From: sgi-faq@viz.tamu.edu (The SGI FAQ group) Subject: SGI admin Frequently Asked Questions (FAQ) Newsgroups: comp.sys.sgi.misc,comp.answers,news.answers Followup-To: comp.sys.sgi.misc Reply-To: sgi-faq@viz.tamu.edu (The SGI FAQ group) Approved: news-answers-request@mit.edu Organization: Visualization Lab, Texas A&M University Archive-name: sgi/faq/admin Last-modified: Sat Apr 16 8:47:34 CDT 1994 SGI admin Frequently Asked Questions (FAQ) This is one of the Silicon Graphics FAQ series, which consists of: SGI admin FAQ - IRIX system administration SGI apps FAQ - Applications & compilers SGI graphics FAQ - Graphics and user environment customization SGI hardware FAQ - Hardware SGI misc FAQ - Introduction & miscellaneous information SGI performer FAQ - IRIS Performer SGI pointer FAQ - Pointer to the other FAQs Read the misc FAQ for information about the FAQs themselves. Each FAQ is posted to comp.sys.sgi.misc and to the news.answers and comp.answers newsgroups (whose purpose is to store FAQs) twice per month. If you can't find one of the FAQs with your news program, you can get it by anonymous FTP from one of these sites: rtfm.mit.edu:/pub/usenet/comp.sys.sgi.misc/ rtfm.mit.edu:/pub/usenet/news.answers/sgi/faq/ rtfm.mit.edu:/pub/usenet/comp.answers/sgi/faq/ viz.tamu.edu:/pub/sgi/faq/ Note that rtfm.mit.edu is home to many other FAQs and informational documents, and is a good place to look if you can't find an answer here. If you can't use FTP, send mail to mail-server@rtfm.mit.edu with the command 'send usenet/news.answers/ftp-list/faq' on a line by itself in the text, and it will send you a document describing how to FTP by mail. You can also read a hypertext version of the FAQs at http://www.cis.ohio-state.edu/hypertext/faq/usenet/sgi/top.html The SGI FAQs are freely distributable and wide circulation is encouraged. The contents are accurate as far as we know, but the usual disclaimers apply. Please send additions and changes to sgi-faq@viz.tamu.edu. Topics covered in this FAQ: --------------------------- -1- How can I determine which release of IRIX I'm running? -2- How can I determine my SGI's Ethernet (and/or FDDI) address? ! -3- How can I administer my Iris without a graphics terminal? -4- Is it possible to use the visual admin tools on a system with graphics to administer a system without graphics? -5- How can I boot directly into single-user mode? -6- How can I boot from a non-default disk? -7- How can I boot my machine using a server on the other side of a router? -8- Is it possible to remotely install IRIX over a network? -9- Which IRIX CD is the program 'foo' on? -10- Why doesn't 'inst' work? + -11- I reinstalled an IRIX subsystem to restore a missing file or get rid of a corrupted file, but it didn't help. Why not? -12- How can I install IRIX onto a second disk which I can then move to another machine? -13- How can I copy my system disk onto a second disk which I can then move to another machine? -14- I think I've found a security hole in IRIX; whom do I notify at SGI? -15- What security problems does IRIX have? -16- How can I log more information about logins? -17- I've just edited inetd.conf, and nothing changed. Why? ! -18- How do I make an anonymous or restricted FTP account? -19- How do I set the number of processes allowed on my machine? -20- I want to install a termcap for 'iris-ansi-net' on my non-SGI system, but I can't find a termcap file on the SGI. Where can I get one? -21- My SGI crashed and generated a file, /usr/adm/crash/vmcore.1. How can I examine this file to see what crashed my system? -22- How can I tell what hostname to use in /etc/exports? -23- Why can't I export an NFS-mounted filesystem? -24- Why can't Ultrix automount SGI filesystems? -25- Why does 'tar' work strangely on a filesystem mounted from an SGI? -26- Is 'pcnfsd' available for the SGI? -27- Can I export a CD-ROM from my SGI to a non-SGI? -28- Why can't I export an ISO 9660 CD-ROM using NFS? -29- How can I read an IRIX (EFS) CD-ROM on a machine which doesn't use EFS? -30- Why is my network license daemon ('netlsd') exiting? -31- Why isn't /usr/adm/SYSLOG being updated? -32- Why is 'rusers' showing users who aren't really logged in? -33- How do I make a bootable tape from an IRIX 4.0.X CD? -34- Why can't I boot one of the stand-alone programs on a tape or CD? -35- Why is /debug or /proc full of huge files? -36- Why do some programs parse /etc/fstab incorrectly? -37- My Indigo's Ethernet performance is dog-slow. What gives? -38- My Indigo running 4.0.5IOP is getting SIGSEGVs and crashing. What gives? -39- Why is my Indigo2 panicking? -40- What's this 'iotim' error in my syslog? -41- Why can't 'lp' read my file? -42- How can I use 'lpr' to print to my local printer? -43- How can I use 'lp' to print to an 'lpr'-controlled printer? -44- How can I tell 'lp' to turn banner printing or page reversal off or on? -45- Why can't I 'rdist' files between Suns and SGIs? -46- How do I add a static route? -47- How can I make the 'slip' command advertise the Ethernet address of the SLIP client? -48- How can I set up 'sendmail' to pass 8-bit characters? -49- Why are my mailbox files changing ownership? -50- Why isn't a valid user getting their mail? -51- How can SGIs and Suns share a mail spool? -52- What's an "unknown mailer error"? -53- What's "mailbox: Error 0"? -54- Can I change my full name or login shell without being superuser? -55- How do I extend an existing filesystem onto a new disk? -56- How can I measure my network's reliability? -57- How do I know if I need more memory and/or swap space? -58- How much swap space should I have per megabyte of memory? -59- How can I increase my swap space? ---------------------------------------------------------------------- Subject: -1- How can I determine which release of IRIX I'm running? Date: 07 Feb 94 00:00:01 CST 'uname -a' gives you all the kernel info; see the uname(1) manpage for other options. Of more general use, since kernels don't always reflect installed software, is the 'versions' command. 