UNIX Administration Table of Contents UNIX Administration—A Comprehensive Sourcebook for Effective Systems and Network Management Preface Section I: UNIX Administration .6 Chapter List Chapter 1: UNIX — Introductory Notes 1.1 UNIX Operating System 1.2 User's View of UNIX 1.3 The History of UNIX .10 1.3.1 Berkeley Standard Distribution — BSD UNIX .10 1.3.2 System V or ATT UNIX 11 1.4 UNIX System and Network Administration 15 1.4.1 System Administrator's Job 16 1.4.2 Computing Policies .19 1.4.3 Administration Guidelines .22 1.4.4 In This Book 28 Chapter 2: The Unix Model — Selected Topics 30 2.1 Introduction 30 2.2 Files .30 2.2.1 File Ownership 31 2.2.2 File Protection/File Access 34 2.2.3 Access Control Lists (ACLs) 41 2.2.4 File Types 45 2.3 Devices and Special Device Files 49 2.3.1 Special File Names .50 2.3.2 Special File Creation .50 2.4 Processes 53 2.4.1 Process Parameters 53 2.4.2 Process Life Cycles .55 2.4.3 Process Handling 57 Chapter 3: UNIX Administration Starters 65 3.1 Superuser and Users .65 3.1.1 Becoming a Superuser 65 3.1.2 Communicating with Other Users 65 3.1.3 The su Command 66 3.2 UNIX Online Documentation 67 3.2.1 The man Command 67 3.2.2 The whatis Database 71 3.3 System Information 72 3.3.1 System Status Information 72 3.3.2 Hardware Information 74 3.4 Personal Documentation 78 3.5 Shell Script Programming 79 3.5.1 UNIX User Shell 80 i Table of Contents Chapter 3: UNIX Administration Starters 3.5.2 UNIX Shell Scripts 80 Chapter 4: System Startup and Shutdown 87 4.1 Introductory Notes 87 4.2 System Startup 88 4.2.1 The Bootstrap Program 88 4.2.2 The Kernel Execution 89 4.2.3 The Overall System Initialization 90 4.2.4 System States .91 4.2.5 The Outlook of a Startup Procedure .92 4.2.6 Initialization Scripts .95 4.3 BSD Initialization 95 4.3.1 The BSD rc Scripts 95 4.3.2 BSD Initialization Sequence 96 4.4 System V Initialization 98 4.4.1 The Configuration File /etc/inittab 98 4.4.2 System V rc Initialization Scripts 101 4.4.3 BSD−Like Initialization 105 4.5 Shutdown Procedures 106 4.5.1 The BSD shutdown Command 107 4.5.2 The System V shutdown Command 108 4.5.3 An Example 108 Chapter 5: UNIX Filesystem Management 109 5.1 Introduction to the UNIX Filesystem 109 5.2 UNIX Filesystem Directory Organization .110 5.2.1 BSD Filesystem Directory Organization 110 5.2.2 System V Filesystem Directory Organization 112 5.3 Mounting and Dismounting Filesystems 114 5.3.1 Mounting a Filesystem 114 5.3.2 Dismounting a Filesystem 118 5.3.3 Automatic Filesystem Mounting 119 5.3.4 Removable Media Management 120 5.4 Filesystem Configuration .120 5.4.1 BSD Filesystem Configuration File .121 5.4.2 System V Filesystem Configuration File .122 5.4.3 AIX Filesystem Configuration File .125 5.4.4 The Filesystem Status File 127 5.5 A Few Other Filesystem Issues 128 5.5.1 Filesystem Types 128 5.5.2 Swap Space — Paging and Swapping .130 5.5.3 Loopback Virtual Filesystem .132 5.6 Managing Filesystem Usage 133 5.6.1 Display Filesystem Statistics: The df Command 133 5.6.2 Report on Disk Usage: The du Command 135 5.6.3 Report on Disk Usage by Users: The quot Command 138 5.6.4 Checking Filesystems: The fsck Command 138 ii Table of Contents Chapter 6: UNIX Filesystem Layout 141 6.1 Introduction 141 6.2 Physical Filesystem Layout 142 6.2.1 Disk Partitions .142 6.2.2 Filesystem Structures 144 6.2.3 Filesystem Creation 147 6.2.4 File Identification and Allocation 148 6.2.5 Filesystem Performance Issues 152 6.3 Logical Filesystem Layout 154 6.3.1 Logical Volume Manager — AIX Flavor 154 6.3.2 Logical Volume Manager — HP−UX Flavor 158 6.3.3 Logical Volume Manager — Solaris Flavor 160 6.3.4 Redundant Array of Inexpensive Disks (RAID) 163 6.3.5 Snapshot .163 6.3.6 Virtual UNIX Filesystem 166 6.4 Disk Space Upgrade 167 Chapter 7: User Account Management 169 7.1 Users and Groups 169 7.1.1 Creation of User Accounts 169 7.1.2 User Database — File /etc/passwd .170 7.1.3 Group Database — File /etc/group .172 7.1.4 Creating User Home Directories 172 7.1.5 UNIX Login Initialization 173 7.2 Maintenance of User Accounts 177 7.2.1 Restricted User Accounts 178 7.2.2 Users and Secondary Groups .178 7.2.3 Assigning User Passwords 179 7.2.4 Standard UNIX Users and Groups 179 7.2.5 Removing User Accounts 180 7.3 Disk Quotas 181 7.3.1 Managing Disk Usage by Users 181 7.4 