September 29, 2004 No comments

Solaris Net Install

Some of the newer Sun boxes we have been receiving are coming without CD/DVD drives so you may need to do an install over the net. Unfortunately you cannot retrieve the MAC address for the backup interface without having Solaris installed on the machine, forcing you to waste time completing the pre-installed Solaris 8 setup before installing Solaris 9. This is a way around that problem.

  1. Note the port number that your backup interface is connected to. Make sure that it is set at the correct speed/duplex and is in the backup VLAN.
  2. From the OpenBoot promt, set all interfaces to use the same MAC address.
    {1} ok setenv local-mac-address? false
    {1} ok reset-all
  3. When the host resets, send a break signal so you can boot via network. Note the MAC address displayed during POST.
  4. On the Jumpstart host, add the MAC address and hostname to /etc/ethers and the IP address and hostname to /etc/hosts.
  5. On the Jumpstart host, add the new server as an install client.
    add_install_client client name architecture
  6. On the client, boot the backup network interface.
    {1}ok boot net1 - install
  7. Once the install is complete, set the interfaces to use their firmware MAC addresses again.
    # eeprom "local-mac-address? true"
  8. Reboot/reconfigure and register the new, correct MAC address as the backup address.
September 24, 2004 Comments off

Oracle DBI on Solaris 8

While installing perl 5.8.5 today and installing all of the modules needed for a web server, I ran into the ELF problem again with Oracle-DBD and a 64-bit operating system. The fix required the following steps:

  1. Set PATH to have /usr/ccs/bin before /usr/local/bin so Sun’s strip is called instead of the Gnu strip.

    Export environment variable to use gcc instead of the cc stub installed on Solaris.
    # CC=gcc; export CC

  2. Set your Oracle environment.
  3. Create the make file.
    # perl Makefile.PL
  4. Edit the resulting make file. Remove the “-o build” flags and change all references for Oracle libraries from lib to lib32., e.g. ../v920/rdbms/lib becomes ../v920/rdbms/lib32.
  5. Compile and install.
    # make; make install

September 23, 2004 No comments

RBAC

I have gone ahead and set up RBAC rules for some web application admins. It is fairly similar to sudo, the process is as follows:

1. Define the role in /etc/security/prof_attr

Web Admin:::Web Admins:help=RtDefault.html

2. Define the applications that role can run and the uid it runs under in /etc/security/exec_attr:

Web Admin:suser:cmd:::/etc/init.d/apache:euid=0
Web Admin:suser:cmd:::/etc/init.d/coldfusionmx:euid=0
Web Admin:suser:cmd:::/usr/local/apache/bin/apachectl:euid=0
Web Admin:suser:cmd:::/usr/local/apache/bin/htpasswd:euid=0
Web Admin:suser:cmd:::/usr/local/apache/bin/rotatelogs:euid=0
Web Admin:suser:cmd:::/opt/coldfusionmx/bin/cfusion:euid=0
..

3. Create a role user account:

# useradd -g 14 -d /home/webadm -s /bin/pfksh \
-c "Web Administrative Account" -m webadm

4. Add the role to /etc/user_attr using the name defiled for the profile in #1 above:

webadm::::profiles=Web Admin;type=role

5. Add users to the role:

# usermod -R webadm

Recent Posts

Blogroll