'versions' with no arguments lists all the installed software subsystems. IRIX 5.2's System Manager ('chost') has the IRIX version number under "IRIX Version" and a listing of installed software under "Software" (the "Show Installed" button). ------------------------------ Subject: -2- How can I determine my SGI's Ethernet (and/or FDDI) address? Date: 07 Feb 94 00:00:01 CST Many thanks to Miguel Sanchez for providing the original version of the following discussion, and to Dave Olson for comments. Andrew Cherenson reminded us that all these methods except the first apply to FDDI as well, but we'll just say "Ethernet" below. Every system on an Ethernet network must have a unique Ethernet address for the network to operate properly. The physical Ethernet address of your system is the unique number assigned to the Ethernet hardware on your system. This unique number is assigned to the manufacturer of your Ethernet hardware by the IEEE (formerly by Xerox, one of the original developers of Ethernet). This is not to be confused with the IP address, which can be set arbitrarily. You may need to determine your system's Ethernet address if your network manager requires it before connecting your system to a network. How to do so depends on whether IRIX is running and what operating system version is loaded. Method 1 only provides the Ethernet address of the primary interface. If you have multiple Ethernet interfaces (boards) in a system, use method 2, 3, 4 or 5 to determine the address(es) of any other interface(s). METHOD 1: eaddr If IRIX is not running, and the system is a Personal IRIS (4D20, 25, 30, or 35), Indigo, Crimson, Onyx or Challenge, you can obtain the Ethernet address by typing 'eaddr' (older machines) or 'printenv eaddr' (newer) at the PROM monitor prompt. On some machines (4D30 or later) you can say 'nvram eaddr' while IRIX is running to get the same result. METHOD 2: netstat Under IRIX 4.0.1 or later, you can use the netstat command. For example, % /usr/etc/netstat -ia Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ec0 1500 siligrph luey7 7765678 21648 384477 0 30338 192.48.200.251 192.0.0.1 08:00:69:06:17:c2 lo0 32880 loopback localhost 41438 0 41438 0 0 192.0.0.1 As seen on the fourth address line, the address of the system luey7's primary Ethernet interface, "ec0", is 08:00:69:06:17:c2. METHOD 3: arp You can obtain the Ethernet address of a Silicon Graphics system by using another system on your network. 'ping' the system whose Ethernet address you want, then use 'arp'. For example, % /usr/etc/ping -c 1 luey6 PING luey6.sgi.com (192.48.200.250): 56 data bytes 64 bytes from 192.48.200.250: icmp_seq=0 ttl=255 time=0 ms ----luey6.sgi.com PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/0 % /usr/etc/arp luey6 luey6 (192.48.200.250) at 8:0:69:6:c:40 % METHOD 4: NetVizualyzer/FDDIVizualyzer and the like SGI's NetVizualyzer/FDDIVizualyzer network monitoring software and at least one public domain equivalent ('netman', at ftp.cs.curtin.edu.au:/pub/netman/) allow you to find the Ethernet address corresponding to any IP address. Read the manual. METHOD 5: System Manager The Network Setup part ('cnet') of IRIX 5.2's System Manager tool ('chost') shows the Ethernet address of each interface. 4DDN: A Special Case DECnet uses a one-to-one relationship between the DECnet node ID and the Ethernet address. If the DECnet address is changed the Ethernet address is changed. DECnet Ethernet addresses always start with aa:, so you can identify systems running DECnet with 'arp -a'. 4DDN is Silicon Graphics' DECnet interconnection product. The Ethernet address of an IRIS running 4DDN will change when 4DDN is started. Method 1 will return the original Ethernet address for the system. Methods 2-5 will show the Ethernet address currently in use. sysinfo /etc/sysinfo is intended to return a unique identifier, which on some machines includes part or all of the Ethernet address. This is best regarded as an amusing coincidence, like HAL's name in "2001". Don't rely on it. ------------------------------ Subject: ! -3- How can I administer my Iris without a graphics terminal? Date: 13 Apr 94 00:00:01 EST The visual admin tools in IRIX 4.0.x ('vadmin') need GL, and do not work on X terminals or workstations without GL. You can use 'sysadm' on text terminals for some tasks, but beware of bugs and inadequacies: SGI judged 'sysadm' to be too buggy to be worth updating for IRIX 5.x. The visual admin tools in IRIX 5.x (x > 2) should display on any X display, *except* for the backup/restore tool which is an exact port from IRIX 4.0.x and requires GL. Some images will be missing when GL is unavailable, but the tools will function properly. As for text terminals, you're out of luck: 'sysadm' does not exist in IRIX 5.x. Of course, you can always use a text editor and write scripts, or see the next