dillera/sgi-post_install-mrl.txt

## sgi-post_install-mrl.txt
Here are all the steps I took to configure the new system (as root):

1. Secure the password file

	cp /etc/passwd /etc/passwd.orig
	# Set root's password
	passwd
	# Put * in password field for all other accounts
	vi /etc/passwd

2. New filesystems

	# Create files for block devices (major and minor device numbers
	# deduced from existing dks0d1s? files)
	cd /dev/dsk
	mknod dks0d1s3 b 22 35
	mknod dks0d1s4 b 22 36
	mknod dks0d1s5 b 22 37
	chmod go-r dks0d1s?

	# Create files for character devices
	cd /dev/rdsk
	mknod dks0d1s3 c 22 35
	mknod dks0d1s4 c 22 36
	mknod dks0d1s5 c 22 37
	chmod go-r dks0d1s?

	# Create filesystems
	mkfs /dev/dsk/dks0d1s3
	mkfs /dev/dsk/dks0d1s4
	mkfs /dev/dsk/dks0d1s5

	# Add disks to fstab as /tmp, /usr/tmp, and /usr/local:
	:	/dev/dsk/dks0d1s3 /tmp efs rw,raw=/dev/rdsk/dks0d1s3 0 0
	:	/dev/dsk/dks0d1s4 /usr/tmp efs rw,raw=/dev/rdsk/dks0d1s4 0 0
	:	/dev/dsk/dks0d1s5 /usr/local efs rw,raw=/dev/rdsk/dks0d1s5 0 0
	vi /etc/fstab

	# Create mount point for /usr/local
	mkdir /usr/local

	# Reboot single-user, clean out /tmp and /usr/tmp so there's no garbage
	# hidden under the mount point, and reboot multi-user

3. Networking

	# In vadmin, choose the networking tool and open the IRIS host. Set
	# hostname, IP address, and
	# hostname alias in the resulting dialog box. Set TCP/IP to
	# ON and click on Accept.
	#
	# Reopen the host (its icon should now have the name you just gave it),
	# set the NIS domain name, and set Network Information Service
	# to ON. Click on Accept to reboot the machine with NIS.
	vadmin

	cp /etc/hosts /etc/hosts.orig
	# Remove the multicast group addresses from the hosts file and add an
	# entry for the default gateway
	vi /etc/hosts

	cp /etc/config/netif.options /etc/config/netif.options.orig
	# Remove the colon before if2name and use that line to set the first
	# gateway interface to the host named above
	vi /etc/config/netif.options

	# Put the desired netmask and broadcast address in ifconfig-1.options
	vi /etc/config/ifconfig-1.options

	# List the desired hostresorder, nameservers, and domain in resolv.conf
	# (see the man page for more details)
	vi /usr/etc/resolv.conf

	# Turn on NFS automounter
	chkconfig automount on
	# Use auto.direct map from NIS, and /net as mount point for hosts map:
	:	-v /net -hosts -intr,nosuid,nodev /- auto.direct
	vi /etc/config/automount.options

	# Turn off dynamic routing
	chkconfig routed off
	# Create a network.local script to set up a static default route:
	:	#!/bin/sh
	:	#
	:	# Site-dependent network configuration commands to add static
	:	# routes and publish arp entires belong in this file, which is
	:	# the target of the K39network link in /etc/rc0.d and the
	:	# S31network link in /etc/rc2.d.
	:	#
	:
	:	case "$1" in
	:	        'start')
	:	                /usr/etc/route add net default #.#.#.# 1
	:	                ;;
	:	        'stop')
	:	                /usr/etc/route delete net default #.#.#.# 1
	:	                ;;
	:	        *)
	:	                echo "Usage: $0 {start|stop}"
	:	                ;;
	:	esac
	vi /etc/init.d/network.local
	chmod 755 /etc/init.d/network.local
	ln -s /etc/init.d/network.local /etc/rc0.d/K39network
	ln -s /etc/init.d/network.local /etc/rc2.d/S31network

	# Reboot and confirm that routing is working properly: routed should
	# not be running; netstat -r should show a default route; pinging hosts
	# on the local and outside networks should work as expected

4. Aesthetics (optional)

	# Report what it's doing during boot process
	chkconfig verbose on
	# Don't have xdm display icons for each user
	chkconfig noiconlogin on

