Practical Solaris 10 Security

Enterprises are under tremendous pressure to do more with less, roll out new businessservices faster, fit more servers into the same space, and comply with new regulations, all while their budgets are shrinking and headcount is frozen. Can an operating system really help you address these issues and turn IT into a business advantage? The answer is yes, with the Solaris™ Operating System.The Solaris OS is the strategic platform for today’s demanding enterprise. It’s the only open operating system that has delivered proven results, running everything from mission-critical enterprise databases to high performance Web farms, from large-scale SMP systems to industry-standard x86 systems from HP, IBM, Dell, and Sun.For customers facing challenging business and technical requirements — such as lowering costs, simplifying system administration, and maintaining high service levels — the Solaris 10 OS is the ideal cross-platform choice. Its innovative, built-in features deliver break-through virtualization and utilization, high availability, advanced security, and industry leading performance to meet these stringent requirements — all at a great price.Ten things to know about the Solaris OS1. Great productThe constant demonstrated innovation within the Solaris OS pays off by delivering benefits that can save companies time, hardware costs, power and cooling, while preserving investments in software and training. In short: innovation matters, because it saves you money.2. Great priceSolaris 10 support pricing is 20% to 50% lower than equivalent support from other open OS vendors. No-cost end user licensing lowers barriers to entry, while overall efficiency lowers costs of operation.3. Open sourceThe Solaris OS code base is the foundation of the OpenSolaris™ open source community (visit ). In addition, the Solaris OS includes the leading Web 2.0 open source packages, ready to run and optimized for the over 1,000 x64 and SPARC system platforms supported by Solaris 10.4. Application compatibility — guaranteed The Solaris OS delivers binary compatibility from release to release and source compati-bility between SPARC® and x86 processors; with the Solaris Application Guarantee backing it, it’s something you can count on. And for the ultimate in conversion ease, use Solaris 8 and Solaris 9 Containers on Solaris 10, a “Physical to Virtual”way to quickly and easily run your existing application environ-ments on the latest SPARC systems.5. One Solaris — same features on hundreds of systemsWith a single source code base, the Solaris OS runs on x86 and SPARC and processor-based systems — and delivers the same features on all platforms. You can develop and optimize applications on the Solaris OS for use on over 1000 system models from leading vendors such as Sun, HP, IBM, and Dell.<HighlightsThe Solaris™ Operating Systemmeets and exceeds expectations for:•Virtualization: Optimize resourceutilization to deliver predictableservice levels with SolarisContainers•Networking: Attain near-wirespeedthroughput with the open, program-mable Solaris networking stack•Security: Implement a securefoundation for deploying serviceswith Solaris leading-edge securityfeatures•Availability: Increase uptime withPredictive Self Healing6. Designed to run securely all the timeThe leading-edge security features in the Solaris 10 OS help you reduce the risk of intrusions, secure your applications and data, assign the minimum set of privileges and roles needed by users and applications, and control access to data based on its sensitivity label. Solaris 10 has been inde-pendently evaluated at EAL4+ at three Protection Profiles, one of the highest levels of Common Criteria certifications.7. Designed for observabilitySolaris Dynamic Tracing (DTrace) technology makes it fast and easy to identify perform-ance bottlenecks, especially on production systems. System administrators can use this to troubleshoot even the most difficult problems in minutes instead of days; devel-opers can use it to optimize applications, with significant performance gains possible — real-world use has yielded increases up to 50 times previous performance.8. Designed for virtualizationSolaris 10 has powerful virtualization features built in at no additional charge. With Solaris Containers, you can maintain a one application per virtual server deploy-ment model while consolidating dozens or even hundreds of applications onto one server and OS instance. Share hardware resources while maintaining predictable service levels; increase utilization rates, cut system and licensing costs while gaining the ability to quickly provision and move workloads from system to system. Logical Domains and Xen-based paravirtualization support add even more virtualization flexibility.9.Designed for high availabilityPredictive Self Healing is a key feature in the Solaris 10 OS that helps you increase system and service availability. It automati-cally detects, diagnoses, and isolates system and software faults before they cause downtime. And it spans the full range from diagnosis to recovery on SPARC, AMD Opteron™ and Athlon, and Intel® Xeon®and Core Duo processor-based systems.10.Designed for performanceThe Solaris 10 OS has set over 244 priceperformance records since its release,unleashing even more power from existingapplications. Download the latest Sun™Studio compilers and developer tools tobring even greater performance to yourapplications.For business, industry, and developersThe Solaris 10 OS offers the technology, flexi-bility, and versatility you need to get down tobusiness immediately, whether you’re a smalldeveloper, a large enterprise, or anything inbetween.OpenSolaris participation and OS releaseMore than an open source project, OpenSolarisis also a community, a Web site for collabora-tion — and now provides a supported, leadingedge release every six months. The OpenSolarisrelease is available at , andSolaris source code, downloads, developertools, mailing lists, user groups, and events areall available at . OpenSolaristechnology features a single source base forSPARC and x86 platforms. It includes the keyinnovations delivered in the Solaris 10 OS, aswell as providing access to new technologiesas they’re being developed. The OpenSolarisproject and release provide a low-risk optionfor evaluating emerging OS technologies, plusan excellent opportunity to participate inshaping the direction of the Solaris OS.Development toolsDevelopers need integrated, ready-to-use toolsthat are compatible with all the environmentsin which they must deploy applications. Withthat in mind, Sun includes popular softwaretools from the free and open source world andcomplements them with access to key Sundeveloper technologies like the Sun Studiocompilers and tools and unique Solaris 10utilities such as DTrace.Solaris 10 technologiesWith the Solaris OS, you get compelling newfeatures that your applications can take advan-tage of immediately with few, if any, changes.Binary and source compatibility with previousreleases also helps make it easier to move toSolaris 10 from earlier releases of Solaris.DTraceSystem administrators, integrators, and devel-opers can use the dynamic instrumentation andtracing capabilities in the Solaris OS to see what’sreally going on in the system. Solaris DTracecan be safely used on production systems —without modifying applications. It is a powerfultool that gives a comprehensive view of theentire system, from kernel to application, eventhose running in a Java™ Virtual Machine. Thislevel of insight reduces the time for diagnosingproblems from days and weeks to minutes andhours and ultimately reduces the time to fixthose problems.Solaris ContainersSolaris Containers is an OS-level virtualizationtechnology built into the Solaris 10 OS. Usingflexible, software-defined boundaries to isolatesoftware applications and services, this break-through approach allows multiple privateexecution environments to be created withina single instance of the Solaris OS. Each envi-ronment has its own identity, including adiscrete network stack, separate from theunderlying hardware, so it behaves as if it’srunning on its own system — making consoli-dation simple, safe, and secure.By dynamically controlling application andresource priorities, businesses can define andachieve predictable service levels. Systemadministrators can easily meet changingrequirements by quickly provisioning newSolaris Containers or moving them from systemto system or disk to disk within the same systemas capacity or configuration needs change.Containers can be patched in parallel, increasing speed by up to 300% on systems with multiple containers configured. This also raises the bar on the number of contain-ers that can be realistically run on a system. Containers also offer the ability to emulate other environments, prior Solaris releases, such as Solaris 8 and Solaris 9, as well as support for Linux applications.In addition to Solaris Containers, Sun also offers Logical Domains (LDoms), a hardware partitioning technology that allows multiple instances of the Solaris OS to run on a single Sun CoolThreads™ server.Solaris ZFSThe Solaris ZFS file system is designed from the ground up to deliver a general-purpose file system that spans from the desktop to the datacenter. Anyone who has ever lost important files, run out of space on a partition, spent weekends adding new storage to servers, tried to grow or shrink a file system, or experienced data corruption knows the limitations of tradi-tional file systems and volume managers. Solaris ZFS addresses these challenges efficiently and with minimal manual intervention.Predictive Self HealingPredictive Self Healing is an innovative capability in the Solaris 10 OS that automatically diagnoses, isolates, and helps you recover from many hardware and application faults. As a result, business-critical applications and essential system services can continue uninterrupted in the event of software failures, major hardware component failures, and even software config-uration problems.• Solaris Fault Manager continuously monitorsdata relating to hardware and softwareerrors. It automatically and silently detectsand diagnoses the underlying problem andcan automatically take the faulty componentoffline on SPARC, Intel Xeon, and AMD Opteronprocessor based systems. Easy-to-understanddiagnostic messages link to articles in Sun’sknowledge base to help clearly guide admin-istrators through corrective tasks requiringhuman intervention.• Solaris Service Manager (SMF) creates astandardized control mechanism for applica-tion services by turning them into first-classobjects that administrators can observe andmanage in a uniform way. These servicescan automatically be restarted if they’reaccidentally terminated by an administrator,fail as the result of a software programmingerror, or interrupted by an underlyinghardware problem.PerformanceOptimizing performance and efficiency inSolaris 10 is the result of many factors: under-lying technologies, system configuration andutilization, tools, applications, and systemtuning. An enhanced networking stack mini-mizes latency and offers improved networkperformance for most applications out ofthe box.With DTrace, you can delve deeply into today’scomplex systems when troubleshooting systemicproblems or diagnosing performance bottlenecks— in real time and on the fly. Additional built-in technologies that help deliver increasedapplication performance include:• High-performance networking stack• Filesystem performance• Tools and libraries• Multiple page-size support (MPSS)• Memory placement optimization (MPO)SecuritySecurity is more than a mix of technologies;it’s an ongoing discipline. Sun understandsthis and continues its 20-year commitment toenhancing security in the Solaris OS. SolarisUser and Process Rights Management plusSolaris Containers enable the secure hostingof hundreds of applications and multiplecustomers on the same system. Administratorscan use features such as Secure by Default tominimize and harden the Solaris OS even more.Additionally, Solaris Trusted Extensions providestrue multi-level security for the first time in acommercial-grade OS, running all your existingapplications and supported on over 1,000different system models.• Verify your system’s integrity by employingSolaris Secure Execution and file verificationfeatures• Reduce risk by granting only the privilegesneeded for users and processes• Simplify administration and increase privacyand performance by using the standards-based Solaris Cryptographic Framework• Secure your system using dynamic serviceprofiles, including a built-in, reduced-exposurenetwork services profile• Control access to data based on its sensitivitylevel by using the labeled security technologyin Solaris Trusted ExtensionsNetworkingExponential growth in Web connectivity, services,and applications is generating a critical needfor increased network performance. With theSolaris 10 OS, Sun meets current and futurenetworking challenges by significantly improvingnetwork performance without requiring changesto existing applications. The Solaris 10 OS speedsapplication performance via the Network Layer7 Cache and enhanced TCP/IP and UDP/IPperformance. The latest networking techno-logies, such as 10-Gigabit Ethernet and hardwareoff-loading, are all supported out of the box.Additionally, the Solaris 10 OS supports current IPv6 specifications, high availability, streaming, and Voice over IP (VoIP) networking through extended routing and protocol support —meeting the carrier-grade needs of a growing customer base.Platform choiceThe Solaris 10 OS is optimized for Sun and third-party systems running 64-bit SPARC, AMD, and Intel processors. This makes it possible to create horizontally and vertically scaled infra-structures and offers the flexibility to easily add compute resources. The OS runs on hardware ranging from laptops and single-board computers to datacenter and grid installations, while serving applications ranging from military command-and-control systems to telecommunications switch gear and stock trading.InteroperabilityThe Solaris 10 OS provides interoperability from the desktop to the datacenter across a range of hardware systems, operating platforms, and technologies, making it the ideal platform for today’s heterogeneous compute environments. Not only does it interoperate with both Linux and Microsoft Windows, it also supports popular open source applications and open standards such as Universal Description, Discovery, and Integration (UDDI); Simple Object Access Protocol (SOAP); Web Services Description Language (WSDL); and eXtensible Markup Language (XML).• Source and binary compatibility for Linux applications and interoperability with Microsoft Windows systems• Includes Perl, PHP, and other widely used scripting languages• Includes Apache, Samba, sendmail, IP Filter, BIND, and other popular open source software • Supports Java application development and deployment with the Java Platform, Enterprise Edition (Java EE) and Java Platform, Standard Edition (Java SE)• Includes authentication support for LDAP-based directory servers and Kerberos-based infrastructures© 2009 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, Solaris, OpenSolaris, Java , and CoolThreads are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the US and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD logo, the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel® Xeon® is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Information subject to change without notice. SunWIN #420130 Lit. #SWDS12147-4 09/09 Sun Microsystems, Inc.4150 Network Circle, Santa Clara, CA 95054 USA Phone1-650-960-1300 or 1-800-555-9SUN Web 。

