netnews@wnuxb.UUCP (Heiby) (04/28/85)
Unix Technical Digest Sat, 27 Apr 85 Volume 1 : Issue 49 Today's Topics: Computer Technology Group classes dump reminder service File system limit in 4.2 BSD Limit to number of file structures... ? Non-root (assistant) System Admins (2 msgs) ---------------------------------------------------------------------- Date: Tue, 2 Apr 85 10:50:56 cst From: ihnp4!gargoyle!sphinx!west (Steve Westfall) Subject: Computer Technology Group classes Ken, I took a C programming course last spring from CTG. It was taught by Mark Pearson, author of the Viewcomp spreadsheet, who has been a C programmer for about 10 years, and it was excellent. I came back from it and wrote a major applications program for my employer interfacing with the Informix dbms. I am sure that the quality would depend on the instructor, and this is the only class I took, but it was great. The course assumed that you already had programming experience in another language, of course; it definitely was not for beginning programmers. My only gripe was that CTG provided these little, TINY, terminals (about half the size of a Macintosh!) with a small screen and a keyboard so small that half the time you couldn't help hitting two keys instead of the one you wanted. On top of that, each terminal was shared by two persons. So, in summary, the creature-comforts might have been better, but the quality of instruction was great. Steve Westfall Staff Analyst U. Chicago Computation Center ...ihnp4!gargoyle!sphinx!west ------------------------------ Date: Fri, 29 Mar 85 13:26:59 est From: allegra!phri!roy (Roy Smith) Subject: dump reminder service The 4.2 installation guide suggest that operators run "dump w" from their .login files to remind them what dumps to do. We did that for a while here, but found that it added another few seconds to the already long login process. As a solution, we run the following shell script out of crontab in the middle of the night. If dumps get missed, all the operators automatically get hate mail the next morning. This works on our 4.2 11/750 system, but depends on the format of the dump output being what it is. If your "dump W" command produces output in a different format, you will have to play with the grep/sed stuff to get it to work. | #!/bin/csh | set operators = (roy reisberg) | set tempdir = /tmp | | dump W | grep "^>" > $tempdir/dm$$a | set x = `wc -c $tempdir/dm$$a | sed "s/ \([0-9][0-9]*\) .*/\1/"` | if ($x != 0) then | echo "the following file system dump(s) are overdue" > $tempdir/dm$$b | cat $tempdir/dm$$a >> $tempdir/dm$$b | mail -s "file system backups" $operators < $tempdir/dm$$b | endif | | rm -f $tempdir/dm$$[ab] cmcl2!rocky2!cubsvax -\ vax135!timeinc -> !phri!roy (Roy Smith, System Administrator) allegra -/ ------------------------------ Date: Wed, 3 Apr 85 23:04:31 est From: seismo!hadron!jsdy (Joseph S. D. Yao) Subject: File system limit in 4.2 BSD I have trouble believing that the core-dump problem is due to a limit on the number of mountable devices! First suggestion: check internal consistency of the following: disk partitions fstab compiled-in swap devices. Pay particular attention to devices not in fstab in your smaller configuration. Check for a "sw" device in fstab that is also either a mounted device (!) or part of a mounted device. Then, if you find anything, check for file system corruption. Let me know whether or not you find anything, and/or what you find. Joe Yao hadron!jsdy@seismo.{ARPA,UUCP} ------------------------------ Date: Wed, 3 Apr 85 22:36:21 est From: seismo!hadron!jsdy (Joseph S. D. Yao) Subject: Limit to number of file structures... ? > [Ed note: In some Unix systems, the number of mountable file systems is > a tunable parameter (e.g. AT&T 3B2 SVR2). RWH.] In all source versions this is a tunable parameter. I'd be surprised to find it tunable in any binary version. Joe Yao hadron!jsdy@seismo.{ARPA,UUCP} [Ed note: Sorry I didn't make myself clear. The AT&T 3B2 SVR2 *is* a binary release. There are lots of tunable parameters that can be adjusted, including file buffers, max process memory, max procs in system, max procs per user, etc. All done with no source. RWH.] ------------------------------ Date: Fri, 22 Mar 85 00:25:28 est From: seismo!hadron!jsdy (Joseph S. D. Yao) Subject: Non-root (assistant) System Admins > Has anybody else looked at the potential protections afforded by > having as little as possible owned by root, &, therefore, less risk if > a user does get back his own shell with uid set? I've tried to make the managers of every system I've worked on aware that, not only is this a good idea, it is almost essential, for exactly the reasons that jhull and RWH mentioned. Because a few of us do on occasion malke misteaks, the amount of time that anyone should be super-user should be absolutely minimised. One very quick corollary is that there is n o excuse for any file to be owned by root, save those few that must be setuid-root. Even many of these may be made setuid-someone else: e.g., make /etc/passwd owned by bin, and setuid to b i n the programs /bin/passwd, /usr/ucb/chfn, and /usr/ucb/chsh! Works just as well, maybe better. (Especially after you re-write chfn!) Joe Yao hadron!jsdy@seismo.{ARPA,UUCP} ------------------------------ Date: Fri, 22 Mar 85 10:46:36 est From: ihnp4!encore!ptw (P. Tucker Withington) Subject: Non-root (assistant) System Admins Back in v6 days, I had an account "bin" that owned all the sources (don't remember if this was a local idea (at MITRE) or just how it came from Bell Labs). Folks could play with recompiling and massaging sources without being root. You only became root to "install" something, once you had supposedly fully debugged it. Under 4.2 I have a group "bin" that works the same and anyone who is a sysadmin is allowed in that group. Then all you have to do is get everyone to use a umask of 002 rather than 022. On plus with this is that the "owner" of the file now also identifies the last sysadmin to munge it (so you know where to go when it breaks). This setup, plus using SCCS or RCS for all sources greatly reduces the number of "oops" that root makes. One last thing that is definitely not in the spirit of Unix, but I'm sure many folks either do or wish they did is to have a library version of link/unlink (and open, creat, rename, etc.) that doesn't *really* delete files. There being no standard for this, I have had some vehement arguments about what to do with the "not-quite-deleted" file. My personal preference is to rename it with a ".," prefix in the same directory (with appropriate checking for conflicts) and to purge them as soon as they are dumped. o.o --tucker ~ ------------------------------ End of Unix Technical Digest ****************************** -- Ronald W. Heiby / netnews@wnuxb.UUCP | unix-request@cbosgd.UUCP AT&T Information Systems, Inc., Lisle, IL (CU-D21)