Accounting 183 7.4.1 BSD Accounting 184 7.4.2 System V Accounting 185 7.4.3 AIX−Flavored Accounting 188 Chapter 8: UNIX System Security 189 8.1 UNIX Lines of Defense 189 8.1.1 Physical Security 189 8.1.2 Passwords 190 8.1.3 File Permissions 190 8.1.4 Encryption 191 8.1.5 Backups 191 8.2 Password Issues 192 8.2.1 Password Encryption 192 8.2.2 Choosing a Password 193 8.2.3 Setting Password Restrictions 194 8.2.4 A Shadowed Password .195 8.3 Secure Console and Terminals 198 iii Table of Contents Chapter 8: UNIX System Security 8.3.1 Traditional BSD Approach 199 8.3.2 The Wheel Group 199 8.3.3 Secure Terminals — Other Approaches .199 8.4 Monitoring and Detecting Security Problems .201 8.4.1 Important Files for System Security 201 8.4.2 Monitoring System Activities .203 8.4.3 Monitoring Login Attempts 203 Chapter 9: UNIX Logging Subsystem 205 9.1 The Concept of System Logging 205 9.1.1 The syslogd Daemon 206 9.2 System Logging Configuration .207 9.2.1 The Configuration File /etc/syslog.conf .207 9.2.2 Linux Logging Enhancements .211 9.2.3 The logger Command 212 9.2.4 Testing System Logging 212 9.3 Accounting Log Files 214 9.3.1 The last Command 215 9.3.2 Limiting the Growth of Log Files 215 Chapter 10: UNIX Printing 218 10.1 UNIX Printing Subsystem 218 10.1.1 BSD Printing Subsystem 219 10.1.2 System V Printing Subsystem 222 10.2 Printing Subsystem Configuration 226 10.2.1 BSD Printer Configuration and the Printer Capability Database .226 10.2.2 System V Printer Configuration and the Printer Capability Database .234 10.2.3 AIX Printing Facilities 236 10.3 Adding New Printers 239 10.3.1 Adding a New Local Printer .239 10.3.2 Adding a New Remote Printer 242 10.4 UNIX Cross−Platform Printer Spooling 245 10.4.1 BSD and AIX Cross−Printing 245 10.4.2 Solaris and BSD Cross−Printing .246 10.4.3 Third−Party Printer Spooling Systems 248 Chapter 11: Terminals 250 11.1 Terminal Characteristics 250 11.1.1 BSD Terminal Subsystem 250 11.1.2 System V Terminal Subsystem 257 11.1.3 Terminal−Related Special Device Files 264 11.1.4 Configuration Data Summary 264 11.2 The tset, tput, and stty Commands 264 11.2.1 The tset Command 265 11.2.2 The tput Command 266 11.2.3 The stty Command 267 11.3 Pseudo Terminals 268 11.4 Terminal Servers 270 iv Table of Contents Chapter 12: UNIX Backup and Restore 272 12.1 Introduction 272 12.1.1 Media 273 12.2 Tape−Related Commands 274 12.2.1 The tar Command .274 12.2.2 The cpio Command 276 12.2.3 The dd Command .277 12.2.4 The mt Command .278 12.2.5 Magnetic Tape Devices and Special Device Files 279 12.3 Backing Up a UNIX Filesystem 280 12.3.1 Planning a Backup Schedule 280 12.4 Backup and Dump Commands 282 12.4.1 The SVR3 and SVR4 backup Commands 282 12.4.2 The fbackup Command .284 12.4.3 The dump/ufsdump Command 285 12.4.4 A Few Examples .288 12.5 Restoring Files from a Backup 291 12.5.1 The restore Commands 292 12.5.2 The frecover Command 295 12.5.3 Restoring Multiple Filesystems Archived on a Single Tape 297 12.6 Tape Control 298 Chapter 13: Time−Related UNIX Facilities 301 13.1 Network Time Distribution 301 13.1.1 The NTP Daemon .301 13.1.2 The NTP Configuration File .302 13.2 Periodic Program Execution 307 13.2.1 The UNIX cron Daemon 307 13.2.2 The crontab Files 309 13.2.3 The crontab Command .311 13.2.4 Linux Approach 312 13.3 Programs Scheduled for a Specific Time 314 13.3.1 The UNIX at Utility .315 13.4 Batch Processing .317 13.4.1 The UNIX batch Utility .317 Section II: Network Administration 319 Chapter List 319 319 Chapter 14: Network Fundamentals 320 14.1 UNIX and Networking 320 14.2 Computer Networks 320 14.2.1 Local Area Network (LAN) 321 14.2.2 Wide Area Network (WAN) .324 14.3 A TCP/IP Overview 326 14.3.1 TCP/IP and the Internet 326 14.3.2 ISO OSI Reference Model 327 14.3.3 TCP/IP Protocol Architecture 329 14.4 TCP/IP Layers and Protocols .331 v Table of Contents Chapter 14: Network Fundamentals 14.4.1 Network Access Layer 331 14.4.2 Internet Layer and IP Protocol 332 14.4.3 Transport Layer and TCP and UDP Protocols 333 14.4.4 Application Layer .335 Chapter 15: TCP/IP Network .338 15.1 Data Delivery .338 15.1.1 IP Address Classes 338 15.1.2 Internet Routing 341 15.1.3 Multiplexing .345 15.2 Address Resolution (ARP) 350 15.2.1 The arp Command 351 15.3 Remote Procedure Call (RPC) 352 15.3.1 The portmapper Daemon 354 