question. ------------------------------ Subject: -4- Is it possible to use the visual admin tools on a system with graphics to administer a system without graphics? Date: 12 Feb 94 00:00:01 CST Yes: just rlogin to the graphics-less system and run 'vadmin' (IRIX 4.0.x) or 'chost' (IRIX 5.x). Make sure that the DISPLAY environment variable is set correctly and that both the vadmin/sysadmdesktop and the shared library subsystems are installed on the graphics-less system (which they are in the default installation). Under IRIX 5.x, look at the READMEs in /var/sysadmdesktop/rsysmanapps and /var/sysadmdesktop/sysmanapps to find out how to use 'chost' to run commands on remote systems. Finally, in a future release of IRIX 5.x, the sysadmdesktop tools will be able to manage remote systems *without* doing an rlogin. ------------------------------ Subject: -5- How can I boot directly into single-user mode? Date: 20 Feb 94 00:00:01 EST Use the PROM monitor's 'single' command. For machines earlier than 4D35s, whose PROMs don't have that command, say 'boot dksc(0,1,0)unix initstate=s'. Replace 'dksc(0,1,0)' with the appropriate device and partition if your boot volume is something other than a SCSI device partitioned in the standard manner; see the chapter on the PROM monitor in the "Advanced Site and Server Administration Guide". ------------------------------ Subject: -6- How can I boot from a non-default disk? Date: 20 Jan 94 00:00:01 CST Says Justin Mason : If your disk is SCSI ID 4, do boot -f dksc(0,4,8)sash dksc(0,4,0)unix root=dks0d4s0 or setenv bootfile dksc(0,4,8)sash setenv path dksc(0,4,8) setenv root dks0d4s0 # This is the tricky part auto from the PROM. The first method works once, so that subsequent reboots use SCSI ID 1, and the second method sets the PROM to boot from ID 4 every time (until you reset the PROM variables). ------------------------------ Subject: -7- How can I boot my machine using a server on the other side of a router? Date: 24 Jan 94 00:00:01 EST Tell the router to forward BOOTP packets. If it can't, NFS-mount the remote volumes on another machine on the same subnet and use the nearby machine for your boot server. ------------------------------ Subject: -8- Is it possible to remotely install IRIX over a network? Date: 20 May 93 00:00:01 CST Yes. You can install IRIX from a remote machine which has a CD-ROM, a tape drive, or an IRIX distribution directory. All of these scenarios (and several others) are described in detail in the "IRIS Software Installation Guide". Examples are provided. ------------------------------ Subject: -9- Which IRIX CD is the program 'foo' on? Date: 10 Dec 93 00:00:01 EST Load the CD and try 'grep foo /CDROM/dist/*.idb'. If you don't get any output, 'foo' isn't on that CD. If you do, it is, and one of the fields is the subsystem in which 'foo' lives. ------------------------------ Subject: -10- Why doesn't 'inst' work? Date: 16 Jan 94 00:00:01 EST One possibility is that you're using an old 'inst' with new software. Always use an 'inst' at least as new as what you're installing. ------------------------------ Subject: + -11- I reinstalled an IRIX subsystem to restore a missing file or get rid of a corrupted file, but it didn't help. Why not? Date: 13 Apr 94 00:00:01 EST 'inst' doesn't bother to install a subsystem if the same or a newer version is already installed. Tell it to install anyway by saying 'set neweroverride' before you say 'go'. Removing the subsystem and reinstalling it will do more or less the same thing. ------------------------------ Subject: -12- How can I install IRIX onto a second disk which I can then move to another machine? Date: 20 Jan 94 00:00:01 EST With difficulty. Many parts of the installation process assume that you're installing IRIX onto your system disk (SCSI ID 1). Just fiddle with SCSI ID switches and/or move disks around to make the disk onto which you want to install IRIX the system disk for the duration of the installation. Furthermore, IRIX has many hardware dependencies, so you should only move system disks between absolutely identical machines. If you want to make a system disk for a machine without a network connection, CD-ROM or tape drive, the easiest and safest way is to borrow another CD-ROM or tape drive. If you want to try anyway, Justin Mason reports that the following works under IRIX 5.1.1: Set up the disk, e.g. with SCSI id 4, fx a generic "[bo]otable" partition setup onto it, and mkfs the partitions. Copy sash, etc. from your system disk to the new disk with dvhtool. Boot up the miniroot as usual, go into inst, choose "admin" from the menu and do the following, replacing SCSI IDs and partition numbers as appropriate: umount /root umount /root/usr mount /dev/dsk/dks0d4s0 /root mount /dev/dsk/dks0d4s6 /root/usr mount # Just to check return # Go back to main inst menu Then install as you like. ------------------------------ Subject: -13- How can I copy my system disk onto a second disk which I can then move to another machine? Date: 20 Feb 94 00:00:01 EST See the article in the Jul/Aug 92 Pipeline and the addendum in the Nov/Dec 92 Pipeline, and note that the warning about hardware dependencies in the previous question applies here too. ------------------------------ Subject: -14- I think I've found a security hole in IRIX; whom do I notify at SGI? Date: 10 Dec 93 00:00:01 CST In general, if you find a security problem (or think you have), you can send it to postmaster@sgi.com. This address gets a lot of mail, so you may want to CC your mail to one of the SGI employees who regularly post to Usenet. (Several have indicated that they will be glad to know about such things.) You can also notify CERT , who will contact the appropriate people from their contact list. They may take some time. ------------------------------ Subject: -15- What security problems does IRIX have? Date: 05 Apr 94 00:00:01 EST Before we start, some general comments: - IRIX is too complex for this list to be complete. We only discuss problems we know about. We don't discuss insecurely designed systems (like YP) or ways in which you might misconfigure your system, only bugs. We don't discuss third-party software, free or not. - Read rtfm.mit.edu:/pub/usenet/news.answers/security-faq and the books and papers listed therein for general discussions of Unix security. Look on ftp.cert.org:/ for CERT advisories, descriptions of what CERT and CERT advisories are, and other security-related material. - Prudence and space permit us to describe only how to close holes, not to exploit them. Try comp.security.unix. - Some of the fixes involve installing a new version of a setuid binary. Be sure that you 1) make it executable, setuid and owned by the correct user and group (or it won't work), and 2) remove the old version so bad guys can't use it! Now for the holes themselves: - CERT advisory CA-92:08, which you can get from ftp.cert.org:/pub/cert_advisories/CA-92:08.SGI.lp.vulnerability describes problems with the permissions of 'lp'-related parts of IRIX which allow anyone who can log in as lp to get root access. They are fixed in IRIX 4.0.5. Briefly, the fix is su root cd /usr/lib chmod a-s,go-w lpshut lpmove accept reject lpadmin chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks cd /usr/bin chmod a-s,go-w disable enable chmod go-ws cancel lp lpstat - CERT advisory CA-93:16, which you can get from ftp.cert.org:/pub/cert_advisories/CA-93:16.sendmail.vulnerability describes a hole in /usr/lib/sendmail which allows anyone root access, whether they can log in initially or not! Fixed versions for IRIX 4.0.x and 5.x are at ftp.sgi.com:/sgi/IRIX4.0/sendmail/ ftp.sgi.com:/sgi/IRIX5.0/sendmail/ - CERT advisory CA-93:17, which you can get from ftp.cert.org:/pub/cert_advisories/CA-93:17.xterm.logging.vulnerability describes a hole in /usr/bin/X11/xterm which allows any user root access. It is fixed in IRIX 5.x. A fixed version for IRIX 4.x is at ftp.sgi.com:/sgi/IRIX4.0/xterm/ The 'fix', incidentally, is that logging is completely disabled. - /usr/bsd/rdist has several holes which allow any user root access. Some are fixed in IRIX 4.0.5x, but some are still present in all versions of IRIX 4.0.x and 5.x, including the 4.0.5 version on ftp.sgi.com. Close the hole with 'chmod -s'. rdist will then work only when used by root. If your non-root users need 'rdist', there is a free version which claims to be free of all known holes in usc.edu:/pub/rdist/. Make sure you get version 6.1 beta 3 or later. Note that CERT advisory CA-91:20 (ftp.cert.org:/pub/cert_advisories/CA-91:20.rdist.vulnerability) is badly out of date. - The 'lpr' subsystem in IRIX 4.0.x and 5.x has several holes which allow a non-root user to become root. Use 'lp' instead if you can. If you don't need 'lpr', make sure it isn't installed. (It lives in the eoe2.sw.lpr subsystem.) If you do need 'lpr', try the patched version of the Net/2 BSD lpr at ftp.umbc.edu:/pub/sgi/patched-lpr.tar.Z. The '-s' (symbolic link) option is disabled to avoid one of the security holes. - /usr/bin/under is an unused (!) part of 'rexd'. It is setuid root and may allow root access, so 'chmod -s' it just in case. Note that SGI ships IRIX with 'rexd' turned off because 'rexd' is itself a security problem. - /usr/etc/arp is setgid sys, allowing anyone who can log into your machine to read files which should be readable only by group 'sys'. Close the hole with 'chmod -s'. This prevents non-root users from using 'arp' at all, but they don't generally need it. - /usr/sbin/cdinstmgr is setuid root and is a script. Setuid scripts are a well-known Unix security problem. IRIX ignores them by default, but 'chmod -s /usr/sbin/cdinstmgr' just in case. Finally, several aspects of SGI's default IRIX configuration were chosen for convenience, not security. Unless your machine is not networked, you may be more concerned about security than SGI assumed. Note that these items have been discussed on Usenet many times, and Usenet chatter is not a good way to change SGI policy. If they bother you, talk to your sales rep or just fix them yourself as follows: - Several accounts come without passwords, including (but not limited to) guest, 4Dgifts, demos, tutor, tour and particularly lp. Examine /etc/passwd and lock all unnecessarily open accounts. Note that 1) parts of IRIX (e.g. 