Useful HMC commands

USEFUL HMC COMMANDS

Here are some very useful commands for the Hardware Management Console (HMC): Show vital product data, such as the serial number:

# lshmc -v

Show the release of the HMC:

# lshmc -V

Show network information of the HMC:

# lshmc -n

Reboot the HMC:

# hmcshutdown -r -t now

Show the connected managed systems:

# lssysconn -r all

Change the password of user hscpe:

# chhmcusr -u hscpe -t passwd -v abc1234

List the users of the HMC:

# lshmcusr

These are intersting log files of the HMC:

# ls -al /var/hsc/log/hmclogger.log
# ls -al /var/hsc/log/cimserver.log

Monitor the disk space:

# monhmc -r disk

This can be used to view the file systems of the HMC. Try using "proc", "mem" and "swap as well. By default this command will loop forever and update the screen every 4 seconds. You can run it only once, with the following command:

# monhmc -r disk -n 0

Zero out log files:

# chhmcfs -o f -d 0

This will delete any temporary files. Extremely useful if the HMC calls home to IBM about high usage of one of its file systems. Open a virtual console from the HMC:

# vtmenu

Exit by typing "~." (tilde dot) or "~~." (tilde tilde dot). Force the closure of a virtual terminal session:

# rmvterm -m SYSTEM-9117-570-SN10XXXXX -p name

Change the state of a partition:

# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o on -n name
-f default_profile
# chsysstate -m SYSTEM-9131-52A-SN10XXXXX -r lpar -o shutdown 
-n name --immed

To start all partitions of one managed server:

# chsysstate -m Prd2-Server-8233-E8B-SN0XXXXXX -r lpar -o on --all

List partition profiles for a managed system:

# lssyscfg -r prof -m SYSTEM-9117-570-SN10XXXXX

List partition information:

# lspartition

HMC command line

HMC command line:
commands have --help option and man pages

lssyscfg -r sys -F name | grep aix21                          shows the full name of the managed system (what we can use in other commands)
lssyscfg -r lpar -m -F name                  shows the full name of the lpars of the managed system
lssyscfg -r sys -m -F name,state --header    shows the state of the managed system
lssyscfg -r lpar -m -F name,state --header   shows the state of the lpars of the managed system
lssyscfg -r prof -m aix10-SN0603C6H --filter "lpar_names=aix10" -F name,boot_mode   it will show the boot mode in the profile

lshwres -r mem -m --level sys                shows memory information of the managed system
lshwres -r mem -m --level lpar               shows memory information of lpars of the managed system
lshwres -r proc -m --level sys               shows processor information of the managed system
lshwres -r proc -m --level lpar              shows processor information of lpars of the manage system
lshwres -r io -m --rsubtype slot             shows IO slot information
lshwres -r proc -m --level sys -F installed_sys_proc_units:configurable_sys_proc_units

lshwres -r virtualio --rsubtype scsi -m --level lpar               lists scsi devices by LPAR
lshwres -r virtualio --rsubtype eth -m --level lpar                lists virt. eth. devices by LPAR
lshwres -r virtualio --rsubtype eth -m --level lpar -F lpar_name,port_vlan_id

chsysstate -m -o standby -r sys              power on a system to standby
chsysstate -r sys -m -o off                  normal power off the managed system
chsysstate -r sys -m -o off --immed          fast power off the managed system

chsysstate -m -r lpar -n -o shutdown --restart          it will reboot an lpar with dump
chsysstate -m -r lpar -n -o shutdown --immed --restart  it will reboot an lpar immediately (without dump)
chsysstate -m -r lpar -n -o shutdown --immed            it will shutdown the oprating system
chsysstate -m aix10-SN65158BE -o on -r lpar -n aix10 -f default                     it will activate an lpar

lspartition -dlpar                                            shows dlpar capable partitions
                                                              (it will show if RMC connection is OK between the HMC and LPAR)

lssysconn -r all                                              to see what IPs are assigned by the HMC
mksysconn -o auto                                             tells HMC to re-discover all servers' IP address

lssvcevents -t console -d 60                                  lists console events in the past 60 days
lssvcevents -t hardware -d 0                                  list serviceable events which occured today

lshmc -V                                                      hmc version
lshmv -v                                                      hmc model
lshmc -n                                                      lists the network settings of the hmc
hmcshutdown -t now -r                                         reboot the HMC (-t: timing in minutes, -r: reboot)

vtmenu                                                        hmc menu options (console session can be opened as well)
logout: ~~. (2 tilde and a dot)

------------------------------------

Default root password: passw0rd (try su -)

------------------------------------

opening/closing virtual terminal from hmc:

lssyscfg -r sys -F name                         <--get br="" managed="" name="" system="">lssyscfg -r lpar -m -F name    <--get br="" lpar="" name="">
mkvterm -m -p            <--opens a="" br="" terminal="" window="">rmvterm -m -p            <--closes a="" br="" nbsp="" terminal="" window="">
~~.                                             <--logout aix="" div="" from="" leave="" necessary="" not="" session="" te="" to="">

HMC and IBM POWER7 SYSTEMS INSTALL

HMC and IBM POWER7 SYSTEMS INSTALL:

HMC network types and configuration:

HMC to managed system (private network):
This is the connection between the HMC and the service processor, which is resposible for the hardware management functions (HMC controls the Power System through the service processor of the managed system)

HMC to logical partition (open network):
This is the connection to all the LPARS and through this connection you can do dynamic LPAR operations and hardware error events can be collected from the LPARs as well.

