You are on page 1of 135

A Step by Step Guide to Installing Solaris 10

by Dennis Clarke


This is a very simple step by step set of instructions that will take you from boot through to running
a browser. Everything you need to get started is here complete with easy to follow picture based
instructions. So please just dive in and if you feel something needs to be explained then just send
feedback to dclarke@blastwave.org.


Section 1 : Hardware Selection
If This Is All New to You
Looking at the Hardware
o You Will Need a Computer
o Lets take a look Inside
o A Brief Look at BIOS and CMOS
o Verify You Can Boot
Is that Real or VMware?
Section 2 : Boot the Installation CDROM or DVD
See GRUB Run. Run GRUB Run
Just Select Solaris Interactive
kdmconfig - setup graphics
Eventually You Get Graphics
Section 3 : Basic Configuration Data
Select Networked
Just Say No to DHCP
Enter the hostname
Enter the Network Config
Select TimeZone
Set Date & Time
Enter the root password
Open or Closed Security Profile?
Review and Continue
Section 4 : Finally You Are Welcome to Install
At This Point You are Welcome?
Eject : Yes & Reboot : Yes
Select the installation media
Select Custom Install
Select Locale(s)
Select Give Me Everything
Select the Boot Disk
o Partition the Boot Disk
o Slice the Boot Disk
o Review the Boot Disk
Review Filesystem Allocation
Section 5 : After First Reboot
CDROM 1 of 5
CDROM 1 done! Reboot!
NFS version 4 Domain Name Question
X-Windows starts
Feed More CDROMs
Section 6 : Reboot again ...
Please click Reboot
See GRUB Boot. Boot GRUB boot!
sendmail error message. Ignore it.
Do NOT login as root!
Select Command Line Login
Fix the backspace key
Some Network Commands
Read our first manual page
Create a UNIX Group
Create a UNIX user
Section 7 : Login to the Desktop
Login as a regular user
Select JDS
Start Mozilla
Edit resolv.conf with vi
Make a symbolic link
Edit /etc/nsswitch.conf
Browser should work now
Get a support contract
Click and Play!
If This Is All New to You
One of the clear obstacles to trying something new is that it happens to be new to you. I know
that sounds overly simple but just think back to the first time you tried to ride a bicycle. If you are
anything like me then you probably fell over and hurt your knee. Repeatedly. You're experience
with walking was probably just as difficult and extended over months of your life. The great problem
with getting older is that we have a terribly small amount of patience for our own failure. In fact,
most adults will try something exactly zero times before giving up in order to avoid failure entirely.
Worse, we may dismiss this new thing entirely and simply say I can ride a bike and drive a car and
play the piano, I don't need this and who wants it anyways. This is something I see quite often and
the more educated among us are often worse than those that experiment and fail with an open
mind. There is an ancient proverb that says it does not matter how many times you fall down but it
does matter that you stand up. Its a bit weak, I know, but hopefully you can see my point.
If someone were to drop the CDROM set for Solaris 10 Update 3 on your desk and say install
this, figure it out and good luck then you may be wandering into deep murky waters. Most
especially if you have spent a long chunk of your life with Microsoft Windows or an Apple Macintosh.
This document will get you started to a point where you can at least login and push a mouse around.
If you have some network route to the internet then your browser will work. This is a major leap
from nothing but CDROMs in your hand to a working full blown UNIX system. Be fearless and just
follow the steps I lay out and all will work fine. At least I will certainly try to get you there.
It is my hope that I can help you with this little task before you. If I were to walk along with you
through this process then you can rest assured that you are not alone. I have installed Solaris more
times than I can possibly remember. I started long ago with Solaris 2.5.1 Intel Edition on a dual
Pentium P90 AST Premmia GX machine that is still running today. That installation process took all
night long back in 1996. The installation process for Solaris 10 will go much faster. So then let's
begin and just go nice and slow, step by step.
You Will Need a Computer
You should probably have a look at the Hardware Compatibility List in order to be certain that your
hardware will support Solaris 10. I could have used a tier 1 top of the line fancy machine but instead
I grabbed any old thing that I had hanging around. Generally the tier 1 top of the line server is the
right policy however I really wanted you, my kind reader, to know that I don't expect you to go out
and spend a pile of money for this. What I hope is that you can grab the nearest machine and just
go forward with that. There are no promises but just about anything reasonable will work fine.

AMD Athlon based HP machine

If you have some real top of the line hardware to work with then please be patient with me.
Everything that I am going to do here will work for you also but I will be no where near as fast.
Lets take a look
Closer inspection reveals that this machine has two hard disks in it. It has some very old 2.4GB IDE
Primary disk as well as a secondary that looks to be an 80GB Maxtor disk. You should check your
machine to verify that you have at least one hard disk in it. To install Solaris 10 with enough space
left over to do anything fun or useful ( often the same thing ) then you should have at least a 12GB
disk of some sort. My primary disk is very old and slow not to mention very small. In fact, it is
useless and I will remove it. You will most likely have only one disk and if it is anything larger than
12GB then you should be fine.





Here you can see my two disks :

Two Hard Disks, Floppy and CDROM

A Brief Look at BIOS and CMOS
I generally need to verify that the disks and CDROM are seen by the BIOS at power up for no other
reason than to confirm functionality. With this machine we simply hook up some standard PC style
keyboard and any old two button mouse. It is even better to have a three button mouse and I have
a Labtec mouse here which cost nine dollars I think. For a monitor I had an old NEC MultiSync XV17
unit that will probably never die. When I turn on the power this is what I see :

System BIOS Report

Pressing the F1 key results in the system CMOS Setup Utility being run for me. This machine will not
have much for me to configure from the perspective of hardware. Really, a discussion about CMOS
configuration of PC hardware is beyond the scope of this document. That is a nice way of saying that
I cannot begin to cover off the myrid possibilities that you will run into with your system. I want to
show you what I have here regardless.


