Chroot SFTP on Solaris 10
Hi everyone,
Does any know how to implement chrooted sftp on solaris 10? I found an very good articale about this on the internet -http://www.brandonhutchinson.com/chroot_ssh.html.
But it deals with ssh from the open source community(OpenSSH). The ssh on Solaris 10 is provided by Sun as shown below:
# pkginfo |grep -i ssh
system SUNWsshcu SSH Common, (Usr)
system SUNWsshdr SSH Server, (Root)
system SUNWsshdu SSH Server, (Usr)
system SUNWsshr SSH Client and utilities, (Root)
system SUNWsshu SSH Client and utilities, (Usr)
Could anyone shed a light on how to chroot the ssh/sftp provided by Sun?
Best regards,
Alex Lai
The key part is to have the devices you need: null and log, at a minimum.
You can't create devices in a local zone: mknod says "not owner". Doesn't matter whether you zlogin or ssh in.
Instead, create the devices from the global zone in your zone's filesystem. Create all your directories within the zone.
If you have zone foo with it's root /export/zone/foo and you have some home directory in the zone /export/home/chroot
cd /export/zone/foo/root/export/home/chroot/dev
mknod log c 21 5
mknod null c 13 5
(I'm assuming you have the same major/minor as in my system; verify first with ls -l /dev/log and ls -l /dev/null )
Similar Messages
-
Sftp on Solaris 10 with ssh_config(5) support?
Solaris 10 comes with sftp as part of its image. Underneath, it uses sun-ssh, which supports ssh_config(4).
Is there any patches/upgrades out there that supports ssh_config(5)?
Thanks very much in advance for your help,
pamThe key part is to have the devices you need: null and log, at a minimum.
You can't create devices in a local zone: mknod says "not owner". Doesn't matter whether you zlogin or ssh in.
Instead, create the devices from the global zone in your zone's filesystem. Create all your directories within the zone.
If you have zone foo with it's root /export/zone/foo and you have some home directory in the zone /export/home/chroot
cd /export/zone/foo/root/export/home/chroot/dev
mknod log c 21 5
mknod null c 13 5
(I'm assuming you have the same major/minor as in my system; verify first with ls -l /dev/log and ls -l /dev/null ) -
Anyone tried this on Arch?
http://www.minstrel.org.uk/papers/sftp/
Basically allowing chrooted virtual users SFTP access (no users/shell access). I thought of switching completely to SFTP from FTP/SSL, but don't want to add a user for each virtual host.
Last edited by phrozen (2013-08-24 15:54:51)To allow virtual user on the site, you need add a SAML authenticator provider to the security realm. From the log, I don’t see there is a SAML authenticator configured. This SAML authentication provider is used by SAMLIA to authenticate (in fact, it simply returns an authenticated identity) the virtual users.
You should also pay attention to the control flags of the newly added SAML authenticator and your existing DefaultAtn provider. For example, the control flags can be set like this:
SAML Authenticator - SUFFICIENT
DefaultAtn - SUFFICIENT
If DefaultAtn’s control flag is set to REQUIRED, “Virtual Users” will not work, too. -
Chroot SFTP to external volume - possible?
Hello group:
I've got SFTP setup with a chroot to a folder on my default internal drive. However, I'd like to map this to an external volume, but when I make the change in sshd_config, I get a permissions error in the system log. As I understand there are restrictions on what the permissions should be for a chrooted session, how woud one configure a chroot to an external volume? Any ideas?
This is the error I get:
sshd[37865]: fatal: bad ownership or modes for chroot directory component "/Volumes/"
Thanks!
-MartyMrHoffman:
Thanks for the reply. I understand that sftp is essentially ssh and I have it working in a folder off a folder in the users home folder (/users/sftptest/chroottest). However, I want to change this to a folder on an external volume (/volumes/myexternaldrive/somefolder). This is where things stop working and I get the error. Now, from what I understand for chroot to function, the chroot directory has to be owned by root and there can't be any group-write access. My question is how can this be possible with an external volume if part of the path contains the /volumes folder?
