번호   제목 닉네임 조회 등록일
Notice [공지] 게시자료 열람자유. 불펌금지입니다. image
조인상
11812 2010-12-07
92 SUN T5240용 시리얼케이블 만들기 imagefile
조인상
7774 2014-06-09
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 매뉴얼에서 추출한 시리얼포트 핀 아웃 다이어그램 그리고 DB-9에서 UTP쪽으로 가는 핀배열 확인 시판되는 DB-9-to-RJ45 커넥터 핀 배열 확인 바로 이런놈. 이제 마지막으로 최종 핀 배열을 구하면... 시판되는 DB-9-to-RJ45 커넥터를 다음과 같이 연결해주면 완성된다.
91 Solaris 10 Network - IP구성 및 network restart
조인상
13842 2013-04-08
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 출처 : http://escapetowork.tistory.com/48 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1. Hostname 변경 /etc/hosts -> IP [tab key] hostname [tab key] 도메인(.hostname) [tab key] localhost -> 해당 장비에 사용할 IP [tab key] hostname [tab key] 도메인(.hostname) [tab key] localhost /etc/nodename -> hostname *hostname는 해당장비 명칭 /hostname.NIC *NIC는 장비별로 이름이 다름 2. Gateway 설정 route add default 192.168.1.1 또는 /etc/defaultrouter 에 게이트 웨이 입력 route add destination_IP gateway_IP 3. DNS 추가 /etc/resolv.conf -> nameserver 192.168.1.227 -> nameserver 192.168.1.26 4. /etc/nsswitch.conf 파일 추가 작업 hosts: files dns<-추가 5. netmask입력 /etc/netmasks -> 192.168.0.0 255.255.0.0 6. 네트워크 관련 설정 파일을 다시 읽어 들인다. svcadm -v restart svc:/milestone/network:default 7. 네트워크 서비스 재시작 svcadm -v restart svc:/milestone/network:default svcadm restart network/physical 장치 인식 ifconfig 인터페이스명 plumb ========================================================================== NIC 카드 인식 확인 nic (lan card) 추가 방법 <<<<< 사용중인 서버에 새로운 network interface card 추가하여 사용하는 방법. network card를 설치 했다는 전제 하에서 아래 작업을 하시면 됩니다. 1. booting ok boot -r 또는 #reboot -- -r 2. booting후 /etc>/path_to_inst file에 추가된 network interface card가 있는지 확인 예 ) --------------------------- "/ssm@0,0/pci@1c,700000/pci@1/SUNW,hme@0,1" 0 "hme" <--- 기존에 있던것 "/ssm@0,0/pci@1c,700000/bootbus-controller@4" 2 "sgsbbc" "/ssm@0,0/pci@1b,600000" 7 "pcisch" "/ssm@0,0/pci@1c,600000" 9 "pcisch" "/ssm@0,0/pci@1b,700000" 6 "pcisch" "/ssm@0,0/pci@1e,700000" 12 "pcisch" "/ssm@0,0/pci@1e,700000/bootbus-controller@4" 3 "sgsbbc" "/ssm@0,0/pci@1e,700000/pci@1" 1 "pci_pci" "/ssm@0,0/pci@1e,700000/pci@1/SUNW,qfe@3,1" 3 "qfe" <--- 신규로 추가한것 "/ssm@0,0/pci@1e,700000/pci@1/SUNW,qfe@2,1" 2 "qfe" <--- 신규로 추가한것 "/ssm@0,0/pci@1e,700000/pci@1/SUNW,qfe@1,1" 1 "qfe" <--- 신규로 추가한것 "/ssm@0,0/pci@1e,700000/pci@1/SUNW,qfe@0,1" 0 "qfe" <--- 신규로 추가한것 ---------------------------------- 3. 현재 network interface 확인 (hme0만 있슴) root@crmdm:/etc>ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 191.1.57.18 netmask ffff0000 broadcast 191.1.255.255 ether 0:3:ba:8:f3:6c 4. 추가한 qfe0 를 인식 시킴 root@crmdm:/etc>ifconfig qfe0 plumb 5. qfe0 추가 확인 root@crmdm:/etc>ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 191.1.57.18 netmask ffff0000 broadcast 191.1.255.255 ether 0:3:ba:8:f3:6c qfe0: flags=1000842 mtu 1500 index 3 inet 0.0.0.0 netmask 0 ether 0:3:ba:8:f3:6c 7. 추가된 qfe에 ip , netmask,broadcast 할당 root@crmdm:/etc>ifconfig qfe0 inet 200.200.200.200 netmask 255.255.255.0 broadcast 100.100.100.255 up 8. 추가된 qfe0에 network signal이 있는지 확인 root@crmdm:/etc>snoop -d qfe0 Using device /dev/qfe (promiscuous mode) ---- --- CTRL+C(종료) 9. 만일 signal이 있으면 사용해도 됩니다. 10. booting후 자동적으로 인식 하게 하려면 /etc>/hostname.qfe0 (추가된 card) file에 ip를 넣어 주십시오.
90 Sun Fire V440 V445 Server_admin_guide file
조인상
7637 2012-06-07
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Fire™ V440 Server_admin_guide Sun Fire™ V445 Server_admin_guide
89 Solaris 10 IP 관리 file
조인상
8678 2012-01-02
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 솔라리스 10 에서의 NIC 및 IP관리 NIC 관리 - dladm IP관리 - ipadm 에 대한 매뉴얼.
88 Oracle Solaris 11 OE 설치 가이드 file
조인상
9793 2011-12-15
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Oracle Solaris 11 OE 설치 가이드 http://www.oracle.com 에서 다운로드.
87 SUN T5140/T5240 서비스 매뉴얼 secret
조인상
  2010-12-22
조회할 수 있는 권한이 없습니다.
86 How to D-trace file
조인상
9350 2010-12-22
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ The DTrace How to Guide is intended to help a new user learn how to use DTrace for gathering and using system and application information from a SolarisTM and OpenSolarisTM system. It covers how to build a D script and identifies the providers that every System Administrator and developer should know when learning and using DTrace. A few examples to help the reader get started using DTrace are also included. After reading this guide the user will be able to construct scripts to gather useful information about running applications that in turn can be used to improve the performance on Solaris. See the Solaris Dynamic Tracing Guide at http://docs.sun.com/app/docs/doc/817-6223 for more details on the D language and DTrace. DTrace How to 가이드는 솔라리스와 오픈 솔라리스 시스템에서 시스템과 어플리케이션 정보를 수집하는데에 Dtrace를 어떻게 사용하는지에 대해 새로운 유저를 돕기 위해 제작되었다. 매뉴얼에서는 D 스크립트를 어떻게 짜고 시스템 관리자와 개발자등 제공자들이 Dtrace 를 어떻게 사용하고 배우는지를 표시한다. 독자들이 Dtrace 를 사용하는걸 시작할 수 있도록 돕는 몇가지 예제들이 포함되어 있다. 이 가이드를 읽은 후의 사용자들은 솔라리스에서 성능을 높이는데 사용할 수 있는 동작중인 어플리케이션에 대한 유용한 정보를 수집하기 위한 스크립트를 짤수 있게 될 것이다. D 언어와 DTrace에 대한 좀더 자세한 사항은 http://docs.sun.com/app/docs/doc/817-6223 에 있는 솔라리스 Dynamic Tracing Guide를 참조하기 바란다. Introduction to DTrace DTrace is a comprehensive dynamic tracing facility that is built into Solaris and can be used by administrators and developers to examine the behavior of both user programs and of the operating system itself. With DTrace you can explore your system to understand how it works, track down performance problems across many layers of software, or locate the cause of aberrant behavior. It is safe to use on production systems and does not require restarting either the system or applications. DTrace dynamically modifies the operating system kernel and user processes to record data at locations of interest, called probes. A probe is a location or activity to which DTrace can bind a request to perform a set of actions, like recording a stack trace, a timestamp, or the argument to a function. Probes are like programmable sensors scattered all over your Solaris system in interesting places. DTrace probes come from a set of kernel modules called providers, each of which performs a particular kind of instrumentation to create probes. DTrace includes a new scripting language called D which is designed specifically for dynamic tracing. With D it is easy to write scripts that dynamically turn on probes, collect the information, and process it. D scripts make it convenient for users to share their knowledge and troubleshooting methods with others. A number of useful D scripts are included in Solaris 10, and more can be found on Sun's BigAdmin site: sun. D-Trace의 소개 D Trace는 유저프로그램과 운영체제 자체의 행동을 정의하기 위한 관리자와 개발자에 의해 사용될 수 있는 솔라리스에 탑재된 광범위한 동적 추적 기능이다. DTrace로 시스템이 어떻게 동작하는지, 많은 층의 S/W층에서 성능문제를 추적하거나, 일탈증상에 대한 원인을 규명할 수 있다. Dtrace는 probe라 불리우는 즐겨저장되는 공간에 데이터를 저장하기 위한 운영체제 커널과 사용자 프로세스를 동적으로 수정한다. Probe는 Dtrace가 Stack trace, timestamp, Function의 Argument같은 것들을 기록하는것 같은 액션들을 수행하는 요청들을에게 할달될 수 있다. Probe는 당신의 솔라리스 시스템에 넓게 퍼져 있는 프로그램 가능한 센서들과 같다. Dtrace 는 D라고 불리는 특히 dynamic tracing 으로 디자인된 새로운 스크립트 언어를 포함한다. D로 동적으로 probe를 동작시키고 정보를 모으고 실행할수 있는 스크립트를 쉽게 쓸 수 있다. D 스크립트는 유저가 그들의 지식과 문제처리방법을 다른 사람들과 공유하기 쉽게 해준다. 솔라리스10에는 많은 유용한 D스크립트가 포함되어 있으며 Sun's BigAdmin site 에서도 더 많이 찾을 수 있다. : SUN
85 Solaris Common Error Messages
조인상
17225 2010-11-10
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Solaris Common Error Messages (alphabetized) 1. A command window has exited because its child exited. 2. admintool: Received communication service error 4 3. answerbook: XView error: NULL pointer passed to xv_set 4. Arg list too long 5. Argument out of domain 6. Arguments too long 7. assertion failed: variable, file variable, line N 8. automountd[N]: No network locking on variable: contact admin to install server change 9. automountd[N]: server variable not responding 10.automount[N]: variable: Not a directory 11. Bad address 12. BAD/DUP FILE I=i OWNER=o MODE=m SIZE=s MTIME=t 13. Bad file number 14. N BAD I=N 15. bad module/chip at: variable 16. BAD SUPER BLOCK: variable 17. BAD TRAP 18. bad trap = N 19. /bin/sh: variable: too big 20. Block device required 21. Boot device: /iommu/sbus/variable/variable/sd@3,0 22. Broadcast Message from root (pts/N) on server [date] 23. Broken pipe 24. Bus Error 25. Cannot allocate colormap entry for "variable" 26. Can't create public message device (Device busy) 27. Can't invoke /etc/init, error N 28. can't synchronize with hayes 29. cd: Too many arguments 30. Channel number out of range 31. chmod: ERROR: invalid mode 32. Command not found 33. Connection closed. 34. Connection closed by foreign host. 35. [Connection closed.Exiting] 36. Connection refused 37. Connection timed out 38. console login: ^J^M^Q^K^K^P 39. core dumped 40. Could not initialize tooltalk (tt_open): TT_ERR_NOMP 41. Could not start new viewer 42. cpio: Bad magic number/header. 43. Cross-device link 44. data access exception 45. Data fault 46. Deadlock situation detected/avoided 47. Device busy 48. /dev/rdsk/variable: CAN'T CHECK FILE SYSTEM. 49. /dev/rdsk/variable: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. 50. Directory not empty 51. Disc quota exceeded 52. dumptm: Cannot open `/dev/rmt/variable': Device busy 53. DUP/BAD I=i OWNER=o MODE=m SIZE=s MTIME=t FILE=f REMOVE? 54. N DUP I=N 55. error: DPS has not initialized or server connection failed 56. ERROR: missing file arg (cm3) 57. ERROR [SCCS/s.variable]: writable `variable' exists (ge4) 58. esp0: data transfer overrun 59. Event not found 60. EXCESSIVE BAD BLKSI=N CONTINUE? 61. EXCESSIVE DUP BLKS I=N CONTINUE? 62. Exec format error 63. fd0: unformatted diskette or no diskette in the drive 64. File exists 65. File locking deadlock 66. filemgr: mknod: Permission denied 67. File name too long 68. FILE SYSTEM STATE IN SUPERBLOCK IS WRONG; FIX? 69. File table overflow 70. File too large 71. FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? 72. fsck: Can't open /dev/dsk/variable 73. fsck: Can't stat /dev/dsk/variable 74. giving up 75. Graphics Adapterdevice /dev/fb is of unknown type 76. group.org_dir: NIS+ servers unreachable 77. /home/variable: No such file ordirectory 78. Host is down 79. host name configuration error 80. hosts.org_dir: NIS+ servers unreachable 81. I can't read your attachments. What mailer are you using? 82. ie0: Ethernet jammed 83. ie0: no carrier 84. Illegal Instruction 85. Illegal instruction "0xN" was encountered at PC 0xN 86. Illegal seek 87. Image Tool: Unable to open XIL Library. 88. Inappropriate ioctl for device 89. INCORRECT BLOCK COUNT I=N (should be N) CORRECT? 90. inetd[N]: execv /usr/sbin/in.uucpd: No such file or directory 91. inetd[N]: variable/tcp: unknown service 92. inetd[N]: variable/udp:unknown service 93. inetd: Too many open files 94. INIT: Cannot create /var/adm/utmp or /var/adm/utmpx 95. InitOutput: Error loading module for /dev/fb 96. Interrupted system call 97. Invalid argument 98. Invalid null command 99. I/O error 100. Is a directory 101. kernel read error 102. Killed 103. kmem_free block already free 104. last message repeated N times 105. ld.so.1: variable: fatal: relocation error: symbol not found: variable 106. ld.so.1: variable: fatal: variable: can't open file: errno=2 107. le0: Memory error! 108. le0: No carrier-- cable disconnected or hub link test disabled? 109. le0: No carrier-- transceiver cable problem? 110. LINK COUNT FILE I=i OWNER=o MODE=m SIZE=s MTIME=t COUNT... ADJUST? 111. LL105W: Protocol error detected. 112. ln: cannot create /dev/fb: Read-only file system 113. lockd[N]: create_client: no name forinet address 0xN 114. Login incorrect 115. lp hang 116. mailtool: Can't create dead letter: Permission denied 117. mailtool: Could not initialize the Classing Engine 118. Mail Tool is confused about the state of your Mail File. 119. mail: Your mailfile was found to be corrupted (Content-length mismatch). 120. Memory address alignment 121. memory leaks 122. mount: /dev/dsk/variable is already mounted, /variable is busy, or... 123. mount: giving up on: /variable 124. mount: mount-point /variable does not exist. 125. mount: the state of /dev/dsk/variable is not okay 126. /net/variable: No such file or directory 127. Network is down 128. Network is unreachable 129. NFS getattr failed for server variable: RPC: Timed out 130. nfs mount: Couldn't bind to reserved port 131. nfs mount: mount: variable: Device busy 132. NFS mount: /variable mounted OK 133. NFS read failed for server variable 134. nfs_server: bad getargs for N/N 135. NFS server variable not responding still trying 136. NFS server variable ok 137. nfs umount:variable: is busy 138. NFS write error on host variable: No space left on device. 139. NFS write failed for server variable: RPC: Timed out 140. NIS+ authentication failure 141. No buffer space available 142. No child processes 143. No default media available 144. No directory! Logging in with home=/ 145. No message of desired type 146. No recipients specified 147. No record locks available 148. No route to host 149. No shell Connection closed 150. No space left on device 151. No such device 152. No such device or address 153. No such file or directory 154. no such map in server's domain 155. No such process 156. No such user as variable-- cron entries not created 157. Not a directory 158. Not enough space 159. not found 160. NOTICE: /variable: out of inodes 161. Not login shell 162. Not on system console 163. Not owner 164. Not supported 165. operation failed [error 185], unknown group error 0, variable 166. Operation not applicable 167. out of memory 168. PARTIALLY ALLOCATED INODE I=N CLEAR? 169. passwd.org_dir: NIS+ servers unreachable 170. Password does not decrypt secret key for unix.uid@variable 171. Permission denied 172. Please specify a recipient. 173. Protocol not supported 174. Protocol wrong type for socket 175. Read error from network: Connection reset by peer 176. Read-only file system 177. rebooting... 178. Recipient names must be specified 179. Reset tty pgrp from N to N 180. Resource temporarily unavailable 181. Result too large 182. rmdir: variable: Directory not empty 183. ROOT LOGIN /dev/console 184. ROOT LOGIN /dev/pts/N FROM variable 185. rx framing error 186. SCSI bus DATA IN phase parity error 187. SCSI transport failed: reason 'reset' 188. Segmentation Fault 189. sendmail[N]: NOQUEUE: SYSERR: net hang reading from variable 190. setmnt: Cannot open /etc/mnttab for writing 191. share_nfs: /home: Operation not applicable 192. Soft error rate (N%) during writing was too high 193. Soft error rate (retries = N) during writing was too high 194. Stale NFS file handle 195. statd: cannot talk to statd at variable 196. stty: TCGETS: Operation not supported on socket 197. su: No shell 198. su: 'su root' failed for variable on /dev/pts/N 199. su: 'su root' succeeded for variable on /dev/pts/N 200. syncing file systems... 201. syslog service starting. 202. tar: /dev/rmt/0: No such file or directory 203. tar: directory checksum error 204. tar: tape write error 205. Text is lost because the maximum edit log size has been exceeded. 206. THE FOLLOWING FILE SYSTEM(S) HAD AN UNEXPECTED INCONSISTENCY: 207. The SCSI bus is hung. Perhaps an external device is turned off. 208. THE SYSTEM IS BEING SHUT DOWN NOW !!! 209. The system will be shut down in N minutes 210. This mail file has been changed by another mail reader. 211. Timeout waiting for ARP/RARP packet 212. timeout waiting for input during variable 213. Too many links 214. Too many open files 215. umount: warning: /variable not in mnttab 216. Unable to install/attach driver 'variable' 217. undefined control 218. Unmatched ` 219. UNREF FILE I=i OWNER=o MODE=m SIZE=s MTIME=t ======== CLEAR? 220. Use "logout" to logout. 221. /usr/openwin/bin/xinit: connection to X server lost 222. Value too large for defined data type 223. variable... Host unknown 224. variable... User unknown 225. variable... Local configuration error 226. WARNING: Clock gained N days-- CHECK AND RESET THE DATE! 227. WARNING: No network locking on variable: contact adminto install server change 228. WARNING: processorlevel 4 interrupt not serviced 229. WARNING: /tmp: File system full, swap space limit exceeded 230. WARNING: TOD clock not initialized-- CHECK AND RESET THE DATE! 231. WARNING:Unable to repair the / filesystem. Run fsck 232. Watchdog Reset 233. Watchdog Reset, Rebooting. 234. Who are you? 235. Window Underflow 236. X connection to variable:0.0 broken (explicit kill or server shutdown). 237. xinit: not found 238. XIO: fatal IO error 32 (Broken pipe) on X server "variable:0.0" 239. Xlib: Client is not authorized to connect to Server 240. Xlib: connection to "variable:0.0" refused by server 241. xterm: fatal IO error 32 (Broken Pipe) or KillClient on X server " variable:0.0" 242. XView warning: Cannot load font set 'variable' (Font Package) 243. ypbind[N]: NIS server for domain "variable" OK 244. ypbind[N]: NIS server not responding for domain "variable"; still trying 245. ypwhich: can't communicate with ypbind 246. zsN: silo overflow timeout waiting for input during variable ============================================= When sendmail(1M) reads from anything that might time out, such as an SMTP connection, it sets a timer to the value of the r processing option before reading begins. If the read doesn't complete before the timer expires, this message appears and reading stops. (Usually this is during RCPT.) The mail message is then queued for later delivery. If you see this message often, increase the value of the r processing option in the /etc/mail/sendmail.cf file. If the timer is already set to a large number, look for hardware problems such as poor network cabling or connections. For more information about setting the timer, see the section describing the sendmail configuration options in the Mail Administration Guide. If you are using the AnswerBook, the term "timeouts" is a good search string. variable... Host unknown ============================ This sendmail(1M) message indicates that the destination host machine, specified by the address portion after the @ (at-sign), was not found during DNS (Domain NamingSystem) lookup. Use the nslookup(1M) command to verify that the destination host exists in that or other domains, perhaps with a slightly different spelling. Failing that, contact the intended recipient and ask for a proper address. Sometimes thisreturn message indicates that the intended host is merely down, rather than unknown. If a DNS record contains an unknown alternate host, and the primary host is down, sendmail returns a "Host unknown" message from the alternate host.? For uucp mail addresses, the "Host unknown" message probably means that the destination hostname is not listed in the /etc/uucp/Systems file. ?This is a known sendmail version 8.6.7 bug. For information on how sendmail works, see the Mail Administration Guide. variable... User unknown ============================ This sendmail(1M) message indicates that the intended recipient, specified by the address portion before the @ (at-sign), could not be located on the destination host machine. Check the e-mail address and try again, perhaps with a slightly different spelling. If this doesn't work, contact the intended recipient and ask for a proper address. For information on how sendmail works, see the Mail Administration Guide. variable... Local configuration error ========================================= This sendmail(1M) message usually indicates that the local host is trying to send mail to itself. Check the value of the $j macro in the /etc/mail/sendmail.cf file to ensure that this value is a fully-qualified domain name. When the sending system provides its hostname to the receiving system (in the SMTP HELO command), the receiving system compares its name to the sender's name. If these are the same, the receiving system issues this error messageand closes the connection. The name provided in the HELO command is the value of the $j macro. For information on how sendmail works, see the Mail Administration Guide. A command window has exited because its child exited. ===================================================== The argument to a cmdtool(1) or a shelltool(1) window looks like it is supposed to be a command, but the system cannot find the command. To run this command inside a cmdtool or a shelltool, make sure the command is spelled correctly and is in your search path (if necessary, use a full path name). If you intended this argument as an option setting, use a minus sign (-) at the beginning of the option. Both the cmdtool and the shelltool are OpenWindows terminal emulators. admintool: Received communication service error 4 ================================================= AdminTool could not start a display method because a remote procedure call timed out, so it can't send the request. This error results when admintool tries to access the NIS or NIS+ tables when networking is not enabled. Verify the system network status with ifconfig -a to make sure the system is connected to the network. Make sure the ethernet cable is connected and the system is configured to run NIS or NIS+. answerbook: XView error: NULL pointer passed to xv_set ====================================================== The AnswerBook navigator window comes up, but the document viewer window does not. This message appears on the console, and the message "Could not start new viewer" appears in the navigator window. This situation indicates that you have an unknown client or a problem with the network naming service. Run the ypmatch(1) or nismatch(1) command o determine if the client hostname is in the hosts map. If it isn't, add it to to NIS hosts map on the NIS master server. Then make sure the /etc/hosts file on the client contains an IP address and entry for that hostname followed by loghost (reboot if you changed the /etc/hosts file). Check that the ypmatch or nismatch client hosts command returns the same IP host address as in the /etc/hosts file. Finally, quit all existing AnswerBooks and restart. For more information on the NIS hosts map, see the section on the default search criteria in the NIS+ and FNS Administration Guide. If you are using the AnswerBook, "NIS hosts map" is a good search string. Arg list too long ================= The system could not handle the number of arguments given to a command or program when it combined those arguments with the environment's exported shell variables. The argument list limit is the size of the argument list plus the size of the environment's exported shell variables. The easiest solution is to reduce the size of the parent process environment by unsetting extraneous environment variables. (See the man page for the shell you're using to find out how to list and change your environment variables.) Then run the program again. An argument list longer than ARG_MAX bytes was presented to a member of the exec() family of system calls. The symbolic name for this error is E2BIG, errno=7. Argument out of domain ====================== This is a programming error or a data input error. Ask the program's author to fix this condition,or supply data in a different format. This indicates an attempt to evaluate a mathematical programming function at a point where its value is not defined. The argument of a programming function in the math package (3M) is out of the domain of the function. This could happen when taking the square root, power, or log of a negative number, when computing a power to a non-integer, or when passing an out-of-range argument to a hyperbolic programming function. To help pinpoint a program's math errors, use the matherr(3M) facility. The symbolic name for this error is EDOM, errno=33. Arguments too long ================== This C shell error message indicates that there are too many arguments after a command. For example, this can happen by invoking rm * in a huge directory. The C shell cannot handle more than 1706 arguments. Temporarily start a Bourne shell with sh and run the command again. The Bourne shell dynamically allocates command line arguments. Return to your original shell by typing exit. assertion failed: variable, file variable, line N ================================================= A condition in the program that was never expected to happen has happened. Contact the vendor or author of the program to ask why it failed. If you have the source code for the program, you can look at the file and line number where the assertion failed. This might give you an idea of how to run the program differently. This message results from a diagnostic macro called assert() that a programmerinserted into the specified line of a source file. The expression that evaluated untrue precedes the file name and line number. automountd[N]: No network locking on variable: contact admin to install server change ===================================================================================== See "WARNING: No network locking on variable: contact admin to install server" message for details. If the server is not changed, data loss is possible in applications that depend on locking. automountd[N]: server variable not responding ============================================= This automounter message indicates that the system tried to mount a filesystem from an NFS server that is either down or extremely slow to respond. In some cases thismessage indicates that the network link to the NFS server is broken, although that condition produces other error messages as well. If you are the system administrator responsible for the non- responding NFS server, check it out to see whether the machine needs repair or rebooting. Encourage your user community to report such problems quickly but only once. When the NFS server is back in operation, the automounter will be able to access the requested filesystem. For more information on NFS failures, seethe section on NFS troubleshooting in the NFS Administration Guide. If you are using the AnswerBook, a good search string is "NFS Service." automount[N]: variable: Not a directory ======================================= The file specified after the first colon is not a valid mount point because it is not a directory. Ensure that the mount point is a directory, and not a regular file or a symbolic link. Bad address =========== The system encountered a hardware fault in attempting to access a parameter of a programming function. Check if the bad address resulted from supplying the wrong device or option to a command. If that is not the problem, contact the vendor or author of the program for an update. This error could occur any time a function that takes a pointer argument is passed an invalid address. Because processors differ in their ability to detect bad addresses, on some architectures passing bad addresses can result in undefined behaviors. The symbolic name for this error is EFAULT,errno=14. BAD/DUP FILE I=i OWNER=o MODE=m SIZE=s MTIME ==== CLEAR? While checking inode link counts during phase 4, fsck(1M) found a file (or directory) that either does not exist or exists somewhere else. To clear the inode of its reference to this file or directory, answer yes. With the -p (preen) option, fsck automatically clears bad or duplicate file references, so answering yes to this question seldom causes a problem. Bad file number =============== Generally this is a program error, not a usage error. Contact the vendor or author of the program for an update. Either a file descriptor refers to no open file, or a read (or write) request is made to a file that is open only for writing (or reading). The symbolic name for this error is EBADF, errno=9. N BAD I=N ========= Upon detecting an out-of-range block, fsck(1M) prints the bad block number and its containing inode (after I=). In fsck phases 2 and 4, you will decide whether ornot to clear these bad blocks. Before committing to repair with fsck, you could determine which file contains this inode by passing the inode number to the ncheck(1M) command: by passing the inode number to the ncheck(1M) command: # ncheck -iinum filesystem For more information, see the chapter on checking filesystem integrity in the System Administration Guide, Volume I. bad module/chip at: variable ============================ This message from the memory management system often appears with parity errors, and indicates a bad memory module or chip at the position listed. Data loss is possible if the problem occurs other than at boot time. Replace the memory module or chip at the indicated position. Refer to the vendor's hardware manual forhelp finding this location. BAD SUPER BLOCK: variable ========================= This message from fsck(1M) indicates that a filesystem's super- block is damaged beyond repair and must be replaced. At boot time (with the -p option) this message is prefaced by the filesystem's device name. After this message comes the actual damage recognized (see Action). Unfortunately fsck does not print the number of the damaged super-block. The most common cause of this error is overlapping disk partitions. Donot immediately rerun fsck as suggested by the lines that display after the error message. First make sure that you have a recent backup of the filesystem involved; if not, try to back up the filesystem now using ufsdump(1M). Then run the format(1M) command, select the disk involved, and print out the partition information. # format : N > partition > print Note whether the overlap occurs at the beginning or end of the filesystem involved. Then run newfs(1M) with the -N option to print out the filesystem parameters, including the location of backup super-blocks. # newfs -N /dev/dsk/device Select a super-block from a non-overlapping area of the disk, but note that in most cases you have only one chance to select the proper replacement super-block, which fsck soon propagates to all the cylinders. If you select the wrong replacement super-block, data corruption will probably occur, and you will have to restore from backup tapes. After you select a new super-block, provide fsck with the new master super-block number: # fsck -o b=NNNN /dev/dsk/device Specific reasons for a damaged super-block include: a wrong magic number, out of range NCG (number of cylinder groups) or CPG (cylinders per group), the wrong number of cylinders, a preposterously large super-block size, and trashed values in super-block. These reasons are generally not meaningful because a corrupt super-block is usually extremely corrupt. For more information on bad superblocks, see the sections on restoring bad superblocks in the System Administration Guide, Volume I. If you are using the AnswerBook, "superblock" is a good search string. BAD TRAP ======== A bad trap can indicate faulty hardware or a mismatch between hardware and its configuration information. Data loss is possible if the problem occurs other than at boot time. If you recently installed new hardware, verify that the software was correctly configured. Check the kernel traceback displayed on the console to see which device generated the trap. If the configuration files are correct, you will probably have to replace the device. In some cases, the bad trap message indicates a bad or down-rev CPU. A hardware processor trap occurred, and the kernel trap handler was unable to restore system state. This is a fatal error that usually precedes a panic, after which the system performs a sync, dump, and reboot. The following conditions can cause a bad trap: a system text or data access fault, a system data alignment error, or certain kinds of user software traps. bad trap = N ============ See the message "BAD TRAP" for details. /bin/sh: variable: too big ========================== This Bourne shell message indicates a classic "no memory" error. While trying to load the program specified after thefirstcolon, the shell noticed that the system ran out of virtual memory (swap space). See the message "Not enough space" for information on reconfiguring your system to add more swap space. Block device required ===================== A raw (character special) device was specified where a block device was required, such as during a call to the mount(1M) command. To see which block devices are available, use ls -l to look in /devices. Then specify a block device instead of a character device. Block device modes start with a b, whereas raw character device modes start with a c. The symbolic name for this error is ENOTBLK, errno=15. Boot device: /iommu/sbus/variable/variable/sd@3,0 ================================================= This message alwaysappears at the beginning of rebooting. If there is a problem, the system hangs, and no other messages appear. This condition is caused by conflicting SCSI targets for the boot device, which is almost always target 3. The boot device is usually the machine's internal disk drive, target 3. Make sure that external and secondary disk drives are targeted to 1, 2, or 0, and do not conflict with each other. Also make sure that tape drives are targeted to 4 or 5, and CD drives to 6, avoiding any conflict with each other or with the disk drives. You can set a device's target number using pushbutton switches or a dial on the back near the SCSI cables. If the targeting of the internal disk drive is in question, check it by powering off the machine, removing all external drives, turning the power on, and running the probe-scsi-all or probe-scsi command from the PROM monitor. Broadcast Message from root (pts/N) on server [date] ==================================================== This message from the wall(1M) command gets transmitted to all users logged into a system. You could see it during a rlogin or telnet session, or on terminals connected to a timesharing system. Carefully read the broadcast message. Often this broadcast is followed by a shutdown warning. See the message "The system will be shut down in N minutes" for details about system shutdown. For more information on bringing down the system, see the section on halting the system in the System Administration Guide, Volume I. If you areusing the AnswerBook, "halting the system" is a good search string. Broken pipe =========== This condition is often normal, and the message is merely informational (as when piping many lines to the head program). The condition occurs when a write on a pipe does not find a reading process. This usually generates a signal to the executing program, but this message displays when the program ignores the signal. Check the process at the end of the pipe to see why it exited. The symbolic name