Enable TCP wrappers in Solaris 10

Enable TCP wrappers in Solaris 10

To determine if TCP wrappers are enabled:

# svcprop -p defaults inetd

defaults/tcp_wrappers boolean false

To enable TCP wrappers for all inetd services:

1. set the property
# svccfg -s inetd setprop defaults/tcp_wrappers=true

2. reload inetd:

# svcadm refresh inetd

3. Show that it is now enabled:

# svcprop -p defaults inetd | grep tcp_wrappers

defaults/tcp_wrappers boolean true

To disable TCP wrappers for an individual service:

# inetadm -m tcp_wrappers=false’,

Solaris 10: enable NFS

The NFS server service is dependent on a slew of other services. Manually enabling all of these services would be tedious. The svcadm command makes this simple with one command:

svcadm -v enable -r network/nfs/server

The -v option makes the command output verbose details about the services enabled. You can use the -t option (..enable -rt network…) to enable these services temporarily (so that they will not be automatically enabled when the system reboots). By default, enabling a service will enable it permanently (persistent across reboots until it is disabled).

Solaris 10 steps to debug NFS client automount

Verify connectivity with the server. Use ping

Attempt to manual mount

Check /etc/vfstab. should be 7 entries seperated by tabs
pluto:/home/raid – /home/raid nfs – yes rw,bg

check to see what is not running
#svcs -xv
#svcs -a|grep nfs
#svcs -a|grep nis
#svcs -a|grep dns

Turn it all on (you/they may not want to do this)
#svcadm -v enable -r network/nfs/server

If cliend is disabled enable with svcadm
If they are using nis this must be enabled
If they are using dns this must be enabled

Check /etc/hosts for the server name

Check nslookup for the server name

Check /etc/nsswitch.conf. the ipnode line should look like this
ipnodes: files
the other stuff like [NOTFOUND=return] is for ipv6

Check /etc/resolve.conf
The nameserver that resolves to the outside (internet) should be the first entry

check /etc/nfs.conf
should be version=2, if talking to anything other than a Solaris 10 server

run web server as non root and still run at port 80

With Solaris 10, Sun introduced role based access control (RBAC) extended with privileges, which can be used to solve this issue in a very simple way.
Here are two links to understand more on RBAC concepts and how to practically use RBAC for day to day tasks.


Coming back to the question on how to run a web server at port 80 (or any number less than 1024) as a non root user – on Solaris 10, you need to provide ‘net_privaddr’ privileges to a non root user and start the server as this user.

For e,g, let us say that you would like to start the server as ‘webservd’ (Sun creates this user by default on Solaris 10) ,

# become root
# /usr/sbin/usermod -K defaultpriv=basic,net_privaddr webservd

If in case, you would like to start the server as some other user, then you will need to appropriately change the last parameter in the above command to reflect that user.

Solaris 10 Sites you should know about:

Solaris 10 Sites you should know about:

Download or Order Solaris 10 from Sun.


BeleniX is an OpenSolaris distribution which is currently a LiveCD
(runs directly off the CD). It includes all the features of OpenSolaris
and adds a whole variety of opensource packages. It can be installed
to harddisk as well.BeleniX is free to use modify and distribute.


Solaris Express, Community Release is Sun’s binary release for developers
(code named Nevada).


Here is Sun’s homepage for all things related to supporting sun products ( including Solaris).


Recently Sun opensourced parts of Solaris. This is the home page for the
community around that project.


One of the longest running, pure sun/solaris news and information sites around. A great resource.


While not always about Solaris, Ben’s blog is chock full of good solaris info.


Here you can find the blogs of the opensolaris developers.


Sun’s Offical blog site


Sun’s ZFS documentation


More ZFS information


A wiki for zfs information

An article from sun explaining how to use zfs and containers effectivly.


Explains the magic of ZFS snapshots


Sun’s Dtrace User Guide


Dtrace information from the opensolaris community


A great site with lots of examples and scripts.

http://brendangregg.com/dtrace.htmlDtrace Tools

An article by sun for developers. Goes through the process
of using dtrace for device driver development


A good post of how Dtrace can help you track down performance problems.


A good general overview of zones and containers


The offical admin guide


An excellent guide to containers and zones. Part of Sun’s blueprint collection


Big Admin’s guide to SMF.


Sun’s Blueprint Program as a new PDF out on SMF’s. This is a direct link to the pdf.


Straight from docs.sun.com


An Accelerated Introduction to Solaris 10: Part 1


Looking for a package and can’t seem to find it? Blastwave.org just might have it


Sunfreeware provides pkg’s for well, freeware..


