科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网服务器频道AIX常见问题整理 (2)

AIX常见问题整理 (2)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

在mkuser.default 文件中的umask属性是八进位,但不要有前置0,所以:   umask=77 正确,转成八进位 077.要编辑整理部分清理,用fwtmp命令先将文件wtmp变成ASCII格式的档案dummy.file。

来源:天新网 2008年6月11日

关键字: 操作系统 文件系统 系统备份 mksysb AIX

  • 评论
  • 分享微博
  • 分享邮件

  利用mksysb进行系统备份有什么好处

  环境 产品:RS/6000

  软件: AIX

  问题 利用mksysb进行系统备份有什么好处

  解答 IBM AIX Unix与其它的 UNIXs 系统相比, 有两个不同的特征:ODM (object database manager) 及 LVM (logical volume manager). 一般而言, 用cpio 或 tar 的指令亦可以备份 volume groups , 但对於完整的系统而言, cpio 及 tar 在 restore 时并不会正确的完成. 而正在使用中的系统,如果企图去执行 restore 的动作, 有可能会造成目前的环境 crash. 利用 mksysb 来备份到磁带时, 可制作一个可开机的磁带, 并且可以正常的还原作业系统的 ODM 及 LVM .

  如何平稳地停止AIX系统运行?

  环境 产品:RS/6000

  软件: AIX

  问题 如何平稳地停止AIX系统运行?

  解答 您可以使用 shutdown 或是 reboot 指令来将服务及系统离线.

  shutdown 指令有许多参数来控制如何停止系统. 依照预设值, 它会警告使用者1分钟, 接着终止运行中的处理程序, 同步化档案系统, 并且停止CPU的动作. 您可以用 -r 参数来使系统关机后立即开机, 或是下 reboot 指令.

  # shutdown -m +5 系统五分钟后关闭至单一使用者模式

  # shutdown -r 关机后重新开机

  # shutdown now 立即关机

  # shutdown -k 放弃关机

  如何解决AIX上不能增加新用户,错误讯息 3004-687

  环境 产品:RS/6000

  软件版本: Aix 3.2, 4.x

  问题 AIX上不能增加新用户,错误讯息 3004-687

  解答 本文供了排除以下错误的建议:

  - 增加新用户出错

  - 错误信息3004-687 表明用户不存在

  --------------------------------------------------------------------------------

  排错建议:

  1. 检查root文件系统是否已满?

  2. 检查:

  - /etc/passwd 文件中是否有空行

  - /etc/passwd 文件中是否部分行语法不正确

  - nobody 使用者是否遗失或其group为-2. 该行应该如下:

  nobody:!:4294967294:4294967294::/:

  3. 如果以上均正确,检查/etc/security目录中的以下档案的权限许可:

  档案 权限

  ------------------------

  .ids -rw-------

  environ -rw-r-----

  limits -rw-r-----

  passwd -rw-------

  user -rw-r-----

  4. 以下的命令对除错也很有帮助(查MAN来获得详细的帮助)

  usrck -t ALL

  pwdck -t ALL

  grpck -t ALL

  5. 在mkuser.default 文件中的umask属性是八进位,但不要有前置0,所以:

  umask=77 正确,转成八进位 077.

  umask=077 错误,转成八进位制 063.

  6. 如果以上都正确,关机并重开进入维护模式,对root 和 user档案系统做fsck。

  在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?

  环境 产品:RS/6000

  软件: AIX

  问题 在Korn Shell中要如何设定 prompt 才会显示出目前所在的目录?

  解答 本文所述方法针对Korn Shell

  把下面这行加入你的 .profile 中:

  PS1='$PWD $ '

  如果你只想显示最後一个部分,可以用

  PS1='${PWD##*/} $ '

  对于JESMSG,在SDSF进入该JESMSG显示屏幕,进行类似于上述2中的操作即可.

  /var/adm/wtmp档案太大怎么办

  环境 产品:RS/6000

  软件:AIX

  问题 /var/adm/wtmp文件保存所有用户登录的讯息,随著时间会增长到很大,/var/adm/wtmp档案太大时怎么办?