15.3.2 The /etc/rpc File 354 15.4 Configuring the Network Interface .355 15.4.1 The ifconfig Command 356 15.4.2 The netstat Command .357 15.5 Super Internet Server 360 15.5.1 The inetd Daemon .360 15.5.2 Further Improvements and Development 362 Chapter 16: Domain Name System 367 16.1 Naming Concepts 367 16.1.1 Host Names and Addresses .367 16.1.2 Domain Name Service (DNS) 368 16.1.3 Host Database Files 371 16.2 UNIX Name Service — BIND .375 16.2.1 BIND Configuration 376 16.2.2 Resolvers 377 16.2.3 Name Servers 380 16.3 Configuring named .382 16.3.1 BIND Version 4.X.X 383 16.3.2 BIND Version 8.X.X 389 16.4 Using nslookup 397 16.4.1 The nslookup Interactive Mode 398 16.4.2 A Few Examples of nslookup Usage 400 Chapter 17: Network Information Service (NIS) 402 17.1 Purpose and Concepts 402 17.2 NIS Paradigm .404 17.2.1 yp Processes .404 17.2.2 To Create an NIS Server 406 17.2.3 To Create an NIS Client 409 17.2.4 NIS Domain Name 409 17.2.5 Databases/NIS Maps 410 17.3 NIS Management .413 17.3.1 yp Commands 413 17.3.2 Updating NIS Maps 415 vi Table of Contents Chapter 17: Network Information Service (NIS) 17.3.3 Troubleshooting 418 17.3.4 Security Issues 420 17.3.5 A Few NIS Stories .421 17.4 NIS vs DNS .423 17.4.1 The /etc/nsswitch.conf File 423 17.4.2 Once upon a Time .425 Chapter 18: Network File System (NFS) 426 18.1 NFS Overview 426 18.1.1 NFS Daemons 426 18.2 Exporting and Mounting Remote Filesystems 427 18.2.1 Exporting a Filesystem 427 18.2.2 Mounting Remote Filesystems 432 18.3 Automounter 434 18.3.1 The Automount Maps 435 18.4 NFS — Security Issues 439 Chapter 19: UNIX Remote Commands .440 19.1 UNIX r Commands .440 19.1.1 The rlogin Command 441 19.1.2 The rcp Command 441 19.1.3 The remsh (rsh) Command .442 19.2 Securing the UNIX r Commands 443 19.2.1 The /etc/hosts.equiv File 444 19.2.2 The $HOME/.rhosts File 444 19.2.3 Using UNIX r−Commands — An Example 445 19.3 Secure Shell (SSH) 446 19.3.1 SSH Concept 447 19.3.2 SSH Configuration 449 19.3.3 SSH Installation and User Access Setup 452 19.3.4 SSH — Version 455 Chapter 20: Electronic Mail 458 20.1 E−mail Fundamentals 458 20.1.1 Simple Mail Transport Protocol (SMTP) 461 20.1.2 The MTA Program sendmail .464 20.2 Sendmail Configuration 470 20.2.1 The sendmail.cf File 470 20.2.2 Rulesets and Rewrite Rules 478 20.2.3 Creating the sendmail.cf File .484 20.3 The Parsing of E−mail Addresses 486 20.3.1 Rewriting an E−mail Address 486 20.3.2 Pattern Matching .486 20.3.3 Address Transformation 488 20.4 Testing sendmail Configuration 489 20.4.1 Testing Rewrite Rules .489 20.4.2 The sendmail −bt Command .490 20.4.3 The Debugging Level 491 20.4.4 Checking the Mail Queue 491 vii Table of Contents Chapter 20: Electronic Mail 20.5 Mail User Agents 492 20.5.1 The Mail Program and mailrc File 492 20.5.2 POP and IMAP 494 Chapter 21: UNIX Network Support 500 21.1 Common UNIX Network Applications 500 21.1.1 Telnet 500 21.1.2 FTP 502 21.1.3 Finger 507 21.2 Host Connectivity .509 21.2.1 The ping Command 509 21.2.2 The traceroute Command 511 Section III: Supplemental UNIX Topics 513 Chapter List 513 513 Chapter 22: X Window System 514 22.1 An Introduction to the X Window System 514 22.1.1 The Design of X11 514 22.1.2 The X Administration Philosophy 517 22.1.3 Window Managers 518 22.2 The X Display Managers 520 22.2.1 xdm/dtlogin Concepts 521 22.2.2 xdm Configuration Files 524 22.2.3 CDE Configuration Files 531 22.2.4 Vendor−Specific X Flavors — a Configuration Example 539 22.3 Access Control and Security of X11 540 22.3.1 XDMCP Queries 540 22.3.2 The Xaccess File .541 22.3.3 Other Access Control Mechanisms 544 22.4 The User X Environment 547 22.4.1 Components of the xdm−Based User X Environment 547 22.4.2 Components of the CDE User X Environment 549 22.4.3 Window Manager Customizations .554 22.4.4 The Shell Environment 557 22.5 Miscellaneous 563 22.5.1 Other Startup Methods 563 22.5.2 A Permanent X11 Installation 564 22.5.3 A Few X−Related Commands 565 Chapter 23: Kernel Reconfiguration 567 23.1 Introduction to Kernel Reconfiguration .567 23.2 Kernel Configuration Database 567 23.3 BSD−Like Kernel Configuration Approach 568 23.3.1 Basic Configuration Entries .569 23.3.2 The BSD−Like Kernel Configuration Procedure .572 23.3.3 The config Command 574 23.4 Other Flavored Kernel Reconfigurations 575 viii Table of