Web template
updated by
Christopher Spry
2 May 2014

Guide for configuring an SGI Indy with IRIX 6.5

This 'idiot's guide' (I refer to myself) was started on 8 July 1998 because I could never remember the simple things about administering my Indy. This guide is designed for people setting up an Indy for the first time and who want to make best use of it. It contains settings that I have found to work well on my SGI `Indy' running IRIX 6.*. Please email cspry@cspry.co.uk with corrections and suggestions.

Index:


Books and information on IRIX

'Wired' has information, dated 26 November 2004 about enthusiasts and others who can help those who are using older SGI computers and software. This is particularly useful, now that this has become an area outside the mainstream of computing.

There are HTML and PDF files on using and administering IRIX at the SGI 'Technical Publications Library' which is the premier resource for help in using IRIX. It includes the Indy Workstation Owner's Guide, Desktop User's Guide and the 'IRIX Admin' series of books. These were restructured in May 1999 and are written in detail for novices and experts alike. You can search by operating system level. So, if you are using IRIX 6.5, there are technical and user manuals. If you are using other versions of IRIX, click on the tab for that IRIX version. Find information by typing an entry in the keyword search dialogue box, then clicking on 'search'. It is well laid out and an essential 'first' source of assistance for IRIX administrators. 

There are some skilled and helpful SGI support people on the Usenet newsgroups comp.sys sgi.admin, comp.sys sgi.announce, comp.sys sgi.apps, comp.sys sgi.audio, comp.sys sgi.bugs, comp.sys sgi.graphics, comp.sys sgi.hardware, comp.sys sgi.marketplace and comp.sys sgi.misc. If you post a problem there, they will expect you to have already made some efforts to find the solutions to your problems and answers to your questions, before they will help. New users are usually treated quite 'gently', provided they explain their problem clearly and are courteous.

Type 'man insight' for man pages on /usr/sbin/insight


Obtaining information about the Indy and its software:

Type in a shell:

'/sbin/hinv' (The hardware 'inventory')

'/sbin/uname -a' (The operating system, computer name etc.)
'/sbin/uname -R (The version of IRIX and the current stream 'm' or 'f'. 'm' is the 'maintenance' stream with bug fixes and support  for new hardware and hardware upgrades. The 'feature' stream is the same as the 'maintenance' stream but also provides new software features. I use 'f').

'/sbin/nvram' (The non-volatile memory 'variables', including the ethernet address which is used by Silicon Graphics to identify the computer and register it for software and/or hardware support. This is of the form 'eaddr=xx:xx:xx:xx:xx:xx'). If it is corrupted (shows ff:ff:ff:ff:ff:ff), you can update it with the correct ethernet settings. This setting in important as it is used by SGI to identify the computer for customer sales and support issues.

'/etc/sysinfo -s' (The 'system ID number', which is the numeric form of the ethernet address obtained using '/sbin/nvram eaddr'. SGI may prefer you to use this number to 'define' your computer, when you contact them.)

'/usr/sbin/versions -b' will list in 'brief' format the software that is installed on the computer. 'man versions' will give many options about software installation using 'versions' and related programs). See my list of installed software.

Detailed information on Indy hardware is available at Reputable Systems.


4Dwmrc desktop

This is the default desktop when a user logs in.

          Customizing the login 'home session'

Click on 'ToolChest | Desktop | Customize | Language' to alter, using a graphical user interface, the 'user' or 'default' settings of 'Country', 'Language', 'Keyboard' type and 'Timezone'. There is further information about the various options at http://support.sgi.com/surfzone/content/pipeline/html/19990301Locale.html Then open applications and move icons to where you want them as a 'default'. Once you have set up the desktop the way that you want it, with the icons and open applications in the right place for you, you can 'save' the settings ('set the home session') so that they are provided next time you login. To save the settings, at any time, click on the Toolchest's 'Desktop | Customize | Windows | Save Windows & Desks 'Explicitly' and click on 'Set Home Session' so that you will return to the current desktop when you login again. It will also save you from several problems if your system crashes while you are logged in, when you might otherwise lose your current login session settings.

Note that the file that controls the contents of the Toolchest (its resource description file) is '\usr\lib\X11\system.chestrc'. This file can be edited to add or remove items from the toolchest. Make a backup first.

