Tuifei.com

Showing the Status of all Services
The following command lists all services that are installed on the system as well as the
status of each service. The command displays those services that are disabled as well
as those that are enabled.
% svcs -a
Step
Example 15–1
Example 15–2
Example 15–3
Chapter 15 • Managing Services (Tasks) 289
Showing the Status of Services Controlled by inetd
The following command lists services that are controlled by inetd. Each service’s
FMRI is listed, along with the run state and whether the service is enabled or disabled.
% inetadm

How to Show Which Services Are Dependent on a
Service Instance
This procedure shows how to determine which service instances depend on the
specified service.
 Display the service dependents.
% svcs -D FMRI
Displaying the Service Instances That Are Dependent on the
Multiuser Milestone
The following example shows how to determine which service instances are
dependent on the multiuser milestone.
% svcs -D milestone/multi-user
STATE STIME FMRI
online Apr_08 svc:/milestone/multi-user-server:default

How to Show Which Services a Service Is
Dependent On
This procedure shows how to determine which services a specified service instance is
dependent on.
 Display the service dependencies.
% svcs -d FMRI
Displaying the Service Instances That the Multiuser Milestone Is
Dependent On
The following example shows the services instances that the multiuser milestone is
dependent on.
% svcs -d milestone/multi-user:default
STATE STIME FMRI
disabled Aug_24 svc:/platform/sun4u/sf880drd:default
Example 15–4
Step
Example 15–5
Step
Example 15–6
290 System Administration Guide: Basic Administration • December 2005
online Aug_24 svc:/milestone/single-user:default
online Aug_24 svc:/system/utmp:default
online Aug_24 svc:/system/system-log:default
online Aug_24 svc:/system/system-log:default
online Aug_24 svc:/system/rmtmpfiles:default
online Aug_24 svc:/network/rpc/bind:default
online Aug_24 svc:/milestone/name-services:default
online Aug_24 svc:/system/filesystem/local:default
online Aug_24 svc:/system/mdmonitor:default
Managing SMF Services
This section includes information on managing SMF services.
Using RBAC Rights Profiles With SMF
You can use RBAC rights profiles to allow users to manage some of the SMF services,
without having to give the user root access. The rights profiles define what
commands the user can run. For SMF, the following profiles have been created:
 Service Management — User can add, delete or modify services.
 Service Operator — User can request state changes of any service instance,
such as restart and refresh.
For specific information about the authorizations, see the smf_security(5) man
page. For instructions to assign a rights profile, see “How to Change the RBAC
Properties of a User” in System Administration Guide: Security Services.

How to Disable a Service Instance
Use the following procedure to disable a service. The service status change is recorded
in the service configuration repository. Once the service is disabled, the disabled state
will persist across reboots. The only way to get the service running again is to enable
it.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
Steps
Chapter 15 • Managing Services (Tasks) 291
2. Check the dependents of the service you want to disable.
If this service has dependents that you need, then you cannot disable this service.
# svcs -D FMRI
3. Disable the service.
# svcadm disable FMRI
Disabling the rlogin Service
The output from the first command shows that the rlogin service has no dependents.
The second command in this example disables the rlogin service. The third
command shows that the state of the rlogin service instance is disabled.
# svcs -D network/login:rlogin
# svcadm disable network/login:rlogin
STATE STIME FMRI
# svcs network/login:rlogin
STATE STIME FMRI
disabled 11:17:24 svc:/network/login:rlogin

How to Enable a Service Instance
Use the following procedure to enable a service. The service status change is recorded
in the service configuration repository. Once the service is enabled, the enabled state
will persist across system reboots if the service dependencies are met.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Determine whether service dependencies are satisfied.
If the service is enabled, then the service dependencies are satisfied. If not, use
svcadm enable -r FMRI to recursively enable all dependencies.
# svcs -l FMRI|grep enabled
3. Enable a service.
# svcadm enable FMRI
Enabling the rlogin Service
The second command in this example enables the rlogin service. The third
command shows that the state of the rlogin service instance is online.
Example 15–7
Steps
Example 15–8
292 System Administration Guide: Basic Administration • December 2005
# svcs -l network/login:rlogin|grep enabled
enabled false
# svcadm enable network/login:rlogin
# svcs network/login:rlogin
STATE STIME FMRI
online 12:09:16 svc:/network/login:rlogin
Enabling a Service in Single-user Mode
The following command enables rpcbind. The -t option starts the service in
temporary mode which does not change the service repository. The repository is not
writable in single-user mode. The -r option recursively starts all the dependencies of
the named service.
# svcadm enable -rt rpc/bind

