发信人: wwwlh()
整理人: hlzhan(2002-05-05 11:48:39), 站内信件
|
sun Technical Training NOTE
drwxrxrx 2 root bin 512 Apr 3 10: 45 apache
-rwxrr 1 root sys 360 Apr 3 10: 45 asppp. cf
第一位-指正式的文件
c 指字符设备,每个磁盘的块大小为512个字节
b 指块设备,每个块设备的块的大小随着分区的大小变化,但是UFS文件系统的每个块是8k
Logical Disk Device Names
/dev/[ r] dsk/ c# t# d# s#
c#控制器号
t#通道号
d#驱动器号
s#分片号,见下面的描述
0-7 Partition or (slice number) Valid numbersare 0-7
Tag 0= UNASSIGNED 4= USR Describes the file system
1= BOOT 5= BACKUP mounted on this partition
2= ROOT 7= VAR
3= SWAP 8= HOME
/etc/path_ to_ inst记录着启动时每个设备的实例名,物理名
只在启动时读一下,并被内核管理。
prtconf
显示系统配置
系统文件的层次及含义
/ The root of the overall file system name space
/bin The directory location for standard system commands or binary files
/dev The primary location for logical device names
/devices The primary location for physical device names
/etc Host specific system administrative configuration files and databases
/export The default directory for commonly shared file systems
/home The default directory or mount point for users home directories
/kernel The directory of platform independent loadable kernel modules
required as part of the boot process
/opt The default directory or mount point for addon application packages
/platform The directory of platform dependent loadable kernel modules
/sbin Essential executables used in the booting process and in manual system
failure recovery
/tmp Temporary files; cleared during the boot sequence
/usr The directory for programs, scripts, and libraries used by all system users
/var The directory for varying files, which usually includes temporary, logging,
or status files
/mnt A convenient, temporary mount point for file systems
几种文件系统的含义及历史
UFS
" UNIX file system based on the BSD Fast File system is the default disk-based file
system for the Solaris operating environment.
?HSFS
" High Sierra, Rock Ridge, and ISO 9660 file system. Solaris HSFS is used on CD-ROMs,
and provide all UFS file system features and file types
?PCFS
" PC file system, which allows read/ write access to data and programs on DOS-formatted
disks written for DOS-based personalcomputers.
?UDF
" The UDF file system, the industry-standard format for storing information on the optical
media technology called DVD (Digital Versatile Disc or Digital Video Disc).
Network-Based File Systems
?Network-based file systems can be accessed over the network. NFS is
the only available network-based or distributed computing file system.
" Virtual File Systems
?Virtual file systems are memory-based file systems that provide access
to special kernel information and facilities.
" The Cache File System
?The Cache File System (CacheFS) can be used to improve performance
of remote file systems or slow devices such as CD-ROM drives. When a
file system is cached, the data read from the remote file system or CD-
ROM is stored in a cache on the local system.
" The Temporary File System
?The Temporary File System (TMPFS) uses local memory for file system
reads and writes, which is typically much faster than a UFS file system.
?TMPFS use the swap space on a disk.
The Process File System
?The Process File System (PROCFS) resides in memory. It contains a list
of active processes, by process number, in the /proc directory.
" The Loopback File System
?The Loopback File System (LOFS) lets you create a new virtual file
system, so you can access files by using an alternative path name.
