Solaris 2 FAQ

The following is a list of questions that are frequently asked about Solaris 2.x and later. Where the FAQ mentions "Solaris 2.x", it really refers to Solaris 2.x, Solaris 7 and later.

The latest Solaris 2 FAQ, including an HTML version, and some other goodies can be obtained through ftp from ftp://ftp.wins.uva.nl/pub/solaris.

A new version of the FAQ is available with an index separate from all questions, it's http://www.wins.uva.nl/pub/solaris/solaris2/. So it's a lot quicker to download. Also, an experimental FAQ search service at http://www.wins.uva.nl/cgi-bin/sfaq.cgi is now available.

Please note that these addresses have changed because of a reorg. Just replace "fwi" in the old addresses with "wins".

The HTML http://www.wins.uva.nl/pub/solaris/solaris2.html version of the FAQ contains references to most FTP sites and files mentioned in the FAQ. The references to ftp sites are always to either HTML files or directories, never to binary files.

I've added an index of questions and marked changed(*) and added questions(+). The FAQ is being reorganized, time permitting. The index is generated automatically, so there may be errors there. Not all questions are in the section they belong in. Suggestions on how best to subdivide/order the FAQ are welcome.


 1. GENERAL
   1.1) What's Solaris anyway?
   1.4) What is Solaris 2? Is it really SVR4 based?
   1.13) Why do some people *like* Solaris2?
|  1.19) Where can I download Solaris binaries from?
| +1.20) What Solaris release am I running on my system?

 2. SOURCES OF INFORMATION
   2.1) How can I RTFM when I don't have it anymore?
   2.2) Why is "man -k" so confused?
   2.3) What Software is available for Solaris 2.x?
   2.4) What FTP/WWW sites do I need to know about?
   2.5) What other FAQ's do I need to know about?

 3. SYSTEM ADMINISTRATION
   3.3) What are "packages"?
   3.4) Why can't I write in/mount over /home?
   3.5) Why can't I access CDs or floppies?
   3.6) Why are there no passwords in /etc/passwd?
   3.7) Why can't I rlogin/telnet in as root?
   3.8) How can I have a user without a password?
   3.9) How can I set up anonymous FTP?
    to a SunOS4.x (or any other BSD) system?
   3.12) How can I print to a networked printer?
   3.13) Why does lp complain about invalid content types?
   3.14) My jobs stay in the queue after printing.
   3.15) Are there any alternatives to the system V spooler?
   3.16) What happened to /dev/MAKEDEV? How do I add devices?
   3.17) Why isn't my tape/cd player or new disk/device recognized?
   3.18) What happened to /etc/rc and /etc/rc.local?
   3.19) Can't I have /etc/rc.local back?
   3.20) Why are there two versions of shutdown?
   3.21) When will somebody publish a package of the BSD (4.3BSD Net2)
    "init", "getty", and "rc/rc.local", so we can go back to life
    in the good old days?
   3.22) What has happened to getty? What is pmadm and how do you use it?
   3.25) Where did etherfind go?
   3.29) How do I make ksh or csh be the login shell for root?
   3.30) What is this message: "automount: No network locking on host,
    contact administrator to install server change."?
   3.36) Which patches should I apply?
   3.41) How can I have more than 48 pseudo-ttys?
   3.42) How can I have normal users chown their files?
   3.45) How can I increase the number of file descriptors per process?
   3.47) How do I disable banner pages under Solaris?
   3.48) How do I change my hostname?
   3.50) How can I prevent daemons from creating mode 666 files?
   3.51) How do I change the terminal type for /dev/console?
   3.52) If I login over the network, my terminal type is set to "sun"/"AT386"
    How can I change that?  In SunOS 4.x the type would have been "network"
   3.53) How can I change the SYSV IPC parameters?
   3.54) How do I enable/disable dtlogin?
   3.55) How do I configure dtlogin?
   3.56) How can I configure a second monitor or change X server options?
|  3.57) How can I have more than 128 X windows clients?
|  3.58) Xvnc/Xnest/Xvfb can't create a socket in /tmp/.X11-unix.
   3.59) How can I restrict remote access through dtlogin?
   3.64) Can I use soft mounts with NFS?
|  3.66) How can I tell whether I'm running a 32 or 64 bit kernel?
   3.67) How do I get rid of the Solregis pop-up?
   3.68) Where do I get Disksuite for Solaris 8
   3.69) How do perform an old-fashioned interactive install in Solaris 8?
   3.70) Now that Solaris install from several CDs, how can I jumpstart?
   3.71) How can I grow a UFS filesystem?
   3.72) How do I install without starting OpenWindows?
   3.73) How do I set up Solaris for my time zone and daylight saving rules?
   3.74) I always install my own perl, can I remove the Sun installed one?
| +3.75) Where did kgmon go?

 4. NETWORKING
   4.1) How do I use DNS w/o using NIS or NIS+?
   4.2) What is /etc/nsswitch.conf?
   4.3) What does [NOTFOUND=return] in nsswitch.conf mean?
   4.4) Can I run a nis/yp server under Solaris 2.x?
   4.5) Can I run NIS+ under Solaris 1 (SunOS 4.1.x)
   4.6) With NIS+ how do I find out which machine a client is bound to?
   4.7) Ypcat doesn't work on the netgroup table on a NIS+ server, why?
   4.8) Why is rpc.nisd such a memory pig according to ps?
   4.9) How do I tell my NIS+ server to service DNS requests from
    4.x clients?
   4.10) How can I have multiple addresses per interface?
   4.11) Solaris 2.x supports filesystem sizes up to 1TB.  Will this
    give interoperability problems with NFS?
   4.12) Where can I get an SNMP agent for Solaris?
| *4.13) How can I use full-duplex ethernet?
   4.14) Where can I get BOOTP/DHCP for Solaris?
   4.15) What kind of multicast support does Solaris have?
   4.16) How can I have NAT or a firewall on Solaris?
| *4.17) Where can I get an IPv6 capable version of tcp wrapper?

 5. TROUBLE SHOOTING
   5.1) The Solaris 2.x application XX fails with a mysterious error condition.
   5.2) In Solaris 2.5 nm is slow or dumps core.
   5.3) Why can't I run Answerbook on a standalone machine?
   5.4) Why can't I display Answerbook remotely?
   5.5) Why can't I run filemgr, I get ``mknod: permission denied''?
   5.6) Why do I get isinf undefined when linking with libdps on Solaris 2.3?
   5.7) I can't get PPP to work between Solaris 2.3 and other platforms.
   5.8) Using compat mode for passwd doesn't work in 2.3?
   5.9) Why do I get __builtin_va_alist or __builtin_va_arg_incr undefined?
   5.10) When compiling, I get "No DATAMODEL_NATIVE specified"?
   5.11) My machine hangs during the boot process.  It seems related to ps.
   5.12) Syslogd doesn't seem to log anything.
   5.13) Syslogd in 2.6 runs with -z num -n, what's up?
   5.14) I get ``Invalid client credential'' when mounting filesystem on
    Solaris client from non-Sun fileserver.
   5.15) After upgrade to 2.4, ls on NFS mounted directories hangs.
   5.16) After installing patch 101945-xx, I have NFS problems  ksh(looping).
   5.17) I messed up /etc/system, now I can't boot.
   5.18) The /etc/path_to_inst file is corrupted, I can't boot.
   5.19) TCP/IP connections time out too soon, especially on slow links.
   5.20) Sendmail connection to non-Unix hosts don't work.
   5.21) Solaris 2.x can't set up any TCP/IP connections to certain hosts.
   5.22) I read 5.21, but I still have connectivity problems.
   5.23) When reading mail on non-Solaris clients of a Solaris mail
    server, or with non-Solaris mail readers, some messages get split
    into multiple messages.
   5.24) Mail/mailx often send reply to wrong user or show wrong sender.
   5.25) One of my users can't login (one some machines).
   5.26) My clients with remote /var (/var/adm) partitions won't boot.
   5.27) Vacation doesn't work reliably in a mixed Solaris/SunOS environment.
   5.28) I have a lot of defunct processes.  How do I get rid of them?
   5.29) I get /dev/ptmx: No such device when attempting to telnet/rlogin in.
   5.30) ld bails out with msync errors.
   5.31) su responds with "Sorry" and doesn't prompt for a password.
   5.32) Why can't I install 2.4 from a non-Sun CD while I could do so with 2.3?
   5.33) ifconfig can't find my network interface
   5.34) I have an application that compiled fine, but when I run it I get:
    fatal: libfoo.so.2: can't open file: errno=2 or No such file or directory
   5.35) Motif programs dump core almost immediately.
|  5.36) cc complains that "language optional software package not installed".
   5.37) thr_create/pthread_create and other thread functions always return -1
   5.38) Solaris 2.4 is getting slower over time/seems to have a kernel
    memory leak.
   5.39) Why do I get ``Unable to install/attach driver 'xxx''' messages?
   5.40) I can't run nfs: netdir_getbyname failure, /dev/udp: bind problem
   5.41) Why do I get ``named[]: rt_malloc:  memdebug overflow'' errors?
|  5.42) The ld command dumps core on Solaris/x86
   5.43) In Solaris 2.4 my TCP performance is extremely poor.
   5.44) Solaris 2.4 in.tftpd is terribly slow.
   5.45) I get "df: Could not find mount point ..."
|  5.46) I changed root's shell, forgotten root's password, and I can't login.
   5.47) How do I boot single user from CD?
| +5.48) How do I interrupt the system boot sequence on SPARC?
| +5.49) How do I reset the NVRAM to factory defaults?
|  5.50) When linking C++ programs, I get "_ex_keylock" undefined.
|  5.51) My NFS server hangs when I get filesystem full/over quota errors.
|  5.52) OpenWindows fails with "Binding Unix Socket: Invalid argument"
|  5.53) Why is Xsun such a memory pig, especially on the SX, S24 and FFB?
|  5.54) Solaris 2.5 and Solaris 2.4 patch 101945-34+ have poor TCP performance
    over slow links.
|  5.55) After install x86 patch 101946-29, I have problems with sockets and
    TCP/IP throughput.
|  5.56) The commands du and ls show funny block counts on NFSv3 filesystems.
|  5.57) When I halt/reboot my system I get "INIT: failed write of utmpx entry"
|  5.58) Patch installation often fails with "checkinstall" errors.
|  5.59) Why do I get a CPU-bound rpc.ttdbserverd process?
|  5.60) What is /proc?  Can I safely remove the large files there?
|  5.61) What does "named[XX]: Lame server on 'hostname' ...." mean?
|  5.62) I installed Solaris on a new/big disk, but now booting fails.
| *5.63) I have a problem with large disk drives.
|  5.64) When I try a network install I get:
    "WARNING: using boot version 8, expected 9"
|  5.65) My Ultra shuts down with "WARNING: THERMAL WARNING DETECTED!!!"
|  5.66) Power management shuts down my monitor, but it never comes back.
|  5.67) I can't seem to disable power management in 2.6!
|  5.68) Power management no longer kicks in when xlock runs
|  5.69) Orainst 7.3.2 dumps core in 2.5.1 with patches and in 2.6.
|  5.70) My dial-on-demand link keeps dialing out, seems DNS related.
|  5.71) Processes hang in door_call(), hostname lookups hang.
|  5.72) When using Solaris 2.6, many fonts don't show up properly in Netscape 4.
|  5.73) When using virtual interfaces in 2.6, the system picks a random
    source address.  How can I fix this?
|  5.74) A downloaded binary complains "libresolv.so.2: can't open file"
|  5.75) Ypserv/NIS w/ DNS is very unreliable in Solaris 2.6.
|  5.76) When trying to install Solaris 2.x on an Ultra-5/Ultra-10/Ultra-60,
    it can't find "kernel/unix".
|  5.77) After the system has been up for a while, freemem is only a couple of MB.
|  5.78) A device driver that worked fine under S2.6 stopped loading under S7
|  5.79) I get a lot of "late collisions", what are those?
|  5.80) I can't mount an NFS filesystem, I get "RPC: Program not registered".
|  5.81) How do I automatically NFS share inserted CD-Roms?
|  5.82) I cannot run remote tooltalk sessions on Solaris 8 displays and
    recently patched older systems.
|  5.83) Where is all my memory in use?
|  5.84) Tcpd prints "connect (refused) from 0.0.0.0" in Solaris 8 and later?
|  5.85) The permissions on /tmp are wrong after a reboot?

 6. SOFTWARE DEVELOPMENT
   6.1) Where is the C compiler or where can I get one?
   6.2) Which packages do I need to install to support a C compiler?
   6.3) Where has ranlib gone?
   6.4) What do I need to compile X11R5?
   6.5) I can't compile X11R6 on Solaris 2.4
   6.6) X11R6 on Solaris 2.4 won't run.  Xinit dies with "User Signal 1".
    Xterms won't die. Dired doesn't work in emacs-19.
   6.7) I get undefined symbols when compiling R6 in Solaris 2.2.
   6.8) After compiling X11R6 with gcc 2.7.0, X programs won't find their
    libraries.
   6.9) How can I run X11R6 on my SS4 w/ TCX?
   6.10) Can I run X11R6 on my SX, ZX, TCX, Creator, Creator3D or Elite3D?
| *6.11) I can't get perl 4.036 to compile or run.
   6.12) I can't get sockets to work with perl.
   6.13) I have problems compiling MH 6.8.3
   6.14) I can't get XV 3.x to compile or run correctly.
   6.15) What happened to NIT? What new mechanisms exist for low-level
    network access?
   6.16) Where are all the functions gone that used to be in libc?
   6.17) I'm still missing some functions: bcopy, bzero and friends.
   6.18) Can I use the source compatibility package to postpone porting?
   6.19) Why doesn't readdir work?  It chops the first two characters of
    all filenames.
   6.20) Why do I get undefined symbols when linking with curses/termcap?
   6.21) Where are the Motif includes and libraries?
   6.22) When I call semctl(), my program crashes.  It works fine elsewhere.
   6.23) Traceroute to Solaris 2.x machines gives many timeouts.
   6.24) I have problems linking my application statically.
   6.25) I get '"/usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1": not in
    executable format: format not recognized' from gdb on my Ultra.
   6.26) How can I make Gdb work with Sun's C compiler?
   6.27) Does Solaris have problems with dates in the year 2000 and after?
   6.28) I can't seem to get older gcc releases to work under Solaris 2.6
   6.29) Gdb doesn't fully work on Solaris 2.6.
   6.30) I can't get gdb to compile with Sun's C compiler

 7. KERNEL PARAMETERS
|  7.1) Where can I find a list of all Solaris kernel parameters?
| *7.2) How can I guard my system against stack buffer overflow exploits?
   7.3) How can I restrict the number of processes per user?
   7.4) What purpose does the maxusers variable serve?
   7.5) How can I have a clock resolution better than 10ms?
|  7.6) How can I have more than 16 groups per user?
   7.7) How can I disable _POSIX_CHOWN_RESTRICTED?  My users want to chown files?
   7.8) How can I make the NFS server ignore unprivileged clients?

 8. ACKNOWLEDGEMENTS

1. GENERAL

1.1) What's Solaris anyway?

Solaris(tm) is Sun's name for their UNIX-based user environment, including the UNIX(tm) operating system, window system (X11-based), and other stuff too.

Solaris 1.x is a retroactive (marketing?) name for SunOS 4.1.x (x=1), a version of UNIX that is BSD-like with some SVR4 features, along with OpenWindows 3.0.

Solaris 2.x (which is what most everybody means by "Solaris") includes SunOS 5.x, which is an SVR4-derived UNIX, along with OpenWindows 3.x, tooltalk, and other stuff.

Solaris 7 and later are basically newer revisions of Solaris 2.x with the leading "2." stripped.

This FAQ covers Solaris 2.x and later.

1.4) What is Solaris 2? Is it really SVR4 based?

Solaris 2 is an "operating environment" that includes the SunOS 5.x operating system and the OpenWindows 3.x window environment.

SunOS 5.x is based on USL's SVR4.0. SVR4.0, in turn, was developed jointly by AT&T and Sun while Sun was developing 4.1.0, which is why things like RFS, STREAMS, shared memory, etc., are in SunOS 4.1.x, and why things like vnodes, NFS and XView are in SVR4.0. (RFS, by the way, was dropped effective Solaris 2.3).