Thanks! -
Solaris 10 Openssh v5.3p1 sftp chroot works but denied permission
Hi all, I have been working for 3 days to make chroot work on Solaris 10 with openssh v5.3p1 usring http://www.minstrel.org.uk/papers/sftp/builtin/ methods. All looks great, I can open a sftp session but when I try to write I get permissin denied messages. I just can find what I am doing wrong. I have totally removed Sun ssh from the box and compiled openssh. I followed minstrel to the letter. I have tried winscp and other sftp client all with the same error permission denier from server.
Following is a openssh debug output that may help. The best I can read it it appears that all is working.
Sorry I had to delete some of the debug due to the 7500- character rule.
Thanks for any help anyone can provide.
Tom
bash-3.00# /usr/local/sbin/sshd -p 22 -D -ddd -e
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 249
debug2: parse_server_config: config /usr/local/etc/sshd_config len 249
debug3: /usr/local/etc/sshd_config:113 setting Subsystem sftp internal-sftp
debug3: checking syntax for 'Match Group sftponly'
deleted
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='22'
debug1: rexec_argv[3]='-D'
debug1: rexec_argv[4]='-ddd'
debug1: rexec_argv[5]='-e'
debug2: fd 4 setting O_NONBLOCK
debug2: parse_server_config: config rexec len 249
debug3: rexec:113 setting Subsystem sftp internal-sftp
debug3: checking syntax for 'Match Group sftponly'
debug1: sshd version sshp1
debug1: Local version string SSH-2.0-ssh
debug2: fd 4 setting O_NONBLOCK
debug2: Network child is on pid 13650
debug3: Trying to reverse map address 172.31.81.200.
debug2: parse_server_config: config reprocess config len 249
debug3: checking match for 'Group sftponly' user lefler host x4500e0 addr 172.31.81.200
debug1: user lefler matched group list sftponly at line 122
debug3: match found
debug3: reprocess config:123 setting ChrootDirectory %h
debug3: reprocess config:124 setting ForceCommand internal-sftp
debug3: reprocess config:125 setting AllowTcpForwarding no
debug3: auth_shadow_acctexpired: today 14860 sp_expire -1 days left -14861
debug3: account expiration disabled
Accepted password for lefler from 172.31.81.200 port 35932 ssh2
debug3: mm_auth_password: user authenticated
debug1: monitor_child_preauth: lefler has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_send_keystate: Sending new keys: 80ce730 80ce668
debug3: mm_newkeys_to_blob: converting 80ce730
debug3: mm_newkeys_to_blob: converting 80ce668
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
debug3: mm_newkeys_from_blob: 80ce110(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 80ce110(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
User child is on pid 13651
debug3: mm_request_receive entering
debug3: safely_chroot: checking '/'
debug3: safely_chroot: checking '/export/'
debug3: safely_chroot: checking '/export/home/'
debug3: safely_chroot: checking '/export/home/lefler/'
debug3: safely_chroot: checking '/export/home/lefler/./'
debug3: safely_chroot: checking '/export/home/lefler/./'
Changed root directory to "/export/home/lefler/./"
debug1: permanently_set_uid: 1015/3001
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 5 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
subsystem request for sftp
debug1: subsystem: internal-sftp
debug1: Forced command (config) 'internal-sftp'
debug2: fd 4 setting TCP_NODELAY
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug1: do_cleanupwhat you have to do is create a dir where the user can upload to that they own. it cant be the root dir that you set to chroot to. so if the home dir is --> /export/home/lefler
make a dir like --> /export/home/lefler/upload
then
chown lefler /export/home/lefler/upload
and then see if things work writing to that dir. -
SFTP chroot from non-global zone to zfs pool
Hi,
I am unable to create an SFTP chroot inside a zone to a shared folder on the global zone.
Inside the global zone:
I have created a zfs pool (rpool/data) and then mounted it to /data.
I then created some shared folders: /data/sftp/ipl/import and /data/sftp/ipl/export
I then created a non-global zone and added a file system that loops back to /data.
