Montag Aug 26, 2013

Less known Solaris 11.1 features: A user in 1024 groups and a workaround for a 25 year old problem

For a long time the maximum number of groups a user could belong to was 16, albeit there was a way to get 32. In Solaris 11 and recent versions of Solaris 10, the maximum number of groups a user could belong to is 1024 (which is the same limit Windows sets in this regard). It's easy to set the new limit.

set ngroups_max=1024
After a reboot, this change will be active. But why isn't this the default? There are good reasons for it. I will show you one of them in this entry. Like thinking that two digits for the year or using a signed 32-bit integer for storing the system time, the issue has it's root cause in a decision made a long time ago … in this example the moment in the past is at least 25 years ago. And often just changing something, breaks stuff that is really old, but still in use.

Experienced Solaris users, who tuned their Solaris System for up to 32 groups per user, already know the component that will be broken by having more than 16 users, because a message at the next boot of the system after the change in /etc/system that next startup will deliver a warning.

However, as i already said, there is a a solution for this problem since Solaris 11.1. This blog entry will show the workaround in action.

(read more)

Montag Aug 19, 2013

Less known Solaris features: pfedit - editing is not everything

You have allowed junior to edit the httpd.conf and you are capable to monitor the changes with pfedit. However there is a little problem. She or he can't restart the apache demon to make the new config active. When junior tries to restart the service, he or she just gets a "permission denied".

Read more at c0t0d0s0.org.

Less known Solaris 11.1 features: Auditing pfedit usage

You have allowed junior to edit the httpd.conf and and some nice evening, you are sitting at home. Then: You get alerts on your mobile: Webserver down. You log into the server. You check the httpd.conf. You see an error. You correct it. You look into the change log. Nothing. You ask your colleagues, who made this change. Nobody. Dang. As always. Classic "Whodunit".

Okay, in order to prevent this for future changes, you want to record this kind of information. And working with pfedit is really useful in order to do so.

Read more at c0t0d0s0.org

Less known Solaris 11.1 features: pfedit

It's a really nifty feature: Let's assume, you have a config file in your system and you want to allow your junior fellow admin to edit it from time to time, but don't want him to pass any further rights to him, because this machine is too important.

Solaris 11.1 has an interesting feature to delegate the privilege to edit just a file. The tool enabling this is called pfedit.

Read more at c0t0d0s0.org ....

About

user13366125

Search

Top Tags
Categories
Archives
« August 2013
MoDiMiDoFrSaSo
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
27
28
29
30
31
 
       
Heute