When a user is created it is locked, which shows in the shadow file with a *LK* in the password field and a result of LK when you run passwd -s against it. When an account is locked, cron will not run for it. The way to fix that without giving the account a password is to set it to be a non-login account. You can change *LK* in the shadow file to NP for "No Password" which will change the passwd -s output to NL for non-login. That way the user still can't login, but it can run cron.
The reason I would want something like that is so that there is no way to do a password attack against the apache or mysql users, and yet I can set up a crontab to run as those users. Particularly useful when setting up mysql backups/dumps.
Wednesday, August 18, 2010
Thursday, August 5, 2010
adding an application to smf in solaris 10
create the method file in /lib/svc/method, usually easiest to find something close to the app you're installing and modify the file. For example apache2 comes installed, but I put the latest version in /usr/local/apache2 so I just use the files that are already there with path modifications.
Then you need to add a manifest. Those are stored in /var/svc/manifest and usually if you're adding your own you would put it in the /var/svc/manifest/site directory (or so I've heard). Again the best way is to get one that is close and modify it or use it as a template. I've found that the one installed with the system works just fine with an upgraded version of apache in /usr/local/apache2 but best to check to be sure.
Then you import it:
svccfg -v import /var/svc/manifest/site/http-apache2.xml
Then the normal SMF controls should work for it.
Then you need to add a manifest. Those are stored in /var/svc/manifest and usually if you're adding your own you would put it in the /var/svc/manifest/site directory (or so I've heard). Again the best way is to get one that is close and modify it or use it as a template. I've found that the one installed with the system works just fine with an upgraded version of apache in /usr/local/apache2 but best to check to be sure.
Then you import it:
svccfg -v import /var/svc/manifest/site/http-apache2.xml
Then the normal SMF controls should work for it.
Monday, August 2, 2010
creating solaris zones
This is the basic set of commands to create a whole-root zone (a zone that does not share drives with the global)
[root@stamp zones]# zonecfg -z dplweb
dplweb: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:dplweb> create -b
zonecfg:dplweb> set zonepath=/opt/zones/dplweb
zonecfg:dplweb> set autoboot=true
zonecfg:dplweb> add net
zonecfg:dplweb:net> set address=xxx.xxx.xxx.xxx
zonecfg:dplweb:net> set physical=eth0
zonecfg:dplweb:net> set defrouter=xxx.xxx.xxx.xxx
zonecfg:dplweb:net> end
zonecfg:dplweb> verify
zonecfg:dplweb> commit
Plumb the nic for the zone
ifconfig nge1 plumb
Then use zoneadm to install the zone
zoneadm -z dplweb install
Then start that puppy up.
zoneadm -z dplweb boot
Then you'll have to login to the console to finish installation.
zlogin -C dplweb
[root@stamp zones]# zonecfg -z dplweb
dplweb: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:dplweb> create -b
zonecfg:dplweb> set zonepath=/opt/zones/dplweb
zonecfg:dplweb> set autoboot=true
zonecfg:dplweb> add net
zonecfg:dplweb:net> set address=xxx.xxx.xxx.xxx
zonecfg:dplweb:net> set physical=eth0
zonecfg:dplweb:net> set defrouter=xxx.xxx.xxx.xxx
zonecfg:dplweb:net> end
zonecfg:dplweb> verify
zonecfg:dplweb> commit
Plumb the nic for the zone
ifconfig nge1 plumb
Then use zoneadm to install the zone
zoneadm -z dplweb install
Then start that puppy up.
zoneadm -z dplweb boot
Then you'll have to login to the console to finish installation.
zlogin -C dplweb
Subscribe to:
Posts (Atom)