Shortcuts

I made three shortcut-key combinations to enable me to use `alt-1', `alt-2' and `alt-3' to switch between three desktops called 'System', 'Editing' and 'Netscape' which I had already setup using the 'Toolchest' | 'Desks Overview'. First I copied the /usr/lib/X11/system.4Dwmrc file to ~myuser/.4Dwmrc. (~myuser is my user directory). I edited out all the sections that covered OSF configurations, leaving those for SGI. I added the lines:

#change desktops.
Alt<Key>1 root|icon|window f.switch_desk "System"
Alt<Key>2 root|icon|window f.switch_desk "Editing"
Alt<Key>3 root|icon|window f.switch_desk "Netscape"
#Alt<Key>4 root|icon|window f.switch_desk "Desk 4"
#Alt<Key>5 root|icon|window f.switch_desk "Desk 5"
#Alt<Key>6 root|icon|window f.switch_desk "Desk 6"
#Alt<Key>7 root|icon|window f.switch_desk "Desk 7"
#Alt<Key>8 root|icon|window f.switch_desk "Desk 8"

and logged in again. Now ‘alt-3' opened the ‘Netscape' desktop, etc. After doing this, I clicked on Toolchest's 'Desktop | Customize | Windows | Save Windows & Desks 'Explicitly' and 'Set Home Session'. I could create other desktops: 4, 5 etc. To access them, I would remove the '#' from the lines above and give the desktops other names.


Boot-time messages

Sometimes it is useful to 'capture' boot-time messages, for viewing later. This is not available by default in IRIX. Dave Olson has advised that 'One method to catch all the script output [when the computer boots] is to simply modify /etc/inittab to do something like (untested, but should be basically correct):

s2:23:wait:/etc/rc2 | tee -a /var/adm/bootlog >/dev/console 2>&1 </dev/console

You could something similar within /etc/rc2, of course, but then you would have to repeat it every time you update your software.

You can do something similar with the bcheckrc and brc lines

The early prom messages and kernel messages that either do not make it into the log, or are so verbose as to overflow it before syslogd starts would require setting the console to the serial console, and having a logging terminal emulator of some kind.


Booting an Indy without a keyboard, mouse or monitor

If you have a spare Indy 'box' that you want to sit in a corner and work for you in conjunction with other computers, but without a keyboard, mouse or monitor attached, you can do so. Then use other computers to telnet to the Indy and administer and use it. 

Start the PROM monitor with a keyboard, mouse and monitor attached to the Indy and type:

setenv nogfxkbd true
setenv console d

Then unplug the keyboard, mouse and monitor and restart the Indy and after it has had time to boot, telnet to an account already setup there. The 'setenv' options are described in more detail in the 'man' pages on 'prom', which is where other system variables are set, such as the loudness of the speaker at boot time.


cron

This provides a way to run programs automatically in the future, once or many times.

The entries that are used by 'root' are in the file called '/var/spool/cron/crontabs/root', which can be edited directly, (but see below). Make a copy of the file first, called 'root.def', then, after editing the file, make 'cron' read root's altered cron file by typing in a shell:

/etc/init.d/cron stop; /etc/init.d/cron start

It is preferable for users to run their own cron jobs. To do so, first, type in the user's home directory:

crontab -l > cronfile

The 'l' is an 'elle' to 'list' the jobs already set up. If you leave out the 'elle', all of this user's cron jobs already setup will be deleted, so take care! There may be none, in which case, there will be an error message but an empty file called 'cronfile' will be created in ~loginname. Edit '~loginname/cronfile' and add lines of commands for cron to execute. Read 'man cron' to learn more. The first part of the line contains the minute, hour, day, month, and day of the week when the job is to run. These are separated by 'tabs'. The rest of the line contains the commands. A command can be tested by entering it in a Bourne shell (type 'sh' <return> in any other type of shell, to start the Bourne shell) and seeing if it runs. 'cron' is run by default in the Bourne shell, so you should always test cron jobs using the Bourne shell, not other shells which may give misleading errors messages. Several commands can be entered on one line, with a ';' (semicolon) between them. e.g.:

0 20 * * 1    cp /tmp/aa /tmp/bb; cp /tmp/bb /tmp/aa

will copy 'aa' to 'bb' and back again at 20:00 on Mondays. The '*' means 'all' and hours are '1-24'. Several entries are separated by ',' ('comma') , so '1,2' in the month section means 'January' and 'February'. Use the full path names for files, or use 'cd directory;' at the start of the list of commands, if all the commands are to run in 'directory'.

When you are sure that all the jobs are entered correctly, type 'crontab cronfile'. This will overwrite all the cron jobs that you have already setup, with the jobs listed in 'cronfile'. Then make a copy of 'cronfile' called 'cronfile.def' in case you forget to type 'crontab' with an 'elle', later on. Type 'crontab -l' to list all your jobs. Do not forget that 'elle'!. Finally restart the 'cron' daemon with the command:

/etc/init.d/cron stop; /etc/init.d/cron start

The standard output and standard error of commands in cron jobs, which are not piped or redirected elsewhere, are sent as emails to the owner of the cron job. You can prevent emails being sent by redirecting to '/dev/null' the command's standard output: '1>/dev/null' or the command's standard error: '2>/dev/null' or both: '>/dev/null 2>&1'. 

