home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SGI Developer Toolbox 6.1
/
SGI Developer Toolbox 6.1 - Disc 1.iso
/
toolbox
/
FAQs
/
SGIfaqs
/
SGI-Admin-faq
< prev
next >
Wrap
Text File
|
1996-11-11
|
79KB
|
1,969 lines
From: sgi-faq@viz.tamu.edu (The SGI FAQ group)
Newsgroups: comp.sys.sgi.misc,comp.answers,news.answers
Subject: SGI admin Frequently Asked Questions (FAQ)
Supersedes: <admin_786697207@viz.tamu.edu>
Followup-To: comp.sys.sgi.misc
Date: 20 Dec 1994 06:56:33 GMT
Organization: Visualization Lab, Texas A&M University
Lines: 1950
Approved: news-answers-request@mit.edu
Expires: 17 Jan 1995 07:00:07 GMT
Message-ID: <admin_787906807@viz.tamu.edu>
Reply-To: sgi-faq@viz.tamu.edu (The SGI FAQ group)
NNTP-Posting-Host: viz.tamu.edu
Originator: sgi-faq@viz
Archive-name: sgi/faq/admin
Last-modified: Sat Dec 17 12:14:08 CST 1994
SGI admin Frequently Asked Questions (FAQ)
This is one of the Silicon Graphics FAQ series, which consists of:
SGI admin FAQ - IRIX system administration
SGI apps FAQ - Applications and miscellaneous programming
SGI audio FAQ - Audio applications and programming
SGI graphics FAQ - Graphics and user environment customization
SGI hardware FAQ - Hardware
SGI impressario FAQ - IRIS Impressario
SGI inventor FAQ - IRIS Inventor
SGI misc FAQ - Introduction & miscellaneous information
SGI movie FAQ - Movies
SGI performer FAQ - IRIS Performer
SGI pointer FAQ - Pointer to the other FAQs
Read the misc FAQ for information about the FAQs themselves. Each FAQ
is posted to comp.sys.sgi.misc and to the news.answers and comp.answers
newsgroups (whose purpose is to store FAQs) twice per month. If you
can't find one of the FAQs with your news program, you can get it by
anonymous FTP from one of these sites:
viz.tamu.edu:/pub/sgi/faq/
rtfm.mit.edu:/pub/usenet/news.answers/sgi/faq/
ftp.uu.net:/usenet/news.answers/sgi/faq/
Note that rtfm.mit.edu is home to many other FAQs and informational
documents, and is a good place to look if you can't find an answer here.
If you can't use FTP, send mail to mail-server@rtfm.mit.edu with the
word 'help' on a line by itself in the text, and it will send you a
document describing how to get files from rtfm.mit.edu by mail. Send the
command 'send usenet/news.answers/sgi/faq/misc' to get the SGI misc FAQ,
and similarly for the other FAQs. Finally, the FAQs are on the World
Wide Web at
http://www.cis.ohio-state.edu/hypertext/faq/usenet/sgi/top.html
The SGI FAQs are freely distributable and we encourage wide circulation.
You MUST keep the FAQs intact, including headers and this notice. The
contents are accurate as far as we know, but the usual disclaimers
apply. (In particular, copies of the SGI FAQs published on paper or
CD-ROM are certain to be out of date!) Please send additions and changes
to sgi-faq@viz.tamu.edu.
Topics covered in this FAQ:
---------------------------
-1- DIAGNOSTICS
-2- How can I determine which release of IRIX I'm running?
-3- How can I determine my SGI's Ethernet (and/or FDDI) address?
-4- My SGI crashed and generated a file, /usr/adm/crash/vmcore.1. How
can I examine this file to see what crashed my system?
-5- DISKS
-6- How big can a file be?
-7- Why is /debug or /proc full of huge files?
-8- How do I extend an existing filesystem onto a new disk?
-9- How do I know if I need more memory and/or swap space?
-10- How much swap space should I have per megabyte of memory?
-11- How can I increase my swap space?
-12- What are virtual and logical swap space? How do they work in IRIX
3.x, 4.0.x and 5.x?
-13- BOOTING
-14- How can I boot directly into single-user mode?
-15- How can I boot from a non-default disk?
-16- How can I boot my machine using a server on the other side of a
router?
-17- How do I make a bootable tape from an IRIX CD?
-18- Why can't I boot one of the stand-alone programs on a tape or CD?
-19- INSTALLING
-20- Is it possible to remotely install IRIX over a network?
-21- Which IRIX CD is the program 'foo' on?
-22- How can I extract a single file from an 'inst' subsystem?
-23- Why doesn't 'inst' work?
-24- Why doesn't 'inst' work remotely?
-25- I reinstalled an IRIX subsystem to restore a missing file or get
rid of a corrupted file, but it didn't help. Why not?
-26- How can I install IRIX onto a second disk which I can then move
to another machine?
-27- How can I copy my system disk onto a second disk which I can then
move to another machine?
-28- NETWORKING
-29- Why isn't my network working?
-30- How can I measure my network's reliability?
-31- How do I add a static route?
-32- How can I make the 'slip' command advertise the Ethernet address
of the SLIP client?
-33- I've just edited inetd.conf, and nothing changed. Why?
-34- Why can't I 'rdist' files between Suns and SGIs?
-35- Why isn't the objectserver working?
-36- What is sending packets to the sgi-dog.mcast.net multicast
address?
-37- MAIL
-38- How can I set up 'sendmail' to pass 8-bit characters?
-39- Why are my mailbox files changing ownership in IRIX 4.0.x?
-40- Why isn't a valid user getting their mail?
-41- How can SGIs and Suns share a mail spool?
-42- What's an "unknown mailer error"?
-43- What's "mailbox: Error 0"?
-44- Why can't I receive mail on an NFS-mounted mail spool under IRIX
5.2?
-45- NFS
-46- How can I tell what hostname to use in /etc/exports?
-47- Why can't I export an NFS-mounted filesystem?
-48- Why can't Ultrix automount SGI filesystems?
-49- Why does 'tar' work strangely on a filesystem mounted from an
SGI?
-50- Is 'pcnfsd' available for the SGI?
-51- Can I export a CD-ROM from my SGI to a non-SGI?
-52- Why can't I export an ISO 9660 CD-ROM using NFS?
-53- How can I read an IRIX (EFS) CD-ROM on a machine which doesn't
use EFS?
+ -54- How can I get quotas to work on an NFS filesystem?
-55- PRINTING
-56- Why can't 'lp' read my file?
-57- How can I use 'lpr' to print to my local printer?
-58- How can I use 'lp' to print to an 'lpr'-controlled printer?
-59- How can I tell 'lp' to turn banner printing or page reversal off
or on?
-60- SECURITY
-61- Where can I learn about Unix and IRIX security?
-62- How can I check my system for security problems?
! -63- How can I configure IRIX more securely?
-64- How can I log more information about logins?
-65- How can I make an anonymous or restricted FTP account?
-66- How can I get X authorization to work?
! -67- What security-related bugs does IRIX have?
-68- I think I've found a security hole in IRIX; whom do I notify at
SGI?
-69- BUGS
-70- Why is my network license daemon ('netlsd') exiting?
-71- What's this 'iotim' error in my syslog in IRIX 4.0.x?
-72- Why do 'who', 'rusers', etc. show users who aren't really logged
in in IRIX 4.0.x?
-73- Why do some programs parse /etc/fstab incorrectly in IRIX 4.0.5?
-74- Why is my Indigo's Ethernet performance dog-slow under IRIX
4.0.x?
-75- Why is my Indigo getting SIGSEGVs and crashing under IRIX
4.0.5IOP?
-76- Why is my Indigo2 panicking under IRIX 4.0.5?
-77- What's wrong with ftpd in IRIX 5.2?
-78- Why isn't /usr/adm/SYSLOG being updated?
-79- I just edited /etc/inittab, and now I can't start up or shut down
my SGI! What's wrong?
-80- Why does timed say "bind: Cannot assign requested address"?
-81- Why is famd hammering my NFS server?
-82- MISCELLANEOUS
-83- How do I set the number of processes allowed on my machine?
-84- Where can I get a termcap file for 'iris-ansi-net' to install on
my non-SGI system?
+ -85- How can I make my SGI understand strange terminal types from
other Unix systems?
-86- Can I change my full name or login shell without being superuser?
-87- How can I administer my Iris without a graphics terminal?
-88- How can I use the visual admin tools on a system with graphics to
administer a system without graphics?
-89- Can I put my own picture in the 'clogin' display?
----------------------------------------------------------------------
Subject: -1- DIAGNOSTICS
Date: 15 May 94 00:00:01 EST
These questions discuss how to find out things about your system.
------------------------------
Subject: -2- How can I determine which release of IRIX I'm running?
Date: 07 Feb 94 00:00:01 CST
'uname -a' gives you all the kernel info; see the uname(1) manpage
for other options.
Of more general use, since kernels don't always reflect installed
software, is the 'versions' command. 'versions' with no arguments
lists all the installed software subsystems.
IRIX 5.2's System Manager ('chost') has the IRIX version number under
"IRIX Version" and a listing of installed software under "Software"
(the "Show Installed" button).
------------------------------
Subject: -3- How can I determine my SGI's Ethernet (and/or FDDI)
address?
Date: 07 Feb 94 00:00:01 CST
Many thanks to Miguel Sanchez <miguel@oasis.csd.sgi.com> for
providing the original version of the following discussion, and to
Dave Olson <olson@sgi.com> for comments. Andrew Cherenson
<arc@sgi.com> reminded us that all these methods except the first
apply to FDDI as well, but we'll just say "Ethernet" below.
