Enterprise Software

SolutionBase: Performing common administrative tasks in Solaris 10

If you're new to Solaris 10, figuring out what you need to do to get the OS to do anything can be a confusing task. In this article, Jonathan Sinclair shows you how to perform common administrative tasks in Solaris 10.

This article is also available as a TechRepublic download.

Author's note

This article assumes a reasonable familiarity with UNIX and some basic system administration abilities, such as understanding users and printers and how to manipulate file permissions. This article will use an x86 system for examples, but the commands used will work on a Sparc system as well.

Ready, set, go

Once the operating system is installed on your Solaris machine, there are some basic administrative tasks which need to be completed. These tasks differ greatly from machine to machine depending on the intended use of the machine. More common tasks include:

  • User & group administration
  • Printer administration
  • Sharing files and printers with Windows

User and group administration

One of the first tasks is to add the necessary interactive and non-interactive users and groups. Many pieces of software require a user on the system, even if no one logs in as that user. All of the interactive users on the system require a login. You could share logins, but that would be a security breach.

Many users and groups are already present on a newly-installed Solaris system. Look in the files

/etc/passwd

/etc/group

using more or vi. In the /etc/passwd file you will see a few users, such as:

  • root – the super-user
  • daemon – the user id associated with many background processes
  • UUCP – the Unix to Unix Copy administrative user
  • nobody – the anonymous id used for sharing system resources

In the /etc/group file you will see a few groups, such as:

  • root – the super user group
  • sys – the system administration group
  • staff – the default users group

There are others, and you should not attempt to modify /etc/passwd or /etc/group manually. If you do, you can accidentally cause your system to stop working. In addition, there are shadow files that are updated by the proper processes for editing these files. Remember, these files are part of the security files for your system. They need to be treated carefully.

Before beginning to add users and groups, have a list of the groups (and users that will belong to those groups) that are required to start up your system. As mentioned above, often a piece of software will require a user, and/or a group, in order to function. Users can be in more than one group, but also have a primary group. It's important to be sure users are in the proper groups for the work they are assigned. It's good to have the groups created before assigning users, so they can be assigned to the proper groups right away.

As usual with a UNIX system, there is more than one way to manipulate groups and users on a system. There is the command-line method and the graphical method. The command-line method involves four commands, all of which require you to be logged in as root.

/usr/sbin/groupadd

/usr/sbin/groupdel

/usr/sbin/useradd

/usr/sbin/userdel

For the graphical method, everything is contained in the Solaris Management Console (SMC). The SMC can be accessed by right-clicking on the desktop and choosing Tools/Solaris Management Console, or by using the command:

/usr/sbin/smc

For this example, assume we need the following groups:

  • dev
  • qa
  • sysadm

Assume we need the following users:

  • tim
  • susanna
  • sarah
  • josh

To add the groups using the command line, use the following syntax:

# groupadd dev

# groupaddqa

# groupaddsysadm

If you mistyped a group, you could remove it using the following syntax:

# groupdelsysadm

Each group has a group id, which can be assigned using the –g <integer> option on the command. It's also possible to have duplicate group ids using the –o option on the command.

Adding the users is slightly more complicated, but not much. You need to know a few details about the users: their name, or a comment; a home directory location; and the group or groups to which they should belong. We will assume all users are have home directories in the /users directory, and all users will use the korn shell. There are many more options on the command; for example, it's possible to use a skeleton directory to set up the user.

Assume tim belongs to ga, susanna belongs to sysadm and qa, sarah belongs to qa, dev and sysadm, and josh belongs to qa.

Use the following syntax to add the users:

# useradd –g qa –c "Tim Starks" –d /users/tim –m –s /bin/kshtim

# useradd –G sysadm,qa –c "Susanna Kravitz" –d /users/susanna –m –s /bin/kshsusanna

# useradd –G qa,dev,sysadm –c "Sarah Mickles" –d /users/sarah –m –s /bin/kshsarah

# useradd –g qa –c "Josh Peters" –d /users/josh –m –s /bin/ksh josh

The options used are as follows:

  • -g <group> – assigns a user to a single group
  • -G <group, group, …> – assigns a user to multiple groups
  • -c "TEXT" – a comment about the user, usually their name
  • -d <directory> – the user's home directory
  • -m – forces the creation of the user's home directory if it does not exist
  • -s <shell path> – assigns the users login shell as /bin/ksh

If you need to remove a user, the command is:

# userdel <username>

Groups and users using SMC

In order to use the SMC, start it by entering the /usr/sbin/smc command. Once the management console has opened, click next to "This Computer (machine1)" to see all the options. It's possible to have more than one Solaris machine in the console when they are in a network. Once "This Computer" is open, click next to "System Configuration" to open the options. Click on the first option "Users" in the list. A dialog box will ask for your username and password; use "root" and your root password, and press OK to continue.

