leach@neptune.oce.orst.edu (Tom Leach) (02/05/89)
OK, after bouncing the cube around, I've got a few more questions about
the NeXT OS and Jot.
1) when I delete my mail, I still get .vox and Active.mbox files left
around. Are these cleaned up by the 'destroy deleted files' option? I
tried it and it didn't but I didn't try real hard. (rm is easier :-)
2) If I'm logged into another Unix machine and rlogin over to our cube,
when I exit the rlogin session, the other machines login session
hangs. It appears that rlogind doesn't really quit and clean itself
up when it gets terminated. This results in having to go in and
manually kill the normal login session on the (now) hung machine.
The cube also doesn't clean up it's wtmp file, so a who shows that
all these dead rlogins are still on the machine. Anybody know why
the rlogin's hang?
3) Is it possible to sample the microphone at a rate higher then 8Khz?
There's a definate lack of stuff for the DSP chip (ack'd by NeXT in
their documentation) and I'ld like to play with the mike until I can
get my hands on the DSP. I've tried sampling at 8Khz and then using
sfupsample and sfmake but I'm sure that I can get better sound by
sampling at 44 Khz right off the bat. Any clues out there?
4) I've indexed about 30 files into Jot. When I go into Jot and try to
find the articles relating to, say, printing, I only get 1 or 2 of
the articles. when I grep for the same string in my JotFolder, I
find 10 or so. Is this related to the problem with the Library not
finding all occurances of a given word? Anybody else had this kind
of problem?
Lastly, has anyone gotten the Optical disk usable by general users?
I've hacked together a way, but it involves making disk, umount, and
mount suid to root :-(, but those programs are only executable by the
group optical. This is a security hole in that anyone in optical can
trash any disks on the cube. Anybody have a better way? If anyone
wants to see how I did it, send email.
Tom Leach
Internet:leach@OCE.ORST.EDU UUCP:{tektronix, hp-pcd}!orstcs!OCE.ORST.EDU!leach
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Middle-of-the-road, man, it stanks. Let's run over Lionel Richie with a tank.
>>>Disclaim: It's me, not OCE.<<< B. Catt, Deathtongue. (c 1986) carlton@betelgeuse (Mike Carlton) (02/07/89)
In article <8668@orstcs.CS.ORST.EDU> leach@neptune.oce.orst.edu (Tom Leach) writes: >OK, after bouncing the cube around, I've got a few more questions about >the NeXT OS and Jot. . . . >Lastly, has anyone gotten the Optical disk usable by general users? >I've hacked together a way, but it involves making disk, umount, and >mount suid to root :-(, but those programs are only executable by the >group optical. This is a security hole in that anyone in optical can >trash any disks on the cube. Anybody have a better way? If anyone >wants to see how I did it, send email. > Attached below is a set of scripts we have installed in /usr/local to allow a user to mount and eject an optical disk. Of course, this all assumes that you are running off of the SCSI disk, as I don't believe you can eject the optical when you have booted off it. To install them, copy them (as root) to /usr/local and do a 'chmod 4755' on mountod and ejectod and a 'chmod 755' on rootejectod. This will set the first two to run as root. The scripts mount (or unmount) the two partitions on the optical in two directories in the user's home directory. The directories are named according to the label on the disk (i.e. fooa and foob for a disk labeled foo). They check for most error conditions. It turns out that the opticals can get pretty screwed up if they aren't flushed before ejecting, so the eject script does a sync and sleeps to wait for it to complete. Anybody know how to force a "synchronous" sync that doesn't return until it is done? The drawback with the way these are set up is that only the user who mounted the optical can unmount it (to avoid problems of users unmounting someone else's disk while it might be in use). The rootejectod script allows root to eject a disk no matter who mounted it in case someone leaves an optical in the machine by mistake. A warning: you can't unmount a partition while it is active, including merely being in one of its directories. If you try to do an ejectod while your current directory is on the optical, the unmount will fail, but tell you why. Disclaimer: These work for us, but any program that runs as setuid to root is certain to have security