Every system on an Ethernet network must have a unique Ethernet
address for the network to operate properly. The physical Ethernet
address of your system is the unique number assigned to the Ethernet
hardware on your system. This unique number is assigned to the
manufacturer of your Ethernet hardware by the IEEE (formerly by
Xerox, one of the original developers of Ethernet). This is not to be
confused with the IP address, which can be set arbitrarily.
You may need to determine your system's Ethernet address if your
network manager requires it before connecting your system to a
network. How to do so depends on whether IRIX is running and what
operating system version is loaded. Method 1 only provides the
Ethernet address of the primary interface. If you have multiple
Ethernet interfaces (boards) in a system, use method 2, 3, 4 or 5 to
determine the address(es) of any other interface(s).
METHOD 1: eaddr
If IRIX is not running, and the system is a Personal IRIS (4D20,
25, 30, or 35), Indigo, Crimson, Onyx or Challenge, you can
obtain the Ethernet address by typing 'eaddr' (older machines) or
'printenv eaddr' (newer) at the PROM monitor prompt. On some
machines (4D30 or later) you can say 'nvram eaddr' while IRIX is
running to get the same result.
METHOD 2: netstat
Under IRIX 4.0.1 or later, you can use the netstat command. For
example,
% /usr/etc/netstat -ia
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ec0 1500 siligrph luey7 7765678 21648 384477 0 30338
192.48.200.251
192.0.0.1
08:00:69:06:17:c2
lo0 32880 loopback localhost 41438 0 41438 0 0
192.0.0.1
As seen on the fourth address line, the address of the system
luey7's primary Ethernet interface, "ec0", is 08:00:69:06:17:c2.
METHOD 3: arp
You can obtain the Ethernet address of a Silicon Graphics system
by using another system on your network. 'ping' the system whose
Ethernet address you want, then use 'arp'. For example,
% /usr/etc/ping -c 1 luey6
PING luey6.sgi.com (192.48.200.250): 56 data bytes
64 bytes from 192.48.200.250: icmp_seq=0 ttl=255 time=0 ms
----luey6.sgi.com PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
% /usr/etc/arp luey6
luey6 (192.48.200.250) at 8:0:69:6:c:40
%
METHOD 4: NetVizualyzer/FDDIVizualyzer and the like
SGI's NetVizualyzer/FDDIVizualyzer network monitoring software
and at least one public domain equivalent ('netman', at
ftp.cs.curtin.edu.au:/pub/netman/) allow you to find the Ethernet
address corresponding to any IP address. Read the manual.
METHOD 5: System Manager
The Network Setup part ('cnet') of IRIX 5.2's System Manager tool
('chost') shows the Ethernet address of each interface.
4DDN: A Special Case
DECnet uses a one-to-one relationship between the DECnet node ID
and the Ethernet address. If the DECnet address is changed the
Ethernet address is changed. DECnet Ethernet addresses always
start with aa:, so you can identify systems running DECnet with
'arp -a'.
4DDN is Silicon Graphics' DECnet interconnection product. The
Ethernet address of an IRIS running 4DDN will change when 4DDN is
started. Method 1 will return the original Ethernet address for
the system. Methods 2-5 will show the Ethernet address currently
in use.
sysinfo
/etc/sysinfo is intended to return a unique identifier, which on
some machines includes part or all of the Ethernet address. This
is best regarded as an amusing coincidence, like HAL's name in
"2001". Don't rely on it.
------------------------------
Subject: -4- My SGI crashed and generated a file,
/usr/adm/crash/vmcore.1. How can I examine this file to
see what crashed my system?
Date: 12 Jul 94 00:00:01 EST
For a start, you can use 'dbx' like so:
dbx -k /var/adm/crash/{unix,vmcore}.#
t
&putbuf/1000s
Some machines have a special 'dbx' for crash dumps,
/usr/adm/crash/dbx. If it exists, use it instead of /usr/bin/dbx.
The IRIX 5.x Electronic Services package includes a script, 'crpt',
which does this and more automagically. A copy of the IRIX 5.2
version lives at viz.tamu.edu:/pub/sgi/software/crpt/.
------------------------------
Subject: -5- DISKS
Date: 15 May 94 00:00:01 EST
These questions deal with disks and swap space.
------------------------------
Subject: -6- How big can a file be?
Date: 29 Oct 94 00:00:01 EST
SGI EFS filesystems can be up to 8G in size, but a file on an EFS
filesystem can only be 2GB in size.
------------------------------
Subject: -7- Why is /debug or /proc full of huge files?
Date: 10 Dec 93 00:00:01 EST
Those aren't disk files, they're interfaces to running processes.
Read the debug(4) (IRIX 4.0.x) and/or proc(4) (IRIX 5.x) manpages.
------------------------------
Subject: -8- How do I extend an existing filesystem onto a new disk?
Date: 24 Jan 94 00:00:01 EST
Back up the existing filesystem (just in case) then run 'mklv' and
'growfs'. 'mklv' and 'growfs' are nondestructive, so you don't need
to restore the backup unless you screw up. Don't use 'mkfs', which
does destroy existing data.
------------------------------
Subject: -9- How do I know if I need more memory and/or swap space?
Date: 20 Feb 94 00:00:01 EST
If processes are killed due to lack of memory/swap, you need more
memory and/or swap space. If your CPU is always waiting for swapping
(run 'osview' and look at the "%Swap" entry under "Wait Ratio") you
need more memory.
------------------------------
Subject: -10- How much swap space should I have per megabyte of
memory?
Date: 20 Feb 94 00:00:01 EST
An oft-recommended ratio is X memory:2.5 X swap, but this may be too
slow. Decide how much of your favorite program (plus IRIX) needs to
be resident for good performance and how much doesn't, and make sure
you have enough memory for the former and enough memory plus swap for
the latter. Put "rmem" and "swp" in your ~/.grosview file, run
'gr_osview' and run your favorite program to see what it needs.
------------------------------
Subject: -11- How can I increase my swap space?
Date: 26 Jul 94 00:00:01 EST
The Jan/Feb 93 and May/Jun 94 Pipelines have detailed writeups on how
to do this in IRIX 4.0.x and 5.x respectively. The Jul/Aug Pipeline
has a correction to the latter article. If you like you can call the
TAC and have them fax you the very latest version.
------------------------------
Subject: -12- What are virtual and logical swap space? How do they
work in IRIX 3.x, 4.0.x and 5.x?
Date: 05 Jul 94 00:00:01 EST
Two terms whose meanings should already be clear: Physical swap space
is an area on disk, either a partition or (in IRIX 5.x) a swap file.
Virtual memory is the sum of physical memory and swap space.
IRIX 3.x accepts a memory request only if enough virtual memory is
free. Even if a process isn't using most of the memory it requested
(which happens often, e.g. when a large process forks and execs a
small process, or with Fortran 77 programs which allocate all storage
statically), its memory is unavailable to other processes until it
exits. IRIX 3.x has no virtual or logical swap space.
In IRIX 4.0.x, IRIX accepts every memory request, and does not
allocate virtual memory until a process actually tries to use it.
This allows programs which request more memory than they use to run
with much less memory than would otherwise be required. If too many
processes actually use their memory requests so that virtual memory
is in danger of filling up, IRIX kills one or more processes. IRIX
usually kills the process which is using the most virtual memory,
which may well not be the process which most recently requested
virtual memory.
IRIX 5.x works like IRIX 4.0.x, but one can set the amount of virtual
memory which IRIX is allowed to overallocate. This amount is called
"virtual swap space". "Logical swap space" is the sum of physical and
virtual swap. There is no virtual swap space by default, so IRIX 5.x
behaves like IRIX 3.x. One can set virtual swap to any amount of
memory; if it is set sufficiently high, memory requests will always
be granted, just like IRIX 4.0.x. Using jargon retroactively, IRIX
4.0.x has an infinite amount of virtual swap space.
Large or infinite amounts of virtual swap space work well for many
people, because most programs don't use all the virtual memory they
request, at least not at once. If your programs do use all their
virtual memory, they'll be killed and you'll see "Process killed due
to insufficient memory/swap" messages in your SYSLOG.
Under IRIX 4.0.x, you can only turn virtual swap off completely. Set
the kernel variable availsmem_accounting to 1: edit
/usr/sysgen/master.d/kernel, do 'autoconfig -f' and reboot. Doing so
makes IRIX 4.0.x behave like IRIX 3.x, allocating memory only if it
is actually available.
Under IRIX 5.x, you can turn virtual swap on or off by doing
'chkconfig vswap off' or 'chkconfig vswap on', or change the size of
virtual swap by editing /etc/config/vswap.options, and rebooting. You
can also use 'swap -v' to do any of these things directly and without
rebooting.
Remember that IRIX 5.x comes with virtual swap turned off and set to
zero. If you were happy with IRIX 4.0.x, you should turn virtual
swap on and set its size to a very large number. If programs are
killed, decrease the size of virtual swap or turn it off.
See the swap(1M) and swapctl(2) manpages for details.
------------------------------
Subject: -13- BOOTING
Date: 15 May 94 00:00:01 EST
As the song says, "There must be fifty ways to boot your Iris."
------------------------------
Subject: -14- How can I boot directly into single-user mode?
Date: 20 Feb 94 00:00:01 EST
Use the PROM monitor's 'single' command.
