home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SGI Developer Toolbox 6.1
/
SGI Developer Toolbox 6.1 - Disc 4.iso
/
FAQs
/
SGIfaqs
/
SGI-Admin-faq
< prev
next >
Wrap
Internet Message Format
|
1994-08-01
|
91KB
Xref: odin comp.sys.sgi.misc:9154 comp.answers:4798 news.answers:20655
From: sgi-faq@viz.tamu.edu (The SGI FAQ group)
Newsgroups: comp.sys.sgi.misc,comp.answers,news.answers
Subject: SGI admin Frequently Asked Questions (FAQ)
Supersedes: <admin_764182743@viz.tamu.edu>
Followup-To: comp.sys.sgi.misc
Date: 6 Apr 1994 20:11:18 GMT
Organization: Visualization Lab, Texas A&M University
Lines: 1120
Expires: 4 May 1994 20:11:14 GMT
Reply-To: sgi-faq@viz.tamu.edu (The SGI FAQ group)
NNTP-Posting-Host: viz.tamu.edu
Originator: sgi-faq@viz
Archive-name: sgi/faq/admin
Last-modified: Wed Apr 6 15:10:30 CDT 1994
SGI admin Frequently Asked Questions (FAQ)
This is one of the Silicon Graphics FAQ series, which consists of:
SGI admin FAQ - IRIX system administration
SGI apps FAQ - Applications & compilers
SGI graphics FAQ - Graphics and user environment customization
SGI hardware FAQ - Hardware
SGI misc FAQ - Introduction & miscellaneous information
SGI performer FAQ - IRIS Performer
SGI pointer FAQ - Pointer to the other FAQs
Read the misc FAQ for information about the FAQs themselves. Each FAQ
is posted to comp.sys.sgi.misc and to the news.answers and comp.answers
newsgroups (whose purpose is to store FAQs) twice per month. If you
can't find one of the FAQs with your news program, you can get it by
anonymous FTP from one of these sites:
rtfm.mit.edu:/pub/usenet/comp.sys.sgi.misc/
rtfm.mit.edu:/pub/usenet/news.answers/sgi/faq/
rtfm.mit.edu:/pub/usenet/comp.answers/sgi/faq/
viz.tamu.edu:/pub/sgi/faq/
Note that rtfm.mit.edu is home to many other FAQs and informational
documents, and is a good place to look if you can't find an answer
here. If you can't use FTP, send mail to mail-server@rtfm.mit.edu with
the command 'send usenet/news.answers/ftp-list/faq' on a line by itself
in the text, and it will send you a document describing how to FTP by
mail. You can also read a hypertext version of the FAQs at
http://www.cis.ohio-state.edu/hypertext/faq/usenet/sgi/top.html
The SGI FAQs are freely distributable and wide circulation is encouraged.
The contents are accurate as far as we know, but the usual disclaimers
apply. Please send additions and changes to sgi-faq@viz.tamu.edu.
Topics covered in this FAQ:
---------------------------
-1- How can I determine which release of IRIX I'm running?
-2- How can I determine my SGI's Ethernet (and/or FDDI) address?
-3- How can I administer my Iris without a graphics terminal?
-4- Is it possible to use the visual admin tools on a system with
graphics to administer a system without graphics?
-5- How can I boot directly into single-user mode?
-6- How can I boot from a non-default disk?
-7- How can I boot my machine using a server on the other side of a
router?
-8- Is it possible to remotely install IRIX over a network?
-9- Which IRIX CD is the program 'foo' on?
-10- Why doesn't 'inst' work?
-11- How can I install IRIX onto a second disk which I can then move
to another machine?
-12- How can I copy my system disk onto a second disk which I can then
move to another machine?
-13- I think I've found a security hole in IRIX; whom do I notify at
SGI?
! -14- What security problems does IRIX have?
-15- How can I log more information about logins?
-16- I've just edited inetd.conf, and nothing changed. Why?
-17- How do I make an anonymous or restricted FTP account?
-18- How do I set the number of processes allowed on my machine?
-19- I want to install a termcap for 'iris-ansi-net' on my non-SGI
system, but I can't find a termcap file on the SGI. Where can I
get one?
-20- My SGI crashed and generated a file, /usr/adm/crash/vmcore.1. How
can I examine this file to see what crashed my system?
-21- How can I tell what hostname to use in /etc/exports?
-22- Why can't I export an NFS-mounted filesystem?
-23- Why can't Ultrix automount SGI filesystems?
+ -24- Why does 'tar' work strangely on a filesystem mounted from an
SGI?
-25- Is 'pcnfsd' available for the SGI?
-26- Can I export a CD-ROM from my SGI to a non-SGI?
-27- Why can't I export an ISO 9660 CD-ROM using NFS?
-28- How can I read an IRIX (EFS) CD-ROM on a machine which doesn't
use EFS?
-29- Why is my network license daemon ('netlsd') exiting?
-30- Why isn't /usr/adm/SYSLOG being updated?
-31- Why is 'rusers' showing users who aren't really logged in?
-32- How do I make a bootable tape from an IRIX 4.0.X CD?
! -33- Why can't I boot one of the stand-alone programs on a tape or CD?
-34- Why is /debug or /proc full of huge files?
-35- Why do some programs parse /etc/fstab incorrectly?
-36- My Indigo's Ethernet performance is dog-slow. What gives?
-37- My Indigo running 4.0.5IOP is getting SIGSEGVs and crashing. What
gives?
-38- Why is my Indigo2 panicking?
-39- What's this 'iotim' error in my syslog?
-40- Why can't 'lp' read my file?
-41- How can I use 'lpr' to print to my local printer?
-42- How can I use 'lp' to print to an 'lpr'-controlled printer?
-43- How can I tell 'lp' to turn banner printing or page reversal off
or on?
-44- Why can't I 'rdist' files between Suns and SGIs?
-45- How do I add a static route?
-46- How can I make the 'slip' command advertise the Ethernet address
of the SLIP client?
-47- How can I set up 'sendmail' to pass 8-bit characters?
-48- Why are my mailbox files changing ownership?
-49- Why isn't a valid user getting their mail?
-50- How can SGIs and Suns share a mail spool?
-51- What's an "unknown mailer error"?
-52- What's "mailbox: Error 0"?
-53- Can I change my full name or login shell without being superuser?
-54- How do I extend an existing filesystem onto a new disk?
-55- How can I measure my network's reliability?
-56- How do I know if I need more memory and/or swap space?
-57- How much swap space should I have per megabyte of memory?
-58- How can I increase my swap space?
----------------------------------------------------------------------
Subject: -1- How can I determine which release of IRIX I'm running?
Date: 07 Feb 94 00:00:01 CST
'uname -a' gives you all the kernel info; see the uname(1) manpage for
other options.
Of more general use, since kernels don't always reflect installed
software, is the 'versions' command. 'versions' with no arguments
lists all the installed software subsystems.
IRIX 5.2's System Manager ('chost') has the IRIX version number under
"IRIX Version" and a listing of installed software under "Software"
(the "Show Installed" button).
------------------------------
Subject: -2- How can I determine my SGI's Ethernet (and/or FDDI)
address?
Date: 07 Feb 94 00:00:01 CST
Many thanks to Miguel Sanchez <miguel@oasis.csd.sgi.com> for providing
the original version of the following discussion, and to Dave Olson
<olson@sgi.com> for comments. Andrew Cherenson
<arc@sgi.com> reminded us that all these methods except
the first apply to FDDI as well, but we'll just say "Ethernet" below.
Every system on an Ethernet network must have a unique Ethernet address
for the network to operate properly. The physical Ethernet address of
your system is the unique number assigned to the Ethernet hardware on
your system. This unique number is assigned to the manufacturer of your
Ethernet hardware by the IEEE (formerly by Xerox, one of the original
developers of Ethernet). This is not to be confused with the IP
address, which can be set arbitrarily.
You may need to determine your system's Ethernet address if your
network manager requires it before connecting your system to a
network. How to do so depends on whether IRIX is running and what
operating system version is loaded. Method 1 only provides the
Ethernet address of the primary interface. If you have multiple
Ethernet interfaces (boards) in a system, use method 2, 3, 4 or 5 to
determine the address(es) of any other interface(s).
METHOD 1: eaddr
If IRIX is not running, and the system is a Personal IRIS (4D20,
25, 30, or 35), Indigo, Crimson, Onyx or Challenge, you can obtain
the Ethernet address by typing 'eaddr' (older machines) or
'printenv eaddr' (newer) at the PROM monitor prompt. On some
machines (4D30 or later) you can say 'nvram eaddr' while IRIX is
running to get the same result.
METHOD 2: netstat
Under IRIX 4.0.1 or later, you can use the netstat command. For
example,
% /usr/etc/netstat -ia
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ec0 1500 siligrph luey7 7765678 21648 384477 0 30338
192.48.200.251
192.0.0.1
08:00:69:06:17:c2
lo0 32880 loopback localhost 41438 0 41438 0 0
192.0.0.1
As seen on the fourth address line, the address of the system
luey7's primary Ethernet interface, "ec0", is 08:00:69:06:17:c2.
METHOD 3: arp
You can obtain the Ethernet address of a Silicon Graphics system by
using another system on your network. 'ping' the system whose
Ethernet address you want, then use 'arp'. For example,
% /usr/etc/ping -c 1 luey6
PING luey6.sgi.com (192.48.200.250): 56 data bytes
64 bytes from 192.48.200.250: icmp_seq=0 ttl=255 time=0 ms
----luey6.sgi.com PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
% /usr/etc/arp luey6
luey6 (192.48.200.250) at 8:0:69:6:c:40
%
METHOD 4: NetVizualyzer/FDDIVizualyzer and the like
SGI's NetVizualyzer/FDDIVizualyzer network monitoring software and
at least one public domain equivalent ('netman', at
ftp.cs.curtin.edu.au:/pub/netman/) allow you to find the Ethernet
address corresponding to any IP address. Read the manual.
METHOD 5: System Manager
The Network Setup part ('cnet') of IRIX 5.2's System Manager tool
('chost') shows the Ethernet address of each interface.
4DDN: A Special Case
DECnet uses a one-to-one relationship between the DECnet node ID
and the Ethernet address. If the DECnet address is changed the
Ethernet address is changed. DECnet Ethernet addresses always start
with aa:, so you can identify systems running DECnet with 'arp -a'.
4DDN is Silicon Graphics' DECnet interconnection product. The
Ethernet address of an IRIS running 4DDN will change when 4DDN is
started. Method 1 will return the original Ethernet address for
the system. Methods 2-5 will show the Ethernet address currently
in use.
sysinfo
/etc/sysinfo is intended to return a unique identifier, which on
some machines includes part or all of the Ethernet address. This is
best regarded as an amusing coincidence, like HAL's name in "2001".
Don't rely on it.
------------------------------
Subject: -3- How can I administer my Iris without a graphics
terminal?
Date: 12 Feb 94 00:00:01 EST
SGI's visual admin tools ('vadmin' in IRIX 4.0.x and 'chost' in IRIX
5.x) need GL. They do not work on X terminals or workstations without
GL, and will not in the near future. Under IRIX 4.0.x you can use
'sysadm' on text terminals for some tasks, but beware of bugs and
inadequacies: SGI judged 'sysadm' to be too buggy to be worth updating
for IRIX 5.x.