The left panel will display a list of user options. The right panel will give the iconic versions of the same options.

In order to add the groups necessary, double click on the "Groups" icon. All of the available groups will displayed as small groups of people. Choose "Add Group" from the "Action" menu. You will be presented with the "Add Group" window. You can enter the new group name in the "Group Identification" box. Press OK to continue. Repeat the process for all the necessary groups.

Once you have added the groups, choose "User Accounts" from the list in the left panel. The panel at the right will display an icon for all the users on the system. Choose "Add User" from the "Action" menu. There is an option for "With Wizard" or "From Template". Choose the "With Wizard" option.

The "Add User Wizard" window will open and request the username, Full Name and description. The user name is required; the other information is optional. Once you have filled in the information you wish to use, click the "Next" button to continue.

Step 2 will allow you to choose a user ID number. You can leave the default given by the system unless you have a specific reason to change the user ID, such as a requirement by a vendor.

Step 3 is the user password information. In this step you can choose to leave the account locked, requiring administrative input later to open the account, or provide an initial password for the user.

Step 4 is to select the user's primary group. Choose the primary group from the drop down list.

Step 5 is to create the user's home directory. Normally there is an area for home directories on each machine. In addition Solaris provides an automatic service to mount home directories to be accessible from any machine in the network. The default location is /export/home/<username>. You need only choose the path; <username> will be appended for you.

Step 6 is the user mail server. It will default to the current machine. You can just accept the default.

Step 7 is a review of the information. Click "Back" to make changes, or "Finish" to create the user.

There are many other options for creating users. It's possible to create user templates which have default values for certain types of users. It's also possible to add multiple users with similar characteristics. These are handy options when you have large user communities on a single server.

Printer administration

One of the other common tasks for an administrator is to set up printers and print queues for local and network printers. A Solaris machine can be used as a print server, so there will often be print jobs on the machine.

As with user and group administration, it's possible to use both the command line and Solaris Print Manager (SPM) to perform the same tasks. You can have both locally-connected and network-connected printers. We will look at examples of configuring both types:

Local printer:

  • Printer device – lp1
  • Printer name – printer 1
  • Content or file type to print – postscript

Network printer:

  • Printer name – laserprinter
  • Print server name – printserver

To add a locally connected printer to your Solaris machine using the command line, execute the following commands:

# chownlp /dev/lp1

This grants ownership to the lp subsystem for the printer device

# chmod 600 /dev/lp1

This grants sole use to the lp subsystem for the printer device

# lpadmin –p printer1 –v /dev/lp1 –T PS –I postscript –D "Postscript Printer"

The options are as follows:

  • -p specifies the printer name in the lp subsystem
  • -v specifies the device on which the printer is connected
  • -T specifies the printer type, PS is for PostScript
  • -I specifies the file type the printer can accept directly, in this case postscript
  • -D specifies a user friendly description of the printer
  • # accept printer1 Sets printer1 to accept requests. By default, a printer is not accepting requests. This allows the administrator to control where print jobs are sent.
  • # enable printer1 Enables printer1 in the lp subsystem. By default, a printer is not enabled.

It may be necessary to add filters to the lp subsystem. These filters allow conversion of files that are not the proper native type for the printer to be printed. There is a filter table for the lp subsystem which contains all the active filters. Since we are assuming this is a new system, it would be best to enter all the filters delivered with the system into the table. The easiest way to add all the filters is to change directory to the filter directory:/etc/lp/fd.

Using the command

# lpfilter –f <filtername> -F <filterfile>

enter all of the filters found in the directory. For more information on the lpfilter command, see the man pages.

Filters are not strictly necessary, as printers are created to print certain file types. The filters are a safety buffer for users who may want to print other file types.

There only two changes necessary to add a network printer. They would be to remove the –v <device> options and replace it with the –s <system!printer> option. And to add –o protocol=option. Note the syntax for identifiying a printer on a remote machine is <systemname>!<printername>. The two most common protocols are bsd and tcp.

For example, if there is a printer called bigprinter on a system called printspooler which used the tcp protocol the lpadmin command would be:

# lpadmin –p printer1 –s printspooler!bigprinter -o protocol=tcp –T PS –I postscript –D "Big Printer on Printspooler"

Note that the –p option does not change; the printer can have any name you wish on the local system.

To add a printer using the SPM, start the print manager by right clicking the desktop and choosing "Tools/Print Administrator" or by running the command:

# /usr/sadm/admin/bin/printmgr &

When the print manager starts, you will be presented with a dialog box requesting "Naming Service." Take the default unless you know there is another more appropriate name service available. The name service is needed so the print subsystem knows how to find remote machines. Click "OK" to continue.