forthis error is EPIPE, errno=32. Bus Error ========= A process has received a signal indicating that it attempted to perform I/O to a device that is restricted or that does not exist. This message is usually accompanied by a core dump, except on read-only filesystems. Use a debugger to examine the core file and determine what program fault or system problem led to the bus error. If possible, check the program's output files for data corruption that might have occurred before the bus error. Bus errors canresult from either programming error or device corruption on your system. Some common causes of bus errors are: invalid file descriptors, unreasonable I/O requests, bad memory allocation, misaligned data structures, compiler bugs, and corrupt boot blocks. Cannot allocate colormap entry for "variable" ============================================= This message from libXt (X Intrinsics library) indicates that the system colormap was full even before the color name specified in quotes was requested. Some applications can continue after this message. Other applications, such as Workspace Properties Color, fail to come up when the colormap is full. Exit the programs that make heavy use of the colormap, then restart the failed application and try again. Can't create public message device (Device busy) ================================================ This message comes from the lp print scheduler, indicating that it is either extremely busy or hung. If print jobs are coming out of the printer in question, wait until they are finished and then resubmit this print job. If you see this message again, the lp system is probably hung. See the message "lp hang" for a procedure to clear the queue. If lp is unable to create a device for printer messages, the message FIFO could be already in use, or locked by another print job. For more information on the print scheduler, see the section on administrating printers in the System Administration Guide Volume II. Can't invoke /etc/init, error N =============================== This message can appear while a system is booting, indicating that the init program is missing or corrupted. Note that /etc/init is a symbolic link to /sbin/init. Boot the miniroot so you can replace init. Halt the machine by typing Stop-A or by pressing the reset button. Reboot single-user from CDROM, the net, or diskette. For example, type boot cdrom -s at the ok prompt to boot from CDROM. After the system comes up and gives you a # prompt, mount the device corresponding to the original / partition somewhere, with a command similar to the mount command below. Then copy the init program from the miniroot to the original / partition, and reboot the system. # mount /dev/dsk/c0t3d0s0 /mnt # cp /sbin/init /mnt/sbin/init # reboot If this doesn't work, other files might be corrupted, and you might need to reinstall the entire system. The error number is 2 if /sbin/init is missing, or 8 if /sbin/init has an incorrect executable format. This is usually followed by a "panic:icode" message. The system tries to reboot itself, but goes into a loop, because rebooting is impossible without init. For more information on booting the system, see the section on halting and booting the system in the System Administration Guide, Volume I. can't synchronize with hayes ============================ This message sometimes appears when using a modem that the system regards as a "Hayes" type modem, which includes most modems manufactured today. The message can be caused by incorrectswitch settings, by poor cable connections, or by not turning the modem on. Check that the modem is on and that the cables between the modem and your system are securely connected. Check the internal and external modem switch settings. Turn themodem off and then on again, if necessary. cd: Too many arguments ====================== The C shell's cd(1) command takes only one argument. Either more than one directory was specified, or a directory name containing a space was specified. Directory names with spaces are easy to create with File Manager. Use only one directory name. To change to a directory whose name contains spaces, enclose the directory name in double (") or single (') quotes, or use File Manager. Channel number out of range =========================== The system has run out of stream devices. This error results when a stream head attempts to open a minor device that does not exist or that is currently in use. Check that the stream device in question exists and was created with an appropriate number of minor devices. Make sure that the hardware corresponds to this configuration. If the stream device configuration is correct, try again later when more system resources might be available. The symbolic name for this error is ECHRNG, errno=37. chmod: ERROR: invalid mode ========================== This message from the chmod(1) command indicates a problem in the first non-option argument. If you are specifying a numeric file mode, you can provide any number of digits (although only the final one to four are considered), but all digits must be between 0 and 7. If you are specifying a symbolic file mode, use the syntax provided in the chmod usage message to avoid the "invalid mode" error message: Usage: chmod [ugoa][+-=][rwxlstugo] file ... Note that some combinations of symbolic keyletters produce no error message but fail to have any effect. The first group, [ugoa], is truly optional. The second group, [+-=], is mandatory for chmod to have an effect. The third group,[rwxlstugo], is also mandatory for effect, and can be used in combination when that combination does not conflict. Command not found ================= The C shell could not find the program you gave as a command. Check the form and spelling of the command line. If that looks correct, echo $path to see if the user's search path is correct. When communications are garbled, it is possible to unset a search path to such an extent that only built-in shell commands are available. Here is a command to reset a basic search path: % set path = (/usr/bin /usr/ccs/bin /usr/openwin/bin .) If the search path looks correct, check the directory contents along the search path to see if programs are missing or if directories are not mounted. For moreinformation about the C shell, see csh(1). Connection closed. ================== This message can appear when using rlogin(1) to another system if the remote host cannot create a process for this user, if the user takes too long to type the correct password, if the user interrupts the network connection, or if the remote host goes down. Data loss is possible if files were modified and not saved before the connection closed. Just try again. If the other system has gone down, wait for it to reboot first. Connection closed by foreign host. ================================== When a user telnets to another system, this message can appear if the user takes too long to type the correct password, if the remote host cannot create a login for this user,or if theremote host goes down or terminates the connection. Data loss is possible if files were modified and not saved before the connection closed. Just try again. If the other system has gone down, wait for it to reboot first. [Connection closed.Exiting] ============================ After using the talk(1) command to communicate with another user, the other person enters an interrupt (usually Control-c), and this message appears on your screen. Sending an interrupt like this is the usual wayof exiting the talk program. The talk session is over and you can return to your work. Connection refused ================== No connection could be made because the target machine actively refused it. This happens either when trying to connect to an inactive service or when a service process is not present at the requested address. Activate the service on the target machine, or start it up again if it has disappeared. If for security reasons you do not intend to provide this service, inform the user community, possibly suggesting an alternative. The symbolic name for this error is ECONNREFUSED, errno=146. Connection timed out ==================== This occurs either when the destination host is down or when problems in the network cause lost transmission. First check the operation of the host system, for example by using ping(1M) and ftp (1), then repair or reboot as necessary. If that doesn't solve the problem, check the network cabling and connections. No connection was established in aspecified time. A connect or send request failed because the destination host did not properly respond after a reasonable interval. (The timeout period is dependent on the communication protocol.) The symbolic name for this error is ETIMEDOUT, errno=145. console login: ^J^M^Q^K^K^P =========================== This usually occurs because OpenWindows exited abnormally, leaving the system's keyboard in the wrong mode. The characters that appear when someone attempts to login are garbage transliterations of what someone types. Find another machine and remote login to this system, then run this command: $ /usr/openwin/bin/kbd_mode -a This puts the console back into ASCII mode. Note that kbd_mode is not a windows program, it just fixes the consolemode. The usual reason for this problem occurring is an automated script run from cron that clears out the /tmp directory every so often. Ensure that any such scripts do not remove the /tmp/.X11- pipe or /tmp/.X11-unix directories, or any files therein. core dumped =========== A core file contains an image of memory at the point of software failure, and is used by programmers to find the reason for the failure. To see which program produced a core file, run either the file(1) command or the adb (1) command. The following examples show the output of the file and adb commands on a core file from the dtmail program. $ file core core: ELF 32-bit MSB core file SPARC Version 1, from `dtmail' $ adb core core file = core -- program `dtmail' SIGSEGV 11: segmentation violation ^D (use Control-d to quit the program) Ask the vendor or author of this program for a debugged version. Some signals, such as SIGQUIT, SIGBUS, and SIGSEGV, produce a core dump. See the signal(5) man page for a complete list. If youhave the source code for the program, you can try compiling it with cc -g, and debugging it yourself using dbx or a similar debugger. The where directive of dbx provides a stack trace. On mixed networks, it can be difficult to discern which machine architecture produced a particular core dump, since adb on one type of system generally cannot read a core file from another type of system, and will produce an "unrecognized file" message. Run adb on various machine architectures until youfind the right one. The term "core" is archaic-- ferrite core memory was supplanted by silicon RAM in the 1970s, although spaceships still employ core memory for its imperviousness to radiation. For information on saving and viewing crash informationsee the System Administration Guide, Volume II. If you are using the AnswerBook, "system crash" is a good search string. Could not initialize tooltalk (tt_open): TT_ERR_NOMP ==================================================== Various desktop tools display or print this message when the ttsession(1) process is not available. The TookTalk service generally tries to restart ttsession if it is not running. So this error indicates that the ToolTalk service is either not installed or is not installed correctly. Verify that the ttsession command exists in /usr/openwin/bin or /usr/dt/bin. If this command is not present, ToolTalk is not installed correctly. The packages constituting ToolTalk are the runtime SUNWtltk, developer support SUNWtltkd, and themanual pages SUNWtltkm. CDE ToolTalk packages have the same names with ".2" appended. The full TT_ERR_NOMP message string reads as follows: "No ttsession is running, probably because tt_open() has not been called yet. If this is returned from tt_open() it means ttsession could not be started, which generally means ToolTalk is not installed on the system." Could not start new viewer ========================== This message appears in the AnswerBook navigator window, along with an XView error messageon the console. See the message "answerbook: XView error: NULL pointer passed to xv_set" for details. cpio: Bad magic number/header. ============================== A cpio(1) archive has either become corrupted or was written out with an incompatibleversion of cpio. Use the -k option to cpio to skip I/O errors and corrupted file headers. This might permit you to extract other files from the cpio archive. To extract files with corrupted headers, try editing the archive with a binary editor such asemacs. Each cpio file header contains a filename as a string. For more information on magic numbers, see magic(4). Cross-device link ================= An attempt was made to make a hard link to a file on another device, such as on another filesystem. Establish a symbolic link using ln -s instead. Symbolic links are permitted across filesystem boundaries. The symbolic name for this error is EXDEV, errno=18. data access exception ===================== This message can result from running an old version of the operating system that does not support new hardware, or by running an operating system that is not configured for new hardware. It can also result from incorrectly installed DSIMMs or from a disk problem. Upgrade your operating system toa version that supports the new hardware or machine architecture. For example, upgrading a SPARCstation 2 (with sun4c kernel architecture) to a SPARCstation 20 (with sun4m kernel architecture) requires an operating system upgrade or reconfiguration. For more information onupgrades, see the section describing system and device configuration in the Solaris 1.x to Solaris 2.x Transition Guide. Data fault ========== This is a kind of bad trap that usually causes a system panic. When this message appears after a bad trap message, a system text or data access fault probably occurred.?In the absence of a bad trap message, this message might indicate a user text or data access fault. Data loss is possible if the problem occurs other than at boot time. Make sure the machine can reboot, then check the log file /var/adm/messages for hints about what went wrong. ?See the message "BAD TRAP" for more information. Deadlock situation detected/avoided =================================== A programming deadlock situation was detected and avoided. If the system had not detected and avoided a deadlock, a piece of software would have hung. Run the program again. The deadlock might not reoccur. This error usually relates to file and record locking, but can also apply to mutexes, semaphores, condition variables, and read/write locks. The symbolic name for this error is EDEADLK, errno=45. See the section on deadlock handling in the System Interface Guide. See the section on avoiding deadlock in the Multithreaded Programming Guide. Device busy =========== An attempt was made to mount a device that was already mounted or to unmount a device containing an active file (such as an open file, a current directory, a mount point, or a running program). Thismessage also occurs when trying to enable accounting that is already enabled. To unmount a device containing active processes, close all the files under that mount point, quit any programs started from there, and change directories out of that hierarchy. Then try to unmountagain. Mutexes, semaphores, condition variables, and read/write locks set this error condition to indicate that a lock is held. The symbolic name for this error is EBUSY, errno=16. /dev/rdsk/variable: CAN'T CHECK FILE SYSTEM. ============================================ The system cannot automatically clean (preen) this filesystem because it appears to be set up incorrectly or is having hard disk problems. This message asks that you run fsck(1M) manually, since data corruption might already haveoccurred. Run fsck to clean the filesystem in question. See the message "/dev/rdsk/N: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY" for proper procedures. /dev/rdsk/variable: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. ================================================================ At boot time the /etc/rcS script runs the fsck(1M) command to check the integrity of filesystems marked "fsck" in /etc/vfstab. If fsck cannot repair a filesystem automatically, it interrupts theboot procedure and produces this message. When fsck gets into this state, it cannot repair a filesystem without losing one or more files, so it wants to defer this responsibility to you, the administrator. Data corruption has probably already occurred. First run fsck -n on the filesystem, to see how many and what type of problems exist. Then run fsck again to repair the filesystem. If you have a recent backup of the filesystem, you can generally answer "y" to all the fsck questions. It's a good idea to keep a record of all problematic files and inode numbers for later reference. To run fsck yourself, specify options as recommended by the boot script. For example: # fsck /dev/rdsk/c0t4d0s0 Usually the files lost during fsck repair are these that were created just before a crash or power outage, and they cannot be recovered. If you lose important files, you can recover them from backup tapes. If you don't have a backup, ask an expert to run fsck for you. For more information on file checking, see the section on checking filesystem integrity in the System Administration Guide, Volume I. Directory not empty =================== The directory operation that was attempted, such as directory removal with rmdir, can be performed only on an empty directory. To removethe directory, first remove all the files that it contains. A quick way to remove a non-empty directory hierarchy is with the rm -r command. The symbolic name for this error is ENOTEMPTY, errno=93. Disc quota exceeded =================== The user'sdisk limit has been exceeded on a user filesystem, usually because a file was just created or enlarged beyond the limit. This almost always refers to a magnetic disk, and not to an optical disc. Any data created after this condition occurs will be lost. The user can delete files to bring disk usage under the limit, or the server administrator can use the edquota(1M) command to increase the user's disk limit. The symbolic name for this error is EDQUOT, errno=49. dumptm: Cannot open `/dev/rmt/variable': Device busy ==================================================== During filesystem backup, the dump program cannot open the tape drive because some other process is holding it open. Find the process that has the tape drive open, and either kill(1) the process or wait for it to finish. # ps -ef | grep /dev/rmt # kill -9 processID DUP/BAD I=i OWNER=o MODE=m SIZE=s MTIME=t FILE=f REMOVE? ========================================================= During phase 1, fsck(1M) found duplicate blocksor bad blocks associated with the file or directory specified after FILE= whose inode number appears after I= (with other information). To remove this file or directory, answer yes. If you end up removing more than a few files in this manner, data loss will result, so it might be preferable to restore the filesystem from backup tapes. For more information on checking filesystems, see the section on checking filesystem integrity in the System Administration Guide, Volume I. N DUP I=N ========= Upon detecting a block that is already claimed by another inode, fsck(1M) prints the duplicate block number and its containing inode (after I=). In fsck phases 2 and 4, you will decide whether or not to clear these bad blocks. Before committing to repairwith fsck, you could determine which file contains this inode by passing the inode number to the ncheck(1M) command: # ncheck -iinum filesystem For more information, see the chapter on checking filesystem integrity in the System Administration Guide,Volume I. error: DPS has not initialized or server connection failed ========================================================== This message appears when trying to run AnswerBook with a generic X11 window server or on a generic X terminal. Running AnswerBook requires Display PostScript (DPS), or a NeWS server, or the Adobe DPS NS remote display software. In addition, a complete LaserWriterII Type-1 font set (including Palatino) should be installed on the X server. To find out if your X server has DPS, run xdpyinfo(1) to verify the presence of an "Adobe- DPS-Extension" line. X servers without this line don't know about DPS. ERROR: missing file arg (cm3) ============================= An attempt was madd to run some sccs(1) operation that requires a filename, such as create, edit, delget, or prt. Supply the appropriate filename after the SCCS operation. ERROR [SCCS/s.variable]: `SCCS/p.variable' nonexistent (ut4) ============================================================ An attempt was made to sccs edit or sccs get a file that is not yet under SCCS control. Run sccs create on that file to place it under SCCS control. ERROR [SCCS/s.variable]: writable `variable' exists (ge4) ========================================================= An attempt was made to sccs edit a file that is writable, probably because it is already checked out. Run sccs info to see who has the file checked out. If it is you, go ahead and edit it. If it is somebody else, ask that personto check in the file. esp0: data transfer overrun =========================== When a user tries to mount a CDROM on a third-party CD drive, mount(1M) fails with the above error, followed by the "sr0: SCSI transport failed" message. The CD drive probably comes from a vendor unknown to the system. Third-party CD drives generally have an 8192 block size, as opposed to the 512 block size on supported Sun drives. Check with the vendor to see if any special configuration is possible to allow the drive to operate on a Sun workstation. Event not found =============== This C shell message indicates that a user tried to repeat a command from the history list, but that command or number does not exist in the list. Run the C shell history command to display recent events in the history list. If a user often tries to run commands that have disappeared from the history list, make the list longer by setting history to a higher value. For more information about the C shell, see csh(1). EXCESSIVE BAD BLKSI=N CONTINUE? ================================== During phase 1, fsck(1M) found more than 10 bad (out-of-range) blocks associated with the specified inode number. With this many bad blocks, it might be preferable to restore the filesystem from backup tapes. For more information on bad blocks, see the section on checking filesystem integrity in the System Administration Guide, Volume I. If you are using the AnswerBook, "bad blocks" is a good search string. EXCESSIVE DUP BLKS I=N CONTINUE? ================================== During phase 1, fsck(1M) found more than 10 duplicate (previously claimed) blocks associated with the specified inode number. With this many duplicate blocks, it might be preferable to restore the filesystem from backup tapes. For more informationon blocks, see the section on checking filesystem integrity in the System Administration Guide, Volume I. If you are using the AnswerBook, "bad blocks" is a good search string. Exec format error ================= This often happens when trying to runsoftware compiled for different systems or architectures, such as when executing Solaris 2.x programs on a SunOS 4.1.x system, or when trying to execute SPARC-specific programs on an x86 machine. On a Solaris 2.x system, it can also occur if the BinaryCompatibility Package was not installed. Make sure that the software matches the architecture and system you're using. The file(1) command can help you determine the target architecture. If you're using SunOS 4.1.x softwareon a Solaris 2.x system, make sure that the Binary Compatibility Package is installed. You can check for it using this command: $ pkginfo | grep SUNWbcp A request was made to execute a file that, although it has the appropriate permissions, does not start with a valid format. The symbolic name for this error is ENOEXEC, errno=8. See the a.out(4) man page for a description of executable files. fd0: unformatted diskette or no diskette in the drive ===================================================== This message appears on the system console to indicate that the floppy driver fd(7) could not read the label on a diskette. Usually this is either because a new diskette has not yet been formatted, or a formatted diskette has become corrupted. This message often appears along with "read failed" and "bad format" messages after volcheck(1) is run. If you are certain that the diskette contains no data, run fdformat -d to format the diskette in DOS format. (You can also format a diskette in UFS format if you like, although then it is not transportable to most other systems.) When the diskette is formatted, you can write on it, if it was not corrupted beyond repair. File exists =========== The name of an existing file was mentioned in an inappropriate context. For example,it is not allowed to establish a link to an existing file, or to overwrite an existing file when the csh(1) noclobber option is set. Look at the names of files in the directory, then try again with a different name or after renaming or removing the existing file. The symbolic name for this error is EEXIST, errno=17. File locking deadlock ===================== This is a programming problem, in some cases unavoidable. All a user can do is restart the program and hope deadlock does not reoccur. Inthe file locking subsystem, two processes tried to modify some lock at the same time. In the multithreading subsystem, two threads became deadlocked and could not continue. When a program using the threads library encounters this error, it should restart the deadlocked threads. The symbolic name for this error is EDEADLOCK, errno=56. filemgr: mknod: Permission denied ================================= File Manager issues this message and fails to come up whenever the /tmp/.removable directory is owned by another user and is not 1777 mode. This can happen, for example, when multiple users share a workstation. Have the original owner change the mode ((chmod(1)) of this file back to 1777, its default creation mode. Rebooting the workstation also resolves this problem. This is a known problem that was fixed in Solaris 2.4. File name too long ================== The specified file name has too many characters. If a file name or path name component is too long, devise a shorter name. If the totalpath name is longer than PATH_MAX characters, first change to an intermediate directory, then specify a shorter path name. Newly-created data will be lost unless written to another file with a shorter name. In a UFS or NFS-mounted UFS filesystem, the length of a path name component exceeds MAXNAMLEN (255) characters, or the total length of the path name exceeds PATH_MAX (1024) characters. In a System V filesystem, the length of a path name component exceeds NAME_MAX (14) characters while no-truncation mode is in effect. These values are defined in the /usr/include/limits.h(4) file. The symbolic name for this error is ENAMETOOLONG, errno=78. FILE SYSTEM STATE IN SUPERBLOCK IS WRONG; FIX? ============================================== The fsck(1M) command has just checked a filesystem, and has determined that the filesystem is clean. The filesystem's superblock, however, still thinks the filesystem is "dirty" in some way. If you believe that the filesystem is adequately repaired, answer yes to mark the filesystem as clean. Different "dirty" filesystem types are listed in /usr/include/sys/fs/ufs_fs.h, and include FSACTIVE, FSBAD, FSFIX, FSLOG, and FSSUSPEND. For more information on superblocks, see the section onchecking filesystem integrity in the System Administration Guide, Volume I. If you are using the AnswerBook, "bad superblock" is a good search string. File table overflow =================== The kernel file table is full because too many files are open on the system. Temporarily, no more files can be opened. New data created under this condition will probably be lost. Simply waiting often gives the system time to close files. However, if this message occurs often, reconfigure the kernel to allow more open files. To increasethe size of the file table in Solaris 2.x, increase the value of maxusers in the /etc/system file. The default maxusers value is the amount of main memory in MB, minus 2. The symbolic name for this error is ENFILE, errno=23. File too large ============== The file size exceeded the limit specified by ulimit(1), or the file size exceeds the maximum supported by the file system. New data created under this condition will probably be lost. In the C shell, use the limit command to see or set the default file size. In the Bourne or Korn shells, use the ulimit -a command. Even when the shells claim that the file size is unlimited, in fact the system limit is FCHR_MAX (usually 1 gigabyte). The symbolic name for this error is EFBIG, errno=27. FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? ============================================= During phase 5, fsck(1M) detected that the actual number of free blocks in the filesystem did not match the superblock's free block count.The df(1M) command accesses this free block count when measuring filesystem capacity. Generally you can answer yes to this question without harming the filesystem. For more information on superblocks, see the section on checking filesystem integrity in the System Administration Guide, Volume I. If you are using the AnswerBook, "bad superblock" is a good search string. fsck: Can't open /dev/dsk/variable ================================== The fsck(1M) command cannot open the disk device, because although a similar filesystem exists, the partition specified does not. Run the mount(1M) or the format(1M) command to see what filesystems are configured on the machine. Then run fsck again on an existing partition. fsck: Can't stat /dev/dsk/variable ================================== The fsck(1M) command cannot open the disk device, because the specified filesystem does not exist. Run the mount(1M) or the format(1M) command to see what filesystems are configured on the machine. Then run fsck again on an existing filesystem. giving up ========= This message appears in the SCSI log to indicate that a read or write operation has been retried until it timed out. With SCSI disk the timeout period is usually 30 seconds; with tape the period is usually 20 attempts. Timeout periods are generally coded into the drivers. Check that all SCSI devices are connected and powered on. Make sure that SCSI target numbers are correct and not in conflict. Verify that all cables are no longer than six meters, total, and that all SCSI connections are properly terminated. The scsi_log(9F) routine usually displays messages on the system console and in the /var/adm/messages file. Run the dmesg(1M) command to see the most recent message buffer. Graphics Adapterdevice /dev/fb is of unknown type ================================================== The /dev/fb driver is either missing or corrupted. See "InitOutput: Error loading module for /dev/fb" for details. group.org_dir: NIS+ servers unreachable ======================================= This is the second of three messages that an NIS+ client prints when it cannot locate an NIS+ server on the network. See the message "hosts.org_dir: NIS+ servers unreachable" for details. /home/variable: No such file ordirectory ========================================= An attempt was made to change to a user's home directory, but either that user does not exist or the user's fileserver has not shared (exported) that filesystem. To check on the existence of a particular user, run the ypmatch(1) or nismatch(1) command, specifying the user name and then the passwd map. To export filesystems from the remote fileserver, become superuser on that system and run the share(1M) command with the appropriate options. If that system is sharing (exporting) filesystems for the first time, also invoke /etc/init.d/nfs.server start to begin NFS service. For more information on sharing filesystems, see the share_nfs(1M) man page. Host is down ============ A transport connection failed because the destination host was down. For example, mail delivery was attempted over several days, but the destination machine was not available during any of these attempts. Report this error to the system administrator for the host. If you are the person responsible for this system, check to see if the machine needs repair or rebooting. This error results from status information delivered by the underlying communication interface. If there is no known connection to the host, a different message usually results. See "No route to host" for details. The symbolic name for this error is EHOSTDOWN, errno=147. host name configuration error ============================= This is an old sendmail message, which replaced "I refuse to talk tomyself" and is now replaced by the "Local configuration error" message. See the message "554 variable... Local configuration error" for details. hosts.org_dir: NIS+ servers unreachable ======================================= This is the third of three messages that an NIS+ client prints when it cannot locate an NIS+ server on the network. If other NIS+ clients are behaving normally, check the Ethernet cabling on the workstation showing this message. On SPARC machines, disconnected network cablingalso produces a series of "no carrier" messages. On x86 machines, the NIS+ messages might be your only indication that network cabling is disconnected. If many NIS+ clients on the network are giving this message, go to the NIS+ server in question and reboot or repair it, as necessary. When the server machine is back in operation, NIS+ clients will give an "NIS server for domain OK" message. I can't read your attachments. What mailer are you using? ========================================================= The SunView mailtool andpre-3.3 OpenWindows mailtool produce this message when they cannot cope with an attachment. The attachment is probably in MIME (Multipurpose Internet Mail