MCVL System Information

Overview

Topics

• Accounts
• Filesystems
• Backups
• Security
• Network
• Licensing
• Misc

Accounts

Creating new Accounts

Admittedly this is not the best way to do this but it works for us. So this is how you it.

1. Run /usr/sysadm/bin/sysmgr on meru-a and under Security and Access Control add a new local user.
2. Close down the System Manager, cut the users entry from the /etc/passwd file and paste it at the end of /etc/passwd.general
3. Run /var/yp/ypmake to updated the NIS maps.
4. Have user log in on one of the machines to test it out.

When it is time to remove a user their home directory should be tarred up and gzipped then placed in /usr/mvl2

Groups

There are several groups created specificlly for use here. The groups are defined in /etc/group on meru-a and exported to the rest of the machines via NIS.

iss

Used for most software development. Members of this group have permissions in /usr/mvl1/IISS_Demo and /usr/mvl1/mvl-SW directories.

web

Used for the MCVL webpages. Members of this group have permissions in the /usr/apps/www directory were the webpages and cgi scripts are located.

cvs

Used for the MCVL CVS repository. Membes of this group have permissionto check code into the repository. Anyone working on projects under CVS control must be a member of this group.

Special Accounts

Accounts created for a specfic purpose.

Demos

Demostration account. This account is to be used for preparing and doing Demos. The SGI buttonfly application is customized under this account to do MCVL Demos. Don't confuse this account with demos, the default demo account for all SGI machines.

/usr/mvl1

Exported from meru-a and mounted by ALL machines in the lab. This directory holds all the user accounts, and the software repositories

/usr/mvl2

Export from voyager-a and mounted by ALL machines in the lab. This is the RAID array located in room 301. It holds most of the data the lab uses and all the old home directories of previous users (tar'd and gzip'd).

Of significant importance is /usr/mvl2/irix this is where downloaded system software from SGI is stored to be distributed to all the machines.

/usr/mvl3

Exported from explorer-a and mounted by ALL machines in the lab. This drive is another data directory holding most of hurricane data and datasets for IISS

/usr/apps

Exported from meru-a and mounted by ALL machines in the lab. This directory holds all non-SGI distributed software and the webpages.

/usr/freeware

Exported from meru-a and mounted by ALL machines in the lab. This directory holds SGI distributed freeware.

/usr/mail

Exported from meru-a and mounted by ALL machines in the lab. This directory holds all the mail spool files.

Backups

Security

ssh

There is a local copy on each machine (/usr/local/bin/ssh) please encourage everyone to use ssh over telnet and rsh. Telnet and rsh are extremely in insecure, sending passwords in plaintext over the network. I (jeremy) actually would advise disabling the telnetd and rshd daemons.

portmap

Programs that make RPC calls (NFS, NIS, etc) have to be registered with the portmap. The portmap on the MCVL systems are restricted to only allow RPC calls originating from the 128.206.168.0 domain (cecs.missouri.edu) and 209.106.227.0 domain (rnet.missouri.edu). Only machines in these domains are allowed to make RPC's to MCVL machines. The portmapper is configured in the file /etc/config/portmap.options

netgroups

MCVL makes use of netgroups to restrict access to some of the machines and to provide a global name-space for all of our machines. The netgroups are defined in /etc/netgroup. The group mcv-retricted-machines is the set of machines in MCVL that have restriced access, and mcvl-restricted-machine-users are the set of users that are able to use the restricted machines.

This restriction is implemented by having the last line of the /etc/passwd file on the restricted machines read +@mcvl-restricted-machine-users::0:0::: instead of just + on non-restricted machines.

Other

A good security audit of the MCVL environment should be done. Go through all the process, eliminate unneeded deamons, remove unused and insecure software, etc.

Network

MCVL is actually part of 2 networks. The campus research network and the Campus ATM network. For this reason a "slight" delay is noticable when passing data between machines on the Research Network and the ATM network.

Research Network

Netmask: 255.255.255.0
Gateway: 209.106.227.254

ATM Network

Netmask: 255.255.248.0
Gateway: 128.206.175.254

DNS nameservers

We use the following nameservers at MCVL:
128.206.168.90
128.206.2.252
128.206.168.5

Licensing

SGI Licensing

At some point in the process you will be prompted to log into SurfZone. The user name and password for Surfzone are in the MU Log file.

1. Go to http://www.sgi.com/Support/Licensing
2. Choose Special Programs - Varsity from the left frame.
3. On the right frame pick Varsity Program under the heading Special Program Member Requests Web.
4. Choose New or Upgrade as appropriate. and clikc Get a License.
5. Confirm the registration information by pressing Correct.
6. Select all the licenses you want from the scroll boxes.
7. Fill out all the boxes, following the directions.
8. Hit Submit
9. For License entitlement verification enter our varsity number (also located in the MU log File)
10. For system serial number, use the SGI serial number on the machine. DO NOT USE THE MU SERIAL NUMBER THAT WILL NOT WORK.
11. Hit Submit
12. If it asks for another confirmation, check the information and make sure it is correct, then submit.

The licenses should show up in under 24 hours, via email to sysadmin@meru.cecs.missouri.edu. Follow the directions in that email to install the licenses.

Misc