Monthly Archives: October 2016

Understanding /etc/group file

/etc/group is the key file in any Linux Unix system for user management. Learn fields, formats within /etc/group file. Understand the meaning of each field and how it can be set.

In this post, we are going to see the format, the content of /etc/group file. /etc/group (will be called as group file henceforth in this post) is the popular file after /etc/passwd, when it comes to user in any Linux or Unix based system. Every administrator should be familiar with this file. Rather whenever one starts working on Linux Unix based system this file should be covered during his/her basis learning itself.

The group file is a human-readable file that contains information about user groups on the system. Typical /etc/group file looks like below :

# cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:

Since its normal text file, commands like cat, more will work without any issue on it.

If you observe the above file, it has values separated by colons :. Each row is one entry. One entry is for one group. For every group (row) there are 4 fields defined separated by a colon. Those four fields are :

  1. Group name
  2. encrypted password for the group
  3. group id
  4. group members

Let’s see one by one :

Group name

Its a group name by which group is being identified for admins/humans. This name is used in all group management/user management related commands. New group name entry gets added in this file when groupadd command is used.

Encrypted password for the group

Its password in an encrypted format. In the above example, you see x instead of encrypted password since /etc/shadow file is generated on the system. The encrypted password is found in /etc/gshadow file in such a case.

Group ID

Its numeric id assigned to the group. Normally kernel identifies group by this field. This ID also features in /etc/passwd file in the 4th field. More information on GID can be found here. Group id gets generated automatically when a group is created using groupadd command.

Group Members

This is a list of user names separated by commas which are member of this group. File or directory permissions assigned to the group will be inherited to all these group members.

Create nice text banner in HPUX

Learn how to create text banners on the HPUX terminal. These banners can be used to show in the message of the day or user login screen so that the message is flashed to the user without getting ignored.

Have you ever wondered those ASCII text banner you see when you log in to the server, how people create them? Today we will see one of the methods to design ASCII banner made out of # symbols!

This process uses  HPUX native commands but there are other ways to do it in the Linux server as well. Check here how to create beautiful ASCII text banners in Linux.

In HPUX we have command banner native with OS. This command should be supplied with words. It will echo out supplied arguments typed in # marks which are 6 rows high. See below example :

$ banner kerneltalk

 #    #  ######  #####   #    #  ######  #        #####    ##    #       #    #
 #   #   #       #    #  ##   #  #       #          #     #  #   #       #   #
 ####    #####   #    #  # #  #  #####   #          #    #    #  #       ####
 #  #    #       #####   #  # #  #       #          #    ######  #       #  #
 #   #   #       #   #   #   ##  #       #          #    #    #  #       #   #
 #    #  ######  #    #  #    #  ######  ######     #    #    #  ######  #    #

There is a limitation to this. Banner only takes the first 10 letters. It ignores all further characters. So basically it writes 10 characters using # symbol with 6-row height!

See below example where is counts only 10 characters to be shown.

$ banner 12345678910
   #     #####   #####  #       #######  #####  #######  #####   #####     #
  ##    #     # #     # #    #  #       #     # #    #  #     # #     #   ##
 # #          #       # #    #  #       #           #   #     # #     #  # #
   #     #####   #####  #    #  ######  ######     #     #####   ######    #
   #    #             # #######       # #     #   #     #     #       #    #
   #    #       #     #      #  #     # #     #   #     #     # #     #    #
 #####  #######  #####       #   #####   #####    #      #####   #####   #####

Minor design observations

When you use CAPS and SMALL letters, it shows all CAPS letters with 7-row height and SMALL with 6-row height.

$ banner TestingMe
#######                                                 #     #
   #     ######   ####    #####     #    #    #   ####  ##   ##  ######
   #     #       #          #       #    ##   #  #    # # # # #  #
   #     #####    ####      #       #    # #  #  #      #  #  #  #####
   #     #            #     #       #    #  # #  #  ### #     #  #
   #     #       #    #     #       #    #   ##  #    # #     #  #
   #     ######   ####      #       #    #    #   ####  #     #  ######

When you space in between, it will convert them to cartridge returns. So every character after space starts on a new line.

