Jim McKinstry and Amy Rich
Q Does AIX have support for IP aliasing
A Prior to AIX 4.3, the answer was
no and you had to use ifconfig commands in /etc/rc.net:
ifconfig <iface> <ipaddr> netmask <mask> [alias|delete]
With 4.3, though, you can use the following fastpath:
which executes the command:
chdev -l <iface> -a alias4=<ipaddr>[,<netmask>]
Removal can also be done through smit with:
chdev -l <iface> -a delalias4=<ipaddr>[,<netmask>]
Q How do I find out which package is
associated with a particular file on a Solaris machine?
A All of
the package installation information is stored in /var/sadm/install/contents.
If you want to find a particular file, you can do:
grep FILE /var/sadm/install/contents
The last field will tell you what package FILE belongs to.
Q I heard
there was a program called hid that changes the MAC address
of a Solaris 2.6 machine. This doesn't appear to work on a
2.7 machine. Do you know of any utility that will perform the same
function for 2.7?
A If you
look at the Web page where change-sun-hostid (aka hid) is
maintained, you'll find a 64-bit Solaris 7-compatible version
Q I just upgraded
my machine from FreeBSD 4.0 to 4.1.1. I was running a custom-installed
Sendmail, version 8.11.1. I had "NO_SENDMAIL= yes"
in /etc/make.conf. After the upgrade, Sendmail wouldn't
start because it said my cf file version was too new for my
binary version, 8.9.3! I took a look in /usr/src/contrib and
Sendmail 8.11.0 is what's there. I reinstalled Sendmail from
the source again, but I want to know where this 8.9.3 binary came
from, and how can I prevent my binary from being overwritten in the
A In newer
releases of FreeBSD, /usr/sbin/sendmail is now a wrapper
program that looks at /etc/mail/mailer.conf. Even if you
have "NO_SENDMAIL= yes" in /etc/make.conf,
it still upgrades the wrapper, and thereby wipes out your real,
hand-installed binary at /usr/sbin/sendmail.
To get around this, you can either copy the binary back after
every installworld, or you can modify Sendmail when you install
it, leaving the wrapper in place. To modify Sendmail, you can edit
devtools/OS/FreeBSD and add the following line at the bottom:
Now when you run ./Build, it will install the binary in /usr/libexec/sendmail/sendmail.
This is the default location of the Sendmail binary in /etc/mail/mailer.conf.
When you next do an installworld, it should upgrade the wrapper
but leave your binary in /usr/libexec/sendmail/ alone.
Q On one
of our enterprise servers running Solaris 2.6, the last command
is only showing data up to November 19th. Today is August 8th, and
I want to see current data. The file /var/adm/wtmpx is current,
and I split the file and copied it backed to wtmpx, but to
database may have become corrupted. You can use the following command
to dump the wtmpx file into ASCII format and then edit any
/usr/lib/acct/fwtmp < /var/adm/wtmpx > file
You can put the records back into binary format by specifying the
-ic switch to fwtmp.
You can also use the following command to correct time/date stamps
and make sure the entries are consistent:
/usr/lib/acct/wtmpfix /var/adm/wtmpx > file
a long-time SUN/NIS shop, but we're trying to migrate away from
that to LDAP. Are there any pointers to make this transition easier
for both the users and the systems administrators?
a series of articles on Sun's Blueprints site that compare
and contrast NIS and LDAP and discuss the tools that can help ease
the transition. The author begins with a short comparison of NIS
In the next article
the author discusses a tool called ypldapd, an NIS to LDAP
gateway developed by PADL Software. In another:
he discusses Solaris extensions for the iPlanet (nee Netscape) directory
Q I have
a SPARC 20 with a parity error. I keep getting the following message:
WARNING: Uncorrected SIMM at: J0203
First, how do I tell which SIMM this is? Second, can I replace it
with a bigger SIMM so I can increase my overall memory without replacing
all of the SIMMs?
A The identifier
(in this case "J0203") will be silk-screened onto the
board next to the bad SIMM. You can put different-sized SIMMs in
the SPARC 20, but make sure you put the larger SIMMs in first. You
want to fill your SIMM banks in the following order:
J0201, J0303, J0202, J0301, J0305, J0203, J0302, J0304.
Q I'd like
to have 24-bit color on my SPARC 20. What do I need to do?