'inst') use the open guest account by default, and 2) remote 'lp' clients need access to the lp account to print, so you'll need to make other arrangements. - 'xdm' does 'xhost +' by default when you log in. This allows anyone to open windows on your display and even to record what you type at your keyboard. Close this hole by removing the 'xhost +' from /usr/lib/X11/xdm/Xsession and /usr/lib/X11/xdm/Xsession-remote. Note that the Xauthority mechanism has several different problems in IRIX 4.0.x, so you'll need to say 'xhost +localhost' to run DGL programs and 'xhost +otherhost' to display remote X programs. - At least some of the possible default values of the PATH environment variable begin with the current directory. (The system interprets either a period or the empty string in any component of PATH as the current directory. PATH is colon-separated, so if it begins with a colon the first component is the empty string.) This exposes you to Trojan horse programs. Set PATH to a safe value (remove the current directory, or at least move it to the end) in /etc/cshrc and/or /etc/profile. ------------------------------ Subject: -16- How can I log more information about logins? Date: 22 Jan 94 00:00:01 EST - 'last', 'who', etc. get remote login information from /etc/xutmp and /etc/xwtmp. That information is only logged into these files if they already exist. To create them, just say 'touch /etc/xutmp /etc/xwtmp'. In IRIX 5.x, 'touch /var/adm/utmpx /var/adm/wtmpx'. - As described in the login(1) manpage, you can add the line 'syslog=all' to /etc/config/login.options to log all login attempts, not just successful ones, in /usr/adm/SYSLOG. - 'ftpd', 'rshd' and 'tftpd' all have options ('-l' or '-L') which cause them to log all accesses. See their manpages. 'ftpd' also has '-ll' and '-lll' options (undocumented before IRIX 5.x) which log individual file transfers and the sizes of those files respectively. Add the options to the last fields (not the second-to-last) of the appropriate lines of /usr/etc/inetd.conf (/etc/inetd.conf in IRIX 5.x), then do 'killall -HUP inetd' or reboot. ------------------------------ Subject: -17- I've just edited inetd.conf, and nothing changed. Why? Date: 10 Dec 93 00:00:01 CST You need to make 'inetd' reread the file. Do 'killall -HUP inetd' or reboot. ------------------------------ Subject: ! -18- How do I make an anonymous or restricted FTP account? Date: 15 Apr 94 00:00:01 EST Read the ftpd(1M) manpage. However, the ftp account's home directory (/usr/people/ftp) should be owned and writable only by root, NOT ftp. A script which sets up a secure anonymous FTP account is at viz.tamu.edu:/pub/sgi/software/ftp/make-anonftp. ------------------------------ Subject: -19- How do I set the number of processes allowed on my machine? Date: 23 Jan 94 00:00:01 CST Change NPROC in usr/sysgen/master.d/kernel, run '/etc/autoconfig -f' and reboot. In IRIX 5.x, use 'systune'. ------------------------------ Subject: -20- I want to install a termcap for 'iris-ansi-net' on my non-SGI system, but I can't find a termcap file on the SGI. Where can I get one? Date: 20 May 93 00:00:01 CST SGIs use the system 5 style terminfo stuff. What you want can be done though. See the infocmp(1) manpage and the documentation about -r. This should do the job: 'infocmp -Cr iris-ansi'. If you don't have infocmp, you have to install eoe2.sw.terminf, which is not installed by default. ------------------------------ Subject: -21- My SGI crashed and generated a file, /usr/adm/crash/vmcore.1. How can I examine this file to see what crashed my system? Date: 10 Dec 93 00:00:01 EST For a start, you can use 'dbx' like so: dbx -k /usr/adm/crash/{unix,vmcore}.# t &putbuf/1000s Some machines have a special 'dbx' for crash dumps, /usr/adm/crash/dbx. If it exists, use it instead of /usr/bin/dbx. There is also a script, 'crpt', which does this and more automagically. One version lives at viz.tamu.edu:/pub/sgi/software/crpt/, but ask the TAC when you call to make sure you have the latest and greatest. ------------------------------ Subject: -22- How can I tell what hostname to use in /etc/exports? Date: 07 Feb 94 00:00:01 EST NFS servers may need a particular form of a client's name in /etc/exports to allow the client access. This may not be obvious, for example if the server is also a router. Log in from the client to the server and say 'echo $REMOTEHOST' to see what the server thinks the client is called, and put that in /etc/exports. IRIX 5.2's System Manager ('chost') should be able to determine the correct hostname for you. ------------------------------ Subject: -23- Why can't I export an NFS-mounted filesystem? Date: 10 Dec 93 00:00:01 CST This is known as multi-hop NFS. It is not allowed or supported in (Sun's) NFS because it is not in general possible to detect errors such as infinite mount loops, on either the client or the server. ------------------------------ Subject: -24- Why can't Ultrix automount SGI filesystems? Date: 10 Dec 93 00:00:01 CST Ultrix's automount uses an "untrusted" port for mount requests. Add an '-n' to the mountd lines in /usr/etc/inetd.conf (/etc/inetd.conf in IRIX 5.x), like so: mountd/1 stream rpc/tcp wait root /usr/etc/rpc.mountd mountd -n mountd/1 dgram rpc/udp wait root /usr/etc/rpc.mountd mountd -n then 'killall mountd' and 'killall -HUP inetd' or reboot. ------------------------------ Subject: -25- Why does 'tar' work strangely on a filesystem mounted from an SGI? Date: 03 Apr 94 00:00:01 EST When user A extracts a file owned by user B from a tar archive, 'tar' makes the file owned by user A unless user A is the superuser. Some systems allow users to give files away (e.g. IRIX); some do not (e.g. SunOS). On some systems with the restricted behavior (SunOS among them), 'tar' tries to give the file to user B whether or not user A is the superuser, assuming that the chown system call will fail if user A is not. This is not true if user A is using 'tar' on (e.g.) a Sun to extract files onto a filesystem NFS-mounted from (e.g.) an SGI. 