Cover V10, I07


Questions and Answers

Jim McKinstry and Amy Rich

Q I've installed a Solaris 8 jumpstart server with the following sysidcfg file (IPs changed to protect the innocent):

name_service=DNS {
              name_server=, }
network_interface=primary { netmask= protocol_ipv6=no }
When I try to jumpstart a client with:

boot net - install
the installation goes into interactive mode. If I use name_service=NONE, then the installation completes without intervention. I thought that using DNS and specifying the domain and nameservers should result in a hands-off install. Am I doing something wrong?

A Are you installing the jumpstart client on a network that can't reach the name servers (e.g., having a private non-routable network just for jumpstart installs, but specifying the real DNS servers)? If the jumpstart client can not reach the nameservers, I believe it asks for manual intervention. In addition to that, you may want to check for typos in the IP addresses and perhaps try a sniffer

to see what's happening on the wire.

Q I would like to forward all mail, including local mail, to the central mail server for our UNIX systems. No local mailboxes exist on the clients. The clients are running Solaris 8. The mail server should then decide whether the address is local or forward it to the company mail server. The forwarding to the main company mail server works for non-local mail, but how do I stop the client from delivering mail locally on the clients?

A On every client that should not ever deliver any local mail, you want to use the nullclient configuration. If you have the Sendmail source code:

cd ${sendmail src directory}/cf/cf
where ${sendmail src} is where you've unpacked the code. You'll see a file there called The uncommented text looks like:

VERSIONID('$Id:,v 8.16 2000/03/21 21:05:26 ca Exp $')

FEATURE(nullclient, mailhost.$m)
You'll want to change two things here: the OSTYPE and the host to which the mail should be sent (the smart host). Your client OS is Solaris 8, you mentioned, and let's say that your central mail server is called Your create the file (or pick whatever name you like for the mc file) and put the following in it:

VERSIONID('$Id:,v 8.16 2000/03/21 21:05:26 ca Exp $')

If your client machine is in the same DNS domain as your central mail hub, you can leave the name of the mail hub as mail.$m instead of specifying If you have clients that are running other operating systems, you can find a list of accepted OSTYPE settings in ${sendmail src}/cf/ostype. When specifying the OSTYPE, don't add the .m4 on the end.

To create your new file, do the following (assuming you used as the name of your mc file):

cd ${sendmail src}/cf/cf
m4 ../m4/cf.m4 >
mv /etc/mail/ /etc/mail/
mv /etc/mail/
/etc/init.s/sendmail stop
/etc/init.d/sendmail start
Look at the log file (usually /var/log/syslog, /var/adm/messages, or /var/log/maillog) to verify that Sendmail started without errors.

Q I've been seeing a lot of RPC probes on my machine from an address in .br, .kr, and .cn. Where the heck are these places, and is there some definitive database that maps country code domains to location?

A .br belongs to the country of Brazil, .kr to Korea, and .cn to China. I often see a large number of cracking-associated probes (like RPC, backorifice, DNS queries on a machine not running named, etc.) from Korea, Hong Kong (.hk), and China, especially. For a complete listing of country TLDs, take a look at IANA's ccTLD database:
If you're seeing hits on ports that you don't recognize, you may want to take a look at IANA's list of ports, too:
Q I have a Sun machine with two processors. How do I take one of them offline without bringing down the machine?

A To change the operational state of the processors, use the /usr/sbin/psradm utility. The caveat is that, on some processors or under certain conditions, it may not be possible to disable interrupts for an offline processor. So, depending on your machine, you may not be able to fully take the processor offline. In order to take a specified processor offline, you need to know the number of the processor. These are listed when you do a /usr/sbin/psrinfo. Once you know the processor number, you specify it by using the -f flag to /usr/sbin/psradm. You'd take processor 1 offline by doing the following:

/usr/sbin/psradm -f 1
Look at the manpages for psradm(1M) and psrinfo(1M) for more information on these commands.

Q I'm looking at installing some form of open source BSD on my PC. What's the difference between NetBSD, OpenBSD, and FreeBSD? Is one any better than the other?

A As always, "better" is a relative term depending on what you're after. The three open source BSD projects have different goals. NetBSD is designed to be the most portable BSD, and it runs on a number of different and obscure platforms. OpenBSD's goal is to be the most secure OS, and they've done code audits and security enhancements (like maintaining OpenSSH). Although not as portable as NetBSD, OpenBSD currently runs on about a dozen platforms. FreeBSD is designed to be the most user/systems administrator-friendly branch of the BSDs, but it only runs (currently) on x86 and alpha platforms.