5. Security

	# Record all login attempts, etc. (see login(1)):
	:	passwdreq
	:	lastlog
	:	syslog=all
	vi /etc/config/login.options

	# Fix known security holes
	chmod u-s /usr/sbin/cdinstmgr /usr/bin/under
	chmod g-s /usr/lib/expreserve

	# Comment out /usr/bin/X11/xhost +
	vi /usr/lib/X11/xdm/Xsession
	# Change DisplayManager*authorize from "off" to "True" to enable
	# MIT-MAGIC-COOKIE-1 authorization
	vi /usr/lib/X11/xdm/xdm-config
	# Change XLock.nolock resource from "true" to "false"
	vi /usr/lib/X11/app-defaults/XLock

	# Comment out exec (rexecd) and tftpd lines, and add logging options
	# to applicable daemons: ftpd -lll, rshd -a -L, rlogind -a, fingerd -l,
	# tftpd -l -s /usr/local/boot
	vi /usr/etc/inetd.conf
	killall -HUP inetd

	# Create portmap.options file to enable logging:
	:	-v
	vi /etc/config/portmap.options

	# Create ftpusers file to deny ftp access to privileged accounts:
	:	root
	:	sysadm
	:	diag
	:	daemon
	:	bin
	:	uucp
	:	sys
	:	adm
	:	lp
	:	nuucp
	:	demos
	:	tutor
	:	tour
	:	guest
	:	4Dgifts
	:	nobody
	:	oper
	vi /etc/ftpusers

5. Mail system

	cp /usr/lib/aliases /usr/lib/aliases.orig
	# Uncomment +:+ line to incorporate aliases from NIS
	vi /usr/lib/aliases
	mv /usr/lib/sendmail.cf /usr/lib/sendmail.cf.orig
	cp /usr/lib/sendmail.cf.auto /usr/lib/sendmail.cf
	/etc/init.d/mail
	# In response to prompts, supply forwarder and
	# rootdomain
	/usr/etc/configmail setup

	# Notes:
	#	Still need to modify sendmail setup to hide local hostname.
	#	Arrange to mount shared mail spool once mx record is in place,
	#	 assuming this affects local as well as remote delivery--i.e.,
	#	 mail should be delivered only on the host where the mail spool
	#	 resides locally.

6. Printing

	/etc/init.d/bsdlpr stop
	# Get printcap via ftp
	# (get /usr/share/etc/printcaps/printcap /etc/printcap)
	# so that the selection of printers will match
	ftp
	# Edit printcap to correct lwf spool directory; needs to be
	# /usr/spool/lpd/lwf rather than /var/spool/lpd/lwf
	vi /etc/printcap
	# Make all the spool directories listed in printcap file
	mkdir /usr/spool/lpd/{lwf,research,...}
	/etc/init.d/bsdlpr start

	# If necessary, add hostname to /etc/hosts.lpd on machines
	#  with printers
	# (Note that this may not help until the host has been added to DNS)

7. Backups

	# Remove the uucp and nuucp groups to avoid GID conflicts with other
	# hosts; add the sysadmin group and a + to incorporate groups from
	# NIS (including the operator group required for backups):
	:	sysadmin::14:root
	:	+
	vi /etc/group

	# Remove the adm, uucp, and nuucp users to avoid UID conflicts and add
	# the oper account from NIS:
	:	+oper
	# (Hopefully removing adm won't interfere with accounting, but this
	# hasn't been tested)
	vi /etc/passwd

	# Change permissions and create the dumpdates file so that backups can
	# be run from oper account
	#
	# Note that making dump setuid may allow anyone to read any file on
	# the system, which would not be a great idea on a system using
	# shadow passwords (or one with local home directories)
	chgrp operator /dev/rdsk/dks0d1s?
	chmod g+r /dev/rdsk/dks0d1s?
	touch /etc/dumpdates
	chgrp operator /etc/dumpdates
	chmod g+w /etc/dumpdates
	chmod u+s /usr/etc/dump

	# Add important filesystems to full backup scripts

8. Miscellaneous

	# Turn off timed so it won't conflict with NTP when it's installed
	chkconfig timed off

	# Change time zone; replace the default TZ line with:
	:	TZ=EST5EDT
	vi /etc/TIMEZONE

	# Create a hosts.equiv file granting access to other machines on our
	# network:
	:	+@all_systems
	vi /etc/hosts.equiv

	# Have cdromd create an /etc/fsd.auto file specifying CD-ROM drives
	# that should be automatically mounted
	cdromd -o ro,nodev,nosuid -p /dev/scsi/sc0d4l0 /CDROM

	# Create whatis database for man pages (for some reason the initial
	# whatis database that comes with IRIX is messed up)
	/usr/lib/makewhatis -M /usr/catman

	# Modify root's crontab so SYSLOG file is rotated weekly; just remove
	# the string `` && test "`wc -c SYSLOG`" -ge 10240'' from the line that
	# moves SYSLOG to oSYSLOG
	crontab -l > /usr/tmp/crontab
	vi /usr/tmp/crontab
	crontab /usr/tmp/crontab
	rm /usr/tmp/crontab

	# Make netlsd happy
	chkconfig glb on
	sync; sync; reboot

9. Accounts

	# Add other accounts from NIS
	vipw

10. Local software

	cp /.cshrc /.cshrc.orig
	# Add /usr/local/bin and /usr/local/etc to root's path, plus a few
	# other additions:
	:	alias ls 'ls -CAF'
	:
	:	# Remember last 100 commands
	:	set history = 100
	:
	:	set filec
	:	set path = (/usr/local/bin /usr/local/etc /usr/sbin /usr/bsd /usr/bin /bin /etc /usr/etc /usr/bin/X11)
	vi /.cshrc

	# Edit /usr/lib/X11/config/sgi.cf to use GNU install once it's installed
	: #ifdef UseInstalled
	: #define InstallCmd install
	: #endif
	vi /usr/lib/X11/config/sgi.cf

	# Build and install important software:
	#	GNU install (BSD-style, required by many Makefiles)
	#	tcsh
	#	setchars
	#	vipw
	#	less
	#	xntp (add /etc/init.d/ntp file and /etc/rc2.d/S32ntp link)
	#	emacs
	#	groff (required if you want to use unformatted man pages!)
	#	arch
	#	perl
	#	fixutmp (run from cron to fix bugs in IRIX 4.0.5 utmp handling)
Security modifications to IRIX 4.0.5:

chmod -s /usr/sbin/cdinstmgr (a setuid shell script!)

comment out /usr/bin/X11/xhost + in /usr/lib/X11/xdm/Xsession and change
DisplayManager*authorize to True in /usr/lib/X11/xdm/xdm-config to enable
MIT-MAGIC-COOKIE-1 authorization

change XLock.nolock resource in /usr/lib/X11/app-defaults/XLock from true to
false so that xlock will actually lock the screen

add logging and security options to network daemons in /usr/etc/inetd.conf:
ftpd -lll, rshd -a -L, rlogind -a, fingerd -l, tftpd -l -s /usr/local/boot

add /etc/config/portmap.options file containing "-v" to enable logging

add /etc/config/login.options file containing passwdreq, lastlog, and
syslog=all

chmod g-s /usr/lib/expreserve

create /etc/ftpusers with all restricted accounts in it
inetd

    The  inetd(1M)  server  provided with IRIX 5.2 is just plain
    broken. It seems to work reasonably well in its  stock  con-
    figuration,  but  as  soon as other services or TCP wrappers
    are added to /etc/inetd.conf, inetd's behavior  becomes  un-
    predictable.  These  problems  have  been discussed often on
    Usenet (and Wietse Venema documents  some  of  them  in  the
    README.IRIX  file that comes with version 7 of the TCP wrap-
    pers distribution), so the problems aren't  unique  to  our
    site;  but since they are very intermittent and difficult to
    reproduce, I don't think SGI will be able to  fix  them  any
    time soon.

    After  trying  several  alternative versions of inetd, I de-
    cided to use munetd(8) because it had a nice  feature  set,
    including  some decent logging capabilities. In keeping with
    my local convention, the configuration file  for  munetd  is
    found in /local/adm/munetd/munetd.conf.