.Solaris 10操作系统概述1.1 Solaris 10是什么提起Solaris，在人们印象中可能是这样一个场景：在拥挤阴暗的机房里，一个笨重的Sun SPARC服务器的屏幕上滚动着神秘的字符。

除了专门的服务器管理人员，没有人知道它在做什么。

对于大多数读者来说，Solaris有一副让人难以接近的冰冷的面孔。

而且，在这冰冷的面孔背后，还有不菲的价格。

所有这些，都让人不敢接近它，于是，Solaris 成了深闺中的宠儿，神秘而娇嫩。

然而，随着Solaris 10的发布，“深闺中的宠儿”向大众走来，渴望技术人员能了解它、掌握它、使用它。

那么，Solaris到底是什么呢？简单地说，Solaris是一种操作系统。

通过计算机操作系统可以控制计算机，可以听音乐、玩游戏、上网聊天和看新闻，还可以在操作系统上开发游戏软件，搭建网站，为大家提供新闻服务。

在这个领域中，有读者熟悉的微软公司的Windows操作系统，还有被众多自由软件爱好者喜爱的Linux操作系统。

而刚刚发布的Solaris 10到底能给我们带来些什么呢？首先，Solaris 10已经改变了冰冷的面孔，换了一副招人喜爱的样子。

Solaris 10的桌面已经窗口化和菜单化。

新的Java控制台界面使人感觉更加亲近和舒适。

在这里，用户可以通过单击图标来上网浏览和发送邮件，也可以打开StarSuite7写文档和其他应用程序。

这一切和微软的Windows非常相似。

有些读者可能知道，以前的Solaris只能安装在Sun公司的SPARC平台的计算机上，是无法安装在普通用户家中的计算机的。

但是，现在的Solaris 10拥有了专门针对普通用户计算机的x86版，它支持目前的大多数台式计算机，而且其安装界面可以选择中文，一般用户也可以轻松安装。

其次，在应用软件方面，Solaris 10不再是仅仅能运行服务器端的软件，还有大量的客户端的软件可以供桌面用户选择安装。

用户可以方便地使用系统自带的浏览器软件进行上网、发送邮件和文字处理。

梯调系统配置文件一、Solaris 10安装说明将Solaris 10操作系统安装光盘（DVD版）放入光驱，在OK提示符下（# halt , 或按stop+A出现），键入boot cdrom。

1、在“Select a Language”窗口下，选择6：Simplified Chinese2、在“欢迎”窗口下，点击“下一步”3、在“网络连接”窗口下，选择“联网的”，点击“下一步”4、在“配置多个网络接口”窗口下，选择ce0、ce1，点击“下一步”5、在“主网络接口”窗口下，选择ce0，点击“下一步”6、在“ce0的DHCP”窗口下，选择“否”，点击“下一步”7、在“ce0的主机名”窗口下，输入主机名，点击“下一步”8、在“ce0的IP地址”窗口下，输入IP地址，点击“下一步”9、在“ce0的网络掩码”窗口下，输入255.255.255.0，点击“下一步”10、在“ce0的IPV6”窗口下，选择“否”，点击“下一步”11、在“ce0的缺省路由”窗口下，选择“无”，点击“下一步”12、在“ce1的DHCP”窗口下，选择“否”，点击“下一步”13、在“ce1的主机名”窗口下，输入主机名，点击“下一步”14、在“ce1的IP地址”窗口下，输入IP地址，点击“下一步”15、在“ce1的网络掩码”窗口下，输入255.255.255.0，点击“下一步”16、在“ce1的IPV6”窗口下，选择“否”，点击“下一步”17、在“ce1的缺省路由”窗口下，选择“无”，点击“下一步”18、在“Kerberos”窗口下，选择“否”，点击“下一步”19、在“名称服务”窗口下，选择“无”，点击“下一步”20、在“时区”窗口下，选择“地区性的洲/国家/地区”, 点击“下一步”21、在“洲与国家”窗口下，点击“亚洲”选择“中国”，点击“下一步”22、在“日期和时间”窗口下，输入正确时间，点击“下一步”23、在“超级用户（root）口令”窗口下，输入超级用户口令点击“下一步”24、在“确认信息”窗口下，选择“确认”25、在“欢迎”窗口下，点击“下一步”26、在“安装选项”窗口下，点击“下一步”27、在“指定媒体”窗口下，选择“CD/DVD”，点击“下一步”28、正在初始化…29、在“许可证”窗口下，选择“接受”，击“下一步”30、在“选择升级安装或初始安装”窗口下，选择“初始安装”，击“下一步”31、在“选择安装类型”窗口下，选择“自定义安装”，点击“下一步”32、在“选择软件语言环境”窗口下，选择“亚洲，中文（zh）”点击“下一步”33、在“选择系统语言环境”窗口下，选择“亚洲，中文（zh）”点击“下一步”34、在“选择附带软件”窗口下，选择“Solaris 10 Extra Value Software 87.3MB”，点击“下一步”35、在“附加产品”窗口下，选择“无”，点击“下一步”36、在“选择Solaris 软件组”窗口下，选择“整个郡组以及OEM”的“缺省包”，点击“下一步”37、在“选择磁盘”窗口下，点击“下一步”38、在“保存数据”窗口下，选择“否”，点击“下一步”39、在“分布文件系统”窗口下，选择“修改”选择“确定”，点击“下一步”31、在“准备安装”窗口下，点击“立即安装”32、重新引导后，出现“Do you need to override the system’s default NFS version 4 domain name (yes/no)?[no]：输入“no”，回车33、输入用户名：root34、输入密码：xxxx35、选择其中一个：选择“公用桌面环境”36、安装完毕二、Sun Fire V240磁盘镜像在安装系统时，到划分硬盘分区那一步时，给硬盘预留一部分的空间，可以是200MB。