Inside the zone:
I then did the ususal stuff to create a chroot sftp user, similar to: http://nixinfra.blogspot.com.au/2012/12/openssh-chroot-sftp-setup-in-linux.html
I modifed the /etc/ssh/sshd_config file and hard wired the ChrootDirectory to /data/sftp/ipl.
When I attempt to sftp into the zone an error message is displayed in the zone -> fatal: bad ownership or modes for chroot directory /data/
Multiple web sites warn that folder ownership and access privileges is important. However, issuing chown -R root:iplgroup /data made no difference. Perhaps it is something todo with the fact the folders were created in the global zone?
If I create a simple shared folder inside the zone it works, e.g. /data3/ftp/ipl......ChrootDirectory => /data3/ftp/ipl
If I use the users home directory it works. eg /export/home/sftpuser......ChrootDirectory => %h
FYI. The reason for having a ZFS shared folder is to allow separate SFTP and FTP zones and a common/shared data repository for FTP and SFTP exchanges with remote systems. e.g. One remote client pushes data to the FTP server. A second remote client pulls the data via SFTP. Having separate zones increases security?
Any help would be appreciated to solve this issue.
Regards Johnsanjaykumarfromsymantec wrote:
Hi,
I want to do IPC between inter-zones ( commnication between processes running two different zones). So what are the different techniques can be used. I am not interested in TCP/IP ( AF_INET) sockets.Zones are designed to prevent most visibility between non-global zones and other zones. So network communication (like you might use between two physical machines) are the most common method.
You could mount a global zone filesystem into multiple non-global zones (via lofs) and have your programs push data there. But you'll probably have to poll for updates. I'm not certain that's easier or better than network communication.
Darren -
I'm runing a solaris 8 on a ultra 5. I want to create an anonymous ftp server can some one tells me the steps on hot ot do it or if they have a web site where they show ho to to create one?
several web sites can apply... btw, you should have posted this to the sysop area as you've said in your post you've got solaris 8...
a quick search of google
anonymous ftp solaris setup
yielded...
http://www.dbaoncall.net/references/ht_setup_ftp.html
http://stone.backrush.com/sunfaq/lmh032.html
You may also want to look at a hardened approach and check for how to setup a chroot environment on solaris (there was a post a week or two back with this question)
hth -
New user in solaris 11 to allow sftp only
We want to create new user and enable following
1. this user should be able to use only SFTP, SSH shall not be allowed
2. this user should not be able to go to any other directoryHello
I think these doc can help to do the point 2. But the ssh won't be able to go out of the chroot directory
How to setup a chroot ssh/sftp environment in Solaris 10 (Doc ID 1399023.1)
Regards
Eze -
Sftp to chrooted directory?
Hello,
I'm running Solaris 9 and I have used ftpconfig to set up some chrooted accounts for anonymous ftp.
One of my business partners claim that they have to use sftp to transmit their data. But I can't get sftp to work with one of these chrooted accounts.
Is sftp supported in this configuration?
Any suggestions on correct configuration.Hi Mani
Since your inbound IDOC is not synchronous , the main challenge will be returning the purchase order number from ECC.
So if you wan't that the ECC will return the purchase order number, then you can think of using Proxy instead of IDOC.It is very easy to use proxy in case of synchronous requirement.
Or you can modify the existing IDOC program so that it will create one asynchronous proxy to send back the purchase order from ECC.
You will need one additional scenario for second approach. -
i'm configuring sftp (patched openssh with sftplogging e chroot) but i've problems with logging.
sftplogging site hints to create chroot/dev/log in chrooted enviroment and launch syslogd -a chroot/dev/log but solaris syslogd doesn't have -a option.
there's an alternative way or i must install syslog-ng?Can you post sshd_config.
