298 NFS Date: Fri, 5 Jan 90 14:44 CST From: Chris Garrigues 7thSon@slcs.slb.com Subject: Multiple architecture woes To: UNIX-HATERS I’ve been bringing up the X.500 stuff from NYSERnet (which is actually a fairly nicely put-together system, by Unix standards). There is a lot of code that you need for a server. I compiled all this code, and after some struggle, finally got it working. Most of the struggle was in trying to compile a system that resided across file systems and that assumed that you would do the compilation as root. It seems that someone realized that you could never assume that root on another system was trustworthy, so root has fewer privileges than I do when logged in as myself in this context. Once I got the server running, I came to a piece of documentation which says that to run just the user end, I need to copy certain files onto the client hosts. Well, since we use NFS, those files were already in the appropriate places, so I won on all the machines with the same architecture (SUN3, in this case). However, many of our machines are SUN4s. There were no instruc- tions on how to compile only the client side, so I sent mail to the original author asking about this. He said there was no easy way to do this, and I would have to start with ./make distribution and rebuild everything. Since this is a large system, it took a few hours to do this, but I suc- ceeded, and after finding out which data files I was going to have to copy over as well (not documented, of course), I got it working. Meanwhile, I had been building databases for the system. If you try and load a database with duplicate entries into your running system, it crashes, but they provide a program that will scan a datafile to see if it’s OK. There's a makefile entry for compiling this entry, but not for installing it, so it remains in the source hierarchy. Last night, I brought my X.500 server down by loading a broken database into it. I cleaned up the database by hand and then decided to be rational and run it through their program. I couldn't find the program (which had a horrid path down in the source hierarchy). Naturally enough, it had been deleted by the ./make distribution (Isn't that what you would call the command for deleting everything?). I
Not File System Specific? (Not Quite) 299 thought, “Fine, I’ll recompile it.” This didn’t work either because it was depending on intermediate files that had been recompiled for the other architecture. So… What losing Unix features caused me grief here. 1) Rather than having a rational scheme of priv bits on users, there is a single priv’d user who can do anything. 2) Unix was designed in a networkless world, and most systems that run on it assume at some level or other that you are only using one host. 3) NFS assumes that the client has done user validation in all cases except for root access, where it assumes that the user is evil and can’t be trusted no matter what. 4) Unix has this strange idea of building your system in one place, and then moving the things you need to another. Normally this just means that you can never find the source to a given binary, but it gets even hairier in a heterogeneous environment because you can keep the intermediate files for only one version at a time. I got mail last night from the author of this system telling me to relax because this is supposed to be fun. I wonder if Usenix attendees sit in their hotel rooms and stab themselves in the leg with X-Acto knives for fun. Maybe at Usenix, they all get together in the hotel’s grand ballroom and stab themselves in the leg as a group.