Solaris 10 強化密碼的加密方式Solaris 對密碼的加密我只能說很爛，但到了Solaris 10後它也可以用和Linux相同的方法來加密了。

本篇介紹一些Solaris 10的帳號加密選擇和強化密碼的管理。

Solaris使用者帳號密碼的加密方式是很兩光的，解密的程式輕易的就可以解開。

為了強化系統的安全性，Solaris 10在加密的功能上提供了不少好用的東西，現在先針對帳號密碼加密及安全上做介紹。

Solaris 10提供了四種帳號密碼加密的演算法，下面的表是四種的說明。

Solaris預設是使用__unix__，所以密碼長度限制為8個字元，我們來做個實驗。

建立一個使用者abc並將其密碼設定為1234567890 共10個字元。

然後使用abc這個帳號連入，輸入密碼的前8，也就是12345678。

你會發現登入時的密碼和設定的並不相同，但是我們還是進入系統了。

# useradd abc# passwd abcNew Password: 1234567890Re-enter new Password: 1234567890passwd: password successfully changed for abc# ssh abc@.Password: 12345678Last login: Thu Sep 7 16:38:38 2006 from c01093.ncic.corCould not chdir to home directory /home/abc: No such file or directorySun Microsystems Inc. SunOS 5.10 Generic January 2005$ iduid=100(abc) gid=1(other)果然是安全性很不夠，沒關係Solaris 10可以讓它變得更安全。

Solaris 10的密碼的加密演算法的相關設定是放在/etc/security/policy.conf裡面，讓我們先來看看裡面有些什麼內容# cat /etc/security/policy.conf......# crypt(3c) Algorithms Configuration## CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to# be used for new passwords. This is enforced only in crypt_gensalt(3c).#CRYPT_ALGORITHMS_ALLOW=1,2a,md5# The Solaris default is the traditional UNIX algorithm. This is not# listed in crypt.conf(4) since it is internal to libc. The reserved# name __unix__ is used to refer to it.#CRYPT_DEFAULT=__unix__......因為相關的設定只有二行，所以我把不相關的部份都略去了。

Solaris10启⽤、重启和关闭服务Solaris 服务管理器(Service Management Facility, SMF)是Solaris 10以及后续版本的Solaris操作系统当中采⽤的软件服务管理⼯具。

SMF按照服务的相关性来启动、停⽌和管理服务，并兼容现有的管理习惯(如启动脚本等)。

对于使⽤过Windows的读者来说，SMF的功能类似于“控制⾯板”中的“服务”；对于使⽤过Linux和Unix的读者来说，这个功能部分替代了/etc/rc*.d中的启动脚本和超级服务器inetd/xinetd的功能。

重启⽹络服务:svcadm restart networkSMF特性简介当出现了管理错误、软件缺陷或者是硬件缺陷导致服务程序异常中⽌的时候，SMF可以⾃动按照⼀定的次序重新启动服务。

使⽤svcs命令可以查看所有的服务，⽽是⽤svcadm和svccfg命令可以管理所有的服务。

使⽤svcs -p命令可以查看与本服务相关联的其他服务。

通过服务快照设置可以很容易地实现服务的备份和恢复。

通过svcs -x命令可以很容易地对服务进⾏调试，并且可以使每个服务都有⾃⼰的固定⽇志。

所有的服务都可以通过svcadm进⾏启动和关闭。

具有相应⾓⾊的⾮root⽤户也可以启动、修改和关闭服务。

SMF服务标⽰SFM服务标识(Fault Management Resource Identifier, FMRI)指的是服务实例的命名。

举个例⼦，rlogin服务的FMRI是svc:/network/login:rlogin。

同理，类似的FMRI还有svc:/system/system-log:default。

SMF服务状态服务的状态包括如下⼏种类型：状态标⽰状态描述degraded 服务已经启动，但是在受限制的状态下运⾏。

disabled 服务处于关闭状态。

legacy_run 这个服务⽬前⽆法被SMF所管理，但是可以被SMF所监测到。

Solaris系统安全文档（for solaris 10）1．禁用不需要的用户备份：备份/etc/passwdcp /etc/passwd /etc/passwd.080903cp /etc/shadow /etc/shadow.080903修改：编辑/etc/shadow，将需要禁止帐户的**用NP代替Example: noaccess:NP:60002:60002:No Access User:/:/sbin/noshell恢复：编辑/etc/shadow，将需要恢复帐户的NP用**代替Example: noaccess:**:60002:60002:No Access User:/:/sbin/noshell或使用备份还原cp /etc/passwd.080903 /etc/passwdcp /etc/shadow.080903 /etc/shadow恢复：用原始备份还原cp /etc/group.bak.2008 /etc/group2．设置用户密码安全策略（根据具体要求修改）修改全局密码策略备份：备份/etc/default/passwdcp /etc/default/passwd /etc/default/passwd.080903#MINDIFF=3 #最小的差异数，新密码和旧密码的差异数。

#MINALPHA=2 #最少字母要多少#MINNONALPHA=1 #最少的非字母，包括了数字和特殊字符。

#MINUPPER=0 #最少大写#MINLOWER=0 #最少小写#MAXREPEATS=0 #最大的重复数目#MINSPECIAL=0 #最小的特殊字符#MINDIGIT=0 #最少的数字#WHITESPACE=YES #能使用空格吗？修改：（以下只针对除root用户外的其他用户）编辑/etc/default/passwd,设置：MINWEEKS= 最短改变时间MAXWEEKS=8 密码最长有效时间WARNWEEKS=5 密码失效前几天通知用户PASSLENGTH=8 最短密码长度MINDIFF=3MINALPHA=2MINLOWER=1MINDIGIT=1恢复：用备份的原始/etc/default/passwd文件替换现有的/etc/default/passwd如需针对个别用户设置修改/etc/shadow 文件，备份：cp /etc/shadow /etc/shadow.080903shadow 文件格式如下：loginID:password:lastchg:min:max:warn:inactive:expire:例如：默认root 用户的格式为：root:lySCmJ.1txm4M:6445::::::loginID 指登陆用户名password 密码选项，例如13位加密字符，或者*LK*锁定用户，或NP，无法登陆用户lastchg 指最后密码修改日期，从1970年1月1号开始计算min 指两次密码修改间隔的最少天数max 指密码最大有效天数warn 指密码过期前开始发出提醒的天数inactive 指如果用户未登陆超过多少天将把用户锁定expire 用户过期时间，即到达此日期后用户过期，将无法登陆以上选项如为设置，留空，即代表无密码策略如需使用/etc/shadow 设置密码策略，则/etc/default/passwd 文件中MINWEEKS MAXWKEEKS WARNWEEKS PASSLENGTH 等选项不应设置参数。

