 Questions
and Answers
Jim McKinstry and Amy Rich
Q I would like to be able
to automate the creation of a mail message (on Solaris 2.6) that
includes an attachment and then send that message onto its destination
addresses. However, it appears that, at least with dtmail
and pine, this cannot be done. For instance, with dtmail:
# dtmail -a file_to_attach -T destination_addresses
starts up the application and waits for user intervention to press
"send". (This also appears to be the case with Microsoft's
Outlook.) Is there a way around this issue?
A If you want to send an attachment
without user intervention, you need to use a mailer that supports
command-line batching mode and does not drop the user into an interactive
editor. You have several options described on the "Sending
email with attachments on UNIX systems" page:
http://www3.primushost.com/~kylet/unix-att.html
I think the best of these options is either installing mutt:
http://www.mutt.org/
or MetaMail:
ftp://thumper.bellcore.com/pub/nsb/
mutt can be invoked from the command line as follows:
mutt -s "This is a picture." -a picture.gif recipient@address.com < /dev/null
Syntax with MetaMail would be:
metasend -b -t recipient@address.com -s "This is a picture." -m image/gif -f picture.gif
These commands send picture.gif as a MIME attachment to recipient@address.com
with the subject This is a picture. The -b flag in metasend
tells it that you want to complete this in batch mode, without user
intervention. The same effect is reached by using </dev/null
as file redirection for the message body with the mutt command.
You can also add any other text body with the mutt command
line by redirecting it from a file. If no file is specified, then
mutt will enter interactive mode.
To make sending your attachments easier with MetaMail, you may
want to take a look at two scripts that automate determining the
MIME attachemnt type:
sendfile <http://www.oase-shareware.org/shell/scripts/cmds/sendfile>, and
getmimetype <http://www.oase-shareware.org/shell/scripts/cmds/getmimetype>
Q Can you use growfs to extend
a file system after adding a new disk on Solaris 2.6? If so, please
explain it or point me to a site that can detail the procedure.
A Growfs is part of the
DiskSuite package, not part of any base Solaris OS version. DiskSuite
is supported under 2.5, however, so you can use growfs.
If you've added a new disk to your system, you need to make
that disk part of a metadevice before you can expand the filesystem.
If you don't know anything about using DiskSuite, you'll
probably want to read through the DiskSuite User's Manual on
http://docs.sun.com/ first. The specifics on how to use growfs
for DiskSuite 4.0 can be found at:
http://docs.sun.com/ab2/@LegacyPageView?Ab2Lang=C&Ab2Enc=iso-8859-1&
toc=SUNWab_68_1%3A%2Fsafedir%2Fspace3%2Fcoll1%2FSUNWabmd%2Ftoc%2
FDISKSUITEADMIN%3A1182;bt=Solstice+DiskSuite+4.0+Administration+Guide;
ps=ps%2FSUNWab_68_1%2FDISKSUITEADMIN%2F11.Expanding_a_File_System#3
Q I have a Solaris 8 system and I want
to set up IMAP over SSL so my users are not passing their passwords
in clear text when they check mail from offsite. How can I do this
cheaply?
A There are a number of commercial
packages that will serve IMAP over SSL, but if you want something
free, you probably want to pick your favorite IMAP daemon and wrap
it with something like stunnel. Your biggest pain on Solaris
is going to be the lack of a /dev/urandom for OpenSSL. I
suggest picking up something third party like the entropy-gathering
daemon. Steps to take are:
1. Download, compile, install, and configure your favorite IMAP
daemon. UW, cyrus, and courier are all very popular.
2. Download and install some form of random generator, like egd
(http://www.lothar.com/tech/crypto/).
3. You should probably grab TCP wrappers, too:
ftp://ftp.porcupine.org/pub/security/index.html
so that you can limit access to various sites (and it's required
if you want to do redirection to the actual IMAP port, instead of
just running IMAP/SSL directly).
4. Start your random generator and download, compile, and install
OpenSSL (http://www.openssl.org) with libwrap and
egd support.
5. Download, compile, and install stunnel with egd
support.
6. Add the following entry to /etc/services:
imaps 993/tcp
7. Start up stunnel in one of two ways:
a. Standalone IMAP/SSL daemon:
/usr/local/sbin/stunnel -d imaps -l /path/to/your/imapd
b. Run the IMAP daemon on port 143, and then redirect connections
to stunnel on port 993 to the locally running daemon on port
143.
/usr/local/sbin/stunnel -d imaps -r imap
Put an entry for your IMAP daemon in /etc/inetd.conf and use
TCP wrappers to limit IMAP connections to localhost.
Q I've just been hired at a
site where the previous network admin is no longer available. They
have a lot of password-protected Cisco kit (2500 series routers,
cat5000s, a PIX, etc.), to which no one knows the password. How
do I recover the passwords without wiping out all of the configurations?
