Cover V10, I08



Questions and Answers

Amy Rich


I'm just writing to let everyone know that I have transitioned all Q&A responsibilities to Amy Rich. With my current job, I am no longer in front of a UNIX system every day and have become too far removed from the technology to contribute the quality of material you're used to. Please give Amy the same support you gave me (it's actually a pretty tough job writing a monthly column!) I've really enjoyed writing for all of you, and I invite you to continue to contact me. Thanks -- Jim McKinstry

Q I have a number of POP users that receive huge email attachments and then can't download their mail in any reasonable amount of time. Is there some way I can set the maximum message size that sendmail will accept, so that my users don't get these huge pieces of mail in the first place?

A You can probably increase the timeout value on your POP server or switch your users over to IMAP to make the downloading of huge messages easier. You can set the maximum message size in sendmail, though, too. You want to change the confMAX_MESSAGE_SIZE m4 variable and rebuild your cf file. Check the following docs for more information:
Q What's the difference between A/UX, OS X, and Darwin? I've heard that OS X will run on Intel hardware. Is this true, and, if so, where can I get the Intel distribution?

A Darwin is the core of Mac OS X. It's a UNIX-like OS based on FreeBSD, using a mach 3.0-based kernel. Darwin runs on PowerPC-based Macintosh computers, and a version is also available for x86-compatible computers. You can pick up source code and other information about Darwin on Apple's Web site:

OS X is essentially the GUI front-end to Darwin. It includes components like the Cocoa and Carbon toolkits. These bits are not available for x86 hardware, only for the Mac family. Darwin can run without OS X, but OS X cannot run without Darwin.

A/UX was Apple's first implementation of UNIX (Apple's UniX) for earlier Macintosh computers, merging UNIX and the Macintosh Finder OS. AU/X was based on SysV 2.2 with extensions such as networking, the fast file system, job control, lpr, NFS and NIS, and sendmail from SysV 3, SysV 4, and BSD 4.2/4.3. Apple incorporated System 7 for the Mac with A/UX versions 3.x.x, so that many Mac applications could be run under A/UX. For more information on A/UX, you can take a look at the AU/X FAQ: A/UX hasn't been supported in quite some time, though, so, unless you have a very old Mac, Darwin/OS X is your best bet.

Q We're looking at getting a high-speed line at our office. One of the options is DSL, and the other is to get a fractional or full T1. In the price quote for the T1 is a CSU/DSU. What is a CSU/DSU, and what does it do? Is this the router?

A The CSU/DSU (Channel Service Unit/Data Service Unit) isolates your network from your ISP's network, handling the timing and the low-level framing information. In the case of a T1, the CSU/DSU also recombines the channels of the multiplexed signal into one or more data streams. The CSU/DSU then sends the synchronous data stream into the serial port of your router, which interprets the WAN protocol sent on the wire (PPP, HDLC, frame relay, etc). The router then has one or more connections to your LAN segments.

The router is an extra piece, and if it's not in your quote, the ISP probably expects you to provide it. If you don't know how to configure the router, you may want to ask your ISP to handle that piece for you as well.

Q I have a file that is zero length and has no filename. How do I remove it? An ls shows it as:

-rw-rw----1 user   group   0 Mar 11 01:12
A First, it does have a name (all files must have names). Depending on the version of UNIX you're running, there are different flags to ls to make it show an octal dump. If you have GNU ls installed, for example, try:

ls -lab
It will probably show the entry as:

-rw-rw----1 user   group   0 Mar 11 01:12 \
This indicates that the file name is a space (" "). You can remove this file by doing:

rm " "
Also, depending on the contents of the file, this may be an indication that you've been cracked. Crackers often try to hide files and directory names by using spaces or spaces and dots so that you're less likely to notice these new entries. If you have some sort of security software in place (md5 checksumming, for example), make sure that nothing changed without your knowing about it.

Q How do I send mail through our firewall on a port other than 25?

A This depends on whether you're trying to send mail out to a port other than 25 or whether you're trying to receive mail on a port other than 25. If you're trying to listen on a port other than 25, you can change the DAEMON_OPTIONS m4 setting to the following (assuming your alternate port is 1080):

DAEMON_OPTIONS(`Port=1080, Name=MTA')
If you mean that the machine in question should be sending mail to an alternate port, you want probably want to change RELAY_MAILER_ARGS:

define(`RELAY_MAILER_ARGS', `TCP $h 1080')
This will apply to any mail sent via the "relay" mailer, which is the one used for things like smarthost. RELAY_MAILER_ARGS is also the default for other relay definitions, like mailertable entries, so you need to check that you don't mistakenly misdirect mail.