CMOS Setup Utility - Main Page
It is good policy to at least set the time and date correctly here. I also strongly suggest that you
verify that your hard disk is listed as a Primary Master. My machine here has two hard disks and
thus you can see that the Maxtor disk is listed as a Primary Slave. Again, I think that talking
about the nuances of IDE controllers and the setup of master and slave disks is a little beyond the
scope here but you should at least know that the old Western Digital 2.5GB disk is useless and being
removed. If I set the maxtor to be the master disk on the IDE bus then we should be fine.
Have a close look at that CMOS Setup Utility picture above. See that device listed as a Secondary
Slave? That is my CDROM drive and it is really critical to this process. This entire installation will be
based on the five Solaris 10 Update 3 CDROMs and not a DVD or network based installation. If you
have a DVD drive then life will be really easy. This installation document is for the lowest common
denominator user however and most people have at least a CDROM. Network based installs and
things like PXE boot are just too involved at this stage of the game for most people. Those topics will
be covered off in another document. For now you merely need to ensure that your system can detect
your hard disk and that you have a CDROM and some other very basic features in your machine. Like
memory for instance.
This machine has 512MB of RAM and while you can probably run with less than that I strongly
suggest that you have at least 512MB of RAM. Solaris is a big freight train powerful operating system
and not to be underestimated in its abilities. So please ensure that you have the basic resources for
it to work. Having said that please forgive me but 512MB is too low by my standards. I will pop in
another 256MB DIMM and then have 768MB memory total.

CMOS Setup Utility - Advanced Page

There are pitfalls to messing with the advanced CMOS configuration options. I was primarily
interested in seeing that my onboard LAN Network card was enabled as well as some recognition
paid to the installed AGP graphics adapter. I have the Plug and Play OS option left at the default
and I also disabled the USB Legacy Mode support option. Primarily because I don't have any USB
devices to connect legacy or otherwise so why bother to support some special feature for something
that I don't have? Seems to be common sense. With that in mind I change nothing else and simply
hit the F10 key to Save and exit from the CMOS Setup Utility.
Verify You Can Boot
A simple way to test that the machine can boot from either the floppy drive, CDROM drive or
primary hard disk is to simply turn it on and see what happens. There may already be a operating
system on this machine and in my case this is what I saw :

Microsoft Windows 98 booting up

So there I see that this machine has Microsoft Windows 98 already installed on the primary boot disk
and then I hit the power switch to stop the boot process. I also insert a bootable floppy into the
machine and then power up again. I won't bore you with the fact that indeed, yes, the machine can
boot from the floppy and thus we know that it works. The last and final test, of critical importance to
this process, is the CDROM.

Power down the machine. Always wait about thirty seconds before powering up again. Then turn on
the power and when we are presented with the BIOS Summary screen simply insert the Solaris 10
Update 3 CDROM 1 of 5 into the CDROM drive.
Is that real or VMware?

It took a lot of work on my part to try to get decent screenshots for this document. No matter how
hard I tried I just could not get a decent quality image with my hand held camera and a monitor. In
order for this document to be readable, legible, and reasonable I wanted to ensure that I did this
install with real hardware. In order to get decent pictures I needed to use VMware. Let me show you
what I mean.













This is a typical picture that I can take with a handheld camera :


X-Windows Monitor Test Pattern

This is the exact same image when I use a VMware based virtual machine :

X-Windows Monitor Test Pattern via VMware

Do you see what is going on here? I can't stop the lies! Even that picture above is not the real
picture and if you click on the link there then you will see the real thing and this time I promise. Let
me show you some other pictures okay?







Here we can see what the Video Device Selection stage looks like :


Video Device Selection

This is the exact same task when I use VMware :


Video Device Selection via VMware





One further example of the situation :


Window System Configuration

Here we see that VMware allows me to take a perfect sharp screenshot :


Window System Configuration via VMware

I was faced with a slight ethical delimma; should I proceed with my real hardware or simply work
within VMware ? I decided that the best thing to do for everyone involved was to do both. I want to
provide you with the best quality images and information while also show that this really works on
real hardware. So at any given point in this process you need to know that I took pictures of the
actual monitor when I was forced to ( like the BIOS and CMOS info screens ) and used VMware when
I wanted a crisp image. We need to remember that the objective here is to install Solaris 10 and not
to create some report based on experimental data. We have some latitude with respect to illustration
purposes I think.

The last thing that I want to say here before we plow forwards is that I am typing this all out via a
seven year old HP Kayak PC running Solaris 10 right now. It has 512MB of memory and two 9GB
internal SCSI disks. I really do run just about any old hardware and Solaris 10 runs fine for me. I
also have some very slick hardware too but we can get to that some other day. Let's proceed with
actually booting the first CDROM from the Solaris 10 Update 3 media. Let's just get started and from
here on in you will not hear much from me other than do this and do that and from time to time I
may even tell you why. So grab that first CDROM and let's get the job done.
: Action to Take : Select Solaris and hit enter.
If your machine actually does find the bootable CDROM that you inserted then you had better see
something like so :


What you are looking at is something lovingly referred to as GRUB. Like everything in the
computer world it is an acronym for something else; specifically the GRand Unified Bootloader. Which
sounds all very important and it really is something amazing in terms of what it does to boot an
operating system but it will not change our perspective on quantum physics the way a grand unified
theory of everything would. Nope, it is just the bootloader in much the same way that a Swiss Army
Knife is just a knife that everyone uses because its so damned perfect at what it does.

Please feel free to read all about GRUB and the boot process at the following sites :
GNU GRUB Homepage
GRUB and the Solaris 10 1/06 OS: The New Bootloader for x86 Platforms
GRUB 2
Some people may wonder why the first thing you see from Solaris 10 is so ugly. Most people like to
stuff in a fancy background splash graphic image so it looks cool. The cute image does nothing for
functionality and if you know anything about Solaris then you know that it runs on really massive
computers. No one has fancy graphics on big computers and often times you have none at all. So
sticking a background splash image may sound like a nice idea but it really annoys those of us that
have to setup 8-way multi-core AMD Opteron servers via nothing but a serial console. Far more
ironic is that the first three letters on the screen are GNU and that is a recursive acronym for
GNU's Not Unix even though we are booting Solaris which is UNIX. That's my version of funny,
sort of.
: Action to Take : Nothing, just sit there and watch.

This is GRUB doing its thing loading in the Solaris 10 miniroot. All you need to know is that the
miniroot is like a small boiled down version of Solaris and it will allow us to install everything else. If
you are familiar with Solaris then you will know why I personally want to change this little sequence
of dots to a spinner. That's an inside joke.








