Please consider a donation to the Higher Intellect project. See https://preterhuman.net/donate.php or the Donate to Higher Intellect page for more info.

Difference between revisions of "IRIX Setup 101"

From Higher Intellect Vintage Wiki
Jump to navigation Jump to search
(added last article link)
 
 
Line 309: Line 309:
 
===Wrapping up===
 
===Wrapping up===
 
This is the end of IRIX Setup 101. For practical reasons this ends most common "first time" setup questions and was patterned after the popular, though poorly-written "IRIX Installation and Customization". Further guides will explore how to perform more advanced configurations.
 
This is the end of IRIX Setup 101. For practical reasons this ends most common "first time" setup questions and was patterned after the popular, though poorly-written "IRIX Installation and Customization". Further guides will explore how to perform more advanced configurations.
 +
 +
[[Category:SGI]]

Latest revision as of 22:41, 21 April 2021

IRIX Setup 101

For newcomers to IRIX, setting up IRIX for the first time can be daunting. This aims to break it down into selective, easy-to-follow sections for a post-install IRIX.

Forenotes

Due to specificity of various hardware and IRIX versions, this guide primarily assumes IRIX 6.5.21+ and that the user is interested in running Nekoware, optxeno, or another product offered on IRIXNet. It is advised to go into this understanding what the goals of the user are exactly.

Per the IRIXNet Wiki's Style Guide[1], all root commands will be prefixed with #, all user-level commands will be prefixed with % (for the tcsh shell).

This is an article copied and slightly modified for use on wiki.preterhuman.net and donated by IRIXNet to Preterhuman.net. It is freely available.

First Steps

Securing root

Either login on the login screen to root, or serial in via root. Open a terminal window by clicking Desktop - > Open Unix Shell. This is the root shell of the account, and for clarity sake, most commands will be performed via terminal. Type -+# passwd+- and set a secure password for the root user. If doing this from GUI (i.e. EZSetup, this will cover most of the important settings covered there) be warned IRIX will not accept passwords greater than 8 chars in length. From the commandline, there is no such limitations.

Network Setup

A detailed article can be found at Network Setup 6.5.

Date and Time

Again, a detailed article can be found at Keeping Time

Move $HOME for root

Now it is necessary to make a space for root. Due to IRIX's default install, root's home directory is effectively /, the root of the filesystem. This is bad. Do not skip this step.

Home directories are defined in /etc/passwd. First, make the directory: # mkdir /root; chmod go-wrx /root And then update the root line to look like so: root::0:0:Super-User:/root:/bin/tcsh This can be automated (carefully) with a perl, awk, or sed command, but be careful.

Now clean up: # cd /; rm -rf Desktop dumpster .Sgiresources .cshrc .login .profile .varupdate .wshttymode .desktop-IRIS .desktophost

Log out and log back in again.

Securing IRIX

Lock unsafe accounts

IRIX by default is installed with several accounts without passwords. Checking this is easy: # passwd -as

Locking the accounts on a normal IRIX install is easy:

# foreach account (lp EZsetup nuucp demos guest OutOfBox sys adm sysadm cmwlogin auditor dbadmin sgiweb 4Dgifts); passwd -l $account; end

Creating a user account

Next, create a user account for normal usage, as running as root 24/7 is dangerous. It's easily and safely done using tools in the privbin: # /usr/sysadm/privbin/addUserAccount -l username -S `which tcsh` -H /usr/people/username -C -u 1034 -g 20

The above example will create a user called username with a default shell of tcsh, a home directory of /usr/people/username (/home is NOT a thing on IRIX), create the directory (-C flag) with a uid of 1034 and membership in the user group (ID 20). It may also be advisable to create a group with the same username created by the command above, however that requires manually adding a group to /etc/group and editing permissions on the home directory. This may be covered in a future installment.

Enable Shadow Passwords

By default IRIX uses crypt() hashes in /etc/passwd

This is now discouraged and insecure, so it is preferred to enable /etc/shadow. Run pwconv to enable it.

Edit system defaults

The file /etc/default/login controls primary login behavior. Edit the files options to look something akin to this:

 CONSOLE=/dev/console
 PASSREQ=YES
 ALTSHELL=YES
 MANDPASS=YES
 UMASK=027
 TIMEOUT=60
 DISABLETIME=300
 MAXTRYS=3
 LOGFAILURES=4
 IDLEWEEKS=2
 PATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11:
 SUPATH=/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/etc:/usr/etc:/usr/bin/X11:
 SYSLOG=ALL
 INITGROUPS=YES
 LANG=C
 SVR4_SIGNALS=NO
 LOCKOUT=4
 LOCKOUTEXEMPT=root

Note that it is a good opportunity to add extra pathnames that all users will have in PATH. Examples include /usr/nekoware/bin, /opt/xeno/bin, et cetera.

chmod the file to 444 next: # chmod 444 /etc/default/login

File Alteration Monitor

For security reasons, edit /etc/fam.conf to have local_only = true instead of local_only = false.