For machines earlier than 4D35s, whose PROMs don't have that command,
say 'boot dksc(0,1,0)unix initstate=s'. Replace 'dksc(0,1,0)' with
the appropriate device and partition if your boot volume is something
other than a SCSI device partitioned in the standard manner; see the
chapter on the PROM monitor in the "Advanced Site and Server
Administration Guide".
------------------------------
Subject: -15- How can I boot from a non-default disk?
Date: 20 Jan 94 00:00:01 CST
Says Justin Mason <jmason@iona.ie>: If your disk is SCSI ID 4, do
boot -f dksc(0,4,8)sash dksc(0,4,0)unix root=dks0d4s0
or
setenv bootfile dksc(0,4,8)sash
setenv path dksc(0,4,8)
setenv root dks0d4s0 # This is the tricky part
auto
from the PROM. The first method works once, so that subsequent
reboots use SCSI ID 1, and the second method sets the PROM to boot
from ID 4 every time (until you reset the PROM variables).
------------------------------
Subject: -16- How can I boot my machine using a server on the other
side of a router?
Date: 24 Jan 94 00:00:01 EST
Tell the router to forward BOOTP packets. If it can't, NFS-mount the
remote volumes on another machine on the same subnet and use the
nearby machine for your boot server.
------------------------------
Subject: -17- How do I make a bootable tape from an IRIX CD?
Date: 22 Nov 94 00:00:01 EST
See the Sep/Oct 93 Pipeline and/or
viz.tamu.edu:/pub/sgi/software/distcp/making-bootable-tape for a
detailed description, or just follow Dave Olson <olson@sgi.com>'s
summary: Take a look at the distcp(1M) manpage, and do something like
tapehost# mount -o ro cdhost:/CDROM /mnt
tapehost# distcp /mnt/dist /dev/nrtape
Note that 'fx', 'ide', and 'sash' for all machines are in the dist/sa
file. 'sa' is an image of the first part of the tape; use 'mkbootape
-f sa -l' to see the contents.
------------------------------
Subject: -18- Why can't I boot one of the stand-alone programs on a
tape or CD?
Date: 03 Apr 94 00:00:01 EST
One reason is that some CPU names are preceded by periods and some
aren't. Another is that the Indigo R4000 and later CPUs use the
suffix 'ARCS', not 'IP20' or whatever as one might expect from
'hinv'. For example, the correct command to boot fx directly from the
PROM monitor on an Indigo R4000 is 'boot -f dksc(ctlr,unit,8)sashARCS
dksc(ctlr,unit,7)stand/fx.ARCS'. Note the use of 'ARCS' instead of
'IP20' and the missing period in 'sashARCS'.
------------------------------
Subject: -19- INSTALLING
Date: 15 May 94 00:00:01 EST
These questions discuss software installation.
------------------------------
Subject: -20- Is it possible to remotely install IRIX over a network?
Date: 20 May 93 00:00:01 CST
Yes. You can install IRIX from a remote machine which has a CD-ROM, a
tape drive, or an IRIX distribution directory. All of these
scenarios (and several others) are described in detail in the "IRIS
Software Installation Guide". Examples are provided.
------------------------------
Subject: -21- Which IRIX CD is the program 'foo' on?
Date: 25 May 94 00:00:01 EST
Mount the CD and try 'grep foo /CDROM/dist/*.idb'. If you don't get
any output, 'foo' isn't on that CD. If you do, it is, and one of the
fields is the subsystem in which 'foo' lives. Entries in *.idb files
don't have a leading slash so you must leave it out if you grep for a
full path, e.g. 'grep usr/bin/lp /CDROM/dist/*.idb', not 'grep
/usr/bin/lp /CDROM/dist/*.idb'.
------------------------------
Subject: -22- How can I extract a single file from an 'inst'
subsystem?
Date: 25 May 94 00:00:01 EST
'inst' guru Paul Jackson <pj@sgi.com> reveals all:
- Find the subsystem in which the file lives, as described in the
previous question. For this example we'll extract /sbin/ed, which
lives in eoe1.sw.unix.
- Follow the bouncing prompt:
> su
> cd /usr/tmp
> mkdir -p tmproot/var/inst
> inst -f /CDROM/dist/eoe1 -r /usr/tmp/tmproot
> Inst> keep *
> Inst> install eoe1.sw.unix
> Inst> go
> Inst> q
> ls -l /usr/tmp/tmproot/sbin/ed
-rwxr-xr-x 1 root sys 75480 May 24 13:57 /usr/tmp/tmproot/sbin/ed
- Move your file somwhere else and 'rm -r /usr/tmp/tmproot'.
- That was under IRIX 5.x. Under IRIX 4.0.x or earlier, use
'/usr/tmp/tmproot/usr/lib/inst' for a temporary inst directory
instead of '/usr/tmp/tmproot/var/inst'.
------------------------------
Subject: -23- Why doesn't 'inst' work?
Date: 16 Jan 94 00:00:01 EST
One possibility is that you're using an old 'inst' with new
software. Always use an 'inst' at least as new as what you're
installing.
------------------------------
Subject: -24- Why doesn't 'inst' work remotely?
Date: 05 May 94 00:00:01 EST
Usually because it can't log in to the machine with the distribution
media. 'inst' uses the guest account to do so, so make sure that
guest on the machine on which you want to install software can rlogin
to guest on the machine with the distribution media without a
password.
------------------------------
Subject: -25- I reinstalled an IRIX subsystem to restore a missing
file or get rid of a corrupted file, but it didn't help.
Why not?
Date: 13 Apr 94 00:00:01 EST
'inst' doesn't bother to install a subsystem if the same or a newer
version is already installed. Tell it to install anyway by saying
'set neweroverride' before you say 'go'. Removing the subsystem and
reinstalling it will do more or less the same thing.
------------------------------
Subject: -26- How can I install IRIX onto a second disk which I can
then move to another machine?
Date: 20 Jan 94 00:00:01 EST
With difficulty. Many parts of the installation process assume that
you're installing IRIX onto your system disk (SCSI ID 1). Just fiddle
with SCSI ID switches and/or move disks around to make the disk onto
which you want to install IRIX the system disk for the duration of
the installation.
Furthermore, IRIX has many hardware dependencies, so you should only
move system disks between absolutely identical machines. If you want
to make a system disk for a machine without a network connection,
CD-ROM or tape drive, the easiest and safest way is to borrow another
CD-ROM or tape drive.
If you want to try anyway, Justin Mason <jmason@iona.ie> reports that
the following works under IRIX 5.1.1:
Set up the disk, e.g. with SCSI id 4, fx a generic "[bo]otable"
partition setup onto it, and mkfs the partitions. Copy sash, etc.
from your system disk to the new disk with dvhtool. Boot up the
miniroot as usual, go into inst, choose "admin" from the menu and do
the following, replacing SCSI IDs and partition numbers as
appropriate:
umount /root
umount /root/usr
mount /dev/dsk/dks0d4s0 /root
mount /dev/dsk/dks0d4s6 /root/usr
mount # Just to check
return # Go back to main inst menu
Then install as you like.
------------------------------
Subject: -27- How can I copy my system disk onto a second disk which I
can then move to another machine?
Date: 17 Jun 94 00:00:01 EST
See the article in the Jul/Aug 92 Pipeline and the addendum in the
Nov/Dec 92 Pipeline, and note that the warning about hardware
dependencies in the previous question applies here too. Steve
Kotsopoulos <steve@ecf.toronto.edu> has written a script which does
this automatically; you can FTP it from
viz.tamu.edu:/pub/sgi/software/clonedisk/clonedisk. Be sure to read
the comments before running it!
------------------------------
Subject: -28- NETWORKING
Date: 15 May 94 00:00:01 EST
These questions discuss general networking.
------------------------------
Subject: -29- Why isn't my network working?
Date: 08 Oct 94 94 00:00:01 EST
A list of good things to try is at
viz.tamu.edu:/pub/sgi/lists/network-checklist.
------------------------------
Subject: -30- How can I measure my network's reliability?
Date: 16 Oct 94 00:00:01 EST
Don't worry about collisions. They are part of normal operation on a
crowded Ethernet. You *should* worry about late collisions (which are
logged to the console) and lost packets (which you can easily measure
with the command 'ping -fs 3000 -c 1000 someotherhost'), which
usually mean network hardware problems or a misconfigured bridge or
router.
See Chapter 18 of the "IRIX Advanced Site and Server Administration
Guide" and the Sep/Oct 93 Pipeline for more.
------------------------------
Subject: -31- How do I add a static route?
Date: 13 Nov 94 00:00:01 EST
Some sites handle IP routing by designating a routing machine and
having all other hosts define a static route to that machine. The way
to do this on SGIs is in the /etc/init.d/network.local script.
1) Read the paragraph just before the copyright at the top of
/etc/init.d/network and make the links it specifies.
2) Put something like the following in /etc/init.d/network.local,
replacing ROUTER'S.IP.ADDRESS.HERE with the address of your
router.
#! /bin/sh
IS_ON=/sbin/chkconfig
case "$1" in
'start')
if $IS_ON network; then # network must be chkconfig'ed on
/usr/etc/route add default 130.132.25.1 1
fi
;;
'stop')
/usr/etc/route delete default 130.132.25.1 ;;
*)
echo "Usage: $0 {start|stop}" ;;
esac
Check the script with 'sh -v /etc/init.d/network.local'.