How to setup and configure the bundled MySQL with Solaris 10.


How to setup and configure the bundled Postgresql with Solaris 10.


And as always


Solaris 10 metadevices remain in the state: need maintenance

Solaris 10 metadevices remain in the state: need maintenance

On a machine running Solaris[TM] 10 Operating System (DNS client) and Solaris[TM] Volume Manager (SVM) used to mirror some disks (boot disks), once the machine reboots, metadevices remain in the state "Need maintenance" because resyncing is not called.

Check to see what is NOT running

#svcs -xv

svc:/system/metainit:default (SVM initialization)
State: disabled since Wed Mar 28 22:28:31 2007
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M metainit
Impact: 1 dependent service is not running:

This symptom is also seen when "svc:/system/mdmonitor:default" service is disabled or offline.

# svcs -a | grep mdmonitor
disabled 12:23:30 svc:/system/mdmonitor:default

To enable metasync during boot this service should be enabled. To enable this service run:

# svcadm enable svc:/system/mdmonitor:default

Check if the service is enabled or online now.

# svcs -a | grep mdmonitor
online 12:30:28 svc:/system/mdmonitor:default

The final step is to sync the submirrors and then reboot the system.

# metasync
# reboot

After the system is rebooted, the submirrors should be in "Okay" state.

Disable sendmail on Solaris 10

1. Check/and confirm that sendmail is running:

# ps -ef | grep sendmail
root 1373 1360 0 09:49:45 pts/1 0:00 grep sendmail
root 514 1 0 Jun 03 ? 0:13 /usr/lib/sendmail -bd -q15m
smmsp 513 1 0 Jun 03 ? 0:01 /usr/lib/sendmail -Ac -q15m

2. At this point, we disable sendmail and when doing so, it stops
the two sendmail daemons from running as well (part of disable feature):

# svcs -a | grep sendmail
online Jun_03 svc:/network/smtp:sendmail
# svcadm disable svc:/network/smtp:sendmail
# svcs -a | grep sendmail
disabled 9:51:44 svc:/network/smtp:sendmail
# ps -ef | grep sendmail

3. Now reboot the S10 system. Upon reboot, we see that the sendmail
daemons are not running….as a result of the sendmail FMRI being
in a "disabled’ state:

# svcs -a | grep sendmail
disabled 9:54:02 svc:/network/smtp:sendmail
# ps -ef | grep sendmail
root 524 512 0 09:55:29 pts/1 0:00 grep sendmail

Solaris 10 x86 doesn’t find network card

I recently installed Solaris 10 06/06 x86 on my desktop machine, a Compaq Evo with an onboard Intel 10/100 network card.

At first the Solaris installation seemed to hang while trying to find a network configuration from a non-existant RPC boot server. In retrospect, I think the problem was that Solaris didn’t find an appropriate driver for the card but after waiting a long time, the installation continued skipping the network configuration.

Running prtconf -pv shows the pci identification details for the ethernet card:

model: ‘Ethernet controller’
power-consumption: 00000001.00000001
devsel-speed: 00000001
interrupts: 00000001
max-latency: 00000038
min-grant: 00000008
subsystem-vendor-id: 00000e11
subsystem-id: 00000012
unit-address: ‘8’
class-code: 00020000
revision-id: 00000081
vendor-id: 00008086
device-id: 0000103b
name: ‘pcie11,12’

Looking up the identification information in the PCI ID repository tells me I’m dealing with a 82801DB PRO/100 VM (LOM) Ethernet Controller

Looking at /boot/solaris/devicedb/master, I found the following similar drivers:

bash-3.00# grep 82801DB /boot/solaris/devicedb/master
pci8086,1039 pci8086,1039 net pci iprb.bef "Intel 82801DB Ethernet 82562ET/EZ PHY"
pci8086,103d pci8086,103d net pci iprb.bef "Intel 82801DB PRO/100 VE Ethernet"

Both cards use the iprb driver so I add the identifier for my driver into /etc/driver_aliases:

iprb "pci8086,1038"
iprb "pci8086,1039"
iprb "pci8086,103b"
iprb "pci8086,103d"

Load the driver with the modload command and plumb the interface:

modload /kernel/drv/iprb
ifconfig iprb0 plumb

If that works, create the /etc/hostname.iprb0 file. I wanted to use DHCP so I did the following:

touch /etc/dhcp.iprb0
touch /etc/hostname.iprb0

Then do a reconfigure reboot.