    Unfortunately, that's not the end of the story. SGI distrib-
    utes an odd mountd(8) program that apparently interacts with
    SGI's  inetd  in  strange and undocumented ways. I could not
    find any way to get mountd to work with munetd, nor could  I
    find an adequate replacement for SGI's mountd.  So I adopted
    the following (somewhat odd, but very  practical)  solution:
    All  of  the  SGIs run munetd, with the mountd services com-
    mented out in munetd.conf. Those machines that  export  file
    systems  (and therefore need to run mountd) run inetd in ad-
    dition to munetd, with all services in inetd.conf  commented
    out  except for mountd. Thus each ``super-server'' daemon is
    responsible for those services that it handles  better  than
    the  other.  This  is  arguably a bad solution, but I wasn't
    able to find a better one.
	Here are all the steps I took to configure the new system (as root):

	1. Secure the password file

	cp /etc/passwd /etc/passwd.orig
	# Set root's password
	passwd
	# Put * in password field for all other accounts
	vi /etc/passwd

	2. New filesystems

	# Create files for block devices (major and minor device numbers
	# deduced from existing dks0d1s? files)
	cd /dev/dsk
	mknod dks0d1s3 b 22 35
	mknod dks0d1s4 b 22 36
	mknod dks0d1s5 b 22 37
	chmod go-r dks0d1s?

	# Create files for character devices
	cd /dev/rdsk
	mknod dks0d1s3 c 22 35
	mknod dks0d1s4 c 22 36
	mknod dks0d1s5 c 22 37
	chmod go-r dks0d1s?

	# Create filesystems
	mkfs /dev/dsk/dks0d1s3
	mkfs /dev/dsk/dks0d1s4
	mkfs /dev/dsk/dks0d1s5

	# Add disks to fstab as /tmp, /usr/tmp, and /usr/local:
	: /dev/dsk/dks0d1s3 /tmp efs rw,raw=/dev/rdsk/dks0d1s3 0 0
	: /dev/dsk/dks0d1s4 /usr/tmp efs rw,raw=/dev/rdsk/dks0d1s4 0 0
	: /dev/dsk/dks0d1s5 /usr/local efs rw,raw=/dev/rdsk/dks0d1s5 0 0
	vi /etc/fstab

	# Create mount point for /usr/local
	mkdir /usr/local

	# Reboot single-user, clean out /tmp and /usr/tmp so there's no garbage
	# hidden under the mount point, and reboot multi-user

	3. Networking

	# In vadmin, choose the networking tool and open the IRIS host. Set
	# hostname, IP address, and
	# hostname alias in the resulting dialog box. Set TCP/IP to
	# ON and click on Accept.
	#
	# Reopen the host (its icon should now have the name you just gave it),
	# set the NIS domain name, and set Network Information Service
	# to ON. Click on Accept to reboot the machine with NIS.
	vadmin

	cp /etc/hosts /etc/hosts.orig
	# Remove the multicast group addresses from the hosts file and add an
	# entry for the default gateway
	vi /etc/hosts

	cp /etc/config/netif.options /etc/config/netif.options.orig
	# Remove the colon before if2name and use that line to set the first
	# gateway interface to the host named above
	vi /etc/config/netif.options

	# Put the desired netmask and broadcast address in ifconfig-1.options
	vi /etc/config/ifconfig-1.options

	# List the desired hostresorder, nameservers, and domain in resolv.conf
	# (see the man page for more details)
	vi /usr/etc/resolv.conf

	# Turn on NFS automounter
	chkconfig automount on
	# Use auto.direct map from NIS, and /net as mount point for hosts map:
	: -v /net -hosts -intr,nosuid,nodev /- auto.direct
	vi /etc/config/automount.options

	# Turn off dynamic routing
	chkconfig routed off
	# Create a network.local script to set up a static default route:
	: #!/bin/sh
	: #
	: # Site-dependent network configuration commands to add static
	: # routes and publish arp entires belong in this file, which is
	: # the target of the K39network link in /etc/rc0.d and the
	: # S31network link in /etc/rc2.d.
	: #
	:
	: case "$1" in
	: 'start')
	: /usr/etc/route add net default #.#.#.# 1
	: ;;
	: 'stop')
	: /usr/etc/route delete net default #.#.#.# 1
	: ;;
	: *)
	: echo "Usage: $0 {start\|stop}"
	: ;;
	: esac
	vi /etc/init.d/network.local
	chmod 755 /etc/init.d/network.local
	ln -s /etc/init.d/network.local /etc/rc0.d/K39network
	ln -s /etc/init.d/network.local /etc/rc2.d/S31network

	# Reboot and confirm that routing is working properly: routed should
	# not be running; netstat -r should show a default route; pinging hosts
	# on the local and outside networks should work as expected

	4. Aesthetics (optional)

	# Report what it's doing during boot process
	chkconfig verbose on
	# Don't have xdm display icons for each user
	chkconfig noiconlogin on

