Last modified: Wed Jan 24 13:20:35 PST 2001
RealAudio's rvplayer is installed on all workstations. It will work
as a netscape helper. Just make sure that the RealAudio file
type is associated with rvplayer %s under
Edit->Preferences->Navigator->Applications.
Use the
/scratch-local area for temporary storage, for
example you can put temporary data files or binaries there.
Clean up your
files, get rid of ones that can be regenerated trivially, such .dvi or
stuff downloaded from the WEB. Use gzip to compress files that you are
keeping for archival reasons. Do not keep duplicates of system files in
your own area.
Reduce the size of Netscape's disk cache or try putting
the Nescape cache files in one of the scratch areas or in /tmp. To do this,
under netscape's preferances you will find a menu about the cache. First
clear the current disk cache and then create a new one in /tmp/yourusername/.netscape,
i.e. change /home to /tmp.
Consider learning how to use a mail reader that can handle compressed
mail folders on-the-fly. The principal examples of these are RMAIL
(accessed from within FSF emacs or Xemacs) and VM (accessed from within
xemacs). VM is probably the better program. To use on-the-fly
compression within Xemacs add the line (toggle-auto-compression) to
your .emacs file. To enable it within FSF emacs, add
(auto-compression-mode) to your .emacs file. To configure VM or
RMAIL, run xemacs (or emacs) and type ESC-x configure. Follow your
nose from there.
Since the filesystem holding the home directories is not under our direct control, we can not increase quotas.
None of these scratch
areas are backed up. make sure that you understand file protection
(man chmod ) otherwise some other user maybe able to read
your files.
Good passwords can often be generated by choosing a phrase, and
using the first letter from each word. The password will be easily
remembered, but very hard to guess.
For example, "Don't use this as your password, silly", would
generate the password dutayp,s. Note that I've included the
comma to make it harder to guess. You may also want to include some
simple, easy to remember substitutions, like du7ayp,s, where
I've replaced the t with a 7 because they kind of look
alike to me.
This page is under construction. Comments are welcome.
[LBL Homepage
|
CDF Group
]
It is a unix-like operating system that
contains no proprietary AT&T code. It is licensed under the
GNU Public
License. Great care has been taken to insure that linux is as
POSIX compliant as possible. This means that most modern, well
constructed unix code should compile on it. Of course there's no such
thing as complete portability.
Linus Torvalds, then a student at the University of Helsinki, released
the first version on 5 October 1991. More general information here
Try this list of Frequently
asked questions or this
one or this
general introduction.
An excellent general starting point is Kernelnotes.
The default windowing environment on the SGIs is proprietary, and so
is not available on linux (or any other flavor of unix). Our linux
computers are set to offer KDE as the default windowing environment.
KDE provides a highly configurable window manager (kwm) along with a
file manager, application panel, and a suite of programs and applets.
Try this user
guide. There is also extensive documentation under /usr/doc and /usr/doc/HOWTO. In addition, of course, there are the standard UNIX man pages and info pages. The KDE desktop environment provides a help tool, invoked from the kpanel, or by typing "kdehelp"
Try
man ZZZ or man -k ZZZ
Read the man or info, i.e.
man yyyy.
At the moment there are eleven workstations. In the future there may be a specialized tape server and possibly another more powerful server. It is expected that CPU intensive Run II analysis will be done on PDSF.
See here
for more details.
(this only applies to tcsh shell users) If
you connect from a terminal or via ssh, the system wide files
/etc/login, and the .login in your home directory
is run. When a shell is started the .cshrc in your root
directory is executed.
If you start an X
session from an X-terminal via XDMCP(from an X-terminal), or from
the graphical logon manager on a workstation, the commands in your
.xsession or .Xclients file are executed. If you startx from the text
console via startx, the system looks for .xinitrc, then .Xclients. If
you do not have either of these files, you will
get the system default windowing system.
Only the tcsh shell is supported locally. This is the default
shell for new accounts. Non-experts are strongly advised not to use other
shells as no hand-holding is available for users of them.
If you use another shell, you may have to edit your initialization files to, for example, fix your path.
If the fonts look poor, you should use antialias:
gv -antialias
If you have a postscript file that will not print, or
that you cannot view with ghostview, run ps2pdf on the .ps file to
produce a .pdf file then view it with acroread. Some office
applications produce postscript that will not print or view properly.
The program ps2pdf is a Linux hack that undoes the corruption to
produce a good pdf file.
If your postscript file was produced by a Microsoft program, printing
problems may be solved by running the program fix_ps.sh on it.
Which shell should I use?.
Standard unix lpr works.
