IRIX Installation and Customization

Revision as of 22:15, 16 August 2019 by Netfreak (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This article describes the installation and customization of the IRIX 6.5.30 operating system on a SGI Fuel. None of the tasks are specific to the FUEL or this specific version of the OS, so most of the steps will work for IRIX 6.5.21 - 6.5.30 and different hardware too. The following steps where recorded during the re-install of my system after the hard disk died.

Since we already have an article about the core installation over a network, we will only cover some basic information for the actual installation procedure.

See also the wiki entry, creating Bootable EFS Images

Additional PROM settings

If they don't exist yet, add or verify the following variables

  • AutoLoad yes
  • nogfxkbd 1
  • OSLoadPartition xxxx Variable set to root partition of the first SCSI disk.
  • OSLoadFilename xxxx Variable set to /unix (the kernel)

The "nogfxkbd" option allows the machine to boot without a keyboard or mouse connected. Its not needed on a headless system like SGI Origin 2xx(x) or 3xx(x). The OSLoadFilename variable is only important if the volume header of your system disk doesn't contain the bootfile=/unix entry.

Prepping disk and installing

We'll only cover some brief information in this section as more detailed articles exist elsewhere. This will assume you are using 6.5 with overlays and additional CDs, and you are installing to a fresh empty disk.

Partition Disk

Insert overlays CD 1 into your CD-ROM drive and enter the PROM monitor. You'll need to know the SCSI bus address of your drive so run "hinv" to obtain this if you don't already know it. You'll need to run "fx" to prep the hard disk.

32-bit systems (Indy, Indigo, older etc) (replace X with SCSI controller, Y with CD-ROM ID):

boot -f dksc(X,Y,8)sashARCS dksc(X,Y,7)stand/fx.ARCS --x

64-bit systems (Indigo2 R10k, Octane, newer etc) (replace X with SCSI controller, Y with CD-ROM ID):

boot -f dksc(X,Y,8)sash64 dksc(X,Y,7)stand/fx.64 --x

Once fx loads it should find your hard disk and confirm the details with you before dropping into the "fx>" prompt. Hit "r" for [r]epartition and you should see an option for "root drive" which will allocate almost all the disk for root and give a little bit to swap. After this is done, go back to the root fx menu and hit "l" for [l]abel and opt to sync the disk with "sy" and then exit. You should be able to click the install system software icon and have it start the process.

Inst

When the installer system loads it should read the contents of the overlay CD already in the drive, and then prompt you to insert additional CDs to read data from. You will need to insert each overlay CD plus the 6.5 foundation CDs to read the /CDROM/dist data on each. You should also use the 6.5 development library CD, 6.5 development foundations CD, 6.5 applications CD (2003). After each CD is read, select the done option to drop into the Inst> prompt. The following will give you a basic installation:

keep *
install standard
install prereqs

Begin process with "go" and deal with any conflicts as necessary. On a base install of 6.5.22 on an Indy with the noted CDs, I encountered a couple Java conflicts and opted to just not install those packages.

First tasks after installation

Log in as user "root" by clicking the User icon in the login window or by using telnet from a different machine.

Setup the network

Either do it graphically by choosing System Manager from the Toolchest and following along or use the instructions below.

 


By default IRIX uses DHCP after the installation finished and with some luck it works out of the box. But in most cases you will want to use a static IP address rather than a dynamic one, especially if you plan to provide services like WWW or Mail to other users or to yourself.

Hostname

Set the hostname for your machine:

IRIS # echo "fuel" > /etc/sys_id

Default IP Address

Edit the "/etc/hosts" file and enter your static IP followed by the FQDN(Full Qualified Domain Name) and an alias.

192.168.178.14 fuel.home.local fuel

Run the following commands:

IRIS # chkconfig autoconfig_ipaddress off
IRIS # chkconfig verbose on

Note: Use tabs instead of simple whitespaces when editing the "/etc/hosts" file.


Additional IP Addresses

If more than one IP is needed you can set the additional addresses in the "/etc/config/ipaliases.options" file.

ef0 192.168.178.15 netmask 0xffffff00 broadcast 192.168.178.255
ef0 192.168.178.16 netmask 0xffffff00 broadcast 192.168.178.255
ef0 192.168.178.17 netmask 0xffffff00 broadcast 192.168.178.255

Set chkconfig ipaliases to on. These settings comes active when restarting the network or the complete machine.

IRIS # chkconfig ipaliases on
IRIS # /etc/init.d/network stop
IRIS # /etc/init.d/network start

DNS

Edit "/etc/resolv.conf" and add the following lines:

domain home.local
nameserver 192.168.178.1

Perform "chmod 644 /etc/resolv.conf" after closing the file.

Resolve Order

Edit "/etc/nsswitch.conf" and change the line with "hosts:" to "hosts: files dns files".

Important note about DNS settings

If you use a domain that you own (or not) and your hosts don't actually resolve to real IP addresses (say you use abc.com for your website and iris.abz.com for the irix host which does not resolve to any IP address publicly) - IRIX may fallback to your domain's default IP address - in this case IP address for abz.com.

This may cause problems with certain applications using tooltalk (you would then see instances of "ttsession" in your ps output).

Examples may be cvd or rapidapp - those will show up in "ps" along with ttsessions instances but not display anything and look as if it were frozen.

Try running such app using "par", look for "gethostname" system calls and you should see dns resolution results. Inspect those in order, see if the lookup resolves to your local machine's hostname and IP address - if it doesn't, then fix your DNS to either use local server, correct your /etc/hosts and resolution order in /etc/nsswitch.conf, or add your machine to the real DNS server for your domain.

The explanation is simple:

Applications like cvd or rapidapp use tooltalk protocol which establishes some connection (possibly over IP) - so it launches hostname lookup for your machine, if this doesn't resolve back to your exact machine the app will keep waiting hoping the other side will respond and seem frozen.

Default Gateway

Add the default route to "/etc/config/static-route.options"

$ROUTE $QUIET add net default 192.168.178.1

Use the new network settings

Don't restart the network at this point because the change of the hostname in "/etc/sys_id" normally requires a reboot. As a workaround you can add your current hostname, which would be "IRIS", as an alias to "/etc/hosts". If you do this you can run "/etc/init.d/network stop && /etc/init.d/network start" and reboot the system.

192.168.178.14 fuel.home.local fuel IRIS

Optional: Set up IPv6

See topic IPv6 Set up.

Timezone

Set up the timezone "TZ=:Europe/Berlin" in "/etc/TIMEZONE".

Setup Date and Time

Without a reboot the changes in "/etc/TIMEZONE" won't take effect so we set the new value for our current session.

fuel # setenv TZ ":Europe/Berlin"
fuel # echo $TZ
:Europe/Berlin

If you have an internet connection use the ntpdate command for setting up the clock.

fuel # ntpdate ptbtime1.ptb.de
1 May 16:33:16 ntpdate[5366]: adjust time server 192.53.103.108 offset 0.014294 sec
fuel # date
Thu May  1 16:33:18 MET DST 2008

Without internet access you have to use the "date" command for this step.

fuel # date mmddHHMMccyy 

Move $HOME for user root and change the default shell

Create a new directory like "/admin" and adjust permissions.

fuel # mkdir /admin
fuel # chmod go-rwx /admin

Open "/etc/passwd" and modify the first line.

root::0:0:Super-User:/admin:/bin/tcsh

and change the location of $HOME and your favorite shell.

Re-login again to see if the changes take effect. If you're using a remote login via telnet or ssh just run "su -". Open a unix shell or use the console to check your current location and the shell variable.

fuel # pwd
/admin
fuel # echo $SHELL
/bin/tcsh

Note: It may take some time before the desktop icons re-appear.

Clean up the old stuff

fuel # cd /
fuel # rm -rf dumpster
fuel # rm -rf Desktop 
fuel # rm -rf .Sgiresources .cshrc .login .profile .varupdate .wshttymode .desktop-IRIS .desktophost

Install additional Software or Upgrades

In this case we install the software from a remote HOST which provides a share via NFS.

fuel # mkdir -p /mnt/indy
fuel # mount 192.168.178.7:/usr2 /mnt/indy
fuel # df
Filesystem             Type  blocks     use     avail  %use Mounted on
/dev/root               xfs 66924928  5106680 61818248   8  /
192.168.178.7:/usr2     nfs 156014080 96452928 59561152  62  /mnt/indy

Hint: You can use "df -h" to get a more human readable output.

If needed you can upgrade the OS to the latest IRIX version, which is 6.5.30 or 6.5.22 for older systems like SGI Indy and SGI Indigo2, by downloading the overlay from your supportfolio account. Keep in mind that you need to install Patch 5086 first if you try to upgrade to >= 6.5.22 from < 6.5.21. Apply all the current patches available from supportfolio. If the ipfilter package is not installed yet, consider to install it now.

Example for installing additional packages:

inst -f /mnt/indy/6.5/ipf -f /mnt/indy/6.5/ws_field_diags_irix-6515_6525.tardist -f /mnt/indy/6.5/ws_field_diags_stand-6521.tardist
Inst> install all
Inst> go
Inst> exit

Password for user root

Set a password for your root user.

fuel # passwd root
********
********

Reboot the machine

Run "shutdown -y -i6 -g0" or simply "reboot".

'Note:' If you log in for the first time after changing the hostname in "/etc/sys_id" the system will ask you to create a new desktop environment or to use the previous one. This is caused by the fact that the hostname is part of the name of the file containing your desktop settings.

Securing the installation

IRIX comes with a simple web-based GUI (Webface) for customizing some application, services together with a simple wizard named Ezsetup.

Webface

Webface is a weird mix of several independent modules like Webadmin, custom CGIs and other things used to configure some application. Note that some of these come from the Application CD or SGI's freeware collection.

Before using webface you need to start it first.

fuel # chkconfig webface on
fuel # /etc/init.d/webface start

Use a browser and surf to http://machinename:2077 where 2077 is the port number. You need to setup the root password and creating an account for the webface user.

  • Disable DHCP Server
  • Turn of standard services in inetd.conf // Doesnt take effect until you reboot or run "/etc/killall -HUP inetd". There is an option to disable all services which makes your IRIX Desktop unhappy because some daemon like FAM won't work anymore. You also disable telnet and ftp this way, so if you're connecting from a different machine, make sure to have SSHD already up and running or you'll be locked out.
  • Close all accounts
  • Require password verification for all remote logins
  • Disallow SNMP write privileges

Accept these changes and switch to the Applications if necessary.

fuel # /etc/init.d/webface stop
fuel # /etc/init.d/sgi_apache stop

EZsetup

Logging in as the Ezsetup user will open a wizard of 4 steps to setup the network, customizing the login window and activating some security add-ons like the use of shadow passwords. You can start it by selecting the EZsetup user icons from the login window. All the following things can be done manually by using various command-line tools and editing config files.

