ebook img

Inside Solaris V5N1 PDF

16 Pages·31.1 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Inside Solaris V5N1

January 1999 • $9.00 ~JOURNALS ~ Vol. 5 No.1 " OLARIS'" IN THIS ISSUE i !it:..& techniques for users of SunSoft Solaris 1 CGI and data security CGI and data security 4 by Paul A. Watters Shell toolbox 101, part 2 Th e CGI (Common Gateway which potential users of custom 10 Interface) is a popular meth made applications and off-the-shelf od of operating on user data scripts should be aware of. Improving server apps collected from an HTML <FORM> with scheduling under on a Web site. We can use CGI to CGI: Compiled or process data by either an interpret Solaris interpreted? ed Perl or shell script, or a com piled program, which resides on Applications that make use of the the server. We can then return CGI interface have become increas 15 either a dynamically generated ingly popular on Solaris-based About our contributors HTML page, or some other kind of server systems, with which person data (for example, a graphics file) al computers of many descriptions from the server-side application. can interface using the WWW. A However, the increased use of CGI common example is a Web inter 15 programs has given rise to a num face to a centralized database sys PatchDiag Tool ber of recent security concerns, tem. As shown in Figure A, a client HTML Generation Application Execution Visit our Web site at www.zdjournals.com/sun Figure A: CG/ process flow as initiated from a client PC ZIFF·DAVIS a SOFcTomBpAaNny K using a low-end PC can execute complex alphabetical characters like the tilde(~), searches on a remote Solaris machine, which often have a special meaning in UNIX, accessed by HTML forms utilizing the CGI and can be used in some cases to execute interface, without increasing overheads on malicious commands. An example is using the their local machine. The results of the search, eva l statement from the Bourne shell and Perl which might include graphics, text, and scripting language, which will quite happily sounds, can then be returned in a dynamically evaluate a query string with a semi-colon generated Web page. This approach strongly appearing somewhere within it. The semi supports the client-server model in a Web colon will, no doubt, be followed by a mali environment, providing access to up-to-date cious command to mail the entire system's information at call. password file to a waiting hacker (although CGI appeals to two main audiences: novice password shadowing can reduce the risk of users and experienced users. Novice users non-root access to the password file). Using often use freeware scripts downloaded from a an additional code segment in shell scripts or resource site to include many advanced ele Perl can usually fix this kind of problem-for ments on their Web pages (like page counters, example, all input can be parsed by a function time/date displays, and guestbooks), without to remove all non-alphabetical characters. having to learn how to program. It isn't only the content of query string that Alternatively, experienced users, based in we have to be conscious of; as with many medium-to-large businesses, often use CGI to things in life, size also counts. One problem provide a modern interface to legacy systems, with passing a query string is that the authors which might be expensive to rewrite in a of some off-the-shelf scripts and compiled modern compiled language (like C++ ). This programs don't check the length of the query approach not only saves money on expensive string, and usually declare the variable that reprogramming, which must often be per stores the query string to be of constant size. formed from the ground up, but enables a For example very fast turnaround time on providing a modern Web-based interface for clients. char query_string[10241 There are certainly more general uses of CGI than we'll be looking at in this article. allocates 1024 bytes to the variable query_string However, as we'll see, casual users are vulner of type char, assuming that 1024 bytes will be able to CGI