If you NFS-mount disks from the other side of the static route, they
will not be unmounted properly during shutdown. You can fix this by
making the links so that /etc/init.d/network.local runs before
/etc/init.d/network: 'ln -s /etc/init.d/network.local
/etc/rc0.d/K41network' instead of '/etc/rc0.d/K39network'.
------------------------------
Subject: -32- How can I make the 'slip' command advertise the Ethernet
address of the SLIP client?
Date: 10 Dec 93 00:00:01 EST
You can't. Just add something like
/usr/etc/arp -s $USER `netstat -ia | grep :` pub
to the shell script in which you start the SLIP process. $USER is the
SLIP client. The 'netstat | grep' part gets the host's Ethernet
address, and 'arp' advertises the host as an ARP server for $USER.
See also the arp(1M) manpage.
------------------------------
Subject: -33- I've just edited inetd.conf, and nothing changed. Why?
Date: 10 Dec 93 00:00:01 CST
You need to make 'inetd' reread the file. Do 'killall -HUP inetd' or
reboot.
------------------------------
Subject: -34- Why can't I 'rdist' files between Suns and SGIs?
Date: 10 Dec 93 00:00:01 EST
Sun's 'rdist' expects SGI's 'rdist' to live in /usr/ucb, but it's
actually in /usr/bsd. Make a symbolic link from /usr/ucb/rdist to
/usr/bsd/rdist and all will be well.
------------------------------
Subject: -35- Why isn't the objectserver working?
Date: 04 Nov 94 00:00:01 EST
Anne Eagle <annee@sgi.com> posted most of the following:
- Its database may be corrupt. If the objectserver appears to start
OK but crashes later, this is probably the case. Rebuild it like
so:
/etc/init.d/cadmin stop
/etc/init.d/cadmin clean
/etc/init.d/cadmin start
If the preceding doesn't work, try this
/etc/init.d/cadmin stop
mv /var/Cadmin/data /var/Cadmin/data.old
/usr/Cadmin/bin/parseclasses
/etc/init.d/cadmin start
Note that either method destroys "Privileged User" and "Business Card"
information.
- One of your system configuration files (including but not limited
to /etc/exports, /etc/fstab, /etc/inittab, /etc/mtab, /etc/passwd)
may have minor format problems which don't bother IRIX proper but
do bother the objectserver. Such problems include a last line which
doesn't end with a linefeed, a backspace not preceded by a space in
/etc/exports, or unprintable characters. One sign that you have
such a problem is a core file in /var/Cadmin/data. If you find and
fix a problem, rebuild the databases as above.
If you can't find the problem, try the following:
par -s -i -N open -l -SS /usr/Cadmin/bin/objectserver -d
The last file objectserver opens is probably where the problem is.
If you're really desperate, the TAC will give you an objectserver
compiled with -g and help you run dbx on it.
- You may be swamping the objectserver with NIS (YP) users. There are
several ways around this:
- Start a directoryserver on a machine on your local network.
- Use netgroups or the "+user" form in /etc/passwd instead of just
a "+" and rebuild the databases as above.
- Most severely, remove the NIS object definition files so that the
objectserver will not create NIS objects, rebuild the
objectserver database (without the NIS objects) and restart the
objectserver as follows. You will not be able to manipulate NIS
users with Cadmin if you do this.
killall fm
mediad -k
killall objectserver
mv /var/Cadmin/data /var/Cadmin/data.orig
cp -pr /usr/Cadmin/classes /usr/Cadmin/classes.orig
rm /usr/Cadmin/classes/groupObject.op
rm /usr/Cadmin/classes/nisAccountObject.op
rm /usr/Cadmin/classes/peopleNISObject.op
rm /usr/Cadmin/classes/peopleObject.op
/usr/Cadmin/bin/parseclasses
/usr/Cadmin/bin/objectserver
ps -ef | grep obj
Wait until you see 2 objectserver processes running, then do
mediad
fm -lrb &
- Chris Riney <chris.riney@tandy.com> says: "We have just discovered
here at our site that if you do not have a route defined for the
SGI multicast subnet, then objectserver will gobble up memory. I
established a route for 224.0.0.0, and objectserver has been up for
over a week without consuming additional memory." This route is
defined in the stock /etc/init.d/network.
- Andreas Klingler <andreas.klingler@rrze.uni-erlangen.de> fixed his
objectserver by removing /usr/Cadmin/classes/printerObject.op and
then rebuilding /var/Cadmin/data as above.
See also "Indigo Magic Tips and Tricks" in the Sep/Oct 94 Pipeline.
------------------------------
Subject: -36- What is sending packets to the sgi-dog.mcast.net
multicast address?
Date: 15 Jun 94 00:00:01 EST
The objectserver.
------------------------------
Subject: -37- MAIL
Date: 15 May 94 00:00:01 EST
These questions discuss mail configuration and problems.
------------------------------
Subject: -38- How can I set up 'sendmail' to pass 8-bit characters?
Date: 12 Feb 94 00:00:01 EST
Dunno, offhand, but many experts say "don't try". RFC822 requires
mail transport agents to *clear* the eighth bit, and many hosts do.
Some which don't may crash when they get mail with the eighth bit
set. Instead, use a MIME-compatible mail program. MIME, described in
RFC1521, is a standard for enclosing non-RFC822 material in your
mail. The apps FAQ discusses several mail programs which support it.
Nonetheless, if someone wants to tell us about putting SGI's
'sendmail' into 8-bit mode we'll note it here.
------------------------------
Subject: -39- Why are my mailbox files changing ownership in IRIX
4.0.x?
Date: 13 Nov 94 00:00:01 EST
If your mail directory is mounted from another machine, your machine
does not have root access, and the other machine has BSD-style
"restricted chown" (either because it's not an SGI or because someone
turned restricted chown on), /bin/mail will change mail file
ownership when delivering local mail. Without unrestricted chown or
root access, /bin/mail is unable to give mail files back to their
owners after delivering mail. You can fix the problem by turning off
restricted chown on the other machine (if it's an SGI), exporting the
mail directory with root access for your machine, or upgrading to
IRIX 5.2, in which the problem is fixed.
------------------------------
Subject: -40- Why isn't a valid user getting their mail?
Date: 24 Jan 94 00:00:01 EST
IRIX' mail system requires "valid users" to have both valid password
file entries (whether local or via NIS) and home directories. The
latter often trips one up when installing POP servers and whatnot,
where home directories aren't really necessary. Just make a fake
one.
------------------------------
Subject: -41- How can SGIs and Suns share a mail spool?
Date: 05 Feb 94 00:00:01 EST
Paul Riddle <paulr@umbc.edu> has written up how he did it. Read
ftp.umbc.edu:/pub/sgi/shared-spool.text.
------------------------------
Subject: -42- What's an "unknown mailer error"?
Date: 20 Feb 94 00:00:01 EST
There's a list in viz.tamu.edu:/pub/sgi/software/mail/mail-errors.
------------------------------
Subject: -43- What's "mailbox: Error 0"?
Date: 05 Mar 94 00:00:01 EST
It's a harmless bug; don't worry about it. It is fixed in IRIX
versions 4.0.5H/4.0.5IOP and later.
------------------------------
Subject: -44- Why can't I receive mail on an NFS-mounted mail spool
under IRIX 5.2?
Date: 29 Aug 94 00:00:01 EST
IRIX 5.2 NFS has a bug which prevents writing to a zero-length file
if the writing process has group write permission but not group read
(or user write) permission. IRIX 5.2 /bin/mail likes to set the
permissions of /var/mail/<user> to mode 620, exactly what is needed
to exercise the NFS bug. There is no patch for the NFS bug (although
it will be fixed in IRIX 5.3) but you can get a /bin/mail from the
TAC which leaves mail files mode 660 and thus doesn't exercise the
bug.
------------------------------
Subject: -45- NFS
Date: 15 May 94 00:00:01 EST
These questions discuss NFS.
------------------------------
Subject: -46- How can I tell what hostname to use in /etc/exports?
Date: 07 Feb 94 00:00:01 EST
NFS servers may need a particular form of a client's name in
/etc/exports to allow the client access. This may not be obvious, for
example if the server is also a router. Log in from the client to the
server and say 'echo $REMOTEHOST' to see what the server thinks the
client is called, and put that in /etc/exports.
The System Manager ('chost') should be able to determine the correct
hostname for you.
------------------------------
Subject: -47- Why can't I export an NFS-mounted filesystem?
Date: 10 Dec 93 00:00:01 CST
This is known as multi-hop NFS. It is not allowed or supported in
(Sun's) NFS because it is not in general possible to detect errors
such as infinite mount loops, on either the client or the server.
------------------------------
Subject: -48- Why can't Ultrix automount SGI filesystems?
Date: 10 Dec 93 00:00:01 CST
Ultrix's automount uses an "untrusted" port for mount requests. Add
an '-n' to the mountd lines in /usr/etc/inetd.conf (/etc/inetd.conf
in IRIX 5.x), like so:
mountd/1 stream rpc/tcp wait root /usr/etc/rpc.mountd mountd -n
mountd/1 dgram rpc/udp wait root /usr/etc/rpc.mountd mountd -n
then 'killall mountd' and 'killall -HUP inetd' or reboot.
------------------------------
Subject: -49- Why does 'tar' work strangely on a filesystem mounted
from an SGI?
