当前页面位置: » 丰搜网 » 文档中心 » 详细内容
aix常见问题整理 (2)
利用mksysb进行系统备份有什么好处
环境 产品:rs/6000
软件: aix
问题 利用mksysb进行系统备份有什么好处
解答 ibm aix unix 与其它的 unixs 系统相比, 有两个不同的特征:odm (object database manager) 及 lvm (logical volume manager). 一般而言, 用cpio 或 tar 的指令亦可以备份 volume groups , 但对於完整的系统而言, cpio 及 tar 在 restore 时并不会正确的完成. 而正在使用中的系统,如果企图去执行 restore 的动作, 有可能会造成目前的环境 crash. 利用 mksysb 来备份到磁带时, 可制作一个可开机的磁带, 并且可以正常的还原作业系统的 odm 及 lvm .
如何平稳地停止aix系统运行?
环境 产品:rs/6000
软件: aix
问题 如何平稳地停止aix系统运行?
解答 您可以使用 shutdown 或是 reboot 指令来将服务及系统离线.
shutdown 指令有许多参数来控制如何停止系统. 依照预设值, 它会警告使用者1分钟, 接着终止运行中的处理程序, 同步化档案系统, 并且停止cpu的动作. 您可以用 -r 参数来使系统关机后立即开机, 或是下 reboot 指令.
# shutdown -m +5 系统五分钟后关闭至单一使用者模式
# shutdown -r 关机后重新开机
# shutdown now 立即关机
# shutdown -k 放弃关机
如何解决aix上不能增加新用户,错误讯息 3004-687
环境 产品:rs/6000
软件版本: aix 3.2, 4.x
问题 aix上不能增加新用户,错误讯息 3004-687
解答 本文供了排除以下错误的建议:
- 增加新用户出错
- 错误信息3004-687 表明用户不存在
--------------------------------------------------------------------------------
排错建议:
1. 检查root文件系统是否已满?
2. 检查:
- /etc/passwd 文件中是否有空行
- /etc/passwd 文件中是否部分行语法不正确
- nobody 使用者是否遗失或其group为-2. 该行应该如下:
nobody:!:4294967294:4294967294::/:
3. 如果以上均正确,检查/etc/security目录中的以下档案的权限许可:
档案 权限
------------------------
.ids -rw-------
environ -rw-r-----
limits -rw-r-----
passwd -rw-------
user -rw-r-----
4. 以下的命令对除错也很有帮助(查man来获得详细的帮助)
usrck -t all
pwdck -t all
grpck -t all
5. 在mkuser.default 文件中的umask属性是八进位,但不要有前置0,所以:
umask=77 正确,转成八进位 077.
umask=077 错误,转成八进位制 063.
6. 如果以上都正确,关机并重开进入维护模式,对root 和 user档案系统做fsck。
在korn shell中要如何设定 prompt 才会显示出目前所在的目录?
环境 产品:rs/6000
软件: aix
问题 在korn shell中要如何设定 prompt 才会显示出目前所在的目录?
解答 本文所述方法针对korn shell
把下面这行加入你的 .profile 中:
ps1='$pwd $ '
如果你只想显示最後一个部分,可以用
ps1='${pwd##*/} $ '
对于jesmsg,在sdsf进入该jesmsg显示屏幕,进行类似于上述2中的操作即可.
/var/adm/wtmp档案太大怎么办
环境 产品:rs/6000
软件:aix
问题 /var/adm/wtmp文件保存所有用户登录的讯息,随著时间会增长到很大,/var/adm/wtmp档案太大时怎么办?
解答 /var/adm/wtmp档案太大时,有时需要清理或编辑整理。
要清理它,执行cp /dev/null /var/adm/wtmp.
要编辑整理部分清理,用fwtmp命令先将文件wtmp变成ascii格式的档案dummy.file:
/usr/sbin/acct/fwtmp < /var/adm/wtmp > dummy.file,
编辑之後用
/usr/sbin/acct/fwtmp -ic < dummy.file > /var/adm/wtmp
再将ascii文件转变成二进位文件.
jesmsg显示屏幕,进行类似于上述2中的操作即可.
