Path: utzoo!utgpu!watserv1!watmath!iuvax!mailrus!sharkey!itivax!scs From: scs@iti.org (Steve Simmons) Newsgroups: comp.unix.ultrix Subject: Re: Managing a network of UNIX workstations Message-ID: <4799@itivax.iti.org> Date: 13 Jan 90 17:51:19 GMT References: <3949@jhunix.HCF.JHU.EDU> <9338@cbmvax.commodore.com> Sender: news@itivax.iti.org Lines: 43 grr@cbmvax.commodore.com (George Robbins) writes: >In article <3949@jhunix.HCF.JHU.EDU> barrett@jhunix.HCF.JHU.EDU (Dan Barrett) writes: >> (1) How do you handle inter-machine superuser privileges? >> I do NOT want to put "root" in /.rhosts -- this is a big security >> risk, right? >Don't unless you can control physical access to the hardware or are operating >in an intentionally un-secure mode. It is may be an acceptable risk / >convenience if you have a coule of servers in a secure area. We do something similar: all 'secured' machines (file servers and time- shared systems in the machine room) have mutual .rhost entries. All other systems have the secured machines in their entries, but no others. In a similar manner, we have 'extremely untrusted' machines on our net. We deal with those by not putting them in hosts.equiv, forcing people to use passwords when accessing central systems. Prevents rcp and rsh too. >> My idea is to have one or two fileservers, make the other >> workstations use NFS, but put a small disk on each workstation for >> swapping only. Good? Bad? What's better? >Another [religious issue]. If you can afford to, put at least a swap disk >on each system >and/or a root/swap/var disk(s) on each one and let the fileserver serve >files and not handle swapping or booting. Some people will tell you that >network stuff is faster that low performance built-in SCSI drives. This >may be true, especially on a lightly loaded net - if so, just run the >systems diskless. I have settled this issue to my satisfaction by experiment, and can definitively say "it depends" :-). A remote swap area (on a file server) is usually faster than an internal *for one workstation*. That's because the file server disk (sync SCSI, SMD, RA, whathaveyou) is faster than the internal disk even with the 'loss' of network access. As the number of workstations and/or the amount of swapping on each increases, eventaully the server becomes overloaded. We empirically determined that 3 Sun 3/50s in heavy swap state could swamp a Sun 3/{1,2}60 file server using Fujitsu 2361 disks and Xylogics 451 controllers. The limiting factors are the disk and the controllers, not the CPU. So the answer will depend on your local configurations and usage pattern.