| |
The default umask used for new accounts is 077 which means that there are no restrictions
on the owner (the permissions could be as high as 7) and there are maximum restrictions
on group and public (7-7=0). Any user can overide the default umask by setting
it in their .bash_profile file which is executed once for logon shells. For example,
However, if a more secure umask of 077 is used, then users will have to use chmod after creating web
files to change the permissions to 644 (for web pages) and 755 (for web directories) as the
web server will not serve pages with lesser permissions.
We have replaced the Sun Workstations and several Linux boxes with a mostly dual-boot system (XP and Linux).
The Linux side provides storage space for users and a host of other facilities and applications.
The server is shared with Computer Science as is the storage space.
Most of the unique "engineering" software is on the client computers in Moody
and may not be present on CS lab computers. You have a mail account with the CS/ENGR system if you want to use it.
You have a quota of 200MB (currently) of storage. The quota will increase when we install
a new server and supporting facilities.
You have space for Web pages. As the semester progresses, we will provide more detail.2006.09.15
Unix provides a file access security mechanism which may be used to implement
almost any security policy. The file access modes for the owner,group,public are
usually taught in PAD1. We are all familiar with these RWX (Read Write eXecute) attributes for
each class of user (owner, group, and public). We may be less familiar with the umask
command and what it provides. The RWX attributes, coded as a 3 bit binary,
number give the following permissions:
RWX Decimal Permission
000 0 no access
001 1 execute or cd to dir
010 2 write
011 3 write and execute or cd to dir
100 4 read
101 5 read and execute or cd to dir
110 6 read and write
111 7 read and write and execute or cd to dir
Each of these permissions apply to and may be set for owner,group, and public using the chmod
command. For example to set the permissions of the file foo so that the
owner can read and write, the group can read, but the public has no access,
enter the command:
chmod 640 foo
chmod also supports symbolic modes; the equivalent of the
preceding command would be:
chmod u=rwx foo
chmod g=rx foo
chmod o= foo
The access permissions are automatically set whenever a program is run which creates
a file (e.g. cat > foo, mkdir, vi foo, cc, make, etc. ). The resulting permissions
for owner, group, and public are determined according to the following equation
7 - umask-value
So umask provides an upper limit on file access permissions for the owner, group, and
public.
umask 022
would allow permissions as high as 755 for owner, group, and public respectively.
In addition to a umask of 077 for new accounts, we set the permissions of the
home directory to be 755 and the permissions of ~/Local to 755 and ~/Local/HTML-Documents to
755 so that users may set up web sites on their accounts without permissions changes.IMPORTANT NOTE:
When the new FC5 software was installed on
the CS lab machines in August 2006, a system default umask of 002 was configured rather
than the more secure umask of 077. This mistake will be fixed shortly, however,
users who are concerned about the public readability of their newly created files
may install their own more secure default umask by executing the following command:
echo "umask 077" >> ~/.bashrc
This command adds a line of
umask 077
to the ~/.bashrc file. The ~/.bashrc is executed before
a new shell is created (i.e. before any command is executed).2006.09.14
Things Engineering students need to know about their new (CS/ENGR) Linux accounts
Engineering students who had CS accounts before the Fall:
/users/engrold/your_user_nameand at
/users/engrold/linuxhome/your_user_name.where your_user_name is your TU username.
One more thing. Previously, engineering students running Windows saw an X: drive that was mapped to their UNIX home space on rex. That mapping may still be in place for some of you. Please do not use it, as we do NOT plan any further backup of the UNIX users file system. Sometime soon, we will add the (new) Linux home directory to your mapped drives as X: .
rm -rf ~/.openoffice.org2.0and try the application again, letting it recreate the directory. (Obviously this loses any customizations.) Experiment suggests that the older version of OpenOffice will be able to use the .openoffice.org2.0 directory created by the newer version, so it should be possible to use both versions (e.g., the old one on a not-yet-upgraded desktop machine and the new one on a lab machine).