Date: 03 Apr 94 00:00:01 EST
When user A extracts a file owned by user B from a tar archive, 'tar'
makes the file owned by user A unless user A is the superuser. Some
systems allow users to give files away (e.g. IRIX); some do not
(e.g. SunOS). On some systems with the restricted behavior (SunOS
among them), 'tar' tries to give the file to user B whether or not
user A is the superuser, assuming that the chown system call will
fail if user A is not. This is not true if user A is using 'tar' on
(e.g.) a Sun to extract files onto a filesystem NFS-mounted from
(e.g.) an SGI. 'tar' may create zero-length files or give away
directories and then be unable to extract files into them.
Work around the problem by doing the 'tar' on the SGI or extracting
onto a Sun filesystem. It is possible that third-party versions of
'tar' (e.g. GNU tar) are smarter; let us know if so. Don't turn the
restricted_chown kernel variable on on the SGI; while this will fix
the problem at hand, it will break SGI programs which need to give
files away without running as root (notably /bin/mail).
------------------------------
Subject: -50- Is 'pcnfsd' available for the SGI?
Date: 27 Feb 94 00:00:01 EST
For IRIX 4.0.x, look in ftp.sgi.com:/support/pcnfsd.sysV/. (Note that
although SGI makes this available, they do not support it.) For IRIX
5.x, look in viz.tamu.edu:/pub/sgi/software/pcnfsd/.
------------------------------
Subject: -51- Can I export a CD-ROM from my SGI to a non-SGI?
Date: 10 Dec 93 00:00:01 EST
Not in IRIX 4.0.x. You can in IRIX 5.x, as you would any other
filesystem.
------------------------------
Subject: -52- Why can't I export an ISO 9660 CD-ROM using NFS?
Date: 13 Nov 94 00:00:01 EST
You're using IRIX 4.0.x. Under IRIX 5.x, it just works.
Under IRIX 4.0.x you can, but only to another SGI (see the previous
question) and there's a catch. Add the CD-ROM filesystem to
/etc/exports and export it with 'exportfs' *before* you mount the
CD-ROM. For more detail, read
viz.tamu.edu:/pub/sgi/hardware/exporting-iso-9660-cdrom or the
article in the Jan/Feb 93 Pipeline, or for an up-to-date copy call
the TAC and ask for SGI's writeup on "Mounting an ISO 9660 CD Across
NFS".
------------------------------
Subject: -53- How can I read an IRIX (EFS) CD-ROM on a machine which
doesn't use EFS?
Date: 09 Jan 94 00:00:01 EST
You want 'efslook', in viz.tamu.edu:/pub/sgi/software/efslook/.
------------------------------
Subject: + -54- How can I get quotas to work on an NFS filesystem?
Date: 16 Dec 94 00:00:01 EST
+ Mount the filesystem with the 'quotas' option, by adding it to
+ /etc/fstab or the automounter map as appropriate, and make sure the
+ nfs.sw.nis subsystem, which contains the NFS quota daemon
+ (/usr/etc/rpc.rquotad) is installed. That's nfs.sw.nis, not
+ nfs.sw.nfs! See fstab(4), rquotad(1M) and perhaps automount(1M) for
+ details.
------------------------------
Subject: -55- PRINTING
Date: 15 May 94 00:00:01 EST
These questions discuss printing.
------------------------------
Subject: -56- Why can't 'lp' read my file?
Date: 10 Dec 93 00:00:01 EST
'lp' is setuid, so it can only read world-readable files. You can say
'lp < file' if you don't want to make your file world-readable.
------------------------------
Subject: -57- How can I use 'lpr' to print to my local printer?
Date: 10 Dec 93 00:00:01 EST
SGI provides 'lpr' for printing on remote printers, and does not
support it for local printing. One way to do it anyhow is to make an
/etc/printcap entry with an output filter which is just a wrapper
around 'lp'. If that isn't crystal-clear, call the TAC and ask for
their "faxable" on "Integrating The AT&T Spooler With The BSD LPR
Print Spooler". A not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lpr-to-lp.
------------------------------
Subject: -58- How can I use 'lp' to print to an 'lpr'-controlled
printer?
Date: 19 Jun 94 00:00:01 EST
Two possible ways:
- Write an 'lp' interface script that calls 'lpr'. Impressario 1.1 or
later can do this for you; see the Impressario FAQ. If you don't
have Impressario you can do it yourself or call SGI and ask for
their writeup, "LPTOLPR, A Model File for LP", which includes (in
fact, consists of) just such an interface script. A
not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-to-lpr.
- Write an 'lp' replacement script that calls 'lpr'. One such script
is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-wrapper-for-lpr.
------------------------------
Subject: -59- How can I tell 'lp' to turn banner printing or page
reversal off or on?
Date: 13 Nov 94 00:00:01 EST
'lp' controls printers via shell scripts, called 'models', which live
in /var/spool/lp/model. When you install a printer, the appropriate
model script is copied to /var/spool/lp/interface/<name-of-printer>.
To temporarily change a printer's behavior, look at the manpage for
its interface script (or, if there is none, the script itself) to see
what options it wants, and pass them to the script with 'lp's '-o'
option. For example, 'lp -o"-nobanner" file' tells a "Generic
Postscript" printer (described in the gpsinterface(1) manpage) to
print 'file' without a banner page.
To permanently change a printer's behavior, edit its interface
script. The following are true for "Generic Postscript" printers,
but the idea is the same for others:
- To turn banner printing off or on, change the line 'BANNER=1' to
'BANNER=0' or vice versa.
- To turn page reversal off or on, change the line
'send=/usr/lib/print/lptops' to 'send="/usr/lib/print/lptops -U"'
(note the quotes) or vice versa.
In IRIX 5.x, you can change these settings in the printpanel. You can
also turn banner printing off on a per-user basis by doing 'echo
nobanner >> /var/spool/lp/settings/<printername>/<yourusername>'.
------------------------------
Subject: -60- SECURITY
Date: 15 May 94 00:00:01 EST
These questions discuss security.
------------------------------
Subject: -61- Where can I learn about Unix and IRIX security?
Date: 03 Dec 94 00:00:01 EST
The Jul/Aug 94 Pipeline has an article discussing general Unix
security with some IRIX-specific aspects. Read
rtfm.mit.edu:/pub/usenet/news.answers/security-faq and the books and
papers listed therein for general discussions of Unix security. Look
in ftp.cert.org:/, ciac.llnl.gov:/pub/ciac/ and
ftp.tansu.com.au:/pub/docs/security/8lgm/ for CERT, CIAC and 8lgm
material (respectively) and general security information and tools.
If you have a lot of spare time, consider the comp.security.unix
newsgroup.
------------------------------
Subject: -62- How can I check my system for security problems?
Date: 09 Oct 94 00:00:01 EST
Get Nate Sammons' <nate@vis.colostate.edu> 'securscan' from
ftp://ftp.vis.colostate.edu/pub/irix/security/. It checks for many
common IRIX-specific security bugs and problems. You might also want
to try a generic Unix security-checking tool such as COPS or tiger
and/or a password checker such as Crack. The security FAQ referenced
above gives their locations.
------------------------------
Subject: ! -63- How can I configure IRIX more securely?
Date: 16 Dec 94 00:00:01 EST
Several aspects of SGI's default IRIX configuration were chosen for
convenience, not security. Unless your machine is not networked, you
may be more concerned about security than SGI assumed. Note that
these items have been discussed on Usenet many times, and Usenet
chatter is not a good way to change SGI policy. If they bother you,
complain to your sales rep and then fix them yourself as follows.
+ Many thanks to Paul "Shag" Walmsley <ccshag@showme.missouri.edu> for
+ several of the items here and elsewhere in the SECURITY section.
Under any version of IRIX,
- Several accounts come without passwords, including (but not limited
to) guest, 4Dgifts, demos, tutor, tour and particularly lp. Examine
/etc/passwd and lock all unnecessarily open accounts. Note that 1)
parts of IRIX (e.g. 'inst') use the open guest account by default,
and 2) remote 'lp' clients need access to the lp account to print,
so you'll need to make other arrangements.
- 'xdm' does 'xhost +' by default when you log in. This allows anyone
to open windows on your display and even to record what you type at
your keyboard. Close this hole by removing the 'xhost +' from
/usr/lib/X11/xdm/Xsession, /usr/lib/X11/xdm/Xsession-remote and (in
IRIX 5.x) /usr/lib/X11/xdm/Xsession.dt. In IRIX 5.2 and later you
can use X authority to control access to remote displays; see
below. In IRIX 5.1.x and earlier X authority doesn't work, so
you'll need to use 'xhost' judiciously to get to remote displays:
say 'xhost +localhost' to run DGL programs and 'xhost +otherhost'
to display remote X programs.
- At least some of the possible default values of the PATH
environment variable begin with the current directory. (The system
interprets either a period or the empty string in any component of
PATH as the current directory. PATH is colon-separated, so if it
begins with a colon the first component is the empty string.) This
exposes you to Trojan horse programs. Set PATH to a safe value
(remove the current directory, or at least move it to the end) in
/etc/cshrc and/or /etc/profile for regular users and /.login for
root.
- By default, /etc/config/ypbind.options contains the -ypsetme
option. This allows someone who can fake your IP address to change
your YP binding. Remove the option to close the hole and add the -s
option for a little extra protection. If your site runs ypbind with
the -v (verbose) option, you may also want to add 'YPSET=true' to
/etc/config/ypmaster.options and comment out the 'ypset' line in
/var/yp/ypmake. See the ypbind(1) and ypset(1) manpages for more.
