some of this information is a little outdated. if you have any questions email me, Hyun Joo.
The following items will help to maintain a safe and productive computing environment.
- Good Passwords. Select good passwords and do not write them down or share them with others. RPG.pl can also be used to generate a list of good passwords.
- No Viruses. Exercise safe computing by not opening unknown attachments and other preventative measures. This will be tolerated only once.
- No Hacking. The security systems in place on the computers are there for a reason.
Anyone trying to subvert them will incur the wrath of the System Administrator and the PI, depending on who gets to them first.
- If there is a problem, let someone know. The only way to get things fixed is ask someone who has the power to fix it.
- Life is better with a happy System Administrator. The more time spent fixing problems (recovering deleted files, getting rid of viruses, etc) the less time is available to make things easier for the users. You want things to be easy, right?
In addition, the computers and network connections are governed by the University of the Pacific
IT policies Computing..
The following things will help to maintain a healthy and productive
lab environment. Remember, the science comes first.
- Reference Material. Several reference books and journals are
available for use. If you need one of the reference materials outside of
the lab, please check it out so we can keep track of things.
- Documentation. Lab notebooks, documented code and README files make
life easier for everyone. When you return to a project 6 months later,
it is a lot easier to make sense of what you were doing if it is written
down. It also helps those who come after you figure out what you were
- Be Nice. We all have to work together, so show some respect.
- Cleanliness. Everyone needs to work to keep the common spaces clean,
but your desk is your business until it affects your work.
- Productivity. Your worth is measured by what you do, not how many
hours you spend doing it. Being in the lab for 12 hours a day does not
count if you spend 10 surfing the internet. On the other hand, if you
get things done in 4 hours, no one will complain if you are not here for
Unix filesystem permissions system is very simple, yet quite powerful and flexible. Almost no one takes the time to learn the few things necessary to use this system to make their lives easier and more productive. Read on to join the inner circle of the iluminati.
The Three Things Everyone Should Know about Unix Filesystem
“umask” determines the default permissions applied to every file
you create. If you want your default permissions to be 664 (read and write for
owner and group, but read-only for everyone else), then your
umask should be 002.
If you’re using the environment files provided in
the ENV.tar download
from the LinuxUpdates page, then this is your umask
setting. If you want to
set your umask yourself, then add the
to your .cshrc.personal
(or .bash_profile.personal). Change the mask to whatever
you like, but
leaving it as 002 will avoid all sorts of trouble for you and
2) All of your
directories (except your home dir) should be mode 2775. This
perms to read, write, and list for owner and group, but read and list
for everyone else. The “2″ makes the directory
which ensures that every file and directory created
within will inherit the
group association of the parent. Directories
created within will inherit the
“setgid” setting. Doing things
this way makes working with Joe Bob
so much easier! For example, if you
and Joe Bob are working together on the
project Strange Stars in the
directory /net/ss. The project is Top Secret, so
you and Joe Bob have had
a special group created with just the two of you as
members. If the two
of you have umask 002, and /net/sdss is set up like: drwxrwsr-x
3 jbob ss
4096 Aug 6 18:02 /net/ss then you and Joe Bob will be able to create
files and directories within /net/sdss with abandon. You’ll never get
because you can’t edit each other’s files, and you’ll never have
to worry about
anyone other than the members of your exclusive group
all your work with an errant find(1) command. Do
“chmod 2775 dirname”
to make things right.
Your home dir should
be mode 2700. This make it accessible only to you. This
is correct. You
home directory is not for sharing data with others. It’s not
storing data for your projects (which you’ll probably want to share
with someone else someday). It’s for things like your email and your ssh keys,
which are PRIVATE. Your home directory is for stuff that you, and only
you need to see. If your home directory permissions are set too loosely,
then email forwarding
(via a “.forward” file), passwordless ssh
logins using RSA key exchange,
etc. will not work. Everyone should also
be a member of a group of which they
are the only member, and their home
directory should be associated with this
group. Unfortunately, that’s not
generally the case here on most system. Maybe
someday… For a more
complete discussion of filesystem permissions, refer to
info available on most Red Hat Linux systems (enter “info
fileutils” at the shell prompt). Jump to the “File
link, then “Mode structure” for the most
important background discussion.
To navigate the info system, use
“n” to go to the next topic, and
“p” the previous.
Use to jump to links in the text – press
return to follow the
link. Press “?” for help.
What doesn’t get backed up?
Anything stored on the local disks on desktop Linux machines – not
/tmp, not /scratch, nothing. Currently, the web/mail/ftp server is
not being backed up. There are plans to change this.
Can I make my own backups of stuff you’re not backing up?
The LCD iMac has Superdrive that can burn DVD-Rs and CD-Rs of your data. If you are interested contact Hyun Joo
When do you do backups? How long are they preserved?
One month. We have a lot of data to back up and not a lot of cash to
buy tapes. Our dump cycle is one month long with backups Monday
through Friday (20 runs total). Files sometimes survive on tape for
six weeks or more, but don’t count on it.
When do you do full dumps? Incrementals?
We use a program called Amanda to manage our backups. Each time it
runs, Amanda schedules some directories in the dump list to get full
dumps and others to get incrementals. In a given dump cycle, Amanda
attempts to preserve two full dumps for every entry in the dump list.
Amanda attempts to dump every entry in the dump list every time it
runs – either a full or incremental dump.
Do you store a full dump archive off site in case of disaster?
No. We do not have the ability to make a full dump of our main
fileservers. It would consume at least 30 tapes and take about a week
to complete. Our tapes are stored in the computer room, right next to
the tape library and fileservers. They should be stored in a
different building, or at least a different room. If you want to
volunteer to shuttle the tapes between locations, contact Hyun Joo.
the dump list changes every week as directories are added and removed
from our servers. Our backup system creates a new dump list every
weekend and, typically, several dozen changes are made from the
previous week’s list.
Why are there so many entries in the dump list? Why don’t you have
just a single entry for each server?
Our backup software does not support having a single backup span
multiple tapes. Consequently, we have to break our backups into
smaller chunks. Currently, the chunk size is 35GB – any directory
with more than 35GB of data will be broken into two or more chunks.
Another limitation of our backup scheme is its inability to back up
files in the branch node directories. For example, /a1/FOO
contains two subdirectories /a1/FOO/small with 10GB of
data and /a1/FOO/large with 30GB of data. Our backup system
would dump small and large separately, but any files in
/a1/FOO would be missed. We have a second routine that backs
up these files, but the list of files to dump is only updated once a
week – so be aware!
Q: Anything else I should know
A: Disk list entries containing
spaces or strange characters will not be backed up.
If a file
changes as it is being read by Amanda, it will not be backed up. This
happens occasionaly with files being written by Condor jobs or other
processes which do substantial file I/O at night when the backups
Backups begin at 7:30 p.m., Monday though Friday and tend
to take eight to ten hours to complete. This means that any data you
create and destroy in a single day is probably not on tape. Email
messages received and deleted on the same day are a good example of
this sort of problem.
The linux systems in the lab can be divided into two groups, the Muir
Woods and the Forest. The desktops in the Forest are used for
project development while the nodes in the Muir Woods are used for long,
computationally intensive projects. Both groups have common access to
/net/work/ (data) and /net/prog/ (programs) but seperate home directories.
Read the etiquette page to understand why you
can still work on both sets of computers. For those writing programs,
developement should be done in /net/prog and once the source is stable,
it should be added to /net/prog/bin/ to be available to everyone.