Step 1: Make your system secures

  • Run EZsetup, lock all accounts
  • Add passwords
  • Lock all the accounts
  • Enable JS/Java for some accounts
  • Remove NIS Accounts
  • Use shadow passwords
  • Require passwords at login
  • Visual Login Screen allowed
  • Privileged user allowed
  • Protect new user files
  • Enable remote display
  • Disable IP Forwarding
  • Disable Outbox Webserver

Press "OK" to complete the task.

Note: You may get an error when specifying the use of JavaScript/Java because the ".netscape" config directory wasn't created yet for those users. If this happens log in through telnet/ssh and just create it.

fuel # mkdir $user/.netscape
fuel # touch $user/.netscape/preferences.js

Don't forget to adjust the ownership of the created files!

Hint: The use of the shadow password file can be done by running "pwconv" from the command line. All entries from "/etc/passwd" are converted into "/etc/shaddow". Consider to read the man page first before using the command.

This wizard can also be run by choosing "Improve System Security" from the SystemManager (sysmgr) in the "Security and Access Control" menu.


Step 2: Setup your network connection

Enter the root password when asked for it. You can skip this part if you already did it at the beginning in this article. Otherwise specify the Hostname, IP address and Gateway information as requested. Press "OK" to complete the task.

Step 3: Create a user account

Enter the root password when asked for it.

  • Specify your user name
  • Enter the full name
  • Add Password
  • confirm the user id

Note: If you have more than one unix machine around or when using NFS use the same user id as on your other machines!

  • Select primary group: user
  • Verify home directory and create as needed
  • Select tcsh as your default shell

Note: You can change your default shell later to "bash" or "zsh" by editing "/etc/passwd". Make sure that the corresponding package is installed on the system.


Hint: Don't specify a shell for the user root which is not on the partition of the system disk. A good choice would be to use tcsh and switch to your favorite one after you logged in.


Press "OK" to complete the task

Step 4: Customize your work environment

Click on "World Wide Web" and than "Next".

  • Choose default page for your webbrowser
  • Add Socks and Proxy setting if needed
  • Enable Java an Javascript

Press "OK" to complete the task

Click on "Configure".

  • Choose between "Personal Computer" or "Unix system".

Press "OK" to complete the task

Quit the system setup

If you have finished all the tasks press the "Quit System Setup" button and confirm with "yes". If the system asks for a reboot select "yes".

After rebooting the system don't forget to lock the EZsetup account! Run "passwd -l EZsetup" within a shell.

Install SSH Server

By default the openssh server isn't installed. If you would like to run a stock IRIX use inst or swmg and install "openssl.sw.server" from your recent overlay media (only available on >= IRIX 6.5.19). You may consider to use a more recent version of the software by using SGI's Freeware or Nekoware OpenSSH. The later one provides the most recent version of Openssh [1]. A separate howto setup ssh is available for this.

For Nekoware sshd you need at least the following packages:

fuel # cd /path/to/neko_tardists
fuel # inst -f neko_openssh-4.7p1.tardist -f neko_openssl-0.9.7m-r1.tardist  -f neko_zlib-1.2.3-r1.tardist

Install IPfilter

A comprehensive howto for the configuration of IPfilter is available.

fuel # chkconfig ipfilter on

Disable services through inetd

Open "/etc/inetd.conf" and comment out all services you don't want to use. By default it would be safe to comment out services like:

  • ftp
  • telnet
  • shell
  • login
  • exec
  • finger
  • http
  • wn-http
  • sgi-dgl
  • bootp
  • tftp
  • ntalk
  • tftp
  • tcpmux

After that run "/etc/killall -HUP inetd" for re-reading the configuration.

Insert "-s" into "/etc/inetd.conf" for checking the syntax of the file. You can also run "inetd -s" as a non root user for this task.

Note: Don't disable all of the sgi_* services until you know what you're doing. Most of these services are needed for a properly working desktop. If you would like to try it just comment out all sgi_* except the sgi_fam service! If you properly set up IPF malicious traffic from the outside will be blocked. If you're using 3rd party application or other commercial software which act in a Server and Client way you may need services like exec or login. Check the SYSLOG if problems occur during the use of those kind of applications.


Disable unwanted Services and Daemons with chkconfig

Run "chkconfig" to get a list of available flags. The number of entries depends on which software is installed and also depends on the hardware platform. For the description of the default flags see the manpage of chkconfig. If a description is missing try "man $flagname" to find further information. The chkconfig flags are used in various init scripts to determine if a service or daemon should automatically be started at boot time. A brief list of settings which can be changed compared to the default:

  • chkconfig webface_apache off
  • chkconfig webface off
  • chkconfig sgi_apache off
  • chkconfig verbose on
  • chkconfig numastatd off
  • chkconfig esp off
  • chkconfig lp off
  • chkconfig ipfilterd off
  • chkconfig sesdaemon off
  • chkconfig tfxd off
  • chkconfig snmpd off
  • chkconfig routed off
  • chkconfig route6d off
  • chkconfig sdpd off
  • chkconfig proclaim_server off
  • chkconfig ts off
  • chkconfig mkpd off

Login requirements

Edit "/etc/default/login" and change the login requirement to match your needs.

