Montag Aug 26, 2013

Less known Solaris 11.1 features: A user in 1024 groups and a workaround for a 25 year old problem

For a long time the maximum number of groups a user could belong to was 16, albeit there was a way to get 32. In Solaris 11 and recent versions of Solaris 10, the maximum number of groups a user could belong to is 1024 (which is the same limit Windows sets in this regard). It's easy to set the new limit.

set ngroups_max=1024
After a reboot, this change will be active. But why isn't this the default? There are good reasons for it. I will show you one of them in this entry. Like thinking that two digits for the year or using a signed 32-bit integer for storing the system time, the issue has it's root cause in a decision made a long time ago … in this example the moment in the past is at least 25 years ago. And often just changing something, breaks stuff that is really old, but still in use.

Experienced Solaris users, who tuned their Solaris System for up to 32 groups per user, already know the component that will be broken by having more than 16 users, because a message at the next boot of the system after the change in /etc/system that next startup will deliver a warning.

However, as i already said, there is a a solution for this problem since Solaris 11.1. This blog entry will show the workaround in action.

(read more)

Montag Aug 19, 2013

Less known Solaris features: pfedit - editing is not everything

You have allowed junior to edit the httpd.conf and you are capable to monitor the changes with pfedit. However there is a little problem. She or he can't restart the apache demon to make the new config active. When junior tries to restart the service, he or she just gets a "permission denied".


Less known Solaris 11.1 features: Auditing pfedit usage

You have allowed junior to edit the httpd.conf and and some nice evening, you are sitting at home. Then: You get alerts on your mobile: Webserver down. You log into the server. You check the httpd.conf. You see an error. You correct it. You look into the change log. Nothing. You ask your colleagues, who made this change. Nobody. Dang. As always. Classic "Whodunit".

Okay, in order to prevent this for future changes, you want to record this kind of information. And working with pfedit is really useful in order to do so.


Less known Solaris 11.1 features: pfedit

It's a really nifty feature: Let's assume, you have a config file in your system and you want to allow your junior fellow admin to edit it from time to time, but don't want him to pass any further rights to him, because this machine is too important.

Solaris 11.1 has an interesting feature to delegate the privilege to edit just a file. The tool enabling this is called pfedit.

Read more at ....

Freitag Mrz 15, 2013


Brendan Gregg has written an interesting piece about finding performance problems: "The USE method addresses shortcomings in other commonly used methodologies".

It's a good paper, however ... well let's say, I don't understand why so many people find it especially cool or especially good, because at the end it isn't something really new. Don't understand me wrong: It's good. But not extraordinarily good. Like many methodologies it's basically just codified common sense with a personal spin. So I would prefer to say "My-personal-way-of-doing-stuff" instead of calling it methodology. There is nothing new in it. Just a lot of common sense.

I really think that performance analysis is not so much about a "methodology" you can simply follow that will lead you magically to a result. It's about a mindset how to tackle problems, it's about being structured in the approach, it's about "being prepared", it's a lot about knowing stuff.

As I do performance analysis quite frequently, I have created my own "methodology", or to be more correct ... my own mindset of doing such stuff. I don't call it method or methodologies. Perhaps it's useful for some or the other ... so i write it down here.

(

Samstag Dez 22, 2012

The mystery of the disappearing default routes

I was last week at a customer that had a strange problem: While installing the system the default route was disappearing. Those default routes are stored at the same place where all other persistent routes are stored and not at /etc/defaultrouterin Solaris 11 Just by setting /etc/defaultrouter they were able to set it. It took me a moment to find out was happening. [...] (read more at

How to get Solaris 11 VNICs in a Virtualbox VM to work - kind of ...

Normally you can't use a Solaris 11 VNIC on a virtualised interface in Virtualbox. It simply doesn't work. "Virtualized on virtualized" doesn't work well and as far as i understand it, the problem is that the hypervisor has no knowledge of the MAC addresses used by the VNICs. However it turned out this is not entirely true. [...] (read more at

Oh my god, it's full of threads ... and out of memory

This is for the people with the really large systems (however thread wise a T4-2 or T4-1 can be really large systems). Imagine you have dozens to hundreds of zones. All with thousands of threads. Or you have an extreme number of ZFS pools ... with all their zpool processes and a lot of zones with a lot of processes [...] (read more at

Dienstag Jun 22, 2010


At the moment the RSS feed of isn't part of the frontpage aggregation and thus not part of the It you have read my blog via this feed in the past, i kindly ask you to subscribe directly to the feed of my blog at Feedburner. I want to apologize for any inconvenience.

Freitag Okt 26, 2007

Synchronisation deactivated

As you may have observed, this blog wasn´t updated for quite a while, as it was automatically feeded by my primary blog. I still work on a new gateway functionality for Serendipity to Roller, but this will be a task for my next vacation. So .. in case you found this blog interesting, please look at in the case you wasn´t redirected automatically.

Sonntag Sep 02, 2007

How to configure Solaris 10 Trusted Extensions

A good start for configuring the Solaris 10 Trusted extensions: TX-Ranger, config script v1.0. The TX-Ranger is a demo environment for Trusted solaris that gives a nice overview about the feature set available in TX.


Freitag Aug 31, 2007

Flickr-Set: Paris

Arc de Triomphe





Dienstag Aug 28, 2007

Building an el-cheapo Solaris Workstation

Perhaps this arcticle at ExtremeTech is quite useful to you: Build a (Very) Inexpensive Solaris 10 Workstation. Even more interesting than the article itself is the fact, that articles regarding Solaris starts to get more common.


Register: Sun pushes integration with UltraSPARC T2

Clay Rider writes in Sun pushes integration with UltraSPARC T2:
The T2 is another example of Sun's out-of-the-box, perhaps a bit off-the-beaten-path, approach to the marketplace. As history has shown, this approach is often the one that delivers the best ROI for Sun, and in the process its customers.

As Scott said in the past: There is no profit in making the same than all other around you ...




Top Tags
« April 2014