Cover V11, I13


Questions and Answers

Amy Rich

Q I've just installed Solaris 9 on one of our test bed machines to experiment with it. I really like a number of the new features, including the integrated tcp_wrappers functionality for /etc/inetd.conf. I think I've misconfigured something, though, because instead of logging the service, it always logs the blocked process as inetd:

Aug  15 11:09:29 inetd[11156]: refused connect from localhost
The above example should be logged as telnetd, not inetd. What am I doing wrong? Did I miss some flag to inetd?

A This is a known bug with Solaris 9's implementation of tcp_wrappers. It's been logged under bugid 4711482. I hope there will be a patch out soon that will change the log messages to show the actual calling program.

Q I've just upgraded to Solaris 9 and installed OSA Raid Manager 6.22,REV=01.14. We've migrated an A1000 array from an old machine and are now getting errors in the log file on the new machine:

Aug 27 12:05:32 colossus /usr/lib/osa/bin/nvutil: [ID 187284 user.error] 
The controller firmware version for controller c2t5d0 
(module: colossus_001) is 2.05.02. The recommended firmware version 
for this application is 3.00.00 or higher.
What patches do I need to fix this? I installed all of the recommended ones and security ones already, but that doesn't seem to help.

A You need to upgrade the firmware on the A1000, not install OS patches to fix this problem (though you may also need OS patches for the version of OSA Raid Manager that you're using; see the release notes). See page 121 (Appendix A) of for information on upgrading your controller firmware. Because you're back at 2.05.02, you first need to upgrade to and then to the latest revision for the firmware. See also, pages 143-152 for information on how to download and upgrade the firmware.

Q I tried installing Solaris 9 from my Plextor PlexWriter 12/20/32 CDRW, which is installed in one of our Ultra 60s. Solaris 9 installed fine, but when the machine rebooted at the end of the installation, I received a large number of error messages that scrolled by in the logs at many more than one per second:

Oct 23 11:25:21 fruba genunix: [ID 349501 kern.warning] WARNING: Device sd6 failed to power up.
Oct 23 11:25:21 fruba genunix: [ID 349501 kern.warning] WARNING: Device sd6 failed to power up.
This is a brand new CDRW drive, and it worked fine under Solaris 8 and continues to work fine under Solaris 8 and FreeBSD, so I don't think this is a hardware problem. Have you seen this error before? Is it a hardware incompatibility that's cropped up in Solaris 9?

A This is actually a known issue with this model CDRW drive, yes. As far as I know, there is no patch out for this, though the bug has been reported to Sun. As a temporary workaround, you can leave a readable CDROM in the drive to prevent these errors from appearing at boot time. If you do not want to leave a CDROM in the drive all of the time, you can remove the vold init scripts or remove the CDROM lines from /etc/vold.conf.

Q We have a number of 220R servers that must have near 24x7 uptime. We also want to upgrade all of these servers from Solaris 2.6 to Solaris 8. What's your suggestion for the absolute minimal downtime for doing the upgrade on these systems?

A If your machines are supposed to be up as close to 24x7 as possible, you likely have the boot drives mirrored with DiskSuite. The option that will cause you the least amount of downtime is to use Live Upgrade combined with Web Start Flash, especially if you have a large number of similarly installed machines or one test machine where you can create installations to turn into flash archives.

Presumably you've designed your systems so that all of the user data and third party software are on a separate partition from those needed by the OS. I tend to lay out filesystems with / /usr and /var for the OS, and one large filesystem for /usr/local, /home, etc. This segregation makes it easy to upgrade the OS without touching the non-Solaris parts of the machine.

See the Live Upgrade 2.0 Guide:
for more information on using Live Upgrade. Also, see the Web Start Flash Installation Feature Topics:
for information on how to create and install flash archives.

Q I have a problem with a Netra X1 that has Solaris 8 and DiskSuite 4.2.1 installed. When I try to set up a two-way mirror using DiskSuite, I get an error when trying to create the state databases on the second drive:

metadb -a -c 4 c0t2d0s7
metadb: sekrit: c0t2d0s7: overlaps with device in metadevice state database
I checked both of the disks with format to make sure there were no errors on slice 7 of either disk, and everything looked ok. I also tried repartitioning and re-labeling the disks. I even tried removing and recreating the disk devices with devfsadm. Still no luck. I'm not sure what I'm doing wrong, any clues?

A This sounds like a known issue with IDE disks lacking unique device IDs. The early X1s shipped with 20-GB Seagate drives with the part numbers 600-7097-02 and F600-7097-02 are susceptible to this problem. Sun Alert 27211 addresses this problem:
Also relevant are Sun Bug IDs: 4513394, 4458965 and 4417686, and 4411343. You need a Sunsolve account to access these bug IDs.
According to Sun, this issue has been fixed in Solaris 8 Update 6 or later. If you still have issues getting DiskSuite to work, Sun has an unsupported but documented workaround: FIN I0680-1. This workaround is not available from the public site, and you'll need to contact your Sun service representative for the FIN. Sun will give you a tool called rwdevid that will create unique device IDs for each disk:

rwdevid -d /dev/rdsk/c0t2d0s2 -w
Q Our company has a large number of jumpstart servers located throughout the world. Every time a new release comes out, we need to either ship CDROMs to each site or have them download and burn their own copies. Then someone has to physically go to the machine and insert the CDROM into the jumpstart server so that the new image can be installed. This process is slow and tedious. There must be a better way to get the new image on all of our jumpstart servers.