  • MANPASS=YES #This causes the system to lock out each account that does not have a password.
  • PASSREQ=NO
  • SLEEPTIME=1
  • LOGFAILURES=3
  • DISABLETIME=20
  • MAXTRYS=3
  • SUPATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/etc:/usr/etc:/usr/bin/X11:/usr/gfx:/usr/sysadm/bin:/usr/sysadm/privbin

Verify that the "UMASK" value is also present in "/etc/profile" and "/etc/cshrc" and has the same value. For accounts (root) which need strict settings set umask 027 in $HOME/.cshrc and $HOME/.profile. All files created by users with umask 027 will now have "rw-r-----" and directories will have "rwxr-x---" permissions. Any special needs can be addressed on an individual basis.

fuel # touch /var/adm/loginlog

Warning: You have to change the UMASK back to 022 if you would like to install self-compiled software for your users.

Hide User accounts in the login window

Edit "/var/sysadm/config/clogin.conf" or use "Toolchest -> System -> System Manager -> Security and Access Control -> Configure Login Window" from the system manager which can be start from the toolchest or "/usr/sysadm/bin/swmgr".

Note: If your machine is a public one you may consider to set

fuel # chkconfig noiconlogin on
fuel # chkconfig visuallogin off

This way the login screen will not display which accounts exist on the machine.

Grant Privileges

You may grant some additional privileges to your main user to allow him to perform some admin tasks, like shutting down the machine. To do so start sysmgr again and choose "Privilege Manager" from the "Security and Access Control" menu.

Verify user accounts

Issue "/usr/sbin/pwck" which checks the /etc/passwd file for inconsistencies. It should report that the sysadm, cmwlogin, nuucp, auditor, dbadmin, rfndd, demos, OutOfBox and 4Dgifts accounts do not have home directories.


Securing FAM

FAM is the File Alteration Monitor. This server tracks changes to the filesystem and relays them to applications such as the file manager and mailbox.

Edit "/etc/fam.conf" and change "local_only = false" to "local_only = true"

Additional logging and System Modifications

For extra logging of login, xdm, ssh, getty, ftpd and rshd attempts into a seperate file together with SYSLOG edit "/etc/syslog.conf" and add the line "auth.info<TAB>/var/adm/authlog"

fuel # touch /var/adm/authlog
fuel # chown root:sys /var/adm/authlog
fuel # chmod 600 /var/adm/authlog

Also log unsuccessful login attempts at the console.

fuel # touch /var/adm/loginlog
fuel # chown root:sys /var/adm/loginlog
fuel # chmod 600 /var/adm/loginlog

Restart the syslogd by running "/etc/killall -HUP syslogd" from a shell.

Rotating of logs and System Modifications

Add the following lines to the root users crontab:

1 1 *  * 0	umask 077; cd /var/adm; if test -s authlog && test "`/sbin/stat -qs authlog`" -ge 10240; then mv -f authlog OLDauthlog; touch authlog; killall 1 syslogd; fi

21  1 * * 0	umask 077; cd /var/adm; if test -s loginlog && test "`/sbin/stat -qs loginlog`" -ge 10240; then mv -f loginlog OLDloginlog; touch loginlog; killall 1 syslogd; fi

Hint: If you choose "umask 077" instead of "umask 033" this increases system security by creating log files which aren't readable by group and others anymore.

Hint: If you are not familiar with the "vi"-like editor for "crontab -e" you can also use a GUI tool of your choice and change "/var/spool/cron/crontabs/root" instead.

not written yet

Some post installation steps

Installing licenses

Place your licences to "/var/flexlm/license.dat". Keep in mind that some 3rd. party products like SoftWindows place their license file under different locations. If your system has a XVM/XLV plexing license put a copy into /etc/flexlm/license.dat too, because "/var" may be a seperate mount point which is not yet available during XVM/XLV initialization.

Note: You always have support for plexing when booting the miniroot from a install media like CDrom or network.


Setting 24 Bit Color

To set your default X server visual to 24-bit TrueColor, edit the following file:

/var/X11/xdm/Xservers

Be sure to back up first. To set it to 24 bit change it to this:

:0 secure /usr/bin/X11/X -bs -nobitscale -c -class TrueColor -depth 24 -solidroot sgilightblue -cursorFG red -cursorBG white

All one line. Save, log out then in. You can make sure the resolution is set by running xdpyinfo. Look for "default visual id":


 number of visuals:    26 
 default visual id:  0x34 

 visual: 
   visual id:    0x34 
   class:    TrueColor 
   depth:    24 planes 
   available colormap entries:    256 per subfield 
   red, green, blue masks:    0xff, 0xff00, 0xff0000 
   significant bits in color specification:    8 bits


Here's a great tip if you're wanting a little more flexibility with your input devices under IRIX.

If you are running IRIX 6.5.16 or newer on a system that has a PS/2-style mouse port, you can enable support for PS/2-style mice that have more than three buttons, including mice with scroll wheels.

Supported systems include SGI Indy, SGI Indigo2, SGI O2, SGI Octane, SGI Fuel, SGI Onyx2, SGI Onyx 300, SGI Onyx 3000, and SGI Tezro systems. Older systems, such as the 4D series, SGI Indigo, IRIS Crimson, and SGI Onyx, are not supported.

By default, IRIX only recognizes basic, non-scrolling, three-button mice. To activate support for additional buttons, including scroll wheels, you will need to use systune to set the pcmouse_mode kernel parameter to a value that is suitable for your mouse.

PC Mouse Mode Settings

Here are the possible systune settings for pcmouse_mode to use scrolling wheels in IRIX:

0 - Default 3-button mode

1 - 3-button Wheel Mouse (type 3), Wheel scrolling generates button events 4 & 5.

2 - 5-button Wheel Mouse (type 4), Wheel & buttons 4 & 5 generate button events 4 & 5.