  解答 /var/adm/wtmp档案太大时,有时需要清理或编辑整理。

  要清理它,执行cp /dev/null /var/adm/wtmp.

  要编辑整理部分清理,用fwtmp命令先将文件wtmp变成ASCII格式的档案dummy.file:

  /usr/sbin/acct/fwtmp dummy.file,

  编辑之後用

  /usr/sbin/acct/fwtmp -ic /var/adm/wtmp

  再将ASCII文件转变成二进位文件.

  JESMSG显示屏幕,进行类似于上述2中的操作即可.

  2001/06 AIX安全防范有关的补丁(APAR)

  环境 AIX V4.3

  问题 2001/06 AIX安全防范有关的补丁(APAR)

  解答 以下列出了AIX当前(2001/06)的安全防范有关的补丁(APAR)。如果想下载所有这些补丁,可通过在网站 http://techsupport.services.ibm.com/rs6k/fixdb.html上指定以下的一个APAR包号来获得:

  AIX 4.3: IY19897 (updated 6/2001)

  ========================================================

  AIX 4.3 APARs

  IX72045 CDE LOGIN GIVES INVALID USER NAME MESSAGE BEFORE PW ENTERED

  IX72553 SECURITY: VULNERABILITY IN I/O SIGNAL HANDLING

  IX73077 SECURITY: FTP BOUNCE VULNERABILITY

  IX73214 SECURITY: TELNET DENIAL OF SERVICE ATTACK

  IX73438 SECURITY: VULNERABILITY IN DTAPPGATHER

  IX73586 SECURITY HOLE IN FTP, TFTP, UTFTP

  IX73836 /ETC/HOSTS.EQUIV IS ALLOWING WRONG USERS TO LOG IN

  IX73951 SECURITY: ROUTED SHOULD IGNORE TRACE PACKETS

  IX73961 PCNFSD DAEMON UPDATES WTMP FILE INCORRECTLY

  IX74296 PROGRAMS USING LEX GENERATED SOURCE COREDUMP

  IX74599 SECURITY: VULNERABILITY IN DIGEST

  IX74793 SECURITY HOLE IN TN3270

  IX74802 CSH CORE DUMPS WHEN ENV VARIABLE IS LONGER THAN 2K

  IX75275 SECURITY: LOGSYMPTOM FOLLOWS SYMLINKS

  IX75554 SECURITY: TIMEX CREATES INSECURE TEMPORARY FILES

  IX75564 ETHERNET DRIVER PASSES PACKETS TOO SMALL CAUSING CRASH

  IX75566 SECURITY: NON-ROOT USERS CAN CREATE AND BIND TO AF_NDD SOCKETS

  IX75761 BAD FILE HANDLE CAN CRASH LOCK DAEMON

  IX75840 SECURITY: DEAD.LETTER CREATED WITH GROUP PRINTQ

  IX75864 SECURITY: /BIN/MAN CREATES INSECURE TEMPORARY FILES

  IX76015 NFS V2 DOES HANDLE 65535 AS A UID

  IX76039 SECURITY: DPID2 CORE DUMPS IN WORLD WRITABLE DirectorY

  IX76040 SECURITY: SNMPD LOG FILE FOLLOWS SYMLINKS

  IX76049 SECURITY: CDE TRASHINFO FILE CREATED WORLD-WRITABLE

  IX76960 BIND: CERT ADVISORY CA-98.05

  IX76962 BIND: CERT ADVISORY CA-98.05

  IX77338 SECURITY: SORT CREATES INSECURE TEMPORARY FILES

  IX77508 CDE MAILER (DTMAIL) ALLOWS A USER TO READ A MAILBOX WHICH THE

  IX77592 SECURITY: PORTMAP CREATES INSECURE TEMPORARY FILES

  IX78071 IFCONFIG.AT HAVE A WRONG FILE PERMISSIONS

  IX78202 SECURITY: BUFFER OVERFLOWS IN XTERM AND AIXTERM.