Extensions) format, using base64 encoding. To read a mail message containing MIME attachments, use mailtool(1) from Solaris 2.3 or later. If you are running an earlier version of Solaris, rlogin(1) to a later version of Solaris, set the DISPLAY environment variable back to the first system, and run mailtool remotely. If those options prove impossible, ask the originator to send the message again using mailtool, or using the CDE dtmail compose File->SendAs- >SunMailTool option. Standard MIME attachments with base64 encoding, for example, produce this message and fail to display in older mailtools. Look into using metamail, available on the Internet, which allows you to send and receive MIME attachments. ie0: Ethernet jammed ==================== This message can appear on SPARCservers or x86 machines with an Intel 82586 Ethernet chip. It indicates that 16 successive transmission attempts failed, causing the driver to give up on the current packet. If this error occurs sporadically or at busy times, it probably means that the network is saturated. Wait for network traffic to clear. If bottlenecks arise frequently, think about reconfiguring the network or adding subnets. Another possible cause of this message is a noise source somewhere in the network, such as a loose transceiver connection. Use snoop(1M)or a similar program to isolate the problem area, then check and tighten network connectors as necessary. ie0: no carrier =============== This message can appear on SPARCservers or x86 machines with an Intel 82586 Ethernet chip. It indicates that thechip has lost input to its carrierdetect pin while trying to transmit a packet, causing the packet to be dropped. Check that the Ethernet connector is not loose or disconnected. Other possible causes include an open circuit somewhere in the network and noise on the carrier detect linefrom the transceiver. Use snoop(1M) or a similar program to isolate the problem area, then check the network connectors and transceivers, as needed. Illegal Instruction =================== A process has received a signal indicating that it attempted to execute an instruction that is not allowed by the kernel. This usually results from running programs compiled for a slightly different machine architecture. This message is usually accompanied by a core dump, excepton read-only filesystems. If you are booting from CDROM or from the net, check README files to make sure you are using an image appropriate for your machine architecture. Run df to make sure there is enough swap space on the system; too little swap space can cause this error. If you recently upgraded your CPU to a new architecture, replace your operating system with one that supports the new architecture (an operating system upgrade might be required). Sometimes this condition results from programming error, such as when a program attempts to execute data as instructions. This condition can also indicate device file corruption on your system. Illegal instruction "0xN" was encountered at PC 0xN =================================================== The machine is trying to boot from a non-boot device, or from a boot device for a different hardware architecture. If you are booting from the net, check README files to make sure you are using a boot image for that architecture. If you are booting from disk, make sure the system is looking at the right disk, which is usually SCSI target 3. Failing these solutions, connect a CD drive to the system and boot from CDROM. Illegal seek ============ Using a pipe ("|") on the command line doesn't work here. Rather than using a pipe on the command line, redirect the output of the first program into a file and then run the second program on that file. A call to lseek(2) was issued to a pipe. This error condition can also be fixed by altering the program to avoid using lseek(). The symbolic name for this error is ESPIPE, errno=29. Image Tool: Unable to open XIL Library. ======================================= This message follows multiple multi-line "XilDefaultErrorFunc" errors, indicating that ImageTool could not locate the X Imaging Library. Many OpenWindows and CDE deskset programs require XIL. Run pkginfo(1) to determine what packages are installed on the system. If the following packages are not present, install them from CDROM or over thenet: SUNWxildg, SUNWxiler, SUNWxilow, and SUNWxilrt. Inappropriate ioctl for device ============================== This is a programming error. Ask the program's author to fix this condition. The program needs to be changed so it employs a device driver that can accept special character device controls. The ioctl() system call was given as an argument for a file that is not a special character device. This message replaces the traditional but puzzling "Not a typewriter" message. The symbolic name for this error is ENOTTY, errno=25. INCORRECT BLOCK COUNT I=N (should be N) CORRECT? ================================================= During phase 1, fsck(1M) determined that the specified inode pointed to a number of bad or duplicate blocks, sothe block count should be corrected to the actual number shown. Generally you can answer yes to this question without harming the filesystem. For more information on bad blocks, see the section on checking filesystem integrity in the System Administration Guide, Volume I. inetd[N]: execv /usr/sbin/in.uucpd: No such file or directory ============================================================= This message indicates that the Internet services daemon inetd(1M) tried to start up the UUCP service without the UUCP daemon existing on the system. The SUNWbnuu package must be installed before the machine can run UUCP. Run pkgadd(1M) to install this package from the distribution CDROM or over the network. inetd[N]: variable/tcp: unknown service ======================================= This message indicates that the Internet services daemon inetd(1M) could not locate the TCP service specified after the first colon. Check the current machine's /etc/services file, and the NIS services map, to see if the service is described. To start this service, add an appropriate entry into the /etc/services file and possibly the services map as well. Note that NIS+ does not consult the local /etc/services file unless you put "files" right after "nisplus" on the services line of the system's /etc/nsswitch.conf file. If you do not want to start this service, edit the system's /etc/inetd.conf file and delete the entry that tries to start it up. For more information about NIS+, see the NIS+ and FNS Administration Guide. inetd[N]: variable/udp:unknown service ======================================= This message indicates that the Internet services daemon inetd(1M) could not locate the UDP service specified after the first colon. See the message "inetd[N]: variable/tcp: unknown service" fora solution. inetd: Too many open files ========================== This message can appear when someone runs a command from the shell or uses a third-party application. The sar(1M) command does not indicate that the system-wide open file limit has been exceeded. The probable cause for this is that the shell limit has been exceeded. The default open file limit is 64, but can be raised to 256. See the message "Too many open files" for a solution. INIT: Cannot create /var/adm/utmp or /var/adm/utmpx =================================================== This console message indicates that init(1M) cannot write in the /var directory, which is usually part of the / (root) filesystem. Some other messages follow, andthe system usually comes up single-user. The problem is often that / or /var is mounted read-only. Sometimes a brief power outage leaves the system believing that many filesystems are still mounted. If /var is a separate filesystem on the machine, andis not yet not mounted, mount it now. If the filesystem containing /var is mounted read-only, remount it read-write with a command similar to this: # mount -o rw,remount / Then type Control-d and try to bring up the system multi-user. If that fails, the root filesystem is probably corrupted. Run fsck(1M) on the root filesystem, halt the machine, power cycle the CPU, and wait for the system to reboot. Should this problem still occur, restore the root filesystem from backup tapes, or re-install the system from net or CDROM to replace the root filesystem. InitOutput: Error loading module for /dev/fb ============================================ This fatal X server error message indicates that /dev/fb, the "dumb frame buffer," is either missing or corrupted. It is usually followed by a "giving up" message and a few xinit errors. If other devices on the system are working correctly, the most likely reason for this error is that the SUNWdfb package was removed or never installed. Insert the installation CD-ROM, change to the Solaris_2.xdirectory, and run the following command to install the packages SUNWdfbh and SUNWdfb (for your machine architecture): pkgadd -d . If other devices on the system are not working correctly, the system might havea corrupt /devices directory. Halt the system and boot using the -r (reconfigure) option. The system will run fsck(1M) if the /devices filesystem is corrupted, most likely fixing the problem. Interrupted system call ======================= The user issued an interrupt signal (usually Control-c) while the system was in the middle of executing a system call. When network service is slow, interrupting cd(1) to a remote-mounted directory can produce this message. Proceed with your work, this message is purely informational. An asynchronoussignal (such as interrupt or quit), which a program was set up to catch, occurred during an internal system call. If execution is resumed after processing the signal, it will appear as if the interrupted programming function returned this error condition, so the program might exit with an incorrect error message. The symbolic name for this error is EINTR, errno=4. Invalid argument ================ An invalid parameter was specified that the system cannot interpret. For example, trying to mount an uncreated filesystem, printing without sufficient system support, or providing an undefined signal to a signal(3c) library function, can all produce this message. If you see this message when you are trying to mount a filesystem, make sure that you have run newfs(1M) to create the filesystem. If you see this message when you are trying to read a diskette, make sure that the diskette was properly formatted with fdformat(1), either in DOS format (pcfs) or as a UFS filesystem. If you see this message while you are trying to print, make sure that the print service is configured correctly. The symbolic name for this error is EINVAL, errno=22. Invalid null command ==================== This C shell message results from a command line with two pipes (|)in a row or from a pipe without a command afterwards. Change the command line so that each pipe is followed by a command. I/O error ========= Some physical Input/Output error has occurred. If the process was writing a file, data corruption is possible. First find out which device is experiencing the I/O error. If the device is a tape drive, make sure a tape is inserted into the drive. When this error occurs with a tape in the drive, it is likely that the tape contains an unrecoverable bad spot. If the device is a floppy drive, an unformatted or defective diskette could be at fault. Format the diskette, or obtain a replacement. If the device is a hard disk drive, you might need to run fsck(1M) and possibly even reformat the disk. In some cases this error might occur on a call following the one to which it actually applies. The symbolic name for this error is EIO, errno=5. Is a directory ============== An attempt was made to read or write a directory as if it were a file. Look at a listing of all the files in the current directory and try again, specifying a file instead of a directory. The symbolic name for this error is EISDIR, errno=21. kernel read error ================= This message appears when savecore(1M), if activated, tries to copy a debugging image of kernel memory to disk but cannot read various kernel data structures correctly. Generally this occurs after a system panic has corrupted main memory. Data corruption on the systemis possible. Look at the kernel error messages that preceded this one to try to determine the cause of the problem. Error messages such as "BAD TRAP" usually indicate faulty hardware. Until the problem that caused the kernel panic is resolved, a kernel core image cannot be saved for debugging. Killed ====== This message is purely informational. If the killed process was writing a file, some data might be lost. Continue with your work. This message from the signal handler or various shells indicates that a process has been terminated with a SIGKILL. However, if you don't see this message and cannot terminate a process with a SIGKILL, you might have to reboot the machine to get rid of that process. kmem_free block already free ============================ This is a programming error,probably from a device driver. Determine which driver is giving this message and contact the vendor for a software update, as this message indicates a bug in the driver. This message is from the DDI programming function kmem_free(9F), which releases a block of memory at address addr of size siz that was previously allocated by the DDI function kmem_alloc(9F). Both addr and siz must correspond to the original allocation. If you have source code for the driver, follow kmem_alloc() and kmem_free() in the code to make sure they allocate and free the same chunk of memory. last message repeated N times ============================= This message comes from syslog(1M), the facility that prints messages on the console and records them in /var/adm/messages. To reduce the log size and minimize buffer usage, syslog collapses any identical messages it sees during a 20 second period, then prints this message with the number of repetitions. Look above this message to see which message was repeated so often. Then consider the repeated message and take action accordingly. If repeated log entries such as "su ... failed" appear, consider the possibility of a security breach. ld.so.1: variable: fatal: relocation error: symbol not found: variable ====================================================================== This message from the run-time linker ld.so.1 indicates that in trying to execute the application given after the first colon, the specified symbol could not be found for relocation. The message goes on to say in what file the symbol was referenced. Since this is a fatal error, the application terminates with this message. Run the ldd -d command on the application to show its shared object dependencies and symbols that aren't found. Probably your system contains an old version of the shared object that should contain this symbol. Contact the library vendor or author for an update. This error does not necessarily occur when you first bring up an application. It could take months to develop, if ordinary use of the application seldom references the undefined symbol. ld.so.1: variable: fatal: variable: can't open file: errno=2 ============================================================ This message indicates that the run-time linker, ld.so.1, while running the program specified after the first colon, could not find the shared object specified after the third colon. (A shared object is sometimes called a dynamically linked library.) Error number 2 translates to "No such file or directory" (ENOENT). As a workaround, set the environment variable LD_LIBRARY_PATH to include the location of the shared object in question, for example: /usr/dt/lib:/usr/openwin/lib Better yet, if you have accessto source code, recompile the program using the -Rpath loader option. Using LD_LIBRARY_PATH is discouraged because it slows down performance. le0: Memory error! ================== This message indicates that the network interface encountered an access time-out from the CPU's main memory. There is probably nothing wrong except system overload. If the system is busy with other processes, this error can occur frequently. If possible, try to reduce the system load by quitting applications or killing some processes. The Lance Ethernet chip timed out while trying to acquire the bus for a DVMA transfer. Most network applications wait for a transfer to occur, so generally no data gets lost. However, data transfer might fail after too many time-outs. For more information about the Lance Ethernet chip, see the le(7D) man page. le0: No carrier-- cable disconnected or hub link test disabled? =============================================================== Standalone machines with no Ethernet port connection get this error when the system triesto access the network. If the Ethernet cable is disconnected, SPARC machines with the sun4m architecture usually display this message, whereas machines with the sun4c architecture usually display the "le0: No carrier-- transceiver cable problem" message instead. If the Ethernet cable is connected, this message could result from a mismatch between the machine's NVRAM settings and the Ethernet hub settings. If this message is continuous, try to save any workto local disk. When a machine is configured as a networked system, it must be plugged into the Ethernet with a twisted pair J45 connector. If the Ethernet cable is plugged in, find out whether or not the Ethernet hub does a Link Integrity Test. Then become superuser to check and possibly set the machine's NVRAM. If the hub's Link Integrity Test is disabled, set this variable to false. # eeprom | grep tpe tpe-link-test?=true # eeprom 'tpe-link- test?=false' The default setting is true. If for some reason tpe-link-test? was set to false,and the hub's Link Integrity Test is enabled, set this variable to true. le0: No carrier-- transceiver cable problem? ============================================ Standalone machines with no Ethernet port connection get this error when the system tries to access the network. If this message is continuous, try to save any work to local disk. When a machine is configured as a networked system, it must be plugged into the Ethernet with either a twisted pair J45 connector or thicknet 10Base-T connector (depending on the building's Ethernet cable type). Older workstations have a thicknet connection on the back instead of a twisted pair Ethernet connection, so they require a thicknet to twisted pair transceiver to translate between cabling types. LINK COUNT FILE I=i OWNER=o MODE=m SIZE=s MTIME=t COUNT... ADJUST? =================================================================== During phase 4, fsck(1M) determined that the inode's link count for the specified file is wrong, and asks if you want to adjust it to the value given. Generally you can answer yes to this question without harming the filesystem. For more information on fsck, see the section on checking filesystem integrity in the SystemAdministration Guide, Volume I. LL105W: Protocol error detected. ================================ This error message comes from Lifeline Mail, an unbundled PC compatibility application. The likeliest cause for this problem is that someone set up a user account without a password. Assign the user a password to solve this problem. ln: cannot create /dev/fb: Read-only file system ================================================ During device reconfiguration at boot time, the system cannot link to the frame buffer because /dev is on a read-only filesystem. Check that /dev/fb is a symbolic link to the hardware frame buffer, such as cgsix or tcx. Ensure that the filesystem containing /dev is mounted read-write. lockd[N]: create_client: no name forinet address 0xN ===================================================== This lock daemon message usually indicates that the NIS hosts.byname and hosts.byaddr maps are not coordinated. Wait a short time for the maps to synchronize. If they don't, takesteps to coordinate them. For information on updating NIS data, see the section on NIS maps in the NIS+ and FNS Administration Guide. If you are using the AnswerBook, "hosts.byaddr" is a good search string. Login incorrect =============== This message from the login(1) program indicates an incorrect combination of login name and password. There is no way to tell whether what's wrong is the login name, the password, or both. Other programs such as ftp(1), rexecd(1M), sulogin(1M), and uucp(1C) alsogive this error under similar conditions. Check the /etc/passwd file and the NIS or NIS+ passwd map on the local system to see if an entry exists for this user. If a user has simply forgotten the password, su and set a new one with the passwd usernamecommand. This command automatically updates the NIS+ passwd map, but with NIS you'll need to coordinate the update with the passwd map. The "Login incorrect" problem can also occur with older versions of NIS when the user name has more than eight characters. If this is the case, edit the NIS password file, change the user name to have eight or fewer characters, and then remake the NIS passwd map. If you cannot log in to the system as root, despite knowing the proper password, it is possible that the /etc/passwd file is corrupted. Try to log in as a regular user and su to root. If that doesn't work, see the message "su: No shell" and follow most of the instructions given there. Instead of changing the default shell however, make the password field blank in /etc/shadow. lp hang ======= On a print server, the queue continues to grow but nothing comes out of the printer. The printer daemon is hung. Here is a simple procedure for flushing a hung printing queue: 1. Login or switch user to root. 2. Issue the reject printername command to make sure no one sends any job to the printer. 3. Turn off power to the printer. 4. If the active job appears to be causing the hang, remove it from the print queue with the cancel jobnumber command, and ask the owner to requeue that print job. 5. Shut down the print queue with the /usr/lib/lpshut command. 6. Remove the lock file /var/spool/lp/SCHEDLOCK and the temporary files /var/spool/lp/tmp/*/*. 7. Turn the printer back on. 8. Restart the print queue with the /usr/lib/lpsched command. For more information on print queuing, see the System Administration Guide, Volume II. If you are using the AnswerBook, "print server" is a good search string. mailtool: Can't create dead letter: Permission denied ===================================================== An attempt was made to send a message with mailtool(1) from a directory where the user does not have write permission, and the user's home directory is currently unavailable. Change to another directory and start mailtool again, or use chmod(1) to change permissions for the directory (if possible). mailtool: Could not initialize the Classing Engine ================================================== When a user runs mailtool(1) on a remote machine, setting the DISPLAY environment back to the local machine, this message might appear inside a dialog box window. The dialog box goes on to say that the Classing Engine must be installed to use Attachments. This problem occurs because rlogin(1) does not propagate the user's environment. Exit mailtool and set your OPENWINHOME environment variable to /usr/openwin. Then run mailtool again. The error message will not appear, and you will be able to use Attachments. Classing Engine is a new name for Tool Talk. Earlier versions of mailtool said "Tool Talk: TT_ERR_NOMP" instead of Classing Engine. Mail Tool is confused about the state of your Mail File. ======================================================== This message appears in a pop-up dialog box whenever you ask mailtool(1) to access messages after another mail reader has modified your inbox. A request follows: "Please Quit this Mail Tool." Click "Continue" to close the dialog box, then exit mailtool. If you continue trying to read mail, messages deleted by the other mail reader will never appear, and mailtool will fail to see any new messages. mail: Your mailfile was found to be corrupted (Content-length mismatch). ======================================================================= This message comes from mail(1) or mailx(1) whenever it detects messages with a different content length than advertised. The mail program tells you which message might be truncated or might have another message concatenated to it. Two common causes of content length mismatches are the simultaneous use of different mail readers (such as mail and mailtool), or using a mail reading program (or an editor) that does not update the Content-Length field after altering a message. The mailx program can usually recover from this error and delineate mail message boundaries correctly. Pay close attention to the message that might be truncated or combined with another message, and to all messages after that one. If a mail file becomes hopelessly corrupted, run it through a text editor to eliminate all Content-Length lines, and ensure that each message has a From (no colon) line for each message, preceded by a blank line. To avoid mailfile corruption, exit from mailtool without saving changes when you are currently running mail or mailx. Memory address alignment ======================== This message can occur when printing large files on a SPARCprinter attached to a SPARCstation 2. Replace the SPARCstation 2 CPU with one that isat the most recent dash level. memory leaks ============ An application uses up more and more memory, until all swap space is exhausted. Many developers have found that third party software (such as Purify) can help identify memory leaks in their applications. If you suspect that you have a memory leak, you can use sar(1) to check on the Kernel Memory Allocation (KMA). Any driver or module that uses KMA resources, but does not specifically return the resources before it exits, can create a memory leak. For more information on memory leaks, see the section on monitoring system activity in the System Administration Guide, Volume II. If you are using the AnswerBook, "displaying disk usage" is a good search string. Also, see the section on system resource problems in the NIS+ and FNS Administration Guide. mount: /dev/dsk/variable is already mounted, /variable is busy, or... ===================================================================== While trying to mount a filesystem, the mount(1M) command received a "Device busy" (EBUSY) error code.There are several possible reasons: this /dev/dsk filesystem is already mounted on a different directory, the busy path name is the working directory of an active process, or the system has exceeded its maximum number of mount points (unlikely). Run /etc/mount to see if the filesystem is already mounted. If not, check to see if any shells are active in the busy directory (did the user cd into the directory?), or if any processes in the ps(1) listing are active in that directory. If the reason for the error message isn't obvious, try using a different directory for the mount point. mount: giving up on: /variable ============================== An existing server did not respond to an NFS mount request, so after retrying a number of times (default1000), the mount(1M) command has given up. Nonexistent servers or bad mount points produce different messages. If the "RPC: Program not registered" message precedes this one, the requested mount serverprobably did not share (export) any filesystems, so it has no NFS daemons running. Have the superuser on the mount server share(1M) the filesystem, then run /etc/init.d/nfs.server start to begin NFS service. If the requested mount server is down or slow to respond, check to see whether the machine needs repair or rebooting. mount: mount-point /variable does not exist. ============================================ Someone tried to mount a filesystem onto the specified directory, but there is no suchdirectory. If this is the directory name you want,run mkdir(1) to create this directory as a mount point. mount: the state of /dev/dsk/variable is not okay ================================================= The system was unable to mount the filesystem that was specified because the super-block indicates that the filesystem might be corrupted. This is not an impediment for read-only mounts. If you don't need to write on this filesystem, mount(1M) it using the -o ro option. Otherwise, do as one of the message continuation lines suggests and run fsck(1M) to correct the filesystem state and update the super-block. For more information on using fsck, see the section on checking filesystem integrity in the System Administration Guide, Volume I. /net/variable: No such file or directory ======================================== A user tried to change directory (for example with cd) to a network partition on the system specified after /net/, but this host either does not exist or has not shared (exported) any filesystem. To gain access to files on this system, try rlogin(1). To export filesystems from the remote system, become superuser on that system and run the share(1M) command with the appropriate options. If that system is sharing filesystems for the first time, also run /etc/init.d/nfs.server start to begin NFS service. Network is down =============== A transport connection failed because it encountered a dead network. Report this error to the system administrator for the network. If you are the person responsible for this network, check to see why the network is dead and what repairs are necessary. This error results from status information delivered by the underlying communication interface. The symbolic name for this error is ENETDOWN, errno=127. Network is unreachable ====================== An operational error occurred either because there was no route to the network or because negative status information was returned by intermediate gateways or switching nodes. The returned status is not always sufficient to distinguish between a network that is down and a host that is down. See the "No route to host" message. Check the network routers and switches to see if they are disallowing these packet transfers. If they areallowing all packet transfers, check network cablingand connections. The symbolic name for this error is ENETUNREACH, errno=128. NFS getattr failed for server variable: RPC: Timed out ====================================================== This message appears on an NFS client that requested a service from an NFS server whose hardware is failing. Often the message "NFS read failed" appears along with this message. If the server were merely down or slow to respond, the "NFS server not responding" message would appear instead. Data corruption on the server system is possible. Because this message usually indicates server hardware failure, initiate repair procedures as soon as possible. Check the memory modules, disk controllers, and CPU board. For more information on NFS tuning, see chapter on monitoring network performance in the System Administration Guide, Volume II. nfs mount: Couldn't bind to reserved port ========================================= This message appears when a client attempts to NFS mount a filesystem from a server that has more than one Ethernet interface configured on the same physical subnet. Always connect multiple Ethernet interfaces on one router system to different physical subnetworks. nfs mount: mount: variable: Device busy ======================================= This message appears when the superuser attempts to NFS mount on top of an active directory. The busy device is actually the working directory of a process. Determine which shell on the workstation is currently located below the mount point, and change out of that directory. Be wary of subshells (such as su shells) that could be in different working directories while the parents remain below the mount point. NFS mount: /variable mounted OK =============================== While booting, the system failed to mount the directory specified after the first colon, probably because the NFS server involved was down or slow to respond. The mount ran in the background and successfully contacted the NFS server. This is a purely informative message to let you know that the mount process has completed. NFS read failed for server variable =================================== This is generally a permissions problem. Perhaps a directory or file permission was changed while the client held the file open. Perhaps the filesystem's share or netgroup permissions changed. If the server were down or the network saturated, the "NFS server not responding" message would appear instead. Log in to the NFS server and check the permissions of directories leading to the file. Make certain that the filesystem is shared with (exported to) the client experiencing an NFS read failure. For more information, see the chapter on NFS troubleshooting in the NFS Administration Guide. nfs_server: bad getargs for N/N =============================== This message comes from the NFS server when it gets a request with unrecognized or incorrect arguments. Typically, it means the request could not be XDR decoded properly. This can result from corruption of the packet over the network, or from an implementation bug causing the NFS client to improperly encode its arguments. If this message originates from a single client, investigate that machine for NFS client software bugs. If this message appears all over a network, especially accompanied by other networking errors, investigate the network cabling and connectors. NFS server variable not responding still trying =============================================== In mostcases this very common message indicates that the system has requested a service from an NFS server that is either down or extremely slow to respond. In some cases this message indicates that the network link to this NFS server is broken, although usually that condition generates other error messages as well. In a few cases this message indicates NFS client set-up problems. Check the non-responding NFS server to see whether the machine needs repair or rebooting. Encourage your user community to report such problems quickly but only once. Should this message appear when booting a diskless client, make sure that the client's /etc/hosts file