'tar' may create zero-length files or give away directories and then be unable to extract files into them. Work around the problem by doing the 'tar' on the SGI or extracting onto a Sun filesystem. It is possible that third-party versions of 'tar' (e.g. GNU tar) are smarter; let us know if so. Don't turn the restricted_chown kernel variable on on the SGI; while this will fix the problem at hand, it will break SGI programs which need to give files away without running as root (notably /bin/mail). ------------------------------ Subject: -26- Is 'pcnfsd' available for the SGI? Date: 27 Feb 94 00:00:01 EST For IRIX 4.0.x, look in ftp.sgi.com:/support/pcnfsd.sysV/. (Note that although SGI makes this available, they do not support it.) For IRIX 5.x, look in viz.tamu.edu:/pub/sgi/software/pcnfsd/. ------------------------------ Subject: -27- Can I export a CD-ROM from my SGI to a non-SGI? Date: 10 Dec 93 00:00:01 EST Not in IRIX 4.0.x. You can in IRIX 5.x, as you would any other filesystem. ------------------------------ Subject: -28- Why can't I export an ISO 9660 CD-ROM using NFS? Date: 20 Feb 94 00:00:01 EST You can, but only to another SGI (see the previous question) and there's a catch. Add the CD-ROM filesystem to /etc/exports and export it with 'exportfs' *before* you mount the CD-ROM. This chicanery is not necessary in IRIX 5.x. For more detail, read viz.tamu.edu:/pub/sgi/hardware/exporting-iso-9660-cdrom or the article in the Jan/Feb 93 Pipeline, or for an up-to-date copy call the TAC and ask for SGI's writeup on "Mounting an ISO 9660 CD Across NFS". ------------------------------ Subject: -29- How can I read an IRIX (EFS) CD-ROM on a machine which doesn't use EFS? Date: 09 Jan 94 00:00:01 EST You want 'efslook', in viz.tamu.edu:/pub/sgi/software/efslook/. ------------------------------ Subject: -30- Why is my network license daemon ('netlsd') exiting? Date: 20 May 93 00:00:01 CST For netlsd to run, you need to have 'llbd' and 'glbd' installed and running. A complete debugging procedure is in the netls release notes, which can be read with 'relnotes netls_eoe 5'. ------------------------------ Subject: -31- Why isn't /usr/adm/SYSLOG being updated? Date: 05 Jul 93 00:00:01 CST Thanks to Vernon Schryver here. Popular causes include: - running out of disk space. Once syslogd is unable to write to /usr/adm/SYSLOG, it won't try again until it is `killall -HUP syslogd`. - installing IRIX 4.0.X and failing to heed the nagging from the system when it is rebooted to run 'versions changed' and combine new and old configuration files. In this case, the trouble is in /usr/spool/cron/crontabs/root. ------------------------------ Subject: -32- Why is 'rusers' showing users who aren't really logged in? Date: 30 Dec 93 00:00:01 CST This is a well-known bug in IRIX 4.0.X wherein /etc/utmp is not being updated properly after a user logout. 'rusers' (and other programs) are simply reporting the non-updated contents of /etc/utmp. Fixes have been provided by jer@blaise.cif.rochester.edu, David Hinds and Patrick M. Ryan . They can be found at viz.tamu.edu:/pub/sgi/software/utmp/. ------------------------------ Subject: -33- How do I make a bootable tape from an IRIX 4.0.X CD? Date: 20 Feb 94 00:00:01 EST See the Sep/Oct 93 Pipeline for a detailed description, or just follow Dave Olson 's summary: Take a look at the distcp(1M) manpage, and do something like tapehost# mount -o ro cdhost:/CDROM /mnt tapehost# distcp /mnt/dist /dev/nrtape Note that 'fx', 'ide', and 'sash' for all machines are in the dist/sa file. 'sa' is an image of the first part of the tape; use 'mkbootape -f sa -l' to see the contents. ------------------------------ Subject: -34- Why can't I boot one of the stand-alone programs on a tape or CD? Date: 03 Apr 94 00:00:01 EST One reason is that some CPU names are preceded by periods and some aren't. Another is that the Indigo R4000 and later CPUs use the suffix 'ARCS', not 'IP20' or whatever as one might expect from 'hinv'. For example, the correct command to boot fx directly from the PROM monitor on an Indigo R4000 is 'boot -f dksc(ctlr,unit,8)sashARCS dksc(ctlr,unit,7)stand/fx.ARCS'. Note the use of 'ARCS' instead of 'IP20' and the missing period in 'sashARCS'. ------------------------------ Subject: -35- Why is /debug or /proc full of huge files? Date: 10 Dec 93 00:00:01 EST Those aren't disk files, they're interfaces to running processes. Read the debug(4) and/or proc(4) manpages. ------------------------------ Subject: -36- Why do some programs parse /etc/fstab incorrectly? Date: 10 Dec 93 00:00:01 EST In IRIX 4.0.5, some programs (e.g. 'fsr') misinterpret lines in /etc/fstab, so that, e.g., /dev/usr /usr efs rw,raw=/dev/rusr,quota 0 0 would cause 'fsr' to think that the raw device pathname was "/dev/rusr,quota" instead of "/dev/rusr". There is no such device, so /dev/rusr would never be defragmented. You can work around this by putting the "raw" option last: /dev/usr /usr efs rw,quota,raw=/dev/rusr 0 0 This is fixed in IRIX 5.x. ------------------------------ Subject: -37- My Indigo's Ethernet performance is dog-slow. What gives? Date: 10 Dec 93 00:00:01 EST Call the TAC. You need the "E++" patch, or IRIX 4.0.5IOP ("Indigo Only Patch"), which includes the E++ patch. ------------------------------ Subject: -38- My Indigo running 4.0.5IOP is getting SIGSEGVs and crashing. What gives? Date: 12 Jan 94 00:00:01 EST Make sure you've installed the 4.0.5IOP NFS maintenance patch along