| Skip Navigation Links | |
| Exit Print View | |
|
System Administration Guide: Basic Administration Oracle Solaris 10 8/11 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
System Administration Guide: Basic Administration Oracle Solaris 10 8/11 Information Library |
1. Oracle Solaris Management Tools (Road Map)
2. Working With the Solaris Management Console (Tasks)
3. Working With the Oracle Java Web Console (Tasks)
4. Managing User Accounts and Groups (Overview)
5. Managing User Accounts and Groups (Tasks)
6. Managing Client-Server Support (Overview)
7. Managing Diskless Clients (Tasks)
8. Introduction to Shutting Down and Booting a System
9. Shutting Down and Booting a System (Overview)
10. Shutting Down a System (Tasks)
11. Modifying Oracle Solaris Boot Behavior (Tasks)
12. Booting an Oracle Solaris System (Tasks)
13. Managing the Oracle Solaris Boot Archives (Tasks)
14. Troubleshooting Booting an Oracle Solaris System (Tasks)
15. x86: GRUB Based Booting (Reference)
16. x86: Booting a System That Does Not Implement GRUB (Tasks)
17. Working With the Oracle Solaris Auto Registration regadm Command (Tasks)
18. Managing Services (Overview)
How to List the Status of a Service
How to Show Which Services Are Dependent on a Service Instance
How to Show Which Services a Service Is Dependent On
Managing SMF Services (Task Map)
Using RBAC Rights Profiles With SMF
How to Disable a Service Instance
How to Enable a Service Instance
How to Restore a Service That Is in the Maintenance State
How to Change an Environment Variable for a Service
How to Change a Property for an inetd Controlled Service
How to Modify a Command-Line Argument for an inetd Controlled Service
How to Convert inetd.conf Entries
Using Run Control Scripts (Task Map)
How to Use a Run Control Script to Stop or Start a Legacy Service
How to Add a Run Control Script
How to Disable a Run Control Script
Troubleshooting the Service Management Facility
Debugging a Service That Is Not Starting
How to Repair a Corrupt Repository
How to Boot Without Starting Any Services
How to Force a sulogin Prompt If the system/filesystem/local:default Service Fails During Boot
20. Managing Software (Overview)
21. Managing Software With Oracle Solaris System Administration Tools (Tasks)
22. Managing Software by Using Oracle Solaris Package Commands (Tasks)
This section includes information on managing SMF services.
You can use RBAC rights profiles to allow users to manage some of the SMF services, without having to give the user root access. The rights profiles define what commands the user can run. For SMF, the following profiles have been created:
Service Management: User can add, delete or modify services.
Service Operator: User can request state changes of any service instance, such as restart and refresh.
For specific information about the authorizations, see the smf_security(5) man page. For instructions to assign a rights profile, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.
Use the following procedure to disable a service. The service status change is recorded in the service configuration repository. Once the service is disabled, the disabled state will persist across reboots. The only way to get the service running again is to enable it.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
If this service has dependents that you need, then you cannot disable this service.
# svcs -D FMRI
# svcadm disable FMRI
Example 19-7 Disabling the rlogin Service
The output from the first command shows that the rlogin service has no dependents. The second command in this example disables the rlogin service. The third command shows that the state of the rlogin service instance is disabled.
# svcs -D network/login:rlogin # svcadm disable network/login:rlogin STATE STIME FMRI # svcs network/login:rlogin STATE STIME FMRI disabled 11:17:24 svc:/network/login:rlogin
Use the following procedure to enable a service. The service status change is recorded in the service configuration repository. Once the service is enabled, the enabled state will persist across system reboots if the service dependencies are met.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
If the service is enabled, then the service dependencies are satisfied. If not, use svcadm enable -r FMRI to recursively enable all dependencies.
# svcs -l FMRI|grep enabled
# svcadm enable FMRI
Example 19-8 Enabling the rlogin Service
The second command in this example enables the rlogin service. The third command shows that the state of the rlogin service instance is online.