and the network naming service (NIS, NIS+, or other /etc/hosts files on the network) have been updated. Formore information, see the chapter on NFS troubleshooting in the NFS Administration Guide. NFS server variable ok ====================== This message is the follow-up to the "NFS server not responding" error. It indicates that the NFS server is back in operation. When an NFS server first comes up, it will be busy fulfilling client requests for a while. Be patient and wait for your client system to respond. Making many extraneous requests only further slows the NFS server response time. nfs umount:variable: is busy ============================= This message appears when the superuser attempts to unmount an active NFS filesystem. The busy point is the working directory of a process. Determine which shell (or process) on the workstation is currently located in the remotely mounted filesystem, and change (cd) out of that directory. Be wary of subshells (such as su shells) that could be in different directories while the parent shells remain in the NFS filesystem. NFS write error on host variable: No space left on device. ========================================================== This console message indicates that an NFS-mounted partition has filled up and cannot accept writing of new data. Unfortunately, software that attempts to overwriteexisting files will usually zero out all data in these files. This is particularly destructive on NFS-mounted /home partitions. Find the user or process that is filling up the filesystem, and get the out-of-control process stopped as soon as you can. Then delete files as necessary to create more space on the filesystem (large core files are good candidates for deletion). Have users write any modified files to local disk if possible. If this error occurs often, redistribute directories to ease demandon this partition. For more information on disk usage, see the System Administration Guide, Volume II. If you are using the AnswerBook, "managing disk use" is a good search string. NFS write failed for server variable: RPC: Timed out ==================================================== This error can occur when a file system is soft-mounted, and server or network response time lags. Any data written to the server during this period could be corrupted. If you intend to write on a filesystem, never specify the soft mount option. Use the default hard mount for all the filesystems that are mounted read-write. For more information, see the chapter on NFS troubleshooting in the NFS Administration Guide. NIS+ authentication failure =========================== This is a Federated Naming Service message. The operation could not be completed because the principal making the request could not be authenticated with the name service involved. Run the nisdefaults(1) command to verify that you are identified as the correct NIS+ principal. Also check that the system has specified the correct public key source. For more information, see the authentication and authorization overview in the NIS+ and FNS Administration Guide. No buffer space available ========================= An operation on a transport endpoint or pipe was not performed because the system lacked sufficient buffer space or because a queue was full. The target system probably ran out of memory or swap space. Any data written during this condition will probably be lost. To add more swap area, use the swap -a command on the target system. Alternatively, reconfigure the target system to have more swap space. As a general rule, wwap space should be two to three times as large as physical memory. The symbolic name for this error is ENOBUFS,errno=132. No child processes ================== This message can appear when an application tries to communicate with cooperating process that do not exist. Restart the parent process so it can create the child processes again. If that doesn't help, this could be the result of programming error; contact the vendor or author of the program for an update. A wait(2) system call was executed by a process that had no existing or unwaited-for child processes. The child processes could have exited prematurely, or might never have been created. The symbolic name for this error is ECHILD, errno=10. No default media available ========================== The volume manager issues this message if a user makes an eject(1) request when the drives containno diskette or CDROM to eject. Insert a diskette or CDROM. If the volume manager is confused and there actually is a diskette or CDROM in a drive, run volcheck to update the volume manager. If the system remains confused, try booting with the -r option to reconfigure devices. No directory! Logging in with home=/ ==================================== The login(1) program could not find the home directory listed in the password file or NIS passwd map, so it deposited the user in the root directory. Check that the user's home directory is mounted and is owned by and accessible to that user. Perhaps the automounter tried to mount the home directory, but the NFS server did not respond quicklyenough. Try listing the files in /home/username. If the NFS server responds to this request, have the user log out and log in again. It is possible that the automounter daemon is not running. Run the ps command to see if automountd is present. If not,run the second command; if it appears to be wedged, run both these commands: # /etc/init.d/autofs stop # /etc/init.d/autofs start When the automounter daemon is running, verify that the /etc/auto_master file has a line like this: /home auto_home Verify that the /etc/auto_home file has a line like this: +auto_home These entries depend on the NIS auto_home map. It is also possible that the NFS server has not shared (exported) this /home directory, or that the NFS daemons on the server have disappeared. For more information on NFS, see the NFS Administration Guide. No message of desired type ========================== An attempt was made to receive a message of a type that does not exist on the specified message queue. See the msgop(2) man page for details. This indicates an error in the System V IPC message facility. Generally the message queue is empty or devoid of the desired message type, while IPC_NOWAIT is set. The symbolic name for this error is ENOMSG, errno=35. No recipients specified ======================= This message comes from the mailx(1) command whenever a user doesn't provide an address in the To: field. See the message "Recipient names must be specified" for details. No record locks available ========================= No more record locks are available. The system lock table is full. The symbolic name for this error is ENOLCK, errno=46. Perhaps a process called fcntl(2) with the F_SETLK or F_SETLKW option, and the system maximum was exceeded. The system contains several different locking subsystems, including fcntl,the NFS lock daemon, and mail locking, all of which can produce this error. Try again later, when more locks might be available. No route to host ================ An operational error occurred because there was no route to the destination host, or because of status information returned by intermediate gateways or switching nodes. The returned status is not always sufficient to distinguish between a host that is down and a network that isdown. See the "Network is unreachable" message. Check the network routers and switches to see if they are disallowing these packet transfers. If they are allowing all packet transfers, check network cabling and connections. The symbolic name for thiserror is EHOSTUNREACH, errno=148. No shell Connection closed =========================== A user has attempted to remote login to the system, and has a valid account name and password, but the shell specified for their account is not available on that system. For example, the seventh field could request the GNUBourne-again shell /bin/bash, which does not exist on standard Solaris distributions. If you have a copy of the requested shell, become superuser and install the missing shell on that system. Otherwise, change the user's password file entry (perhaps only in the NIS+ or NIS passwd map) to specify an available shell such as /bin/csh or /bin/ksh. No space left on device ======================= While writing an ordinary file or creating a directory entry, there was no free space left on the device. The disk, tape, or diskette is full of data. Any data written to that device during this condition will be lost. Remove unneeded files from the hard disk or diskette until there is space for all the data you are writing. It might be advisable to move some directories onto another filesystem and create symbolic links accordingly. When a tape is full, continue on another one, use a higher density setting, or obtain a higher- capacity tape. To create multi-volume tapes or diskettes, use the pax(1) or cpio(1) command; tar(1) is still limited to a single volume. The symbolic name for this error is ENOSPC, errno=28. No such device ============== An attempt was made to apply an operation to an inappropriate device, such as writing to a nonexistent device. Look in the /devices directory to see why this device does not exist, or why the program expects it to exist. The similar "No such device or address" message tends to indicate I/O problems with an existing device, whereas this message tends to indicate a device that does not exist at all. The symbolic name for this error is ENODEV, errno=19. No such device or address ========================= This can occur when a tape drive is off-line or when a device has been powered off or removed from thesystem. For tape drives, make sure the device is connected, powered on, and toggled on-line (if applicable). For disk and CDROM drives, check that the device is connected and powered on. With all SCSI devices, ensure that the target switch or dial is set to the number where the system originally mounted it. To inform the system of a change to the target device number, reboot using the -r (reconfigure) option. This message results from I/O to a special file's subdevice that either does not exist or that exists beyond the limit of the device. The symbolic name for this error is ENXIO, errno=6. No such file or directory ========================= The specified file or directory does not exist. Either the file name or path name was entered incorrectly. Check the file name and path name for correctness and try again. If the specified file or directory is a symbolic link, it probably points to a nonexistent file or directory. The symbolic name for this error is ENOENT, errno=2. no such map in server's domain ============================== A user or an application tried to look up something using Network Information Services (NIS), but NIS has no corresponding database for this request. Make sure the NIS map name is spelled correctly. To see a list of nicknames for the various NIS maps, run the ypcat -x command. To see a full list of the various NIS maps (databases), run the ypwhich -m command. If the NIS service were not running on the current machine, these commands would result in a "can't communicate with ypbind" message. No such process =============== This process cannot be found. The process could have finished execution and disappeared, or it might still be in thesystem under a different numeric ID. Use the ps(1) command tocheck that the process ID you're supplying is correct. No process corresponds to the specified process ID (PID), light- weight process ID, or thread_t. The symbolic name for this error is ESRCH, errno=3. No such user as variable-- cron entries not created =================================================== A file exists in /var/spool/cron/crontabs for the specified user, but this user is not in /etc/passwd or the NIS passwd map. The system cannot create cron entries for nonexistent users. To eliminate this message at boot time, remove the cron file for the nonexistent user, or rename it if the user's login name has changed. If this is a valid user, create an appropriate password entry for this name. Not a directory =============== A non-directory was specified where a directory is required, such as in a path prefix or as an argument to the chdir(2) system call. Look at a listing of all the files in the current directory and try again, specifying a directory instead of a file. The symbolic name for this error is ENOTDIR, errno=20. Not enough space ================ This message indicates that the system is running many large applications simultaneously, and has run out ofswap space (virtual memory). It could also indicate that applications failed without freeing pages from the swap area. Swap space is an area of disk set aside to store portions of applications and data not immediately required in memory. Any data written during this condition will probably be lost. Reinstall or reconfigure the system to have more swap space. A general rule of thumb is that swap space should be two to three times as large as physical memory. Alternatively, use mkfile(1M) and swap(1M) to add more swap area. This example shows how to add 16 MB of virtual memory in the /usr/swap file (any filesystem with enough free space would work): # mkfile 16m /usr/swap # swap -a /usr/swap To make this automatic at boot time, add the following line to the /etc/vfstab file: /usr/swap - - swap - no - In calling the fork(2), exec(2), sbrk(2), or malloc(3C) routine, a program asked for more memory than the system could supply. This is not a temporary condition; swap space is a system parameter. The symbolic name for this error is ENOMEM, errno=12. not found ========= This message indicates that the Bourne shell could not find the program name given as a command. Check the form and spelling of the command line. If that looks correct, echo $PATH to see if the user's search path is correct. When communications are garbled, it is possible to unset a search path to such an extent that only built-in shell commands are available. Here is a command to reset a basic search path: $ PATH=/usr/bin:/usr/ccs/bin:/usr/openwin/bin:. If the search path looks correct, check the directory contents along the search path to see if programs are missing or if directories are not mounted. NOTICE: /variable: out of inodes ================================ The filesystem specified after the first colon probably contains many small files, exceeding the per-filesystem limit for inodes (file information nodes). If many small files were created unintentionally, removing them will resolve the problem. Otherwise, follow these steps to increase filesystem capacity for small files. Make several backup copies of the filesystem on different tapes (for safety), then bring the machine down to single-user mode. Use the newfs(1M) command with the -i option to increase inode density for this filesystem. Here is an example: # newfs -i 1024 /dev/rdsk/partition Finally, restore the filesystem from a backup tape. Note that increasing the inode density slightly reduces total filesystem capacity. Not login shell =============== This message results when a user triesto logout(1) from a shell other than the one started at login time. To quit a non-login shell, use the exit(1) command. Continue doing so until you have logged out. For more general information on the login shell, see the section on customizing your work environment in the Solaris Advanced User's Guide. Not on system console ===================== A user tried to login(1) to a system as the superuser (uid=0, which is not necessarily root) from a terminal other than the console. Login to that system as a normal user, then run su(1M) to become superuser. To allow superuser logins from any terminal, comment out the CONSOLE line in /etc/default/login (this is not recommended for security reasons). Not owner ========= Either an ordinary user tried to do something reserved for the superuser, or the user tried to modify a file in a way restricted to the file's owner or to the superuser. Switch user to root and try again. The symbolic name for this error is EPERM, errno=1. Not supported ============= This version of the system does not support the feature requested, although future versions of the system might provide support. This is generally not a system message from the kernel, but an error returned by an application. Contact the vendor or author of the application for an update. The symbolic name for this error is ENOTSUP, errno=48. ok == This is the OpenBoot PROM monitor prompt. From this prompt, you can boot the system (from disk, CDROM, or net), or you can use the go command to continue where you left off. If you suddenly see this prompt, look at the messages above it to see if the system crashed. If no other messages appear, and you just typed Stop-A or plugged in a new keyboard, type go to continue. You might need to Refresh the window system from its Workspace Menu. Never invoke sync from the ok prompt without first running the fsck(1M) command, especially if the filesystem has changed. operation failed [error 185], unknown group error 0, variable ============================================================= When you use admintool to add a user to a newly-created group, admintool issues this error. Apply patch 101384-05 to fix bug ID 1151837 and to provide a workaround for bug ID 1153087. Operation not applicable ======================== This error indicates that no system support exists for some function that the application requested. Ask the system vendor for an upgrade, or contact the vendoror author of the application for an update. This message indicates that no system support exists for an operation. Many modules set this error when a programming function is not yet implemented. If you are writing a program that produces this message while calling a system library, try to find and use an alternative library function. Future versions of the system might support this operation; check system release notes for further information. The symbolic name for this error is ENOSYS, errno=89. out of memory ============= Hundreds of different programs can produce this message when the system is running many large applications simultaneously. This message usually means that the system has run out of swap space (virtual memory). See the message "Not enough space" for details. Any data written during this condition will probably be lost. PARTIALLY ALLOCATED INODE I=N CLEAR? ===================================== During phase 1, fsck(1M) found that the specified inode was neither allocated nor unallocated. The reason is probably that the system crashed in the middle of a sync(2) or write(2) operation. Should you answer yes to this question, "UNALLOCATED" messages might result during phase 2, if any directory entries point to this inode. If you are being careful, exit fsck(1M) and run ncheck(1M) (specifying the inode number after the -i option) to determine which file or directory is involved here. You might be able restore this file or directory from another system. It is also possiblethat fsck will copy this file to the lost+found directory in a later phase. For more information, see the chapter on checking filesystem integrity in the System Administration Guide, Volume I. passwd.org_dir: NIS+ servers unreachable ======================================== This is the first of three messages thatan NIS+ client prints when it cannot locate an NIS+ server on the network. See the message "hosts.org_dir: NIS+ servers unreachable" for details. Password does not decrypt secret key for unix.uid@variable ========================================================== This message appears at login time when a user's password is not identical to the user's keylogin network password. When a system is running NIS+, the login program firstperforms UNIX authentication, and then attempts a keylogin(1) for secure RPC authentication. To gain credentials for secure RPC, users can run keylogin (after login) and type in their secret key. To stop this message from appearing at login time, users can run the chkey -p command and set their network password to bethe same as their NIS+ password. If a user doesn't remember the network password, the system administrator should delete and re-create the user's credentials table entry so the user can establish a new network password with chkey. Permission denied ================= An attempt was made to access a file in a way forbidden by the protection system. Check the ownership and protection mode of the file (with a long listing from the ls-l command) to see who is allowed to access the file. Then change the file or directory permissions as needed. The symbolic name for this error is EACCES, errno=13. Please specify a recipient. =========================== With mailtool, this message comes up in a dialog box whenever a user tries to deliver a message with no address in the To: field. See the message "Recipient names must be specified" for details. Protocol not supported ====================== The requested networking protocol hasnot been configured into the system, or no implementation for it exists. (A protocol is a formal description of the messages to be exchanged and the rules to be followed when systems exchange information.) Verify that the protocol is in the /etc/inet/protocols file and in the NIS protocols map, if applicable. If the protocol is not listed, and you want to permit its use, configure the protocol as documented or as required. The symbolic name for this error is EPROTONOSUPPORT, errno=120. Protocol wrong type for socket ============================== This message indicates either application programming error, or badly configured protocols. Make sure that the /etc/protocols file corresponds number-for- number with the NIS protocols map. It it does, ask the vendor or author of the application for an update. A protocol was specified that does not support the semantics of the socket type requested. This amounts to a request for an unsupported type of socket. Look at the source code that made this socket request and check that it requested one of the types specifiedin /usr/include/sys/socket.h. The symbolic name for this error is EPROTOTYPE, errno=98. Read error from network: Connection reset by peer ================================================= This message appears when a user is remotely logged into a machine that crashes or gets rebooted during the rlogin(1) or rsh(1) session. Any data changes that were not saved are probably lost. Sometimes this message appears only when the user types something, even though the system went down hours before. Try torlogin again, perhaps after waiting a few minutes for the system to reboot. Read-only file system ===================== Files and directories on filesystems that are mounted read-only cannot be changed. If you only modify these files and directoriesoccasionally, rlogin(1) to the servers from which the filesystems are mounted and change the files or directories there. If you change these files and directories frequently, mount(1M) the filesystems read/write. The symbolic name for this error is EROFS, errno=30. rebooting... ============ This message appears on the console to indicate that the machine is booting, either after the superuser issued a reboot command, or after a system panic if the EEPROM's watchdog-reboot? variable is set to true. Allow the machine to boot itself. In case of a system panic, look above this message for other indications of what went wrong. Recipient names must be specified ================================= Somebody sent mail without a valid recipient in the To: field, so sendmail could not deliver the mail message. Using mail(1), the recipient's address might have been specified using spaces or non-alphanumeric characters. The mailtool(1)and mailx(1) commands try to prevent this by issuing "Please specify a recipient" or "No recipients specified" messages instead. If there is at least one valid recipient, each invalid recipient address will generate a "User unknown" message. Look in the sender's dead.letter file for the automatically saved message, andhave the originator send it again, this time specifying a recipient. For more information about sendmail, see the Mail Administration Guide. Reset tty pgrp from N to N ========================== The C shell sometimes issues this message when it clears away the window process group after the user exits the window system. This can happen when the window system doesn't clean up after itself. Proceed with your work. This message is purely informational. Resource temporarily unavailable ================================ This indicates that the fork(2) system call failed because the system's process table is full, or that a system call failed because of insufficient memory or swap space. It is also possible that a user is not allowed to create anymore processes. Simply waiting often gives the system time to free resources. However if this message occurs often on a system, reconfigure the kernel and allow more processes. To increase the size of the process table in Solaris 2.x, increase the value of maxusers in the /etc/system file. The default maxusers value is the amount of main memory in MB, minus 2. If one user is not allowed to create any more processes, that user has probably exceeded the memorysize limit; see the limit(1) man page for details. The symbolic name for this error is EAGAIN, errno=11. Result too large ================ This is a programming error or a data input error. Ask the program's author to fix this condition. This indicates an attempt to evaluate a mathematical programming function at a point where its value would overflow or underflow. The value of a programming function in the math package (3M) is not representable within machine precision. This could occur after floating point overflow or underflow (either single or double precision), or after total loss of numeric significance in Bessel functions. Note that this message can indicate "Result too small" in the case of floating pointunderflow. To help pinpoint a program's math errors, use the matherr(3M) facility. The symbolic name for this error is ERANGE, errno=34. rmdir: variable: Directory not empty ==================================== The rmdir(1) command can remove empty directories, only. The directory whose name appears after the first colon in the message still contains some files or directories. Use rm(1) instead of rmdir. To remove this directory and everything underneath it, use the rm -ir command to recursively descend the directory, being asked if you want to delete each element. To remove the directory and all its contents without being asked for approval, use the rm -r command. ROOT LOGIN /dev/console ======================= This syslog message indicates that someone has logged in as root on the system console. If you have just logged in as root, don't worry. If this is not you, consider the possibility of a security breach. The best site-wide policy is for all system administrators to su instead oflogging in as root. ROOT LOGIN /dev/pts/N FROM variable =================================== This syslog message indicates that someone has remote logged in as root on a pseudo-terminal from the system specified after the FROM keyword. For security reasons, it is a bad idea to allow root logins from anywhere besides the console. To restrict superuser logins to the console, remove the comment from the CONSOLE line in /etc/default/login. rx framing error ================ Usually this error indicates a hardware problem. Check the Ethernet cabling and connectors to locate a problem. A framing error occurs when the Ethernet I/O driver receives a non-integral unit of octets, such as 63 bytes and then 3 bits. (Ethernet specifies the use of octets.) Framing errors are caused by corruption of the starting or ending frame delimiters. These can be corrupted by some violation of the encoding scheme. Framing errors are a subset of CRC errors, which are usually caused by anomalies on the physical media.An "alignment/framing error" is a type of CRC error where octet boundaries do not line up. SCSI bus DATA IN phase parity error =================================== The most common cause of this problem is unapproved hardware. Some SCSI devices for thePC market do not meet the high I/O speed requirements for the UNIX market. Other possible causes of this problem are improper cabling or termination, and power fluctuations. Data corruption is possible but unlikely to occur, because this parity error prevents data transfer. Check that all SCSI devices on the bus are Sun approved hardware. Then verify that all cables are no longer than six meters, total, and that all SCSI connections are properly terminated. If power fluctuations are occuring, invest in an uninterruptible power supply. SCSI transport failed: reason 'reset' ===================================== This message indicates that the system sent data over the SCSI bus, but the data never reached its destination because of a SCSI bus reset. The most common cause of this condition is conflicting SCSI targets.짣ata corruption is possible but unlikely to occur, because this failure prevents data transfer. Verify that all cables are no longer than six meters, total, and that all SCSI connections are properly terminated. If power surges are a problem, acquire a surge suppressor or uninterruptible power supply. A machine's internal disk drive is usually SCSI target 3. Make sure that external and secondary disk drives are targeted to 1, 2, or 0, and do not conflict with each other. Also make sure that tape drives are targeted to 4 or 5, and CD drives to 6, avoiding any conflict with each other or with disk drives. If the targeting of the internal disk drive is in question, power off the machine, remove all external drives, turn the power on, and from the PROM monitor run the probe-scsi-all or probe-scsi command. If SCSI device targeting is acceptable, memory configuration could be the problem, especially for machines with the sun4c architecture. Ensure that high-capacity memory chips (such as 4MB SIMMs) are in lower banks, while lower-capacity memory chips (such as 1MB SIMMs) are in the upper banks. Note that SPARC systems do not always support third party CDROM drives, and might generate a similar "unknown vendor" error message. Check with the CDROM vendor for specific configuration requirements. Some third party disk drives have a read-ahead cache that interferes with Solaris device drivers. Make sure that any existing read-ahead cache facility is turned off. ?For more information on SCSI targets, see the section on device naming conventions in the Solaris 1.x to Solaris 2.x Transition Guide. If you are using the AnswerBook, "scsi targets" is a good search string. Segmentation Fault ================== Segmentation faults usually result from programming error. This message is usually accompanied by a core dump, except on read- only filesystems. To see which program produced a core file, run either the file(1) command or the adb (1) command. The following examples show the output of the file and adb commands on a core file from the dtmail program. $ file core core: ELF 32-bit MSB core file SPARC Version 1, from `dtmail' $ adb core core file = core -- program `dtmail' SIGSEGV 11: segmentation violation ^D (use Control-d to quit the adb rogram) Ask the vendor or author of this program for a debugged version. A process has received a signal indicating that it attempted to access an area of memory that is protected or that does not exist. The two most common causes of segmentation faults are attempting to dereference a null pointer or indexing past the bounds of an array. sendmail[N]: NOQUEUE: SYSERR: net hang reading from variable ============================================================ This is a sendmail message that appears on the console and in the log file /var/adm/messages. If this message occurs once for a particular user, it is possible that a mail message from this user ends with a partial line (having no terminating newline character). If this message appears frequently or at busy times, especially along with other networking errors, it could indicate network problems. Check the user's mail spool file to see if a message ends without a newline character. If so, talk with the user and determine how to prevent the problem from occurring again. If these messages are the result of network problems, you could try moving the mail spool directory to another machine with a faster network interface. During the SMTP receipt of DATA phase, a message-terminating period on a line of its own never arrived, so sendmail timed out and produced this error. setmnt: Cannot open /etc/mnttab for writing =========================================== The system is having problems writing to /etc/mnttab. It is possible that the filesystem containing /etc is mounted read- only, or is not mounted at all. Check that this file exists and is writable by root. If so, ensure that the /etc filesystem has been mounted, and is mounted read-write rather than read-only. share_nfs: /home: Operation not applicable ========================================== This message usually indicates that the system has a local filesystem mounted on /home, which is where the automounter usually mounts users' home directories. When a systemis running the automounter, do not mount local filesystems on the /home directory. Mount them on another directory, such as /disk2, which on most systems you will have to create.You could also change the automounter auto_home entry, but that is a more difficult solution. Soft error rate (N%) during writing was too high ================================================ This message from the SCSI tape drive appears when Exabyteor DAT tapes generate too many soft (recoverable) errors. It is followed bythe advisory "Please, replace tape cartridge" message. Soft errors are an indication that hard errors could soon occur, causing data corruption. First clean the tape head witha cleaning tape as recommended by the manufacturer. If that doesn't work, replace the tape cartridge. You might need to replace the tape drive if the problem still occurs with new tape cartridges. Soft error rate (retries = N) during writing was too high ========================================================= This message from the SCSI tape drive appears when Archive tapes generate too many soft (recoverable) errors. It is followed by the advisory "Periodic head cleaning required and/or replace tape cartridge" message. Soft errors are an indication that hard errors couldsoon occur, causing data corruption. First clean the tape head with a cleaning tape as recommended by the manufacturer. If that doesn't work, replace the tape cartridge. Youmight need to replace the tape drive if the problem still occurs with new tape cartridges. Stale NFS file handle ===================== A file or directory that was opened by an NFS client was either removed or replaced on the server. If you were editing this file, write it to a local filesystem instead. Try remounting the filesystem on top of itself or shutting down any client processes that refer to stale file handles. If neither of these solutions works, reboot the system. The original vnode isno longer valid. The only way to get rid of this error is to force the NFS server and client to renegotiate file handles. The symbolic name for this error is ESTALE, errno=151. statd: cannot talk to statd at variable ======================================= This message comes from the NFS status monitor daemon statd, which provides crash recovery services for the NFS lock daemon lockd. The message indicates that statd has left old references in the /var/statmon/sm and /var/statmon/sm.bak directories. After a user has removed or modified a host in the hosts database, statd might not properly purge files in these directories, which results in its trying to communicate with a nonexistent host. Remove the file named variable (where variable is the hostname) from both the /var/statmon/sm and /var/statmon/sm.bak directories. Then kill the statd daemon and restart it. If that doesn't get rid of the message, kill and restart lockd as well. If that doesn't work, reboot the machine at your convenience. stty: TCGETS: Operation not supported on socket =============================================== This message results when a user tries to remote copy with rcp(1) or remote shell with rsh(1) from one machine to another, but has an stty(1) command in the remote The solution is to move the stty command to the user's .login (or equivalent) file. Alternatively, execute the stty command in .cshrc only when the shell is interactive. Here is a test to do just that: if ($?prompt) stty ... The rcp andrsh commands make a connection using sockets, which do not support stty's TCGETS ioctl. su: No shell ============ This message indicates that someone changed the default login shell for root to a program missing from the system. For example, the final colon-separated field in /etc/passwd could have been changed from /sbin/sh to/usr/bin/bash, which does not exist in that location. Possibly an extra space was appended at the end of line. The outcome is that you cannot login as root or switch user to root, and so cannot directly fix this problem. The only solution is to rebootthe system from another source, then edit the password file to correct this problem. Invoke sync(1M) several times, then halt the machine by typing Stop-A or by pressing the reset button. Reboot single-user from CDROM, the net, or diskette, such as by typing boot cdrom -s at the ok prompt. After the system comes up and gives you a # prompt, mount the device corresponding to the original / partition somewhere, such as with a mount(1M) command similar to the one below. Then run an editor on the newly-mounted system password file (use ed(1) if terminal support is lacking): # mount /dev/dsk/c0t3d0s0 /mnt # ed /mnt/etc/passwd Use the editor to change the password file's root entry to call an existing shell, such as /usr/bin/csh or /usr/bin/ksh. To keep the "No shell" problem from happening, habitually use admintool or /usr/ucb/vipw to edit the password file. These tools make it difficult to change password entries in ways that make the system unusable. su: 'su root' failed for variable on /dev/pts/N =============================================== The user specified after "for" tried to become superuser, but typed the wrong password. If the user is supposed to know the root password, wait to see if the correct password is supplied. If the user is not supposed to know the root password, ask why he or she is attempting to become superuser. su: 'su root' succeeded for variable on /dev/pts/N ================================================== The user specified after "for" just became superuser by typing the root password. If the user is supposed to know the root password, this message is purely informational. If the user is not supposed to know the root password, change this password immediately and ask how the user learned it. syncing file systems... ======================= This indicates that the kernel is updating the super-blocks before taking the system down, to ensure filesystem integrity. This message appears after a halt(1M) or reboot (1M) command. It can also appear after a system panic, in which case the system might contain corrupted data. If you just halted or rebooted the machine, don't worry-- this message is normal. In case of a system panic, look up the panic messages that appear above this one. Your system vendor might be able to help diagnose the problem. So that you can describe the panic to the vendor, either leave your system in its panicked state or be sure that you can reproduce the problem. Numbers that sometimes display after the three dots in the message show the count of dirty pages that are being written out. Numbers in brackets show an estimate of the number of busy buffers in the system. syslog service starting. ======================== During system reboot, this message might appear and theboot seems to hang. After starting syslogd(1M) service, the system runs /etc/rc2.d/S75cron, which in turn calls ps(1). Sometimes after an abrupt system crash /dev/bd.off becomes a link to nowhere, causing the ps command to hang indefinitely. Reboot single user (for example with boot -s) and run ls -l /dev/bd* to see if this is the problem. If so, remove /dev/bd.off, then run bdconfig off or reboot with the -r (reconfigure) option. This is the most commonly reported situation that causes ps to hang. tar: /dev/rmt/0: No such file or directory ========================================== The default tape device /dev/rmt/0, or possibly the device specified by the TAPE environment variable, is not currently connected to the system, is not configured, or its hardware symbolic link is broken. List the files in the /dev/rmt directory to see which tape devices are currently configured. If none are configured, ensure that a tape device is correctly attached to the system, and reboot with the -r option to reconfigure devices. If tape devices other than /dev/rmt/0 are configured, you could specify one of them after the -f option of tar(1). tar: directory checksum error ============================= This error message from tar(1) indicates that the checksum of the directory and the files it has read from tape does not match the checksum advertised in the header block. Usually this indicates the wrong blocking factor, although it could indicate corrupt data on tape. To resolve this problem, make certain that the blocking factor you specify on the command line (after -b) matches the blocking factor originally specified. If in doubt, leave out the block size and let tar determine it automatically. If that doesn't help, tape data could be corrupted. tar: tape write error ===================== A physical write error has occurred on the tar(1) output file, which is usually a tape, although it could be a diskette or disk file. Look on the system console, where the device driver should provide the actual error condition. This might be a write- protected tape, a physical I/O error, an end-of-tape condition, or a File too large limitation. In the case of write-protectedtapes, enable the write switch. For physical I/O errors, the best course of action is to replace the tape with a new one. For end-of-tape conditions, try using a higher density if the device supports one, or use cpio(1) or pax (1) for their multi-volume support., When encountering File too large limitations, use the parent shell'slimit(1) or ulimit facility to increase the maximum file size. For more information on tar tapes, see the section on copying UFS files in the System Administration Guide,Volume I. Text is lost because the maximum edit log size has been exceeded. ================================================================= This message appears at the beginning of a cmdtool(1) session after 100,000 characters have gone by in the scrolling window. Clicking on the top rectangle of the scrollbar might display this message. No data were lost, but the user cannot scroll back before this wraparound point. To increase the maximum size of the Command Tool log file, use cmdtool with the-M option, specifying more than 100,000 bytes. THE FOLLOWING FILE SYSTEM(S) HAD AN UNEXPECTED INCONSISTENCY: ============================================================ At boot time the /etc/rcS script runs the fsck(1M) command to check the integrity of filesystems marked "fsck" in /etc/vfstab. If fsck cannot repair a filesystem automatically, it interrupts the boot procedure and produces this message. When fsck gets into this state, it cannot repair filesystems without losing one or more files, so it wants to defer this responsibility to you, the administrator. Data corruption has probably already occurred. First run fsck -n on the filesystem, to see how many and what type of problems exist. Then run fsck again to repair the filesystem. If you have a backup of the filesystem, you can generally answer "y" to all the fsck questions. It's a good idea to keep a record of all problematic files and inode numbers for later reference. To run fsck yourself, specify options as recommended by the boot script. For example: # fsck /dev/rdsk/c0t4d0s0 Usually, files lost during fsck repair were created just before a crash or power outage, and cannot be recovered. If important files are lost, you can recover them from backup tapes. If you don't havea backup, ask an expert to run fsck for you. For more information, see the sectionon checking filesystem integrity in the System Administration Guide, Volume I. The SCSI bus is hung. Perhaps an external device is turned off. =============================================================== This message appears near the beginning of rebooting, immediately after a "Boot device: ..." message, and then the system hangs. The problem is conflicting SCSI targets for a non-boot device. Having an external device turned off is unlikely to cause this problem. See the message "Boot device: /iommu/sbus/variable/variable/sd@3,0" for a solution. For more information, see the section on halting and booting in the System Administration Guide, Volume I. THE SYSTEM IS BEING SHUT DOWN NOW !!! ===================================== This message means the system is going down immediately and it's too late to save any changes. This message is often preceded by messages telling you that the system is going down in 15 minutes, 10 minutes, and so on. When you see these initial broadcast shutdown messages, save all your work, send any e-mail you're working on, and close your files. Fortunately vi sessions are automatically saved for later recovery, but many otherapplications have no crash protection mechanism. Data loss is likely. For more information on shutting down the system, see the System Administration Guide, Volume I. If you are using the AnswerBook, "halting the system" is a good search string. The system will be shut down in N minutes ========================================= Thismessage from the system shutdown(1M) script informs you that the superuser is taking down the system. Save all changes now or your work will be lost. Write out any files you were changing, send any e-mail messages you were composing, and close your files. For more information on shutting down the system, see the System Administration Guide, Volume I. If you are using the AnswerBook, "halting the system" is a good search string. This mail file has been changed by another mail reader. ======================================================= This message appears in a pop-up dialog box whenever you start mailtool(1) while another mail reader has the inbox locked. A question follows: "Do you wish to ask that mail reader to save the changes?" You are given three choices. If you choose "Save Changes" mailtool will request the other mail reader to relinquish its lock and write out any changes it has made to your inbox. If you choose "Ignore" mailtool will read your inbox without locking it. If you choose "Cancel" mailtool will exit. Timeout waiting for ARP/RARP packet =================================== This problem can occur while booting from the net, and indicates a network connection problem. Make sure the Ethernet cable is connected to the network. Check that this system has an entry in the NIS ethers map or locally on the boot server. Then check the IP address of the server and the client to make sure they are on the same subnet. Local /etc/hosts files must agree with each other and withthe NIS hosts map. If those are not causing the problem, go to the system's PROM monitor ok prompt and run test net to test the network connection. (On older PROM monitors, use test-net instead.) If the network test fails, check the Ethernet port, card, fuse, and cable, replacing them if necessary. Also check the twisted pair port to make sure it is patched to the correct subnet. For more information on packets, see SPARC: Installing Solaris Software. If you are using the AnswerBook, "ARP/RARP" isa good search string. Too many links ============== An attempt was made to create more than the maximum number of hard links (LINK_MAX, by default 32767) to a file. Because each subdirectory is a link to its parent directory, the same error results from trying to create too many subdirectories. Check to see why there are so many links to the same file. To get more than the maximum number of hard links, use symbolic links instead. The symbolic name for this error is EMLINK, errno=31. Too many open files =================== A process has too many files open at once. The system imposes a per-process soft limit on open files, OPEN_MAX (usually 64), which can be increased, and a per-process hard limit (usually 1024), which cannot be increased. You can control the soft limit from the shell. In the C shell, use the limit command to increase the number of descriptors. In the Bourne or Korn shells, use the ulimit command with the -n option to increase the number of file descriptors. If the window system refuses to start new applications because of this error, increase the open file limit in your login shell before starting the window system. The symbolic name for this error is EMFILE, errno=24. umount: warning: /variable not in mnttab ======================================== This message results when the superuser attempts to unmount a filesystem that is not mounted. Note that subdirectories of filesystems,such as /var, cannot be unmounted. Run the mount(1M) or df(1M) command to see what filesystems are mounted. If you really want to unmount one of them, specify the existing mount point. Unable to install/attach driver 'variable' ========================================== These messages appear in /var/adm/messages at boot time, when the system tries to load drivers for devices the machine does not have. Despite the alarmist tone, this message is intended as purely informational. You probably don't want all these device drivers, because they make your system kernel larger, requiring more memory. undefined control ================= This message, prefaced by the file name and line number involved, is from the C preprocessor /usr/ccs/lib/cpp, and indicates a line starting with a sharp (#) but not followed by a valid keyword such as define or include. A piece of software might be running the C preprocessor on an initialization file that you thought was interpreted by a shell. In most shells, the sharp (#) indicates a comment. The C preprocessor considers comments to be anythingbetween /* and */ delimiters. Unmatched ` =========== This message from the C shell csh(1) indicates that a user typed a command containing a backquote symbol (`) without a closeing backquote. Similar messages result from an unmatched single quote (') or an unmatched double quote ("). Other shells generally give a continuation prompt when a command line contains an unmatched quote symbol. Correct the command line and try again. To continue typing on another line, give the C shell a backslash right before the newline. UNREF FILE I=i OWNER=o MODE=m SIZE=s MTIME=t ============================================= CLEAR? ====== During phase 4, fsck(1M) discovered that the specified file was orphaned because the inode had no record of its pathname. In other words, the file was not connected into any directory. Answer yes to reconnect the file into the lost+found directory. Then contact the file's owner to ask whether they want it back, and where they want you to place it. For more information, see the chapter on checking filesystem integrity in the System Administration Guide, Volume I. Use "logout" to logout. ======================= This C shell message might come as a surprise to Bourne or Korn shell users accustomed to logging out with a Control-d. When ignoreeof is set, the C shell requires users to logout by typing logout or exit. Write any modified files to disk before exiting. /usr/openwin/bin/xinit: connection to X server lost =================================================== This means that the xinit(1) program, which sets up X11 resources and starts a window manager, failed to locate the X server process. Perhaps the user interrupted window system startup, or exited abnormally from OpenWindows (for example, by killing processes or by rebooting). It is possible that the X server crashed. Data loss is possible in some cases. Depending on process timing, this message might be normal when OpenWindows exits during a system reboot. The only solution is to exit and restart OpenWindows. You do not need to reboot the system unless it hangs and fails to give you a console prompt. To exit OpenWindows, select Workspace->Exit. To restart OpenWindows, type openwin at the system prompt. Value too large for defined data type ===================================== The user ID or group ID of an IPC object or file system object was too large to be stored in an appropriate member of the caller-provided structure. Run the application on a newer system, or ask the program's author to fix this condition. This error occurs only on systems that support a larger range of user or group ID values than a declared member structure can support. This condition usually occurs because the IPC or file system object resides on a remote machine with a larger value of type uid_t, off_t, or gid_t than that of the local system. The symbolic name for this error is EOVERFLOW, errno=79. WARNING: Clock gained N days-- CHECK AND RESET THE DATE! ======================================================== Each workstation contains an internal clock powered by a rechargeable battery. After the system is halted and turned off, the internal clock continues to keep time. When the system is powered on and reboots, the system notices that the internal clock has gained time since the workstation was halted. In most cases, especially if the power has been off for less than a month, the internal clock keeps the correct time, and you do not have to reset the date. Use the date(1) command to check the date andtime on your system. If the date or time is wrong, become superuser and use the date(1) command to reset them. WARNING: No network locking on variable: contact adminto install server change =============================================================================== The Solaris 2.x mount(1M) command issues this message whenever it mounts a filesystem that doesn't have NFS locking, such as a standard SunOS 4.1.x exported filesytem. Data loss is possible in applications that depend on locking. On the remote SunOS 4.1.x system, install the appropriate rpc.lockd jumbo patch to implement NFS locking. For SunOS 4.1.4, install patch #102264; for SunOS 4.1.3, install patch #100075; for earlier 4.1 releases, install patch #101817. WARNING: processorlevel 4 interrupt not serviced ================================================= This message is basically a diagnostic from the SCSI driver. Especially on machineswith the sun4c architecture, it can appear on the console every 10 minutes or so. To reduce the frequency of this message, add this line near the bottom of the /etc/system file and reboot: set esp:esp_use_poll_loop=0 You might also see this message repeatedly after manually removing a CD when it was busy. Don't do this! To get the system back to normal, reboot the system with the -r (reconfigure) option. WARNING: /tmp: File system full, swap space limit exceeded ========================================================== The system swap area (virtual memory) has filled up. You needto reduce swap space consumption by killing some processes or possibly by rebooting the system. See the message "Not enough space" for information about increasingswap space. WARNING: TOD clock not initialized-- CHECK AND RESET THE DATE! ========================================================-===== This message indicates that the Time Of Day (TOD) clock reads zero, so its time is the beginning of the UNIX epoch: midnight 31 December 1969. On a brand-new system, the manufacturer might have neglected to initialize the system clock. On older systems it is more likely that the rechargeable battery has run out and requires replacement. First replace the batteryaccording to the manufacturer's instructions. Then become superuser and use the date(1) command to set the time and date. On SPARC systems the clock is powered by the same battery as the NVRAM, so a dead battery also causes loss of the machine's Ethernet address and host ID, which are more serious problems for networked systems. WARNING:Unable to repair the / filesystem. Run fsck ==================================================== This message comes at boot time from the /etc/rcS script whenever it gets a bad return code from fsck(1) after checking a filesystem. The message recommends an fsck command line, and instructs you to exit the shell when done to continue booting. Then the script places the system in single-user mode so fsck can be run effectively. See "/dev/rdsk/variable: UNEXPECTED INCONSISTENCY" for information about repairing UFS filesystems. See "THE FOLLOWING FILE SYSTEM(S) HAD AN UNEXPECTED INCONSISTENCY" for information about repairing non-UFS filesystems. Watchdog Reset ============== This fatal error usually indicates some kind of hardware problem. Data corruption on the system is possible. Look for some other message that might help diagnose the problem. By itself, a watchdog reset doesn't provide enough information; because traps are disabled, all information has been lost. If all that appears on the console is an ok prompt, issue the PROM command below to view the final messages that occurred just before system failure: ok f8002010 wector p Yes, that word iswector, not vector. The result is a display of messages similar to those produced by the dmesg(1M) command. These messages can be useful in finding the cause of system failure. This message doesn't come from the kernel, but from the OpenBoot PROM monitor, a piece of Forth software that gives you the ok prompt before you boot UNIX. If the CPU detects a trap when traps are disabled (an unrecoverable error), it signals a watchdog. The OpenBoot PROM monitor detects the watchdog, issues this message, and brings down the system. Watchdog Reset, Rebooting. ========================== See the message "Watchdog Reset" for details. This rebooting message occurs under the same conditions, but when the EEPROM's watchdog-reboot? variable is set to true, causing the machine to automatically reboot itself. Data corruption on the system is possible. Who are you? ============ Many networking programs can print this message, including from(1B), lpr(1B), lprm(1B), mailx(1), rdist(1), sendmail(1M), talk(1), and rsh(1). The command prints this message when it cannot locate a password file entry for the current user. This might occur if a user logged in just before the superuser deleted that user's password entry, or if the network naming service fails for a user who has no entry in the local password file. If a user's password file entry was accidentally deleted, restore it from backups or from another password file. If a user's login name or user ID was changed, ask that user to logout and login again. If the network naming service failed, check the NIS server(s) and repair or reboot as necessary. There is a known problem (bug 1138025) with starting hundreds of rsh processes on another machine. This message appears because rsh hangs while binding to a reserved port, and responds too slowly to interact with the network naming service. Window Underflow ================ This message often occurs at boot time, sometimes along with a "Watchdog Reset" error. It comes from the OpenBoot PROM monitor, which was passed a processor trap from the hardware. This error indicates that some programtried to access a SPARC register window that wasn't accessible from the processor. On some system architectures, specifically sun4c, the problem could be that different capacity memory chips are mixed together. Someone might have placed 1MB SIMMs in the same bank with 4MB SIMMs. If this is so, rearrange the memory chips. Make sure to put higher-capacity SIMMs in the first bank(s), and lower- capacity SIMMs inthe remaining bank(s); never mix different capacity SIMMs in the same bank. The problem could also be that cache memory on the motherboard has gone bad and needs replacement. If main memory is installed correctly, try swapping the motherboard. The best way to isolate the problem is to look at the %pc register to see where it got its arguments from, and why the arguments were bad. If you can reproduce the condition causing this message, your system vendor might be able to help diagnose the problem. X connection to variable:0.0 broken (explicit kill or server shutdown). ======================================================================= This means that the client has lost its connection to the X server. The "0.0" represents the display device, which is usually the console. This message can appear when a user is running an X application on a remote system with the DISPLAY set back to the original system and the remote system's X server disappears, perhaps because someone exited X windows orrebooted the machine. It sometimes appears locally when a user exits the window system. Dataloss is possible if applications were killed before saving files. Try to run the application again in a few minutes after the system has rebooted and the window system is running. xinit: not found ================ OpenWindows was probably not installed properly, and the openwin(1) program could not find xinit(1) to start up the X windows system. If the user is running another version of X windows, such as the MIT X11 distribution, the startx program serves the same function as xinit. Check the PATH environment variable to make sure it contains the appropriate X windows install directory. Verify that xinit is in this directory as an executable program. XIO: fatal IO error 32 (Broken pipe) on X server "variable:0.0" =============================================================== This means that I/O with the X server has been broken. The "0.0" represents the display device, which is usually the console. This message can appear when a user is running Display PostScript applications and the X server disappears or the client is shut down. Data loss is possible if applications disappeared before saving files. Try to run the application again in a few minutes after the system has rebooted and the window system is running. Xlib: Client is not authorized to connect to Server =================================================== See the message "Xlib: connection to ... refused by server" for details. Xlib: connection to "variable:0.0" refused by server ==================================================== This message is immediately followed by the "Xlib: Client is not authorized to connect to Server" message. These messages indicate that an X windows application tried to run on the X server specified inside double quotes, which did not allow the request. The "0.0" represents the display device, which is usually the console. If no server name appears, the superuser probably tried to run an X application on the current machine in an X session that was owned by somebody else. To allow this client to connect to the X server, run xhost +clientname on the X server system. Only the owner of the current X session (who is not necessarily the superuser) isallowed to run the xhost command. If somebody else is running X windows on the server, ask them to log out and then start your own X session on that server; remote X connections are usually allowed for the same user ID. xterm: fatal IO error 32 (Broken Pipe) or KillClient on X server variable:0.0" ============= This means that xterm(1) has lost its connection to the X server. The "0.0" represents the display device, which is usually the console. This message can appear when a user is running xterm and the X server disappears or the client gets shut down. Data loss is possible if applications were killed before saving files. Try to run the terminal emulator again in a few minutes after the system has rebooted and the window system is running. XView warning: Cannot load font set 'variable' (Font Package) ============================================================= This message from the XView library warns that a requested font is not installed on the X server. Often multiple warnings appear about the same font. The set of available fonts can vary from release to release. To see which fonts are available on the X server, run the xlsfonts(1) program. Then specify another font name that you see in the output of xlsfonts. Sometimes it is possible to locate a similar font from a different vendor. There are two packages of X windowsfonts: the common but not required fonts (SUNWxwcft), and the optional fonts (SUNWxwoft). Run pkginfo(1) to see if both these packages are installed, and add them to the system as you wish. ypbind[N]: NIS server for domain "variable" OK ============================================== This message appears after an "NIS server not responding" message to indicate that ypbind(1M is able to communicate with an NIS server again. Proceed with your work. This message is purely informational. ypbind[N]: NIS server not responding for domain "variable"; still trying ======================================================================== This means that the NIS client daemon ypbind(1M) cannot communicate with an NIS server for the specified domain. This message appears when a workstation running the NIS naming service has become disconnected from the network, or when NIS servers are down or extremely slow to respond. If other NIS clients are behaving normally, check the Ethernet cabling on the workstation that is getting this message. On SPARC machines, disconnected network cabling also produces a series of "no carrier" messages. On x86 machines, the above message might be your only indication that network cabling is disconnected. If many NIS clients on the network are giving this message, go to the NIS server in question and reboot or repair as necessary. To locate the NIS server for a domain, run the ypwhich(1) command. When the server machine comes back in operation, NIS clients give an "NIS server for domain OK" message. For more information about ypbind, see the section on administering secure NFS in the NFS Administration Guide. ypwhich: can't communicate with ypbind ====================================== This message from the ypwhich(1) command indicates that the NIS binder process ypbind(1M) is not running on the local machine. If the system is not configured to use NIS, this message is normal and expected. Configure the system to use NIS if necessary. If the system is configured to use NIS, but the ypbind process is not running, invoke the following command to start it up: # /usr/lib/netsvc/yp/ypbind -broadcast zsN: silo overflow ================== This message means that the Zilog 8530 character input silo (or serial portFIFO) overflowed before it could be serviced. The zs(4S) driver, which talks to a Zilog Z8530 chip, is reporting that the FIFO (holding about two characters) has been overrun. The number after zs shows which serial port experienced an overflow: zs0 - tty serial port 0 (/dev/ttya) zs1 - tty serial port 1 (/dev/ttyb) zs2 - keyboard port (/dev/kbd) zs3 - mouse port (/dev/mouse) Silo overflows indicate that data in the respective serial port FIFO has been lost. However, consequences of silo overflows might be negligible if the overflows occur infrequently, if data loss is not catastrophic, or if data can be recovered or reproduced. For example, although a silo overflow on the mouse driver (zs3) indicates that the system could not process mouse events quickly enough, the user can perform mouse motions again. Similarly, lost data from a silo overflow on a serial port with a modem connection transferring data using uucp(1C) will be recovered when uucp discovers the loss of data and requests retransmission of the corrupted packet. Frequent silo overflow messages can indicate a zs hardware FIFO problem, a serial driver software problem, or abnormal data or system activity. For example, the system ignores interrupts during system panics, so mouse and keyboard activity result in silo overflows. If the serial ports experiencing silo overflows are not being used, a silo overflow could indicate the onset of a hardware problem. Another type of silo overflow is one that occurs during reboot when an HDLC line is connected to any of the terminal ports. For example, an X.25 network could be sending frames before the kernel has been told to expect them. Such overflow messages can be ignored.