HMC to remote users:
Remote users can access the HMC in the following ways:
- By using the Web browser to access HMC GUI
- By using SSH to access the HMC command line

HMC to service and support:
You can use this communications path to make automatic service calls. (Transmit data, such as hardware error reports, inventory data, and microcode updates, to
and from your service provider.)

--------------------------------------

Private and open networks in the HMC environment:

Private networks
The only devices on the HMC private network are the HMC itself and each of the managed systems to which that HMC is connected. The HMC is connected to each managed system's FSP (Flexible Service Processor). On most systems, the FSP provides two Ethernet ports labeled HMC1 and HMC2. This allows you to connect up to two HMCs.

This figure shows a redundant HMC environment with two managed systems. The "blue" HMC is connected to the first port on each FSP, and the "red" (redundant) HMC is connected to the second port. Each HMC is configured as a DHCP server, using a different range of IP addresses. The connections are on separate private networks. As such, it is important to ensure that no FSP port is connected to more than one HMC.

Each managed system's FSP port that is connected to an HMC requires a unique IP address. To ensure that each FSP has a unique IP address, use the HMC's built-in DHCP server capability. When the FSP detects the active network link, it issues a broadcast request to locate a DHCP server. When correctly configured, the HMC responds to that request by allocating one of a selected range of addresses.

(If you have more than one HMC, you must also connect each HMC to the logical partitions, and to each other, on the same open network.)


Open networks
The open (public) network can be connected to a firewall or router for connecting to the Internet. Connecting to the Internet allows the HMC to "call home" when there are any hardware errors that need to be reported.

This figure shows two HMCs connected to a single managed server on the private network and to three logical partitions on the public network.

If you decide to use a private network, use DHCP, and if you will use an open network to manage an FSP, you must set the FSP’s address manually through the Advanced System Management Interface menus. A private, non-routable network is recommended


--------------------------------------

INSTALLING AND CONFIGURING A NEW HMC:

If this is a new installation, ensure that the managed system is not connected to a power source. If this is a second HMC that is connected to the same managed system, the managed system can be connected to a power source.

1.  Turn on the HMC and wait for the HMC to automatically select the default language and locale preference after 30 seconds.
 
2.  Accept the Hardware Management Console license agreements and click "Log on and launch the Hardware Management Console web application."

3.  Login with hscroot und default-pw abc123
 
4.  Launch "Guided Setup Wizard"

5.  Change date/time/timezone

6.  Change default password for hscroot

7.  Configure HMC networks

    eth0 (private network):
    network type = private network
    Speed = default is "Autodetection" (if conn. to a switch, configure it manually: HMC management -> Change network sett. -> LAN Adapter)
    Enable DHCP = specify a DHCP address range
    (You can configure the HMC to be a DHCP server only on a private network)

    eth1 (public network: hmc-admin interface)
    network type = public network
    speed = default is "Autodetection" (if conn. to a switch, configure it manually: HMC management -> Change network sett. -> LAN Adapter)
    setup IP, netmask and gateway

8. Enable firewall-settings for eth1 (in the eth1 dialog-box)
    check or allow the following Services and Ports:
    ssh                         22:tcp
    secure remote web access    443:tcp,8443:tcp,9960:tcp
    RMC                         657:udp,657:tcp

9. Leave all other dialogs unchanged and finish changes made by the Wizard.

10. On the main view click on „HMC-Management“ and do the following:
    Enable „Remote Command execution“
    Enable „Remote Virtual Terminal“
    Enable „Remote Operation“

11. Reboot the HMC (so configuration changes will be available)

12. Login with the new hscroot password

13. Plug network cables into the HMC and check if HMC is answering DHCP request by plugging the cable to your laptop.

Important:
Your Ethernet connection to the managed server must be made using the Ethernet port that is defined as eth0 on your HMC.
The HMC supports only one additional Ethernet adapter. If an additional Ethernet adapter is installed, that port is defined as eth0.
In this case, the primary integrated Ethernet port is then defined as eth1, and the secondary integrated Ethernet port ID defined as eth2.
If no adapters are installed, the primary integrated Ethernet port is defined as eth0.

--------------------------------------

Determining HMC adapter names:

If you set up a DHCP server, that server can operate only on eth0 and eth1.(You might need to determine which adapter to plug the ethernet cable into.)

To determine the name the HMC has assigned to an Ethernet adapter, do the following:
1. Open the restricted shell terminal. Select HMC Management -> Open Restricted Shell Terminal.
2. Type the following at the command line: tail -f /var/log/messages
3. Plug in your Ethernet cable. (If the cable was already plugged in, then unplug it, wait 5 seconds, and plug in the cable again.)
5. You will see a similar output on the console: Aug 28 12:41:20 termite kernel: e1000: eth0: e1000_watchdog: NIC Link is Up 100.
6. Repeat this procedure for all other Ethernet ports, and record your results.
7. Type Ctrl+C to stop thetailcommand.

--------------------------------------

Testing the connection between the HMC and the managed system:

This option enables you to verify that you are properly connected to the network:
(to test network connectivity, you must be a member of super administrator or service representative)
1. In the Navigation area, click HMC Management.
2. Click Test Network Connectivity.
3. In the Ping tab, type the host name or IP address of any system to which you want to connect. To test an open network, type the gateway.
4. Click Ping.

--------------------------------------
--------------------------------------
--------------------------------------

INSTALLING A NEW POWER SYSTEM (Logging into ASMI):

(If server is cabled with HMC and then started up (and you have waited 5 minutes), but did not show up in HMC, then in ASMI check Network config.)