Of course, you can always use a text editor and write scripts, or see
the next question.
------------------------------
Subject: -4- Is it possible to use the visual admin tools on a system
with graphics to administer a system without graphics?
Date: 12 Feb 94 00:00:01 CST
Yes: just rlogin to the graphics-less system and run 'vadmin' (IRIX
4.0.x) or 'chost' (IRIX 5.x). Make sure that the DISPLAY environment
variable is set correctly and that both the vadmin/sysadmdesktop and
the shared library subsystems are installed on the graphics-less system
(which they are in the default installation).
Under IRIX 5.x, look at the READMEs in /var/sysadmdesktop/rsysmanapps
and /var/sysadmdesktop/sysmanapps to find out how to use 'chost' to run
commands on remote systems. Finally, in a future release of IRIX 5.x,
the sysadmdesktop tools will be able to manage remote systems *without*
doing an rlogin.
------------------------------
Subject: -5- How can I boot directly into single-user mode?
Date: 20 Feb 94 00:00:01 EST
Use the PROM monitor's 'single' command.
For machines earlier than 4D35s, whose PROMs don't have that command,
say 'boot dksc(0,1,0)unix initstate=s'. Replace 'dksc(0,1,0)' with the
appropriate device and partition if your boot volume is something other
than a SCSI device partitioned in the standard manner; see the chapter
on the PROM monitor in the "Advanced Site and Server Administration
Guide".
------------------------------
Subject: -6- How can I boot from a non-default disk?
Date: 20 Jan 94 00:00:01 CST
Says Justin Mason <jmason@iona.ie>: If your disk is SCSI ID 4, do
boot -f dksc(0,4,8)sash dksc(0,4,0)unix root=dks0d4s0
or
setenv bootfile dksc(0,4,8)sash
setenv path dksc(0,4,8)
setenv root dks0d4s0 # This is the tricky part
auto
from the PROM. The first method works once, so that subsequent reboots
use SCSI ID 1, and the second method sets the PROM to boot from ID 4
every time (until you reset the PROM variables).
------------------------------
Subject: -7- How can I boot my machine using a server on the other
side of a router?
Date: 24 Jan 94 00:00:01 EST
Tell the router to forward BOOTP packets. If it can't, NFS-mount the
remote volumes on another machine on the same subnet and use the nearby
machine for your boot server.
------------------------------
Subject: -8- Is it possible to remotely install IRIX over a network?
Date: 20 May 93 00:00:01 CST
Yes. You can install IRIX from a remote machine which has a CD-ROM, a
tape drive, or an IRIX distribution directory. All of these scenarios
(and several others) are described in detail in the "IRIS Software
Installation Guide". Examples are provided.
------------------------------
Subject: -9- Which IRIX CD is the program 'foo' on?
Date: 10 Dec 93 00:00:01 EST
Load the CD and try 'grep foo /CDROM/dist/*.idb'. If you don't get any
output, 'foo' isn't on that CD. If you do, it is, and one of the fields
is the subsystem in which 'foo' lives.
------------------------------
Subject: -10- Why doesn't 'inst' work?
Date: 16 Jan 94 00:00:01 EST
One possibility is that you're using an old 'inst' with new software.
Always use an 'inst' at least as new as what you're installing.
------------------------------
Subject: -11- How can I install IRIX onto a second disk which I can
then move to another machine?
Date: 20 Jan 94 00:00:01 EST
With difficulty. Many parts of the installation process assume that
you're installing IRIX onto your system disk (SCSI ID 1). Just fiddle
with SCSI ID switches and/or move disks around to make the disk onto
which you want to install IRIX the system disk for the duration of the
installation.
Furthermore, IRIX has many hardware dependencies, so you should only
move system disks between absolutely identical machines. If you want to
make a system disk for a machine without a network connection, CD-ROM
or tape drive, the easiest and safest way is to borrow another CD-ROM
or tape drive.
If you want to try anyway, Justin Mason <jmason@iona.ie> reports that
the following works under IRIX 5.1.1:
Set up the disk, e.g. with SCSI id 4, fx a generic "[bo]otable"
partition setup onto it, and mkfs the partitions. Copy sash, etc. from
your system disk to the new disk with dvhtool. Boot up the miniroot
as usual, go into inst, choose "admin" from the menu and do the
following, replacing SCSI IDs and partition numbers as appropriate:
umount /root
umount /root/usr
mount /dev/dsk/dks0d4s0 /root
mount /dev/dsk/dks0d4s6 /root/usr
mount # Just to check
return # Go back to main inst menu
Then install as you like.
------------------------------
Subject: -12- How can I copy my system disk onto a second disk which I
can then move to another machine?
Date: 20 Feb 94 00:00:01 EST
See the article in the Jul/Aug 92 Pipeline and the addendum in the
Nov/Dec 92 Pipeline, and note that the warning about hardware
dependencies in the previous question applies here too.
------------------------------
Subject: -13- I think I've found a security hole in IRIX; whom do I
notify at SGI?
Date: 10 Dec 93 00:00:01 CST
In general, if you find a security problem (or think you have), you can
send it to postmaster@sgi.com. This address gets a lot of mail, so you
may want to CC your mail to one of the SGI employees who regularly post
to Usenet. (Several have indicated that they will be glad to know about
such things.)
You can also notify CERT <cert@cert.org>, who will contact the
appropriate people from their contact list. They may take some time.
------------------------------
Subject: ! -14- What security problems does IRIX have?
Date: 05 Apr 94 00:00:01 EST
Before we start, some general comments:
- IRIX is too complex for this list to be complete. We only discuss
problems we know about. We don't discuss insecurely designed systems
(like YP) or ways in which you might misconfigure your system, only
bugs. We don't discuss third-party software, free or not.
- Read rtfm.mit.edu:/pub/usenet/news.answers/security-faq and the books
and papers listed therein for general discussions of Unix security.
Look on ftp.cert.org:/ for CERT advisories, descriptions of what CERT
and CERT advisories are, and other security-related material.
- Prudence and space permit us to describe only how to close holes, not
to exploit them. Try comp.security.unix.
- Some of the fixes involve installing a new version of a setuid
binary. Be sure that you 1) make it executable, setuid and owned by
the correct user and group (or it won't work), and 2) remove the old
version so bad guys can't use it!
Now for the holes themselves:
- CERT advisory CA-92:08, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-92:08.SGI.lp.vulnerability
describes problems with the permissions of 'lp'-related parts of IRIX
which allow anyone who can log in as lp to get root access. They are
fixed in IRIX 4.0.5. Briefly, the fix is
su root
cd /usr/lib
chmod a-s,go-w lpshut lpmove accept reject lpadmin
chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks
cd /usr/bin
chmod a-s,go-w disable enable
chmod go-ws cancel lp lpstat
- CERT advisory CA-93:16, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:16.sendmail.vulnerability
describes a hole in /usr/lib/sendmail which allows anyone root
access, whether they can log in initially or not! Fixed versions for
IRIX 4.0.x and 5.x are at
ftp.sgi.com:/sgi/IRIX4.0/sendmail/
ftp.sgi.com:/sgi/IRIX5.0/sendmail/
- CERT advisory CA-93:17, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:17.xterm.logging.vulnerability
describes a hole in /usr/bin/X11/xterm which allows any user root
access. It is fixed in IRIX 5.x. A fixed version for IRIX 4.x is at
ftp.sgi.com:/sgi/IRIX4.0/xterm/
The 'fix', incidentally, is that logging is completely disabled.
- /usr/bsd/rdist has several holes which allow any user root access.
Some are fixed in IRIX 4.0.5x, but some are still present in all
versions of IRIX 4.0.x and 5.x, including the 4.0.5 version on
ftp.sgi.com. Close the hole with 'chmod -s'. rdist will then work
only when used by root.
If your non-root users need 'rdist', there is a free version which
claims to be free of all known holes in usc.edu:/pub/rdist/. Make
sure you get version 6.1 beta 3 or later.
Note that CERT advisory CA-91:20
(ftp.cert.org:/pub/cert_advisories/CA-91:20.rdist.vulnerability) is
badly out of date.
- The 'lpr' subsystem in IRIX 4.0.x and 5.x has several holes which
allow a non-root user to become root. Use 'lp' instead if you
can. If you don't need 'lpr', make sure it isn't installed. (It
lives in the eoe2.sw.lpr subsystem.) If you do need 'lpr', try the
patched version of the Net/2 BSD lpr at
ftp.umbc.edu:/pub/sgi/patched-lpr.tar.Z. The '-s' (symbolic link)
option is disabled to avoid one of the security holes.
- /usr/bin/under is an unused (!) part of 'rexd'. It is setuid root and
may allow root access, so 'chmod -s' it just in case. Note that SGI
ships IRIX with 'rexd' turned off because 'rexd' is itself a security
problem.
- /usr/etc/arp is setgid sys, allowing anyone who can log into your
machine to read files which should be readable only by group 'sys'.
Close the hole with 'chmod -s'. This prevents non-root users from
using 'arp' at all, but they don't generally need it.
- /usr/sbin/cdinstmgr is setuid root and is a script. Setuid scripts
are a well-known Unix security problem. IRIX ignores them by default,
but 'chmod -s /usr/sbin/cdinstmgr' just in case.
Finally, several aspects of SGI's default IRIX configuration were
chosen for convenience, not security. Unless your machine is not
networked, you may be more concerned about security than SGI assumed.
Note that these items have been discussed on Usenet many times, and
Usenet chatter is not a good way to change SGI policy. If they bother
you, talk to your sales rep or just fix them yourself as follows:
- Several accounts come without passwords, including (but not limited
to) guest, 4Dgifts, demos, tutor, tour and particularly lp. Examine
/etc/passwd and lock all unnecessarily open accounts. Note that 1)
parts of IRIX (e.g. 'inst') use the open guest account by default,
and 2) remote 'lp' clients need access to the lp account to print, so
you'll need to make other arrangements.
- 'xdm' does 'xhost +' by default when you log in. This allows anyone
to open windows on your display and even to record what you type at
your keyboard. Close this hole by removing the 'xhost +' from
/usr/lib/X11/xdm/Xsession and /usr/lib/X11/xdm/Xsession-remote. Note
that the Xauthority mechanism has several different problems in IRIX
4.0.x, so you'll need to say 'xhost +localhost' to run DGL programs
and 'xhost +otherhost' to display remote X programs.
- At least some of the possible default values of the PATH environment
variable begin with the current directory. (The system interprets
either a period or the empty string in any component of PATH as the
current directory. PATH is colon-separated, so if it begins with a
colon the first component is the empty string.) This exposes you to
Trojan horse programs. Set PATH to a safe value (remove the current
directory, or at least move it to the end) in /etc/cshrc and/or
/etc/profile.
------------------------------
Subject: -15- How can I log more information about logins?
