General CELS Questions
- 1 How can I leave a file for someone else to pick up via FTP?
- 2 What is the policy for creating or leaving files in the /home/ftp/incoming directory?
- 3 How do I recover files that I've deleted?
- 4 How do I delete files if my directory has exceeded its quota?
- 5 How do I change my password or login shell?
- 6 Where are the log files?
- 7 How do I get my name listed on the Staff Directory page?
- 8 How do I get my own homepage at CELS?
- 9 What are the general use compute servers for the division?
- 10 How can I keep my password secure?
How can I leave a file for someone else to pick up via FTP?
A project directory will need to be created by systems. Contact firstname.lastname@example.org to have the top-level directory created. They will direct you to the path to your files, as well as the FTP URL to give out.
What is the policy for creating or leaving files in the /home/ftp/incoming directory?
This is no longer allowed. If you need to transfer files incoming, please use Box
How do I recover files that I've deleted?
We make nightly, weekly and monthly snapshots of the entire home directory space of the NFS fileserver. Nightly snapshots are retained for one week, weekly snapshots for one month and monthly snapshots for one year. On the Linux workstations every home directory has a hidden snapshots directory at the following path: /home/<username>/.zfs/snapshot. You cannot see the .zfs directory, but you can list its contents and act on it by using the full path, for example:
login1% /homes/maxadam> ls -l .zfs total 2 dr-xr-xr-x 2 root root 2 Nov 3 2015 shares dr-xr-xr-x 25 root root 25 Oct 15 10:02 snapshot login1% /homes/maxadam
In the ~/.zfs/snapshot/ directory you will see a number of subdirectories named in the following format:
login1% /homes/maxadam> ls .zfs/snapshot zfs-auto-snap_daily-2018-10-07-15h02 zfs-auto-snap_daily-2018-10-15-15h02 zfs-auto-snap_monthly-2018-04-10-05h08 zfs-auto-snap_monthly-2018-10-10-15h02 zfs-auto-snap_daily-2018-10-09-15h02 zfs-auto-snap_monthly-2017-11-10-00h54 zfs-auto-snap_monthly-2018-05-10-05h08 zfs-auto-snap_weekly-2018-09-17-15h02 zfs-auto-snap_daily-2018-10-11-15h02 zfs-auto-snap_monthly-2017-12-10-00h54 zfs-auto-snap_monthly-2018-06-10-05h08 zfs-auto-snap_weekly-2018-09-24-15h02 zfs-auto-snap_daily-2018-10-12-15h02 zfs-auto-snap_monthly-2018-01-10-00h54 zfs-auto-snap_monthly-2018-07-10-05h08 zfs-auto-snap_weekly-2018-10-01-15h02 zfs-auto-snap_daily-2018-10-13-15h02 zfs-auto-snap_monthly-2018-02-10-00h54 zfs-auto-snap_monthly-2018-08-10-15h02 zfs-auto-snap_weekly-2018-10-08-15h02 zfs-auto-snap_daily-2018-10-14-15h02 zfs-auto-snap_monthly-2018-03-10-00h54 zfs-auto-snap_monthly-2018-09-10-15h02 login1% /homes/maxadam>Within those you will find a representation of your home directory as it was on that day.
So, to recover a file that was in your home directory on the Fourth of July at 6:17 PM named "foo" that was deleted sometime before the 11th of July one would simply issue the following command:
cp /homes/joeuser/.zfs/snapshot/zfs-auto-snap_daily-2013-07-04-18h17/foo /homes/joeuser/
You could, for convenience, set up a symlink to ~/.zfs/snapshot:
login1% /homes/maxadam> ln -s ~/.zfs/snapshot ~/BACKUPS login1% /homes/maxadam> ls -al BACKUPS lrwxrwxrwx 1 maxadam collab 28 Oct 15 12:15 BACKUPS -> /homes/maxadam/.zfs/snapshot login1% /homes/maxadam> ls BACKUPS/ zfs-auto-snap_daily-2018-10-07-15h02 zfs-auto-snap_daily-2018-10-15-15h02 zfs-auto-snap_monthly-2018-04-10-05h08 zfs-auto-snap_monthly-2018-10-10-15h02 zfs-auto-snap_daily-2018-10-09-15h02 zfs-auto-snap_monthly-2017-11-10-00h54 zfs-auto-snap_monthly-2018-05-10-05h08 zfs-auto-snap_weekly-2018-09-17-15h02 zfs-auto-snap_daily-2018-10-11-15h02 zfs-auto-snap_monthly-2017-12-10-00h54 zfs-auto-snap_monthly-2018-06-10-05h08 zfs-auto-snap_weekly-2018-09-24-15h02 zfs-auto-snap_daily-2018-10-12-15h02 zfs-auto-snap_monthly-2018-01-10-00h54 zfs-auto-snap_monthly-2018-07-10-05h08 zfs-auto-snap_weekly-2018-10-01-15h02 zfs-auto-snap_daily-2018-10-13-15h02 zfs-auto-snap_monthly-2018-02-10-00h54 zfs-auto-snap_monthly-2018-08-10-15h02 zfs-auto-snap_weekly-2018-10-08-15h02 zfs-auto-snap_daily-2018-10-14-15h02 zfs-auto-snap_monthly-2018-03-10-00h54 zfs-auto-snap_monthly-2018-09-10-15h02 login1% /homes/maxadam>
If you need something restored that was deleted more than one year ago you should contact mailto:email@example.com and we will try to restore it for you from backup tapes.
Our Tape backup retention policy is:
A currently existing file is always backed up.
We keep a backup of any file on the file system and 2 revisions of a file for a 120 day period. After a file has remained static for 30 days, the number of copies kept is reduced to 1.
When a file is deleted, the backup will remain for 120 days.
Please understand that the backups are intended for disaster recovery, whereas user-initiated archives are "forever" (where "forever" is the life of the tape.)
How do I delete files if my directory has exceeded its quota?
There is a known issue with many of the shared filesystems that we provide. They do not allow you to remove files to clean up a directory that has reached or exceeded its quota. The error you receive when this issue is present is:
rm: cannot remove `myfile': Disk quota exceeded
The workaround for this issue is to copy /dev/null into a few of the files that you wish to delete to create enough space in your filesystem to delete items using the normal utilities. The command to do this is:
cat /dev/null > /path/to/my/file
Only run this workaround on the login nodes.
How do I change my password or login shell?
CELS Workstation/e-mail/Accounts passwords and login shells are changed at https://accounts.mcs.anl.gov/. ANL Domain Account password can be changed at https://credentials.anl.gov/. If you don't know your old password, visit the Help Desk (240-2E15, 630-252-6813) to have it reset. We do not reset or send passwords via e-mail.
Where are the log files?
Check out /mcs/logs/.
How do I get my name listed on the Staff Directory page?
See Person Profiles for instructions
How do I get my own homepage at CELS?
You need an MCS workstation account and the public_html resource. You can request both of these at https://accounts.mcs.anl.gov/. This will create a directory for you on the webserver and link it into your workstation home directory so you can add and edit files accordingly. If you already have a public_html directory on your workstation account, it will be copied to the webserver first.
What are the general use compute servers for the division?
The CELS login nodes are for interactive login sessions, light work, and for SSHing to compute servers behind the firewall. Do not run compute-intensive jobs on login.mcs.anl.gov (aka login1 through login4). Instead, SSH to one of the machines below.
Supermicro X10QBi mainboard 4X Intel Xeon E7-4820 v2 @ 2.00GHz CPUs 1.5TB DDR3 1600Mhz Memory (96x16GB Modules) 1Gbit ethernet connected Ubuntu 14.04
2X Intel Xeon Gold 6130 CPU @ 2.10GHz 192GB DDR4 2666 MHz Memory (12x16GB Modules) 1Gbit ethernet connected Ubuntu 14.04
2X Intel Xeon Gold 6130 CPU @ 2.10GHz 192GB DDR4 2666 MHz Memory (12x16GB Modules) 1Gbit ethernet connected Ubuntu 16.04
Supermicro X8DTU mainboard 2x Intel E5520 Xeon CPUs 24GB DDR3 1066MHz Memory (6x4GB modules) 1Gbit ethernet connected Ubuntu 14.04
Supermicro H8QM8 mainboard 4x AMD 8216 Opteron CPUs 8GB DDR2 Memory 1Gbit ethernet connected Ubuntu 12.04.5
How can I keep my password secure?
