Tuesday, 8 March 2022

Creating Persistent (Static) Routes for solaris

 

Creating Persistent (Static) Routes

You use the route command to manually manipulate the network routing tables. To make the changes persistent across reboots, use the –p option. Because the /etc/defaultrouter file is deprecated in Oracle Solaris 11, you can no longer manage routes (default or otherwise) by using this file. Using the route command is the only way that you can manually make routes persistent across system reboots.

Note -  The route command manipulates routes for the active profile only. The default route, as well as all other routes, potentially might be replaced if the active profile changes. However, this is not a concern if you always use the same profile on your system.

When adding routes persistently care should be taken to make sure that routes that you add do not already exist in the persistent configuration. If these routes already exist in the persistent configuration, the network routing tables could change without updating the persistent route. An example would be a situation where the system's default route is mapped to the system's primary interface (which is frequently the case after an Oracle Solaris installation). If you subsequently change the system's primary interface to another interface, then the system's default route should also be updated persistently. A best practice is to delete the persistent route configuration prior to adding the new route. For more information, see Troubleshooting Issues When Adding a Persistent Route in Troubleshooting Network Administration Issues in Oracle Solaris 11.2 .

    Note the following additional information about creating and displaying persistent routes:

  • Use the route command with the –p option to persistently add a route:

    # route -p add default ip-address

    For routes that are created by using this method, use the route –p show command to display all of the persistent static routes:

    # route -p show

  • Display the currently active routes on a system by using the netstat command with the following options:

    # netstat -rn

    See the netstat (1M) and route (1M) man pages.

For more information, see the netstat (1M) and route (1M) man pages.

For information about creating and displaying default routes when using the reactive mode, see Chapter 5, About Administering Profile-Based Network Configuration in Oracle Solaris.

How to Add a Static Route to the Routing Table

  1. View the current state of the routing table by using your regular user account. 
    % netstat -rn

    The output would be similar to the following:

    Routing Table: IPv4
  Destination          Gateway            Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- ---------
192.168.5.125        192.168.5.10         U     1     5879       net0
224.0.0.0            198.168.5.10         U     1     0          net0
default              192.168.5.10         UG    1     91908
127.0.0.1            127.0.0.1            UH    1     811302     lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      2       0 lo0
  2. Become an administrator.
  3. (Optional) Flush the existing entries in the routing table. 
    # route flush
  4. Add a persistent route. 
    # route -p add -net network-address -gateway gateway-address
    –p

    Creates a route that persists across system reboots. If you want the route to persist only for the current session, do not use the –p option.

    –net network-address

    Specifies that the route goes to the network with the address that is specified in network-address.

    –gateway gateway-address

    Indicates that the gateway system for the specified route has the IP address gateway-address.

Example 3-7  Adding a Static Route to the Routing Table

The following example shows how to add a static route to a router (Router 2). The static route is needed for the AS's border router, 10.0.5.150. See Figure 3–1 for an illustration of this particular setup.

You would view the routing table on Router 2 as follows:

# netstat -rn
Routing Table: IPv4
Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
default              172.20.1.10          UG        1    249 ce0
224.0.0.0            172.20.1.10          U         1      0 ce0
10.0.5.0             10.0.5.20            U         1     78 bge0
127.0.0.1            127.0.0.1            UH        1     57 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      2       0 lo0

The routing table indicates that there are two routes that Router 2 knows about. The default route uses Router 2's 172.20.1.10 interface as its gateway. The second route, 10.0.5.0, was discovered by the in.routed daemon that is running on Router 2. The gateway for this route is Router 1 and it has the IP address 10.0.5.20.

You would add a second route to network 10.0.5.0, which has its gateway as the border router, as follows:

# route -p add -net 10.0.5.0/24 -gateway 10.0.5.150
add net 10.0.5.0: gateway 10.0.5.150

The routing table now has a route for the border router, which has the IP address 10.0.5.150.

