General MCS Questions
From MCS IT Wiki
How can I leave a file for someone else to pick up via FTP?
A project directory will need to be created by systems. Contact firstname.lastname@example.org to have the top-level directory created. They will direct you to the path to your files, as well as the FTP URL to give out.
What is the policy for creating or leaving files in the /home/ftp/incoming directory?
- Anonymous users ftp can leave files. Connect to ftp.mcs.anl.gov and cd to "incoming".
- In the incoming directory, and its subdirectories, files deposited by Anonymous can not be read (get) by Anonymous.
- Most people with MCS accounts should be able to access the files by from /home/ftp/pub/incoming directory from any MCS UNIX machine.
- The incoming directory is hidden so that files and directories can not be "seen" from the outside. So, for example, if you are in /home/ftp/incoming and do an "ls" command, you will see nothing.
- The anonymous FTP directory is monitored and automatically cleaned up. A job runs daily that removes all empty directories from the "incoming" directory. It also removes any file that is over 10 days old. If someone is sending you a file, or you expect them to pick one up, please stay on top of it so that the file doesn't get removed before the end user actually gets it. So, if you want to create a directory for someone to put something into, you should put a README or .message file in the directory so that the otherwise empty directory continues to exist and your cohort can ftp the files into the directory for you to pick up. But note, if your cohort doesn't ftp you the files in 10 days, the directory (and your space filling file) will go away.
How do I recover files that I've deleted?We make nightly snapshots of the entire NFS fileserver at just before midnight. Snapshots are retained for one week. On the Linux workstations every home directory has a link at ~/BACKUPS that points to that user's snapshots directory. In this directory you will see a subdirectory named for each day of the week and within those you will find a representation of your home directory as it was on that day. Additionally there is a directory called "Midday", this is a snapshot that is taken at Noon everyday.
So, to recover a file that was in your home directory on Monday named "foo" that was deleted on Tuesday one would simply issue the following command:
cp /homes/joeuser/BACKUPS/Monday/foo /homes/joeuser/
If you need something restored that's more than 7 days old you should contact mailto:email@example.com and we will restore it for you from backup tapes.
Our backup retention policy is:
A currently existing file is always backed up.
We keep 7 revisions of a file over a 30 day period. After a file has remained static for 30 days, the number of copies kept is reduced to 1.
When a file is deleted, the backup will remain for 180 days.
Please understand that the backups are intended for disaster recovery, whereas user-initiated archives are "forever" (where "forever" is the life of the tape.)
How do I delete files if my directory has exceeded its quota?
There is a known issue with many of the shared filesystems that we provide. They do not allow you to remove files to clean up a directory that has reached or exceeded its quota. The error you recieve when this issue is present is:
rm: cannot remove `myfile': Disk quota exceeded
The workaround for this issue is to copy /dev/null into a few of the files that you wish to delete to create enough space in your filesystem to delete items using the normal utilities. The command to do this is:
cp /dev/null /path/to/my/file
Only run this workaround on the login nodes.
How do I change my password or login shell?
MCS Workstation/e-mail/Accounts passwords and login shells are changed at https://accounts.mcs.anl.gov/account.php. On Windows workstations, you can change it by pressing CTRL-ALT-DEL, or at http://www-fp.mcs.anl.gov/computing/architectures/windows/offsite_passwd.htm, via a web browser. ANL Domain Account password can be changed at https://credentials.anl.gov/. If you don't know your old password, visit the Help Desk (240-2E15, 630-252-6813) to have it reset. We do not reset or send passwords via e-mail.
Where are the log files?
Check out /mcs/logs/.
How do I get my name listed on the Staff Directory page?
Go to https://accounts.mcs.anl.gov/resources.php and request the MCS Web User resource. Once your association with MCS is verified, you will be listed on the staff directory database and have the ability to edit your own information using the forms at https://www.cels.anl.gov/adminforms/ Information on using the CELS Adminforms can be found at https://wiki.mcs.anl.gov/IT/index.php/CLSWeb.
How do I get my own homepage at MCS?
You need an MCS workstation account and the public_html resource. You can request both of these at https://accounts.mcs.anl.gov/resources.php. This will create a directory for you on the webserver and link it into your workstation home directory so you can add and edit files accordingly. If you already have a public_html directory on your workstation account, it will be copied to the webserver first.
What are the general use compute servers for the division?