exploits because they're not aware the maximum argument size passed. We can of some features of UNIX shell scripts, while see the folly of declaring variables in this way experienced programmers might not be aware when there are a number of well-known of the many exploits that are currently avail exploits available on the Web that pass extra able over the Internet. neous bytes after the declared 1024 to over write the address space declared for the Query strings: Size matters query_string variable. This allows malicious users to execute arbitrary commands on the Currently, the major concern in Web security server in some cases. is the power of CGI scripts to unwittingly The count.cgi program, for example, which facilitate the execution of rogue programs on is used to record and display the number of a server through a query string passed from a times a WWW page has been accessed, is a client. Mistakes in writing CGI scripts can script widely used by non-programmers. allow malicious users to gain access to key However, failing to declare array sizes system accounts. It's very important to learn dynamically potentially allows the stack space the first law of CGI programming: parse of the program to be overwritten when a spe everything! Every query string must be treat cific set of arguments is passed in the query ed as if it were being executed on the com string (CERT Advisory AA-97.27). Intruders mand line, as that's the level of access which can force the count.cgi program to execute some exploits can provide for intruders. arbitrary commands with the privileges of the Planning for the worst-case scenario also server daemon. If the daemon is run as root ensures that less-serious exploits can be suc (that is, where all child processes have root cessfully dealt with. privileges), the results could be disastrous for The major concern with the content of the entire system, not just the Web interface or query strings is that they can contain non- files in the document root directory. If you're Inside Solaris still running an old version of this program, posed of HTML queries in a standard, secure CERT advises you to update immediately: way. Using a standard programming library www.fccc.edu/users/muquit/Count.html can save mistakes and simple errors that might not result in any observed changes in Code solutions an application's behavior, but might open potential security holes. More information The first technique that can be used to stop about CGI.pm can be found at: malicious use of a query of a large size is to dynamically allocate memory, depending on stein.cshl.org/WWW/ software/CG I/ the size of the query string, which can fortu cgi_docs.html nately be determined from an environment variable. Thus, if the size of the query string is Of course, the best solution in the long run passed by the variable CONTENT_LENGTH, we can might be to install a safer Web server-one simply declare a pointer to an array of type that incorporates many existing CGI-related char (in C), and then set its size dynamically security strategies in its code. The apache in the program, after CONTENT_LENGTH has been Web server, for example, now has the suEXEC read from the environment: feature, which is designed to screen all CGI requests using a wrapper before any user query_string=(char •) calloc((size_t) CONTENT_LENGTH, sizeol(char)); level scripts or programs are executed. SuEXEC also allows users to run CGI scripts This means that the bounds of the array and programs under usernames that are dif query_s tr i ng can't be overwritten. ferent from the standard nobody or www under However, although this technique will stop a which the daemon usually runs (or worse user from executing arbitrary commands on the still, allowing child processes of the server daemon to run as root). server, it isn't enough to stop denial of service attacks that might be aimed at crashing the serv This feature considerably reduces the er and preventing access from paying clients, f?r many security risks involved with allowing example, rather than stealing passwords. In this