# netstat -rn
Routing Table: IPv4
Destination           Gateway           Flags  Ref   Use   Interface
-------------------- -------------------- ----- ----- ------ ---------
default              172.20.1.10          UG        1    249 ce0
224.0.0.0            172.20.1.10          U         1      0 ce0
10.0.5.0             10.0.5.20            U         1     78 bge0
10.0.5.0             10.0.5.150           U         1    375 bge0
127.0.0.1            127.0.0.1            UH        1     57 lo0

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      2       0 lo0
Posted by at No comments:
Labels:

Tuesday, 1 March 2022

Host Name change

1. To list the current hostname (i.e. config/nodename property) :

# svccfg -s system/identity:node listprop config
config                       application
config/enable_mapping       boolean     true
config/ignore_dhcp_hostname boolean     false
config/loopback             astring
config/nodename             astring     geeklab

2. Change the hostname to geekserver by setting the property config/nodename to geekserver

# svccfg -s system/identity:node setprop config/nodename="geekserver"

3. Refresh and restart the system/identity:node service for the changes to take effect.

# svcadm refresh system/identity:node
# svcadm restart system/identity:node

4. Verify the changes

# svccfg -s system/identity:node listprop config
config                       application
config/enable_mapping       boolean     true
config/ignore_dhcp_hostname boolean     false
config/nodename             astring     geekserver
config/loopback             astring     geekserver
# hostname
geekserver
Check  hostname 
# cat /etc/hosts
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# Internet host table
#
::1             localhost
127.0.0.1       localhost    loghost
192.168.1.20    geekserver 
Posted by at No comments:

Wednesday, 15 December 2021

User permissions in NFS mounted directory

User permissions in NFS mounted directory nfs I have oracle linux 6.7, a NFS server in Windows, and I am trying to mount a shared folder in Linux. The Windows NFS server has a shared mount : 192.168.1.10:/OracleBK In my oracle linux server, I created a folder , /orabackup and the oracle user from oinstall group is the owner of this folder : mkdir /orabackup chown -R oracle:oinstall /orabackup chmod -R 777 /orabackup mount -t nfs -o rw 192.168.1.10:/OracleBK /orabackup The /etc/fstab corresponding line is 192.168.1.10:/OracleBK /orabackup nfs defaults 0 0 The command for mounting the folder used is : mount /orabackup Now , the "orabackup" folder is mounted . However the oracle user cannot read and write, and needs read and write permissions to this directory. The root user can read and write. What should be done to give full permissions to the oracle user ? Best Answer NFS checks access permissions against user ids (UIDs). The UID of the user on your local machine needs to match the UID of the owner of the files you are trying to access on the server. I would suggest to go to the server and look at the file permissions. Which UID (find out with id username) do they belong to and which permissions are set? And if you are the only one accessing the files on the server, you can make the server pretend that all request come from the proper UID. For that, NFS has the option all_squash. It tells the server to map all request to the anonymous user, specified by anonuid,anongid. Add these options: all_squash,anonuid=1026,anongid=100 to the export in /etc/exports. Be warned though, that this will make anyone mounting the export effectively the owner of those files. Related Question Default directory permissions over NFS Linux – Permission denied when trying to access mounted windows NFS How to specify owner and permissions for an NFS mount
Posted by at No comments:
Labels:

Saturday, 30 October 2021

Backup user create for solaris 11.4

pcred $$ tail -l /etc/passwd tail -l /etc/security/auth_attr ppriv -l basic ppriv $$ useradd -m -K defaultpriv=basic,file_dac_read backup grep backup /etc/user_attr tail -l /etc/shadow ppriv $$ passwd backup _______________ +++++++++++++++++++ _______________ Discribe User IDs The simple command id(/usr/bin/id) can be used to display the current users User ID and Group ID. It is these IDs that are used when accessing resources and help control access. For the current user we can see that the User ID is 100 and Group ID 100. Each running process also maintains the IDs that the process is running as. This will show 3 User IDs and 3 Group Ids Real: The actual ID used to start the process Effective: Shows if it was run with sudo or similar. Set: Shows if the Set UID bit or Set GID bit is set on the program which controls the accounts used when the process runs. This is set by default on programs such as /usr/bin/passwd. The variable $$ contains the name of the currently running process so if we use the command: pcred $$ We can display the credential used for the current process which will be the BASH shell in our case: When as standard user run the passwd program it will run as the user root. The SUID permission is set on this program. We can demonstrate this by running the passwd program and leaving it running. From another terminal we can search for the process and display the credentials: sudo pcred $(pgrep passwd) Here we can see the REAL UID is 100 but the EFFECTIVE and SET UID is 0 for the root user. Creating a User A user with root privileges can create new local users to the system using the command useradd(/usr/sbin/useradd). Not all options need to be provided with the command; default values can be displayed with: useradd -D We can see from the above output that the default user shell will be bash and the users’ home directory will be located in /export/home is not specified at the time the user is created. To create a new user we can use the command useradd -m bob The -m option creates the user’s home directory immediately rather than on first log in. User accounts are stored in the file /etc/passwd. The new user will be the last entry in the file so we can use the command: tail -1 /etc/passwd to display the entry. Output from the command: id bob Will show the group and user ids. Using the command: finger bob We can display user information including last login times. Setting the Users password We have created the user bob; as yet he does not have a password. User passwords are stored in the file /etc/shadow. tail -1 /etc/shadow Here we can see the user bob. The password is the 2nd field shown as UP in the output. This is the password status and can be seen also with the command : passwd -s bob UP indicates that the password is as yet unset by the administrator and the account cannot be used. The initial setting of the users password is known as activating the account. To activate the password the root user or a user with the privileges to set the password: solaris.passwd.assign solaris.account.activate We can then simply set the password for the user with: passwd bob We will need to enter the password twice to verify our typing expertise. The passwd status should now show as PS indicating that the password is set. passwd -s bob We now have a functioning account for the user bob. Assigning roles to users If the new user bob needs to carry out administrative duties we will find that he cannot use the substitute user command to gain root permissions, even if he does know the password. If we add the user bob to the root role he then will be able to use su. usermod -R root bob We can display the roles associated with a user using the roles command roles bob
Posted by at No comments:

