"There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." — Jeremy S. Anderson
Obsolete warning: I stopped using SGI machines in 2003, so this page is getting largely outdated, without even adding to it the many chapter 11 of SGI.
Configuring a new machine
For network configuration using static IPs, change the following files:
/etc/sys_id
<machinename>
/etc/hosts
127.0.0.1 localhost
<machineIP> <machinename> <machinename.domain>
/etc/resolv.conf
domain <domain>
nameserver <DNSIP1>
nameserver <DNSIP2>
/etc/config/static-route.options
$ROUTE $QUIET add net default <gatewayIP>
/etc/config/ifconfig-1.options
netmask 0xfffffc00
Once you get the machine to see the world, login with
Add swap space: "/usr/sbin/mkfile 4g /dev/swap2; /sbin/swap -a /dev/swap2; nedit /etc/fstab" and add the line "/dev/swap2 swap swap pri=3 0 0" in your /etc/fstab.
Exports/mounts: "nedit /etc/exports"
PRNGB, SSL and SSH
SSH replaces all of the following: telnet, rlogin, ftp which should be disabled manually... For copying files securely you are better off using scp which relies on ssh, but otherwise, some useful SSH tricks include:
Login
ssh -X user@remotemachine.com with X-Windows
ssh -Cx user@remotemachine.com on a slow line using compression and no X-Windows
Execute prog on remote machine
ssh user@remotemachine.com "prog"
Copy a file securely to a remote machine
cat file | ssh user@remotemachine.com "cat >file" but you loose the chmod
Or better scp dir/file user@remotemachine.com:dir/file
Copy a file securely from a remote machine
ssh user@remotemachine.com "cat file" >file but you loose the chmod
Or better scp user@remotemachine.com:dir/file dir/file
For copying entire directories between machines with scp
scp -r username@machine:path/dir username@othermachine:path/dir for instance scp -vr billybob@inbred.net:family . to make a local copy of the family directory (notice the dot at the end).
And the best of all, use rsync to synchronise entire directory trees. It builds a database of CRCs by computing it on each side and then moving only the differences themselves (incredibly efficient after the 1st run and secure over ssh).
rsync -Cvaze ssh --delete source_dir/ username@remote_host.com:destination_dir/ to copy from source to destination. It can go thousands of times faster than scp !!! rsync can also be used to synchronize two directories by doing a second call in reverse. There are tons of options.
Increasing system security
/etc/services
You can remoove some of the ports, but it doesn't actually close them, just make them impossible to open via an alias. Opening them via their port number will still work....
/etc/inetd.conf
Remove most services from /etc/inetd.conf, in particular the 'r' services, telnet, ftp, finger... They are either useless or can be better replaced by ssh. Here's a restrictive list:
Run that command and disable all useless services with "chkconfig service off"
showprods -D1
Run the above command an possibly disable unwanted software.
versions
Run the following command: "showprods -D1" and possibly disable unwanted software with versions.
/var/adm/SYSLOG
Look at it regularly and grep it for anything strange.
/var/adm/sulog
Look at it regularly for who impersonates whom, particularly root.
shadow
Enable shadow passwords with pwconv.
ftp
Are you sure ssh/scp is not enough ? If you really must have ftp running:
Log what users are doing and hackers are trying to do with the following line in the /etc/inetd.conf line: "ftp stream tcp nowait root /usr/etc/ftpd ftpd -S -l -l -l -p". Yes, you'll be able to see every single ftp command in the /var/adm/SYSLOG file; but heh, who's talking about privacy here ?
Make sure it's chrooted (man ftp will explain it).
If you have both user ftp and anonymous ftp, make sure there aren't any world writable directories in the ~ftp directory (if you chrooted it properly they can't get out of ~ftp). And the only way to be sure of that, since your users can create them, is to have a cron job call a script such as:
#! /bin/sh
# remove world writable directories
find ~ftp -perm -002 -exec chmod o-w {} \;
# remove group write for ftp or guest
find ~ftp -perm -020 \( -user ftp -o -group guest \) -exec chmod g-w {} \;
If your ftp has important read only directories, an excellent trick is to mount them as read-only NFS. In /etc/exports, put a line with "/dirname machinename.domain localhost"; make an empty dir "mkdir ~ftp/pub/ReadOnly" and finally make the mount with the following /etc/fstab line: "localhost:/dirname ~ftp/pub/ReadOnly nfs ro,intr,bg 0 0". The directory will be visible in ftp://machinename/pub/ReadOnly/ and will be truly read-only, even if the permissions in it say something different.
Hard Drives
Adding a new HD:
Insert the drives and do "scsiha -p <controler number>; ioconfig -f /hw". Yes, the machine can be on.
Create an empty dir for the mount point
For a raid, run ssmgui and mess around with it for hours.
Run toolchest, [System][System Manager] then [Hardware and devices][Disk Manager]
[Initialize] the disk
[Mount] the disk
Samba
Samba is a utility that runs on IRIX and allow it to trade files with PCs on a local network. It is not too easy to intall, every PC needs a registry hack and it is sometimes flaky (particularly in its handling of file permissions), but quite useful.
Remember to registry hack Windows machines to allow for clear text passwords to be sent over the local network. I don't like this but there doesn't seem to be an easy way around it.
Adding a new user to the list of Samba users: "cd /usr/samba; bin/addtosmbpass username <private/smbpasswd >>private/smbpasswd". Then edit private/smbpasswd to make sure there aren't any duplicates. Changing a user's Samba password is achieved with "bin/smbpasswd -U user password"
Tapes
Problems going from IRIX 6.5.8 to IRIX 6.5.11 with our DLT8000. Have to use TS drivers instead of TPS (TS must be turned on manually with chkconfig ts on).
Backups script, with BackupList.txt containing the list of folders to save:
Then do the usual /etc/autoconfig; /etc/reboot; ...; cd /dev; ./MAKEDEV
If the SuperDLT tape drive gives you random errors like I/O error, Device busy or Error 16, just shut down the drive, it should clear the error. Apparently, putting a normal DLT tape into the SuperDLT can sometimes mess up its default density configuration.
Also, those commands might come in handy:
scsicontrol
send scsi commands
scsiha
used to reset and probe scsi bus
stacker
jukebox control
Stack
Fortran program hosing the stack ? 3 complementary solutions:
'unlimit stacksize'
To use all available stack. Put this line in your ~/.cshrc file.
Increase the kernel max stacksize
Add the line 'rlimit_stack_max = 0x40000000 ll' to the file /var/sysgen/stune/ (here increase to 1Gb) or, better, use systune. Run /etc/autoconfig and /etc/reboot.
-static
Make the compiler use the heap instead of the stack with the '-static' option.
Resource files
Some stuff you migh want to add to your ~/.cshrc file:
alias ll 'ls -alF'
alias lc 'ls *.{c,h,cc,hh,inc,f,f90}'
alias ln 'ln -i'
alias psg 'ps -ef | grep'
alias cd.. cd ..
set history = 400
# For interactive shells, set the prompt to show the host name and event number.
if ( (! $?ENVONLY) && $?prompt ) then
if ( -o /bin/su ) then
set prompt="`hostname -s`(`whoami`) \!# "
else
set prompt="`hostname -s`(`whoami`) \!% "
endif
endif
# rwxr-xr-x
umask 022
unlimit stacksize
Job priority
How to control big running jobs so they don't hose all the CPU available ? We typically run jobs that take several days to complete on 4 processor machines, so we want the ability to lower their priority, run them on specific processors, suspend them during the day... Here are a few options:
"nice Job"
Has virtually no effect, even if the job is 100% CPU, no I/O.
"npri -w Job"
Make Job a weightless process that will run only if no other process uses the CPU.
"runon CpuNum Job"
Run a job on a specific processor (0 to 3). Can be combined with npri. Warning, incompatible with cpuset.
"kill -STOP" and "kill -CONT"
Will suspend/resume a running process (which still retain virtual memory, so you may need a very large swap file if you use this a lot).
cpuset
Ability to specify groups of processors and run jobs on them. For instance, do as root:
% cat >TwoCPU.cfg
MEMORY_LOCAL
CPU 2
CPU 3
^D
% cpuset -q TwoCPU -c -f TwoCPU.cfg
Now a user can run a job that will be restricted to processor 2 and 3 (while other processes can still use all 4): "cpuset -q TwoCPU -A Job". In the evening, if you want the job to use all available processors you can release it to all CPUs with: "cpuset -q TwoCPU -d" (as root). But in the morning you cannot put the job back into the bottle of TwoCPU. Warning, if you have some processors configured with cpuset, even non exclusively, you cannot use runon on them.
miser
I haven't looked at it in details, but that's the most complete and complex solution, you can even mothball a process across reboots !
E-mail
Working installation of Qpopper, allowing for Authenticated POP (APOP) retrieval. Compiled with the following:
To add yourself (as a user) to the APOP list, do "popauth" and then type a password (same as your login or a specific one for your email). Then change the option in Eudora to APOP (yeah, it won't work in Netscape or Outlook express).
Scripts
Choice of shell
Use tcsh as a shell script and ksh as a programming script.
Debugging
You can debug (trace) a ksh script by doing "ksh -x script" or writing #! /bin/ksh -x on the first line of the script.
cut vs awk
It is much easier to use "cut -d: -f2-5" than awk/sed for filtering columns.
Time handling scripts
I have some source code on a separate page to manipulate dates in (YY)YYMMDDHHMMSS format.
Where is the script located ?
This will work in the following calling cases:
script.sh # same directory
/path/script.sh # absolute path specified
../subpath/script.sh # relative path specified
script.sh # location found in the PATH variable — DOES NOT WORK !
