From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <5191e5bf8d02858c9c791a16a8beed26@coraid.com> From: erik quanstrom Date: Sun, 22 Oct 2006 11:07:55 -0400 To: 9fans@cse.psu.edu Subject: Re: [9fans] really basic (stupid) questions, re: beginning sys admin. In-Reply-To: <453A6208.7090108@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: d0b6125a-ead1-11e9-9d60-3106f5b1d025 > My system is installed from cdrom, release 4, march 23rd, fossil+venti. > > Q1) how to "logout" of the fossil+venti console? Ctrl-\. read con(1) for more information. you haven't actually logged out, just cut your connection. > In my experience, open > console access to servers is bad (insecure). Even though it is stated > numerous places that there is no "root" account. Apparently physical > access to the console IS "root"? the fileserver (either fossil+venti or ken's fs) are ment to be run in the computer room. perhaps this is less true than it once was, and although it is true that a physically insecure machine is insecure, it's not quite as insecure as giving a prompt out to anyone. linux root logins via their logging helped me track down an inside job once upon a time. the perp wouldn't have been able to reload the machine or take it apart as it was in my office. > > Q2) It is stated that you can't run both an authentication server and a > file server on the same node so how do I get the 'factotum' stuff going > on a standalone file-server/terminal/cpu-server (the cdrom installed > system)? you can't run ken's fileserver (/sys/src/fs) and an auth server on the same machine becaus ken's fileserver is specialized to serving files --- it can't run programs. you can, hoever run an auth server (that's just a matter of starting auth/keyfs auth/cron editing /rc/bin/service.auth and optionally starting auth/secstored) on a cpu server. since fossil and venti also run on a cpu server, this is possible, although probablly not the most secure arrangement. > > Q3) I have made a new user, how would I set this new user's (and > glenda's) password? Again on the standalone cdrom installed system. auth/changeuser. you must start auth/keyfs first. > > Q4) on Un*x, after entering a man page command I can search for a > specific word with /word in a terminal emulator window. How do I perform > the same thing in a rio/rc window (please don't answer "use acme")? the anser is use acme. ;-) but if you don't like that answer, there is a version of 9term on sources /n/sources/contrib/quanstro/9term.look.tar.bz2 that will search for a string in either direction via the b2 menu. it should be easy to port my modifications to rio. > Q5) rebooting seems to be the main method to re-configure the system or > ones access rights. In Un*x logging in/out and using su and > kill/restart allowed one to choose the role and modify the system > configuration without rebooting (I have a system running with uptime > over 3 years). Is rebooting the method for performing these tasks? This > seems rather draconian (imo). you've been unixed! plan9 terminals are supposed to be diskless and stateless. you should be able to pull the plug on your terminal with no worries. so it makes sense to either powercycle or reboot a terminal to logout or change users. (why is uptime a useful metric on all machines?) cpu servers and/or fileservers don't need to change users. you can leave them running for as long as necessiary. my worm fileserver has never been rebooted except to change kernels. to run plan9 effectively, you probablly want a minimum of two computers. 1. terminal. get something cheep. no harddrive required if you can pxe boot. i boot my terminal from CF because i have an emergency fossil there. 2. cpu server running auth and venti+fossil. you don't need much horsepower for this machine either, but a fair amount of memory is definately beneficial. if you're running the old fileserver, you need at least one more machine. - erik