Disable Vulnerable Network Services

The following network services are wholly unnecessary for most installations and can be disabled with the following command string:

 # chkconfig sgi_apache off; chkconfig webface_apache off; chkconfig appletalk off; \
 chkconfig timed off; chkconfig timeslave off; chkconfig esp off; chkconfig ipaliases off; \
 chkconfig ypmaster off; chkconfig yp off; chkconfig sendmail off; chkconfig sendmail_cf off; \
 chkconfig webface off; chkconfig named off; chkconfig rsvpd off; chkconfig privileges off

Additionally, disabling the following services in /etc/inetd.conf is prudent, except telnet if an ssh server isn't installed yet, and the system is a server. If that's the case, hold off on that one:

 finger
 bootp
 tftp
 echo
 telnet
 ftp
 discard
 chargen
 daytime
 time
 rstatd
 walld
 rusersd
 rquotad
 sprayd
 ttdbserverd
 shell
 exec
 http
 wn-http
 ntalk
 mountd
 sgi_mountd
 rexd
 bootparam
 ypupdated
 sgi_videod
 sgi_toolkitbus
 sgi_snoopd
 sgi_pcsd
 sgi_pod
 sgi_espd
 sgi-esphttp
 tcpmux/sgi_scanner

Some of the above can be re-enabled depending on what is necessary, but the esp ones should not be re-enabled.

Secure the X server

Edit /var/X11/xdm/xdm-config and change the DisplayManager*authorize line to read: DisplayManager*authorize: on

Tune the kernel for security

Changing these if they are not in use is prudent:

 # printf 'y' | systune ipforwarding 0
 # printf 'y' | systune ip6forwarding 0
 # printf 'y' | systune icmp_dropredirects 1
 # printf 'y' | systune tcp_2msl 60
 # printf 'y' | systune allow_brdaddr_srcaddr 0
 # printf 'y' | systune tcpiss_md5 1
 # printf 'y' | systune restricted_chown 1
 # printf 'y' | systune ncargs 131072

run # /etc/autoconfig -vf to rebuild the kernel, and then reboot for full changes to take effect.

Install Patches

A collection of patches obtained from user backups of sgi.com's support centre is here: http://ftp.irixnet.org/sgi-irix/patches/

Install all patches for the IRIX version being ran. (inst will not install irrelevant patches on the system).

Customizing IRIX

Now that security is improved, the actual fun can begin to customizing the IRIX experience.

Setup flexlm

Place licenses for products in /var/flexlm/license.dat. Softwindows and a few others use different locations.

Enable 24 bit X

Unless the graphics in the system are 8-bit (such as an Indy with an XL/8 card), enabling Truecolor will improve the user experience. Edit /var/X11/xdm/Xservers to be :0 secure /usr/bin/X11/X -bs -nobitscale -c -class TrueColor -depth 24 -solidroot sgilightblue -cursorFG red -cursorBG white

Enable scrollwheel

IRIX by default can't use a scroll wheel. This can be rectified in the kernel:

# systune pcmouse_mode 2

This sets the scroll wheel to work as on a PC. Mode 3 will set any additional buttons on the mouse to scroll. (it only detects 2 extra buttons)

Reduce gamma

Set gamma with the following command as root: gamma 1.2 or another value. This will lower the default to a more natural level.

Custom tcsh prompt

tcsh is a fast, simple UNIX shell that supports most of the same features as bash from an interactive standpoint, and is faster at startup.

Here is a configuration file for root:

 # Prompt
 set    red="%{\033[1;31m%}"
 set   green="%{\033[0;32m%}"
 set  yellow="%{\033[1;33m%}"
 set   blue="%{\033[1;34m%}"
 set magenta="%{\033[1;35m%}"
 set    cyan="%{\033[1;36m%}"
 set   white="%{\033[0;37m%}"
 set     end="%{\033[0m%}"
 set prompt="${red}%n${blue}@%m ${yellow}%~ ${red}%%${end} "
 # History
 if ($?prompt) then
       # An interactive shell -- set some stuff up
       set filec
       set history = 1000
       set savehist = (1000 merge)
       set autolist = ambiguous
       # Use history to aid expansion
       set autoexpand
       set autorehash
       set mail = (/var/mail/$USER)
       if ( $?tcsh ) then
               bindkey "^W" backward-delete-word
               bindkey -k up history-search-backward
               bindkey -k down history-search-forward
       endif
 endif
 # Fix some IRIXisms
 stty intr ^C
 setenv TERM xterm


This sets a red prompt as a reminder. The colors can be changed in the prompt section to one's liking, just don't mess with color values.

