General CELS Questions

From CELS IT Wiki

(Redirected from General MCS Questions)

Contents

How can I leave a file for someone else to pick up via FTP?

A project directory will need to be created by systems. Contact systems@mcs.anl.gov to have the top-level directory created. They will direct you to the path to your files, as well as the FTP URL to give out.

What is the policy for creating or leaving files in the /home/ftp/incoming directory?

This is no longer allowed. If you need to transfer files incoming, please use Box

How do I recover files that I've deleted?

We make nightly, weekly and monthly snapshots of the entire home directory space of the NFS fileserver. Nightly snapshots are retained for one week, weekly snapshots for one month and monthly snapshots for one year. On the Linux workstations every home directory has a hidden snapshots directory at the following path: /home/<username>/.zfs/snapshot. You cannot see the .zfs directory, but you can list its contents and act on it by using the full path, for example:

login1% /homes/maxadam> ls -l .zfs
total 2
dr-xr-xr-x  2 root root  2 Nov  3  2015 shares
dr-xr-xr-x 25 root root 25 Oct 15 10:02 snapshot
login1% /homes/maxadam

In the ~/.zfs/snapshot/ directory you will see a number of subdirectories named in the following format:

zfs-auto-snap_<daily|monthly>-YYYY-MM-DD-HHhMM

For example:

login1% /homes/maxadam> ls .zfs/snapshot
zfs-auto-snap_daily-2018-10-07-15h02  zfs-auto-snap_daily-2018-10-15-15h02    zfs-auto-snap_monthly-2018-04-10-05h08  zfs-auto-snap_monthly-2018-10-10-15h02
zfs-auto-snap_daily-2018-10-09-15h02  zfs-auto-snap_monthly-2017-11-10-00h54  zfs-auto-snap_monthly-2018-05-10-05h08  zfs-auto-snap_weekly-2018-09-17-15h02
zfs-auto-snap_daily-2018-10-11-15h02  zfs-auto-snap_monthly-2017-12-10-00h54  zfs-auto-snap_monthly-2018-06-10-05h08  zfs-auto-snap_weekly-2018-09-24-15h02
zfs-auto-snap_daily-2018-10-12-15h02  zfs-auto-snap_monthly-2018-01-10-00h54  zfs-auto-snap_monthly-2018-07-10-05h08  zfs-auto-snap_weekly-2018-10-01-15h02
zfs-auto-snap_daily-2018-10-13-15h02  zfs-auto-snap_monthly-2018-02-10-00h54  zfs-auto-snap_monthly-2018-08-10-15h02  zfs-auto-snap_weekly-2018-10-08-15h02
zfs-auto-snap_daily-2018-10-14-15h02  zfs-auto-snap_monthly-2018-03-10-00h54  zfs-auto-snap_monthly-2018-09-10-15h02
login1% /homes/maxadam> 
Within those you will find a representation of your home directory as it was on that day.

So, to recover a file that was in your home directory on the Fourth of July at 6:17 PM named "foo" that was deleted sometime before the 11th of July one would simply issue the following command:

cp /homes/joeuser/.zfs/snapshot/zfs-auto-snap_daily-2013-07-04-18h17/foo /homes/joeuser/

You could, for convenience, set up a symlink to ~/.zfs/snapshot:

login1% /homes/maxadam> ln -s ~/.zfs/snapshot ~/BACKUPS
login1% /homes/maxadam> ls -al BACKUPS
lrwxrwxrwx 1 maxadam collab 28 Oct 15 12:15 BACKUPS -> /homes/maxadam/.zfs/snapshot
login1% /homes/maxadam> ls BACKUPS/
zfs-auto-snap_daily-2018-10-07-15h02  zfs-auto-snap_daily-2018-10-15-15h02    zfs-auto-snap_monthly-2018-04-10-05h08  zfs-auto-snap_monthly-2018-10-10-15h02
zfs-auto-snap_daily-2018-10-09-15h02  zfs-auto-snap_monthly-2017-11-10-00h54  zfs-auto-snap_monthly-2018-05-10-05h08  zfs-auto-snap_weekly-2018-09-17-15h02
zfs-auto-snap_daily-2018-10-11-15h02  zfs-auto-snap_monthly-2017-12-10-00h54  zfs-auto-snap_monthly-2018-06-10-05h08  zfs-auto-snap_weekly-2018-09-24-15h02
zfs-auto-snap_daily-2018-10-12-15h02  zfs-auto-snap_monthly-2018-01-10-00h54  zfs-auto-snap_monthly-2018-07-10-05h08  zfs-auto-snap_weekly-2018-10-01-15h02
zfs-auto-snap_daily-2018-10-13-15h02  zfs-auto-snap_monthly-2018-02-10-00h54  zfs-auto-snap_monthly-2018-08-10-15h02  zfs-auto-snap_weekly-2018-10-08-15h02
zfs-auto-snap_daily-2018-10-14-15h02  zfs-auto-snap_monthly-2018-03-10-00h54  zfs-auto-snap_monthly-2018-09-10-15h02
login1% /homes/maxadam> 

If you need something restored that was deleted more than one year ago you should contact mailto:systems@mcs.anl.gov and we will try to restore it for you from backup tapes.

Our Tape backup retention policy is:

A currently existing file is always backed up.

We keep a backup of any file on the file system and 2 revisions of a file for a 120 day period. After a file has remained static for 30 days, the number of copies kept is reduced to 1.

When a file is deleted, the backup will remain for 120 days.

Please understand that the backups are intended for disaster recovery, whereas user-initiated archives are "forever" (where "forever" is the life of the tape.)

How do I delete files if my directory has exceeded its quota?

There is a known issue with many of the shared filesystems that we provide. They do not allow you to remove files to clean up a directory that has reached or exceeded its quota. The error you receive when this issue is present is:

rm: cannot remove `myfile': Disk quota exceeded

The workaround for this issue is to copy /dev/null into a few of the files that you wish to delete to create enough space in your filesystem to delete items using the normal utilities. The command to do this is:

cat /dev/null > /path/to/my/file

Only run this workaround on the login nodes.

How do I change my password or login shell?

CELS Workstation/e-mail/Accounts passwords and login shells are changed at https://accounts.mcs.anl.gov/. ANL Domain Account password can be changed at https://credentials.anl.gov/. If you don't know your old password, visit the Help Desk (240-2E15, 630-252-6813) to have it reset. We do not reset or send passwords via e-mail.

Where are the log files?

Check out /mcs/logs/.

How do I get my name listed on the Staff Directory page?

Contact Gail Pieper

How do I get my own homepage at CELS?

You need an MCS workstation account and the public_html resource. You can request both of these at https://accounts.mcs.anl.gov/. This will create a directory for you on the webserver and link it into your workstation home directory so you can add and edit files accordingly. If you already have a public_html directory on your workstation account, it will be copied to the webserver first.

What are the general use compute servers for the division?

The CELS login nodes are for interactive login sessions, light work, and for SSHing to compute servers behind the firewall. Do not run compute-intensive jobs on login.mcs.anl.gov (aka login1 through login4). Instead, SSH to one of the machines below.

64bit machines:


  • compute001.mcs.anl.gov
Supermicro X10QBi mainboard
4X Intel Xeon E7-4820 v2 @ 2.00GHz CPUs
1.5TB DDR3 1600Mhz Memory (96x16GB Modules)
1Gbit ethernet connected 

  • thwomp.mcs.anl.gov
  • stomp.mcs.anl.gov
Supermicro X8DTU mainboard
2x Intel E5520 Xeon CPUs
24GB DDR3 1066MHz Memory (6x4GB modules)
1Gbit ethernet connected

  • crush.mcs.anl.gov
  • crank.mcs.anl.gov
  • steamroller.mcs.anl.gov
  • grind.mcs.anl.gov
  • churn.mcs.anl.gov
  • trounce.mcs.anl.gov
  • thrash.mcs.anl.gov
  • vanquish.mcs.anl.gov
Supermicro X7DBU mainboard
2x Intel E5430 Xeon CPUs
32GB DDR2 667MHz Memory (8x4GB modules)
1Gbit ethernet connected

32bit machines:


  • octagon.mcs.anl.gov
  • octopus.mcs.anl.gov
Supermicro H8QM8 mainboard
4x AMD 8216 Opteron CPUs
8GB DDR2 Memory
1Gbit ethernet connected


TEST VM:


  • vx-test.mcs.anl.gov
4 vCPU/cores (E5520)
4GB Memory
Ubuntu 16.04 (does not have full set of software in softenv)

How can I keep my password secure?

The first and best line of defense against unauthorized access is the user's password. Your password should be changed IMMEDIATELY after arriving to CELS.

Password Advice

Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.

Document DOE G 205.3-1 describes DOE guidelines, available at http://www.directives.doe.gov/

Use

  • Something easy for you to remember with at least eight (8) characters
  • An acronym derived from the first letter of each word of a quotation or better yet, a nonsense phrase
  • Avoid using simply modified words. Horribly misspell it and flip the cases of some letters if you need a word to remember.

DOE 205.3 Guidelines:

  • Eight (8) non-blank characters
  • A combination of
    1. Letters (preferably a mixture of upper and lowercase)
    2. Numbers
    3. At least one special non-alphanumeric character in first 7 positions
  • First and last characters must be non-numeric
  • Must not contain your name or username

Don't Use

  • Any word in a dictionary (or simple permutation)
    1. single word
    2. word followed by digits
    3. word followed by digits followed by a single letter
    4. digits followed by word
    5. single letter followed by digits followed by word
  • Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
  • Your username, or your username spelled backwards.
  • Your phone or office number, address, birthday, or anniversary.
  • Your license-plate number, your social-security number, or any all numeral password.
  • Any words or names spelled forwards, backwards, or in a foreign language
  • "Hacker/l337 5p33k" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
  • All digits or all the same letter or letter sequences found on keyboards.
  • Passwords you have used anywhere else, or your previous two passwords here.

Never use the same password on different remote systems. Similarly, avoid falling into a recognizable pattern, such as always capitalizing all the vowels. If you have the same password at different sites, you compromise the security of all of the sites. If one site has a security break and your password is captured, the security break is now effectively at all the sites. If you learn of a security compromise at a remote site where you have an account, even if your passwords are different, please notify systems@mcs.anl.gov.

Never give your password to anyone! Never tell anyone over the phone your password. Nobody in the Systems Group will ask for your password over the phone. (We can access your account without it. Systems never needs to know your password.) If someone calls you and asks for your password, please report this by sending mail to systems@mcs.anl.gov. If you receive electronic mail (email) from someone requesting your password (this includes support, systems, and root), please inform us immediately.

Never write your password down. Make your password unique but something you can remember so you don't have to write it down. If the piece of paper you write your password down on is stolen, your account will be compromised.

Remote Logins

You must use "ssh", secure shell, to access the systems here. See the Offsite Access FAQ.

Miscellaneous Security Topics

  • .rhosts File: We do not allow .rhosts files. A .rhosts file puts all login info needed to login to the remote system in a file (.rhosts). This includes the password. If your account is compromised, and you have a .rhosts file, the systems in the .rhosts file will be compromised also. For this reason, .rhosts files are automatically deleted.
  • SUID Programs: SUID (Set User ID) files, when run, have the same access (UID) as the user running the program. You can tell a SUID file by the "s" in the permission line of a file, for example, -rwsr-s-x. SUID pose a great threat to your account. Let's say that Amy mails Bob and tells him to run a new "game" she has created. Bob, unsuspecting, runs the file and plays the game, but the game really isn't a game. Instead, it is a program with the SUID permission set which deletes all of Bob's files. This is possible since, with the SUID permission set, the commands in the "game" program are run as though Bob typed the commands himself! So, before you run a program, make sure the SUID permission is not set by typing ls -l <file_name>.
  • Physical Security: You should always use a screen lock, or logout, if you have to leave your terminal. Never leave a computer with your login active. It only takes a few seconds for someone to go to a computer and delete or copy your files. When you enter your password, make sure nobody is looking over your shoulder. This may sound a little paranoid, but people have stolen passwords this way.
  • Your Help: The Systems Group can not be everywhere nor watch everything. If you have reason to believe that your account has been compromised, or some other problem exists with CELS computer security, please notify systems@mcs.anl.gov immediately. Thanks for your help! We need and appreciate it.

Personal tools