84 베리타스 볼륨매니저 관리용 GUI tool secret
조인상
2 2010-08-17
조회할 수 있는 권한이 없습니다.
83 CDE (Common Desktop Environment)에 대해서
조인상
11541 2010-08-17
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 출처 : http://www.ntech.in/v2/bbs/board.php?bo_table=2_solaris&wr_id=306 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 한글 LANG 변수와 솔라리스 한글 설정. ▣ Shell : 쉽게 표현하면 도스의 command.com이 하는 역할처럼 login 이후부터 사용자가 입력하는 명령어를 기계어로 변역하여 커널에 전달하는 역할을 하는 명령해석기를 말합니다. - csh : 버클리 캘리포니아 대학에서 개발된 프로그래머들에게 적합한 shell입니다. 대화형 사용법에서는 Bourne shell과 대부분 호환되지만 전혀 다른 프로그래밍 인터페이스를 가지고 있고, 히스토리 대체라는 복잡한 기능으로 대신하고 있지만 명령행 편집 기능은 제공 하지 않습니다. - ksh : 일반적으로 유닉스에서 가장 많이 사용되고 있는 shell이며 Bourne shell에 처음으로 현대적 인 shell 기능(C shell로부터 차용한 것이다.)을 도입한 shell 입니다. Bourne shell과 호환 되고, 명령행 편집 기능을 제공합니다. - bash : Bourne again shell은 최초로 개발된 쉘인 Bourne shell의 변종이라 할 수 있습니다.리눅스에서 가장 많이 사용되는 쉘이며, POSIX 호환이며 Borune shell과 호환되는 쉘로서 GNU 프로젝트에 의해 만들어지고 배포되고 있습니다. 명령행 편집 기능을 제공합니다. * 참고 - 사용하는 시스템에서 사용가능한 shell의 종류를 알아보려면 /etc/shells라는 파일을 보시면 됩니다. 이 파일에는 서버에서 지원되는 shell의 종류가 들어있습니다. ▣ locale - 어떤 프로그램의 메시지가 여러가지 언어로 주어져 있는 경우 이중에 어떤 언어의 것을 출력할 것인가를 사용자가 결정할 수 있게 해주는 수단. ▣ 현재 설정 되어 있는 언어 값 확인. (file>root)/etc# locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= (file>root)/etc# ▣ 사용 가능한 언어 확인. (file>solo)/etc/rc2.d% locale -a POSIX common en_US.UTF-8 C iso_8859_1 ko ko_KR.EUC ko.UTF-8 korean (file>solo)/etc/rc2.d% ▣ 현재 설정 된 언어 변경. C (영어) ----> ko ( 한글) (file>root)/# locale LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL= (file>root)/# (file>root)/# setenv LANG ko (file>root)/# locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= (file>root)/# ######### locale 설정이 영어일 경우 ########### (file>root)/# setenv LANG C (file>root)/# sdf sdf: Command not found (file>root)/# ######### locale 설정이 한글일 경우 ########### (file>root)/# sdfsda sdfsda: 명령어가 없음 (file>root)/# ▣ shell 따른 설정 방법 - bash (file>root)/# bash bash-2.03# locale LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL= bash-2.03# LANG=ko bash-2.03# export LANG bash-2.03# locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= bash-2.03# - kcs ( korn ) # locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= # LANG=C # export LANG # sdf ksh: sdf: not found # locale LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL= # - csh (file>root)/# locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= (file>root)/# setenv LANG C (file>root)/# locale LANG=C LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL= (file>root)/# ▣ 언어설정....파일 (file>root)/# (file>root)/# cd /etc (file>root)/etc# cd default (file>root)/etc/default# vi init # @(#)init.dfl 1.5 99/05/26 # # This file is /etc/default/init. /etc/TIMEZONE is a symlink to this file. # This file looks like a shell script-x, but it is not. To maintain # compatibility with old versions of /etc/TIMEZONE, some shell constructs # (i.e., export commands) are allowed in this file, but are ignored. # # Lines of this file should be of the form VAR=value, where VAR is one of # TZ, LANG, CMASK, or any of the LC_* environment variables. # TZ=ROK CMASK=022 LANG=ko ----> 영구적인 설정. ( C ) - 터미널 상태에서 언어 변경을 하면 현재 상태에서만 적용이 되고 터미널 종료를 하거나 시스템 재부팅이 있을 경우 언어 설정 값은 현재 /etc/default/init 에 설정 되어 있는 언어로 설정이 되거나 shell 설정 값에 따라 언어 값이 변경이 됩니다. ▣ Solaris 2.6에서 부팅을 하고 CDE 로그인....... Solaris 2.6에서 부팅을 하고 CDE 로그인 화면에서 한글을 선택하면 한글이 모두 깨져서 나옵니다. 한글 비스무리한 것 모두 해 봤는데, 모두 깨지네요. 깨진 한글 로그인 화면 무시하고 그냥 로그인을 하면 글짜가 몽땅 다 깨져 나옵니다. 왜 그럴까요? 아시분이 있으시면 알려주세요. OS : solaris 2.6 Application : oracle, netscape web server solaris Site Admin -------------------------------------------------------------------------------- 일단 로그인 하셔서 다음 명령어를 확인하세요. $ locale LANG=ko LC_CTYPE="ko" LC_NUMERIC="ko" LC_TIME="ko" LC_COLLATE="ko" LC_MONETARY="ko" LC_MESSAGES="ko" LC_ALL= 이 값이 ko로 설정되어 있는지 확인하시고, 그렇지 않다면 root로 로그인 후 /etc/default/init 파일에 LANG=ko 로 설정 합니다. 그리고 재부팅 ... 만약 locale 명령어 수행이 올바르게 설정되어 있다면, 로긴한 사용자의 홈디렉토리의 다음파일 로그를 찾아 확인해 보시기 바랍니다. $HOME/.dt/startlog $HOME/.dt/errorlog [참고] http://blog.naver.com/lemonaroma98?Redirect=Log&logNo=60022074975 문서파일로 저장하기 파일로 저장하기 버튼을 누른 후 잠시만 기다려주세요. 이 기능은 베타 서비스 중입니다. 변환 후 배경음악등 일부 내용은 정상적으로 표시되지 않을 수 있습니다. 문서파일로 저장하기 메뉴 도움말 Solaris CDE (Common Desktop Environment) OS랑 Network이랑 2006/05/11 13:58 http://blog.naver.com/chizeta/100024234939 이 포스트를 보낸곳 () SUBJECT : CDE (Common Desktop Environment) CONTENTS: 0. Introduction 1. CDE 장점 2. CDE Installation/Requirements 3. CDE 특징 4. DESKTOP 사용설명 5. CDE ADMIN DESCRIPT-xION: 0. Introduction - Common Desktop Environment(CDE)는 COSE(Common Open Software Environment) 로 부터 야기된다. COSE는 UNIX를 위한 공통의 interface를 만들기위해 주요 UNIX vendor들에 의해 1993년에 형성되었다. COSE vendor들을 보면 Sun, IBM, Novell, HP들로 구성됨. - CDE는 현존의 환경을 근간으로 이기종 네트워크상에서 application을 개발키 위해 하나의 새로운 표준을 제공한다. 각 vendor들에 의해 개발된 최고의 기술력들이 CDE 작업에 적용되어오고 있고, Motif와 X11R5와 같은 현존하는 기술들이 또한 CDE 구조의 핵심이 되고 있다. - Solaris CDE는 UNIX환경상에서 일치된 look-and-feel를 제공하는 사용하기 쉬운 interface이다. SunSoft가 CDE 작업에 기여한 점을 보면 다음과 같다. . OpenWindows DeskSet 유틸리티에서의 ToolTalk 메시지 protocol, DevGuide development tool . Mail, calendar tools - OpenWindow 환경에 익숙한 사람을 위해 color palette, pop-up Workspace 메뉴를 쉽게 사용할 수 있다, 또한 별도의 수정없이도 OpenWindow application들을 CDE상에서 drag-and-drop으로 자유롭게 수행할 수 있게 하였다. - 개발자들을 위해 OpenWindow와 Motif application들을 CDE로 변화시키는 작업을 간단히 하기 위해 file conversion 유틸리티들을 제공해준다. 1. CDE 장점 - Broad industry acceptance - Transparent Access to Network Resources - Extensive online help system - Rich set of productivity tool - Multiple workspace - Designed for enterprise computing - Standards Based - Usability - Open Systems Based 2. CDE Installation/Requirement 0) Requirements (CDE Releaes 1.0.2 기준하에서) - DISK . End-User Package ==> 41.1MB (desktop, application, online help, online documentation 포함) . End-User plus Developer Package ==> 68.0 MB (library, sample source file, demo program, application builder tool 포함) . AnswerBook ==> 111.3 MB - MEMORY 32MB이상 요구됨 1) Installation mymy# ./install-cde +----------------------------------------------------------------------+ | Solaris Common Desktop Environment | | Installation Script-x | | Main Menu | +----------------------------------------------------------------------| | 1. Begin Installation (With Default Configuration Settings) | | 2. Modiry Oonfiguration Settings | | 3. Cancel Installation | | DEFAULT CONFIGURATION SETTINGS | | Installation Location: [ /usr/dt ] | | End User CDE Packages: [ YES ] | | Developer CDE Packages: [ YES ] | | Answerbook CDE package: [ NO ] | | Interactive Installation: [ NO ] | | Solaris Desktop Login | | at System Boot: [ YES ] | | Installation Locale: [ EN ] | +----------------------------------------------------------------------| | SELECT A NUMBER [2] | +----------------------------------------------------------------------+ 2 => 2번을 선택하면 다음과 같은 서브메뉴가 나옴 +---------------------------------------------------------------------+ | Solaris Common Desktop Environment | | Installation Script-x | | Configuration Menu | +---------------------------------------------------------------------+ | CURRENT CONFIGURATION SETTINGS | | | | 1. Installation Location: [ /usr/dt ] | | 2. End User CDE Packages: [ YES ] | | 3. Developer CDE Packages: [ YES ] | | 4. Answerbook CDE Package: [ NO ] | | 5. Interactive Installation: [ NO ] | | 6. Solaris Desktop Login | | at System Boot: [ YES ] | | 7. Installation Locale: [ EN ] | | 8. Reset to Defaults | | | | 0. Return to Main Menu | +---------------------------------------------------------------------+ | SELECT A NUMBER [0] | +---------------------------------------------------------------------+ 2) To Mount an Installed CDE - CDE가 install된 시스템의 해당 디렉토리 (예:/usr/dt)를 export한후 CDE를 mount하고자 하는 시스템에서 /usr/dt를 mount함 [mymy]# /usr/dt/bin/dtconfig -inetd done Next system boot, following will be run from /usr/dt/bin rpc.ttdbserverd (ToolTalk) rpc.cmsd (Calendar Manager) dtspcd (Subprocess Control) ==> /etc/inetd.conf화일을 update함 [mymy]# /usr/dt/bin/dtconfig -e ==> desktop auto-start를 enable시킴 [mymy]# reboot 3) To Unmount a Mounted CDE Directory [mymy]# /usr/dt/bin/dtconfig -d [mymy]# /usr/dt/bin/dtconfig -inetd.ow [mymy]# umount /usr/dt [mymy]# reboot 3. CDE 특징 1) CDE 환경 - Login Manager : 데스크탑에 로그인하기 위한 창으로서 시스템이 재부팅 되었을때 자동적으로 사용가능하게 됨 - Session Manager : 로그인시 데스크탑에서 응용프로그램을 실행하는 서비스로서 로그아웃시 그 환경을 기억함 - Window Manager : CDE 응용프로그램 window들을 제어하는 서비스로서, CDE 응용프로그램의 시작을 위한 Front Panel을 제공함 2) Desktop Tools - Front Panel에서 다음과 같은 desktop tool들을 실행할 수 있다. . File Manager . Calendar . Mailer . Text Editor . Application Manager : 시스템에서 사용가능한 응용프로그램과 다른 tool들을 위한 보관소 . Style Manager : 색상,배경, font size와 같은 데스크탑의 모양을 사용자가 저장하기 위한 도구 . Terminal . Icon Editor . Image Viewer : 여러장의 문서뿐만 아니라 PostScrip화일과 같은 흑백과 컬러 이미지의 화일 형식을 변화하기 위한 도구 . Workspace Menu : 데스크탑 workspace를 관리하는 항목을 포함하고 있는 pop-up menu . Online help 3) CDE 개발 환경 - CDE 개발환경은 CDE에서 S/W를 개발하는 사용자가 선택적으로 설치할 수 있도록 패키지로 구성되있는데 다음과 같다. . Application Builder : CDE 응용프로그램 interface(API)를 사용하는 GUI 생성에 유용한 도구 . Motif, ToolTalk 메시지 및 다른 CDE 서비스를 위한 원시 형태의 데모 프로그램 . CDE에서 응용프로그램의 개발을 돕는 유틸리티 응용프로그램, 메뉴얼 , header 파일들 4) Solaris CDE 디렉토리 구조 - /usr/dt : 이 디렉토리는 Solaris CDE 설치 디렉토리이다. +---------------------------------------------------------------------+ | 디렉토리 내용 | +---------------------------------------------------------------------+ | /usr/dt/bin CDE 응용프로그램 및 유틸리티 | | /usr/dt/lib CDE shard library | | /usr/dt/config 기본 시스템 구성화일 | | /usr/dt/man 매뉴얼 (option) | | /usr/dt/app-defaults 기본 응용프로그램 자원 | | /usr/dt/appconfig 기본 응용프로그램 아이콘,type 및 action | | /usr/dt/examples CDE code/프로그램 예제 (option) | | /usr/dt/include 개발자 include file (option) | | /usr/dt/palettes Color palette | | /usr/dt/share CDE AnswerBook 문서 및 기본배경 | +---------------------------------------------------------------------+ - /etc/dt : 이 디렉토리에는 사용자정의된 워크스테이션의 특정 구성 화일이 들어 있다. 이 화일들을 이용하여 다음과 같은 방법으로 환경을 정의할 수 있다. . X-server configuration option 설정 . Multiple 스크린 사용 . 워크스테이션 action file, 데이터 type, icon, fonts 사용자 정의 - /var/dt : 이 디렉토리는 Login Manager 및 Application Manager와 같은 Solaris CDE application의 임시 화일을 저장하기 위한 것이다. - $HomeDirectoy : 이 디렉토리에는 사용자 데스크탑 setup과 관련된 사용자 특정 화일이 들어 있다. 사용자 특정 화일은 application, color scheme, Workspace 메뉴, Front Panel 수정 및 error log를 포함하고 있다. 4. DESKTOP 사용설명 - 사용자가 자신의 작업을 체계화하고 관리하도록 도와 주기 위해 Desktop은 window, 작업장, 조절도구, 메뉴와 Front Panel을 제공한다. . Window(창)에는 S/W application이 있으며, 그 application을 옮기거나, 크기를 조정하거나 추가 작업자에 배치할 수 있는 조절도구들로 구성된다. . Workspace(작업장)은 사용자의 작업에 필요한 창을 놓고, 정돈하며, 작업이 끝나면 창을 없애는 화면 영역이다. . 조절도구를 사용하여 Object를 다루거나, 선택항목을 선택하거나 정보를 입력할 수 있다. . 메뉴는 사용자가 창을 관리하고 응용프로그램을 작동하기 위해 사용하는 명령을 제공한다. . Front Panel은 각 작업장에서 자주 사용되는 조절도구들의 모음이다. 1) Front Panel - Front Panel은 화면 아래쪽에 있는 특수 창이다. 일상 작업에서 사용하는 조절도구,표시장치,부속 Panel이 있다. 또한 작업장을 선택하기 위한 작업장 바꾸기도 있다. Front Panel에서 두 개의 주요 구성요소는 기본패널과 부속 패널이다. * 기본패널 * 기본 패널은 디스플레이의 맨 아래에 수평으로 놓여진 창이다. 기본 패널에는 다른 작업장으로 바꾸는 작업장 바꾸기를 포함해서 자주 사용하는 여러 조절도구가 있다. 예를 들어 , 파일관리자와 스타일 관리자 조절도구같은 경우 누르면 응용프로그램이 가동된다. 어떤 조절도구는 놓을 영역을 가지고 있는데 프린터와 휴지통 조절도구의 경우 화일관리자에서 조절도구로 파일을 끌어 놓을 수 있다. 시계와 같은 조절도구는 사용자에게 시스템 상태에 관한 사항을 알려주는 표시장치이다. * 부속패널 * 기본 패널의 조절도구 위에 화살표 단추가 있으면 그 조절도구에는 부속패널이 있으며 없는 경우 부속패널을 선택적으로 만들 수 있다. . 아이콘 설치 조절도구 . 기본 패널에 있는 조절도구의 복사본 * 작업장 바꾸기 * CDE의 가장 유익한 특성으로 작업장 바꾸기는 한 작업장에서 다른 작업장으로 바꾸는 단추를 가지고 있다. 사용자의 디스플레이가 몇 개의 층을 가지고 있어도 각 작업장은 전체 디스플레이를 표시한다. 기본은 4개로 되있는데 원하는 수많큼 늘릴수 도 있다. * Front Panel 돌출 메뉴 * - Front Panel의 각 조절도구는 돌출 메뉴를 가지고 있다. ▶ 기본 Front Panel 돌출 Menu 표시 o 조절도구를 가리킴 o 마우스 3번 단추를 누름 ▶ 작업장 button에 대한 돌출 메뉴 ▶ 부속 Panel 조절도구에 대한 돌출 메뉴 ▶ 기본 Panel 조절 도구 ▶ 기본 패널에 부속 패널 조절도구 놓기 o 기본패널에 놓고 싶은 부속 패널 조절도구를 가리킴 o 조절도구 돌출 메뉴에서 기본 패널로 복사하기를 선택함 ▶ 응용프로그램이나 기타 아이콘을 부속 패널에 더하기 - 파일관리자나 응용프로그램 관리자를 이용하여 응용프로그램 아이콘을 끌어다가 부속패널의 아이콘 설치 부분에다 놓음 ▶ 부속 패널 더하기와 없애기 - 기본 패널의 어떤 조절도구도 부속 패널을 가질 수 있다. ▶ 기본 패널에 있는 조절도구 대체하기 - 부속 패널 조절도구 돌출 메뉴에서 기본 패널로 복사하기를 선택한다. ▶ 모든 사용자 정의 없애기 o 응용프로그램 관리자를 열고 Desktop_Tools 응용프로그램을 선택 o Restore Front Panel (프론트 패널 원상회복)을 두 번누름 - Restore Front Panel 활동은 다음을 사용하여 만든 모든 사용자 정의를 삭제함 . 아이콘 설치 조절도구 . 프론트 패널 돌출 메뉴 ▶ 도움말 부속 패널 ▶ 개인 응용프로그램 부속 패널 ▶ 작업장 바꾸기 - 작업장 바꾸기에는 기본적으로 다음 네 위치가 있다. - 다음 절차를 사용하여 이 조절도구 중 하나를 대체한다. (1) 작업장 바꾸기에 놓고 싶은 응용프로그램을 개인 응용프로그램 부속 패널에 설치한다. 예를 들어, System Load 조절도구를 바꾸기에 더하고 싶으면 개인 응용프로그램 부속 패널로 끌어 놓는다. (2) System Load 조절도구 화일의 정의는 HomeDirectory/.dt/types/fp_dynamic 디렉토리에 위치함 (3) 그 디렉토리에 있는 System Load 조절도구 (Xload.fp)를 상위 디렉토리 (HomeDirectory/.dt/types)로 move 시킨다. (4) vi HomeDirectory/.dt/types/Xload.fp ... CONTAINER_TYPE SUBPANEL => SWITCH 로 변경 CONTAINER_NAME PersAppsSubpanel => Switch 로 변경 POSITION_HINTS last => 3 (원하는 위치의 숫자로 변경) ... (5) 작업장 관리자 다시 시작을 선택한다. ☞ 예제 Front Panel에서 시계부분의 위치를 3번재 위치에 놓고 싶을 때 # cd HomeDirectory/.dt/types # cp /usr/dt/appconfig/types/ko/dtwm.fp Clock.fp # vi Clock.fp CONTROL Clock { TYPE clock CONTAINER_NAME Top CONTAINER_TYPE BOX POSITION_HINTS 3 ==> 1로 되있는 것을 3으로 변경 ICON Fpclock LABEL 시계 HELP_TOPIC FPOnltemClock HELP_VOLUME FPanel } ... => 나머지 내용들은 모두 삭제함 만약 삭제를 안하면 에러 발생 2) Style 관리자 - Style 관리자를 사용하면 다음과 같은 데스크탑의 많은 요소들을 쉽게 조정할 수 있다. o 색상 : 작업장 색상과 선택판 o 글꼴 : 응용프로그램 글꼴 크기 (예: Desktop_tools에서 Dtwmrc 편집기) o 배경 : 작업장 배경 패턴 o 키보드 : 키 누르기 볼륨과 문자 반복 기능 o 마우스 : 마우스 단추 누르기 설정값, 두 번 누르기 속도, o Font 크기 o 키보드, 마우스 및 창 동작 ▶ 색상 * 색상 단추 디스플레이 유형과 색상 수 선택은 선택판을 구성하는 색상 Button의 수에 의해 결정된다. 