Cover V01, I04
Figure 1
Figure 2
Figure 3
Figure 4


Questions and Answers

Bjorn Satdeva

The World Sysadmin Conference

The First World Conference on System Administration and Security, organized by FedUNIX, was held in Washington DC, July 20-23. This was FedUNIX's first attempt at a major system administration conference, I was pleasantly surprised by its quality, which was quite good, even if perhaps not up to what would be expected from a LISA conference. However, since the USENIX LISA conference has been in place for a number of years, this is to be expected, and will probably change as the World System Administration conference matures. Currently, a second conference in planned in April of 1993, possibly sponsored in cooperation with SAGE, the System Administrators Guild (see the September/October issue of Sys Admin for information on SAGE).

A disconcerting note emerged in the round-table discussion that followed the keynote address by Jon Gossels, Area Manager for DCE and DME, Open Software Foundation (OSF). The address had focused essentially on OSF's work on DCE and DME; when asked whether any experienced, real-life system administrators had participated in the design and development of the DME, Mr. Gossels indicated that system administrators had been included in the membership of an advisory panel but did not confirm that system administrators had actually been involved in the design and development.

If this is the case, I find it a scary thought! If the DME really has been designed and implemented without involvement from the people who today are solving the problems that this software will supposedly be solving tomorrow, how well could that software be expected to perform?

On a more positive note, Frank Moss, president of Tivoli and a panelist, stated that Tivoli has hired Rob Kolstad (of USENIX and LISA fame), as a consultant for their project.

The Security Symposium

Another recent conference was the Security Symposium, a joint conference between USENIX and CERT. Several very good papers was presented, my personal favorite being Michelle and David Koblas's paper on SOCKS, a proxy ftp and telnet service. SOCKS is now available by ftp from ( as /pub/socks.tar.Z. There will be another Security Symposium in 1993, currently scheduled for sometime in August, in San Jose, California. Contact Edward DeHart, who can be reached at (412) 268-6179 or by e-mail at, for further information.

Upcoming LISA Conference

The next conference with a UNIX system administration target is LISA VI, the USENIX Large Installation System Administration Conference in Long Beach, October 19th through 23rd. While this conference was originally targeted exclusively towards large sites, it now includes topics of interest to all UNIX system administrators. For further information, contact the USENIX conference office, phone (714) 588-8649, or send e-mail to Judith DesHarnais at

New LISA User Group in the Boston Area

System administrators in the Boston area have created Back Bay LISA, a local user group for UNIX system administrators inspired by Bay-LISA, in the San Francisco Bay Area. The group plans regular, monthly meetings, to consist of a speaker, product demonstrations, general discussions, or other activities of general interest. There are currently no dues, and all system administrators are invited. The group meets on the last Wednesday of every month, except December, at a location in the Greater Boston area. There is a mailing list,, which will carry announcements and discussions. To join the mailing list, send email to Contact Jim Oldroyd at (617) 890-4930 or email for further information.


 Q My question relates to anonymous ftp. I understand that lots of programs are available by anonymous ftp. How do you get anonymous ftp if you are not in the Internet?

Obviously, I have access to uucp mail -- will that help? If I have a modem, can I use anonymous ftp to get some of those programs? If that is the case, what would the command line look like (for ftp, that is)?

 A FTP is an abbreviation of File Transfer Protocol. Originally developed for use on local TCP/IP networks, it is today mainly used on the Internet to transfer files from various archive sites. In this context, it is often referred to as anonymous ftp. If you are not on the Internet, you are out of luck. However, it is now much easier to get Internet access, through service providers such as Netcom here in California, which makes user accounts available on machines with Internet connection for a very reasonable monthly fee. Also, uucp sites who subscribe to UUNET (and probably most other similar service providers) can ask to get the package made accessible by uucp.

The only other alternative is to use an ftp mail server, if you can find one. The problem is that such servers tend to be very unpopular with their uucp neighbors, as they can generate very large amounts of e-mail in response to incoming requests. The ones I was aware of are no longer in service, possibly for this reason. If any of our readers know of an ftp mail server currently in operation, please send me the information and I will print it in a future issue of Sys Admin. I suggest anybody using an ftp mail server to use it in moderation. Attempting to download X11 release 5 in this manner will certainly make you prime contender for winning this year's unpopularity contest at the uucp sites located between you and the server site.

Using ftp

Depending on the specific setup at your site, you may need to login to your Internet gateway or use a special command to get beyond your gateway. In the discussion that follows, I assume that you are on an Internet gateway machine or are otherwise able to issue the ftp command directly.

1. To connect to the remote system, issue the ftp command, with the name (or IP address) of the remote system.

2. At the login prompt, login as ftp, and at the password prompt give your e-mail address. In the old days, the password was also ftp, but today, when the Internet must be considered a rough neighborhood to live in, most archive sites ask for your user name or e-mail address. Even when this is not required, it is considered good behavior to provide it.

3. When you get the prompt, you can issue commands to the ftp program. You will recognize some of the commands, as they are traditional UNIX commands, such as ls and cd, while others are specific to ftp, such as get and binary. See Figure 1 for a list of common ftp commands.

By default, the ftp program is set up to transfer text files only. Since the files have probably been compressed in the archive, you will need to instruct the transfer program to do the extra work necessary to safely transfer binary files.

You can accomplish this with the command binary or image. Some ftp programs will accept with just the command i.

Each file you need to transfer can then be downloaded with the get command (or mget, if many files are to be downloaded).

Most archive sites have a file named ls-lR.Z, which is a compressed version of the output of the ls -lR command. You can download this file to see what the archive has to offer.

4. To end the session, enter the command bye, which will log you out from the remote site.

Figure 2 shows a typical ftp session.

One last word on ftp: some older systems use the word anonymous as login and password. If ftp does not work, try anonymous instead.

Using Archie

 Q I frequently see references on USENET to a program called Archie. Can you provide some information?

 A Archie is an information server that can list the content of many of the archive sites accessible through the Internet. It can be very useful when you are trying to find a certain package but don't know where it is stored.

To use Archie, you do a telnet to the site where Archie is available (see Figure 3). For help information, type the word "help." Figure 4 shows an example session I did for this column, looking for Matt Bishop's Passwd+ package.

If you are not on the Internet, you can still use Archie through e-mail. Send e-mail to Archie at any of the addresses listed in Figure 3, with the single line content of "help" for other information.

Interviewing a System Administration Candidate

A recent question asked what to look for in hiring a new system administrator. When I interview a candidate, the first thing I look for is a good attitude. I think we all know at least one person who has the technical skills to be a good system administrator, but who has a personality problem that makes it difficult for him/her to work with peers, users, or management. I am not interested in having such a person on my team, whether I have actually been called in to run the site for a time or have just been asked to help find the right person for a client site's staff. A good attitude, in this context, means easy to work with.

Given a candidate with a good attitude, I assess skill levels, looking for three different qualities:

1. An understanding of what is required of a system administrator -- specifically, which issues are important (e.g., backups and uptimes) and how to interact with users. A candidate who sees system administration as simply a matter of doing whatever the users ask will not make it beyond this step.

2. A willingness to acknowledge limitations -- specifically, I try to gauge how difficult it is for the candidate to say "I don't know," and I will continue to probe with increasingly difficult questions until I get that answer. What want here is a person who will readily acknowledge when he/she does not know the answer, and some indication of how that person would find a solution to the question.

People who have difficulty in admitting that they don't have an answer or who try to hide mistakes they have made are too dangerous to be let loose on my network of machines. Since the fail-safe system administrator has not yet been invented, I at least want one who can admit that a mistake has been committed and who can clean up the mess afterwards.

Also, in my experience a person who can readily say "I don't know" or admit a mistake is, typically, sufficiently secure in his/her own skills and knowledge about the system to make fewer mistakes in the first place. Moreover, when such people make a mistake, they take it as an opportunity to learn as much as possible in order to avoid repeating it in the future.

3. Good technical skills and a good overall understanding of UNIX. In summarizing my impressions after the interview, I place more emphasis on the person's attitude, general skill level, and ability to fit in with the rest of the staff than on any specific skills or knowledge.

This approach has been successful for me. I will not necessarily get the most skillful candidate, but the person I hire will fit in, and will be able to learn quickly in areas where his/her experience may be a little thin. Specific questions, such as what xargs does, or what the effect of -v option to cat will be (no -- it does not mean verbose), can be used to gauge the candidate's technical skill level, but an interview mainly based on such questions will not really tell you what you need to know.

About the Author

Bjorn Satdeva -- email: /sys/admin, inc. The Unix System Management Experts (408) 241 3111 Send requests to the SysAdmin mailing list to