The SPM window will be open. There will be a list of all printers known to the system, if any exist. To add a local printer, choose "New Attached Printer" from the "Printer" menu. The "New Attached Printer" window will open.

Using the information from above, enter "printer1" in the "Printer Name" box. Enter "Postscript Printer" in the "Description" box, and choose "/dev/lp1" from the "Printer Port" drop down list.

Since you are using the GUI print manager you are required to choose "Printer Make" from the drop down list. This choice is the same is the –T option above, but more specific, so that a printer model can be assigned. Assume we are working with an HP LaserJet. Once you have completed the information, click "OK" to continue.

Adding a network printer is much the same using the GUI. Choose "New Network Printer" from the "Printer" menu. When the "New Network Printer" window opens you will notice the addition of "Protocol" and "Destination" to the window. You must choose a protocol as explained above, and you must specify the network name of the printer in Destination. Once you complete the information, click "OK" to continue.

There are many other options for adding and configuring printers, such as setting a default destination or creating more than one queue which serves a printer. This guide is intended to get you started on adding printers to your system.

Sharing files and printers with Windows systems

UNIX systems have come a long way in compatibility with Windows systems. You used to have to use SneakerNet to move files back and forth between a UNIX and Windows system. And, at that point, what files would you have wanted to move anyway?

Well, in today's world there are several options. You can always use FTP to move files back and forth, but most Windows users wouldn't want to go through that much trouble. You could use NFS to mount a UNIX disk to a Windows machine, but that would require extra software on the Windows side.

Now there's another good option: Samba, a set of applications that implement the Server Message Block (SMB) protocol native to Windows for file and print sharing. Samba allows the printers and file systems on a UNIX machine to look just like those on any Windows machine to a Windows user. They will appear in the Network Neighborhood of any user authorized to use them.

Solaris 10 comes with a bundled version of Samba when you install the operating system. Check for the latest version, with security fixes, on the Internet.

By default, Samba is not configured and not running on the system when installed. There are a few things that need to be done in order to make it all work. There are two necessary daemon processes and one optional process. The two processes which are needed are:

  • smbd – manipulates file/print sharing and authenticates clients
  • nmbd – maintains the NetBIOS and WINS routing

The optional process is SWAT, a web based configuration tool for creating Samba configuration files. It's optional because the configuration files can be created with a text editor.

The configuration file, commonly known as /etc/sfw/smb.conf, is installed by default on Solaris 10 and can be very complicated. It has a representation of every directory and printer to be shared on the system. It also has entries for users and security and for windows networking specific parameters.


This file is not the focus of this section of the article, but it deserves a short visit for explanation.

The file is much like a standard Windows INI file. It's divided into sections which are denoted by square bracket [NAME] divisions. Each section continues until the next section in square brackets. Like any INI file on Windows, the parameters within a section is of the type:

Name = value

A section name is the name of the shared resource. The exceptions are the three special sections to the file:

  • [GLOBALS] - The [GLOBALS] section has parameters like any other section, but applies to the server as a whole. It also defines the defaults for all others sections, unless they are over-ridden in a specific section.
  • [HOMES] - The [HOMES] section is provided so a user can have access to their home directory without the administrator having to create a share for every user. The username is looked up in the password file, and then the [HOMES] section is used to create the share.
  • [PRINTERS] - The [PRINTERS] section works the same way as [HOMES]. The local printer database is scanned a shared printer resource is created on the fly.

More information is available online in many newsgroups and Web sites on how to set up a smb.conf file.

There are two required services and one optional service to run Samba under Solaris 10. The simplest method is the following.

Edit your /etc/services file and add the following line:

swat 901/tcp # SAMBA configuration web page

Edit your /etc/inetd.conf and add the following lines:

# samba stuff

swat stream tcp nowait root /usr/swf/sbin/swat swat

netbios-ssnstream tcp nowait root /user/sfw/sbin/smbd smbd

netbios-ns dgramudp wait root /usr/sfw/sbin/nmbd nmbd

The SWAT entries allow you to run a web-based configuration tool to create and modify the smb.conf configuration file. It's a great tool, and even includes a wizard to get you started.

The other two entries in /etc/inetd.conf are to run the Samba daemons on your system. They are required; the SWAT entries are not.

Once you have edited the files, convert to the new SMB services. Run the following command to update all the necessary files:

# inetconv

Then run the following command to see that the services are running:

# inetadm

You should see the smbd and the SWAT daemons running.

At this point Samba is running on your system. Using a web browser, go to:

http://localhost:901

This will open the SWAT configuration tool, and give you access to the wizard and all the samba documentation to set up your shares and printers.

Editor's Picks

Free Newsletters, In your Inbox