Re: [9fans] really basic (stupid) questions, re: beginning sys admin.

[erik quanstrom <quanstro@coraid.com>]

> My system is installed from cdrom, release 4, march 23rd, fossil+venti.
> 
> Q1) how to "logout" of the fossil+venti console? 

Ctrl-\.  read con(1) for more information.  you haven't actually logged out,
just cut your connection.

> In my experience, open 
> console access to servers is bad (insecure).  Even though it is stated 
> numerous places that there is no "root" account.  Apparently physical 
> access to the console IS "root"?

the fileserver (either fossil+venti or ken's fs) are ment to be run in
the computer room.  perhaps this is less true than it once was, and although 
it is true that a physically insecure machine is insecure, it's not quite as insecure
as giving a prompt out to anyone.

linux root logins via their logging helped me track down an inside job once
upon a time.  the perp wouldn't have been able to reload the machine or
take it apart as it was in my office.

> 
> Q2) It is stated that you can't run both an authentication server and a 
> file server on the same node so how do I get the 'factotum' stuff going 
> on a standalone file-server/terminal/cpu-server (the cdrom installed 
> system)?

you can't run ken's fileserver (/sys/src/fs) and an auth server on the same
machine becaus ken's fileserver is specialized to serving files --- it can't
run programs.  you can, hoever run an auth server (that's just a matter
of starting auth/keyfs auth/cron editing /rc/bin/service.auth and optionally
starting auth/secstored) on a cpu server.  since fossil and venti also run
on a cpu server, this is possible, although probablly not the most secure
arrangement.

> 
> Q3) I have made a new user, how would I set this new user's (and 
> glenda's) password?  Again on the standalone cdrom installed system.

auth/changeuser.  you must start auth/keyfs first.

> 
> Q4) on Un*x, after entering a man page command I can search for a 
> specific word with /word in a terminal emulator window. How do I perform 
> the same thing in a rio/rc window (please don't answer "use acme")?

the anser is use acme. ;-)  but if you don't like that answer, there is a version
of 9term on sources /n/sources/contrib/quanstro/9term.look.tar.bz2 that will
search for a string in either direction via the b2 menu.  it should be easy
to port my modifications to rio.

> Q5) rebooting seems to be the main method to re-configure the system or 
> ones access rights.  In Un*x logging in/out and using su and 
> kill/restart allowed one to choose the role and modify the system 
> configuration without rebooting (I have a system running with uptime 
> over 3 years). Is rebooting the method for performing these tasks?  This 
> seems rather draconian (imo).

you've been unixed!  plan9 terminals are supposed to be diskless and stateless.
you should be able to pull the plug on your terminal with no worries.  so it
makes sense to either powercycle or reboot a terminal to logout or change
users.  (why is uptime a useful metric on all machines?)  cpu servers and/or
fileservers don't need to change users.  you can leave them running for as
long as necessiary.  my worm fileserver has never been rebooted except to
change kernels.

to run plan9 effectively, you probablly want a minimum of two computers.
1. terminal.  get something cheep.  no harddrive required if you can pxe boot.
i boot my terminal from CF because i have an emergency fossil there.
2. cpu server running auth and venti+fossil.  you don't need much horsepower
for this machine either, but a fair amount of memory is definately beneficial.
if you're running the old fileserver, you need at least one more machine.

- erik