non-system users to run CGI programs for case, several megabytes of data might be passed public use (using a wrapper is really manda as a query string, eventually consuming all tory on multi-user systems like Solaris). available physical memory and swap space. SuEXEC also refuses to run programs that Even if enough memory is available to process a don't meet a certain number of security-based single query, the performance of the server will criteria; for example, if extra arguments are be dramatically reduced during processing. If passed, or if the directory with the CGI pro two or three clients repeated this query consecu gram is writeable by other users, then the tively, there's real scope for almost permanently query request is rejected. For servers where a denying service. One way of avoiding this kind high level of security is required, it's better not to run the server as root at all (for exam of problem is to place a sensible limit on query strings, by rejecting input streams that ar~ larger ple, starting the daemon by a user like.nobody than the maximum required for any particular on a high-numbered port). Even compiled code can potentially be exploited if the source page on the server. A 1024-byte limit is g~ne~ally sufficient for most Web pages, although it rmght code is freely available over the Internet need to be larger for complex query strings. For potential loopholes or coding errors might be example, a simple check such as exploited by an enthusiastic corr_ipetitor o~ a bored hacker. This might seem hke overkill, ii (CONTENT_LENGTH > 1024) then but when our businesses rely on providing reject_query( ); reliable, Web-based information services, such precautions are mandatory. might be a useful remedy, if we have a stan dard error message defined in reject_query( ). Further reading System solutions The definitive guide to CGI security can be found at: Other CGI security solutions are aimed at the system level. For example, CGI.pm is a Perl www.w3.org/Security/Faq/ library that parses and interprets strings com- www-security-faq.html I I www.zdjournals.com/sun January 1999 ' - - - - - - -1 The best guide for general security issues for should be read by anyone considering run Solaris systems can be found at: ning a Web server under Solaris. CERT advi sories can be found at: www.sunworld.com/common/ www.cert.org security-faq.html CERT also maintains mailing lists so that you This FAQ contains a section "How do I make can be notified of any current advisories as my Solaris Web server more secure?," which soon as they're released.~ Shell toolbox 10 1, part 2 by Jeff Forsythe, Sr. L ast month, in part 1 of this article, you'll gram, like most of the others, is a simple, recall that we were building an editing easy-to-follow utility. With minor modifica library and we gave you the logmsg func tions, it will work by itself. In fact, if you look tion and the header function to chew on. Hope closely at the weird way vc.sh is called, you'll fully you've put them to use already. This probably guess that it was an after-thought (of month, in part 2 of the article, we'll finish the about six years). library. So, let's dive right in. For your sake, spend the time to type in vc.sh rather than editing shell.sh to work by Shell scripts itself; it's worth it. Finally, you'll notice that the header contains starting and ending lines Our plan will add shell.sh, shown in Listing A, of 57 pound signs (#).This, you'll recall from and file.sh to your toolbox next. They're similar last month, is used by header.fnc and must be in nature, but have a few differences. We'll exactly 57 in order to work. Now you can put demonstrate shell.sh and leave file.sh to you. shell.sh to work for the first time. Then, you'll build your edit.shlib because you can finally get some functionality out of the Creating internal previous tools as a unit. You'll want to build documentation vc.sh, shown in Listing B on page 6, quickly because it's the Easter Egg of the entire library. For those of you who enjoy documenting after And finally, if you're so inclined, you'll want to a program is written, or who wish to docu build the affects.sh program (remember that ment your previously developed scripts, you this is vaporware for the author who would can move the original shell to a temporary appreciate if you could email a copy of your name, run shell.sh with the correct name, and affects.sh if you build one). Now that we have then read in the temporary name you just cre the plan down, let's get to work. ated. This will create the internal documenta tion and get you where you need to be. Huh? shell.sh To demonstrate, you should use this method to update logmsg.fnc and header.fnc (both The next tool is the shell.sh program. It still were presented in part 1 of the December 1998 could use some work, but has been so handy issue) to add the proper header documenta for six years and is such an integral part of the tion to them. edit.shlib that it must be presented as-is. First, move logmsg.fnc to logmsg.nd (nd The shell starts by obtaining all the perti for no docs). Then, run shell.sh, logmsg.fnc, nent information required to create the docu and answer the prompts. When you're ready ment header: Name, Author, Purpose, etc. to edit, just read in the logmsg.nd file (in vi, Don't forget to change the AUTHOR= lines to you type colon(:), the letter r for read, and default to your initials. The shell then creates the file name :r logmsg.nd). When you save a header and sends you to vc.sh. This pro- and exit, you'll be saving logmsg.fnc with l ll nside Solaria Listing A: shell.sh listing #!/bin/sh echo "Purpose: \c" ########################################################## read PURPOSE # #SHELL: shell.sh AUTHOR="lnside Solaris Reader" # DATE WRITTEN: 08/24/92 JAF, Sr. echo "Author's Initials [${AUTHOR}]: \c" #DATE UPDATED: 09/18/98 JAF, Sr. v4.01 read AUTHOR # Fixed typo #PURPOSE: Used to create shell scripts if [ "S{AUTHOR}" = "" l # USAGE: shel I.sh shel I-name[ .sh] then # FLAGS: None AUTHOR=" Inside Solaris Reader" # ARGUMENTS: shell-name Ii # RETURNS: 0 - Nominal # 1 - Invalid number of arguments echo "#!/bin/sh" » S{SHELLNAME} # 2 - Attempting to create a echo Ii le that exists » S{ SHELLNAME} # CALLS: S{FNCDIR]/logmsg.!nc echo "#" >> S{SHELLNAME} # S{SHELLDIR]/vc.sh echo "# SHELL: S{VERNAME}" >> # S{SHELLDIR}/header.sh S{SHELLNAME} # CALLED-BY: NIA echo "# DATE WRITTEN: 'date +%m/%d/%Y' # ERRATA: None S{AUTHOR}" >> S{SHELLNAME} # LIMITATIONS: None echo "# DATE UPDATED:" » S{SHELLNAME} # echo "# PURPOSE: ${PURPOSE}" » ########################################################## S{SHELLNAME} echo "# USAGE: S{ VERNAME }" » . S{FNCDIR}/logmsg.!nc S{SHELLNAME} echo "# FLAGS: None" » S{ SHELLNAME} logmsg shell.sh S Started S{LOGDIR}/shell.log echo "# ARGUMENTS: None" >> S{SHELLNAME} echo "# RETURNS: 0 - Nominal" » i ! [ $# -ne 1 I S{SHELLNAME} then echo "# 1 Jl echo "USAGE: shell.sh shell-name[.sh)" Invalid number of arguments" >> S{SHELLNAMEJ logmsg shell.sh E "Invalid number of echo "# CALLS: NIA" >> S{SHELLNAME} arguments$#" S{LOGDIR}/shell. log echo "# CALLED-BY: N/ A" » S{ SHELLNAME} logmsg shell.sh F Finished S{LOGDIR} echo "# ERRATA: None" » S{SHELLNAME} /shell.log echo "# LIMITATIONS: None" » S{SHELLNAME} exi I 1 echo "#" >> S{SHELLNAME} Ii echo "#######################################" » S{ SHELLNAME I VERNAME:"S{ 1} " echo >> S{SHELLNAME} echo " " >> S{SHELLNAME} if [ -s S{VERNAME} then logmsg shell.sh M "vc.sh -tmp S{SHELLNAME} echo "S{VERNAME} exists, use: vc.sh S{VERNAME}" S{LOGDIR}/shell. log S{VERNAME} - exiling" exi I 2 vc sh -tmp S{SHELLNAME} S{VERNAME} Ii chmod +x S{VERNAME} if 'echo S{VERNAME} I grep -c .sh' -eq 0 I then rm -! S{SHELLNAME} VERNAME="S{VERNAME}.sh" Ii logmsg shell.sh F Finished S{LOGDIR}/shell.log SHELLNAME=S{VERNAME}SS exi I 0 documentation. Now do the same thing with argument. Then, after answering the header header.fnc. When you're done, you can prompts, you read in shell.sh and modify the remove the *.nd files (but make sure you header and the header that it creates. The don't have anything with this ending prior to purpose of file.sh is to do the same thing for this exercise). non-shell script text files as shell.sh does for The file.sh program is nothing short of a scripts-namely, to create a documentation modified shell.sh. In order to create it, you header. In the interest of column space, this run the shell.sh command with file.sh as the is left as an exercise for you. www.zdjournals.com/sun January 1999 Listing B: vc.sh Listing #!