Important: Do not connect an Ethernet cable to either the HMC1 port or the HMC2 port until you are directed to do so later in this procedure.
Important: If you attach an Ethernet cable to the service processor before the system reaches power off standby, the IP address shown in the Service processor network configuration table might not be valid.

1. If the server is not powered on, plug into the power source.
   (You may need to remove the power supply shipping bracket (if present))

   The system can take several minutes to apply power. When the power cable is connected, the green ac LED on the power supply is lit.
   Wait for the control panel to display 01. A series of progress codes are shown before 01 appears.

2. Select a notebook with a webbrowser, which you will use for connection to the server.

3. Connect an Ethernet cable from notebook to Ethernet port labeled HMC1 on the managed system. (If HMC1 is occupied, connect to HMC2.)

4. This table shows network configuration information for POWER7 service processor:

The Ethernet interface on the notebook needs to be configured within the same subnet mask as the service processor so that they can communicate with each other. For example, if you connected your notebook to HMC1, the IP address for your notebook could be 169.254.2.140 and the subnet mask would be 255.255.255.0. Set the gateway IP address to the same IP address as the notebook

5. To access the ASMI through a Web browser, you first need to set the IP address on your notebook, using the values from the table. 
   a. Windows -> Control Panel -> Network -> Local Area Connection (right click) -> Properties -> TCP/IP (v4) -> Properties
   b. Record the current settings before making any changes. This information is needed to restore original settings.
   c. Complete the IP address, Subnet mask, and Default gateway fields by using the values you recorded, from the above table.

6. To access the ASMI using a Web browser:
   a. Determine the IP address of the service processor Ethernet port that your PC or notebook is connected to.
   b. Type the IP address in the Web browser of your notebook: for example, if you connected your notebook to HMC1, type https://169.254.2.147

   Note: It might take up to 2 minutes for the ASMI login display to be shown in the Web browser.
   During this time, if you use control panel function 30 to view the IP addresses on the service processor, not correct data is shown.

7. When the Login display appears, enter "admin" for the user ID and for password "admin" as well.
   You can change now (or not) the default passwords:
   admin        admin
   general        general
   hmcaccess    access

8. You can check if network settings are OK (DHCP should be enabled for eth0 (private network))
   Netw. Services -> Netw. Config. -> IPv4 (continue) -> Make sure type of IP address is set to "Dynamic"

9. Save, close then exit ASMI.

AIX Version 7.1

Highlights

• Latest generation of IBM’s market leading UNIX operating system
• Binary compatibility with previous releases of IBM® AIX®
• Tremendous vertical scalability to provide capacity and growth for your IT infrastructure
• Built-in clustering capabilities to simplify high availability
• Enhancements to virtualization capabilities to provide flexibility to support changing workloads
• Exploits the IBM POWER® technology and virtualization to help deliver superior performance and efficiency
• Available in three editions for even more capability and flexibility

AIX, the future of the UNIX operating system

Businesses today need to maximize the return on investment in information technology. Their IT infrastructure should have the flexibility to quickly adjust to changing business computing requirements and scale to handle ever expanding workloads—without adding complexity. But just providing flexibility and performance isn’t enough; the IT infrastructure also needs to provide rock-solid security and near-continuous availability and while managing energy and cooling costs.

These are just some of the reasons why more and more businesses are choosing the AIX operating system (OS) running on IBM systems designed with Power Architecture® technology. With its proven scalability, advanced virtualization, security, manageability and reliability features, the AIX OS is an excellent choice for building an IT infrastructure. And, AIX is the only operating system that leverages decades of IBM technology innovation designed to provide the highest level of performance and reliability of any UNIX operating system.

The newest version of AIX, Version 7, known as “AIX 7,” is binary compatible with previous versions of the AIX OS, including AIX 6™, AIX 5L and even earlier versions of AIX. This means that applications that ran on earlier versions will continue to run on AIX 7—guaranteed.1 AIX 7 is an open-standards-based UNIX OS that is designed to comply with the Open Group’s Single UNIX Specification Version 4 AIX 7 runs on and exploits systems based on POWER4™, PPC970, POWER5™, POWER6® and POWER7®, including the latest generation of POWER7 based technology, the POWER7+. Most of the new features of AIX 7 are available on the earlier POWER processor-based platforms, but the most capability is delivered on systems built with the POWER6 and POWER7 processors. The AIX OS is designed for the IBM Power, System p®, System i®, System p5®, System i5®, eServer™ p5, eServer pSeries® and eServer i5 server product lines, as well as IBM BladeCenter® blades based on Power Architecture technology.

AIX 7 extends the capabilities of the AIX OS to expand the vertical scalability of AIX to partitions with 256 processor cores and 1024 threads to handle the largest workloads. To support higher performance for large workloads, AIX 7 also includes new Terabyte segment support which leverages memory management capabilities of POWER7 processors designed to improve memory performance. This Terabyte segment capability is also included in AIX 6 at Technology Level 6 but is not automatically enabled on AIX 6.

AIX 7 also includes new virtualization capabilities designed to simplify the consolidation of older, AIX V5.3 environments. This new capability, which requires the purchase of the “AIX 5.3 Workload Partitions for AIX 7” product, is designed to allow administrators to simply back up an existing LPAR running AIX 5.3 and restore it into an AIX 7 Workload Partition.

AIX 7 also includes a new built-in clustering capability called Cluster Aware AIX. This new technology builds clustering technologies in the AIX base operating system. This built-in clustering support provides commands and programming APIs to create a cluster from a group of AIX instances and provides kernel-based heartbeat, monitoring and event infrastructure. This new infrastructure supports common device naming for storage devices across the cluster. While this new Cluster Aware AIX functionality is primarily intended to provide a reliable, scalable clustering infrastructure for products such as PowerHA® SystemMirror and PowerVM®, clients can directly use the Cluster Aware AIX functionality facilitate management of scale-out computing environments.

