Summary Shared Memory/IPC settings

From: Kathy Ange <kathyange_at_yahoo.com>
Date: Wed Jun 19 2002 - 09:54:08 EDT
I want to say thank to everyone who responded.  I
really appreciate your help in this manner.  All of
the answers were excellent.
Thanks to 
Charlotte_Ratliff
Jon Andrews
secroft
JESSE CARROLL

First semmap is obsolete in Solaris 8, I had searched
docs.sun.com and found it in Sys Admin Guide Vol 2 so
I thought it was still in use.  I had also searched
Solaris Tunable Parameters Manual but couldn't find it
there before I received an email indicating it was in
the manual.   I still haven't located
c2audit:audit_load = 1 or abort_enable = 0, in the
Solaris Tunable Parameters manual

I knew the system had to be rebooted and had done that
but I hadn't mentioned that fact in my e-mail, so that
could have been the correct answer.

I added a forceload: sys/msgsys to the system file, so
more detail are displayed when I issued the sysdef
command.

Jon describes what the audit_load and abort_enable
below, but the puzzling thing was he indicated he
found the answer with google.  I had also used google
before asking for help, but simply missed the
Functions of the Basic Security Module Script
document. 


Following are the individual answers
I've attached the Solaris Tunable Parameters Manual,
which you can also download from docs.sun.com. This
contains descriptions for the tunables in Solaris 8,
most of which are also in the older releases. I hope
this helps. JC 


Not to be obvious, the to answer the first question,
you have to re-boot for changes to take affect and the
second I have not seen. Scott 


The first one is that the module is not loaded. You
can do this by hand. modload sys/msgsys should do it. 

The last two are not shared memory settings. Quick
google serach yields :- 
131 echo "set c2audit:audit_load = 1" >>
/tmp/etc.system.$$ 
132 echo "set abort_enable = 0" >> /tmp/etc.system.$$ 

Line 132 disables the "Stop-a" keyboard sequence.
Without this line in /etc/system, any user can halt
the system with the aforementioned keyboard sequence. 

Line 131 enables auditing in the kernel and on the
system. A value of 1 enables c2 auditing, while a
value of 0 would disable it. c2audit is a kernel
module, which implements event auditing within the
Solaris OE. (The name c2 originates from a
government-defined security level. In relation to the
Solaris OE, c2 is used as another word for audit.) 

*********************************
The semmap has been obsoleted with Solaris 8, I
believe. You can verify this by going to the
docs.sun.com website and doing a search for tunable
parameters solaris 8. It should give you information
about the configurations and the changes to the
parameters. Hope this helps. -Charlotte 



Original Question Shared Memory/IPC settings 

Our DBA is requesting some shared memory setting that
I can not find documented anywhere.  So this may be an
easy question, but I swear I have tried to figure this
out.

The very latest info on 9IAS version 2, says the
kernel parameters should be (their were others but I
was able to increase their values)
SEMMAP = 64
c2audit:audit_load = 1
abort_enable = 0

For SEMMAP = 64, I add the following line to
/etc/system
set semsys:seminfo_semmap=64
Question Number 1 &#61672; When I issue a sysdef -I
command I can't see the change I made? Sysdef below
(last few lines)
* Streams Tunables
*
     9  maximum number of pushes allowed (NSTRPUSH)
 65536  maximum stream message size (STRMSGSZ)
  1024  max size of ctl part of message (STRCTLSZ)
*
* IPC Messages module is not loaded
*
*
* IPC Semaphores
*
  4096  semaphore identifiers (SEMMNI)
  4096  semaphores in system (SEMMNS)
  4096  undo structures in system (SEMMNU)
  4096  max semaphores per id (SEMMSL)
  4096  max operations per semop call (SEMOPM)
    64  max undo entries per process (SEMUME)
 32767  semaphore maximum value (SEMVMX)
 16384  adjust on exit max value (SEMAEM)
*
* IPC Shared Memory
*
4294967295      max shared memory segment size
(SHMMAX)
     1  min shared memory segment size (SHMMIN)
   512  shared memory identifiers (SHMMNI)
   128  max attached shm segments per process (SHMSEG)
*
* Time Sharing Scheduler Tunables
*
60      maximum time sharing user priority (TSMAXUPRI)
SYS     system class name (SYS_NAME)

Question Number 2 &#61672; I can not find any
information about the last two setting.  I have seen
reference to them in the /etc/system file, but I don't
like adding them in the /etc/system file without
knowing what it does?

Any help or guidance will be appreciated.


=====
Kathy Ange
Virginia Department of Agriculture & Consumer Services
Information Systems
(804) 786-1340 Voice Mail
(804) 786-2110 FAX
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Jun 19 10:01:03 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:47 EST