  IX78248 SECURITY: VULNERABILITY IN GROUP SHUTDOWN

  IX78349 SECURITY: BAD PERMISSIONS ON /ETC/SECURITY/LOGIN.CFG

  IX78564 SECURITY:LONG FONTNAMES CAN OVERFLOW BUFFERS IN FONTSERVER

  IX78612 SECURITY: BUFFER OVERFLOWS IN XAW AND XMU.

  IX78646 SECURITY: RC.NET.SERIAL CREATES INSECURE TEMPORARY FILES

  IX78719 NFS V2 DOES NOT HANDLE 65535 AS A UID

  IX78732 SECURITY: FILES IN /VAR/DT ARE CREATED INSECURELY BY CDE LOGIN

  IX79136 SECURITY: INSECURE TEMPORARY FILES IN DIAGSUP SCRIPTS

  IX79139 SECURITY: ACLPUT/ACLEDIT CREATE INSECURE TEMPORARY FILES

  IX79679 "RCP SECURITY PROBLEM"

  IX79681 SECURITY: INSECURE TEMPORARY FILES IN CMDMISC SCRIPTS

  IX79682 SECURITY: INSECURE TEMPORARY FILES IN CMDSCCS SCRIPTS

  IX79683 SECURITY: INSECURE TEMPORARY FILES IN CMDTZ SCRIPTS

  IX79700 SECURITY: INSECURE TEMPORARY FILES IN CMDNLS SCRIPTS

  IX79701 SECURITY: INSECURE TEMPORARY FILES IN CMDTEXT SCRIPTS

  IX79857 SECURITY HOLE

  IX79909 NSLOOKUP CORE DUMPS WITH LONG STRINGS

  IX79979 SECURITY: VULNERABILITY IN GROUP SHUTDOWN

  IX80036 SECURITY: CRON CREATES INSECURE LOCK FILE

  IX80387 SECURITY: INSECURE CREATION OF LPD LOCK FILE

  IX80391 SECURITY: INSECURE TEMPORARY FILES IN CMDSNAP SCRIPTS

  IX80447 SECURITY: BUFFER OVERFLOWS IN IMAPD

  IX80470 SECURITY: PTRACE() PROBLEM WITH SET-GID PROGRAMS

  IX80510 SECURITY: DON'T INHERIT CLOSED STDIN,STDOUT,STDERR DESCRIPTORS

  IX80543 SECURITY:LIBNSL BUFFER OVERRUNS

  IX80548 SECURITY: RAS SCRIPTS SHOULDN'T FOLLOW SYMLINKS

  IX80549 SECURITY: /BIN/MORE CREATES INSECURE TEMPORARY FILES

  IX80762 SECURITY: /BIN/VI CREATES INSECURE TEMPORARY FILES

  IX80792 SECURITY: BUFFER OVERFLOWS IN IMAPD

  IX81058 SECURITY: INSECURE TEMPORARY FILES IN CMDBSYS SCRIPTS

  IX81077 SECURITY: TTYLOCK() ALLOWS CREATION OF WORLD-READABLE FILES

  IX81078 SECURITY: INSECURE TEMPORARY FILES IN CMDFILES SCRIPTS

  IX81442 SECURITY: VULNERABILITY IN RPC.TTDBSERVERD

  IX81507 SECURITY: MORE VULNERABILITIES IN PCNFSD

  IX81999 POST COMMAND SHOULD NOT BE SUID

  IX82002 FORCE REXECD USER PRIVILEDGES

  IX83752 SECURITY: VULNERABILITY IN AUTOFS

  IX84493 SECURITY: VULNERABILITY IN SETGID EXECUTABLES

  IX84642 SECURITY: VULNERABILITY IN INFOEXPLORER DAEMON (INFOD)