You can run these kinds of jobs just once, at a set time using the 'at' command. See how to do this by typing 'man at'. 

Using cron to back up users' files daily

Here is an example of how I use cron. I set up cron so that each weekday evening, at 19:00 a compressed 'tar' file called '/usr/people.tar.gz' is made of all the users' files in '/usr/people'. The files are compressed by about 50%. The program it uses is GNU's 'gtar'. '/usr/people.tar.gz' is then copied at 20:00, using Samba's 'smbtar', to a PC running Windows NT, elsewhere on the network. I use WinZip v 7 service pack 1 on the PC to open 'people.tar.gz' and extract any files that I need to recover.
The entry in my '/var/spool/cron/crontabs/root' to create the '/usr/people.tar.gz' file is:

0 19 * * 1,2,3,4,5 '/usr/bin/gtar czf /usr/people.tar.gz /usr/people > /dev/null 2>&1 (one long line)

The entry in '/var/spool/cron/crontabs/myuser' (my login is 'myuser') that copies on Mondays at 20:00 the '/usr/people.tar.gz' file to my PC (called 'mypc', share 'mypc_d', password 'mypassword', user 'myuser') is: 

0 20 * * 1 cd /usr; /usr/local/samba/bin/smbclient //mypc/mypc_d mypassword -U myuser -c 'put people.tar.gz ; del people.tar.gz.Mon ; rename people.tar.gz people.tar.gz.Mon' >/dev/null 1>&2' (one long line)

I have four more similar lines in '/var/spool/cron/crontabs/myuser' for the other four weekdays, so that there are five daily backups of the users' files on the PC at any one time. In them, I have replaced the '1' with '2', '3', '4' and '5'. You can make more backup files, if you need to, by making a line that specifies the month and so on. If you want to follow this approach, to save time you can use 'nedit' as 'root', to open your cron files. Make a backup of the original files first! Then cut and past the above lines into the files.  Customize the lines to suit your needs.


Directory listings

'ls -al' is the standard one in alphabetical order including 'hidden' files (.files).
'ls -alcr' gives a listing with the last file which has been altered, at the bottom of the list. 
I have set up an alias for 'ls -alcr' called 'd', to save me remembering the command. You can type this in a shell at any time: 'alias d 'ls -alcr', then use 'd' for the rest of that login session. If an alias is in a muddle, type 'alias ls ls' to set 'ls', for example, back to its default setting. 


email

starting and stopping  `mail' (mediamail)

Run in a shell ‘/etc/init.d/mail stop' then ‘/etc/init.d/mail start', to do each separately,
or  ‘/etc/init.d/mail stop; /etc/init.d/mail start' to run both 'stop' and 'start'.

`Vacation' message

I setup the Indy so that it could send replies to email messages when I was away. I followed the instructions in ‘man vacation'. The message is in ‘.vacation.msg' ready to use. The databases that /usr/sbin/vacation' will use was setup by invoking /usr/sbin/vacation –I'. These are ‘.vacation.dir and .vacation.pag'. I prepared a ‘.forward.vacation' file containing the line: \myuser "|/usr/sbin/vacation myuser" (my login name is 'myuser'). To use the ‘vacation' facility just copy ‘.forward.vacation' to ‘.forward'.


ftp automatic downloads

It is possible to use ‘at' and a script to ftp download files automatically to the Indy at say 02:00. Further details can be found by `man ftp'.

(a) Make a file in ~myuser (my login name is 'myuser') called ‘.netrc' containing the line:

default login anonymous password cspry@cspry.co.uk (use your own email here)

This should be set to chmod 600 and will login to any anonymous ftp resource.

(b) a script in the directory where I want the file downloaded called ‘ftp.input' containing the lines:

lcd
lcd mydirectory
cd pub/whatever
bin
hash
reget thefiletodownload

( c) start the ftp command at 02:00 by first logging to ~myuser/mydirectory, then entering in a shell:

at 02:00         (use a generic ‘at time date' e.g. ‘at 14:42 Mar 22')
ftp ftp-europe.sgi.com < ftp.input
^D

This runs as a cron job without any user being logged in. You can see what jobs are ready to run using the command

at -l.

I edited /etc/cron.d files ‘at.allow' and ‘at.deny' to say that only ‘myuser' could run ‘at' commands. The cron job will run, even when no one is logged in.


Installing software from IRIX CDs

Each version of IRIX comes as a set of CDs. There is a 'Major' release of IRIX, once every two years or so. Currently the latest release for the Indy is IRIX 6.5 . Every few months a set of 'Intermediate' release CDs are sent out, called IRIX 6.5.1, 6.5.2 etc.. These contain information on all the components on the 'Major' release and the updated software for the 'Intermediate' release. You can throw away earlier 'Intermediate' releases once you have the later 'Intermediate' release CDs. As you may have to use some of the CDs from the 'Major' release with the 'Intermediate' release CDs, keep all of them, as well as the latest 'Intermediate' CDs.

Unfortunately, the CDs are not provided with printed versions of what they contain. This information is given in files on the CDs. The easiest way to read these, is to put the first of the latest IRIX CDs into the CD drive. For example, use the ‘IRIX 6.5.2 Installation tools and overlays (1 of 2) November 1998' CD. You can view these files using a web browser on the IRIX computer or on a networked PC. I used the second method. I mapped the CD-ROM drive on my Indy called 'sprysgi' to drive ‘I:' on my Windows computer, by typing in a DOS shell on the PC 'net use i: \\sprysgi\CDROM'. I opened in a web browser on the Windows computer I:\WhatsNew\cd.products.html. This listed all the products on each of the current CDs, including the 'Major' release products. I searched the list for the products I needed and made a note of which CD they were on. Then I started 'swmgr' on the IRIX computer and  installed the selected applications after 'adding' all of the CDs I noted above, to the installation.

Listing the software that has been installed

I maintain a text 'log' file which lists what software I have installed on my system. Details of what an installation from CD has done to a system is recorded in '/var/inst/INSTLOG'. The software manager software 'swmgr' includes several programs (showprods, showfiles etc.) to provide details of programs and files installed. 'showprods -n' on subsystems will show which files were installed from overlays vs. the base. If there are no overlays, as is often the case with the apps, just do showfiles on the list of subsystems. 'exitop' actions are also listed in '/var/inst/INSTLOG', although, since they sometimes invoke temporary scripts, you can not always see the total effect. Also see 'showprods -o -3' to get subsystem lists that have overlays applied. You can also set high verbosity and simply capture the output from 'inst'. This is harder to do with 'swmgr'. See 'set show_files' 'set verbosity' 'set trace' (the last is very verbose) from within 'inst' or 'swmgr'. If you want full details of what 'inst' does to a system, you can install the system audit trail software 'sat' and track all file modifications of any kind on the system, but the log file can be large, and 'sat' does reduce the system's performance.

In summary: 'showprods | grep 07/14/1999 > aa' will list the software installed on 14 July 1999 and write the list to file 'aa', which you can incorporate into your text 'log' file of the system and changes.


IRIX 6.5 and updates

IRIX 6.5 was shipped to me at the end of July 1998. Details of how to install it are at http://support.sgi.com/6.5/index.html. IRIX 6.5.2, which is an 'intermediate' (bug fix) release, was shipped in November 1998. This is worth installing if you have 6.5 already installed. It comes on two CDs. There is a dedicated 'IRIX 6.5 area' at the SGI support site, where you can download the latest IRIX 6.5.* release. Information on installing IRIX 6.5 to a new system disk are available at SGI and in Holland by Ian Mapleson.


Logged in users

'last' will interrogate the /var/adm/wtmp file which records all logins and will print a list. It will show who is currently logged in.
'finger @host.name' will give information on people connected to 'host.name'.


Login defaults

If you would like the 'C shell' login to show, for everyone

(a) whether you have 'new' mail and
(b) display unformatted pages with 'awf'
(c) have 'file completion' so that pressing 'esc esc' will complete an entered name

cut and paste the following lines into the system's /etc/cshrc file:

#
# /etc/cshrc - Default settings for all csh users
#
# This is 'sourced' before $HOME/.cshrc, which in turn precedes $HOME/.login
# when a csh user logs in or invokes /bin/su with the `-' option.
# Tell the shell to print the '/etc/motd', look for mail and show ‘You have new mail'
if (! $?MAIL) setenv MAIL /var/mail/$USER
set mail=$MAIL
if (! $?ENVONLY) then
      # Print the message of the day.
      cat -s /etc/motd
      # Check for 'mail' and 'new mail'
      /bin/perl -e '$mail = $ENV{"MAIL"}; \
              if (-s $mail) \
                {printf ("You have %smail\n", (-M _ < -A _ ? "new " : ""));}'
              endif
endif
setenv MSGVERB text:action
setenv NOMSGLABEL 1
setenv NOMSGSEVERITY 1
# Set unformatted man pages to be displayed using 'awf'
setenv MANFMTCMD 1
set filec

Note that (a) requires the presence of 'perl'. Install it if necessary from one of the free distributions, see perl5 below.


Login scripts for `telnet' and `ftp' and `message of the day'.

The 'telnet' login script, which is provided when you login, is in `/etc/issue'. The `ftp' login script is in `/usr/people/ftp/README' and the 'message of the day' is in `/etc/motd'. you can edit these files to give messages to people when they telnet, use ftp or log into the computer.


Networking

Your computer's name, IP address and the DNS servers that it uses

The name of the SGI computer is held in '/etc/sys_id'. This can be altered with an editor. Mine contains the line 'sprysgi.sghms.ac.uk', without the apostrophes. Make a backup of the file first, such as 'sys_id.def'. (Always do this before you edit a file. Only delete the '*def' file when you have shown that the new file works properly.)

The IP address of the computer is set in '/etc/hosts'. Type in a shell 'man hosts' to find out more. Edit '/etc/hosts' so that it contains the host names and IP addresses of your own computer and the computers that you connect to often. Do not add computer names and IP addresses if they change often, unless you are prepared to alter them manually in this file. Your DNS server will contain the names and IP addresses of the computers you can connect to. It must contain the name and IP address of your computer, if TCP/IP is to work properly for you and people who want to connect to or send items to your computer. 

The DNS servers are listed in /etc/resolv.conf. Each DNS server should be on a separate line of the form:

    nameserver 192.153.12.1
    nameserver 192.153.12.2

Local resources

Use 'nsloookup' to find the following TCP/IP resources on your network

First type 'nslookup'. Then, at the '>' prompt type:

> ls -t cname sghms.ac.uk      (This gives the `canonical names' at domain 'sghms.ac.uk')

> ls -t mx sghms.ac.uk    (This gives the `mail exchangers' for `sghms.ac.uk')

> ls -t ns sghms.ac.uk   (This gives the `name servers' at `sghms.ac.uk')

> ls -t soa sghms.ac.uk    (This gives the sghms.ac.uk 'start-of-authority' at `sghms.ac.uk')

End the 'nslookup' session by entering 'ctrl-D'


NVRAM, reprogramming in the non-volatile ethernet address

If you have a maintenance contract with SGI, they will do this for you. If you want to do this yourself, Soren S. Jorvang has explained how to correct an invalid code (MAC address) for an Indy's ethernet card in the NVRAM chip. This can be checked by typing in a shell 'nvram | grep eaddr'. The output should show an output of the form 'eaddr=xx:xx:xx:xx:xx:xx') where the 'xx' correspond to the numbers on the back of the computer. 

If the contents have been corrupted, (sometimes they are reset to 'ff:ff:ff:ff:ff:ff'.) open a shell and type:
    dump -w -x 0xbfbe04e8

Check the output here to see if it matches the address given in any 'ec0: bad ethernet address' error message. If not, you may not want to overwrite the current NVRAM address. 

Scripts to reset the ethernet address in the NVRAM chip are available at Squirrel.com for different SGI computers. Alternatively, it has been reported that you can do the following:

    fill -w -v 0xGG 0xbfbe04e8
    fill -w -v 0xHH 0xbfbe04ec
    fill -w -v 0xII 0xbfbe04f0
    fill -w -v 0xJJ 0xbfbe04f4
    fill -w -v 0xKK 0xbfbe04f8
    fill -w -v 0xLL 0xbfbe04fc

Where GG:HH:II:JJ:KK:LL is the ethernet address shown on the label on the back of the Indy.

To restart the system, either power down, wait one full minute then power up. Alternatively, if the battery is flat and can not be replaced, you can restart the system using the new NVRAM settings by first typing 'init 6' within the PROM monitor, then 'single', which starts single user mode. At this point, the command 'nvram eaddr' will show the correct MAC address and IRIX can be restarted by typing 'init 3'.


Objectserver and multicast packets

If you find that there are multicast packets on the network coming from your Indy and which are prohibited by many network providers, such as JANET in the UK, see http://www-viz.tamu.edu/~sgi-faq/faq/html/admin/77.html "Subject: -77- What is sending packets to the sgi-dog.mcast.net multicast address? The objectserver. It is using that address intentionally. SGI just did not bother to define a new one. If you do not use any directoryservers and want to get rid of the objectserver multicast packets, you can add '-t 0' to `/etc/config/objectserver.options' and they will go away.


Paths

Setting a path, so that your 'shell' will be able to find applications in different directories. You can use method (a), but (b) is preferable for most people. Type 'set' or 'setenv' to view the current settings.