1.13) Why do some people *like* Solaris2?

There are improvements in Solaris 2.x.

Solaris 7 HW 11/99 onward.
Motif & CDE.
ANSI-C and POSIX development environment.
POSIX threads (2.5)
POSIX and X/OPEN command environment
UNIX 95 conformance.
UNIX 98 conformance (Solaris 7)
Posix shared memory and semaphores (2.6)
Multi-threaded kernel and real threads.
Real-time feature in the kernel
Faster clock ticks (optionally 1000Hz in 2.6)
Large files (2.6)
True multi-processing.
Goodies: vold, admintool and Wabi.
Easy patch installation/administration through installpatch/patchadd.
All software in easy to manage "packages".
Power management software & suspend/resume
Access control lists
NFS Version 3 and NFS over TCP (Solaris 2.5+).
A better automounter, autofs (no more /tmp_mnt and symlinks).
Jumpstart/autoinstall - hand off installation of clients.
Much better MP support.
Faster networking (ATM, fastethernet).
64 bit OS (Solaris 7)
IPv6 (Solaris 8)
IPsec (Solaris 8)
Kerberos 5 client support (Solaris 8)

1.19) Where can I download Solaris binaries from?

The latest Solaris binary release can be physically ordered or download loaded from www.sun.com

1.20) What Solaris release am I running on my system?

Which Solaris release you are running on your system can be determined using the following command:

cat /etc/release

This will tell you which release you are running and when it was released. The more recent your system, the more info is contained in this file.

2. SOURCES OF INFORMATION

2.1) How can I RTFM when I don't have it anymore?

Sun has a site on the web that has many of the answerbooks:

http://docs.sun.com

2.2) Why is "man -k" so confused?

Solaris man uses a manual page index file called "windex" in place of the old "whatis" file. You can build this index with

catman -w -M man-page-directory

But, in 2.1, this will result in numerous "line too long" messages and a bogus windex file in /usr/share/man, and a core dump in /usr/openwin/man. (In 2.2, catman works in /usr/share/man, but says "line too long" in /usr/openwin/man). To add injury to insult, "man" normally won't show you a man page if it can't find the windex entry, even though the man page exists.

Makewhatis, or better, getNAME, still can't deal with all manual pages from the net.

Solaris 8 man will look for the manual page the hard way if it cannot find it in an existing "windex" file.

Starting with Solaris 7 manual pages are being converted to SGML format; the formatting is now a lot slower as there's an extra sgml2roff step in between.

But wait, there's more! To see the read(2) man page, you can't just type "man 2 read" anymore - it has to be "man -s 2 read". Or, alias man to this little script:

    #!/bin/sh"
    if [ $# -gt 1 -a "$1" -gt "0" ]; then
        /bin/man -F -s $*
    else
        /bin/man -F $*
    fi

2.3) What Software is available for Solaris 2.x?

Sun's web pages contain a searchable index of commercial software and a link to an outside contractor who gathers free and public domain programs. Sun's own software is available at www.sun.com/software.

A list of freeware that has been ported to Solaris 2.x is posted monthly to the newsgroup comp.unix.solaris.

Also check the following sites:

If you use gcc (versions prior to 2.8 or versions build on Solaris 2.4 and earlier), it is important to remember that re-run fixincludes or re-install gcc after an OS upgrade, or you'll be compiling with the old include files which will essentially give you the above programs as if compiled for a previous OS release.

2.4) What FTP/WWW sites do I need to know about?

2.5) What other FAQ's do I need to know about?

Stokely Consulting's list of Sun FAQs

3. SYSTEM ADMINISTRATION

3.3) What are "packages"?

A SVR4 mechanism for "standardizing" the installation of optional software. Most vendors are expected to use this format for distributing add-on software for Solaris 2.x.

Packages can be installed/deinstalled with pkgadd/pkgrm which are standard SVR4 items, or with swm (CRT) or swmtool (GUI-based) which are provided only in Solaris 2.

Note that the "pkg" system keeps lots of files in /var/sadm/install, and in particular the file "contents", which is hundreds of KB, and that there are two copies of it while pkgadd is running, so you needs lots of free space where /var is, typically the root. This file must be kept around if you want, for example, to use pkgrm to remove a package, or pkgchk to verify months later that all of a a package's files are still intact.

Summary of pkg* commands:

pkginfo pkg test for presence of package.

pkgadd -d /cdrom/Solaris_2.3 pkg ... add missing packages

pkgrm pkg ... remove packages.

pkgchk -q pkg test for existence of package

pkgchk options [pkg] check installed packages for integrity.

3.4) Why can't I write in/mount over /home?

SunOS 5.x is delivered with the "automounter" enabled. The automounter is designed for NFS sites, to simplify maintenance of the list of filesystems that need mounting. However it is a burden for standalone sites.

The automounter takes over /home and in effect becomes the NFS server for it, so it no longer behaves like a normal directory. This is normally a Good Thing as it simplifies administration if everybody's home directory is /home/username, regardless of their physical location.

If you want to continue to use the automounter, edit /etc/auto_master and comment out the line starting with "/home". Then run the "automount" command which will cause automountd to reload the maps.

To kill it off for standalone or small networks running Solaris 2.3 or later, you can stop automountd by running "/etc/init.d/autofs stop". Prevent it from starting at boot time by renaming the file /etc/rc2.d/SXXautofs to /etc/rc2.d/sXXautofs, where XX are two digits depending on the OS release. (If you change your mind, just rename it back)

In Solaris 2.2, the procedure is different. You need to comment out the three lines in /etc/init.d/nfs.client that start "if" (from the if to the fi!!), and reboot (Solaris 2.2)

To learn about it, read the O'Reilly book "Managing NFS and NIS", or ftp the white paper 'The Art of Automounting". from sunsite.unc.edu in the directory /pub/sun-info/white-papers.

3.5) Why can't I access CDs or floppies?

Solaris 2.2 introduced a new scheme for automatically mounting removable media. It consists of a program "vold" (volume daemon) which sits around watching for insertions of floppies and CD's, handles ejects, talks to the file manager, and invokes a second program called "rmmount" (removable media mounter) to mount the disk.

Note that on most SPARCstations, run "volcheck" whenever you insert a floppy, as the floppy hardware doesn't tell SunOS that a floppy was inserted and polling the drive would wear it out pretty quickly.

Advantages of this scheme:

no longer need root; users can mount and unmount at will.
can do neat tricks like automagically start "workman" or other Audio CD player when audio CD inserted.
extensible - developers can write their own actions.

Drawbacks:

can no longer access /dev/rfd0 to get at floppy; must use longer name like /vol/dev/rdsk/floppy0
similarly, CD's get mounted on /cdrom/VOLNAME/SLICE, e.g., /cdrom/solaris_2_2/s0 is slice 0 of the Solaris 2 CD nice(that it does mount all the partitions, though!).

To read or write a non-filesystem floppy (tar, cpio, etc), put in the diskette and run "volcheck" from the commandline or click "Check for Floppy" in the filemgr to get it noticed; then access /vol/dev/rfd0/unlabeled (e.g. "tar tvf /vol/dev/rfd0/unlabeled").

For Solaris 2.3 and later: /vol/dev/rdiskette0/unlabeled, or /vol/dev/aliases/floppy0.]

If you want the old behavior, remove the /etc/rc2.d/S*volmgt link, and reboot.

3.6) Why are there no passwords in /etc/passwd?

System V Release 4 includes a feature called "shadow passwords". The encrypted passwords are moved out into a shadow password file (called /etc/shadow in this release) that is NOT publicly readable. The passwd file has always been readable so that, for example, ls -l could figure out who owns what. But having the passwd encryptions readable is a security risk (they can't be decrypted but the bad guy can encrypt common words and names etc. and compare them with the encryptions).

The Shadow Password feature is mostly transparent, but if you do any passwd hacking you have to know about it! And DO make sure that /etc/shadow is not publicly readable!

3.7) Why can't I rlogin/telnet in as root?

In order to allow root logins over the net, you need to edit the /etc/default/login file and comment out or otherwise change the CONSOLE= line.

CONSOLE=/dev/console Direct root logins only on console. Default.

CONSOLE=/dev/ttya direct root logins only on /dev/ttya

CONSOLE= direct root logins disallowed everywhere

#CONSOLE (or delete the line) root logins allowed everywhere

/etc/hosts.equiv is still supported, but there is no default.

3.8) How can I have a user without a password?

In addition to removing the password from /etc/shadow, you need to take one of the following steps:

Edit /etc/default/login and comment out PASSREQ=YES or change it to PASSREQ=NO. This allows *all* users to remove their password!

The second way is to give a particular user no password with the following entry in /etc/shadow:

user::9092:9999:9999::::

3.9) How can I set up anonymous FTP?

If you need help, ftp the file "ftp.anon" from ftp://ftp.math.fsu.edu/pub/solaris/ftp.anon.

ftpd(1M) is nearly complete when it comes to setting up anonymous ftp. It only leaves out /etc/nsswitch.conf. [S2.3]

Additionally, make sure that the filesystem ~ftp resides on is not mounted with the nosuid option. This is because the nosuid option also disables the kernel honoring device files which are required in the chroot environment for ~ftp.

For security reasons, it is important that no files under ~ftp are owned by ftp. If they are, anonymous users can modify them.

In Solaris 2.5 and later, you will need to copy /usr/lib/libmp.so.* as well as provide a /dev/ticlts (for wu-ftpd).

3.12) How can I print to a networked printer?

Before Solaris 2.6, you either needed special software like JetAdmin or get a printer that supported the BSD print protocol and set your system up as a BSD client.

Starting with Solaris 2.6, there's a new lp "model" script, "netstandard". This script allows you to print to remote BSD type printers as well as over raw TCP/IP connections. It's used like this:

    # Raw TCP
    lpadmin -p localname -m netstandard -o protocol=tcp -o dest=host:port \
    -v /dev/null
    # BSD
    lpadmin -p localname -m netstandard -o protocol=bsd -o dest=host \
    -v /dev/null

Enable/accept and you're all set.

When using netstandard, all filtering is done locally. When configured as a BSD print client, filtering isn't done locally as only print servers should filter jobs.

3.13) Why does lp complain about invalid content types?

For better or for worse, you need to know about printer content types. See the man page for "lpadmin".

To get transparent mode, try this:

sol# lpadmin -I any -p printer

3.16) What happened to /dev/MAKEDEV? How do I add devices?

Device drivers are linked in dynamically. When you add new devices, just shutdown the system and do boot -r to *r*ebuild the /devices and /dev directories.

When you're adding a device without rebooting or forgot to do a reconfigure boot, you can run the "configure devices" commands.

In Solaris 8 it is as simple as running "devfsadm" without arguments.

Older solaris releases don't have "devfsadm" and you need to run a few commands, e.g., if you've just added a SCSI disk, you run the following commands (as the superuser):

    /usr/sbin/drvconfig"
    /usr/sbin/devlinks"
    /usr/sbin/disks                 # or /usr/sbin/tapes for tapes
    /usr/ucb/ucblinks               # Compatibility links

    exit 0

Note that this only works if you already have at least one SCSI disk on the system. (This is because the above just makes symbolic links and things, it does not load up the SCSI driver kernel modules, etc.)

3.17) Why isn't my tape/cd player or new disk/device recognized?

Devices must be turned on and present when you configure the system. After adding devices boot -r with all the devices turned on. See also 3.16

3.18) What happened to /etc/rc and /etc/rc.local?

They're now fragmented into 12 million tiny little pieces. Look in the following files to get oriented:

/etc/inittab Defines which programs init starts and when.

/sbin/rcS
/etc/rcS.d/* Booting stuff

/sbin/rc2
/etc/rc2.d/*
/sbin/rc3
/etc/rc3.d/* Stuff for multi-user startup.

Note that all files in /etc/rc*.d/* are hardlinked from /etc/init.d (with better names), so you should grep in there.

There are many "run levels" to the System V init; the run level 3 is normally used for "multi user with networking."

When executing the scripts in an /etc/rc?.d directory, the K* scripts are executed first, followed by the S* scripts. Scripts ending in .sh are executed in the same shell and can be used to set environment variables used further on in the same directory.

A basic startup script looks like this:

    #!/bin/sh"
    # Sample init.d script.
    # Install a copy under /etc/init.d/your-daemon
    # make links to /etc/rc2.d/Sxxyour-daemon (or rc3.d)
    # and /etc/rc[01].d/Kxxyour-daemon.
    # Scripts ending in .sh are executed with the sh "." command.
    # Scripts not ending in .sh are executed as "sh script"

    case "$1" in
    start)
        #... commands to start daemon ....
        ;;
    stop)
        #... commands to stop daemon ....
        ;;
    esac

3.19) Can't I have /etc/rc.local back?

No. You can never have rc.local back the way it was. But then, it never really *was* purely a "local" rc file. To have a real "local" rc file with just your changes in it, copy this file into /etc/init.d/rc.local, and ln it to /etc/rc3.d/S99rc.local. Put your startup stuff in the "start" section.

    #!/sbin/sh"
    # /etc/init.d/rc.local - to be linked into /etc/rc3.d as
    # S99rc.local -- a place to hang local startup stuff.
    # started after everything else when going multi-user.

    # Ian Darwin, Toronto, November, 1992
    # As with all system changes, use at own risk!

    case "$1" in
    'start')
        echo "Starting local services...\c"

        if [ -f /usr/sbin/mydaemon ]; then
            /usr/sbin/mydaemon
        fi
        echo ""
        ;;
    'stop')
        echo "$0: Not stopping any services."
        ;;
    *)
        echo "Usage: $0 { start | stop }"
        ;;
    esac

3.20) Why are there two versions of shutdown?

SVR4 (hence SunOS 5.x) tries to make everybody happy. The traditional (slow) System V "shutdown" runs all the rc0.d/* shell scripts with "stop" as the argument; many of them run ps(!) to look for processes to kill. The UCB "shutdown" tells init to kill all non-single-user processes, which is about two orders of magnitude faster. In old versions of Solaris (2.2 and before) the UCB version did everything it should *except* actually halt or reboot.

If you run a database (like Oracle) or INN, you should install a special /etc/rc0.d/K* script and make sure you always shutdown the long way.

3.21) When will somebody publish a package of the BSD (4.3BSD Net2) "init", "getty", and "rc/rc.local", so we can go back to life in the good old days?

Getty should be easy and was reportedly done at a number of sites. The port monitor isn't everyones favorite. But given that you can do much more with the SVR4 init, why would you want to change back? It would be much more trouble than it's worth.

3.22) What has happened to getty? What is pmadm and how do you use it?

I was hoping you wouldn't ask. pmadm stands for Port Monitor Admin, and it's part of a ridiculously complicated bit of software over-engineering that is destined to make everybody an expert.

Best advice for workstations: don't touch it! It works out of the box. For servers, you'll have to read the manual. This should be in admintool in Solaris 2.3 and later. For now, here are some basic instructions from Davy Curry.

"Not guaranteed, but they worked for me."

To add a terminal to a Solaris system:

Do a "pmadm -l" to see what's running. The serial ports on the CPU board are probably already being monitored by "zsmon".

    PMTAG          PMTYPE         SVCTAG         FLGS ID       PMSPECIFIC
    zsmon          /tech/sun/commands/ttymon.html">ttymon         ttya           u    root     \
        /dev/term/a I - /usr/bin/login - 9600 ldterm,ttcompat ttya \
        login:  - tvi925 y  #

If the port you want is not being monitored, you need to create a new port monitor with the command
sacadm -a -p PMTAG -t /tech/sun/commands/ttymon.html">ttymon -c /usr/lib/saf//tech/sun/commands/ttymon.html">ttymon -v VERSION

where PMTAG is the name of the port monitor, e.g. "zsmon" or "alm1mon", and VERSION is the output of "ttyadm -V".
If the port you want is already being monitored, and you want to change something, you need to delete the current instance of the port monitor. To do this, use the command
pmadm -r -p PMTAG -s SVCTAG

where PMTAG and SVCTAG are as given in the output from "pmadm -l". Note that if the "I" is present in the PMSPECIFIC field (as it is above), you need to get rid of it.