How to Restart a Service
If a service is currently running but needs to be restarted due to a configuration
change or some other reason, the service can be restarted without you having to type
separate commands to stop and start the service. The only reason to specifically
disable and then enable a service is if changes need to be made before the service is
enabled, and after the service is disabled.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Restart a service.
# svcadm restart FMRI

How to Restore a Service That Is in the
Maintenance State
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Determine if any process that are dependent to the service have not stopped.
Normally, when a service instance is in a maintenance state, all processes
associated with that instance have stopped. However, you should make sure before
Example 15–9
Steps
Steps
Chapter 15 • Managing Services (Tasks) 293
you proceed. The following command lists all of the processes that are associated
with a service instance as well as the PIDs for those processes.
# svcs -p FMRI
3. (Optional) Kill any remaining processes.
Repeat this step for all processes that are displayed by the svcs command.
# pkill -9 PID
4. If necessary, repair the service configuration.
Consult the appropriate service log files in /var/svc/log for a list of errors.
5. Restore the service.
# svcadm clear FMRI

How to Revert to Another SMF Snapshot
If the service configuration is wrong, the problem can be fixed by reverting to the last
snapshot that started successfully. In this procedure, a previous snapshot of the
console-login service is used.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Run the svccfg command.
# svccfg
svc:>
a. Select the service instance that you want to fix.
Note – You must use an FMRI that fully defines the instance. No shortcuts are
allowed.
svc:> select system/console-login:default
svc:/system/console-login:default>
b. Generate a list of available snapshots.
svc:/system/console-login:default> listsnap
initial
running
start
svc:/system/console-login:default>
Steps
294 System Administration Guide: Basic Administration • December 2005
c. Select to revert to the start snapshot.
The start snapshot is the last snapshot in which the service successfully
started.
svc:/system/console-login:default> revert start
svc:/system/console-login:default>
d. Quit svccfg.
svc:/system/console-login:default> quit
#
3. Update the information in the service configuration repository.
This step updates the repository with the configuration information from the
start snapshot.
# svcadm refresh system/console-login
4. Restart the service instance.
# svcadm restart system/console-login

How to Use a Different SMF Profile
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Select SMF profile to use.
In this example, the generic_limited_net.xml profile is used.
# svccfg apply /var/svc/profile/generic_limited_net.xml
Configuring SMF Services

How to Modify a Service
The following procedure shows how to change the configuration of a service that is
not managed by the inetd service.
Steps
Chapter 15 • Managing Services (Tasks) 295
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Make changes to the configuration files, as needed.
Many of the services have one or more configuration files that are used to define
the startup or other configuration information. These files can be changed while
the service is running. The contents of the files is only checked when the service is
started.
3. Restart the service.
# svcadm restart FMRI
Sharing an NFS File System
To share a file system using the NFS service, you must define the file system in the
/etc/dfs/dfstab file and then restart the NFS service. This example shows you
what the dfstab file could look like, as well as how to restart the service.
# cat /etc/dfs/dfstab
.
.
share -F nfs -o rw /export/home
# svcadm restart svc:/network/nfs/server

