NOVA - For the NeXT Workstation

home *** CD-ROM | disk | FTP | other *** search

/ NOVA - For the NeXT Workstation / NOVA - For the NeXT Workstation.iso / Newsletters / GEnieUnixNews / unxnl-04.91 < prev next >

Wrap

Text File | 1992-12-27 | 22KB | 470 lines

_ __ _ _ __ _ __ // / //| // || \\| N E W S //_/ // |// || |\\ Vol 2, Issue 2 - April 1991 R o u n d T a b l e Items of interest to participants of the GEnie Unix RoundTable The RoundTable SysOps are: Dave Weinstein......OLORIN Brian Riley.........DELPHI Gary Smith..........GARS Chris North-Keys....HARP Rick Mobley.........LRARK All Unix SysOps.....UNIXSYSOPS$ We strongly encourage you to contact any or all of us if you have -ANY- comments or suggestions. This is -YOUR- RoundTable. We are here to make your participation as pleasant and beneficial as possible. ED: editor notes - request repeated. -- One among us is not very persuasive. In the last newsletter I issued a call for recommendations of groups and organizations that might provide a synergistic addition to the GEnie Unix RoundTable. 'C' Users Group was offered as an example. They are actually an excellent model. C is the companion language of Unix, so there would be an interest among our user base, yet this group could not be reasonably expected to support an entire RoundTable on their own. The obvious solution would be a dedicated self- managed Category here in the Unix RoundTable, subject only to the rules and regulations imposed by GEnie. Either none among you can think of a single prospect, or I failed to convince you of our sincere desire to enhance this area in such a manner. I will assume for the moment I am just a lousey salesman, and this time I will plead for input. Please e-mail your suggestions for prospective alliances to UNIXSYSOPS$. P L E A S E ! Thanks, Gary GUI Article ----------- by Dave Weinstein (OLORIN) Graphical User Interfaces (the G standing for other things depending on how long I've been trying to get a bug out of a project). Now one of the hottest buzz-words to strike the community in years. And, surprisingly, most of the hype is reasonably accurate. Customers _do_ want the windows and scroll bars and buttons and mice. And with more than a million copies of MicroSoft Windows 3.0 sold, they'll be getting them in large numbers. Right. So what does all this have to do with Unix anyway? Well, X runs under NeXT Step. X runs under Windows 3.0. A/UX plugs into the Maxc toolkit. Windows and windowing systems are becoming standard on Unix boxes of all shapes and colors. But, since character based applications do run as windows under most of the various windowing systems, is it worth the enormously higher development time and cost for putting together a windowed application? It probably is. For one thing, that cost is going down, as more and more skilled programmers become familiar with GUIs and the paradigm shifts involved in programming, the cost of hiring one (or for that matter finding one) should go down. Moreover, new generations of tools are coming out, several libraries have been released which allow code to be written which will run (with little or no modification, at least theoretically) under X, Windows 3.0, the Macintosh, the NeXT. This brings the cost of development down dramatically because the expense is paid only once for multiple platforms. But most importantly, windowed applications are an important asset in selling a product. Many potential clients are at least familiar with Windows or the Mac interface, many prefer them. And being able to provide that sort of an interface, even if there are few differences between the "GUI User Frueiendly Fifth Generation BuzzWord Overload" version and the character based version, will make more people willing to look at the product you sell, and even more willing to buy. --Dave SECURITY : -------- The following is a security checklist for users of Ultrix (tm) that appeared as a sidebar to an article on security in the April 1991 issue of "DEC PROFESSIONAL" authored by Philip E. Bourne, Ph. D., and Janie Weiss. It is reproduced here by permission of Professional Press, 101 Winner Road, Horsham, PA 19044. Permission granted by Lou Pilla, Managing Editor. contents copyright 1991 Professional Press. While some items on this list are Ultrix specific, the vast majority apply to any Unix platform. Gary (GARS) - The following suggestions, aimed at users, can provide security for an individual's files: [] Don't run other users' programs unless you own them. [] Don't run programs from unknown sources. [] Avoid "dumb" passwords. [] Maintain correct file and directory protections. [] Use file encryption for sensitive files. [] Periodically monitor files for problem signs. [] Take special care of hidden files, e.g. .profile, .cshrc and .netrc. - The following suggetions, aimed at the system administrator, can provide security for the entire system: [X] General Security... [] Don't ever run a user-owned program as "root". [] Don't put current directory first in PATH list, especially for "root". [] Invoke 'su' only when absolutely necessary, and then use the absolute pathname /bin/su. [] Make sure /usr/adm/sulog is 600 mode and owned by "root". [] Be wary of software from an unknown source. [] Run auditing. [] Use the trusted path feature. [X] Account Security... [] Develop a password policy and distribute it to all users. [] Always use 'edpath' and 'vipw'. [] Use 'chsh' and 'chfn' whenever possible. [] Avoid defining captive accounts. [] Turn on accounting. [] Use UPGRADE or ENHANCED security levels. Otherwise: 1. Remove all "idle" guest accounts. 