That said, the open source BSDs benefit from each other whenever one does anything with the code base. There's a great deal of cross-pollination that goes on between them (e.g., advancements like the ports collection, security fixes to problems common to all BSD installs, etc.). Each has a well-developed code base and a structured development environment. They're all fairly good choices for home UNIX machines.

Therefore, if you're just looking for a system to tinker around with and learn from, I'd suggest FreeBSD. If you're looking for something to run as a firewall, try OpenBSD. If you're looking to run the same OS on a diverse number of platforms, I recommend NetBSD. You may also want to take a look at the BSD FAQ:
Q How can I completely remove the information from a hard disk so that no one can recover the data that was on it? Is just newfs'ing the disk good enough? How about formatting it?

A The best way to ensure that no one ever reads data off of a disk is to destroy the disk and melt it down into slag. If you want to remove the old data and pass the disk onto someone else for reuse, that's quite a bit trickier. It isn't sufficient to just format or newfs the disk. It's not even sufficient to write all zeros on the disk. Because of the way data is stored on the disk, you have to jump through hoops to actually get all of the data truly erased so that even disk recovery houses can not pull information off of them. There's a good paper by Peter Gutmann in the USENIX library that describes erasing disks and tapes:
Q Is there a way to find out a user's UID without looking in the password file? A machine I'm on has the /etc/passwd file unreadable.

A You can use the id command to determine what your UID and GID are. Most systems have a native id command, or you can install the GNU sh-utils software:
You can also whip up your own C program that uses one or more of the following functions:

getuid, geteuid, getgid, getegid, getpwnam, getpwnam_r, getpwent,
getpwent_r, getpwuid, getpwuid_r, setpwent, endpwent, fgetpwent,
See your system's man pages for the appropriate function call syntax.

Q We have both FreeBSD and Solaris machines at our company. We aren't currently running any sort of centralized password authentication method (we're looking into LDAP), but I want to be able to keep the passwords consistent across platforms by just copying the password field. Is this possible?

A If your two platforms are using the same scheme to encode passwords, then you can, indeed, copy the passwords between machines. Note that the other fields of the password entry may differ, however. By default, Solaris uses DES to encode the the local password. At install time, FreeBSD can be configured to use either DES or MD5. MD5 is believed to be more secure, but if you're aiming for compatibility, you're better off having your FreeBSD machines use DES. FreeBSD moved to MD5 password encoding because, at the time, DES was export controlled, and it was illegal for people installing FreeBSD in countries other than the United States to use it. As a result, the DES libraries (the FreeBSD crypto package) can do both MD5 and DES, but the MD5 libraries can only do MD5.

To determine which scheme you're using on your FreeBSD machines, take a look at /etc/master.passwd. Passwords encrypted with the MD5 hash are longer than those with encrypted with the DES hash and begin with the the string $1$. DES password strings are shorter and are coded in a 64-character alphabet, which does not include the $ character. You can also determine which authentication system your machine is using by looking at where the libcrypt libraries point.

ls -l /usr/lib/libcrypt.*
If these libraries point to libdescrypt, then you're using DES. If they point to libscrypt, then you're using MD5. If you're using MD5 and you want to switch to DES, you can install the crypto package from /stand/sysinstall. The libcrypt libraries should now point to the libdescrypt libraries. If you have old users with MD5 entries, you'll either have to crack them or have the users change their passwords.

If the DES libraries are installed, also be sure to check /etc/login.conf for a passwd_format directory. If one exists, you'll want it set to des, not md5. This setting controls the format in which any new passwords are stored.

As an aside, if you're looking at some sort of centralized password and group repository, try as soon as possible to sync up your UIDs and GIDs across all of your machines.

QI'm trying to run Netscape 4.76 on Solaris 8, but whenever I type in a URL, it just sits there and hangs. If I wait long enough, it comes back and says that it can't resolve the host. I have the following in /etc/nsswitch.conf:

hosts:      files dns
I can do an nslookup on the hosts I'm trying to get to, I can ping them, and I can telnet to them -- everything but Web access via Netscape. What's the problem?

A You've probably turned off nscd, the name service cache daemon. Unfortunately, with Solaris 8, Netscape refuses to function without using nscd. I'd suggest trying to run:

/etc/init.d/nscd start
and then browsing. If this fixes your problem, make sure you have the following start and stop scripts in place, and nscd will start even after the machine gets rebooted:

For more information about nscd and what it does, take a look at the man pages nscd(1M) and nscd.conf(4).