Edit: It's probably NOT client side. It's a chroot environment (which I had totally misread.) So this has to be a server side misconfiguration. Sorry, it's late
Last edited by Minsc (2014-06-19 03:14:28) -
Solaris 8 on chroot in Solaris 10
I've copied all nessesary Sol8 system files to machine with Sol10. After executing "chroot /home/chroot/sol8 /bin/bash" almost everything is OK except running programs which need the "libthread.so.1" library (for example java). These programs cause error: "_sys_thread_create() failed, errno = 22".
bash-3.00#uname -a
SunOS xxxx 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire-480R
bash-3.00# mount -F proc proc /home/chroot/sol8/proc
bash-3.00# mount -F fd /dev/fd /home/chroot/sol8/dev/fd
bash-3.00# chroot /home/chroot/sol8 /bin/bash
bash-2.05b#
bash-2.05b# ldd /usr/bin/java
libthread.so.1=> /usr/j2re1.4.1/bin/../../../lib/sparcv9/libthread.so.1
libdl.so.1 => /usr/j2re1.4.1/bin/../../../lib/sparcv9/libdl.so.1
libc.so.1 => /usr/j2re1.4.1/bin/../../../lib/sparcv9/libc.so.1
/usr/platform/SUNW,Sun-Fire-480R/lib/sparcv9/libc_psr.so.1
bash-2.05b# /usr/bin/java
systhread_create() failed, errno = 22
The "libthread.so.1" file is dated on 19th may 06 (patch no. 108993-57)
Other machine with native Sol8 does not have such problem.
Can anyone explain me what the "errno=22" mean ?
Best regards.
TomWe a lot of machines with Solaris 8 at our customer which cannot be upgraded in near future (for some security reasons). I've decided to install Solaris 10 on our development server (V480) but we have to produce binaries (aplications and libraries) which will be running in "clean" Sol8 environment.
The best solution would be to prepare Sol8 temporary environment on our server till then the customer will upgrade own machines to Sol10.
In reference to "Dynamic System Domains" option:
We are using[b] Sun-Fire V480 server not Sunfire 6800 - is that option applicable to such servers (V480) ??? -
Openssh 3.18.1 on Solaris 8: sftp connection closed
Hi, to setup a secure environment for file transfer, I have installed the following packages in my solaris 8.
- openssh-3.8
- openssl-0.9.7d-Solaris8-local
- prngd-0.9.26-Solaris8-local
- tcpwrappers-7.6-Solaris8-local
- zlib-1.2.1-Solaris8-local
I do not have any problem with SSH but I kept getting Connection Closed when I tried to sftp or scp into my Solaris 8. I have verified the user info is correct but have really no idea what is the problem. Following is the debug output from a windows client to my solaris 8:
C:\>sftp -v [email protected]
Connecting to 172.18.5.100...
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 172.18.5.100 [172.18.5.100] port 22.
debug1: Connection established.
debug1: identity file /home/derrence/.ssh/id_rsa type -1
debug1: identity file /home/derrence/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.18.5.100' is known and matches the RSA host key.
debug1: Found key in /home/derrence/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /home/derrence/.ssh/id_rsa
debug1: Trying private key: /home/derrence/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 137
It exited with a Status 137. Can anyone advice on this problem? I've trying to google around but to no avail. pls help. thanksI am also getting a similar error w.r.t sftp on Solairs 9.
openSSH 0.9.8
./sftp -v [email protected]
Connecting to 10.205.254.118...
OpenSSH_4.0p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.205.254.118 [10.205.254.118] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.205.254.118' is known and matches the RSA host key.
debug1: Found key in /usr/local/etc/ssh_known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,hostbased
debug1: Next authentication method: hostbased
debug1: Remote: Ignoring wild host/user names in /etc/hosts.equiv.
debug1: Authentications that can continue: password,hostbased
debug1: Remote: Ignoring wild host/user names in /etc/hosts.equiv.
debug1: Authentications that can continue: password,hostbased
debug1: No more client hostkeys for hostbased authentication.
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 4.6 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 2
Connection closed
what might be the possible cause? -
Solaris 10: BIND 9 Chroot Service fails to start with SVCADM but works when
I recently upgraded with Solaris patches and after the reboot my Bind Named services (DNS) go into maintenance mode.
bash-3.2# svcs -xv
svc:/network/dns/server:chroot (?)