$ banner this is test

  #####  #    #     #     ####
    #    #    #     #    #
    #    ######     #     ####
    #    #    #     #         #
    #    #    #     #    #    #
    #    #    #     #     ####


    #     ####
    #    #
    #     ####
    #         #
    #    #    #
    #     ####


  #####  ######   ####    #####
    #    #       #          #
    #    #####    ####      #
    #    #            #     #
    #    #       #    #     #
    #    ######   ####      #

When you use only alphabets, there is always one blank row above output. If you use numbers, the output starts immediately on the next line of command. You can observe the above outputs.

These text banners can be used to show on user login session or in /etc/motd. They can flash important messages to user without getting ignored.

Understanding /etc/passwd file

/etc/passwd is the key file in any Linux Unix system. Learn fields, formats within /etc/passwd file. Understand the meaning of each field and how it can be set.

In this post, we are going to see the format, the content of /etc/passwd file. /etc/passwd (will be called as password file henceforth in this post) is a popular and most accessed file when it comes to user in any Linux or Unix based system. Every administrator should be familiar with this file. Rather whenever one starts working on Linux Unix based system this file should be covered during his/her basis learning itself.

The password file is a human-readable file that contains information about users on the system including their encrypted passwords. Some systems don’t have encrypted passwords in this file if /etc/shadow file is generated. Typical /etc/passwd file looks like below :

# cat /etc/passwd
root:x:0:0:ROOT account:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
myuser:x:513:520:Test User:/home/myuser:/bin/bash
----- output truncated -----

Since its normal text file, commands like cat, more will work without any issue on it.

By default /etc/passwd file permission is 644 i.e. -rw-r--r-- and ownership root:root. Means file is world-readable and only root users can edit it. However, it is not recommended it manually.

If you observe the above file, it has values separated by colons :. Each row is one entry. One entry is for one user. For every user (row) there are 7 fields defined separated by a colon. Those seven fields are :

  1. Username
  2. Encrypted password
  3. UID
  4. GID
  5. Comment
  6. Home directory
  7. Shell

Let’s see one by one :

Username

Its user name being used by the user to login. This field gets populated when new users are created on a system using useradd command.

Encrypted Password

Its password in an encrypted format. In the above example, you see x instead of encrypted password since /etc/shadow file is generated on the system. The encrypted password is found in /etc/shadow file in such case.

# cat /etc/shadow
root:$6$FCGlEAUb$nRMJdwjadnw7.OL6L2oxeMQzM445gv0NK1AfjpjSMyth5JHXolCQnhA0:17075:0:99999:7:::

For example, see the above output where the encrypted password for root account can be seen in the second field.

UID

Its user id. Its unique number assigned to every account on the system. More information on UID can be found here. This can be set using -u argument in useradd, usermod command. If you want to assign the same UID to some new user which is being used to the old user already then you need to specify -o in command but this is not recommended.

GID

Its group id. Its unique number of groups of which account is member of. GID is created on the system with groupadd command. More information on GID can be found here. This can be set using -g argument in useradd, usermod command.

Comment

This field is introduced to have some descriptions against the account. This is purely for humans to identify/understand what related account is or to whom it belongs to. In the above example, the “ROOT account” is the description defined for the root users. This can be the name of the person or name of application etc. This can be set using -c argument in useradd, usermod command.

Home Directory

Its a directory where normally user lands into when he/she login. The home directory is where the user’s history file, profile, etc basic account stuff resides. Every user is recommended to have a unique directory. In the above example /root is defined as the home directory for the root account. This can be set using -d argument in useradd, usermod command. If the directory does not exist on server then -m can be accompany -d option so that the directory will be created automatically.

Shell

This is a shell that will be spawn when the user successfully logs in. In the above example /bin/bash is shell defined for the root account. This can be set using -s argument in useradd, usermod command.

Change MP IP for HPUX server

MP is the management processor of the server which is used to manage the server remotely/locally when it’s not running any OS. Learn how to modify the MP IP of the HPUX server. 