How to Change an Environment Variable for a
Service
This procedure shows how to modify cron environment variables to help with
debugging.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Verify that the service is running.
# svcs system/cron
STATE STIME FMRI
online Dec_04 svc:/system/cron:default
Steps
Example
15–10
Steps
296 System Administration Guide: Basic Administration • December 2005
3. Set environment variables.
In this example the UMEM_DEBUG and LD_PRELOAD environment variables are set.
For information about the setenv subcommand refer to the svccfg(1M) man
page.
# svccfg -s system/cron:default setenv UMEM_DEBUG default
# svccfg -s system/cron:default setenv LD_PRELOAD libumem.so
4. Refresh and restart the service.
# svcadm refresh system/cron
# svcadm restart system/cron
5. Verify that the change has been made.
# pargs -e ‘pgrep -f /usr/sbin/cron‘
100657: /usr/sbin/cron
envp[0]: LOGNAME=root
envp[1]: LD_PRELOAD=libumem.so
envp[2]: PATH=/usr/sbin:/usr/bin
envp[3]: SMF_FMRI=svc:/system/cron:default
envp[4]: SMF_METHOD=/lib/svc/method/svc-cron
envp[5]: SMF_RESTARTER=svc:/system/svc/restarter:default
envp[6]: TZ=GB
envp[7]: UMEM_DEBUG=default
#

How to Change a Property for an inetd
Controlled Service
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. List the properties for the specific service.
This command displays all of the properties for the service identified by the FMRI.
# inetadm -l FMRI
3. Change the property for the service.
Each property for an inetd controlled service is defined by a property name and
an assigned value. Supplying the property name without a specified value resets
the property to the default value. Specific information about the properties for a
service should be covered in the man page associated with the service.
# inetadm -m FMRI property-name=value
Steps
Chapter 15 • Managing Services (Tasks) 297
4. Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI
5. Confirm that the change has taken effect.
Confirm the property change that the change has the desired effect.
Changing the tcp_trace Property for telnet
The following example shows how to set the tcp_trace property for telnet to
true. Checking the syslog output after running a telnet command shows that the
change has taken effect.
# inetadm -l svc:/network/telnet:default
SCOPE NAME=VALUE
name=”telnet”
.
.
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
# inetadm -m svc:/network/telnet:default tcp_trace=TRUE
# inetadm -l svc:/network/telnet:default
SCOPE NAME=VALUE
name=”telnet”
.
.
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE
# telnet localhost
Trying 127.0.0.1…
Connected to localhost.
Escape character is ’^]’.
login: root
Password:
Last login: Mon Jun 21 05:55:45 on console
Sun Microsystems Inc. SunOS 5.10 s10_57 May 2004
# ^D
Connection to localhost closed by foreign host.
# tail -1 /var/adm/messages
Jun 21 06:04:57 yellow-19 inetd[100308]: [ID 317013 daemon.notice] telnet[100625]
from 127.0.0.1 32802
Example
15–11
298 System Administration Guide: Basic Administration • December 2005

How to Modify a Command-Line Argument for an
inetd Controlled Service
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. List the exec property for the specific service.
This command displays all the properties for the service identified by the FMRI.
Adding the grep command restricts the output to the exec property for the
service.
# inetadm -l FMRI|grep exec
3. Change the exec property for the service.
The command-syntax set with the exec property defines the command string that is
run when the service is started.
# inetadm -m FMRI exec=”command-syntax”
4. Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI
Adding the Connection Logging (-l) Option to the ftp Command
In this example, the -l option is added to the ftp daemon when it is started. The
effect of this change can be seen by reviewing the syslog output after a ftp login
session has been completed.
# inetadm -l svc:/network/ftp:default | grep exec
exec=”/usr/sbin/in.ftpd -a”
# inetadm -m svc:/network/ftp:default exec=”/usr/sbin/in.ftpd -a -l”
# inetadm -l svc:/network/ftp:default
SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd -a -l”
.
.
# ftp localhost
Connected to localhost.
220 yellow-19 FTP server ready.
Name (localhost:root): mylogin
Steps
Example
15–12
Chapter 15 • Managing Services (Tasks) 299
331 Password required for mylogin.
Password:
230 User mylogin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 236 bytes in 0 transfers.
221-Thank you for using the FTP service on yellow-19.
221 Goodbye.
# tail -2 /var/adm/messages
Jun 21 06:54:33 yellow-19 ftpd[100773]: [ID 124999 daemon.info] FTP LOGIN FROM localhost
[127.0.0.1], mylogin
Jun 21 06:54:38 yellow-19 ftpd[100773]: [ID 528697 daemon.info] FTP session closed

