Wednesday Nov 21, 2007

Important step in Live Upgrading

I read a blog on how to live upgrade. Tried it out. And it did not work :-(.

Fortunately, you can always fall back to the pre-upgrade environment, which is still intact.

I deleted the new boot environment and followed the steps again. It failed again. I searched for a few more blogs. They also had similar steps. Followed them. Failed again :-( :-(.

What was I not doing right???

I took the help of some Live Upgrade experts and they told me I was missing one important step: Install the live upgrade packages SUNWluu SUNWlur SUNWlucfg from the new boot environment (iso/cd/image) before using any of the lu\* commands.

I had the new iso anyways. I lofi mounted it and installed the new packages from the iso:

# lofiadm -a /space/iso/snv75/sol-nv-b75-x86-dvd-iso
/dev/lofi/1
# mount -F hsfs /dev/lofi/1 /mnt
# cd /mnt/Solaris_11/Product
# pkgadd -d . SUNWluu SUNWlur SUNWlucfg

Then followed the rest of the steps and the live upgrade when through without any issues :-).

I had live upgraded my system earlier. That time, I had not installed the LU packages from the new boot environment. But still the live upgrade went through fine. I had some issues with the grub entries which I corrected. Now I realize that I was just lucky to get away with a minor issue that time.

I also found that many people try out live upgrading at a much later time. This should be decided while installing Solaris itself as you need a separate slice of same size as the root slice.

With the newer projects on upgrading and installing, I believe Live Upgrade is getting extinct...

Tuesday Oct 16, 2007

DTrace with non-root user



DTrace requires root privileges to run. DTrace is non-destructive i.e., you can't do any harm to the system or process that you are tracing. Letting normal users to run DTrace can be a security issue as that user can get any information on the system or of another user, including passwords.

If you are using a laptop or a personal desktop, then enabling DTrace for yourself could be very helpful. Especially if you are developing and debugging an application. This can done by a simple command:

# usermod -K defaultpriv=basic,dtrace_proc,dtrace_user,dtrace_kernel <login_id>

This command has to be run as root. It updates the /etc/user_attr file with the privileges given here. By default, a normal user only has the basic privilege. But this is not mentioned in the /etc/user_attr file. If any additional privileges are added, then only these privileges will be applicable. Thats why the basic privilege is a must when adding additional privileges. Otherwise the user will not be able to login next time. Note that the user may have to logout and login again for the privileges to take effect.

To know more about what each privilege allows you to do, run:

# ppriv -lv dtrace_proc,dtrace_user,dtrace_kernel

Try the same with basic privilege as well.

To remove the privileges don't give any option to defaultpriv in the above command.



About

jkini

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today