Cover V07, I12


Questions and Answers

Bjorn Satdeva

I have received a number of comments regarding a question in the September 1998 issue about which version of UNIX is the best. Several readers proclaimed this or that version to be the best. It seems to me that this discussion is moot. If you have decided that the best OS is, for example, Solaris, but your application is only avalable for HP-UX, then it no longer matters whether Solaris is better. You cannot use it; you will need to run HP-UX.

If you have a choice of platforms, choose the one you are most familiar with. Introducing a new OS into a site can and most likely will cause a lot of work and a lot of retraining, especially in these days where many system administrators are trained for only one or two platforms. Again, my point is that, today, nobody purchases an operating system, they purchase an application platform.

 Q Sometimes, my clients can connect to our modem server, but are unable to use the Internet resources. If they ping to our server's DNS number, the reply is "request time out". What causes such a problem? How can we fix it?

 A This problem can be caused by any number of things, but making a guess, it is most likely connected to a routing problem. Try to use traceroute to see if the packages are going where you expect them to. Make sure that the systems that are supposed to route packets in fact do so, and that the ones that should not, don't (the latter is more subtle, as you might not discover you have a problem until your systems are getting unwanted visitation from intruders). Another good tool is ping, which allows you to see if you can reach a system, or if the packets get lost somewhere on the way there or back again.

When the basic networking is checked and is working, if you still have problems, then check the software configuration on the server (do the server process run) or on the client (is the client configured correctly?).

 Q What are pros and cons of configuring mail hub vs. MX record in the DNS?

 A This is not a question of pros and cons. By definition, any host that receives mail should have at least one MX record. Although sendmail is forgiving and is falling back to the use of A records, a well thought out use of MX records allows you to build a more solid mail system.

 Q I have UNIX system. How do I configure the network printer?

 A Configure your UNIX system to treat the printer as if it were connected to a remote UNIX system. The printer should be able to speak various kinds of protocols, so choose one that suits your purpose (e.g., the BSD lpd printer protocol).

 Q I am an NT/NetWare guy, a newbie in UNIX, and a passionate reader of your monthly column in Sys Admin. I took a basic Unix OS course (Linux), and my instructor told us about implementing UNIX security. Can you tell me how or where to find a good article on how to chroot?

 A chroot is a program that is often used in connection with implementing security by creating a small subset of a machine to prevent users from getting information they are not intended to have. For example, when running an ftp server, you need to prevent people from ftp'ing your password file and cracking the various passwords. When you do a chroot, you essentially cd into a directory, with the effect that you cannot see any of the directories above the chroot point. It is therefore possible to completely tailor the environment available to the users.

As a simple exercise, create a directory, (e.g., /tmp/foo) and under that create the subdirectory bin. Copy a shell to this new bin directory, together with one or two other programs (e.g., ls):

mkdir /tmp/foo
mkdir /tmp/foo/bin
cp /bin/csh /tmp/foo/bin
cp /bin/ls /tmp/foo/bin

If the programs you have copied into /tmp/foo/bin are using shared libraries, then you also will need to create the directory for shared libraries and create a copy of the ones you need. In the real world, however, if your machine supports static linking, that is much preferred (in this context). If you are on a Solaris system, you are out of luck, as it apparently is impossible to build statically linked programs for that OS.

Now you have a very basic environment you can do a chroot to:

chroot /tmp/foo /bin/csh

When you do an ls, you will see only the files and directories you created below /tmp/foo. To make sure that the chroot is working the way it is supposed to, try to cd to the directroy above by typing cd ... If you are in the changed root (what was /tmp/foo before you executed chroot), then the cd .. command should have no effect. On some older versions of UNIX, you could walk back up the directory tree in this manner and still get to the files and programs that the chroot supposedly was keeping away from you.

 Q Are there any printer filters available on UNIX for printers such as HP deskjets?

 A I know of no dedicated printer filters that can do this, although it certainly would be nice to have. However, the GNU ghostscript program could possibly be used for this purpose. This program has the capability to convert between various printing formats, and can be used as a filter. See the file "device.txt" in the distribution of gs for more details.

 Q I am looking for a script to find out if any command is using a large percentage of CPU and whether the process has been running more than eight hours. If the percentage is say 80%, then it should send mail to the administrator. I know I can use the top command, but I can't grep the output or save it to a log file programatically. Can you help me find a way to solve this problem? Or is there any other command to use?

 A top is an interactive tool and is very useful as such. For your purpose, however, you might be able to hack a Perl script together that extracts this information from ps. The BSD version of ps (in /usr/ucb on SVR4 systems) can give you both starting time and CPU percentages (use ps -axuS).

The output of this command looks like this:

bjorn   13716  0.5 11.9 9736 7384  console  S  12:13:47  0:35  /usr/open
bjorn   14141  0.3  1.7 1112 1056  pts/6    O  17:11:36  0:00  ps -axuS
bjorn   13795  0.1  4.8 3608 2952  ??       S  12:13:56  0:00  /usr/open

The output is relatively simple to parse in a Perl script, and if you can clearly define the conditions that should cause concern, you can raise alarms when necessary.

 Q Is there any way, from the command line, to use grep to search for text patterns in files? We're trying to search for IP addresses inside all files on a disk. We've tried different wildcards and patterns, but nothing has worked. Would awk be the answer? I know we can do it with C, but we're trying to do it from the command line.

 A The standard UNIX command egrep should be able to handle this request very nicely. It is a variation of the more well-known grep program that uses regular expressions when it searches files. Combined with the find command, it can find all the IP addresses, although it may not be able to match patterns, which is something else (like version numbers).

The command to use should look like this:

find / -type f -print | xargs egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'

 Q Is there any way to combine the output of netstat and ps -ef? That is, how can I find the ports a process is using?

 A I know of no way to tell which ports have been opened by which running processes. I am curious, though, as this question has popped up several times over the last year, but never with an indication of the context in which this information is needed. One of the reasons I am getting curious is because this is an issue I never have run into myself. I suspect that the question really relates to something different, but I need more information to find out what.

 Q I have had an old system thrust upon me that is running AT&T UNIX (System V/386 3.2), and I need a disaster recovery plan. The original operating system diskettes are nowhere to be found. How can I boot the system and reload the operating system in the event of a system failure?

 A The short and simple answer is to replace the system. If you for some obscure reason really must keep this system running, you might be able to find the necessary software on Usenet, but that will probably require some luck, too. For systems that are this old, you will have problems not only getting the software, you will also have problems finding replacement hardware. As system administrators, we sometimes get requests for very bizarre things, and sometimes we simply have to say no.

 Q I am looking for a program that reads a file and displays the file contents in binary, hex, ascii.

 A The program you want is called hexdump. It can display the contents of a file in a number of different formats.

 Q The place where I work has 74 servers, and the data goes to around some 150GB. What is the best way or which device is the best to use to backup this huge data? We have two DLTs (30GB) connected to two systems, and now it's extremely difficult to manage the backup; please advise.

 A Unfortunately, backup technology has always lagged behind disk technology. The relative size between total disk space and the capacity of the backup tapes has not changed all that much over the last 20 years. It is a both a difficult and important question how to handle this. The best solution I can see is to use a backup manager, such as the Amanda freeware package, or a commercial solution, such as Bud Tool. Whatever your choice, make sure that you build a good quality control system into the backup cycle. Although the quality of backup software, equipment, and media seems to have improved, it is still by no means fault tolerant in any sense of the word.

About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be reached at