Contents Chapter 23: Kernel Reconfiguration 23.4.1 HP−UX 10.x Kernel Configuration 575 23.4.2 Solaris 2.x Kernel Configuration 577 23.4.3 Linux Kernel Configuration 583 Chapter 24: Modems and UUCP 590 24.1 Introduction to Modems .590 24.1.1 UNIX and Modems 591 24.2 UNIX Modem Control 592 24.2.1 Terminal Lines and Modem Control 592 24.2.2 Modem−Related UNIX Commands 593 24.3 Third−Party Communication Software .595 24.3.1 C−Kermit 595 24.4 Introduction to UUCP 601 24.4.1 How Does UUCP Work? 602 24.4.2 UUCP Versions 602 24.4.3 UUCP Chat−Transfer Session 603 24.5 UUCP Commands, Daemons, and Related Issues 604 24.5.1 The Major UUCP Commands 604 24.5.2 The UUCP Daemons 607 24.5.3 The UUCP Spool Directories and Files .609 24.6 Configuring a UUCP Link 611 24.6.1 Serial Line−Related Issues .612 24.6.2 UUCP Configuration Files 613 24.7 UUCP Access and Security Consideration 616 24.7.1 Additional Security in BNU UUCP .617 24.7.2 Additional Security in Version UUCP .619 Chapter 25: Intranet .621 25.1 Introduction to Intranet .621 25.1.1 Intranet vs Internet 622 25.1.2 Intranet Design Approach 623 25.2 Intranet Front−End Services 625 25.2.1 Firewalls 625 25.2.2 Viruswalls 631 25.2.3 Proxy Servers 636 25.2.4 Web Services 639 25.2.5 Other External Services 644 25.3 Inside the Intranet 646 25.3.1 Network Infrastructure and Desktops 646 25.3.2 Internal Services .647 25.3.3 Virtual Private Network (VPN) 650 25.3.4 UNIX and Not−UNIX Platform Integration 653 Section IV: Case Studies .656 Chapter List 656 656 ix $ > metadetach −f d10 d11 d10: Submirror d11 is detached $ > metadetach −f d20 d21 d20: Submirror d21 is detached $ > metadetach −f d30 d31 d30: Submirror d31 is detached Keep in mind that concats/submirrors d11, d21, and d31 belong to the "broken" disk — prime root disk (c0t3d0); otherwise should be d12, d22, and d32 Reboot the system, type: reboot The system should boot into multiuser mode with a single disk; everything appears to be correct Log in as root To check the status: metastat The concats/submirrors from the broken disk (in this case d11, d21, and d31) need maintenance Reinstall the disk Power−off the system $> poweroff or $> halt ok power−off Return (reinstall) the disk and power−on the system Recreate database replicas Log in as root Check the current status — should be three replicas: metadb Add three more replicas for the returned disk: metadb −a −c c0t3dos7 Check again — should be six replicas: metadb Check the status of metadevices: metastat Reboot the system: reboot −− disk1 Remirror disks 700 Check the status of db replicas: metadb Mirror (reattach) concats/submirrors: $ > metattach d10 d11 d10: Submirror d11 is attached $ > metattach d20 d21 d20: Submirror d21 is attached $ > metattach d30 d31 d30: Submirror d31 is attached Check for completion of mirroring (recycling) To check the status of mirroring (recycling) type: metastat Reboot the system when recycling is complete: reboot Disk Replacement — If the mirrored disk is broken, this disk must be replaced (this is the most probable case), and the new empty disk must be prepared for mirroring Supposing three partitions with root filesystem "/", swap, and additional filesystem /altboot, the procedure to replace and remirror the disk is: Partition the disk c0t3d0 to match the boot disk c0t1d0 Use format utility Type: format Select the boot disk: c0t1d0 Type: partition ("p" is sufficient) Type: print ("p" is sufficient) to see current root partitioning Type: quit ("q" is sufficient) Type: disk to select the new disk "c0t3d0" Type: partition Create all partitions as on the root disk Type: label to save a new partitioning table into the disk Ready to label disk, continue? y Create "state database replicas" in a new disk (pay attention to identify the partition/slice "s7"): metadb −a −c c0t3d0s7 Three additional db replicas will be created in a dedicated slice "s7" of the new disk To check created db replicas: metadb Reboot the system — type: reboot Mirror root filesystem Create the concat/submirror d11: $> metainit −f d11 1 c0t3d0s0 d11: Concat/Stripe is setup Attach concat/submirror "d11" to the mirror d10: 701 $> metattach d10 d11 d10: Submirror d11 is attached Mirroring itself will take awhile! Mirror swap Create the concat/submirror d21: $> metainit −f d21 1 c0t3d0s1 d21: Concat/Stripe