Q I want to automatically post news from a script that I'm writing, but the only news programs that I know of are interactive ones (Netscape, trn, slrn, tin, etc.). Is there a way to send stuff directly from the command line like mailx does for mail?

A Yes, there's a program called inews that comes with INN and trn that will take a file (or standard in) as input and speak NNTP to the news server. inews adds a few headers and does some rudimentary error checking as well. If the new server cannot be reached, inews will spool the article, so you'll probably want to run rnews -U (similar to running sendmail -q for mail) periodically to make sure that spooled articles actually make it out to the server.

Q I have an ISP account and a work account. I want to keep a copy of all mail sent to my work account at my ISP. I have the following line in my .forward at my work account:

This all works fine except when my ISP is unreachable for some reason. If this happens, then the people who sent mail to my work account get an error message saying that the mail has not been delivered and will be tried again in four hours (this is the standard sendmail unreachable error). I want to eliminate this message from going back to these people when the ISP is unreachable. Is there any way to do this?

A Check with your company to make sure that forwarding your mail offsite is allowed by company policy. Some companies frown upon that and have forbidden it in the employee contract.

To ensure that people don't get error messages from trying to deliver to, though, you can change your .forward to the following:

\username,"|/usr/sbin/sendmail '-f<>'"

The -f switch to sendmail sets the envelope sender of the forwarded messages. The angle brackets denote the null address that gets used for bounces (most often seen as MAILER DAEMON). You will now receive all error messages for the mail forwarded to via this .forward. Be sure to use the right path to the sendmail binary on your system, and take a look at the sendmail man page and RFC 821 for more information on using -f and <>.

Q I want to give a certain user the ability to shut down a Solaris machine on our network but give him no other root privileges and as little access to the system as possible. Is a chrooted sudo or something the best way to do this?

A The easiest solution to your problem is to create a special user called "shutdown". Give this account a real password and a shell of /usr/sbin/shutdown (with whatever flags are appropriate). When this person needs to shut down the machine, he can just log in as the shutdown user. This was a common trick back in the days of SunOS.

Q We're attempting to determine the backup/retention cycle for our UNIX servers at work. Are there any rules of thumb or guidelines that would help us determine what our cycle should be?

A The backup cycle and retention times for data are something that must really be considered on a case-by-case basis. Sometimes even different machines within the same organization will have different cycles. When determining how often to back up and how long to retain backups, there are a few things you want to take into consideration.

1. How important is the data? If you're backing up corporate financials or legal information and the company would suffer severely if things were lost, you want to back up the data often. If you're running an in-house news server and there's no critical company information in the spool, you may not want to back it up at all.

2. How often does your data change? If your data only changes once a month, then there's really no reason to back it up more than once a month or so. If your data changes continuously, then you may want to back it up one or more times a day.

3. How long does it take to back up the data? If you have huge amounts of data that take half a day to do a full backup, you're probably better off backing them up incrementally for the most part and only doing full backups every once in a while.

4. How long does it take to restore the data, and how quickly can it be regenerated by other methods? If you have gigs and gigs of source code builds that take five hours to back up and six hours to restore, but can be rebuilt from the source in three hours, don't bother to back up the object files.

5. How far in the future will you need this data? This is similar to how important the data is but adds a slightly different dimension. You may have data that is only moderately important now but that may become more important for legacy reasons (i.e., documentation on how the 15-year-old voicemail system was set up). If you may need to restore data from far in the past, you'll want to keep regular offsite archive dumps.

6. Will you have the hardware to restore archives X years down the road? If you wind up with nine-track tapes and no nine-track tape drive, it may be expensive or impossible to find such a drive to do a restore. If you're on the cusp of phasing out a media type, you may want to restore certain old datasets and rearchive them onto the new media type (i.e., restore some or all of your nine-track tapes and burn them to CD).

Having said all of that, a very common backup scheme is keep five weeks of full dumps on Sundays and incrementals on Monday through Saturday, then doing a permanent archive backup once a month or quarter.

Always be sure to verify that your data is good, too. It's a gut-wrenching feeling to experience a catastrophic failure and realize that you've had no good backups for three months.

Q I'm getting the following weird error when I try to su on my Solaris box:

$ su - root
su: No default project!
What is a default project, and how do I fix this? Have I been cracked or something?

A You don't say what version of Solaris you're running, but I'm going to guess that it's Solaris 8 06/00 or later. The "default project" that su is looking for is /etc/project, which should look something like the following:

Project accounting was introduced in the 06/00 release. See the man pages for project, projadd, and projdel for more information. As to why it's missing, perhaps you deleted it not knowing it was important. There is always some chance that you've been cracked, too, but it was more than likely an oversight on the part of the sysadmin (perhaps as part of security measures).

