Revision as of 20:10, 23 October 2007

FAQs about UGCS 4.0

Email

Can I forward my email elsewhere?

Yes. Log in to the cluster and run mail_forward. It will ask you questions, and use your answers to update your ldap delivery settings.

What settings should I use for POP?

See POP Server Settings

What settings should I use for SMTP?

See SMTP Server Settings

What settings should I use for IMAP?

See IMAP Server Settings

How do I access Webmail?

SquirrelMail (simple, fast, light interface): https://hermes.ugcs.caltech.edu/squirrelmail/src/login.php

Roundcube (more complex, drag-and-drop, desktop style interface): https://hermes.ugcs.caltech.edu/roundcube/

How can I make Pine/Alpine work?

See Pine setup

How can I make Mutt work?

Mutt should work out of the box. If not, make sure you mail directory is set to ~/Maildir. At the moment, you cannot send mail from Mutt. We know what the problem is, but it's surprisingly complex. We're working on a fix, but this is lower priority than many critical services. Rest assured that Mutt will be supported.

How do I process my mail using procmail?

Because of the fact that the mail daemon has unlimited read/write privileges on users' mail directories but does not have access to user home directories, automatic invocation of procmail upon delivery of each piece of mail is both a security risk as well as being inefficient. However, you may add something like the following to your .bashrc or similar script run on login to rearrange your mail using your own AFS tokens and permissions.

Note: use this script at your own risk.

#!/bin/sh

# ensure that .procmailrc targets are of the format ~/Maildir/<directory>/
# rather than ~/Maildir/<file> in order to ensure delivery in Maildir format
# which will result in availability via IMAP.

cat ~/Maildir/new/* | formail -s procmail

Webhosting

Where's my website?

/afs/ugcs/user/<username>/public/html, or at http://www.ugcs.caltech.edu/~username

My website uses data files that only that site should be able to access. How do I set this up?

It's actually pretty simple. Each user has an additional principal associated with them of the form username_cgi. All cgi scripts you run actually run as this principal. If you give that principal the requisite access to your files, your webapp should work. In general, you probably want to give the principal read, write, but not admin, so you would issue:

fs setacl data_folder username_cgi write

See AFS ACL's for more information

I'm sure the permissions are right, but my site still doesn't work.

The most common error we've seen after the permissions is that people used absolute paths from old ugcs which don't carry over. Specifically, where in old ugcs an absolute path to your home directory was /home/username, it is now /afs/ugcs/user/username. Please change your absolute paths accordingly.

If your website still fails to work, and did before, contact sysadmins@ugcs.caltech.edu, as usual.

My CGI doesn't work

You probably have your perl interpreter set to /usr/ug/bin/perl. We no longer have /usr/ug, so perl is where it should be in /usr/bin/perl. Please update your scripts accordingly. See webhost scripting for more information.

What about SQL Databases?

We have a mysql server running poseidon. As we do not have an automated database creation system, you must ask us for a database

Other

Where is UGCS?

UGCS is in the basement of Winnett, room 3. It has a South Master lock on it.

I get "Permission denied" when trying to access files I should (and used to earlier) have permissions on

Your Kerberos auth expired. Log out and back in again, or run 'kinit && aklog'. To keep your tokens from expiring, run kinit -R && aklog BEFORE they expire.

I forgot my password

For us to reset your password, we must first verify that you are really the owner of your account. There are several ways we can do this, in order from least to most annoying:

• If you have a PGP public key on UGCS in your home dir, we may be able to reset based on that. We would need a message requesting a reset signed by that key, and would encrypt you a new password to that key.
• If you have an email setup as as an mailAlternateAddress or mailForwardingAddress in ldap, we will send you a "cookie" of random numbers at that address. Reply to us with it from that address asking for an account reset and we will do so, emailing the new password to that address.
• If you have a phone number on record, we can call it and give you a new password over it.
• [coming soon] If you had SSH key access to the old cluster, we can authenticate you based on that. This method is somewhat more difficult so please use one of the above if you can.
• Arrange to meet a sysadmin in person. Bring photo identification; either your Caltech ID card or a state or federal ID. Bring both if the picture on your Caltech ID is no longer recognizible.
• If none of these methods work and/or you are unsure of what information we have available (IE, alternate emails, phone numbers, etc), please contact us for more information.

How can I get an account?

See New Account

I don't own my files

Your home directory is on an AFS volume. The ownership does not matter - you have full read/write/administer AFS ACL's on your public directory.

In AFS, with a few limited exceptions, file ownership does not matter; the ACL on the directory governs file access.

If you're getting permission denied errors, make sure that you've either logged on recently, or that you've refreshed your AFS tickets using kinit and then aklog.