Now, to create a specific instance of /tech/sun/commands/ttymon.html">ttymon for a port, issue the command:

    pmadm -a \
          -p PMTAG \
          -s SVCTAG \
          -i root \
          -fu \
          -v 1 \
          -m "`ttyadm -m ldterm,ttcompat 
              -p 'PROMPT' -S YORN -T TERMTYPE 
              -d DEVICE -l TTYID -s /usr/bin/login`"

Note the assorted quotes; Bourne shell (sh) and Korn (ksh) users leave off the second backslash!

In the above:

PMTAG Port monitor name you made with "sacadm", e.g. "zsmon".

SVCTAG Service tag, which can be the name of the port, e.g., "ttya" or "tty21".

PROMPT prompt you want to print, e.g. "login: ".

YORN "y" to turn software carrier on (you want this for directly connected terminals" and "n" to leave it off (you want this for modems).

TERMTYPE value you want in $TERM.

DEVICE name of the device, e.g. "/dev/term/a" or "/dev/term/21".

TTYID line you want from /etc/ttydefs that sets the baud rate and stuff. I suggest you use one of the "contty" ones for directly connected terminals.

To disable ("turn off") a terminal, run
pmadm -d -p PMTAG -s SVCTAG

To enable ("turn on") a terminal, run
pmadm -e -p PMTAG -s SVCTAG

Ports are enabled by default when you "create" them as above.

For more details, see Celeste's Tutorial on Solaris 2.x Modems & Terminals

3.25) Where did etherfind go?

There is a replacement for etherfind called snoop. The capture file format is described in RFC 1761.

3.29) How do I make ksh or csh be the login shell for root?

Root's shell is /sbin/sh, which is statically linked. Don't just insert a 'c' before "sh" as previously, as that would look for /sbin/csh, which doesn't exist. Don't just change it to /bin/csh, since that's really /usr/bin/csh, which is dynamically linked, because:

/usr may not be mounted initially, and then you're in deep (the shared libraries are in /usr!), and
There is code in the startup scripts that assumes that everything critical is in /etc/lib, not /usr/lib.

Approach with caution!

Whenever you change root's shell, make sure you do it using vipw or "passwd -e". Both programs will check for a valid (in the sense of /etc/shells) file.

Safer bet - have an alternate root account, like "rootcsh", with uid 0, and /bin/csh as its shell. Put it after root's entry in the passwd file. Only drawback: you now have to remember to change all of root's passwords at the same time.

Third bet - in root's .profile, check if /usr is mounted and, if so, exec /bin/ksh or whatever.

An even better bet - leave root's shell alone, and use the sudo command for doing things as root.

3.30) What is this message: "automount: No network locking on host, contact administrator to install server change."?

The other machine (an NFS server) is running 4.1.x and needs a patch from Sun to update its network lock daemon (lockd). If you don't install the patch on the server, file locking will not work on files mounted from "thathost". The lockd jumbo patch fixes a bunch of other lock manager problems, so it may be a Good Thing To Get; however, it may also cause the machine on which the patch is installed to have trouble talking to servers with no patch or older patches, so Be Warned.

The lockd patches are: 100988 (4.1.3), 101817 (4.1-4.1.2) 101784 (4.1.3_U1), 102264 (4.1.4) and 100518 (for Online: Disksuite).

Make sure you install the latest version of those patches.

3.36) Which patches should I apply?

"If it ain't broke, don't fix it." In general you should only apply patches for security related problems. For each and every other patch consider two things: have I encountered this bug or am I very likely to encounter this bug in the near future. If neither is true, it is often best not to apply the patch. If you have a working system, why patch it? Patches do occasionally introduce new bugs and not applying patches is the best way to avoid those new bugs.

You should, however, install all patches that come with the Solaris 2.x CDs. Those patches have been tested together and supplement the base OS to the supported level. Some systems won't even boot if those patches aren't installed first.

Y2000, security and even recommended patches should also be installed and updated on a regular basis.

The latest Solaris releases come with packages "pre-patched" as well as a "Maintenance Update" CD. The "MU" CDs are meant to be used on systems with older HW releases; the patches on the MU CDs are already incorporated in the HW releases themselves.

The MUs are also available on "SolarisSolve"; to access SolarisSolve, all you need to do is register with "solregis". This service is available to all Solaris users.

PatchDiag from Sun helps you keep track of them. http://sunsolve.sun.com/sunsolve/patchdiag/

Joe Shamblin's excellent PatchReport allows for easy patch ftp://x86.cs.duke.edu/pub/PatchReport/index.html diagnostics, downloads and installation.

Casper Dik's fastpatch allows for lightning speed patch installation. ftp://ftp.wins.uva.nl/pub/solaris/auto-install/

3.41) How can I have more than 48 pseudo-ttys?

For Solaris 7 and before, edit /etc/system and add the following line:

* System V pseudo terminals
set pt_cnt = num

Halt the system and boot -r.

You can essentially have as many as you like, but you'll probably run into some other limit somewhere. More than 3000 are supported. Solaris 2.6 and earlier have telnet/rlogin daemons that do not support more than 3844 sessions each. That restriction is lifted in Solaris 7.

Starting with Solaris 8, the number of pseudo terminals grows dynamically on demand. Setting the "pt_cnt" variable is no longer needed. The system still imposes internal limit based on available resources which is, usually, very high. In the rare case when this limit is still inadequate administrator may set pt_cnt variable to override it. If pt_cnt is set to anything less than the system-defined limit, its value is ignored.

If administrators want to explicitly limit the maximum number of allocated ptys, they should set pt_max_pty variable which specifies the maximum number of ptys that can be created in the system. The default value 0 means that the maximum is automatically determined by the system based on the amount of memory.

There is no need to reboot the system with -r flag after changing these variables. The changes start working immediately upon being set, even if they are set on the running system by adb or some other means.

The pty driver creates entries in the /dev/pts directory as needed and these entries are never removed automatically, so they do not indicate the actual amount of ptys allocated by the system.

Some die-hard system administrator myths as well as some Sun documentation claim that you have to increase "sad_cnt", "sadcnt" or "nautopush" when adding ptys. There is no truth in this.

3.42) How can I have normal users chown their files?

Add the following to /etc/system:

set rstchown = 0

This will defeat the quota system and may compromise the security of your system.

3.45) How can I increase the number of file descriptors per process?

In Solaris 2.4+, this can be accomplished by adding the following lines to /etc/system:

* set hard limit on file descriptors
set rlim_fd_max = 4096
* set soft limit on file descriptors
set rlim_fd_cur = 1024

Raising the soft limit past 256 may confuse certain applications, especially BCP applications. Raising the limit past 1024 may confuse applications that use select(). Select() cannot use more than 1024 file descriptors at this time prior to Solaris 7. In Solaris 2.6, the RPC code was rewritten to use poll(), which does work with many more fds than select(). Prior to 2.6, all RPC servers will likely crash and burn if you increase the fd soft limit past 1024.

Solaris 7 allows upto 65536 fds passed to select; this is the default for 64 bit applications but it requires recompiling with a larger value for FD_SETSIZE for 32 bit apps.

Programs using stdio or even library calls that use stdio may break when they have more than 256 files open as that is the stdio limit. Programs using many filedescriptors should try and reserve a number of low numbered file descriptors for use by stdio.

The stdio limit is removed for 64 bit applications in Solaris 7; if you really need more than 256 FILE * in and you can't use Solaris 7+ or need to run in 32 bits, you can use SFIO from AT&T. http://www.research.att.com/sw/tools/sfio/

3.47) How do I disable banner pages under Solaris?

As root, go to directory /etc/lp/interfaces. Edit the file that corresponds to the printer name. Change the line that reads 'nobanner="no"' to 'nobanner="yes"'.

To effect this change on future printers, edit the scripts in /usr/lib/lp/model. That directory contains the template scripts copied over to /etc/lp/interfaces.

3.48) How do I change my hostname?

The supported way to change your hostname is:

# /usr/sbin/sys-unconfig"

The system will halt and on subsequent boot will ask for its name and other networking parameters again.

You may wish to save a copy of /etc/nsswitch.conf beforehand as that file is overwritten by the configuration process.

Note that sys-unconfig is not supported on diskless or dataless workstations. On those, you'll need to edit files by hand. See the sys-unconfig(1M) for a list of the files that need changing.

3.50) How can I prevent daemons from creating mode 666 files?

Prior to Solaris 8, all daemons inherited the umask 0 from init. In Solaris 8, the default was changed from 0 to 022, a saner value. It is now settable in /etc/default/init (CMASK=value). The old behaviour is most problematic for a service like ftp, which in a standard configuration leaves all uploaded files with mode 666.

To get daemons to use another umask execute the following commands in /bin/sh and reboot:

    umask 022  # make sure umask.sh gets created with the proper mode
    echo "umask 022"  /etc/init.d/umask.sh
    for d in /etc/rc?.d
    do
        ln /etc/init.d/umask.sh $d/S00umask.sh
    done

Note: the trailing ".sh" of the scriptname is important, if you don't specify it, the script will will be executed in a sub-shell, not in the main shell that executes all other scripts.

In Solaris 2.6 and later, in.ftpd(1M) allows setting its umask in /etc/default/ftpd.

3.51) How do I change the terminal type for /dev/console?

Change the "-T sun" in the following line in /etc/inittab to "-T termtype":

    co:234:respawn:/usr/lib/saf/ttymon -g -h \
        -p "`uname -n` console login: " -T sun \
        -d /dev/console -l console -m ldterm,ttcompat

Note: Line broken for readability

3.52) If I login over the network, my terminal type is set to "sun"/"AT386" How can I change that?

If no terminal type is specified in the network (telnet/rlogin) protocol, the standard startup scripts (/etc/profile, /etc/.login) will set the terminal type to the default console type (sun for SPARCs, AT386 for x86).

3.53) How can I change the SYSV IPC parameters?

The following parameters can be used to change the number of semaphores, the amount of shared memory and the number of IPC messages. They're set in /etc/system, as usual.

set semsys:seminfo_semusz = value
set semsys:seminfo_semopm = value
set semsys:seminfo_semume = value
set semsys:seminfo_semaem = value
set semsys:seminfo_semmap = value
set semsys:seminfo_semvmx = value
set semsys:seminfo_semmsl = value
set semsys:seminfo_semmni = value
set semsys:seminfo_semmns = value
set semsys:seminfo_semmnu = value

set shmsys:shminfo_shmmin = value
set shmsys:shminfo_shmseg = value
set shmsys:shminfo_shmmax = value
set shmsys:shminfo_shmmni = value

set msgsys:msginfo_msgseg = value
set msgsys:msginfo_msgssz = value
set msgsys:msginfo_msgtql = value
set msgsys:msginfo_msgmap = value
set msgsys:msginfo_msgmax = value
set msgsys:msginfo_msgmnb = value
set msgsys:msginfo_msgmni = value

3.54) How do I enable/disable dtlogin? Whether dtlogin is started or not is settable with /usr/dt/bin/dtconfig As dtlogin itself explain when invoked without arguments: /usr/dt/bin/dtconfig -d disable(auto-start) /usr/dt/bin/dtconfig -e enable(auto-start) /usr/dt/bin/dtconfig -kill kill(dtlogin) /usr/dt/bin/dtconfig -reset (reset dtlogin) /usr/dt/bin/dtconfig -p (printer action update) /usr/dt/bin/dtconfig -inetd inetd.conf(/usr/dt daemons) /usr/dt/bin/dtconfig -inetd.ow inetd.conf(/usr/openwin daemons)

3.55) How do I configure dtlogin? The standard CDE configuration files live in /usr/dt/config. You're not supposed to edit them there, but copy the files you want to modify to /etc/dt/config and edit them there. The /etc/dt directory does not exist, create it. Customizing dtgreet, the login widget, is done through /etc/dt/config/C/Xresources; near the end you'll find the following: !! To disable options in dtgreet window, uncomment the appropriate !! line below. !Dtlogin*options_noWindows*sensitive: False !Dtlogin*remote_host_menu*sensitive: False !Dtlogin*options_languages*sensitive: False !Dtlogin*session_menus*sensitive: False !Dtlogin*options_restartServer*sensitive: False !! To disable options under remote login option menu, uncomment the !! appropriate line below. !Dtlogin*remote_login_host*sensitive: False !Dtlogin*choose_login_host*sensitive: False By removing the ! in front of the !Dtlogin you can disable the following menu items, respectively: 1) Command Line Login 2) Remote Login 3) Language choice 4) Session choice 5) Reset Login Screen 6) Under the "Remote Login" menu, "Enter Hostname ..." 7) Under the "Remote Login" menu, "Choose Host From List ..." Two undocumented options, "options_failsafe" and "options_last_dt", can be used to disable the Failsafe and Last Session choices, though the default will continue to be "Last Session". By commenting out the following lines by prepending them with a exclamation mark (!), you can disable the CDE environment login (and force users to use the other choices) Dtlogin*altDts: 1 Dtlogin*altDtName1: Common Desktop Environment (CDE) Dtlogin*altDtKey1: /usr/dt/bin/dtwm Dtlogin*altDtStart1: /usr/dt/bin/Xsession Dtlogin*altDtLogo1: Dtlogo The OpenWindows Desktop can be disable by creating an empty "/etc/dt/config/C/Xresources.d/Xresources.ow" file. Other desktops can be added by creating files like Xresources.ow in the Xresources.d directory.

3.56) How can I configure a second monitor or change X server options? First, you simply plug in the second framebuffer; plug in the monitor, make sure you have the correct device drivers installed and do a reconfiguration boot. The X server is started through the dt/config Xservers file; you'll need to modify it when you change your X server configuration: # Never edit the /usr/dt/config files in place mkdir -m 755 -p /etc/dt/config cp /usr/dt/config/Xservers /etc/dt/config Edit the Xservers file and change the line with "local_uid@console" to suit your needs; the Xsun(1) describes what arguments to pass. Here are some examples (lines split for clarity): # FFB as left monitor, PGX (m64) to the right (two ways) :0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -nobanner \ -dev /dev/fbs/ffb0 -dev /dev/fbs/m640 :0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -nobanner \ -dev /dev/fbs/m640 -dev /dev/fbs/ffb0 left # FFB, PGX (m64) underneath :0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -nobanner \ -dev /dev/fbs/m640 -dev /dev/fbs/ffb0 top # 2x FFB, using a default 24 bit visual instead of the standard 8 :0 Local local_uid@console root /usr/openwin/bin/Xsun :0 -nobanner \ -dev /dev/fbs/ffb0 defdepth 24 -dev /dev/fbs/ffb1 defdepth 24 3.57) How can I have more than 128 X windows clients? When you get the following errors, you've run out of X sockets. Xlib: connection to :0.0 refused by server Xlib: maximum number of clients reached By default, the X server has a limit of just 128. In order to increase this limit, you need to run at least Solaris 8 or an earlier release with the Xserver patch applies that fixes bug: 4185418 the X server should support more connections Then change the Xservers configuration file and add the "-clients 1024" option to the X commandline. 3.58) Xvnc/Xnest/Xvfb can't create a socket in /tmp/.X11-unix. The permissions to the /tmp/.X11-* directories have been restricted for security reasons. In order to still run unprivileged programs such as Xvnc/Xnest/Xvfb, you need to start those programs with the "-pn" option. You can no longer use displays of the form ":num"; only displays with the full hostname will still work: "hostname:num".

3.59) How can I restrict remote access through dtlogin? Copy to /usr/dt/config/Xaccess file to /etc/dt/config. Comment out the following lines if you want to fully restrict access: * # grant service to all remote displays * CHOOSER BROADCAST #any indirect host can get a chooser The dtlogin(1x) manual page explains how to have more fine grained control.

3.64) Can I use soft mounts with NFS? Technically, you can, but it's like saying: "please set fire to my server and take the backups with you too; I don't care about my data at all." So, DON'T. 3.66) How can I tell whether I'm running a 32 or 64 bit kernel? The command "isainfo" was provided for precisely that reason; 64% isainfo -kv 64-bit sparcv9 kernel modules 32% isainfo -kv 32-bit sparc kernel modules Solaris 2.6 and earlier releases are always 32 bit and lack the "isainfo" command.