색상수를 최대값 (8개)으로 선택한다면 다음과 같이 사용된다. (1) -> 활성화된 창 가장자리 (2) -> 비활성화된 창 가장자리 (3) -> 작업장 1, 5, 9 ... (4) -> 텍스트와 목록 영역 (5) -> 기본창 배경과 작업장 4,8,12,... (6) -> 대화상자 배경과 메뉴 막대와 작업장 3,7,11... (7) -> 작업장 2,6,10... (8) -> 프론트 패널 배경 * 선택판 없애기 * (1) 스타일 관리자 색상 조절도구를 누름 (2) 선택판 목록에서 선택판을 선택함 (3) 없애기를 선택함 (4) 선택판 없애기 대화 상자에서 예를 누름 => 선택판을 없애면, 스타일 관리자는 선택판 이름앞에 ~을 붙이고, HomeDirectory/.dt/paletts디렉토리에 복사본저장 * 없앤 선택판 복구하기 * (1) HomeDirectory/.dt/palettes로 디렉토리 이동함 (2) ~Palette_Name.dp 파일을 없앰 (3) 스타일 관리자를 다시 시작함 ▶ 시작과 로그아웃 사용자 정의 - 시작과 로그아웃에 대한 다음 선택사항을 바꿀 수 있다. * 다음 세션 시작방법 바꾸기 (1) 스타일 관리자 시작 조절도구를 누름 (2) 원하는 설정값을 선택함 . 현재 세션으로 계속 : 설정값을 포함하여 마지막 세션에서 남겨놓은 작업장 내용으로 다음 세션을 시작함 ☞ 해당 파일은 다음과 같다. # cd HomeDirectory/.dt/sessions # ls -F current/ current.old/ dtwmfp.session latesession 특히 dtwmfp.session 파일은 예를들어 Front Panel에서 부속 Panel을 만들경우에 생기는 파일이다. . 홈 세션으로 시작 : 홈 세션으로 설정한 세션을 시작함 ☞ 해당 파일은 다음과 같다. # cd HomeDirectory/.dt/sessions # ls -F current.old/ home/ dtwmfp.session latesession 추가적으로 home directory가 생긴면서, 기존의 current 내용이 current.old로 옮겨지면서 current 디렉토리가 없어짐. 만약 홈 세션설정이 안되면 기본적으로 /usr/dt/config/ko 디렉토리밑에 있는 파일들을 참조한다. . 로그아웃할 때 지정 : 로그아웃할 때 현재 세션을 다시 시작할지 또는 홈 세션을 복원할 지를 물어봄 3) 응용프로그램 관리자 - 응용프로그램 관리자는 사용자 시스템에 사용할 수 있는 응용프로그램과 다른 도구들의 보관소이다. 응용프로그램 관리자에 있는 응용프로그램과 도구들은 대부분 시스템 관리자가 놓은 것이거나 데스크탑에 내장되어 있는 것이다. ▶ 응용프로그램 관리자의 내용 - 응용프로그램 관리자의 최상위 레벨에는 응용프로그램 그룹세트가 있다. 응용프로그램 내용 Desktop_Apps 파일관리자, 스타일관리자, 달력같은 데스크탑 응용 프로그램 Desktop_Tools Reload Appliation, vi editor와 같은 데스크탑관리와 운영체제 도구 Information CDE Patchlist, Buglist, News System_Admin 시스템 관리자가 사용하는 도구 default로 이 그룹안에는 아무것도 없음 ☞ 관련 디렉토리 # ls -F /usr/dt/appconfig/appmanager/C Desktop_Apps/ Desktop_Tools/ Information/ OpenWindows/ System_Admin ▶ 작업장 배경에 응용프로그램 아이콘 놓기 - 편리한 기능으로 응용프로그램 아이콘을 작업장(배경)으로 복사한다. 마치 윈도우 95에서 볼 수 있는 기능이다. 14 ▶ 개인 응용프로그램 그룹 만들기 - 개인 응용프로그램 그룹은 사용자가 쓰기 권한을 갖고 바꿀 수 있는 응용프로그램 그룹이다. (1) # cd HomeDirectory/.dt/appmanager (2) # mkdir LJS => 새 폴더를 만듬 LJS가 새 응용프로그램 그룹이름이 됨 (3) Desktop_Tools 응용프로그램 그룹에서 Reload Application (활동 다시로드)을 두 번 누름 위와 같이 실행하면 사용자의 새 응용프로그램 그룹은 응용프로그램 관리자의 최상위 레벨에 등록된 것을 볼 수 있다. ☞ 관련 파일들 # ls -F HomeDirectoy/.dt/appmanager LJS/ # cd var/dt/appconfig/appmanager/root-mymy-0 => 응용프로그램 관리자 폴더위치 (주의 : root-mymy-0 이름을 직접 수정하면 안됨) # ls -al lrwxrwxrwx Desktop_Apps -> /usr/dt/appconfig/appmanager/C/Desktop_Apps/ lrwxrwxrwx Desktop_Tools -> /usr/dt/appconfig/appmanager/C/Desktop_Tools/ lrwxrwxrwx Information -> /usr/dt/appconfig/appmanager/C/information/ lrwxrwxrwx OpenWindows -> /usr/dt/appconfig/appmanager/C/OpenWindows/ lrwxrwxrwx System_Admin -> /usr/dt/appconfig/appmanager/C/System_Admin/ lrwxrwxrwx LJS -> //.dt/appmanager/LJS/ ▶ 개인 응용프로그램 그룹에 응용프로그램 더하기 - 아이콘을 다른 응용프로그램 그룹에서 개인 응용프로그램 그룹으로 복사함 예를 들어, 시계 아이콘을 Desktop_Apps 응용프로그램 그룹에서 새 개인 응용프로그램 그룹으로 복사할 수 있다. ☞ 주의 사항 복사시 반드시 Control을 누른채로 아이콘을 끌어야 한다. 만약 Control를 누르지 않고 아이콘을 끌면 이동 (move)이 되버린다. ▶ 개인 활동과 자료 유형 만들기 - 데스크탑은 스크립트,응용프로그램, 다른 명령들을 실행하는 아이콘을 만드는데 도움이 되는 도구를 제공한다. 예를들어 Netscape를 실행하는 아이콘을 만들고자 할 때 다음과 같다. (1) Desktop_Apps 응용프로그램 그룹에서 활동 만들기(Dtcreate)를 실행 (2) 사용자 응용프로그램에 대한 활동을 만듬 결과는 HomeDirectory에 Netscape 라는 이름과 HomeDirectory/.dt/types/Netscape.dt 라는 이름으로 존재 4) 인쇄 - 사용자는 데스크탑을 통해 쉽게 파일을 인쇄하고, 인쇄작업을 찾거나 취소하고, 프린터나 인쇄 작업에 관한 정보를 얻을 수 있다. ▶ 사용자 기본 프린터 기본 프린터 이름을 알려면, 프론트 패널에서 기본프린터 조절도구를 누름 ▶ 기본 프린터 바꾸기 다른 프린터를 기본 프린터로 설정하려면 (1) # vi HomeDirectory/.dtprofile (2) LPDEST=printer_device;export LPDEST를 추가함 ▶ 인쇄 관리자를 사용하여 프린트 (1) 개인 프린트 부속 패널에서 인쇄 관리자를 시작함 (2) 파일을 파일관리자에서 인쇄관리자 아이콘으로 끌어 옮김 시스템은 다양한 인쇄 선택사항을 지정하기 위해 인쇄 대화상자를 나타냄 ▶ 인쇄 관리자 ▶ 인쇄 작업 (Spool) 정보 표시 프린터에 인쇄를 기다리는 작업에 대한 정보는 사용자가 프린터 아이콘을 열 때 나타난다. * 프린터 아이콘 열기 => 프린터 아이콘의 왼쪽에 있는 열기[+]단추를 누름 &nb
82 Maximum number of Process 값 확인 방법
조인상
8617 2010-06-24
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ # adb -k 후 나오는 값을 10진수로 변경 # sysdef -i | grep proc max_nproc 산출 공식 max_nproc = 10 + (16 * maxusers)
81 SUN ILOM 2.0 기능 및 설명 imagefile
조인상
14568 2010-05-24
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ [ ILOM 개요 ] 1. ILOM 이란? Integrated Lights Out Manager 는 SUN서버 플랫폼에 사전 설치되는 시스템관리 펌웨어. 하드웨어 구성보기, 시스템 정보 모니터링, 시스템 경고관리등을 통해 시스템 관리 가능. 웹인터페이스,CLI,SNM, IPMI 등의 인터페이스를 제공 주요기능 - 자체의 프로세서 및 자원을 사용하여 실행 - 시스템자원을 사용하지 않고 서버 관리 - 서버의 전원이 꺼진 경우에도 대기전원을 사용하여 계속 관리됨. - 별도의 관리 네트워크 제공 - 하드웨어 인벤토리 및 환경에 대한 보기 표시 - 전원제어/구성요소 관리/ 호스트콘솔에 access 기능 제공 - SP 펌웨어 및 BIOS 변경사항을 다운로드 가능 SP : Service Processor CMM : Chassis Monitoring Module 2. ILOM의 관리방법 2가지 1) 직접 SP 사용 - SP 또는 블레이드서버와 직접 통신. 2) CMM 사용 - 시스템에 CMM이 포함되어있는 경우 CMM에서 관리하면 구성요소를 설치 및 관리하거나 개별 블레이드서버 SP를 세부적으로 관리 가능 3. ILOM 인터페이스 1) 웹인터페이스 2) CLI 3) 원격 콘솔 4) IPMI (Intelligent Platform Management Interface) : CLI를 통해서 시스템의 BMC에서 정보검색. 장치 구성 및 관리 가능 5) SNMP 4. ILOM 연결방법 1) Management Port 에 네트웍으로 연결 : CLI 및 GUI 모두 연결가능 (웹브라우저 및 SSH로 연결가능) - SP 및 CMM에 IP주소 할당 2) 시리얼케이블 연결 : CLI만 가능 3) CMM의 시리얼에 연결(블레이드서버) : CLI만 가능 5. ILOM 계정 1) 관리자(Administrator) : 모든 권한 - default : root/changeme 2) 조작자(Operator) : ILOM 구성에는 read-only 6. ILOM 연결 1) 시리얼 연결방법 - 8N1 : 8bit / No parity / 1 stop bit - 9600 bps - Hardware flow control : NO - Software Flow control : NO 시리얼관련 설정 확인 -> show /CMM/serial/externel -> show /SP/serial/external -> show /CH/BL0/SP/serial/external (블레이드서버) 2) IP확인방법(SP/CMM) -> cd /SP/network or > cd /CMM/network/CMM0 or > cd /CH/BL0/SP/network -> show 3) IP 세팅방법 -> cd /SP/network -> set pendingipaddress=192.168.0.1 / IP설정 -> set pendingipnetmask=255.255.255.0 /netmask 설정 -> set pendingipgateway=192.168.0.254 / GW설정 -> set pendingipdiscovery=static / DHCP 여부 -> set commitpending=true / commit [ ILOM 사용 : CLI ] 1. ILOM CLI 계층 /SP : 서비스 프로세서. 로그 및 콘솔을 보는데 사용 /CMM : 블레이드이 경우 /SP를 대신함. Chassis Monitoring Module 을 구성하는데 사용. /SYS : 이 밑의 대상 및 속성은 인벤토리, 환경 및 하드웨어 관리를 제공. /SYS는 모든 하드웨어 구성 요소의 Naming 에 직접적으로 부함. 일부는 물리적 하드웨어에서 인쇄됨. /CH : 블레이드의 경우 /SYS를 대체. 샤시 레벨에서 인벤토리,환경,하드웨어관리. /HOST : 이 밑의 속성은 host OS를 모니터링하고 관리하는데 사용됨. 2. CLI 명령 <command> <option> <target> <properties> 1) command -> cd : change directory -> create/delte : 개체 생성/삭제 -> exit : CLI 세션 종료 -> help -> load : 지정된 소스의 파일을 지정된 대상으로 전송 -> reset : 대상의 사태를 재설정 -> set : 지정된 값으로 설정 -> show : 대상에 대한 정보를 표시 -> start/stop : 대상을 시작/중지 -> version : 실행중인 SP의 버전을 표시 2) option - default : 기본 기능만 수행 - destination : 대상을 지정 - display / -d : 사용자가 표시하고자 하는 데이터 표시 - help / -h : help 표시 - level / -l : 현재 대상과 지정된 레벨을 통해 포함된 모든 대상에 대해 명령을 실행 -output / -o : 명령풀력의 내용 및 형태를 지정 ex) -o table (표형식으로 제공) -script : 명령과 일반적으로 관련된 경고 또는 프롬프트를 생략 - source : 소스 이미지의 위치를 나타냄. 3) target 경로를 지정 4) properties 각 개체와 관련된 구성가능한 특성 5) 명령실행법 -> cd /SP/services/http -> set port=80 or -> set /SP/service/http port=80 3. User 관리 1) 유저 패스워드 변경 -> set /SP/users/root password=암호설정 2) SSO 설정 (디폴트로 사용됨) -> set /SP/services/sso state=enabled/disabled 3) 유저추가/수정/삭제/확인 -> create /SP/users/유저 password=암호 role=administrator/operator -> set /SP/users/유저 password=암호 role=administrator/operator -> delete /SP/users/유저 -> show -display targets /SP/users 4. 인벤토리 구성/관리 1) 컴퍼넌트 정보보기 -> show 컴퍼넌트 type ex) show /SYS/MB type : 메인보드 상태 컴퍼넌트 리스트 - fru_part_number - fru_serial_number - fru_name - fru_description - chassis_serial_number - chassis_part_number - product_name - product_serial_number - product_part_number - customer_frudata 2) 컴퍼넌트 제거 및 교체 -> set 타겟 prepare_to_remove_action=true : 제거준비 ex) set /CH/RFM0 prepare_to_remove_action=true -> show /CH/RFM0 prepare_to_remove_status : 제거할 준비된 상태인지 확인 (Ready 혹은 NotReady) -> set /CH/RFM0 return_to_service_action=true : 교체후 정상처리 3) 컴퍼넌트 disable 시키기 -> set /SYS/MB/CMP3/P3/C0 component_state=enabled/disabled 5. 시스템 모니터링 및 경고관리 1) 온도 및 장치 센서의 상태 표시 - /SYS 또는 /CH 안에 FRU 및 기타 시스템 인벤토리에 대한 센서 값을 즉시 가져올수 있음. 센서값의 두가지. 임계(Thredhold)센서값, 고유(discrete)센서값. - 임계값(Thredhold) 센서 -> show /SYS/T_AMB / 서버흡입구의 온도 임계값 확인 - 고유(Discrete) 센서 -> show /SYS/HDD0_PRSNT / 디스크슬롯0 의 디스크 존재여부 확인 2) System Identifier @ LED 에 불이 켜지는 조건 - 컴퍼넌트에 고장 또는 오류가 감지되는 경우 - FRU에 서비스가 필요한 경우 - Hot-plug 모듈을 제거할 준비가 된 경우 - FRU 또는 시스템에서 작동이 발생하는 경우 @ ILOM 의 LED 에러 표시 방법 - 꺼짐 : 정상 - 계속 켜짐 : 컴퍼넌트를 제거할 준비가 됨 - 느린 깜박임 - 컴퍼넌트의 상태가 변경중 - 빠른 깜빡임 - 데이터센터에서 시스템을 찾을수 있도록 도와줌 - 대기상태로 깜빡임 - 컴퍼넌트가 활성화될 준비가 되어있지만 현재 작동중이지 않음 @ System Identifier 상태보기 -> show /SYS/Indicator이름 or -> show /CH/Indicator이름 @ 고장상태 보기 -> show /SP/faultmgmt @ 경고 테스트 발생시키기 -> cd /SP/alertmgmt/rules -> set testalert=true 3) 이벤트로그 확인 -> cd /SP/logs/event (/CH/BL0/SP/logs/event /CMM/logs/event) -> show list / 이벤트리스트 확인 -> q / 로그표시 중지 -> set clear=true /이벤트로그 항목지우기 6. 펌웨어 업데이트 1) 펌웨어 이미지 다운로드 2) TFTP서버에 이미지 넣고 CLI로 업데이트 하거나, local filesystem에 이미지를 복사하여 웹인터페이스로 업데이트 3) ILOM 버전 정보 확인 -> version 4) ILOM 펌웨어 업데이트 -> load -source <tftp경로> 5) 웹으로 할경우 Maintenence -> firmware Upgrade 에서 작업 7. HOST system 명령 -> start /SYS or -> start /CH // 호스트 시스템 또는 샤시 전원을 ON -> stop /SYS // 호스트 시스템 또는 샤시 전원을 정상 OFF -> stop -f /SYS // 강제종료 -> reset /SYS // 호스트 또는 샤시 전원을 reset -> start /SP/console // 세션을 시작하여 호스트 콘솔에 연결 -> stop /SP/console // 호스트콘솔에 연결된 세션을 정상중지 -> stop - f /SP/console // 강제 종료 -> reset /SP // SP를 리셋해도 호스트 OS에 영향을 주지 않음. 단, reset 하는 동안만 SP 접속 불가 [ ILOM ver 3.0 New Feature ] - DNS support - Timezone support - Configuration backup and restore - Enhanced LDAP & LDAP/SSL support - java-based remote storage CLI - Power management capabilities - new SSH key 생성 가능 * 추가사항 ILOM IP주소 확인하고 싶을때 # ipmitool sunoem cli "show /SP/network"
80 솔라리스 보안취약점 보완을 위한 정책강화 방법
조인상
17047 2010-05-27
원문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1. 패스워드 최소길이 설정 위험도 : 중 취약점 개요 : 패스워드의 최소길이를 특정수치 이상으로 설정하여 패스워드 무작위 공격(Brute Forceing)이나 패스워드 추측(Geussing) 공격등에 대처할 수 있도록 설정되어 있는지 진단한다. 취약점 영향 : 패스워드 최소길이가 설정되어 있지 않아, ‘1234’, ‘abcd’, ‘root’등과 같은 쉬운 패스워드가 적용되었을 경우 무작위공격이나 패스워드 추측(Guessing) 공격등에 쉽게 노출 될 수 있음 대응책 : 운영체제별로 패스워드 최소길이를 8 이상으로 설정한다. /etc/default/passwd (설정 전)PASSLENGTH= (설정 후)PASSLENGTH=8 2. 패스워드 만료 기간 설정 위험도 : 중 취약점 개요 : 패스워드 에 만료기간을 설정하여 주기적으로 패스워드를 변경하도록 유도하기 위한 설정임. 취약점 영향 : 만료기간 설정되어 있지 않아 특정 패스워드를 오랫동안 사용할 경우 telnet, ssh 등의 무작위 대입공격 등에 노출되는 등 위험에 노출될 가능성이 높음. 대응책 : 운영체제별로 패스워드 만료 기간을 설정한다. 60일(8주) 권고한다. “/etc/default/passwd” 파일에 아래 내용을 설정하거나 /etc/shadow 의 5번째 필드를 60으로 변경한다. MAXWEEKS=8 3. 계정 잠금정책 설정 위험도 : 중 취약점 개요 : 침입자에 의한 공격시도에 시간을 지체하게 하거나 자동공격에 시간을 끌기 위해 암호입력 회수를 적정하게 제한하는지 여부를 점검 취약점 영향 : 틀린 암호 입력회수를 3회 미만으로 설정하지 않을 경우 패스워드 공격에 쉽게 노출될 수 있음 대응책 : 비인가자 및 침입자에 대한 침입을 예방하기 위해 틀린 암호로 3차례 이상 틀린 암호로 로그인 시도를 계속 못하게 점검한다. /etc/default/login (수정 전)RETRIES= (수정 후)RETRIES=3 4. TMOUT 인자 설정 미흡 위험도 : 하 취약점 개요 : 지정된 시간 동안 사용하지 않을 경우 접속된 session을 해당 서버에서 끊도록 설정하였는지 점검 취약점 영향 : 사용하지 않는 session 에 대한 time out 을 설정하지 않을 경우 기밀성 뿐만 아니라 가용성 측면에서도 문제점을 발생 시킬 수 있음 대응책 : 지정된 시간 동안 사용하지 않을 경우 접속된 session을 해당 서버에서 끊도록 설정하는 것이 필요함(300초 경과시 timeout) “/etc/default/login” 파일 수정(주석 제거 또는 신규 삽입) (수정 전) #TIMEOUT=300 (수정 후) TIMEOUT=300 (300초 동안 사용하지 않을 경우 session 중지) 5. Root 패스 설정 미흡 위험도 : 중 취약점 개요 : Root 의 검색경로가 되는 $PATH 경로내에 “.” 이나 “::“ 등이 포함되어 침입자가 특정 명령어를 실행시킬 수 있도록 조작될 수 있는 위험한 환경변수값을 갖고 있는지 진단 취약점 영향 : “.”, “::”등과 같은 환경변수가 들어있을 경우 침입자에 의해 root 권한이 노출될 수 있음 대응책 : $PATH 변수내에 “.” 이나 “::” 의 항목이 있으면 제거한다 6. Root 계정 원격접속 및 SU 제한 위험도 : 상 취약점 개요 : “/etc/default/login” 파일을 이용하여 직접적인 root의 원격 접속을 제한할 수 있음. (Default 설정으로 root 원격 접속이 가능하도록 설정되어 있음). root로 직접적인 접근은 보안상 위험하므로, 이 옵션을 설정하여 일반 사용자를 통해 root로 갈 수 있도록 하는 것이 보안상 필요함 취약점 영향 : Root 암호가 도청당할 가능성 있음 대응책 : root 가 시스템 콘솔을 통해서만 접속할 수 있도록 한다. “/etc/default/login” 파일 수정 (수정 전) # CONSOLE=/dev/console (수정 후) CONSOLE=/dev/console 7. 구성원이 존재하지 않는 GID 설정 위험도 : 하 취약점 개요 : 구성원이 존재하지 않는 빈 그룹이 존재하는지 여부를 진단 취약점 영향 : 그룹관리가 정상적으로 이루어지지 않아 구성원이 존재하지 않는 그룹이 있을 경우 해당 그룹소유의 파일이 비인가자등에게 노출 될 위험이 있음 대응책 : /etc/group 에 구성원이 존재하지 않는 그룹이 있을 경우 관리자와 검토하여 제거한다. 8. /etc/passwd 파일 권한 설정 위험도 : 상 취약점 개요 : /etc/passwd 파일 권한의 적정성 검토 취약점 영향 : /etc/passwd 파일 권한이 적절하지 않을 경우 악의적으로 사용될 가능성 있음 대응책 : /etc/passwd 의 권한은 640 이어야 한다. 9. SUID 설정된 의심스러운 파일 위험도 : 상 취약점 개요 : SetUID(Set User-ID)가 설정된 파일, 특히 root 소유의 파일인 경우, 버퍼 오버플로우 공격과 Local 공격에 많이 사용되므로 보안상 주기적인 관리가 필요한 파일들이다 취약점 영향 : 버퍼 오버플로우 공격과 Local 공격으로 인해 root 권한을 노출 시킬 수 있으며, 시스템의 장애를 유발할 수 있다 대응책 : #find / -user root -type f \( -perm -04000 -o -perm -02000 \) -xdev -exec ls -al {} \; -r-sr-xr-x 1 root sys 21384 Jan 23 2005 /usr/bin/sparcv9/newtask -r-sr-xr-x 2 root bin 20672 Jan 23 2005 /usr/bin/sparcv9/uptime -r-sr-xr-x 2 root bin 20672 Jan 23 2005 /usr/bin/sparcv9/w -rwsr-xr-x 1 root sys 41404 Sep 16 2005 /usr/bin/at -rwsr-xr-x 1 root sys 19108 Jan 23 2005 /usr/bin/atq -rwsr-xr-x 1 root sys 19052 Jan 23 2005 /usr/bin/atrm -r-sr-xr-x 1 root bin 20336 Jan 23 2005 /usr/bin/crontab -r-sr-xr-x 1 root bin 19088 Jan 23 2005 /usr/bin/eject -r-sr-xr-x 1 root bin 27500 Jan 23 2005 /usr/bin/fdformat 보안에 취약한 root 소유의 SetUID 파일들의 경우에는 꼭 필요한 파일을 제외한 SetUID, SetGID 파일에 대하여 SetUID, SetGID를 제거해주고, 잘못 설정되어 보안 위협이 되고 있는지 주기적인 진단 및 관리가 필요하다 10. SGID 설정된 의심스러운 파일 위험도 : 상 취약점 개요 : SetGID(Set Group-ID)가 설정된 파일, 특히 root 소유의 파일인 경우, 버퍼 오버플로우 공격과 Local 공격에 많이 사용되므로 보안상 주기적인 관리가 필요한 파일들이다 취약점 영향 : 버퍼 오버플로우 공격과 Local 공격으로 인해 root 권한을 노출 시킬 수 있으며, 시스템의 장애를 유발할 수 있다 대응책 : #find / -user root -type f \( -perm -04000 -o -perm -02000 \) -xdev -exec ls -al {} \; -r-sr-xr-x 1 root sys 21384 Jan 23 2005 /usr/bin/sparcv9/newtask -r-sr-xr-x 2 root bin 20672 Jan 23 2005 /usr/bin/sparcv9/uptime -r-sr-xr-x 2 root bin 20672 Jan 23 2005 /usr/bin/sparcv9/w -rwsr-xr-x 1 root sys 41404 Sep 16 2005 /usr/bin/at -rwsr-xr-x 1 root sys 19108 Jan 23 2005 /usr/bin/atq -rwsr-xr-x 1 root sys 19052 Jan 23 2005 /usr/bin/atrm -r-sr-xr-x 1 root bin 20336 Jan 23 2005 /usr/bin/crontab -r-sr-xr-x 1 root bin 19088 Jan 23 2005 /usr/bin/eject -r-sr-xr-x 1 root bin 27500 Jan 23 2005 /usr/bin/fdformat 보안에 취약한 root 소유의 SetUID 파일들의 경우에는 꼭 필요한 파일을 제외한 SetUID, SetGID 파일에 대하여 SetUID, SetGID를 제거해주고, 잘못 설정되어 보안 위협이 되고 있는지 주기적인 진단 및 관리가 필요하다 11. 