An Oracle White PaperApril 2010How to Install the Oracle® Solaris 10Operating System on x86 SystemsIntroduction.........................................................................................1
Installation Assumptions.....................................................................2
Check the Hardware Compatibility List...............................................2
Basic System Requirements...............................................................2
Obtaining Media for the x86 Platform.................................................3
Power Up and Media Boot..................................................................3
Installing the Oracle Solaris 10 5/09 Operating System.....................4
Identifying the Console...................................................................4
Selecting the Type of Installation....................................................5
System Configuration......................................................................6
For More Information........................................................................26
IntroductionThis white paper instructs users unfamiliar with the Oracle® Solaris 10 operating system installation on how to install Oracle Solaris 10 on an Oracle supported x86 system (including the family of 32-bit x86 systems as well as 64-bit AMD64™ and Intel® 64 systems). It is assumed that you are installing Oracle Solaris 10 5/09; all features described in this guide may not be available in earlier updates. This step-by-step guide, complete with screen shots, takes users through the installation process in 22 simple steps. Novice users should be able to complete an Oracle Solaris 5/09 operating system installation on a standalone x86 system using the instructions in this guide.Installation AssumptionsThis guide makes several assumptions, including•The system is an x86 system.•The system is compatible with the Oracle Solaris 10 5/09 OS and is listed on the Oracle Solaris Hardware Compatibility List (HCL).•The system has a graphical interface.While this guide is most appropriate for a standalone system that does not connect to a network or connects to a network with automatic configuration, it can be used to install a system with a fixed IP address if the network configuration information is available.If problems arise during the installation process that are not discussed in this guide, refer to the Oracle Solaris 10 OS Installation Guide: Basic Installations for more information. This guide is part of the Oracle Solaris 10 Release and Installation Collection located on the Sun Web site at/app/docs/prod/solaris.10.Check the Hardware Compatibility ListThe first step before the installation process is to verify that the system to be installed is on the hardware compatibility list located at: /bigadmin/hcl/.Note: The term x86 refers to the family of 32-bit x86-compatible architecture and 64-bit AMD64 and Intel 64.Basic System RequirementsVerify the computer system meets the following requirements. Note that the requirements below are recommended minimums. While it is possible to install Oracle Solaris 10 on a system with less disk capacity and CPU speed, it is not recommended.•Minimum 1,024 MB of physical RAM•Minimum 10 GB of available hard drive space•Minimum 400 MHz CPU speed•DVD or CD-ROM drive•Attached monitor or integrated displayFor more information on Oracle Solaris system requirements, visit /solaris. For a catalog of the more than 5000 Oracle Solaris-ready applications and solutions, visit/bigadmin/apps.Obtaining Media for the x86 PlatformThe Oracle Solaris 10 5/09 OS release is available via download from the Oracle Web site.1.Go to /solaris/ and click on the Oracle Solaris logo if you want to obtain informationabout the Oracle Solaris 10 5/09 OS; if not, proceed to step 2.2.Go to /solaris/get to begin the download process.3.Choose Oracle Solaris 10 on the list of available downloads.4.Click on the appropriate media format (Oracle Solaris for x86 systems).5.Register at the Sun Download Center, if you have not already done so.6.Answer the short questionnaire.7.Read and accept the license agreement.8.Download and burn the CDs or DVDs.See the Oracle Solaris 10 FAQs located at /solaris/get for guidance, instruction, and tips on downloading Oracle Solaris 10 or burning installation CD and DVD media.Power Up and Media BootIf you do not want to substitute your current operating system and instead you want to run Oracle Solaris as a guest OS or virtual machine, please download and install Oracle VM VirtualBox for free from /.The following procedure can be used to install Oracle Solaris 10 5/09 on a new or used system.1.Power up the system and insert the first installation CD or DVD into the drive tray.2.Restart the system.3.If the system appears to be booting from the hard disk and the Oracle Solaris OS installer doesnot start, power cycle the system (power cycle is shutting down the power on the system and then restarting the system). As the system begins to boot, enter setup mode. Typically, the systemdisplays a message indicating which key to press (such as "Enter F2 to enter setup", although the key to press varies by manufacturer; the ESC and F12 keys are other common options.) If you miss the message, simply restart the system a couple of times until you are able to view it.Once in setup mode, specify the boot device for the system. This example specifies the CD or DVD drive as the boot device. To do so, find the list that describes boot order and re-order as needed to ensure the CD or DVD drive appears first on the list. The system should boot from the CD or DVD drive to start the install process.Installing the Oracle Solaris 10 5/09 Operating SystemIdentifying the ConsoleThe next step in the installation process is to select the type of console for the hardware on which Oracle Solaris is being installed. Use the arrow keys to select the version of Oracle Solaris OS that matches the hardware configuration. For most x86 systems, use the default selection.Press the ENTER key and boot the version of operating system selected. The highlighted entry boots in 60 seconds even if a key is not pressed.Note: Prompts do not appear during the boot process. If a selection is not made, the screen times out and the systemautomatically boots the Oracle Solaris OS.Selecting the Type of InstallationAfter the ENTER key is pressed or the counter times out, a series of dots will run on the screen and you will see the basic device configuration message along with a menu with six installation options.Before this new counter times out, select option 3 to install Oracle Solaris 10 5/09 from the beginning using the Oracle Solaris ZFS as the root file system. You can get more information on Oracle Solaris ZFS from /us/products/servers-storage/storage/storage-software/031857.htm.Note: If you don’t want to use Oracle Solaris ZFS as your root file system, you can use option 1. Please refer to the previousversion of this white paper.Once option 3 is selected, you'll see the following screen with some information regarding your hardware. Keep in mind that the hardware information displayed (such as "nge0") may differ from the exact data displayed below and that each step can take up to a couple of minutes to complete.After a few seconds, you are presented with the keyboard layout configuration in case you don't have a standard keyboard or if you have a localized keyboard. If you have a US keyboard, press the [F2] key; if not, select the right language using the arrow keys to move up or down, make your selection with the [space bar] and then press [F2] to continue.Immediately, you'll see the following message. Press ENTER to continue.System ConfigurationA series of screens guides you through the Oracle Solaris configuration process. Note that the graphical screens require a mouse to be rolled over the window in order to answer questions posed throughout the configuration process.1.After you press ENTER, the system configuration process will start through a series of windows.Please roll the mouse over the window, click the mouse, and press ENTER to continue.2.Select a language for the system.3. A new window, the Oracle Solaris Install Console, appears in the bottom-right corner. Thiswindow is used to display pertinent installation messages. Another window appears in which the Oracle Solaris OS installation questions should be answered. Press [F2] to continue.4.The system identification process begins. Press [F2] to continue.5.The Network Connectivity window appears. Use the default answer, (unless you don't have anetwork) and press [F2] to continue.6.The DHCP selection appears. For most cases, just select DHCP for your network configurationusing the arrow keys and the space bar to make the selection and then press [F2] to continue.7.The IPv6 window appears. Just use the default and press [F2] to continue.8.The Confirmation window appears. If you agree with your selections, press [F2] to continue; ifnot, press [F4] and the process will go back to step 5.9.The Security Policy window appears. Use the default for No Kerberos configuration. Press [F2] tocontinue.10.For confirmation of your policy selection, press [F2] and continue to the next screen.11.The Name Service window appears. Select NONE using the arrow keys and pressing the space barto select, then press [F2] to continue.12.For confirmation of your selection, press [F2] and continue to the next screen.13.The NFSv4 domain name window appears. Let the system use the default option and press [F2] tocontinue.14.For confirmation of your selection, press [F2] to continue to the next screen.15.The Time Zone window appears. Next, set the time zone for the system. This example sets theAmericas time zone. Use the arrow keys and the space bar to make the selection. Press [F2] to continue.16.Time Zone cont'd. Set the United States Country & Region, then press [F2] to continue.17.Time Zone cont'd. Set the Pacific Time. Press [F2] to continue.18.Set current date and time. Use arrow keys and keyboard to change the proposed date and time,then press [F2] to continue.19.To confirm your selection, press [F2] to continue.20.The Root Password window appears. Set the root password. Note the password typed remainsinvisible. Re-enter the password in the second box and press [F2] to continue.21.The Network Services window appears. Click [F2] to continue.22.The Remote Services window appears. In this window, you can choose a “Secure by default”Oracle Solaris installation, but afterwards individual services should be enabled. If you are unsure of your type of installation, follow the default “Yes” to enable all remote services and press [F2] to continue.23.The Install Progress window appears. Wait for a few minutes while Oracle Solaris installs on yoursystem. After the installation is completed, the system will reboot automatically and will start the Oracle Solaris OS. Remember that in some cases, you will have to eject the media manually.24.The Eject CD/DVD window appears. Use the default. Press [F2] to continue; the system willautomatically eject the media after installation.25.The Reboot After Installation window appears. Use the default. Press [F2] to continue.26.The Confirmation window appears; press [F2] to continue. In some cases, the system will not beable to eject the media after installation. Be sure to eject it manually to avoid starting theinstallation process again; if after the installation your system didn't eject the media and the install process started again, you can simply reboot your system. During the boot process, eject the media and the system will boot from the hard disk using the freshly installed Oracle Solaris 10 image.27.The License window appears. Please read the Oracle Solaris License Agreement, and if you agree,press [F2] to continue.28.The Geographic Regions window appears. To add support for other regions, select the desiredregion; if not, press [F2] to continue.29.The System Locale window appears. Press [F2] to continue.30.The Selection of Additional Products window appears. Press [F2] to continue.31.The Root File System selection window appears. Select ZFS and press [F2] to continue.32.The Software Selection window appears. Use the default and press [F2] to continue.33.The Disk Selection window appears. Use the default and press [F2] to continue.34.The ZFS Configuration window appears. Use the default and press [F2] to continue.35.The Remote Mounts window appears. Use the default and press [F2] to continue.36.The Profile window appears. On this window, you can see a technical description of how OracleSolaris will be installed on your system. Press [F2] to continue.37.The Install Progress window appears. Wait for a few minutes while Oracle Solaris installs on yoursystem. After the installation is completed, the system will reboot automatically and will start the Oracle Solaris OS. Remember that in some cases, you will have to eject the media manually.38.Now you have successfully installed Oracle Solaris 10 5/09 on your system. Login using the rootuser and the password you assigned on step 19.For More InformationFor more information regarding the Oracle Solaris 10 OS, visit/us/products/servers-storage/solaris/index.html.TABLE 1. REFERENCESDOCUMENTATION AND COMMUNITYSun Documentation /Big Admin System Administration Portal /bigadmin/SUN BLUEPRINTS ARTICLESConfiguring JumpStart Servers to Provision Sun x86 Systems /blueprints/0205/819Performing Network Installations Without a Local Boot Server /blueprints/0504/817/blueprints/0905/819Configuring Multiboot Environments on Sun x86 Systems with AMDOpteron ProcessorsRELATED WEB SITESSolaris Hardware Compatibility List /bigadmin/hclSolaris 10 System Requirements /solaris/docs/solaris-sys.pdf NEXT STEPS TO SOLARIS 10 ADOPTIONGet hands on experience with Solaris 10 using "Solaris 10 White Papers" /solaris/whitepapers/index.jsp Get trained on Solaris 10 /pls/web_prod-plq-dad/db_pages.getpage?page_id=402&p_nl=JSOLGet a support contract /us/support/systems/operating-systems/index.htmlParticipate in the OpenSolaris community How to Install the Oracle Solaris 10 Operating System on x86 Systems April 2010Author: Angel Camacho, Larry WakeOracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A.Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0310。