Date: 22 Jan 94 00:00:01 EST
- 'last', 'who', etc. get remote login information from /etc/xutmp and
/etc/xwtmp. That information is only logged into these files if they
already exist. To create them, just say 'touch /etc/xutmp
/etc/xwtmp'. In IRIX 5.x, 'touch /var/adm/utmpx /var/adm/wtmpx'.
- As described in the login(1) manpage, you can add the line
'syslog=all' to /etc/config/login.options to log all login attempts,
not just successful ones, in /usr/adm/SYSLOG.
- 'ftpd', 'rshd' and 'tftpd' all have options ('-l' or '-L') which
cause them to log all accesses. See their manpages. 'ftpd' also has
'-ll' and '-lll' options (undocumented before IRIX 5.x) which log
individual file transfers and the sizes of those files respectively.
Add the options to the last fields (not the second-to-last) of the
appropriate lines of /usr/etc/inetd.conf (/etc/inetd.conf in IRIX
5.x), then do 'killall -HUP inetd' or reboot.
------------------------------
Subject: -16- I've just edited inetd.conf, and nothing changed. Why?
Date: 10 Dec 93 00:00:01 CST
You need to make 'inetd' reread the file. Do 'killall -HUP inetd' or
reboot.
------------------------------
Subject: -17- How do I make an anonymous or restricted FTP account?
Date: 10 Dec 93 00:00:01 EST
Read the ftpd(1M) manpage. Be especially sure that the home directory
(/usr/people/ftp) is owned and writable only by root, NOT ftp.
------------------------------
Subject: -18- How do I set the number of processes allowed on my
machine?
Date: 23 Jan 94 00:00:01 CST
Change NPROC in usr/sysgen/master.d/kernel, run '/etc/autoconfig -f'
and reboot. In IRIX 5.x, use 'systune'.
------------------------------
Subject: -19- I want to install a termcap for 'iris-ansi-net' on my
non-SGI system, but I can't find a termcap file on the
SGI. Where can I get one?
Date: 20 May 93 00:00:01 CST
SGIs use the system 5 style terminfo stuff. What you want can be done
though. See the infocmp(1) manpage and the documentation about -r.
This should do the job: 'infocmp -Cr iris-ansi'.
If you don't have infocmp, you have to install eoe2.sw.terminf, which
is not installed by default.
------------------------------
Subject: -20- My SGI crashed and generated a file,
/usr/adm/crash/vmcore.1. How can I examine this file to
see what crashed my system?
Date: 10 Dec 93 00:00:01 EST
For a start, you can use 'dbx' like so:
dbx -k /usr/adm/crash/{unix,vmcore}.#
t
&putbuf/1000s
Some machines have a special 'dbx' for crash dumps,
/usr/adm/crash/dbx. If it exists, use it instead of /usr/bin/dbx.
There is also a script, 'crpt', which does this and more
automagically. One version lives at
viz.tamu.edu:/pub/sgi/software/crpt/, but ask the TAC when you call to
make sure you have the latest and greatest.
------------------------------
Subject: -21- How can I tell what hostname to use in /etc/exports?
Date: 07 Feb 94 00:00:01 EST
NFS servers may need a particular form of a client's name in
/etc/exports to allow the client access. This may not be obvious, for
example if the server is also a router. Log in from the client to the
server and say 'echo $REMOTEHOST' to see what the server thinks the
client is called, and put that in /etc/exports.
IRIX 5.2's System Manager ('chost') should be able to determine the
correct hostname for you.
------------------------------
Subject: -22- Why can't I export an NFS-mounted filesystem?
Date: 10 Dec 93 00:00:01 CST
This is known as multi-hop NFS. It is not allowed or supported in
(Sun's) NFS because it is not in general possible to detect errors such
as infinite mount loops, on either the client or the server.
------------------------------
Subject: -23- Why can't Ultrix automount SGI filesystems?
Date: 10 Dec 93 00:00:01 CST
Ultrix's automount uses an "untrusted" port for mount requests. Add
an '-n' to the mountd lines in /usr/etc/inetd.conf (/etc/inetd.conf
in IRIX 5.x), like so:
mountd/1 stream rpc/tcp wait root /usr/etc/rpc.mountd mountd -n
mountd/1 dgram rpc/udp wait root /usr/etc/rpc.mountd mountd -n
then 'killall mountd' and 'killall -HUP inetd' or reboot.
------------------------------
Subject: + -24- Why does 'tar' work strangely on a filesystem mounted
from an SGI?
Date: 03 Apr 94 00:00:01 EST
When user A extracts a file owned by user B from a tar archive, 'tar'
makes the file owned by user A unless user A is the superuser. Some
systems allow users to give files away (e.g. IRIX); some do not (e.g.
SunOS). On some systems with the restricted behavior (SunOS among
them), 'tar' tries to give the file to user B whether or not user A is
the superuser, assuming that the chown system call will fail if user A
is not. This is not true if user A is using 'tar' on (e.g.) a Sun to
extract files onto a filesystem NFS-mounted from (e.g.) an SGI. 'tar'
may create zero-length files or give away directories and then be
unable to extract files into them.
Work around the problem by doing the 'tar' on the SGI or extracting
onto a Sun filesystem. It is possible that third-party versions of
'tar' (e.g. GNU tar) are smarter; let us know if so. Don't turn the
restricted_chown kernel variable on on the SGI; while this will fix the
problem at hand, it will break SGI programs which need to give files
away without running as root (notably /bin/mail).
------------------------------
Subject: -25- Is 'pcnfsd' available for the SGI?
Date: 27 Feb 94 00:00:01 EST
For IRIX 4.0.x, look in ftp.sgi.com:/support/pcnfsd.sysV/. (Note that
although SGI makes this available, they do not support it.) For IRIX 5.x,
look in viz.tamu.edu:/pub/sgi/software/pcnfsd/.
------------------------------
Subject: -26- Can I export a CD-ROM from my SGI to a non-SGI?
Date: 10 Dec 93 00:00:01 EST
Not in IRIX 4.0.x. You can in IRIX 5.x, as you would any other
filesystem.
------------------------------
Subject: -27- Why can't I export an ISO 9660 CD-ROM using NFS?
Date: 20 Feb 94 00:00:01 EST
You can, but only to another SGI (see the previous question) and
there's a catch. Add the CD-ROM filesystem to /etc/exports and export
it with 'exportfs' *before* you mount the CD-ROM. This chicanery is
not necessary in IRIX 5.x. For more detail, read
viz.tamu.edu:/pub/sgi/hardware/exporting-iso-9660-cdrom or the article
in the Jan/Feb 93 Pipeline, or for an up-to-date copy call the TAC and
ask for SGI's writeup on "Mounting an ISO 9660 CD Across NFS".
------------------------------
Subject: -28- How can I read an IRIX (EFS) CD-ROM on a machine which
doesn't use EFS?
Date: 09 Jan 94 00:00:01 EST
You want 'efslook', in viz.tamu.edu:/pub/sgi/software/efslook/.
------------------------------
Subject: -29- Why is my network license daemon ('netlsd') exiting?
Date: 20 May 93 00:00:01 CST
For netlsd to run, you need to have 'llbd' and 'glbd' installed and
running. A complete debugging procedure is in the netls release notes,
which can be read with 'relnotes netls_eoe 5'.
------------------------------
Subject: -30- Why isn't /usr/adm/SYSLOG being updated?
Date: 05 Jul 93 00:00:01 CST
Thanks to Vernon Schryver <vjs@rhyolite.wpd.sgi.com> here.
Popular causes include:
- running out of disk space.
Once syslogd is unable to write to /usr/adm/SYSLOG, it won't try
again until it is `killall -HUP syslogd`.
- installing IRIX 4.0.X and failing to heed the nagging from
the system when it is rebooted to run 'versions changed' and combine
new and old configuration files. In this case, the trouble is in
/usr/spool/cron/crontabs/root.
------------------------------
Subject: -31- Why is 'rusers' showing users who aren't really logged
in?
Date: 30 Dec 93 00:00:01 CST
This is a well-known bug in IRIX 4.0.X wherein /etc/utmp is not being
updated properly after a user logout. 'rusers' (and other programs)
are simply reporting the non-updated contents of /etc/utmp.
Fixes have been provided by jer@blaise.cif.rochester.edu, David Hinds
<dhinds@allegro.stanford.edu> and Patrick M. Ryan <pat@gsfc.nasa.gov>.
They can be found at viz.tamu.edu:/pub/sgi/software/utmp/.
------------------------------
Subject: -32- How do I make a bootable tape from an IRIX 4.0.X CD?
Date: 20 Feb 94 00:00:01 EST
See the Sep/Oct 93 Pipeline for a detailed description, or just follow
Dave Olson <olson@sgi.com>'s summary: Take a look at the distcp(1M)
manpage, and do something like
tapehost# mount -o ro cdhost:/CDROM /mnt
tapehost# distcp /mnt/dist /dev/nrtape
Note that 'fx', 'ide', and 'sash' for all machines are in the dist/sa
file. 'sa' is an image of the first part of the tape; use 'mkbootape
-f sa -l' to see the contents.
------------------------------
Subject: ! -33- Why can't I boot one of the stand-alone programs on a
tape or CD?
Date: 03 Apr 94 00:00:01 EST
One reason is that some CPU names are preceded by periods and some
aren't. Another is that the Indigo R4000 and later CPUs use the suffix
'ARCS', not 'IP20' or whatever as one might expect from 'hinv'. For
example, the correct command to boot fx directly from the PROM monitor
on an Indigo R4000 is 'boot -f dksc(ctlr,unit,8)sashARCS
dksc(ctlr,unit,7)stand/fx.ARCS'. Note the use of 'ARCS' instead of
'IP20' and the missing period in 'sashARCS'.
------------------------------
Subject: -34- Why is /debug or /proc full of huge files?
Date: 10 Dec 93 00:00:01 EST
Those aren't disk files, they're interfaces to running processes. Read
the debug(4) and/or proc(4) manpages.
------------------------------
Subject: -35- Why do some programs parse /etc/fstab incorrectly?
Date: 10 Dec 93 00:00:01 EST
In IRIX 4.0.5, some programs (e.g. 'fsr') misinterpret lines in
/etc/fstab, so that, e.g.,
/dev/usr /usr efs rw,raw=/dev/rusr,quota 0 0
would cause 'fsr' to think that the raw device pathname was
"/dev/rusr,quota" instead of "/dev/rusr". There is no such device, so
/dev/rusr would never be defragmented. You can work around this by
putting the "raw" option last:
/dev/usr /usr efs rw,quota,raw=/dev/rusr 0 0
This is fixed in IRIX 5.x.
------------------------------
Subject: -36- My Indigo's Ethernet performance is dog-slow. What
gives?
Date: 10 Dec 93 00:00:01 EST
Call the TAC. You need the "E++" patch, or IRIX 4.0.5IOP ("Indigo Only
Patch"), which includes the E++ patch.
------------------------------
Subject: -37- My Indigo running 4.0.5IOP is getting SIGSEGVs and
crashing. What gives?
Date: 12 Jan 94 00:00:01 EST
Make sure you've installed the 4.0.5IOP NFS maintenance patch along
with the rest of 4.0.5IOP. If you're sure you have, call the TAC.
