[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]
Conference smurf::buildhelp

Title:	USG buildhelp questions/answers

Moderator:	SMURF::FILTER

Created:	Mon Apr 26 1993
Last Modified:	Mon Jan 20 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	2763
Total number of notes:	5802
1888.0. "OSF/1 Source Pool changes to make for mountd & group/mode" by AOSG::FILTER (Automatic Posting Software - mail to flume::puck) Thu Oct 19 1995 13:13

Date Of Receipt: 	19-OCT-1995 11:54:45.43
From: 	SMURF::FLUME::jmf "Joshua M. Friedman OSF/UNIX SDE  19-Oct-1995 1152"
To: 	osf_ode_admins@DEC:.zko.flume
CC: 	jproj@DEC:.zko.flume, odehelp@DEC:.zko.flume
Subj: 	OSF/1 Source Pool changes to make for mountd & group/mode

Admins responsible for maintaining copies of osf/1 source pools, please 
make the following changes in your environment:

We are increasing the level of security with respect to the OSF/1 and 
other source licences which govern the use of our product source pools.  
Each system within Digital hosting a copy of Digital UNIX sources is 
required to have a Digital UNIX source license; there is no "company wide" 
license.

Here in ZK3 we have been running mountd with the restriction that the 
filesystems are exported only to the local BIND domain.  Sites outside 
of our zk3.dec.com domain who require copies of source pools are each 
managed as "sup clients".

At this time we request that each sup client also maintain the same level 
of security, that is, that you only export the sup'd copies of pools to
your own local domain.  Please confirm when you have done this, or if it
poses a problem, please let us know and we will work with you to understand
and address it.  Details for this change are presented below.  Putting
this policy in place may mean that more sites will be reponsible for supping
their own copies of pools; we will work with such groups as they appear.


In addition to this, in 2 weeks (on 11/1), we will remove world-read access 
to the sources in the OSF/1 pools, and will request that you do the same,
using the short script below.  Future (new) pools and baselevels will be
setup with these modes from the start.

Users will have to be in group staff (10) in order to read these sources.  
Please make the required arrangements to ensure that this will not present 
problems, ie. please inform your user community of this requirement, and, 
if you do not already have a group staff=10 in your environment you may 
need to add it.  Separate mail will also be sent to osf_developers, cc'd 
to you, explaining this.

Please contact [email protected] if you have any questions.

Thank you very much,

	Joshua Friedman, Digital UNIX Release Engineering


 ------- NFS Export Directions --------

Admins at each site or anyone who maintains sources on their system, please
do the following.  Note that there is no option to nfssetup to manage this
switch.  Also please note that update installations will wipe out these 
settings, and so they need to be reapplied if the system is reinstalled
or updated.

On Alpha systems:

Edit the file /sbin/init.d/nfs and change the line (around line 46) from
	MOUNTOPTS="-i"
to
	MOUNTOPTS="-i -d"

Then stop & restart the mountd daemon as follows:

	/sbin/init.d/nfs stop
	/sbin/init.d/nfs start

On Ultrix systems: 

Edit the file /etc/rc.local and find the line which starts mountd; change
it from something like:
        /etc/mountd -i ; echo -n ' mountd -i'   >/dev/console
to
        /etc/mountd -i -d ; echo -n ' mountd -i -d'   >/dev/console

Then use "ps ax | grep mountd" to find the /etc/mountd process, kill it,
and restart the process using the new command.

FYI, Here's the man page excerpt describing this option:

mountd(8)                                                           mountd(8)

  -d        Turns on Internet address verification and domain checking.  If
            you are running the BIND service, mountd will verify that the
            host requesting a mount or unmount is in the server's domain.


 ------- "fixsrcmodes.sh" script --------
# 
# @DEC_COPYRIGHT@
#
# HISTORY
# $Log: fixsrcmodes.sh,v $
# Revision 1.1.2.2  1995/10/19  15:50:18  Joshua_Friedman
# 	Lock out src tree access to only allow group staff access
# 	for all osf1 project pools and backingtrees.
# 	[1995/10/19  15:49:56  Joshua_Friedman]
#
# $EndLog$
# 
# @(#)$RCSfile: fixsrcmodes.sh,v $ $Revision: 1.1.2.2 $ (DEC) $Date: 
1995/10/19 15:50:18 $
# 

# /usr/sde/osf1/bin/common/fixsrcmodes.sh
#
# Run on each NFS server exporting osf1 source pools
# (takes no arguments)

echo $0:

/bin/ls -d /usr/sde/osf1/build/*/src > /tmp/src$$

for tree in `cat /tmp/src$$`
do
    cd $tree
    echo $tree...
    dirs=`/bin/ls -F | grep /`
    chmod 750 $dirs
    chown devbld:staff . $dirs
done

rm /tmp/src$$

echo done.

exit 0



 ----------------------------------------------------------------------
 Joshua M. Friedman	 		Internet: [email protected]	
 Mailstop: ZKO3-3/W20			DECnet:   flume::friedman
 Digital UNIX Engineering		603-881-1548, dtn 381-1548
 110 Spitbrook Road 			Fax 603-881-2257, dtn 381-2257
 Nashua, NH  03062 			Office: zko3-3/z20

 Digital UNIX Release Engineering: [email protected], or URL:
	http://nsa.zk3.dec.com/rengweb
 ----------------------------------------------------------------------
T.R	Title	User	Personal Name	Date	Lines