A The onboard
frame buffer on the SPARC 20 is the SX. You actually have a 24-bit
frame buffer already, but to use it, you need to install an 8-Mb
VSIMM (video SIMM) in one of your memory slots (unless you already
have the SS20/SSX). You can get away with a 4-Mb VSIMM, but you'll
only be able to do 1152x900 resolution. You can tell which size
VSIMM you have via software by doing:
The important value is the last value on the "reg" line.
If you have a 4-Mb VSIMM, it will say 00400000. AN 8-Mb VSIMM will
You can alter the default depth and class by adding options to
your "openwindows" server:
openwin -dev /dev/fb0 defdepth 24
openwin -dev /dev/fb0 defclass TrueColor
If your screen appears too dark or too washed out after switching
to 24-bit mode, you can try changing the gamma correction. You'll
also want to take a look at the command sxconfig for reserving
system memory to improve performance. Depending on your OS revision,
you will also want to set the resolution using cg14config or
in the eeprom by doing the following:
Q I'm using
Budtool to back up our systems from an HP machine. We have a host
listed in /etc/hosts that it's trying to back up. It says
that the machine is down (returning ICMP 3, destination unreachable),
but I can clearly ping the machine. Why would it be giving
me this error, and what can I do to correct it?
you're getting "host unreachable" instead of "host
unknown", this sounds like you have the target machine in DNS,
too, but not as the right IP address. Even if you have nsswitch.conf
listed with files first (which would make ping and other
services work), Budtool will ignore this and go straight to DNS.
Try checking your zone files to see whether you have the IP for
the target machine listed correctly.
Q Each time
I invoke Solaris admintool, I'm able to input all the fields
to add a user, but as I click ok, I receive an error -- segmentation
fault core dump. I recently downloaded Sun Solaris 2.6 recommended
cluster hoping it would fix the problem, but it didn't.
only one 2.6 patch that deals specifically with admintool, 105800-06,
the Y2K patch (which also fixes a number of buffer overflows). You
may be experiencing a problem with a shared library, but this should
also show up when running other programs. Make sure that you have
all the Y2K patches and the latest patch set from Sun installed,
and make sure you reboot the machine after patch installation so
that there are no library/binary inconsistencies. If you're
still having problems, you can use a debugger and utilities, like
truss and strace to determine which system calls are
causing your problem.
Q Upon bootup
on x86 Solaris 2.8 PC, I get the error message:
metainit: no database exists
is part of Solstice Disksuite, the Sun software RAID management
package. It sounds like you were once using Disksuite but have somehow
managed to erase the areas in which it keeps its databases. If you're
not using Disksuite, then you want to remove the startup files for
it in /etc/rc?.d/. If you are using Disksuite, then you need
to rebuild your database. See the man page for metainit for
Solaris 2.6, how do I add new disks without rebooting the machine?
A If you
have hot pluggable disks and can add them on the fly, you can run
the following commands to have them recognized by the system:
/usr/sbin/disks (or /usr/sbin/tapes for tapes)
If you're rebooting the machine to have the disks recognized,
you must reboot with the -r flag.
Solaris, how do I increase the maximum number of pseudoterminals?
A In Solaris
2.7 or earlier, add the following line to /etc/system:
set pt_cnt = <num>
In Solaris 2.8, you no longer need to set pt_cnt, because the
number of pseudoterminals grows on demand.
Q I was
trying to remove Veritas lines from /etc/system on my Solaris
box so I could boot off the encapsulated disk normally, but I appear
to have badly munged /etc/system, and now the machine won't
boot. I don't have a copy of the installation CDs at this site,
so is there any way to fix this?
A If you
boot with -as, the system should ask you a number of questions,
including the name of the system file, and then boot into single-user
mode. Use the old copy of /etc/system if you made a backup,
or use /dev/null. After you get into single-user mode, you
can fix /etc/system and reboot.
Q I need
to install a bunch of HP systems in our DMZ and secure them as much
as possible from outside attack. How do I go about doing this?
a good security cookbook for HP/UX 10.20 located at: http://secinf.net/info/unix/secureHP-UX.html.
It covers installation, stripping things out after installation,
access controls, and number of items from the Defense Intelligence
Agency DII COE Security Checklist.
Q I want
to do remote administration on a number of Solaris boxes we have
at a POP in another state. What should I look into buying to make
my life easier? Can remote administration be done with PC UNIX variants,
A One thing
that really helps with remote administration is a console server.