problems. Use them at your own risk if you're worried about security. These programs have not been tested other than on our machine and likely contain bugs. And now my question for the net: does anyone know how to initialize the optical disk so as to have only one large partition? If I could figure out how to do this, these scripts wouldn't have to monkey with the silly 'foo'a and 'foo'b stuff. Enjoy, -- mike (carlton@ji.berkeley.edu or ...!ucbvax!ji!carlton) ------------------------------ Cut here ---------------------------------------- #! /bin/csh -fb # /usr/local/mountod (root must do a chmod 4755 /usr/local/mountod) # Allows user to mount optical disk # The user must have created two directories in his home directory # named {label}a and {label}b, where {label} is the disk label. # Bruce Holmer & Mike Carlton 1/23/89 # Check for a disk in the drive /etc/disk -q /dev/rod0a >& /dev/null if ($status) then echo "Please make sure the disk is inserted in the drive" exit endif # Extract the disk label set diskinfo = `echo 'label\\ print\\ quit' | /etc/disk /dev/rod0a | /bin/awk '$0~/^disk label:/ { print $3 }'` # Check for presence of directories if (!(-e ~$USER/${diskinfo}a) || !(-e ~$USER/${diskinfo}b)) then echo "You must first create two directories ~$USER/${diskinfo}a and ~$USER/${diskinfo}b" exit endif # Mount the two partitions /etc/mount /dev/od0a ~$USER/${diskinfo}a if ($status) then echo "Mount failed" exit endif /etc/mount /dev/od0b ~$USER/${diskinfo}b if ($status) then echo "Mount failed" /etc/umount ~$USER/${diskinfo}a exit endif # Change the user ownership /etc/chown $USER ~$USER/${diskinfo}a /etc/chown $USER ~$USER/${diskinfo}b ------------------------------ Cut here ---------------------------------------- #! /bin/csh -fb # /usr/local/ejectod (root must do a chmod 4755 /usr/local/ejectod) # Allows user to eject optical disk # Bruce Holmer & Mike Carlton 1/23/89 # Flush disk buffers /bin/sync sleep 5 # Check for a disk in the drive /etc/disk -q /dev/rod0a >& /dev/null if ($status) then echo "Please make sure the disk is inserted in the drive" exit endif # Extract the disk label set diskinfo = `echo 'label\\ print\\ quit' | /etc/disk /dev/rod0a | /bin/awk '$0~/^disk label:/ { print $3 }'` # Unmount the partitions set error = `/etc/umount ~$USER/${diskinfo}a |& cat` if (${#error}) then echo "Unmount failed" exit endif set error = `/etc/umount ~$USER/${diskinfo}b |& cat` if (${#error}) then echo "Unmount failed" /etc/mount /dev/od0a ~$USER/${diskinfo}a exit endif # Eject the optical disk /etc/disk -e /dev/rod0a ------------------------------ Cut here ---------------------------------------- #! /bin/csh -fb # /usr/local/rootejectod (root must do a chmod 755 /usr/local/rootejectod) # Allows root to eject optical disk mounted on a user's directory # Bruce Holmer & Mike Carlton 1/23/89 if ($#argv != 1) then echo "Usage: rootejectod user" exit 1 endif # Flush disk buffers /bin/sync sleep 5 # Check for a disk in the drive /etc/disk -q /dev/rod0a >& /dev/null if ($status) then echo "Please make sure the disk is inserted in the drive" exit endif # Extract the disk label set diskinfo = `echo 'label\\ print\\ quit' | /etc/disk /dev/rod0a | /bin/awk '$0~/^disk label:/ { print $3 }'` # Unmount the partitions set error = `/etc/umount ~$1/${diskinfo}a |& cat` if (${#error}) then echo "Unmount failed" exit endif set error = `/etc/umount ~$1/${diskinfo}b |& cat` if (${#error}) then echo "Unmount failed" /etc/mount /dev/od0a ~$1/${diskinfo}a exit endif # Eject the optical disk /etc/disk -e /dev/rod0a
landman%hanami@Sun.COM (Howard A. Landman) (02/10/89)
In article <9583@pasteur.Berkeley.EDU> carlton@betelgeuse (Mike Carlton) writes: >Anybody know how to force a >"synchronous" sync that doesn't return until it is done? On some UNIX systems, doing two syncs in a row will achieve this, since the second one won't start (or return) until the first one finishes. I have no idea whether this is true on the NeXT or not, but it couldn't hurt. Howard A. Landman landman@hanami.sun.com
carlton@betelgeuse (Mike Carlton) (02/11/89)
