Dennis Zheleznyak

Dennis Zheleznyak

DevOps Engineer bigpanda

© 2021

Troubles of the past: Solaris 10
  • Past
May 16, 2020

High resolution CPU timing

For low latency/high performance applications, add the following:

vi /etc/system

set hires_tick=1
set hires_hz=10000

Disable keys or mouse buttons

Disabling certain keys or mouse buttons can help you achieve a secure desktop/kiosk mode:

Use the following built in utility to get the button ID:

/usr/openwin/demo/xev

Then, using a script that can be added to the auto start applications, add the line:

xmodmap -e "pointer = 1 2 3 4 5 X Y 6 7 ..."
OR
xmodmap -e "keycode 109 = "

The sudo alternative for Solaris 10

Solaris 10 has no sudo command, but you do have pfexec, works the same but different configuration.

Basically, you attach profiles to your user, query them by listing the following file:

cat /etc/security/exec_attr

Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0

Add the profile to your user:

usermod -P'Maintenance and Repair' <userName>

Lastly, run the command using pfexec:

pfexec poweroff

Configure NTP Server

Make sure these are the only files in /etc/inet/ntp.conf:

server 127.127.1.0
fudge 127.127.1.0 stratum 0

Stop and start the service:

svcadm disable ntp
svcadm enable ntp

Adding profiles to pfexec

Add your profile:

echo "NTP Management:suser:cmd:::/usr/sbin/ntpdate:uid=0" >> /etc/security/exec_attr

Add the profile to your user:

usermod -P'NTP Management' <userName>

Test the command:

pfexec ntpdate -u 1.1.1.1

Rebuild Grub

Insert the installation disc and enter rescue mode

cd /a/boot/grub 
installgrub -fm stage1 stage2 /dev/rdsk/c0t0d0s0

Update the boot_archive via bootadm command:

bootadm update-archive -fv -R /a

Reboot the system

LD_LIBRARY_CONFIG alternative for Solaris 10

crle -u -l /usr/local/lib

Maunally mount a CDROM drive

mount -F hsfs /dev/sr0 /cdrom/cdrom0

Sed alternative for Solaris 10

perl -pi -e 's/find/replace/g' file

Delete a line in a file with a specific string

perl -ni -e 'if(!/test2/){print;}' myfile

WARNING: reboot required

In case you encounter the following message:

WARNING: Reboot required.
The system has updated the cache of files (boot archive) that is used
during the early boot sequence. To avoid booting and running the system
with the previously out-of-sync version of these files, reboot the
system from the same device that was previously booted.

Run the following command from any shell:

svccfg -s svc:/system/boot-config:default setprop config/auto-reboot-safe = true

Verify that the command ran successfully:

svccfg -s svc:/system/boot-config:default listprop |grep config/auto-reboot-safe
config/auto-reboot-safe            boolean  true

The database might be damaged

Sometimes, the following message could be received:

svc.configd: smf(5) database integrity check of:

/etc/svc/repository.db

failed. The database might be damaged or a media error might have
prevented it from being verified. Additional
information useful to

Run the following command:

/lib/svc/bin/restore_repository

Then, enter one of the boot backup you see on the screen, for e.g:

boot-20151210_06069

Configure a NIS client

Add the default domain to a file:

echo something >> /etc/defaultdomain

Add the following to nsswitch.conf(the word nis to the following fields):

passwd: files nis
shadow: files nis
group: files nis

Add your NIS servers to /etc/hosts(this fixes a bug in Solaris 10):

server1 192.168.0.1
server2 192.168.0.2

Run the following command to finish the setup:

ypinit -c

Make sure the service will come up on boot:

svcadm enable nis/client

Cron repetitive task

The usual syntax known in Linux is not fully compatible with Solaris 10, therefor, use the following:

0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/fix_ntp

Disable GUI login

Run the following command:

/usr/dt/bin/dtconfig -d

Next, disable the service on startup:

svcadm disable svc:/application/graphical-login/cde-login:default

Network Routes

Add a network route:

route -p add <Network> -netmask <Netmask> <Gateway>
e.g.
route -p add 10.10.10.0 -netmask 255.255.255.0 192.168.1.1

Add a default route:

route -p add default 192.168.1.1

Add a multicast route:

route add 224.0/4 `uname -n`

Add a route to a specific interface(recommended method):

route add -host 1.1.1.1 1.1.1.254 -ifp igb0

To delete all routes:

route flush

Configure Autologin

Solaris 10 does not allow you to configure an auto login out of the box.

Edit /etc/X11/gdm/gdm.conf and change the following:

AutomaticLoginEnable=true
AutomaticLogin=dennis
GdmXserverTimeout=30

Disable the old cde login and enable the new one:

svcadm disable cde-login
svcadm enable gdm2-login

Add the following lines to /etc/pam.conf

gdm-autologin auth  required    pam_unix_cred.so.1
gdm-autologin auth  sufficient  pam_allow.so.1

Create a file with the following content:

vi /tmp/pam_allow.c

#include <stdio.h>
#include <security/pam_appl.h>

/*
 * This code may be used to create a pam_allow.so.1 PAM module
 * to allow Automatic Login to work on Solaris 10 or lower.
 *
 * Compile:
 *	cc pam_allow.c -o pam_allow.so.1 -Kpic -G
 */
int 
pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}

int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}


int
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}

int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}

int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}

int
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	return (PAM_SUCCESS);
}

Make sure Sun Studio is installed and run the following:

cc pam_allow.c -o /usr/lib/security/pam_allow.so.1 -Kpic -G

If problems occur, please create .dmrc file inside the user’s home directory with the following content:

[Desktop]

Session=gnome

Also, please make sure that the user with the auto login have the proper permissions:

chmod 755 /home/user

Reading Temp Sensors with Solaris 10

/usr/sbin/prtpicl -v -c temperature-sensor

OR

/usr/sfw/bin/ipmitool sdr list |grep temp

Configure NFS Client/Server

To configure a NFS server, add the following to /etc/dfs/dfstab:

share -F nfs -o rw  /records

To configure a NFS client, add the following to /etc/vfstab:

192.168.0.1:/records   -                /records nfs      -      yes       bg,rw,soft

Configure a Virtual VNC session

Check the current status of VNC:

svcs -a | grep -i vnc
disabled 13:47:12 svc:/application/x11/xvnc-inetd:default

Add the following to /etc/services:

vnc-server 5900/tcp # Xvnc

Create the following file with the following content:

vi /etc/X11/gdm/custom.conf

[xdmcp]
Enable=true
[security]
DisallowTCP=false
AllowRoot=true
AllowRemoteRoot=true

Enable the service and verify that it’s working:

svcadm enable svc:/application/x11/xvnc-inetd:default

svcs svc:/application/x11/xvnc-inetd:default
STATE STIME FMRI
online 14:46:43 svc:/application/x11/xvnc-inetd:default

Change the resolution of the vnc:

inetadm -m svc:/application/x11/xvnc-inetd:default exec="/usr/X11/bin/Xvnc \\ -geometry 1280x720 -inetd -query localhost -once securitytypes=none"

Make the session persistent:

inetadm -m svc:/application/x11/xvnc-inetd:default wait=TRUE

If you see a green screen with an X, verify the following:

ps –ef |grep –i dtlogin

/usr/dt/bin/dtlogin -daemon -udpPort 0

Run the following to fix it:

svccfg -s cde-login setprop 'dtlogin/args=""'

Restart the services:

svcadm restart cde-login
svcadm restart svc:/application/x11/xvnc-inetd:default