You may need the "IP20 ethernet patch". This comes *after* 4.0.5IOP,
and is not to be confused with the older "E++ patch" (see the previous
question).
------------------------------
Subject: -38- Why is my Indigo2 panicking?
Date: 10 Jan 94 00:00:01 EST
There are several keyboard-related bugs in IRIX 4.0.5H and 4.0.5IOP
which cause Indigo2s to crash or freeze. One sign that these particular
bugs are responsible is the message "PANIC: Timeout Table Overflow" or
"WARNING: Couldn't allocate streams buffer" in /usr/adm/SYSLOG. They
will be fixed in IRIX 5.2, and in the meantime you can get the "Indigo2
keyboard patch" (aka "pckm patch") from SGI.
------------------------------
Subject: -39- What's this 'iotim' error in my syslog?
Date: 12 Feb 94 00:00:01 EST
It's a bug in 'rpc.rstatd' which affects several programs including
'ruptime' and 'sysmeter'. In IRIX 4.0.5H and later, 'rpc.rstatd'
ignores the problem (returning all but the SCSI disk stats which cause
the error) but still generates a message. The problem is completely
fixed in IRIX 5.x. The pre-4.0.5H 'rpc.rstatd' says
rstatd[4840]: read: iotim: No such device or address
and the post-4.0.5H 'rpc.rstatd' says
rstatd[4941]: read: bad iotim, no disk stats: No such device or address
If you see the former, get the patched 'rpc.rstatd' from
ftp.sgi.com:/support/rpc.rstatd or (for Indigos) upgrade to IRIX
4.0.5IOP. If you see the latter, relax and wait for IRIX 5.x.
------------------------------
Subject: -40- Why can't 'lp' read my file?
Date: 10 Dec 93 00:00:01 EST
'lp' is setuid, so it can only read world-readable files. You can say
'lp < file' if you don't want to make your file world-readable.
------------------------------
Subject: -41- How can I use 'lpr' to print to my local printer?
Date: 10 Dec 93 00:00:01 EST
SGI provides 'lpr' for printing on remote printers, and does not
support it for local printing. One way to do it anyhow is to make an
/etc/printcap entry with an output filter which is just a wrapper
around 'lp'. If that isn't crystal-clear, call the TAC and ask for
their "faxable" on "Integrating The AT&T Spooler With The BSD LPR Print
Spooler". A not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lpr-to-lp.
------------------------------
Subject: -42- How can I use 'lp' to print to an 'lpr'-controlled
printer?
Date: 10 Dec 93 00:00:01 EST
Two possible ways:
- Write an 'lp' interface script that calls 'lpr'. Impressario 1.1 can
do this for you. If you don't have Impressario you can do it yourself
or call SGI and ask for their writeup, "LPTOLPR, A Model File for
LP", which includes (in fact, consists of) just such an interface
script. A not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-to-lpr.
- Write an 'lp' replacement script that calls 'lpr'. One such script
is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-wrapper-for-lpr.
------------------------------
Subject: -43- How can I tell 'lp' to turn banner printing or page
reversal off or on?
Date: 08 Jan 94 00:00:01 CST
'lp' controls printers via shell scripts, called 'models', which live
in /usr/spool/lp/model. When you install a printer, the appropriate
model script is copied to /usr/spool/lp/interface/<name-of-printer>.
To temporarily change a printer's behavior, look at the manpage for its
interface script (or, if there is none, the script itself) to see what
options it wants, and pass them to the script with 'lp's '-o' option.
For example, 'lp -o"-nobanner" file' tells a "Generic Postscript"
printer (described in the gpsinterface(1) manpage) to print 'file'
without a banner page.
To permanently change a printer's behavior, edit its interface script.
The following are true for "Generic Postscript" printers, but the idea
is the same for others:
- To turn banner printing off or on, change the line 'BANNER=1' to
'BANNER=0' or vice versa.
- To turn page reversal off or on, change the line
'send=/usr/lib/print/lptops' to 'send="/usr/lib/print/lptops -U"'
(note the quotes) or vice versa.
------------------------------
Subject: -44- Why can't I 'rdist' files between Suns and SGIs?
Date: 10 Dec 93 00:00:01 EST
Sun's 'rdist' expects SGI's 'rdist' to live in /usr/ucb, but it's
actually in /usr/bsd. Make a symbolic link from /usr/ucb/rdist to
/usr/bsd/rdist and all will be well.
------------------------------
Subject: -45- How do I add a static route?
Date: 10 Mar 94 00:00:01 EST
Some sites handle IP routing by designating a routing machine and
having all other hosts define a static route to that machine. The way
to do this on SGIs is in the /etc/init.d/network.local script.
1) Read the paragraph just before the copyright at the top of
/etc/init.d/network and make the links it specifies.
2) Put something like the following in /etc/init.d/network.local,
replacing ROUTER'S.IP.ADDRESS.HERE with the address of your router.
#! /bin/sh
case "$1" in
'start')
/usr/etc/route add default ROUTER'S.IP.ADDRESS.HERE 1 ;;
'stop')
/usr/etc/route delete default ROUTER'S.IP.ADDRESS.HERE ;;
*)
echo "Usage: $0 {start|stop}" ;;
esac
If you NFS-mount disks from the other side of the static route, they
will not be unmounted properly during shutdown. You can fix this by
making the links so that /etc/init.d/network.local runs before
/etc/init.d/network: 'ln -s /etc/init.d/network.local
/etc/rc0.d/K41network' instead of '/etc/rc0.d/K39network'.
------------------------------
Subject: -46- How can I make the 'slip' command advertise the Ethernet
address of the SLIP client?
Date: 10 Dec 93 00:00:01 EST
You can't. Just add something like
/usr/etc/arp -s $USER `netstat -ia | grep :` pub
to the shell script in which you start the SLIP process. $USER is the
SLIP client. The 'netstat | grep' part gets the host's Ethernet
address, and 'arp' advertises the host as an ARP server for $USER. See
also the arp(1M) manpage.
------------------------------
Subject: -47- How can I set up 'sendmail' to pass 8-bit characters?
Date: 12 Feb 94 00:00:01 EST
Dunno, offhand, but many experts say "don't try". RFC822 requires mail
transport agents to *clear* the eighth bit, and many hosts do. Some
which don't may crash when they get mail with the eighth bit set.
Instead, use a MIME-compatible mail program. MIME, described in
RFC1521, is a standard for enclosing non- RFC822 material in your
mail. The apps FAQ discusses several mail programs which support it.
Nonetheless, if someone wants to tell us about putting SGI's 'sendmail'
into 8-bit mode we'll note it here.
------------------------------
Subject: -48- Why are my mailbox files changing ownership?
Date: 17 Jan 94 00:00:01 CST
If your mail directory is mounted from another machine, your machine
does not have root access, and the other machine has BSD-style
"restricted chown" (either because it's not an SGI or because someone
turned restricted chown on), /bin/mail will change mail file ownership
when delivering local mail. Without unrestricted chown or root access,
/bin/mail is unable to give mail files back to their owners after
delivering mail. You can fix the problem by turning off restricted
chown on the other machine (if it's an SGI), exporting the mail
directory with root access for your machine, or waiting for IRIX 5.2,
in which the problem will be fixed.
------------------------------
Subject: -49- Why isn't a valid user getting their mail?
Date: 24 Jan 94 00:00:01 EST
IRIX' mail system requires "valid users" to have both valid password
file entries (whether local or via NIS) and home directories. The
latter often trips one up when installing POP servers and whatnot,
where home directories aren't really necessary. Just make a fake one.
------------------------------
Subject: -50- How can SGIs and Suns share a mail spool?
Date: 05 Feb 94 00:00:01 EST
Paul Riddle <paulr@umbc.edu> has written up how he did it. Read
ftp.umbc.edu:/pub/sgi/shared-spool.text.
------------------------------
Subject: -51- What's an "unknown mailer error"?
Date: 20 Feb 94 00:00:01 EST
There's a list in viz.tamu.edu:/pub/sgi/software/mail/mail-errors.
------------------------------
Subject: -52- What's "mailbox: Error 0"?
Date: 05 Mar 94 00:00:01 EST
It's a harmless bug; don't worry about it. It is present in IRIX 4.0.x
before 4.0.5H/4.0.5IOP and fixed in those and later versions.
------------------------------
Subject: -53- Can I change my full name or login shell without being
superuser?
Date: 16 Mar 94 00:00:01 EST
Maybe. IRIX 4.x has no 'chfn' or 'chsh', so if you're a local user
you're stuck. However, if your account is on NIS (Yellow Pages) you can
use 'ypchpass'. You might also ask your superuser to install one of the
many free implementations of 'chfn' and/or 'chsh'; one is in volume 3 of
comp.sources.unix (ftp.uu.net:/usenet/comp.sources.unix/volume3/).
------------------------------
Subject: -54- How do I extend an existing filesystem onto a new disk?
Date: 24 Jan 94 00:00:01 EST
Back up the existing filesystem (just in case) then run 'mklv' and
'growfs'. 'mklv' and 'growfs' are nondestructive, so you don't need to
restore the backup unless you screw up. Don't use 'mkfs', which does
destroy existing data.
------------------------------
Subject: -55- How can I measure my network's reliability?
Date: 13 Feb 94 00:00:01 EST
Don't worry about collisions. They are part of normal operation on a
crowded Ethernet. You *should* worry about late collisions (which are
logged to the console) and lost packets (which you can easily measure
with the command 'ping -fs 3000 -c 1000 someotherhost'), which usually
mean network hardware problems or a misconfigured bridge or router.
------------------------------
Subject: -56- How do I know if I need more memory and/or swap space?
Date: 20 Feb 94 00:00:01 EST
If processes are killed due to lack of memory/swap, you need more
memory and/or swap space. If your CPU is always waiting for swapping
(run 'osview' and look at the "%Swap" entry under "Wait Ratio") you
need more memory.
------------------------------
Subject: -57- How much swap space should I have per megabyte of
memory?
Date: 20 Feb 94 00:00:01 EST
An oft-recommended ratio is X memory:2.5 X swap, but this may be too
slow. Decide how much of your favorite program (plus IRIX) needs to be
resident for good performance and how much doesn't, and make sure you
have enough memory for the former and enough memory plus swap for the
latter. Put "rmem" and "swp" in your ~/.grosview file, run 'gr_osview'
and run your favorite program to see what it needs.
------------------------------
Subject: -58- How can I increase my swap space?
Date: 20 Feb 94 00:00:01 EST
See the Jan/Feb 93 Pipeline for a detailed writeup, or call the TAC and
have them fax you the very latest version. It will be much easier in
IRIX 5.x, which will support swapping to files.
------------------------------
End of sgi/faq/admin Digest
******************************
--
The SGI FAQ group sgi-faq@viz.tamu.edu
Finger us for info on the SGI FAQs, or look in viz.tamu.edu:/pub/sgi.
