- Shopping Bag ( 0 items )
Ships from: Idyllwild, CA
Usually ships in 1-2 business days
What's in this chapter
User accounts lie at the very heart of UNIX system security. They are the first layer of defense against misuse and attack. It is therefore necessary for a UNIX systems administrator to thoroughly understand what user accounts are and how they work.
Computers grant you access to information based upon who they think you are, not upon who you actually are. Take, for example, a financial clerk who has access to bank account information. The clerk is logged into the computer system—that is, the clerk has identified himself by providing a userid and password. The computer then allows the clerk to access and change financial records for its customers.
Now let's say that the clerk gets up to take a five-minute stretch—he just walks away from his terminal. Anyone could sit down at that terminal and enter transactions as though they were the clerk. The computer does not know the difference—it doesn't know whether the person entering transac-tions is the original clerk who signed on earlier.
The root user not only has read access to everything on the computer, but has write access as well. Thus, not only can skilled hackers access any infor-mation on a computer, but they can alter it as well. Frequently hackers break into computer systems, get the information (or inflict the damage) they want, and then erase their tracks by removing entries in logs that recorded their presence. All too frequently hackers break into a system, do their dirty deeds, remove traces of their activities on all log files, and quietly sneak away.
The root account is omnipotent not because of its name, but because of its userid, which is 0. The first line from the /etc/passwd file is shown in Figure 5.1 to illustrate.
Other accounts can be created with a userid of 0; those other accounts have all the power and privilege that root has. Further, the root account's name could be changed, but as long as its userid number is 0, it is still root.
Set root's path—defined in /.profile—as follows:
No user's PATH or LD_LIBRARY_PATH should ever contain "." (search the shell's current working directory for executables or libraries). Otherwise, a user could plant a Trojan horse2 in a directory that he can write to and just sit back and wait until root stumbles into that directory and accidentally exe-cutes that program....
2. See "Glossary of Attacks" in appendices for a definition and example of the Tro-jan horse and LD_LIBRARY_PATH attacks.
1. System Concepts.
Operating System. Programs and Processes. The ps Command. The prstat Command. Signals. Terminating an Active Process. The pkill Command. Daemon Processes. The File System. Getting Help. Man Pages.
Installation Planning. Memory. Disk Space. Software Clusters. Network Information. Release Media .Software Installation on a New System. Installing from CD-ROM31. Software Installation on an Existing System: Solaris Upgrade. Preparing for an Upgrade. Upgrade Procedure. Installing Software Packages. pkgadd Command. pkginfo Command. pkgrm Command. Noninteractive Package Installation and Removal. pkgchk Command. Installing Patches. Where to Obtain Patches. Patch Installation. Decisions about Patches. Installing a Patch. Listing Which Patches Are Currently Installed. Removing a Patch.
3. The Boot PROM.
Overview of the Boot PROM. Accessing the Boot PROM. Entering Boot PROM with Stop A or BREAK. Entering Boot PROM at Powerup. Boot PROM Commands. Boot PROM Configuration Variables. Accessing Boot PROM Configuration Variables. Accessing Boot PROM Configuration Variables from UNIX. Boot PROM Security Levels.Devices and Device Aliases. The devalias Command. The nvalias and nvunalias Commands. Troubleshooting. System Boots from Wrong Device. System Boots from a Disk Instead of from the Network. System Boots from the Wrong Disk. System Will Not Boot from Disk. Nonresponsive System. Chapter Summary. Test Yourself.
4. Initialization and Shutdown.
System Run Levels. Show System Run Level. Sync File Systems. Change System Run Level. Change Run Level with init. Change Run Level with shutdown. Change Run Level with reboot. Change Run Level with halt. Change Run Level with poweroff. The OpenBoot boot Command. System Initialization. System Shutdown.