(a) Set 'environment' variables in a csh/tcsh shell. You can type this in a shell or better, put it in your '.cshrc' file:

setenv PATH ${PATH}:other_directory:other_directory

(b) Set the path variables as both 'environment'  and 'internal shell' variables. You can type this in a shell or better, put it in your '.cshrc' file:

set path=($path other_directory yet_another_directory)

The way to 'add' an application to the 'path' for people using the 'cshell' is to edit the user's '.cshrc' and add additional 'set path' lines as illustrated below:

set path = ($path /opt/Acrobat3/Browsers)
set path = ($path /usr/local/raplayer3.0)

Remember to set the paths to 'man' pages in the same way. (Note: this is one long line)

setenv MANPATH /usr/local/man:/usr/share/catman:/usr/share/man:/usr/catman:/usr/man:/usr/freeware/catman:/usr/freeware/man:/var/news/man

There is a default for everyone's 'cshrc' in '/etc/cshrc'. It is often easier to update this as described above, rather than updating each user separately.


Passwords

Lost passwords (with thanks to Randolph J. Herber): If both the hardware (PROM) password and the system root password are lost, remove the system disk, install it on another SGI system as a data disk, mount the system partition (usually 0) as some directory (call it /mnt), edit /mnt/etc/passwd to remove the root password, reinstall the system disk, boot and put a known password on root. Note that if the disk has an EFS file system, a GNU/Linux machine with a relatively new kernel will also be able to read it. XFS file system support in Linux will be available soon.

If another compatible computer is not available, then remove the PROM password by jumpering or battery removal, according to the system type. 

If the PROM password is known or blank, but the system root password is unknown, bring the system up under miniroot (e.g.. Install System Software) by any means available, e.g. local CD-ROM or remote directory, admin, shroot, setenv TERM iris-tp, vi /etc/passwd to remove root password, exit, return, quit and reboot.

If the root password is known and the PROM password is unknown, which may be the result of doing the first case above, login as root, do:

    nvram passwd_key ''"  ('"" is two 'double quotation marks' made with key [Shift-2] pressed twice)

I suggest installing a PROM password key to make physical break-ins harder. This requires a system shutdown, entering the PROM monitor and doing a 'passwd' command there, followed by a system boot.

See also
http://www.mesa-sys.com/sgi/LostPassword.htm


Patches for IRIX

To list the patches on the computer, type in a shell:

versions -b | grep patch

The recommended patch sets for IRIX are available on the SGI SupportFolio server for registered users and at Leeds University, UK. Individual patches are available, listed by patch number, for registered users. 'Security' patches are freely available. Patches for IRIX 6.5 are being released on CD as 'intermediate' releases, numbered 6.5.1, 6.5.2, 6.5.3 etc. Intermediate release software is installed as a single procedure to provide all the current fixes and updates as easily as possible. Note that there are 'maintenance' and 'feature' streams of these intermediate releases. You can change the stream in 'Software Manager | Install' after selecting 'Customize Installation' and the location of the files containing the stream that you wish to install.

There is a bug report resource at http://support.sgi.com/surfzone/bugs/.


Perl v 5

Download perl5.003-6.2.tardist 5.99MB, and install it into /usr/freeware/bin/. Note that there is perl v 4 in /usr/sbin and that is the only Perl known to the 'default' system, so perl5 has to be started with '/usr/freeware/bin/perl'. Other files are in /usr/freeware/lib/perl5.


Robots and Spiders

If you have a web server, the "Standard for Robots Exclusion (SRE)" sets the rules by which robots and spiders view a web site. It is possible to put instructions in a file '/usr/local/netscape/docs/robots' to exclude robots and spiders. The presence of an empty file will prevent an error messages about robot.txt being logged in the web log. See the `Byte' magazine article about this.


Root logins limited to local users

I recommend that you prevent 'root' from logging in to your Indy from other computers. This is a security measure. You will still be able to login from other computers under other usernames, then invoke 'su' to work at 'Superuser', once connected. Edit '/etc/default/login' and unhash the line at the top that says 'CONSOLE=/dev/console'. For further details see 'man 1 login'. Now, users have to be at the computer's own keyboard to be able to login as 'root'.

If are going to telnet to the Indy then work as 'Superuser', I strongly recommend that you use 'ssh'. I have a guide to set up SSH under IRIX and on Microsoft Windows computers.


Security

The SGI 'TechPub Library' provides information on how to setup and maintain system and network security for IRIX 6.5. It is essential that you read this if you are new to IRIX or setting up a computer on a network that can be accessed from Internet or dialup.

Check the Carnegie Mellon University Software Engineering Institute's 'CERT Coordination Centre' for information and advice on current secutity issues.