- If you use SLIP (see slip(1M)), be sure that SLIP accounts' home
directories are not world-writable. SLIP accounts are uid 0, so
it's bad if just anyone can mess with their .forward files and the
like. /tmp, which is recommended in the "IRIX Advanced Site and
Server Administration Guide", is necessarily world-writable and a
bad choice. You may want to make an empty, root-owned, mode 755
directory to the effect of /usr/slip and use that. Any number of
SLIP accounts can use a single home directory without conflict.
- You *might* want to disallow .rhosts files, by adding the '-l' flag
to the rlogind and rshd lines in /usr/etc/inetd.conf. However, this
removes real functionality, and should not be done without reason.
! See the rlogind(1M) and rshd(1M) manpages. Note, however, that the
! rlogind flag does not work in IRIX 5.2. It does work in IRIX 5.3.
- Read the rest of the entries in this section and make the changes
they describe if necessary.
Under IRIX 5.x only,
- Turn on shadow passwords, which are not used by default. Run
'pwconv' to move your passwords to /etc/shadow, where only root can
read them. Note that you'll have to update /etc/shadow by hand for
NIS users. See the pwconv(1M) and shadow(4) manpages.
- Limit the hosts from which portmap(1) will accept RPC requests by
using the -a option in /etc/config/portmap.options. For example, if
your machine is www.xxx.yyy.zzz and your subnet is www.xxx.yyy you
can reject RPC requests from outside your subnet by putting '-a
! 255.255.255.0 www.xxx.yyy.0' in that file.
This list is guaranteed to be incomplete. Keep your eyes open.
------------------------------
Subject: -64- How can I log more information about logins?
Date: 22 Nov 94 00:00:01 EST
- 'last', 'who', etc. get remote login information from
/var/adm/xutmp and /var/adm/xwtmp. That information is only logged
into these files if they already exist. To create them, just say
'touch /var/adm/xutmp /var/adm/xwtmp'.
- As described in the login(1) manpage, you can add the line
'syslog=all' to /etc/config/login.options (IRIX 4.0.x) or change the
line 'SYSLOG=FAIL' in /etc/default/login to 'SYSLOG=ALL' (IRIX 5.x)
to log all login attempts, not just successful ones, in
/var/adm/SYSLOG.
- 'ftpd', 'rshd' and 'tftpd' all have options ('-l' or '-L') which
cause them to log all accesses. See their manpages. 'ftpd' also has
'-ll' and '-lll' options (undocumented before IRIX 5.x) which log
individual file transfers and the sizes of those files
respectively. Add the options to the last fields (not the
second-to-last) of the appropriate lines of /etc/inetd.conf, then
do 'killall -HUP inetd' or reboot.
- Consider using TCP wrappers. These allow you to restrict
connections to individual TCP daemons to particular hosts and
prevent some forms of address spoofing. You can get source code
from ftp://ftp.win.tue.nl/pub/security/.
------------------------------
Subject: -65- How can I make an anonymous or restricted FTP account?
Date: 04 May 94 00:00:01 EST
Read the ftpd(1M) manpage and/or the article in the March/April 1994
Pipeline. However, both discussions have a serious error: the ftp
account's home directory (/usr/people/ftp) should be owned and
writable only by root, NOT ftp. You might also want to make the 'pub'
directory "sticky" with 'chmod +t' (like /tmp and /usr/tmp) so that
one user can't delete another's files. A script which sets up a
secure anonymous FTP account is at
viz.tamu.edu:/pub/sgi/software/ftp/make-anonftp.
------------------------------
Subject: -66- How can I get X authorization to work?
Date: 27 Apr 94 00:00:01 EST
Under IRIX 5.1.x or earlier, don't try. The MIT-MAGIC-COOKIE-1
protocol did not work, and DGL programs did not understand X
authority.
Under IRIX 5.2 or later, heed the wise words of Mark Kilgard of SGI's
X Window Systems group <mjk@hoot.asd.sgi.com>:
The basic mechanism for the MIT-MAGIC-COOKIE-1 authorization protocol
is implemented by the X server, Xlib, and xdm, and does work in IRIX
5.x. MIT-MAGIC-COOKIE-1 is the only supported protocol.
Two caveats before I describe how to enable X authorization:
1) Old remote IRIS GL programs probably will not be able to connect
to the X server when X authority is enabled. (More on this below.)
2) Due to a problem with how the local hostname is handled, to use X
authority in the IRIX 5.x releases, you will need to make sure
your /etc/sys_id file has a simple hostname, ie. hoot instead of a
fully resolved hostname like hoot.asd.sgi.com This problem has
already been fixed for the next general release of IRIX.
TO ENABLE X AUTHORIZATION, do the following to your IRIX 5.2 system:
1) Edit /var/X11/xdm/xdm-config as root and change the line
saying
DisplayManager*authorize: off
to say
DisplayManager*authorize: on
2) Edit /var/X11/xdm/Xsession, /var/X11/xdm/Xsession-remote, and
/var/X11/xdm/Xsession.dt as root and change the line saying
/usr/bin/X11/xhost +
to say
#/usr/bin/X11/xhost +
This disables the "xhost +" by commenting out the command.
3) Make sure your /etc/sys_id file has no periods in it. For
example, change as root:
hoot.asd.sgi.com
to say
hoot
4) Reboot the machine OR restart a new xdm and X server. This
can be done as root with the following command:
(/usr/gfx/stopgfx; killall xdm; /usr/gfx/startgfx) &
5) Log in. X authorization should be enabled.
If you want to disable X authorization and return to the default
system state where X clients can connect to the X server from any
machine, reverse the changes in steps 1 and 2 and repeat step 4.
If you want more information on X authorization, see the manpages for
xdm(1), Xserver(1), Xsgi(1), Xsecurity(1), xauth(1) and xhost(1).
X AUTHORITY AND REMOTE IRIS GL PROGRAMS: One of the major reaons for
Silicon Graphics shipping its window system so that an X client from
any machine could connect to the X server was because IRIS GL
programs running remote using the DGL (distributed GL) protocol
didn't interoperate with the X authorization mechanism; the dgld
daemon that would run on the machine with graphics hardware had no
way to get the correct X authority information to connect to the X
server.
This has been fixed for IRIX 5.2, but the fix only applies to IRIX 5
binaries running remotely on an IRIX 5.2 system connecting to an IRIX
5.2 X server. In particular, remotely run IRIX 4 IRIS GL binaries
will continue to not interoperate with an IRIX 5.2 X server (or a
pre-IRIX 5.2 X server). If you recompile your old IRIS GL binaries
on IRIX 5.2, they then will work remotely connecting to IRIX 5.2 X
servers running X authority.
The bottom line is that if you want an IRIS GL program to run
remotely on an X server using X authorization, you need to make sure
the program is an IRIX 5 binary running on an IRIX 5.2 machine and
the machine with the X server is also an IRIX 5.2 machine.
To avoid a possible misconception: IRIS GL programs RUNNING LOCALLY
(ie, not using DGL) WILL WORK FINE on an IRIX 5.2 system no matter if
they are IRIX 4 or IRIX 5 binaries. The problem with X authority is
only for REMOTE IRIS GL programs.
Also note that for X authorization to work for remote hosts, the
remote program must have access to the correct X authorization magic
cookie (normally read from ~/.Xauthority). If you don't have a
shared NFS mounted home directory, you'll probably need to use the
xauth command to transfer the X authorization magic cookie to the
remote ~/.Xauthority file.
THE FUTURE: Hopefully in the next general release of IRIX, a
mechanism to enable and disable X authorization using a chkconfig
option will be supported. The problem with /etc/sys_id not having
periods will definitely be fixed in the next general release of
IRIX. The problem with pre-IRIX 5.2 X servers and binaries not
interoperating with X authorization will likely not be fixed. Fixing
the problem required a DGL protocol extension which both the IRIS GL
program and dgld must know about; this can't be fixed in already
shipped software.
------------------------------
Subject: ! -67- What security-related bugs does IRIX have?
Date: 16 Dec 94 00:00:01 EST
Some general comments before we start:
- IRIX is too complex for us to guarantee that this list is complete.
We only discuss problems we know about. We don't discuss insecurely
designed systems (like YP) or ways in which you might misconfigure
your system, only bugs. We don't discuss third-party software,
free or not.
- Prudence and space permit us to describe only how to close holes,
not to exploit them. Try comp.security.unix.
- Some of the fixes involve installing a new version of a setuid
binary. Be sure that you 1) make it executable, setuid and owned
by the correct user and group (or it won't work), and 2) remove the
old version so bad guys can't use it!
Now for the holes themselves:
- CERT advisory CA-92:08, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-92:08.SGI.lp.vulnerability
describes problems with the permissions of 'lp'-related parts of
IRIX which allow anyone who can log in as lp to get root access.
They are fixed in IRIX 4.0.5. Briefly, the fix is
su root
cd /usr/lib
chmod a-s,go-w lpshut lpmove accept reject lpadmin
chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks
cd /usr/bin
chmod a-s,go-w disable enable
chmod go-ws cancel lp lpstat
- CIAC Bulletin F-01, which you can get from
ciac.llnl.gov:/pub/ciac/bulletin/f-fy95/f-01.ciac-SGI-IRIX-serial-ports
describes a race condition in IRIX 4.0.x's
/usr/lib/vadmin/serial_ports which allows any user to become root
in IRIX 4.0.x. 'chmod 700' it to close the hole; it will still work
fine.
/usr/lib/vadmin/serial_ports is part of IRIX 4.0.x and should not
exist on IRIX 5.x systems, but some users have reported problems
with upgrading from 4.0.x to 5.x which leave old binaries behind.