3.67) How do I get rid of the Solregis pop-up? Some people are annoyed by the Solregis pop-up, especially if you do not want all users to register. Create /etc/default/solregis and put the following in it: DISABLE=1 This prevents the solregis program from starting. The manual lists a method to disable it on a per-user basis. Registering with solregis gives access to SolarisSolve; this enables you to fetch the Maintenance Updates. You can also remove the SUNWsregu package or don't install it in the first place.

3.68) Where do I get Disksuite for Solaris 8 You already have it. It's on the Solaris2of2 CD in the Solaris_8/EA directory.

3.69) How do perform an old-fashioned interactive install in Solaris 8? Boot from the Solaris1of2 CD and not from the webstart CD.

3.70) Now that Solaris install from several CDs, how can I jumpstart? In order to create a jumpstart image containing all the Solaris software, you first create an image like before from the Solaris 1of2 CD. Then you mount the Solaris2of2 CD and run Solaris_*/Tools/add_to_install_server /path/to/image/directory If you want, you can also add the langcd to the install image.

3.71) How can I grow a UFS filesystem? You can grow but not shrink a UFS filesystem if you manage to increase the size of the partition it lives in, with the following command: /usr/lib/fs/ufs/mkfs -G -M /current/mount /dev/rdsk/cXtYdZsA newsize Specifying the current mount point and raw device as well as the new size in 512 byte blocks. You can do this even when the filesystem is mounted and in use.

3.72) How do I install without starting OpenWindows? boot {net|cdrom} - install w

3.73) How do I set up Solaris for my time zone and daylight saving rules? You don't need to adjust your clock. Internally, Solaris uses Universal Time and is unaffected by time zone and daylight saving. However, you may need to adjust the TZ line in /etc/default/init to match your location, so that programs can read and display time stamps appropriately for your location. For example, you should use the line: TZ=Australia/Broken_Hill if you are in Broken Hill, Australia. After you change the TZ line in /etc/default/init, reboot to propagate the change to all processes. A TZ setting like Australia/Broken_Hill operates by referring to a file /usr/share/lib/zoneinfo/Australia/Broken_Hill that contains compiled data about the history of time zone and daylight saving changes at that location. You can run the time zone compiler yourself with a command like the following: # In Solaris 8 and later: cd /usr/share/lib/zoneinfo/src cd /usr/share/lib/zoneinfo /usr/sbin/zic africa asia australasia europe northamerica southamerica This command generates compiled time zone files for all the locations mentioned in the text files 'africa', 'asia', etc. This is a much larger set than the set of compiled time zone files shipped by default in Solaris. If you're in an unusual location, you'll need to run zic to get the proper time zone file; e.g. run zic to get TZ=Antarctica/South_Pole to work. Time zones and daylight saving rules change every now and then, so the files in /usr/share/lib/zoneinfo are periodically updated by Sun, and you may need to install a time zone patch (e.g. patch 103834 for Solaris 2.5.1) to bring things up to date for your location. Or you can install the most recent version of the time zone text files from the public domain time zone database ftp://elsie.nci.nih.gov/pub/, and compile the files yourself with zic. You can also use a POSIX TZ setting like TZ=CET-1CEST,M3.5.0/2,M10.5.0/3 as described in the environ(5) man page, but this is more confusing and is easy to get wrong, and it mishandles time stamps preceding the most recent time zone or daylight saving rule change.

3.74) I always install my own perl, can I remove the Sun installed one? Sun is planning to build software that is tested against the version of perl supplied with the OS. The answer is NO, you cannot remove perl. You can remove the /usr/bin/perl link, as Sun supplied software will only depend on /usr/perl5/bin/perl being present. 3.75) Where did kgmon go? The kgmon has been obsolete by lockstat. Lockstat has similar functionality: lockstat -kgIW sleep 5

4. NETWORKING

4.1) How do I use DNS w/o using NIS or NIS+? Under SunOS 4.1 it was next to impossible to run DNS name resolution without either a kludge fix or the NIS (V2 I guess). Under Solaris 2.1 it is incredibly simple, but ignore what the manual (SunOS 5.1 Administering NIS+ and DNS) says (the manual is fixed in Solaris 2.2). All that is required to make a non-NIS host use the DNS for name resolution is to change the host: line in the /etc/nsswitch.conf file to the following: hosts: files dns (i.e., when looking for hosts, look in /etc/hosts first, if not found there, try DNS, if still not found then give up) and set up a correct version of /etc/resolv.conf to tell the resolver routines (like gethostbyname) how to contact the DNS nameserver. You must have the names of machines which are somehow contacted during boot in the files in /etc and files must appear first in the hosts: line, otherwise the machine will hang during boot (at least ours did). Make sure that /etc/netconfig is as it was shipped. (In Solaris 2.3 and earlier, it will use "switch.so,tcpip.so" for ip, in Solaris 2.4 it just uses "-")

4.2) What is /etc/nsswitch.conf? An idea whose time has come (it came to Ultrix a few years ago). You can control which of the "resolver" services are read from NIS (formerly YP), which from NIS+, which from the files in /etc, and which are from DNS (but only "hosts" can come from DNS). A common example would be: hosts: nis files which means ask NIS for host info and, if it's not found, try the local machine's host table as a fallback. Advice: if you're not using NIS or DNS, SunInstall probably put the right version in. If you are, ensure that hosts and passwd come from the network. However, many of the other services seldom if ever change. When was that last time *you* added a line in /etc/protocols? If your workstation has a local disk, it may be better to have programs on your machine look up these services locally, so use "files". Terminology: Sun worried over the term "resolver", which technically means any "get info" routine (getpwent(3), gethostbyname(3), etc), but is also specifically attached to the DNS resolver. Therefore they used the term "source" to mean the things after the colon (files/DNS/NIS/NIS+) and "database" to mean the thing before the colon (passwd/group/hosts/services/netgroup etc). A complete discussion can be found in nsswitch.conf(4).

4.3) What does [NOTFOUND=return] in nsswitch.conf mean? Type "man nsswitch.conf" for more info. There is too much detail to summarize here. Briefly, [NOTFOUND=return] means that the name service whose entry it *follows* should be considered authoritative (so that if it's up and it says such a name doesn't exist, believe it and return instead of continuing to hunt for an answer).

4.4) Can I run a nis/yp server under Solaris 2.x? A number of options have been made available over time for running ypserv on Solaris: 1) NSkit 1.0. A version of SunOS 4.x NIS executables made to work on Solaris 2.x. Fully included in patch 101363-08. 2) NSkit 1.1. Native, available from OPcom, but never left beta stage. Didn't do DNS lookups well (the entire server hangs until a DNS request is answered). 3) NSkit 1.2. Native. Freely available from the Solaris 2.x migration initiative home page. Supports multi-homed hosts, async DNS lookups and shadow password maps. Also shipped with the 2.5 server kit. 4) SUNWypr/SUNWypu native Solaris packages. Shipped with Solaris 2.6 and later as part of the base OS CD. NSkit 1.2 is available for SPARC and x86.

4.5) Can I run NIS+ under Solaris 1 (SunOS 4.1.x) Sort of, with the NIS+ server implementation for Solaris 1.x that used to come on the Solaris 2.x CD, upto Solaris 2.3. This is a server side only implementation and requires NIS+ to run in YP compatibility mode. This server doesn't seem to be supported anymore.

4.6) With NIS+ how do I find out which machine a client is bound to? NIS+ clients do not hard bind to nis+ servers in the same way that NIS clients bind to NIS servers. The clients have a list of NIS+ servers within the cold-start file. When they need to do a lookup they do a type of broadcast called a "manycast" and talk to the first server that responds. This way they can be sure to use the lightest loaded server for the request.

4.7) Ypcat doesn't work on the netgroup table on a NIS+ server, why? Yes, that is a known problem. The only operations allowed from a NIS client side on the netgroup table are the ypmatches, but not ypcat (i.e. no support for yp_first(), yp_next() or yp_all() calls). The netgroup table is kind of unique in this. The reason for this is that the netgroup table format changed quite significantly in NIS+ and the NIS+ server would take a big performance hit in converting the netgroups table to YP (key-value) format.

4.8) Why is rpc.nisd such a memory pig according to ps? The good news is that it's not memory OR swap space you're being shown by 'ps'. Instead it's showing you the process ADDRESS space which includes 256 MB of address space reserved for the NIS+ transaction log. Given the cost of moving things around in memory and the fact that we have 4 GB of address space to play with it, this is a good idea. You've just got to stop thinking small. THINK BIG. It's only 1/16th of the total process address space being used. And if you ever exceed the 256 MB size of the transaction log you're doing something VERY wrong.

4.9) How do I tell my NIS+ server to service DNS requests from 4.x clients? Start rpc.nisd with the -B switch. This can be done editing the server's /etc/init.d/rpc file and change 'EMULYP="-Y"' to EMULYP="-Y -B"

4.10) How can I have multiple addresses per interface? Solaris 2.x provides a feature in ifconfig that allows having more than one IP address per interfaces. Undocumented but existing prior to 2.5, documented in 2.5 and later. Syntax: # This command is only required in later releases ifconfig IF:N plumb ifconfig IF:N ip-address up where "IF" is an interface (e.g., le0) and N is a number between 1 and MAX. Removing the pseudo interface and associated address is done with ifconfig IF:N 0.0.0.0 down # In newer release use the following command, but # beware that this unplumbs your real interface on older # releases, so try the above command first. ifconfig IF:N unplumb As with physical interfaces, all you need to do is make the appropriate /etc/hostname.IF:X file. The maximum number of virtual interfaces, MAX above, is 255 in Solaris releases prior to 2.6. Solaris 2.6 and Solaris 2.5.1 with the Solaris Internet Server Supplement (SISS) allow you to set this value with ndd, upto a hard maximum of 8192. /usr/sbin/ndd -set /dev/ip ip_addrs_per_if 4000 There's no limit inspired by the code; so if you bring out adb you can increase the maximum even further.

4.11) Solaris 2.x supports filesystem sizes up to 1TB. Will this give interoperability problems with NFS? No, you can share those filesystems with SunOS 4.x and other machines just fine. The NFS protocol rarely transmits the size of the underlying filesystems. The only programs on SunOS 4 clients that may give trouble are du and df, but normal filesystem use is just fine.

4.12) Where can I get an SNMP agent for Solaris? There are several agents available, including one from Sun. ftp.ece.ucdavis.edu:/pub/snmp Solstice Enterprise Agents, hit the "software download" icon http://www.sun.com/software/solstice/products/ent.agents Sun SNMP agents ftp://zippy.telcom.arizona.edu/pub/snm/patches/snmpd2.2.3/ Solaris 2.6 ships with an SNMP agent. *4.13) How can I use full-duplex ethernet? Sun's hme fast ethernet adaptors support full-duplex ethernet; it isn't enabled by default because when first shipped the full-duplex standard hadn't materialized yet. There are several ways of changing the default settings and force full-duplex mode; you may need to alter your switch settings as well. Setting through /etc/system" set hme:hme_adv_autoneg_cap=0 set hme:hme_adv_100hdx_cap=0 set hme:hme_adv_100fdx_cap=1 Setting with ndd ndd -set /dev/hme adv_100hdx_cap 0 ndd -set /dev/hme adv_100fdx_cap 1 ndd -set /dev/hme adv_autoneg_cap 0 In case you have multiple instances, you need to select the specific hme instance first, e.g., use the following to select hme1: ndd -set /dev/hme instance 1 If you need to query the device, you can interrogate various variables such as ``link_status'', ``link_speed'', etc. Setting "adv_autoneg_cap", not necessarily changing it, will cause re-negotiating of link speed/duplex settings. The dfme device cannot configured using /etc/system but are configured either with ndd (but on per-device nodes /dev/dfme0, dev/dfme1) or by editing dfme.conf.

4.14) Where can I get BOOTP/DHCP for Solaris? Solaris 2.6 ships with BOOTP/DHCP support. For older releases, you have to look into public domain servers, such as those from the Internet Consortium. ftp://ftp.isc.org/pub/dhcp/

4.15) What kind of multicast support does Solaris have? All versions of Solaris have IGMPv1 support, which is sufficient for multicast client support. Various unsupported patches for IGMPv2 ftp://playground.sun.com/pub/multicast/ support have been made available over the years; that support is integrated in Solaris 2.6. You will need to get and install mrouted yourself.

4.16) How can I have NAT or a firewall on Solaris? There are several NAT and firewall solutions. Sun has recently made SunScreen lite available for free from Sun's home page. Alternatively, there's Darren Reed's ipfilter package. http://coombs.anu.edu.au/~avalon/ 4.17) Where can I get an IPv6 capable version of tcp wrapper? The IPv6 capable version of tcp wrapper is available at Wietse's site in the /pub/ipv6 directory. ftp://ftp.porcupine.org/pub/ipv6/ Make sure you configure it with -DHAVE_IPV6.

5. TROUBLE SHOOTING

5.1) The Solaris 2.x application XX fails with a mysterious error condition. Try truss(1). truss -f -o file cmd args ... will put a trace of all system calls in "file". This often helps as a first step in diagnosing many failure modes, such as insufficient permissions on certain files etc..

5.2) In Solaris 2.5 nm is slow or dumps core. A bug introduced in the 2.5 locale libraries make strcoll() return bogus values when confronted with empty strings. This bogus empty string comparison makes that strcoll no longer defines a strict order on strings, that confuses the hell out of qsort which promptly crashes. Workaround: set LC_COLLATE to "C" (Note that xview applications will usually reset LC_COLLATE to LC_ALL, so in cmdtool/shelltool windows, LC_COLLATE needs to be set again.)

5.3) Why can't I run Answerbook on a standalone machine? This is a bug in OpenWindows. Using xhost + or starting "openwin -noauth" works around this problem. This is only recommended for stand-alone machines with no dial-in users. [ S 2.3 ]

5.4) Why can't I display Answerbook remotely? Displaying answerbook requires support for the DPS extension in the X server. The DPS extension is supported by most common Unix workstations, but not by most PC/X offerings and is often an extra cost item for X terminals. A number of people have reported success using ghostview as a replacement for the answerbook viewer, but this has the unfortunate side effect of not supporting the hypertext links in the documents. A better solution is to install a client side Display PostScript extension. Adobe has defined such a client side extension and call it DPS-NX. Bluestone sells a version. http://www.bluestone.com/ Solaris 2.6 and later come with an answerbook HTTP server which can be used with any web browser.

5.5) Why can't I run filemgr, I get ``mknod: permission denied''? This is a symptom of a bug in filemgr in Solaris 2.3. Either apply patch #101514 or run the following commands at system start-up: mkdir /tmp/.removable chmod a+rwxt /tmp/.removable

5.6) Why do I get isinf undefined when linking with libdps on Solaris 2.3? That's a bug in libdps (fixed in 2.4). Sun compiles and links its software with its own compilers. The isinf() function is shipped with the SunPRO compilers, but not defined in any Solaris 2.3 library. A workaround exists, and consists of adding the following to your program: #include ieeefp.h int isinf(double x) { return !finite(x) && x==x; }

5.7) I can't get PPP to work between Solaris 2.3 and other platforms. The PPP shipped with Solaris 2.3 doesn't interoperate with other PPP implementations. Patch #101425 fixes this.

5.8) Using compat mode for passwd doesn't work in 2.3? You need patch #101448.

5.9) Why do I get __builtin_va_alist or __builtin_va_arg_incr undefined? You're using gcc without properly installing the gcc fixed include files. Or you ran fixincludes after installing gcc w/o moving the gcc supplied varargs.h and stdarg.h files out of the way and moving them back again later. This often happens when people install gcc from a binary distribution. If there's a tmp directory in gcc's include directory, fixincludes didn't complete. You should have run "just-fixinc" instead. Another possible cause is that you're using ``gcc -I/usr/include.'' Reinstall gcc or upgrade to gcc 2.8.0 or later, which doesn't require a reinstallation after every OS upgrade, if you run Solaris 2.5 or later.

5.10) When compiling, I get "No DATAMODEL_NATIVE specified"? There are two typical causes for this; one is compiling with a bad install of gcc (See 5.9). The other possible cause is installing BIND 4.x or 8.x header files, e.g., by running "make install". You can check this with "pkgchk SUNWhea"; if this returns any errors, you need to recover the damaged include file from the original installation media.

