Cover V05, I10
Figure 1


Questions and Answers

Bjorn Satdeva

First, some old business: I received several replies to the question about sag, the System Activity Graph tool. Most replies stated that the man page for sag was on such-and-such system, but nobody confessed to having used it. A few people suggested using xload, which, in some cases, is a nice tool for online monitoring, but it really does not provide the kind of reporting that sag supposedly did.

Stephen Schaefer sent me some Perl scripts that process the output from sa1 (a system V utility). I do not have this utility on any of my systems, so I could not test them; however, I have put the scripts on the system administration ftp archive, so anyone who wants to check them out can find them at:

The README file for these scripts is shown in Figure 1.

In the July issue, I answered a question from someone looking for an Ethernet packet monitoring tool. I mentioned some commercial packages, but should probably also mention that SNMP package from Carnegie-Mellon University. This package will allow you to monitor an entire network, using the Simple Network Management Protocol (SNMP). Using SNMP, you can get information from various SNMP-aware stations on the network. The freeware SNMP package is available from:


Remember that the USENIX LISA '96 conference for system administrators is coming up soon in Chicago - between September 29 and October 4. This conference is always informative. Scheduled this year are tutorials, invited talks, refereed papers, and Birds-of-a-Feather sessions. The keynote, given by John Lampman of Hewlett-Packard, is entitled "Information Technology - The Next Ten Years. Also, the vendor exhibition will feature system administration tools from 75 manufacturers. For complete program and registration material, contact the USENIX Conference at: telephone: (714) 588-8649; email: (your message should contain the line "send LISA10 conference"); or WWW:

 Q I've been trying to find a tool/utility/package that will allow an administrator to remotely monitor, unattended, a Sun-based TCP/IP network connected to the Internet. I need something that can be configured to send alerts, alarms, etc. to the monitoring system as well as page the admin - maybe something that can monitor HTTP processes and alert/restart when they go down. Do you know of anything like this?

 A It looks as if the tool you want is swatch. This tool looks for messages appearing in the syslog output and is able to take various actions, determined by a configuration file. swatch is described in the LISA VII proceedings. The paper is also included in the source.

You might also want to look at a paper by Carl Shipley and Chingyow Wang from the LISA V conference proceedings, "Monitoring Activity on a Large Unix Network with Perl and Sysogd."

Both of these are passive tools, so they cannot take any action, such as restarting a daemon. However, it is fairly trivial to write a small Perl program to do what you want. The simplest thing to implement is a program that does an exec of the daemon, and then waits for the child to exit. In Perl, the rudimentary version of what you want would look something like this (you will need to add checks for various failure modes, such as to frequent forks):

while ( 1 ) {
unless (fork) {
# This is the child process
# Make the parent wait
sleep 5;

Or, you could write a Perl script that sends signal 0 (zero) to the process. If the process has gone away, this will cause a failure, and you can then restart the daemon. The advantage of the first solution is that you get an instant restart of the daemon, but at the cost of a second process.

 Q Tarvainen's article in the August issue refers to a Tcl/Tk interpreter called wish, however it makes no mention of where to find it. I visited the sites mentioned for getting copies of Tcl/Tk but could not find wish. I even downloaded Tcl/Tk from several sites hoping to get wish, but couldn't find it.

 A wish or "Simple Windowing Shell" is part of the Tk distribution. Try to download the Tk/Tcl sources again, follow the instructions for installing it, and you should be in good shape.

 Q I need a graphical disk utility monitor that will let me watch reads and writes by user/node and volumes in somewhat real-time (snap-shot polling would suffice). I often see my filesystems filling up, but can't tell who or where its coming from. Also, I would like to easily determine disk usage by user without using quotas or some script invoking find.

 A One predecessor of the swatch program mentioned above can be used to monitor changes in free disk space. It is less capable than swatch but does disk monitoring very well. I have not used this program for some time, and I don't think it is maintained any longer, so it might take a little effort to make it work on your system. You can find it in the system administration archive at:

 Q I have a question for you or your readers. I need a way to automatically set the DISPLAY variable when logging into a machine. There are a couple of problems/situations that greatly complicate a login script.

I would like to be able to do multiple rlogins/telnets like:

host1 -> host2 -> host3

I cannot find any method to propagate the DISPLAY variable set to host1 up the chain.

Also, su has a similar problem. Any attempt to create a file in the user's auto-mounted home directory relies on only one login (i.e., the user cannot simultaneously log onto another machine). Any suggestions or comments?