is setup Attach concat/submirror d21 to the mirror d20: $> metattach d20 d21 d20: Submirror d21 is attached Mirroring itself will take awhile! Mirror /altboot Create the concat/submirror d31: $> metainit −f d31 1 c0t3d0s3 d31: Concat/Stripe is setup Attach concat/submirror "d31" to the mirror d30: $> metattach d30 d31 d30: Submirror d31 is attached Mirroring itself will take awhile! Check for completion of mirroring (recycling) To check the status of mirroring (recycling) type: metastat Reboot the system when recycling is complete: reboot 28.3.3 HP−UX Support Disk Usage HP−UX allows system startup from the support CD disk, which can be very convenient for some emergency situations Insert CD "HP−UX Support Disk" into CD drive Power−on the system At main menu prompt enter: Main Menu: Enter command or menu > boot 56/52.2.0 (an example for CD HW path) Respond to the question: Interact with IPL (Y or N)? > y booting At ISL prompt enter: 702 ISL > 800 Suppor The system continues booting from the Support CD disk (although some messages refer to Support Tape) Boot :disk (56/52.2.0:0); ERECOVERY Welcome to the HP−UX recovery process! [ Run a Recovery Shell ] [ Cancel and Reboot ] [ Help ] Select and enter: Run a Recovery Shell Respond to the question: Would you like to startup networking at this time? [n] n (or just Enter) Following messages are displayed: HP−UX SUPPORT MEDIA WARNING: YOU ARE SUPERUSER !! Note Commands residing in the RAM−based file system are unsupported 'mini' commands These commands are only intended for recovery purposes Loading commands needed for recovery! Warning If ANYTHING is changed on a root (/) that is mirrored a "maintenance mode" (HPUX −lm) boot MUST be done in order to force the mirrored disk to be updated At the end, the support main menu is displayed: SUPPORT MEDIA MAIN MENU s Search for a file b Reboot l Load a file r Recover an unbootable HP−UX system x Exit to shell c Instructions on chrooting to lvm /(root) Enter "c" to see "chroot" instuctions: Exit to the shell and run 'chroot_lvmdisk ' Follow these instructions; enter "x" Support# chroot_lvmdisk Enter the hardware path associated with the '/' (ROOT) file system (example: 56/52.6.0) Enter "56/52.6.0" or "56/52.5.0", depending on selected boot disk The selected root FS is checked Mounting c2t6d0s1lvm to the Support Tape's /ROOT directory Finally the system root FS is mounted onto "/ROOT" 10 To remount the system's root filesystem, and start Bourne shell, enter: cd /ROOT; chroot /ROOT /sbin/sh 703 The system's root filesystem is mounted onto "/" (the "/stand" filesystem is also mounted) Other filesystems could be mounted manually, as well as any UNIX command executed (including a filesystem check) from the command line 11 To return to Support shell, enter exit 12 To return to SUPPORT MEDIA MAIN MENU, enter exit 13 To reboot the system, in the SUPPORT MEDIA MAIN MENU, enter b Note System rebooting… … … Regular rebooting process continues… 28.3.4 HP−UX Procedure to Synchronize a Mirrored Logical Volume The data in a mirrored copy, or copies, of a logical volume could become "out of sync" or "stale" (for example as a result of disk power failure, or a replacement of a disk) In such cases, to reestablish identical data, synchronization must occur This procedure refers to HP9000 Series 700/800 computer systems Automatic Synchronization — When a nonactive volume group is activated, either automatically at boot time or later with the vgchange ommand, LVM automatically synchronizes the mirrored copies of all logical volumes within the volume group, replacing data in physical extents marked as "stale" with data from "nonstale" extents Otherwise, no automatic synchronization occurs and manual synchronization is necessary LVM also automatically synchronizes mirrored data in the following cases: • When a disk comes back online after experiencing a power failure • When a logical volume is extended by increasing the number of mirror copies; then the newly added physical extents will be synchronized Manual Synchronization Check the status of a logical volume, to see if it contains any stale data: lvdisplay −v /dev/vg02/lvol3 Identify which disk contains the stale physical extents To synchronize manually the data in one or more logical volumes (an example): lvsync /dev/vg02/lvol3 To synchronize manually the data in all logical volumes in one or more volume groups (an example): vgsync /dev/vg02 Disk Replacement Save the volume group configuration data (an example): vgcfgbackup /dev/vg02 704 By default the configuration data are saved in /etc/lvmconf/vg02.conf Remove the broken disk from the volume group by using (an example): vgreduce /dev/vg02 /dev/dsk/c1t3d0 Physically disconnect and replace the broken disk Restore saved LVM configuration data to the replaced disk (an example): vgchange −a n /dev/vg02 vgcfgrestore −n /dev/vg02 /dev/dsk/c1t3d0 The volume group must be first deactivated, and then configuration data restored from the default backed−up file /etc/vmconf/vg02.conf Reactivate the volume group (an example): vgchange −a y /dev/vg02 Manually synchronize all the extents in the volume group (an example): vgsync /dev/vg02 28.3.5 HP−UX Support Tape and Recovery of Root Disk HP−UX provides a powerful way for recovery of a corrupted or broken root disk A special procedure allows a transfer of the content of the root disk onto the tape, and a creation of the bootable support tape In the critical situations when the root disk is broken or corrupted, the system could be started from the support tape and its content now transferred back to the disk There is no need for OS reinstallation and later root recovery, a previously copied root disk is simply recreated This procedure is described in the following text Pay attention to the specified hardware paths for the root disk and the tape specific to this example The HP−UX specific Support Media Tool COPYUTIL is used The first part describes the procedure to create the support tape, while the second one describes disk recovery The support tape could be a good replacement for mirroring of the root disk Part One — How to Create a Support Tape — The COPYUTIL utility could be found on the SUPPORT CD The system must be booted from the SUPPORT CD to use the COPYUTIL Booting the system from the SUPPORT CD: Log in as root Reboot the system shutdown −r −y Follow messages on the console, until the system displays: To override, press any key within 10 seconds Hit any key! After the message: "Boot terminated," the main menu will be displayed: ♦ Insert SUPPORT CD into CD Drive 705 ♦ At the main menu prompt, type: Main Menu: Enter command or menu > boot 10/12/5.2.0 [hardware path for CD Drive] ♦ Follow messages and enter corresponding responses: Interact with IPL (Y or N)? > y Booting… ISL > ode ODE > ls ODE > copyutil to list available utilities Since COPYUTIL checked for available devices, a list of all devices found will be displayed Depending on the system hardware configuration, it could be done in two steps: first, the SCSI busses only, and then devices (upon the selection [all]) In this example: T D D T 11 10/12/5.0.0 10/0.6.0 10/0.5.0 10/4/16.3.0 HPC1533A/C1 530B tape drive (internal) SEAGATE ST15150W disk drive (root disk) SEAGATE ST15150W disk drive (another disk) HPC1533A/C 1530B tape drive (external) COPYUTIL > backup Enter the Disk index ([q]/?): root disk Enter the Tape index ([q]/?): internal tape drive or, you can use the external tape drive: index 11 Depending on the existing tape drive, an additional question could be displayed: Use data compression? (y/[n]? n not use compression * Please Load into Tape Drive, Tape Volume for Backup If you have to, you may safely remove the SUPPORT MEDIA now At this point, eject the SUPPORT CD from the CD drive Continue the procedure: Ready to continue ([y]/n/q/?): y Checking for the beginning of tape: DONE 10% completed 20% completed 30% completed 40% completed 50% completed 60% completed 70% completed 80% completed 90% completed 100% completed End of BACKUP Please wait while I rewind the tape Depending on the size of the disk tape capacity, a single tape might not be sufficient The system asks for another tape by repeating the menu It is easy to figure out when 100% is completed COPYUTIL > exit Replace the SUPPORT MEDIA now, if you removed it earlier 706 At this point, close the CD drive with the SUPPORT CD Exit to return ISL prompt ODE > exit ISL > Note The system was booted from the SUPPORT CD; at this point we can power−cycle (power off and on) the system, or continue with bringing the system into the recovery