From odin!sgigate.sgi.com!sgiblab!sdd.hp.com!swrinde!cs.utexas.edu!news.tamu.edu!sgi-faq Wed Apr 13 11:20:00 PDT 1994
Article: 9154 of comp.sys.sgi.misc
Xref: odin comp.sys.sgi.misc:9154 comp.answers:4798 news.answers:20655
Path: odin!sgigate.sgi.com!sgiblab!sdd.hp.com!swrinde!cs.utexas.edu!news.tamu.edu!sgi-faq
From: sgi-faq@viz.tamu.edu (The SGI FAQ group)
Newsgroups: comp.sys.sgi.misc,comp.answers,news.answers
Subject: SGI admin Frequently Asked Questions (FAQ)
Supersedes: <admin_764182743@viz.tamu.edu>
Followup-To: comp.sys.sgi.misc
Date: 6 Apr 1994 20:11:18 GMT
Organization: Visualization Lab, Texas A&M University
Lines: 1120
Approved: news-answers-request@mit.edu
Expires: 4 May 1994 20:11:14 GMT
Message-ID: <admin_765663074@viz.tamu.edu>
Reply-To: sgi-faq@viz.tamu.edu (The SGI FAQ group)
NNTP-Posting-Host: viz.tamu.edu
Originator: sgi-faq@viz
Archive-name: sgi/faq/admin
Last-modified: Wed Apr 6 15:10:30 CDT 1994
SGI admin Frequently Asked Questions (FAQ)
This is one of the Silicon Graphics FAQ series, which consists of:
SGI admin FAQ - IRIX system administration
SGI apps FAQ - Applications & compilers
SGI graphics FAQ - Graphics and user environment customization
SGI hardware FAQ - Hardware
SGI misc FAQ - Introduction & miscellaneous information
SGI performer FAQ - IRIS Performer
SGI pointer FAQ - Pointer to the other FAQs
Read the misc FAQ for information about the FAQs themselves. Each FAQ
is posted to comp.sys.sgi.misc and to the news.answers and comp.answers
newsgroups (whose purpose is to store FAQs) twice per month. If you
can't find one of the FAQs with your news program, you can get it by
anonymous FTP from one of these sites:
rtfm.mit.edu:/pub/usenet/comp.sys.sgi.misc/
rtfm.mit.edu:/pub/usenet/news.answers/sgi/faq/
rtfm.mit.edu:/pub/usenet/comp.answers/sgi/faq/
viz.tamu.edu:/pub/sgi/faq/
Note that rtfm.mit.edu is home to many other FAQs and informational
documents, and is a good place to look if you can't find an answer
here. If you can't use FTP, send mail to mail-server@rtfm.mit.edu with
the command 'send usenet/news.answers/ftp-list/faq' on a line by itself
in the text, and it will send you a document describing how to FTP by
mail. You can also read a hypertext version of the FAQs at
http://www.cis.ohio-state.edu/hypertext/faq/usenet/sgi/top.html
The SGI FAQs are freely distributable and wide circulation is encouraged.
The contents are accurate as far as we know, but the usual disclaimers
apply. Please send additions and changes to sgi-faq@viz.tamu.edu.
Topics covered in this FAQ:
---------------------------
-1- How can I determine which release of IRIX I'm running?
-2- How can I determine my SGI's Ethernet (and/or FDDI) address?
-3- How can I administer my Iris without a graphics terminal?
-4- Is it possible to use the visual admin tools on a system with
graphics to administer a system without graphics?
-5- How can I boot directly into single-user mode?
-6- How can I boot from a non-default disk?
-7- How can I boot my machine using a server on the other side of a
router?
-8- Is it possible to remotely install IRIX over a network?
-9- Which IRIX CD is the program 'foo' on?
-10- Why doesn't 'inst' work?
-11- How can I install IRIX onto a second disk which I can then move
to another machine?
-12- How can I copy my system disk onto a second disk which I can then
move to another machine?
-13- I think I've found a security hole in IRIX; whom do I notify at
SGI?
! -14- What security problems does IRIX have?
-15- How can I log more information about logins?
-16- I've just edited inetd.conf, and nothing changed. Why?
-17- How do I make an anonymous or restricted FTP account?
-18- How do I set the number of processes allowed on my machine?
-19- I want to install a termcap for 'iris-ansi-net' on my non-SGI
system, but I can't find a termcap file on the SGI. Where can I
get one?
-20- My SGI crashed and generated a file, /usr/adm/crash/vmcore.1. How
can I examine this file to see what crashed my system?
-21- How can I tell what hostname to use in /etc/exports?
-22- Why can't I export an NFS-mounted filesystem?
-23- Why can't Ultrix automount SGI filesystems?
+ -24- Why does 'tar' work strangely on a filesystem mounted from an
SGI?
-25- Is 'pcnfsd' available for the SGI?
-26- Can I export a CD-ROM from my SGI to a non-SGI?
-27- Why can't I export an ISO 9660 CD-ROM using NFS?
-28- How can I read an IRIX (EFS) CD-ROM on a machine which doesn't
use EFS?
-29- Why is my network license daemon ('netlsd') exiting?
-30- Why isn't /usr/adm/SYSLOG being updated?
-31- Why is 'rusers' showing users who aren't really logged in?
-32- How do I make a bootable tape from an IRIX 4.0.X CD?
! -33- Why can't I boot one of the stand-alone programs on a tape or CD?
-34- Why is /debug or /proc full of huge files?
-35- Why do some programs parse /etc/fstab incorrectly?
-36- My Indigo's Ethernet performance is dog-slow. What gives?
-37- My Indigo running 4.0.5IOP is getting SIGSEGVs and crashing. What
gives?
-38- Why is my Indigo2 panicking?
-39- What's this 'iotim' error in my syslog?
-40- Why can't 'lp' read my file?
-41- How can I use 'lpr' to print to my local printer?
-42- How can I use 'lp' to print to an 'lpr'-controlled printer?
-43- How can I tell 'lp' to turn banner printing or page reversal off
or on?
-44- Why can't I 'rdist' files between Suns and SGIs?
-45- How do I add a static route?
-46- How can I make the 'slip' command advertise the Ethernet address
of the SLIP client?
-47- How can I set up 'sendmail' to pass 8-bit characters?
-48- Why are my mailbox files changing ownership?
-49- Why isn't a valid user getting their mail?
-50- How can SGIs and Suns share a mail spool?
-51- What's an "unknown mailer error"?
-52- What's "mailbox: Error 0"?
-53- Can I change my full name or login shell without being superuser?
-54- How do I extend an existing filesystem onto a new disk?
-55- How can I measure my network's reliability?
-56- How do I know if I need more memory and/or swap space?
-57- How much swap space should I have per megabyte of memory?
-58- How can I increase my swap space?
----------------------------------------------------------------------
Subject: -1- How can I determine which release of IRIX I'm running?
Date: 07 Feb 94 00:00:01 CST
'uname -a' gives you all the kernel info; see the uname(1) manpage for
other options.
Of more general use, since kernels don't always reflect installed
software, is the 'versions' command. 'versions' with no arguments
lists all the installed software subsystems.
IRIX 5.2's System Manager ('chost') has the IRIX version number under
"IRIX Version" and a listing of installed software under "Software"
(the "Show Installed" button).
------------------------------
Subject: -2- How can I determine my SGI's Ethernet (and/or FDDI)
address?
Date: 07 Feb 94 00:00:01 CST
Many thanks to Miguel Sanchez <miguel@oasis.csd.sgi.com> for providing
the original version of the following discussion, and to Dave Olson
<olson@sgi.com> for comments. Andrew Cherenson
<arc@sgi.com> reminded us that all these methods except
the first apply to FDDI as well, but we'll just say "Ethernet" below.
Every system on an Ethernet network must have a unique Ethernet address
for the network to operate properly. The physical Ethernet address of
your system is the unique number assigned to the Ethernet hardware on
your system. This unique number is assigned to the manufacturer of your
Ethernet hardware by the IEEE (formerly by Xerox, one of the original
developers of Ethernet). This is not to be confused with the IP
address, which can be set arbitrarily.
You may need to determine your system's Ethernet address if your
network manager requires it before connecting your system to a
network. How to do so depends on whether IRIX is running and what
operating system version is loaded. Method 1 only provides the
Ethernet address of the primary interface. If you have multiple
Ethernet interfaces (boards) in a system, use method 2, 3, 4 or 5 to
determine the address(es) of any other interface(s).
METHOD 1: eaddr
If IRIX is not running, and the system is a Personal IRIS (4D20,
25, 30, or 35), Indigo, Crimson, Onyx or Challenge, you can obtain
the Ethernet address by typing 'eaddr' (older machines) or
'printenv eaddr' (newer) at the PROM monitor prompt. On some
machines (4D30 or later) you can say 'nvram eaddr' while IRIX is
running to get the same result.
METHOD 2: netstat
Under IRIX 4.0.1 or later, you can use the netstat command. For
example,
% /usr/etc/netstat -ia
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
ec0 1500 siligrph luey7 7765678 21648 384477 0 30338
192.48.200.251
192.0.0.1
08:00:69:06:17:c2
lo0 32880 loopback localhost 41438 0 41438 0 0
192.0.0.1
As seen on the fourth address line, the address of the system
luey7's primary Ethernet interface, "ec0", is 08:00:69:06:17:c2.
METHOD 3: arp
You can obtain the Ethernet address of a Silicon Graphics system by
using another system on your network. 'ping' the system whose
Ethernet address you want, then use 'arp'. For example,
% /usr/etc/ping -c 1 luey6
PING luey6.sgi.com (192.48.200.250): 56 data bytes
64 bytes from 192.48.200.250: icmp_seq=0 ttl=255 time=0 ms
----luey6.sgi.com PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
% /usr/etc/arp luey6
luey6 (192.48.200.250) at 8:0:69:6:c:40
%
METHOD 4: NetVizualyzer/FDDIVizualyzer and the like
SGI's NetVizualyzer/FDDIVizualyzer network monitoring software and
at least one public domain equivalent ('netman', at
ftp.cs.curtin.edu.au:/pub/netman/) allow you to find the Ethernet
address corresponding to any IP address. Read the manual.
METHOD 5: System Manager
The Network Setup part ('cnet') of IRIX 5.2's System Manager tool
('chost') shows the Ethernet address of each interface.
4DDN: A Special Case
DECnet uses a one-to-one relationship between the DECnet node ID
and the Ethernet address. If the DECnet address is changed the
Ethernet address is changed. DECnet Ethernet addresses always start
with aa:, so you can identify systems running DECnet with 'arp -a'.
4DDN is Silicon Graphics' DECnet interconnection product. The
Ethernet address of an IRIS running 4DDN will change when 4DDN is
started. Method 1 will return the original Ethernet address for
the system. Methods 2-5 will show the Ethernet address currently
in use.
sysinfo
/etc/sysinfo is intended to return a unique identifier, which on
some machines includes part or all of the Ethernet address. This is
best regarded as an amusing coincidence, like HAL's name in "2001".
Don't rely on it.
------------------------------
Subject: -3- How can I administer my Iris without a graphics
terminal?