Sunday, 29 August 2021

MTU for LINUX

Show MTU running ---------------- # ip a | grep mtu Temporarily changing the MTU Size – Using ifconfig command We can use the ifconfig command to change the MTU size of a system’s network interface. However, remember that this change does survive a reboot and returns to the default value i.e. 1500. Setup MTU ----------------- ifconfig mtu up Oracle Linux: How to Change MTU Size (Doc ID 2520148.1) To BottomTo Bottom Solution Check the current MTU settings You can use both ifconfig and ip command to check it: # ifconfig eth0 eth0 Link encap:Ethernet HWaddr 02:00:17:00:XX:XX inet addr: Bcast:XXX.XXX.XXX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:2786436 errors:0 dropped:0 overruns:0 frame:0 TX packets:3744195 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:789337509 (752.7 MiB) TX bytes:654466831 (624.1 MiB) [root@j-ol6-8324 opc]# ip link list 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 9000 qdisc mq state UP qlen 1000 link/ether 02:00:17:00:XX:XX brd ff:ff:ff:ff:ff:ff Change the MTU size by ifconfig or ip commands # ifconfig $DEV mtu 1400 or # ip link set $DEV mtu 1400 For instance: # ifconfig eth0 mtu 1500 Or: # ip link set dev eth0 mtu 1500 # ip link list 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: mtu 1500 qdisc mq state UP qlen 1000 link/ether 02:00:17:00:XX:XX brd ff:ff:ff:ff:ff:ff Make the setting permanent by appending the line 'MTU=' in /etc/sysconfig/network-scripts/ifcfg-*: # grep MTU /etc/sysconfig/network-scripts/ifcfg-* /etc/sysconfig/network-scripts/ifcfg-eth0:MTU=9000 Restart the network service(for Oralce Linux 6): # service network restart Or (OL7) # systemctl restart network Test it from a remote machine by ping to probe the packet path: $ for x in 1462 1463 1472 1473 1500 9000; do echo Lenth $x; ping -c 3 -M do -s $x xxx.xxx.xxx.xxx; done Lenth 1462 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 1462(1490) bytes of data. 1470 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=39 time=231 ms 1470 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=39 time=231 ms 1470 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=39 time=243 ms --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2244ms rtt min/avg/max/mdev = 231.508/235.597/243.448/5.553 ms Lenth 1463 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 1463(1491) bytes of data. 1471 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=39 time=243 ms 1471 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=39 time=231 ms 1471 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=39 time=243 ms --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2246ms rtt min/avg/max/mdev = 231.495/239.439/243.632/5.634 ms Lenth 1472 >>>>>>>>>>>> Remote instance MTU Size=Data Size+IP header(20 bytes) +ICMP header(8 bytes)=1472+20+8=1500 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 1472(1500) bytes of data. 1480 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=39 time=243 ms 1480 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=39 time=231 ms 1480 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=39 time=231 ms --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2234ms rtt min/avg/max/mdev = 231.344/235.478/243.590/5.749 ms Lenth 1473 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 1473(1501) bytes of data. --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 11999ms Lenth 1500 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 1500(1528) bytes of data. --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 11999ms Lenth 9000 PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) 9000(9028) bytes of data. ping: local error: Message too long, mtu=9000 ping: local error: Message too long, mtu=9000 ping: local error: Message too long, mtu=9000 --- xxx.xxx.xxx.xxx ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
Posted by at No comments:

