“ash” the Aware Shell

I started to upgrade my systems to Solaris 11  and ran into a few issues.  We all get used ot how things work and sometimes you can’t gauge the impact of the change until you are trying to do something and it doesn’t work the same way.  Two things that  I used to take care of without much thought reminded me about software change and fan out. Maybe fan out is the wrong term.  More on this later.

  1. Recovering a system when you don’t have root
  2. ssh as root yes I know we need to switch to pfexec eventually

Recovering a root password

I don’t have an answer for this one. If you are putting in a password be very careful and don’t  try to not use any  keys other than the characters that are part of the password. There is a bug that seems to explain it.

Users Created During Text Installation Can End Up With an Incorrect Password (6998650)

Either or both, the primary user and the root user, might end up with an invalid password when using the text installer.

Workaround: During installation, you have to enter the root password and the user password before you get to the Summary screen. At this point, make sure you begin the installation without returning to the Users screen. If the installation has already been completed and you are unable to log in using the given password, use one of the following workarounds:

  1. Re-install the OS.
  2. Manually modify the /etc/passwd file on the newly installed ZFS pool by booting from an external media.

The directions described here are no longer relevant — http://docs.sun.com/app/docs/doc/821-1479/gklaa?a=view — there has to be a better way to get documentation and code to be in sync. More on this later. I was able to boot with alternate media but I was unable to import the ZFS system, the current search hits don’t seem to  work for Solaris 11. I still need to find an answer. I don’t see how anyone doing system admin type things can survive without being able to do this one demand.

SSH Access as root

It appears that you can no longer just configure ssh configuration files , put the key in authorized keys and modify sshd_config with a restart. I had to add the following lines to PAM.

sshd-pubkey     account requisite       pam_unix_account.so.1

It took at least an hour to add the line above and then verify that it did not add a security vulnerability on my private lan. Often security solutions have a very thick perimeter and that is the only line of defense.

nix command line — how to improve

The reality is that some large number n is performing some operation in a certain way and a change that causes that previous knowledge to no longer be relevant it often costs some unit of N, maybe on average once 10% of the Ns have figured it out the search engines provide the answer. What would a general solution to this issue look like? The issue is that one needs to find out where to ask the question when the search engines don’t really have the answer yet because the issue is new or not popular enough. I rarely go to page 3 as if page 3 ever has anything relevant.

Working on nix system it is becoming increasing difficult to understand what the implications of actions are. On systems like Windows and Mac the UI programs tend to do what is right and hopefully warns you about the implications or or they simply hide it you don’t know in many cases. On nix systems it is rare that a UI configuration program exists in the area you may need to work in. The nix CLI, man Page, and Error reporting needs a major architectural work. I would like to see the following

  • Shell records all your actions and errors
  • Shell searches the internet while you are working suggesting changes
  • Error messages are always searched for and shell contributes to an anonymous service for collection of error messages
  • all services start to come with what dynamic state diagrams showing what happens
  • Man pages become hyperlinked to relevant sources
  • Date stamps and version indications are indicated on pages to point out which ones may or may not be relevant

The nix shells have done a great job to now and can  be augmented with additional capabilities. I wish I had the time to work on  “ash” the Aware Shell