A You can install from a downloaded ISO image instead of burning your own CDROMs and use lofiadm (with version of Solaris greater than 7) to mount the file as a filesystem. You can then do the installation from the filesystem image.

To begin, make the machine think that the file is actually a device:

/usr/sbin/lofiadm -a /path/to/sol-8-u7-sparc-v1.iso
which creates /dev/lofi/1 and its associated entry in /devices, /devices/pseudo/lofi@0:1.

To mount the ISO image on /cdrom:

/sbin/mount -F hsfs -o ro /dev/lofi/1 /cdrom
Then you can cd to /cdrom/Solaris_8/Tools/ and run:

./setup_install_server /path/to/your/jumpstart/cdrom_image
When the installation of the first disk is complete, delete the loopback mount for the first ISO image:

cd /
/sbin/umount /cdrom
/usr/sbin/lofiadm -d /path/to/sol-8-u7-sparc-v1.iso
Create a loopback interface for the second ISO image, and mount it:

/usr/sbin/lofiadm -a /path/to/sol-8-u7-sparc-2.iso
/sbin/mount -F hsfs -o ro /dev/lofi/1 /cdrom
Then, finish up the installation of the second ISO image:

cd /cdrom/Solaris_8/Tools/
./add_to_install_server /path/to/your/jumpstart/cdrom_image
Finally, after the second image has finished, unmount the image and delete the block device:

cd /
/sbin/umount /cdrom
/usr/sbin/lofiadm -d /path/to/sol-8-u7-sparc-v2.iso
Q I heard that the StorEdge A3000 will not be supported under Solaris 9. Is this true? I just bought a number of A3000 arrays, and I'll be mighty upset if I have no upgrade path.

A The Solaris 9 release notes on did in fact say that the A3000, A3500, and A3500FC storage arrays were no longer supported under Solaris 9. The good news for you is that this announcement was an error and the A3x00 arrays are still supported.

Q I have an issue with Solaris 8 and an Ultra 220R. I've been trying to add a user with the following command:

/usr/sbin/useradd -c "Test User" -d /home/test -g test -G root -k -u 600 -s /bin/sh test
I get this error:

UX: /usr/sbin/useradd: ERROR: Cannot update system files - login cannot be created.
The syntax is right, and the useradd works fine if I remove the -G flag. According to the man page, the -G should add the user to a secondary group in /etc/group, but I can't seem to get it to work. I also tried to use usermod to modify the test account after creation and that also fails:

/usr/sbin/usermod -G root test

UX: /usr/sbin/usermod: ERROR: Cannot update system files - login cannot be modified.
I can never get useradd or usermod to work when I use the -G flag. Is the -G flag just broken?

A First, double check that /etc/.pwd.lock is not in use by any other program. If you can create the user without the -G flag, though, this is likely not your problem. My guess is that you're having an issue with your TMPDIR setting. If you truss the useradd or usermod process, you may see a line that says something to the effect of:

rename("/your/tmp/dir/gtmp.<something>", "/etc/group") Err#18 EXDEV)
If you do see this error near the end of the truss output, then it means that your TMPDIR is not on the same physical partition as /etc/group. EXDEV is an error that indicates that you're trying to do an illegal cross device link. To work around this issue, you can have your script set the TMPDIR to the same partition.

Q I am trying to install patch 112438-01 for the /dev/random and /dev/urandom drivers on a Solaris 8 10/01 release machine. I did the following:

pkgadd -d 112438-01
and rebooted the machine. The application that's trying to use /dev/urandom, OpenSSH, dies with the error:

PRNG not seeded
I took a look in /dev, and there's no random or urandom there at all. Is there something else needed to get this patch to work?

A You said you used pkgadd, and not patchadd. If this is true, you'll need to add the patch with patchadd, then remove it, then add it again to clean up any problems:

/usr/sbin/patchadd 112438-01
/usr/sbin/patchrm 112438-01
/usr/sbin/patchadd 112438-01
After the patch is properly installed, you need to reconfigure the devices. You can either shut down the machine and do a reconfiguration boot (boot -r), or you can use /usr/sbin/devfsadm.

You may also have a copy of OpenSSH that was built to use prngd instead of /dev/urandom. You can use truss to verify what random source your binary is trying to open. You should see the line:

open("/dev/urandom", O_RDONLY)                  = 3
If you have a copy that's trying to use something other than /dev/urandom, pick up the correct package from or configure and build your own from source.

Q We're installing a testbed Oracle 9i server for evaluation. I know that Solaris and Oracle both have a number of tunable parameters that will improve performance of our databases. Is there a decent primer on tuning for Solaris/Oracle to get me started?

A You don't mention what version of Solaris you're running, but Sun Blueprints has a number of Oracle performance articles.

Sun's Oracle best practices:
Tuning Oracle itself:
Clustered databases:
A script to do fast parallel exports from Oracle databases:
A search for Oracle on will turn up a number of results that may contain information of interest if you're evaluating Oracle and trying to get the most out of it. If you're looking for hardcopy, I've seen a number of DBAs suggest Oracle Press Book's Oracle9i UNIX Administration Handbook (ISBN 0072223049).

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (, has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: