General CELS Questions
- 1 How can I leave a file for someone else to pick up via FTP?
- 2 What is the policy for creating or leaving files in the /home/ftp/incoming directory?
- 3 How do I recover files that I've deleted?
- 4 How do I delete files if my directory has exceeded its quota?
- 5 How do I change my password or login shell?
- 6 Where are the log files?
- 7 How do I get my name listed on the Staff Directory page?
- 8 How do I get my own homepage at CELS?
- 9 What are the general use compute servers for the division?
- 10 How can I keep my password secure?
How can I leave a file for someone else to pick up via FTP?
A project directory will need to be created by systems. Contact email@example.com to have the top-level directory created. They will direct you to the path to your files, as well as the FTP URL to give out.
What is the policy for creating or leaving files in the /home/ftp/incoming directory?
- Anonymous ftp users can leave files there for you to pick up. They can connect to ftp.mcs.anl.gov and cd to "incoming".
- In the incoming directory, and its subdirectories, files deposited by Anonymous can not be read (get) by Anonymous.
- Most people with CELS accounts should be able to access the files from any CELS UNIX machine at the following path:
- The incoming directory is hidden so that files and directories can not be "seen" from the outside. So, for example, if you are connected via ftp and are in ftp://ftp.mcs.anl.gov/incoming and do an "ls" command, you will see nothing. Here's an example ftp session:
220 MCS FTP server is ready Name (ftp.mcs.anl.gov:max): anonymous 331 Anonymous login ok, send your complete email address as your password Password: 230 Anonymous access granted, restrictions apply Remote system type is UNIX. Using binary mode to transfer files. ftp> ftp> ls 229 Entering Extended Passive Mode (|||63589|) 150 Opening ASCII mode data connection for file list -rw-r----- 1 ftp ftp 384 Oct 25 2002 README -rw-r----- 1 ftp ftp 1230 Sep 24 2004 banner.msg -rw-r----- 1 ftp ftp 1230 Oct 6 2010 banner.txt drwxr-x--- 27 ftp ftp 20480 Jun 13 14:21 incoming drwxr-x--- 2 ftp ftp 4096 Sep 23 2004 lost+found drwxr-x--- 80 ftp ftp 4096 Jun 13 18:42 pub 226 Transfer complete ftp> ftp> cd incoming 250 CWD command successful ftp> ls 229 Entering Extended Passive Mode (|||61718|) 150 Opening ASCII mode data connection for file list 226 Transfer complete ftp>
- The incoming FTP directory is monitored and automatically cleaned up. A job runs daily that removes all empty directories. It also removes any file that is over 10 days old. If someone is sending you a file please stay on top of it so that the file doesn't get removed before it expires. So, if you want to create a directory for someone to put something into, you should put a README or .message file in the directory so that the otherwise empty directory continues to exist and your cohort can ftp the files into the directory for you to pick up. But note, if your cohort doesn't ftp you the files in 10 days, the directory (and your space filling file) will go away.
How do I recover files that I've deleted?
We make nightly and monthly snapshots of the entire home directory space of the NFS fileserver. Nightly snapshots are retained for one week, monthly for a year. On the Linux workstations almost every home directory has a link at ~/BACKUPS that points to that user's hidden snapshots directory. [If you do not see the BACKUPS directory alert firstname.lastname@example.org and we will set this up for you.] In this directory you will see a subdirectory named in the following format:
zfs-auto-snap_daily-2013-07-04-18h17 zfs-auto-snap_monthly-2013-06-23-18h17Within those you will find a representation of your home directory as it was on that day. Additionally there is a directory called "Midday", this is a snapshot that is taken at Noon everyday.
So, to recover a file that was in your home directory on the Fourth of July at 6:17 PM named "foo" that was deleted sometime before the 11th of July one would simply issue the following command:
cp /homes/joeuser/BACKUPS/zfs-auto-snap_daily-2013-07-04-18h17/foo /homes/joeuser/
If, for some reason, your "BACKUPS" folder was deleted, it's just a shortcut to ~/.zfs/snapshot, so you can recreate the link or simply substitute ".zfs/snapshot" for "BACKUPS" in the above directions.
If you need something restored that's more than 7 days old you should contact mailto:email@example.com and we will restore it for you from backup tapes.
Our Tape backup retention policy is:
A currently existing file is always backed up.
We keep 7 revisions of a file over a 30 day period. After a file has remained static for 30 days, the number of copies kept is reduced to 1.
When a file is deleted, the backup will remain for 180 days.
Please understand that the backups are intended for disaster recovery, whereas user-initiated archives are "forever" (where "forever" is the life of the tape.)
How do I delete files if my directory has exceeded its quota?
There is a known issue with many of the shared filesystems that we provide. They do not allow you to remove files to clean up a directory that has reached or exceeded its quota. The error you receive when this issue is present is:
rm: cannot remove `myfile': Disk quota exceeded
The workaround for this issue is to copy /dev/null into a few of the files that you wish to delete to create enough space in your filesystem to delete items using the normal utilities. The command to do this is:
cat /dev/null > /path/to/my/file
Only run this workaround on the login nodes.
How do I change my password or login shell?
CELS Workstation/e-mail/Accounts passwords and login shells are changed at https://accounts.mcs.anl.gov/. ANL Domain Account password can be changed at https://credentials.anl.gov/. If you don't know your old password, visit the Help Desk (240-2E15, 630-252-6813) to have it reset. We do not reset or send passwords via e-mail.
Where are the log files?
Check out /mcs/logs/.
How do I get my name listed on the Staff Directory page?
Contact Gail Pieper
How do I get my own homepage at CELS?
You need an MCS workstation account and the public_html resource. You can request both of these at https://accounts.mcs.anl.gov/. This will create a directory for you on the webserver and link it into your workstation home directory so you can add and edit files accordingly. If you already have a public_html directory on your workstation account, it will be copied to the webserver first.
What are the general use compute servers for the division?
The CELS login nodes are for interactive login sessions, light work, and for SSHing to compute servers behind the firewall. Do not run compute-intensive jobs on login.mcs.anl.gov (aka login1 through login4). Instead, SSH to one of the machines below.
Supermicro X10QBi mainboard 4X Intel Xeon E7-4820 v2 @ 2.00GHz CPUs 1.5TB DDR3 1600Mhz Memory (96x16GB Modules) 1Gbit ethernet connected
Supermicro X8DTU mainboard 2x Intel E5520 Xeon CPUs 24GB DDR3 1066MHz Memory (6x4GB modules) 1Gbit ethernet connected
Supermicro X7DBU mainboard 2x Intel E5430 Xeon CPUs 32GB DDR2 667MHz Memory (8x4GB modules) 1Gbit ethernet connected
Supermicro H8QM8 mainboard 4x AMD 8216 Opteron CPUs 8GB DDR2 Memory 1Gbit ethernet connected
How can I keep my password secure?
The first and best line of defense against unauthorized access is the user's password. Your password should be changed IMMEDIATELY after arriving to CELS.
Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.
Document DOE G 205.3-1 describes DOE guidelines, available at http://www.directives.doe.gov/
- Something easy for you to remember with at least eight (8) characters
- An acronym derived from the first letter of each word of a quotation or better yet, a nonsense phrase
- Avoid using simply modified words. Horribly misspell it and flip the cases of some letters if you need a word to remember.
DOE 205.3 Guidelines:
- Eight (8) non-blank characters
- A combination of
- Letters (preferably a mixture of upper and lowercase)
- At least one in first 7 positions
- First and last characters must be non-numeric
- Must not contain your name or username
- Any word in a dictionary (or simple permutation)
- single word
- word followed by digits
- word followed by digits followed by a single letter
- digits followed by word
- single letter followed by digits followed by word
- Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
- Your username, or your username spelled backwards.
- Your phone or office number, address, birthday, or anniversary.
- Your license-plate number, your social-security number, or any all numeral password.
- Any words or names spelled forwards, backwards, or in a foreign language
- "Hacker/l337 5p33k" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
- All digits or all the same letter or letter sequences found on keyboards.
- Passwords you have used anywhere else, or your previous two passwords here.
Never use the same password on different remote systems. Similarly, avoid falling into a recognizable pattern, such as always capitalizing all the vowels. If you have the same password at different sites, you compromise the security of all of the sites. If one site has a security break and your password is captured, the security break is now effectively at all the sites. If you learn of a security compromise at a remote site where you have an account, even if your passwords are different, please notify firstname.lastname@example.org.
Never give your password to anyone! Never tell anyone over the phone your password. Nobody in the Systems Group will ask for your password over the phone. (We can access your account without it. Systems never needs to know your password.) If someone calls you and asks for your password, please report this by sending mail to email@example.com. If you receive electronic mail (email) from someone requesting your password (this includes support, systems, and root), please inform us immediately.
Never write your password down. Make your password unique but something you can remember so you don't have to write it down. If the piece of paper you write your password down on is stolen, your account will be compromised.
You must use "ssh", secure shell, to access the systems here. See the Offsite Access FAQ.
Miscellaneous Security Topics
- .rhosts File: We do not allow .rhosts files. A .rhosts file puts all login info needed to login to the remote system in a file (.rhosts). This includes the password. If your account is compromised, and you have a .rhosts file, the systems in the .rhosts file will be compromised also. For this reason, .rhosts files are automatically deleted.
- SUID Programs: SUID (Set User ID) files, when run, have the same access (UID) as the user running the program. You can tell a SUID file by the "s" in the permission line of a file, for example, -rwsr-s-x. SUID pose a great threat to your account. Let's say that Amy mails Bob and tells him to run a new "game" she has created. Bob, unsuspecting, runs the file and plays the game, but the game really isn't a game. Instead, it is a program with the SUID permission set which deletes all of Bob's files. This is possible since, with the SUID permission set, the commands in the "game" program are run as though Bob typed the commands himself! So, before you run a program, make sure the SUID permission is not set by typing ls -l <file_name>.
- Physical Security: You should always use a screen lock, or logout, if you have to leave your terminal. Never leave a computer with your login active. It only takes a few seconds for someone to go to a computer and delete or copy your files. When you enter your password, make sure nobody is looking over your shoulder. This may sound a little paranoid, but people have stolen passwords this way.
- Your Help: The Systems Group can not be everywhere nor watch everything. If you have reason to believe that your account has been compromised, or some other problem exists with CELS computer security, please notify firstname.lastname@example.org immediately. Thanks for your help! We need and appreciate it.