: Action to Take : Enter the numerical digit 1 and hit enter or just sit and watch
W A R N I N G : The WARNING about my BIOS microcode is due to my old hardware that I am
using here. It will not affect you. If you see the same warning message then you will most likely
need to upgrade the BIOS ( firmware ) on your machine.

I would love to explain what those options are all for but its just way beyond the scope of what we
are trying to do. Suffice it to say that you can install a few different ways and you can even just boot
to a single user prompt in the case of an emergency. Someday I will cover these all off and provide
links for each separate path but for now ...











: Action to Take : Nothing ... just keep moving forwards.

: Action to Take : Just sit there sipping your coffee. Have you called your mother?




: Action to Take : Use your arrow keys and select Change Video Device/Monitor
N O T E : You need to use the F2 function key to continue forwards.


That beautiful looking picture above is clearly from VMware and not a real machine. The real
machine hardware looks like this :



What you are looking at is the report from a very old tool called kdmconfig. The kdm means
keyboard - display - monitor. One of the clues that you somehow fell into some old software is that
you don't use the enter key to continue forwards but now you need the F2 function key on your
keyboard. This kdmconfig software has been around nearly forever in the Solaris x86 world and it
does seem out of place in the year 2007. For the moment this is what you need to deal with. Just be
happy that you are not stuck using a DEC VT220 terminal from 1977. I still own one and you can still
use it just fine with Solaris if you choose to. That may explain why the GRUB screen is so simple.
Provided that you picked a graphics adapter that is on the Solaris 10 Hardware Compatibility List and
is halfway decent then you should be okay here. If you are like me then you will set the machine to
use the highest number of colors and highest resolution that you can handle on your monitor. For the
purposes of this document I will most likely go with 1024x768 pixel because I want to show you lots
of screen shots.
: Action to Take : Select your graphics adapter hardware or change nothing.
N O T E : You need to use the F2 function key to continue forwards.










: Action to Take : Select a screen resolution that you know will work fine.

: Action to Take : Select your monitor size. Press F2 to continue.




: Action to Take : Select a colour depth. Lots of colors 16M if you can.


This is where kdmconfig shows its age again. I can not recall the last time that I set a machine to be
8-bits per pixel. If you have a graphics adapter from this millenium then you should be fine with
16777216 ( 16M or 24-bit ) colors.
: Action to Take : Just hit F2 to continue.

: Action to Take : Read this screen then hit F2 and pray everything works.

: Action to Take : If this is what you see then simply click on Yes.








: Action to Take : Sit and watch .. more on the way.











: Action to Take : Please wait ...











: Action to Take : click the Next button.











: Action to Take : select Networked and click Next.


I guess you could install Solaris onto a non-networked machine. I think that I have done it once.
Maybe. I have no idea what the point would be since Solaris comes from Sun Microsystems Inc. and
their motto has always been The Network is the Computer. Hopefully you have a network option
that is fully supported.








: Action to Take : Select No and click Next. This install is for a fixed ip machine.












: Action to Take : Enter a nice simple name for this machine. One word. Keep it simple.
W A R N I N G : Do not get fancy here. A hostname of -0 is both geeky and wrong.










: Action to Take : A boring hostname is a good hostname. Keep it simple.











: Action to Take : Enter a unique ip address that your network admin gives you.











: Action to Take : Enter the network mask that your network admin gives you.











: Action to Take : Select No here. This is an IPv4 machine we are building.











: Action to Take : Get the default network router ip address. Select "Specify One" here.











: Action to Take : Enter the ip address of your network router.











: Action to Take : Kerberos security is beyond the scope of our install. Select No.











: Action to Take : We will config Name Services later. For now just select None.











: Action to Take : Pick the region of the world you are in.











: Action to Take : Select the timezone you are in.











: Action to Take : Enter the correct time accurate to the nearest minute.











: Action to Take : Enter a nice simple root password. Nothing fancy nor obvious.
I have seen really bad things happen to people that get fancy here. Just stay away from the numeric
keypad on your keyboard and stick with basic characters, uppercase and lowercase as well as digits.
You can change this root password later after the whole operating system is installed. There is
nothing worse than going through a full install and then once you boot you are locked out because
you accidentally entered a control character or some other mistake here, twice. No joke, it happens.








: Action to Take : Do you want this machine locked down secure? Do you?











: Action to Take : Lock the machine down. Select No here. Yes really.











: Action to Take : Review your selections and then proceed.











: Action to Take : Something is happening. Just wait some more.











: Action to Take : Welcome ? At this point you get a welcome ? Confused ? Don't be.
From the first moment that you booted the CDROM you should get the feeling that you are moving
along an assembly line. It just happens to be a really big corporate assembly line and some of the
stages have been around a long time, like kdmconfig. Some have been recently added and some are
just outright borrowed from somewhere else like the GRUB boot loader. If you want to listen to a
singular beautiful masterpiece of music then you need one composer, one artist, one maestro.
Simply listen to Beethoven, Mozart or Bach's Brandenburg Concertos and you will firmly feel that one
mind orchestrated these masterpieces. The Solaris installation process was designed by departments
of people and it looks like they were not all talking to one another. I have no other way to explain
why I am getting the big Welcome at this point.







: Action to Take : Accept the defaults here.











: Action to Take : Just click OK











: Action to Take : We will install from CDROM today.











: Action to Take : More activity and we can do nothing but wait.











: Action to Take : Select the Custom Install option here











: Action to Take : Select the area(s) of the world that you need to support.
This may look like you are being asked for the area of the world that you are in again. It is not. This
is about language support and not timezones. So here you can pick multiple languages that you may
need to support.









: Action to Take : Select the language options that you want installed.











: Action to Take : Default language when the system boots? POSIX C is a good choice here.











: Action to Take : Select nothing here. If we need something later we can install it later.











: Action to Take : I have no idea what this does. Select nothing and lets move forwards.











: Action to Take : Ignore the term Cluster here. Let's just watch and wait.











: Action to Take : Select the top level Entire Group Plus OEM. It means Give Me Everything.











: Action to Take : make sure you pick default and not custom.











: Action to Take : Select your primary boot disk and then click next.











: Action to Take : This is getting ready to partition the disk. Just select the boot disk.











: Action to Take : Allocate all disk space capacity to a single Solaris partition. Click Next.