2. Remove all null password fields. 3. Don't allow group accounts. 4. Implement password controls, e.g., aging, maximum and minimum length. [X] Network Security... [] Be sure /etc/hosts.equiv contains only local hosts and no "+". [] Be sure /etc/hosts contains no "+". [] Decide whether .rhosts files are permitted. [] Include only local hosts in the "root" .rhosts file. [] Have only "console" lebeled as "secure" in /etc/ttys (servers only). [] Don't export NFS filesystems to the world. [] Don't include a "decode" alias in the aliases file. [] Don't have a "wizzard" password in sendmail.cf. [] Don't have a "debug" command in sendmail. [] Be sure modems and terminal servers handle hangups correctly. [] Control LAT usage. [] Pay special attention to UUCP, tip and cu. [] For DECnet ULTRIX, consider whether to have the "guest" account. [] Decide whether to support anonymous FTP. [X] DECwindows Security... [] Control who can access your display. [] Consider using secure keyboard mode. [] Software-lock your workstation when it is unattended. [X] Filesystem Security... [] Check protections and ownership of all system files. [] Don't permit 'setuid' or 'setgid' shell scripts. [] Check all "nonstandard" 'setuid' or 'setgid' programs for security. [] Remove 'setuid' bit from /usr/etc/restore. [] Don't have the sticky bits set on world-writable directories. [] Have the proper 'unmask' value on the "root" account. [] Have correct protection modes on devices in /dev. [] Be wary of users bearing private filesystems. [X] Backups... [] Take level 0 dumps at least monthly. [] Take incremental dumps at least biweekly. [] Be careful of ownership of restored files. FAST and NASTY, DOWN and DIRTY: quick fix scripts that do something -------------------------------- by Gary (GARS) Here are some insider tips on how to create BASIC-like for/next loops using Korn and Bourne shells: In article <robtu.670879801@mexia> robtu@itx.isc.com (Rob Tulloh) writes: >In the version of ksh running on the RS/6000, the following is possible: > >typeset -i FILES=10 >while [ $i -gt 0 ] ; do > # body of loop > FILES=FILES-1 >done > >The typeset -i forces FILES to be interpreted as an integer and allows >you to forgo the use of $var and the let syntax. In fact, my ksh comes with an exported alias for typeset -i named "integer" So I can say: integer FILES=10 -- Art Kamlet a_s_kamlet@att.com AT&T Bell Laboratories, Columbus In an article, ux.acs.umn.edu!edh (Merlinus Ambrosius) writes: >In sh, I'd like to do something like a BASIC for loop. Say I have $FILES >set to some number, and I'd like to go through a loop $FILES times. Can >this be done in sh? count=10 i=0 while [ $i -lt $count ] do i=`expr $i + 1` echo "This is iteration $i" done -- Michael Stefanik, MGI Inc, Los Angeles | Opinions stated are never realistic Title of the week: Systems Engineer | UUCP: ...!uunet!bria!mike ---------------------------------------------------------------------------- If MS-DOS didn't exist, who would UNIX programmers have to make fun of? Tips from Group Talisman ------------------------ (a.k.a. strange things to do with Unix when you're bored.) by: Christopher A. North keys (HARP) Part I: A Csh alias for safer removes. There are several distinctive things about this particular alias. Firstly, if this alias is named so as to override the standard `rm' command, it is still far safer than aliasing `rm' to `rm -i', because it encourages use of pattern matching, and discourages running `rm *' by default and depending on its asking y/n for each file. Secondly, this alias is far less irritating than `rm -r'-style aliases, in that a single y/n answer is sufficient, where 20 or 30 might have been required using -i. Lastly, if you discover the hard way one day that the alias was *missing* when you did your `rm' command, at least you would have picked up the habit of using the right file-matching patterns before, and the raw `rm' command was still have done only what you desired. Note that if you call this command something besides `rm', and if your search path is set with the `.' *after* directories like /bin and /usr/bin, then `ls' and `rm' are sufficient command names within the alias. If there is *any* chance of their getting masked by other aliases or by commands in the current directory, then use full pathnames. alias r '/bin/ls -FCA \!*; echo -n 'remove?'; if ("$<" == "y") /bin/rm -r \!*' Part II: Avoiding core dumps in particular directories. Core dumps are files written out by Unix when a program detonates in a particularly ugly manner. These files are invaluable for debugging, especially if the program had been compiled with debugging symbols included, as in `cc -g -o program program.c'. A debugging session can be started with a command like `dbx program core', where core is the traditional name of the core dump left by your program. A core dump contains just about everything that was part of the program when it was running. All the code, values of variables, what part was executing, the stack, etc. Once, while using a GNU Emacs to edit a paper I was helping my sister write, the network began thrashing in a really *big* way, eventually causing the Emacs to core dump while trying to write out the file we were working on (it takes a lot to get an Emacs to crash and dump core...). After the network recovered, we use a new Emacs to edit the core dump of the last one, found the section in the core where the file we'd been editing was, and saved the text out to disk. Useful. The problem with core dumps is that they can be really huge, like eight megabytes or more on some systems, and it follows that you might not always want to let programs dump themselves into your user space when they have a problem. The usual solution is to set `ulimit coredumpsize 0' (in csh) or its equivalent. This indicates that no core dumps are allowed. Problem: what if you only want to prevent core dumps in a particular directory, say you home directory? ln -s /dev/null core Any core dump into this directory will be redirected by the symlink to /dev/null, never to be seen again. However, if you're in a subdirectory working on a new program, the core dumps you will probably want to use are still allowed and available. -Christopher Alex. BUILDING your PLATFORM: ---------------------- CONFIGURATION ( fellow SysOp Brian Riley (delphi) continues his discussion on how to customize the U/A on a Unix system using a 3b1 as his model) * editor's note: part 1 of this series is available in UNXNL-10.90 part 2 is available in UNXNL-01.91. Both newsletters are posted in library 1 of the GEnie Unix RT software libraries. --------------- Customizing the User Agent (tm) on the Unix Pc (tm) by Brian T. Riley (DELPHI) Part 3 Lets start this time with the login option. There is a little known ( and little used ) feature of the "login" program that allows us to do fancy things in our .profile when we log in. The Login program has the capabilaty to expand the environment two ways when a person logs in. The first is in the form of "Var=value" such as TERM=vt100. This allows users who log in at different terminals to specify their terminal type when they log in. This works fine on most Unix systems, however the Unix-pc is a little different since it prompts the user for a terminal type, therefore, it is not usefull to us. The second method is very usefull to us and much easier to use. The second method states that any values specified after the login name (but not in the form of "Var=value") will be assigned to a variable of the form "Lx" where x starts with 0 and is incremented when annother is needed. As an example, suppose we did this; Login: brian u <ret> then in our .profile we did this; LOGINVAR=$L0 echo "LOGINVAR=$LOGINVAR" This is what would happen; Login: brian u <ret> Password: LOGINVAR=u $ Now that we know how it works, lets make it work for us. The standard .profile for the Unix-pc contains the following entry; #sccs "@(#)install:.profile 1.3" if [ "$SHFLAG" != 1 ] then exec /usr/bin/ua fi Lets make a simple change to this if - then statement that makes it a little more flexable. #sccs "@(#)install:.profile 1.3" if [ "$L0" != "u" ] then exec /usr/bin/ua fi This now gives us a choice when we log in to run the UA or not just by placing a "u" after our login name. This feature can be very usefull, and is limited only by our imagination and our shell programming ability. Next, we will explore some of the more usefull features of the Korn Shell. The Korn Shell (ksh) was written by David Korn at Bell Laboratories to add capabilities similar to the C-Shell while maintaining compatability with the Bourne Shell. Among the features is added capability to the "set" command. Some of these are shown below. -a All export. Any variable set will be exported automatically. -o x option Specify options such as command line editing mode ( vi, emacs, gmacs) These two options give us a lot of capability in a minimum of programming . By entering the next line at the beginning of our .profile; set -ao vi any variables we set in the .profile or from the command line will automatically be exported to the system environment and we will have command line editing using "vi" syntax. Now, lets