一、Solaris的处理器硬件系统架构Solaris支持多种处理器系统架构：SPARC、x86和x64。

x64即AMD64及EMT 64处理器。

在版本2.5.1的时候，Solaris曾经一度被移植到PowerPC架构, 但是后来又在这一版本正式发布时被删去。

与Linux相比，Solaris可以更有效地支持对称多处理器、即SMP架构。

Sun同时宣布将在Solaris 10的后续版本中提供Linux运行环境, 允许Linux二进制程序直接在Solaris x86和x64系统上运行。

Solaris传统上与基于Sun SPARC处理器的硬件体系结构结合紧密, 在设计上和市场上经常捆绑在一起，整个软硬件系统的可靠性和性能也因此大大增强。

然而SPARC系统的成本和价格通常要高于PC类的产品，这成为Solaris进一步普及的障碍。

可喜的是，Solaris对x86体系结构的支持正得到大大加强，特别是Solaris 10已经能很好地支持x64(AMD64/EMT64)架构。

Sun公司已推出自行设计的基于AMD64的工作站和服务器，并随机附带Solaris 10操作系统。

1.SPARC硬件SPARC全称为―可扩充处理器架构‖(Scalable Processor ARChitecture)，是RIS C微处理器架构之一。

它最早于1985年由Sun所设计，也是SPARC国际公司的注册商标之一。

这家公司于1989年成立，其目的是向外界推广SPARC，以及为该架构进行符合性测试。

此外该公司为了扩阔SPARC设计的生态系统，SPARC国际也把标准开放，并授权予多间生产商采用，包括德州仪器、Cypress半导体、富士通等。

由于SPARC架构也对外完全开放，因此也出现了完全开放源代码的LEON处理器，这款处理器以VHD L语言写成，并采用LGPL授权。

SPARC架构原设计给工作站使用，及后应用在Sun、富士通等制造的大型SMP服务器上。

Oracle®Solaris10安全准则文件号码E38845–022013年6月版权所有©2011,2013,Oracle和/或其附属公司。

保留所有权利。

本软件和相关文档是根据许可证协议提供的，该许可证协议中规定了关于使用和公开本软件和相关文档的各种限制，并受知识产权法的保护。

除非在许可证协议中明确许可或适用法律明确授权，否则不得以任何形式、任何方式使用、拷贝、复制、翻译、广播、修改、授权、传播、分发、展示、执行、发布或显示本软件和相关文档的任何部分。

除非法律要求实现互操作，否则严禁对本软件进行逆向工程设计、反汇编或反编译。

此文档所含信息可能随时被修改，恕不另行通知，我们不保证该信息没有错误。

如果贵方发现任何问题，请书面通知我们。

如果将本软件或相关文档交付给美国政府，或者交付给以美国政府名义获得许可证的任何机构，必须符合以下规定：ERNMENT END USERS:Oracle programs,including any operating system,integrated software,any programs installed on the hardware,and/or documentation,delivered to U.S. Government end users are"commercial computer software"pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.As such,use,duplication,disclosure,modification,and adaptation of the programs,including any operating system,integrated software,any programs installed on the hardware,and/or documentation,shall be subject to license terms and license restrictions applicable to the programs.No other rights are granted to the ernment.本软件或硬件是为了在各种信息管理应用领域内的一般使用而开发的。

Solaris 10用户管理入门:用户配置文件与命令(2)一、了解Solaris 10 用户配置文件1、了解标准用户表-1 列出了系统在安装过程中创建的标准用户（其中所列内容与/etc/passwd文件的描述是一致的）。

表中的组id号是用户所在的首要组的代号。

这是solaris安装过程中自动设置的。

表-1 Solaris 系统标准用户3了解solaris 10 用户、用户组配置文件● /etc/passwd与用户相关的系统配置文件主要有/etc/passwd 和/etc/shadow，其中/etc/shadow是用户资讯的加密文件，比如用户的密码口令的加密保存等；/etc/passwd 和/etc/shadow 文件是互补的。

/etc/passwd 的内容简介：在/etc/passwd 中，每一行都表示的是一个用户的信息；一行有7个段位；每个段位用:号分割，图-1是我的系统中的/etc/passwd 的行；图-1 /etc/passwd文件第一字段：用户名（也被称为登录名）；在上面的例子中，我们看到用户名是 cjh；第二字段：口令；在例子中我们看到的是一个x，其实密码已被映射到/etc/shadow 文件中；第三字段：UID ，用户ID，101；第四字段：GID，组ID，1；第五字段：用户名全称，这是可选的；第六字段：用户的家目录所在位置；cjh这个用户是/home/cjh ；第七字段：用户所用SHELL 的类型，cjh是 bash ；所以设置为/bin/sh ；● /etc/shadow/etc/shadow文件是/etc/passwd 的影子文件，这个文件并不由/etc/passwd 而产生的，这两个文件是应该是对应互补的；shadow内容包括用户及被加密的密码以及其它/etc/passwd 不能包括的信息，比如用户的有效期限等；这个文件只有root权限可以读取和操作，权限如下：# ls -l /etc/shadow-r-------- 1 root root 1256 08-08 05:01 /etc/shadow/etc/shadow 的权限不能随便改为其它用户可读，这样做是危险的。

Solaris 10 強化密碼的加密方式Solaris 對密碼的加密我只能說很爛，但到了Solaris 10後它也可以用和Linux相同的方法來加密了。

本篇介紹一些Solaris 10的帳號加密選擇和強化密碼的管理。

Solaris使用者帳號密碼的加密方式是很兩光的，解密的程式輕易的就可以解開。

為了強化系統的安全性，Solaris 10在加密的功能上提供了不少好用的東西，現在先針對帳號密碼加密及安全上做介紹。

Solaris 10提供了四種帳號密碼加密的演算法，下面的表是四種的說明。

Solaris預設是使用__unix__，所以密碼長度限制為8個字元，我們來做個實驗。

建立一個使用者abc並將其密碼設定為1234567890 共10個字元。

然後使用abc這個帳號連入，輸入密碼的前8，也就是12345678。

你會發現登入時的密碼和設定的並不相同，但是我們還是進入系統了。

# useradd abc# passwd abcNew Password: 1234567890Re-enter new Password: 1234567890passwd: password successfully changed for abc# ssh abc@.Password: 12345678Last login: Thu Sep 7 16:38:38 2006 from c01093.ncic.corCould not chdir to home directory /home/abc: No such file or directorySun Microsystems Inc. SunOS 5.10 Generic January 2005$ iduid=100(abc) gid=1(other)果然是安全性很不夠，沒關係Solaris 10可以讓它變得更安全。

Solaris 10的密碼的加密演算法的相關設定是放在/etc/security/policy.conf裡面，讓我們先來看看裡面有些什麼內容# cat /etc/security/policy.conf......# crypt(3c) Algorithms Configuration## CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to# be used for new passwords. This is enforced only in crypt_gensalt(3c).#CRYPT_ALGORITHMS_ALLOW=1,2a,md5# The Solaris default is the traditional UNIX algorithm. This is not# listed in crypt.conf(4) since it is internal to libc. The reserved# name __unix__ is used to refer to it.#CRYPT_DEFAULT=__unix__......因為相關的設定只有二行，所以我把不相關的部份都略去了。