Since I am using a Intellimouse Explorer, I chose '2'. The command to activate support in my case would then be (as root):

systune pcmouse_mode 2

After a reboot both the scroll wheel and middle button should be active. On a five button mouse such as the Intellimouse Explorer, the two additional buttons function as scroll up/down. You should also see an entry in /var/adm/SYSLOG like this:

Dec 15 20:19:07 5A:Mika unix: NOTICE: pcmouse: type=4

I've found the scroll wheel works wonderfully with Mozilla, SkipStone and many freeware applications available on http://freeware.sgi.com. If you use aterm as your default terminal it works with that as well.

Note: According to the man page for pcmouse, "SGI does not support running mice in enhanced mode when connected through a switch."

External link

Gamma settings

The default value of 1.7 is high compared to other systems (Windows). To change the setting permanently run the following command as user "root":

fuel # gamma 1.2

The value is stored in "/etc/config/system.glGammaVal". Without a new value the command returns the current setting.

Enable NTP (Network Time Procol)

Open "/etc/ntp.conf" and specify a timeserver like "server ptbtime1.ptb.de". A list of available servers can be found on the internet.

Run "chkconfig ntp on" and use the init-script to start ntp.

fuel # /etc/init.d/ntp start
fuel # ps -edalf | grep ntp | grep -v grep
       4 S     root       1552          1  0  20 20  *   168:168   55a198b8 19:01:33 ?       0:00 /usr/sbin/ntpd -b -f /etc/ntp.drift
       0 S     root       1555       1552  0  20 20  *   168:168   55a1b0b8 19:01:33 ?       0:00 /usr/sbin/ntpd -b -f /etc/ntp.drift

If you use ntp on your system you don't have a need for the TIMESERVER anymore so run "chkconfig timed off".

Run ntpdate through a cronjob

Run "crontab -e" as user root and add:

# Run Ntpdate every 55min
55      *       *       *       *       ntpdate ptbtime1.ptb.de > /dev/null 2>&1

Run updatedb through a cronjob

The findutils package provides capabilities for searching.

Install the following packages:

fuel # inst -f neko_fileutils-4.1.tardist -f neko_findutils-4.2.20.tardist -f neko_gettext-0.14.1.tardist -f neko_libiconv-1.11.tardist -f neko_expat-2005-01-28.tardist

Run "crontab -e" as user root and add:

# Run Updatedb a 3:00am
0       3       *       *       *       /usr/nekoware/bin/updatedb --prunepaths='/dev /hw /CDROM /mnt /tmp /usr2/MIPS /usr2/GCC /stand' > /dev/null 2>&1

Run the command within a shell for building the database now and you can use "locate foobar" for searching through all your files.

Serial devices

You can specify default values for your serial lines in "/etc/uucp/Devices".

Systune Kernel Parameters

systune is a tool that enables you to examine and configure your tunable kernel parameters. Systune can adjust some parameters in real time and informs you if you need to reboot your system after reconfiguration.

Core dumps are generally world readable. Hackers can cause them to be generated and then read data such as the "/etc/shadow" file from them. They can also be used in denial of service attacks. The rlimit_core_max kernel parameter specifies the maximum size of a core file and is set to a large value by default. Setting this value to 0 will restrict the generation of core files. This is only a small inconvenience to developers who can still use tools such as CaseVision Tools and Insure++ for debugging.

fuel # systune rlimit_core_max 0

By default the kernel parameter restricted_chown is set to 0, which allows users to giveaway file ownership in System V style. This is a security risk that has resulted in several recent exploits. Change this value to 1 to enforce the BSD style chown, which only allows root to give away files.

fuel # systune restricted_chown 1

Disable ipforwarding to prevent broadcasting of sensitive system information.

fuel # systune ipforwarding 0

Disable ipsendredirects

fuel # systune ipsendredirects 0

Disable ipdirected_broadcast

fuel # systune ipdirected_broadcast 0

Increase the size of arguments

fuel # systune ncargs 131072

Enable the use of ipv6

fuel # systune ip6_enable 1

Reconfigure the kernel and reboot the machine to make the changes take effect.

fuel # /etc/autoconfig
fuel # /etc/reboot

Note: Some of these modifacation are already set if you used the EZsetup wizzard earlier.

Customizing the user environement

Most of the settings can be reached through the customization panels from the toolchest. The values are stored into $HOME/.Sgiresources.

Shell

Assuming that you have selected "bash" as your favorite shell you have to create $HOME/.profile for customizing.

# Users sh profile
#
# "$Revision: 1.17 $"

# ORACLE environement
if test -f /etc/oracle_env.sh; then
 . /etc/oracle_env.sh
fi

if [ -z "$ENVONLY" ]
then
        # Set the interrupt character to Ctrl-c and do clean backspacing.
        if [ -t 0 ]
        then
                stty intr '^C' echoe
        fi

        # Set the TERM environment variable
        if [ -d /usr/lib/terminfo ]
        then
                eval `tset -s -Q`
        fi

        # save tty state in a file where wsh can find it
        if [ ! -f $HOME/.wshttymode -a -t 0 ]
        then
            stty -g > $HOME/.wshttymode
        fi
fi

# Set the default X server.
if [ ${DISPLAY:-setdisplay} = setdisplay ]
then
    if [ ${REMOTEHOST:-islocal} != islocal ]
    then
        DISPLAY=${REMOTEHOST}:0
    else
        DISPLAY=${REMOTEHOST}:0
    fi
    export DISPLAY
fi


