beautypg.com

Separate name services in zones, Hosts database, User database (passwd, shadow, user_attr) – Sun Microsystems SOLARIS 10 User Manual

Page 52: Services, Projects

background image

Version 3.1-en

Solaris 10 Container Guide - 3.1 4. Best Practices

Effective: 30/11/2009

4.1.9. Separate name services in zones
[ug] Name services include among other things the hosts database and the userids (passwd,
shadow) and are configured with the file /etc/nsswitch.conf, which exists separately in
each local zone. Name services are therefore defined in local zones independent of global zones. The
most important aspects thereto are covered in this section.

If one adopts the recommendation stated in this document that no applications should run in the
global zone, then the global zone also does not need to be integrated into NIS or LDAP. This further
limits access from the outside and reduces the dependency of the global zone from other computers
(name services server).

4.1.9.1. hosts database
[ug] Computers that should be addressable by name must be recorded here. No automatic copy of
/etc/hosts from the global zone takes place when the zone is installed (completely in the sense
that a separate OS environment exists in the local zone). It is of course a better alternative to use a
name service such as NIS, DNS or LDAP. In an automatic installation, this can be set up via a
sysidcfg file.

4.1.9.2. User database (passwd, shadow, user_attr)
[ug] User settings in local zones can be complemented by a name service as with a separate
computer. Care should be taken that user names can be dissimilar in different zones; in particular in
monitoring from the global zone (with ps) the names configured in the global zone are displayed. A
copy of files from the global zone is not recommended, a name service such as NIS or LDAP is more
suitable.
4.1.9.3. Services
[ug] The /etc/services or the corresponding name service must also be adjusted to the
applications running in the zone.

4.1.9.4. Projects
[ug] To locally run resource management using a Fair Share Scheduler, or extended accounting, in a
local zone, the corresponding name service database in /etc/project or the corresponding
name service in the zone must be adjusted.

45