Thursday, September 27, 2012

Forwarding Display

These are my notes on how to forward a display on a UNIX based operating system.

For this example we will useing the names home & remote for our servers. Home is the starting sever and remote is the server your logging into and displaying the app back to the home server. rich@home# ssh -X remote Can also use -Y instead of -X. This is more secure then the method described below.

Some work places don't allow X forwarding so you have to use the DISPLAY variable. rich@home# xhost + remote
server2 being added to access control list
rich@home# echo $DISPLAY
:1.0
rich@home# ssh remote
rich@remote# export DISPLAY=home:1.0
At this point you can now forward your display. Export DISPLAY works with BASH and KSH. Use setenv DISPLAY for CSH. Take a note of the fact that this 2nd way of forwarding your display is insecure. 

Reference
How to export display from Linux to FreeBSD

Wednesday, September 26, 2012

Creating Zones in Solaris 10

Zones are a feature of Solaris 10, which provide a form of visualization. When used with containers they can also provide flexible application isolation. A container is a method of controlling resources. I will not be going over containers in this guide. All Solaris 10 servers have a Global zone, which can host three types of zones. The three zone types are: Spare Root, Whole Root and Branded zones.

A Global zone is a physical machine or host for the other zones. This zone can effect or control the other zone types, but the global zone is protected from changes on hosted zones. The Whole Root zone is a almost full copy of the Solaris 10 OS in self contained area on the global zone. Any system files you have installed on the global zone will also be installed on the Whole Root zone as well. Where as the Spare zone, is a zone that shares the four of the main file systems with the the Global zone.


Solaris 11 also uses zones but it does it differently. The zones in Solaris 11 are similar to Branded zones in Solaris 10. If you want to build Solaris 10 Branded zones or Solaris 11 zones. This guide may not be as helpful to as a guide that covers branded or Solaris 11 zones zones.
Solaris 11 also uses zones but it does it differently. The zones in Solaris 11 are similar to Branded zones in Solaris 10. If you want to build Solaris 10


Topics covered
1. Creating Zones on Solaris 10
2. Fixing sudo
3. Creating local account


For the purpose of this guide. We will use the hostname, earth for our Global zone (host). We will create a zone named moon and a user named man. So in other words will but a man on the moon. We will also use shared interfaces for our networking.



Part 1: Creating Zones on Solaris 10
Zone creation (must be root)
root@earth> zonecfg  –z  moon
zonecfg:moon> create -b
zonecfg:moon> set zonepath=/export/zones/moon
zonecfg:moon> set autoboot=true

The -b option after create sub-command makes the zone a Whole Root. Leave it off if you want Spare zone. The zonepath setting tells the zonecfg command where to install the zone. The autoboot setting is optional but if don't set it to true, the zone may not come back up if you reboot the global zone. You will need to manually boot the zone.

Configuring the network interfaces
zonecfg:moon> add net
zonecfg:moon:net> set address=10.0.10.41/24
zonecfg:moon:net> set physical=rtls0
zonecfg:moon:net> set defrouter=10.0.10.1
zonecfg:moon:net> end
The /24 sets the subnet mask and is optional. Repeat the last step for every additional interface you need to configure.

Note you might want to run the ifconfig –a command on the global zone to see what interfaces you have configured.

Optional, check setup.
zonecfg:moon> info
zonepath: /export/home/moon
autoboot: true
pool:
limitpriv:
scheduling-class:
ip-type: shared
net:
        address: 10.0.10.41
        physical: rtls0
        defrouter: 10.0.10.1

Finish up
zonecfg:moon> verify
zonecfg:moon> commit
zonecfg:moon> exit

Install zone
root@earth> zoneadm -z moon  install
A ZFS file system has been created for this zone.
Preparing to install zone moon.
Creating list of files to copy from the global zone.
Copying 82181 files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize 783 packages on the zone.
Initialized 783 packages on zone.
Zone moon is initialized.
Installation of 1 packages was skipped.
The file contains a log of the zone installation.

Boot the zone
root@earth> zoneadm -z moon boot

Check the zone
root@earth> zoneadm list -cv
ID NAME     STATUS      PATH                      BRAND      IP
0   global        running        /                                  native          shared
-    moon        installed       /export/zones/moon    native          shared

Log into zone and finish zone setup.
root@earth> zlogin -C moon
The  –C  option will give you console access to the zone.

