The Unix-Haters handbook page 270

234 System Administration for each kind of tape drive interface available, yielding names like /dev/mt, /dev/xt, and /dev/st. Change the interface and your sysadmin earns a few more dollars changing all his dump scripts. Dump scripts? Yes, every Unix site uses custom scripts to do their dumps, because vendors frequently use different tape drive names, and no one can remember the proper options to make the dump program work. So much for portability. To those names, Unix appends a unit number, like /dev/st0 or /dev/st1. However, don’t let these numbers fool you /dev/st8 is actually /dev/st0, and /dev/st9 is /dev/st1. The recording density is selected by adding a certain offset to the unit number. Same drive, different name. But wait, there’s more! Prefix the name with an “n” and it tells the driver not to rewind the tape when it is closed. Prefix the name with an “r” and it tells the driver it is a raw device instead of a block mode device. So, the names /dev/st0, /dev/rst0, /dev/nrst0, /dev/nrst8, and /dev/st16 all refer to the same device. Mind boggling, huh? Because Unix doesn’t provide exclusive access to devices, programs play “dueling resources,” a game where no one ever comes out alive. As a sim- ple example, suppose your system has two tape drives, called /dev/rst0 and /dev/rst1. You or your sysadmin may have just spent an hour or two creat- ing a tar or dump tape of some very important files on drive 0. Mr. J. Q. Random down the hall has a tape in drive 1. He mistypes a 0 instead of a 1 and does a short dump onto drive 0, destroying your dump! Why does this happen? Because Unix doesn’t allow a user to gain exclusive access to a tape drive. A program opens and closes the tape device many times during a dump. Each time the file is closed, any other user on the system can use the tape drive. Unix “security” controls are completely bypassed in this manner. A tape online with private files can be read by anybody on the sys- tem until taken off the drive. The only way around this is to deny every- body other than the system operator access to the tape drive. Configuration Files Sysadmins manage a large assortment of configuration files. Those allergic to Microsoft Windows with its four system configuration files shouldn’t get near Unix, lest they risk anaphylactic shock. Unix boasts dozens of files, each requiring an exact combination of letters and hieroglyphics for proper system configuration and operation. Each Unix configuration file controls a different process or resource, and each has its own unique syntax. Field separators are sometimes colons, sometimes spaces, sometimes (undocumented) tabs, and, if you are very

Configuration Files 235 lucky, whitespace. If you choose the wrong separator, the program reading the configuration file will usually silently die, trash its own data files, or ignore the rest of the file. Rarely will it gracefully exit and report the exact problem. A different syntax for each file ensures sysadmin job security. A highly paid Unix sysadmin could spend hours searching for the difference between some spaces and a tab in one of the following common configura- tion files. Beware of the sysadmin claiming to be improving security when editing these files he is referring to his job, not your system: Multiple Machines Means Much Madness Many organizations have networks that are too large to be served by one server. Twenty machines are about tops for most servers. System adminis- trators now have the nightmare of keeping all the servers in sync with each other, both with respect to new releases and with respect to configuration files. Shells scripts are written to automate this process, but when they err, havoc results that is hard to track down, as the following sysadmins testify: From: Ian Horswill ian@ai.mit.edu Date: Mon, 21 Sep 92 12:03:09 EDT To: SYSTEM-HACKERS@ai.mit.edu Subject: Muesli printcap Somehow Muesli’s printcap entry got overwritten last night with someone else’s printcap. That meant that Muesli’s line printer dae- mon, which is supposed to service Thistle, was told that it should spawn a child to connect to itself every time someone tried to spool to Thistle or did an lpq on it. Needless to say Muesli, lpd, and Thistle were rather unhappy. It’s fixed now (I think), but we should make sure that there isn't some automatic daemon overwriting the thing every night. I can’t keep track of who has what copy of which, which they inflict on who when, why, or how. /etc/rc /etc/services /etc/motd /etc/rc.boot /etc/printcap /etc/passwd /etc/rc.local /etc/networks /etc/protocols /etc/inetd.conf /etc/aliases /etc/resolv.conf /etc/domainname /etc/bootparams /etc/sendmail.cf /etc/hosts /etc/format.dat /etc/shells /etc/fstab /etc/group /etc/syslog.conf /etc/exports /etc/hosts.equiv /etc/termcap /etc/uucp/Systems /etc/uucp/Devices /etc/uucp/Dialcodes

Previous Page Next Page

The Unix-Haters handbook Page 270 (270 of 360)

The Unix-Haters handbook resources

Help