# svcs -l network/login:rlogin|grep enabled enabled false # svcadm enable network/login:rlogin # svcs network/login:rlogin STATE STIME FMRI online 12:09:16 svc:/network/login:rlogin
Example 19-9 Enabling a Service in Single-user Mode
The following command enables rpcbind. The -t option starts the service in temporary mode which does not change the service repository. The repository is not writable in single-user mode. The -r option recursively starts all the dependencies of the named service.
# svcadm enable -rt rpc/bind
If a service is currently running but needs to be restarted due to a configuration change or some other reason, the service can be restarted without you having to type separate commands to stop and start the service. The only reason to specifically disable and then enable a service is if changes need to be made before the service is enabled, and after the service is disabled.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# svcadm restart FMRI
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Normally, when a service instance is in a maintenance state, all processes associated with that instance have stopped. However, you should make sure before you proceed. The following command lists all of the processes that are associated with a service instance as well as the PIDs for those processes.
# svcs -p FMRI
Repeat this step for all processes that are displayed by the svcs command.
# pkill -9 PID
Consult the appropriate service log files in /var/svc/log for a list of errors.
# svcadm clear FMRI
If the service configuration is wrong, the problem can be fixed by reverting to the last snapshot that started successfully. In this procedure, a previous snapshot of the console-login service is used.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# svccfg svc:>
Note - You must use an FMRI that fully defines the instance. No shortcuts are allowed.
svc:> select system/console-login:default svc:/system/console-login:default>
svc:/system/console-login:default> listsnap initial running start svc:/system/console-login:default>
The start snapshot is the last snapshot in which the service successfully started.
svc:/system/console-login:default> revert start svc:/system/console-login:default>
svc:/system/console-login:default> quit #
This step updates the repository with the configuration information from the start snapshot.
# svcadm refresh system/console-login
# svcadm restart system/console-login
A profile is an XML file which lists SMF services and whether each should be enabled or disabled. Profiles are used to enable or disable many services at once. Not all services need to be listed in a profile. Each profile only needs to include those services that need to be enabled or disabled to make the profile useful.
In this example, the svccfg command is used to create a profile which reflects which services are enabled or disabled on the current system. Alternately, you could make a copy of an existing profile to edit.
# svccfg extract> profile.xml
If you are using Oracle Solaris JumpStart, if you have large numbers of identical systems, or if you want to archive the system configuration for later restoration, you may want to use this procedure to create a unique version of a SMF profile.
In this example the name is changed to profile.
# cat profile.xml
...
<service_bundle type=`profile` name=`profile`
xmIns::xi='http://www.w3.org/2003/XInclude'
...For each service, remove the three lines that describe the service. Each service description starts with <service and ends with </service. This example shows the lines for the LDAP client service.
# cat profile.xml
...
<service name='network/ldap/client' version='1' type='service'>
<instance name='default' enabled='true'/>
</service>Each service needs to be defined using the three line syntax shown above.
In this example, the sendmail service is disabled.
# cat profile.xml
...
<service name='network/smtp' version='1' type='service'>
<instance name='sendmail' enabled='false'/>
</service>
...See How to Apply an SMF Profile for instructions.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
In this example, the profile.xml profile is used.
# svccfg apply profile.xml
Note - For specific instructions for switching between the generic_limited_net.xml and generic_open.xml and the properties that need to be applied when making this switch, please see Changing Services Offered to the Network with generic*.xml
The netservices command switches system services between minimal network exposure and the traditional network exposure (as in previous Solaris releases). The switch is done with the generic_limited.xml and generic_open.xml profiles. In addition, some services properties are changed by the command to limit some services to a local-only mode or to the traditional mode, as appropriate.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
In this example, the open or traditional network exposure is selected.
# /usr/sbin/netservices open
Example 19-10 Limiting Network Service Exposure
This command changes properties to run some services in local mode, as well as restricts which services are enabled with the generic_limited_net profile. The command should only be used if the generic_open.xml profile had been applied.
# /usr/sbin/netservices limited
|