관리자 암호 평문 전송 위험도 : 상 취약점 개요 : telnet, ftp 등 평문이 노출되는 취약한 통신 프로토콜을 사용하는지 여부 점검 취약점 영향 : 관리자 암호 노출 위험성 높음 대응책 : telnet, ftp 는 관리자 원격접속을 가급적 자제하고 ssh 설정은 V2 프로토콜만을 사용하도록 설정한다 12. Ftpusers 파일 권한 설정 위험도 : 하 취약점 개요 : Ftpusers 파일은 ftp 접근제한할 사용자 리스트가 포함된다. 이 파일의 권한 적정성을 검토한다 취약점 영향 : 파일 권한 설정이 부적절하게 되어있을 경우 침입자가 ftp접근제한에 걸린 계정을 주석 처리하거나 내용을 삭제하는 등 ftp 사용에 제한을 둘 수 있음 대응책 : Ftpusers 의 파일권한이 640 보다 이상이면 취약하다. 13. Ftpusers 파일 설정 미흡 위험도 : 중 취약점 개요 : Ftpusers 파일은 ftp 접근제한할 사용자 리스트가 포함된다. ftp 는 Plain Text 기반의 취약한 프로토콜이므로 가급적 사용하지 않되 필요시 최소한의 허가된 사용자에게만 허락하고 나머지 계정에 대해서는 ftpusers 에 등록함으로써 접근제한을 두어야 한다 취약점 영향 : 접근제한이 인가되지 않은 사용자 또는 외부의 침입자에게 ftp 접속의 기회를 제공하게 된다 대응책 : Ftpusers 파일이 없을 경우 각 운영체제별로 해당 위치에 ftpusers 파일을 생성하고 접근제한할 사용자를 입력한다 14. ftp 데몬 로그 설정 위험도 : 하 취약점 개요 : ftp 접속 로그를 남기는지 여부에 대한 점검 취약점 영향 : 로그를 남기지 않을 경우 침해나 정보노출시 침해원인 및 사고의 정확한 내용분석이 불가함 대응책 : #grep ftp /etc/inetd.conf # TFTPD - tftp server (primarily used for booting) #tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot ### End. 결과내용중에 ftpd 에 –l 또는 –v 옵션이 없으면 취약하다. 15. cron.deny 권한 설정 위험도 : 중 취약점 개요 : cron. deny 파일은 그 안에 포함된 계정으로 하여금 cron 명령을 수행하지 못하도록 한다 취약점 영향 : 비인가자가 cron.deny 파일에서 자신의 계정을 제거하지 못하도록 막는다.. 대응책 : cron.deny 파일의 권한을 640 이하로 설정한다 16. at.deny 권한 설정 위험도 : 중 취약점 개요 : at deny 파일은 그 안에 포함된 계정으로 하여금 at 명령을 수행하지 못하도록 한다 취약점 영향 : 비인가자가 at.deny 파일에서 자신의 계정을 제거하지 못하도록 조치해야 한다 대응책 : at.deny 파일의 권한을 640 이하로 설정한다 17. 구버전 DNS 서버 사용 위험도 : 상 취약점 개요 : 구버전 DNS 서버 사용여부를 확인한다 취약점 영향 : 구버전 DNS 서버를 사용할 경우 보안에 취약하다 대응책 : DNS 서버의 버전이 낮은 경우 관리자 및 벤더업체와 협의 하에 패치를 수행한다 18. SNMP default 커뮤니티명 위험도 : 상 취약점 개요 : SNMP 통신을 할 때 보안을 위해 커뮤니티명을 사용한다 취약점 영향 : 커뮤니티명을 변경하지 않고 기본적으로 사용할 경우 보안상 취약하다 대응책 : #ps -ef | grep snmp | grep -v grep root 1913 1 0 Jan 30 ? 141:37 /usr/local/sbin/NASCenterAgent -c /usr/local/conf/snmpd.conf root 1952 1 0 Jan 30 ? 0:02 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf root 1966 1 0 Jan 30 ? 0:00 /usr/lib/dmi/snmpXdmid -s cn-was root 2014 1 0 Jan 30 ? 1:58 /usr/sfw/sbin/snmpd [End] #cat /etc/snmp/conf/snmpd.conf | grep community | grep -v '^#' system-group-read-community public read-community public trap-community SNMP-trap 커뮤니티명을 확인하여 디폴트 커뮤니티명인 “public, private”를 사용하지 않도록 한다 # ps -ef | grep snmp # cat /etc/snmp/conf/snmpd.conf | grep community | grep -v '^#'" 19. TCP sequence 파라미터 설정 위험도 : 하 취약점 개요 : 침해사고를 일으키는 유형 중 Session 하이재킹이나 IP Spoofing 공격 등이 있는데, Session 하이재킹이나 , IP Spoofing 공격은 TCP의 sequence number를 쉽게 추측할 수 있을 때 공격이 용이하게 이루어지게 된다. 그러므로, 모든 TCP 연결에 대한 ISN(Initial Sequence Number)을 랜덤하게 설정하는 보안 설정이 필요하다 취약점 영향 : Session 하이재킹이나 IP Spoofing 공격등을 어렵게 한다. 대응책 : #cat /etc/default/inetinit | grep TCP_STRONG_ISS # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: TCP_STRONG_ISS=1 /etc/default/inetinit 파일을 아래와 같이 수정하기 바란다. # vi /etc/default/inetinit # @(#)inetinit.dfl 1.2 97/05/08 # # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: # 0 = Old-fashioned sequential initial 20. 파일, 디렉터리 소유자 부재 위험도 : 하 취약점 개요 : 소유자가 존재하지 않는 파일 및 디렉토리가 있는지 점검한다. 이런 파일, 디렉토리는 퇴직자의 자료이거나 관리소홀로 인해 생긴 불필요한 자료일 가능성이 높음 취약점 영향 : 삭제된 소유자의 UID 와 동일한 사용자가 해당 파일,디렉토리에 접근 가능한 파일 및 디렉토리Nouser, nogroup 대응책 : #find / \( -nouser -o -nogroup \) -xdev -ls 2> /dev/null 236439 1 drwxr-xr-x 2 1000 1000 512 Apr 11 2008 /usr/local/src/chkrootkit-0.48 236441 4 -r--r--r-- 1 1000 1000 3992 Dec 18 2007 /usr/local/src/chkrootkit-0.48/ACKNOWLEDGMENTS 236442 8 -r--r--r-- 1 1000 1000 7195 Oct 19 2006 /usr/local/src/chkrootkit-0.48/check_wtmpx.c 236443 7 -r--r--r-- 1 1000 1000 7047 Aug 11 2007 /usr/local/src/chkrootkit-0.48/chkdirs.c 236444 8 -r--r--r-- 1 1000 1000 7730 Oct 19 2006 /usr/local/src/chkrootkit-0.48/chklastlog.c 236445 10 -r--r--r-- 1 1000 1000 9627 Aug 15 2007 /usr/local/src/chkrootkit-0.48/chkproc.c 236446 74 -rwxr-xr-x 1 1000 1000 75103 Dec 18 2007 /usr/local/src/chkrootkit-0.48/chkrootkit 236447 1 -r--r--r-- 1 1000 1000 583 Dec 18 2007 /usr/local/src/chkrootkit-0.48/chkrootkit.lsm 236448 6 -r--r--r-- 1 1000 1000 5538 Oct 19 2006 /usr/local/src/chkrootkit-0.48/chkutmp.c 해당 파일들을 검색한 후 제거 또는 적절한 소유자를 부여한다 21. rlogin 활성화 위험도 : 중 취약점 개요 : rsh, rlogin, rexec 등의 ‘r’ commands는 인증없이 관리자의 원격접속이 가능하게 하는 명령어들로, NET Backup이나 다른 용도로 사용되는 경우가 있으나 ‘r’ command의 사용은 보안상 매우 취약하여, 서비스 포트가 열려있으면 침해사고의 위험성이 있음 취약점 영향 : 인증 없는 관리자 권한의 원격접속이 가능함 대응책 : #cat /etc/inetd.conf | grep -v '^#' | egrep 'login' shell stream tcp nowait root /usr/sbin/in.rshd in.rshd shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd [End] #cat /etc/inetd.conf | grep -v '^#' time stream tcp6 nowait root internal NET Backup등 특별한 용도로 사용하지 않는다면 서비스를 제거한다.
79 C++ 테스트 코드
조인상
8993 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ /* HelloWorldpp.cpp */ #include <iostream> int main() { std::cout<< "Hello Wolrd" << std::endl; return 0; }
78 UTP 케이블. 다이렉트/크로스 제작방법
조인상
9028 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 다이렉트 (direct) 황/백 - 황 - 녹/백 - 청 - 청/백 - 녹 - 갈/백 - 갈 크로스는 황과 녹을 서로 바꾼다. 크로스 (cross) 녹/백 - 녹 - 황/백 - 청 - 청/백 - 황 - 갈/백 - 갈
77 FTP 관련 포트 정리 imagefile
조인상
10197 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ * 사진의 위쪽은 Active 모드, 아래쪽은 Passive 모드 Active 모드 Active 모드는 클라이언트가 보내중 정보를 기준으로 서버에서 클라이언트의 Data 포트에 접속을 시도한 후 클라이언트의 요청에 따라 데이터를 전송하는 방식이다. 하지만 Ip 공유기등 사설 IP에서 접속을 시도할 경우 클라이언트의 Data 포트가 막힐 가능성이 있기 때문에 500 Illegal PORT command 와 같은 오류를 출력할 수 있다. 즉 명령은 전달이 되었지만 실제적으로 전송을 담당하는 데이터 포트가 막혀서 데이터를 전송 못할 가능성이 있다. 연결 과정 1. FTP 서버 IP xxx.xxx.xxx.xxx 포트 21 번으로 접속 2. FTP 서버의 21 포트 -> 클라이언트 1023(n) 이상의 포트 (서버에서 클라이언트의 Command 포트로 응답) 3. FTP 서버의 20번 포트 -> 클라이언트 n+1 번 포트 (서버에서 클라이언트의 data포트로 접속) 4. FTP 서버의 20번 포트 <- 클라이언트 n+1 번 포트 (클라이언트에서 서버의 data포트로 응답) *실제로 포트 번호는 정해진것이 아닌 1023포트 이상에서 서버나 클라이언트가 정함 연결 과정에 있어서 클라이언트는 서버에 접속할때 PORT xxx,xxx,xxx,xxx,yy,nn 이런식의 메세지를 전달한다. 여기서 xxx 는 IP Address를 나타내고 포트는 마지막 부분 yy,nn 부분이다 포트번호는 (yy * 256) + nn 으로 결정이 되어 클라이언트의 포트를 서버에알려준다. Passive 모드 Passive 모드는 데이터 포트와 명령포트 전부 클라이언트에서 서버로 연결을 하는 방식이다. 즉 클라이언트의 공유기의 간섭없이 서버와의 통신이 가능하다. 하지만 클라이언트에서 접속하는 데 있어서 열어둔 포트가 서버의 방화벽에서 막혀 있지 않아야 한다. 연결과정 1. FTP 서버 IP xxx.xxx.xxx.xxx 포트 21번에 접속 2. FTP 서버의 21포트 -> 클라이언트 1023(n) 이상의 포트(서버에서 클라이언트의 Command 포트로 응답) 3. FTP 서버의 Passive 설정된 범위의 포트 -> 클라이언트 n+1 포트(클라이언트에서 접속) 4. FTP 서버의 Passive 설정된 범위의 포트 -> 클라이언트 n+1 포트(클라이언트에서의 데이터 전송) 포트의 범위는 서버의 서비스에 간섭이 없는 범위내에서 적당히 설정한다. 여기서 적당히는 클라이언트의 접속량에 따라 다르다. 또 웹 서비스의 경우 8080포트 등으로 운영이 될 수 있고 또 IRC 나 기타 서비스의 간섭이 없는 범위내에서 포트를 설정해야 한다. 보통 1000~2000 사이의 범위를 정해서 포트를 열어둔다. 설정방법 * 아래 설정 방법에서 시작 끝은 포트 범위를 나태낸다 LINUX 서버 wu-ftpd /etc/ftpaccess passive ports 0.0.0.0/0 시작 끝 proftpd /etc/proftpd/conf/proftpd.conf PassivePorts 시작 끝 vsftpd /etc/vsftpd/vsftpd.conf pasv_enable=YES pasv_min_port=시작 pasv_max_port=끝 * 리눅스 서버의 Passive 모드 설정할때는 ip_conntrack 모듈이 필요하다. 이 모듈은 열려있는 포트가 몇번 포트에 의해서 연결이 되었는지 정보를 담고 있다. 그 정보를 담고 있는 부분은 /proc/net/ip_contrack 에 존재한다. 커널 모듈을 등록시켜줘야 한다. modprobe ip_conntrack modprobe ip_conntrack_ftp Iptable 설정 /etc/sysconfig/iptable-config 파일 내의 IPTABLES_MODULES 항목을 추가 하거나 주석을 제거한다. IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp" iptables -A INPUT -p tcp --sport 1024:65535 --dport [포트시작]:[포트끝] -m state --state ESTABLISHED,RELATED -j ACCEPT Windows 서버 1. 시작 - 제어판 - 관리도구 - 인터넷정보서비스 - 로컬컴퓨터 - 속성 - 메타베이스 직접 편집 허용 체크 2. C:\%SystemRoot%\system32\inetsrv\metabase.xml 열기 3. PassivePortRange="시작-끝" 으로 수정 4. metabase.xml 저장 5. IIS 재시작 6. Ipsec, 또는 방화벽에 설정한 포트 번호 추가 * Windows 2000 에서는 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\ 에 REG_SZ 값으로 PassivePortRange 값을 추가한다. * 사진의 위쪽은 Active 모드, 아래쪽은 Passive 모드
76 [ksh] 여러개의 프로세스 kill 시키는 스크립트
조인상
10478 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ ps -ef | grep java | grep -v grep | awk '{ print $2 }' > /java_pid.txt NOJAVA=`cat /java_pid.txt | wc -l` i=1 while [ $i -le $NOJAVA ] do JAVA_PID=`head -$i /java_pid.txt | tail -1` kill -9 $JAVA_PID i=`expr $i + 1` done 위의 알고리즘 없이 한줄에 끝내려면... ps -ef | grep java | grep -v grep | awk '{ print "kill -9 "$2 }' | ksh -x
75 솔라리스10에서 tcp_wrapper 사용하기/설정
조인상
12225 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 출처 : PowerComputing OF BlueStorm | BlueStorm +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 시작하기 전에 먼저 작은 배경지식을 제공하려고 합니다. TCP Wrappers는 정말 오랫동안 사용되어 온 프로그램입니다. (Wietse Venema's FTP archive 참조). 이 프로그램은 호스트 네임, IP 주소, network 주소등에 기반하여 TCP 서비스의 접근에 제약을 가하는데 사용됩니다. TCP Wrappers의 자세한 설명과 사용하는 방법은 tcpd(1M)를 참고 바랍니다. TCP Wrappers는 Solaris 9부터 운영체제에 통합되기 시작했고 솔라리스 Secure Shell 과 inetd-기반 (streams, nowait) 서비스 등에 이용되고 있습니다. Secure Shell에 지원되는 TCP Wrappers는 TCP Wrappers 가 함수 host_access(3) 를 이용하여 접속이 허용될것인지 를 결정하기 때문에 항상 활성되 되어 있습니다. 만약 TCP Wrappeps가 설정되어 있지 않았다면 무조건 접속이 허용될 것입니다.그렇지 않으면 hosts.allow 또는 hosts.deny 파일에 적용을 받게 됩니다. 이러한 파일에 대한 좀 더 자세한 정보는 hosts_access(4)를 참고 바랍니다. 주의할 점은 TCP Wrappers 의 모든 manual 페이지는 솔라리스 10에서 /usr/sfw/man 디렉토리 하에 존재 합니다. 이 메뉴얼 페이지를 보기 위해선 다음과 같은 명령을 사용해야 합니다: $ man -M /usr/sfw/man -s 4 hosts_access inetd-기반 서비스들은 TCP Wrappers를 다른 방법으로 이용합니다. 솔라리스 9에서 inetd-기반 서비스들에 TCP Wrappers 사용을 활성화 시키려면 /etc/default/inetd 파일 내에 ENABLE_TCPWRAPPERS 파라미터를 YES 로 설정해야 합니다. 기본적으로 TCP Wrappers는 inetd를 위해 활성화 되어 있지 않습니다. 솔라리스 10에서 두가지 새로운 서비스가 새로 보호(wrapper) 되어졌습니다: sendmail 과 rpcbind. sendmail 은 Secure Shell과 비슷한 방법으로 동작합니다. 그것들은 항상 host_access 함수를 호출 하므로 TCP Wrappers 지원은 항상 활성화 되어 있습니다. 특별히 부가적으로 설정하여할 부분도 없습니다. 다른 한편으로는 TCP Wrappers가 rpcbind 를 위해 활성화 되기 위해서는 수동으로 Service Management Facility (SMF)를 수정해 줘야 합니다. 비슷한방법으로 inetd 도 SMF의 속성을 이용하여 TCP Wrappers를 조정하기 위해 수정되어 졌습니다. 이제 inetd 와 rpcbind를 위해 TCP Wrappers를 활성화 시키는 방법에 대해 알아 봅시다. inetd-기반의 서비스를 위해서 TCP Wrappers를 활성화 하려면 간단히 다음과 같은 명령을 이용하면 도비니다: # inetadm -M tcp_wrappers=true # svcadm refresh inetd 다음의 명령은 telnet, rlogin, 그리고 ftp 같은 inetd-기반 (streams, nowait) 서비스를 위해 TCP Wrappers를 활성화 시킵니다(예): # inetadm -l telnet | grep tcp_wrappersdefault tcp_wrappers=TRUE inetd 를 위해 설정한 것이 제대로 동작하게 하려면 다음과 같은 명령을 이용합니다: # svcprop -p defaults inetd defaults/tcp_wrappers boolean true 여기서 알아 둘 점은 svccfg(1M) 명령을 이용해도 설정이 가능하다는 것입니다. # svccfg -s inetd setprop defaults/tcp_wrappers=true # svcadm refresh inetd inetadm(1M) 를 사용하든 svccfg 를 사용하든 그것은 전적으로 사용자의 결정 입니다. 또한 각 서비스 단위의 TCP Wrappers 설정도 inetadm 또는 svccfg 을 사용하여 가능합니다. 예를 들어 ftp 가 아닌 telnet 에 TCP Wrappers를 설정하고 싶다고 가정해 봅시다. 기본적으로 글로벌 그리고 서비스 기반의 TCP Wrappers 설정은 비활성화 되어 있습니다: # inetadm -p | grep tcp_wrappers tcp_wrappers=FALSE # inetadm -l telnet | grep tcp_wrappers default tcp_wrappers=FALSE # inetadm -l ftp | grep tcp_wrappers default tcp_wrappers=FALSE telnet에 TCP Wrappers를 활성화 시키고 싶다면 다음과 같은 명령을 사용합니다: # inetadm -m telnet tcp_wrappers=TRUE 설정을 다시 한번 확인해 봅시다: # inetadm -p | grep tcp_wrappers tcp_wrappers=FALSE # inetadm -l telnet | grep tcp_wrappers tcp_wrappers=TRUE # inetadm -l ftp | grep tcp_wrappers default tcp_wrappers=FALSE 위에서 보듯이 TCP Wrappers 는 telnet 에 대해 활성화 되어 있지만 다른 것들에 대해서는 그렇지 않습니다. rpcbind 를 위해 TCP Wrappers 를 설정하려면 다음과 같은 명령을 사용합니다: # svccfg -s rpc/bind setprop config/enable_tcpwrappers=true # svcadm refresh rpc/bind 이것이 활성화 됐는지 여부는 다음의 명령으로 확인 가능합니다: # svcprop -p config/enable_tcpwrappers rpc/bind true From Sun Korea Developer Network.
74 솔라리스8 ssh 설치
조인상
12399 2010-05-11
본문 : http://www.ischo.net -- 조인상 //시스템 엔지니어 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ http://www.sunfreeware.com/indexsparc8.html 에서 다운로드 필수 구성요소 pkginfo 로 확인하고 안되있을때 먼저 설치한다. openssl-0.9.8k, zlib, libgcc-3.4.6 or gcc-3.4.6 설치후 세팅 ----------- 1. ssh 계정설정 # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd # useradd -g sshd -d /var/empty -s /bin/false sshd 2. sshd 인증키 생성 # ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" # ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N "" # ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" 3. start 스크립트 생성 #!/sbin/sh case "$1" in 'start') /usr/local/sbin/sshd ;; 'stop') /usr/bin/pkill -x -u 0 sshd ;; *) echo "Usage: : $0 {start|stop}" exit 1 ;; esac exit 0 4. ssh 스크립트 퍼미션 변경 # chmod 744 /etc/init.d/ssh # chgrp sys /etc/init.d/ssh # ln -s /etc/init.d/ssh /etc/rc2.d/S99ssh # ln -s /etc/init.d/ssh /etc/rc0.d/K99ssh