Caution!

In this activity, you are going to edit the connectivity specifications of the server. Mis-configurations may lead to lost connectivity which may impact your operations. Please proceed on your own risk.

MP is a management processor on HP servers typically found in servers made to run HPUX operating systems. MP is used to access the system when it’s in down mode i.e. OS is not running on the system. The only requirement to access MP is server should have active power connection and MP IP should have configured to access it over LAN.

It’s a management port on the server where one can plug in RJ45 cable for accessing MP over LAN. Sometimes during migrations, shifting datacenters, VLAN changes one may face requirements where MP IP should be changed to meet the new environments.

Here in this post, we will see how to change the existing IP of MP. For example, we have outputs from the rx8640 server.

Step 1:

Connect to MP console. Normally telnet is used to connect to MP. If you have not changed credentials then admin/Admin should work for username and password, both fields.

MP login: Admin
MP password:



(c)Copyright 2000-2008 Hewlett-Packard Co.,  All Rights Reserved.

                             Welcome to
                  rx8640's Management Processor



    MP MAIN MENU:

         CO: Consoles
        VFP: Virtual Front Panel
         CM: Command Menu
         CL: Console Logs
         SL: Show Logs
         FW: Firmware Update
         HE: Help
          X: Exit Connection

Type in cm command to go to command mode. You will land on CM prompt then.

[rx8640] MP> cm


                Enter HE to get a list of available commands

                      (Use ^B to return to main menu.)




[rx8640]
MP:CM>

Step 2:

Type in LS command to view current configuration. Here your current MP IP information will be displayed. Make a note of it.

[rx8640] MP:CM> ls

Current configuration of MP customer LAN interface
  MAC address   : 00:1b:45:a2:57:60
  DHCP Status   : Disabled
  IP address    : 10.10.10.10       0x0a01010b
  Hostname      : rx8640
  Subnet mask   : 255.255.255.0   0xffffff00
  Gateway       : 10.10.10.1       0x0a010101
  Status        : UP and RUNNING
  Link          : Connected 100Mb Half Duplex

Current configuration of Integrity Lights Out Advanced KVM card LAN interface
    No Integrity Lights Out Advanced KVM Cards were found

Step 3:

Type in lc command to edit this IP information

[rx8640] MP:CM> lc

MP Configurable LAN devices:

     1 - MP Customer LAN

Enter LAN device to change, or [Q] to Quit: 1

Current configuration of MP customer LAN interface
  MAC address   : 00:1b:45:a2:57:60
  DHCP Status   : Disabled
  IP address    : 10.10.10.10       0x0a01010b
  Hostname      : rx8640
  Subnet mask   : 255.255.255.0   0xffffff00
  Gateway       : 10.10.10.1        0x0a010101
  Status        : UP and RUNNING
  Link          : Connected 100Mb Half Duplex

    Do you want to modify the configuration for the MP LAN? (Y/[N])

Edit the information and save.

Step 4:

Finally, reset MP to take up this new configuration. Use command XD to reset MP. You will be disconnected from the current session and you need to open a new session with a new IP!

There are different commands for different variants of servers. You can always find a command to view/edit IP information on your MP itself by running HE (help) command in the command menu of MP. Look for the below type of descriptions in the presented list to get to know about commands available on your MP for editing this info.

LC      : Configure MP LAN interface
LS      : Display MP LAN configuration

Some servers have commands like CL to view and CE to edit IP configurations.

How to identify current boot disk in HPUX

When root disk is mirrored at OS level, its difficult to know which disk system is booted from. Learn here how to identify current boot disk in HPUX. 

There are a couple of ways by which you can identify boot disk from which the HPUX system is currently booted. This information is handy when HPUX is having root mirroring and if any maintenance activity needs to be carried out.

In such scenarios, one must know the current boot disk out of 2 root mirror disks. For example, if you have a root disk failure in the mirror then you must know if boot disk is damaged or not so that you can safely redirect IO to another disk/plan your maintenance.

Method 1

An easy method is to use setboot command which clearly states the primary boot disk.

