Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells

Softpanorama Solaris Bulletin 2005

[Dec 15, 2005] New Sun BluePrints

[Dec 11, 2005] Power could cost more than servers, Google warns CNET Sun's edge in CPU power consumption in T1 "Niagara" might be more important then many think.  Less than 80 watts power consumption, and up to 5 times Xeon performance (AMD's Opteron server processor consumes a maximum of 95 watts, so it is close to T1 in power efficiency).

"If performance per watt is to remain constant over the next few years, power costs could easily overtake hardware costs, possibly by a large margin," Luiz Andre Barroso, who previously designed processors for Digital Equipment Corp., said in a September paper published in the Association for Computing Machinery's Queue. "The possibility of computer equipment power consumption spiraling out of control could have serious consequences for the overall affordability of computing, not to mention the overall health of the planet."

Barroso's view is likely to go over well at Sun Microsystems, which on Tuesday launched its Sun Fire T2000 server, whose 72-watt UltraSparc T1 "Niagara" processor performs more work per watt than rivals. Indeed, the "Piranha" processor Barroso helped design at DEC, which never made it to market, is similar in some ways to Niagara, including its use of eight processing cores on the chip.

To address the power problem, Barroso suggests the very approach Sun has taken with Niagara: processors that can simultaneously execute many instruction sequences, called threads. Typical server chips today can execute one, two or sometimes four threads, but Niagara's eight cores can execute 32 threads.

Power has also become an issue in the years-old rivalry between Intel and Advanced Micro Devices. AMD's Opteron server processor consumes a maximum of 95 watts, while Intel's Xeon consumes between 110 watts and 165 watts. Other components also draw power, but Barroso observes that in low-end servers, the processor typically accounts for 50 percent to 60 percent of the total consumption.

Fears about energy consumption and heat dissipation first became a common topic among chipmakers around 1999, when Transmeta burst onto the scene. Intel and others immediately latched onto the problem, but coming up with solutions, while providing customers with higher performance, has proved difficult. While the rate at which power consumption increases has declined a bit, the overall rate of energy required still grows. As a result, a "mini-boom" has occurred for companies that specialize in heat sinks and other components that cool.

Sun loudly trumpets Niagara's relatively low power consumption, but it's not the only one to get the religion. At its Intel Developer Forum in August, Intel detailed plans to rework its processor lines to focus on performance per watt.

Over the last three generations of Google's computing infrastructure, performance has nearly doubled, Barroso said. But because performance per watt remained nearly unchanged, that means electricity consumption has also almost doubled.

If server power consumption grows 20 percent per year, the four-year cost of a server's electricity bill will be larger than the $3,000 initial price of a typical low-end server with x86 processors. Google's data center is populated chiefly with such machines. But if power consumption grows at 50 percent per year, "power costs by the end of the decade would dwarf server prices," even without power increasing beyond its current 9 cents per kilowatt-hour cost, Barroso said.

Barroso's suggested solution is to use heavily multithreaded processors that can execute many threads. His term for the approach, "chip multiprocessor technology," or CMP, is close to the "chip multithreading" term Sun employs.

"The computing industry is ready to embrace chip multiprocessing as the mainstream solution for the desktop and server markets," Barroso argues, but acknowledges that there have been significant barriers.

For one thing, CMP requires a significantly different programming approach, in which tasks are subdivided so they can run in parallel and concurrently.

Indeed, in a separate article in the same issue of ACM Queue, Microsoft researchers Herb Sutter and James Larus wrote: "Concurrency is hard. Not only are today's languages and tools inadequate to transform applications into parallel programs, but also it is difficult to find parallelism in mainstream applications, and--worst of all--concurrency requires programmers to think in a way humans find difficult."

But the software situation is improving as programming tools gradually adapt to the technology and multithreading processors start to catch on, Barroso said.

Another hurdle has been that much of the industry has been focused on processors designed for the high-volume personal computer market. PCs, unlike servers, haven't needed multithreading.

But CMP is only a temporary solution, he said.

"CMPs cannot solve the power-efficiency challenge alone, but can simply mitigate it for the next two or three CPU generations," Barroso said. "Fundamental circuit and architectural innovations are still needed to address the longer-term trends."

CNET's Michael Kanellos contributed to this report.

[Dec 7, 2005] NewsForge Opening Solaris opens door to community, derivative distros

Since the OpenSolaris community was launched in June, at least three derivative distributions -- SchilliX, BeleniX, and Nexenta -- have been created and released. Parts of OpenSolaris are also making their way into other operating systems. A port of DTrace is in the works for FreeBSD.

SchilliX, an OpenSolaris-based live CD, was the first OpenSolaris derivative released, only days after Sun's release of the OpenSolaris code. OpenSolaris can be installed from the SchilliX CD to a hard drive or USB memory stick.

[Nov 24, 2005] The history of DOS Within the Oceans of Great Risk were many Sun Worshippers, and they wanted to excel, and make their words perfect, and do their jobs as easy as one-two-three. And what's more, many of them no longer wanted to pay for the Risk. So the Sun Lord went to the Pea Sea, and got himself eighty-sixed.

[Nov 17, 2005] Oracle taps Solaris 10 as 'preferred development platform' Sun Microsystems announced that Oracle selected the Solaris 10 to be its preferred 64-bit development and deployment platform. That's ends Oracle flirting with Linux. According to Oracle, Solaris 10 will be used throughout its development organization. It will also release and ship 64-bit versions of all Oracle products on the Solaris OS prior to or simultaneous with the release of products on other operating systems.

[Nov 17, 2005]  Sun Studio 11 Sun Studio 11 software removes the price barrier and is available for Free!

Sun Studio 11 software is the latest release of record-setting, optimizing compilers and tools for the C, C++ and Fortran developer. This release delivers the highest optimizations and the best performance in the development of scalable 32-bit and 64-bit applications on Sun's newest hardware platforms including the latest multi-core UltraSPARC, x64 and x86 platforms. And Sun Studio 11 software now removes the price barrier and is available for Free!

Sun Studio 11 software compilers allow developers to leverage the latest in parallel programming and maximize throughput on multi-core systems. In addition, even single-threaded applications gain as the compilers can identify opportunities to parallelize execution and automatically, without source-code changes, produce back-end code to take advantage of this.

[Nov 14, 2005] Sun announces new T1 chip - Computerworld
    Key features

The T1's eight cores can each handle four instruction sequences for a total of 32, and Sun's chief operating officer, Jonathan Schwartz, said that it now has a five-year leap on the Power chip from IBM and Intel's Xeon processor.

"It is a linchpin of the turnaround, but it's not the only one," Schwartz said in a telephone interview, pointing to Sun's expanded lineup of servers that use AMD's Opteron processors, its Java Enterprise System collection of network, identity management and other business software, its grid computing offerings and its subscription-based product offerings.

"You may have noticed we haven't had a performance advantage with Sparc in the past few years. Now we have an irrefutable performance advantage," Schwartz said.

Schwartz also said the T1's lower power consumption is about more than conserving natural resources and protecting the environment. Power consumption in data centers has increasingly become a hot topic for those that manage them.

"I don't think doing good for the planet has to be inconsistent with doing good for our shareholders," Schwartz said.

IDC's Turner said the energy-sipping TI chips could resonate well with customers who buy Sun's Sparc-Solaris servers.

"Given that power [consumption] is one of the data center 's hot and heavy buzzwords right now, they'll probably get some attention," Turner said, referring to the T1 chip.

[Nov 9, 2005] Fujitsu UltraSparc compatible CPUs are competitive with Opteron on SPECint2000/SPECfp2000. They managed to get more then 1200 on SPECint_base2000 for 1.8GHz CPU and over 1400 for 2.16 GHz CPU. That's slightly faster then Opteron 252 (SPECint_base2000 1382). In 1T transaction procession IBM still have a lead.

2.16 GHz CPU.

SPECint2000 = 1594
SPECint_base2000 = 1456
SPECfp2000 = 2139
SPECfp_base2000 = 1808

1.8HHz CPU

SPECint2000 = 1344
SPECint_base2000 = 1256
SPECfp2000 = 1803
SPECfp_base2000 = 1510

Sun 20z (Opteron 252)

SPECint2000 = 1521
SPECint_base2000 = 1382
SPECfp2000 = 2036
SPECfp_base2000 = 1852

[Nov 9, 2005] Was OpenSolaris a Mistake Paul Murphy Two interesting observations from pro-Linux press:

New UltraSparc IV servers are cheaper and faster then Power 5.

... the new USIV+ "traditional" Ultrasparcs are beating Power5 on both price and performance while the company is about to introduce a whole new world of high performance, low cost, CMT/SMP computing.

        ...Right now, Sun offers the fastest, and cheapest, x86 boxes around.

[Nov 4, 2005]  Slashdot/Solaris Now an Option for IBM Blades  IBM and Sun have reached an agreement allowing Solaris 10 to be supported on IBM BladeCenter servers.

[Nov 4, 2005] SchilliX by Jörg Schilling SchilliX-0.2.2 released

About: SchilliX is an OpenSolaris-based live CD and distribution that is intended to help people discover OpenSolaris. When installed on a hard drive, it also allows developers to develop and compile code in a pure OpenSolaris environment.

Changes: SchilliX now boots on amd64 in 32 and 64 bit mode. SchilliX is now built on top of OpenSolaris Build 24. ACPI support was improved. Vold was enhanced so that cdrecord is now able to deal with empty CD-ROMs while the removable volume management is running. A kit (shell scripts and packages) to create a SchilliX .ISO CD image from packages has been published.

[Oct 24, 2005] Review: Sun's Ultra 3 Mobile Workstation by Jem Matzan

Despite its recent announcement of servers based on AMD64 CPUs, Sun Microsystems is still gung-ho about its 64-bit UltraSPARC computers. The newest addition to Sun's workstation array is the portable Ultra 3 Mobile Workstation. At first glance you might think it's a fancy-looking notebook system, but on closer inspection you'll discover that it's got all the power of a Sun Blade workstation in a fraction of the size.

[Oct 22, 2005] Solaris Express 10/2005 Released   Dan Price has given us a long “What’s New” list for this release.Solaris "Nevada", Build 23 (10/2005)

Desktop Technologies

For Developers

System Enhancements

Hardware Support

OpenSolaris Related Activity

This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.

[Oct 17, 2005] Overview of Sun's new UltraSPARC IV+ 64-bit processor Operating at 1.5 GHz, the UltraSPARC IV+ offers up to five times the performance of UltraSPARC III servers and up to double increased performance over UltraSPARC IV servers in the same footprint, with no increase in power and cooling requirements.

Sun's new UltraSPARC IV+ 64-bit processor is the fifth generation in our UltraSPARC processor family. It comes with significantly enhanced cores, 2 MB on-chip L2 cache, and an off-chip 32 MB L3 cache. The 1.5 GHz processor follows Sun's Throughput Computing vision while continuing the tradition of binary code compatibility—and uses the latest 90 nanometer process technology.

... ... ...

The UltraSPARC IV+ processor uses Chip Multithreaded Technology that supports two simultaneous threads as a result of two independent cores. Operating at 1.5 GHz, the UltraSPARC IV+ offers up to five times the performance of UltraSPARC III servers and up to double increased performance over UltraSPARC IV servers in the same footprint, with no increase in power and cooling requirements.

[Oct 17, 2005] New hopes from Sun's idea factory - page 2 CNET

Sparc servers remain Sun's most important business, and boosting Sparc sales is probably the single easiest way for the company to restore financial health, even though market researcher IDC forecasts the $19.1 billion market for Unix server servers will shrink by $200 million during the next four years, while Linux and Windows sales continue to grow.

"No matter how Galaxy takes off in the's going to be off a comparatively small base," Schwartz said. "We're in the billions of dollars of opportunity in the Solaris-Sparc marketplace." Sparc server sales also tend to tow along other business, such as data storage and customer services, Sanford C. Bernstein analyst Toni Sacconaghi said.

Here's the Sparc lineup today: UltraSparc IV, released in 2004, and its new IV+ sequel released this month. Both feature a dual-core design, which puts two processing engines on the same slice of silicon.

Next in the Sparc rejuvenation plan comes Niagara, an eight-core processor that can execute 32 simultaneous instruction sequences called threads while consuming only 56 watts of power--less than half of an Intel Xeon, which can handle handle four threads.

There are indications that Sun has already piqued some customer interest. Internet auction giant eBay is among the customers trying the machines, sources familiar with the testing program said. eBay declined to comment.

Not surprisingly, competitors are quick to downplay Niagara. "For Sun's declining installed base, it's going to be a great product," Pat Gelsinger, general manager of Intel's Digital Enterprise Group, said.

Maybe so, but it's a customer base Sun certainly needs to keep happy, and those high-end customers can be leery of x86 machines. "What we need is something that is solid or stable," said Carsten Larsen, general manager of commercial development for Australian utility provider ActewAGL.

And Sun has other plans. Next up is the "Advanced Product Line" partnership to sell servers with Fujitsu's Sparc64 VI "Olympus" processor beginning in late 2006.

Then comes Niagara II, built with a more advanced manufacturing process. Its features include hardware acceleration of at least seven cryptography algorithms, the ability to cooperate with Solaris to classify network traffic and send it to the appropriate processor core, and a built-in 10 gigabit-per-second Ethernet interface, said David Yen, executive vice president of Sun's Sparc group. In addition, it will be possible to make systems with multiple Niagara II chips.

Sun's public chip plan extends as far as "Rock." Where Niagara is geared for network-oriented tasks such as application servers or Web site hosting, the Rock chip family due in 2008 is designed for back-end tasks such as databases, where a single thread must execute as fast as possible.

Rock also will accelerate Java programs, facilitating the "garbage collection" process by which unused memory is freed for use, Yen said. Initial hardware design for both Niagara II and Rock will probably be completed in the first half of 2006, Yen said.

Rock, Niagara and Galaxy aren't a sure bet, of course. But many customers still would double down on Sun.

"Sun has been around for a long time," ActewAGL's Larsen said. "We're confident they're going to be around for some time to come."

[Jul 2, 2005] Learning Solaris 10 » Zones Unofficial FAQ Posted on March 11th, 2005.

This FAQ is NOT coming from an official Sun Source, be careful ! Still, I hope and believe that the answers are correct and will be very happy to correct them if they’re not.

Last updated : may 19 2005

Recent modifs : 1.3

Section 1 : Support

1.1 Do I need special hardware for running Zones ?
1.2 Which applications are supported to run on Zones ?
1.3 What about license costs if I run my application in a Zone on a specific number of CPUs?

Section 2 : Creation - Configuration

2.1 What are these four “add-inherit-pkg-dir” in my zone configuration and may I remove them?
2.2 Which kind of devices may I NOT add using the zonecfg “set devices” command?
2.3 How do I add a special netmask for a zone’s IP address?
2.4 How to hide a subdirectory of a directory that is loopback mounted from the Gloabl zone?
2.5 How do I add a filesystem to my non-global zone?

Section 3 : Administration

3.1. Why is snoop not working in a non-global zone?
3.2. How do I block traffic between non-global zones?
3.3. What is the patches story in non-global zones?

Section 4 : Integration with other Solaris features

4.1 : Zones & IPFilter?
4.2 : Zones & ZFS?
4.3 : Zones & IPQoS?
4.4 : Zones & IPsec?
4.5 : Zones & IPMP?
4.6 : Zones & DTrace?
4.7 : Zones & SunCluster?
4.8 : Zones & Solaris Volume Manager?
4.9 : Zones & Process Rights Management?

Section 6: files, commands & daemons

6.1 The zoneadmd daemon
6.2 The zsched daemon
6.3 The zcons driver
6.4 The zonecfg command
6.5 The zoneadm command
6.6 The zlogin command
6.7 The /etc/zones/my-zone.xml file
6.8 The /etc/zones/index file
6.9 The /etc/zones/SUNWdefault.xml file
6.10 The /etc/zones/SUNWblank.xml file

[Jun 17, 2005] Sun has second thoughts about Linux on Solaris CNET Sun is emphasizing Xen.

The feature, code-named Janus and not yet released, lets Linux applications run on its Solaris operating system. Sun instead is emphasizing a related open-source alternative called Xen.

Sun had touted Janus as a useful tool to help customers drop Linux in favor of Solaris, Sun's version of Unix. Sun offers the software to interested customers, but now expects customers that run Linux applications to be more interested in on an ordinary version of Linux.

"The interest in doing Linux applications on Solaris has been for migration. But when you talk about running certified data center applications, you're going to run that on the full stack of software that's been certified," said Tom Goguen, director of Solaris marketing for Sun.

Running Linux and Solaris side-by-side on the same computer will be possible with an open-source project called Xen, "hypervisor" software that lets multiple operating systems run simultaneously on one computer. It's used chiefly with Linux today, but "We've gotten actively involved in the Xen project," Goguen said.

Though Sun expects Xen to be more widely used, the company plans to offer and support Janus, Goguen said. John Fowler, a Sun executive vice president, said he's helped out Xen developers: "I just sent them a pile of hardware, gratis." And Solaris programmer Tim Marsland, in his blog on Friday, invited others to help Sun build Xen support into OpenSolaris.

IBM, Hewlett-Packard, Intel and Advanced Micro Devices also are Xen enthusiasts. Microsoft, which is critical of the General Public License (GPL) that covers open-source Xen, has its own hypervisor work under way.

Java flaws open door to hackers CNET Sun Microsystems has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris.

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

[Jun 3, 2005] Sun promotion: Bundle a 1.6 GHz AMD Athlon PC* in a Sun Blade 1500 or 2500 workstation for $1.

Run Solaris and Microsoft or Linux environments on a single desktop. With this promotion, you can add a SunPCi IIIpro Coprocessor card to your Sun Blade 1500 or Sun Blade 2500 workstation order for $1. Promotion valid February 1, 2005 through June 30th, 2005.

All Published SPEC CINT2000 Results. It looks like Opteron 250 based system are on average 2 times faster then fastest UltraSparc CPU (1.6 GHz) on integer calculations.   1.6 GHz CPU get a respectable 743 (approximately twice less then top Opteron CPU). The best Opteron system has 1569. BTW  Ultra 10 333MHz, which along with Ultra-5 was the most popular Sun workstation in late 90th, has CINT2000 rating of just 133.

Sun Microsystems Sun Blade 1000 Model 1600 1 core, 1 chip, 1 core/chip 293 313 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1600 1 core, 1 chip, 1 core/chip 292 311 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1750 1 core, 1 chip, 1 core/chip 370 395 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1750 1 core, 1 chip, 1 core/chip 377 396 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1750 1 core, 1 chip, 1 core/chip 369 393 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1900 1 core, 1 chip, 1 core/chip 438 467 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 1900 1 core, 1 chip, 1 core/chip 439 466 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1000 Model 900 Cu 1 core, 1 chip, 1 core/chip 470 533 Text HTML PDF PS Config
Sun Microsystems Sun Blade 100 1 core, 1 chip, 1 core/chip 165 174 Text HTML PDF PS Config
Sun Microsystems Sun Blade 150 (550 MHz) 1 core, 1 chip, 1 core/chip 202 217 Text HTML PDF PS Config
Sun Microsystems Sun Blade 150 (650 MHz) 1 core, 1 chip, 1 core/chip 230 246 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1500 (1.062GHz) 1 core, 1 chip, 1 core/chip 513 589 Text HTML PDF PS Config
Sun Microsystems Sun Blade 1500 (1.5GHz) 1 core, 1 chip, 1 core/chip 697 796 Text HTML PDF PS Config
Sun Microsystems Sun Blade 2000 (1.015GHz) 1 core, 1 chip, 1 core/chip 516 576 Text HTML PDF PS Config
Sun Microsystems Sun Blade 2000 (1.2GHz) 1 core, 1 chip, 1 core/chip 642 722 Text HTML PDF PS Config
Sun Microsystems Sun Blade 2500 (1.28GHz) 1 core, 1 chip, 1 core/chip 604 696 Text HTML PDF PS Config
Sun Microsystems Sun Blade 2500 (1.6GHz) 1 core, 1 chip, 1 core/chip 739 845 Text HTML PDF PS Config
Sun Microsystems Sun Blade Model 2050 1 core, 1 chip, 1 core/chip 537 610 Text HTML PDF PS Config
Sun Microsystems Sun Enterprise 3500/4500 1 core, 1 chip, 1 core/chip 198 212 Text HTML PDF PS Config
Sun Microsystems Sun Enterprise 450 1 core, 1 chip, 1 core/chip 225 234 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R (1.015GHz) 1 core, 1 chip, 1 core/chip 511 574 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R (1200 MHz) 1 core, 1 chip, 1 core/chip 637 712 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R 1 core, 1 chip, 1 core/chip 470 529 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R 1 core, 1 chip, 1 core/chip 365 391 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R 1 core, 1 chip, 1 core/chip 375 394 Text HTML PDF PS Config
Sun Microsystems Sun Fire 280R 1 core, 1 chip, 1 core/chip 366 390 Text HTML PDF PS Config
Sun Microsystems Sun Fire V1280 (1200MHz) 1 core, 1 chip, 1 core/chip 608 676 Text HTML PDF PS Config
Sun Microsystems Sun Fire V1280 (900MHz) 1 core, 1 chip, 1 core/chip 479 535 Text HTML PDF PS Config
Sun Microsystems Sun Fire V20z 1 core, 1 chip, 1 core/chip 1382 1521 Text HTML PDF PS Config
Sun Microsystems Sun Fire V20z 1 core, 1 chip, 1 core/chip 1569 1746 Text HTML PDF PS Config
Sun Microsystems Sun Fire V210 (1002MHz) 1 core, 1 chip, 1 core/chip 485 555 Text HTML PDF PS Config
Sun Microsystems Sun Fire V210 (1336MHz) 1 core, 1 chip, 1 core/chip 621 706 Text HTML PDF PS Config
Sun Microsystems Sun Fire V240 (1.28GHz) 1 core, 1 chip, 1 core/chip 613 704 Text HTML PDF PS Config
Sun Microsystems Sun Fire V240 (1002MHz) 1 core, 1 chip, 1 core/chip 482 553 Text HTML PDF PS Config
Sun Microsystems Sun Fire V240 (1503MHz) 1 core, 1 chip, 1 core/chip 698 794 Text HTML PDF PS Config
Sun Microsystems Sun Fire V250 (1.28GHz) 1 core, 1 chip, 1 core/chip 612 702 Text HTML PDF PS Config
Sun Microsystems Sun Fire V40z 1 core, 1 chip, 1 core/chip 1379 1515 Text HTML PDF PS Config
Sun Microsystems Sun Fire V40z 1 core, 1 chip, 1 core/chip 1558 1741 Text HTML PDF PS Config
Sun Microsystems Sun Fire V440 (1600MHz) 1 core, 1 chip, 1 core/chip 743 845 Text HTML PDF PS Config
Sun Microsystems Sun Fire V480 (1050MHz) 1 core, 1 chip, 1 core/chip 556 619 Text HTML PDF PS Config
Sun Microsystems Sun Fire V480 (1200MHz) 1 core, 1 chip, 1 core/chip 632 702 Text HTML PDF PS Config
Sun Microsystems Sun Fire V480 1 core, 1 chip, 1 core/chip 469 531 Text HTML PDF PS Config
Sun Microsystems Sun Fire V65x (3.06 GHz Xeon) 1 core, 1 chip, 1 core/chip (Hyper-Threading Technology disabled) 1024 1066 Text HTML PDF PS Config
Sun Microsystems Sun Fire V880 (1050MHz) 1 core, 1 chip, 1 core/chip 560 626 Text HTML PDF PS Config
Sun Microsystems Sun Fire V880 (1200MHz) 1 core, 1 chip, 1 core/chip 625 700 Text HTML PDF PS Config
Sun Microsystems Sun Fire V880 1 core, 1 chip, 1 core/chip 347 390 Text HTML PDF PS Config
Sun Microsystems Sun Fire V880 1 core, 1 chip, 1 core/chip 449 507 Text HTML PDF PS Config
Sun Microsystems Sun Java Workstation W1100z 1 core, 1 chip, 1 core/chip 1434 1582 Text HTML PDF PS Config
Sun Microsystems Sun Java Workstation W2100z 1 core, 1 chip, 1 core/chip 1437 1584 Text HTML PDF PS Config
Sun Microsystems Sun Netra 20 (900MHz) 1 core, 1 chip, 1 core/chip 475 533 Text HTML PDF PS Config
Sun Microsystems Sun Netra 20 1 core, 1 chip, 1 core/chip 377 417 Text HTML PDF PS Config
Sun Microsystems Ultra 10 333MHz 1 core, 1 chip, 1 core/chip 133 -- Text HTML PDF PS Config

Automating Centralized File Integrity Checks in the Solaris 10 Operating System

by Glenn Brunette

This Sun BluePrints Cookbook describes how to centralize and automate the collection of file integrity information using the following Solaris features:

* Secure Shell
* Role-based Access Control (RBAC)
* Process Privileges
* Basic Auditing and Reporting Tool (BART)

Each of these features can be quickly and easily integrated to centralize and automate the process of collecting file fingerprints across a network of Solaris 10 systems.

Note: This article is available in PDF Format only.

[Mar 25, 2005]

Traditionally, when a hardware or software fault occurred on a Solaris system, a message would usually be logged to the appropriate device specified in /etc/syslog.conf, and the rest of the diagnosis and repair was left to the administrator. Predictive Self-Healing technology is introduced in the Solaris 10 OS, which is available for preview through the Software Express for Solaris program.

Predictive Self-Healing is a newly designed cohesive architecture and methodology for automatically diagnosing,reporting, and handling software and hardware fault conditions.

This new technology lessens the time required to debug a hardware or software problem and provides the administrator and Sun Technical Support with detailed data about each fault. The architecture consists of an event management protocol, the fault manager, and the software fault-handling software, the Solaris Service Manager.

[Mar 17, 2005] An interesting option in telnetd for Solaris 10

It looks like it now provides a simple "not in DNS, no access" defense via option -U:

-U Refuses connections that cannot be mapped to a name through the getnameinfo(3SOCKET) function.

The Jem Report - Solaris 10 a collection of great, new, unique features

Prior to the launch event I got some suggestions from Solaris sysadmins who had specific problems with previous versions of Solaris and had switched to other operating systems where they could. I took the issues mentioned in this SysAdmin to SysAdmin column and the comment attached to it, plus some other notes, and compiled the following list of issues, which several Solaris engineers addressed point by point:
  • Solaris is too complex. This was described by the Solaris hackers as being an engineering problem that has been solved by introducing better technology -- namely, DTrace to replace other less specific command-line tools, to replace the aging Xsun server, a more streamlined installation procedure, and better documentation. "Documentation is never an afterthought for us," Cantrill told me.
  • If a user belongs to more than 15 groups, the system dies. Cantrill told me that this has long been a tunable parameter in Solaris. "Such that it exists at all, the limitation is due to a protocol restriction in NFS. By default, Solaris is configured to cooperate with other vendors' NFS implementations -- which means setting the number of supplementary groups to 15."
  • NIS netgroups have a size limitation; this forces messy netgroups. This is due to an underlying DBM database issue; the database has a size limit of 1,024 bytes. The best solution is to use LDAP instead.
  • If one machine is in two netgroups and both groups have mount privileges, the NFS server crashes. The Solaris engineers tested this and didn't find the problem; furthermore they had no record of this ever being a bug or problem with any previous editions of Solaris.
  • GNOME is poorly implemented. GNOME support has been greatly improved in Solaris 10. The version that ships with the initial release is 2.6.1, and it now uses the Java Desktop System theme by default.
  • The version of Netscape included with Solaris is old. Sun has abandoned Netscape in favor of Mozilla.
  • Solaris has a poor LDAP implementation. A great deal of work has gone into improving LDAP in Solaris 10. The new implementation is of a much higher quality and has expanded features over previous Solaris implementations.
  • If you set up the system to authenticate to NIS, then start LDAP, the system crashes. This bug has been fixed in Solaris 10.
  • Solaris is slow. Solaris 10 includes an optimized TCP/IP stack, which now scales much better on multi-CPU systems. Additionally, Solaris 10 has specific performance enhancements for UltraSPARC IIIi and IV systems that can increase performance by as much as 20%.

[Mar 14, 2005] Slashdot Solaris 10 Installation and Desktop Walkthrough This time the discussion is almost 100% junk: it looks like no experienced Solaris admin visit Slashdot anymore ;-).  Some more or less interesting posts: 

Solaris VS Linux (Score:-1, Troll)
by Lunix Torvalds (866066) on Sunday March 13, @10:26PM (#11929754)
I like Solaris. I find that it's more professional and robust than Linux. But what do I know, I only wrote Linux.
solaris 10 is great (+ real world dtrace example) (Score:1, Informative)
by Anonymous Coward on Monday March 14, @04:20AM (#11930849)
i've got it installed on a computer here, and it's not only solid but flexible. and dtrace makes it easy to shoot down any possible problem you're facing. for example (this is a dumb example, but useful) i was trying to samba share my dvd drive and watch a movie over it, and the player was just skipping on the first frame. so i'm sitting here wondering if it's an i/o problem, a network problem, a protocol problem, or what. i decided to test out dtrace and wrote a script to profile the reads from the dvd drive, and i find that it's only reading 59 bytes at a time. then it dawned on me that it was a commercial dvd that was css-locked or whatever and therefore the reads were failing.

had i thought to check the return codes on the reads i was profiling, i would have seen the problem immediately.

so then i do pkg-get -i vls ( and i'm on a roll. pkg-get is an automatic package downloader and dependency checker similar to apt or yum.

(of course, i haven't actually gotten videolan server *working* but i know what the problem and resolution is, thanks to solaris's profiling ability)

if you're running any high-demand system, you can see the obvious advantage of being able to exactly pinpoint any performance problem you're having.

anyways, i installed it when it came out (feb 1) and my uptime is 32 days. the only rebooting i've done so far is when i was trying to figure out the new svcs thing (which makes perfect sense and is way better than sysv-style init scripts once you get the hang of it)

in my book, solaris 10 gets 2 thumbs up.
Sun to kill Linux? (Score:2, Funny)
by Anonymous Coward on Sunday March 13, @09:41PM (#11929561)
I hope so
Re:Sun paid SCO money (Score:2)
by Tpenta (197089) on Monday March 14, @12:55AM (#11930342)
So what are are suggesting is that Sun should have acted illegally and not ensured that their licensing was correct? Come on, I am sure you can come up with something better than that old argument (which has been refuted so many times as conspiacy theory that I'm not going to mention it here again).

What I was asking for was references of Sun Folks saying that they are specifically aiming to kill Linux. The closest comment that I have come across was the reverse, and that was Linus saying that he'd like to see Sun die. The actual quote was

"A lot of people still like Solaris, but I'm in active competition with them, and so I hope they die,"

Ref: ews.jhtml?articleId=59300278 []

I am assuming that this is the same Anonymous Coward who wrote the initial post that I responded to. I would look forward to seeing those words (about Sun not open sourcing Solaris) get taken back, but I won't be terribly surprised if you don't.

Anatomy of a Read and Write Call - 21k By Pat Shuff Linux Journal 2002-09-20 23:00

We look at three different tactics for optimizing read and write performance under Linux.

A few years ago I was tasked with making the Spec96 benchmark suite produce the fastest numbers possible using the Solaris Intel operating system and Compaq Proliant servers. We were given all the resources that Sun Microsystems and Compaq Computer Corporation could muster to help take both companies to the next level in Unix computing on the Intel architecture. Sun had just announced its flagship operating system on the Intel platform and Compaq was in a heated race with Dell for the best departmental servers. Unixware and SCO were the primary challengers since Windows NT 3.5 was not very stable at the time and no one had ever heard of an upstart graduate student from overseas who thought that he could build a kernel that rivaled those of multi-billion dollar corporations.

Now many years later, Linux has gained considerable market share and is the De facto Unix for all the major hardware manufacturers on the Intel architecture. In this article, I will attempt to take the lessons learned from this tuning exercise and show how they can be applied to the Linux operating system.

As it turned out, the gcc benchmark was the one that everyone seemed to be improving on the most. As we analyzed what the benchmark was doing, we found out that basically it opened a file, read its contents, created a new file, wrote new contents, then closed both files. It did this over and over and over. File operations proved to be the bottleneck in performance. We tried faster processors with insignificant improvement. We tried processors with huge (at the time) level 1 and level 2 cache and still found no significant improvement. We tried using a gigabyte of memory and found little or no improvement. By using the vmstat command, we found that the processor was relatively idle, little memory was being used, but we were getting a significant amount of reads and writes to the root disk. Using the same hardware and same test programs, Unixware was 25% faster than Solaris Intel. Initially, we decided that Solaris was just really slow. Unfortunately, I was working for Sun at the time and this was not the answer that we could take to my management. We had to figure out why it was slow and make recommendations on how to improve the performance. The target was 25% faster than Unixware, not slower.

The first thing that we did was to look at the configurations. It turns out that the two systems were identical hardware,. We just booted a different disk to boot the other operating system. The Unixware system was configured with /tmp as a tmpfs whereas the Solaris system had /tmp on the root file system. We changed the Solaris configuration to use tmpfs but it did not significantly improve performance. Later, we found that this was due to a bug in the tmpfs implementation on Solaris Intel. By braking down the file operation, we decided to focus on three areas; the libc interface, the node/dentry layer, and the device drivers managing the disk. In this article, we will look at the three different layers and talk about how to improve performance and how they specifically apply to Linux.

LISA 2001 Paper LISA 2001 Paper about RUF

This paper describes a utility named ruf that reads files from an unmounted file system. The files are accessed by reading disk structures directly so the program is peculiar to the specific file system employed. The current implementation supports the *BSD FFS, SunOS/Solaris UFS, HP-UX HFS, and Linux ext2fs file systems. All these file systems derive from the original FFS, but have peculiar differences in their specific implementations.

The utility can read files from a damaged file system. Since the utility attempts to read only those structures it requires, damaged areas of the disk can be avoided. Files can be accessed by their inode number alone, bypassing damage to structures above it in the directory hierarchy.

The functions of the utility is available in a library named libruf. The utility and library is available under the BSD license.


There are many important reasons for being able to access unmounted file systems, the prime example being a damaged disk. This paper describes a utility that can be used to read a disk file without mounting the file system. The utility behaves similar to the regular cat utility, and was originally named dog, but was renamed to ruf for reading unmounted filesystems to avoid a name conflict with an older utility.

In order to access an unmounted file system, the utility must read the disk structures directly and perform all the tasks normally performed by the operating system; this requires a detailed understanding of how the file system is implemented. Implementing this utility for a particular file system is an interesting academic exercise and a good way to learn about the file system. The original work on this utility was in fact done in Evi Nemeth's system administration class.

Getting to know the Solaris filesystem, Part 1 - SunWorld - May 1999

Richard starts this journey into the Solaris filesystem by looking at the fundamental reasons for needing a filesystem and at the functionality various filesystems provide. In this first part of the series, you'll examine the evolution of the Solaris filesystem framework, moving into a study of major filesystem features. You'll focus on filesystems that store data on physical storage devices -- commonly called regular or on-disk filesystems. In future articles, you'll begin to explore the performance characteristics of each filesystem, and how to configure filesystems to provide the required levels of functionality and performance. Richard will also delve into the interaction between Solaris filesystems and the Solaris virtual memory system, and how it all affects performance.

Getting to know the Solaris filesystem, Part 3 - SunWorld - July ...

One of the most important features of a filesystem is its ability to cache file data. Ironically, however, the filesystem cache isn't implemented in the filesystem. In Solaris, the filesystem cache is implemented in the virtual memory system. In Part 3 of this series on the Solaris filesystem, Richard explains how Solaris file caching works and explores the interactions between the filesystem cache and the virtual memory system. to know the Solaris filesystem, Part 1 - SunWorld - May 1999

[Mar 7, 2005] CacheKit is a collection of freeware perl and shell programs to report on cache activity on a Solaris 8 SPARC server. Tools for older Solaris and Solaris x86 are also included in the kit, as well as some SE Toolkit programs and extra Solaris 10 DTrace programs. The caches the kit reports on are: I$, D$, E$, DNLC, inode cache, ufs buffer cache, segmap cache and segvn cache. This kit assists performance tuning.

download version 0.91, 05-Sep-2004
  • cachestat - prints statistics from various caches, text version.
  • gcachestat - prints statistics from various caches, GUI version.
  • showsize - prints the maximum cache sizes for various caches.
  • dnlcstat - DNLC (Dircectory Name Lookup Cache) hit statistics. This cache contains the pathname for a file and the associated vnode.
  • inodestat - inode cache hit statistics. inodes contain the metadata for files ("ls -lis" info), and are used heavily during UFS activity (eg, permission checks).
  • ufsbufstat - old UFS buffer cache hit statistics. This cache contains UFS structure blocks - cylinder group blocks, blocks of inodes and their indirects.
  • segmapstat - seg_map cache hit statistics. This cache contains pages of a file's contents (read/write). This is used when programs read or write data from the filesystem.
  • segvnstat - seg_vn cache hit statistics. This cache contains pages of a file's contents (mmap). This is especially used when programs and libraries are executed.
  • icache - I$, Instruction cache hit statistics (L1 cache).
  • dcache - D$, Data cache hit statistics (L1 cache).
  • ecache - E$, External cache hit statistics (L2 cache).
  • kstat_walk - Prints out a tree or list view of the Kstat structure using the Sun::Solaris::Kstat library (Solaris 8).
  • dnlcsnoop.d - Watch DNLC events as they happen, including PID details. (Solaris 10).
  • dnlcps.d - DNLC statistics per process. (Solaris 10).

These programs have been written for a Solaris 8 (or newer) sparc server. Also included in the kit are programs for older Solaris, Solaris x86, and Solaris 10.


[Mar 7, 2005] Solaris Tunable Parameters Reference Manual

[Mar 7, 2005] Sun Solaris (Intel) Data Recovery Software for volume recovery

[Mar 1, 2005] Solaris 10 notes on the operating system

Yesterday Bryan Cantrill (one of DTrace authors) provided a link to the presentation he along with two other DTrace authors gave recently on advanced DTrace scripting. There are lots of useful tips, tricks and gotchas explained, which might be useful for both newbies and some seasoned DTrace users.

As it's states one the very first slides of the presentation, some of the things presented are quite simple - most of the tips you'd know if you read the documentation carefully, but the tips given are very useful. I've learned lots of new things, so I strongly recommend anyone interested in DTrace to find some time and read it as well. Here is the presentation in a PDF file.

Roadmap to Sun Developer Documentation

This article provides a roadmap to information sources for Sun products for developers, with links that readers can use to bookmark the sources.



A wealth of information is available to developers working with Sun software products. This article, which is an expanded version of the new manual Introduction to the Solaris Development Environment, serves as a general roadmap to the developer documentation for these products, that is, manuals, specifications, and documentation web pages, as well as other sources of information for developers.

Note that the links provided here connect to the current versions of the collections and manuals as of the publishing of this article. You should always check that you are accessing the version of the manual that is appropriate for the release of the Sun product you are using.

New Bigadmin community submissions:

Solaris Operating System End-of-Software Support Statements - Solaris 10 The following end-of-software-support announcements are current, as of Solaris(TM) 10 Operating System. For the complete text of Solaris Operating System end-of-software-support announcements see the Solaris 10 Release Notes. Please note that bind 8.x.x is out. NIS+ might be removed in future releases (abridged):

Features That Might Be Removed in a Future Release

[Jan 26, 2005] Split Reactions to Sun's OpenSolaris By Michael Singer  

... In some cases, the larger the company -- and its investment in Linux -- the more vocally opposed it is to Sun's liberation of Solaris source code and the release of more than 1,600 of Sun's patents associated with the OS.

Sun started its foray into open source Solaris Tuesday with a code release of its diagnostic DTrace application. Buildable source code for Solaris will be available at the OpenSolaris site in the second quarter of 2005, the company said.

On the same day it released Solaris source code, Sun's main open source rivals IBM, (Quote, Chart) Novell (Quote, Chart) and Red Hat made public statements through indirect channels. Each dismissed Sun's open source moves.

Oracle and SAP -- two traditional core supporters of Sun Solaris -- have yet to made public statements. However, Dana Gardner, a senior analyst with IT research firm The Yankee Group, predicted a future in which Oracle promotes Unbreakable Open Solaris. The analyst also suggested SAP packaged with Open Solaris for SMBs could also be a potent combination.

"Sun has the opportunity to redefine what's the best new mix of build and buy -- not build or buy -- for both enterprises and ISVs," Gardner told "If exposing many valuable parts of Solaris 10 through an open source license allows operations-minded developers to gain higher performance for their applications in production, this is good. Too much emphasis in open source has been on up-front costs, and not enough on integrity and performance that will cut total costs over time."

Gardner also commented that the embedded market in particular is seeking consolidation, and an open source Solaris will bear careful comparison to Linux in real-time applications.

"And we should not just compare Open Solaris to Linux, we should also carefully compare it to Windows Server System," Gardner said. "On issues of datacenter performance, security, and cost over time, those Unix shops considering a move to Windows should take a hard look at Solaris and Open Solaris in tandem."

While a broader acceptance by the open source community was sorely missing at the launch, some distributions are hoping to bridge the gap. In its weekly newsletter, Gentoo said it is planning to add OpenSolaris support to its Portage software platform.

"Pieter Van den Abeele has been working closely with Sun's management, legal and engineering teams to prepare this move," Gentoo said in its newsletter. "Gentoo will be leveraging the hard work of long-time Solaris users and Gentoo Developers-in-training Sunil Kumar and Jason Wohlgemuth, whose 'Portaris' project has been running on top of Solaris 9 and 10 builds for quite a while already."

[Jan 17, 2005] Updating OpenBoot PROM for Sun Workstations and Workgroup Servers Based on SPARC Technology

Having the latest version of OpenBoot PROM (OBP) on a SPARC processor-based workstation or workgroup server can be critical when adding new applications or hardware, or when upgrading the machine's Solaris Operating System (OS). Updating may also save some time and difficulty by resolving any latent bugs that have been detected and fixed since the previous releases. The paragraphs that follow guide you through the steps required to do the update.  

Note: This Tech Tip does not cover larger servers; for those systems, see SunSolve document #41723 entitled Updating the Sun Fire 3800-6800 series Flash Proms.

[Jan 17, 2005] BigAdmin Submitted Article Quad Boot With Windows, Sun Java Desktop System, and the Solaris Operating System

This reader-submitted article shows you how to do a quad boot with Windows, two instances of the Java Desktop System, and the Solaris 10 Operating System.

A detailed table covers preparation; installing the Solaris 10 OS; installing Java Desktop System, Release 2; and completion. A list of related references is also offered.

You may want to try a quad boot because it enables you to continue using your Linux machine while you are testing or exploring new features in Linux or installing the next release of the Java Desktop System. By having two instances of Linux, you can make mistakes with one and still have a safety net. Controlling Resources with Solaris Projects

Using the resource-management framework contained in projects, we can create a set of projects for each major task being used by Alighieri Financial Services. And we can easily control just how much processor time is permissible for each group of processes, and we can control a host of other resources that could possibly be competed against. This illustrates a side of performance management that isn't very glamorous--but it's extremely useful. If we can control resource competition, we can ensure that the applications that are particularly performance-sensitive receive the support from the system that they need in order to be fast.

[Jan 8, 2005] Topping top in Solaris 8 with prstat A "top" like tool, but better! The prstat displays information about active processes on the system. You can specify whether you want information on specific processes, UIDs, CPU IDs, or processor sets. By default, prstat displays information about all processes sorted by CPU usage.

Occassionally there are many small processes, each of which consume a small piece of the CPU. On a system such as a computing server that is shared by many users, prstat can be used to determine which user (as opposed to which processes) is consuming the most resources. If the user consuming the most resources on the system can be identified, it is possible to move at least part of the work to another machine. To have prstat report statistics about resource consumption by user, add the -a option to the prstat command line.

Adding the -a option to any prstat command will identify how many processes each user is using, what percent of the CPUs, and how much memory, they are using on a system, as shown above. The command prstat -s cpu -a -n 8 asks for the top 8 processes consuming the CPU and a list of resource consumption statistics for each user.

The output below shows that user larry is consuming the most CPU resources.

kincaid/tartan 43 $ prstat -s cpu -a -n 8

17005 larry 888K 432K run 21 0 0:03.15 38% cpuhog/1
17015 larry 888K 432K run 21 0 0:03.06 36% cpuhog/1
17175 larry 944K 872K run 24 0 0:00.37 5.7% find/1
16911 moe 944K 872K sleep 58 0 0:00.48 3.3% find/1
16915 moe 944K 872K sleep 59 0 0:00.43 3.3% find/1
17849 curly 944K 872K run 31 0 0:00.00 3.0% find/1
16472 root 132M 42M sleep 59 0 0:01.00 0.9% Xsun/1
16827 kincaid 6864K 4704K sleep 48 0 0:00.05 0.4% dtterm/1
7 larry 7504K 5656K 0.6% 0:06.58 80%
8 moe 8248K 6800K 0.7% 0:01.31 6.6%
3 curly 3336K 2832K 0.3% 0:00.00 3.0%
34 root 213M 95M 9.5% 0:03.05 1.0%
78 kincaid 433M 294M 30% 0:00.38 0.7%
Total: 132 processes, 218 lwps, load averages: 3.90, 4.29, 2.45

kincaid/tartan 44 $

[Jan 3, 2005] Introduction to the Solaris Development Environment - new e-book

Newsgroups: comp.os.linux.advocacy,,comp.os.linux.misc,comp.unix.solaris
From: (Joerg Schilling) - Find messages by this author
Date: 1 Jan 2005 13:01:01 GMT
Local: Sat, Jan 1 2005 5:01 am
Subject: Re: mount USB flash drive on Unix
Reply | Reply to Author | Forward | Print | Individual Message | Show original | Report Abuse
In article <>,
Conor <> wrote:

>Plug in device, Windows sees it and it automagically appears straight
>Linux. Plug it in, hope it JUST WORKS. If it doesn't, take a wild stab
>at what the device is or go wading through log files. And even then
>you've not yet finished....

From what I have seen up to now, your claims for Linux are just wrong.
Try to do it without a GUI running... There are some insane additions
in Gnome or Kde (that make your claims partially true if you have luck),
but they unfortunately disturb the CD/DVD writing process.

On Solaris, even with the 3 year old Solaris 9 or with the even older
Solaris 8 + USB patched, you only stick the plug in and wait 3 seconds.
The apropriate feature (volume management) for automounting removable
media is in the basic Solaris system since 1992.

The memory stick appears mounted under /rmdisk/<label name>/

To unmount, call e.g. 'eject rmdisk'

....You need to boot once with the stick inserted or to call

/etc/init.d/volmgt stop
/etc/init.d/volmgt start

after you inserted the stick the first time.

[Jan 3, 2005] Sys Admin MagazineCool Commands Peter Baer Galvin

There are so many commands in Solaris that it is difficult to separate the cool ones from the mundane. For example, there are commands to report how much time a program spends in each system call, and commands to dynamically show system activities, and most of these commands are included with Solaris 8 as well as Solaris 9. This month, I’m highlighting some of the commands that you might find particularly useful.

Systems administrators are tool users. Through experience, we have learned that the more tools we have, the better able we are to diagnose problems and implement solutions. The commands included in this column are gleaned from experience, friends, acquaintances, and from attendance at the SunNetwork 2002 conference in September. “The /procodile Hunter” talk by Solaris kernel developers Brian Cantrill and Mike Shapiro was especially enlightening and frightening because Cantrill wrote code to illustrate a point faster than Shapiro could explain the point they were trying to illustrate!

[Jan 3, 2005] Glenn Brunette's Security Weblog Solaris 10 Account Lockout ("Three Strikes!")

The next item of my list of lesser known and/or publicized security enhancements to the Solaris 10 OS is account lockout. Account lockout is the ability of a system or service to administratively lock an account after that account has suffered "n" consecutive failed authentication attempts. Very often "n" is three hence the "three strikes" reference.

Recall from yesterday's entry on non-login and locked accounts that there is in fact a difference. Locked accounts are not able to access any system services whether interactively or through the use of delayed execution mechanisms such as cron(1M). So, when an account is locked out using this capability, only a system administrator is able to re-enable the account, using the passwd(1) command with the "-u" option.

Account lockout can be enabled in one of two ways. The first way will enable account lockout globally for all users. The second method will all more granular control of which users will or will not be subject to account lockout policy. Note that the account lockout capability will only apply to accounts local to the system. We will look at both in a little more detail below.

Before we look at how to enable or disable the account lockout policy, let's first take a look at how you configure the number of consecutive, failed authentication attempts that will serve as your line in the sand. Any number of consecutive, failed attempts beyond the number selected will result in the account being locked. This number is based on the RETRIES parameter in the /etc/default/login file. By default, this parameter is set to 5. You can certainly customize this parameter based on your local needs and policy. By default, the Solaris Security Toolkit will set the RETRIES parameter to 3.

[Jan 2, 2005]BigAdmin Feature Article Solaris 10 OS Feature Spotlight Predictive Self-Healing

The Solaris Service Manager

To better handle software faults, Sun has redesigned the way it starts and monitors services. Instead of the the traditional /etc/init.d startup scripts, many programs in the Solaris 10 OS have been converted to use the service management framework (smf) of the Solaris Service Manager to start, stop, modify, and monitor programs. The service manager is also used to identify software interdependencies and ensure that services are started in the correct order. Should a service, such as sendmail, suddenly die, the service manager automatically verifies that all of the requirements for the sendmail service are running and respawns the necessary programs. When a hardware fault occurs and hardware is offlined, the service manager can restart any programs under service manager control that needed to be stopped to remove the hardware from service.

Each service under the control of the service manager is controlled by an XML configuration file, called a manifest, that defines the name of the service, the type, any dependencies, and other important information. These manifests are stored in a repository and can be viewed and modified by the repository daemon, svc.configd(1M). The repository is read by the master restarter daemon, svc.startd(1M), which evaluates the dependencies and initiates the services as needed. Traditional inetd services are now part of the service manager as well. Any of the inetd services can be enabled, disabled, or restarted via the same mechanism as any other service manager-enabled program.

Service Manager Command-Line Tools

The service manager is made up of a number of programs, some of which are meant to be used by the administrator to view and manage services and service properties. These commands include: svcadm(1M), svcprop(1), svcs(1), and svccfg(1M). Additionally, the commands inetconv(1M) and inetadm(1M) exist to help transition traditional inetd services and manage them in the service manager framework.

The svcadm(1M) command allows the activation, deactivation, and state manipulation of service instances in the service configuration repository. Modification of these properties causes the responsible delegated restarter to take action to move the service instance into the appropriate state. If the service is not delegated, the master restarter performs these functions. The -v switch prints verbose information to standard out. Valid subcommands to the svcadm(1M) are:

The svcprop(1) program prints values of properties in the service configuration repository. Properties are selected by -p options and FMRI operands. By default, when a single property is selected, its values are printed separated by spaces on a single line. The following options are supported:

The svcs(1) command displays information about service instances as recorded in the service configuration repository. The svcs(1) command has three different forms:

svcs [-aHpv?] [-o col[,col]...] [-R instance_FMRI]... [-sS col]... [FMRI | pattern] ...

svcs {-d | -D}  [-Hpv?] [-o col[,co= l]...]  [-sS col]... [FMRI | pattern] ...

svcs -l [FMRI | pattern] ...

The first form prints one-line status listings for service instances specified by the arguments. Each instance is listed only once, and with no arguments; all enabled service instances, even if temporarily disabled, are listed. The second form of the command prints one-line status listings for the dependencies or dependents of the service instances specified by the arguments. The third form prints detailed information about specific services and instances. The options seen above in the three command explanations are:

The column names used with the svcs(1) command are case sensitive and are as follows:

The svccfg(1M) command is used to import, export, and modify the configurations of services in the repository. It can be invoked interactively, by specifying subcommands, or by specifying a command file containing a series of subcommands. The three forms of invocation are:

/usr/sbin/svccfg [-v]

/usr/sbin/svccfg [-v] subcommand [args...]

/usr/sbin/svccfg [-v] -f command-file

For a complete list of all of the available subcommands, please read the svccfg(1M) man page.