AIX 7 also includes new security features to improve and simplify security administration. For example, the new Domain Support in Role-Based Access Control is an enhancement to Role-Based Access Control (RBAC) that allows a security policy to restrict administrative access to a specific set of similar resources, such as a subset of the available network adapters. This allows IT organizations that host services for multiple tenants to restrict administrator access to only the resources associated with a particular tenant. Domains can be used to control access to Volume Groups, Filesytems, files, and devices.

Finally, AIX 7 includes new manageability enhancements such as the AIX Profile Manager. The AIX Profile Manager can manage the configuration of AIX via XML profiles. This capability builds on the Runtime Expert capability introduced in AIX 6 Technology Level 4. This new management capability features an IBM Systems Director interface.

This AIX release underscores IBM’s firm commitment to long-term UNIX innovations that deliver business value. This release of AIX continues the evolution of the UNIX OS that started in Austin, Texas, with AIX on the RT PC and the RISC Systems/6000 (RS/6000®) over 20 years ago.

NIM explained

General information

NIM is a system to systematically install, update and maintain AIX machines (NIM clients) from one specialized system (the NIM server). One can use the system do maintain diskless workstations or dataless workstations too, but (to my knowledge) this is rarely used. The vast majority of NIM servers is used to install machines - "standalone clients" in NIMs wording - and i will concentrate on this aspect.

There are three basic types of resources a NIM server can employ to install clients: mksysbs, SPOTs and LPP-sources. There are some other resources of minor importance which you will probably not have to deal with.

MKSYSB is an installable and bootable image of the rootvg of a machine. since the rootvg contains all the really important filesystems (/, /usr, /etc, and so on) it is easy to use this as a means of installing machines. MKSYSBs are used in two ways usually: you can create and maintain a very simple, very basic MKSYSB and use that as the basis for every installation. You would install this mksysb which woulkd contain only the absolute minimum and then add software until the desired configuration is reached. The second way to use MKSYSBs is to create one from a running machine as a means to take a "configuration snapshot", complete with all the configured users, filesystems, printqueues, etc.. If the hardware breaks you could use this image to restore the machine quickly.

The next resource is a LPPSOURCE. This is just a bunch of installable packages in a directory with a name to go by. NIM will provide ways to find out which packages are in it, replace selected packages, etc. But in fact this is just a collection of installp-packages and a name to handle the collection as a whole.

The third resource is the SPOT (Shared Product Object Tree). You can create a SPOT from an lpp_source by "installing" into it. Think of it as a shareable /usr-filesystem. During a nim-installation the system would (nfs-)mount such a SPOT and use it and its executables to install to its local disk - say, by restoring a mksysb image, installing some packages from a lpp_source, etc. It is the NIM-equivalent of the initial RAMdisk-system a linux system comes up with after booting from a CD.

How to set up a basic nim-server

First install the nim.server-package onto the machine and configure it. This can be done using some SMITTY panels and the panels are pretty self-explanatory. This part is really easy. You have to provide a "root" directory where the nim-resources will reside later. For this you will need lots - really lots - of space. Start with a minimum of 50-100G for testing purposes but be prepared to increase this as soon as you start using the system regularly. Note too, that a nim server always has to be at least at the same OS level (including maintenance levels, technical levels, etc.) as the clients it is serving. If you want to server 5.2 clients have the nim server at least at the same level, better at 5.3, latest ML.

The next part is to create a lpp-source. Again use the SMIT panels, use "smitty nim" to get into smittys main nim menu, "perform NIM Administration Tasks"/"Manage Resources"/"Define a Resource" - select "lpp_source" from the menu and follow the directions. Do yourself a favor and copy the installation media somewhere prior to this and tell the machine where to find it - otherwise you will now have to feed it the disks for a few hours.

It is a good idea to not delete the copies of the installation media, but save them in case you need to update the lpp_source later. Since you may have to maintain several revision levels in parallel do NOT just update what you have, instead create a new copy and update *this*. (By now you will probably understand why you need so much space. ;-)) )

After creating the lpp_source (it takes some time) you are ready to create a SPOT from it. This means basically to do an installation on a pseudo-machine which consists only of a /usr-filesystem. Again go to the SMIT menu "define a resource" and select "spot", then follow the directions using the newly created lpp_source as "source of install images". This will take a few hours. It is a good idea to update the created spot several times using this lpp_source, as some dependencies are (rarely, but why take the risk) solved only after several tries. after every run look if there has something been changed in the spot, if nothing changes any more you are finished.

It is also a good idea to create some strict naming convention for the resources. I usually inlude the type of resource and the exact software level, like:

lpp_source: lpp_AIX53_ML03
spot: spot_AIX53_ML03
mksysb: mks_AIX53_ML03

There no better or worse solution to that, just be consistent with yourself.

After having a lpp_source and a spot (there are some other resources like boot code for IPL ROMs, etc. which are created automatically in this process) you are ready to start a test installation. You will need a scratch machine for that.

Start by writing down the MAC adress of the interface you will use to install over later. This information is needed on the nim server. Now define a new client ("Manage machines"/"Define a machine" and follow the directions) and fill out the form coming up. "Network Adapter Hardware Adress" is where you put in the MAC adress.

After having defined the client use lsnim to see an overview of your defined resources so far, lsnim -l to get detail information about each resource. You are now ready to do your first installation.