# /usr/sbin/setboot -v
Primary bootpath : 2/0/0/3/0.0x6.0x0 (/dev/rdisk/disk40)
HA Alternate bootpath :
Alternate bootpath : 2/0/0/2/0.0x6.0x0 (/dev/rdisk/disk16)
 
Autoboot is ON (enabled)
Hyperthreading : OFF
: OFF (next boot)
 
----- output truncated -----

Method 2

This is a bit tricky. You need to use adb to get the hardware address of the booted disk. Then this hardware address can be traced back to disk name by matching in under ioscan output.

# echo "boot_string/S" | adb /stand/vmunix /dev/kmem
boot_string:
boot_string: (12/0/9/1/0.0.0;)/stand/vmunix

Method 3

Even by observing Syslog messages after boot, one can determine from which disk kernel was booted.

# grep "Boot device" /var/adm/syslog/syslog.log
Nov 15 18:44:18 myserver1 vmunix: Boot device's HP-UX HW path is: 2/0/0/3/0.0x6.0x0
.0

In the above output, it clearly mentions the hardware path of the disk from which the kernel was booted. Now, this hardware path can be matched with the device name in ioscan -fnCdisk output and a disk name can be obtained.

HP blade firmware upgrade process HPUX

Step by step procedure to upgrade HP blade firmware running HPUX operating system. Use this process with caution and on your own risk since mistakes may lead to an unstable system.

This post will cover step by step procedure to upgrade HP blade firmware running HPUX OS.

Warning: Halting the upgrade process in between can send your hardware in an unusable state. This activity needs experts/vendor support to be carried out. Proceed with caution and at your own risk.

Step 1

Login to MP and get current firmware version using sysrev command from the command menu. Download the new firmware from the HP website (for example BL860c firmware here). You should be having a valid contract with the vendor. This should be a tar file that you can un-tar on the HPUX server. Download and transfer files to the HPUX server. Extract the content of the tar file. There should be a list of files listed below.

hpoa330.bin
PF_CTAHISYS0425EFI.tar
bl860c_1_92_install_manual.txt
fweupdate_1p92.efi
update_SFW.nsh

Step 2

Get your boot disk path (primary boot path) using setboot command.

# /usr/sbin/setboot -v
Primary bootpath : 2/0/0/3/0.0x6.0x0 (/dev/rdisk/disk40)
HA Alternate bootpath :
Alternate bootpath : 2/0/0/2/0.0x6.0x0 (/dev/rdisk/disk16)

Autoboot is ON (enabled)
Hyperthreading : OFF
: OFF (next boot)

----- output truncated -----

Step 3

Now you need to copy firmware files in EFI partition of this primary boot disk. EFI partition is slice/partition 1 of the disk. Follow the below commands to create the directory first and then copy files within it.

# /usr/sbin/efi_mkdir -d /dev/rdsk/c2t1d0s1 /efi/hp/firmware
# /usr/sbin/efi_cp -d /dev/rdisk/disk1_p1 update_SFW.nsh /efi/hp/firmware/update_SFW.nsh
# /usr/sbin/efi_cp -d /dev/rdisk/disk1_p1 fweupdate_1p92.efi /efi/hp/firmware/fweupdate_1p92.efi

List the content of the directory to check if they are copied properly or not.

# /usr/sbin/efi_ls -d /dev/rdisk/disk1_p1 /efi/hp/firmware

Step 4

Once you are done with copying firmware in EFI partition, reboot the system. Halt at EFI shell. At EFI shell, enter into the primary boot disk. You should see a prompt like fs0. Now navigate to the directory we created in the above steps and then run .nsh file to start the upgrade process.