/bin/sh VERDIR=S{VERDIR:.} ##################################################################! Ii # # SHELL: vc.sh LOG=S{VERDIR}/vc.log # DATE WRITTEN: 03/02/1998 JAF. Sr./rlh # DATE UPDATED: 04/10/1998 JAF, Sr. v2.01 # loop tor each ti le in the argument list # Added -tmp ! lag tor FILE in S• # PURPOSE: Implement tile version numbering. do # Taken lrom "Sys Admin" Vol. 3, # Set DIR # No. 5, DIR='dirname ${FILE}' # Sept/Oct 1994 and HIGHLY MODIFIED! # USAGE: vc.sh [-!mp tile] tile [tile ... ] # Set FILE # FLAGS: -tmp ti le: temporary ti le FILE='basename S{FILE}' # ARGUMENTS: l i le [ l i le ... l # RETURNS: 0 - Nominal # Set ! lag tor ownership, group and mode # 1 - Invalid number ol arguments MODEFLAG:FALSE # 2 - Fi le sums do not match # 3 - Error creating backup ol #Get the last version present original ti le LASTVER="'ls S{VERDIR}/S{FILEJ\;• # CALLS: /usr/bi n/vi 2>/dev/null : sed 's/ •;Ilg' : # S{FNCDIR}/logmsg.lnc sort -rn : head -1'" # S{UTILDIRJ/mode.sh # CALLED-BY: NIA if [ "S{LASTVER}" != "" l # ERRATA: None then # LIMITATIONS: None # Check sum on original and highest # # version ################################################################## it [ "'sum -r S{DIR}/S{FILE} : awk 'I print S1 I' "' = \ 1 S{FNCDIR}/logmsg.lnc "'sum -r S{VERDIR}/S{FILE}\; S{LASTVER} I awk '{ print $1 }' "' #Check to ensure that at least one input then # option was entered. banner "ERROR" i l [ $# -l t 1 l echo "\n\n Highest version then and original file" echo "Usage: vc.sh [-Imp ti le] ti le echo "do not match. This [ l i le ... l" could be a ti le out" exit 1 echo "ol sync or they else could be two different" it [ "$1" = "-tmp" l echo "lileslromdilferent then directories." i l [ $# -l t 3 l exit 2 then ti echo "Usage: vc.sh [-!mp ti le] ti le # Increment the version number. [ l i le ... l" VER='expr S{LASTVER} + 1' exit 1 Ii if [ S{VER} -gt S{MAXVER} USETMP="TRUE" # Do not exceed MAXVER copies. TMPFILE:S2 then sh i l t cp S{VERDIR}/S{FILE}\;1 sh i l t S{VERDIR}/S{FILE}\;tmp else USETMP="FALSE" ti #Start with 2 so that 2 replaces 1, ti # 3 replaces 2, etc. COUNT=2 #Check tor S{HOMEJ/.vc.clg while [ S{COUNT} -le S{LASTVER} it [ -s S{HOME}/.vc.clg l do then LESSONE='expr ${COUNT} - 1' MAXVER='grep MAXVER S{HOME}/.vc.clg awk 'I print $2 I" mv ${VERDIR}/S{FILE}\;S{COUNT} VERDIR='grep VERDIR S{HOME}/.vc.clg S{VERDIR}/S{FILE}\;${LESSONE} awk ' { pr in I $2 I" else COUNT='expr S{COUNTJ + 1' ----M-AX-VER-=S{-MAX-VE-R:5-} ---------------------don-e ------------------ Inside Solaris L_is_tin_g _B: _co_nt_inu_ed_ ________________ ! _________________________ _ else VER:S{MAXVER} #This is the first edit - so don't run LASTVER:'expr S{LASTVERJ - 1' #dill command Ii if I -r S{NEWFILE} then ORIG="S{VERDIR}/S{FILE};S{LASTVER}" EDIT =1 NEWFILE="S{VERDIR}/S{FILE};S{VER}" ti ti MODE='ls -l S{DIR}/S{FILE} : awk '{print S1}" if I ${EDIT} -eq 1 I #The user DID make OWN:'ls -l S{DIR}/S{FILE} # changes awk '{print S3}" then GRP='ls -l S{DIRJ/S{FILEI # Remove the pre-edit ti le and the awk 'Ip r int S4 I " # tmp copy. MODEFLAG=TRUE rm -! S{DIR}/S{FILE} S{VERDIR}/ else S{FILE}\; tmp #This is a new Ii le - start the #version at 1. #Copy the newest ti le to the basename. VER=1 cp S{NEWFILE} S{DIR}/S{FILE} ORIG:"S{DIR}/S{FILE}" NEWFILE:"S{VERDIR}/S{FILE};S{VER}" if [ "S{MODEFLAG)" = "TRUE" l then # Check to see i I the Ii le REALLY NEWMODE='S{UTILDIR}/mode.sh ${MODE)' #EXISTS. chmod S{NEWMODE} S{DIR}/S{FILE} if I ! -! S{ORIG} l chown S{OWN) S{DIRJ/S{FILE) then chgrp S{GRP} S{DIR}/S{FILE} touch S{ORIG} ti else cp S{ORIG} S{VERDIR}/S{ORIG}\;O logmsg $0 M "S{LOGNAME} changed ti S{DIR)/S{FILE)" S{LOG} ti else logmsg SOM "S{NEWFILE} was not edited. #Copy the last edit ti le to the new Restoring to S{ORIG}" S{LOG) #version for editing. # Remove the higher version because if I "S{USETMP}" ="TRUE" # NO changes were made. then rm S{NEWFILE) ERR='cp S{TMPFILE} S{NEWFILE} 2>&1; echo S?' else #Move tiles back to original names. ERR='cp S{ORIG} S{NEWFILE} 2>&1; if I -s S{VERDIR}/S{FILE}\;tmp l echo S?' then ti # MAXVER -1, so that we can # move the tiles back up until #Check tor copy error. # 1 becomes 2 if I S{ERR} -ne 0 l # and then we move the temp ti le then #inas1. ERR:'echo SERR sed 's/.