Use the SMIT menu "Perform NIM Administration Tasks"/"Manage Machines"/Managae Network Install Resource Allocation" to allocate the SPOT and the lpp_source to your machine. Note that this is only valid for ONE TRY. You will have to allocate these resources again for the next installation. This way you have complete control over what happens with the resources you provide with your NIM master.

Note: If resource confilicts happen (yes, this is a somewhat unreliable part of NIM, the deallocation of resources is not always handled properly) use "Deallocate Network Install Resources with the "Force" option, this usually cleans things up. For the deallocation ALWAYS use the "force" option.

Upon the allocation nim will itself make all the necessary entries in /etc/exports to nfs-export the allocated resources to the machine. Strange effects happen if you export these directories (or super-directories of it) yourself. If you experience problems there check /etc/exports, correct it if necessary (remove your entries) and run "exportfs -va" to use the new configuration.

Boot your client now to the POST-menu, enter the ip-adress of the nim-server as a server holding the boot image and the machine should start to install. First the initial kernel is loaded via tftp (you will have to provide some filespace for /tftpboot on the NIM master), then the SPOT and lpp_source are used to install the machine.

After this and WITHOUT doing any configuration work on the machine use "Define a Resource" on the master to create a new resource of type mksysb and use the newly installed machine to create it. This way you will have to missing mksysb as a starting image (therefore: no configuration, unless you want it to be on every machine you will install in the future). You can use that to install other machines from this mksysb.

You can of course create other mksysbs (SPOTs, lpp_sources, ...) to fine-tune your installation process, but with the thing described here you will be initially up and running.

Different RUN levels in Linux,Solaris and AIX

RedHat Linux - Run Levels 

 

0: Halt

1: Single user mode
2: Multiuser, without NFS
3: Full multiuser mode
4: Unused
5: X11
6: Reboot

 

Solaris - Run Level 

 

S: Single user state (useful for recovery)
0: Access Sun Firmware ( ok> prompt)
1: System administrator mode
2: Multi-user w/o NFS
3: Multi-user with NFS ( default run level)
4: Unused
5: Completely shutdown the host (like performing a power-off @ OBP) [ thanks to Marco ]
6: Reboot but depend upon initdefault entry in /etc/inittab

AIX - Run Levels

0-1: Reserved for future use
2: Multiuser mode with NFS resources shared (default run level)
3-9: Defined according to the user's preferences
m,M,s,S: Single-user mode (maintenance level)
a,b,c: Starts processes assigned to the new run levels while leaving the existing processes at the current level running
Q,q: init command to reexamine the /etc/inittab file

Command to see Run level:-

$ who -r 
Output:
. run-level 3 Mar 3 14:04 3 0 S

Solaris/Linux changing runlevels after bootup 

 

You need to use init command, for example change runlevel to 2.
# /sbin/init 2 
Solaris changing the default runlevel
An entry with initdefault (in /etc/inittab file) is scanned only when init is initially invoked. init uses this entry to determine which run level to enter initially.
Open /etc/inittab file:
# vi /etc/inittab 
Find out this entry:
is:3:initdefault: Change is:3 to number you want, don't use S, 0, 6 ;). Save file.

 

What is SGID and how to set SGID in Linux?

What is SGID?

SGID (Set Group ID up on execution) is a special type of file permissions given to a file/folder. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SGID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file group permissions to become member of that group to execute the file. In simple words users will get file Group’s permissions when executing a Folder/file/program/command.

SGID is similar to SUID. The difference between both is that SUID assumes owner of the file permissions and SGID assumes group’s permissions when executing a file instead of logged in user inherit permissions.

 

Learn SGID with examples:

Example: Linux Group quota implementation
 
When implementing Linux Group quota for group of people SGID plays an important role in checking the quota timer. SGID bit set on folder is used to change their inherit permissions to group’s permissions to make it as single user who is dumping data. So that group members whoever dumps the data the data will be written with group permissions and in turn quota will be reduced centrally for all the users. For clear understanding of this you have to implement group quota from the above link. Without implementation of SGID the quota will not be effective.

How can I setup SGID for a file?

SGID can be set in two ways

1) Symbolic way (s)

2) Numerical/octal way (2, SGID bit as value 2)

Use chmod command to set SGID on file: file1.txt

Symbolic way:
 

chmod g+s file1.txt

Let me explain above command we are setting SGID(+s) to group who owns this file.

Numerical way:
 

chmod 2750 file1.txt

Here in 2750, 2 indicates SGID bitset, 7 for full permissions for owner, 5 for read and execute permissions for group, and no permissions for others.
 
How can I check if a file is set with SGID bit or not?
 
Use ls –l to check if the x in group permissions field is replaced by s or S
For example: file1.txt listing before and after SGID set

Before SGID set:

ls -l

total 8

-rwxr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt

After SGID set:

ls -l

total 8

-rwxr-sr-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt 

Some FAQ’s related to SGID:

 
Where is SUID used?
 
1) When implementing Linux group disk quota.
I am seeing “S” ie Capital s in the file permissions, what’s that?
After setting SUID or SGID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user or group on that particular file/folder.

chmod g+s file1.txt

output:
-rwxrwSr-x 1 surendra surendra 0 Dec 27 11:24 file1.txt



so if you want executable permissions too, apply executable permissions to the file.

chmod g+x file1.txt

output:
-rwxrwsr-x 1 surendra surendra 0 Dec 5 11:24 file1.txt




How can I find all the SGID set files in Linux/Unix.
 

find / -perm +2000

The above find command will check all the files which is set with SGID bit(2000).