Date: 12 Feb 94 00:00:01 EST
SGI's visual admin tools ('vadmin' in IRIX 4.0.x and 'chost' in IRIX
5.x) need GL. They do not work on X terminals or workstations without
GL, and will not in the near future. Under IRIX 4.0.x you can use
'sysadm' on text terminals for some tasks, but beware of bugs and
inadequacies: SGI judged 'sysadm' to be too buggy to be worth updating
for IRIX 5.x.
Of course, you can always use a text editor and write scripts, or see
the next question.
------------------------------
Subject: -4- Is it possible to use the visual admin tools on a system
with graphics to administer a system without graphics?
Date: 12 Feb 94 00:00:01 CST
Yes: just rlogin to the graphics-less system and run 'vadmin' (IRIX
4.0.x) or 'chost' (IRIX 5.x). Make sure that the DISPLAY environment
variable is set correctly and that both the vadmin/sysadmdesktop and
the shared library subsystems are installed on the graphics-less system
(which they are in the default installation).
Under IRIX 5.x, look at the READMEs in /var/sysadmdesktop/rsysmanapps
and /var/sysadmdesktop/sysmanapps to find out how to use 'chost' to run
commands on remote systems. Finally, in a future release of IRIX 5.x,
the sysadmdesktop tools will be able to manage remote systems *without*
doing an rlogin.
------------------------------
Subject: -5- How can I boot directly into single-user mode?
Date: 20 Feb 94 00:00:01 EST
Use the PROM monitor's 'single' command.
For machines earlier than 4D35s, whose PROMs don't have that command,
say 'boot dksc(0,1,0)unix initstate=s'. Replace 'dksc(0,1,0)' with the
appropriate device and partition if your boot volume is something other
than a SCSI device partitioned in the standard manner; see the chapter
on the PROM monitor in the "Advanced Site and Server Administration
Guide".
------------------------------
Subject: -6- How can I boot from a non-default disk?
Date: 20 Jan 94 00:00:01 CST
Says Justin Mason <jmason@iona.ie>: If your disk is SCSI ID 4, do
boot -f dksc(0,4,8)sash dksc(0,4,0)unix root=dks0d4s0
or
setenv bootfile dksc(0,4,8)sash
setenv path dksc(0,4,8)
setenv root dks0d4s0 # This is the tricky part
auto
from the PROM. The first method works once, so that subsequent reboots
use SCSI ID 1, and the second method sets the PROM to boot from ID 4
every time (until you reset the PROM variables).
------------------------------
Subject: -7- How can I boot my machine using a server on the other
side of a router?
Date: 24 Jan 94 00:00:01 EST
Tell the router to forward BOOTP packets. If it can't, NFS-mount the
remote volumes on another machine on the same subnet and use the nearby
machine for your boot server.
------------------------------
Subject: -8- Is it possible to remotely install IRIX over a network?
Date: 20 May 93 00:00:01 CST
Yes. You can install IRIX from a remote machine which has a CD-ROM, a
tape drive, or an IRIX distribution directory. All of these scenarios
(and several others) are described in detail in the "IRIS Software
Installation Guide". Examples are provided.
------------------------------
Subject: -9- Which IRIX CD is the program 'foo' on?
Date: 10 Dec 93 00:00:01 EST
Load the CD and try 'grep foo /CDROM/dist/*.idb'. If you don't get any
output, 'foo' isn't on that CD. If you do, it is, and one of the fields
is the subsystem in which 'foo' lives.
------------------------------
Subject: -10- Why doesn't 'inst' work?
Date: 16 Jan 94 00:00:01 EST
One possibility is that you're using an old 'inst' with new software.
Always use an 'inst' at least as new as what you're installing.
------------------------------
Subject: -11- How can I install IRIX onto a second disk which I can
then move to another machine?
Date: 20 Jan 94 00:00:01 EST
With difficulty. Many parts of the installation process assume that
you're installing IRIX onto your system disk (SCSI ID 1). Just fiddle
with SCSI ID switches and/or move disks around to make the disk onto
which you want to install IRIX the system disk for the duration of the
installation.
Furthermore, IRIX has many hardware dependencies, so you should only
move system disks between absolutely identical machines. If you want to
make a system disk for a machine without a network connection, CD-ROM
or tape drive, the easiest and safest way is to borrow another CD-ROM
or tape drive.
If you want to try anyway, Justin Mason <jmason@iona.ie> reports that
the following works under IRIX 5.1.1:
Set up the disk, e.g. with SCSI id 4, fx a generic "[bo]otable"
partition setup onto it, and mkfs the partitions. Copy sash, etc. from
your system disk to the new disk with dvhtool. Boot up the miniroot
as usual, go into inst, choose "admin" from the menu and do the
following, replacing SCSI IDs and partition numbers as appropriate:
umount /root
umount /root/usr
mount /dev/dsk/dks0d4s0 /root
mount /dev/dsk/dks0d4s6 /root/usr
mount # Just to check
return # Go back to main inst menu
Then install as you like.
------------------------------
Subject: -12- How can I copy my system disk onto a second disk which I
can then move to another machine?
Date: 20 Feb 94 00:00:01 EST
See the article in the Jul/Aug 92 Pipeline and the addendum in the
Nov/Dec 92 Pipeline, and note that the warning about hardware
dependencies in the previous question applies here too.
------------------------------
Subject: -13- I think I've found a security hole in IRIX; whom do I
notify at SGI?
Date: 10 Dec 93 00:00:01 CST
In general, if you find a security problem (or think you have), you can
send it to postmaster@sgi.com. This address gets a lot of mail, so you
may want to CC your mail to one of the SGI employees who regularly post
to Usenet. (Several have indicated that they will be glad to know about
such things.)
You can also notify CERT <cert@cert.org>, who will contact the
appropriate people from their contact list. They may take some time.
------------------------------
Subject: ! -14- What security problems does IRIX have?
Date: 05 Apr 94 00:00:01 EST
Before we start, some general comments:
- IRIX is too complex for this list to be complete. We only discuss
problems we know about. We don't discuss insecurely designed systems
(like YP) or ways in which you might misconfigure your system, only
bugs. We don't discuss third-party software, free or not.
- Read rtfm.mit.edu:/pub/usenet/news.answers/security-faq and the books
and papers listed therein for general discussions of Unix security.
Look on ftp.cert.org:/ for CERT advisories, descriptions of what CERT
and CERT advisories are, and other security-related material.
- Prudence and space permit us to describe only how to close holes, not
to exploit them. Try comp.security.unix.
- Some of the fixes involve installing a new version of a setuid
binary. Be sure that you 1) make it executable, setuid and owned by
the correct user and group (or it won't work), and 2) remove the old
version so bad guys can't use it!
Now for the holes themselves:
- CERT advisory CA-92:08, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-92:08.SGI.lp.vulnerability
describes problems with the permissions of 'lp'-related parts of IRIX
which allow anyone who can log in as lp to get root access. They are
fixed in IRIX 4.0.5. Briefly, the fix is
su root
cd /usr/lib
chmod a-s,go-w lpshut lpmove accept reject lpadmin
chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks
cd /usr/bin
chmod a-s,go-w disable enable
chmod go-ws cancel lp lpstat
- CERT advisory CA-93:16, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:16.sendmail.vulnerability
describes a hole in /usr/lib/sendmail which allows anyone root
access, whether they can log in initially or not! Fixed versions for
IRIX 4.0.x and 5.x are at
ftp.sgi.com:/sgi/IRIX4.0/sendmail/
ftp.sgi.com:/sgi/IRIX5.0/sendmail/
- CERT advisory CA-93:17, which you can get from
ftp.cert.org:/pub/cert_advisories/CA-93:17.xterm.logging.vulnerability
describes a hole in /usr/bin/X11/xterm which allows any user root
access. It is fixed in IRIX 5.x. A fixed version for IRIX 4.x is at
ftp.sgi.com:/sgi/IRIX4.0/xterm/
The 'fix', incidentally, is that logging is completely disabled.
- /usr/bsd/rdist has several holes which allow any user root access.
Some are fixed in IRIX 4.0.5x, but some are still present in all
versions of IRIX 4.0.x and 5.x, including the 4.0.5 version on
ftp.sgi.com. Close the hole with 'chmod -s'. rdist will then work
only when used by root.
If your non-root users need 'rdist', there is a free version which
claims to be free of all known holes in usc.edu:/pub/rdist/. Make
sure you get version 6.1 beta 3 or later.
Note that CERT advisory CA-91:20
(ftp.cert.org:/pub/cert_advisories/CA-91:20.rdist.vulnerability) is
badly out of date.
- The 'lpr' subsystem in IRIX 4.0.x and 5.x has several holes which
allow a non-root user to become root. Use 'lp' instead if you
can. If you don't need 'lpr', make sure it isn't installed. (It
lives in the eoe2.sw.lpr subsystem.) If you do need 'lpr', try the
patched version of the Net/2 BSD lpr at
ftp.umbc.edu:/pub/sgi/patched-lpr.tar.Z. The '-s' (symbolic link)
option is disabled to avoid one of the security holes.
- /usr/bin/under is an unused (!) part of 'rexd'. It is setuid root and
may allow root access, so 'chmod -s' it just in case. Note that SGI
ships IRIX with 'rexd' turned off because 'rexd' is itself a security
problem.
- /usr/etc/arp is setgid sys, allowing anyone who can log into your
machine to read files which should be readable only by group 'sys'.
Close the hole with 'chmod -s'. This prevents non-root users from
using 'arp' at all, but they don't generally need it.
- /usr/sbin/cdinstmgr is setuid root and is a script. Setuid scripts
are a well-known Unix security problem. IRIX ignores them by default,
but 'chmod -s /usr/sbin/cdinstmgr' just in case.
Finally, several aspects of SGI's default IRIX configuration were
chosen for convenience, not security. Unless your machine is not
networked, you may be more concerned about security than SGI assumed.
Note that these items have been discussed on Usenet many times, and
Usenet chatter is not a good way to change SGI policy. If they bother
you, talk to your sales rep or just fix them yourself as follows:
- Several accounts come without passwords, including (but not limited
to) guest, 4Dgifts, demos, tutor, tour and particularly lp. Examine
/etc/passwd and lock all unnecessarily open accounts. Note that 1)
parts of IRIX (e.g. 'inst') use the open guest account by default,
and 2) remote 'lp' clients need access to the lp account to print, so
you'll need to make other arrangements.
- 'xdm' does 'xhost +' by default when you log in. This allows anyone
to open windows on your display and even to record what you type at
your keyboard. Close this hole by removing the 'xhost +' from
/usr/lib/X11/xdm/Xsession and /usr/lib/X11/xdm/Xsession-remote. Note
that the Xauthority mechanism has several different problems in IRIX
4.0.x, so you'll need to say 'xhost +localhost' to run DGL programs
and 'xhost +otherhost' to display remote X programs.
- At least some of the possible default values of the PATH environment
variable begin with the current directory. (The system interprets
either a period or the empty string in any component of PATH as the
current directory. PATH is colon-separated, so if it begins with a
colon the first component is the empty string.) This exposes you to
Trojan horse programs. Set PATH to a safe value (remove the current
directory, or at least move it to the end) in /etc/cshrc and/or
/etc/profile.