Select a Language

  0. English
  1. es
  2. fr
Please make a choice (0 - 2), or press h or ? for help: 0
Enter 0

Select a Locale
  0. English (C - 7-bit ASCII)
  1. Canada (English) (UTF-8)
  2. Canada-English (ISO8859-1)
  3. U.S.A. (UTF-8)
  4. U.S.A. (en_US.ISO8859-1)
  5. U.S.A. (en_US.ISO8859-15)
  6. Go Back to Previous Screen
Please make a choice (0 - 6), or press h or ? for help: 0
Any of these are fine, here I will chose 0

What type of terminal are you using?
  1) ANSI Standard CRT
  2) DEC VT52
  3) DEC VT100
  4) Heathkit 19
  5) Lear Siegler ADM31
  6) PC Console
  7) Sun Command Tool
  8) Sun Workstation
  9) Televideo 910
  10) Televideo 925
  11) Wyse Model 50
  12) X Terminal Emulator (xterms)
  13) CDE Terminal Emulator (dtterm)
  14) Other
Type the number of your choice and press Return:   13
Pick 13, don’t pick 12 it will crash the zone. (at least it does with my setup)

Enter the zones hostname

Below I have highlighted the answers I use on each screen.








After setting the root password the system will reboot

Log in as root

Fixing sudo
For some reason sudo sometimes will not work after the zone comes up. Do the following command to fix root. From the inside the new zone
# ldd /usr/local/bin/sudo
libpam.so.1 =>     /usr/lib/libpam.so.1
libdl.so.1 =>      /usr/lib/libdl.so.1
libintl.so.8 =>    /usr/local/lib/libintl.so.8
libsocket.so.1 =>  /usr/lib/libsocket.so.1
libnsl.so.1 =>     /usr/lib/libnsl.so.1
libc.so.1 =>       /usr/lib/libc.so.1
libcmd.so.1 =>     /lib/libcmd.so.1
libiconv.so.2 =>   /usr/local/lib/libiconv.so.2
libsec.so.1 =>     /usr/lib/libsec.so.1
libgcc_s.so.1 =>     (file not found)
libmp.so.2 =>      /lib/libmp.so.2
libmd.so.1 =>      /lib/libmd.so.1
libscf.so.1 =>     /lib/libscf.so.1
libgcc_s.so.1 =>     (file not found)
libavl.so.1 =>     /lib/libavl.so.1
libdoor.so.1 =>    /lib/libdoor.so.1
libuutil.so.1 =>   /lib/libuutil.so.1
libgen.so.1 =>     /lib/libgen.so.1
libm.so.2 =>       /lib/libm.so.2
/platform/SUNW,Sun-Blade-T6300/lib/libc_psr.so.1
        /platform/SUNW,Sun-Blade-T6300/lib/libmd_psr.so.1
The two lines that are bold need to have their links fixed. Run command below to fix.

# ln -s  /usr/sfw/lib/libgcc_s.so.1  /usr/lib/libgcc_s.so.1
# ldd /usr/local/bin/sudo

libpam.so.1 =>     /usr/lib/libpam.so.1
libdl.so.1 =>      /usr/lib/libdl.so.1
libintl.so.8 =>    /usr/local/lib/libintl.so.8
libsocket.so.1 =>  /usr/lib/libsocket.so.1
libnsl.so.1 =>     /usr/lib/libnsl.so.1
libc.so.1 =>       /usr/lib/libc.so.1
libcmd.so.1 =>     /lib/libcmd.so.1
libiconv.so.2 =>   /usr/local/lib/libiconv.so.2
libsec.so.1 =>     /usr/lib/libsec.so.1
libgcc_s.so.1 =>   /usr/lib/libgcc_s.so.1
libmp.so.2 =>      /lib/libmp.so.2
libmd.so.1 =>      /lib/libmd.so.1
libscf.so.1 =>     /lib/libscf.so.1
libgcc_s.so.1 =>   /usr/lib/libgcc_s.so.1
libavl.so.1 =>     /lib/libavl.so.1
libdoor.so.1 =>    /lib/libdoor.so.1
libuutil.so.1 =>   /lib/libuutil.so.1
libgen.so.1 =>     /lib/libgen.so.1
libm.so.2 =>       /lib/libm.so.2
        /platform/SUNW,Sun-Blade-T6300/lib/libc_psr.so.1
        /platform/SUNW,Sun-Blade-T6300/lib/libmd_psr.so.1
This should fix sudo.
Note: For the user to be able to use sudo they need to belong to the sysadmin(14) group.

Create a local account
# mkdir –p /export/home
# useradd -u 2056 -g 2001 -G 14 -m -d /export/home/man -g gid -s /bin/bash man
# passwd man
New Password:
Re-enter new Password:
passwd: password successfully changed for man
~. will take you out of the zlogin console.

