Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!usc!brutus.cs.uiuc.edu!rpi!batcomputer!rogerj From: rogerj@batcomputer.tn.cornell.edu (Roger Jagoda) Newsgroups: comp.sys.next Subject: 40BM accelerator and setuid problems Message-ID: <9494@batcomputer.tn.cornell.edu> Date: 3 Jan 90 23:28:30 GMT Reply-To: rogerj@tcgould.tn.cornell.edu (Roger Jagoda) Organization: Cornell Theory Center, Cornell University, Ithaca NY Lines: 87 Fellow NeXTies (like neckties...?) I have some questions that some of you might have already had to deal with and might have insights into regarding the Cube. 1)We have just received our first shipment of the 40MB "accelerator" drives. Instalation is a breeze, just slide it into the normal drive bay, screw in, and run Buildisk.App...an entry is already in /etc/disktab for the Quantum drive. Since NetInfo doesn't read /etc/fstab at all, I'm wondering how the Cube knows to mount the drive (which is does automatically as /private/swapspace.). I mean suppose I wanted to instruct a Cube to mount this drive AND an Optical drive on bootup. If I'm not using fstab, I can't enter mount options and mount-points. How do I inform a NetInfo cube of file-system mounts on bootup? Another related question about these drives. The OS seems smart enough to symbolically link /tmp to the newly installed accelerator drive, however, the swapfile, /private/vm/swapfile still lives where it did BEFORE installation (in our case on our network server since the client machines are diskless). Is an error of omission? Wouldn't I want to link the swapfile to grow on the swap/accelerator disk? 2) We want to use another file server as a "backup" NetInfo server or a "clone" server. I have tried to use the "nidomain" command but I've had little luck. Here's what we've got: Server=heights (660 MB machine) Soon to be clone server=lodi (330 MB machine) I su to root and issue (this is from lodi, or the one who WILL be the clone acceptor) nidomain -c network heights/network But this never works. We tested it but downing heights and trying a reboot and always got "netinfo server not found", and I'm not talking about the normal message that comes up sometimes even with the netinfo server normally. The nidomain amn page says something about "The machine's "serves" property should be set up prior to running this command to contain the entry "./tag". Now, what does this mean? How do you add a tag for network service on a machine that is NOT designated a netinfo server from NetNanager? Do I use the nidomain -m switch? Or do I have to click on something under NetInfoManager? 3) I noticed several programs under /NextApps are set-uid. Is this dangerous? I'm still getting the hang of Unix SySAdmining, but isn't this the same as saying "when this program is run, it's run as if root is running it". Now, unless I have to I'd like to strip off this bit on some of the more "dangerous" programs: --BuildDisk #Do I want ANYONE running this? What about my network drives? --Preferences #Do I want just anyone setting the TZ and system clock? If this isn't setuid, will users still be able to set their passwords? --PrintManager #I CERTAINLY don't want users configuring any of the printers on the net! --Shell #This program and Terminal is setuid. Why? I have seen where this can leave a user as root (really, with a # prompt to boot! Can I strip this off and still have it run properly? The same concerns are echoed for the five programs under /NextAdmin. --MailManager, NetManager, UserManager are all world executeable AND setuid. Do I want to strip these or do they HAVE to be this way? I'm not usre I want the users running UserManager! Also, NetInfoManager is WORLD executable as well, is this necessary? Thanks in advance. If anyone wants to know how the 40MB drives work out, or has some benches they want to run, send me mail and I'll try them. I think we got ours first or near first because of the number of machines we have here (55). Roger Jagoda Cornell University FQOJ@CORNELLA.CIT.CORNELL.EDU