fs0:
cd EFI/HP/FIRMWARE
dir
fs0:\EFI\hp\firmware> dir
Directory of: fs0:\EFI\hp\firmware
05/20/11 02:03a <DIR> 4,096 .
05/20/11 02:03a <DIR> 4,096 ..
05/22/11 08:58p 10,168,320 fweupdate_1p92.efi
05/22/11 08:58p 26 update_SFW.nsh
2 File(s) 10,168,346 bytes
2 Dir(s)
fs0:\EFI\hp\firmware> update_SFW.nsh
update_SFW.nsh> fweupdate_1p92.efi -mnuF
*************************************************************************
****                                                                 ****
****                            FWEUPDATE                            ****
****            EFI Firmware Update Utility for IPF Systems          ****
****         (c) Copyright Hewlett-Packard Company, 2001-2006        ****
****                      All rights reserved.                       ****
****                                                                 ****
****                              v1.00                              ****
****                                                                 ****
*************************************************************************
Executing Command line options: -mnuF......................................... 


----- output truncated -----

Once you see above upgrade process started on console do not disturb system in any way. Halting this process in between may make your system unstable.

Step 5

After the upgrade process completes, MP will be reset and you will lose connection to MP. Start a new session and connect to MP. Go to command menu and verify updated firmware version using sysrev command under the command menu!

Adding extra or secondary swap in HPUX

Learn how to add a secondary swap or extra swap in running the HPUX system without any downtime. It uses free space in root VG to mount as swap.

When the system runs low on memory and swap continuously, its time to troubleshoot. Even after troubleshooting and all available app/OS tuning you are still running out of memory then you can try adding extra swap before you think of adding RAM to the server which involves cost/resources of parent machine.

Step 1

For adding extra swap check how much space you have available in root volume group vg00. Use vgdisplay command to get free PE and PE size numbers.

# /usr/sbin/vgdisplay vg00
--- Volume groups ---
VG Name                     /dev/vg00
VG Write Access             read/write
VG Status                   available
Max LV                      255
Cur LV                      9
Open LV                     9
Max PV                      16
Cur PV                      2
Act PV                      2
Max PE per PV               4384
VGDA                        4
PE Size (Mbytes)            16
Total PE                    6544
Alloc PE                    5978
Free PE                     566
Total PVG                   0
Total Spare PVs             0
Total Spare PVs in use      0

Here we have 566 free PE with 16MB size of each. This sums up to 8.8GB of free space in root VG. We can use space from this 8.8GB for adding extra swap.

Read our Linux swap related articles :

Check the current swap configuration. Here you can see like default HPUX configuration, lvol2 is mounted as swap.

# /usr/sbin/swapinfo -tam
             Mb      Mb      Mb   PCT  START/      Mb
TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
dev       43008       0   43008    0%       0       -    1  /dev/vg00/lvol2
reserve       -    1963   -1963
memory    40861    9261   31600   23%
total     83869   11224   72645   13%       -       0    -

Step 2

Create a new contiguous logical volume with no bad block relocation policy and size of your requirement. Let’s make an LV of 2GB.

# lvcreate -L 2048 -C y -r n /dev/vg00
Logical volume "/dev/vg00/lvol10" has been successfully created with character device "/dev/vg00/rlvol10"
Volume Group configuration for /dev/vg00 has been saved in /etc/lvmconf/vg00.conf

Step 3

Start swap on this lvol. Add -f argument to start forcefully if the below command fails.

# swapon -p 1 /dev/vg00/lvol10

Step 4

Edit /etc/fstab to mount this LV as swap on every boot. Add below entry :

/dev/vg00/lvol10 ... swap pri=1 0 1

Step 5

Check again swap size. Now you can see new lvol is added in the swap.

# /usr/sbin/swapinfo -tam
             Mb      Mb      Mb   PCT  START/      Mb
TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
dev       43008       0   43008    0%       0       -    1  /dev/vg00/lvol2
dev        2048       0    2048    0%       0       -    2  /dev/vg00/lvol10    
reserve       -    1963   -1963
memory    40861    9261   31600   23%
total     85917   11224   74693   13%       -       0    -

Adding new storage LUN to integrity virtual machine (iVM) in HPUX

Step by step procedure to add storage LUNs to integrity virtual machine on HPUX host. Further, learn to use those LUNs in LVM of the guest servers.