#! /bin/sh
# Script that determines its own location
current_directory=$(pwd)
cd $(dirname $0)
script_directory=$(pwd)
cd $current_directory
Misc
System updates
Download the various tardists images in /dist/disk[1234] then inst -f /dist/disk1 -f /dist/disk2 -f /dist/disk3 -f /dist/disk4 followed by inst upgrade, conf and go. You can also do this in swmgr
Fot the freeware stuff, you can install over http with inst -f http://freeware.sgi.com/Inst/. Then do keep *, install updated and go
Recommended options for compiling Fortran programs on the SGI 2100:
FFLAGS= -col120 -n32 -mips4 -r12000 -O3 -static
Recommended options for compiling C programs on the SGI 2100:
CFLAGS= -n32 -mips4 -r12000 -O3
Debugging code:
Use option -g instead of -O3 in the Makefile, then run cvd ExeFileName and then type the command line parameters inside the debugger. Basic use is fairly easy; advanced use is... well, advanced.
Immediate power shutdown:
shutdown -y -g0 -p or /etc/reboot. Use -g120 or wall to warn users.
Lost the root password on IRIX ?
Simplest is if you have another SGI handy. Mount the system disk with the missing password as a slave into the other SGI and simply edit the /etc/passwd file. And write the stupid password down !
Adding a user:
/usr/sysadm/privbin/addUserAccount -l username -u UID -g 20 -P -G "Full User Name" -C -H /Users/username -S /bin/tcsh -R and type user password.
Add to Samba with addtosmbpass if PC user.
Add to popauth if Eudora user (must then use APOP and not POP3).
Add to group mailing (see below) list if daily user.
Add client machine to /etc/exports for NFS access if Mac. Update NFS with "exportfs -a; killall -HUP inetd".
Add client machine to /etc/hosts.
Setting up a quick mailing list (for small groups only):
Add the following line in /etc/aliases: "group::include:/etc/group.list" and create a file /etc/group.list with the list of email addresses (complete emails, no aliases). Then run newaliases.
Stuck printer:
If a print job seems to be stuck, do a "lpstat -t" to determine the job (for instance ariane-31415) and then cancel it with "cancel ariane-31415".
Quick cron job modification:
type the following: crontab -l > cron; nedit cron; crontab <cron; rm cron
Mount an ISO image
mount -o loop rh7.2-i386-disc1.iso /mnt
Find what uses a file/devices, use either:
fuser -muv /mnt/cdrom
lsof -t /dev/cdrom
Delete files with odd characters in filename
rm -i * or ls -id *; find . -inum [inode number from ls] -ok rm {} \; will deletes everything in the current directory but ask you for confirmation (yes/no) before each file (allows the shell to do automatic escaping).
Sort IP addresses
sort -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4
Replacing underlines with spaces on all files within a directory
for f in $(ls -1 *_*); do mv "$f" "$(echo "$f" | sed "s/_/ /g")"; done
Replacing underlines with spaces on all files (but not directories) under a directory tree
Repeat the following commands until it tells you '0': find . -type f -name "*_*" | sed -e "s%\(.*/[^/]*\)_\([^/]*\)%mv \"\0\" \"\1 \2\"%" >/tmp/$$; wc -l /tmp/$$; . /tmp/$$
Lost root password
Tsssk! Tssk! Tssk!... Find another SGI, mount the main drive as a slave, edit the /etc/passwd file. Put the HD back.
Unix Books
The Good
The Bad and the Ugly
The UNIX System Administration Handbook, although not concerned with IRIX, is a very valuable source of information gathered from experience. Deals with all the glitches that can happen on a Unix box. It does not replace a Unix book, but it teaches you the politics and pitfalls of system administration.
The UNIX Hater's Handbook, gives some insight as to why Unix is sometimes so flaky (command names ? vi ? X-Windows ?...)
If you program in C, Harbison and Steele's C: A Reference Manual is the best book around; it's not a shelf book since it's always on my desk right at hand. And for security's sake, although it's a bit old: C Traps and Pitfalls by Andy Koenig.
On the other hand, I do not recommend getting The New Kornshell: even the experienced script writer will be at a loss in the details the authors go (it's no introduction to scripting at all). The examples are useless: they never say what they are supposed to do and they never tell you the results. And main criticism: I have yet to find a system where the new kornshell (which came out in 93) is installed... You'd be much better off learning perl through its main twobooks.
Another book to steer clear of: The Programmer's Guide to Fortran 90: a programming book without a single figure or drawing, with the poorest pagination I've ever seen. Impossible to find the options for open() for instance. Worthless. And who wants to see Fortran survive another century anyway ?
![[SgiOctane.jpg]
SGI Octane](Pics/SgiOctane.jpg)
![[DilbertNickel.gif]
Condescending Unix guru](../Humor/Pics/DilbertNickel.gif)
![[DilbertPassword.gif]
Dilbert cartoon](Pics/DilbertPassword.gif)
UNIX System Administration Handbook, although not concerned with IRIX, is a very valuable source of information gathered from experience. Deals with all the glitches that can happen on a Unix box. It does not replace a Unix book, but it teaches you the politics and pitfalls of system administration.