: Action to Take : Highlight your disk and click Modify.
Do not be confused by this strange screen. With a graphical environment we could get something
much better but this is what we have to deal with. We are about to set the sizes of our critical
filesystems. Not just critical but all of them in fact and that means swap space also. What you see
here are some default suggested values from the Solaris installer. We are going to change them in
the next few steps.








: Action to Take : Allocate disk space carefully.
We need to give plenty of space to the root filesystem as well as a few other places. If you have a
specific purpose for this machine then you may want to create mountpoints for things like Oracle
databases or DB2 or Lotus Domino. That sort of thing is beyond the scope of what we are trying to
do here, sorry. I just want to get you up and running. So I will explain my thinking in the next few
screens.








: Action to Take : Allocate disk space for filesystems.
This will take some explanation and it's never easy for a beginner. I will do my best to make this
painless.
1. Set everything other than the / ( root ) filesystem to 0 and clear the little name tag fields where it
says /export/home and swap. Do not touch the root file system name which is just a forward
slash.
2. Now give the root filesystem plenty of room. Like well over the suggested dosage there. I think
that 6 GB is a good number but if you are swimming in disk space then make it 10 GB. You just
need to know that the /var filesystem is contained in there also and a lot of software patches and
logging happens there. Do not get left with a root filesystem that fills up! Think bigger is better
here.
3. Do not bother trying to figure out what a slice is and just take my word for it that it is a disk
region bounded by physical cylinders on the disk. Now go to the slice 1 area and type in swap
there just like the picture below.
4. Fill in a nice healthy size for swap of about twice your memory. Do not exceed 4GB of swap as
that serves little purpose. There are more arguments over this than can be imagined and I hope
that your machine has enough memory ( 512MB or more ) and that you can allocate twice as
much for swap. If you have more than 2GB of memory then allocate 4GB of swap. If you have
more than 2GB of memory then allocate 4GB of swap. Its not a perfect world and I'd love to
discuss it on some other day.
5. Go to slice 5 and fill in the name /opt there. Give it 2GB of disk if you can. This is where a lot of
optional software gets installed. At the very least there are 1600+ titles of software packages at
Blastwave.org and they all go in there. Make plenty of room.
6. If this machine will have development software for programmers ( like me ) then you need to
create a place for Sun Studio 11 tools as well as other revisions like Sun ONE Studio 10. I
recommended a separate filesystem entirely but you don't have to do this. Either create a new
filesystem in slice 6 called /opt/studio or add more disk space to /opt. This one is up to you!
7. Create a place for users. Their home directories will go into someplace and /export/home is a
good location. Take a look at the picture below and allocate space accordingly.
8. Lastly, and this will be a leap of faith for you, set aside a small 32MB area in slice 4. If you decide
that you want to make your filesystems mirrored and thus somewhat redundant someday, then
you will need an area for something called metadevice databases. Does that sound mysterious
or what? Just allocate the space there and someday you may thank me for it.
A few things that you need to know before you plow forwards here. Firstly, if you are an advanced
user, you can allocate a massive slice at slice 3 that is large enough to hold ALL of your root slice. So
if you created a 6GB root slice ( that is slice 0 in the picture ) then you may allocate at least 6GB in
slice 3 also. Don't bother to name it anything special because we are not going to use it as an active
mounted file system. Just create it for something super special called live update. If you have the
disk space to spare then I highly recommend that you set aside a place for live update which can
allow you to upgrade the whole operating system in the future and it will happen live while you are
up and running. That, my friend, is cool enough to prepare for.












: Action to Take : Review the filesystem choices.












: Action to Take : Ready to Install ! Just click Install Now











: Action to Take : Now you can start throwing sharp pencils at the ceiling.
From here you don't do much except feed CDROMs to the computer. You can literally get up and
walk away for a while also but once all of CDROM 1 is complete the machine will reboot. You don't
have to do anything but watch. So I suggest that you watch the process, touch nothing, and wait for
the machine to reboot and be sure to eject the CDROM when that reboot happens. If you forget and
leave that CDROM in the machine then your reboot will happen but the machine will just boot the
CDROM again. So be carefull and then watch for the boot to happen.







: Action to Take : Let the machine boot on its own.
Well done! You clearly ejected the CDROM and the machine has booted to the new fancy looking
GRUB bootloader. Now just sit there and let it boot.













: Action to Take : This BIOS Error may not happen for you !
This may happen on old hardware like mine. I hope that you do not get this but if you do, then don't
panic. You simply need to update the BIOS on your motherboard.
















: Action to Take : joining multicasts failed ! You may get this message.
You may get this error message if you are somewhat security paranoid, like me, and you perform
the whole install with no ethernet cable plugged in. You can ignore this message. You should note
that the Service Manifest Facility ( smf ) is beginning to load up the new services on your computer.
Just sit back and watch .. this could take some time.

: Action to Take : Watch the Service Manifest Facility finish. That can take time.


: Action to Take : Watch the Secure Shell Daemon get its new crypto keys generated.
: Action to Take : NFS version 4 Domain Name Question. Just say no.





: Action to Take : Get the CDROM 2 of 5 because the machine will ask for it shortly.
I actually took screenshots of the next hour of feeding CDROMs to the machine. It takes a long time
and it is very boring. There is not much to say here other than it will take a long time and I will skip
past about twenty pictures of prompts for CDROMs all the way to the last CDROM.
































: Action to Take : This is CDROM 5 of 5 being read. The last CDROM !











: Action to Take : Another Summary or Status screen. Just hit continue.











: Action to Take : This may be confusing ... just watch this.











: Action to Take : Always hit Continue and/or hit Next.











: Action to Take : Please click Reboot











: Action to Take : Another GRUB Screen and boot process again. Just watch.

: Action to Take : The system will now probe for all devices. Just watch.


: Action to Take : Then we have more Service Manifest Facility things happening.



: Action to Take : Eventually you will get a sendmail error message. Ignore it. Wait ...

: Action to Take : Eventually the server will begin to load a graphical frontend. Just wait.






: Action to Take : Select Command Line Login from Options













: Action to Take : When you see this hit ENTER ! If you don't, then it will just timeout.

: Action to Take : Now login as root with the password that you set during install





: Action to Take : This is what happens when I get the password wrong. :-)

: Action to Take : Now fix the backspace key. Its annoying and easy to remedy.




: Action to Take : type in stty erase and then hit backspace and enter

: Action to Take : Check that your backspace key works.