See man lpr,
the printers are at14 and tpu137. at14 is the default.
lpr -Pat14 file.ps, or simply lpr file.ps
sends the file.ps to it. There is a filter that determines file
types. If you get no output, the odds are that your file is not
printable.
If the printer is not specified the file goes to your
default printer, if you have one. Change the default printer by
putting this in your .bashrc file.
export
PRINTER=at14,
There is a local command print that
passes the file through a filter; if it is postscript nothing happens,
otherwise it is formatted to have the date, file name and other stuff
on the top of the output. The output is sent to the printer that is
defined by your PRINTER variable. (this uses the nenscript filter)
Send mail to root@cdflx1.lbl.gov with as much detail
as possible. Minimum information must include, complete error message
given by the failed process. Comments such as "I got some error message
that I cannot understand" are not helpful and will be ignored. Here
is an example of a complaint that elicited a rapid response.
Use telnet to login and then direct the display to your
X-Terminal. Or use XDMCP to request TCPIP service from one of
the linux boxes. You will then be presented with a login window, and
the window manager will start automatically after you login. If your
X-Terminal automatically gives the login prompt from another host ,
have the manager of that host turn off that feature.
If you are faculty and have a PC or Mac at
home, you should be using the faculty modem service and connecting via
ssh. If you have a PC/MAC and an account with an internet service
provider (e.g. America online) you should be able to connect ssh.
Telnet is not allowed from outside of LBL.
Find out whether it is available for this platform (most packages are),
then send mail to root with the following information: Name of package;
brief description of what it does and why you need it; how much it costs
and where it is ordered from. You can look at in the Linux
archive at Sunsite. Packages
that have been cast into RedHat's RPM format are trivial to install. The
can be found in the contrib
area.
If the package is not in RPM format you will have to build it. Get it working
by building it in one of the scratch areas, then get root to installl it
for you.
Anything that came with the ``Red Hat'' system is in
/usr. /usr/local and /opt are used for all other
system installed software. /home is NFS mounted from a server
and is visible on all the workstations. The workstations all have a
swap partition of 128 MB. Each of the workstations has a private
scratch area called /scratch-local. None of these scratch areas
are backed up.
Personal webpages are located under
/public_html/$USERNAME, are visible from all workstations, and
are backup up.
StarOffice 5.1 is installed on all of the
workstations. See this guide to learn
how to use it. You can also use the applix office suite to import and
edit Microsoft word files and Excel spreadsheets. Applix is installed
on all the linux workstations. Run it by typing applix, or
/opt/applix/applix if that doesn't work.
This is usually caused by processes in the background eating up tons of CPU. Netscape is the most common culprit. Use "top" to see what's running and how much CPU time it's taking up. If you own the process you can kill it. Type "kill -9 PID" where PID is the process ID number reported by "top" or "ps" If the process belongs to someone else, ask him or her to kill it (if it's not legitimate). If you can't find him, send mail to root asking him to kill it.
KDE is the default desktop environment on
all the linux machines. If you wish to use fvwm2, you may simply
delete or (better) rename your ~/.Xclients file. If you want to use
some other window manager (fvwm, twm, Afterstep, Windowmaker), edit
your ~/.Xclients file to reflect this.
It is required that you register with
the LBL EPO
(Electronic Post Office). This will give you a username@lbl.gov email
address. You should also
apply for an IMAP4 account on the lab's main email server.
The linux
cluster does not receive mail.
If you are using IMAP you should either use netscape or
pine to read your mail.
Whichever
mail agent you use, it is strongly recommended that you configure it
so that it automatically sets the "Reply-To: " field to your address
in the central mail server. In pine, choose "SET UP", then
Config and set the "customized-hdrs" entry to
Reply-To:your-address@lbl.gov
eg Reply-To:MDShapiro@lbl.gov
Anyone who replies to your mail will then have it sent
via the central server.
If you have a file in your home directory
called mbox and this file is either empty, or in unix mailbox
format, pine will use it as your INBOX. That is, when you read your
mail, pine will transfer the contents of your mail spool
into ~/mbox. If mbox doesn't exist, pine will not
create it, but rather will leave your new mail in the spool.
Where this spool is depends on how you have your mail configured.
If you use IMAP, the spool resides on the LBL imap server.
If you have you mail forwarded from kfesg to cdflx1, your mail spool is
/var/spool/mail/$USER.
If you don't have a ~/mbox but
want pine to keep incoming mail in your home directory, simply create
the file: touch ~/mbox
You can only do this if you use the Lab's
IMAP server as your primary mail. See here for more
details.
You must first determine where your mail is
going. All incoming mail should be going via the central LBL
server (i.e. your address is IJsurname@lbl.gov
where I and J are your initials). Send
mail to postmaster@lbl.gov and tell them where you want the
mail directed or fill out this form
.