Depending on the amount of time you have and what your budget is,
you may want to look into something like an old annex, an old Livingston
PM2E/30 box, a Cisco 3620/3640, a PC running some UNIX flavor that
has a whole lot of serial ports that you can do PPP over, or a dedicated
console server like the ConsoleServer 3200 from Lightwave. One big
plus to the 3200 is that Lightwave claims they will be adding SSH
support later this year. For PCs, you may want to take a look at
Real Weasel: http://www.realweasel.com/intro.html.
other thing that can be a life saver for doing remote administration
is IP-addressable power strips, for those times when the machine
is hard hung and can only be fixed by a power cycle.
Q How do
I find out the cache sizes of the CPUs on my Ultra AXi running Solaris
A The cache
size and other information about the CPUs and boards can be found
using the prtdiag command:
Q All of our
compute servers are headless boxes connected to a console server.
Unfortunately, we need to render some graphics in memory (never to
be seen on the actual screen on this machine). But, since there is
no graphical device to bind to, we can't seem to make the rendering
work. Any clues?
A To run
a virtual X display, you want to take a look at the X Virtual Frame
Buffer (xvfb). It's an X server that doesn't need
to bind to a physical device. It comes with the X11R6 distribution
Q We have
a need to unplug the keyboard from a running Solaris 2.5.1 machine
without having it drop to the ok prompt. A serial console
is not an option at this point. Is there any way around the hardware
A To change
it from the command line before you pull the keyboard, type the
following as root:
kbd -a disable
When you've reconnected the keyboard, you can type:
kbd -a enable
To make the change permanent so that the disabled BREAK sequence persists
after a reboot, edit /etc/default/kbd and add the line:
The man page for kbd offers more keyboard options.
Q I have
AIX systems running 4.2.1 that I want to upgrade to 4.3.3. How can
I can make my migration as painless as possible?
the instructions in the Redbook and boot from the 4.3.3 CD, choosing
Migration installation. Make sure you run lppchk -v to see
whether there are any problems. Clear your smit log file
and run smit update_all with "preview only"
and get detailed output. Viewing the smit log should give
you a decent idea of any problems that might occur during the update.
Once you have fixed any issues that cropped up in the preview run,
run update_all normally.
Q I need
to write a script that pings all our servers every 10 minutes.
If one of the servers is down it should send an email to the systems
out: http://bb4.com. This tool also does a lot more and allows
you to page yourself or watch the status of multiple machines in
real-time with color-coded status ("Green is Good, Red is Bad").
Or you should be able to write a script that pings each server
and greps the output for "alive" (assuming a ping
command that returns something like "host is alive").
You could also do something like:
SERVER_LIST="server1 server2 server3"
for SERVER in $SERVER_LIST
ping $SERVER $TIMEOUT > /dev/null 2>&1
if [ $? -ne 0 ]; then
mail -s "Ping Report" email@example.com <<EOM
$SERVER not responding
Run this from cron every 10 minutes.
Q I have
a DSL connection to the Internet. This connection is provided by
PacBell, who requires you to login after boot-up. PacBell states
that they do not support Linux. Is there a way for me to go online
with Linux using DSL? If so how?
is a Linux DSL "Howto" at: http://www.linuxdoc.org/HOWTO/
is a great place to find all sorts of good Linux tips and "howtos".
If this doesn't help, check out: http://www.roaringpenguin.com/pppoe/.
PacBell may be using PPP over Ethernet. If they are, this Web site
may help you out.
Q I need
to create 1800 user accounts on a Red Hat 6.2 system preferably
with assigned passwords. We used useradd -c "John Doe,8193" -p
catfur89 jdoe, then ran this as a script. We tried the -p
option, and we tried just writing a plain text password file and
converting it to shadow with pwconv. (This just moved the
plain text into the shadow file.) Users cannot log in until we individually
change their passwords.
A In Red
Hat 6.2, there is a command called /usr/sbin/newusers. This
is the command for batch user creation. Start by creating a file
with one line per user. Each line is the same format as /etc/passwd
(except the password will be in clear-text). Once the file is ready,
just type "newusers <filename>". Note that
if the group in the file does not exist, it will be created. If
the home directory does not exist, then it will be created.
Jim McKinstry is a Senior Sales Engineer for MTI Technology
Corporation (www.mti.com). MTI is a leading
international provider of data storage management products and services.
He can be reached at: firstname.lastname@example.org.
Amy Rich, president of the Boston-based Oceanwave Consulting,
Inc. (http://www.oceanwave.com), has been a
UNIX systems administrator for more than five years. She received
a BSCS at Worcester Polytechnic Institute, and can be reached at: