Monday, February 8, 2010

Installing and configuring sudo in HP-UX 11i v1

Sudo (Super User Do) is a very useful program that allows a system administrator to give certain users the ability to run some (or all) commands as root.


1. Download the depot & install it.

ttp://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p9/

# swinstall –s /tmp/sudo-1.6.8p7-sd-11.11.depot

2. Modify the search path:
If you haven't already done so for other software, you now need to modify the search paths so that the system can find the sudo program and its manual pages. If you're running the CDE windowing system, this is done by editing the file /.dtprofile and adding the following lines (if they aren't already there) to the end of this file:
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/ccs/bin
MANPATH=$MANPATH:/usr/man/:/usr/local/man
It's advisable to log out and log in again at this point to activate these changes. Make sure that the system can find the sudo program:
# sudo -V
(that's an upper case "V") and that you can display the manual pages:
# man sudo
# man visudo
# man sudoers
3. Configure sudo:
sudo is controlled by its configuration file /etc/sudoers. The program has a rich selection of configuration options and you may like to read the man page for sudoers and examine the sample configuration file which you'll find in sample.sudoers in the source code directory.
The instructions below describe how to create an sudoers file which allows any user to run the /dialup and /hangup scripts defined in Configuring PPP on Solaris to connect to an ISP and allows a particular user to run any command as root.
One potential difficulty is that the /etc/sudoers file must be edited using the visudo program and not directly in your editor of choice. visudo uses the "vi" editor and this means that you need at least a basic understanding of how to use this editor. If you aren't already familiar with vi, you'll have to learn it sooner or later so now's a good time to start! But don't worry if you've never used it before - I'll include enough instruction here to enable you to edit the short file created by the installation process and append a couple of lines to it.
To edit /etc/sudoers, make sure you're logged in as root and type:
# /usr/local/sbin/visudo
This starts the vi editor and displays the initial /etc/sudoers file. vi uses what appear at first sight to be commands that aren't exactly intuitive. If you're not familiar with vi, type the following exactly as it appears and note that commands in vi are case sensitive. So don't type a lower-case "g" when the instructions show an upper-case "G".
Move the cursor to the end of the file by typing an upper-case G:
G
and open a new line just beyond the last line in the file by typing a lower-case o:
o
vi is now in "edit" mode and anything you type is inserted into the file. If you want everyone (all users) to be able to run the /hangup and /dialup scripts, type the following:
ALL ALL=/dialup,/hangup
with a TAB character after the first "ALL". That line tells sudo that all users are allowed to execute the scripts /hangup and /dialup as if they were root.
If you want to give just one user, say jim, the ability to run the scripts, type the following instead:
jim ALL=/dialup,/hangup
You may like to add another line telling sudo that your own personal user is allowed to do anything as root. Press the ENTER key and, if your own personal user is mike, you'd type:
mike ALL=(root) ALL
again with a TAB character after "mike".
Finally, switch vi back into command mode by pressing the ESCAPE key and exit vi by typing:
:wq
followed by ENTER. If you make a mistake at any time, just press the ESCAPE key followed by:
:q!
followed by ENTER and vi will return you to the shell command prompt without making any changes to the file.

4. Using sudo:
sudo is simple to use. To execute a command with root privilege, type:
$ sudo name-of-command
If this is the first time you've used sudo since logging in, sudo will ask for your password. The password required at this point is the user's own password, not the root password. So, if you've logged in as user jane and she wants to start a dialup connection to her ISP, she would type:
# sudo /dialup
and sudo responds:
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things:

#1) Respect the privacy of others.
#2) Think before you type.

Password:
Jane would then type her password and sudo will run the /dialup script for her with root privilege. If further commands are executed using sudo within 5 minutes, it will not ask for a password again.
But if Jane were to try and execute a command without having the necessary permission (as defined in the /etc/sudoers file), sudo will refuse to run it:
$ sudo vi /etc/passwd
Sorry, user jane is not allowed to execute "/usr/bin/vi /etc/passwd" as root on r3sby2.
In this example, r3sby2 is the name of the machine.
If you'd prefer not to have to type a password at all, replace the two lines in /etc/sudoers with:
ALL NOPASSWD: ALL=/dialup,/hangup
mike ALL=(root) NOPASSWD: ALL

User_Alias SENIORADMIN = reo, tmiller, jbuffet
User_Alias ADMIN = jkim, sfox, dmarch
User_Alias OPERATOR = agrove, bgates, smcnealy
User_Alias WEBMASTER = crobin, elim
User_Alias DBMASTER = lellison,

Runas_Alias OP = root, bin
Runas_Alias DB = dbadmin, db
Runas_Alias WEB = webadmin, web

Cmnd_Alias DUMPS = /usr/bin/mt, /usr/sbin/ufsdump, \
/usr/sbin/ufsrestore
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINT = /usr/sbin/lpadmin, \
/usr/bin/lpsched,\
/usr/lib/lpshut
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown, \
/usr/sbin/halt,\
/usr/sbin/reboot
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias SHELL = /usr/bin/su
Cmnd_Alias WEBADMIN = /usr/local/bin/httpd
Cmnd_Alias DBADMIN = /usr/local/bin/dbstart, \
/usr/local/bin/dbstop,\
/usr/local/bin/dbdump, \
/usr/local/bin/dbload
Cmnd_Alias USERADMIN = /usr/sbin/useradd, \
/usr/sbin/userdel,\
/usr/sbin/usermod

SENIORADMIN ALL
OPERATOR DUMPS, KILL, SHUTDOWN
ADMIN DUMPS, KILL, SHUTDOWN, USERADMIN, PRINT
WEBMASTER (DB) WEBADMIN

How to remove core files

A "core" file is created when a process terminates abnormally. Programmers may use these files to understand what went wrong and what the process was doing at the time of termination.

Core files are usually quite large and are the main cause of a 'file system full' error. Following is showed how to list and delete all core files from your system.
• Produce a list of all core files
find / -name core -exec ll {} \;
• Remove all core files
find / -name core -exec rm {} \;

How to use TAR

Tar is a good utility to produce a backup. When you create a tar archive the destination locatiion could be a tape or a regular file. Note that tar can preserve file's permission and its mode.

For example, you have the following directory structure:

/home/oracle/alex/test
/home/oracle/alex/test/ems
/home/oracle/alex/test/vtools8
/home/oracle/alex/test/psaor01


Create an archive

To create an archive of the entire test directory, issue the following command:

tar cvf my_arch.tar /home/oracle/alex/test

If you want to include into your archive several different directories you might use the following command:

tar cvf my_arch.tar -I include.lst

where the -I option specifies the name of a file with a list of directories and files that you want to include into your archive.

Also, it's possible to exclude certain files and directories from your archive:

tar cvfX my_arch.tar exclude.lst -I include.lst


List an archive contents

To list the contents of your archive issue the following command:

tar tf my_arch.tar


Extract from an archive

To extract the contents of your archive:

tar xvfp my_arch.tar

Note, that everything will be extracted exactly at the same location from where it was taken. If some directories do no exist then they will be created.


Legend of tar's options

c - add to archive, using an absolute path
x - extract from archive
t - read the contents of an archive
f - you work with a file, otherwise it's a tape
p - preserve file's permissions and modes
v - verbose, display the result
-I - use an include list
X - use an exclude list

HP-UX boot guide

Normal Boot
The bootstrap process involves the execution of three software components:
• pdc
• isl
• hpux

pdc

Automatic boot processes on various HP-UX systems follow similar general sequences. When power is applied to the HP-UX system processor, or the system Reset button is pressed, the firmware processor-dependent code (pdc) is executed to verify hardware and general system integrity. After checking the hardware, pdc gives the user the option to override the autoboot sequence by pressing the Esc key. A message resembling the following usually appears on the console.
(c) Copyright. Hewlett-Packard Company. 1994.
All rights reserved.

PDC ROM rev. 130.0
32 MB of memory configured and tested.

Selecting a system to boot.
To stop selection process, press and hold the ESCAPE key...

If no keyboard activity is detected, pdc commences the autoboot sequence by loading isl and transferring control to it.
isl
The initial system loader (isl) implements the operating-system-independent portion of the bootstrap process. It is loaded and executed after self-test and initialization have completed successfully. Typically, when control is transferred to isl, an autoboot sequence takes place. An autoboot sequence allows a complete bootstrap operation to occur with no intervention from an operator. While an autoboot sequence occurs, isl finds and executes the autoexecute file which requests that hpux be run with appropriate arguments. Messages similar to the following are displayed by isl on the console:
Booting from: scsi.6 HP 2213A
Hard booted.
ISL Revision A.00.09 March 27, 1990
ISL booting hpux boot disk(;0)/stand/vmunix
hpux
hpux, the secondary system loader, then announces the operation it is performing, in this case the boot operation, the device file from which the load image comes, and the TEXT size, DATA size, BSS size, and start address of the load image, as shown below, before control is passed to the image.
Booting disk(scsi.6;0)/stand/vmunix
966616+397312+409688 start 0x6c50

Finally, the loaded image displays numerous configuration and status messages, and passes control to the init process.
Single-user Boot
A single-user boot in HP-UX is sometimes referred to as an interactive boot or attended mode boot. Pressing the Escape key at the boot banner on an older Series 700 workstation halts the automatic boot sequence, puts you into attended mode, and displays the Boot Console User Interface main menu, a sample of which is below.
Selecting a system to boot.
To stop selection process, press and hold the ESCAPE key.

Selection process stopped.

Searching for Potential Boot Devices.
To terminate search, press and hold the ESCAPE key.

Device Selection Device Path Device Type
-------------------------------------------------------------
P0 scsi.6.0 QUANTUM PD210S
P1 scsi.1.0 HP 2213A
P2 lan.ffffff-ffffff.f.f hpfoobar

b) Boot from specified device
s) Search for bootable devices
a) Enter Boot Administration mode
x) Exit and continue boot sequence

Select from menu:

In this case the system automatically searches the SCSI, LAN, and EISA interfaces for all potential boot devices-devices for which boot I/O code (IODC) exists. The key to booting to single-user mode is first to boot to ISL using the b) option. The ISL is the program that actually controls the loading of the operating system. To do this using the above as an example, you would type the following at the Select from menu: prompt:
Select from menu: b p0 isl

This tells the system to boot to the ISL using the SCSI drive at address 6 (since the device path of P0 is scsi.6.0). After displaying a few messages, the system then produces the ISL> prompt.
Pressing the Escape key at the boot banner on newer Series 700 machines produces the Boot Administration Utility, as shown below.
Command Description
------- -----------
Auto [boot|search] [on|off] Display or set auto flag
Boot [pri|alt|scsi.addr][isl] Boot from primary, alt or SCSI
Boot lan[.lan_addr][install][isl] Boot from LAN
Chassis [on|off] Enable chassis code
Diagnostic [on|off] Enable/disable diag boot mode
Fastboot [on|off] Display or set fast boot flag
Help Display the command menu
Information Display system information
LanAddress Display LAN station addresses
Monitor [type] Select monitor type
Path [pri|alt] [lan.id|SCSI.addr] Change boot path
Pim [hpmc|toc|lpmc] Display PIM info
Search [ipl] [scsi|lan [install]] Display potential boot devices
Secure [on|off] Display or set security mode
-----------------------------------------------------------------
BOOT_ADMIN>


To display bootable devices with this menu you have to execute the Search command at the BOOT_ADMIN> prompt:
BOOT_ADMIN> search
Searching for potential boot device.
This may take several minutes.

To discontinue, press ESCAPE.

Device Path Device Type
-------------- ---------------
scsi.6.0 HP C2247
scsi.3.0 HP HP35450A
scsi.2.0 Toshiba CD-ROM

BOOT_ADMIN>

To boot to ISL from the disk at device path scsi.6.0 type the following:
BOOT_ADMIN>boot scsi.6.0 isl

Once you get the ISL prompt you can run the hpux utility to boot the kernel to single-user mode:
ISL>hpux -is

This essentially tells hpux to load the kernel (/stand/vmunix) into single-user mode (-is) off the SCSI disk drive containing the kernel. The -is option says to pass the string s to the init process (i), and the command init s puts the system in single-user mode. In fact, you will see something similar to the following after typing the above command:
Boot
: disk(scsi.6;0)/stand/vmunix
966616+397312+409688 start 0x6c50

Kernel Startup Messages Omitted

INIT: Overriding default level with level 's'

INIT: SINGLE USER MODE
WARNING: YOU ARE SUPERUSER!!
#

Startup
Beginning with HP¬UX 10 /etc/inittab calls /sbin/rc, which in turn calls execution scripts to start subsystems. This approach follows the OSF/1 industry standard and has been adopted by Sun, SGI, and other vendors. There are four components to this method of startup and shutdown: /sbin/rc, execution scripts, configuration variable scripts, and link files.
/sbin/rc
This script invokes execution scripts based on run levels. It is also known as the startup and shutdown sequencer script.
Execution scripts
These scripts start up and shut down various subsystems and are found in the /sbin/init.d directory. /sbin/rc invokes each execution script with one of four arguments, indicating the "mode":
start Bring the subsystem up
start_msg Report what the start action will do
stop Bring the subsystem down
stop_msg Report what the stop action will do
These scripts are designed never to be modified. Instead, they are customized by sourcing in configuration files found in the /etc/rc.config.d directory. These configuration files contain variables that you can set. For example, in the configuration file /etc/rc.config.d/netconf you can specify routing tables by setting variables like these:
ROUTE_DESTINATION[0]="default"
ROUTE_GATEWAY[0]="gateway_address"
ROUTE_COUNT[0]="1"

The execution script /sbin/init.d/net sources these and other network-related variables when it runs upon system startup. More on configuration files is described below.
Upon startup a checklist similar to the one below will appear based upon the exit value of each of the execution scripts.
HP-UX Startup in progress
-----------------------------------
Mount file systems..............................[ OK ]
Setting hostname................................[ OK ]
Set privilege group.............................[ OK ]
Display date...................................[FAIL]*
Enable auxiliary swap space....................[ N/A ]
Start syncer daemon.............................[ OK ]
Configure LAN interfaces........................[ OK ]
Start Software Distributor agent daemo..........[ OK ]

The execution scripts have the following exit values:
0 Script exited without error. This causes the status OK to appear in the checklist.
1 Script encountered errors. This causes the status FAIL to appear in the checklist.
2 Script was skipped due to overriding control variables from /etc/rc.config.d files or for other reasons, and did not actually do anything. This causes the status N/A to appear in the checklist.
3 Script executed normally and requires an immediate system reboot for the changes to take effect. (NOTE: Reserved for key system components).
Configuration variable scripts
Configuration variable scripts are designed to customize the execution scripts. This goal here is to separate startup files from configuration files so that upgrading your system does not overwrite its configuration. These scripts are written for the POSIX shell (/usr/bin/sh or /sbin/sh), and not the Bourne shell, ksh, or csh. In some cases, these files must also be read, and possibly modified by other scripts or the SAM program. For this reason, each variable definition must appear on a separate line, in the syntax:
variable=value
No trailing comments may appear on a variable definition line. Comment statements must be on separate lines, with the "#" comment character in column 1. An example of the required syntax for configuration files is given below:
# Cron configuration. See cron(1m)
#
# CRON: Set to 1 to start cron daemon
#
CRON=1

Both the execution scripts and the configuration files are named after the subsystem they control. For example, the /sbin/init.d/cron execution script controls the cron daemon, and it is customized by the /etc/rc.config.d/cron configuration variable script.
Link Files
These files control the order in which execution scripts run. The /sbin/rc#.d (where # is a run-level) directories are startup and shutdown sequencer directories. They contain only symbolic links to the execution scripts in /sbin/init.d that are executed by /sbin/rc on transition to a specific run level. For example, the /sbin/rc3.d directory contains symbolic links to scripts that are executed when entering run level 3.
These directories contain two types of link files: start links and kill links. Start links have names beginning with the capital letter S and are invoked with the start argument at system boot time or on transition to a higher run level. Kill links have names beginning with the capital letter K and are invoked with the stop argument at system shutdown time, or when moving to a lower run level.
Further, all link files in a sequencer directory are numbered to ensure a particular execution sequence. Each script has, as part of its name, a three-digit sequence number. This, in combination with the start and kill notation, provides all the information necessary to properly start up and shut down a system.
The table below shows some samples from the run-level directories. (The sequence numbers shown are only for example and may not accurately represent your system.)
/sbin/rc0.d /sbin/rc1.d /sbin/rc2.d /sbinrc3.d
K480syncer S100hfsmount S340net S000nfs.server
K800killall S320hostname S500inetd
K900hfsmount S440savecore S540sendmail
S500swapstart S610rbootd
S520syncer S720lp
S730cron
K270cron
K280lp K900nfs.server
K390rbootd
K460sendmail
K500inetd
K660net
Because each script in /sbin/init.d performs both the startup and shutdown functions, each will have two links pointing towards the script from /sbin/rc*.d; one for the start action and one for the stop action.
Run Levels and /sbin/rc
In previous HP-UX releases, /etc/rc (now /sbin/rc) was run only once. Now it may run several times during the execution of a system, sequencing the execution scripts when moving between run levels. However, only the subsystems configured for execution, through configuration variables in /etc/rc.config.d, are started or stopped when transitioning the run levels.
/sbin/rc sequences the startup and shutdown scripts in the appropriate sequencer directories in lexicographical order. Upon transition from a lower to a higher run level, the start scripts for the new run level and all intermediate levels between the old and new level are executed. Upon transition from a higher to a lower run level, the kill scripts for the new run level and all intermediate levels between the old and new level are executed.
When a system is booted to a particular run level, it will execute startup scripts for all run levels up to and including the specified level (except run level 0). For example, if booting to run level 4, /sbin/rc looks at the old run level (S) and the new run level (4) and executes all start scripts in states 1, 2, 3, and 4. Within each level, the start scripts are sorted lexicographically and executed in that order. Each level is sorted and executed separately to ensure that the lower level subsystems are started before the higher level subsystems.
Consequently, when shutting down a system, the reverse takes place. The kill scripts are executed in lexicographical order starting at the highest run level and working down, as to stop the subsystems in the reverse order they were started. As mentioned earlier, the numbering is reversed from the startup order.
Example
If you want cron to start when entering run level 2, you would modify the configuration variable script /etc/rc.config.d/cron to read as follows:
# cron config
#
# CRON=1 to start

CRON=1

This would be necessary because the execution script, /sbin/init.d/cron contains the following:
# cron startup
#
. /etc/rc/config

if [ $CRON = 1 ]
then /usr/sbin/cron
fi
cron will start at run level 2 because in /sbin/rc2.d a link exists from S730cron to /sbin/init.d/cron. /sbin/rc will invoke /sbin/init.d/cron with a start argument because the link name starts with an S.
System Shutdown
To shut down HP-UX for power-off, you can do any of the following:
# init 0
# shutdown -h -y now
To shut down and reboot HP-UX:
# reboot
# shutdown -r -y now
To shut down HP-UX to single-user mode:
# init S
# shutdown -y now
# shutdown 0
The -h option to the shutdown command halts the system completely but will prompt you for a message to issue users. The -y option completes the shutdown without asking you any of the questions it would normally ask.

Extending root file system

LVM maintenance mode is not going to help you in this. The problem is that the /stand, swap and / (the root file system), all need to be contiguous. In order to increase /, you would have to move the lvol containing /home.
The easiest way to do this is to make an ignite backup tape, boot off it and resize your root logical volumes at that point.


You can not extend as there is no contigous space available for extending the root volume !

Ignite is the best and safe. Still if you wanna do some LVM tasks, I have documented how to increase /stand in the following thread. With some slight modifications u can use it for root filesystem as well. I have tested and it works fine

Here i have adjusted the size of SWAP a bit so that it could be successfully added to the /stand filesystem ... As you have root filesystem it is more simple as you may have /var or /opt to be moved a little further and then increase root filesystem.

