To access the contents, click the chapter and section titles.

Solaris Advanced System Administrator's Guide, Second Edition - Buy it now!
(Imprint: Macmillan Technical Publishing)
(Publisher: Macmillan Computer Publishing)
Author: Janice Winsor
ISBN: 1578700396


INTRODUCTION
ACKNOWLEDGMENTS

PART 1—Mail Services
CHAPTER 1—Understanding Mail Services
Mail Services Terminology
Systems in a Mail Configuration
Relay Host
Gateway
Mailhost
Mail Client
User Agent
Mail Transport Agent
Mailers
Domains
Mail Addressing
Route-Based Addressing
Route-Independent Addressing
Mailbox
Aliases
Uses for Alias Files
Syntax of Aliases
Components of Mail Services
The Mail Services Programs
The sendmail Program
The sendmail Configuration File (sendmail.cf)
The sendmail Configuration Table
.forward Files
An Overview of the Mail Service
The Anatomy of the Mail Service
How the Mail Service Works
How sendmail Works
Argument Processing and Address Parsing
Message Collection
Message Delivery
Queuing for Retransmission
Return to Sender
How Mail Addressing Works
CHAPTER 2—Planning Mail Services
Local Mail Only
Local Mail and a uucp Connection
One Domain, Two Networks, and a Router
Two Domains and a Gateway
CHAPTER 3—Setting Up and Administering Mail Services
Preparing to Set Up Mail Services
Setting Up Mail Services
Setting Up a Mail Server
Setting Up a Mail Client
Setting Up a Mailhost
Setting Up a Relay Host
Setting Up a Gateway
Creating Mail Aliases
Setting Up NIS Alias Files
Setting Up Local Mail Alias Files
Setting Up DNS Alias Files
Setting Up the Postmaster Alias
Testing Your Mail Configuration
Administering Your Mail Configuration
Duties of Postmaster
The Mail Queue
Printing the Mail Queue
Format of Queue Files
Forcing the Queue
Running the Old Mail Queue
The System Log
Troubleshooting Your Mail Configuration
Checking Aliases
Testing sendmail
Verifying Connections to Other Systems
Other Diagnostic Information
CHAPTER 4—Customizing sendmail Configuration Files
Overview of sendmail Functions
Interfaces to the Outside World
Argument Vector/Exit Status
SMTP over Pipes
SMTP over a TCP Connection
How the sendmail Program Works
Argument Processing and Address Parsing
Message Collection
Message Delivery
Retransmission Queuing
Return to Sender
Message-Header Editing
Configuration File
How sendmail Is Implemented
Mail to Files and Programs
Message Collection
Message Delivery
Queued Messages
Configuration Overview
Macros
Header Declarations
Mailer Declarations
Name-Rewriting Rules
Option Setting
Introducing Arguments to sendmail
Queue Interval
Daemon Mode
An Alternative Configuration File
Tuning Configuration Parameters
Time Values
Queue Interval
Read Timeouts
Message Timeouts
Delivery Mode
Load Limiting
Log Level
File Modes
setuid
Temporary File Modes
Aliases Database Permissions
The Configuration File
Parts of the sendmail Configuration File
A Sample sendmail Configuration File
Configuration File Syntax
D and L (Define Macro)
C, F, and G (Define Classes)
O (Set Option)
P (Precedence Definitions)
T (Define Trusted Users)
H (Define Header)
Special Header Lines
S and R (Rewriting Rules)
M (Define Mailer)
Address Rewriting Rules
Special Macros, Conditionals
Special Classes
The Left Side
Right-Side Address Rewriting Rules
Semantics of Rewriting Rulesets
The error Mailer
Semantics of Mailer Descriptions
Building a New Configuration File
Domains and Policies
How to Proceed
Testing the Rewriting Rules--the -bt Flag
Command-Line Arguments
Configuration Options
Mailer Flags

PART 2—NIS+
CHAPTER 5—Introducing the NIS+ Environment
Comparison of NIS and NIS+
The NIS+ Namespace
Components of the NIS+ Namespace
Directory Objects
Domain Name Syntax
Table Objects
NIS+ Security
NIS+ Authentication
Access Rights
The NIS+ Updating Model
NIS and NIS+ Compatibility
The Name Service Switch
NIS+ Administration
AdminSuite
NIS+ Commands
Table Information Display
CHAPTER 6—Setting Up NIS+ Clients
Security Considerations
Prerequisites
Steps for Setting Up NIS+ Client Credentials
Steps for Setting Up an NIS+ Client
Verification of the Setup
Verify That the Cache Manager Is Running
Check the Contents of the /var/nis Directory
Verify That the NIS+ Commands Succeed