Wednesday, 14 July 2021

Oracle Linux: How To Downgrade UEK5 To UEK4 kernel

The solution in this guide can be applied on Virtual and Physical Machine. Solution 1. If you have a UEK4 kernel still available, boot that and then delete the UEK5 kernel(s). yum remove $(rpm -qa kernel-uek | grep 4.1.35) Note: Please check the kernels that are going to be removed before you hit "y". 2. If you don't have a UEK4 kernel, then install it. yum install kernel-uek-4.1.12* Or yum install *4.1.12* 3. Boot that UEK4 kernel and then remove the UEK5 kernel as shown in step 1. 4. Please ensure you've disabled the UEK5 repo. Once you've disabled the UEK5 repo, so run the command below. yum list extras 5. If that shows up anything that was in the UEK5 repo then "yum downgrade ..." for those rpms will downgrade them to their earlier version. Note: Do them all at once: yum downgrade's dependency calculations don't work (well, it doesn't have any as such). It is highly recommended to back-up the state of the system prior to any patching: For Oracle Guest VM Backup, please refer to this KM Doc Oracle VM: How To Backup And Restore A VM Guest (domU) Domain On Oracle VM 3.x (Doc ID 1477421.1) For other Guest VM such as VMware and Microsoft Hyper-V, please engage with the Corresponding Support Vendor. For the Physical Machine, please back-up the system to an external storage (e.g. tape, storage snapshot, storage dedup, or any other third party backup solution, etc.)
Posted by at No comments:

Sunday, 20 June 2021

network IP setup for Solaris 11.4

Commonly Used Network Administration CommandsNote - Some of following commands include parameters and values that are provided as examples only.ActionCommandAdministering DatalinksDisplay all of the datalinks (physical and virtual) on a system.# dladm show-linkDisplay all of the physical datalinks on a system.# dladm show-physDisplay all of the properties for all of the datalinks on a system.# dladm show-linkpropDisplay all of the properties for a specific datalink on a system.# dladm show-linkprop net0Display a specific property for a specific datalink on a system.# dladm show-linkprop -p mtu net0Administering IP Interfaces and AddressesDisplay general information about a system's IP interfaces.# ipadmDisplay a system's IP interfaces and addresses.# ipadm show-addrCreate an IP interface and then configure a static IPv4 address for that interface.# ipadm create-ip net0# ipadm create-addr -a 203.0.113.0/24 net0/addrObtain an IP address from a DHCP server.# ipadm create-ip net0# ipadm create-addr -T dhcp net0/addrCreate an auto-generated IPv6 address.# ipadm create-ip net0# ipadm create-addr -T addrconf net0/addrChange the netmask property for an IP address object name (net3/v4) to 8.# ipadm set-addrprop -p prefixlen=8 net3/v4Configure a persistent default route on a system.# route -p add default 192.0.2.1/27Configure a persistent default route by specifying a name.# route -p add IP-address -name route1persistent: route add IP-address -name route1Configure a static route on a system.# route -p add -net 192.0.2.35/27 -gateway 192.0.2.1/27Display a system's default route.# route -p showDelete a persistent route by specifying a name.# route -p delete -name route1delete host -name route1 route-IP: gateway gateway-IP: not in tabledelete persistent host -name route1 route-IP: gateway gateway-IPIf you do not specify the -p option with the -name option, the route is removedfrom the routing tables only.Configure a system's host name.# hostname hostnameAdministering Naming ServicesConfigure DNS on a system# svccfg -s dns/client setprop config/nameserver=net_address: 192.0.2.1/27# svccfg -s dns/client setprop config/domain = astring: "myhost.org"# svccfg -s name-service/switch setprop config/host = astring: "files dns"# svcadm refresh name-service/switch# svcadm refresh dns/client# svcadm enable dns/clientE61478, August 2018 Oracle Solaris 11.4 Network Administration CheatsheetActionCommandAdministering External Network Modifiers (ENMs)List all of the ENMs on a system.# netadm listEnable an ENM named myenm.# netadm enable myenmAdministering Wireless NetworksDisplay information about available wireless networks.# dladm scan-wifiConnect to an unsecured wireless network with the strongest signal.# dladm connect-wifiConnect to an unsecured wireless network by specifying an ESSID.# dladm connect-wifi -eESSIDCheck the status of the wireless network to which the system is currentlyconnected.# dladm show-wifi
Posted by at No comments:
Subscribe to: Comments (Atom)