explore this "command line editing" a little more. How many times have you been typing in a long and complex command sequence and realized that you miss-spelled one of the earlier commands at the beginning of the line? If you're like me, once is too many times! Well , with the Korn shell you don't have to start over, you just press escape and use the line editing commands of vi to go back and correct it., then go back to the end of the line and continue on!!! ( this assumes you are useing the vi mode for command line editing) Annother nice feature of ksh is command recall, this means that commands that you have already executed can be brought back and edited or just re-executed. This feature is also controlled by the editor mode you have chosen. Vi mode uses "j" to go forward in the list and "k" to go backwards. You must press escape first to get into line editing mode. Two variables control command history. They are "HISTFILE" and "HISTSIZE". HISTFILE should be set to the name of the file that will hold the previously executed commands. HISTSIZE is set to the number of previously executed commands that are available to this shell, the default is 128. My .profile has the following entries; #sccs "@(#)install:.profile 1.3" set -amh -o vi umask 000 VISUAL=/usr/bin/vi PCOMM=$HOME/Pcomm ROGUEOPTS="name=Delphi" ENV=$HOME/.ksh.hist HISTSIZE=24 > $HISTFILE if [ "$L0" != "u" ] then exec /usr/bin/ua fi We will explore more features of the Korn Shell next time,and I will explain the other entries in my .profile, but see if you can figure them out in the mean time. :) Now we will find out why Installable files are so usefull and how they work. An installable file is actually a cpio archive containing all of the files required to install a package on the Unix-pc or create an installable disk. It requires certain files to be present in a specific order at the beginning of the archive. These are; Size - This contains a number representing the total size of all files in the File. Name - This contains the name of the package that will be used in the Installed Package list of the UA. Remove - This contains the shell script needed to remove the package. Install - This contains the script needed to install the package. Files - This contains a list of all files in the package in the correct order. The rest of the files in the package are added after these files in the order specified in the Files file. All path names are relative to the current directory. ( I.E. no "/" at the beginning of the path name). To install a package you must select Administration, then Software Setup, then Install Software sent by Electronic Mail. The first thing that happens is the file is copied to a newly created directory - /tmp/installed , and then extracted. Your system is then checked to see if there is enough space to install it. If so you are given the option of creating a backup of the package on an installable floppy. You must have a formatted floppy or the script will fail. Next the Install script from the package is executed and the package is installed. Finally the name of the package is added to the Uninstall menu, the UA is updated and the original files and the /tmp/installed directory are removed. Note that the original Installable file is also removed so you can't just uninstal t and start over! The best way to learn about Installable files is to download one from the Library section of the Unix-Rt and take it apart. Just search the library for files with the keyword 3b1 or unixpc and look for files with a +IN in the name. Don't forget to uncompress it before you try to install it. Till next time, Have fun with the 3B1. :) Brian T. Riley Delphi@UnixRt brian@jerimy.snide.com --------------- REMINDER - This newsletter is being sent to you 'by request'. If you do not wish to keep receiving it, e-mail a stop notice to GARS. On the other hand, we would very much appreciate it if you would pass the word that we do distribute this item near the tenth (10th) of the month of issue to any- one on GEnie who requests it, and will gladly add any name that is requested via the same route... e-mail to GARS. P L E A S E also remember contributions are most welcome. Please e-mail items and/or suggestions to GARS. (EOF) Trademark and Copyright notices: Unix is a Trademark of AT&T; GEnie, LiveWire, and RoundTable are Trademarks of General Electric Information Services Company; Xenix is a Trademark of Microsoft Corporation; DEC Professional is a Trademark of Professional Press, Mac, MacIntosh and A/UX are Trademarks of Apple Computer, NeXt and NeXt Step, are Trademarks of NeXt, Inc., Windows 3.0 is a proprietary user interface of Microsoft Corporation, C Users Group is a Trademark of R&D Publications, Inc. The contents of this newsletter are copyright (c) 1991 and may be copied whole or in part only if original credit is included. The GEnie UNIX RoundTable is not affiliated with AT&T. ay be copied whole