Friday, February 23, 2018

Thursday, November 02, 2017

OpenZFS ZIL Internals

Very interesting presentation on how ZIL works and on latest improvements in OpenZFS, presented during OpenZFS Developer Summit 2017.

Tuesday, September 12, 2017

Tuesday, July 04, 2017

Sudo and Solaris Privileges

Sudo on Solaris 10 and Solaris 11 allow to specify a privilege set a command will run with. This is very powerful if you want to be more specific in granting only required privileges for a given command, instead of allowing a command to run as root. Although Solaris has additional/different means to achieve the same, which in some cases is better than sudo, but the latter is what most users are familiar with.

For example, the 'fmadm faulty' command requires sys_admin privilege to run.

milek    ALL=()PRIVS="basic,sys_admin" NOPASSWD:/usr/sbin/fmadm faulty
This means that user milek can now run: sudo fmadm faulty
and the command will now work, but it won't run as root - it will execute as user milek with privileges set to basic,sys_admin, which is more secure than allowing the command to run as root.

Tuesday, May 16, 2017

Solaris Open Source bits move to GitHub

Alan Coopersmith blogged about migration of Open Source content available in Solaris from to GitHub. This is definitely an improvement.

The new repositories on GitHub are:

Friday, April 21, 2017

Ebbisland and Extremeparr

Although The Register and others were suggesting Solaris 11 might be affected, it seems not to be the case - according to Oracle Solaris 11 has never been affected be either of them.The Register clarified it as well.

Also if you have a support contract you should have been told this much quicker.

ps. if you have CDE installed on Solaris 10 then there is an IDR available for extremeparr local exploit (again, Solaris 11 is not affected)

Saturday, February 25, 2017

Friday, January 20, 2017

Solaris 11 Continuous Delivery Model

Solaris 11 adopts Continuous Delivery model, which means instead of Solaris 12 there will be Solaris 11.4, 11.5, etc. This is generally a good thing - quicker adoption of new features as most software certified for Solaris 11 should stay certified for the new dot releases, etc. This is also similar to what Microsoft did with Windows.

Oracle also extended Solaris 11 support to 2031.

Friday, October 21, 2016

AI: Distro Constructor and a Custom Script

When building your own AI images with distro_const it is useful sometimes to add a custom script to modify the resulting image. This is easily achievable by adding a custom script to the xml manifest provided to distro_cons.

For example, to change the default password for user jack, add the following checkpoint to the xml file, just before pre-pkg-img-mode checkpoint. 

  Set password to user jack, should match root password
  (if hash contains slashed they need to be backslashed)
      <checkpoint name="lock-jack-account"
         desc="Lock the jack account from login"
         <args>/usr/bin/gsed -i -e 's/jack:.[^:]*:/jack:XXXXXX:/g' 

Tuesday, October 11, 2016

Requiring both GSSAPI and OTP

Darren Moffat blogged about how to force both GSSAPI (or pubkey) and OTP on Solaris in OpenSSH. This works, although is not entirely obvious how to set it up at first.

Friday, July 01, 2016


Oracle released new SPARC S7 CPU and SPARC S7-2 and S7-2L servers. This is really interesting SPARC CPU if you need low-end servers, the first one in many, many years which can compete with x86 both in performance and price. It has some unique features as well.

See launch video.

Various articles on S7:

The Register

Also see some benchmarks already published:

Database: S7 vs x86
Yahoo Cloud Serving Benchmark