5.11) My machine hangs during the boot process. It seems related to ps. When the system boots, the first invocation of ps will try to recreate /tmp/ps_data. To this end ps scans the /dev tree. Under some circumstances, a loop exists in /dev and ps will run forever. Most of the time this loop is caused by the symbolic link /dev/bd.off. While this link usually points to /dev/term/b, it sometimes get truncated and points to /dev instead. Fix: rm -f /dev/bd.off; ln -s /dev/term/b /dev/bd.off Use truss(1) to determine whether this is really the cause of your problem.

5.12) Syslogd doesn't seem to log anything. Make sure you have /usr/ccs/bin/m4 installed. It's in package SUNWbtool (m4 is included in SUNWcsu in 2.4 and later). Other causes are bugs in Solaris 2.3 and various revisions of patches. E.g., syslogd is broken in all 101318 patches between level -42 and -50. It works again in 101318-54. For 2.4, you may need patch 102534-xx and/or 102697-xx. In Solaris 2.6, syslogd again seems to be crash prone. You need 106439 (sparc) or 106440 (x86), rev -02 or later.

5.13) Syslogd in 2.6 runs with -z num -n, what's up? In some cases, syslogd as a multi-threaded applications needs to do a restart using exec. It uses two internal options to pass on some state information.

5.14) I get ``Invalid client credential'' when mounting filesystem on Solaris client from non-Sun fileserver. Some vendors still ship a version of RPC/NFS that allows at most 8 groups in the client credentials. Root on Solaris is by default in 10 groups. As a result, the Solaris 2.x mount command will send AUTH_UNIX credentials that are too big to cope with for the remote mount daemon resulting in the ``Invalid client credential'' error. Workaround: put root and all your users in 8 or less groups. NOTE: You must logout and login again for changes in the number of groups to take effect. (or exit root's shell and re-su)

5.15) After upgrade to 2.4, ls on NFS mounted directories hangs. Starting with Solaris 2.4, a kernel workaround to limit NFS readdir requests to 1024 bytes was disabled by default. This breaks interoperability with buggy old NFS implementations (such as SunOS 3.2, Ultrix and NeXT) There are two workarounds. The first one works and is: mount all filesystems from such servers with rsize=1024. The second one, which requires a patch for bugid #1193696 (101945-29 or later for SPARC, 101946-24 or later for x86) Edit /etc/system and add: set nfs:nfs_shrinkreaddir = 1 and reboot.

5.16) After installing patch 101945-xx, I have NFS problems ksh(looping). Patch 101945-17 introduced an bug in the NFS client code that makes that programs using NFS locking will sometimes go in an interruptible read. (I.e., you can kill the program that hangs) Truss will show the program sleeping in read(2) while top will show it eating CPU. The ksh seems to have this quite a lot. There's also a lot of network traffic. Fix: install a patch for bug-id #1198278 on your NFS clients. (101945-29 or later for SPARC, 101946-24 or later for x86) Workaround: mount NFS filesystems with "noac", but this costs performance.

5.17) I messed up /etc/system, now I can't boot. Boot with -as. The kernel will ask you all sorts of questions, including the name of the system file. Use the previous /etc/system file or specify /dev/null.

5.18) The /etc/path_to_inst file is corrupted, I can't boot. You will need to remove the file and then boot with -a and it will ask you to rebuild the path_to_inst file. It is possible that you still can't boot after that: if you've added/removed controllers/disks, the numbering of the controllers may have changed. You may need to find the new name of /usr and then edit /etc/vfstab to change all the disk names.

5.19) TCP/IP connections time out too soon, especially on slow links. The tcp/ip abort interval in Solaris 2.x is too short, the default value is 2 minutes. The result is that when an ACK isn't received in *2* minutes, the connection is closed. This is most often seen by sendmail, which will log sendmail: SYSERR: collect: read timeout on connection from ... You can fix this by running following command which increases the timeout to 8 minutes (unit is millisec), which is the Solaris 2.4+ (and patched 2.3) default. /usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 480000 This command should be placed in a script rc2.d script. (See 3.18) (See 5.21 for another possible cause)

5.20) Sendmail connection to non-Unix hosts don't work. With the introduction of sendmail V8 for Solaris 2.x in patch form and in Solaris 2.5, a bug in sendmail.cf has suddenly started to play up. The end-of-line character is not defined for the ethernet mailer, causing sendmail to send bare newlines in violation of the SMTP protocol which requires CR-NL.To fix, find the following line in sendmail.cf: Mether, P=[TCP], F=msDFMuCX, S=11, R=21, A=TCP $h and change it to: Mether, P=[TCP], F=msDFMuCX, S=11, R=21, A=TCP $h, E=\r\n To be on the safe side, check all lines starting with "M" that contain P=[TCP] or P=[IPC]. They all should use "E=\r\n". This bug is also fixed in the latest Solaris 2.x sendmail patches.

5.21) Solaris 2.x can't set up any TCP/IP connections to certain hosts. Solaris 2.x sets the don't fragment bit on all packets it send as part of MTU path discovery. The Solaris 2.x implementation is RFC compliant, but the MTU path discovery protocol will fail when there are broken routers in the path. Typical symptom is not being able to connect from a Solaris 2.x hosts but having no trouble from other hosts or being able to start a TCP/IP connection but not move any significant amount of data. /usr/sbin/ndd -set /dev/ip ip_path_mtu_discovery 0 (See also 5.19)

5.22) I read 5.21, but I still have connectivity problems. Solaris 2.x will still send large packets over such links but without the don't fragment bit set. On a number of occasions, I've come across links that don't properly handle such packets. They're not fragmented, they're silently dropped instead. So if the fix in 5.21 doesn't work you can resort to the following drastic measure which negatively impacts network performance: /usr/sbin/ndd -set /dev/tcp tcp_mss_max 536 536 is the standard packet size that is guaranteed to work by virtue of the fact that most system will communicate outside the local net with packets that big. If the connection then starts to work, it's time to find the largest value that works. It's also worth mentioning that the "ip_path_mtu_discovery" needs to be applied at both sides of a connection to fully work, applied at one side it will only affect outgoing large packets. (I.e., downloads from the site will succeed but uploads from a other Solaris 2.x machine w/o the workaround applied may still fail). The "tcp_mss_max" workaround need only be applied at one side. If you need the "tcp_mss_max" workaround for some sites, there is a problem on the link between you and those sites. Get it fixed. Traceroute will tell you where the problem lies. Try traceroute host size, for varying sizes. If traceroute without a size parameter works, but traceroute with a size parameter of 1460 fails at some hop, the connection between that hop and the next is broken.

5.23) When reading mail on non-Solaris clients of a Solaris mail server, or with non-Solaris mail readers, some messages get split into multiple messages. Solaris 2.x uses the "Content-Length:" header to tell the MUAs where messages should be split. Unfortunately, no-one else understands this convention. Instead, the old convention, ``split on "From " lines'' is used most of the time. Those mail readers expect extra lines with "From" to be escaped with "". Workaround: add "E" to the mailerflags of the local mailer. Edit /etc/mail/sendmail.cf on your Solaris machines, add E to F= on the line that reads: Mlocal, P=/bin/mail, F=flsSDFMmnP, S=10, R=20, A=mail -d $u so that it becomes: Mlocal, P=/bin/mail, F=EflsSDFMmnP, S=10, R=20, A=mail -d $u

5.24) Mail/mailx often send reply to wrong user or show wrong sender. Mail/mailx use UUCP from line to determine sender, it should use the From: header only. To achieve this you can use the undocumented "from" mail variable in your .mailrc: "set from". To make this the default behavior, add "set from" to /etc/mail/mailx.rc.

5.25) One of my users can't login (one some machines). In the shadow table/file/map there is a field that indicates how long an account may be inactive before it is expired. On login, the entry in /var/adm/lastlog, the inactive expire time and the current date are compared. If the system determines that the user is expired, he will get "Login incorrect", indiscernible from a normal incorrect login. The fix is to change the user's shadow entry.

5.26) My clients with remote /var (/var/adm) partitions won't boot. Remote, but unshared filesystems, such as /, /var, /var/adm, etc. should be mounted with the llock option. Solaris 2.x does this automatically for remote /, but not for remote /var or /var/adm. If you don't specify llock, the system will hang when it tries to do stuff to the *[wu]tmp files, early in the boot process. And lpsched may fail if it can't lock /var/spool/lp/SCHEDLOCK. Workaround: Add the (undocumented) llock option to the mount options for /var and/or /var/adm. (It should be fixed in /etc/rcS.d/S70buildmnttab.sh)

5.27) Vacation doesn't work reliably in a mixed Solaris/SunOS environment. Vacation was moved from /usr/ucb (in SunOS 4.x) to /usr/bin. Unfortunately, the full pathname must be specified in your .forward. Workaround: add a link to /usr/ucb/vacation in /usr/bin on SunOS 4 machines, and add a link to /usr/bin/vacation in /usr/ucb on SunOS 5 machines.

5.28) I have a lot of defunct processes. How do I get rid of them? In general, defunct processes are caused by a parent process not reaping its children. Find out which process is the parent process of all those zombies ps(-e). It's that process that has a bug. In Solaris 2.3 (and presumably earlier) there is a bug in the pseudo tty modules that makes them hang in close. This causes processes to hang forever while exiting. Fix: Apply patch 101415-02 (for 2.3). In all Solaris 2 releases prior to 2.5 (also fixed in the latest 2.4 kernel jumbo patch), init (process 1) calls sync() every five minutes which can hang init for some considerable time. This can cause a lot of zombies accumulating with process 1 as parent, but occurs only in rare circumstances.

5.29) I get /dev/ptmx: No such device when attempting to telnet/rlogin in. You need to increase the number of pseudo ttys (See 3.41).

5.30) ld bails out with msync errors. You probably use a Cray as fileserver. It doesn't support all NFS operations ld wants to perform. Install the following patch: 101409-04: SunOS 5.3: Jumbo linker patch [ Solaris 2.3 ]

5.31) su responds with "Sorry" and doesn't prompt for a password. Su won't run under a shell compiled under SunOS 4.1.x. Recompile your shell (tcsh/bash) under Solaris 2.x.

5.32) Why can't I install 2.4 from a non-Sun CD while I could do so with 2.3? Several changes were made to the "sd" driver between 2.3 and 2.4. In particular, the code that resets the drive to the 512 block size is no longer called in the case of a data overrun. Accordingly, it is not currently possible to install 2.4 from a local non-Sun CDROM drive. Your best bet for the short term may be to either borrow a SunCD (locally or maybe from your Sun Rep) or to mount the CD remotely on a machine that is already up and running and can handle your non-Sun CDROM, and perform a network installation. This is not a problem for non-SPARC versions of Solaris 2.x. CDROMs that have been modified to use a 512 byte blocksize by default will work fine. The Sun CD-ROM FAQ explains how to patch Solaris 2.x for using a http://betelguese.tlug.org/suncdfaq/ non-Sun CD-ROM drive for booting/installation. It also includes other information about using CD-ROM drives on Sun.

5.33) ifconfig can't find my network interface Only network devices configured with an address at boot are visible to ifconfig (i.e., if /etc/hostname.IFN exists). To make a interface visible to ifconfig do: ifconfig ifN plumb

5.34) I have an application that compiled fine, but when I run it I get: fatal: libfoo.so.2: can't open file: errno=2 or No such file or directory You need to add -Rwherethelibraryis to the link command line. E.g.,: cc -L/usr/dt/lib -L/usr/openwin/lib \ -R/usr/dt/lib -R/usr/openwin/lib \ xprog.c -lXm -lXt -lX11

5.35) Motif programs dump core almost immediately. You must specify the Motif library on the command line before other X libraries. WRONG: cc .... -lXt -lXm RIGHT: cc .... -lXm -lXt 5.36) cc complains that "language optional software package not installed". There is no C compiler included in Solaris 2.x. The /usr/ucb/cc script you are executing is a wrapper for the SunSoft C compiler which calls the native C compiler with the /usr/ucb includes and libraries. You need to get yourself a C compiler. Alternatively, you may have forgotten to put the proper link from /usr/ccs/bin/ucbcc to /opt/SUNWspro/SCxxxx/cc in place. See also 6.1. If you do have a real compiler somewhere else, either put it earlier in your path [PATH=/opt/SUNWspro/bin:....:/usr/ucb] or if it is named something other than "cc", make a link as appropriate. [PATH=/usr/local/bin:...:/usr/ucb ; ln -s ./gcc /usr/local/bin/cc] It's best to not have /usr/ucb in your PATH anyway.

5.37) thr_create/pthread_create and other thread functions always return -1 If you use SunPRO C 3.0 or later, you need to specify the commandline option ``-mt'' when compiling and linking. If you and earlier version of SunPRO C or when using gcc, you'll need to specify -D_REENTRANT on compile command lines and -lthread/-lpthread on the link command line. -lthread/-lpthread should precede -lc. Compilers implicitly add -lc at the end of the link command line; you do not have to add it yourself.

5.38) Solaris 2.4 is getting slower over time/seems to have a kernel memory leak. There are two possible causes for this kernel memory leak. There's a bug in the volume management device driver that when unloaded leaks memory: fix with patch 101907-05 (sparc) or 101908-07 (x86). This bug especially affects systems *not* running vold, as it is triggered when the kernel decides to unload unused device drivers. The NFS client cache will cache too much. A simple workaround is to add ``set nrnode = 1000'' to /etc/system and reboot. You may want to make this larger or smaller depending on how much memory you have. A good rule of thumb is about 20-30 rnodes per MB of memory. Another possible candidate is an overflow in /tmp or other swap based (tmpfs) filesystems. Check with df/du.

5.39) Why do I get ``Unable to install/attach driver 'xxx''' messages? The kernel complains that it can't load device drivers for devices you don't have. They're harmless, ignore them.

5.40) I can't run nfs: netdir_getbyname failure, /dev/udp: bind problem For some reason the nfs service has disappeared from your /etc/services file, NIS map or NIS+ table. You need to have an entry like: nfsd 2049/udp nfs # NFS server daemon (clts) nfsd 2049/tcp nfs # NFS server daemon (cots) If you use NIS+, make sure that the NIS+ entry is readable for the machine executing nfsd. If you used your SunOS 4.x services file, that would explain it: SunOS 4.x doesn't have an entry for nfsd in /etc/services, Solaris 2.x requires one. This will usually not happen until you upgrade to Solaris 2.4 or a later revision. Solaris 2.3 and earlier would always consult /etc/services, regardless of what nsswitch.conf said. /etc/services does contain the right NFS entries. Solaris 2.4 and earlier don't have an entry for NFS over tcp, so this error is also likely to occur on 2.5+ NFS servers that are NIS/NIS+ clients of 2.4- servers. In 2.5 the error message will look like: nfsd: Cannot get address for transport udp host \1 service nfs nfsd: Cannot establish NFS service over /dev/udp: transport setup problem. nfsd: Cannot get address for transport tcp host \1 service nfs nfsd: Cannot establish NFS service over /dev/tcp: transport setup problem.

5.41) Why do I get ``named[]: rt_malloc: memdebug overflow'' errors? That's caused by a bug in the Solaris 2.4 named. You need to install the appropriate one of the following patches: 102479-01: SunOS 5.4: memory leak/mismanagement in in.named 102480-01: SunOS 5.4_x86: memory leak/mismanagement in in.named The latest version of these patches include bind 4.9.3: 102479-12: SunOS 5.4: libresolv, in.named, named-xfer, nslookup ... 102480-10: SunOS 5.4_x86: libresolv, in.named, named-xfer, nslookup ... 5.42) The ld command dumps core on Solaris/x86 Solaris 2.4/x86 ld dumps core when passed the "-s" option. Workaround: Link without the -s option and use strip on the resulting executable.

5.43) In Solaris 2.4 my TCP performance is extremely poor. Patch 101969-05 broke TCP/IP throughput. You need to backout this patch or obsolete it with the kernel jumbo patch (101945-27 or later). The latter is recommended. On Solaris 2.4 x86, later kernel jumbo patches (101946-29) triggered bugs in some of the ethernet cards. This manifests itself as extremely poor TCP throughput. On such systems, you need to install DU10 or later.