Check CIAC Bulletins regularly for  IRIX current security issues. You can arrange for these to be emailed to you as soon as they are released. For example there is a CIAC Bulletin that many `setuid/setgid' programs did not set limits in memory so that local users could write to its memory and gain root privileges. I found out what these programs were with:

find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -l {} \;

You can alter the permissions on these programs, if you consider that they are likely to be misused by a user.

Many people consider that 'su' logins should be limited to people working at the computer itself. Network logins as 'su' are a potential security hazard. To limit 'su' logins in this way, edit ‘/etc/default/login' and add the line ‘CONSOLE=/dev/console'.

telnet, ftp and other network connections send passwords in clear text. Network 'sniffer' programs can collect them. I recommend that you use 'ssh' instead, for all network connections to remote computers. I have a guide on how to set this up under IRIX and on Microsoft Windows computers.

Consider using 'tripwire' v 1.3 which provides file integrity checks to monitor program and file alterations.

Consider disabling unwanted ports to 'armor' the computer against deliberate attacks, see a guide for Solaris users. Consider using a program to search for these ports and any loopholes in your computer's configuration.

Consider installingf a good quality commercial firewall such as SonicWALL 'DMZ'.


Software

I have made a (very incomplete and out of date - sorry) list of the additional programs that I have installed on my Indy, with links to where I obtained them.


Supportfolio Connect

'Supportfolio Connect' allows Silicon Graphics support customers to open and manage any hardware or software problems ('support cases') on-line at http://support-europe.sgi.com 'Supportfolio Connect' is also available in Canada, Finland, France, Germany, Italy, the Netherlands, Norway, Portugal, Spain, Sweden, Switzerland, UK and the United States. Details of this service are given at

http://support.sgi.com/help/helpconnect.html
http://support.sgi.com/onlinedatasheet.html
http://support-europe.sgi.com/faqs/index.html#Connect

To register for 'Supportfolio Connect' services, you will need the 'serial number' of a Silicon Graphics machine that is under warranty or has a support contract. The serial number you need is of the form: 0800690768f8.  To find this, type in a shell:

sysinfo | sed '1d;s/00//g;s/ //g;/^$/d;2s/^/0800/' | tr '[a-f]' '[A-F]'

This is the same number given by typing 'nvram eaddr', but without the colons.

  • Open http://support.sgi.com/  (Note: this site, or http://support-europe.sgi.com/ are also sites to access other SGI resources)
  • Click on 'Connect' and enter your SurfZone username and password.
  • Click on the "Submit Request" button.
  • Enter the 'serial number' (e.g. 0800690768f8 ) in the 'Serial Number / Varsity number' box and click on 'Verify Serial Number'.
  • This will list 'Your Entitlement'.

You will be sent an email in a few minutes, confirming that you have been registered. Alternatively, if the number is not accepted, Silicon Graphics will need to verify the information before granting an account. This should take no more than two days.

European users should access the service at http://support-europe.sgi.com/surfzone/connect/ after registering. You will need to enter your SurfZone username and password.

Email supportfolio@csd.sgi.com if there are any problems with the service.

Note that, although the computers that run 'Supportfolio Connection' are in Amsterdam, The Netherlands, calls from this Medical School in the UK are routed there via the University of London Computer Centre, Pennant Point (NS) Canada, York (NY) USA then Pennsauken (NJ) USA, before recrossing the Atlantic to Holland. This explains why the connections can be very slow from here to the SGI European resources.


Time

The clocks in many computers are not accurate and need to be reset at intervals from a central accurate clock on a network. Three ways to set the time on an Indy to one or more ‘time servers', in increasing order of complexity are:

(a) ‘timeslave' See the 'man' pages.

(b) ‘timed'. See the `man' page. Use ‘chkconfig' to see if they are running and to turn them on and off.

(c) ntpd time daemon. This is what I have used, because it is the most flexible and 'accurate' because it gets time from several time servers. I have a guide on how I compiled and installed the University of Delaware's free version on my Indy.

 


Volume header files 'sash' and 'ide', and 'fx'

IRIX reserves a part of the hard disk for two programs called (a) 'sash' which starts the operating system and (b) 'ide' that provides diagnostic utilities for the system'. You must have a copy of 'sash' on the header of your system hard disk. It is not necessary now to have a copy of 'ide' in the volume header area.

The program that can 'put' these two programs into the disk's header reserved area and which can be used to copy them from there to a selected directory on the hard disk, is called 'dvhtool'. See 'man dvhtool'. First check whether you have 'stand' and 'ide' in '/usr/stand' (or '/stand' which is the 'old' directory for these programs). If you want to 'get' the copy of 'ide' and 'sash' that you are currently using, from the header on the system disk, to a directory that you can view, use the command 'dvhtool -c get stand /usr/sash/stand' and 'dvhtool -c get ide /usr/sash/ide'. This will write the programs to '/usr/stand'. Note that in IRIX 6.5.*, these two programs are identical. The reason for this is that 'ide' became to big for the volume headers on many older systems. So 'sash' now looks at argv[0] to see if it's invoked as ide, and if so, it looks for 'ide' in the normal installed place in 6.5, which is /usr/stand/ide. If it is not there is looks on a CDROM in /stand and if this fails it looks over the net.