 A You apparently have an old version of telnet and/or telnetd, as the newer ones will propagate the user's environment. If you upgrade, be aware of a security problem in some versions of telnetd, which allows intruders to do bad things to your system. Most commercial versions are not vulnerable, but at least some versions of Linux and NetBSD are vulnerable to this problem. See CERT advisory, "CA-95:14.Telnetd_Environment_Vulnerability," for more details.

su is a different animal. Depending on which version you have, you might be able to tell it to keep its current environment (option -m on my system). However, I suggest that you get the op program from the system administration archive, as it has several advantages over su. The most noticeable difference is the ability to control which commands the user can execute with root privileges. It is available from the system administration archives at:

 Q I am fairly new to system administration tasks, and will soon need to transmit files every day to a state computer via ftp. We have been using uucp, which works fine set up in crontabs. I have been told that ftp cannot be set up to run with cron. Yet I have done some looking at the RFCs in InterNIC about ftp and have read a little about bftp, a background type of ftp. The article was not clear on whether this could be cron'd. If you could you give me some places to start looking into this, I would greatly appreciate it. I read Sys Admin every month, and your column has helped me learn much.

 A First and most important, bftp is a security disaster waiting to happen. The reason you have been told bftp is easier than ftp to use from a cron script is that bftp does not use any user authentication. In other words, if you set up the server to provide a service for bftp, anybody who can reach the server will be able to get in. It is then possible to do bad stuff, like copying the password file or even modifying configuration files and executables.

You can use ftp from a script, and run it from cron. You will need to set up an ftp communication file (.netrc), run it as an expect script, or use redirected input. Be aware that in any of these three cases, you need to commit the ftp password to hard disk. This in itself is a security risk, but certainly a much lesser risk than using bftp.

 Q I recall reading an article that described how to make a user log in as himself, and then su to root (i.e., direct login to root could only be done at the console device). Can you direct me to something like this? I have sysadmins, netadmins, DBAs, analysts, and operators who all "require" root access to my machines, and I need to get control of this asap!

 A On most modern UNIX systems, you can prevent root login from any terminal that is not deemed secure. This is commonly done through the /etc/ttys by adding the word secure. The specifics differ a bit depending on your version of UNIX, but the principle is the same. As you say, root should only be allowed direct login at the console, and only be used when it is not possible or practical to log in as a normal user.

You mentioned the many different kind of users who need some kind of root access on your machines. The op program does a very good job of delegating limited root privileges to certain users. You can use regular expressions to define which commands (including arguments) a user is allowed to execute. As long as you don't allow programs with shell escapes (such as editors or mail readers), you should be able to set up an environment in which everybody can do what is needed, and still limit general root access to the people who have the education and experience to handle it.

 Q I've been banging my head trying to solve a problem with a Perl script. I have a file that sets up a number of Bourne shell variables that I would like to use in my Perl script. I don't want to hard code these variables into my script because they are used in other places and sometimes change. I've had a look at Perl exec and system functions, but they don't seem to do what I want. I could write a Bourne shell script to source the environment file, then run the Perl shell script, but this is wimping out:

. environment_file

Any ideas would be gratefully received.

 A You can access environment variables from a Perl script through the associate array called %ENV. You can access the values of the environment variables inherited at execution time and alter them as needed, but only changes to the PATH variable ($ENV{'PATH'}) will affect the current process. All other changes will affect only the eventual children of that process. So, if you have an environment variable that is called, for example, PRINTER, you can get that value in your program by saying:

$Printer = $ENV{ 'PRINTER" };

 Q Where can I find generic public domain Web server software? I am running DG/UX 5.4 R3.10 MU02 on a Data General AViiON.

 A There are a number of Web servers available. You will find a selection in the system administration archive at:

I am not familiar with DG/UX, so I have no idea how much work it will take for you to get this to work on your platform. We did a port of INN a few years back to a DG/UX machine, and it took a good deal longer than a usual news installation because of system differences.

 Q In the most recent issue that we've received, it indicates that is the correct place to get code listings. I've tried several times to ftp there and the machine ( has timed out or refused connection. Ideas?

 A is indeed the primary ftp server for Sys Admin magazine, as well as for a long list of other Miller Freeman publications. The system administration archives on mirror the Sys Admin archives, so you can always get material there if the is down for a bit.

 Q I just read your tool of the month paragraph regarding Argus. Could you tell me where to find it?



About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be contacted at /sys/admin, inc., 2787 Moorpark Ave., San Jose, CA 95128; electronically at; or by phone at (408) 241-3111.