The first and best line of defense against unauthorized access is the user's password. Your password should be changed IMMEDIATELY after arriving to CELS.
Even when passwords are encrypted, they can be guessed or "cracked", especially when they match a dictionary word or permutation. Here is brief advice for choosing good passwords and avoiding bad passwords.
Document DOE G 205.3-1 describes DOE guidelines, available at http://www.directives.doe.gov/
- Something easy for you to remember with at least eight (8) characters
- An acronym derived from the first letter of each word of a quotation or better yet, a nonsense phrase
- Avoid using simply modified words. Horribly misspell it and flip the cases of some letters if you need a word to remember.
DOE 205.3 Guidelines:
- Eight (8) non-blank characters
- A combination of
- Letters (preferably a mixture of upper and lowercase)
- At least one in first 7 positions
- First and last characters must be non-numeric
- Must not contain your name or username
- Any word in a dictionary (or simple permutation)
- single word
- word followed by digits
- word followed by digits followed by a single letter
- digits followed by word
- single letter followed by digits followed by word
- Your name in any form -- first, middle, last, maiden, spelled backwards, nickname or initials.
- Your username, or your username spelled backwards.
- Your phone or office number, address, birthday, or anniversary.
- Your license-plate number, your social-security number, or any all numeral password.
- Any words or names spelled forwards, backwards, or in a foreign language
- "Hacker/l337 5p33k" spellings: (eg. 43770 for "hello" or "l33t" for "elite")
- All digits or all the same letter or letter sequences found on keyboards.
- Passwords you have used anywhere else, or your previous two passwords here.
Never use the same password on different remote systems. Similarly, avoid falling into a recognizable pattern, such as always capitalizing all the vowels. If you have the same password at different sites, you compromise the security of all of the sites. If one site has a security break and your password is captured, the security break is now effectively at all the sites. If you learn of a security compromise at a remote site where you have an account, even if your passwords are different, please notify firstname.lastname@example.org.
Never give your password to anyone! Never tell anyone over the phone your password. Nobody in the Systems Group will ask for your password over the phone. (We can access your account without it. Systems never needs to know your password.) If someone calls you and asks for your password, please report this by sending mail to email@example.com. If you receive electronic mail (email) from someone requesting your password (this includes support, systems, and root), please inform us immediately.
Never write your password down. Make your password unique but something you can remember so you don't have to write it down. If the piece of paper you write your password down on is stolen, your account will be compromised.
You must use "ssh", secure shell, to access the systems here. See the Offsite Access FAQ.
Miscellaneous Security Topics
- .rhosts File: We do not allow .rhosts files. A .rhosts file puts all login info needed to login to the remote system in a file (.rhosts). This includes the password. If your account is compromised, and you have a .rhosts file, the systems in the .rhosts file will be compromised also. For this reason, .rhosts files are automatically deleted.
- SUID Programs: SUID (Set User ID) files, when run, have the same access (UID) as the user running the program. You can tell a SUID file by the "s" in the permission line of a file, for example, -rwsr-s-x. SUID pose a great threat to your account. Let's say that Amy mails Bob and tells him to run a new "game" she has created. Bob, unsuspecting, runs the file and plays the game, but the game really isn't a game. Instead, it is a program with the SUID permission set which deletes all of Bob's files. This is possible since, with the SUID permission set, the commands in the "game" program are run as though Bob typed the commands himself! So, before you run a program, make sure the SUID permission is not set by typing ls -l <file_name>.
- Physical Security: You should always use a screen lock, or logout, if you have to leave your terminal. Never leave a computer with your login active. It only takes a few seconds for someone to go to a computer and delete or copy your files. When you enter your password, make sure nobody is looking over your shoulder. This may sound a little paranoid, but people have stolen passwords this way.
- Your Help: The Systems Group can not be everywhere nor watch everything. If you have reason to believe that your account has been compromised, or some other problem exists with CELS computer security, please notify firstname.lastname@example.org immediately. Thanks for your help! We need and appreciate it.