# Aliase
alias ll='ls -l'
alias ps='ps -edalf'
alias wg='wget  --passive-ftp '
alias par='par -sSSi'
alias whois='whois -T dn '

PS1=$WHT"[\h]:"$RED"\w "$WHT"\$ "$NONE
PS2=$GREEN"> "$NONE
export PS1
export PS2
export MANFMTCMD="groff -Tascii -man"
export LC_ALL=de
export LANG=de
export COLORTERM=1
export MP_SET_NUMTHREAD=1
export KDEDIRS=/usr/nekoware/kde
export GNOME2_DIR='/usr/nekoware'
export GNUMAKE='/usr/nekoware/bin/gmake'
export PATH=/usr/nekoware/bin:$PATH
export PYTHONHOME=/usr/nekoware
export PYTHONPATH=/usr/nekoware/lib/python2.4
export PERL=/usr/nekoware/bin/perl
export QTDIR=/usr/nekoware/qt4



# Paths
export PATH=/sbin:/usr/sbin:/usr/bsd:/usr/bin:/etc:/usr/sysadm/privbin:/usr/etc:/usr/bin/X11:/usr/gfx:/usr/nekoware/mysql5/bin:/usr/nekoware/bin:/usr/nekoware/sbin:/usr/nekoware/kde/bin:
export MANPATH=/usr/share/catman:/usr/share/man:/usr/catman:/usr/man:/usr/nekoware/man:/usr/nekoware/mysql5/man:/usr/nekoware/php5/man

# Library paths
export LD_LIBRARYN32_PATH=/usr/lib32:/usr/nekoware/lib:/usr/nekoware/mysql5/lib/mysql:/usr/nekoware/kde/lib
export LD_LIBRARY64_PATH=/usr/lib64

export PKG_CONFIG=/usr/nekoware/bin/pkg-config
export PKG_CONFIG_PATH='/usr/nekoware/lib/pkgconfig'
export PKG_CONFIG_LIBDIR='/usr/nekoware/lib'

SGML_ROOT=/usr/nekoware/share/sgml
SGML_CATALOG_FILES=${SGML_ROOT}/jade/catalog
SGML_CATALOG_FILES=${SGML_ROOT}/iso8879/catalog:$SGML_CATALOG_FILES
SGML_CATALOG_FILES=${SGML_ROOT}/docbook/3.0/catalog:$SGML_CATALOG_FILES
SGML_CATALOG_FILES=${SGML_ROOT}/docbook/3.1/catalog:$SGML_CATALOG_FILES
SGML_CATALOG_FILES=${SGML_ROOT}/docbook/4.0/catalog:$SGML_CATALOG_FILES
SGML_CATALOG_FILES=${SGML_ROOT}/docbook/4.1/catalog:$SGML_CATALOG_FILES
SGML_CATALOG_FILES=${SGML_ROOT}/docbook/dsssl/modular/catalog:$SGML_CATALOG_FILES
export SGML_CATALOG_FILES

# JAVA environment
export PATH=$PATH:/usr/java2/bin
export LD_LIBRARYN32_PATH=$LD_LIBRARYN32_PATH:/usr/java2/jre/lib32
export JAVA_HOME=/usr/java2
export CLASSPATH=.

Setup the user language and keyboard

Use "Desktop->Customize->Language" from the toolchest menu.

Warning: If you change the Country Settings for the system the "/etc/TIMEZONE" will be changed. You may need to check this. The personal TIMEZONE is stored in $HOME/.TIMEZONE.

Background

Use "Desktop->Customize->Background" from the toolchest menu to adjust the colors. A howto for Custom Background on Irix describes how to use an image as background wallpaper. As of IRIX 6.5.22 there is also native support for using common formats like PNG or JPEG as backgrounds.

Utilities

Use "Desktop->Customize->Utilities" from the toolchest menu to specify your default applications.

  • Browser = /usr/nekoware/bin/firefox
  • Mail = /usr/nekoware/bin/thunderbird
  • Editor = /usr/nekoware/bin/nedit

Icons

Use "Desktop->Customize->Icons" from the toolchest menu to set the icon size and enable the global setting "Open in Place" which prevents the filemanger to open in a new window when clicking on a directory icon.

Desk Overview

Use "Desktop->Extra Desks" to create a desk overview. Create 2 new desks and hide the global one. Under "Desk->Scaling" you can reduze (choose 6%) the window size of the desks. At a last step hide the menubar of the desks overview window.

Look & Feel Windows and Apps

For changing key bindings and general behaviour of the desktop and the look of windows create $HOME/.Xdefaults and insert the following:

*clientDecoration: +resizeh +border +minimize +maximize +menu
*DesksOverview*clientDecoration: none
4Dwm*clock*clientDecoration: none

Overview.geometry: +10-10
Overview*viewWindowName: true
Overview*Frame.marginHeight: 1
Overview*Frame.marginWidth: 1

*xclock*clientDecoration: none
*Gleyes*clientDecoration: none
*gr_top*clientDecoration: none


4Dwm*interactivePlacement: False
4DWm*clientAutoPlace: False
4Dwm*usePPosition: True
4Dwm*positionOnScreen: True
4Dwm*iconImageBackground black
4Dwm*iconImageForeground: white
4Dwm*iconPlacement: left top tight
4Dwm*iconPlacementMargin: 1
4Dwm*resizeBorderWidth: 1
4Dwm*frameBorderWidth: 1
4Dwm*SG_frameOutline: false
4Dwm*SG_titleOutline: false
4Dwm*SG_titlePadding: 0
4Dwm*SG_useDecals: false
4Dwm*iconDecoration: label image

Aterm*transparent: True
Aterm*shading: 30
Aterm*tinting: grey
Aterm*font: -sgi-screen-*-r-*--12-*-*-*-*-*-iso8859-1
Aterm*saveLines: 2000
Aterm*termName: xterm
Aterm*background: black
Aterm*foreground: white
Aterm*cursorColor: orange
Aterm*geometry: 80x24
Aterm*tintingType: true
Aterm*scrollBar: 0
Aterm*fading: 70

You have to study manpages like "4Dwm" and others to find out which resource names exist.