2006.08.17
During the Summer 2006 break, new Linux and Windows XP images were
prepared and installed on the XenaXX machines in Halsell 340, JanusXX
machines in Halsell 228, AtlasXX machines in Halsell 329 and the various
machines in Halsell 200. The Linux images are based on Fedora Core 5. FC5
distributions are packaged differently than earlier Fedora Core systems we
have used. The Sysadmin Group has attempted to install updated versions
of all of the packages we have used in the past, but due to different package
setup we may have missed something you feel is important. If you identify
missing software, please let us know by sending mail to
CSAdmin@Mail.CS.Trinity.Edu.
Please remember our Lab Policy of re-booting a machine into Linux after
using Windows XP. The XenaXX machines in Halsell 340 and the various machines
in Halsell 200 are Linux only and should never be rebooted or powered down.
Most of these machines are in use remotely even while you are sitting at
the console, so you will probably be destroying someone else's session by
rebooting or powering down. The JanusXX machines in Halsell 228 and the
AtlasXX machines in Halsell 329 are dual boot. You must reboot these machines
to Linux after using Windows XP.
2005.01.26
If you receive error messages similar to the following
-bash: /users/userid/Local/powerpc/bash/shell/*.path: No such file or directory
-bash: /users/userid/Local/powerpc/bash/shell/*.env: No such file or directory
-bash: /users/userid/Local/powerpc/bash/shell/*.alias: No such file or directory
where userid is your login id when logging into CS Department OS X
machines, then your
Local/powerpc
filesystem is missing a bash subdirectory. You can fix this problem by downloading
the bash.tgz file system and saving
that file in your
Local/powerpcdirectory and executing the following commands
cd ~/Local/powerpc tar xzvf bash.tgz rm bash.tgz
Users may avoid this problem by not logging into the RedHat 7.3 or RedHat 9 machines after having converted their Gnome directories to Fedora Core 2. If you must login to RedHat 7.3 or RedHat 9 machines you can perform the following procedure before logging in (this procedure will reset your Gnome desktop to its default configuration).
1) login to a console text session at the machine (press ctrl-alt-F1 to get a text console; pressing ctrl-alt-F7 will return you to the X11 graphical login screen after performing the steps below and logging out).
2) You should be at the top-level of your home directory before performing this procedure. Enter the following command (BE CAREFUL to type this command correctly! To avoid errors, copy the command from your browser window and paste into your terminal window.):
rm -r .gno* .gcon* .nautilus* .metacity .gtkrc*3) logout and press ctrl-alt-F7 to return to the graphical X11 login screen.
To remove the possibility of typing errors in step 2) above, we have added the command:
gnome-cleanupwhich may be used in place of the command outlined in step 2).
Also available is an article on OpenSSH Keychain.
Or, if you are too impatient to wade through the details and theory, try this short how-to written by Dr. Nickels in the Engineering Science department. Notice that the directory $HOME/.ssh should not be world-readable!
Advantages of using the CS mail system include:
The Unix lab machines (Xena00-Xena21), with the possible exception of
the instructor's machine Xena00, are available, via the network,
24 hours per day, 7 days per week.
Most of the
software we add to the RedHat Linux or the Trinity University
licensed Microsoft software is available from
ftp://ftp.cs.trinity.edu/pub/FC2-Software-Additions/
and ftp://ftp.cs.trinity.edu/pub/winxp-software/ respectively. Students may use the consoles
of the XenaXX machines during normal Halsell building hours whenever
HAS 340 is not in use by a class.
1) login to a console text session at the machine (press ctrl-alt-F1 to get a text console; pressing
ctrl-alt-F7 will return you to the X11 graphical login screen after performing the steps below and
logging out).
2) You should be at the top-level of your home directory before
performing this procedure. Enter the following command (BE CAREFUL to type this command correctly!):
Other lab upgrades include a new 4 processor (2.4Ghz Xeon), 2Gb
memory, 265Gb disk (Raid 5) replacement machine for Sol. The new Sol
machine is currently being configured and tested concurrent with
operation of the old Sol. It is anticipated that the new Sol will become fully
operational early in the semester. Since Sol functions as our primary
server for NIS (passwords), NFS (home directories), HTTP (web - WWW.CS.Trinity.Edu),
FTP, SMB (windows file sharing), DNS (name resolution) and SMTP (mail),
it is important that extensive testing be completed before making the
machine fully operational. Users will be notified when the switch-over
occurs and if all goes well, the only anticipated inconvenience will be
a short period of down time while user's home directories and mail files are copied
to the new machine. One feature, in addition to significantly
improved performance, of the new Sol will include
improved spam filtering of incoming mail.
