Sunday, October 28, 2012

protecting from root

Yesterday my friend called me a bit frustrated and told someone with root access deleted files in his folder.
He asked if there is a way to prevent root from deleting files.
I did a little amount of search and found there is such a way i.e. to use "chattr"

For details you can see the man page as chattr can do a lot many things for you.
Below is the example of setting this so called "immutable" property:


#chattr +i <file>
#chattr -R +i <file>     //recursively
Above command will make the file or directory immutable from root or anyone else. In other words no one will not be able to delete or modify or even create link to this file.
chattr works on ext2 / ext3 filesystems on Linux, other OS have different implementations.

Use "lsattr" to confirm the file properties. Normal "ls" command will not tell anything.


#lsattr
To remove this immutable property:

#chattr -i <file>
Note: The chattr is only available for some Linux based systems and it doesn't work for Solaris.

Friday, October 26, 2012

Notepad++ NppExec plugin

[ Updated on 26th Oct]
Recently I downloaded Borland C++ Compiler 5.5 which is free. Unfortunately IDE is not free and we have to leverage on external editors.
I use notepad++ most of the time and thought of exploring it to use it to compile and run my C++ programs.

There is a plugin called NppExec. You can download and extract the dll to plugin directory.

Press F6 Function key and save the following script:

  1. npp_save
  2. CD $(CURRENT_DIRECTORY)
  3. C:\Borland\BCC55\Bin\bcc32.exe "$(FILE_NAME)"
  4. $(NAME_PART)

And if you want the program to run in its own window :

  1. npp_save
  2. CD $(CURRENT_DIRECTORY)
  3. cmd /c DEL "$(NAME_PART).exe"
  4. C:\Borland\BCC55\Bin\bcc32.exe "$(FILE_NAME)"
  5. NPP_RUN cmd /c "$(NAME_PART)"


Now whenever you need to compile and execute your cpp program it will be useful.
eg:


Borland C++ 5.5.1 for Win32 Copyright (c) 1993, 2000 Borland
NONAME.CPP:
Turbo Incremental Link 5.00 Copyright (c) 1997, 2000 Borland
<<< Process finished.
NONAME
Process started >>>
Hello World !!
<<< Process finished.
================ READY ================
** Borland compiler is decade old better to go for another one :) Ref: wiki


Thursday, October 18, 2012

Identify ALUA on Solaris

When you connect an external Storage Array sometime you might be interested to know whether ALUA is enabled for that Lun which is presented to your Solaris host.

Here are the simple steps to follow :
Luns should be already mapped to Solaris host.
Go to format expert mode using "format -e"
Select the Lun which you want to verify for ALUA
Now select "scsi"
format> scsi

Select "Inquiry"
scsi> inquiry

Inquiry:
    00 00 05 12 45 10 00 02 53 55 4e 20 20 20 20 20     ....E...SUN
    5a 46 53 20 53 74 6f 72 61 67 65 20 37 33 32 30     ZFS Storage 7320
    31 2e 30 20 00 00 00 00 00 00 00 00 00 00 00 00     1.0 ............
    00 00 00 00 00 00 00 00 00 00 00 60 09 60 03 00     ...........`.`..
    03 20 00 00 00 00 00 00 00 00                       . ........

From the above output we get a big chunk of matrix of data.
Looks for byte 6. Inside byte 6 contains scsi Inquiry data.
And ALUA/TPGS information is in bit 4-5
So expanding 0x10 --> 0001 0000 which means ALUA is supported on ZFS 7000 storage.

If Lun reports the bit as 10 or 11  then it supports explicit asymmetric access.
If Lun reports the bit as 00 then no support for ALUA

In shor Support for ALUA ( if the outcome of inquiry bits is as below ):
00 no support

01 Implicit

10 Explicit

11 Implicit and Explicit

Monday, October 8, 2012

Solaris ZFS resilver : do it what is necessary

Some one asked me about ZFS resilver ..
When we replace a disk does resilver do scrub of the pool ?

It is really a good question.
First of all resilver and scrub are mutually exclusive operations i.e. both will not happen at the same time.
But remember resilver itself is a kind of scrub.

When a disk is replaced ZFS resilver operation copies good data to the new device so indirectly we are doing a scrub i.e. reading and validating good data.
Resilver copies only the amount of data that is out of sync.
If resilver is interrupted then if can resume from the same point where it left.

** Resilver is withing affected vdev i.e. it checks data withing the same VDEV and other vdevs will not be checked. If you have more than one vdev then yes there is a need of separate  scrub of whole pool

** Resilver triggers a scrub if it encounters too many checksum errors.

Friday, October 5, 2012

Solaris : Boot in verbose

Today I faced an issue an required to boot my Solaris 11 x86 ( x64 ) box in verbose more.
When i simply tried appending "-v" option to the kernel line in Grub menu it started to show boot progress in verbose mode.
Later after searching Solaris docs I found we need another option ie. "-m verbose"
-v flag will be interpreted by Kernel where as -m verbose is a milestone flag interpreted by SMF.

So finally during boot i was able to see more detailed progress and now we can see which services are being initialized etc.

Check below :
On the Grub menu press "e" to enter the Edit mode :





Edit the kernel line by pressing "e" then enter "-v -m verbose"



Press Return/Enter.
Then press "b" to boot and you are done.