Managing a network of UNIX workstations
Steve Simmons
scs at iti.org
Sun Jan 14 04:51:19 AEST 1990
grr at cbmvax.commodore.com (George Robbins) writes:
>In article <3949 at jhunix.HCF.JHU.EDU> barrett at jhunix.HCF.JHU.EDU (Dan Barrett) writes:
>> (1) How do you handle inter-machine superuser privileges?
>> I do NOT want to put "root" in /.rhosts -- this is a big security
>> risk, right?
>Don't unless you can control physical access to the hardware or are operating
>in an intentionally un-secure mode. It is may be an acceptable risk /
>convenience if you have a coule of servers in a secure area.
We do something similar: all 'secured' machines (file servers and time-
shared systems in the machine room) have mutual .rhost entries. All
other systems have the secured machines in their entries, but no others.
In a similar manner, we have 'extremely untrusted' machines on our
net. We deal with those by not putting them in hosts.equiv, forcing
people to use passwords when accessing central systems. Prevents rcp
and rsh too.
>> My idea is to have one or two fileservers, make the other
>> workstations use NFS, but put a small disk on each workstation for
>> swapping only. Good? Bad? What's better?
>Another [religious issue]. If you can afford to, put at least a swap disk
>on each system
>and/or a root/swap/var disk(s) on each one and let the fileserver serve
>files and not handle swapping or booting. Some people will tell you that
>network stuff is faster that low performance built-in SCSI drives. This
>may be true, especially on a lightly loaded net - if so, just run the
>systems diskless.
I have settled this issue to my satisfaction by experiment, and can
definitively say "it depends" :-). A remote swap area (on a file server)
is usually faster than an internal *for one workstation*. That's
because the file server disk (sync SCSI, SMD, RA, whathaveyou) is
faster than the internal disk even with the 'loss' of network access.
As the number of workstations and/or the amount of swapping on each
increases, eventaully the server becomes overloaded. We empirically
determined that 3 Sun 3/50s in heavy swap state could swamp a Sun 3/{1,2}60
file server using Fujitsu 2361 disks and Xylogics 451 controllers. The
limiting factors are the disk and the controllers, not the CPU. So the
answer will depend on your local configurations and usage pattern.
More information about the Comp.unix.ultrix
mailing list