	5. Security

	# Record all login attempts, etc. (see login(1)):
	: passwdreq
	: lastlog
	: syslog=all
	vi /etc/config/login.options

	# Fix known security holes
	chmod u-s /usr/sbin/cdinstmgr /usr/bin/under
	chmod g-s /usr/lib/expreserve

	# Comment out /usr/bin/X11/xhost +
	vi /usr/lib/X11/xdm/Xsession
	# Change DisplayManager*authorize from "off" to "True" to enable
	# MIT-MAGIC-COOKIE-1 authorization
	vi /usr/lib/X11/xdm/xdm-config
	# Change XLock.nolock resource from "true" to "false"
	vi /usr/lib/X11/app-defaults/XLock

	# Comment out exec (rexecd) and tftpd lines, and add logging options
	# to applicable daemons: ftpd -lll, rshd -a -L, rlogind -a, fingerd -l,
	# tftpd -l -s /usr/local/boot
	vi /usr/etc/inetd.conf
	killall -HUP inetd

	# Create portmap.options file to enable logging:
	: -v
	vi /etc/config/portmap.options

	# Create ftpusers file to deny ftp access to privileged accounts:
	: root
	: sysadm
	: diag
	: daemon
	: bin
	: uucp
	: sys
	: adm
	: lp
	: nuucp
	: demos
	: tutor
	: tour
	: guest
	: 4Dgifts
	: nobody
	: oper
	vi /etc/ftpusers

	5. Mail system

	cp /usr/lib/aliases /usr/lib/aliases.orig
	# Uncomment +:+ line to incorporate aliases from NIS
	vi /usr/lib/aliases
	mv /usr/lib/sendmail.cf /usr/lib/sendmail.cf.orig
	cp /usr/lib/sendmail.cf.auto /usr/lib/sendmail.cf
	/etc/init.d/mail
	# In response to prompts, supply forwarder and
	# rootdomain
	/usr/etc/configmail setup

	# Notes:
	# Still need to modify sendmail setup to hide local hostname.
	# Arrange to mount shared mail spool once mx record is in place,
	# assuming this affects local as well as remote delivery--i.e.,
	# mail should be delivered only on the host where the mail spool
	# resides locally.

	6. Printing

	/etc/init.d/bsdlpr stop
	# Get printcap via ftp
	# (get /usr/share/etc/printcaps/printcap /etc/printcap)
	# so that the selection of printers will match
	ftp
	# Edit printcap to correct lwf spool directory; needs to be
	# /usr/spool/lpd/lwf rather than /var/spool/lpd/lwf
	vi /etc/printcap
	# Make all the spool directories listed in printcap file
	mkdir /usr/spool/lpd/{lwf,research,...}
	/etc/init.d/bsdlpr start

	# If necessary, add hostname to /etc/hosts.lpd on machines
	# with printers
	# (Note that this may not help until the host has been added to DNS)

	7. Backups

	# Remove the uucp and nuucp groups to avoid GID conflicts with other
	# hosts; add the sysadmin group and a + to incorporate groups from
	# NIS (including the operator group required for backups):
	: sysadmin::14:root
	: +
	vi /etc/group

	# Remove the adm, uucp, and nuucp users to avoid UID conflicts and add
	# the oper account from NIS:
	: +oper
	# (Hopefully removing adm won't interfere with accounting, but this
	# hasn't been tested)
	vi /etc/passwd

	# Change permissions and create the dumpdates file so that backups can
	# be run from oper account
	#
	# Note that making dump setuid may allow anyone to read any file on
	# the system, which would not be a great idea on a system using
	# shadow passwords (or one with local home directories)
	chgrp operator /dev/rdsk/dks0d1s?
	chmod g+r /dev/rdsk/dks0d1s?
	touch /etc/dumpdates
	chgrp operator /etc/dumpdates
	chmod g+w /etc/dumpdates
	chmod u+s /usr/etc/dump

	# Add important filesystems to full backup scripts

	8. Miscellaneous

	# Turn off timed so it won't conflict with NTP when it's installed
	chkconfig timed off

	# Change time zone; replace the default TZ line with:
	: TZ=EST5EDT
	vi /etc/TIMEZONE

	# Create a hosts.equiv file granting access to other machines on our
	# network:
	: +@all_systems
	vi /etc/hosts.equiv

	# Have cdromd create an /etc/fsd.auto file specifying CD-ROM drives
	# that should be automatically mounted
	cdromd -o ro,nodev,nosuid -p /dev/scsi/sc0d4l0 /CDROM