5. User Administration.
Account Configuration Files. The Password File. The Shadow File. The Group File. Primary and Secondary Groupids. The Root Account. Admintool. Add User Account. Modify User Account. Lock User Account. Delete User Account. Add Group. Modify Group. Delete Group. User Administration Shell Commands. useradd Command. usermod Command. userdel Command. groupadd Command. groupmod*Command. groupdel *Command. Shells. Bourne Shell. Initialization Files. Environment Variables. Aliases. C-Shell. Initialization Files. Environment Variables. Aliases. Command History. Filename Completion. Korn Shell. Initialization Files. Environment Variables. Aliases. Command-Line Editing. Command History. Restricted Shells. User Account Commands. Finding Files by Username or Group. What Users Are Logged In? who Command. rwho Command. rusers Command. finger Command. Change Password. Password Complexity. Root and Password Changes.
6. Files and Directories.
Paths. Path Metacharacters. Exploring the File System. File System Navigation. Listing the Contents of Directories. Determining File Size, Type, Owner, and Modification Date. The file Command. Working with Files. Creating Files Using the touch Command. Creating Files Using Output Redirection. Creating Files Using Copy. Moving Files. Renaming Files. Removing Files. Displaying the Contents of Text Files. Searching for Text within Files. Working with Directories. Creating Subdirectories. Renaming and Moving Directories. Removing Directories.
7. vi Editor.
Starting the vi Editor. vi Modes. Command Mode. Input Mode. Last Line Mode. Exiting vi. Moving around the File. Advanced Moving around the File. Text Editing. Inserting Text. Commands While Inserting Text. Deleting Text. Changing Text. Copying, Inserting, Searching, and Replacing. Copying Text into Buffers. Inserting Text from Buffers. Search and Replace. Reading and Writing Files. Miscellaneous Commands. Numerals Before vi Commands. Mapping New Commands. vi Configuration Commands. vi Configuration File.
Adding Disks to a System. Adding a Device Dynamically Using the devfsadm Command. Disk Devices. Raw and Block Device Interfaces. Device Interfaces File Names. Tools and Disk Interfaces Used. Formatting Disks. Partition Submenu. Formatting a Disk. Changing the Partition Table. Creating, Tuning, and Checking File Systems. Creating File Systems with newfs. Tuning File Systems with tunefs. Checking File Systems with fsck. Lost Files in lost+found.
9. File Systems.
File System Types. UFS File System. S5FS File System. HSFS File System. PCFS File System. UDFS File System. NFS File System. CacheFS File System. TMPFS File System. LOFS File System. PROCFS File System. Mnttab File System. XMEMFS File System. Solaris File Systems. File Systems and Their Function. Directories. File Types. Inodes. Creating Hard and Symbolic Links with the ln Command. Mounting Fixed File Systems. The mount and umount Commands220 Automatic File System Mounting at Boot Time. The /etc/vfstab File and the mount Command. The /etc/mnttab File. The mountall and umountall Commands. Working with Removable File Systems. Mounting and Unmounting Removable Media without Volume Management. Creating UFS File Systems on a Diskette. Ejecting Media. Volume Management. Volume Management Daemon. Mounting CD-ROMs with Volume Management. Mounting Diskettes with Volume Management. Volume Management Configuration.
10. Backup and Recovery.
Compressing Files. compress and uncompress. zcat. pack, unpack, and pcat. gzip, gunzip, and gzcat. Creating Archive Files. tar. Cpio. zip and unzip. Jar. Backing Up a System to Tape. Tape Devices. The mt Command. ufsdump and ufsrestore. ufsrestore Interactive Mode. tar and cpio. Recovering a System from a Backup Tape.
File and Directory Permissions. Working with File Permissions. Files with SetUID and SetGID Permissions. Working with Directory Permissions. Directories with Sticky Bit Permissions. Directories with SetUID and SetGID Permissions. Displaying File and Directory Permissions. Changing File and Directory Permissions. The chown Command. The chgrp Command. The chmod Command. The umask Command. umask and Directories. File and Directory Access Control Lists. Setting Access Control Lists. Displaying Access Control Lists. Working with Access Control Lists. Finding Files and Directories with Permission Attributes.
12. Remote Administration.
Remote Sessions. telnet Command. rlogin Command. Remote Commands. Remote File Copy. rcp Command. ftp Command. Remote Login Access Control. /etc/default/login File. /etc/nologin File. Remote Administration Access Control. /etc/hosts.equiv File. .rhosts File. Format of /etc/hosts.equiv and .rhosts. /etc/hosts.equiv and .rhosts Search Order.