How to Convert inetd.conf Entries
The following procedure converts inetd.conf entries into SMF service manifests.
This procedure needs to be run anytime a third-party application that depends on
inetd is added to a system. Also run this procedure, if you need to make
configuration changes to the entry in /etc/inetd.conf.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Convert the inetd.conf entries.
The inetconv command converts each entry in the selected file into service
manifests.
# inetconv -i filename
Converting /etc/inet/inetd.conf Entries into SMF Service
Manifests
# inetconv -i /etc/inet/inetd.conf
Steps
Example
15–13
300 System Administration Guide: Basic Administration • December 2005
Using Run Control Scripts (Task Map)
Task Description For Instructions
Stop or start a service. Use a run control script to stop or start a
service.
“How to Use a Run Control Script to
Stop or Start a Legacy Service”
on page 301
Add a run control script. Create a run control script and add it to the
/etc/init.d directory.
“How to Add a Run Control Script”
on page 302
Disable a run control script. Disable a run control script by renaming the
file.
“How to Disable a Run Control
Script” on page 303
Using Run Control Scripts

How to Use a Run Control Script to Stop or Start a
Legacy Service
One advantage of having individual scripts for each run level is that you can run
scripts in the /etc/init.d directory individually to stop system services without
changing a system’s run level.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Stop the system service.
# /etc/init.d/filename stop
3. Restart the system service.
# /etc/init.d/filename start
4. Verify that the service has been stopped or started.
# pgrep -f service
Steps
Chapter 15 • Managing Services (Tasks) 301
Using a Run Control Script to Stop or Start a Service
For example, you can stop the NFS server daemons by typing the following:
# /etc/init.d/nfs.server stop
# pgrep -f nfs
Then, you can restart the NFS server daemons by typing the following:
# /etc/init.d/nfs.server start
# pgrep -f nfs
101773
101750
102053
101748
101793
102114
# pgrep -f nfs -d, | xargs ps -fp
UID PID PPID C STIME TTY TIME CMD
daemon 101748 1 0 Sep 01 ? 0:06 /usr/lib/nfs/nfsmapid
daemon 101750 1 0 Sep 01 ? 26:27 /usr/lib/nfs/lockd
daemon 101773 1 0 Sep 01 ? 5:27 /usr/lib/nfs/statd
root 101793 1 0 Sep 01 ? 19:42 /usr/lib/nfs/mountd
daemon 102053 1 0 Sep 01 ? 2270:37 /usr/lib/nfs/nfsd
daemon 102114 1 0 Sep 01 ? 0:35 /usr/lib/nfs/nfs4cbd

How to Add a Run Control Script
If you want to add a run control script to start and stop a service, copy the script into
the /etc/init.d directory. Then, create links in the rcn.d directory where you
want the service to start and stop.
See the README file in each /etc/rcn.d directory for more information on naming
run control scripts. The following procedure describes how to add a run control script.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Add the script to the /etc/init.d directory.
# cp filename /etc/init.d
# chmod 0744 /etc/init.d/filename
# chown root:sys /etc/init.d/filename
3. Create links to the appropriate rcn.d directory.
# cd /etc/init.d
# ln filename /etc/rc2.d/Snnfilename
# ln filename /etc/rcn.d/Knnfilename
Example
15–14
Steps
302 System Administration Guide: Basic Administration • December 2005
4. Verify that the script has links in the specified directories.
# ls /etc/init.d/*filename /etc/rc2.d/*filename /etc/rcn.d/*filename
Adding a Run Control Script
The following example shows how to add a run control script for the xyz service.
# cp xyz /etc/init.d
# chmod 0744 /etc/init.d/xyz
# chown root:sys /etc/init.d/xyz
# cd /etc/init.d
# ln xyz /etc/rc2.d/S99xyz
# ln xyz /etc/rc0.d/K99xyz
# ls /etc/init.d/*xyz /etc/rc2.d/*xyz /etc/rc0.d/*xyz

