Questions and Answers

Bjorn Satdeva

The next LISA conference, LISA VIII, will begin soon. This year it will take place September 19-23 in San Diego. The official name for the conference is the 8th Usenix Systems Administration Conference. The focus of this year's technical program is "Automation: Managing the Computer of the 90's." The conference itself lasts three days, and is preceded by two days of tutorials. One of the fun things at these conferences are the BOF (Birds of a Feather) sessions. Unlike the more formal parts of the conference, the BOFs simply bring people together to discuss a topic of common interest. BOFs are scheduled on a first come, first served basis. The BOFs scheduled at the time of this writing are: WWW Installation, Maintenance, Administration, and Assorted Topics; Tools for Sysadmin Tasks; Silicon Graphics Administration; Majordomo; Networking ATM style; Ohio St. Univ Backup System; and Firewalls.

With LISA just about to start, it is time to begin thinking ahead to the next system administration conference -- the Fourth System Administration, Networking, and Security Conference (SANS IV), scheduled for April 24-29, 1995, in Washington, DC -- particularly if you are interested in presenting a paper. The topic for the SANS IV conference is "Tools and Techniques You Can Use Immediately." If you have a good idea for a paper, you can e-mail an abstract (in plain text) to sans@fedunix.org before November 1, 1994.

Alan Paller, the chair of the SANS IV, is working on a salary survey for system administrators. I believe this will be the most comprehensive survey of its kind ever. Assuming you are doing good work for your organization, you may find such a survey useful in salary discussions. The results of the survey will be presented at the SANS conference, and I will also report some of the interesting highlights here. However, the best way for you to get the survey result is to participate in the survey, because everybody who participates will get a personal copy. The survey is shown in the sidebar, but you can save the work of retyping it by sending e-mail to survey@sysadmin.com, where I have set up an automatic reply. The completed surveys forms should be e-mailed to sans@fedunix.org. You can also send it by traditional mail to SANS Salary Survey, 4610 Tournay Road, Bethesda, MD 20816.

In July yet another CERT advisory was issued for sendmail. I think this should be seen as a clear warning to upgrade to the latest version (8.6.9), which is available by ftp from ftp.cs.berkeley.edu. The version shipped by the vendors (anything prior to 8.6.8) is subject to this latest vulnerability, which applies to local users rather than to connections from the Internet. So even if you are not connected to the Internet, you are vulnerable to these bugs, which are related to the "d" option (which allows local users to gain root access) and the "-oE" option (which permits them to read any file on the system). Details can be found in the July CERT advisory, which is available by ftp from ftp.cert.org. If you are running an old version of sendmail, you will need to be prepared to replace not only the sendmail program, but also the sendmail configuration file (sendmail.cf). However, if you do so, you will have the advantage of being able to use Eric Allman's high level configuration system, based on m4. All in all, there are many good reasons to get started on this as soon as possible.

The latest and the last version of BSD UNIX is now available. BSD 4.4 Lite is the last release from the now dissolved CSRG at UC Berkeley. Both a CD with the sources and a full set of printed manuals are available from O'Reilly, which has published them in cooperation with USENIX. The documentation is a five-book set, with both man pages and supplemental documentation. The CD is available in an additional companion book.

A new ftp archive has come online at Purdue. The archive is currently available via FTP, but the creators of the archive are also planning to support gopher and WWW soon. The archive currently contains software, standards, tools, and other material in 28 areas, from access control, through cryptography, firewalls, and software forensics, to the computer underground.

The collection also contains a large set of site "mirrors" of interesting collections, many of which are linked by topic to the rest of the archive. You can connect to the archive via standard ftp to coast.cs.purdue.edu. Information about the archive structure and contents is in /pub/aux; you are encouraged to look there, and to read the README* files located in the various directories.

And now for this month's questions.

Regarding the question in a recent Sys Admin about copying between tape devices: on Suns, at least, the tcopy command could be used:

tcopy input_device output_device

Or am I missing something here? (We use this quite often for making second copies of 8mm tapes.)

tcopy is indeed a good substitute for the dd command I showed in the article because the parameters are less cryptic. I did not discuss tcopy in the article, because I did not know of it at the time. However, even the tcopy will not be able to copy a tape, if you have only one tape drive, which was the original question.

Thanks to the reader for this input. It is always a delight to learn something new, and I find that UNIX gives me that opportunity quite often, even after more than 10 years of active system administration work.

If your system does not have tcopy and you would like to get it, you can find it in the original BSD 4.3 distribution. The sources can also be found on the BSD 4.4 lite distribution.

Could you please tell me where can I find a perl script that converts a host file to dns format. The DNS and BIND book (from O'Reilly and Associates) mentions a program written in perl that does the conversion. Do you know where I can get this program?

The script is called h2n, and is available from ftp.uu.net. It works well as a first approximation, but if you have more than one network, you may create problems by not maintaining the DNS directly.

I recently became a system administrator for a school system's Internet connection. I have begun subscribing to various publications dealing with UNIX and the Internet, not to mention a buying a stack of books about 3 feet high. I subscribe to Sys Admin and ran across your column, so I decided to pose my question to you. What I am looking for is a step-by-step approach to learning system administration. I have nearly a dozen books on system administration that tell what to do, but with one or two exceptions they don't tell you how to do it. I have found two sources that offer UNIX system administration training videos.

Can you recommend one of the videos or suggest anyone else who can provide the elementary approach that I need, at least to start?

By way of background, I'm a librarian for grades 6-8. After I got our UNIX system up and running and discovered the tremendous amount of information that could be found on the Internet, I contacted the librarians and computer coordinators in the school systems that were a local call from us and invited them to dial-in to our system. Things appear to reaching a sort of critical mass in terms of use and enthusiasm, so any help you can give me in better serving my growing, growing practically daily, number of users would be appreciated.

I have not personally seen any UNIX system administration training video that I would recommend, and neither have I ever heard about any video that experienced sysadmin's found useful (for example, for training new junior admins locally). In general, you should look for material that is prepared and presented by people who do system administration for a living. People who are primarily programmers but have done a bit of system administration on the side do not have the overall experience, and while they may be able to help you out in a tight spot today, their solutions might very well put you in hot water at a later time. What I can recommend is Evi Nemeth's UNIX System Administration Handbook (Prentice-Hall, 1989) and the tutorials at either LISA or SANS conferences. Evi's book is a few years old, and is now a bit dated, but it is still by far the best book on the market. The tutorials at LISA and SANS are probably not as polished as what you will see from companies providing such tutorials to the industry, but the instructors at LISA and SANS are people who deal with the problems they teach about on a daily basis. This makes these tutorials, at least in my opinion, superior to any commercial tutorials I ever have heard about.

I read with interest your article on the LISA VI Conference in the Jan/Feb issue of Sys Admin. How would I acquire a copy of the Paper on "Overhauling Rdist for the '90s"?

The paper was presented at the LISA VI conferences by Michael A. Cooper (mcooper@usc.edu). Both the LISA paper and the sources for the new rdist are available by annonyous ftp from usc.edu, in the directory /pub/rdist.

In your column in the January issue of Sys Admin, you described how to set up a split name server. Under this method, however, the internal hosts are able to resolve addresses to external hosts, but they are not able to reach them [directly, i.e., without connecting explicitly to the bastion host first -- ED].

You state correctly the situation, and whether or not you want to be able to resolve external names on an inside host is a matter of preference. It is fairly simple to set up the inside name servers to use an internal root to achieve the result you desire (how to do this is described in detail in the DNS and BIND book from O'Reilly). If your firewall is built by a combination of filtering routers and UNIX bastion hosts, then you need to have the internal hosts resolve external addresses anyway. Choose the solution that works best for you. Neither of the two seems more correct to me, and as always, the ultimate choice depends on local circumstances.

We have just installed a number of new SVr4 UNIX systems in our lab, and the ls command drives me crazy by listing files in a single column, instead of multiple columns as it does on our SunOS systems. How much work will it be to port the Berkeley version to System V?

On System V rel 4, you should be able to get the sources and compile them using the BSD environment (you get the BSD environment by having /usr/ucb first in your search path on most Svr4 systems). However, before you start to do this work, check to see if you have the Berkeley version in /usr/ucb/ls. Also, if you use an alias for /bin/ls which adds the "-C" option (columns), your current version of ls will start to behave the way you want it, at least most of the time.

Could you direct me to an FTP site that would have the sources listed in your fine magazine?

You can find Sys Admin sources at ftp.uu.net.

About the Author

Bjorn Satdeva is the president of /sys/admin, inc., a consulting firm which specializes in large installation system administration. Bjorn is also co-founder and former president of Bay-LISA, a San Francisco Bay Area user's group for system administrators of large sites. Bjorn can be contacted at /sys/admin, inc., 2787 Moorpark Ave., San Jose, CA 95128; electronically at bjorn@sysadmin.com; or by phone at (408) 241-3111.