If the file exists on your 5.x system, remove it. (5.x's
equivalent, /usr/Cadmin/bin/cports, does not have the problem.)
- CERT advisory CA-93:16, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:16.sendmail.vulnerability
describes a hole or holes in /usr/lib/sendmail which allow anyone
root access, whether they can log in initially or not! At least
some of these are present in every version if IRIX up to and
including 5.2. Fixed versions are in
ftp.sgi.com:/sgi/IRIX4.0/sendmail/
ftp.sgi.com:/sgi/IRIX5.0/sendmail/
- CERT advisory CA-93:17, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:17.xterm.logging.vulnerability
describes a hole in /usr/bin/X11/xterm which allows any user root
access. It is fixed in IRIX 5.x. A fixed version for IRIX 4.x is
at
ftp.sgi.com:/sgi/IRIX4.0/xterm/
The 'fix', incidentally, is that logging is completely disabled.
- /usr/bin/under is an unused (!) part of 'rexd'. It is setuid root
and may allow root access, so 'chmod -s' it just in case. Note that
SGI ships IRIX with 'rexd' turned off because 'rexd' is itself a
security problem. It is not shipped in IRIX 5.x.
- /usr/bsd/rdist has several holes which allow any user root access
in all versions of IRIX up to and including 5.2, including the
4.0.5 and 5.x binaries on ftp.sgi.com.
Under IRIX 5.2, you can install patch 130 to close all known
holes. Under IRIX 4.0.x, you must close the hole with 'chmod -s'.
rdist will then work only when used by root. If your non-root users
need 'rdist', there is a free version which claims to be free of
all known holes in usc.edu:/pub/rdist/. Make sure you get version
6.1 beta 3 or later.
As for advisories, CERT advisory CA-91:20, at
ftp.cert.org:/pub/cert_advisories/CA-91:20.rdist.vulnerability
is badly out of date. 8lgm advisory 1, at
ftp.tansu.com.au:/pub/docs/security/8lgm/8lgm-Advisory-1.UNIX.rdist.23-Apr-1991
describes only one of the several holes.
- The 'lpr' subsystem in IRIX 4.0.x and 5.x, up to and including 5.2,
has several holes which allow a non-root user to become root. Note
that 'lp' is SGI's usual printing system; you only need 'lpr' if
you need to deal with remote printers. If you don't need 'lpr',
make sure it isn't installed. (It lives in the eoe2.sw.lpr
subsystem.) If you do need 'lpr', there are fixed versions at
ftp.sgi.com:/sgi/IRIX4.0/lpr/lpr.latest.Z
ftp.sgi.com:/sgi/IRIX5.0/lpr/lpr.latest.Z
The versions dated 29 and 26 April, respectively, work with NIS
(YP). The IRIX 5.x version is also available from the TAC as patch
131.
- /usr/etc/arp is setgid sys in IRIX up to and including 5.2,
allowing anyone who can log into your machine to read files which
should be readable only by group 'sys'. Close the hole with 'chmod
-s'. This prevents non-root users from using 'arp' at all, but they
don't generally need it.
- /usr/sbin/cdinstmgr is setuid root in IRIX 4.0.5[A-F] and
/etc/init.d/audio is setuid root in IRIX 5.2. They are scripts;
setuid scripts are a well-known Unix security problem. IRIX ignores
the setuid bit by default, but 'chmod -s' the scripts just in
case.
- /usr/sbin/colorview is setuid root in IRIX 5.x up to and including
5.2, allowing anyone to use it to read any file regardless of
permissions. Close the hole with 'chmod -s /usr/sbin/colorview'.
- /usr/bin/newgrp is group-writable in IRIX 5.2. It doesn't need to
! be, and it might be a problem depending on your use of group sys
! and/or the presence of the 'sadc' bug (described elsewhere in this
! list) on your system. 'chmod g-w' it.
- /usr/sbin/printers has a bug in IRIX 5.2 (and possibly earlier 5.x
versions) which allows any user to become root. Call the TAC and
request patch 5. You might want to 'chmod -s' it while you're
waiting.
- /usr/sbin/sgihelp has a bug in IRIX 5.2 (and possibly earlier 5.x
versions) which allows any user to become root. This is so bad that
the patch (#65, along with the prerequisite patch 34) is FTPable
from ftp.sgi.com:/security/, and SGI is preparing a CD containing
only that patch. Call the TAC if you can't FTP. You should 'chmod
-x /usr/sbin/sgihelp' while you're waiting.
- The version of inst which comes with patch 34, which is required
for installation of all other patches (even those with lower
numbers) saves old versions of binaries in /var/inst/patchbase. It
does not remove execution or setuid permissions! 'chmod 700' that
directory so evil users can't get to the old binaries.
- /usr/bsd/newaliases (which is just a symlink to /usr/lib/sendmail)
creates /etc/aliases.{dir,pag} with mode 666. Any user can thus add
aliases which can run programs or steal mail. This is true up to
and including IRIX 5.2. Close the hole by running newaliases (if
you haven't already) and doing 'chmod go-w /etc/aliases.dir
/etc/aliases.pag'. Once those files exist and have proper
permissions, you're OK.
- 8lgm advisory 11, which you can get from
ftp.tansu.com.au:/pub/docs/security/8lgm/8lgm-Advisory-11.UNIX.sadc.07-Jan-1992
describes a bug in the System V accounting program /usr/lib/sa/sadc
! which allows any user to write files in directories owned by sys.
! The manifestation of this bug in IRIX 5.2 (and probably earlier
! versions) is relatively harmless: it only allows users to create
! garbage files in sys-writable directories or blow away files that
! are writable by group sys, such as the group-writable
! /usr/bin/newgrp described elsewhere in this list. If you don't use
! the accounting subsystem you might want to 'versions remove' it just
! to be safe.
- 8lgm advisory 12, which you can get from
ftp.tansu.com.au:/pub/docs/security/8lgm/8lgm-Advisory-12.UNIX.suid_exec.27-Jul-1991
describes a bug in /etc/suid_exec (part of ksh) which allows any
user to become root. It is not known whether this bug is present in
any version of IRIX, but if you don't use setuid ksh scripts you
might want to 'chmod -s /etc/suid_exec' just to be safe.
+ - /usr/etc/mount_dos, IRIX's DOS-filesystem floppy mounter, has a
+ serious bug in IRIX 5.2 (and probably earlier releases of 5.x as
+ well) which allows anyone with an account on and physical access to
+ a machine with a floppy drive root access. This bug can be fixed
+ with patch 167 from the TAC and is reportedly fixed in IRIX 5.3.
+ Perhaps the easiest interim "fix" (which essentially disables all
+ removable media drives) is to disable mediad: "mediad -k" kills the
+ current instance of mediad, and "chkconfig mediad off" prevents
+ mediad from starting during the next reboot.
+ - /usr/etc/rpc.ypupdated may have a security hole in all versions of
+ IRIX. It is completely unnecessary in most networks; the only
+ instance that we could think of that might require this daemon would
+ be NIS networks that include Sun diskless clients. You should
+ probably comment it out of /etc/inetd.conf, or just not install the
+ nfs.sw.nis subsystem, of which it is a part. It is commented out by
+ default in IRIX 5.3.
------------------------------
Subject: -68- I think I've found a security hole in IRIX; whom do I
notify at SGI?
Date: 10 Dec 93 00:00:01 CST
In general, if you find a security problem (or think you have), you
can send it to postmaster@sgi.com. This address gets a lot of mail,
so you may want to CC your mail to one of the SGI employees who
regularly post to Usenet. (Several have indicated that they will be
glad to know about such things.)
You can also notify CERT <cert@cert.org>, who will contact the
appropriate people from their contact list. They may take some time.
------------------------------
Subject: -69- BUGS
Date: 15 May 94 00:00:01 EST
These questions discuss miscellaneous bugs in IRIX.
------------------------------
Subject: -70- Why is my network license daemon ('netlsd') exiting?
Date: 20 May 93 00:00:01 CST
For netlsd to run, you need to have 'llbd' and 'glbd' installed and
running. A complete debugging procedure is in the netls release
notes, which can be read with 'relnotes netls_eoe 5'.
Please let us know if this problem went away in recent IRIXes.
------------------------------
Subject: -71- What's this 'iotim' error in my syslog in IRIX 4.0.x?
Date: 13 Nov 94 00:00:01 EST
It's a bug in 'rpc.rstatd' which affects several programs including
'ruptime' and 'sysmeter'.
Before IRIX 4.0.5H, 'rpc.rstatd' says
rstatd[4840]: read: iotim: No such device or address
If you see this, upgrade to a newer IRIX or get the patched
'rpc.rstatd' from ftp.sgi.com:/support/rpc.rstatd.
In 4.0.5H and IOP 'rpc.rstatd' ignores the problem (returning all but
the SCSI disk stats which cause the error) but still generates the
following message:
rstatd[4941]: read: bad iotim, no disk stats: No such device or address
This may be ignored.
In IRIX 5.x, the problem is completely fixed.
------------------------------
Subject: -72- Why do 'who', 'rusers', etc. show users who aren't
really logged in in IRIX 4.0.x?
Date: 30 Dec 93 00:00:01 EST
There is a well-known bug in IRIX 4.0.x wherein /etc/utmp is not
updated properly after a user logout. These programs are simply
reporting the non-updated contents of /etc/utmp.