  IX85233 SECURITY : MAILBOX GETS CORRUPTED

  IX85556 SECURITY: BUFFER OVERFLOW IN FTP CLIENT

  IX85600 BOOTP: CERT ADVISORY

  IX86845 SVCAUTH_UNIX CRASH ON NEGATIVE NUMBER

  IX87016 REMBAK FAILS WHEN INVOKED WITH VERY LONG USERNAME/HOSTNAME

  IX87669 NULL MBUF CAN CRASH SYSTEM IN NFS CODE

  IX87727 STOP UNCOMMENTING RPC DAEMONS IN /ETC/INETD.CONF AFTER NFS

  IX88021 ADD FINGER TIMEOUT

  IX88263 SECURITY: SNAP MAY LEAK SENSITIVE INFORMATION

  IX88633 SECURITY: INSECURE TEMPORARY FILES IN /SBIN/RC.BOOT

  IX89182 LICENSE SERVER HANGS

  IX89415 SECURITY: XAUTH IS BROKEN IN 4.3.X

  IX89419 SECURITY: BUFFER OVERFLOW IN DTSPCD

  IX89687 SECURITY: NFS SCRIPTS CREATE INSECURE TEMPORARY FILES

  IY00892 INSECURE TEMPORARY FILES IN BOS.PERF PACKAGING SCRIPT

  IY01439 SECURITY: INSECURE TEMPORARY FILES IN /ETC/RC.POWERFAIL

  IY02120 SECURITY: BUFFER OVERFLOW IN NSLOOKUP

  IY02397 SECURITY: NON-ROOT USERS CAN USE PTRACE TO CRASH THE SYSTEM

  IY02944 SECURITY: BUFFER OVERFLOW IN "DTACTION -U"

  IY03849 SECURITY: VULNERABILITY IN TTSESSION

  IY04477 SECURITY BUFFER OVERFLOWS IN FTPD

  IY04865 SECURITY: NON-ROOT USERS CHANGE SYS INFO VIA SNMPD

  IY05249 SECURITY: BUFFER OVERFLOWS IN SNMPD

  IY05772 SECURITY: POSSIBLE BUFFER OVERFLOW IN AIXTERM TITLE HANDLING

  IY05851 NAMED8: SECURITY VULNERABILITIES IN BIND

  IY06059 GENFILT CANNOT FILTER PORT NUMBERS >32767

  IY06367 SECURITY: VULNERABILITY IN DTPRINTINFO

  IY06589 BUG IN GET_SEQNUM

  IY06694 SECURITY: ANOTHER BUFFER OVERFLOW IN DTSPCD

  IY06697 SECURITY: RPC.MOUNTD ALLOWS FILENAME DISCOVERY AGAIN

  IY06814 CRASH IN FLTR_IN_CHK() M_COPYDATA()