•: Ilg' 2>&1' COUNT:'expr S{MAXVERI ll 1' echo "Your edit of S{NEWFILEJ is aborted." while I ${COUNT} -ge 1 l echo "Attempting to access S{ORIG} do has reported the following \c" PLUSONE='expr S{COUNT) + 1' echo "system error:\n\n\tS{ERRJ\n" echo "Aborting edit." mv S{VERDIR)/S{FILE)\;S{COUNTJ exit 3 S{VERDIR)/S{FILE)\;S{PLUSONE} ti echo "Loading S{NEWFILE} for edit COUNT='expr ${COUNT} - 1' # Load vi and edit ti le done /usr/bin/vi + S{NEWFILE} mv S{VERDIR}/S{FILE}\;tmp if I SIVER} -gt 1 l S{VERDIR)/S{FILE)\;1 then ti #Check to see if user actually ti #made changes. done dill S{ORIG} S{NEWFILE} 2>&1 >/dev/null EDIT :S? exit O ___.;;....._____ _ .....____ www.zdjournals.com/sun January 1999 _. Version control vc.sh is aware of this possibility and performs That brings us to version control. How many a checksum on the latest file (highest number) times have you made changes to a script only and the file being edited. If they don't match, to find out a day or two later that your the user is warned that there's a problem. This method is also implemented as a means of changes don't work and you want to roll back checking for someone editing the file without to the previous version? With vc.sh in place the use of vc.sh. and used properly, you'll have this option at Another problem with this method is that your fingertips. the backup directory's write permissions need The version control script, vc.sh, first to be opened up for everyone. This, obviously, checks to see if there's a previous version con isn't a good idea. trol file. If there isn't, the file is copied to a backup and given a semicolon zero extension Separate tile system (filename;O). If the version control file does Another school says to create a separate file exist, a copy is made to the next higher num system that mimics the original under the ber. The only exception to this rule is when the numbers exceed the maximum number of mount point /vc. This option is an offshoot of version control files. The maximum is set to the first in that it creates a mimic file system. five by default and can be controlled through For instance, if you were going to edit an environment variable (MAXVER) or through I etc/hosts, the backup file would be stored in the configuration file vc.cfg (which was creat /vc/ etc/hosts;l. It doesn't take long to see the ed with file.sh). drawbacks in this idea. If it exists, vc.cfg is kept in the user's home First, the file system must get copied to the directory and is specific to that user. If the backup area. This takes up overhead unneces maximum number is reached, the lowest sarily and takes up a disk slice for the file sys number (filename;l) is moved to a temporary tem. The script is written using the VERDIR name and each subsequent higher number is variable, which can be set in the .vc.cfg con moved down to the next lower number (for figuration file. This variable determines the example, filename;2 becomes filename;l). location of the backup files. After the version control routine is completed, Same directory the editor is called. The final school says to keep the backup files Should the user exit without making any in the same directory as the original. That's changes, the files are all reset to their original the easiest to implement and the one we'll positions prior to vc.sh being called. That's show in this article. why we keep filename;l in a temporary loca If you want to perform a separate backup tion. If changes were made, then the temporary of the version control files, you search for files copy of filename;l gets removed (if it