Hint: Press "ALT+F7" to move sticky windows around with the mouse. For information about installed fonts use the "xfontsel" programm.

SSH Keys

Place your private key into "$HOME/.ssh/id_dsa" and your public one into "$HOME/.ssh/id_dsa.pub". Be sure that you adjust the perms of your id_dsa file by running

  fuel # chmod 600 id_dsa

If you would like to login through a ssh key from another machine or from local just copy "id_dsa.pub" to "authorized_keys2". You can add additional keys into "authorized_keys2".

Customizing the Desktop

Install new Icons

For each .fti icon file you will need a corresponding .ftr file. These ftr files should go in /usr/lib/filetype/install/ and the fti files should go in /usr/lib/filetype/install/iconlib/. Here is my firefox ftr for example:

TYPE firefoxExecutable
   SUPERTYPE Executable
   MATCH tag == 770069;
   LEGEND web browser
   CMD OPEN      /usr/nekoware/bin/firefox
   CMD DROP       /usr/nekoware/bin/firefox $SELECTED
   ICON           {
                  if (opened) {
                           include("../iconlib/generic.exec.open.fti");
                  } else {
                           include("../iconlib/generic.exec.closed.fti");
                  }
                  include("/usr/lib/filetype/install/iconlib/firefox.fti"):
}

Notes on the FTR example:

Obviously replace the firefox part of "firefoxExecutable" with the correct name for a given app. If it were a script instead of an executable you'd write that instead.

Supertype: Either executable or script

Match tag numbers: First go to the directory of the executable/script that you want to give an icon, and check to see if it has a match number already. Use the command tag -q myapp to do this. Usually developers are supposed to tag their stuff and you should not use a number that has already been taken by another program, but it's not like there are a ton of apps on IRIX, and the chances of picking a random number that has already been used is small. I used "tag 770069 firefox" to give firefox that match number as you can see. Also make sure not to forget this guy at the end of the number ---> ;

Legend: what you type here is the description you get when you right-click > Get Info. A short description of the program.

The last part of the .ftr is self-explanatory. This is a bare-bones ftr, they can have more functionality besides drag & drop added to them.

Wrapping it up

Once you have your fti & ftr files in place change directory to /usr/lib/filetype and make sure you're a super user (type su, and then give root password). Enter "make -u". After it has finished doing its thing, log out and then log back in.

If everything was setup correctly your programs should now have shiny new icons. :)

Courtesy of DaJuice.


Install, delete or amend toolchest entries

To modify the toolchest systemwide edit /usr/lib/X11/system.chestrc or /usr/lib/X11/nodesktop.chestrc. Or, you need to create a .chestrc in your home directory for this.

Per-user changes can be done by editing .auxchestrc file and using:

remove Itemname

See the Toolchest page for custom toolchest menus.

Use custom background

First you must enable 24-bit support on your X server.

Next obtain some backgrounds; depending on your display configuration most likely 1280x1024 or 1024x768 8-bit X11 PixMap (XPM) format. You can convert JPEG images to XPM using ImageView, xv, NetPBM or similar, and resizing/cropping to the correct size and aspect can be accomplished with an image editor (such as GIMP or Photoshop).

Once you have a suitable XPM file you'll need to configure 4Dwm to use it as a background. First, create and edit a .backgrounds file by copying the system.backgrounds file from /usr/lib/X11 to your home directory as .backgrounds:

cp /usr/lib/X11/system.backgrounds ~/.backgrounds

Using a text editor, add additional entries for your new backgrounds file like this:

background "Anime"
command "-xpm /usr/people/neko/backgrounds/anime.xpm"
default "-xpm /usr/people/neko/backgrounds/anime.xpm"
readok "/usr/people/neko/backgrounds/anime.xpm"

Change the three path entries /usr/people/neko/backgrounds/anime.xpm to reflect the full name and path of the background file you are using. Also be sure to change the background name from "Anime" to whatever you'd like to show up in your Background control panel. You can add several entries like the above to easily switch between multiple backgrounds; I have at least twenty myself.

Once all this has been accomplished you can select your new background(s) from Toolchest -> Desktop -> Customize -> Background. In addition to the increased performance, you'll even get a snippet of the new background in your Desks Overview which is another benefit of using XPM files.

Rather use 24bit images?