The MCS login nodes are for interactive login sessions, light work, and for SSHing to compute servers behind the firewall. Do not run compute-intensive jobs on login.mcs.anl.gov (aka login1 through login4). Instead, SSH to one of the machines below.
Supermicro X8DTU mainboard 2x Intel E5520 Xeon CPUs 24GB DDR3 1066MHz Memory (6x4GB modules) 1Gbit ethernet connected
Supermicro X7DBU mainboard 2x Intel E5430 Xeon CPUs 32GB DDR2 667MHz Memory (8x4GB modules) 1Gbit ethernet connected
Supermicro H8QM8 mainboard 4x AMD 8216 Opteron CPUs 8GB DDR2 Memory 1Gbit ethernet connected
How can I keep my password secure?
The first and best line of defense against unauthorized access is the user's password. Your password should be changed IMMEDIATELY after arriving to MCS.
Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.
Document DOE G 205.3-1 describes DOE guidelines, available at http://www.directives.doe.gov/
- Something easy for you to remember with at least eight (8) characters
- An acronym derived from the first letter of each word of a quotation or better yet, a nonsense phrase
- Avoid using simply modified words. Horribly misspell it and flip the cases of some letters if you need a word to remember.
DOE 205.3 Guidelines:
- Eight (8) non-blank characters
- A combination of
- Letters (preferably a mixture of upper and lowercase)
- At least one in first 7 positions
- First and last characters must be non-numeric
- Must not contain your name or username
- Any word in a dictionary (or simple permutation)
- single word
- word followed by digits
- word followed by digits followed by a single letter
- digits followed by word
- single letter followed by digits followed by word
- Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
- Your username, or your username spelled backwards.
- Your phone or office number, address, birthday, or anniversary.
- Your license-plate number, your social-security number, or any all numeral password.
- Any words or names spelled forwards, backwards, or in a foreign language
- "Hacker/l337 5p33k" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
- All digits or all the same letter or letter sequences found on keyboards.
- Passwords you have used anywhere else, or your previous two passwords here.
Never use the same password on different remote systems. Similarly, avoid falling into a recognizable pattern, such as always capitalizing all the vowels. If you have the same password at different sites, you compromise the security of all of the sites. If one site has a security break and your password is captured, the security break is now effectively at all the sites. If you learn of a security compromise at a remote site where you have an account, even if your passwords are different, please notify firstname.lastname@example.org.
Never give your password to anyone! Never tell anyone over the phone your password. Nobody in the Systems Group will ask for your password over the phone. (We can access your account without it. Systems never needs to know your password.) If someone calls you and asks for your password, please report this by sending mail to email@example.com. If you receive electronic mail (email) from someone requesting your password (this includes support, systems, and root), please inform us immediately.
Never write your password down. Make your password unique but something you can remember so you don't have to write it down. If the piece of paper you write your password down on is stolen, your account will be compromised.
You can use "ssh", secure shell, to access the systems here. See the Offsite Access FAQ.
Miscellaneous Security Topics
- .rhosts File: We do not allow .rhosts files. A .rhosts file puts all login info needed to login to the remote system in a file (.rhosts). This includes the password. If your account is compromised, and you have a .rhosts file, the systems in the .rhosts file will be compromised also. For this reason, .rhosts files are automatically deleted.
- SUID Programs: SUID (Set User ID) files, when run, have the same access (UID) as the user running the program. You can tell a SUID file by the "s" in the permission line of a file, for example, -rwsr-s-x. SUID pose a great threat to your account. Let's say that Amy mails Bob and tells him to run a new "game" she has created. Bob, unsuspecting, runs the file and plays the game, but the game really isn't a game. Instead, it is a program with the SUID permission set which deletes all of Bob's files. This is possible since, with the SUID permission set, the commands in the "game" program are run as though Bob typed the commands himself! So, before you run a program, make sure the SUID permission is not set by typing ls -l <file_name>.
- Physical Security: You should always use a screen lock, or logout, if you have to leave your terminal. Never leave a computer with your login active. It only takes a few seconds for someone to go to a computer and delete or copy your files. When you enter your password, make sure nobody is looking over your shoulder. This may sound a little paranoid, but people have stolen passwords this way.
- Your Help: The Systems Group can not be everywhere nor watch everything. If you have reason to believe that your account has been compromised, or some other problem exists with MCS computer security, please notify firstname.lastname@example.org immediately. Thanks for your help! We need and appreciate it.