磁盘基本概念
Lable( VTOC)
?Volume Table of Content, No. 1 disk sector( 512B)
" Boot block
?Stores the procedures used in booting the system
?The boot block is left blank if a file system not to be used for booting
?In the next 15 disk sectors
" Superblock
?Detailed information ablout the file system
?Size and status of file system
?Date and time of the last update
?Cylinder group size
?Number of date blocks in cylinder group
?Path name and last mount point
?In the next 16 disk sectors
Inode
?All information about a file except its name which is kept in a directory
?An inode is 128 byte
" Type of the file ( File/ Directory/ Block special/ Character special/ Symbolic link/ pipe/ Socket)
" The mode of the file( read-write-execute permissions)
读磁盘的 VTOC 信息
# prtvtoc /dev/ rdsk/ c1t3d0s2
PROM的概念
" PROM
?Each Sun system has a boot PROM chip. This 8KB chip is typically located
on the same board as the CPU
?The main functions of the boot PROM are to test the system hardware and
boot the operating system
" Number of hard link
" User ID and group ID
" Number of bytes of the file
" An array of 15 data block address
" The date and time of the file
" Data block
?The rest of the space allocated to the file system
?By default, 8-KB block size, 1- KB fragment size
NVRAM的概念
?The NVRAM is 8KB of nonvolatile random access memory. This is a
pluggable chip that is often located on the main system board
?The NVRAM stores the Ethernet address, host ID, and the TOD clock. A
single lithium battery within the NVRAM module provides battery backup
for the NVRAM and clock
?The NVRAM module also contains the EEPROM for the parameters that
have been changed or customized from the boot PROMdefault parameters
settings
?The user-interface commands and device aliases are stored in the NVRAM
sun 机器的启动过程
Prom--->Run Post--->Prom Load bootblk--->Bootblk Load ufsBoot--->ufsboot loads 32/ 64bit kernel
--->Kernel initializes Load modules start init process --->start run rc scripts
32 bit kernel
/platform/ ’uname m’/ kernel/ genunix
/platform/ ’uname m’/ kernel/ unix
64 bit kernel
/platform/ ’uname m’/ kernel/ sparcv9/ genunix
/platform/ ’uname m’/ kernel/ sparcv9/ unix
Module directories
/kernel
/usr/ kernel
/platform/ ’uname m’/ kernel
/platform/ ’uname i’/ kernel
sun 的运行级别
Level 0 Powerdown state
Level S or s Singleuser state 单用户状态,挂上所有的文件系统
Level 1 Administrative state 管理员状态
Level 2 Multiuser state 多用户状态,运行大部分服务,不运行NFS服务
Level 3 Multiuser state with NFS resources shared 多用户状态,运行全部服务。
Level 4 Alternative multiuser state 通常不支持
Level 5 Powerdown state
Level 6 Reboot state
看当前的运行级别
who -r
The /etc/inittab 记录了启动的级别
内容格式
id: rstate: action: process
s3: 3: wait:/ sbin/ rc3 >/ dev/ msglog 2<> /dev/ msglog </ dev/ console
| |
|___________|__ Run levels to which this entry applies
|
|______运行脚本
启动运行脚本:
所有的运行脚本在/sbin下的rc0, rc1, rc2, rc3, rc5, rc6, rc等目录下,每个脚本目录针对不同的运行级别
下面以S开头的脚本,是启动系统进程,以K开头的脚本是kill系统进程
控制台脚本
/etc/init.d
关闭服务
/etc/init.d/filename stop
重新启动服务
/etc/init.d/filename start
看那个服务被启动
pgrep f service
加入运行控制脚本
# cp filename /etc/init. d
# chmod 0744 /etc/init. d/filename
# chown root: sys /etc/init.d/filename
# cd /etc/init.d
# ln filename /etc/rc2.d/Snnfilename
# ln filename /etc/ rcn.d/Knnfilename
Disable a Run Control Script
# cd/etc/rcn.d
# mv filename _filename
SOLARIS 安装
控制台
缺省的控制台是显示器+键盘鼠标,如果不接键盘使用串口A为控制台输出,连线标准
Serial port A, ttya, RS232 DB25 Serial cable( pin 2-3,3-2,7-7)
必须的光盘:
Solaris 8 Installation CD
Solaris8 Sofware 1 of 2 CD
Solaris 8 Sofware 2 of 2 CD
Language CD
几种安装方式
Solaris Web Start 3.0 Installation
用安装光盘启动,安装MiniRoot和交换区到本地硬盘
启动 MiniRoot 用web方式安装
Solaris Interactive GUI Installation
用Software 1 CD光盘启动 MiniRoot
执行一步步的安装
Solaris Installation Over the Network
Solaris JumpStart Installation
通过安装服务器网络引导Boot MiniRoot 不需要本地的光驱
建立Jumpstart server, Solaris installation server
Boot server, MniRoot boot, TFTP, /tftpboot, /etc/ hosts, /etc/ ethers
Media server, NFS server, share /export/ home/ s8ins, /etc/ dfs/ dfstab
TFTP 必须在相同子网 , Jumpstart 不支持路由
建立INSTALL SERVERS
步骤:
1、用cpio拷贝 Software1& 2, LANG CDs 到本地硬盘
2、展开3CDs 到临时目录 /export/ home/ cdrom1, cdrom2, cdrom3
3、拷贝 Jumpstart packages to /export/home/s8ins
./Tools 下执行
setup_install_server
增加install server
add_ install_ server
增加install client
add_ install_ client
删除install client
rm_ install_ client
在OK状态下执行 boot net
磁盘分配
" /root
?/etc, /dev, /bin, /sbin, /lib, /include, 最小128MB
?/tmp, 256MB, 2倍内存容量.