Fixes have been provided by jer@blaise.cif.rochester.edu, David Hinds
<dhinds@allegro.stanford.edu> and Patrick M. Ryan
<pat@gsfc.nasa.gov>. They can be found in
viz.tamu.edu:/pub/sgi/software/utmp/.
------------------------------
Subject: -73- Why do some programs parse /etc/fstab incorrectly in
IRIX 4.0.5?
Date: 10 Dec 94 00:00:01 EST
In IRIX 4.0.5, some programs (e.g. 'fsr') misinterpret lines in
/etc/fstab, so that, e.g.,
/dev/usr /usr efs rw,raw=/dev/rusr,quota 0 0
would cause 'fsr' to think that the raw device pathname was
"/dev/rusr,quota" instead of "/dev/rusr". There is no such device, so
/dev/rusr would never be defragmented. You can work around this by
putting the "raw" option last:
/dev/usr /usr efs rw,quota,raw=/dev/rusr 0 0
This is fixed in IRIX 5.x.
------------------------------
Subject: -74- Why is my Indigo's Ethernet performance dog-slow under
IRIX 4.0.x?
Date: 13 Nov 94 00:00:01 EST
You need the "E++" patch to IRIX 4.0.5, IRIX 4.0.5IOP ("Indigo Only
Patch"), which includes the E++ patch, or IRIX 5.x.
------------------------------
Subject: -75- Why is my Indigo getting SIGSEGVs and crashing under
IRIX 4.0.5IOP?
Date: 13 Nov 94 00:00:01 EST
Make sure you've installed the 4.0.5IOP NFS maintenance patch along
with the rest of 4.0.5IOP. If you're sure you have, call the TAC.
You may need the "IP20 ethernet patch". This comes *after* 4.0.5IOP,
and is not to be confused with the older "E++ patch" (see the
previous question).
------------------------------
Subject: -76- Why is my Indigo2 panicking under IRIX 4.0.5?
Date: 13 Nov 94 00:00:01 EST
There are several keyboard-related bugs in IRIX 4.0.5H and 4.0.5IOP
which cause Indigo2s to crash or freeze. One sign that these
particular bugs are responsible is the message "PANIC: Timeout Table
Overflow" or "WARNING: Couldn't allocate streams buffer" in
/usr/adm/SYSLOG. Get the "Indigo2 keyboard patch" (aka "pckm patch")
from SGI or upgrade to IRIX 5.2.
------------------------------
Subject: -77- What's wrong with ftpd in IRIX 5.2?
Date: 08 Nov 94 00:00:01 EST
It doesn't maintain utmp properly, so ftp logins will appear in the
output of 'who' and similar commands even after they've logged out,
and it dies during 'mget's. Get patch 41, 142 or 162 from the TAC.
(These are all essentially the same patch, but some people have
reported that patch 142 does not work.)
------------------------------
Subject: -78- Why isn't /usr/adm/SYSLOG being updated?
Date: 23 Jun 94 00:00:01 CST
Popular causes include:
- running out of disk space. Once syslogd is unable to write to
/usr/adm/SYSLOG, it won't try again until it is `killall -HUP
syslogd`ed.
- installing IRIX 4.0.x and failing to heed the nagging from
the system when it is rebooted to run 'versions changed' and
combine new and old configuration files. In this case, the trouble
is in /usr/spool/cron/crontabs/root.
- Separating fields in /etc/syslog.conf with spaces instead of tabs.
If you use tabs, syslogd will silently segv when it reads that
file. This should be fixed in IRIX 5.3.
------------------------------
Subject: -79- I just edited /etc/inittab, and now I can't start up or
shut down my SGI! What's wrong?
Date: 03 Dec 94 00:00:01 EST
If the last line of /etc/inittab is a comment, init will screw up
horribly. If your machine is still running, remove the comment and
everything will be OK. If not, go to the miniroot, run the shell and
remove the comment from there. The following sequence of commands is
one possible way to do this:
cd /root/etc
cat inittab # Decide how many lines to remove (say three)
wc inittab # See how many lines inittab has (say 120)
head -117 inittab > inittab.new # Keep the first 120 - 3 lines
mv inittab inittab.old
mv inittab.new inittab
cat inittab # Just making sure
and reboot. Don't forget the 'cd'; from the miniroot's point of view,
/etc/inittab is /root/etc/inittab.
The problem should be fixed in IRIX 5.3.
------------------------------
Subject: -80- Why does timed say "bind: Cannot assign requested
address"?
Date: 29 Oct 94 00:00:01 EST
timed is incompatible with the rld which comes with patchSG0000023,
which is needed for DeltaCC. There are two solutions to this problem
(thanks to Alan Davis <davis@masig.fsu.edu>):
- Get a new timed from SGI.
- Replace the following line in /etc/init.d/network.options (line 664
in an unmodified IRIX 5.2 file)
/usr/etc/timed -M `cat $CONFIG/timed.options 2> /dev/null` &
with
env _RLD_ARGS="-clearstack" /usr/etc/timed `cat $CONFIG/timed.options 2> /dev/null` &
------------------------------
Subject: -81- Why is famd hammering my NFS server?
Date: 22 Nov 94 00:00:01 EST
It's partly a bug. Get patch 165 for IRIX 5.2 and patch 166 for IRIX
5.3. It's partly just famd's nature; you can try to calm it down by
changing its polling interval (6 seconds by default, specified by the
'-t 6' flag) in /etc/inetd.conf.
------------------------------
Subject: -82- MISCELLANEOUS
Date: 15 May 94 00:00:01 EST
Everything else.
------------------------------
Subject: -83- How do I set the number of processes allowed on my
machine?
Date: 13 Nov 94 00:00:01 EST
Use systune(1M) to change 'nproc' (in the 'numproc' group of
parameters) and reboot.
------------------------------
Subject: -84- Where can I get a termcap file for 'iris-ansi-net' to
install on my non-SGI system?
Date: 20 May 93 00:00:01 CST
SGIs use terminfo, so you need to translate the terminfo description
to termcap. 'infocmp -Cr iris-ansi-net' will produce an iris-ansi-net
termcap file. See infocmp(1) for more. Note that 'infocmp' is in the
eoe2.sw.terminf subsystem, which is not installed by default.
------------------------------
Subject: + -85- How can I make my SGI understand strange terminal types
from other Unix systems?
Date: 16 Dec 94 00:00:01 EST
+ If the other system uses terminfo, use 'infocmp -I whatever > file' to
+ extract the terminfo entry for the terminal. Transfer the file to your
+ SGI and do 'tic file' (as root) to put the entry into the terminfo
+ database.
+ If the other system uses termcap, snip the termcap entry out of
+ /etc/termcap (or wherever) with an editor, transfer it to your SGI
+ and (as root) do 'captoinfo file > newfile' and 'tic newfile'.
+ See also the infocmp(1), captoinfo(1), tic(1) and terminfo(4)
+ manpages, and make sure you've installed eoe2.sw.terminf, which
+ contains all of the programs.
------------------------------
Subject: -86- Can I change my full name or login shell without being
superuser?
Date: 16 Mar 94 00:00:01 EST
Maybe. IRIX has no 'chfn' or 'chsh', so if you're a local user you're
stuck. However, if your account is on NIS (Yellow Pages) you can use
'ypchpass'. You might also ask your superuser to install one of the
many free implementations of 'chfn' and/or 'chsh'; one is in volume 3
of comp.sources.unix (ftp.uu.net:/usenet/comp.sources.unix/volume3/).
------------------------------
Subject: -87- How can I administer my Iris without a graphics
terminal?
Date: 13 Apr 94 00:00:01 EST
The visual admin tools in IRIX 4.0.x ('vadmin') need GL, and do not
work on X terminals or workstations without GL. You can use 'sysadm'
on text terminals for some tasks, but beware of bugs and
inadequacies: SGI judged 'sysadm' to be too buggy to be worth
updating for IRIX 5.x.
The visual admin tools in IRIX 5.2 and later should display on any X
display, *except* for the backup/restore tool which is an exact port
from IRIX 4.0.x and requires GL. Some images will be missing when GL
is unavailable, but the tools will function properly. As for text
terminals, you're out of luck: 'sysadm' does not exist in IRIX 5.x.
Of course, you can always use a text editor and write scripts, or see
the next question.
------------------------------
Subject: -88- How can I use the visual admin tools on a system with
graphics to administer a system without graphics?
Date: 12 Feb 94 00:00:01 EST
rlogin to the graphics-less system and run 'vadmin' (IRIX 4.0.x) or
'chost' (IRIX 5.x). Make sure that the DISPLAY environment variable
is set correctly and that both the vadmin/sysadmdesktop and the
shared library subsystems are installed on the graphics-less system
(which they are in the default installation).
Under IRIX 5.x, look at the READMEs in /var/sysadmdesktop/rsysmanapps
and /var/sysadmdesktop/sysmanapps to find out how to use 'chost' to
run commands on remote systems. Finally, in a future release of IRIX
5.x, the sysadmdesktop tools will be able to manage remote systems
*without* doing an rlogin.
------------------------------
Subject: -89- Can I put my own picture in the 'clogin' display?
Date: 20 Aug 94 00:00:01 EST
Not in IRIX 5.0-5.2. You could in IRIX 4.0.x and earlier, and you
will be able to again in IRIX 5.3.
------------------------------
End of sgi/faq/admin Digest
******************************
--
The SGI FAQ group sgi-faq@viz.tamu.edu
Finger us for info on the SGI FAQs, or look in viz.tamu.edu:/pub/sgi.