SUN服务器Solaris®安装步骤1.开机加电，等待显示器亮后，按Ctrl+Break键。

2.服务器进入0K监控状态：0K将SolarislO系统盘插入光驱，并在OK提示符下输入以下命令：OK boot cdrom。

3.等待系统出现如下提示：Select a LanguageO. English1.French2.German3.Italian4.Japanese5.Korean6.Simplified Chinese7.Spanish8.Swedish9.Traditional ChinesePlease make a choice (O - 9), or press h or ? for help:安装语言选择0.English输入0后按F-2;4.出现如下提示：Select a Locale0. English (C - 7-bit ASCII)1.Albania (ISO8859-2)2.Australia (ISO8859-1)3.Belgium-Flemish (ISO8859-1)4.Belgium-Flemish (ISO8859-15 - Euro)5.Bosnia (ISO8859-2)6.Brazil (ISO8859-1)7.Brazil (UTF-8)8.Bulgaria (ISO8859-5)9.Canada-English (ISO8859-1)10.Catalan, Spain (ISO8859-1)11.Catalan, Spain (ISO8859-15 - Euro)12.Croatia (ISO8859-2)13.Czech Republic (ISO8859-2)14.Denmark (ISO8859-1)15.Denmark (ISO8859-15 - Euro)16.Egypt (ISO8859-6)17.Egypt (UTF-8)18.Estonia (ISO8859-15)Press Return to show more choices.Please make a choice (0 - 59), or press h or ? for help: 本地语言选择0. English (C - 7-bit ASCI,输入0后按F-2；5.在终端上安装SolarislO,这时会出现如下提示：What type of terminal are you using?1)ANSI Standard CRT2)DEC VT523)DEC VT1004)Heathkit 195)Lear Siegler ADM316)PC Console7)Sun Command Tool8)Sun Workstation9)Televideo 91010)Televideo 92511)Wyse Model 5012)X Terminal Emulator (xterms)13)CDE Terminal Emulator (dtterm)14)OtherType the number of your choice and press Return:终端类型选择3)DEC VT10(输入3后按F-2;6.出现如下提示：q The Solaris Installation Program qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqThe Solaris installation program is divided into a series of short sections where you'll be prompted to provide information for the installation. At the end of each section, you'll be able to change the selections you've made before continuing.About navigation...-The mouse cannot be used-If your keyboard does not have function keys, or they do not respond, press F; the legend at the bottom of the screen will change to show the F keys to use for navigation. qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq qqqqq F2_Continue F6_HelpSolaris的安装分为好几部分，每一部分后面都需要进行确认，如果发现有错,可以更改先前输入的信息，按F-2 继续安装；7. 出现如下提示：q Identify This SystemqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqOn the next screens, you must identify this system as networked or non-networked, and setthe default time zone and date/time.If this system is networked, the software will try to find the information it needs to identify your system; you will be prompted to supply any information it cannot find.> To begin identifying this system, press F2.qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq qqqqqqqq F2_Continue F6_Help开始定义系统的名字、网络、及掩码，时区及时间，按F-2 继续安装；- Network Connectivity --------------------------------------Specify Yes if the system is connected to the network by one of the Solaris or vendor network/communication Ethernet cards that are supported on the Solaris CD. See yourhardware documentation for the current list of supported cards.Specify No if the system is connected to a network/communication card that is notsupported on the Solaris CD, and follow the instructions listed under Help.Networked [X] Yes [ ] NoF-2_Continue F-6_Help提示系统是否连接了网络，选YES按F-2继续安装；- Configure Multiple Network Interfaces -------------------------Multiple network interfaces have been detected on this system. Specify all of the network interfaces you want to configure.Note: You must choose at least one interface to configure.Network interfaces[X] bge0 [ ] bge1 [ ] bge2 [ ] bge3F-2_Continue F-6_Help选择主网卡接口，选bgeO，按F-2继续安装;DHCP for bge0Specify whether or not this network interface should use DHCP to configure itself. Choose Yes if DHCP is to be used, or No if the network interface is to be configured manually.NOTE: DHCP support will not be enabled, if selected, until after the system reboots.Use DHCP for bge0[ ] Yes[X] NoF-2_Continue F-6_Help提示是否需要使用DHCP来配置主机的IP地址，选NO,按F-2继续安装;Host Name for bge0 -----------------------------------------Enter the host name which identifies this system on the network. The name must be unique within your domain; creating a duplicate host name will cause problems on the network after you install Solaris.A host name must have at least one character; it can contain letters, digits, and minus signs (-).Host name for bge0 SUN_M5000F-2_Continue F-6_Help输入主机名：SUN_M5000,按F-2继续安装;IP Address for bge0 -------------------------------Enter the Internet Protocol (IP) address for this network interface. It must be unique and follow your site's address conventions, or a system/network failure could result.IP addresses contain four sets of numbers separated by periods (for example 129.200.9.1).IP address for bge0 XXX.XXX.XXX.XXXF-2_Continue F-6_Help输入主机IP地址，XXX.XXX.XXX.X)按,F-2继续安装;- Subnet for bge0On this screen you must specify whether this system is part of a subnet. If you specify incorrectly, the system will have problems communicating on the network after you reboot.> To make a selection, use the arrow keys to highlight the option and press Return to mark it [X].System part of a subnet [X] Yes [ ] NoF-2_Continue F-6_Help提示主机的网络是否米用子网掩码的方法，选YES按F-2继续安装;- Netmask for bge0 ------------------------------------------On this screen you must specify the netmask of your subnet. A default netmask is shown; do not accept the default unless you are sure it is correct for your subnet. A netmask must contain four sets of numbers separated by periods (for example 255.255.255.0).Netmask for bge0 255.255.255.0F-2_Continue F-6_Help 提示输入子网掩码，输入255.255.255.0 ，按F-2 继续安装;- IPv6 for bge0 -------------------------------------------Specify whether or not you want to enable IPv6, the next generation Internet Protocol, on this network interface. Enabling IPv6 will have no effect if this machine is not on a network that provides IPv6 service. IPv4 service will not be affected if IPv6 is enabled.> To make a selection, use the arrow keys to highlight the option and press Return to mark it [X].Enable IPv6 for bge0 [ ] Yes[X] NoF-2_Continue F-6_Help不使用IPv6技术，选NO,按F-2继续安装；- Set the Default Route for bge0 ------------------------------To specify the default route, you can let the software try to detect one upon reboot, you can specify the IP address of the router, or you can choose None. Choose None if you do not have a router on your subnet.> To make a selection, use the arrow keys to select your choice and press Return to mark it [X].Default Route for bge0 [ ] Detect one upon reboot[X] Specify one[ ] NoneF-2_Continue F-6_Help提示设置缺省网关，选择Specify one,按F-2继续安装；- Default Route IP Address for bge0 ----------------------Enter the IP address of the default route. This entry will be placed in the/etc/defaultrouter file and will be the default route after you reboot (example129.146.89.225).Router IP Address for bge0 XXX.XXX.XXX.XXXF-2_Continue F-6_Help提示输入主机的缺省网关，输入XXX.XXX.XXX.XXC,F-2继续安装;- Confirm Information for bge0 --------------------------------> Confirm the following information. If it is correct, press F2; to change anyinformation, press F4.Networked: YesUse DHCP: NoHost name: SUN_M5000IP address: XXX.XXX.XXX.XXXSystem part of a subnet: YesNetmask: 255.255.255.0Enable IPv6: NoDefault Route: Specify oneRouter IP Address: XXX.XXX.XXX.XXXF-2_Continue F-4_Change F-6_Help 提示确认上面输入的信息，如果上面的输入信息有错，可以按F-4 后重新输入，如果正确，按F-2 继续安装；- Configure Security Policy: --------------------------------Specify Yes if the system will use the Kerberos security mechanism.Specify No if this system will use standard UNIX security.Configure Kerberos Security [ ] Yes[X] NoF-2_Continue F-6_Help提示配置安全策略，选NO,按F-2继续安装；- Confirm Information ---------------------------------------> Confirm the following information. If it is correct, press F2; to change anyinformation, press F4.Configure Kerberos Security: NoF-2_Continue F-4_Change F-6_Help 确认刚才输入的信息，如果刚才输入的信息有错，按F-2 重新输入；如果正确，按F-2继续安装；- Name Service --------------------------------------On this screen you must provide name service information. Select the name service that will be used by this system, or None if your system will eithernot use a name service at all, or if it will use a name service not listed here.> To make a selection, use the arrow keys to highlight the option and press Return to mark it [X].Name service [ ] NIS+[ ] NIS[ ] DNS[ ] LDAP[X] NoneF-2_Continue F-6_Help配置名字服务，选择None （不采用任何名字服务），按F-2继续安装;- Confirm Information --------------------------------> Confirm the following information. If it is correct, press F2; to change anyinformation, press F4.Name service: NoneF-2_Continue F-4_Change F-6_Help 确认刚才输入的信息，如果刚才输入的信息有错，按F-4 重新输入;如果正确，按F-2继续安装；- Time Zone ----------------------------------------On this screen you must specify your default time zone. You can specify a time zone in three ways: select one of the continents or oceans from the list, select other - offset from GMT, or other - specify time zone file.> To make a selection, use the arrow keys to highlight the option and press Return to mark it [X].Continents and Oceans- [ ] Africa| [ ] Americas| [ ] Antarctica| [ ] Arctic Ocean| [X] Asia| [ ] Atlantic Ocean| [ ] Australia| [] Europev [ ] Indian OceanF-2_Continue F-6_Help设置时区，选择ASia,按F-2继续安装；- Country or Region ---------------------------------> To make a selection, use the arrow keys to highlight the option and press Return to mark it [X].Countries and RegionsA[ ] France| [ ] Germany| [ ] Gibraltar| [ ] Greece| [ ] Hungary| [ ] Ireland| [ ] Italy| [ ] Latvia| [ ] Liechtenstein| [ ] Lithuania| [ ] Luxembourg| [ ] Macedoniav [X] ChinaF-2_Continue F-6_Help选择国家或地区，选择China,按F-2继续安装;- Date and Time -------------------------------------> Accept the default date and time or enter new values.Date and time: 2010 —XX--XX 10:48Year (4digits) 2010Month (1-12) : XXDay(1-31) : XXHour (0-23) : 10Minute (0-59) : 48F-2_Continue F-6_Help设置时间，按照当地时间，按F-2 继续安装；Root Password ---------------------------------------Please enter the root password for this system.The root password may contain alphanumeric and special characters. For security, the password will not be displayed on the screen as you type it.> If you do not want a root password, leave both entries blank.Root password: *****Root password: *****F-2_Continue F-6_Help设置root 用户密码，设置为root ，按F-2 继续安装；- Identify This System ------------------------------On the next screens, you must identify this system as networked or non-networked, and set the default time zone and date/time.If this system is networked, the software will try to find the information it needs to identify your system; you will be prompted to supply any information it cannot find.> To begin identifying this system, press F2.F-2_Continue F-6_Help系统鉴别系统信息，直接按F-2 继续安装；- Solaris Interactive Installation ------------------On the following screens, you can accept the defaults or you can customize how Solaris software will be installed by:- Selecting the type of Solaris software to install- Selecting disks to hold software you've selected- Selecting unbundled products to be installed with Solaris- Specifying how file systems are laid out on the disksAfter completing these tasks, a summary of your selections (called a profile) will be displayed.There are two ways to install your Solaris software:- "Standard" installs your system from a standard Solaris Distribution. Selecting "Standard" allows you to choose between initial install and upgrade, if your system is upgradable.- "Flash" installs your system from one or more Flash ArchivesF2_Standard F4_Flash F5_Exit F6_Help- Eject a CD/DVD Automatically? --------------------------During the installation of Solaris software, you may be using one or more CDs/DVDs. You can choose to have the system eject each CD/DVD automatically after it is installed or you can choose to manually eject each CD/DVD.[ ] Automatically eject CD/DVD[X] Manually eject CD/DVDF2_Continue F3_Go Back F5_Exit- Reboot After Installation? -------------------------After Solaris software is installed, the system must be rebooted. You can choose to have the system automatically reboot, or you can choose to manually reboot the system if you want to run scripts or do other customizations before the reboot. You can manually reboot a system by using the reboot(1M) command.[X] Auto Reboot[ ] Manual RebootF2_Continue F3_Go Back F5_Exit- Solaris Interactive Installation --------------------------This system is upgradable, so there are two ways to install the Solaris software.The Upgrade option updates the Solaris software to the new release, saving as many modifications to the previous version of Solaris software as possible. Back up the system before using the Upgrade option.The Initial option overwrites the system disks with the new version of Solaris software. This option allows you to preserve any existing file systems. Back up any modifications made to the previous version of Solaris software before starting the Initial option.After you select an option and complete the tasks that follow, a summary ofyour actions will be displayed.F2_Upgrade F3_Go Back F4_Initial F5_Exit F6_Help- Initializing ----------------------------------The system is being initialized.Loading install media, please wait...- License ------------------------------------------ Sun Microsystems, Inc. ("Sun")| SOFTWARE LICENSE AGREEMENT|| READ THE TERMS OF THIS AGREEMENT ("AGREEMENT") CAREFULLY BEFORE| OPENING SOFTWARE MEDIA PACKAGE. BY OPENING SOFTWARE MEDIA| PACKAGE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE| ACCESSING SOFTWARE ELECTRONIC,AINLLDYICATE YOUR ACCEPTANCE OF| THESE TERMS BY SELECTING THE "ACCEPT"(OR EQUIVALENT) BUTTON AT| THE END OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE| TERMS, PROMPTLY RETURN THE UNUSED SOFTWARE TO YOUR PLACE OF| PURCHASE FOR A REFUND OR, IF SOFTWARE IS ACCESSED ELECTRO, NICALLY| SELECT THE "DECLINE" (OR EQUIVALENT) BUTTON AT THE END OF THIS| AGREEMENT. IF YOU HAVE SEPARATELY AGREED TO LICENSE TERMS| ("MASTER TERMS") FOR YOUR LICENSE TO THIS SOFTWARE, THEN SECTIONS| 1-6 OF THIS AGREEMENT ("SUPPLEMENTAL LICENSE TERMS") SHALL| SUPPLEMENT AND SUPERSEDE THE MASTER TERMS IN RELATION TO THIS| SOFTWARE.|v 1. Definitions.F-2_Accept License F5_Exit-- Select Geographic Regions ----------------------------Select the geographic regions for which support should be installed.> [ ] Australasia> [ ] Asia> [ ] Eastern Europe> [ ] Northern Europe> [ ] Northern Africa> [ ] Middle EastV [/] Southern Europe[ ] Catalan, Spain (ISO8859-1) [ ] Cyprus (Greek) (UTF-8)[ ] Greece (ISO8859-7)[X] Italian[X] Italy (ISO8859-1)[ ] Malta (English) (UTF-8)[ ] Malta (UTF-8)[ ] Portugal (ISO8859-1)[ ] Spain (ISO8859-1)Press Return to hide componentsF-2_Continue F3_Go Back F5_Exit F6_Help- Select System Locale ---------------------------------------Select the initial locale to be used after the system has been installed. [ ] POSIX C( C )Western Europe[ ] Great Britain (ISO8859-1) ( en_GB.ISO8859-1 )[ ] Great Britain (ISO8859-15 - Euro) ( en_GB.ISO8859-15 )[X] Great Britain (UTF-8) ( en_GB.UTF-8 )F-2_Continue F3_Go Back F5_Exit F6_Help- Select Products -----------------------------------Select the products you would like to install.V [X] Solaris 10 Extra Value Software ....... 69.92 MB[X] Sun Validation Test Suite 6.3 ........... 69.92 MBProduct is selected. Press Return to deselectF-2_Continue F3_Go Back F-4_Product Info F5_Exit F6_Help- Additional Products -------------------------------To scan for additional products, select the location you wish to scan. Products found at the selected location that are in a Web Start Ready install form will be added to the Products list.Web Start Ready product scan location:[X] None[ ] CD/DVD[ ] Network File SystemF-2_Continue F3_Go Back F5_Exit- Select Software ----------------------------------Select the Solaris software to install on the system.NOTE: After selecting a software group, you can add or remove software by customizing it.However, this requires understanding of software dependencies and how Solaris software is packaged.[X] Entire Distribution plus OEM support ... 5617.00 MB[ ] Entire Distribution .......... 5573.00 MB[ ] Developer System Support ............ 5460.00 MB[ ] End User System Support ............ 4444.00 MB[ ] Core System Support .............. 971.00 MB [ ] Reduced Networking Core SystemSupport 920.00 MBF-2_Continue F3_Go Back F4_Customize F5_Exit F6_Help- Select Disks ------------------------------------On this screen you must select the disks for installing Solaris software.Start by looking at the Suggested Minimum field; this value is the approximate space needed to install the software you've selected. Keep selecting disks until the Total Selected value exceeds the Suggested Minimum value.NOTE: ** denotes current boot diskDisk DeviceAvailable Space[X] c1t0d0 69994 MB (F4 to edit) [ ] c1t1d0 69994 MBTotal Selected: 69994 MBSuggested Minimum: 4372 MBF-2_Continue F3_Go Back F4_Edit F5_Exit F6_Help- Preserve Data? ------------------------------------Do you want to preserve existing data? At least one of the disks you've selected forinstalling Solaris software has file systems or unnamed slices that you may want to save.F-2_Continue F3_Go Back F4_Preserve F5_Exit F6_Help- Automatically Layout File Systems? ---------------------Do you want to use auto-layout to automatically layout file systems?Manually laying out file systems requires advanced system administration skills.F2_Auto Layout F3_Go Back F4_Manual Layout F5_Exit F6_Help- File System and Disk Layout --------------------------The summary below is your current file system and disk layout, based on the information you've supplied.NOTE: If you choose to customize, you should understand file systems, their intended purpose on the disk, and how changing them may affect the operation of the system.File sys/Mnt point Disk/Slice Sizeoverlap c1t0d0s2 69994 MBF-2_Continue F3_Go Back F4_Customize F5_Exit F6_Help- Customize Disk: c1t0d0 -------------------------------Boot Disk: c1t0d0Entry : Recommended: MB Minimum: MBSlice Mount Point Size (MB)0 01 02 overlap 699943 04 05 06 07 0Capacity: 69994 MBAllocated0 MBFree: 69994 MBF-2_OK F-4_Options F5_Cancel F6_Help- Customize Disk: c1t0d0 -------------------------------------Boot Disk: c1t0d0Slice Mount Point Size (MB)0 / 143391 swap 81932 overlap 699943 /opt 266274 05 06 /export/home 204817 0Capacity: 69994 MBAllocated: 69640 MBRounding Error: 2 MBFree: 352 MBF-2_OK F-4_Options F5_Cancel F6_Help- File System and Disk Layout --------------------------The summary below is your current file system and disk layout, based on the information you've supplied.NOTE: If you choose to customize, you should understand file systems, their intended purpose on the disk, and how changing them may affect the operation of the system.File sys/Mnt point Disk/Slice Size/ c1t0d0s0 14339 MBswap c1t0d0s1 8193 MBoverlap c1t0d0s2 69994 MB/opt c1t0d0s3 26627 MB/export/home c1t0d0s6 20481 MBF-2_Continue F3_Go Back F4_Customize F5_ Exit F6_Help- Mount Remote File Systems? -----------------------------Do you want to mount software from a remote file server? This may benecessary if you had to remove software because of disk space problems.F-2_Continue F3_Go Back F4_Remote Mounts F5_Exit F6_Help- Profile ----------------------------------------The information shown below is your profile for installing Solaris software.It reflects the choices you've made on previous screens.- Installation Option: Initial| Boot Device: c1t0d0| Client Services: None|| Locales: Great Britain (ISO8859-1)| System Locale: Great Britain (UTF-8) ( en_GB.UTF-8|| Software: Solaris 10, Entire Distribution plus OEM su|| File System and Disk Layout: / c1t0d0s0 14339 MB| swap c1t0d0s1 8193 MB| /opt c1t0d0s3 26627 MB| /export/home c1t0d0s6 20481 MBvF-2_Begin Installation F4_Change F5_Exit F6_Help- Warning -----------------------------------------The following disk configuration condition(s) have been detected. Errors must be fixed to ensure a successful installation. Warnings can be ignored without causing the installation to fail.WARNING: Unused disk space (c1t0d0)WARNING: CHANGING DEFAULT BOOT DEVICE You have either explicitly changed the default boot device, or accepted the default to "Reconfigure EEPROM". In either case, the system'sEEPROM will be changed so it will always boot Solaris from the device that you'vespecified. If this is not what you had in mind, go back to the disk selection screens and change the "Reconfigure EEPROM" setting.F-2_OK F5_Cancel。