PART 3—Automounter Services
CHAPTER 7—Understanding the Automounter
NFS Terminology
Server and Client Systems
Mount Points
The Virtual File System Table
Mount and Unmount
The Mount Table (/etc/mnttab)
NIS+ Terminology
Automount Terminology
Automounter
Automount Maps
The Master Map
Indirect and Direct Maps
Automount Maps and Mount Points
The Default Automount Maps
The Master Map
The Home Directory Map
Indirect Maps
Direct Maps
Syntax and Shortcuts for Map Entries
Specifying Multiple Servers
Specifying Multiple Servers with the Same Path
Specifying Weighting Factors for Each Server
Using Map Variables
How the Automounter Works
How to Plan for Automounting
Recommended Automounting Policies
Prerequisites for Using the Automounter
Servers and the Automounter
Clients and the Automounter
NIS+ Maps
CHAPTER 8—Setting Up the Automounter
Setting Up Automount Server Systems
Setting Up Automount Client Systems
Displaying Information about NIS+ Automount Maps
Displaying the Format of NIS+ Automount Maps
Displaying the Contents of NIS+ Automount Maps
Setting Up NIS+ Automount Maps
Setting Up the auto_home Map
Setting Up Indirect Maps
Setting Up a Direct Map
Setting Up the Master Map
Administering NIS+ Automount Maps
Modifying NIS+ Automount Maps
Deleting Entries from NIS+ Automount Maps

PART 4—Service Access Facility
CHAPTER 9—Understanding the Service Access Facility
Benefits of the SAF
The SAF Daemons
The SAF Commands
SAF Architecture
The init Process
Service Access Controller
Port Monitors
The ttymon Port Monitor
The listen Port Monitor
Service Invocations
Port Monitor States
Operational States
Transitional States
Inactive States
The Line Control Model
The /etc/ttydefs File
The terminfo Database
The tput Utility
The stty Command
UUCP Files
The /etc/uucp/Dialers File
The /etc/uucp/Devices File
SAF Log Files
Reference to SAF Commands, Tasks, and Options
Quick Reference to SAF Variables
Quick Reference to Service Access Control (sacadm)
Quick Reference to Port Monitor Administration (pmadm)
Admintool: Serial Ports and SAF
Templates
Starting Admintool: Serial Ports
CHAPTER 10—Setting Up Modems and Character Terminals
Tools for Setting Up Modems and Character Terminals
Using Variables in SAF Commands
The Port Monitor Tag (pmtag)
The Service Tag (svctag )
The Device Path (dev-path)
The Baud Rate and Line Discipline (ttylabel)
Type of Modem
Comments
Setting Up Modems
Hardware Carrier Detect Setting
Modem Connection and Switch Settings
Hayes-compatible Modem Settings
Variables Used to Set Up Modems
SAF Configuration for Modems
Dial-Out Modem Service Configuration
Modem Connection Troubleshooting
Using Admintool: Serial Ports to Configure Modems
Setting Up the SAF for Character Terminals
Terminal Connection
SAF Configuration for Character Terminals
Terminal Connection Troubleshooting
Using Admintool: Serial Ports to Add a Character Terminal
Initializing Ports Without Configuring
Removing Port Services
CHAPTER 11—Setting Up Printing Services
What's New in Printing
Redesign of Print Packages
Print Protocol Adaptor
SunSoft Print Client
Enhanced Network Printer Support
Print Administration Tools in the Solaris 2.6 Environment
Choosing a Method to Manage Printers
System Requirements for a Print Server
Printer Configuration Information
Printer Device Name
Printer Name
Printer Port
Printer Type
File Content Type
Print Filters
Universal Address for the Print Server
Printer Description (Optional)
Default Printer (Optional)
Local PostScript Printer Setup
Print Server Setup
Adding the listen Service
Creating the listen Services
Specifying the Print Client Systems
Print Client Setup
Using the SunSoft Print Client
Printer Configuration Resources
Submitting Print Requests
Summary of the SunSoft Print Client Process
Setting Up a Print Client by Using Admintool
Setting Up a Local Printer by Using Admintool
Printing Problems
No Output (Nothing Prints)
Check the Hardware
Check the Network
Check the LP Print Service
How to Check and Start the Scheduler
How to Enable Printers and Accept Print Requests
How to Check the Port Connection
How to Check Printer Configurations
How to Check for Printer Faults on the Print Server
How to Check Printing from a Solaris 2.x Client to a Solaris 2.x Print Server
How to Check Printing from a Solaris 2.x Client to a SunOS 4.x Print Server
Incorrect Output
Check the Printer Type
Check the stty Settings
Check the Baud Settings
Check the Parity Setting
Check the Tab Settings
Check the Return Setting
Hung LP Print Service Commands
Idle (Hung) Printers
Check the Print Filters
Check Printer Faults
Check Network Problems
Check for Jobs Backed Up in the Local Client Queue
Check for Jobs Backed Up in the Remote Server Queue
Conflicting Status Messages