Steps to add new LUN into integrity virtual machine (iVM) in HPUX and use it within existing VG or create a new VG on it. In this process, storage luns are always presented to the physical host server. from host, they are attached to the virtual guest server running on it.

Step 1

Identify new LUN on the HP iVM host server. When new LUN is presented to iVM, run ioscan command to scan new disks. Post ioscan, run insf command to make sure all available hardware has its related files created in the kernel.

# ioscan -fnCdisk
# insf -e

Now your new LUN is identified in the kernel. Match lun id in storage utility (syminq in case of EMC storage, evainfo in case of HP EVA storage etc) and get related disk number. We are using agile naming convention here so lets take /dev/rdisk/disk10/dev/rdisk/disk11 are new identified disks.

Step 2

Make disks LVM ready by using pvcreate.

# pvcreate /dev/rdisk/disk10
Physical volume "/dev/rdisk/disk10" has been successfully created.

# pvcreate /dev/rdisk/disk11
Physical volume "/dev/rdisk/disk11" has been successfully created.

Step 3

Attach these disks to iVM (guest) which is running on the host. Assume vmserver1 is our iVM here.

# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk10
# hpvmmodify -P vmserver1 -a disk:avio_stor::disk:/dev/rdisk/disk11

Step 4

Once the above commands are successful, disks are attached to iVM and need to scan in the guest. Login to iVM server and scan the new disks the same way we did in steps 1 and 2 on the host. Let’s say those disks are identified as /dev/rdisk/disk2/dev/rdisk/disk3 on the guest server. Observe those are identified as Virtual disk on VM.

disk 6 0/0/0/0.2.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t2d0 /dev/rdsk/c0t2d0

disk 8 0/0/0/0.3.0 sdisk CLAIMED DEVICE HP Virtual Disk
/dev/dsk/c0t3d0 /dev/rdsk/c0t3d0

Step 5

Complete LVM tasks on these disks to use space in the mount point.
To create a new VG named vg01

# mkdir /dev/vg01
# mknod /dev/vg01/group c 64 0x010000
# vgcreate -s 64 -p 60 -e 12500 vg01 /dev/disk/disk2 /dev/disk/disk3
Volume group "/dev/vg01" has been successfully created.
Volume Group configuration for /dev/vg01 has been saved in /etc/lvmconf/vg01.conf
# lvcreate -L 200 /dev/vg01
Logical volume "/dev/vg01/lvol1" has been successfully created with
character device "/dev/vg01/rlvol1".
# newfs -F vxfs -o largefiles /dev/vg01/rlvol1
 version 7 layout
 204800 sectors, 204800 blocks of size 1024, log size 1024 blocks
 largefiles supported
# mkdir /data
# mount /dev/vg01/lvol1 /data

To extend current existing VG named vg02 & mount point /data1 within it

# vgextend vg02 /dev/disk/disk2 /dev/disk/disk3
Volume group "vg02" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf
# lvextend -L 512 /dev/vg02/lvol1
Logical volume "/dev/vg02/lvol1" has been successfully extended.
Volume Group configuration for /dev/vg02 has been saved in /etc/lvmconf/vg02.conf
# fsadm -F vxfs -b 524288 /data1
vxfs fsadm: V-3-23585: /dev/vg02/rlvol1 is currently 7731200 sectors - size will be increased

HPUX Patch naming conventions

HP releases the HPUX patch twice a year. Few break-fix patches releases as on need basis. Here are naming conventions being followed by HP.

HP releases OS patches for HPUX every 6 months i.e. twice a year. For smaller HPUX patch which are releases as on need basis, HP follows below naming conventions

Patch name format is PHxx_yyyy

Where,

xx = area of patch
CO: General HPUX commands
KL: Kernel patches
NE: Network-specific patch
SS: all other subsystem patches

yyyy = unique number

From patch name, you will be able to guess area of its impact so that you can plan your activities accordingly. If the patch requires a reboot or not can be determined while downloading the patch from the HP portal itself or even by running swinstall command with -p (preview) argument.

HP patches are available on http://software.hp.com/ which will redirect you to HP software depot home. HP passport login required to download patches or software from software depots.