Answers. Examination Objectives. Sample Pre-Test Agreement. Sun Certification Program Policy on Candidate Misconduct. Supplemental Information. Additional Resources.
What is all the commotion about technical certifications? Is it just hype? Is it just 21st Century snake oil? Or is there really something to it? What is the true value of a certification? In the quest for competitive advantage among IT professionals, certification is rapidly becoming key to distinguishing between potential job candidates. Here is what industry analysts are saying:
You need a certification if you want to stay ahead of the competition. This book will guide you to Solaris certification.
This study guide is intended for experienced UNIX administrators who wish to prepare for the Sun Certified System Administrator for the Solaris 8 Operating Environment, Part I exam.
This book does not teach system administration, nor is it a substitute for systems administration classes taught by Sun Microsystems or its affiliates. Although this book may be a little "teachy" here and there, its purpose is to provide review material to help candidates prepare for the exam.
If you wish to take the exam but feel that you need to learn more, contact Sun Education at http://suned.sun.com/. There you can find out about training materials and classes in your area. You can also contact Sun Education at:
500 Eldorado Blvd.
Broomfield, CO 80021
Phone: (800) 422-8020, or (303) 464-4097
Fax: (303) 464-4490
Follow these steps to register for the exam:
1. Purchase a Certification Voucher by calling Sun Education at 1-800-422-8020. Outside the U.S., contact your local Sun Education office. If you do not know the location of your local Sun Education office, you can find it at:
The exam costs U.S. $150.00.
You will be given a voucher number, which will be the letters "SE" followed by eight digits; for example, SE01470053. Save this number—you will need it to schedule the examination.
2. Schedule your examination by visiting the Prometric Services Web site at http://2test.com/
Be sure to understand the policy for changing your exam date and time in case you need to reschedule your exam. Also be sure you understand any time limitations regarding the starting time for your exam. If you are late, you may not be able to take your exam. Restrictions and penalties for cancellations and/or late arrivals may apply. Carefully read all of the terms and conditions printed on your exam confirmation.
Allow plenty of time to travel to the exam site, including finding a parking space and the location of the exam building and room. It may be advisable to call in advance if you are not familiar with the exam site.
No food or beverages are allowed in the exam room. You must check in any computer, laptop, PDA, calculator, recorder, or cell phone you bring in with you. The exam center will supply pencils and one sheet of paper for you to make calculations, draw diagrams, and so on, and you will have to surrender that piece of paper at the end of the exam. You are not allowed to take any written notes with you out of the exam.
You will probably be monitored on a closed-circuit television while you take the exam. An exam center I recently visited had a TV monitor out in the lobby. You will be taking the exam on a GUI-type workstation. You will need to log in, and you will need to furnish information from your exam confirmation in order to do so.
First you will be shown the Pre-Test Agreement. You must read and understand the agreement, and state whether you agree or disagree. If you disagree with the first question in the Pre-Test Agreement, you will not be allowed to take the exam (you will receive a refund). A sample Pre-Test Agreement appears in Appendix C.
Next, you will be presented with instructions and a sample exam question. This ensures that you are familiar with the exam format and the method for marking answers. You may skip the sample exam question if you wish and proceed to the exam itself.
You will have 90 minutes to take the exam. That's about one and a half minutes per question. The 90-minute time limit will begin once you start taking the exam. The amount of time remaining is always visible on the screen.
You may take a restroom break if you wish (according to rules at the testing center), but the time clock will continue counting.
The exam contains 57 questions, which are a combination of multiple choice, free answer, and drag-and-drop. There is more than one version of this exam. Each version has questions that were carefully selected from a much larger pool of questions, so that each version of the exam covers the same subject area and has an equivalent degree of difficulty.
The process for developing the exam questions is not trivial. Exam questions are carefully written according to a strict set of guidelines and then tested. There is a whole field of study called psychometrics that is used to measure and evaluate each question. Only after passing careful scrutiny will an exam question ultimately find its way onto the exam.
Questions will appear on the screen one at a time. You will see each question and, in the case of multiple-choice questions, you will see all of the possible answers. In some longer questions, you can scroll down to see these.
