Solaris Booting /OBP/Run-Levels/User Admins

Booting process in solaris 10

The boot PROM phase
The boot programs phase
The kernel initialization phase
The init phase
The svc.startd phase

The /etc/system file is divided into five distinct sections:
moddir:
Sets the search path for default loadable kernel modules. You can list together multiple directories to search, delimited either by blank spaces or colons. If the module is not found in the first directory, the second directory is searched, and so on.
root device and root file system configuration:
Sets the root file system type to the listed value. The default is
rootfs:ufs.
Sets the root device. The default is the physical path name of the device on which the boot program resides. The physical path name is platform dependent and configuration dependent.
The following is an example path:
rootdev:/sbus@1,f8000000/esp@0,800000/sd@3,0:a
exclude:
Does not allow the loadable kernel modules to be loaded during kernel initialization,
for example:
exclude: sys/shmsys
forceload:
Forces the kernel modules to be loaded during kernel initialization,
for example:
forceload: drv/vx
The default action is to load a kernel module automatically when its services are first accessed during runtime by a user or an application.
set:
Changes kernel parameters to modify the operation of the system,
for example:
set maxusers=40

/etc/inittab

Each line in the /etc/inittab file contains the following four fields:

id:rstate:action:process

ap::sysinit:/sbin/autopush -f /etc/iu.ap
sp::sysinit:/sbin/soconfig -f /etc/sock2path
smf::sysinit:/lib/svc/bin/svc.startd>/dev/msglog 2<>/dev/msglog </dev/console
p3:s1234:powerfail:/usr/sbin/shutdown -y -i5 -g0 >/dev/msglog2<>/dev/msglog

# shutdown -y -g120 -i6 “The system is being rebooted”

“Ungraceful” Shutdown Commands
# halt
# poweroff
# reboot

Setting the Default Boot-time Milestone
# svcadm -v milestone -d multi-user-server:default


OBP

To determine which revision of OpenBoot PROM is running on the system
# /usr/platform/‘uname -m‘/sbin/prtdiag -v
or
# prtconf -V

Command  Description
banner Displays the power-on banner
boot Boots the system
help Lists the main help categories
printenv Displays all parameters’ current and default values
setenv Sets the specified NVRAM parameter to some value
reset-all Resets the entire system; similar to a power cycle
set-defaults Resets all parameter values to the factory defaults
sifting text Displays the FORTH commands containing text
.registers Displays the contents of the registers
probe-scsi Identifies the devices on the internal Small

Computer System Interface (SCSI) bus

probe-scsi-all Identifies the devices on all SCSI buses
probe-ide Identifies devices on the internal integrated

device electronics (IDE) bus

probe-fcal-all Identifies devices on all Fibre Channel loops
show-devs Displays the entire device tree
devalias Identifies the current boot device alias for the system
nvalias Creates a new device alias name
nvunalias Removes a device alias name
show-disks Displays and allows a selection of device paths

for the disks to be used for nvalias

sync Manually attempts to flush memory and synchronize file systems
test Runs self-tests on specified devices

ok> boot -m milestone=single-user
ok banner
Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 360MHz), Keyboard Present
OpenBoot 3.31, 128 MB (50 ns) memory installed, Serial #11888271.
Ethernet address 8:0:20:b5:66:8f, Host ID: 80b5668f.

boot -s ————–> Single user mode
-a ————–> boot the system Interactively
-r ————–> Performs a reconfiguration boot it updates the /etc/path_to_inst file.
-v ————–> Boots the system while displaying more detailed device information to the console

ok help boot
ok help nvramrc
ok help diag
ok help misc

ok printenv
ok printenv boot-device

ok setenv auto-boot? false
auto-boot? = false

The reset-all command halts the system, clears all buffers and registers,and performs a software simulated power-off/power-on of the system
ok reset-all
Resetting …

# eeprom To list all of the parameters with their current values

# eeprom boot-device To list a single parameter and its value, in this case, the boot-device parameter
boot-device=disk
#
# eeprom boot-device=disk2 To change the value of the default boot device to disk2


Run-Levels

Run Level Milestone Function
0 System is running the PROM monitor.
s or S single-user Solaris OS single-user mode with critical file systems mounted and accessible.
1 The system is running in a single-user administrative state with access to all available file systems.
2  multi-user The system is supporting multiuser operations. Multiple users can access the system. All system daemons are running except for the Network File System (NFS) server and some other network resource server related daemons.
3 multi-user-server The system is supporting multiuser operations and has NFS resource sharing and other network resource servers available.
4 This level is currently not implemented.
5 A transitional run level in which the Solaris OS is shut down and the system is powered off.
6 A transitional run level in which the Solaris OS is shut down and the system reboots to the default run level.

