General MCS Questions

Jump to: navigation, search

How can I leave a file for someone else to pick up via FTP?

What is the policy for creating or leaving files in the /home/ftp/incoming directory?

How do I recover files that I've deleted?

We make nightly snapshots of the entire NFS fileserver at just before midnight. Snapshots are retained for one week. On the Linux workstations every home directory has a link at ~/BACKUPS that points to that user's snapshots directory. In this directory you will see a subdirectory named for each day of the week and within those you will find a representation of your home directory as it was on that day. Additionally there is a directory called "Midday", this is a snapshot that is taken at Noon everyday.

So, to recover a file that was in your home directory on Monday named "foo" that was deleted on Tuesday one would simply issue the following command:

cp /homes/joeuser/BACKUPS/Monday/foo /homes/joeuser/

If you need something restored that's more than 7 days old you should contact mailto:systems@mcs.anl.gov and we will restore it for you from backup tapes.

Our backup retention policy is:

A currently existing file is always backed up.

We keep 7 revisions of a file over a 30 day period. After a file has remained static for 30 days, the number of copies kept is reduced to 1.

When a file is deleted, the backup will remain for 180 days.

Please understand that the backups are intended for disaster recovery, whereas user-initiated archives are "forever" (where "forever" is the life of the tape.)

MCS Workstation/e-mail/Accounts passwords and login shells are changed at https://www-accounts.mcs.anl.gov/account.php. On Windows workstations, you can change it by pressing CTRL-ALT-DEL, or at http://www-fp.mcs.anl.gov/computing/architectures/windows/offsite_passwd.htm, via a web browser. ANL Domain Account password can be changed at https://credentials.anl.gov/. If you don't know your old password, visit the Help Desk (221-B256, 630-252-6813) to have it reset. We do not reset or send passwords via e-mail.

Check out /mcs/logs/.

Go to https://accounts.mcs.anl.gov/resources.php and request the MCS Web User resource. This will give you an entry in the staff directory database and the ability to edit your own information using the forms at https://www.cels.anl.gov/adminforms/ Information on using the CELS Adminforms can be found at http://wiki.mcs.anl.gov/IT/index.php/CLSWeb/.

• smash.mcs.anl.gov
• crunch.mcs.anl.gov
• schwinn.mcs.anl.gov
• elephant.mcs.anl.gov
• triumph.mcs.anl.gov
• octagon.mcs.anl.gov
• octopus.mcs.anl.gov

The first and best line of defense against unauthorized access is the user's password. Your password should be changed IMMEDIATELY after arriving to MCS.

Password Advice

Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.

Document DOE G 205.3-1 describes DOE guidelines, available at http://www.directives.doe.gov/

Use

• Something easy for you to remember with eight (8) characters
• An acronym derived from the first letter of each word of your favorite quotation
• Avoid using simply modified words. Horribly misspell it if you need a word to remember.

DOE 205.3 Guidelines:

• Eight (8) non-blank characters
• A combination of
  1. Letters (preferably a mixture of upper and lowercase)
  2. Numbers
  3. At least one special non-alphanumeric character in first 7 positions
• First and last characters must be non-numeric
• Must not contain your name or username

Don't Use

• Any word in a dictionary (or simple permutation)
  1. single word
  2. word followed by digits
  3. word followed by digits followed by a single letter
  4. digits followed by word
  5. single letter followed by digits followed by word
• Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
• Your username, or your username spelled backwards.
• Your phone or office number, address, birthday, or anniversary.
• Your license-plate number, your social-security number, or any all numeral password.
• Any words or names spelled forwards, backwards, or in a foreign language
• "Hacker/l337 5p33k" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
• All digits or all the same letter or letter sequences found on keyboards.
• Passwords you have used anywhere else, or your previous two passwords here.

Never use the same password on different remote systems. Similarly, avoid falling into a recognizable pattern, say always capitalizing all the vowels. If you have the same password at different sites, you compromise the security of all of the sites. If one site has a security break and your password is captured, the security break is now effectively at all the sites. If you learn of a security compromise at a remote site where you have an account, even if your passwords are different, please notify systems@mcs.anl.gov.

Never give your password to anyone! Never tell anyone over the phone your password. Nobody in the Systems Group will ask for your password over the phone. (We can access your account without it. Systems never needs to know your password.) If someone calls you and asks for your password, please report this by sending mail to systems@mcs.anl.gov. If you receive electronic mail (email) from someone requesting your password (this includes support, systems, and root), please inform us immediately.

Never write your password down. Make your password unique but something you can remember so you don't have to write it down. If the piece of paper you write your password down on is stolen, your account will be compromised.

Remote Logins

You can use "ssh", secure shell, to access the systems here. See the Offsite Access FAQ.

Miscellaneous Security Topics

• .rhosts File: We do not allow .rhosts files. A .rhosts file puts all login info needed to login to the remote system in a file (.rhosts). This includes the password. If your account is compromised, and you have a .rhosts file, the systems in the .rhosts file will be compromised also. For this reason, .rhosts files are automatically deleted.

• SUID Programs: SUID (Set User ID) files, when run, have the same access (UID) as the user running the program. You can tell a SUID file by the "s" in the permission line of a file, for example, -rwsr-s-x. SUID pose a great threat to your account. Let's say that Amy mails Bob and tells him to run a new "game" she has created. Bob, unsuspecting, runs the file and plays the game, but the game really isn't a game. Instead, it is a program with the SUID permission set which deletes all of Bob's files. This is possible since, with the SUID permission set, the commands in the "game" program are run as though Bob typed the commands himself! So, before you run a program, make sure the SUID permission is not set by typing ls -l <file_name>.

• Physical Security: You should always use a screen lock, or logout, if you have to leave your terminal. Never leave a computer with your login active. It only takes a few seconds for someone to go to a computer and delete or copy your files. When you enter your password, make sure nobody is looking over your shoulder. This may sound a little paranoid, but people have stolen passwords this way.

• Your Help: The Systems Group can not be everywhere nor watch everything. If you have reason to believe that your account has been compromised, or some other problem exists with MCS computer security, please notify systems@mcs.anl.gov immediately. Thanks for your help! We need and appreciate it.

• Who are the ES&H Representatives for Building 221? (Word doc)
• What is MCS's QA plan? (Word doc)