State: maintenance since Thu Nov 01 00:22:19 2012
Reason: Start method failed repeatedly, last exited with status 1.
See: http://sun.com/msg/SMF-8000-KS
See: man -M /usr/man -s 1M named
See: /var/svc/log/network-dns-server:chroot.log
Impact: This service is not running.
Output from var/svc/log/network-dns-server:chroot.log below
[ Nov 1 00:22:19 Executing start method ("/lib/svc/method/dns-server start chroot") ] dns-server: Executing: named -t /var/named/chroot/named -c /etc/named.conf /lib/svc/method/dns-server: named: cannot execute dns-server : start failed! Check syslog for further information. [ Nov 1 00:22:19 Method "start" exited with status 1 ]
I can run named -t /var/named/chroot/named -c /etc/named.conf manually from as root from the command line the named process starts and DNS works.
I thought this had something to do with permissions/file ownership or something like that. I have tried changing (chown/chgrp)the /var/named/chroot/named directory to root root and named root. I also did the same with the /var/named/chroot/named/named binary. I also tried the same types of things with the /etc/named.conf file. So far no luck.
Any suggestions on how to figure this out would be greatly appreciated.Just read the mentioned thread because the answer is in it and duplicating that seems useless. Don't make it seem like you want the answer to be presented on a silver plate
-
Bind 9 DNS Server chroot cannot work on Solaris 10 u6 and u7
My Old verion "Solaris 10 x86 Generic_Patch_118844-30" can be run "Bind 9 DNS Server" in chroot mode.
And this is no any problem.
I have been try to use "Bind 9 DNS Server" in Solairs 10 x86 u6 or u7.
The result is not any problem.
But when I turn it run in the chroot mode. the "Bind 9 DNS Server" cannot run.
I have been manuelly run the named:-
/usr/sbin/named -c /etc/named.conf -t /chroot/dns -u named -f -g
The respond is :-
13-May-2009 02:17:46.623 starting BIND 9.3.6-P1 -c /etc/named.conf -t /chroot/dns -u named -f -g
13-May-2009 02:17:46.624 found 1 CPU, using 1 worker thread
13-May-2009 02:17:46.627 socket.c:3259: unexpected error:
13-May-2009 02:17:46.627 open(/dev/poll) failed: No such file or directory
13-May-2009 02:17:46.628 ./main.c:495: unexpected error:
13-May-2009 02:17:46.628 isc_socketmgr_create() failed: file not found
13-May-2009 02:17:46.629 create_managers() failed: unexpected error
13-May-2009 02:17:46.629 exiting (due to early fatal error)
Look like the bind 9 runing in the chroot mode after that cannot find /dev/poll
Even I use Bind 9 version 9.6.0, the result is same.
So, I don't sure the problem are the Bind 9 or Solaris 10 u6/u7
I try to continous install New verion Bind 9 in my old version Solaris 10.
THE Result is NO ANY PROBLEM in old version Solaris 10.
And I already bypass the SMF problem.
Anyone can tell me what the problem in solaris 10 u6/u7?Looks like something reported similar bug:
[BIND fails to start|http://bugs.opensolaris.org/view_bug.do%3Bjsessionid=376e1152f0ddc75829ed1725542e?bug_id=6799867]
but I am somewhat puzzled why there is no follow up on the bug fixing.
Ok, I found the source (may be?):
From named:
http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/bind/bind-9.3.6-P1/bin/named/main.c
462 static isc_result_t
463 create_managers(void) {
464 isc_result_t result;
465 unsigned int socks;
466
467 #ifdef ISC_PLATFORM_USETHREADS
468 if (ns_g_cpus == 0)
469 ns_g_cpus = ns_g_cpus_detected;
470 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
471 ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
472 ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
473 ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
474 #else
475 ns_g_cpus = 1;
476 #endif
477 result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
478 if (result != ISC_R_SUCCESS) {
479 UNEXPECTED_ERROR(__FILE__, __LINE__,
480 "isc_taskmgr_create() failed: %s",
481 isc_result_totext(result));
482 return (ISC_R_UNEXPECTED);
483 }
484
485 result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
486 if (result != ISC_R_SUCCESS) {
487 UNEXPECTED_ERROR(__FILE__, __LINE__,
488 "isc_timermgr_create() failed: %s",
489 isc_result_totext(result));
490 return (ISC_R_UNEXPECTED);
491 }
492
493 result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);===========================> here. (notice the error message and the actual function called are not the same).