64-bit Kernel
/platform/’uname -m’/kernel/sparcv9/unix
/platform/’uname -m’/kernel/sparcv9/genunix

Module Directories
/kernel
/usr/kernel
/platform/’uname -m’/kernel
/platform/’uname -i’/kernel

to know the kernel architecure 32/64 bit

isainfo -kv


User Administrations

#useradd -c “comment” -d /export/home/XXXXXX -g staff -G 14,8,6 -m -k /etc/skel -u 5002 -f 2 -e 30/02/2010 -s /bin/ksh d308574

options
=========
-c comment —-> Typically used for the users name
-d directory —-> home directory for the new user
-m —-> Create the new user’s home directory if it doesn’t exists
-g group —-> specifies an existing group(primary group)
-G groups —-> Defines the new user’s supplementary group membership(secondary group)
-k skel-dir —-> create a directiry that contains skeleton information(such as .profile) which can be copied into a new users home directory
-u uid —-> set the uid of the new user
-s shell —-> specifies the full path name of the program used as the user’s shell on login. It defaults to an emprty field causing the system to user /bin/sh as default.

-o —-> allows A UID TO BE duplicated.
-e expire —-> specifies the expiration date for a login
-f inactive —-> sets the maximum no of days user account in idle
D —–>Displays the defaults that are applied to the useradd command

RBAC —>
useradd
-R —> assigns role (define which roles a new user)
-A —>adds an authrization
usermod: modifies an existing user accout
syntax :- usermod [-u uid][-o][-g group][-G group][-d dir][-m][-s shell][-c comment][-l newlogname][-f inactive][-e expire] login

-l newlogname —->change the login account name for the specified user
-m —-> moves the user’s directory to the new location specified with -d option.

examples:
usermod -m -c “kumar” -d /export/home/d308574 -u 5002 -g 10 -l d308574(new) jagan(old)

To change the home directory and login name for jagan to raju
usermod -m -d /export/home/raju -l raju(new) jagan(old)

To change only username or useraccount
usermod -d /export/home/raju -m -l raju(new) jagan(old)

To change old user’s home directoyr to new user
usermod -m -d /export/home/jagan(old) raju(new)

To change comment & home directory
usermod -m -c “koteswara rao” -d /export/home/raju raju

To change shell of a user account
usermod -d /export/home/raju -m -s /bin/csh raju

userdel: to delete a user account
syntax : userdel [-r] login
-r —-> removes the user’s home directory from the local file system

Note: To lock a user account
passwd -l <username> —> This can be done by superuser only

To unlock account
paaswd -u <username>

To delete an user account

passwd -d <username>

/etc/passwd –contains 7 fields
without an entry in /etc/passwd , users are unable to login the system

username:passwd:UID:GID:comment:home-directory:login-shell

/etc/shadow —-contains 9 fields and password encryption and password aging stored at /etc/shadow

loginID(username):passwd:lastchg:min:max:warn:inactive:expire

password:- This field contains the following entires
1)’13’ charactes encrypted user passwd
2) String *LK*, which indicates on inaccessable account or lock the account
3)String NP, which indicates no passwd on the account

/etc/group –contains 4 fileds

A user can have ‘1’ primary group and upto 15 secondary groups.
Groupname:passwd:GID:user-list

passwd –> for group password and is used by the /usr/bin/newgrp
UID —-> 0-99 for system
100-60,000 for user
60,001 for No
60,002 for No

su – <username> —-> ( ‘-‘ (dash) to adoptthe environment of the new user home directory.)

/etc/default/passwd
Set values for the following parameters in the /etc/default/passwd file to control properties for all users’ passwords on the system:
MAXWEEKS – Sets the maximum time period (in weeks) that the password is valid.
MINWEEKS – Sets the minimum time period before the password can be changed.
PASSLENGTH – Sets the minimum number of characters for a password. Valid entries are 6, 7, and 8.
WARNWEEKS – Sets the time period prior to a password’s expiration to warn the user that the password will expire.

Note – The WARNWEEKS value does not exist by default in the /etc/default/passwd file, but it can be added.

Password security
Account locking is enabled by the LOCK_AFTER_RETRIES tunable parameter in /etc/security/policy.conf and
the lock_after-retries key in /etc/user_attr.

The LOCK_AFTER_RETRIES=YES|NO parameter specifies whether a local account is locked after the number of failed login attempts for a user is equal to, or exceeds the allowed number of retries. The number of retries is defined by RETRIES in /etc/default/login.

# vi /etc/default/passwd

Locate the line called #HISTORY=0, and remove the comment from the beginning of the line. Modify the number to 3, so the line shows as HISTORY=3.

example

$ passwd
passwd: Changing password for testuser
Enter existing login password: 123pass
New Password: pass123
Re-enter new Password: pass123
passwd: password successfully changed for testuser
$ passwd
passwd: Changing password for testuser
Enter existing login password: pass123
New Password: 123pass
passwd: Password in history list.
Please try again
New Password: newpas1
Re-enter new Password: newpas1
passwd: password successfully changed for testuser
# useradd -D ————> D -Displays the defaults that are applied to the useradd command
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries
groupadd :- To add a new group
groupadd <groupname>
groupdel :- To delete a group from list
grpuodel <groupname>
groupmod :- modifies a group

groupmod <old-groupname> <New-groupname>

groupadd [ -g gid [ -o ] ] groupname
-g gid Assigns the GID number for the new group
-o Allows the GID number to be duplicated

Example

# groupadd -g 301 class1

Modifying a Group Entry

groupmod [ -g gid [ -o ] ] [ -n name ] groupname

Example

# groupmod -g 400 class1

Deleting a Group Entry

groupdel groupname

Example

# groupdel class1