2001/06 aix安全防范有关的补丁(apar)
环境 aix v4.3
问题 2001/06 aix安全防范有关的补丁(apar)
解答 以下列出了aix当前(2001/06)的安全防范有关的补丁(apar)。如果想下载所有这些补丁,可通过在网站 http://techsupport.services.ibm.com/rs6k/fixdb.html 上指定以下的一个apar包号来获得:
aix 4.3: iy19897 (updated 6/2001)
========================================================
aix 4.3 apars
ix72045 cde login gives invalid user name message before pw entered
ix72553 security: vulnerability in i/o signal handling
ix73077 security: ftp bounce vulnerability
ix73214 security: te.net denial of service attack
ix73438 security: vulnerability in dtappgather
ix73586 security hole in ftp, tftp, utftp
ix73836 /etc/hosts.equiv is allowing wrong users to log in
ix73951 security: routed should ignore trace packets
ix73961 pcnfsd daemon updates wtmp file incorrectly
ix74296 programs using lex generated source coredump
ix74599 security: vulnerability in digest
ix74793 security hole in tn3270
ix74802 csh core dumps when env variable is longer than 2k
ix75275 security: logsymptom follows symlinks
ix75554 security: timex creates insecure temporary files
ix75564 ethe.net driver passes packets too small causing crash
ix75566 security: non-root users can create and bind to af_ndd sockets
ix75761 bad file handle can crash lock daemon
ix75840 security: dead.letter created with group printq
ix75864 security: /bin/man creates insecure temporary files
ix76015 nfs v2 does handle 65535 as a uid
ix76039 security: dpid2 core dumps in world writable directory
ix76040 security: snmpd log file follows symlinks
ix76049 security: cde trashinfo file created world-writable
ix76960 bind: cert advisory ca-98.05
ix76962 bind: cert advisory ca-98.05
ix77338 security: sort creates insecure temporary files
ix77508 cde mailer (dtmail) allows a user to read a mailbox which the
ix77592 security: portmap creates insecure temporary files
ix78071 ifconfig.at have a wrong file permissions
ix78202 security: buffer overflows in xterm and aixterm.
ix78248 security: vulnerability in group shutdown
ix78349 security: bad permissions on /etc/security/login.cfg
ix78564 security:long fontnames can overflow buffers in fontserver
ix78612 security: buffer overflows in xaw and xmu.
ix78646 security: rc.net.serial creates insecure temporary files
ix78719 nfs v2 does not handle 65535 as a uid
ix78732 security: files in /var/dt are created insecurely by cde login
ix79136 security: insecure temporary files in diagsup scripts
ix79139 security: aclput/acledit create insecure temporary files
ix79679 "rcp security problem"
ix79681 security: insecure temporary files in cmdmisc scripts
ix79682 security: insecure temporary files in cmdsccs scripts
ix79683 security: insecure temporary files in cmdtz scripts
ix79700 security: insecure temporary files in cmdnls scripts
ix79701 security: insecure temporary files in cmdtext scripts
ix79857 security hole
ix79909 nslookup core dumps with long strings
ix79979 security: vulnerability in group shutdown
ix80036 security: cron creates insecure lock file
ix80387 security: insecure creation of lpd lock file
ix80391 security: insecure temporary files in cmdsnap scripts
ix80447 security: buffer overflows in imapd
ix80470 security: ptrace() problem with set-gid programs
ix80510 security: don't inherit closed stdin,stdout,stderr descriptors
ix80543 security:libnsl buffer overruns
ix80548 security: ras scripts shouldn't follow symlinks
ix80549 security: /bin/more creates insecure temporary files
ix80762 security: /bin/vi creates insecure temporary files
ix80792 security: buffer overflows in imapd
ix81058 security: insecure temporary files in cmdbsys scripts
ix81077 security: ttylock() allows creation of world-readable files
ix81078 security: insecure temporary files in cmdfiles scripts
ix81442 security: vulnerability in rpc.ttdbserverd
ix81507 security: more vulnerabilities in pcnfsd
ix81999 post command should not be suid
ix82002 force rexecd user priviledges
ix83752 security: vulnerability in autofs
ix84493 security: vulnerability in setgid executables
ix84642 security: vulnerability in infoexplorer daemon (infod)
ix85233 security : mailbox gets corrupted
ix85556 security: buffer overflow in ftp client
ix85600 bootp: cert advisory
ix86845 svcauth_unix crash on negative number
ix87016 rembak fails when invoked with very long username/hostname