Now your zone is complete. Login to the zone as the new user and test sudo. If all everything is working then your done. This post is a little long. maybe I should have broken it up. If you have any questions please comment below.

Other related posts
Uninstall and delete a zone in Solaris 10
Faster Solaris 10 Zone Creation
Set the Default Route on Solaris
Add Zone Function to Solaris 10 Core build
How-to change the IP address on a Solaris server

Tuesday, September 25, 2012

Setup no password sudo on RHEL

Sudo is a great tool if you want to run programs with elevated permissions. The problem is that by default you have to enter a password to run the commands. In this post I show you how to set up sudo in RHEL 5, so select users don't need to enter a password.





Open your favorite text editor and edit /etc/sudoers. Change the following lines to match what is below.
visudo
## Allows people in group wheel to run all commands
%wheel ALL=(ALL)  ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
Note - I found that you have to uncomment both of the items above, if you are using a gnome desktop. When only the bottom option is set, the the gnome admin apps will not launching, even after you enter the root password in the pop-up. So if you are not using the admin GUI apps then just uncomment the bottom.

Next add the user to the wheel group.
usermod -G wheel  user
The -G option adds the user to the wheel group. If you use -g instead the sysadmin group will be added as the primary group.

Now your user should be able to use sudo without having to use a password.

Simular pages on this blog:
Use sudo without a password

Friday, September 14, 2012

How-to change the IP address on a Solaris server

This post is a how to, for changing an IP address on a Solaris operating system. I will show you how to change the IP address and sudnet mask for both a global zone and a full root zone. For the examples on this page I will be using the Solaris 10 operating system. The global zone will be called earth and the zone will be called moon.


Solaris 10 
root@earth> ifconfig [interface] x.x.x.x/x
The /x at the end is used to set the netmask and is optional. If the netmask is not set Solaris will use the default /24 for a class C address, if the IP address is a class C address.

root@earth> ifconfig [interface] plumb x.x.x.x/x up
This command sets the IP adddress and brings up the interface.

Note this is not a permanent fix. The server will revert back to the old IP address after a reboot. To prevent this, perform the steps below.
root@earth> echo x.x.x.x/x > /etc/hostname.[interface]

Add the IP address and hostname to the /etc/hosts file.

Use this command to restart the service instead of rebooting the server.
root@earth> svcadm restart network/physical

Change the IP address of a Solaris 10 zone.
The steps above can be used to change the IP address from within the zone. Though if the NIC is controlled by the global zone, ie a shared interface. Then steps below will show you how to change the IP address of the zone, from the global zone.
root@earth> zonecfg -z moon
zonecfg:moon> select net address=x.x.x.x/x
zonecfg:moon:net> set address=x.x.x.x/x
zonecfg:moon:net> set physical=[interface]
zonecfg:moon:net> set defrouter=x.x.x.x/x
zonecfg:moon:net> end
zonecfg:moon> verify
zonecfg:moon> commit
zonecfg:moon> exit


You may have to remove the the old IP address first. If so follow the steps below.
root@earth> zonecfg:moon> remove address=x.x.x.x/x
zonecfg:moon> add net
zonecfg:moon:net> set address=x.x.x.x/x
zonecfg:moon:net> set physical=[interface]
zonecfg:moon:net> set defrouter=x.x.x.x/x
zonecfg:moon:net> end


Now reboot the zone and check the zone status.root@earth> zoneadm -z moon  reboot
root@earth> zoneadm list -cv
ID NAME STATUS PATH BRAND IP
global running / native shared
moon running /export/zones/moon native shared


I hope this helps someone. If you have an suggestions or questions please post below.


Thursday, September 6, 2012

Use sudo without a password

These are my notes for setting up users so they can use sudo without a password. This how-to is for a system that already has sudo installed on a server. Basically what I'm doing here, is giving a group the ability to use sudo without a password and then assigning users to that group.

To edit the sudoers file, use the command below.
# visudo

Add the following line.
sysadmin ALL=(ALL) NOPASSWD: ALL
In this example the sysadmin group can now sudo without needing to use a password, but any group can be used.

Note - I use the sysadmin group for Solaris and the wheel group for RHEL & SLES.

Add the user rich to the sysadmin group.
# usermod -G sysadmin man
The -G option adds the user man to the sysadmin group. If you use -g instead the sysadmin group will be added as the primary group.

Following the steps above should now give access to sudo without needing to enter a password. If you have any questions or comments please post below.

Simular pages on this blog:
Setup no password sudo on RHEL