------------------------------
Subject: -15- How can I log more information about logins?
Date: 22 Jan 94 00:00:01 EST
- 'last', 'who', etc. get remote login information from /etc/xutmp and
/etc/xwtmp. That information is only logged into these files if they
already exist. To create them, just say 'touch /etc/xutmp
/etc/xwtmp'. In IRIX 5.x, 'touch /var/adm/utmpx /var/adm/wtmpx'.
- As described in the login(1) manpage, you can add the line
'syslog=all' to /etc/config/login.options to log all login attempts,
not just successful ones, in /usr/adm/SYSLOG.
- 'ftpd', 'rshd' and 'tftpd' all have options ('-l' or '-L') which
cause them to log all accesses. See their manpages. 'ftpd' also has
'-ll' and '-lll' options (undocumented before IRIX 5.x) which log
individual file transfers and the sizes of those files respectively.
Add the options to the last fields (not the second-to-last) of the
appropriate lines of /usr/etc/inetd.conf (/etc/inetd.conf in IRIX
5.x), then do 'killall -HUP inetd' or reboot.
------------------------------
Subject: -16- I've just edited inetd.conf, and nothing changed. Why?
Date: 10 Dec 93 00:00:01 CST
You need to make 'inetd' reread the file. Do 'killall -HUP inetd' or
reboot.
------------------------------
Subject: -17- How do I make an anonymous or restricted FTP account?
Date: 10 Dec 93 00:00:01 EST
Read the ftpd(1M) manpage. Be especially sure that the home directory
(/usr/people/ftp) is owned and writable only by root, NOT ftp.
------------------------------
Subject: -18- How do I set the number of processes allowed on my
machine?
Date: 23 Jan 94 00:00:01 CST
Change NPROC in usr/sysgen/master.d/kernel, run '/etc/autoconfig -f'
and reboot. In IRIX 5.x, use 'systune'.
------------------------------
Subject: -19- I want to install a termcap for 'iris-ansi-net' on my
non-SGI system, but I can't find a termcap file on the
SGI. Where can I get one?
Date: 20 May 93 00:00:01 CST
SGIs use the system 5 style terminfo stuff. What you want can be done
though. See the infocmp(1) manpage and the documentation about -r.
This should do the job: 'infocmp -Cr iris-ansi'.
If you don't have infocmp, you have to install eoe2.sw.terminf, which
is not installed by default.
------------------------------
Subject: -20- My SGI crashed and generated a file,
/usr/adm/crash/vmcore.1. How can I examine this file to
see what crashed my system?
Date: 10 Dec 93 00:00:01 EST
For a start, you can use 'dbx' like so:
dbx -k /usr/adm/crash/{unix,vmcore}.#
t
&putbuf/1000s
Some machines have a special 'dbx' for crash dumps,
/usr/adm/crash/dbx. If it exists, use it instead of /usr/bin/dbx.
There is also a script, 'crpt', which does this and more
automagically. One version lives at
viz.tamu.edu:/pub/sgi/software/crpt/, but ask the TAC when you call to
make sure you have the latest and greatest.
------------------------------
Subject: -21- How can I tell what hostname to use in /etc/exports?
Date: 07 Feb 94 00:00:01 EST
NFS servers may need a particular form of a client's name in
/etc/exports to allow the client access. This may not be obvious, for
example if the server is also a router. Log in from the client to the
server and say 'echo $REMOTEHOST' to see what the server thinks the
client is called, and put that in /etc/exports.
IRIX 5.2's System Manager ('chost') should be able to determine the
correct hostname for you.
------------------------------
Subject: -22- Why can't I export an NFS-mounted filesystem?
Date: 10 Dec 93 00:00:01 CST
This is known as multi-hop NFS. It is not allowed or supported in
(Sun's) NFS because it is not in general possible to detect errors such
as infinite mount loops, on either the client or the server.
------------------------------
Subject: -23- Why can't Ultrix automount SGI filesystems?
Date: 10 Dec 93 00:00:01 CST
Ultrix's automount uses an "untrusted" port for mount requests. Add
an '-n' to the mountd lines in /usr/etc/inetd.conf (/etc/inetd.conf
in IRIX 5.x), like so:
mountd/1 stream rpc/tcp wait root /usr/etc/rpc.mountd mountd -n
mountd/1 dgram rpc/udp wait root /usr/etc/rpc.mountd mountd -n
then 'killall mountd' and 'killall -HUP inetd' or reboot.
------------------------------
Subject: + -24- Why does 'tar' work strangely on a filesystem mounted
from an SGI?
Date: 03 Apr 94 00:00:01 EST
When user A extracts a file owned by user B from a tar archive, 'tar'
makes the file owned by user A unless user A is the superuser. Some
systems allow users to give files away (e.g. IRIX); some do not (e.g.
SunOS). On some systems with the restricted behavior (SunOS among
them), 'tar' tries to give the file to user B whether or not user A is
the superuser, assuming that the chown system call will fail if user A
is not. This is not true if user A is using 'tar' on (e.g.) a Sun to
extract files onto a filesystem NFS-mounted from (e.g.) an SGI. 'tar'
may create zero-length files or give away directories and then be
unable to extract files into them.
Work around the problem by doing the 'tar' on the SGI or extracting
onto a Sun filesystem. It is possible that third-party versions of
'tar' (e.g. GNU tar) are smarter; let us know if so. Don't turn the
restricted_chown kernel variable on on the SGI; while this will fix the
problem at hand, it will break SGI programs which need to give files
away without running as root (notably /bin/mail).
------------------------------
Subject: -25- Is 'pcnfsd' available for the SGI?
Date: 27 Feb 94 00:00:01 EST
For IRIX 4.0.x, look in ftp.sgi.com:/support/pcnfsd.sysV/. (Note that
although SGI makes this available, they do not support it.) For IRIX 5.x,
look in viz.tamu.edu:/pub/sgi/software/pcnfsd/.
------------------------------
Subject: -26- Can I export a CD-ROM from my SGI to a non-SGI?
Date: 10 Dec 93 00:00:01 EST
Not in IRIX 4.0.x. You can in IRIX 5.x, as you would any other
filesystem.
------------------------------
Subject: -27- Why can't I export an ISO 9660 CD-ROM using NFS?
Date: 20 Feb 94 00:00:01 EST
You can, but only to another SGI (see the previous question) and
there's a catch. Add the CD-ROM filesystem to /etc/exports and export
it with 'exportfs' *before* you mount the CD-ROM. This chicanery is
not necessary in IRIX 5.x. For more detail, read
viz.tamu.edu:/pub/sgi/hardware/exporting-iso-9660-cdrom or the article
in the Jan/Feb 93 Pipeline, or for an up-to-date copy call the TAC and
ask for SGI's writeup on "Mounting an ISO 9660 CD Across NFS".
------------------------------
Subject: -28- How can I read an IRIX (EFS) CD-ROM on a machine which
doesn't use EFS?
Date: 09 Jan 94 00:00:01 EST
You want 'efslook', in viz.tamu.edu:/pub/sgi/software/efslook/.
------------------------------
Subject: -29- Why is my network license daemon ('netlsd') exiting?
Date: 20 May 93 00:00:01 CST
For netlsd to run, you need to have 'llbd' and 'glbd' installed and
running. A complete debugging procedure is in the netls release notes,
which can be read with 'relnotes netls_eoe 5'.
------------------------------
Subject: -30- Why isn't /usr/adm/SYSLOG being updated?
Date: 05 Jul 93 00:00:01 CST
Thanks to Vernon Schryver <vjs@rhyolite.wpd.sgi.com> here.
Popular causes include:
- running out of disk space.
Once syslogd is unable to write to /usr/adm/SYSLOG, it won't try
again until it is `killall -HUP syslogd`.
- installing IRIX 4.0.X and failing to heed the nagging from
the system when it is rebooted to run 'versions changed' and combine
new and old configuration files. In this case, the trouble is in
/usr/spool/cron/crontabs/root.
------------------------------
Subject: -31- Why is 'rusers' showing users who aren't really logged
in?
Date: 30 Dec 93 00:00:01 CST
This is a well-known bug in IRIX 4.0.X wherein /etc/utmp is not being
updated properly after a user logout. 'rusers' (and other programs)
are simply reporting the non-updated contents of /etc/utmp.
Fixes have been provided by jer@blaise.cif.rochester.edu, David Hinds
<dhinds@allegro.stanford.edu> and Patrick M. Ryan <pat@gsfc.nasa.gov>.
They can be found at viz.tamu.edu:/pub/sgi/software/utmp/.
------------------------------
Subject: -32- How do I make a bootable tape from an IRIX 4.0.X CD?
Date: 20 Feb 94 00:00:01 EST
See the Sep/Oct 93 Pipeline for a detailed description, or just follow
Dave Olson <olson@sgi.com>'s summary: Take a look at the distcp(1M)
manpage, and do something like
tapehost# mount -o ro cdhost:/CDROM /mnt
tapehost# distcp /mnt/dist /dev/nrtape
Note that 'fx', 'ide', and 'sash' for all machines are in the dist/sa
file. 'sa' is an image of the first part of the tape; use 'mkbootape
-f sa -l' to see the contents.
------------------------------
Subject: ! -33- Why can't I boot one of the stand-alone programs on a
tape or CD?
Date: 03 Apr 94 00:00:01 EST
One reason is that some CPU names are preceded by periods and some
aren't. Another is that the Indigo R4000 and later CPUs use the suffix
'ARCS', not 'IP20' or whatever as one might expect from 'hinv'. For
example, the correct command to boot fx directly from the PROM monitor
on an Indigo R4000 is 'boot -f dksc(ctlr,unit,8)sashARCS
dksc(ctlr,unit,7)stand/fx.ARCS'. Note the use of 'ARCS' instead of
'IP20' and the missing period in 'sashARCS'.
------------------------------
Subject: -34- Why is /debug or /proc full of huge files?
Date: 10 Dec 93 00:00:01 EST
Those aren't disk files, they're interfaces to running processes. Read
the debug(4) and/or proc(4) manpages.
------------------------------
Subject: -35- Why do some programs parse /etc/fstab incorrectly?
Date: 10 Dec 93 00:00:01 EST
In IRIX 4.0.5, some programs (e.g. 'fsr') misinterpret lines in
/etc/fstab, so that, e.g.,
/dev/usr /usr efs rw,raw=/dev/rusr,quota 0 0
would cause 'fsr' to think that the raw device pathname was
"/dev/rusr,quota" instead of "/dev/rusr". There is no such device, so
/dev/rusr would never be defragmented. You can work around this by
putting the "raw" option last:
/dev/usr /usr efs rw,quota,raw=/dev/rusr 0 0
This is fixed in IRIX 5.x.
------------------------------
Subject: -36- My Indigo's Ethernet performance is dog-slow. What
gives?
Date: 10 Dec 93 00:00:01 EST
Call the TAC. You need the "E++" patch, or IRIX 4.0.5IOP ("Indigo Only
Patch"), which includes the E++ patch.
------------------------------
Subject: -37- My Indigo running 4.0.5IOP is getting SIGSEGVs and
crashing. What gives?