494 if (result != ISC_R_SUCCESS) {
495 UNEXPECTED_ERROR(__FILE__, __LINE__,
496 "isc_socketmgr_create() failed: %s",
497 isc_result_totext(result));
498 return (ISC_R_UNEXPECTED);
499 }
500 result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
501 if (result == ISC_R_SUCCESS) {
502 isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
503 NS_LOGMODULE_SERVER,
504 ISC_LOG_INFO, "using up to %u sockets", socks);
505 }
506
507 result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
508 if (result != ISC_R_SUCCESS) {
509 UNEXPECTED_ERROR(__FILE__, __LINE__,
510 "isc_entropy_create() failed: %s",
511 isc_result_totext(result));
512 return (ISC_R_UNEXPECTED);
513 }
514
515 result = isc_hash_create(ns_g_mctx, ns_g_entropy, DNS_NAME_MAXWIRE);
516 if (result != ISC_R_SUCCESS) {
517 UNEXPECTED_ERROR(__FILE__, __LINE__,
518 "isc_hash_create() failed: %s",
519 isc_result_totext(result));
520 return (ISC_R_UNEXPECTED);
521 }
522
523 return (ISC_R_SUCCESS);
524 }And in isc_socketmgr_create2():
3384 isc_result_t
3385 isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
3386 unsigned int maxsocks)
3387 {
<SNIP>
3488
3489 /*
3490 * Set up initial state for the select loop
3491 */
3492 result = setup_watcher(mctx, manager);===============================>will call open() on /dev/poll.
3493 if (result != ISC_R_SUCCESS)
3494 goto cleanup;
3495 memset(manager->fdstate, 0, manager->maxsocks * sizeof(int));
Other the above, I cannot really understand or help further. But I know it should fail in somewhere in setup_watcher() in socket.c. -
Hi,
We are running ProFTPd as SFTP (and FTP) Server on Solaris 10.
I could enable logs in ProFTPd to capture ALL events (including access, file transfter, authentication etc.). Now i need to enable ALL the logs for SFTP transactions also. I am getting only FTP transactions on ProFTPd logs.
Please advise.
TIA
Prvn"proftp as sftp" made me think diff...
see this: [http://forum.java.sun.com/thread.jspa?threadID=5090499&start=0]
it ref ssol 9, however the steps for 10 should be the same or build openssh and use: [http://sftpfilecontrol.sourceforge.net/]
Maybe you are looking for
-
Hello! My mum has an HP Laserjet 1160. She has been using the printer with no problems with her PC that was on Windows XP. Last week she purchased a new PC. The new PC is on Vista. We have hooked up the Laserjet to the new PC. When I look at the Cont
-
HT1338 I have an i mac with OS X 10.5.8 how do i upgrade to maverick?
I have an imac with OS X 10.5.8 How do I upgrade to Maverick? Thanks,
-
Correcting Colors with Imac and FC
Hello To everyone, Do you know the best way to connect an external video monitor to the Imac. I been told that is much better to use a calibrated external monitor for this. Do you know if is make a diffrence if is anlog or digital in terms of quality
-
Need help in configuring PROCESSES (Maually in init.ora)
Hi There, I want to install datbase schemas using RCU but it is throwing me an message "RCU-6083:Failed - Check prerequisites requirement for selected component:WEBCENTER Please refer to RCU log at C:\OracleRCU\ofm_rcu_win32_11.1.1.2.1_disk1_1of1\rcu
-
hi gurus, Can anybody give me a simple answer for this question? I loaded the Historical Movements data with posting date Selection ,Now i want to compress the Data.(2LIS_03_BF) Should i tick the "NO MARKER UPDATE" OR NOT ?. THANKS IN ADVANCE.