The inetconv(1M) program converts inetd.conf entries into smf(5) manifests, and imports them into the repository. There is a one-to-one mapping between a service line in the specified input file and the resulting configuration file generated. By default, the configuration files are named using the following template:


The <svcname> token is replaced by the service's name and the <proto> token by the service's protocol. Any forward slash characters that exist in the source line for the service name or protocol are replaced with underscores. Each resulting manifest includes the service line as a comment. If a service line is found to be malformed or to be for an internal inetd service during the conversion process, no manifest is generated and that service line in the input file is skipped. The inetconv(1M) program accepts the following command line options:

The inetadm(1M) program views and configures inetd-controlled services. The following options are supported:

Examples of the Predictive Self-Healing Service Manager

Using svcs(1), view the services on the system:


online         Oct_31   svc:/system/filesystem/local:default
online         Oct_31   svc:/network/rpc/bind:default
online         Oct_31   svc:/system/cron:default
online         Oct_31   svc:/system/sac:default
online         Oct_31   svc:/system/system-log:default
online         Oct_31   svc:/network/inetd:default
online         Oct_31   svc:/network/nis/client:default
online         Oct_31   svc:/network/rpc/keyserv:default
online         Oct_31   svc:/network/rpc/gss:ticotsord
online         Oct_31   svc:/network/security/ktkt_warn:ticotsord
online         Oct_31   svc:/milestone/multi-user:default

Use svcs -p to find out the relationship between services and processes. This example shows the NFS server service:

svcs -p nfs/server 

STATE          STIME    FMRI
online         Oct_12   svc:/network/nfs/server:default
               Oct_31     103729 mountd
               Oct_31     103731 nfsd

If a service has a problem, use the service manager tools to help diagnose it and review the suggested course of action to correct the issue. For example, the svcs -x option lists information about every service that isn't running, and why:

svcs -x

svc:/application/print/server:default (LP Print Service)
 State: disabled since Tue Oct 05 22:27:55 2004
Reason: Disabled by an administrator.
   See: lpsched(1M)
Impact: 1 service is not running. provides additional information on the type of issue, and suggests steps to acquire additional data and correct the problem.

Use svccfg(1) to view the properties of the SMTP server and determine its dependencies:


svc:> select network/smtp
svc:/network/smtp> listprop

system-log                  dependency
system-log/entities         fmri     svc:/system/system-log
system-log/grouping         astring  optional_all
system-log/restart_on       astring  none
system-log/type             astring  service
identity                    dependency
identity/entities           fmri     svc:/system/identity:domain
identity/grouping           astring  require_all
identity/restart_on         astring  refresh
identity/type               astring  service
name-services               dependency
name-services/entities      fmri     svc:/milestone/name-services
name-services/grouping      astring  require_all
name-services/restart_on    astring  refresh
name-services/type          astring  service
network-service             dependency
network-service/entities    fmri     svc:/network/service
network-service/grouping    astring  require_all
network-service/restart_on  astring  none
network-service/type        astring  service
fs-local                    dependency
fs-local/entities           fmri     svc:/system/filesystem/local
fs-local/grouping           astring  require_all
fs-local/restart_on         astring  none
fs-local/type               astring  service
general                     framework
general/entity_stability    astring  Unstable
general/single_instance     boolean  true

[Jan 2, 2005] Initial Impressions of Solaris 10

Development: Some crucial header files appear to have been changed. I have tried to compile emacs, fetchmail, maildrop, spamprobe, and usbsm with gcc-3.3, gcc-3.4 and Sun Studio 9 cc. None of the combinations work. I am always getting random errors about the system header files.

# cd /usr/local/lib/gcc-lib/sparc-sun-solaris2.10/3.3.2/install-tools
# cat > mkheaders.conf
# ./mkheaders

worked for me.

Meta RAID Recovery: I was initially unable to restore my Raid5 with `metainit d5 -r ... -k` after upgrade. Had to recreate array and restore from backup tape. Always backup!


After upgradrading the hardware, I reinstalled Solaris 10 and was able to recover RAID without re-initializing it and restoring backup. Just reference one of your db replicas instead of all of them with metadb before you run the metainit command above.

Mouse Driver: Wheel mouse support is now available by default. The third-party usbsm is no longer needed. See below for legacy system setup instructions.

LDAP: Solaris 10 native LDAP client is now working with OpenLDAP server without further modification! I was unable to get this to work on Solaris 9 or my previous installation of Solaris 10.

USB Mice on Legacy Sun Systems

The following information was taken from a Sun whitepaper for Solaris 8, but it works in Solaris 10, so one can safely assume that it works in at least versions 8-10.

  • First, if you are running Solaris 8 or 9, then you may be limited to OHCI PCI cards on UltraSPARC systems. If you are running Solaris 10, then I believe any USB card available at Wal-Mart should work fine.
  • Run `ls -l /dev/usb`. If nothing shows up, then your devices haven't been probed. Do `touch /reconfigure; reboot` and try again.
  • Note the hid* entries. The one ending in ":mouse" is your new mouse.
  • Take the portion after "/devices" up to ":mouse" and insert it into /etc/system in a fashion similiar to: `set consconfig:usb_ms_path="/pci@1f,4000/usb@4/mouse@1"`
  • Reboot again. It works! Even the wheel works on 10.

[Jan 2, 2005]Mike's Unix Goodies

The automated system administration scripts, which are copies of the
scripts in active use on our Solaris 2.X, Linux (RedHat and Mandrake),
SGI IRIX 6.X, and FreeBSD 5.X systems; they also were used on
SunOS 4.1.X, HP (HP-UX 9.X), SGI (IRIX 5.X).
They are available as files 'autoadmin.shar.*' from URL:
(Note: these files were last updated Dec 16, 2004).
The dot file scripts, which are copies of the .cshrc / .login / .profile
/ etc scripts in active use on our Solaris 2.X, Linux (RedHat and Mandrake),
SGI IRIX 6.X, and FreeBSD 5.X systems; they also were used on
SunOS 4.1.X, HP (HP-UX 9.X), SGI (IRIX 5.X).
They are available as files 'dotfiles.shar.*' from URL:
(Note: these files were last updated Dec 16, 2004).

[Jan 2, 2005] Solaris vi ctags capabilities

Surprisingly enough, the Solaris 2.6 version of vi supports tag stacking. Perhaps not so surprisingly, this feature is completely undocumented in the Solaris ex(1) and vi(1) manual pages. For completeness, we summarize Solaris vi tag stacking in Table 8.3, Table 8.4, and Table 8.5. Tag stacking in Solaris vi is quite simple.[6]

[6] This information was discovered based on experimentation. YMMV (your mileage may vary).

Solaris vi Tag Commands
Command Function
ta[g][!] tagstring

Edit the file containing tagstring as defined in the tags file. The ! forces vi to switch to the new file if the current buffer has been modified but not saved.


Pop the tag stack by one element.

Solaris vi Command Mode Tag Commands
Command Function

Look up the location of the identifier under the cursor in the tags file, and move to that location. If tag stacking is enabled, the current location is automatically pushed onto the tag stack.


Return to the previous location in the tag stack, i.e., pop off one element.

Solaris vi Options for Tag Management
Option Function
taglength, tl

Controls the number of significant characters in a tag that is to be looked up. The default value of zero indicates that all characters are significant.

tags, tagpath

The value is a list of filenames in which to look for tags. The default value is "tags /usr/lib/tags".


When set to true, vi stacks each location on the tag stack. Use :set notagstack to disable tag stacking.



Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2018 by Dr. Nikolai Bezroukov. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: September 12, 2017