Can I set SGID for folders?
Yes, you can if it’s required (you should remember one thing, that Linux treats everything as a file)
How can I remove SGID bit on a file/folder?

chmod g-s file1.txt

What is SUID and how to set SUID in Linux/Unix?

What is SUID and how to set it in Linux?

SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. Normally in Linux/Unix when a program runs, it inherits access permissions from the logged in user. SUID is defined as giving temporary permissions to a user to run a program/file with the permissions of the file owner rather that the user who is running it. In simple words users will get file owner’s permissions as well as owner UID and GID when executing a file/program/command.

The above sentence is bit tricky and should be explained in-depth with examples.

Learn SUID with examples:

 

Example1: passwd command

When we try to change our password we will use passwd command which is owned by root. This passwd command file will try to edit some system config files such as /etc/passwd, /etc/shadow etc when we try to change our password. Some of these files cannot be opened or viewed by normal user only root user will have permissions. So if we try to remove SUID and give full permissions to this passwd command file it cannot open other files such as /etc/shadow file to update the changes and we will get permission denied error or some other error when tried to execute passwd command. So passwd command is set with SUID to give root user permissions to normal user so that it can update /etc/shadow and other files.

Example2: ping command

Similarly if we take ping command, when we have to execute this command internally it should open socket files and open ports in order to send IP packets and receive IP packets to remote server. Normal users don’t have permissions to open socket files and open ports. So SUID bit is set on this file/command so that whoever executes this will get owner (Root user’s) permissions to them when executing this command. So when this command start executing it will inherit root user permissions to this normal user and opens require socket files and ports.

Example3: crontab and at command.

When scheduling the jobs by using crontab or at command it is obvious to edit some of the crontab related configuration files located in /etc which are not writable for normal users. So crontab/at commands are set with SUID in-order to write some data.

How can I setup SUID for a file?

 

SUID can be set in two ways

1) Symbolic way(s, Stands for Set) 

2) Numerical/octal way(4)

Use chmod command to set SUID on file: file1.txt

Symbolic way:

chmod u+s file1.txt

Here owner permission execute bit is set to SUID with +s

Numerical way:

chmod 4750 file1.txt

Here in 4750, 4 indicates SUID bit set, 7 for full permissions for owner, 5 for write and execute permissions for group, and no permissions for others.

How can I check if a file is set with SUID bit or not?

Use ls –l to check if the x in owner permissions field is replaced by s or S

For example: file1.txt listing before and after SUID set

Before SUID set:

ls -l

total 8

-rwxr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt

After SUID set:

ls -l

total 8

-rwsr--r-- 1 xyz xyzgroup 148 Dec 22 03:46 file1.txt

 

Some FAQ’s related to SUID:

 

A) Where is SUID used?

1) Where root login is required to execute some commands/programs/scripts.

2) Where you don’t want to give credentials of a particular user and but want to run some programs as the owner.

3) Where you don’t want to use SUDO command but want to give execute permission for a file/script etc.

B) I am seeing “S” I.e. Capital “s” in the file permissions, what’s that?

After setting SUID to a file/folder if you see ‘S’ in the file permission area that indicates that the file/folder does not have executable permissions for that user on that particular file/folder.

For example see below example

chmod u+s file1.txt

ls -l
-rwSrwxr-x 1 surendra surendra 0 Dec 27 11:24 file1.txt

If you want to convert this S to s then add executable permissions to this file as show below

chmod u+x file1.txt
ls -l
-rwsrwxr-x 1 surendra surendra 0 Dec 5 11:24 file1.txt

you should see a smaller ‘s’ in the executable permission position now.

SUID with execute permissions:

SUID with out execute permissions:

C) How can I find all the SUID set files in Linux/Unix.

find / -perm +4000

The above find command will check all the files which is set with SUID bit(4000).

D) Can I set SUID for folders?

Yes, you can if its required(you should remember one thing, that Linux treats everything as a file)

E) What is SUID numerical value?

It has the value 4

What is a sticky Bit and how to set it in Linux?

What is Sticky Bit?

Sticky Bit is mainly used on folders in order to avoid deletion of a folder and its content by other users though they having write permissions on the folder contents. If Sticky bit is enabled on a folder, the folder contents are deleted by only owner who created them and the root user. No one else can delete other users data in this folder(Where sticky bit is set). This is a security measure to avoid deletion of critical folders and their content(sub-folders and files), though other users have full permissions.

Learn Sticky Bit with examples:

 

Example: Create a project(A folder) where people will try to dump files for sharing, but they should not delete the files created by other users.
  
How can I setup Sticky Bit for a Folder?

Sticky Bit can be set in two ways

1. Symbolic way (t,represents sticky bit)
2. Numerical/octal way (1, Sticky Bit bit as value 1)

Use chmod command to set Sticky Bit on Folder: /opt/dump/

Symbolic way:

chmod o+t /opt/dump/
or
chmod +t /opt/dump/

Let me explain above command, We are setting Sticky Bit(+t) to folder /opt/dump by using chmod command.

Numerical way:

chmod 1757 /opt/dump/

Here in 1757, 1 indicates Sticky Bit set, 7 for full permissions for owner, 5 for read and execute permissions for group, and full permissions for others.

Checking if a folder is set with Sticky Bit or not?

Use ls –l to check if the x in others permissions field is replaced by t or T
For example: /opt/dump/ listing before and after Sticky Bit set

Before Sticky Bit set:
ls -l
total 8
-rwxr-xrwx 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/

After Sticky Bit set:
ls -l
total 8
-rwxr-xrwt 1 xyz xyzgroup 148 Dec 22 03:46 /opt/dump/

Some FAQ’s related to Sticky Bit:

 

Now sticky bit is set, lets check if user “temp” can delete this folder which is created xyz user.