Introducing Predictive Self-HealingThe Solaris™ 10 Operating System (OS) introduces a new architecture for building anddeploying systems and services capable of Predictive Self-Healing. This technology enables Sun™ systems to accurately predict component failures and mitigate many serious problems —before they actually occur. Solaris Fault Manager and Solaris Service Manager are the two main components of Predictive Self-Healing. Solaris Fault Manager receives data relating to hardware and software errors and automatically diagnoses the underlying problem. Once diagnosed, Solaris Fault Manager automatically responds by offlining faulty components. Solaris Service Manager makes services, rather than processes, into first-class citizens, permitting automatic self-healing. Base Solaris services have service descriptions which include full dependency information for start, stop, and restart; applications can easily be converted to run under Solaris Service Manager.Maximizing availabilityPredictive Self-Healing is designed to maximize the availability of the system and application services by automatically diagnosing, isolating, and recovering from faults. This helps to not only reduce hardware failures but also to reduce the impact of application failures,leading to increased system and application availability. •Reducing Hardware Failures—A self-healing system automatically diagnoses problems, and the results can be used to trigger auto-mated reactions such as dynamically taking a CPU,regions of memory, and I/O devices off line before these components can cause system failures. Solaris Fault Manager isolates and disables faulty components, and helps ensure continuous service even before admin-istrators know there is a problem. In addition, remote service agents can retrieve informa-tion from Sun that is vital to diagnosing the underlying root cause of the failure. •Reducing the Impact of Service Failures—If an application service should fail, the built-in service restart mechanism in the Solaris 10 OS automatically restarts the application or service. This mechanism also extends into Sun Cluster software failover environments for even higher availability.Automatic diagnosis and recoveryfrom failuresWith Solaris Fault Manager, the system auto-matically diagnoses faulty components, a function that in some cases can reduce analysis time from days to seconds. Once diagnosed, the system can quickly take corrective action and automatically restore application services. This powerful technology ensures that business-critical applications and essential system services can continue uninterrupted in the event of software failures, major hardware component failures, and even software misconfiguration problems.<Highlights•Maximized system and serviceavailability through predictivediagnosis and isolation of faultycomponents•Automatic diagnosis of failedcomponents and automaticrestart of failed services inmilliseconds•Simplified administration modelfor managing services, reducingcost of ownership•Fast and easy repair of problemswith links to knowledge articles•Scalable architecture can berapidly upgraded and adapted tonew problems — without requiringdowntimeCustomers can now deliver higher levels of availability and application services while minimizing downtime and associated adminis-trative costs. Reduced downtime can potentially save companies $10,000 to $6 million per hour for mission-critical environments.Simplified administrationSolaris Service Manager reduces complexity by abstracting problem diagnosis and services in a manner that is transparent to users and applications. It simplifies common administrative tasks, speeds system boot, and significantly reduces human errors associated with system failures that can lead to service downtime and inefficient management of the system.Admin-istrative tasks such as enabling and disabling services and changing properties are simplified and secure, with an undo capability to revert changes. In addition, service information is stored in a central repository,making the systems easier to manage and maintain. Self-healing technology can also help improve the productivity of support staff. They can now spend much less time investigating and resolving issues,resulting in a higher ratio of supported systems per individual. Plus, a self-healing system can lead to reduced administration costs — systems that perform many complex tasks without user intervention require staff with less expertise, experience, and salary.Fast and easy repairSolaris Fault Manager issues easy-to-understand diagnosis messages that link to knowledge articles at /msg. By providing system administrators with unique event IDs, they can access detailed information in knowledge articles, which describe what failure occurred and what the system did to fix it. These knowl-edge articles guide system administrators through any tasks that require human interven-tion, including repairs, and explain predicted or detected problems using clear language and links to repair procedures and documentation —all of which greatly reduces the complexity of repairing the system.Scalable and flexible architectureThe scalable architecture of Sun’s Predictive Self-Healing technology can be rapidly evolved to new problems and updated as new diagnosis and availability technologies are added to the system. Most future updates can be dynamically loaded and unloaded from the system while it is running and can be upgraded on the fly without requiring downtime or losing previous diagnosis data.ConclusionWith businesses operating around the clock and demanding uninterrupted service, service availability is of paramount importance. Predictive Self-Healing delivers the next generation of availability technology today, including features that keep systems and services running and simple for administrators. Over time, a rapidly evolving ecosystem of self-healing components can help provide consistent, easy-to-use, and always-available Sun systems.©2005 Sun Microsystems, Inc. All rights reserved. Sun, Sun Microsystems, the Sun logo, Solaris, the Solaris logo, and The Network is the Computer are trademarks or registered trademarks of Sun Microsystems, Inc. in theUnited States and other countries. Information subject to change without notice.11/05Sun Microsystems, Inc.4150 Network Circle, Santa Clara, CA 95054 USA Phone 1-650-960-1300 or 1-800-555-9SUN Web 2。