ix87669 null mbuf can crash system in nfs code
ix87727 stop uncommenting rpc daemons in /etc/.netd.conf after nfs
ix88021 add finger timeout
ix88263 security: snap may leak sensitive information
ix88633 security: insecure temporary files in /sbin/rc.boot
ix89182 license server hangs
ix89415 security: xauth is broken in 4.3.x
ix89419 security: buffer overflow in dtspcd
ix89687 security: nfs scripts create insecure temporary files
iy00892 insecure temporary files in bos.perf packaging script
iy01439 security: insecure temporary files in /etc/rc.powerfail
iy02120 security: buffer overflow in nslookup
iy02397 security: non-root users can use ptrace to crash the system
iy02944 security: buffer overflow in "dtaction -u"
iy03849 security: vulnerability in ttsession
iy04477 security buffer overflows in ftpd
iy04865 security: non-root users change sys info via snmpd
iy05249 security: buffer overflows in snmpd
iy05772 security: possible buffer overflow in aixterm title handling
iy05851 named8: security vulnerabilities in bind
iy06059 genfilt cannot filter port numbers > 32767
iy06367 security: vulnerability in dtprintinfo
iy06589 bug in get_seqnum
iy06694 security: another buffer overflow in dtspcd
iy06697 security: rpc.mountd allows filename discovery again
iy06814 crash in fltr_in_chk() m_copydata()
iy06817 xdm has trouble with long passwords
iy07265 chsec allows non-admin usr to change admin user attributes
iy07425 in certain cases, libqb routine can cause core dump
iy07831 security: buffer overflow in setclock
iy07832 security: another buffer overflow in portmir
iy08128 security: vulnerability in mkatmpvc
iy08143 security: buffer overflows in enq command
iy08606 security: buffer overflow in _xaixreadrdb
iy08812 security: buffer overflow in setsenv
iy09514 security: vulnerability in frcactrl
iy09941 security: local users can gain write access to some files
iy10250 dhcpsd: security: d-o-s attack vulnerability
iy10805 mkatm is a shell script and shouldn't be setuid
iy11067 x server freezes due to dos
iy11224 security: buffer overflow in xterm
iy11233 security: ncs cmds linked with insecure linker argument
iy11450 security: buffer overrun in mit kerberos libraries
iy12147 non-root users can issue the.netstat -z flag
iy12251 security: possible vulnerabilities in errpt
iy12638 security: buffer overflow in print cmds
iy13753 security: format string vulnerability in locale subsystem
iy13780 security: buffer overflow in libntp
iy13781 security: format string vulnerability in ftp client
iy13783 format string vulnerabilities in getty's error logging funcs
iy14512 dns cert advisory for srv & zxfr bugs
iy14537 buffer overflow in bellmail
iy15146 syslogd:buffer overflow and improper control character escapes
iy16182 security: buffer overflow in bind8
iy16214 buffer overflow and format string vulnerabilities in bind 4.x
iy16271 security: infoleak in numerous versions of named4 and named8
iy17048 security: possible buffer overflow vulnerability in crontab
iy17932 security: imapd buffer overflow
=========================================================
当运行mksysb时,系统报错:“rootvg is locked”(根卷组被锁定)
环境 aix v4
问题 用户在试图运行mksysb时,得到一个错误信息:“rootvg is locked”(根卷组被
锁定),导致不能进行备份。
解答 要解开rootvg,键入以下命令:
# chvg -u rootvg
如何在documentation search service中删除文档?
环境 aix v4
问题 当把一个应用安装到服务器时,如果一个文档和它的索引被自动注册到系统中,你必须用uninstall的方式把它删除。如果只是删掉注册的文档或它的索引,它会在search service中保持注册,这将会在查询过程中产生错误信息,因为search service将试图查询已丢失的索引。
另外,如果你想删除系统管理员手工注册的文档,你必须先从search service中删除其注册状态。
如何在documentation search service中删除文档呢?
解答 可以用以下的方式:
如:这个例子中使用cmds01en 作为索引的例子。
以 root 登录;
键入:
/usr/imnsearch/cli/imndomap /var/docsearch/indexes -d cmds01en
键入:
cp /var/docsearch/indexes/imnmap.dat /usr/docsearch/indexes
键入:
/usr/imnsearch/cli/imnixdel cmds01en
这样做完后,就可以删掉该文档和它的索引了。
显示屏幕,进行类似于上述2中的操作即可.
cde 不能启动解疑(一)
环境 aix v4.x
问题 在cde界面登录后,系统挂起或极慢,怎么解决?
解答 可尝试用以下的方法去解决:
首先重启机器,并用命令行方式进入。
1. 用df命令检查是否有文件系统满,特别是/及/var文件系统,如是,请清理或扩大之。
2. 用如下命令
hostname
uname -n
cat /etc/hosts
检查是否在机器名的设置上有冲突
3. 用 smitty mktcpip 命令检查tcp/ip的设置是否正确,如设置了dns 域名解析,要保证dns服务器能被访问到。
如是新装机,网络配置不完善时,建议先不使用dns。
4. 如果以上方法还不成功,可以重安装 x11.base.rte, x11.dt.rte 和 x11.dt.helpinfo 一试。
只有root用户可以登录xwindows,但普通用户不能登录, 如何处理?
环境 软件:aix v4
问题 只有root用户可以登录xwindows,但普通用户不能登录, 如何处理?
解答 请检查并修改以下文件的访问权限:
/dev/null (666)
/dev/lft0 (666)
/dev/tty (666)
/dev/console (622)