: Action to Take : Please read everything below this picture.

I wanted to verify that my network was up and working. What you see above is how I did two
things:
1. I tried to ping a nearby neighbor machine on the same subnet,
2. then changed the ip address of the machine to 192.168.35.44 and,
3. finally realized that my ethernet cable was not plugged in.
Yes, it has been a long day. :-)

So this is actually a good practical example of how to modify the network ip address of your Solaris
server as well as check the network route table and test for connectivity. I hope that you managed
to get the correct address from your network admin or that maybe you are the network admin. In
either case I want to show you what I did and how I did it.

First I issued a simple ping command. Ping is the all time great network tester and I don't really
know what it stands for. I do know that you should be able to ping something nearby on the same
network segment in order to verify that packets are flowing.

I tried and failed.

Before bothering to look at the back of the machine I issued the command netstat -rn which dumps
out the network routing table in simple numerical format. There I see that yes indeed my default
route was set to 192.168.35.1 exactly as expected. Then I thought to myself gee, am I even in the
correct ip range or do I have an ip address conflict with some other device somewhere? For the
sake of further embarassment I did not get out of my chair and actually check for the bloody
ethernet cable. Instead I changed the ip address on the fly via the dreaded ifconfig command. I say
dreaded because it has more options than you can shake a stick at. It's powerful and it can do great
and amazing things in Solaris like assign an interface to a Zone or make fail-over network devices or
setup dedicated point to point ethernet links. At the very least it can change my machines ip address
right now.

Here is how you change a network interface network address :
1. Take the interface down or off-line thus :
ifconfig pcn0 down
2. Set a new address and the same netmask thus :
ifconfig pcn0 192.168.35.44 netmask 255.255.255.0
3. Bring the interface back on-line :
ifconfig pcn0 up
Here is how you flush the network routing table and then apply the exact same default route again. I
want to point out that this is completely unrequired but educational :
1. Flush out the network route table :
route -f
2. Add a new ( same old thing actually ) default network route :
route add default 192.168.35.1
When I tried my little ping test again and saw no response there was a little bird in the window that
said, with the clearest New York Jewish Mother accent, check tha network cable ya schmuck!
: Action to Take : continued from the previous page where I decide to insert the network cable.




: Action to Take : these are simple commands that show some system config

: Action to Take : Let's read our first manpage. That's the online manual.

n.b.: Never ever just ask for help. O, that way madness lies;


: Action to Take : groupadd is the command that allows us to create a new user group

: Action to Take : Solaris allows us to create a little over 2 billion groups.




: Action to Take : I create a group called users with a group id number of 16000

: Action to Take : Let's now figure out how to create our first user





: Action to Take : This will require some explanation. Please read below.


Creating your first user account is an important step. You can not live your life playing as the root
user and no one should. Do not take the power of root lightly as a simple and honest mistake can
ruin your system. Create user accounts instead and never give them the root account password
unless you have really good reasons too. No ordinary user will ever have valid reasons so don't give
out the root password. Am I being clear here? Let me explain what that nice long command up there
means.

You issue the command useradd with the following options :

-c User Person

This should be a real name here. With first name and last name
just like how you expect normal people to have. Not Prince with
some silly symbol.

-d /export/home/loginname

The defacto standard way to do things is to take the first letter
of the persons first name and then seven letters of their last name
and make a login name. Arguments break out all the time over this
and people just seem to want user login names that are 32 characters
long as well as mixed with spaces and special characters. If I may
quote the Bard here O, that way madness lies; let me shun that;
No more of that. Keep it simple!

-e ""

The user account expiry date after which thou shalt not login at all.
This is where I do things my way and you may choose to be different
if you wish. I give the useradd command a parameter here that is
commonly called the null string. That means the account will never
expire. If you look on your system ( with the ls command ) then you should see
a file called /etc/datemsk. That file has a whole stack of fairly unreadable
date format specifications which dictate how your system may interpret a date
provided in some parameter to some command somewhere. Take note of the fact
that the filename could have just been /etc/datetypes or /etc/datemask but no,
this is UNIX, and things are often obfuscated or spelled wrong just 'cause.
I don't know why and I often wax on for hours about this but don't get me
started now. Suffice it to say that you can look in that file of date and time
string formats and see gobblydy gook like %m/%d/%y %H:%M:%S. So feel
free to come back and create accounts that expire in 30 secs from now if
you choose just to play with this feature. Playing is learning and I think
that you should give it a whirl. Try a date like "04/08/2007 15:55:54"
which is right now for me but the past for you. Experiment. Have fun.

-f 0

This is another parameter that controls access to the account. This is the
number of days that this account may be idle, unused, not accessed before
the system declares the account invalid. Stick with positive integers and
keep it simple. There is nothing wrong with a zero here because that just
means the account will never be written off simply because no one ever
logs in anymore. For those of you that are pedantic I want to point out
that this does not mean the same thing as idle time in which the user may
actually be logged in and doing nothing. That is not what this means.

-g user

Remember when we created a thing called a group? Well this is one of
those places where we use it. This user is a member of the group user.
Not very fascinating but it does allow you to assign users to various groups
and then you can grant access to resources based on groups and not just
individual users. This account may be a member of multiple groups also.
You may also use the group id number here in place of the character name. So
that means we could have typed -g 16000 here to get the same result.
Without getting really verbose here I want to point out that this group is
considered to be the primary group for this account. You may have many
other groups down the road but this is the primary one. Remember that.

-m

This seems to be a really silly thing to specify. It means that you want
to actually make the home directory if it does not already exist. There
may be some reason why you want to dump a pile of users that are all
members of the same primary group into one place. If that directory for
a given group already exists and the security is setup correctly for
that primary group then hey, why specify the silly -m here? I don't need
to make anything in that case. This makes little sense often times and
I am probably missing something after using UNIX since the mid-80's. I
do know that if you do not specify the -m here then you can not be assured
that the users directory will be created. Go figure. Just specify the -m
and then move along.

-u 32000

This is critical. This is what is called the users id number and you need
to be sure that you do not create an account for a user all over the place
on various servers with varying user id numbers. Stay consistent and if
you know that the user has an account elsewhere then please try to use the
same user id number. In the case of a new server and a new user then just
go incrementally upwards from the highest numbered user. You can achieve
this result by simply dropping this parameter entirely and then the system
will automagically create the next user id number for you. Word of warning
here :
Never use user id numbers lower than 100.

Unless you are a guru and master of the realm then do not mess with low
uid numbers.

-s /bin/bash

This is called the users shell and it determines how the user will deal
with entering commands, issue jobs and control jobs, deal with prompts
and generally it's about as personal and critical as breathing air.
There are a number of different shells and some have been around since
what seems like the dawn of time for UNIX. Like the C Shell which is
selected as /bin/csh or /usr/bin/csh. I prefer the simple Bourne Shell
which is /sbin/sh or possibly /bin/sh or even /usr/bin/sh. Seem confused?
Good. That seems to be the point often times. Suffice it to say that
the shell is important to the user and they can do nothing without it.
Every user has their own preference and often times a pile of software
written with that shell. These are called shell scripts and users like
them to actually work as expected. Think of the users shell preference
as their chosen country and language of origin. This is how they work
and what they are accustomed to. Never draw the wrath of the users on
yourself by swithing their shells around on them. Give them what they
want. Please take a look in the file /etc/shells to see a list of all
the supported options. There are a pile of them most likely.

I chose the Bash shell for this user only because its popular these days
and for no other reason. It is a good place to start if you are wandering
in from the Linux world.

uperson

This last parameter is not really a parameter at all. Good luck doing
anything without it however. This is the actual login name that the
user will use. It is a nice simple string and you should stick with the
defacto standard that I mentioned above : eight characters with a
first initial and then seven letters from the last name. Whatever makes
the most sense. Keep it simple.

The last thing to do is set the password for this user. Again you should keep it simple. Just like I
advised for the root user you need to stick with basic letters and numbers. A mixture of uppercase
and lowercase is a good idea and please do not use trivial easy to hack junk like password. Once
we start using a secure shell with dual key public encryption as well as authentication via key
exchange then our concerns are essentially eliminated unless you wear a tin foil hat and peer out
your window for those black helicopters. Oh, and yes, both the NSA and the FBI are running
carnivore to track all your traffic and they can decrypt in real time. There, now I'll bet you feel real
secure :-)
: Action to Take : just type exit and let's move on with a graphical world :-)










: Action to Take : just watch ...

















: Action to Take : look at the beauty. better yet .. login. So type the user account name












: Action to Take : now enter the password












: Action to Take : Select Java Desktop System Release 3 please !














: Action to Take : sit and watch the GNOME or JDS team names go by .. for a while












: Action to Take : click the right mouse button on the clock applet, select 24 HR display












: Action to Take : start the built in Mozilla Browser












: Action to Take : watch the browser fail to load www.sun.com .. let's fix that next












: Action to Take : right mouse click on any empty desktop area and start a GNOME terminal















: Action to Take : sorry but we need to use vi as the root user to fix this. Read below

An Apology for vi :
I don't have a soft and gentle way to introduce you to vi. It is not user friendly. It may actually be
the most user hostile editor in the world with the exception of front panel binary toggle switches,
which I hope you have never had to experience. The vi editor, if you know it, you generally love it.
In the UNIX world the vi editor is a rite of passage and you will need to know it with a reasonable
degree of fluency in order to function. What I will do here is give you the absolute minimal that you
need to get the job done and then hope that you survive. If you come from the Microsoft Windows
world then I suggest you brace yourself for a terrible shock to the senses. There is no other way to
put it. I'm sorry.
vi gets the job done - every time
Regardless of the fancy looking graphical user environment you need to know that you are in UNIX
land now and you will do things in a UNIX way. That means you will edit files with the vi editor and
you will discover that it gets the job done every time without fail. When you really need to edit a file
and you have nothing but an old DEC VT220 terminal ( the best ever! ) hooked to the serial console
of a server then vi will work. If you have to telnet or ssh into a server half way around the world with
nothing but a 9600 baud modem link then vi will work. So welcome to UNIX and let's get the job
done. Let me walk you through the steps simply and then I will explain more below.
The issue on the table right now is name resolution. Every server and web site on the internet has a
specific ( and hopefully unique ) network address. We call that the ip ( internet protocol ) address
and you generally see it described as a sequence of four decimal numbers separated by dots. Like
192.168.35.44 for example. Every server and every website has at least one of these addresses but
no one really uses them much unless forced to. If we want to go to a website we simply give the
browser an address of www.sun.com or maybe just sun.com. Somehow your browser needs to
convert that name over to an address like 72.5.124.61. That process is called name resolution in
that the URL ( uniform resource locator address ) www.sun.com must be resolved to the address
72.5.124.61 without the user doing anything special. There are special purpose network services
called name servers or Domain Name Servers that do the hard work for us. The internet is always
in a state of change so we need some special servers to track those changes and provide name
resolution for us. We call these servers our DNS servers and you need at least one of them.
You need to ask your network admin for the ip addresses of your DNS servers. Hopefully you have a
few of them. Once you have these ip addresses you then put that information into a special
configuration file called /etc/inet/resolv.conf which is located in a special area where nearly all
network config information resides. That file needs to be created with the vi editor. Even more
important is the fact that no one can simply do this without special security clearance. You will need
to be the root user in order to get the job done.
Follow these instructions carefully.

You will need to become the superuser or root level user with the command
su. Generally it is wise to type this command in as su followed by a single
space and a dash. That means that you want to become the root user as well
as have the correct environment variables in place as if you actually logged
in just like the root user from the very beginning. You will need to then
enter the root user password.


bash-3.00$ su -
Password:
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
#

We now need to start the vi editor and create our new file called /etc/inet/resolv.conf thus :

# vi /etc/inet/resolv.conf

Your terminal window should instantly change into the editor window for this
new file. You will see a series of squiggly tilde characters ( ~ ) along the
left margin as well as the status line at the bottom. The status line will
tell you that this is a New File like so :


~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/inet/resolv.conf" [New file]

If you see that on your terminal window then all is perfect.

Do not just start typing or banging away at the keyboard !