Q We have a large number of messages that get queued, so I want to set up multiple queue directories on different disks to help with stat() times and read times. I'm using Sendmail 8.11.2, and I have the partitions for the queue directories mounted as /var/spool/mqueue1, /var/spool/mqueue2, and /var/spool/mqueue3. I'm not sure how to split up the queue so that it goes onto these disks, however. Everything is still staying in /var/spool/mqueue.

A First, make sure that you have stopped Sendmail and that no mail is being delivered. From doc/op/op:

QueueDirectory=dir [Q] Use the named dir as the queue directory. To 
use multiple queues, supply a value ending with an asterisk.
For example, /var/spool/mqueue/q* will use all of the
directories or symbolic links to directories beginning with q
in /var/spool/mqueue as queue directories.
Set QueueDirectory to /var/spool/mqueue/q*. In the mc file, add the following; rebuild your; and put it into place:

define('confQUEUE_DIR', '/var/spool/mqueue/q*')dnl
Make the following symlinks:

/var/spool/mqueue/q1 -> /var/spool/mqueue1
/var/spool/mqueue/q2 -> /var/spool/mqueue2
/var/spool/mqueue/q3 -> /var/spool/mqueue3
You can also change where you mount your three partitions so that they are directly mounted as /var/spool/mqueue/qN instead of /var/spool/mqueueN. If you mounted the partitions directly, you could skip doing the symlinks. If you don't have dedicated partitions for each of the spool directories, though, symlinks are the way to go.

Test your new and then start the Sendmail daemon back up again.

QI've heard that you can now download Solaris instead of paying $75 for the CDs. Is this true? Is it both SPARC and x86? Where can I get the distribution?

A Yes, Sun has now put Solaris 8 up for free download. After downloading the ISO images, use your favorite CDR/CDRW burning software to put the images onto CDs. You can obtain the zipped ISO images for either SPARC or x86 platforms from the following URL:
You can also still order the media from Sun for $75 if you don't have the space or the connection speed needed to download the ~800M ISO images.

QI have a message in my syslog files that indicate that sshd (OpenSSH 2.3.0p1) generated a RSA key. This happened without my intervention. Does sshd do this automatically at certain times, or is something malicious happening?

A Yes, this happens automatically for security reasons. After the key has been regenerated, it becomes impossible to recover it for decrypting hijacked sessions because the key is not stored on disk. From the sshd man page:

...when the daemon starts, it generates a server RSA key (normally 768 bits). This key 
is normally regenerated every hour if it has been used, and is never stored on disk.
You can specify the key regeneration interval when you start sshd by using the -k switch (time is measured in seconds). If you wanted to regenerate the key every half hour, you'd start sshd as:

sshd -k 1800
If you specify zero for the regeneration time, it will never be regenerated. This is not recommended.

QWhen I make an alias as an end-user everything works as expected. When I invoke other shell console, though, the alias I made is not available anymore. Is there any command to add aliases to a file, or is this method of adding aliases just for root?

A Aliasing is a function of your shell, and some shells do not support aliases. For shells that do support aliases, when you set an alias on the command line, it is good only for that session. If you want aliases to persist for each shell invocation, you need to put them in a resource file (e.g., .cshrc for csh, .tcshrc for tcsh, .bashrc for bash, etc.). To determine the proper resource file for your shell, read the man page on your chosen shell.

QIs there an equivalent to Solaris's truss on HP/UX?

A It's not an officially supported HP product, but tusc (trace UNIX system calls) was written by Chris R. Bertin who works at HP Cupertino. Tusc can be found at:
QMy Exabyte 8200 8mm tape drive just died, and I'm thinking of upgrading to the Exabyte Mammoth. Will I still be able to use the tapes from my 8200?

A The Mammoth and Mammoth-LT drives can read the data written by the 8200 drive, but the Mammoth-2 drive can not. Neither of them can write the 8200 format, but I suspect you don't care about that as much, because it sounds like you won't be going back to using a 8200 for restores. You'll also have to buy new tapes to write to, because the Mammoth drive does not write to the MP tapes. These two URLs from Exabyte should give you a good idea of your compatibility options:
QI'm running Solaris 7 and I'm using Solaris' printing system. We have a Postscript printer attached to a Jetdirect card and every time someone prints something, it sends a banner page first. Is there an easy way to turn off the banner page?

A Shut down the printing system by doing:

/etc/init.d/lp stop
Change the contents of the file /etc/lp/model/netstandard from:


Restart the printing system:

/etc/init.d/lp start
Jim McKinstry is a Senior Sales Engineer for MTI Technology Corporation ( MTI is a leading international provider of data storage management products and services. He can be reached at:

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (, has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: