Unix System

Administration
Solaris Management Console

Chuck Hauser
2006-10-13
 Presentation Conventions
 Names (files, users, daemons) are usually in bold:
/etc/syslog.conf
 System dependent or variable items are usually in italics:
/var/sadm/patch/patchnumber/log
 File entries and output are in mono-spaced type:
> root 8036 c Tue Apr 26 23:59:00 2005
< root 8036 c Tue Apr 26 23:59:59 2005
  marks a line wrapped to fit on the slide:
mv Solaris_9_Recommended_Patch_Cluster_log
Solaris_9_Recommended_Patch_Cluster_log.yyyymmdd
  marks a horizontal tab (09 hex)
 Reference OE for programs and documentation is
Solaris 9
 Introduction
 “The Solaris Management Console is a
graphical user interface that provides access to
Solaris system administration tools.”
 Replaces both AdminSuite and Admintool.
 The Solaris Management Console (abbreviated
as SMC from here forward) first appeared in
Solaris 2.6.
 SMC continues at least through Solaris 10.
Admintool and Java Web Console
 Solaris 9 includes
admintool, but it
opens with this
message. Admintool
is not in Solaris 10.

 The browser-based
Java Web Console
was introduced in
Solaris 10 as a future
replacement for SMC,
but currently it has
almost no
functionality.
SMC Advantages Over admintool
 Replaces the root-privileges of admintool
with more flexible role-based access
control (RBAC) if desired.
 Based on a toolbox concept; different
collections of tools and folders can be
grouped for user’s role or experience.
 Can be extended with JavaBeans, legacy
apps, commands, etc.
 Has context-sensitive help.
 Role-Based Access Control (RBAC)
 Replaces the all-or-
nothing superuser
model with least-
privilege security;
allows separation of
superuser capabilities.
 A role account is created with specific rights that
are granted to a set of users.
 See System Administration Guide: Security
Services (817-0365) Chapters 5-7.
Solaris Management Tools History
Solaris Solaris Solaris Solaris Solaris
2.6 7 8 9 10
admintool Yes Yes Yes Yes No

SMC 1.0 Yes Yes Yes No No

SMC 2.0 No No Yes (1/01) No No
SMC 2.1 No No No Yes Yes
Web Console No No No No Yes

See System Administration Guide: Basic Administration (817-3814)

Chapter 1 Solaris Management Tools (Roadmap) for a matrix of Solaris
management tools support.
Solaris Management Console 2. 1 Packages

SUNWmccom Common Components

SUNWmcc Client Components
SUNWmc Server Components
SUNWwbmc WBEM Components
SUNWmcex Examples
SUNWmcdev Development Kit
 Solaris Management 2.1 Packages

SUNWmgapp WBEM Management Applications

SUNWmga Solaris Management Applications
SUNWdclnt Solaris Diskless Client
Management Application
SUNWpmgr Solaris Patch Management
Applications
SUNWrmui Resource Management User
Interface Components
Solaris Volume Management Packages

SUNWlvmr SVM (root)

SUNWlvma SVM APIs
SUNWlvmg SVM Application

Because Solstice DiskSuite has been incorporated in

Solaris 9 as the Solaris Volume Manager, the DiskSuite
Tool (metatool) has been removed and SMC is now the
graphical interface for Solaris Volume Management.
 SMC Documentation
 There is no Sun manual that covers only SMC.
 The System Administration Guide: Basic
Administration (817-3814) introduces SMC in
Chapter 2 Working With the Solaris
Management Console (Tasks)
 Other references are scattered in the various
System Administration Guides.
 BigAdmin has SMC 2.0 Frequently Asked
Questions which also has 2.1 tips at
http://www.sun.com/bigadmin/content/misc/smc2
0_faq.html.
 SunSolve has a Solaris Management Console
Support Document (70475).
Solaris Management Console Tools
 Solaris Management Console Tools by
Janice Winsor (Sun Microsystems Press,
2002) covers SMC 2.0 and is out of print.
 Three sample chapters are online:
 Networked System Administration Tools from
Sun Microsystems
 SMC Toolbox Editor: Creating and Editing the
SMC Toolbox
 Using SMC Tools
 SMC Help
 Online help is
available. The
currently selected tool
will determine the
help shown.
 A simple non-boolean
search is available.
 Help can be printed.
 SMC Components
 SMC Server: provides tools for console
and services such as authentication,
authorization, logging, messaging, etc.
 SMC Toolbox Editor: used to modify or
create toolboxes.
 SMC client (the ‘Console’): interface that
contains the GUI tools used to perform
management tasks.
 SMC Server Components
 The SMC server is a Java-based daemon.
 Although it is a single process, it is a server for
both the Solaris Management Console and
Solaris Web-Based Enterprise Management
(WBEM).
 If server crashes or console never loads, stop
and restart the server using the init.wbem
command (next slide).
 Running the SMC Server
 The script /etc/init.d/init.wbem is used to start
smcboot, a small proxy server (see Initial
Server Configuration slide).
 In addition to the usual start and stop
arguments, init.wbem also takes a status
argument:
# /etc/init.d/init.wbem status
Solaris Management Console server
 version 2.1.0 running on port 898.
 For startup, init.wbem is linked to
/etc/rc2.d/S90wbem and the shutdown scripts
are /etc/rc0.d/K36wbem, /etc/rc1.d/K36wbem,
and /etc/rcS.d/K36wbem.
 Running the Console Locally
 Choose Solaris
Management Console
from the CDE Tools
Menu (see right)
 Or double-click the
SMC icon in CDE
Applications Manager
or File Manager
Starting the Console Locally by Command Line

 Must be in an X11 terminal window, i.e.,

xterm.
 Use the following command:
/usr/sadm/bin/smc&
 The command line is also used when
using a PC X server to remotely run SMC.
 Running SMC in Web Browser
 Despite what some
of the documentation
implies, SMC cannot
be run in a web
browser.
 Java Web Console
(Solaris 10) can.
Options for Running SMC Remotely

 Use a Unix box with

SSH and Xwindows
 Run Xwindows on a
PC
 Run Solaris or other
Unix in a PC virtual
machine such as
VMware (right)
Remote X Server to Run on PC

 Use commercial
product or download
free Cygwin
environment
(www.cygwin.com).
 Cygwin provides both
X11 and OpenSSH
for running SMC.
Install OpenSSH and X11from Cygwin
 SSH X11 Tunneling
 The Secure Shell (SSH) can be used to
encrypt X11 traffic by forwarding through
an SSH tunnel.
 Neither Xhosts nor Xauth are necessary
when using SSH to tunnel.
 X11 Forwarding Configuration
 /etc/ssh/sshd_config must be modified to
allow X11 forwarding by the ssh server.
 Find Line with X11 tunneling options:
# X11 tunneling options
# X11Forwarding no 
X11DisplayOffset 10
 Change to allow forwarding:
X11Forwarding yes
Getting sshd to reread sshd_config
 Send a SIGHUP signal to the sshd daemon to reread
the configuration file.

 There may be multiple instances of sshd running if using

privilege separation:
ps -ef | grep sshd
root 304 702 0 19:36:22 ? 0:00 /usr/lib/ssh/sshd
root 702 1 0 Oct 05 ? 0:00 /usr/lib/ssh/sshd
cfhauser 308 304 0 19:36:30 ? 0:00 /usr/lib/ssh/sshd
cfhauser 178 175 0 19:25:32 ? 0:01 /usr/lib/ssh/sshd
root 175 702 0 19:25:25 ? 0:00 /usr/lib/ssh/sshd

 Signal process 702 (whose parent is process 1):

kill -1 702
SSH X11 Tunneling Example
Possible Missing Font Message
 This message may appear when using a remote
X server on a PC to run SMC:
Warning: Cannot convert string
"-monotype-arial-regular-r-normal--
*-140-*-*-p-*-iso8859-1" to type
FontStruct
 The Java Virtual Machine running SMC on the
server is requesting a font that is not in the font
set of the remote X server.
 This message may be safely ignored, but it can
be fixed by aliasing the font (see following).
Removing Font Error Message in Cygwin

 Edit /usr/X11R6/lib/X11/fonts/75dpi/fonts.alias
 Add the following as one complete line:
-monotype-arial-regular-r-normal--*-
140-*-*-p-*-iso8859-1 -b&h-lucida-
medium-r-normal-sans-14-140-75-75-p-
81-iso8859-1
 In an xterm window, force X server to re-read
fonts: xset fp rehash
Removing Font Error Message in X-Win32
(Hummingbird)
 Open the X-Util32 configuration utility.
 Select Fonts  Alias
 Double-click 75dpi; double-click fonts.alias to
open Font Alias dialog box.
 Enter in the Alias from field:
-monotype-arial-regular-r-normal--*-
140-*-*-p-*-iso8859-1
 Enter in the Alias to field:
-b&h-lucida-medium-r-normal-sans-14-
140-75-75-p-81-iso8859-1
 Click Add
 Running su When Tunnelling
 Although a normal user can start SMC, usually want to run as
root (if not using RBAC) to avoid problems with loading some
tools.
 When using su to switch to root, do not use the ‘–’ option,
otherwise the DISPLAY variable defining the local display will be
lost:
 Initial Server Configuration

 The smcboot native program waits for a

connection from a console program on port 898.
 When a connection is received for the first time,
the real java-based server is called and displays
the above while the server initializes.
 Console Elements
 The default console
consists of three main
panes: Navigation, View,
and Information.
 There is a menu bar, tool
bar, status bar, and if
enabled, a location bar.
 Context Help and
Console Event tabs are at
the bottom.
 Console Preferences
Choose Console Preferences to change:
 Console (toolbox used)
 Appearance
 Toolbar
 Fonts
 Tool Loading
 Authentication
 Navigation Pane
 Acts similar to a frame in
a web page.
 Clicking on in item in this
pane will display this item
in the View pane.
 Double-click on an item
or click on the turner icon
( ) to expand tree.
 View and Information Panes

 View Pane – shows information related to selected

node in navigation pane.
 Information Pane – on bottom; either displays context-
sensitive help or console events depending on
selected button.
Default Toolbox

The default toolbox

contains tools for:
 System Status
 System Configuration
 Services
 Storage
 Devices and
Hardware
 Logging In

Even when running as root, selecting a tool will require

logging in as root. If using RBAC, login as a role name
and password.
System Status – System Information
 System Status – Log Viewer
 The log view defaults
to events logged by the
WBEM logging service
(/var/sadm/wbem/log).
 Syslog files may be
chosen by selecting
drop down box labeled
Log File, but view must
be manually refreshed.
Note: the OpenWindows xconsole program provides a continually updated
display of console messages in an Xwindow; it should be run as root:
/bin/su root –c “/usr/openwin/bin/xconsole –daemon –verbose”
 System Status – Performance
 Displays performance data
based on projects, user, or
summary.
 Basically useless in System
Performance Summary
mode: the display blanks while
system gathers new data,
information appears briefly,
then blanks for next cycle.
Project and User screens are
more useful.
 Before running: be sure to
change Preferences 
General from default 30
seconds to longer time period
to have a chance of seeing
data.
System Status – Processes
 Use View  Filter to
search for an individual
process.
 Right-click on an
individual process to see
process properties,
suspend a process,
resume a suspended
process, or kill (‘delete’) a
process.
System Configuration – User Accounts

 Allows viewing or
modification of individual
user accounts.
 Probably best method for
working with RBAC.
 Multiple users can be
added in a batch
operation (see Adding
Multiple Users).
User Properties (1)
User Properties (2)
User Properties – Home Directory

Modifying the
user’s home
directory will
change the entry in
/etc/passwd for
the user and
rename the old
home directory to
the new name.
 Users – Adding Multiple Users

 An SMC wizard can be used to add multiple users by

 User types each name
 Generate automatic prefix followed by numeric sequence
 Use text file in a format similar to /etc/passwd; minimum should
have: newdudeid:New Dude
 Other batch operations on users (add, delete, modify)
can be performed at the command line using the
smmultiuser command.
Users – User Templates
User templates
are a named
collection of
user properties
that can be
used as the
starting point for
creating new
users.
Users – Rights
 Actually RBAC Rights
Profiles, a collection of
commands, authorizations,
or other rights.
 Rights could be directly
assigned to a user, but
better to assign to a role,
then assign the role to
users.
 The next slide shows a
rights profile for User
Security.
Right Properties for User Security
 Users – Administrative Roles

 No roles are predefined.

 Sun suggests creating Primary Administrator, System
Administrator, and Operator rights profiles.
 This example adds a password.operator role for handling
user password requests.
Adding an Administrative Role (2)

 A password is
required, to be used
when a user switches
to the role.
 The predefined User
Security right is
added; note the
contextual help.
Adding an Administrative Role (3)

 Roles are structured

similarly as users,
including a home
directory.
 After a role is defined,
add regular users to
the role.
Adding an Administrative Role (4)

 The final review

screen before
creating the role.

 The finished role on

the Adminstrative
Roles screen.
User Groups and Mailing Lists
 Note that users can be
pasted into a selected
group.

 Mailing Lists provides

an convenient front-
end for the sendmail
alias file.
System Configuration – Projects

 Manages the Solaris project database.

 A project is a way of identifying related work by users in
groups.
 The right screen shows Performance grouped by
projects.
System Configuration – Computers and Networks
For working with
ethers, hosts, and
networks files.
System Configuration – Patches
 Patch Tool Configuration
 Analyze and Add Patches, and Download Patches tools will fail if not
configured; even then the smpatch command is often more successful.
 Cannot be configured in SMC, must use smpatch command as root:
smpatch set patchpro.sun.user=yourSunsolveId
smpatch set patchpro.sun.passwd=yourSunsolvePassword
 To see settings:
# smpatch get
patchpro.backout.directory - "“
patchpro.download.directory -
/var/sadm/spool
patchpro.install.types -
rebootafter:reconfigafter:standard
patchpro.patch.source -
https://updateserver.sun.com/solaris/
patchpro.patchset - patchdb
patchpro.proxy.host - "“
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - "“
patchpro.sun.passwd **** ****
patchpro.sun.user yourid@youridemail ""
Patch Properties
 Services – Scheduled Jobs

 Provides a human-friendly front-end to cron,

instead of editing by hand with crontab –e
 Command-line equivalent is smcron
Add Scheduled Job Wizard
 Storage Tool

 Mounts and Shares – Creates and manages mounts

and shares
 Disks – Display disk properties and create partitions
 Enhanced Storage – Solaris Volume Manager; create
and manage volumes, soft partitions, hot spare pools,
disk sets, and state database replicas.
Storage Tool Mounts and Shares – Mounts
Mounts and Shares – Mount Properties
Mounts and Shares – Usage
Storage – Disks
Storage – Disk Properties and Partitions
Storage – Partitioning a Disk
Enhanced Storage – Volume Properties (1)
Enhanced Storage – Volume Properties (2)
Enhance Storage – State Database Replicas
 Devices

Currently the Devices tool only works with serial

ports and modems.
 SMC Command-line Tools
smc Starts the Solaris Management Console
smcron Manages crontab jobs
smdiskless Manages diskless client support
smexec Manages entries in the exec_attr database
smgroup Manages group entries
smlog Manages and views WBEM log files
smmultiuser Manages bulk operations on multiple user accounts
smosservice Adds OS services and diskless client support
smpatch Manage patches
smprofile Manages profiles in the prof_attr and exec_attr databases
smrole Manages roles and users in role accounts
smserialport Manages serial ports
smuser Manages user entries
 RBAC Command-line Tools
auths Print authorizations granted to a user
profiles Displays execution profiles for a user
roleadd Administer a new role account on the system
roles Print roles granted to a user