The Logic is as follows

1. Goto LVM Maintanance Level
2. Find out the next lvol after root lvol
3. Create a similier one somewhere else in the rootvg and create fs on it.
4. Transfer the data to the new filesystem
5. Remove the old filesystem and lvol.
6. You will have contigous space for extending root lvol now !
7. Extend it and resize the filesystem with extendfs
8. Compensate the /etc/fstab as you have changed the device file !
9. Update BOOT,ROOT,SWAP and dump definitions using lvlnboot

REBOOT !!!!!

This is really interesting ... why don't you try this after taking an ignite backup ? If u do a mistake u can always go back to your ignite !

Notes :- This method will save lots of time ! BUUUUUT never go for this first time w/o a proper backup !!!!!


EXTENDING BOOT /stand


01. You are not just an "HP kid" who will play with ignite like stuff.

02. You like taking some risk & saving your valuable time

Size of /dev/vg00/lvol1 is A (boot or /stand or /dev/vg00/lvol1)

Size of /dev/vg00/lvol2 is B (swap or /dev/vg00/lvol2)

You wanna increase size of lvol1 from A to A+X (where X is not more than B - "physical memory installed in your machine")

Basically we have to decrease size of swap to increase boot as they are contigous.

Now Extending /stand is an easy job which can be performed in 10-15 minutes.

Steps

01. Boot your machine in LVM maintenance mode
(hpux -lm at ISL>)

#rm /etc/mnttab
#vgchange -a y /dev/vg00
#lvrmboot -r /dev/vg00
#lvremove /dev/vg00/lvol2
#lvextend -L "A+X" /dev/vg00/lvol1
#extendfs /dev/vg00/rlvol1
#lvcreate -L "B-(X+10)" -C y -r n -n lvol2 /dev/vg00
#lvlnboot -b /dev/vg00/lvol1
#lvlnboot -r /dev/vg00/lvol3
#lvlnboot -s /dev/vg00/lvol2
#lvlnboot -d /dev/vg00/lvol2
#reboot -r

You have your /stand extended now

This is a working solution i have tried & found success

How to Deletes files for particular dates & time

1:- using one Month

#ls -l |grep -i Jan |awk ' { print "rm " $9}' > sunil
#chmod 755 sunil
#./sunil

2:- using file name & month

#ls -l |grep -i "WF_LOG_*_*" |grep -i Jan |awk ' { print "rm " $9}' > sunil
#chmod 755 sunil
#./sunil

3:- For multiple months

# ls -l |grep -i "WF_LOG_*_*" |grep -i -e oct -e nov |awk ' { print "rm " $9}' > sunil
#chmod 755 sunil
#./sunil


4:- By modified time (300 days back) & multiple months between the dates.

#find /sapmnt/SRP/global -xdev -mtime +300 -type f -exec ll {} \; |grep -i "WF_LOG_*_*" |grep -i -e oct -e nov |awk ' { print "rm " $9}' > sunil
#chmod 755 sunil
#./sunil

5:- Delete file older than hours Example 2Hrs.

#touch -t 11281610 sun (Create a file for comparison)
# find /sapmnt/SRP/global -newer sun |awk ' { print "rm " $9}’

6:- Moving file by modified time

find /usr/sap/trans/log -xdev -mtime +700 -type f -exec ll {} \; | awk '{print "mv " $9 " /usr/sap/datatrans/" }' > sunil

Who Rebooted the server?

Please check these following files before judge who had rebooted your server:
1. /var/adm/crash
2. /etc/shutdownlog
3. /var/tombstones/ts99
4. /var/opt/resmon/log/event.log

If there is nothing indication that come from the above files, then it is probably because of a power failure occured for a short time.

#vi .sh_hystory then Esc-Shift-G to go the end of line

Sticky Bit

There is an interesting file protection mode called the sticky bit, which has a useful effect when applied to directories. If the sticky bit is set on a directory, files inside the directory may be renamed or removed only by the owner of the file, the owner of the directory, or the superuser even if the modes of the directory would otherwise allow such an operation. This is effective for temporary directories such as /tmp and /var/tmp which must be accessible to many authorized users. The following two commands have the same effect:

# chmod a+rwxt /tmp
# chmod 1777 /tmp

allows anyone to create, read, and write files in /tmp, but only the file owner, the directory owner, or root can delete files