You need to have a .mailcap and a
.mime.types file in your main directory. If you have lost
yours, here are simple examples to get you started .mailcap
and .mime.types
See the question about postscript issues.
Create a file called .forward in your
home directory. It should contain one line with the address where you
want mail forwarded to. e.g. anderson@thwk12.lbl.gov
Since your mail will not be coming directly to our linux machines,
but will only reach them through forwarding from kfesg (if at all),
this should not be an issue. Set up your forwarding further upstream.
Open the Options, go to General Preferences and then
to Helpers. Look down the list and make the Description
match the Handled by field. For example, application postscript
should be handled by /usr/X11R6/bin/gv %s. The %s at the
end is essential. It is best to give the full path as in this
example. You might want to use /usr/X11/bin/gv -antialias %s if
the fonts look bad.
See here
Make sure that acroread works as a
standalone package. If it does and you have the helper configured
properly, the problem lies with netscape. Try shutting down netscape
and restarting it. If this does not work, your machine may have an old
version of netscape.
Remove your .netscape/cookies file and the replace
it with a soft link as follows
ln -s /dev/null ~/.netscape/cookies
.You can then set netscape to accept all cookies, you will not be bothered
by them and your browsing will be kept private.
The best solution is to use StarOffice as a
helper application. See here for
instructions.
For earlier versions of
the Word you must save the file and open it with
applix. Remember that Word formats change often and
different versions are not compatible. <\LI>
Personal webpages are located under /public_html/$USERNAME. Files
in this directory are accessed from the web via the URL
http://www-cdf.lbl.gov/~$USERNAME. (e.g.,
http://www-cdf.lbl.gov/~shapiro). If you name your homepage
index.html, it will be accessed directly from this URL.
Otherwise, you'll have to give out a specific page name
(e.g.,
http://www-cdf.lbl.gov/~shapiro/my_hard_to_remember_homepage.html).
The disk quotas are set very high. There are
two reasons why quotas exist. Space in /home is backed up and therefore
the files are stored several times. Quotas prevent a single user from filling
up (possibly by accident) the whole file system which makes the whole system
unusable. If you are short of space, here are some suggestions:
Check your PATH environment (in bash the
command is echo $PATH). Then type which xxyy. If the
application is not in a directory in your path, change your PATH
environment. If the application is in your default directory make sure
that . is in your path. It is not included
by default as some Unix experts consider this to be a disaster waiting
to happen.
If the response to this from "root" is "It looks
fine to me", then your account is messed up. You have probably redefined
some system variables. Move all of your startup files to some other location
and then copy the contents of /etc/skel/ to your root directory; make sure
you know what you are doing as this will overwrite your files. Logout and
back in. If the problem has gone away, you can then figure out which of
your files is at fault.
The DISPLAY variable is set wrong.
DISPLAY=yourterminal.lbl.gov:0.0
then
export DISPLAY.
This is usually because the host is not authorized to open a display
on the server. If the server is a Unix box then
xhost +host
will fix it where host is the internet name of the machine on which
the client is running. ( See man xhost). On a PC, MAC or X-Terminal,
turn off the access control. Both this and the previous problem are solved
automatically if you use the secure shell (ssh) to connect. This is described
in the security section.
Send a suitable message to root. The message must state the names
of the files or directories that you want restored and the date when
the files were last present. All of this information is needed to
determine which backup set is to be used. Note that a restoration may
result in more recent files of the same name being overwritten. In
order to protect against this, requests for a few files will be met by
sending the files to you via e-mail.
The default setup on Redhat linux requires no startup files except
for .bashrc, .bash_profile, and .Xdefaults. You can copy these from
/etc/skel on cdflx1.lbl.gov. There are a number of other files in
this directory that may be useful. Since the home directories are
shared with PDSF, you should be careful about changing your
environment too drastically. Keep backups of your configuration files
in case you make a mistake.
Use the command du from your main directory.
It lists your directories and the total space used in each of them. The
command quota shows your disk quota.
Try loging in via telnet from a mac or X-terminal. If you can get in
this way, type quota . If you have no available disk space, see
the item above and clean up.
If you have a lot of old files that you are
using for archival purposes, i.e. they are not changing, You can move
them from your home file system to the scratch areas. If do not want
to run the risk of loosing them due to a disk crash, you have three
options. If you have a workstation, put them on your local scratch and
put a backup copy made with tar on the system wide scratch area. If
your workstation has a zip drive, learn how
to use it.
In extraordinary circumstances the system manager will
make an archive for you at his descretion (ask nicely) on a Jazz drive
cartridge or tape. These archives will not be restored unless the
original suffers a hardware failure.