 # Prompt
 set    red="%{\033[1;31m%}"
 set   green="%{\033[0;32m%}"
 set  yellow="%{\033[1;33m%}"
 set   blue="%{\033[1;34m%}"
 set magenta="%{\033[1;35m%}"
 set    cyan="%{\033[1;36m%}"
 set   white="%{\033[0;37m%}"
 set     end="%{\033[0m%}"
 set prompt="${cyan}%n${blue}@%m ${yellow}%~ ${green}%%${end} "
 # History
 if ($?prompt) then
       # An interactive shell -- set some stuff up
       set filec
       set history = 1000
       set savehist = (1000 merge)
       set autolist = ambiguous
       # Use history to aid expansion
       set autoexpand
       set autorehash
       set mail = (/var/mail/$USER)
       if ( $?tcsh ) then
               bindkey "^W" backward-delete-word
               bindkey -k up history-search-backward
               bindkey -k down history-search-forward
       endif
 endif
 # Fix some IRIXisms
 stty intr ^C
 setenv TERM xterm

^ And here is a version that is used for normal users.

PATH should be set using setenv PATH '/usr/sbin:/usr/bsd:/sbin:/usr/bin:/bin:/usr/bin/X11' and more paths added with a colon-delimited list in the rc file

Setting Desktop parameters

Use "Desktop->Customize->Utilities" from the toolchest menu to specify default applications. Using the full path is necessary. "Desktop->Customize->Icons" from the toolchest menu will set the icon size and enable the global setting "Open in Place" which prevents the file manager from creating a new window when opening a new directory.

Xdefaults file

Here is a sample configuration that dates to the Nekochan.net era:

 *clientDecoration: +resizeh +border +minimize +maximize +menu
 *DesksOverview*clientDecoration: none
 4Dwm*clock*clientDecoration: none
 Overview.geometry: +10-10
 Overview*viewWindowName: true
 Overview*Frame.marginHeight: 1
 Overview*Frame.marginWidth: 1
 4Dwm*interactivePlacement: False
 4DWm*clientAutoPlace: False
 4Dwm*usePPosition: True
 4Dwm*positionOnScreen: True
 4Dwm*iconImageBackground black
 4Dwm*iconImageForeground: white
 4Dwm*iconPlacement: left top tight
 4Dwm*iconPlacementMargin: 1
 4Dwm*resizeBorderWidth: 1
 4Dwm*frameBorderWidth: 1
 4Dwm*SG_frameOutline: false
 4Dwm*SG_titleOutline: false
 4Dwm*SG_titlePadding: 0
 4Dwm*SG_useDecals: false
 4Dwm*iconDecoration: label image

The desktop can be heavily customized as needed. To customize 4Dwm, read its manpage

Setting up SSH

IRIX came with a very old OpenSSH version, and Nekoware has OpenSSH as well. However, these are no longer maintained. A better option is available at SSH Setup on IRIX 6.5.

Amend toolchest

A full explanation of toolchest is available on its manpage. toolchest reads the following files:

 /usr/lib/X11/system.chestrc
 ~/.chestrc
 ~/.auxchestrc
 /usr/lib/X11/nodesktop.chestrc
 /usr/lib/X11/app-chests/*.chest
 /usr/lib/X11/app-defaults/Toolchest
 /usr/lib/X11/remote.chestrc

The first three are relevant to most users. To remove entries, remove Itemname in a ~/.auxchestrc is sufficient. Creating entries is easy as well:

 menu ToolChest
 {
     "My Favorite Things" f.menu mystuff
 }
 menu mystuff
 {
     "dolphins"	f.exec "/usr/demos/bin/atlantis"
     "Test Program"	f.exec "source ~/.variables;~/testprog"
     "games"		f.menu mygames
 }
   menu mygames
 {
     "flight simulator"   f.exec /usr/demos/bin/flight
     "arena"	      f.exec /usr/demos/bin/arena
  }

Is the manpage example.

Setting Backgrounds

An article on this is available at Setting Backgrounds

Wrapping up

This is the end of IRIX Setup 101. For practical reasons this ends most common "first time" setup questions and was patterned after the popular, though poorly-written "IRIX Installation and Customization". Further guides will explore how to perform more advanced configurations.