In article <89208@sun.uucp> landman@sun.UUCP (Howard A. Landman) writes: >In article <9583@pasteur.Berkeley.EDU> carlton@betelgeuse (Mike Carlton) writes: >>Anybody know how to force a >>"synchronous" sync that doesn't return until it is done? > >On some UNIX systems, doing two syncs in a row will achieve this, since the >second one won't start (or return) until the first one finishes. > >I have no idea whether this is true on the NeXT or not, but it couldn't hurt. > Alas, it doesn't seem to work on the Next. We created a directory on an optical, did a 'sync, sync, eject' and had a trashed directory on the optical when we remounted it. From this I assume that the second sync doesn't wait on the first. BTW, I got a couple replies on how to initialize an optical with only one partition; the magic incantation is: disk -i -t omd-1-all /dev/rod0a. -- mike (carlton@ji.Berkeley.Edu or ...!ucbvax!ji!carlton)
cyliao@hardy.u.washington.edu (Chun-Yao Liao) (08/07/90)
Hi folks, this is me again, the one who "upgraded" from a "not-so-experienced" Unix user to "Beginner-SysAdm." So here are some new dumb questions to bother you guys again. 1. When mount an OD on multiple disk system, ALL files on the OD belong to the person who mounted the OD. Does this mean if some one takes my system disk and mount it in his/her/public cube, he or she can perform ALL kind operations to the files on my OD even like change root privilege of my files? 2. If I build my startup on a harddisk, then someone comes with his/her own system disk (OD) and boot from the monitor with bod. Is he or she going to have ALL the access of files on my harddisk as if he/she mount my harddisk under his/her home directory on his/her OD? if both are true, isn't it very dangerous to let anyone use my cube? (well, I don't have a harddisk yet, but I am plan to. A single optical drive system is not so usable...) so is there anyway to give the permission for excecute mount and unmount only to certain user? I read it in the user ref manual that sysadm can set it so users cannot eject disk. Does that mean users can mount disk but not to unmount disk? mmm... I am getting more and more questions as I read through all these manuals Thanx a lot to whoever can answer these questions.
john@math.utexas.edu (John R. Schutz) (08/08/90)
cyliao@hardy.u.washington.edu (Chun-Yao Liao) writes: >Hi folks, this is me again, the one who "upgraded" from a "not-so-experienced" >Unix user to "Beginner-SysAdm." So here are some new dumb questions to >bother you guys again. congrats. >1. When mount an OD on multiple disk system, ALL files on the OD [...] deleted part of quote > of my files? yes, as far as I can think (unless your chown them to root, but if they know the root password on any NeXT system, they can screw that too.) >2. If I build my startup on a harddisk, then someone comes with his/her own > system disk (OD) and boot from the monitor with bod. Is he or she going > to have ALL the access of files on my harddisk as if he/she mount my > harddisk under his/her home directory on his/her OD? *NO!* You can set a hardware password from the monitor. that way, from the monitor, if you don't know the password, you can only 'b' to boot from the normal boot device. They cannot use 'bod' unless they know the hardware password. See your docs (online ones, in the system admin guide in the doc about the monitor) on how to set it. >if both are true, isn't it very dangerous to let anyone use my cube? (well, >I don't have a harddisk yet, but I am plan to. A single optical drive system >is not so usable...) Not really, if you just take normal precautions. >so is there anyway to give the permission for excecute mount and unmount only >to certain user? Well, you can change the executable of mount and 'umount' to have only the owner to have execute privileges. I read it in the user ref manual that sysadm can set it so >users cannot eject disk. Does that mean users can mount disk but not to >unmount disk? No...to eject a disk you use the command 'disk -e /dev/rod0a' to eject a disk from Mach. >mmm... I am getting more and more questions as I read through all these manuals >Thanx a lot to whoever can answer these questions. I hope this helps john -- | John R. Schutz | Internet: john@csrnxt1.ae.utexas.edu | | Center for Space Research | NeXTmail: ditto | | Programmer (NeXT) | THENET : UTCSR::JOHN | | Etc. | Standard disclaimer |
dastrout@miavx1.acs.muohio.edu (root@next1) (08/08/90)