What do 'sash', 'ide' and 'fx' do?  I read the following in http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=bks&fname=/SGI_Admin/IA_DiskFiles/450&srch=stand%20ide  

sash is a standalone shell that must be in the volume header of system disks. It is required to boot a system. sash is a processor-specific program. Therefore, if you ever need to copy it from the /stand directory of another system or from the /stand directory of a software distribution CD, you must copy the correct version. If you copy from another system, both systems must have the same processor type. If you copy it from a software distribution CD, as the Indy is an ‘IP22' computer, you must use 'sash.IP22', not  ‘sash.ARCS'.
ide (integrated diagnostics environment) is a diagnostics program for low-end systems only. ide is executed when you choose the third item, "Run Diagnostics," on the System Maintenance Menu. Newer systems execute ide from the '/usr/stand' directory, if it is not in the volume header.
fx is the 'standalone' version of the IRIX fx command. It is a disk utility used primarily for repartitioning disks. Older systems sometimes included a copy of the command fx in the volume header. There is no longer any need for fx in the volume header. The fx command can be used to display and modify the device parameters and the partition layout. See the fx(1M) reference page and the section "Repartitioning a Disk With fx" in Chapter 2. Using fx has the side effect of creating the file sgilabel in the volume header.

I renamed /usr/stand/ide to ide.old and copied from the CDROM of 6.5.4 /stand/ide.IP22 to /usr/stand/ide. This version of 'ide' is a much larger file than 'ide' which I had got off the header of the system disk, for the reasons discussed above. When I tried to run either copy of 'ide', it said that it was the wrong architecture. This is because they can only be run in miniroot, not in an IRIX shell.


Web servers

Mindshare's 'Outbox' web server

IRIX 5.2 provided a copy of the Mindshare 'Outbox' web server. It installed into  /usr/sbin/outbox and had files in /var/www. The startup html file is /var/www/htdocs/WhatsNew/Mindshare/outbox.html. ‘chkconfig outbox on' will start this server if you have it on your computer. I have removed it, in preference for the Netscape Communications server.

Netscape's ‘Communications' web server' v 1.12

SGI sell the ‘WebForce to Serve 1.1.2' CD, which contains the Netscape ‘Communications Server' v 1.12. It installed to the directory ‘/usr/ns-home'. The Communications Server installs easily using the default settings from the CD-ROM. However, this server is no longer supported at Netscape. Their 'basic' web server is the 'Fasttrack' server:

Netscape's ‘Fasttrack' web server v 2.01

This free server is installed by default, when IRIX 6.5 is installed. Information about 'Fasttrack' v 3 is at http://home.netscape.com/fasttrack/v3.0/index.html The latest version (3.01) costs about £200.00. It appears to have many improvements over the 'Communications' server and is very suitable for simple web sites like mine. The server is administered using a browser and 'Fasttrack Administration' software which is also provided when IRIX 6.5 is installed.

Microsoft's 'FrontPage 98 Server Extensions'

Netscape 'Communications' server v 1.12 and 'Fasttrack' servers are supported by Microsoft's ‘FrontPage 98' server extensions, which allow the 'web' pages to be worked on and updated from a PC running 'FrontPage 98'. I have a guide to installing FrontPage Server Extensions on IRIX which requires the updated versions of the program at Microsoft's web site. Do not use the out-of-date program on the FrontPage 98 CD-ROM. I can recommend this way to write and manage a web site on an Indy.


'xhost' command to restrict access to your monitor

It is possible for people at other computers that use X-Windows, to send the content of their windows to your computer. You would see the window that they were viewing. This can be a nuisance and it is easily prevented using the 'xhost' command. Type 'xhost -' to prevent any other computers from sending their X-Windows to your computer. 'xhost +' will allow any host to send you their X-Windows. I recommend that you type 'xhost -' then run commands to allow specified hosts to send you their X-Windows. This is done using the command 'xhost +<computername>'. For example I want to be able to telnet to 'ramindy.sghms.ac.uk' and see its X-Windows. I typed 'xhost +ramindy.sghms.ac.uk' to enable this. You can see what the settings are by typing 'xhost'. For further information see 'man xhost'. 


Other administration pages:

Return to the 'home page'

Return to the `Computing index page'

Return to the 'Indy administration index'