How to Disable a Run Control Script
You can disable a run control script by renaming it with an underscore (_) at the
beginning of the file name. Files that begin with an underscore or dot are not executed.
If you copy a file by adding a suffix to it, both files will be run.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Rename the script by adding an underscore (_) to the beginning of the new file.
# cd /etc/rcn.d
# mv filename _filename
3. Verify that the script has been renamed.
# ls _*
_filename
Disabling a Run Control Script
The following example shows how to rename the S99datainit script.
# cd /etc/rc2.d
# mv S99datainit _S99datainit
# ls _*
_S99datainit
Example
15–15
Steps
Example
15–16
Chapter 15 • Managing Services (Tasks) 303
Troubleshooting the Service
Management Facility

Debugging a Service That Is Not Starting
In this procedure, the print service is disabled.
1. Become superuser or assume a role that includes the Service Management
rights profile.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC” in System Administration Guide: Security
Services.
2. Request information about the hung service.
# svcs -xv
svc:/application/print/server:default (LP Print Service)
State: disabled since Wed 13 Oct 2004 02:20:37 PM PDT
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M lpsched
Impact: 2 services are not running:
svc:/application/print/rfc1179:default
svc:/application/print/ipp-listener:default
The -x option provides additional information about the service instances that are
impacted.
3. Enable the service.
# svcadm enable application/print/server

Share This

How to Shut Down a Server
1. Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information
about roles, see “Configuring RBAC (Task Map)” in System Administration Guide:
Security Services.
2. Find out if users are logged in to the system.
# who
A list of all logged-in users is displayed. You might want to send mail or broadcast
a message to let users know that the system is being shut down.
Continue Reading »

Share This

How can I set the firewall port mapping?

I’m inside a firewall using IP masquerading. How can I connect to external Linux/Unix hosts?
How can I run a remote X application on my PC with a dynamic IP address?

How can I use Xmanager through SSH?

When I open an xterm window, some characters are displayed incorrectly on the screen. Some (not all) capital letters looks like a small dot.

Continue Reading »

Share This

DTrace即动态跟踪Dynamic Tracing，是Solaris 10的一个新功能，透过此一新功能，用户能够动态检测操作系统内核和用户进程，以更精确地掌握系统的资源使用状况，提高系统性能，减少支持成本，并进行有效的调节。

1997年，供职于Sun而现已是Solaris内核开发部高级工程师的Bryan Cantrill 与他的工作组在紧张地研究一个性能问题，它出现在刚刚提及的Sun E10000服务器。该服务器在运行基准测试时，速度突然在一段时间内奇怪地降低。工作组经过六天夜以继日的工作后，终于发现了问题的根本原因。某个“愚蠢之极”的配置错误将服务器配置成了路由器。

“我很受震惊，”Cantrill 说到， “这是任何一个客户都可能遇到的问题，但是他们可不敢奢望让内核开发人员为之夜以继日地工作，编写自定义代码以弄清楚问题。我们得找出一个更好的方法。”
经过两年半的紧张开发，Cantrill和他的工作组终于研究出了这个更好的方法： Dtrace

DTrace是过去十年中在操作系统方面最具意义的革新之一:

Probe，Solaris中分散着30,000多的位置指针，也叫探测器probes，DTrace可激活成千上万的探测器，记录所关注的位置指定的数据，如命中，即可从该地址显示用户进程或系统内核的数据，从而了解系统，包括：
1。任何函数的参数
2。内核的任何全局变量
3。函数调用的时间（NS，十亿分之一秒，无任何其它PC/Unix在ns一级精度）
4。跟踪堆栈，包括指明函数调用的代码
5。函数调用时运行的进程
6。产生函数调用的线程

Continue Reading »

Share This

#!/bin/sh

case “$1″ in
start)

# start tsnlisnter
echo “start tsnlisnter”
su - oracle -c “lsnrctl start”

# start database
echo “Start Oracle database instance”
su - oracle -c “echo ”
CONN SYS/PASSWORD AS SYSDBA
STARTUP
exit “|sqlplus /NOLOG”

# start enterprise manager
echo ” Start Emterprise Manager”
su - oracle -c “emctl start dbconsole”

Continue Reading »

Share This