	# Create whatis database for man pages (for some reason the initial
	# whatis database that comes with IRIX is messed up)
	/usr/lib/makewhatis -M /usr/catman

	# Modify root's crontab so SYSLOG file is rotated weekly; just remove
	# the string `` && test "`wc -c SYSLOG`" -ge 10240'' from the line that
	# moves SYSLOG to oSYSLOG
	crontab -l > /usr/tmp/crontab
	vi /usr/tmp/crontab
	crontab /usr/tmp/crontab
	rm /usr/tmp/crontab

	# Make netlsd happy
	chkconfig glb on
	sync; sync; reboot

	9. Accounts

	# Add other accounts from NIS
	vipw

	10. Local software

	cp /.cshrc /.cshrc.orig
	# Add /usr/local/bin and /usr/local/etc to root's path, plus a few
	# other additions:
	: alias ls 'ls -CAF'
	:
	: # Remember last 100 commands
	: set history = 100
	:
	: set filec
	: set path = (/usr/local/bin /usr/local/etc /usr/sbin /usr/bsd /usr/bin /bin /etc /usr/etc /usr/bin/X11)
	vi /.cshrc

	# Edit /usr/lib/X11/config/sgi.cf to use GNU install once it's installed
	: #ifdef UseInstalled
	: #define InstallCmd install
	: #endif
	vi /usr/lib/X11/config/sgi.cf

	# Build and install important software:
	# GNU install (BSD-style, required by many Makefiles)
	# tcsh
	# setchars
	# vipw
	# less
	# xntp (add /etc/init.d/ntp file and /etc/rc2.d/S32ntp link)
	# emacs
	# groff (required if you want to use unformatted man pages!)
	# arch
	# perl
	# fixutmp (run from cron to fix bugs in IRIX 4.0.5 utmp handling)
	Security modifications to IRIX 4.0.5:

	chmod -s /usr/sbin/cdinstmgr (a setuid shell script!)

	comment out /usr/bin/X11/xhost + in /usr/lib/X11/xdm/Xsession and change
	DisplayManager*authorize to True in /usr/lib/X11/xdm/xdm-config to enable
	MIT-MAGIC-COOKIE-1 authorization

	change XLock.nolock resource in /usr/lib/X11/app-defaults/XLock from true to
	false so that xlock will actually lock the screen

	add logging and security options to network daemons in /usr/etc/inetd.conf:
	ftpd -lll, rshd -a -L, rlogind -a, fingerd -l, tftpd -l -s /usr/local/boot

	add /etc/config/portmap.options file containing "-v" to enable logging

	add /etc/config/login.options file containing passwdreq, lastlog, and
	syslog=all

	chmod g-s /usr/lib/expreserve

	create /etc/ftpusers with all restricted accounts in it
	inetd

	The inetd(1M) server provided with IRIX 5.2 is just plain
	broken. It seems to work reasonably well in its stock con-
	figuration, but as soon as other services or TCP wrappers
	are added to /etc/inetd.conf, inetd's behavior becomes un-
	predictable. These problems have been discussed often on
	Usenet (and Wietse Venema documents some of them in the
	README.IRIX file that comes with version 7 of the TCP wrap-
	pers distribution), so the problems aren't unique to our
	site; but since they are very intermittent and difficult to
	reproduce, I don't think SGI will be able to fix them any
	time soon.

	After trying several alternative versions of inetd, I de-
	cided to use munetd(8) because it had a nice feature set,
	including some decent logging capabilities. In keeping with
	my local convention, the configuration file for munetd is
	found in /local/adm/munetd/munetd.conf.

	Unfortunately, that's not the end of the story. SGI distrib-
	utes an odd mountd(8) program that apparently interacts with
	SGI's inetd in strange and undocumented ways. I could not
	find any way to get mountd to work with munetd, nor could I
	find an adequate replacement for SGI's mountd. So I adopted
	the following (somewhat odd, but very practical) solution:
	All of the SGIs run munetd, with the mountd services com-
	mented out in munetd.conf. Those machines that export file
	systems (and therefore need to run mountd) run inetd in ad-
	dition to munetd, with all services in inetd.conf commented
	out except for mountd. Thus each ``super-server'' daemon is
	responsible for those services that it handles better than
	the other. This is arguably a bad solution, but I wasn't
	able to find a better one.