PART 5—Application Software
CHAPTER 12—Installing and Managing Application Software
Overview of Installing and Managing Application Software
Using Package Commands
Using Admintool
Using Installation Scripts
User Access to Applications
Automating Your Application Environment
Benefits of a Standardized Application Server Setup
Benefits of a Standardized User Environment
Using Wrapper Technology
Wrappers and Dot Files
Additional Wrapper Advantages
Wrapper Overhead and Costs
Introduction of Wrappers into an Existing Environment
Designing an Application Server
Server Configuration
User Capacity
Compatible Services
Disk Allocation
File System Configuration
File System Sharing
Installing and Configuring Packages
Changes to the Default Package Version
Developing Wrappers
Interpreter Choice
Wrapper Directory and Naming
Command Name Evaluation
Environment Variables
Platform Evaluation
Command Path Construction
Exec/Argument Passing
A Basic Wrapper
Using a Common Command Directory
Setting User Configurations
Mount Points
Mounts
Path
Migration Considerations
Understanding Distribution Issues
Licensing
CD-ROM Mounts
Using a Local CD-ROM Drive (Solaris 2.2 and Later System Software)
Using a Local CD-ROM Drive (Solaris 2.0 or 2.1 System Software)
Accessing Files from a Remote CD-ROM
How to Share CD Files from a Remote CD-ROM Drive
How to Access Shared CD-ROM Files
How to Unmount Shared CD-ROM Files
CHAPTER 13—Package Commands
Package Command-Line Utilities
Setting Up Package Configuration Files
Setting Up the Installation Base Directory
Installing a Package with an Alternative Admin File
Adding Packages
Checking the Installation of a Package
Listing Packages
Removing Packages
Package System Log File
CHAPTER 14—Admintool: Software Manager
Starting Admintool
Installing Software
Accessing Files from a Local CD-ROM Drive
Customizing Installation
Beginning Installation
Removing Software
CHAPTER 15—Installing and Managing System Software Patches
Patch Distribution
Requirements to Access Sun Patches
Accessing Patches from the Web
Accessing Patches by ftp
Patch Numbering
Installing a Patch
Removing Patches

PART 6—Introduction to Shell Programming
CHAPTER 16—Writing Shell—Scripts
Basic Concepts
Introducing Bourne, Korn, and C Shells
Bourne Shell
Korn Shell
C Shell
Understanding How Shells Process Commands
Naming Shell Scripts
Identifying the Shell
Making Scripts Executable
Storing Shell Scripts
Writing Shell Scripts: The Process
Variables
Shell Variables
Displaying Variables from a Command Line
Setting and Displaying Shell Variables
Unsetting Shell Variables
Stripping Filenames
Korn Shell Path Stripping
C Shell Path Stripping
Built-In Shell Variables
Environment Variables
Input and Output
Standard In, Standard Out, and Standard Error
Command-Line Input
Shifting Command-Line Arguments
Interactive Input
Here Documents
Generating Output
The Echo and Print Commands
Quoting
Command Substitution
Testing for Conditions
if-then-else-elif
if-else-else if-endif
Nested if Constructs
Multi-Branching
Controlling the Flow
Using for/foreach Loops
Using while Loops
Using Until Loops
Breaking Loops
Exit Status
Mathematical Operations
User-Defined Functions
Debugging Shell Scripts
Using Debugging Flags
Understanding Shell Parsing Order
CHAPTER 17—Reference Tables and Example Scripts
Reference Tables
Environment Files
First Line of Script
Korn Shell Path Operators
C Shell Path Modifiers
Variables Initialized by Shell
Shell Built-In Commands
Bourne and Korn Shell Redirection
C Shell Redirection Metacharacters
C Shell $argv Notation
Quoting
Metacharacter Shell Syntax
Variable Shell Syntax
I/O Redirection and Piping
Printing to the Screen
Reading from the Keyboard
Math and Calculations
Command Substitution
Tilde Expansion
Alias Syntax
History Syntax
Function Syntax
Programming Statement Syntax
Test and C Shell Built-In Test
Bourne Shell Mathematical Operators
C Shell Mathematical Operators
Example Scripts
Anonymous ftp Script
arch.sh.fctn Function
array.sh.fctn Function
hostname.sh.fctn Function
osr.sh.fctn Function
whoami.sh.fctn Function