mode (recommended): ISL > 800SUPPORT Once the system reaches the recovery menu (it takes some time) select: [ Cancel and Reboot ] Note System rebooting The full test of the system is performed, so it takes awhile! The regular system startup continues Labeling the support tape The COPYUTIL tape/tapes of the root disk are ready They could be used for the recovery (restore) of the root disk, if necessary Label them as: "Hostname: COPYUTIL# of Root Disk." Part Two — How to Recover (Restore) the Root Disk from the "COPYUTIL Tape" The system recovery procedure is similar to the preparation of the support tape The differences are: Now the source media is a tape Now the destination media is a disk The COPYUTIL utility could be found only on the SUPPORT CD The system must be booted from the SUPPORT CD to use the COPYUTIL 10 Booting the system from the SUPPORT CD: Power−on (reset) the system Follow messages on the console, until the system displays: To override, press any key within 10 seconds Hit any key 707 After the message: "Boot terminated," the main menu will be displayed: Insert SUPPORT CD into CD Drive At the main menu prompt, type: Main Menu: Enter command or menu > boot 10/12/5.2.0 [hardware path for CD Drive] Follow messages and enter corresponding responses: Interact with IPL (Y or N)? > y Booting… ISL > ode ODE > ls to list available utilities ODE > copyutil Because COPYUTIL checked for available devices, a list of all found devices will be displayed This can be done in two steps, first, the SCSI busses only, and then the devices T D D T 11 10/12/5.0.0 10/0.6.0 10/0.5.0 HPC1533A/C1 530B tape drive (internal SEAGATE ST15150W disk drive (root disk) SEAGATE ST15150W disk drive (another disk) 10/4/16.3.0 HPC1533A/C1530B tape drive (external) 11 COPYUTIL > restore: Enter the Tape index ([q]/?): internal tape drive Enter the Disk index ([q]/?): root disk or, you can use the external tape drive: index 11 Depending on the existing tape drive, an additional question could be displayed: Use data compression? (y/[n]?) n not use compression * Please Load into Tape Drive, Tape Volume (or the Desired Tape) If you have to, you may safely remove the SUPPORT MEDIA now At this point, eject the SUPPORT CD from the CD drive 12 Continue procedure: Ready to continue ([y]/n/q/?): y Checking for the beginning of tape: DONE 10% completed 20% completed 30% completed 40% completed 50% completed 60% completed 70% completed 80% completed 90% completed 100% completed Restored Successful COPYUTIL> exit ♦ Replace the SUPPORT MEDIA now, if you removed it earlier 708 At this point, close the CD drive with the SUPPORT CD 13 Exit ODE > exit to return ISL prompt ISL > 800SUPPORT Note The system was booted from the SUPPORT CD; at this point it can be power−cycled (power off and on), or brought into the recovery mode in this way! Once the system reaches the Recovery Menu (it takes some time) select: [ Cancel and Reboot ] Note System rebooting The full test of the system is performed, so it takes awhile! 14 The regular system startup continues 709 List of Figures Chapter 1: UNIX — Introductory Notes Figure 1.1: The development of BSD UNIX Figure 1.2: The development of ATT UNIX Figure 1.3: UNIX genealogy Figure 1.4: UNIX flavors Chapter 2: The Unix Model — Selected Topics Figure 2.1: Hard and symbolic links Figure 2.2: UNIX process creation (fork and exec) Chapter 3: UNIX Administration Starters Figure 3.1: The user's shell layer Figure 3.2: Shell processing of the command line Chapter 4: System Startup and Shutdown Figure 4.1: An illustration of a multiple−user startup sequence Figure 4.2: An illustration of a single−user startup sequence Figure 4.3: The execution sequence of SunOS initialization scripts Figure 4.4: A graphical presentation of System V rebooting Chapter 5: UNIX Filesystem Management Figure 5.1: BSD filesystem directory organization Figure 5.2: System V filesystem directory organization Figure 5.3: Mounting filesystems Chapter 6: UNIX Filesystem Layout Figure 6.1: Simple BSD disk partitioning Figure 6.2: The filesystem layout Figure 6.3: The inode structure Figure 6.4: File layout on a disk Figure 6.5: Berkeley−style filesystem: Blocks and fragments Figure 6.6: AIX data storage organization Figure 6.7: Relationship between VxVM objects Figure 6.8: The