question
How do I run Solstice Disk Suite with TSOL?
Answer
First, check that the base Solaris and SDS are compatible
versions:
http://docs.sun.com/doc/806-3206
Here's a configuration of SDS 4.1 we currently use on TS 2.5.1;
we also runSDS 4.2 on TS7, and SDS 4.2.1 on TS8.
The startup scripts and growfs need to pass privileges to the
commands that they call and need to be run under sysh rather than
sh. You need to replace #!/bin/sh with #!/bin/sysh in the following
files:
- /etc/init.d/SUNWmd.init
- /etc/init.d/SUNWmd.sync
- /usr/opt/SUNWmd/sbin/growfs
You can use the following instructions about using Profile
Manager to modify the inetd profile and to add a new profile. The
new profile, which we call SDS-4.1, gives privileges to the meta*
commands, to devinfo and mkfs. The role that has this profile can
use the SDS 4.1 software on Trusted Solaris 2.5.1.
The update to the inetd profile gives rpc.metamhd two privileges
(net_mac_read and sys_config), which allow metaset to work
properly. Some metatool actions need to call metaset./metahmd
To Make Profile Modifications to Disk Suite Commands
- Assume the secadmin role.
- Assign all allowed privileges to the Disk Suite utilities:
- $ setfpriv -s -a all /usr/opt/SUNWmd/sbin/*
- Use the Admin Editor action to edit the following files and
change
- #!/bin/sh
- to read
- #!/bin/sysh
setprof <profile_name>
- in
- /etc/init.d/SUNWmd.init
/etc/init.d/SUNWmd.sync
/usr/opt/SUNWmd/sbin/growfs
- If you use the name in our example, you would enter:
- #!/bin/sysh
setprof SDS-4.1
- Launch the Profile Manager and load the inetd profile.
- Make the following modifications to the inetd Profile
- Add the directory: /usr/opt/SUNWmd/sbin
- Add to the listed commands the listed privilege(s).
- To:
- rpc.metamhd
- Add the privilege(s):
- net_mac_read
- sys_config
- sys_devices
- Create a new profile that assign the following privileges to
the listed commands:
- Here is the name and description we use:
- SDS-4.1 Solstice DiskSuite 4.1 commands:
- Add the directory: /usr/opt/SUNWmd/sbin
- Add the listed privilege(s) to the listed commands.
- To:
- metadb
- Add privilege(s):
- file_dac_read
- file_dac_write
- file_chown
- file_owner
- To:
- metaclear
- metadetach
- metahs
- metaoffline
- metaonline
- metaparam
- metarename
- metareplace
- metaroot
- metaset
- metastat
- metasync
- metatool
- metattach
- Add privs:
- file_dac_read
- file_dac_write
- Expand the directory:/usr/sbin
- Add to listed commands(s) the listed privileges.
- To:
- devinfo
- Add privilege(s):
- file_dac_read
- To:
- mkfs
- Add privilege(s):
- file_dac_read
- file_dac_write
- file_owner
- sys_fs_config
- Add the n!!cattleya ew profile to the desired role.
NOTES:
If a SPARCStorage Array is being used, we suggest that you also add
the following command to the SDS-4.1 profile
- /usr/sbin/smadm: run with UID 0 (via Profile Manager)
The alternative to giving file_dac_read, file_dac_write is to
use the profile mechanism to configure all the Disk Suites
utilities to run as as uid 0 (root).
The following CDE actions could also be created:
- Edit md.tab using trusted_editor
Run Metatool
Using the above configuration, users without the SDS-4.1 profile
can not run metastat or metadb to obtain information about the
configuration of Disksuite; this is not the case when running on
standard Solaris 2.x.
Applies to Trusted Solaris Release:
1.2, 2.5, 2.5.1, 7
| 