1.1.1.Solaris 10操作系统Solaris10 操作系统提供持续稳定的可用性、最佳的利用率、惊人的性能以及无与伦比的安全性关键特性:●Solaris 10 OS能够在广泛的SPARC和基于x86的系统上运行，包括新的AMDOpteron处理器；并保证与现有的应用程序兼容。

这种组合为Solaris用户提供了业界最佳的选择范围和投资保护。

●Solaris 容器（以前的N1网格容器）能在Solaris 10 OS支持的所有系统上运行，它通过在不影响性能的情况下高效、安全地支持数千个应用程序/系统，可使系统利用率提高多达四倍。

●预测自治愈技术提供更高水平的应用可用性：⏹Solaris Fault Manager能够在造成停机之前主动处理系统问题。

⏹Solaris Service Manager负责管理在系统上运行的应用软件，能够监控应用程序和在必要时重启整个应用树。

●Solaris ZFS（zettabyte 文件系统）提供简化的文件系统管理、自治愈数据以及相当于当前解决方案16万亿倍的容量。

●进程权限管理功能支持精确地控制系统权限，大大减少了系统入侵的风险，限制了对管理功能、敏感数据及其它关键系统元素的未授权访问。

DTrace 提供“常开状态”系统故障与瓶颈的迅速评估及解决，减少了停机时间，大大改进了性能。

面对新一代计算时代的来临，IT专业人员面临着日益复杂的挑战和机遇。

信息技术不再是大多数企业中的一种辅助服务，今天它已成为业务交往中一个不可或缺的组成部分。

事实上，企业如此全面地依赖他们的IT基础架构，可以毫不夸张的说，他们已经将自己的未来押在了IT基础架构的质量上：保持数据安全性和隐私性的能力、保持每一个工作时刻可用的能力，以及以尽可能低的成本提供企业所需的所有服务和数据的能力。

Sun了解这些挑战，并将自己定位为全球IT组织的唯一最佳供应商。

我们无条件地致力于提供能让所有用户以尽可能最低的总成本部署具有最大安全性和持续稳定可用性的计算系统的技术解决方案。

Solaris 10单镜像盘启动系统1.概述在Solaris系统重启后，发现其中一块镜像盘物理故障，或一块硬盘上的metadb或数据有丢失，导致系统启动时自动进入维护模式，本文档介绍在上述情况下启动系统的操作。

操作环境如下：2.操作准备1、准备一张Solaris 10的光盘用于进入单用户模式；2.1.确认硬盘故障查看系统启动告警信息ok bootSun Ultra 45 Workstation, No KeyboardCopyright 2005 Sun Microsystems, Inc. All rights reserved.OpenBoot 4.21.2, 4096 MB memory installed, Serial #68148048.Ethernet address 0:14:4f:f:db:50, Host ID: 840fdb50.Rebooting with command: bootBoot device: /pci@1e,600000/pci@0/pci@9/pci@0/scsi@1/disk@0,0:a File and args: SunOS Release 5.10 Version Generic_147147-26 64-bitCopyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved. WARNING: md: d102: (Unavailable) needs maintenanceHostname: test-01Insufficient metadevice database replicas located.Use metadb to delete databases which are broken.Ignore any Read-only file system error messages.Reboot the system when finished to reload the metadevice database.After reboot, repair any broken database replicas which were deleted.Mar 23 17:56:03 svc.startd[9]: svc:/system/metainit:default: Method "/lib/svc/method/svc-metainit" failed with exit status 96.Mar 23 17:56:03 svc.startd[9]: system/metainit:default misconfigured: transitioned to maintenance (see 'svcs -xv' for details)Mar 23 17:56:05 svc.startd[9]: svc:/system/filesystem/usr:default: Method "/lib/svc/method/fs-usr" failed with exit status 95.Mar 23 17:56:05 svc.startd[9]: system/filesystem/usr:default failed fatally: transitioned to maintenance (see 'svcs -xv' for details)Requesting System Maintenance Mode(See /lib/svc/share/README for more information.)Console login service(s) cannot runRoot password for system maintenance (control-d to bypass): //输入root密码single-user privilege assigned to /dev/console.Entering System Maintenance Mode //系统自动进入维护模式Mar 23 17:59:19 su: 'su root' succeeded for root on /dev/consoleOracle Corporation SunOS 5.10 Generic Patch January 2005#在维护模式查看镜像状态，发现有一半子镜像需要维护，这一半子镜像都分布在同一块硬盘，这块硬盘上的metadb也处于unknow状态，可以确定c1t1d0硬盘故障，拔出故障硬盘。