$ rm -rf /opt/dump
rm: cannot remove `/opt/dump’: Operation not permitted

$ ls -l /opt
total 8
drwxrwxrwt 4 xyz xyzgroup 4096 2012-01-01 17:37 dump
$


if you observe other user is unable to delete the folder /opt/dump. And now content in this folder such as files and folders can be deleted by their respective owners who created them. No one can delete other users data in this folder though they have full permissions.I am seeing “T” ie Capital s in the file permissions, what’s that?
After setting Sticky Bit to a file/folder, if you see ‘T’ in the file permission area that indicates the file/folder does not have executable permissions for all users on that particular file/folder.

Sticky bit without Executable permissions:




so if you want executable permissions, Apply executable permissions to the file.

chmod o+x /opt/dump/
ls -l command output:
-rwxr-xrwt 1 xyz xyzgroup 0 Dec 5 11:24 /opt/dump/

Sticky bit with Executable permissions:





you should see a smaller ‘t’ in the executable permission position.
How can I find all the Sticky Bit set files in Linux/Unix.

find / -perm +1000
The above find command will check all the files which is set with Sticky Bit bit(1000).

Can I set Sticky Bit for files?
Yes, but most of the time it’s not required.

How can I remove Sticky Bit bit on a file/folder?
chmod o-t /opt/dump/

HMC basic commands

Show managed frames attached to a hmc
lssyscfg -r sys -F name:type_model:serial_num

Show managed lpars attached to a frame
lssyscfg -m -r lpar -F name

Show profiles from a specific lpar
lssyscfg -r prof -m --filter "lpar_names="

Shutdown lpar from HMC
chsysstate -m -r lpar -n -o shutdown –immed

To perform a partition shutdown using the shutdown command on the client operating system
chsysstate -r lpar -o osshutdown –n -m

To perform a delayed partition shut down (white button shut down):
chsysstate -r lpar -o shutdown –n -m

To perform an immediate partition shutdown (operator panel function :
chsysstate -r lpar -o shutdown --immed –n -m

To perform an immediate restart of a partition (operator panel function 3):
chsysstate -r lpar -o shutdown --immed --restart –n -m

To perform a restart of a partition after initiating a dump (operator panel function 22):
chsysstate -r lpar -o dumprestart –n -m

Boot lpar
chsysstate -r lpar -m -o on -n -f

To perform a partition boot into system management services:
chsysstate -r lpar -m -o on -n -b sms

To perform a partition boot into diagnostic with default bootlist
chsysstate -r lpar -m -o on -n -b dd

To perform a partition boot into diagnostic with stored bootlist
chsysstate -r lpar -m -o on -n -b ds

To perform a partition boot into diagnostic with stored bootlist
chsysstate -r lpar -m -o on -n -b ds

To perform a partition boot into open firmware OK prompt
chsysstate -r lpar -m -o on -n -b of

To perform a partition boot into normal mode
chsysstate -r lpar -m -o on -n -b norm

Show free processor/memory/adapters on specific frame/lpar

Proc
lshwres -r proc -m --level sys
lshwres -r proc -m --level lpar

Mem
lshwres -r mem -m --level sys
lshwres -r mem -m --level lpar

Adapters
lshwres -r hca -m --level sys
lshwres -r hca -m --level lpar

Show io resources in a frame
lshwres -r io --rsubtype unit -m
lshwres -r io --rsubtype bus -m
lshwres -r io --rsubtype slot -m

Difference Between Linux and UNIX

 UNIX is copyrighted name only big companies are allowed to use the UNIX copyright and name, so IBM AIX and Sun Solaris and HP-UX all are UNIX operating systems. The Open Group holds the UNIX trademark in trust for the industry, and manages the UNIX trademark licensing program.
Most UNIX systems are commercial in nature.

Linux is a UNIX Clone

But if you consider Portable Operating System Interface (POSIX) standards then Linux can be considered as UNIX. To quote from Official Linux kernel README file:

Linux is a Unix clone written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. It aims towards POSIX compliance.

However, "Open Group" do not approve of the construction "Unix-like", and consider it misuse of their UNIX trademark.

Linux Is Just a Kernel

Linux is just a kernel. All Linux distributions includes GUI system + GNU utilities (such as cp, mv, ls,date, bash etc) + installation & management tools + GNU c/c++ Compilers + Editors (vi) + and various applications (such as OpenOffice, Firefox). However, most UNIX operating systems are considered as a complete operating system as everything come from a single source or vendor.

As I said earlier Linux is just a kernel and Linux distribution makes it complete usable operating systems by adding various applications. Most UNIX operating systems comes with A-Z programs such as editor, compilers etc. For example HP-UX or Solaris comes with A-Z programs.

License and cost

Linux is Free (as in beer [freedom]). You can download it from the Internet or redistribute it under GNU licenses. You will see the best community support for Linux. Most UNIX like operating systems are not free (but this is changing fast, for example OpenSolaris UNIX). However, some Linux distributions such as Redhat / Novell provides additional Linux support, consultancy, bug fixing, and training for additional fees.

User-Friendly

Linux is considered as most user friendly UNIX like operating systems. It makes it easy to install sound card, flash players, and other desktop goodies. However, Apple OS X is most popular UNIX operating system for desktop usage.

Security Firewall Software

Linux comes with open source netfilter/iptables based firewall tool to protect your server and desktop from the crackers and hackers. UNIX operating systems comes with its own firewall product (for example Solaris UNIX comes with ipfilter based firewall) or you need to purchase a 3rd party software such as Checkpoint UNIX firewall.