If you'd rather use 24-bit images for your background, you can do so using either xli or Esetroot. xli is part of the xli.1.16 X11 image loader/viewer package on SGI Freeware:

http://freeware.sgi.com/Installable/xli-1.16-sgipl1.html

Esetroot is part of the Eterm-0.8.10 Enlightenment-aware xterm package on SGI Freeware:

http://freeware.sgi.com/Installable/Eterm-0.8.10.html

Example xli entry:

background "Anime2"
command "-execute /usr/freeware/bin/xli -onroot -fork /usr/people/neko/backgrounds/anime2.jpg"
default "-execute /usr/freeware/bin/xli -onroot -fork /usr/people/neko/backgrounds/anime2.jpg"
exeok "/usr/freeware/bin/xli"

readok "/usr/people/neko/backgrounds/anime2.jpg

Example Esetroot entry:

background "Anime3"
command "-execute /usr/freeware/bin/Esetroot /usr/people/neko/backgrounds/anime3.jpg"
default "-execute /usr/freeware/bin/Esetroot /usr/people/neko/backgrounds/anime3.jpg"
execok "/usr/freeware/bin/Esetroot"
readok "/usr/people/neko/backgrounds/anime3.jpg"

xli is the easiest of the two to install as it has no additional dependencies. It's rather dated in that it does not support progressive JPEG or PNG so some backgrounds will need to be converted to standard JFIF JPEG before xli can deal with them. xli also does not support pseudo transparency effects with some applications, a good example being X-Chat.

Esetroot supports progressive JPEG and pseudo transparency in X-Chat and seems a bit faster overall. The downside for those tight on disk space is that it requires 62 additional dependent packages to install.

There are a couple of caveats to note when using 24-bit images. Desks Overview will not display background previews in the desk panes and you'll find that desktop switching slows down dramatically, though that's less of an issue on newer hardware. If you are not a multi-desktop user these issues may not be important to you, but I recommend trying both xpm and the alternate methods given above to see which works best in your environment.

Using IRIX 6.5.22 and Up

IRIX 6.5.22 brought native support for many image formats; backgrounds can now be JPEG, PNG, BMP, etc. - no conversions required.

The procedure is essentially the same as above (add -class TrueColor -depth 24 to /var/X11/xdm/Xservers, copy /usr/lib/X11/system.backgrounds to your home directory as .backgrounds) except a typical ~/.backgrounds entry now looks like this:

background "Anime" 
default "-image /usr/people/neko/backgrounds/anime.jpg"

instead of like this:

background "Anime" 
command "-xpm /usr/people/neko/backgrounds/anime.xpm" 
default "-xpm /usr/people/neko/backgrounds/anime.xpm" 
readok "/usr/people/neko/backgrounds/anime.xpm"

A forum member wrote the following script for IRIX 6.5.22+ that will auto-populate a ~/.backgrounds based on the contents of a directory filled with JPEG/BMP/PNG images. Just change BGDIR to reflect an image directory of your choice:

#!/bin/sh 
BGDIR=$HOME/Backgrounds 
cp /usr/lib/X11/system.backgrounds $HOME/.backgrounds 
chmod 644 .backgrounds 
cd ${BGDIR} 
for x in *.jpg *.xpm *.png *.bmp; do 
case ${x} in 
'*.jpg'|'*.xpm'|'*.png'|'*.bmp') ;; 
*) 
NAME=`echo ${x} | tr '.' ' ' | awk '{print $1}' | tr '_' ' '` 
echo "" >> $HOME/.backgrounds 
echo "background \""${NAME}"\"" >> $HOME/.backgrounds 
echo "default \""-image ${BGDIR}/${x}"\"" >> $HOME/.backgrounds 
;; 
esac 
done

Courtesy of Nekonoko.


Custom background on login screen

edit /usr/lib/X11/xdm/Xsetup At the top of the file add a line similar to:

/usr/nekoware/bin/xli -onroot /path/to/wallpaper/login_pix.jpg


Add pictures to visual login

Use chkconfig to make sure that visuallogin is set to on and noiconlogin to off. The icons (SGI RGB format, at least 100x100 pixels) can be placed in the following locations:

/$HOME/.icons/login.icon
/usr/lib/faces/$USER
/usr/local/lib/faces/$USER

$USER is the loginname of the user, $HOME the home directory.

Remember, no file extension is needed after the name of the image. $USER is not a directory, but an actual rgb image file with the name of the account that it will use during visual login.

Courtesy of Gerhard Lenerz.

Visual Login Banner

You can display a banner instead of user account icons by

chkconfig visuallogin on
chkconfig noiconlogin on

and replacing the stand SGI (RGB) image in /usr/Cadmin/images/cloginlogo.rgb an image of your choice. See the man page for clogin(1) for more details.

Startup Items

Just a quick tip today for those needing certain apps to run whenever the window manager is launched. Create a file called ~/.sgisession and add commands (this example launches an aterm shell and a clock):

 /usr/local/bin/akaneclock /usr/local/bin/aterm -tr -sh 50 -bg black -fg cyan -sl 1500

Troubleshooting

CTRL+C does not work anymore when logging in through the network

Edit "/etc/profile" and change the last line "trap 2 3" to

trap  2
trap  3

Phobos G130 problem with IRIX updates

Upgrade seem to work fine. When it's time for autobuild, I get error messages which refers to 'gfe...' device and autobuild aborts. I can start my system, 'versions' shows IRIX6.5.17m software installed but 'uname -R' still shows IRIX6.5.16m.

Yes, this is a known problem of the Phobos-driver, not from IRIX. But the bug in the driver is not - and will not be - fixed, so i use this workaround: Un-installing the Phobos- drivers before the OS-Upgrade, install the upgrade, then re-install the Phobos-driver. This worked for me since 6.5.15.

WARNING: The serial number on this system controller is not valid!

First, find the serial number sticker on the system. It's a small yellow label and should be something like S12345. Then go to the PROM monitor and type:

>> serial Sxxxxx

where Sxxxxx is the serial on the label. You will be asked to confirm it and that should fix it.

See Also