snapshot filesystem structure Chapter 7: User Account Management Figure 7.1: System V accounting subsystem Chapter 10: UNIX Printing Figure 10.1: Functional diagram of a printing subsystem Figure 10.2: Linux graphical tool printtool 710 Chapter 11: Terminals Figure 11.1: BSD terminal line and terminal initialization *Note: The login procedure and password checking authentication are not presented Figure 11.2: System V terminal line and terminal initialization *Note: Login procedure and password checking authentication are not presented Figure 11.3: The pseudo terminal Chapter 12: UNIX Backup and Restore Figure 12.1: Tape control — regular (AT&T−style) tape device Figure 12.2: Tape control — Berkeley−style tape device Chapter 14: Network Fundamentals Figure 14.1: Bus topologies Figure 14.2: Wide area network Figure 14.3: The ISO OSI reference model Figure 14.4: Data communication between OSI layers Figure 14.5: The four−layer TCP/IP protocol architecture Figure 14.6: Data flow through the TCP/IP protocol stack Figure 14.7: Data structures in the TCP/IP protocol stack Figure 14.8: IP datagram format Figure 14.9: UDP message format Figure 14.10: TCP segment format Figure 14.11: Three−way handshake Figure 14.12: The hierarchy of TCP/IP protocols Chapter 15: TCP/IP Network Figure 15.1: IP address structure Figure 15.2: Protocol and port numbers Figure 15.3: Dynamically allocated port numbers Figure 15.4: Local and remote procedure calling Figure 15.5: The RPC client/server communication Chapter 16: Domain Name System Figure 16.1: The structure of the DNS space Figure 16.2: The domains Figure 16.3: NIC netinfo / hosts.txt records Figure 16.4: The sequence in the domain name resolution Chapter 17: Network Information Service (NIS) Figure 17.1: An NIS domain: NIS master, slaves, and clients Note: The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP) The functionality of the two remains the same; only the name has changed The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission Chapter 18: Network File System (NFS) 711 Figure 18.1: Exporting NFS Chapter 20: Electronic Mail Figure 20.1: The flow of e−mail through the system Figure 20.2: A simplified presentation of SMTP Figure 20.3: Sendmail vs mailers relations Figure 20.4: Sequence of rulesets Figure 20.5: Ruleset resolves a triple: {mailer, host, user} Figure 20.6: Rewriting an address Note: BITNET relay host $B is "cunyvm.cuny.edu" Chapter 22: X Window System Figure 22.1: An X server with multiple X clients Figure 22.2: The CDE terminal emulator dtterm supported by dtwm Figure 22.3: The X terminal emulator xterm supported by twm Figure 22.4: (a) The xdm execution flow chart; (b) The dtlogin execution flow chart Figure 22.5: The xdm configuration files Figure 22.6: The CDE configuration files Figure 22.7: Direct, indirect, and broadcast queries Figure 22.8: The chooser Figure 22.9: (a) Host−based access control; (b) User−based access control Chapter 23: Kernel Reconfiguration Figure 23.1: The GUI tool to configure the Linux kernel Chapter 25: Intranet Figure 25.1: Intranet Figure 25.2: Firewall Figure 25.3: Basic firewall operation Figure 25.4: Firewall IP layer Figure 25.5: Basic firewall types Figure 25.6: Firewall−viruswall configuration Figure 25.7: Caching proxy server Figure 25.8: SOCKS proxy protocol Figure 25.9: The Web services technology stack Figure 25.10: Virtual private network (VPN) 712 List of Tables Chapter 5: UNIX Filesystem Management Table 5.1: Filesystem Locations and Special Device Files Chapter 8: UNIX System Security Table 8.1: Important Files for the System Security 713 List of Sidebars Chapter 3: UNIX Administration Starters MAN(1) USER COMMANDS MAN(1) NAME 714 ... relational databases; using a database SQL language; and programming in a database query language; previous experience as a database administrator • Experience with hardware: installing and maintaining... several awards for excellence and achievement Preface Unix Administration: A Comprehensive Sourcebook for Effective Systems and Network Management attempts to make UNIX essential and network administrative... "out−of network" UNIX administration, which can also be called stand−alone UNIX administration Network Administration covers network related UNIX administration and contains eight chapters The