with the rest of 4.0.5IOP. If you're sure you have, call the TAC. You may need the "IP20 ethernet patch". This comes *after* 4.0.5IOP, and is not to be confused with the older "E++ patch" (see the previous question). ------------------------------ Subject: -39- Why is my Indigo2 panicking? Date: 10 Jan 94 00:00:01 EST There are several keyboard-related bugs in IRIX 4.0.5H and 4.0.5IOP which cause Indigo2s to crash or freeze. One sign that these particular bugs are responsible is the message "PANIC: Timeout Table Overflow" or "WARNING: Couldn't allocate streams buffer" in /usr/adm/SYSLOG. They will be fixed in IRIX 5.2, and in the meantime you can get the "Indigo2 keyboard patch" (aka "pckm patch") from SGI. ------------------------------ Subject: -40- What's this 'iotim' error in my syslog? Date: 12 Feb 94 00:00:01 EST It's a bug in 'rpc.rstatd' which affects several programs including 'ruptime' and 'sysmeter'. In IRIX 4.0.5H and later, 'rpc.rstatd' ignores the problem (returning all but the SCSI disk stats which cause the error) but still generates a message. The problem is completely fixed in IRIX 5.x. The pre-4.0.5H 'rpc.rstatd' says rstatd[4840]: read: iotim: No such device or address and the post-4.0.5H 'rpc.rstatd' says rstatd[4941]: read: bad iotim, no disk stats: No such device or address If you see the former, get the patched 'rpc.rstatd' from ftp.sgi.com:/support/rpc.rstatd or (for Indigos) upgrade to IRIX 4.0.5IOP. If you see the latter, relax and wait for IRIX 5.x. ------------------------------ Subject: -41- Why can't 'lp' read my file? Date: 10 Dec 93 00:00:01 EST 'lp' is setuid, so it can only read world-readable files. You can say 'lp < file' if you don't want to make your file world-readable. ------------------------------ Subject: -42- How can I use 'lpr' to print to my local printer? Date: 10 Dec 93 00:00:01 EST SGI provides 'lpr' for printing on remote printers, and does not support it for local printing. One way to do it anyhow is to make an /etc/printcap entry with an output filter which is just a wrapper around 'lp'. If that isn't crystal-clear, call the TAC and ask for their "faxable" on "Integrating The AT&T Spooler With The BSD LPR Print Spooler". A not-guaranteed-to-be-up-to-date copy is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lpr-to-lp. ------------------------------ Subject: -43- How can I use 'lp' to print to an 'lpr'-controlled printer? Date: 10 Dec 93 00:00:01 EST Two possible ways: - Write an 'lp' interface script that calls 'lpr'. Impressario 1.1 can do this for you. If you don't have Impressario you can do it yourself or call SGI and ask for their writeup, "LPTOLPR, A Model File for LP", which includes (in fact, consists of) just such an interface script. A not-guaranteed-to-be-up-to-date copy is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-to-lpr. - Write an 'lp' replacement script that calls 'lpr'. One such script is at viz.tamu.edu:/pub/sgi/software/lp-lpr/lp-wrapper-for-lpr. ------------------------------ Subject: -44- How can I tell 'lp' to turn banner printing or page reversal off or on? Date: 08 Jan 94 00:00:01 CST 'lp' controls printers via shell scripts, called 'models', which live in /usr/spool/lp/model. When you install a printer, the appropriate model script is copied to /usr/spool/lp/interface/. To temporarily change a printer's behavior, look at the manpage for its interface script (or, if there is none, the script itself) to see what options it wants, and pass them to the script with 'lp's '-o' option. For example, 'lp -o"-nobanner" file' tells a "Generic Postscript" printer (described in the gpsinterface(1) manpage) to print 'file' without a banner page. To permanently change a printer's behavior, edit its interface script. The following are true for "Generic Postscript" printers, but the idea is the same for others: - To turn banner printing off or on, change the line 'BANNER=1' to 'BANNER=0' or vice versa. - To turn page reversal off or on, change the line 'send=/usr/lib/print/lptops' to 'send="/usr/lib/print/lptops -U"' (note the quotes) or vice versa. ------------------------------ Subject: -45- Why can't I 'rdist' files between Suns and SGIs? Date: 10 Dec 93 00:00:01 EST Sun's 'rdist' expects SGI's 'rdist' to live in /usr/ucb, but it's actually in /usr/bsd. Make a symbolic link from /usr/ucb/rdist to /usr/bsd/rdist and all will be well. ------------------------------ Subject: -46- How do I add a static route? Date: 10 Mar 94 00:00:01 EST Some sites handle IP routing by designating a routing machine and having all other hosts define a static route to that machine. The way to do this on SGIs is in the /etc/init.d/network.local script. 1) Read the paragraph just before the copyright at the top of /etc/init.d/network and make the links it specifies. 