exists). that end in a semicolon and a number. It's Storing backup files also nice to look only in I etc for hosts* rather than looking in I etc and one or more other There are several schools of thought about locations for backups. This particular shell is how to store the backup files. We'll describe an Easter Egg in disguise. Once you have it each thought, but for this article, we'll imple implemented, you'll know within a day or so ment the third school of thought- storing the why it's so useful. backup files in the same directory. Moving back to an older version after an editing session is as easy as remove and copy. Backup directory Remove the highest numbered version and One school of thought says to keep the back copy the next higher version to the edit name. up files in a special directory set up just for If you don't like edit number 5 of the backup files, thus making them easier to back I etc/hosts file, remove number 5 and copy up separately from the nightly backup (the number 4 to I etc/hosts. author's personal favorite- but slightly more A very important point about vc.sh is that it difficult to implement). uses the semicolon in the filename. The semi The biggest drawback to this idea is that if colon is a special character because it's also a you have files in multiple locations with the statement separator in Solaris. So it's important same name, they'd get mixed up with one to escape the semicolon when using it. That is another in the backup directory. However, to say, when you want to copy or remove a file Inside Solaris with the semicolon, you need to use a backslash string mode of a file and returns the numeric (\)prior to the semicolon. For example, rm mode. You can see the example in the header. /etc/hosts\;5 and cp /etc/hosts\;4 /etc/hosts. This utility doesn't accept all string modes, If you leave the backslash out of the rm state but it works on almost every file. ment (rm I etc/hosts;5), Solaris will try to Send your updates to the author. This remove I etc/hosts and then execute a program script might well become a function after you called 5. The cp statement would give an error see it's utility. Many programs can use mode. sh because you're trying to copy I etc/hosts to to set the mode of a file. nothing and then execute a program called 4 with a command line argument of I etc/hosts. affects.sh Be careful when using the semicolon in file We discussed the vaporware affects.sh earlier. names! We could use some other character, but The idea is simple, but implementation is a the semicolon looks nice in an ls output. challenge. If you're a weak-in-the-knees shell Holding it all together script programmer, read no further, skip to the next article. The affects.sh program uses Last month, we promised you some string the header function from header.foe to find and rubber bands to hold this all together. The the CALLS and CALLED BY sections, and vc.sh uses a configuration file (the string) and then attempts to determine if the changes you calls another script called mode.sh (the rubber made to the current script have any affect on band) shown in Listing C. Listing D, on page the scripts (if any) in these sections. If so, 10, shows an example vc.cfg configuration affects . sh notifies and asks if you want to edit file-which was created using file.sh. You can the affected files. You could conceivably use change the settings for each user and place this to test program source code as well if the this in their home directory. The VERDIR is location of the code is given. the setting you can use to save the files in a You're a hard-core programmer if you location other than the current directory, as implement this concept. Of course, this is a previously stated. Just give the full path to the recursive procedure because editing changes verdir of your choice such as ${HOME} /verdir. made to the affected script may affect others. The vc. sh script also calls a program called Therefore, affects.sh must trace the CALLED BY mode. sh, which isn't included in the library but linage first and then the CALLS section next. As is necessary for vc.sh to work. It accepts the you can see, this can get really deep, fast. Listing C: mode.sh Listing #!