5.44) Solaris 2.4 in.tftpd is terribly slow. In Solaris 2.4 a bug was introduced that makes tftpboot chroot, while it still needs to open a socket. The first request still gets a response, but all other requests meet with a 5 second delay. Workaround: mkdir /tftpboot/dev mknod /tftpboot/dev/udp c 11 41 chmod 755 /tftpboot/dev; chmod 666 /tftpboot/dev/udp" This is fixed with patch 102773-01 (sparc) and 102774-01 (x86).

5.45) I get "df: Could not find mount point ..." If the mount point starts with /cdrom, there's a bug in the way /etc/mnttab gets updated for HSFS CDroms in Solaris 2.4. Edit /etc/mnttab and remove the dev= entry for those mountpoints that give you trouble. If the mount point name starts with /net/HOSTNAME, where HOSTNAME is some other host, it's probably Sun bug 1207057. Try patch 102785-01 or later (SunOS 5.4) or 102783-01 or later (SunOS 5.3). But if HOSTNAME is the current host, it's probably Sun bug 1220440; unfortunately, this bug is still open as of Jan 2nd 1996. 5.46) I changed root's shell, forgotten root's password, and I can't login. If root no longer has a valid shell, your only recourse is to boot single user *from CD*. You need to mount the root file system and fix mntpoint/etc/passwd. If you run NIS or NIS+, you have an easier solution; just add an account with uid 0 but with a different username and a valid shell. Use that account to fix the problem with the root account.

5.47) How do I boot single user from CD? In order to recover from some problems, you will need to boot single user from CDrom. On SPARC systems with Openboot PROMs, this is done through: ok boot cdrom -s On all systems, you can boot an interactive installation in the window system and escape to a shell window. This method has the advantage of usually mounting your filesystems under /a. +5.48) How do I interrupt the system boot sequence on SPARC? As opposed to Solaris Intel system which always prompt during boot-up, Solaris SPARC systems will boot without asking. To interrupt booting, use the key sequence "Stop-A" (or L1-A) on a Sun keyboard, using "Stop" as if it's a modifier (shift/control) key. On systems with a serial console, send a BREAK; most terminals and emulators support this. 5.49) How do I reset the NVRAM to factory defaults? During bootup, press down Stop and then N, holding them down at the same time. On SPARC systems with USB keyboards, this will have no effect. Those systems can be reset by quickly toggling the front panel power button, as if double, after the power LED has started flashing and you hear an audible beep. clicking on a mouse, after 5.50) When linking C++ programs, I get "_ex_keylock" undefined. You installed a patch for your C++ compiler (101910 (SPARC) or 102486 (x86)) but forgot to install the required companion patch for libC.so.5. Fix: install patch 101242-10 (SPARC) or 102859-01 (x86) or later. This fix is included in Solaris 2.5+. 5.51) My NFS server hangs when I get filesystem full/over quota errors. Solaris 2.4 has a combination of problems that make running with quotas of or with near-full disks almost impossible. The problems include writing message to /dev/console, which requires switching of interrupts and make the machine appear dead, clients caching upto 2MB of failed writes and retrying them, hammering the server to death. Fix: kernel patch 101945-32 (sparc)/101946-29 (x86) or later. Needs to be applied on clients as well as servers. 5.52) OpenWindows fails with "Binding Unix Socket: Invalid argument" This usually only happens on diskless/dataless clients. You installed a new kernel jumbo patch on the server that exports /usr to the client and failed to read the note in the patch readme that says: NOTE: If this patch is applied to a server, it should also be applied to dataless clients that also mount /usr from that server. Failure to do so will generate this error message when openwin is started on the client: "Binding Unix socket: Invalid argument". The fix is to apply the same kernel jumbo patch to the client. 5.53) Why is Xsun such a memory pig, especially on the SX, S24 and FFB? Ps counts the mappings for the framebuffer as memory. Especially on the FFB where a number of different mappings of the device address space is used to optimize access this can cause large amounts of memory, but not physical memory, to be mapped and shown by ps. It's not unusual for the FFB+ (Creator3D) to show a 500MB process size for the X server. Solaris 2.3 FCS also has a number of Xsun memory leaks when using the SX. Get the SX patches or upgrade to a later release of Solaris 2.x. /usr/proc/bin/pmap (new in 2.5) will show the exact mappings used by Xsun. "pmap -x" (new in 2.6) will even show how much of each mapping is shared/private resident, etc. If Xsun has a memory leak, you'll see a huge "[heap]" with pmap. 5.54) Solaris 2.5 and Solaris 2.4 patch 101945-34+ have poor TCP performance over slow links. Solaris 2.5 and Solaris 2.4 kernel patch 101945-34 and later have a bug in their TCP retransmission algorithm that cause excessive retransmissions over slow links, Sun's bug ID is #1233827. A work around for this bug is running the following commands at system boot, e.g., by adding them to /etc/init.d/inetinit (values are in milliseconds): # DO NOT USE THESE CHANGES ON PATCHED SYSTEMS /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 3000 /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 3000 someone else suggested different changes, because with the above retransmits when you do lose a packet take a long time. The following uses a smaller value for the minimal retransmit interval but also limits the outgoing packet size to 536 bytes, so retransmitted packets are smaller and lost packets too. # DO NOT USE THESE CHANGES ON PATCHED SYSTEMS /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 1000 /usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 3000 /usr/sbin/ndd -set /dev/tcp tcp_mss_max 536 Patches for this bug have been released, as listed below. You should not combine the patches with the tcp_rexmit_interval setting listed here patches(listed are the first revisions with the fixes; newer versions fixing more problems have been released and can be applied instead) 101945-42: SunOS 5.4: patch for kernel 103169-06: SunOS 5.5: ip driver and ifconfig fixes 103447-03: SunOS 5.5: tcp patch 103448-03: SunOS 5.5_x86: tcp patch 103170-06: SunOS 5.5_x86: ip driver and ifconfig fixes 103582-01: SunOS 5.5.1: /kernel/drv/tcp patch 103630-01: SunOS 5.5.1: ip and ifconfig patch 103631-01: SunOS 5.5.1_x86: ip and ifconfig patch 103581-01: SunOS 5.5.1_x86: /kernel/drv/tcp patch 103632-01: SunOS 5.5.1_ppc: ip and ifconfig patch 103583-01: SunOS 5.5.1_ppc: /kernel/drv/tcp patch 5.55) After install x86 patch 101946-29, I have problems with sockets and TCP/IP throughput. These are two unrelated problems. To fix the socket problem, either copy "sockmod" from an earlier kernel patch such as 101946-12 or install patch 101946-35. The performance problem is a device driver problem that doesn't affect all ethernet cards. To fix this problem, you need to install DU10 or later. 5.56) The commands du and ls show funny block counts on NFSv3 filesystems. The first release of Solaris 2.5 NFS V3 has a bug in calculating the block allocations returned by stat. The server returns a value that is 16 times the right value and the client returns a value 16 times smaller to stat(). The net effect is that unpatched Solaris 2.5 machines look like they're having no problems with each other. But on clients with the bug, files on servers returning the right value will have a block count 16 times too small. This breaks NFS v3 swap files in Solaris 2.5, as swap files will seem to have holes in them and swap will refuse to use them. If you see this problem, your client needs patching. On correct clients served by buggy servers, files will appear to have 16 times as many blocks allocated as they should have. This will generally do no more damage than overly large du(1) or "ls -s" output. There are two ways to fix this: one is to upgrade to Solaris 2.5.1 or later, the second way is to install a patch for bug #1234858. The fix for that bug is current included in the 2.5 kernel update patch (103093/SPARC, 103094/x86). It is important that these patches are installed on clients and servers alike, especially on 2.5 clients using NFS swap files. 5.57) When I halt/reboot my system I get "INIT: failed write of utmpx entry" When the system shuts down, init(1m) updates /var/adm/utmp* to reflect that fact. If you have a separate /var filesystem, this operation will happen *after* /var is unmounted and init complains: INIT: failed write of utmpx entry:"s6" INIT: failed write of utmpx entry:"rb" You can safely ignore these messages. 5.58) Patch installation often fails with "checkinstall" errors. When installing a patch, the Solaris 2.5+ patch installation procedure will execute the script "checkinstall" with uid nobody. If any of the patch files or if any part of the path leading up to the patch directory cannot be read by nobody, an error similar to the following will appear: patchadd . # or ./installpatch . Generating list of files to be patched... Verifying sufficient filesystem capacity (exhaustive method) ... Installing patch packages... pkgadd: ERROR: checkinstall script did not complete successfully .... You can workaround this in two ways, one is to make sure that the user "nobody" can read all patch files and execute a "pwd" in the patch directory or add an account "install" to /etc/passwd: install:x:0:1:installpatch braindamage:/:/bin/true" Installpatch and patchadd use "nobody" as a fallback if it cannot find the "install" user. 5.59) Why do I get a CPU-bound rpc.ttdbserverd process? rpc.ttdbserverd is the RPC-based ToolTalk database server. It creates and manages database files kept in TT_DB directories. See ttdbserverd(1M). The problem is usually caused by corrupted entries in some TT_DB directory. The solution is therefore to kill the running rpc.ttdbserverd, and to completely remove all local TT_DB directories. rpc.ttdbserverd will be restarted from inetd when it is needed again. And it will rebuild the TT_DB directories automatically. By default these TT_DB directories are created in the top directory of every filesystem, however one can use /etc/tt/partition_map to tell ttdbserverd where to put them. See partition_map(4) for more details. A second possible cause is running out of filedescriptors, which can be fixed by upping the soft limit on the number of filedescriptors rpc.ttdbserverd starts with. 5.60) What is /proc? Can I safely remove the large files there? The /proc filesystem is a memory image of each process; it's a virtual filesystem that occupies no disk space. /proc is used for programs such as ps(1) and top(public domain) and all the tools in /usr/proc/bin that can be used to examine process state. The only way to remove /proc is to unmount it, but that will break a lot of useful programs. 5.61) What does "named[XX]: Lame server on 'hostname' ...." mean? The new named as shipped in Sun's latest bind patches prints message about all kinds of configuration problems. This particular message indicates that named has learned from a nameserver that a particular domain is served by a particular nameserver. When asked, however, that nameserver denies all knowledge of the particular domain. This is known as a "lame delegation", a reference that points nowhere. If the lame server isn't yours, there's nothing you can do about it. 5.62) I installed Solaris on a new/big disk, but now booting fails. Due to limitations in Openboot PROMs, you can't boot any of the 32bit SPARCs (sun4c, sun4m, sun4d) from a root partition that has parts lying beyond the 2GB mark on a SCSI disk. On systems with really old PROMs (revision 2.5 or less) you need to make the root partition smaller than 1GB. The Ultra PROMs are capable of this, but Solaris prior to version 2.6 also has a bug which effectively prevents Ultras from booting from large root partitions too. Patch 103640-08 or later fixes this for Solaris 2.5.1, so later 2.5.1 HW releases should be OK too. Typical error messages include: bootblk: can't find the boot program boot: cannot find misc/krtld Short read. 0x2000 chars read Read error. |*5.63) I have a problem with large disk drives. Various releases of Solaris have different upper limits in the size of the IDE disks they support. For SCSI, there are really no such limits, though older versions of format do not support really large raids. All releases support IDE disks = 8GB; support for those disks is primarily a BIOS issue on Intel. | Support for IDE disks between 8 and 32 GB was added in Solaris 7/SPARC | and Solaris 8/Intel. Note the difference in release between | architectures. | Support for IDE disks over 32 GB was added to Solaris 8 10/00 | for both SPARC and Intel. | Solaris releases that support IDE disks upto 8GB will truncate larger disks to 8GB. To use such disks to the max after upgrading to a later release of Solaris/SPARC requires zeroing the disk label with dd before relabeling it. | Solaris releases that support disks between 8GB and 32 GB will | truncate the disk to "real size modulo 32GB". I.e., a 40GB or 72GB | disk becomes a 8GB one, a 33GB or 65GB disk becomes 1GB, etc. | SPARC/IDE systems have no OpenBoot issues with disks over 8GB | and can boot fine from beyond the 8GB/32GB mark. Solaris/Intel didn't support IDE disks 8GB until release 8; BIOS permitting, Solaris 8 can even boot from beyond the 8GB mark. Older Solaris/Intel releases have a hard time coping with such big disks. 5.64) When I try a network install I get: "WARNING: using boot version 8, expected 9" This error message, with varying version numbers, occurs when a system is booted using an inetboot file for a different revision. This commonly happens when a netinstall image is upgraded without running "add_install_client" again. To fix this, you either need to remove and re-add your install client or copy the proper inetboot files to /tftpboot. 5.65) My Ultra shuts down with "WARNING: THERMAL WARNING DETECTED!!!" The Ultras have environmental sensors that will cause system or board shutdowns in case of overheating. The typical cause of this warning is a blocked airflow or a broken CPU fan. 5.66) Power management shuts down my monitor, but it never comes back. This is caused by a bug in the cgsix device driver; install the appropriate patch (105492 for 2.6) 5.67) I can't seem to disable power management in 2.6! The Solaris 2.6 Xserver insists on always doing power management of the monitor. You need to remove the power management package to get it to stop. 5.68) Power management no longer kicks in when xlock runs Set the XLock.enablesaver resource to "true". By default, xlock disables the X screen saver. The CDE screenlock needs to be set to "blank". 5.69) Orainst 7.3.2 dumps core in 2.5.1 with patches and in 2.6. Oracle has identified a bug in orainst which is triggered by changes made to Solaris. Upgrade to Oracle 7.3.3 or later. 5.70) My dial-on-demand link keeps dialing out, seems DNS related. The nscd (name service cache daemon) tries to keep a hotlist of hosts; these hosts are refreshed regularly so they won't get removed from the cache. This feature should be disabled on systems with dial-on-demand links. Edit /etc/nscd.conf and make the hot-count line for hosts read like this: keep-hot-count hosts 0 5.71) Processes hang in door_call(), hostname lookups hang. The door_call() on /etc/.name_service_door, is a fast IPC mechanism used to call the name service cache daemon. Usually, nscd speeds things up. However, on systems that do a lot of DNS lookups, all such lookups are single threaded through nscd. Nscd itself is multi-threaded, but the resolver library uses one big global lock. On such systems, performance is often best served by disabling the nscd host cache by editing /etc/nscd.conf like this: enable-cache hosts no 5.72) When using Solaris 2.6, many fonts don't show up properly in Netscape 4. You should install patch 105633-05 or later which fixes the 2.6 font rendering problems. 5.73) When using virtual interfaces in 2.6, the system picks a random source address. How can I fix this? You need to apply a patch: 105786-05: SunOS 5.6: /kernel/drv/ip patch 105787-04: SunOS 5.6_x86: /kernel/drv/ip patch 5.74) A downloaded binary complains "libresolv.so.2: can't open file" Because of various security problems, a new version of BIND was released as a Solaris patch. This patch wasn't binary compatible, so a new resolver library version needed to be made. The binary you downloaded was build on a system with the patch installed, your system lacks the patch or is running a release that is too old. The patch is available for Solaris 2.3 and up and is part of the recommended patch set. 5.75) Ypserv/NIS w/ DNS is very unreliable in Solaris 2.6. This is a known problem, install the following patches: 105552-02: SunOS 5.6: /usr/sbin/rpc.nisd_resolv patch 105553-02: SunOS 5.6_x86: /usr/sbin/rpc.nisd_resolv patch 5.76) When trying to install Solaris 2.x on an Ultra-5/Ultra-10/Ultra-60, it can't find "kernel/unix". The Ultra-5, Ultra-10 and Ultra-60 require Solaris 2.5.1 HW 11/97 or Solaris 2.6 HW 3/98 or later. You can't boot them from older installation media. 5.77) After the system has been up for a while, freemem is only a couple of MB. This is normal. When the system operates, it will gather more and more cached data. E.g., every file ever read will be cached until the memory is needed for some other purpose. Free memory is wasted memory. 5.78) A device driver that worked fine under S2.6 stopped loading under S7 There are two possible causes. It is possible that you're trying to load a 32 bit driver on a 64 bit kernel; that doesn't work as 32 bit and 64 bit code are not compatible in one address space. Drivers that use MT-Unsafe interfaces or that claim to be MT-Unsafe also no longer load in Solaris 7. In both cases, /var/adm/messages should give a pointer to the actual cause 5.79) I get a lot of "late collisions", what are those? Late collisions are usually caused by an ethernet switch and a ethernet host disagreeing on whether to run full-duplex or half-duplex. When a Sun complains about "late collisions", it runs in half-duplex mode but the switch it is connected to thinks it should run in full-duplex mode. In full-duplex mode, collisions cannot occur. 5.80) I can't mount an NFS filesystem, I get "RPC: Program not registered". When the system boots, the NFS server is not enabled unless there are NFS exports listed in /etc/dfs/dfstab. To start the nfs.server after adding an entry to dfstab, issue the following command: # /etc/init.d/nfs.server start Note that it isn't currently possible to start the nfs.server using the "nfs.server" script unless there are entries in /etc/dfs/dfstab. If you want to do automatic sharing of CDs through vold, you need to export at least one other filesystem if you're running Solaris 2.6 or earlier. 5.81) How do I automatically NFS share inserted CD-Roms? You need to add the following line to /etc/rmmount.conf: share cdrom* -o ro If the system isn't already acting as an NFS server, you'll need to run # /etc/init.d/nfs.server start In Solaris 2.6 and below, you will need to share something in /etc/dfs/dfstab, otherwise mountd and nfsd won't be started. 5.82) I cannot run remote tooltalk sessions on Solaris 8 displays and recently patched older systems. In order to prevent a number of tooltalk security problems, a new method of tooltalk authentication was introduced. This method uses a shared secret authentication system, using $HOME/.TTauthority. This new authentication scheme is the default. Both systems that don't share home directories and systems with older tooltalk client software won't be able to connect. In the case of different home directories/user ids, you will need to transfer TTauthority information. This works much like $HOME/.Xauthority information. The new command to use is ttauth(1) In the case of older client software, you will need to install the relevant ToolTalk patches. These are available for Solaris 2.4 onwards. 5.83) Where is all my memory in use? The Solaris kernel operates on the assumption that "free memory is wasted memory". Pages used for file I/O will not be added to the free list unless they become unreferenced (i.e., the file they belong to is both closed and removed). Such pages are available for re-use but are kept as a disk cache. After some period of operation, Solaris will reach a point where all memory has been used in the past and freemem will be reported as a low number from that point on. In Solaris 8 the filesystem cache was changed significantly; as a result of these changes, cached pages are now reported as free memory even though they still hold cached file data. 5.84) Tcpd prints "connect (refused) from 0.0.0.0" in Solaris 8 and later? The default inetd configuration in Solaris 8 and later have changed the service type for most services from tcp/udp to tcp6/udp6. You'll either need to change them back to tcp/udp or better, upgrade your tcp wrappers to an IPv6 capable version as described in 4.17. 5.85) The permissions on /tmp are wrong after a reboot? The tmpfs filesystems takes on the permissions from the underlying mount point. In order to fix /tmp, you need to boot single user and execute the following two commands: chmod 1777 /tmp chown root:sys /tmp