The machines in the
Workstation Laboratory (HAS 228) are dual-boot (Linux and Windows 2000) machines.
The computers in the
UNIX Laboratory
(HAS 340) are now Linux only machines. There are a few rules which
must be followed when using these machines. First, after using Windows 2000,
reboot the machine to Linux. There are users who wish to use these machines remotely
or who need to use the machines as a parallel processing cluster. Second, never
reboot a machine by pressing the reset button. Always use the reboot option which is
available from the pop-up menu on either the Linux login screen or the Windows 2000
login screen. Third, never turn off these lab machines or their monitors (both
Linux and Windows 2000 will put the monitor in power-save mode after a short time).
To improve system security, remote login access to these Unix machines is restriced
to secure shell (ssh). To access Computer Science Department Unix/Linux machines from
Windows, you must install a ssh client program such as
putty.
putty.exe is a single program which may be saved anywhere on your
Windows filesystem. When you run putty, be sure to select the
ssh option. Additional
instructions for secure shell access have been written by Dr. Massingill.
Another way to provide secure shell capability for a Windows computer is
to install cygwin.
The cygwin system provides much more than secure shell client capability and requires
more than 200MB of disk space. cygwin features include
all of the GNU program development tools for developing
both Win32 and Unix applications under Windows. An XWindows capablility is now
available for cygwin and the Computer Science Department cygwin
package includes
the X11 software.
There is also a new URL
http://www.cs.trinity.edu/nslookup.cgi which may be used to
lookup ip-numbers or ip-names in the DNS database.
Finally, there is a new URL
http://www.cs.trinity.edu/whois.cgi which may be used to lookup
DNS domain names in the whois database.
Users should note that a very conservative restoration procedure was
used to recover each user's home directory from several recent backup
images. The end result of this procedure is that the most recent
version of each user's file has been restored, however some files
which users recently deleted have also been restored. Each user
is encouraged to look at their files and delete all files which are
no longer needed.
The machines in the
Workstation Laboratory (HAS 228) and the
UNIX Laboratory
(HAS 340) are dual-boot (Linux and Windows 2000) machines. There are a few rules which
must be followed when using these machines. First, after using Windows 2000,
reboot the machine to Linux. There are users who wish to use these machines remotely
or who need to use the machines as a parallel processing cluster. Second, never
reboot a machine by pressing the reset button. Always use the reboot option which is
available from the pop-up menu on either the Linux login screen or the Windows 2000
login screen. Third, never turn off these lab machines or their monitors (both
Linux and Windows 2000 will put the monitor in power-save mode after a short time).
To improve system security, remote login access to these Unix machines is restriced
to secure shell (ssh). To access Computer Science Department Unix/Linux machines from
Windows, you must install a ssh client program such as
putty.
putty.exe is a single program which may be saved anywhere on your
Windows filesystem. When you run putty, be sure to select the
ssh option. Additional
instructions for secure shell access have been written by Dr. Massingill.
Another way to provide secure shell capability for a Windows computer is
to install cygwin.
The cygwin system provides much more than secure shell client capability and requires
more than 200MB of disk space. cygwin features include
all of the GNU program development tools for developing
both Win32 and Unix applications under Windows. An XWindows capablility is now
available for cygwin and the Computer Science Department cygwin
package includes
the X11 software.
2004.09.08
It was recently discovered that new accounts (those which were
added after the end of the Spring 2004 Semester) do not have .
in their path (symptom: not being able to
execute programs in the working directory unless
proceeded by ./ ).
If your account has this problem, you should
edit the file .bash_profile in the top level of your home
directory so that the line
PATH=$PATH:$HOME/bin
is changed to
PATH=$PATH:$HOME/bin:.
The next time you log in, . will be at the end of the path.
