CUSSP_PTS_S98

Printers, Power-Ups, and PTS Group Access:A Supplement for CUSSP Customers

Spring 2002

CUSSP Representatives

The names, office locations, and phone numbers of the CUSSP service personnel appear below.

CUSSP Representatives

Dave Bicknell		VCC 311		276-6966
Andy Mondore		VCC 311		276-8156

You may also direct electronic mail to cussp@rpi.edu.

Have a Specific Printer You'd Like as Your Default?

So that we can further enhance your CUSSP service, we request that you please tell us which -- if any -- printer you would like to specify as your default. If you wish to use a non-RCS printer, you will need to supply your CUSSP representative with the name of the spooler's system administrator, the name of the printer itself, and its location.

In the meantime, you can print to any RCS printer by specifying the printer's name with the UNIX lpr command; for example:

	lpr -Pec2112lw <filename>

Using the Sudo Command for SysAdmin Tasks

When we configure a CUSSP I system, the designated system administrator -- often the machine's owner -- receives a set of privileges which require root access. CUSSP allots these privileges using a program called sudo, which allows a CUSSP customer who is logged in to a particular machine under their regular RCS userid to have "super-user" access status for the duration of a single command.

For example, let's say that a CUSSP system administrator comes across a poorly-written program which does not exit itself correctly when it finishes executing, and as a result he or she needs to kill that process so that it doesn't consume any more system resources. Normally, if a user does not own the process him- or herself, that person cannot use the kill command to terminate that process. However, anyone having "superuser" privileges does have the ability to terminate any system process.

Checking and Using Your sudo Privileges

To check your "superuser" capabilities, enter the following command from a UNIX prompt:

	sudo -list

In the list of command capabilities which should appear, you should see the command /usr/bin/kill. This means that you "have sudos" for this command. Therefore, to kill a process -- as an example, process 327 -- you would issue the command:

	sudo /usr/bin/kill -9 327

Please note that you must type out the /usr/bin/kill path in full; that is, you cannot simply issue a sudo kill command.

Familiarizing Yourself with Some Typical sudo Privileges

A typical set of CUSSP system administrator sudos, roughly broken down by category, follows.

Process-related Commands

	/usr/bin/kill, /bin/kill

Printer-related Commands

	/usr/lib/lpd, /usr/ucb/lprm, /bin/lprm, /usr/etc/lpc

Disk Drive-related Commands

        /usr/etc/dkinfo, /etc/dkinfo, /usr/bin/du

CD ROM-related Commands

	/usr/local/etc/cd_mount, /usr/local/etc/cd_umount, 
	/usr/local/etc/cd_export, /usr/local/etc/cd_unexport

UNIX Shutdown-related Commands

	/usr/local/etc/Reboot, /usr/local/etc/Halt

Please note that the above sudos will only affect the system(s) for which the user acts as the designated system administrator. And, in case you were wondering, more than one pathname may exist for a single command because the three RCS platforms -- IBM, Sun, and SGI -- place these files in different locations on the system.

Getting Additional sudo Help

If you want additional information about a certain sudo command, UNIX manual pages (man pages) exist on all RCS platforms for all of the sudo commands listed here. For example, for more information about the lprm command, issue the following command from a UNIX prompt:

	man lprm

If at any time you think that you do not have the sudos you need to properly maintain your machine, please contact your CUSSP representative.

Mounting and Un-mounting Your CD Drive


Please note: CUSSP customers having SGI workstations or IBM AIX 4.x machines need not concern themselves with this section of the document, as those machines automatically mount the CD-ROM when you insert it.

Those of you CUSSP customers who use a CD drive with your workstation will use the sudo command, which gives you root-like privileges for some commands on your system, to both mount and un-mount your CD drive.

As an example, if you have such a setup, and have a disk in your CD drive, you would enter the following command from a UNIX prompt to mount the drive:

	sudo /usr/local/etc/cd_mount

NOTE: Please make sure that you type a space between the word sudo and the first slash (/) when you enter the command shown above.