The vi editor is now waiting for you to tell it what to do with some really simple commands. The only
one that you need to know right now is the insert mode command. The vi editor may look like it is
ready to receive the contents of the file from your keyboard but don't be fooled. Its just waiting for a
command actually. So press the letter i ( lowercase i as in india ) and then you will see nothing
happen. That's right. Nothing. The vi editor shows you that it is ready to receive input with no
indication at all. User friendly eh?
Suffice it to say that you may now type in the following strings precisely as described below. Where I
show you <tab> I mean that you press the tab key. Where I show you <cr> I mean that you press
the enter key. Where I show you <ESC> then you press the ESC ( escape ) key. Got that? Now do
this exactly as I show you :

nameserver<tab>192.168.35.1<cr>
nameserver<tab>192.168.35.254<cr><ESC>

Everything that you type will go straight into the file up until you hit <ESC>. When you press the
<ESC> key you are telling the vi editor to stop with the input of data and to switch back into
command mode. By command mode I mean that vi will not enter data anymore but will sit there
waiting for a command. Like the letter i that tells it we are going to insert text into the file. The vi
editor is really simple when it comes to input. Just press the letter i and it starts taking in data and
shoving it into where the cursor happens to be. Hit <ESC> and it stops. Moving the cursor around
after you hit <ESC> should be dead easy. Just use the arrow keys on your keyboard. If you don't
have those arrow keys ( and who doesn't these days ? ) then there happens to be the ultimate in
geeky cursor navigation commands for vi. These are the trademark geek squad little things that
separate the UNIX people from the get-a-real-computer types. For your further edification here they
are :

the vi navigation keys are h j k l

k
^
|
up
|

h < left right > l
|
down
|

j


Most people, with enough experience in UNIX, will never touch the arrow keys at all. This page was
written entirely with vi as were all the rest. It simply becomes second nature. For now we will
concentrate on getting your name resolution information set correctly and leave further vi
gymnastics for some other day. I do need you to know that there is a fantastic vi tutorial at the
Purdue University website. You will be able to read it from your new Solaris 10 machine when we get
your DNS data entered! Here is the tutorial address :
Vi Text Editor: Tutorial
If you followed my instructions carefully then you most likely have a file with two nameserver lines
in it and they are both wrong for you. That is fine. I just wanted you to edit a file. Now I want you to
enter the correct data and you will do that by going into insert mode again. Just hit the letter i and
then the enter key. Type in the keyword nameserver followed by a <tab> as well as the ip address
of your first DNS server. At the end of the line you hit the <ESC> key to stop data entry.

Since we know that both of the top lines are wrong we can just delete them. How? Well you press
the k key a few times to move up the file to the top line. Then press the d key twice ( dd ) to delete
the entire line. That line will vanish and the rest of the file will move upwards. These are little things
that we take for granted with modern big bloated word processing software. Remember that vi was
written such that it will run in the smallest of systems with little or no graphics, bandwidth, or
memory.

At some point you may wonder if we will ever actually write this file out to the disk. Thus far
everything that you have done is in memory and thus you have done no damage and no change to
the system. That is good to know. If you want to write out this data as a file onto the filesystem then
you do the following :


To write out the file just hit <ESC> once in order to ensure we are
not in input mode or edit mode. Then press the colon key : followed by a
letter w ( w as in write ) and then hit enter.

What you will see on the terminal screen will look like so :

nameserver 192.168.35.245
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
:w

and then after you hit enter you see this

nameserver 192.168.35.245
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/etc/inet/resolv.conf" [New file] 1 line, 26 characters

You may have written two lines of data to that new file or just one. It really depends on if you have
one or two DNS Servers. I only entered one for this example.

Note that vi is still running and that just because you wrote the file out to disk does not mean that
you can not keep making changes. The file that you are working with within vi is really just a buffer
in memory and thus the file on disk will not change until you actually issue a write command to vi.
Therefore I want you to now modify this such that we have your domain name as well as one more
DNS server if you have it. I want you to open up a new blank line above the uppermost line of this
file. You do that by simply hitting the k key to position your cursor on the top line and then hit the
capital letter O ( O as in Open ) to open up a new line. Then type in the keyword domain followed
by <tab> and then the name of your internet domain if you know it. If your new system is inside a
network with the domain name sun.com then you may enter sun.com. If the name is wikipedia.org
then please enter that after the <tab>. If you ever make a mistake then just hit <ESC> and then
use the letter x to delete characters one at a time. Or use dw to delete a word. Or use dd to delete
the whole line. Use the capital letter O to open up a new line above the current cursor location. Hit
the <ESC> key anytime you think you are in the wrong place and then navigate around with those h
j k l keys. Or the arrow keys if you need to. What I am saying here is just get your domain name and
nameserver data into that file just like what you will see on the next page. :-)

: Action to Take : let's finish off /etc/inet/resolv.conf completely. Read below.


Given what little you may know about vi I hope that you can hack about within it and get your
domain name and DNS server information into /etc/inet/resolv.conf like the example in the picture.
Then to save the file and quit vi just simply hit colon : and w ( for write ) and q ( for quit ). Your
terminal will display the number of lines and characters. You should also be back at the prompt for
the root user.

To verify the contents of that file simply issue the command cat /etc/inet/resolv.conf and hit
return. If you do not see exactly what you expect then you need to edit that file and fix it.
: Action to Take : read about files and symbolic link magic before we move on

We have a few more little steps to take before name resolution will work for you. We need to
correctly place a symbolic link for our file /etc/inet/resolv.conf into the directory /etc. If you have no
idea what a symbolic link is then let me explain briefly. Think of a symbolic link ( symlink ) like a
signpost that says this way to your file. Like a street sign may be placed somewhere near a street
and pointing towards the destination. Its not really the actual file that you need but it will act just
like it. That is the simplest way I can describe it.

You need to change directories into /etc with cd /etc and then fix up the permissions ( security
rights ) on the file /etc/inet/resolv.conf. Then we create the symlink. Like so :


# cd /etc
#
# chown root:sys ./inet/resolv.conf
#

The command chown will change the ownership of that file such that the user root and the group
sys own that file. The word own isn't really accurate. Really we are granting rights to that specific file
and with the command ls we can see the details :

# ls -lap ./inet/resolv.conf
-rw-r--r-- 1 root sys 94 Apr 9 00:40 ./inet/resolv.conf
#

There you see that I used the parameters -lap with the command ls to dig out details about the file.
The pile of characters at the beginning of the output are really important. What you are seeing there
are the rights or permissions that various accounts or groups have. Think of it as seven letters
where a dash means nothing here. So there you see a leading dash followed by rw-r--r--. Forget
that leading dash for now as it would take a while to explain. Just focus on those six right most
characters there. They are actually arranged in groups of three letters at a time and you can read
them like this : rw- and then r-- and finally r--. Each of those three characters specifically
determines the security or access rights of a given user or a specific group. The first set there
determines what the owner of the file can do. In this case the owner is shown to be the root user
and the rights are read plus write. That is what rw- means. It means read plus write access is
granted to the user account associated with this file. The next three letters determines access for a
given group and then the last three letters specifies everyone and anyone. So in both cases we see
that read access is granted. Not write access. That means that only the root user can both read and
write the file while everyone else can simply read.
A few examples never hurt anyone and so therefore consider the following :

Some file exists that was created by a user phil. He also set the group access
of the file to some group called dvd. He then granted read access to the group
and no one else. The file looks like so :

$ ls -lap foo
----rw---- 1 phil dvd 9 Apr 9 00:55 foo

Some user, not phil, may be a member of the group dvd and then read what is
in that file :

$ cat foo
security

Any user that is not a member of the group dvd will see this :

$ cat foo
cat: cannot open foo

Furthermore, if the user phil is removed from the group dvd then he too
will lose access to the file because it specifically denies access to
him. Only members of the group dvd may access that file for read and
write and no one else.


Guess what? There is one user that can always read that file. The user known as root is the
superuser. All seeing and all powerful the root user can even open files that look like this :

# ls -lap foo
---------- 1 phil dvd 9 Apr 9 00:55 foo
# cat foo
security

Pretty silly looking file security there on that example. It should be illegal to grant no access to a file
but there you see the absurd on display. Almost anything is possible it seems. Even when it should
be impossible. Regardless, I have strayed from the intent and purpose while spilling out education.
Let's get back on track.
A symbolic link is like a little pointer that sits on a disk and points to some file somewhere else. Let
me give you an example :

# echo "bar" > foo
# ln -s ./foo ./bar
# cat bar
bar
# ln -s ./bar ./foobar
# ls -lap foo bar foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 bar -> ./foo
-rw-r--r-- 1 root root 4 Apr 9 01:13 foo
lrwxrwxrwx 1 root root 5 Apr 9 01:14 foobar -> ./bar

Now here is the play by play for the above. First I use the echo command to toss the word bar
into a file named foo. The echo command does not do much more than what it sounds like; it just
echoes out whatever input it receives. The greater than sign there > says to take the output and
stuff it into a file called foo. So the file foo exists and it contains the three characters bar. Plus a
special character called a carriage return. ( Hence 4 bytes as you will see later. ) Next I use the ln
link command to create a symlink from the real file foo to an imaginary file called bar. The leading
dot and slash are simply pedantic ways of saying that I want these files in this current directory.
Next I use the cat command to dump that new imaginary file called bar onto the terminal. Sure
enough the result is just bar. To add another level of complexity I then create a symlink from
foobar to bar. Neither of which are real files! More absurdity really but it allows us to create symlinks
that point to symlinks that point to files. At least we hope that the file exists. The final command
there shows us a detailed list ( via ls ) which reveals that foo is a real file with permissions and size.
There exists two symlinks that each have radical looking permissions as well as a leading letter l (
lower case l as in link ).

For the sake of being complete I will show you that we can get into trouble by destroying the file
that is real and then we are left with nothing but symlinks that point, ultimately, nowhere. Thus :


# echo "foo" >> foo
# ls -lap foo bar foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 bar -> ./foo
-rw-r--r-- 1 root root 8 Apr 9 01:29 foo
lrwxrwxrwx 1 root root 5 Apr 9 01:14 foobar -> ./bar
# rm foo
# ls -lap foo bar foobar
foo: No such file or directory
lrwxrwxrwx 1 root root 5 Apr 9 01:14 bar -> ./foo
lrwxrwxrwx 1 root root 5 Apr 9 01:14 foobar -> ./bar

There you see that I used echo again but this time I threw a double greater than sign after it. The
double > indicates that the output from the echo command is to be appended to the end of the file
foo. Thus you now see that foo becomes eight bytes in size. The next thing that you see is that I
actually remove the file foo from existence with the rm command. The file is gone but the symlinks
that once point to it are still there. This is where a symlink is not very useful.

One final atrocity and abuse of symbolic links is the circular link thus :


# ln -s ./foobar ./foo
# ls -lap foo bar foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 bar -> ./foo
lrwxrwxrwx 1 root root 8 Apr 9 01:33 foo -> ./foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 foobar -> ./bar
#

If that looks insane then you are correct to feel that way. No file called foo even exists anymore but
we have a symlink foobar that points to bar which points to foo which is in turn a symlink that points
to foobar. Madness. Now you will see a file that even the root user can not access because it does
not exist :


# cat foo
cat: cannot open foo
# ls -l foo bar foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 bar -> ./foo
lrwxrwxrwx 1 root root 8 Apr 9 01:33 foo -> ./foobar
lrwxrwxrwx 1 root root 5 Apr 9 01:14 foobar -> ./bar
# unlink foobar
# unlink bar
# ls -l foo bar foobar
bar: No such file or directory
foobar: No such file or directory
lrwxrwxrwx 1 root root 8 Apr 9 01:33 foo -> ./foobar
#

The thing called foo still says that it is 8 bytes in size but it is a symlink that points to nowhere. The
normal symbolic links needed just five bytes on the disk but this thing that we are left with needs 8
bytes. I don't know what it is but I think I had better delete it.

The lesson here is that you need to be careful with symbolic links and with file permissions. Yes you
can access just about anything as root so long as the thing in question is sane. You can do damage
through a sequence of perfectly logical steps and render an illogical result. Simply be careful is all I
am saying here. Have a look at the picture above and let's edit the /etc/nsswitch.conf configuration
file.
: Action to Take : edit /etc/nsswitch.conf and add dns to the hosts line





: Action to Take : verify your work and verify your defaultrouter setting












: Action to Take : let's look into both the hosts file and ipnodes file











: Action to Take : not much to do here. Just enter :n into vi to move onwards











: Action to Take : again .. not much to do here. Just verify the ip looks correct











: Action to Take : with name resolution in place your browser should now work













: Action to Take : Experiment with GNOME Themes and windows styles. Play. Work.