Backup and Recovery Software

UNIX and Linux comes with different set of tools for backing up data to tape and other backup media. However, both of them share some common tools such as tar, dump/restore, and cpio etc.

File Systems

Linux by default supports and use ext3 or ext4 file systems.
UNIX comes with various file systems such as jfs, gpfs (AIX), jfs, gpfs (HP-UX), jfs, gpfs (Solaris).
System Administration Tools
UNIX comes with its own tools such as SAM on HP-UX.
Suse Linux comes with Yast
Redhat Linux comes with its own gui tools called redhat-config-*.

However, editing text config file and typing commands are most popular options for sys admin work under UNIX and Linux.

System Startup Scripts

Almost every version of UNIX and Linux comes with system initialization script but they are located in different directories:
HP-UX - /sbin/init.d
AIX - /etc/rc.d/init.d
Linux - /etc/init.d
 
End User Perspective
The differences are not that big for the average end user. They will use the same shell (e.g. bash or ksh) and other development tools such as Perl or Eclipse development tool.

System Administrator Perspective

Again, the differences are not that big for the system administrator. However, you may notice various differences while performing the following operations:
Software installation procedure
Hardware device names
Various admin commands or utilities
Software RAID devices and mirroring
Logical volume management
Package management
Patch management

UNIX Operating System Names
A few popular names:
HP-UX
IBM AIX
Sun Solairs
Mac OS X
IRIX

Linux Distribution (Operating System) Names

A few popular names:
Redhat Enterprise Linux
Fedora Linux
Debian Linux
Suse Enterprise Linux
Ubuntu Linux

Common Things Between Linux & UNIX

Both share many common applications such as:
GUI, file, and windows managers (KDE, Gnome)
Shells (ksh, csh, bash)
Various office applications such as OpenOffice.org
Development tools (perl, php, python, GNU c/c++ compilers)
Posix interface

How to mount CD-ROM in AIX

Steps to mount a CD-ROM in AIX

1.         Insert the CD-ROM into the CD-ROM drive.
2.         Log in as user ROOT or type su - root to login using the root profile.
3.         Create a /cdrom directory by entering mkdir /cdrom.
4.         Enter smit to add a CD-ROM file system.
5.         Select System Storage Management (Physical & Logical Storage) -> File Systems -> Add/Change/Show/Delete File Systems -> CDROM File Systems -> Add a CDROM File System.

6.         Select a device name, such as cd0. CD-ROM file system device names must be unique.

7.         Type /cdrom to get the Mount Point prompt.
8.         Select OK, or press Enter if using the smit ASCII interface, returning to the previous smit level,
System Storage Management (Physical & Logical Storage).

9.         Select File Systems -> Mount a File System.
10.       For file system name, select /dev/cd0.
11.       For directory over which to mount, select /cdrom.
12.       For type of file system, select cdrfs.
13.       For Mount as a READ-ONLY system, select Yes.
14.       Select OK, or press Enter if using the smit ASCII interface.
15.       Exit smit.

Resetting an unknown root password in AIX

The following procedure requires some system downtime.

a) Insert the product media for the same version and level as the current installation into the appropriate drive.

b) Power on the machine.

c) When the screen of icons appears, or when you hear a double beep, press the F1 key repeatedly until the System Management Services menu appears.

d) Select Boot options

e) Select Install/boot device.

f) Select the device that holds the product media and then select Install.(cd/DVD)

g) Media type if installations (SCSCi,IDE etc.)

h) Select shown devices

i) Select Normal boot mode

j) Exit SMS mode

k) System boots from the media

l) Define your current system as the system console by pressing the F1 key and then press Enter.

m) Select the number of your preferred language and press Enter.

n) Choose Start Maintenance Mode for System Recovery by typing 3 and press Enter.

o) Select Access a Root Volume Group. A message displays explaining that you will not be able to return to the Installation menus without rebooting if you change the root volume group at this point.

Type 0 and press Enter.

p) Type the number of the appropriate volume group from the list and press Enter.

Select Access this Volume Group and start a shell by typing 1 and press Enter.

At the # (number sign) prompt, type the passwd command at the command line prompt to reset the root password. For example:

# passwd

Changing password for "root"

root's New password:

Enter the new password again:

To write everything from the buffer to the hard disk and reboot the system, type the following:

sync;sync;sync;reboot

Switching between 32-bit & 64-bit modes in AIX

SWITCHING BETWEEN 32-BIT AND 64-BIT MODES

----------------------------------------------------------------------------------------------

To switch from 32-bit mode to 64-bit mode run do following commands,

in the given order:

1. ln -sf /usr/lib/boot/unix_64 /unix

2. ln -sf /usr/lib/boot/unix_64 /usr/lib/boot/unix

3. smitty load64bit

4. Select Enable/Disable at System Restart

5. Choose Yes and press ENTER.

6. Quit smitty.

7. bosboot -ad /dev/ipldevice

8. shutdown -Fr

9. bootinfo -K (should now show 64)

===============================================================

SWITCHING BETWEEN 64-BIT AND 32-BIT MODES

-----------------------------------------------------------------------------------------------

 To switch from 64-bit mode to 32-bit mode run the following commands,

in the given order:

1. ln -sf /usr/lib/boot/unix_mp /unix

2. ln -sf /usr/lib/boot/unix_mp /usr/lib/boot/unix

3. smitty load64bit

4. Select Enable/Disable at System Restart

5. Choose No and press ENTER.

6. Quit smitty.

7. bosboot -ad /dev/ipldevice

8. shutdown -Fr

9. bootinfo -K (should now show 32)