Next, enter the following command from a UNIX prompt to identify the directory on which the file system is mounted:

	df

The message "/cdrom as a mounted filesystem" should appear, indicating that you have mounted and allocated your CD drive successfully.

Once you finish using the CD drive, enter the following command from a UNIX prompt to display the pathname of the present working directory:

	pwd

Make sure that you are not currently located in the /cdrom directory; if you are, use the cd command to relocate elsewhere.

Next, enter the following command to un-mount the CD drive:

	sudo /usr/local/etc/cd_umount

NOTE: Again, make sure that you type a space between the word sudo and the first slash (/) when you enter this command.

Once the drive has been unmounted successfully, you may safely press the Eject button on the CD drive to remove the disc.

Power-Cycling and Powering Down Your Workstation

Several circumstances exist in which you may find it necessary to cycle the power on your workstation, or to shut the machine down completely. This section supplies you with step-by-step instructions for these two instances.

Cycling the Power on Your Workstation

If you ever find your workstation in a state in which the screen appears (and remains) blank, or the machine does not recognize any keystrokes you enter, first open the Operator Panel on the front of the CPU, as described below:

  1. Check your machine's LED panel by pulling the top of the door to the Operator's Panel down toward you.

  2. If, after opening the Operator's Panel door, you see three `8s' flashing in the red LED panel, this indicates an abnormal system halt, and that the workstation is waiting to perform a system "dump." To do this:

    1. Press the yellow Reset button on the front of the CPU, and then record the three-digit number which appears when you do this. Continue this process of pressing the yellow button and recording the three-digit numbers until the LED display returns to `888.'

    2. Press in and release the CPU's power button (located to the far right); the small green light beside it should go out. Wait 10 seconds, and then press this button once again.

      In most cases, doing this will cause the machine to reboot normally; as it does so, the workstation will sequence through numerous LED codes before the normal RCS login prompt reappears on the screen. This is normal. (To find out what each LED code means, refer to the IBM manuals that you received with your workstation.)

  3. Call the VCC Help Desk at ext. 7777 to inform them that you had to cycle the power on your machine, and to report the numeric codes you recorded while pressing the yellow Reset button. This information will aid the Help Desk staff in attempting to determine the cause of your machine's abnormal system halti.

Performing an Orderly Shutdown on Your Workstation

In some cases, such as for a scheduled campus power outage, you will need to perform an orderly shutdown on your workstation. To do this:

  1. Log in at your workstation under your own Rensselaer userid, if you have not already done so.

  2. Enter the following command from a UNIX prompt:
    	sudo /usr/local/etc/Halt
    

    NOTE: Please make sure that you type a space between the word sudo and the first slash (/) when you enter the command shown above.

    After you issue this command, you may see many system messages scrolling by in your UNIX window, describing system activity, and so on. After a few minutes, you should see the following message appear on your screen:

    	Halt Completed...
    

  3. When this message appears, you may then power off your workstation and other equipment in the following order:

    1. CPU -- Push in the square white button located to the far right on the front of the CPU panel.

    2. Monitor -- Toggle the white switch located in the lower right corner of your monitor screen from the `1' to the `0' position.

    3. External devices, such as CD-ROM drives -- Push in or toggle power switches as necessary.

    To power your equipment back on, repeat the above steps in reverse order; that is, begin powering up your equipment with the external devices first.

The Basics of Working with PTS Access Groups

This section of the document will give you the basics of defining, and maintaining, the access other users have to your CUSSP I system.

What Exactly is "PTS" Access, Anyway?

When we configure your CUSSP I system, the designated system administrator becomes the owner of an AFS group, and as such often uses the group-related pts commands to contact the Protection Server, which maintains a protection database containing protection definitions for groups, individual users, and machines. AFS access control lists often use such groups to allow --or disallow -- directory access to the group's members. In the case of CUSSP I customers such as yourself, however, PTS group membership allows for remote user logins, via Telnet, to your CUSSP I system.

