Friday Aug 06, 2010

Distribution Constructor

One of the features that shipped with OpenSolaris 2008.11 was the ability to create your own custom distributions of the product. This is pretty powerful if you want to deploy OpenSolaris throughout your organization tailored to your users' needs. [Read More]

Thursday Jul 15, 2010

last

Just a quick tip as this question came across the opensolaris-help forum - "How can I (as admin) find out when a certain user e.g. "karl" most recently logged in and most recently logged out of a system?"

The simple answer is last:

bleonard@opensolaris:~$ last karl 
karl      pts/5        10.0.1.9         Thu Jul 15 11:12   still logged in
karl      sshd         10.0.1.9         Thu Jul 15 11:12   still logged in
karl      pts/5        opensolaris      Thu Jul 15 11:11 - 11:12  (00:00)
karl      sshd         opensolaris      Thu Jul 15 11:11 - 11:12  (00:00)

Thursday Jun 24, 2010

Monitoring OpenSolaris from your iPhone, iPod or iPad








Yes, there's an app for that too. Karim Berrah has put together a nice blog on how to build iStat so you can monitor your OpenSolaris servers from your iPhone, iPod Touch or iPad. Cool stuff! 














Wednesday Jun 23, 2010

Rights Profiles

A Rights Profile gives a user or role the privileges to perform one or more specified tasks. As the Primary Administrator of your system, you might not give rights profiles much thought because you basically have the authority to do everything. However, if you're creating accounts for other users on the system, it's unlikely that you want to also give them Primary Administrator powers.[Read More]

Tuesday Jun 22, 2010

Auditing

Someone recently asked on the opensolaris-help forum if it was possible to log ssh events into his OpenSolaris box. I provided a brief answer on how to use the OpenSolaris audit feature to track this information, but I thought a more thorough introduction to auditing may be warranted.[Read More]

Tuesday Jun 01, 2010

Zones and the Package Manager GUI

After getting a basic GUI to run from a zone, of course I was curious if I could run something more substantial. I don't normally use the Package Manager GUI, but I thought it would be a nice visual way to see what limited packages are installed in a zone.[Read More]

Thursday May 27, 2010

Zones, X and Roles

My last two blog entries were actually written to set up this entry. What if I'm logged into the zone, assumed a role and need to run a GUI? An example use case here would be assuming the role of oracle and wanting to run something like the Oracle Database Configuration Assistant (DBCA). For the purposes of this entry, however, I'll stick to the simple Python GUI I used in my previous entry.[Read More]

Wednesday May 26, 2010

Running GUIs From A Zone

Zones in OpenSolaris are pretty svelte. If you've been given an OpenSolaris zone to work with you'll most likely need to add additional software to do much of anything. In this blog I'm going to look at running GUIs.[Read More]

Tuesday May 25, 2010

Roles

Of all the components of Solaris' Role Based Access Control (RBAC), roles are the easiest the implement. When I explain the concept of roles to people, they immediately get it.

OpenSolaris comes with a couple of roles pre-configured, most notably root. This has led to some frustration for newcomers to OpenSolaris as they don't understand why they can't log into their system as root.

But, as there is most likely no person in your organization named 'root', why do you wnat a user account on your system for a person that doesn't exist? Who is this root user and who's accountable for what they do on the system? Over time the password for the root user account always seems to proliferate. The principle of least privilege, another RBAC concept that I'm not addressing here, is meant to limit the need to hand out root access, but even in the absence of that, wouldn't it be nice to know who's doing what as root on your system?

[Read More]

Monday May 24, 2010

sendmail

Entire books are written on sendmail, the popular e-mail transport agent for Unix and Linux. My goal here is to simply outline some of the specifics of using it with regards to OpenSolaris.[Read More]

Wednesday May 12, 2010

Projects

Projects in OpenSolaris allow you to group processes together so that you can apply resource management (kernel settings, memory & CPU limits) to the group.[Read More]

Tuesday May 11, 2010

Locking Down Apache

I noticed my Apache web server had one process that ran as root, which then forked other processes as user webservd.  The reason for this is that apache wants access to port 80, which traditionally requires root privileges. To improve upon this all-or-nothing security model, Solaris 10 introduced the concept of fine-grained privileges, and in OpenSolaris there are now 75 of them.

What this means is that I can now give a process, which has traditionally run with root privileges, just the privileges it needs to get its job done - a concept known as least privilege. The trick, of course, is figuring out which privileges a process needs.

[Read More]

Friday Feb 12, 2010

Correctly Setting Up the Development Repository

OpenSolaris comes with a single repository configured, known as the release repository: http://pkg.opensolaris.org/release. The packages in the release repository are updated roughly every 6 months when a new release of OpenSolaris occurs, that last being OpenSolaris 2009.06 (June 2009).

Meanwhile, development toward the next release of OpenSolaris is happening at a rapid pace. For those of you unwilling to wait for next scheduled release, you have the option of upgrading to a development build of OpenSolaris, which is produced every 2 weeks (the development repository is updated roughly 10 days after the wod of stuff (WOS) build - see the WOS schedule).

Understandably, the development build will not have gone through the same quality assurance process as the release build, so be sure to read the release notes and expect some bumps along the way.

If you're going to update to a development build, it's important to note that as of build 127, you can no longer assign random names to the repositories (see bug 11532). The publisher name must match that which is set in the repository, and for the http://pkg.opensolaris.org/dev/ repository, the publisher name is opensolaris.org.

If you're on a build prior to 127, it's not uncommon to find yourself with a setup like the following:

bleonard@os200906:~$ pkg publisher
PUBLISHER                             TYPE     STATUS   URI
dev                      (preferred)  origin   online   http://pkg.opensolaris.org/dev/
opensolaris.org                       origin   online   http://pkg.opensolaris.org/release/
To fix this erroneous configuration, just correctly set opensolaris.org as the preferred publisher pointing to the development repository:
bleonard@os200906:~$ pfexec pkg set-publisher -PO http://pkg.opensolaris.org/dev/ opensolaris.org

Then remove the incorrectly named development publisher:

bleonard@os200906:~$ pfexec pkg unset-publisher dev

And now your development repository is correctly configured:

bleonard@os200906:~$ pkg publisher
PUBLISHER                             TYPE     STATUS   URI
opensolaris.org                       origin   online   http://pkg.opensolaris.org/dev/

Note, when build 133 comes out, you will no longer have to specify a publisher name when setting a publisher. The new syntax will be as follows:
pkg set-publisher -p http://pkg.opensolaris.org/dev

Wednesday Feb 10, 2010

Man Pages

The OpenSolaris reference manual (man) pages contain a wealth of information, including much more than just how to use a given command. Getting comfortable with using the man pages will pay dividends.[Read More]

Wednesday Feb 03, 2010

Have You Read the Release Notes?

I can't count how many times I've read in the various OpenSolaris forums "Read the release notes."

It's true, the OpenSolaris release notes are chock full of good information. However, where are these mysterious release notes?

The release notes are posted by David Comay to the osol-announce and indiana-discuss mailing lists. However, you have to filter through all the other traffic on those lists to find them.

I've thought about setting up a wiki pointing to them, but that's just one more thing I'd forget to maintain. Instead, here's a quick Google search that seems to do the trick. If you can think of a better way to customize it, please let me know.

About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
   
       
Today