In article <5984@milton.u.washington.edu>, cyliao@hardy.u.washington.edu (Chun-Yao Liao) writes: > Hi folks, this is me again, the one who "upgraded" from a "not-so-experienced" > Unix user to "Beginner-SysAdm." So here are some new dumb questions to > bother you guys again. > > 1. When mount an OD on multiple disk system, ALL files on the OD > belong to the person who mounted the OD. Does this mean if some one takes > my system disk and mount it in his/her/public cube, he or she can perform > ALL kind operations to the files on my OD even like change root privilege > of my files? Yup. Keep your system disk under lock & key. The big danger is not changeing your files, but SUID files that allow the bad guy to become root at will. Bad magic. > 2. If I build my startup on a harddisk, then someone comes with his/her own > system disk (OD) and boot from the monitor with bod. Is he or she going > to have ALL the access of files on my harddisk as if he/she mount my > harddisk under his/her home directory on his/her OD? Yup. Set your hardware passwd. Capital P in the monitor. Then set your options with small p in the monitor. Set boot command to bsd. Then it will look for a Hard drive, and puke when it can't find it. Thus, only the person with the passwd can boot off of optical. Also see NeXTAnswers about how to disable power off if you run it all night. > > if both are true, isn't it very dangerous to let anyone use my cube? (well, > I don't have a harddisk yet, but I am plan to. A single optical drive system > is not so usable...) > > so is there anyway to give the permission for excecute mount and unmount only > to certain user? I read it in the user ref manual that sysadm can set it so > users cannot eject disk. Does that mean users can mount disk but not to > unmount disk? Not as far as I know. UNIX only checks for owner and group. If you want, you could make mount & umount doable only by root, but I'm not sure what that gains you, and also, the system might hang on auto-mount. I've never tried it. Not being able to eject means exactaly that. You can't use ej to spit it out. As you have no scsi drive to boot from, that might be good. Better is to take the OD home at nite. > > mmm... I am getting more and more questions as I read through all these manuals > Thanx a lot to whoever can answer these questions. -- Dave Strout dastrout@miavx1.acs.muohio.edu dastrout%miavx1.bitnet@pucc.princeton.edu root@next1.acs.muohio.edu 513-523-8245
pvo@sapphire.OCE.ORST.EDU (Paul O'Neill) (08/09/90)
In article <john.650055985@csrnxt1.ae.utexas.edu> john@math.utexas.edu (John R. Schutz) writes: > >>1. When mount an OD on multiple disk system, ALL files on the OD >[...] deleted part of quote >> of my files? > >yes, as far as I can think (unless your chown them to root, but if >they know the root password on any NeXT system, they can screw that >too.) > BZZZZZZZT--Wrong. If you have an optical disk that has only been mounted by the automounter, ALL, yes, all files and directories on that disk are ALREADY owned by root. Mount the thing manually and have a look. It's a cute trick that NeXT does with the automounter, making those root- owned files look like the-person-at-the-console's files. I've never seen an explanation of how it's done. Lot's of us would like to know! We almost always mount our opticals manually, via a suid perl script, from remote logins. This involves the least disturbance of anyone who happens to be logged in at the console. If you start doing this with suid programs or scripts as recently advised in this forum, be aware that root will have to manually mount a disk that has been previously auto-mounted and do a find script on it that changes ownership of all it's files to you. HOWEVER, you still don't want to loan your disk to someone you don't implicitly trust with your life, data & programs. I just did a test where another user mounted my optical disk with the automounter. All files on this disk are owned by ME, not root, and after the automounter mounted it, all files appeared to be owned by HIM. He could write, delete, change, etc. Now for the kicker. After unmounting this disk and manually mounting it, the files that HE made during the test, and that appeared as HIS during the test where really owned by ME!! (I was expecting them to be owned by root.) Documentation of autodiskmount is very sketchy. Maybe we can get something out of NextAnswers soon. SECURITY NOTE: perl's suid emulation and security checks seem quite strong. However, since that NeXT kernel does not disallow suid script execution, their full security can't be used. I strongly discourage the use of suid shell scripts for this task, and strongly urge NeXT to have their ^^^^^ next NeXT kernel disallow their execution. Paul O'Neill pvo@oce.orst.edu DoD 000006 Coastal Imaging Lab OSU--Oceanography Corvallis, OR 97331 503-737-3251