To add . to the path for the current session (the one where
the .bash_profile is edited) simply source the .bash_profile file,
i.e.,
. .bash_profile
2004.09.02
The Computer Science Department runs a sendmail based mail server,
Mail.CS.Trinity.Edu (aka WWW.CS.Trinity.Edu or FTP.CS.Trinity.Edu or Sol.CS.Trinity.Edu).
This server supports POP3 and IMAP access with and without SSL service.
If you choose to have Mail.CS.Trinity.Edu provide your mail, then your e-mail
address will be userid@cs.trinity.edu rather than userid@trinity.edu .
If you decide to use Mail.CS.Trinity.Edu, then you should contact ITS and
have them setup a mail forwarding entry so that mail addressed to
userid@trinity.edu will be forwarded to userid@cs.trinity.edu so that
all of your mail may be read from a single mail setup.2004.08.27
Recently, it was discovered that CS Unix accounts which were
added to our system after December 2003 did not have a proper
execution path for all available programs. You can test whether
or not your account has this problem by trying the command
java
If the java interpreter cannot be found then you need to add
a missing line to your .bash_profile file. The line to
add is:
source ~defaults/system/SYSTEM.bashrc
This line should be added after the line
# User specific environment and startup programs
2004.08.18
During the summer of 2004, new Linux images (based on Fedora Core 2)
and Windows XP images were created and installed on most lab machines
in HAS 329, HAS 340 and HAS 200.2003.09.18
The upgrade to RedHat 9 on all Computer Science Linux workstations was
not completed during the summer as planned. As a result,
because of incompatibilities between Gnome versions in
RedHat 7.3 and RedHat 9, there can be difficulties logging
into a RedHat 9 system after logging into a RedHat 7.3
system and visa-versa. The systems in HAS 340 and HAS 228
(Janus and Xena machines) have all been converted to
RedHat 9. The Atlas machines in HAS 329 and
Dwarf, Hardy, Juliet, Charon, Bianca in HAS 200 have not
yet been upgraded. You can check the upgrade status by
searching for one of the above machines in the
Sysadmin Database.
If the search results in records containing wwww, then that machine is not yet converted.
Users may avoid this problem by not logging into the RedHat 7.3 machines
after having converted their Gnome directories to RedHat 9. If you must
login to RedHat 7.3 machines you can perform the following procedure
before logging in (this procedure will reset your Gnome desktop to its
default configuration).
rm -r .gno* .gcon* .nautilus .metacity
3) logout and press ctrl-alt-F7 to return to the graphical X11 login screen.2003.09.17
If you notice a problem with lab machines, printers
or software on any of the machines in HAS 200, 228, 329 or 340,
please send an email message detailing the problem to
csadmin@mail.cs.trinity.edu.
Your help in reporting problems is greatly appreciated. Sometimes problems
go unreported for a surprising length of time. We can't fix it
if we don't know it is broken.2003.08.20
During the summer, new Linux images (based on RedHat 9.0)
and Windows XP images were created and installed on most
lab machines in HAS 329, HAS 340, and HAS 200. In addition,
the lab computers in HAS 340 (Unix Lab) were upgraded to
2.4Ghz Pentium IV processors, 512Mb memory and 40Gb disk drives.
The Unix lab machines (Xena00-Xena21), with the possible exception of
the instructor's machine Xena00, are available, via the network,
24 hours per day, 7 days per week.
Most of the
software we add to the RedHat Linux or the Trinity University
licensed Microsoft software is available from
ftp://ftp.cs.trinity.edu/pub/RedHat9-Software-Additions/
and ftp://ftp.cs.trinity.edu/pub/winxp-software/ respectively. Students may use the consoles
of the XenaXX machines during normal Halsell building hours whenever
HAS 340 is not in use by a class.2002.09.09
After the upgrade of Sol.CS.Trinity.Edu from RedHat 7.1 to 7.3 we
have begun to notice a degradation of NFS file system (user home
directories) performance on client workstations. This problem
has been recently (2002.10.21) traced to os kernel context switching problems
which are related to the journaling EXT3 file system used on Sol.
On 2002.10.25 (Fall Break) Sol will be down for a few minutes
on Friday morning (2002.10.25) to install a newer kernel. If
this does not improve performance, then Sol will be down for a few hours,
at a date to be announced later, to allow
conversion of its file system back to EXT2. If file system performance
improves, then an EXT2 filesystem will be used until this kernel
performance issue can be resolved. This is the first re-boot of Sol
this year and the Sysadmin staff apologizes for any inconvenience
resulting from this change.
