and on a BSD/OS system it is stored in the /etc/netstart file.

How do I test whether my Solaris 2.5.1 is Y2K complaint? Is there any test built-in?

Sun provides two sets of scripts that will be very helpful when you want to test your Y2K readiness. One of them is sunscan, which will tell you about Y2K compliance of your hardware and software. The other is patchdiag, which will tell you exactly which patches have been applied, and which recommended security and Y2K patches still need to be applied for the system to be up to date. I believe that both of these packages are available from sunsolve.sun.com.

When I want to login from one server to another server using rlogin, it asks for password. How can I login without getting this prompt?

If you create a file in your home directory called .rhost containing a line with the system you are coming from and your user name, you will be able to do this (see the rhost man page for more specific information). Or if you want to open up the system in general, you can do this by adding entries to ./etc/hosts.equiv. Be aware that you might be opening some serious security holes by doing so. Trust between systems should be used with great care, especially because trust is inherited. If you have three systems, A, B, and C, where A trusts B and B is trusts C, then A also trusts C, only the system does not know this. So use this with great care.

About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be reached at questions@sysadmin.com.