If you are not sure of the answer, you may skip the question and return to it later. You can also "mark" any exam question that you wish to review later.
The exam contains two types of multiple-choice questions: some with one correct answer, and some with two or more correct answers. Multiple-choice questions with one correct answer will present radio buttons for selecting your answer, allowing you to select only one answer. If two answers appear to be similar, be very careful since only one answer is correct.
Multiple-choice questions with more than one correct answer will specify the number of correct answers. You must select all of the correct answers in order to get credit for the question. These questions present checkboxes that allow you to select more than one answer.
Free-answer questions require that you type the correct answer into a blank text field. You must be very careful that you get the answer exactly right. But what about the order of options in a command? The exam is smart enough to figure this out—the exam knows about all possible variations. For instance, chmod -F -r and chmod -r -F; if both are correct answers, both will be accepted.
Drag-and-drop questions require that you match corresponding items together. The commands on the left are displayed in a movable icon that could be dropped on the descriptions on the right, or vice versa. When you are satisfied that you have matched everything correctly, press "Done" to proceed to the next question on the exam.
After you have answered all of the questions, you will see a list of all the exam questions and the answers you selected (or filled in). Each question will have a special marking if you marked it for later review.
You may start at the beginning and review each question, you may review questions you marked earlier, or you may just skip around and check questions in any order you wish. You may unmark questions you marked, and you may mark other questions. You are free to review questions, change answers, and mark and unmark questions until time runs out or you finish the exam early.
Once you have finished the exam, it will be scored immediately. You must answer at least 66% of the questions correctly, which is at least 38 of the 57 questions.
You will receive a temporary certificate showing whether you passed or failed the exam. The certificate will include your name and the number of questions you answered correctly. A chart on the lower half of the certificate will indicate how you scored on each subject area. You will not know how you did on any individual question.
If you failed the exam, you may take it again in as little as two weeks, but you cannot take the exam more than three times in a calendar year. You must register and pay for another examination. You can be assured that the version of the exam will not be the same one you took previously.
You may not discuss the details of the exam with any other individual. You may not offer or accept help of any kind. A full explanation of conduct may be found in Appendix D.
Each chapter begins with a list of exam objectives. These objectives were developed by Sun Microsystems; they define the subject matter covered by the certification exam and this book. Here is an example exam objective:
All of the certification objectives appear in Appendix B, along with the chapter number associated with each objective. This will allow you to quickly find the technical information behind each objective.
You will be challenged to ponder real-life scenarios that apply concepts that are discussed. For instance,
Help! I just renamed a directory with important contents to the name of another directory that already exists. I meant to rename the directory, but because the target existed, my original directory is gone. Where did my original directory go?
Here is what happened. You meant to change the name of a directory to a new name, but unexpectedly the new name was the name of a directory that exists. You moved your directory underneath the existing directory.
Each chapter ends with a Chapter Summary and a Test Yourself section where there are ten multiple-choice and two free-answer questions. Because the exam contains few drag-and-drop questions, no sample drag-and-drop questions appear in this book.
The answers for test questions from all of the book's chapters are found in Appendix A.
Despite the presence of reviews and controls at every level, from executive direction to copy editing, some mistakes are bound to slip through. That, or an unannounced change in behavior or functionality in Solaris itself, is bound to create a discrepancy between this book, the exam, and reality.
If a mistake is found in this book, all is not lost. Changes in the way books are published these days lead to the fact that this book will undergo several printing runs, each of which represents an opportunity to fix a mistake here and there.
Please send us feedback about any mistakes you find in this book, or about any ideas or comments you may have for future editions of this book.
Prentice Hall PTR
Attn.: Editor, Sun Microsystems Press
One Lake Street
Upper Saddle River, NJ 07458
We also publish an errata list online. Please visit us at
This is a book about Solaris 8. Every reasonable effort has been made to ensure that this book is as complete and accurate as possible. This book is offered as-is, and no warranty is implied. Neither the author nor Prentice Hall PTR should be held liable or responsible to any person or entity regarding any loss or damages that may arise as a result of the information contained in this book.