/bin/sh #because we couldn't use 1-7 ############################################################## # and we needed to have a unique number # # tor them. This #SHELL: mode.sh #works out well when used below. # DATE WRITTEN: 03/23/1998 JAF, Sr. case $1 in # DATE UPDATED: "---") NUM:!J;; # PURPOSE: Translate string mode into "--x") NUM=1;; # numeric "-w-") NUM:2;; # USAGE: mode. sh "-wx") NUM=3;; # FLAGS: None "r--") NUM=4;; # ARGUMENTS: String mode (ex. drwxrwxrwx, "r-x") NUM=5;; # -rwsr-xr-x) "rw-") NUM=G;; # RETURNS: Numeric mode (ex. 777, 4755) "rwx" ) NUM= 7; ; # CALLS: N/A "--s" l NUM=11;; # CALLED-BY: N/A "-ws") NUM=13;; # ERRATA: None "r-s") NUM=15;; # LIMITATIONS: Doesn't handle all modes "rws") NUM=17;; # esac ############################################################## get_num() MODE=S1 ( # Other modes can be added to the case USER='echo S(MODE} I cut -c2-4' # statement as needed get_num S{USER} --# -se-tui-d -bi t-s -are- s-et -to -11--1-7 ------------i-t [- S-{NU-M} --g-t -7 -l ----------------- .. www.zdjournals.com/sun January 1999 -Li-stin-g -C:- co-nt-inu-ed- ------------------------------------------ then OUT:'expr S{OUT} + 1900 + S{NUM} \• 10' OUT='expr 3000 + S{NUM} \• 100' else else OUT='expr S{OUT} + S{NUM} \• 10' OUT='expr S{NUM} \• 100' ti ti OTHER:'echo S{MODE} : cut -cB-10' GROUP='echo S{MODE} : cut -c5-7' get_num S{ OTHER I get_num S{GROUP} OUT:'expr S{OUTJ + S{NUM}' it [ S{NUM} -gt 7 l then echo S{ OUT I Listing 0: Example . vc.cfg configuration file CALLS and CALLED BY sections and ask if the user wishes to edit them. Perhaps it will # .vc.cfg store them in a temporary file for later use. #configuration file for vc.sh for Inside Solaris Reader Then Version 2.0 will go full-blown. Feel free MAXVER 5 to code this script and email it to the author. VERDIR . Or, send it to Inside Solaris, as an article for an upcoming issue. The hardest part will be determining if a Summary change made to the current script has any affect on others. This can be accomplished by The edit.shlib is now complete, well almost. checking for an environment variable or file In Solaris, as in all UNIX development, every changes that are in both scripts, and by thing is a work in-progress. As for the library, checking for differences in the flags or com you now have many tools at your fingertips mand line arguments of the scripts. Do you that put you miles ahead of your peers who think that's all it will take? But isn't that don't read Inside Solaris (shameless plug). If enough to make you feel tingly all over? you begin to use the library religiously, you'll Version 1.0 should just list the files in the see just how useful it can be. • ff;t~f~r~)~·.7:.:~··:~~~:=' ..- \~/~~~:,~~~~.:Ir~;~~~;?~~.f'?~;~!·::::~~·~~ · ;·:.·· -.. SOLARIS TU/Ul/UG Improving server apps with scheduling under Solaris by Abdur Chowdhury and Andy Spitzer Wi th system complexity growing each responsible for scheduling when each process day, many machines are performing runs. When a process has reached the end of many different tasks simultaneously. its allotted time slice, or blocks for some rea This sharing of resources can affect the per son, Solaris saves its state and runs the next formance of your system. Understanding how runnable process in the process queue. This the operating system schedules your process gives the appearance of many different pro can help you architect better systems. grams running simultaneously on a single Solaris is a multi-tasking pre-emptive processor. Solaris 2.6 and greater supports operating system. The operating system is two usable process scheduling classes: real time and time-sharing. In this article, we'll describe the concept of I process scheduling, the major differences be ftp.zdjoumals. com/sun __ tween real-time and time-sharing scheduling, and the Solaris API to process scheduling ma- l l_!nsi_de_S_o_la_ri_s_ __________________

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.