Every workstation has a local scratch directory called /scratch-local (which is actually a link to /scratchN, where N is the workstation number).
xmodmap -e "keycode 22 = BackSpace"
The number here is keyboard specific, it's 22 for a PC keyboard,
and 102 for one of our NCD X-Terminals. Read this
for more details, here
is another web site with some detailed instructions. Read both of
these before asking me. There is a problem with the keypads
on the PC Workstations (see here
for the explanation and suggestions)
Try the page maintained by Queen
Mary College London ,the Beowulf
page run by NASA Goddard, or the CERN
group
The GNU manuals are on line at http://www.cl.cam.ac.uk/texinfodoc/dir.html
Here is a Users
Guide
Security Issues
Do not use any easily guessed thing. The
passwords are checked on a regular basis, if yours fails some simple
tests you will be forced to change it. Use at least 8 characters; a
mixture of letters, numbers and non alphanumeric characters (such as #
or %) is best. Do not use the same passwords on different machines. Do
not reuse passwords.
Advisory: Do
not leave yourself logged in for extended periods. Any open network slot
is a temptation to crackers.
Mandatory: Follow
the password policy outlined above.
Do not share your password with anyone.
Do not let anyone else use your account. (this was how the BaBar machine
was broken into)
Change your password often ( at least every 30 days) if you connect via
ftp or telnet. The particularly applies if you connect
from .edu sites (including berkeley)
Anyone whose actions compromise the
security of the system may have
their computing privileges revoked.
If the security breach is caused by someone breaking the mandatory rules,
that person's account will be terminated: NO EXCEPTIONS.
Anonymous ftp, pop servers and certain other network tools are potential
security holes and are therefore not available. telnet is restricted to
connections from other machines in our cluster. Use ssh if you are coming
from another site.
Your password is sent over the network "in the
clear". If there is a network sniffer running somewhere, you could be in
trouble. You
should minimize use of ftp and telnet (or better use ssh and scp)
. ssh is are faster than telnet and ftp if you use compression.
Both the client and the server need to be running
ssh. The Windows and Mac versions of ssh is available from the workstation group server
at LBL. Most unix machines have it running.
Method B is preferable, if you
use it properly as it means that you type your password less often.
Method A -- Type ssh instead of telnet . You will
then have to enter your password.
Method B -- You need a public and a private
key. You make the key on the machine that you are logging in from (the
client). You run a command like
ssh-keygen
This will ask for a "pass phrase". Do not use your password, but rather
some phrase that you can remember (it can be quite long) It will make two
files in your $HOME/.ssh/ directory called identity and identity.pub.
Neither of these should be readable by anyone but you. (Make sure that
you have this right). Login to the remote machine (server) and put the
identity.pub
into
a file called authorized_keys in the directory
$HOME/.ssh/
using
ftp. Do not move identity to the server. If you want to login from
more than one client, you must append each client's public key to the server's
authorized_keys
file.
You then connect from the client to the server using the command ssh instead
of telnet. You will then be challenged for the passphrase. If this fails
it will ask for your password. In this method, a cracker needs both your
private key (which is why the file should not be readable by anyone but
you) and the "pass phrase".
In either method, note that all transmission is encrypted,
so that anything that you type cannot be read by a cracker using a network
sniffer. Also all of the paths necessary for X connections are made automatically,
so you do not need to export display, use xhost, or any of those nuisances.
ssh
makes
network computing safer and more convenient. The snag is that ssh is needed
on your client. It exists and is free for almost all UNIX flavors. The
client license for Mac and Windows is not free. LBL has a site license
for the Mac and Windows versions
here
.
The Mac version needs power mac and more than 16 MB of memory to
function properly. You are strongly encouraged to use these
on your MAC/PC either at LBL or home.
There is a replacement for ftp called scp that also
uses encryption; here is the command
scp localfile remote.host.domain:/home/your_directory/file
This copies the localfile to the remote machine, you will be prompted
for your passphrase or password. If you are on a heavily loaded network
or are running over a slow line (modem), you can use compression to speed
things up. The command is
ssh -C host or scp -C. The latter is equivalent
to gzip, ftp and then gunzip, but its easier and safer.
ssh web site has more information
What to do in an emergency
This is considered an emergency. During working
hours, you are should phone Jeff at 4208 or have Mark call Jim
Dodge. During nights and weekends send e-mail to JDAnderson@lbl.gov
and WJDodge@lbl.gov. If the machine crashed while you were using
it, include a description of what you were doing in the mail message. Under
no circumstances should you attempt to reboot a machine yourself. Put a
sign on the workstation so that no-one else will try to use it.
The opinions stated herein are those of the author. The author is not
responsible for any errors or any omissions or for any damage that might
result from the use of the information contained herein.
Questions and Comments to:
Jeff Anderson.