Tuesday, June 27, 2017

Solaris 10 - zone creation


1. Login to control Domain,

login as: root
Using keyboard-interactive authentication.
Password:
Last login: Sun Jun 25 08:36:43 2017
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
# bash
bash-3.2# df -h
Filesystem             size   used  avail capacity  Mounted on
rpool/ROOT/s10x_u11wos_24a    12G   4.4G   5.3G    46%    /

bash-3.2# echo | format
Searching for disks...
Inquiry failed for this logical diskdone


AVAILABLE DISK SELECTIONS:
       0. c0d0 <▒x▒▒▒▒▒▒▒▒▒@▒▒▒ cyl 1565 alt 2 hd 255 sec 63>
          /pci@0,0/pci-ide@7,1/ide@0/cmdk@0,0
Specify disk (enter its number): Specify disk (enter its number):
bash-3.2# zpool list
NAME    SIZE  ALLOC   FREE  CAP  HEALTH  ALTROOT
rpool  11.9G  6.39G  5.55G  53%  ONLINE  -
bash-3.2# zfs list
NAME                         USED  AVAIL  REFER  MOUNTPOINT
rpool                       6.45G  5.30G  42.5K  /rpool
rpool/ROOT                  4.39G  5.30G    31K  legacy
rpool/ROOT/s10x_u11wos_24a  4.39G  5.30G  4.39G  /
rpool/dump                  1.00G  5.30G  1.00G  -
rpool/export                  76K  5.30G    32K  /export
rpool/export/home             44K  5.30G    44K  /export/home
rpool/swap                  1.06G  5.36G  1.00G  -
bash-3.2# ping 192.168.10.135
192.168.10.135 is alive
bash-3.2# ssh 192.168.10.135
^C
bash-3.2# pwd
/
bash-3.2# mkdir /export/home/bishal-zone
bash-3.2# zonecfg -z bishal
bishal: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:bishal> create
zonecfg:bishal> set zonepath=/export/home/bishal-zone
zonecfg:bishal> set autoboot=true
zonecfg:bishal> add net
zonecfg:bishal:net> set physical=e1000g0
zonecfg:bishal:net> set address=192.168.10.221
zonecfg:bishal:net> end
zonecfg:bishal> add attr
zonecfg:bishal:attr> set name=comment
zonecfg:bishal:attr> set type=string
zonecfg:bishal:attr> set value="Bishals zone"
zonecfg:bishal:attr> end
zonecfg:bishal> verify
zonecfg:bishal> commit
zonecfg:bishal> info
zonename: bishal
zonepath: /export/home/bishal-zone
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
net:
        address: 192.168.10.221
        physical: e1000g0
        defrouter not specified
attr:
        name: comment
        type: string
        value: "Bishals zone"
zonecfg:bishal> exit
bash-3.2# zonecfg -z bishal export | more
create -b
set zonepath=/export/home/bishal-zone
set autoboot=true
set ip-type=shared
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add net
set address=192.168.10.221
set physical=e1000g0
end
add attr
set name=comment
set type=string
set value="Bishals zone"
end
bash-3.2#  zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   - bishal           configured /export/home/bishal-zone       native   shared
bash-3.2# zoneadm -z bishal install
/export/home/bishal-zone must not be group readable.
/export/home/bishal-zone must not be group executable.
/export/home/bishal-zone must not be world readable.
/export/home/bishal-zone must not be world executable.
could not verify zonepath /export/home/bishal-zone because of the above errors.
zoneadm: zone bishal failed to verify
bash-3.2# ls -ld /export/home/bishal-zone
drwxr-xr-x   2 root     root           2 Jun 25 11:56 /export/home/bishal-zone
bash-3.2# chmod 700 /export/home/bishal-zone
bash-3.2# zoneadm -z bishal install
A ZFS file system has been created for this zone.
Preparing to install zone <bishal>.
Creating list of files to copy from the global zone.
Copying <2711> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1244> packages on the zone.
Initialized <1244> packages on zone.
Zone <bishal> is initialized.
The file </export/home/bishal-zone/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
bash-3.2# zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   - bishal           installed  /export/home/bishal-zone       native   shared
bash-3.2# cd /export/home/bishal-zone/
bash-3.2# ls
root
bash-3.2# cd root
bash-3.2# ls
bin       etc       home      lib       opt       proc      system    usr
dev       export    kernel    mnt       platform  sbin      tmp       var
bash-3.2# df -h .
Filesystem             size   used  avail capacity  Mounted on
rpool/export/home/bishal-zone
                        12G    76M   5.2G     2%    /export/home/bishal-zone
bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
        inet 192.168.10.20 netmask ffffff00 broadcast 192.168.10.255
        ether 0:c:29:e:4a:65
bash-3.2# zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   - bishal           installed  /export/home/bishal-zone       native   shared
bash-3.2# zoneadm -z bishal boot
zoneadm: zone 'bishal': WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.10.221; using default of 255.255.255.0.
bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        zone bishal
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
        inet 192.168.10.20 netmask ffffff00 broadcast 192.168.10.255
        ether 0:c:29:e:4a:65
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone bishal
        inet 192.168.10.221 netmask ffffff00 broadcast 192.168.10.255
bash-3.2# zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   1 bishal           running    /export/home/bishal-zone       native   shared
bash-3.2# zoneadm -z bishal reboot
zoneadm: zone 'bishal': WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.10.221; using default of 255.255.255.0.
bash-3.2# zoneadm list -cv
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   2 bishal           running    /export/home/bishal-zone       native   shared
bash-3.2# zlogin -C bishal
[Connected to zone 'bishal' console]