2002.08.30
During the summer, new versions of RedHat 7.3 Linux and Windows 2000
were installed on Computer Science Department lab machines. Most of the
software we add to the RedHat Linux or the Trinity University
licensed Microsoft software is available from
ftp://ftp.cs.trinity.edu/pub/Other-RedHat-RPMS/
and ftp://ftp.cs.trinity.edu/pub/w2k-software/ respectively.2002.03.07
The Computer Science Department NIS/NFS/FTP/WEB/MAIL server can
also be used as a Windows File Server (via Samba). You access
this server by finding the Cs domain and double clicking on
the Sol machine. If your windows machine is infected with the Nimda
virus, your Unix home directory can also be infected with this
virus. When this happens, you should follow
Dr. Semmes instructions(PDF)
for removing the Nimda virus from your Unix home directory.
2002.01.27
The Password cracking robot found 4 passwords which were crackable this weekend.
These passwords have been changed and the users have been notified.
Lab users, particularly new users, are encouraged to choose good passwords.
You should read the
instructions for choosing a password.2002.01.15
The University controls access to the Trinity.Edu network (131.194.) by
various firewall machines. The Computer Science Department provides
access to Trinity.Edu through its firewall machine Bianca.CS.Trinity.Edu .
Computer Science will configure access to Trinity.Edu through Bianca
for CS Faculty, Staff and CS Majors from other networks if the user
can provide a single ip-number from which the access will be made.
Most ISP's use DHCP to assign ip-numbers to customers. Since customers
use a variety of different machines and operating systems and often these
systems are hidden behind the customer's own router or firewall, it is
often difficult for a user to easily determine the ip-number which is
provided by the ISP. To simplify this problem the CS Department provides
a URL http://www.cs.trinity.edu/ip-no.cgi which, when
accessed, will determine a user's remote ip-number. Use this facility
when requesting access
to the Trinity.Edu network through Bianca.CS.Trinity.Edu .2002.01.14
EXT3 journaling filesystems were installed today on the JanusXX, XenaXX, DwarfX, SnowWhite
and AtlasX Linux machines. We expect to see improved reliability as
a result of this change. Please report any problems to
Dr. Howland.2002.01.03
Two new SCSI Drives were added to the Raid 5 array on Sol.CS.Trinity.Edu
increasing the disk space on Sol to more than 84G bytes. The swap file
size was also increased to 2G bytes. These changes should improve
Sol's ability to handle special user's space needs. This work was performed
by John Howland with assistance from Aaron Konstam. The procedure
required complete re-formatting of the disk array after installing
the new drives. The system was then restored from backup images
mantained on another machine.2001.12.11
A journaling EXT3 filesystem was installed on Sol.CS.Trinity.Edu by
John Howland with assistance from Aaron Konstam and Neal Pape. This
change will improve system restart speed in the rare event (hasn't
happened in more than a year) when a hard restart is required. System
reliability should also be improved.2001.11.26
Congratulations to users of the CS Unix machines!. Our passwd cracking
robot found no crackable passwords this week.2001.11.24
A web system for viewing man pages for software installed on our
lab machines is now available at
http://www.cs.trinity.edu/cgi-bin/man/man2html 2001.11.10
On the weekend of November 10, 2001, the Computer Science Department sysadmin
staff began regular operation of systems which detect weak passwords. You
may receive a message which indicates that your passwd is crackable. The
standard procedure will be to automatically change your password to one which
is more secure. You may
change this password using
the yppasswd
command.2001.08.29
During the summer, new versions of RedHat 7.1 Linux and Windows 2000
were installed on Computer Science Department lab machines. Most of the
software we add to the RedHat Linux or the Trinity University
licensed Microsoft software is available from
ftp://ftp.cs.trinity.edu/pub/Other-RedHat-RPMS/
and ftp://ftp.cs.trinity.edu/pub/w2k-software/ respectively.
 |
Site Index
|
CS WebMail CS ListServer |