Q I just upgraded to FreeBSD 4.3-STABLE from 4.1.1, and now sshd no longer works properly. I had built my own from the ports collection, but I notice that it's now part of the default distribution. I get the following error message in /var/log/messages:

sshd[8962]: no modules loaded for 'sshd' service
sshd[8962]: fatal: PAM session setup failed[6]: Permission denied
Obviously something broke in the change from my OpenSSH compile to the system default with a make world. How do I fix this? I tried a quick Web search but found nothing with either of those strings.

A If you read /usr/src/UPDATING, you'll note that that they've added OpenSSH things to PAM, and it includes the new lines that you'll need to add to make it work.

   Important new FreeBSD-version stuff: PAM support has been 
   worked in, partially from the "UNIX" OpenSSH version. This 
   requires adding the following in pam.conf:

   sshd auth  sufficient
   sshd auth  required    pam_unix.sotry_first_pass
   sshd session required
You may also want to take a look at the mergemaster program to help you merge your config files after an upgrade.

Q I have a bunch of ndd lines that I want to add to the startup sequence of my Ultra 5 running Solaris 8. Where should I put the ndd lines? Into /etc/init.d/rootuser, maybe? Is there a better place?

A As a rule of thumb, you should not change stock Solaris boot scripts because there's always the chance that they will be overwritten during a patching session or an upgrade. Your best bet is to create your own boot script that's run at the appropriate time. For example, you could create the following /etc/init.d/tunedriver script:

case "$1" in
    /usr/sbin/ndd -set /dev/ip ip_forwarding 0
    /usr/sbin/ndd -set /dev/ip ip6_forwarding 0
    /usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
    /usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
  echo "Usage: $0 { start | stop }"
  exit 1
Q How do I print the contents of a file in reverse order (e.g., line 1 will be the last line printed, and the last line will be printed as the first)? Is it easier to do this with a shell script, a C program, or some sort of editor macro?

A Probably the easiest way to do this is a one-liner in perl:

perl -e 'print reverse <>' < your_file
You can, of course, incorporate the print reverse into a larger perl script if there's other processing you want to do.

Q What's the difference between NAS and SAN?

A NAS stands for Network Attached Storage, storage devices attached directly to a computer via fiber/SCSI. SAN stands for Storage Area Network, usually self-contained devices that are attached directly to the LAN via Ethernet, FDDI, or ATM. Many people currently prefer NAS over SAN because SCSI is currently faster than LAN speeds. With recent technology improvements in LAN connections, though, this may change the near future. If you're looking for some specific products on either end of the spectrum, two of the most popular are Network Appliance ( for SAN, and EMC ( for NAS. For more information on SAN and NAS, you may want to take a look at the NAS/SAN site:
or look at vendor Web sites.

Q I need to run a script every 10 seconds to gather statistics on my HP/UX. Under normal circumstances, I'd use cron to do this, but the granularity on cron isn't fine enough. Is there some way to make the granularity on cron finer, or what's the best way to do this?

A If you need to run something as often as every 10 seconds, you may still be able to use cron or at, but you may want to look into writing something that runs at boot time and never exits instead. If you're going to do a cron job, you may want something like the following:

while [ $i -ge 0 ]; do
 run command
 i='expr $i - 1'
 sleep 10
However, I'd suggest running a continuous process from boot time. You can then trim it down to:

run command
sleep 10
If you're doing this to collect system information, you're probably writing things out to a file. Be sure that 10 seconds is enough time to actually collect the data and write it out, or you're going to run into issues with the multiple processes running at the same time and possible file-locking issues.

Q I need to see modification times of files down to seconds, but ls only appears to have minutes as its finest granularity. Is there something else out there that will work, or will I have to resort to writing my own code?

A If you install GNU ls, part of fileutils, you can use the --full-time flag. If you want to write your own C code, though, it's not overly difficult. (Note that some function calls and required header files may vary depending on your OS):

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>

main(int argc, char **argv) {
  struct stat filestat;
  while(argv[1] != NULL) {
    if (lstat(argv[1], &filestat) != 0) {
    printf("%s: %s", argv[1], ctime(&filestat.st_mtime));
If you compile and run this program with one or more files as arguments, it should print out the file name, a colon, and then the mtime of the file for each file in argv. You can, of course, print out more information by accessing other parts of the stat structure.

Amy Rich, president of the Boston-based Oceanwave Consulting, Inc. (, has been a UNIX systems administrator for more than five years. She received a BSCS at Worcester Polytechnic Institute, and can be reached at: