SGI sysadm

[I'm in the process of updating this (1995.09.26) so things are going to be a little chaotic until I'm done; hopefully soon --Chris]

Setup and configuration

These notes indicate the steps we went through to bring new SGIs out of the box, format and partition for our needs, set up networking, filesharing, and in some instances, use NIS for sharing account information. It then talks about some security concerns, and also describes how we set up our NFS sharing.

Format and partition the disk:
SGI ships their systems with single / partitions; we prefer to format into separate partitions, eg: /, /usr, /var, and swap. When upgrading from Irix-4.0.5 to Irix-5.3, I found it cleaner to reformat the disk than try to upgrade.
Install system software:
Install default and customized configurations of the software from the distribution CDROM.
Protect accounts:
SGI ships with a number of accounts which have no passwords; these pose a threat to your machine, especially once it is on the net. Close off this avenue of attack now.
Basic network setup with EZsetup:
Set basic Internet parameters such as hostname and IP address.
Finish configuring the network:
Configure other networking parameters such as netmask and broadcast address, default router, and domain name service resolution.
Close some network security holes:
There are some problems in the SGI default network configuration that puts your machine at risk.
Some important miscellanea:
Set the proper timezone, build whatis database for man, etc.
Set up NIS to share account information
Share passwd, group, and alias files; configure the visual login screen to display non-local, NIS accounts.
Set up SYSV printer
You can set up a machine with a locally-attached printer as a server for the network. Client machines access it via SYSV network printing system. I've also got an icky hack to allow BSD systems to access the SYSV printer over the net.

Tweaks, fixes, and improvements

Formatting local man pages
SGI's stock man does not format man pages -- the nroff suite was "unbundled" and all SGI man pages come preformatted. This means you can't use man to view your locally-added, unformatted man pages, like those you might might install in /usr/local/man. SGI has a replacement man on their FTP server at ftp://ftp.sgi.com/sgi/IRIX5.0/man/ -- here's the README.man file. I don't like replacing system files, so I may look for some other solution, possibly Perl-based...
Replacing stock mrouted
The mrouted that comes with Irix is the obsolete 2.2 version which apparantly does not support pruning and doesn't support bandwidth limiting. Without the later, the mrouted traffic hosed a 56Kb network at one site. You can get mrouted-3.4 from ftp://ftp.sgi.com/sgi/ipmcast/IRIX5/5.3/.

Old, obsolete, or in transition


Chris Shenton