So Who Has Access to My System?

As the owner of the PTS group, you have control over who can access your machine via Telnet, but any user with an RCS account can still physically log into your machine from the console.

Isn't That The Same Thing?

Not necessarily, no; the existence of a remote access group in no way determines who can physically sit down and log in to the system locally on your machine. For example, in Rensselaer's Math department, where almost all of the UNIX systems are CUSSP I systems, a student may come in to see a faculty member or teaching assistant office with a problem on his or her Maple assignment. The Math faculty members and TAs realize that the best way to get to the heart of the trouble is often to have the student physically log in to the system and demonstrate the problem then and there, and having such a system -- whereby physical access, and not PTS group membership, determines an individual's ability to log in -- saves a lot of bother for both students and instructors.

What if I Have Only One Machine, but Want Multiple Access Levels?

We've already considered that a faculty member may, for example, have only one lab available, but two distinct groups of researchers, and that he or she may wish to restrict login capability to a select group of students. In such a situation, the faculty member may vary remote access restriction slightly by changing the name of the affected PTS group.

So How Do I Determine My Current PTS Group Name?

You need to follow a number of steps in order to determine the name of the PTS group which controls your hosts' remote access:

  1. Log in to the desired host.

  2. Open a UNIX window.

  3. Type the following command at the UNIX prompt:
    	grep $USER /usr/local/access/login.`hostname`
    
  4. In the information which should appear on the screen, locate the group name between the leading "A" and the ampersand (&).

    For example, if your entering the grep command resulted in the following:

        
    Ajones:rachel.remote.access&+Remote access to this workstation...
    

    then the name of the PTS group is jones:rachel.remote.access.

How Do I Examine the Group's Current Membership?

To obtain a list of users currently included in the group, enter the following command from a UNIX prompt:

	pts members <group name>

Doing this should result in a list similar to the following:

Members of jones:rachel.remote.access (id: -327) are:
banksa
kirscp
leighs
schefs
wentod

Is There a Way I Can Add Other Members?

Sure. To add another user to the current group, enter the following command at a UNIX prompt:

	pts adduser <user name> <group name>

How about Removing Members?

It's just as easy. To remove a member's name from the group, enter the following command at a UNIX prompt:

	pts removeuser <user name> <group name>

It is very important that you do not use the pts delete subcommand, as doing this will delete the entire group, which you will then have to recreate and redefine. Using that command will also remove your ability to Telnet in to your own system.

Is there Any Place I Can Get Additional Help if I Need It?

Absolutely. In addition to contacting your CUSSP representative, you may also direct your questions to the ACS student consultants at the VCC and CII Help Desk locations, or obtain on-line help by typing the following command at a UNIX prompt:

	pts help

This will provide you with a list of all available PTS subcommands.

You may also request help on a particular command; for example, for help with the remove command, enter the command

	pts remove -help

Please note the hyphen, or "minus sign," in the second form; you need to use this when requesting help on a specific subcommand.

Still Have Questions?

In closing, we want to remind you that CUSSP was created with you -- the customer -- in mind, and we want your CUSSP experience to be a pleasant and positive one. So please...if you ever have a problem, don't try to remedy the situation yourself. That's what we're here for! Instead, contact one of us, or another member of the staff. We'll gladly work with you, and take measures to ensure that your problem gets solved quickly and that it doesn't recur.

Incidentally, when contacting us via e-mail, please address your messages to cussp@rpi.edu. Doing this ensures that, if one CUSSP representative is unavailable at the time, the others will see your message. (By contrast, sending a mail message to only one individual risks your having to wait until that person returns from other responsibilities, vacation, or personal leave before you can have your problem resolved.)

We hope that you find your computing experience here at Rensselaer to be a happy and productive one!

Dave Bicknell

Kelly Catelli

Andy Mondore

Chet Osborn

Your CUSSP Representatives