6. SOFTWARE DEVELOPMENT

6.1) Where is the C compiler or where can I get one? Where have you been? :-) Sun has dropped their old K&R C compiler, supposedly to create a market for multiple compiler suppliers to provide better performance and features. Here are some of the contenders: 1) SunPro C: http://www.sun.com/sunsoft/ SunPro, SMCC, and various distributors sell a new ANSI-standard C compiler on the unbundled (extra cost) SPARCcompiler/SPARCworks CD-ROM. There are some other nice tools there too, like a "make tool" and a visual diff (interactive diff). You have to license and pay per concurrent user. 2) Apogee compilers http://www.apogee.com/ Apogee sells C, C++, f77 and f90 compilers, mainly for SPARC. These compiler include the KAP preprocessors from Kuck and Associates. 3) Cygnus GCC: http://www.cygnus.com/ Cygnus Support and the Free Software Foundation make the GNU C compiler for Solaris, a free software product. Source code and ready-to-run binaries can be installed from the CDware CD (Volume 4 or 5). Like all GNU software, there are no restrictions on who can use it, how many people can use it at a time, what machines it can be run on, or how many copies you can install, run, give away, or sell. Cygnus sells technical support for these tools, under annual support contracts. The Cygnus distribution includes: gcc (ansi C compiler), gdb (good debugger), byacc (yacc repl), flex (lex repl), gprof, makeinfo, texindex, info, patch, cc (a link to gcc) The Cygnus compiler on uunet is starting to show its age a bit. If you want to compile X11R5, you can get the latest version of GCC in source code, from the usual places (prep.ai.mit.edu or one of the many mirrored copies of it). Build and install that compiler using the Cygnus gcc binaries. Or get tech support from Cygnus; they produce a new version for their customers every three months, and will fix any bug you find. 4) Gcc. Gcc is available from the GNU archives in source form. You need gcc 2.3.3 or later, and you should prefer gcc 2.8.0 or later as it works better with Solaris 2.x include files. You should not use GNU as or GNU ld. Make sure you run just-fixinc if you use a binary distribution. Better is to get a binary version and use that to bootstrap gcc from source. GNU software is available from: prep.ai.mit.edu:/pub/gnu gatekeeper.dec.com:/pub/GNU ftp.uu.net:/systems/gnu wuarchive.wustl.edu:/mirrors/gnu nic.funet.fi:/pub/gnu When you install gcc, don't make the mistake of installing GNU binutils or GNU libc, they are not as capable as their counterparts you get with Solaris 2.x. 5) Info on other compiler vendors will be added if you send us some.

6.2) Which packages do I need to install to support a C compiler? Solaris ships with everything you need, with the exception of the compiler itself. Solaris ships with the include files, make, an assembler, linker and libraries. All this stuff lives in /usr/ccs/bin (add it to your PATH before /usr/ucb if that's in your PATH as well) /usr/ccs/lib and /usr/include. If you still can't find it, make sure you have the following packages installed on your system: for tools (sccs, lex, yacc, make, nm, truss, ld, as): SUNWbtool, SUNWsprot, SUNWtoo for libraries & headers: SUNWhea, SUNWarc, SUNWlibm, SUNWlibms SUNWdfbh, SUNWcg6h, SUNWxwinc, SUNWolinc, SUNWxglh for 64 bit development: SUNWarcx, SUNWbtoox, SUNWdplx, SUNWscpux, SUNWsprox, SUNWtoox, SUNWlmsx, SUNWlmx, SUNWlibCx for ucb compat: SUNWsra, SUNWsrh These packages are all on the Solaris 2.x CDs, except that some packages may only exist in some releases and not in others. Some packages may be on separate CDs, such as the "Desktop/CDE" CD, but all are part of the Solaris "bundle".

6.3) Where has ranlib gone? The functionality provided by ranlib in SunOS 4.1.x is now merged into ar. It is no longer necessary to run ranlib on archive libraries. Fix makefiles that require ranlib by replacing it with "/bin/true". A no-op ranlib has been reintroduced in 2.5.

6.4) What do I need to compile X11R5? There are several "patch kits" for X11R5 under Solaris 2.1. Most of them require gcc 2.3.3 or later and unless you are running gcc 2.8.0 or later have run "fixincludes" when you install the gcc software. The recommended patchkit is R5.SunOS5.patch.tar.Z available from ftp.x.org:/R5contrib. It works with gcc (2.3.3 or later) and SunPRO C. X11R6 compiles out-of-the-box on Solaris 2.3.

6.5) I can't compile X11R6 on Solaris 2.4 There are several possible problems when compiling X11R6 on Solaris 2.4, all are solved after applying R6 fixes upto and including fix-12. These problems are: The compilation of xc/programs/Xserver/Xext/shm.c will fail with a redefinition of shmat(). Compilation errors when using SC 2.0.x. See also 6.6

6.6) X11R6 on Solaris 2.4 won't run. Xinit dies with "User Signal 1". Xterms won't die. Dired doesn't work in emacs-19. Some changes in libc.so and libthread.so break the way libthread is linked with libX11.so. The most noticeable symptoms are failing signal handling in xinit, xterms that don't die after the inferior shell process exits and emacs-19 hanging after starting dired. Apply all fixes upto fix-12 to the X11R6 sources. Remember to change OSMinorVersion to 4 in xc/config/cf/sun.cf as well and use "make Everything" or "make World", not just "make". Make sure you change the right OSMinorVersion in sun.cf, the first one is the x86 minor version, the second one is SPARC one. Change the one appropriate for your system or change both. The resulting R6 will not run on Solaris 2.3 or earlier. If you want to have the same set of binaries for Solaris 2.3 and 2.4, you need to disable threaded X altogether by changing "#define ThreadedX YES" to "#define ThreadedX NO" in sun.cf. Note that reinstall the X libraries with "make install" before things start working. There is no need to reinstall anything but libX11.so. Xterm, emacs etc., should start working after the change to libX11 is installed. Check your newly installed libX11 with dump -Lv libX11.so.6. If it still shows libthread as "NEEDED", the rebuild didn't work correctly. Double check your changes. (If you previously used the patch from the FAQ, make sure you remove it before applying fix-12.) For multi-threaded X to work it necessary to install patch 101925-02 to fix problems in header files [2.4]. Unless you are running gcc 2.8.0 or later, you need to reinstall gcc or re-run just-fixinc after installing that patch.

6.7) I get undefined symbols when compiling R6 in Solaris 2.2. Solaris 2.2 doesn't have the full thread support required by X11R6. Compile R6 without multi-thread support or upgrade to 2.3 or later.

6.8) After compiling X11R6 with gcc 2.7.0, X programs won't find their libraries. Someone at GNU made a bad mistake by adding a the following misfeature to gcc 2.7.0: in the absence of -R options, specify a -R option for each -L option on the commandline. While this looks "neat" on the surface, this makes ld ignore LD_RUN_PATH, which is the mechanism used by R6 to set the RPATH. It also introduces a security hole, as it sets a relative RPATH for all X executables, including the set-uid ones. Workaround: remove the following bit from the gcc-lib/.../2.7.0/specs file: %{!static:%{!R*:%{L*:-R %*}}} then rebuild X. This is fixed in gcc 2.7.1

6.9) How can I run X11R6 on my SS4 w/ TCX? Although it is possible to switch the TCX to dumb cg3 mode and run X11R6 on that, Matt Landau of the X consortium said the following on the matter: "But why would you want an accelerated 24-bit framebuffer to behave like a dumb 8-bit framebuffer under Solaris 2? "OpenWindows versions 3.3 and 3.4 (bundled with Solaris 2.3 and Solaris 2.4 respectively) are perfectly reasonable R5-based implementations of X, with a perfectly good R5 server that also does DPS and takes advantage of the TCX. They have none of the brokenness associated with the old X11/NeWS server from OpenWindows versions 3.2 and before. "Of course, if you want R6 libraries and apps, you can build R6 and run R6 applications against the OpenWindows 3.4 server, and still get full benefit of the TCX. Works just fine."

6.10) Can I run X11R6 on my SX, ZX, TCX, Creator, Creator3D or Elite3D? X11R6.4 and earlier do not support any of Sun's new framebuffers, including all PCI framebuffers. Run Sun's Xsun instead, it works fine. |*6.11) I can't get perl 4.036 to compile or run. | You really should be using perl 5; perl 4.036 hasn't been updated | since 1992 and is considered "dead". Run Configure, and use the solaris_2_0 hints, *don't* use the solaris_2_1 hints and don't use the config.sh you may already have. First make sure Configure and make don't find /usr/ucb/cc. (It must use gcc or the native C compiler: /opt/SUNWspro/bin/cc) Some questions need a special answer. Are your system (especially dbm) libraries compiled with gcc? [y] y yes: gcc 2.3.3 or later uses the standard calling conventions, same as Sun's C. Any additional cc flags? [ -traditional -Dvolatile=__volatile__ -I/usr/ucbinclude] -traditional -Dvolatile=__volatile__ Remove /usr/ucbinclude. Any additional libraries? [-lsocket -lnsl -ldbm -lmalloc -lm -lucb] -lsocket -lnsl -lm Don't include -ldbm, -lmalloc and -lucb. | Perl 5 compiles out of the box and comes preinstalled with Solaris 8 | and later.

6.12) I can't get sockets to work with perl. Some of the socket constants have changed. E.g., SOCK_STREAM now has a value of 2, whereas SunOS 4.x uses a value of 1. Use perl5 modules and the symbolic values they define instead.

6.13) I have problems compiling MH 6.8.3 The MH config file for Solaris that comes with MH 6.8.3 should work OK, but there are some other problems: One of the Solaris 2.x headers conflicts with mhn.c and inc doesn't know how to separate messages based on the Content-Length header. A fix for both problems can be found in: ftp://ftp.wins.uva.nl/pub/solaris/mh-6.8.3-diff

6.14) I can't get XV 3.x to compile or run correctly. You need to get xv-3.x from ftp.cis.upenn.edu:/pub/xv. Don't use xv-3.01 from ftp.x.org. The latest version, xv-3.10, compiles fine w/o any of the ucb stuff.

6.15) What happened to NIT? What new mechanisms exist for low-level network access? See man page DLPI(7). Try NFSWATCH 4.2 for sample code using DLPI. It is available by ftp from: ftp.ecn.purdue.edu:/pub/davy/nfswatch4.3.tar.gz and gatekeeper.dec.com:/pub/net/ip/nfs/nfswatch4.3.tar.gz Better yet, FTP the paper "How to Use DLPI in Solaris 2.x" by Neal Nuckolls of Sun Internet Engineering. Look in these FTP directories: opcom.sun.ca:/pub/drivers/dlpi http://www.freebird.org/hints/papers/{dlpi,npi,tpi}.ps.Z

6.16) Where are all the functions gone that used to be in libc? The C library has exploded. The manual page may give an indication where to find a specific function. Those libraries are essentially split over two directories: /usr/lib /usr/ccs/lib. Important libraries: /usr/lib: libsocket - socket functions libnsl - network services library /usr/ccs/lib: libgen - regular expression functions libcurses - the SysVR4 curses/terminfo library. In Solaris 7 the contents of /usr/ccs/lib was moved back to /usr/lib. See Intro(3) for more details.

6.17) I'm still missing some functions: bcopy, bzero and friends. They are in /usr/ucblib/libucb.so. The b* functions are replaced with the ANSI-C equivalents. Look in the Solaris porting FAQ for more details. In Solaris 2.5, they're back in libc.so, together with many other commonly used BSD functions.

6.18) Can I use the source compatibility package to postpone porting? Not really. The Source code compatibility package is compatible with BSD 4.2, not SunOS 4.1.x. The consensus is that the library is broken beyond usability. If you use libucb to pick up some functions you need, it is often best to specify it *after* all other libraries and after libc with: -lc -L/usr/ucblib -R/usr/ucblib -lucb or preferably: -lc /usr/ucblib/libucb.a

6.19) Why doesn't readdir work? It chops the first two characters of all filenames. You're probably linking with libucb and didn't read question 6.18. (Readdir in libucb.so wants you to include sys/dir.h, but many SunOS 4.1.x programs included dirent.h, consequently, you're mixing native dirent.h struct dirent with libucb readdir(). The symptom of this mixup is that the first two characters of each filename are missing. Make sure you use a native compiler (default /opt/SUNWspro/bin/cc, which may not be in your PATH), and not /usr/ucb/cc.

6.20) Why do I get undefined symbols when linking with curses/termcap? It is easy to mixup the BSD libcurses and the SVR4 libcurses. One lives in /usr/ucblib, the other in /usr/ccs/lib, when you've installed SUNWarc. Note that when you specify: -L/usr/ucblib -lucb -L/usr/ccs/lib -lcurses you will pick the *ucb* version of libcurses, not the SVR4 version. If you always put libucb last, as recommended in 6.18, you will have no such problem.

6.21) Where are the Motif includes and libraries? Starting with Solaris 2.4, the package SUNWmfrun is included with the base OS. It is installed under the directory /usr/dt, where all the CDE stuff is installed (dt stands for desktop). There are no Motif imake templates nor is mwm shipped with the base OS; only the mwm -like Dtwm is shipped. Remember that link with -R/usr/dt/lib.