Date: 12 Jan 94 00:00:01 EST
Make sure you've installed the 4.0.5IOP NFS maintenance patch along
with the rest of 4.0.5IOP. If you're sure you have, call the TAC.
You may need the "IP20 ethernet patch". This comes *after* 4.0.5IOP,
and is not to be confused with the older "E++ patch" (see the previous
question).
------------------------------
Subject: -38- Why is my Indigo2 panicking?
Date: 10 Jan 94 00:00:01 EST
There are several keyboard-related bugs in IRIX 4.0.5H and 4.0.5IOP
which cause Indigo2s to crash or freeze. One sign that these particular
bugs are responsible is the message "PANIC: Timeout Table Overflow" or
"WARNING: Couldn't allocate streams buffer" in /usr/adm/SYSLOG. They
will be fixed in IRIX 5.2, and in the meantime you can get the "Indigo2
keyboard patch" (aka "pckm patch") from SGI.
------------------------------
Subject: -39- What's this 'iotim' error in my syslog?
Date: 12 Feb 94 00:00:01 EST
It's a bug in 'rpc.rstatd' which affects several programs including
'ruptime' and 'sysmeter'. In IRIX 4.0.5H and later, 'rpc.rstatd'
ignores the problem (returning all but the SCSI disk stats which cause
the error) but still generates a message. The problem is completely
fixed in IRIX 5.x. The pre-4.0.5H 'rpc.rstatd' says
rstatd[4840]: read: iotim: No such device or address
and the post-4.0.5H 'rpc.rstatd' says
rstatd[4941]: read: bad iotim, no disk stats: No such device or address
If you see the former, get the patched 'rpc.rstatd' from
ftp.sgi.com:/support/rpc.rstatd or (for Indigos) upgrade to IRIX
4.0.5IOP. If you see the latter, relax and wait for IRIX 5.x.
------------------------------
Subject: -40- Why can't 'lp' read my file?
Date: 10 Dec 93 00:00:01 EST
'lp' is setuid, so it can only read world-readable files. You can say
'lp < file' if you don't want to make your file world-readable.
------------------------------
Subject: -41- How can I use 'lpr' to print to my local printer?
Date: 10 Dec 93 00:00:01 EST
SGI provides 'lpr' for printing on remote printers, and does not
support it for local printing. One way to do it anyhow is to make an
/etc/printcap entry with an output filter which is just a wrapper
around 'lp'. If that isn't crystal-clear, call the TAC and ask for
their "faxable" on "Integrating The AT&T Spooler With The BSD LPR Print
Spooler". A not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lpr-to-lp.
------------------------------
Subject: -42- How can I use 'lp' to print to an 'lpr'-controlled
printer?
Date: 10 Dec 93 00:00:01 EST
Two possible ways:
- Write an 'lp' interface script that calls 'lpr'. Impressario 1.1 can
do this for you. If you don't have Impressario you can do it yourself
or call SGI and ask for their writeup, "LPTOLPR, A Model File for
LP", which includes (in fact, consists of) just such an interface
script. A not-guaranteed-to-be-up-to-date copy is at
viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-to-lpr.
- Write an 'lp' replacement script that calls 'lpr'. One such script
is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-wrapper-for-lpr.
------------------------------
Subject: -43- How can I tell 'lp' to turn banner printing or page
reversal off or on?
Date: 08 Jan 94 00:00:01 CST
'lp' controls printers via shell scripts, called 'models', which live
in /usr/spool/lp/model. When you install a printer, the appropriate
model script is copied to /usr/spool/lp/interface/<name-of-printer>.
To temporarily change a printer's behavior, look at the manpage for its
interface script (or, if there is none, the script itself) to see what
options it wants, and pass them to the script with 'lp's '-o' option.
For example, 'lp -o"-nobanner" file' tells a "Generic Postscript"
printer (described in the gpsinterface(1) manpage) to print 'file'
without a banner page.
To permanently change a printer's behavior, edit its interface script.
The following are true for "Generic Postscript" printers, but the idea
is the same for others:
- To turn banner printing off or on, change the line 'BANNER=1' to
'BANNER=0' or vice versa.
- To turn page reversal off or on, change the line
'send=/usr/lib/print/lptops' to 'send="/usr/lib/print/lptops -U"'
(note the quotes) or vice versa.
------------------------------
Subject: -44- Why can't I 'rdist' files between Suns and SGIs?
Date: 10 Dec 93 00:00:01 EST
Sun's 'rdist' expects SGI's 'rdist' to live in /usr/ucb, but it's
actually in /usr/bsd. Make a symbolic link from /usr/ucb/rdist to
/usr/bsd/rdist and all will be well.
------------------------------
Subject: -45- How do I add a static route?
Date: 10 Mar 94 00:00:01 EST
Some sites handle IP routing by designating a routing machine and
having all other hosts define a static route to that machine. The way
to do this on SGIs is in the /etc/init.d/network.local script.
1) Read the paragraph just before the copyright at the top of
/etc/init.d/network and make the links it specifies.
2) Put something like the following in /etc/init.d/network.local,
replacing ROUTER'S.IP.ADDRESS.HERE with the address of your router.
#! /bin/sh
case "$1" in
'start')
/usr/etc/route add default ROUTER'S.IP.ADDRESS.HERE 1 ;;
'stop')
/usr/etc/route delete default ROUTER'S.IP.ADDRESS.HERE ;;
*)
echo "Usage: $0 {start|stop}" ;;
esac
If you NFS-mount disks from the other side of the static route, they
will not be unmounted properly during shutdown. You can fix this by
making the links so that /etc/init.d/network.local runs before
/etc/init.d/network: 'ln -s /etc/init.d/network.local
/etc/rc0.d/K41network' instead of '/etc/rc0.d/K39network'.
------------------------------
Subject: -46- How can I make the 'slip' command advertise the Ethernet
address of the SLIP client?
Date: 10 Dec 93 00:00:01 EST
You can't. Just add something like
/usr/etc/arp -s $USER `netstat -ia | grep :` pub
to the shell script in which you start the SLIP process. $USER is the
SLIP client. The 'netstat | grep' part gets the host's Ethernet
address, and 'arp' advertises the host as an ARP server for $USER. See
also the arp(1M) manpage.
------------------------------
Subject: -47- How can I set up 'sendmail' to pass 8-bit characters?
Date: 12 Feb 94 00:00:01 EST
Dunno, offhand, but many experts say "don't try". RFC822 requires mail
transport agents to *clear* the eighth bit, and many hosts do. Some
which don't may crash when they get mail with the eighth bit set.
Instead, use a MIME-compatible mail program. MIME, described in
RFC1521, is a standard for enclosing non- RFC822 material in your
mail. The apps FAQ discusses several mail programs which support it.
Nonetheless, if someone wants to tell us about putting SGI's 'sendmail'
into 8-bit mode we'll note it here.
------------------------------
Subject: -48- Why are my mailbox files changing ownership?
Date: 17 Jan 94 00:00:01 CST
If your mail directory is mounted from another machine, your machine
does not have root access, and the other machine has BSD-style
"restricted chown" (either because it's not an SGI or because someone
turned restricted chown on), /bin/mail will change mail file ownership
when delivering local mail. Without unrestricted chown or root access,
/bin/mail is unable to give mail files back to their owners after
delivering mail. You can fix the problem by turning off restricted
chown on the other machine (if it's an SGI), exporting the mail
directory with root access for your machine, or waiting for IRIX 5.2,
in which the problem will be fixed.
------------------------------
Subject: -49- Why isn't a valid user getting their mail?
Date: 24 Jan 94 00:00:01 EST
IRIX' mail system requires "valid users" to have both valid password
file entries (whether local or via NIS) and home directories. The
latter often trips one up when installing POP servers and whatnot,
where home directories aren't really necessary. Just make a fake one.
------------------------------
Subject: -50- How can SGIs and Suns share a mail spool?
Date: 05 Feb 94 00:00:01 EST
Paul Riddle <paulr@umbc.edu> has written up how he did it. Read
ftp.umbc.edu:/pub/sgi/shared-spool.text.
------------------------------
Subject: -51- What's an "unknown mailer error"?
Date: 20 Feb 94 00:00:01 EST
There's a list in viz.tamu.edu:/pub/sgi/software/mail/mail-errors.
------------------------------
Subject: -52- What's "mailbox: Error 0"?
Date: 05 Mar 94 00:00:01 EST
It's a harmless bug; don't worry about it. It is present in IRIX 4.0.x
before 4.0.5H/4.0.5IOP and fixed in those and later versions.
------------------------------
Subject: -53- Can I change my full name or login shell without being
superuser?
Date: 16 Mar 94 00:00:01 EST
Maybe. IRIX 4.x has no 'chfn' or 'chsh', so if you're a local user
you're stuck. However, if your account is on NIS (Yellow Pages) you can
use 'ypchpass'. You might also ask your superuser to install one of the
many free implementations of 'chfn' and/or 'chsh'; one is in volume 3 of
comp.sources.unix (ftp.uu.net:/usenet/comp.sources.unix/volume3/).
------------------------------
Subject: -54- How do I extend an existing filesystem onto a new disk?
Date: 24 Jan 94 00:00:01 EST
Back up the existing filesystem (just in case) then run 'mklv' and
'growfs'. 'mklv' and 'growfs' are nondestructive, so you don't need to
restore the backup unless you screw up. Don't use 'mkfs', which does
destroy existing data.
------------------------------
Subject: -55- How can I measure my network's reliability?
Date: 13 Feb 94 00:00:01 EST
Don't worry about collisions. They are part of normal operation on a
crowded Ethernet. You *should* worry about late collisions (which are
logged to the console) and lost packets (which you can easily measure
with the command 'ping -fs 3000 -c 1000 someotherhost'), which usually
mean network hardware problems or a misconfigured bridge or router.
------------------------------
Subject: -56- How do I know if I need more memory and/or swap space?
Date: 20 Feb 94 00:00:01 EST
If processes are killed due to lack of memory/swap, you need more
memory and/or swap space. If your CPU is always waiting for swapping
(run 'osview' and look at the "%Swap" entry under "Wait Ratio") you
need more memory.
------------------------------
Subject: -57- How much swap space should I have per megabyte of
memory?
Date: 20 Feb 94 00:00:01 EST
An oft-recommended ratio is X memory:2.5 X swap, but this may be too
slow. Decide how much of your favorite program (plus IRIX) needs to be
resident for good performance and how much doesn't, and make sure you
have enough memory for the former and enough memory plus swap for the
latter. Put "rmem" and "swp" in your ~/.grosview file, run 'gr_osview'
and run your favorite program to see what it needs.
------------------------------
Subject: -58- How can I increase my swap space?
Date: 20 Feb 94 00:00:01 EST
See the Jan/Feb 93 Pipeline for a detailed writeup, or call the TAC and
have them fax you the very latest version. It will be much easier in
IRIX 5.x, which will support swapping to files.
------------------------------
End of sgi/faq/admin Digest
******************************
--
The SGI FAQ group sgi-faq@viz.tamu.edu
Finger us for info on the SGI FAQs, or look in viz.tamu.edu:/pub/sgi.