/var
存放log, sadm, patche, core dump, 最小128MB,留出足够的增长容量
/usr
/usr/openwin, 最大1GB,不会增长
/opt?最小128MB, 根据第三方软件来决定大小,留足够的空间
/export/home?512MB, 用户HOME目录,根据用户多少来定,通常该目录缺省是很大的。
每个文件系统至少留20-30%空间,以保证良好的性能。
定制系统
电源管理 配置 /etc/power.conf
系统参数 配置 /etc/system
允许root telnet 编辑/etc/default/login
注释#CONSOLE=/ dev/...
允许 root ftp 编辑 /etc/ftpusers
允许 UFS 登陆, 编辑 /etc/vfstab
安装日志放在 /var/sadm/contents
安装推荐的patch /var/sadm/patche
管理帐号和用户组
User name
?Password
?User home directory
?Userlogin shell
?User initialization files
相应的文件
/etc/passwd
Authorized system users have login account entries in the /etc/ passwd
/etc/shadow
All passwords are encrypted and maintained in a separate shadow file
named /etc/shadow
/etc/group
The /etc/group file defines the default system group accounts
更改变控制台
#CONSOLE=/dev/console
推荐使用admintool来管理用户/用户组
相关命令行
Useradd - Adds a new user account
usermod -Modifies a users account
userdel -Deletes a users account
groupadd - Adds a new group account
Groupmod -Modifies a group account
groupdel -Deletes a group account
缺省的用户特性文件
是在用户目录的 .profile .login
如果该文件不存在则使用下面两个文件
/etc/profile
/etc/.login
各种SHELL 使用的配置文件:
Shells System初始化文件 user初始化文件 执行程序
Bourne /etc/profile $HOME/.profile /bin/sh
Korn /etc/profile $HOME/.profile /bin/ksh
$HOME/.kshrc
C /etc/.login $HOME/.cshrc /bin/csh
Z /etc/zshenv $HOME/.zshenv /bin/zsh
/etc/zprofile $HOME/.zprofile
/etc/zshrc $HOME/.zlogin
/etc/zlogin
BASH /etc/profile $HOME/.bash_profile /bin/bash
$HOME/.profile
$HOME/.bash_login
TC /etc/csh.cshrc $HOME/.cshrc /bin/tcsh
/etc/csh.login $HOME/.login
Feature
Bourne C Korn
Known as the standard shell in UNIX Yes No No
Compatible syntax with Bourne shell - No Yes
Job control Yes Yes Yes
History list No Yes Yes
Commandline editing No Yes Yes
Aliases No Yes Yes
Protection from overwriting No Yes Yes
Setting to ignore Controld No Yes Yes
Enhanced cd No Yes Yes
Initialization file separate from .profile No Yes Yes
Logout file No Yes No
失败的登陆日志在 /var/adm/loginlog
缺省该文件不存在,有该文件才能记录日志
#touch /var/adm/loginlog
用户信息管理
pwconv 获取/etc/shadow 里用户信息
当前用户的信息放在
/var/adm/utmpx里
可用who来获得
历史用户信息放在
/var/adm/wtmpx里
用last来获得该信息
finger获得用户的信息
类似who,但是提供更详细的信息
rusers
如果远端的主机rusersd精灵进程 rpc.rusersd 可以提供远端主机用户的信息,基于安全的目的,建议关掉
rusersd进程和finger功能
用户掩码:
umask
定义用户文件的缺省权限
显示用户组的信息
groups
改变所有者
chown
改变所属者
chgrp
改变文件属性
chmod
如果文件权限里有s字样表明该文件通常只能由root用户来执行,这样的文件属性由4xxx来生成
chmod 4555 executable_ file
建立、管理访问控制列表
getfacl filename(s) Display ACL entries on a file( s).
setfacl -m acl_entries Creates or modifies ACL entries on files
setfacl -s acl_entries Removes old ACL entries on a file( s) and
replaces with new ACL entries.
setfacl -d acl_entries Deletes one or more ACL entries on a files
setfacl -f acl_ file Specify an ACL configuration file
containing list of permissions to be set on
with this command only.other files. acl_ file is used an argument
setfacl -r Recalculates permissions for the ACL mask.
基本安全配置文件
/etc/hosts.equiv
$HOME/.rhosts
/etc/ftpusers
定义远端的用户访问本机用户目录的权限
/etc/hosts.equiv
$HOME/.rhosts
禁止ftp本机的用户
/etc/ftpusers
本机可以使用的sh
/etc/shells
缺省是不存在的,需要手工建立
touch /etc/shells
软件管理:
命令行:
pkgadd Installs a software package
pkgrm Removes a software package
pkgchk Checks the installation of a software package
pkginfo Lists software package information
也可以使用ADMINTOOL
pkgparam Displays software package parameter values
|
|