PART 7—System Security
CHAPTER 18—Understanding System Security
New Security Features in the Solaris 2.6 Release
Pluggable Authentication Module (PAM)
Executable Stacks and Security
Disabling Programs from Using Executable Stacks
Disabling Executable Stack Message Logging
Overview of System Security
Maintaining Physical Site Security
Maintaining Login and Access Control
Restricting Access to Data in Files
Maintaining Network Control
Monitoring System Use
Setting the Correct Path
Monitoring setuid Programs
Installing a Firewall
Reporting Security Problems
File Security
User Classes
File Permissions
Directory Permissions
Octal Values for Permissions
Default umask
File Types
File Administration Commands
Displaying File Information
Changing File Ownership
Changing Group Ownership of a File
Changing File Permissions
Special File Permissions (setuid, setgid, and Sticky Bit)
setuid Permission
setgid Permission
Sticky Bit
Searching for Files with Special Permissions
Access Control Lists (ACLs)
ACL Commands
ACL Permissions for Files
ACL Permissions for Directories
Determining If a File Has an ACL
Setting ACL File Permissions
Setting Permissions for a File from a Command Line
Using an ACL Configuration File to Set Permissions
Adding and Modifying ACL Permissions
Deleting an ACL Entry
Copying ACL File Permissions
Network Security
Firewall Systems
Authentication and Authorization
Monitoring Login Security Information
Displaying a User's Login Status
Temporarily Disabling User Logins
Saving Failed Login Attempts
Sharing Files
Restricting Superuser (root) Access
Controlling and Monitoring Superuser Access
Restricting Superuser Logins to the Console
Monitoring Who Is Using the su Command
Using Privileged Ports
Automated Security Enhancement Tool (ASET)
CHAPTER 19—Using Authentication Services
DES Encryption
Diffie-Hellman Authentication
How Diffie-Hellman Authentication Works
Generating the Public and Secret Keys
Running the keylogin Command
Generating the Conversion Key
First Contact with the Server
Decrypting the Conversation Key
Storing Information on the Server
Verifier Returned to the Client
Client Authenticates the Server
Additional Transactions
Administering Diffie-Hellman Authentication
Secure RPC Commands
Restarting the Keyserver
Setting Up NIS+ Credentials for Diffie-Hellman Authentication
Setting Up NIS Credentials for Diffie-Hellman Authentication
Sharing and Mounting Files with Diffie-Hellman Authentication
Kerberos Version 4
How Kerberos Authentication Works with NFS
Administering Kerberos Version 4 Authentication
Acquiring a Kerberos Ticket for Superuser on a Client
Sharing and Mounting Files with Kerberos Authentication
Logging In to Kerberos Service
Listing Kerberos Tickets
Accessing a Directory with Kerberos Authentication
Destroying a Kerberos Ticket
The Pluggable Authentication Module (PAM) Framework
PAM Module Types
Stacking Feature
Password-Mapping Feature
How PAM Works
PAM Library and Modules
PAM Configuration File
Valid Service Names
Control Flags
The required Flag
The requisite Flag
The optional Flag
The sufficient Flag
Planning for PAM
Configuring PAM
Preventing Unauthorized Access from Remote Systems with PAM
Initiating PAM Error Reporting
Adding a PAM Module
CHAPTER 20—Using Automated Security Enhancement Tool (ASET)
ASET Tasks
ASET Master Files
ASET Security Levels
How ASET Tasks Work
System Files Permissions Verification
System Files Checks
User/Group Checks
System Configuration Files Check
Environment Check
eeprom Check
Firewall Setup
ASET Execution Log
ASET Reports
Format of Report Files
Examining and Comparing Report Files
ASET Master Files
Tune Files
The uid_aliases File
The Checklist Files
ASET Environment File (asetenv)
ASET Shell Environment Variables
PERIODIC_SCHEDULE Variable
TASKS Variable
UID_ALIASES Variable
YPCHECK Variable
CKLISTPATH_level Variable
Running ASET
Running ASET Interactively
Running ASET Periodically
Stopping Running ASET Periodically
Collecting Reports on a Server
Restoring System Files Modified by ASET
ASET Error Messages
BIBLIOGRAPHY
APPENDIX A
APPENDIX B
GLOSSARY
INDEX