  IY06817 XDM HAS TROUBLE WITH LONG PASSWordS

  IY07265 CHSEC ALLOWS NON-ADMIN USR TO CHANGE ADMIN USER ATTRIBUTES

  IY07425 IN CERTAIN CASES, LIBQB ROUTINE CAN CAUSE CORE DUMP

  IY07831 SECURITY: BUFFER OVERFLOW IN SETCLOCK

  IY07832 SECURITY: ANOTHER BUFFER OVERFLOW IN PORTMIR

  IY08128 SECURITY: VULNERABILITY IN MKATMPVC

  IY08143 SECURITY: BUFFER OVERFLOWS IN ENQ COMMAND

  IY08606 SECURITY: BUFFER OVERFLOW IN _XAIXREADRDB

  IY08812 SECURITY: BUFFER OVERFLOW IN SETSENV

  IY09514 SECURITY: VULNERABILITY IN FRCACTRL

  IY09941 SECURITY: LOCAL USERS CAN GAIN WRITE ACCESS TO SOME FILES

  IY10250 DHCPSD: SECURITY: D-O-S ATTACK VULNERABILITY

  IY10805 MKATM IS A SHELL SCRIPT AND SHOULDN'T BE SETUID

  IY11067 X SERVER FREEZES DUE TO Dos

  IY11224 SECURITY: BUFFER OVERFLOW IN XTERM

  IY11233 SECURITY: NCS CMDS LINKED WITH INSECURE LINKER ARGUMENT

  IY11450 SECURITY: BUFFER OVERRUN IN MIT KERBEROS LIBRARIES

  IY12147 NON-ROOT USERS CAN ISSUE THE NETSTAT -Z FLAG

  IY12251 SECURITY: POSSIBLE VULNERABILITIES IN ERRPT

  IY12638 SECURITY: BUFFER OVERFLOW IN PRINT CMDS

  IY13753 SECURITY: FORMAT STRING VULNERABILITY IN LOCALE SUBSYSTEM

  IY13780 SECURITY: BUFFER OVERFLOW IN LIBNTP

  IY13781 SECURITY: FORMAT STRING VULNERABILITY IN FTP CLIENT

  IY13783 FORMAT STRING VULNERABILITIES IN GETTY'S ERROR LOGGING FUNCS

  IY14512 DNS CERT ADVISORY FOR SRV &ZXFR BUGS

  IY14537 BUFFER OVERFLOW IN BELLMAIL

  IY15146 SYSLOGD:BUFFER OVERFLOW AND IMPROPER CONTROL CHARACTER ESCAPES

  IY16182 SECURITY: BUFFER OVERFLOW IN BIND8

  IY16214 BUFFER OVERFLOW AND FORMAT STRING VULNERABILITIES IN BIND 4.X

  IY16271 SECURITY: INFOLEAK IN NUMEROUS VERSIONS OF NAMED4 AND NAMED8

  IY17048 SECURITY: POSSIBLE BUFFER OVERFLOW VULNERABILITY IN CRONTAB

  IY17932 SECURITY: IMAPD BUFFER OVERFLOW

  =========================================================

  当运行mksysb时,系统报错:“rootvg is locked”(根卷组被锁定)

  环境 AIX V4

  问题 用户在试图运行mksysb时,得到一个错误信息:“rootvg is locked”(根卷组被

  锁定),导致不能进行备份。

  解答 要解开rootvg,键入以下命令:

  # chvg -u rootvg

  如何在Documentation Search Service中删除文档?

  环境 AIX V4

  问题 当把一个应用安装到服务器时,如果一个文档和它的索引被自动注册到系统中,你必须用uninstall的方式把它删除。如果只是删掉注册的文档或它的索引,它会在search service中保持注册,这将会在查询过程中产生错误信息,因为search service将试图查询已丢失的索引。

  另外,如果你想删除系统管理员手工注册的文档,你必须先从search service中删除其注册状态。

  如何在Documentation Search Service中删除文档呢?

  解答 可以用以下的方式:

  如:这个例子中使用cmds01en 作为索引的例子。

  以 root 登录;

  键入:

  /usr/IMNSearch/cli/imndomap /var/docsearch/indexes -d cmds01en

  键入:

  cp /var/docsearch/indexes/imnmap.dat /usr/docsearch/indexes

  键入:

  /usr/IMNSearch/cli/imnixdel cmds01en

  这样做完后,就可以删掉该文档和它的索引了。

  显示屏幕,进行类似于上述2中的操作即可.

  CDE 不能启动解疑(一)

  环境 AIX V4.x

  问题 在CDE界面登录后,系统挂起或极慢,怎么解决?

  解答 可尝试用以下的方法去解决:

  首先重启机器,并用命令行方式进入。

  1. 用df命令检查是否有文件系统满,特别是/及/var文件系统,如是,请清理或扩大之。

  2. 用如下命令

  hostname

  uname -n

  cat /etc/hosts

  检查是否在机器名的设置上有冲突

  3. 用 smitty mktcpip 命令检查TCP/IP的设置是否正确,如设置了DNS 域名解析,要保证DNS服务器能被访问到。

  如是新装机,网络配置不完善时,建议先不使用DNS。

  4. 如果以上方法还不成功,可以重安装 X11.base.rte, X11.Dt.rte 和 X11.Dt.helpinfo 一试。

  只有root用户可以登录XWindows,但普通用户不能登录, 如何处理?

  环境 软件:AIX V4

  问题 只有root用户可以登录Xwindows,但普通用户不能登录, 如何处理?

  解答 请检查并修改以下文件的访问权限:

  /dev/null (666)

  /dev/lft0 (666)

  /dev/tty (666)

  /dev/console (622)

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章