Jun 25, 2008
Tricky. When a user uses sudo to “su” to another user, certain environment variables will not remain.
From the man page:
Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs. To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed. sudo will also remove the IFS, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat. If the TERMCAP variable is set and is a pathname, it too is ignored. Additionally, if the LC_* or LANGUAGE
variables contain the / or % characters, they are ignored. If sudo has been compiled with SecurID support, the VAR_ACE, USR_ACE and DLC_ACE variables are cleared as well. The list of environment variables that sudo clears is contained in the output of sudo -V when run as root.
May 13, 2008
rm: cannot determine if this is an ancestor of the current working directory
This is caused by an underlying mount point permission that is too strict (700). You can change the permissions on the mount point without unmounting the volume by using lofs creatively:
#create temp directory
server1> mkdir -m 755 /fix-mnt
# mount the directory which contains the mount point, not the mount point itself, but its parent directory.
server1> mount -F lofs -o nosub /users/zones/server1-z3/root/users/ /fix-mnt
server1> ls -ld /fix-mnt/mountpoint #confirms the permssions are not 775
server1> chmod 775 /fix-mnt/mountpoint
server1> umount /fix-mnt
server1> rmdir /fix-mnt
Apr 21, 2008
It’s amazing how slowly a resync happens with Solaris Volumen Manager (SVM). You can dramatically reduce your time to sync up your mirrors with SVM by adding a setting to /etc/system and rebooting.
set md_mirror:md_resync_bufsz = 1024
I’ve tried 2048 (the max) as well, but not as big a gain in speed, so I stick with 1024.
Harmless on “modern” Sun machines. Just don’t try this on your SPARC 20 or it may lock up on you. As long as you have >1GB of RAM you’ll probably be ok.
Feb 26, 2008
Got error message:
2008-02-25 16:53:21.944 Tangosol Coherence AE 3.2.2/371 (thread=Main Thread, member=n/a): UnicastUdpSocket failed to set receive buffer size to 1428 packets (2096304 bytes); actual size is 89 packets (131071 bytes). Consult your OS documentation regarding increasing the maximum socket buffer size. Proceeding with the actual value may cause sub-optimal performance.
Add this to /etc/sysctl.conf and reload with “sysctl -p”:
# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
Check current values with “sysctl net.core.wmem_max”
RHEL 3
Feb 14, 2008
A user did not have root access, but wanted his web server to appear to be listening on port 80. Came up a nice way to redirect port 80 requests to another port, where he ran his web server.
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8070
Feb 14, 2008
fdsetup-srdf2
We use SRDF replication here, and the fd-srdf script provided with the SRDF agent only copies over a small percentage of the resources in our service groups (no zones, no IPs, no Oracle resources, etc). I modified it to grab all of these things and copy them over. The special things about this script is that it changes all the disk groups and mounts to diskgroup_fd resources for the names and mount points for a firedrill service group. Helps if you have >50 mount points like me.
No Comments