6.22) When I call semctl(), my program crashes. It works fine elsewhere. The fourth argument to semctl() is a "union semun" that you need to define yourself. That your programs works on other systems is sheer luck. The argument passing convention on SPARC/V8 cause your luck to run out. Instead of passing the contents of small structs and unions in registers, a copy of the struct/union is made on the stack and a pointer to that struct is passed. In short, on SPARC, passing a union containing an integer and just an integer, both by value, is not the same thing. On other systems it sometimes is. Wrong, but it may work on other systems: semctl(sem_fd, 0, SETVAL, 1); Right: union semun { int val; struct semid_ds *buf; ushort *array; } arg; arg.val = 1; semctl(sem_fd, 0, SETVAL, arg);

6.23) Traceroute to Solaris 2.x machines gives many timeouts. Solaris 2.4 and later (and Solaris 2.3 w/ high rev kernel jumbo patches) limit the number of ICMP error message to one per 500 milliseconds. To switch off this feature, use: /usr/sbin/ndd -set /dev/ip ip_icmp_err_interval 0 In Solaris 8 the rate limiting mechanism was changed and traceroute will get all responses now as the new mechanism accepts short burst even though the rate limit is still in effect.

6.24) I have problems linking my application statically. In Solaris 2.x static linking is not supported for any of the system libraries. All the functions that use /etc/nsswitch.conf" (getXXXbyYYY, getpwXXX, etc) require the dynamic linker to load the code to load these functions. It is not possible to write configurable/extensible functions in such a way that dynamic linking is not required. E.g., you can add your own nsswitch.conf backend which would not be known to programs statically linked to only the standard backend code. Programs that link statically against any of the OS libraries may not run in the next release and are not ABI compliant. Programs that link statically don't get some dynamic performance enhancements found in the shared libraries: using hardware multiply/divide on systems that support it; using fast mem*() operations on UltraSPARC etc. And you won't pick up performance enhancements in next releases: e.g., Solaris 2.5 comes with a 4x faster fread/fwrite and the "Name Server Cache Daemon". If you don't care about ABI compliance, i.e., you won't ship your program as a product and don't care that you may need to recompile after an OS upgrade, here are some of your options: Link statically against all but libdl: cc -Bstatic .... -Bdynamic -ldl -Bstatic Link against dl* stubs (gethostbyXXX, getpwXXX etc won't work any longer): char *dlopen() { return 0;} int dlclose() { return 0;} char *dlsym() { return 0;} char *dlerror() { return "dynamic linking not loaded";} If you don't want any dependencies on /usr, link against the dynamic libs in /etc/lib: cc -Bstatic ... -Bdynamic -R/etc/lib -Wl,-I/etc/lib/ld.so.1 -ldl -Bstatic .... If you still get undefined symbols, check with ldd for all your libraries if they have any dynamic dependencies. E.g., % ldd /usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libdl.so.1 = /usr/lib/libdl.so.1 libc.so.1 = /usr/lib/libc.so.1 libintl.so.1 = /usr/lib/libintl.so.1 libw.so.1 = /usr/lib/libw.so.1 tells you that if you want to link libsocket statically, you need to link with -lnsl -ldl -lc -lintl and -lw as well. There is no way to statically link 64 bit executables; no 64 bit archive libraries are shipped with Solaris.

6.25) I get '"/usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1": not in executable format: format not recognized' from gdb on my Ultra. gdb needs to be updated to understand the "V8+" executable format. Either install gdb 4.16 or later, or update the gdb 4.15.1 distribution with the following patch to bfd/elf32-sparc.c and include/elf/common.h: *** gdb-4.15.1/bfd/elf32-sparc.c Fri Nov 3 12:30:15 1995 --- elf32-sparc.c Thu Nov 23 14:44:37 1995 *************** *** 1486,1491 **** --- 1486,1492 ---- #define TARGET_BIG_NAME "elf32-sparc" #define ELF_ARCH bfd_arch_sparc #define ELF_MACHINE_CODE EM_SPARC + #define ELF_MACHINE_ALT1 EM_SPARC32PLUS #define ELF_MAXPAGESIZE 0x10000 #define elf_backend_create_dynamic_sections \ _bfd_elf_create_dynamic_sections *** gdb-4.15.1/include/elf/common.h Fri Nov 3 20:20:25 1995 --- common.h Thu Nov 23 14:20:07 1995 *************** *** 83,88 **** --- 83,91 ---- #define EM_SPARC64 11 /* SPARC v9 (not official) 64-bit */ #define EM_PARISC 15 /* HPPA */ + + #define EM_SPARC32PLUS 18 /* Sun SPARC 32+ */ + #define EM_PPC 20 /* PowerPC */ /* If it is necessary to assign new unofficial EM_* values, please pick large

6.26) How can I make Gdb work with Sun's C compiler? Sun's C compiler only stores symbolic debugging information in the .o files. Gdb wants to find that information in the executable. You can force the symbols in the executable by passing the "-xs" commandline option to Sun's C compiler.

6.27) Does Solaris have problems with dates in the year 2000 and after? Internally, Solaris maintains time as the number of seconds since 1970-01-01 00:00:00 UTC (not counting leap seconds). This counter won't have any problem with dates in the year 2000; since it is maintained as a 32-bit signed integer value in 32 bit kernels and applications, it will work correctly through 2038-01-19 03:14:07 UTC. 64-bit Solaris uses a 64 bit time value which will last longer than the current estimated age of the universe; but 32 bit applications, such as most Solaris 7 applications, still use 32 bit time. Also, 64-bit applications may have trouble with time stamps outside the 32-bit range. For example, Solaris 7 supports only 32-bit time stamps on ordinary files, the 64-bit ctime and asctime functions have undefined behavior for time stamps after the year 9999, and the 64-bit localtime function has undefined behavior for huge time stamps time(stamps after the year INT_MAX + 1900 == 2147485547). Though the Solaris kernel itself shouldn't have any problems with the year 2000, applications themselves may have problems, partly because some application writers unwisely chose to represent dates using two-digit years, and partly because some application writers mistakenly thought that localtime returns the year modulo 100, when it actually returns the year minus 1900. These kinds of problems are rarer in Solaris than with typical mainframe applications, but they sometimes do occur. A year 2000 project at Sun is reviewing all libraries, unbundled http://www.sun.com/y2000/ software, and some 3rd party apps in search of potential year 2000 problems, so that they are resolved well before the big day. Solaris 2.6 and Solaris 7 are meant to be year-2000 compliant. However, some y2000 bugs have been found after Solaris 2.6 was released. A few more bugs were found after Solaris 7 was released. Y2000 patches are available from SunSolve Online, free of charge. If you have the following supported SMCC hardware, also patch your PROM monitor to get year-2000 compliance: - SPARCserver 1000, 1000E, 2000, 2000E - Sun Enterprise 3000, 4000, 5000, 6000, with PROM version 3.2.9 or earlier The SPARCservers will need to have their OBP PROMs swapped. The PROM bugs do not affect day-to-day operation or booting, only output from diagnostics and self-tests is affected. All other supported SMCC hardware should be OK as is. (Note that the older 68000-based hardware is no longer supported.) Sun-maintained Solaris applications with known year-2000 problems as of Solaris 2.5.1 (unpatched) include the following. * SCCS files store only the last two digits of the year, so standard SCCS stops working after 1999. Sun works around this problem by having SCCS interpret two digit years to be in the date range 1969-2068; this means the revised SCCS will stop working after 2068. * The Solaris 1 `date' command can't set the clock past 1999. This bug is partly fixed in Solaris 2 `date', which supports both 2-digit and 4-digit years; however, in Solaris 2 you should use 4-digit years when setting the date, to avoid some remaining bugs with 2-digit year handling. * The following programs are known to have minor bugs related to using year-1900 instead of year modulo 100 when generating diagnostics, temporary file names, and the like: atq fsck listen passwd sar timex ufsdump uucico uustat uuxqt xterm * The -me, -mm, and -ms troff macro packages all assume that the current date is before January 1, 2000. * `sortbib' mishandles bibliographies containing 2-digit years that span the year-2000 boundary. * `ckdate' rejects years after 1999. * Problems have been reported with installing Solaris on machines whose hardware date is past 1999. * The filemgr `find after' and `find before' operations have only 2-digit inputs for years, and mishandle dates after 1999. * cm (the calendar manager) mishandles dates after 2000-02-29. * In Openstep, NSCalendarDate, NSDate*, Mail, and Preference need enhancements and fixes for years past 1999. In addition, user applications that invoke `getdate' and `strptime' on 2-digit years are advised to check their assumptions carefully. Patches for year 2000 problems will be made available for all releases not EOLed at January 1, 1995, in keeping with the 5 year support window. This includes the Solaris releases 2.5.1, 2.5, 2.4 and 2.3 as well as SunOS 4.1.3_U1B and 4.1.4. Solaris 2.x Y2000 patches can be freely downloaded from Sun's public patch page. http://sunsolve.Sun.COM/pub-cgi/us/pubpatchpage.pl

6.28) I can't seem to get older gcc releases to work under Solaris 2.6 As with all new Solaris releases, you need to reinstall gcc after upgrading, unless your are running gcc 2.8.0 or later. Unfortunately, Solaris 2.6 include files don't get properly fixed by fixincludes. To fix this, apply the following patch to fixinc.svr4 before building gcc. *** ./fixinc.svr4.org Thu Jun 15 23:03:29 1995 --- ./fixinc.svr4 Thu Sep 4 13:41:29 1997 *************** *** 189,194 **** --- 189,195 ---- s/__STDC__[ ][ ]*==[ ][ ]*1/defined (__STRICT_ANSI__)/g s/__STDC__[ ][ ]*!=[ ][ ]*0/defined (__STRICT_ANSI__)/g s/__STDC__ - 0 == 0/!defined (__STRICT_ANSI__)/g + s/__STDC__ - 0 == 1/defined (__STRICT_ANSI__)/g /^typedef[ ][ ]*[unsigned ]*long[ ][ ]*[u_]*longlong_t;/s/long/long long/ ' $2/$file $2/$file.sed mv $2/$file.sed $2/$file

6.29) Gdb doesn't fully work on Solaris 2.6. Solaris 2.6 defines a new interface for interaction between the debugger and the runtime linker. Previous releases don't support any such interface, so debuggers would use unpublished hooks. The following patch to gdb 4.16 fixes this problem. --- ./gdb/solib.c.org Sat Mar 30 06:58:51 1996 +++ ./gdb/solib.c Sat Sep 6 14:48:18 1997 @@ -67,6 +67,7 @@ #ifdef SVR4_SHARED_LIBS static char *solib_break_names[] = { + "rtld_db_dlactivity", "r_debug_state", "_r_debug_state", "_dl_debug_state",

6.30) I can't get gdb to compile with Sun's C compiler Older versions of Solaris didn't declare __builtin_alloca; the prototype provided for it with gdb doesn't agree with the one supplied with current Solaris versions. --- ./libiberty/alloca-norm.h.org Thu Jun 29 04:15:41 1995 +++ ./libiberty/alloca-norm.h Sat Sep 6 14:50:35 1997 @@ -5,7 +5,7 @@ #else /* not __GNUC__ */ #ifdef sparc #include alloca.h -extern char *__builtin_alloca(); /* Stupid include file doesn't declare it */ +extern void *__builtin_alloca(); /* Stupid include file doesn't declare it */ #else #ifdef __STDC__ PTR alloca (size_t);

7. KERNEL PARAMETERS

|7.1) Where can I find a list of all Solaris kernel parameters? The most important kernel parameters can be found in the tunable parameters guide. http://docs.sun.com:80/ab2/coll.709.2/SOLTUNEPARAMREF/ It's focus is Solaris 8 but sufficient history is included to make the guide extremely useful for earlier releases. There is also a large number of kernel variables of which the main purpose is debugging and testing or even disabling of new(er) algorithms that are seen to be risky. Such variables are typically not documented, except in workarounds when problems do arise. |*7.2) How can I guard my system against stack buffer overflow exploits? By default, the Solaris kernel maps the system stack RWX; this behaviour is mandated by the SPARC V8 ABI. Since an non-executable stack gets in the way of certain classes of security bug exploits, a feature was added to Solaris 2.6 that allows system administrators to remove the "X" protection from the stack. To enable this feature, add the following to /etc/system: * Foil certain classes of bug exploits set noexec_user_stack = 1 * Log attempted exploits set noexec_user_stack_log = 1 This is no general "cure-all" protection for buffer overflow exploits. It may also break certain SPARC V8 ABI conforming programs. This feature also requires hardware support; it is only available on UltraSPARC (sun4u), sun4d and sun4m systems. The SPARC V9 ABI no longer maps the stack executable, so 64 bit | applications have less to worry about. 32-bit applications running | on a 64-bit kernel are not so lucky.

7.3) How can I restrict the number of processes per user? Set the following in /etc/system: set maxuprc = num

7.4) What purpose does the maxusers variable serve? The maxusers variable has nothing to do with the number of user allowed on a system. It's one big knob that scales a number of other parameters simultaneously. The standard settings and derivations are more or less as follows, using /etc/system syntax: * The big knob, scales automatically set maxusers = amount of available physical memory in MB * Maximum number of allowable processes; currently at most 30000 set max_nprocs = 10 + 16 * maxusers * Max processes per user (5 are reserved for the super user) set maxuprc = max_nprocs - 5; * Number of quota structures (need one per user per filesystem * w/ quotas) set ndquot = maxusers * NMOUNT / 4 + max_nprocs * Maximum size of the directory name lookup cache (DNLC) set ncsize = 4 * (max_nprocs + maxusers) + 320 set ufs_ninode = ncsize

7.5) How can I have a clock resolution better than 10ms? Starting with Solaris 2.6, this can be achieved with the following entry in /etc/system: set hires_tick = 1 This will set the system hz value to 1000. In principle, you can also set "hz" directly, but that is not supported nor recommended: * Get 0.1 ms clock resolution/timer granularity set hz = 10000 Solaris 8 introduces the cyclic subsystem; this allows for timers of much better granularity without burdening the system with a high interrupt rate. High resolution timers are available to root only using timer_create(3rt) with a clock_id of CLOCK_HIGHRES. |7.6) How can I have more than 16 groups per user? The number of groups per user can be increased to at most 32: set ngroups_max = 32 This setting may give rise to NFS interoperability problems, as typical NFS servers only support 16 groups when using AUTH_SYS/AUTH_UNIX. The other NFS authentication mechanisms map "netids" to usernames on the servers and can support more than 16 groups.

7.7) How can I disable _POSIX_CHOWN_RESTRICTED? My users want to chown files? Add the following to /etc/system: set rstchown = 0 Note that this defeats quotas.

7.8) How can I make the NFS server ignore unprivileged clients? In a restricted environment, i.e., an environment where the administrator controls root access, you can enhance NFS security by setting the "NFS_PORTMON" variable. This variable is set in /etc/system, like this: * Prior to Solaris 2.5 set nfs:nfs_portmon = 1 * Solaris 2.5 and later set nfssrv:nfs_portmon = 1

pkginfo pkg	test for presence of package.
pkgadd -d /cdrom/Solaris_2.3 pkg ...	add missing packages
pkgrm pkg ...	remove packages.
pkgchk -q pkg	test for existence of package
pkgchk options [pkg]	check installed packages for integrity.

CONSOLE=/dev/console	Direct root logins only on console. Default.
CONSOLE=/dev/ttya	direct root logins only on /dev/ttya
CONSOLE=	direct root logins disallowed everywhere
#CONSOLE (or delete the line)	root logins allowed everywhere

/etc/inittab	Defines which programs init starts and when.
/sbin/rcS /etc/rcS.d/*	Booting stuff
/sbin/rc2 /etc/rc2.d/* /sbin/rc3 /etc/rc3.d/*	Stuff for multi-user startup.

PMTAG	Port monitor name you made with "sacadm", e.g. "zsmon".
SVCTAG	Service tag, which can be the name of the port, e.g., "ttya" or "tty21".
PROMPT	prompt you want to print, e.g. "login: ".
YORN	"y" to turn software carrier on (you want this for directly connected terminals" and "n" to leave it off (you want this for modems).
TERMTYPE	value you want in $TERM.
DEVICE	name of the device, e.g. "/dev/term/a" or "/dev/term/21".
TTYID	line you want from /etc/ttydefs that sets the baud rate and stuff. I suggest you use one of the "contty" ones for directly connected terminals.