A Cisco lists password recovery
techniques for their gear at:
http://www.cisco.com/warp/public/474/index.shtml
The one limitation is that you have to have physical access to the
machine (and it therefore needs a physically connected console terminal).
Q I'm trying to get X forwarding
working with OpenSSH 2.2.0p1 and Solaris 8. I've compiled OpenSSH
from source and edited /usr/local/etc/sshd_config to have:
Protocol 2,1
X11Forwarding yes
I'm still not getting any DISPLAY set, however. /usr/local/etc/ssh_config
claims to have site-wide defaults, and it already has the option I
want (ForwardX11 yes). What am I missing?
A OpenSSH installs with the things
in /usr/local/etc/ssh_config commented out. The message at
the top of this file is misleading. /usr/local/etc/ssh_config
is the file for site-wide defaults, but the items that are commented
out are not the default installed options. If you want to forward
X11 packets, you need to uncomment the line that says ForwardX11
yes. You can also test X11 forwarding by specifying ssh -X.
If this doesn't fix your problem, you may want to run ssh
-v to see where you're having issues.
Q I want to keep track of the stuff
I install on my Sparc. How do I make my own Solaris packages? How
do I upgrade a package once I have it installed?
A Once you've installed the
package, there is no reliable way to do an upgrade, per se. You
can either remove the old package first and then install the new
one, or you can leave the old one in place and just install over
it. If you leave the old package in place, it may leave around old
files that are no longer used in the new version of the software.
If you are going to remove the old package, be sure to remove the
old package before you install the new one. If you remove
the old package after installing the new one, there's a good
chance that you will delete part of the new installation if the
two installations share the same files.
Making Solaris packages is accomplished with the tools pkgproto
and pkgmk. This method of creating a package will work with
most software programs. There are some, however, that are very picky
about where they install:
1. Download, compile, and install your software.
2. Create a temporary alternate root directory where you will
"install" your package. Building a package prototype requires
that you know where all of the files were installed and what permissions
they were given.
3. In your Makefile, change the destination root directory to
the tmp space you created above. Now do another make install
so that all of your files are "installed" into your alternate
root directory.
4. Change directory to your alternate root and run the following
command to create a listing of all the files that you just "installed".
Anything in the following examples that specifies /tmp can,
of course, be any directory you have write access to:
find . -print | pkgproto > /tmp/prototype
5. Add the following to the top of /tmp/prototype:
!search
all the paths needed for the install, e.g., /usr/local/bin,
/usr/local/man /usr/local/man/man1, etc.
i pkginfo=/tmp/pkginfo
6. Create the above mentioned pkginfo file in /tmp.
The pkginfo man page will give you a listing of all the tags
you can put in this file. Here is an example for screen:
PKG="screen"
NAME="Screen 3.9.8"
VERSION="3.9.8"
ARCH="sun4u"
CLASSES="none"
CATEGORY="utility"
VENDOR="GNU"
PSTAMP="4thSep00"
EMAIL="request@gnu.ai.mit.edu"
ISTATES="S s 1 2 3"
RSTATES="S s 1 2 3"
BASEDIR="/"
7. Create the package in datastream format.
cd /tmp
pkgmk -o -d $PWD -f ./prototype
If you need to use the package in directory format (say for Jumpstart),
you can use the pkgtrans command to convert from one format
to another. From the directory that the screen package is in (and
the package name is screen.pkg):
pkgtrans -s . screen.pkg screen
Q I have seen different names on the
Ethernet card device in Sun Solaris. The ones I have seen are hme,
le, ie, elx, and qfe. Why do they have
different names? Are there any more of these that I have not seen?
Is the name dependent on the Solaris version (2.4, 2.5, 2.6, 7, 8)
or is it dependent on hardware and/or drivers? Is it a different name
in the Intel version of Solaris?
A These are all Sparc-based network
device drivers. Solaris 1.x and 2.x support many different types
of network cards and have various device drivers. As far as I know,
there is no canonical list because anyone can write a network device
driver for any sort of network card out there.
For supported x86 cards, visit:
http://http://docs.sun.com/ab2/coll.610.1/x86HW/@Ab2PageView/1214?Ab2Lang=C&Ab2Enc=iso-8859-1
under the listings for Network Adapters. For supported cards on the
more recent Sparc platforms, visit:
http://docs.sun.com/ab2/coll.28.21/@Ab2CollView?Ab2Lang=C&Ab2Enc=iso-8859-1
under FDDI, hme, GigE, quad fast, atm, and HSI.
The man page for each device driver should detail its specifications.
Jim McKinstry is a Senior Sales Engineer for MTI Technology
Corporation (www.mti.com). MTI is a leading international
provider of data storage management products and services. He can
be reached at: jrmckins@yahoo.com.
Amy Rich, president of the Boston-based Oceanwave Consulting,
Inc. (http://www.oceanwave.com), has been a UNIX systems
administrator for more than five years. She received a BSCS at Worcester
Polytechnic Institute, and can be reached at: arr@oceanwave.com.
| 