Select a Language

  0. English
  1. es
  2. fr

Please make a choice (0 - 2), or press h or ? for help: 0


Select a Locale

  0. English (C - 7-bit ASCII)
  1. Canada (English) (UTF-8)
  2. Canada-English (ISO8859-1)
  3. U.S.A. (UTF-8)
  4. U.S.A. (en_US.ISO8859-1)
  5. U.S.A. (en_US.ISO8859-15)
  6. Go Back to Previous Screen

Please make a choice (0 - 6), or press h or ? for help: 0


What type of terminal are you using?
 1) ANSI Standard CRT
 2) DEC VT52
 3) DEC VT100
 4) Heathkit 19
 5) Lear Siegler ADM31
 6) PC Console
 7) Sun Command Tool
 8) Sun Workstation
 9) Televideo 910
 10) Televideo 925
 11) Wyse Model 50
 12) X Terminal Emulator (xterms)
 13) CDE Terminal Emulator (dtterm)
 14) Other
Type the number of your choice and press Return: 12
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: e1000g0.
q Host Name for e1000g0:1 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  Enter the host name which identifies this system on the network.  The name
  must be unique within your domain; creating a duplicate host name will cause
  problems on the network after you install Solaris.

  A host name must have at least one character; it can contain letters,
  digits, and minus signs (-).


             Host name for e1000g0:1 bishal
                                     bishal



qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Confirm Information for e1000g0:1 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > Confirm the following information.  If it is correct, press F2;
    to change any information, press F4.


                          Host name: bishal




qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  Just a moment... F4_Change    F6_Help
q Configure Security Policy: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  Specify Yes if the system will use the Kerberos security mechanism.

  Specify No if this system will use standard UNIX security.

      Configure Kerberos Security
      qqqqqqqqqqqqqqqqqqqqqqqqqqq
      [ ] Yes
      [X] No





qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > Confirm the following information.  If it is correct, press F2;
    to change any information, press F4.


        Configure Kerberos Security: No




qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  Please wait...   F4_Change    F6_Help
q Name Service qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  On this screen you must provide name service information.  Select the name
  service that will be used by this system, or None if your system will either
  not use a name service at all, or if it will use a name service not listed
  here.

  > To make a selection, use the arrow keys to highlight the option
    and press Return to mark it [X].


      Name service
      qqqqqqqqqqqq
      [X] NIS+
      [ ] NIS
      [ ] DNS
      [ ] LDAP
      [ ] None
        ]
       X]


qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > Confirm the following information.  If it is correct, press F2;
    to change any information, press F4.


                       Name service: None




qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  Just a moment... F4_Change    F6_Help
q NFSv4 Domain Name qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  NFS version 4 uses a domain name that is automatically derived from the
  system's naming services. The derived domain name is sufficient for most
  configurations. In a few cases, mounts that cross domain boundaries might
  cause files to appear to be owned by "nobody" due to the lack of a common
  domain name.

  The current NFSv4 default domain is: ""


      NFSv4 Domain Configuration
      qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
      [X] Use the NFSv4 domain derived by the system
      [ ] Specify a different NFSv4 domain



qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Confirm Information for NFSv4 Domain qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > Confirm the following information.  If it is correct, press F2;
    to change any information, press F4.


                 NFSv4 Domain Name:  << Value to be derived dynamically >>



qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F4_Change    F6_Help
q Time Zone qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  On this screen you must specify your default time zone.  You can specify a
  time zone in three ways:  select one of the continents or oceans from the
  list, select other - offset from GMT, or other - specify time zone file.

  > To make a selection, use the arrow keys to highlight the option and
    press Return to mark it [X].


      Continents and Oceans
      qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  -   [ ] Africa
  x   [ ] Americas
  x   [ ] Antarctica
  x   [X] Arctic Ocean
  x   [ ] Asia
  x   [ ] Atlantic Ocean
  x   [ ] Australia
  x   [ ] Europe
  v   [ ] Indian Ocean

qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Country or Region qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > To make a selection, use the arrow keys to highlight the option and
    press Return to mark it [X].


      Countries and Regions
      qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  -   [ ] United States
  x   [ ] Anguilla
  x   [X] Antigua & Barbuda
  x   [ ] Argentina
  x   [ ] Aruba
  x   [ ] Bahamas
  x   [ ] Barbados
  x   [ ] Belize
  x   [ ] Bolivia
  x   [ ] Bonaire Sint Eustatius & Saba
  x   [ ] Brazil
  x   [ ] Canada
  v   [ ] Cayman Islands

qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Time Zone qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > To make a selection, use the arrow keys to highlight the option and
    press Return to mark it [X].


      Time zones
      qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  -   [ ] Eastern Time
  x   [ ] Eastern Time - Michigan - most locations
  x   [X] Eastern Time - Kentucky - Louisville area
  x   [ ] Eastern Time - Kentucky - Wayne County
  x   [ ] Eastern Time - Indiana - most locations
  x   [ ] Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties
  x   [ ] Eastern Time - Indiana - Pulaski County
  x   [ ] Eastern Time - Indiana - Crawford County
  x   [ ] Eastern Time - Indiana - Pike County
  x   [ ] Eastern Time - Indiana - Switzerland County
  x   [ ] Central Time
  x   [ ] Central Time - Indiana - Perry County
  v   [ ] Central Time - Indiana - Starke County

qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help
q Confirm Information qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  > Confirm the following information.  If it is correct, press F2;
    to change any information, press F4.


                          Time zone: Eastern Time
                                     (US/Eastern)




qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
  Please wait...   F4_Change    F6_Help
q Root Password qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq

  Please enter the root password for this system.

  The root password may contain alphanumeric and special characters.  For
  security, the password will not be displayed on the screen as you type it.

  > If you do not want a root password, leave both entries blank.


                     Root password:
                     Root password:  ********
                                     ********




qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
    F2_Continue    F6_Help




rebooting system due to change(s) in /etc/default/init


[NOTICE: Zone rebooting]


SunOS Release 5.10 Version Generic_147148-26 64-bit
Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved.
Hostname: bishal

bishal console login: Jun 25 12:15:37 bishal sendmail[7176]: My unqualified host name (bishal) unknown; sleeping for retry
Jun 25 12:15:37 bishal sendmail[7182]: My unqualified host name (bishal) unknown; sleeping for retry
root
Password:
Jun 25 12:15:55 bishal login: ROOT LOGIN /dev/console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
# bash
bash-3.2# useradd -d /export/home/bishal -m -c "Bishal" -s /bin/bash bishal
UX: useradd: ERROR: Unable to create the home directory: No such file or directory.
bash-3.2# ls -ld /export/hom
bash-3.2# mkdir Jun 25 12:16:37 bishal sendmail[7176]: unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7176]: [ID 702911 mail.alert] unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7182]: unable to qualify my own domain name (bishal) -- using short name
Jun 25 12:16:37 bishal sendmail[7182]: [ID 702911 mail.alert] unable to qualify my own domain name (bishal) -- using short name
/export/home
bash-3.2# useradd -d /export/home/bishal -m -c "Bishal" -s /bin/bash bishal
bash-3.2# passwd bishal
New Password:
passwd: The password must contain at least 1 numeric or special character(s).

Please try again
New Password:

bash-3.2# grep root /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
bash-3.2# grep root /etc/shadow
root:l5u2cH9PhmZI6:6445::::::
bash-3.2# vi /etc/ssh/sshd_config
"/etc/ssh/sshd_config" 155 lines, 4997 characters
#
# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
#
# ident "@(#)sshd_config        1.10    10/10/19 SMI"
#
# Configuration file for sshd(1m)

# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2.  It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.

# Uncomment ONLY ONE of the following Protocol statements.

# Only v2 (recommended)
/PermitR
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes

# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
#PermitRootLogin no
PermitRootLogin yes

# sftp subsystem
Subsystem       sftp    internal-sftp


# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
"/etc/ssh/sshd_config" 156 lines, 5018 characters nd the functionality
bash-3.2# svcs -a | grep ssh
online         12:15:37 svc:/network/ssh:default
bash-3.2# svcadm restart ssh
bash-3.2# Jun 25 12:18:59 bishal su: 'su root' succeeded for bishal on /dev/pts/8

bash-3.2#
bash-3.2# hostname
bishal
bash-3.2# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 192.168.10.221 netmask ffffff00 broadcast 192.168.10.255
bash-3.2# exit
# ^D

bishal console login: Jun 25 12:30:17 bishal su: 'su root' succeeded for bishal on /dev/pts/9

No comments:

Post a Comment