2) Put something like the following in /etc/init.d/network.local, replacing ROUTER'S.IP.ADDRESS.HERE with the address of your router. #! /bin/sh case "$1" in 'start') /usr/etc/route add default ROUTER'S.IP.ADDRESS.HERE 1 ;; 'stop') /usr/etc/route delete default ROUTER'S.IP.ADDRESS.HERE ;; *) echo "Usage: $0 {start|stop}" ;; esac If you NFS-mount disks from the other side of the static route, they will not be unmounted properly during shutdown. You can fix this by making the links so that /etc/init.d/network.local runs before /etc/init.d/network: 'ln -s /etc/init.d/network.local /etc/rc0.d/K41network' instead of '/etc/rc0.d/K39network'. ------------------------------ Subject: -47- How can I make the 'slip' command advertise the Ethernet address of the SLIP client? Date: 10 Dec 93 00:00:01 EST You can't. Just add something like /usr/etc/arp -s $USER `netstat -ia | grep :` pub to the shell script in which you start the SLIP process. $USER is the SLIP client. The 'netstat | grep' part gets the host's Ethernet address, and 'arp' advertises the host as an ARP server for $USER. See also the arp(1M) manpage. ------------------------------ Subject: -48- How can I set up 'sendmail' to pass 8-bit characters? Date: 12 Feb 94 00:00:01 EST Dunno, offhand, but many experts say "don't try". RFC822 requires mail transport agents to *clear* the eighth bit, and many hosts do. Some which don't may crash when they get mail with the eighth bit set. Instead, use a MIME-compatible mail program. MIME, described in RFC1521, is a standard for enclosing non- RFC822 material in your mail. The apps FAQ discusses several mail programs which support it. Nonetheless, if someone wants to tell us about putting SGI's 'sendmail' into 8-bit mode we'll note it here. ------------------------------ Subject: -49- Why are my mailbox files changing ownership? Date: 17 Jan 94 00:00:01 CST If your mail directory is mounted from another machine, your machine does not have root access, and the other machine has BSD-style "restricted chown" (either because it's not an SGI or because someone turned restricted chown on), /bin/mail will change mail file ownership when delivering local mail. Without unrestricted chown or root access, /bin/mail is unable to give mail files back to their owners after delivering mail. You can fix the problem by turning off restricted chown on the other machine (if it's an SGI), exporting the mail directory with root access for your machine, or waiting for IRIX 5.2, in which the problem will be fixed. ------------------------------ Subject: -50- Why isn't a valid user getting their mail? Date: 24 Jan 94 00:00:01 EST IRIX' mail system requires "valid users" to have both valid password file entries (whether local or via NIS) and home directories. The latter often trips one up when installing POP servers and whatnot, where home directories aren't really necessary. Just make a fake one. ------------------------------ Subject: -51- How can SGIs and Suns share a mail spool? Date: 05 Feb 94 00:00:01 EST Paul Riddle has written up how he did it. Read ftp.umbc.edu:/pub/sgi/shared-spool.text. ------------------------------ Subject: -52- What's an "unknown mailer error"? Date: 20 Feb 94 00:00:01 EST There's a list in viz.tamu.edu:/pub/sgi/software/mail/mail-errors. ------------------------------ Subject: -53- What's "mailbox: Error 0"? Date: 05 Mar 94 00:00:01 EST It's a harmless bug; don't worry about it. It is present in IRIX 4.0.x before 4.0.5H/4.0.5IOP and fixed in those and later versions. ------------------------------ Subject: -54- Can I change my full name or login shell without being superuser? Date: 16 Mar 94 00:00:01 EST Maybe. IRIX 4.x has no 'chfn' or 'chsh', so if you're a local user you're stuck. However, if your account is on NIS (Yellow Pages) you can use 'ypchpass'. You might also ask your superuser to install one of the many free implementations of 'chfn' and/or 'chsh'; one is in volume 3 of comp.sources.unix (ftp.uu.net:/usenet/comp.sources.unix/volume3/). ------------------------------ Subject: -55- How do I extend an existing filesystem onto a new disk? Date: 24 Jan 94 00:00:01 EST Back up the existing filesystem (just in case) then run 'mklv' and 'growfs'. 'mklv' and 'growfs' are nondestructive, so you don't need to restore the backup unless you screw up. Don't use 'mkfs', which does destroy existing data. ------------------------------ Subject: -56- How can I measure my network's reliability? Date: 13 Feb 94 00:00:01 EST Don't worry about collisions. They are part of normal operation on a crowded Ethernet. You *should* worry about late collisions (which are logged to the console) and lost packets (which you can easily measure with the command 'ping -fs 3000 -c 1000 someotherhost'), which usually mean network hardware problems or a misconfigured bridge or router. ------------------------------ Subject: -57- How do I know if I need more memory and/or swap space? Date: 20 Feb 94 00:00:01 EST If processes are killed due to lack of memory/swap, you need more memory and/or swap space. If your CPU is always waiting for swapping (run 'osview' and look at the "%Swap" entry under "Wait Ratio") you need more memory. ------------------------------ Subject: -58- How much swap space should I have per megabyte of memory? Date: 20 Feb 94 00:00:01 EST An oft-recommended ratio is X memory:2.5 X swap, but this may be too slow. Decide how much of your favorite program (plus IRIX) needs to be resident for good performance and how much doesn't, and make sure you have enough memory for the former and enough memory plus swap for the latter. Put "rmem" and "swp" in your ~/.grosview file, run 'gr_osview' and run your favorite program to see what it needs. ------------------------------ Subject: -59- How can I increase my swap space? Date: 20 Feb 94 00:00:01 EST See the Jan/Feb 93 Pipeline for a detailed writeup, or call the TAC and have them fax you the very latest version. It will be much easier in IRIX 5.x, which will support swapping to files. ------------------------------ End of sgi/faq/admin Digest ******************************