Welcome to the Asylum Server. Check back on this file frequently for the latest updates and changes. === Recent Changes === 10/29 Updated Coming Soon 10/29 Changes to group permissions to enable linux style projects 10/29 Jabber server decomissioned 8/15 CVS server installed 7/17 Spamassassin and Razor Installed === Purpose === This server is for all friends in the extended circle of CMU Asylum people. It is a production level, secure, reliable service which can be trusted for e-mail, web sites and more. Overall, it meant to replace all the functionality lost from having left CMU. Everyone getting a primary account should feel some ownership. The admins are here to assist and maintain, not dictate what can and can't be done. If you need something an internet server can provide, work with the admins to get it running. Secondary accounts are also allowed. These are friends and family members of CMU Asylum people. There is no limit to the number of secondary accounts one can request, but these are restricted to reasonable use. The cost of this server is just over $100/mo. If you would like to help out with that talk to zyrain, though it is not at all necessary. === SSH Access === You can log in via SSH by SSH'ing to asyserver.com A free SSH client for windows is downloadable from http://www.chiark.greenend.org.uk/~sgtatham/putty/ If you have a particularly draconic firewall, try connecting to linux2.asyserver.com on port 80 (the web port). That's usually not closed by firewalls. === Telnet Access === If you really need telnet (telnet is insecure and sends all your data and passwords in the clear over the internet) We've set up a telnetd server, but are restricting it to certain IP addresses only. Let us know if you need telnet access. === E-mail === You have e-mail on this server. Type "pine" to read it through the shell. To read it through the web go to: https://www.asyserver.com/cgi-bin/openwebmail/openwebmail.pl To have your e-mail address here forwarded to your existing e-mail address at another server: echo oldmail@oldserver.com > ~/.forward We are running SpamAssassin and Razor To use it all you need to do is create ~/.procmailrc See http://www.spamassassin.org/dist/procmailrc.example === IMAP Server === You can also get e-mail through IMAP clients The clients must support secure inbound mail to set up Outlook Express you need to: Create an account. Server for incoming mail is "asyserver.com". Your outgoing mail server (SMTP) is ISP dependent (if you need asyserver to provide outgoing mail services, contact zyrain) Do not check the "SPA" option. After the wizard go to Tools->Accounts Select the Properties button, then the advanced tab. Enable: Incoming Mail (IMAP) port 993 by clicking the "The server requires a secure connection". Then click the IMAP tab and enter "mail/" in the Root Folder Path text box. If you're using outlook and want to avoid the unsigned certificate error, go to https://asyserver.com:993/ and install the certificate into the windows store === Web Pages === You have a webpage: http://www.asyserver.com/~username/ The files for it are in your public_html/* directory. (this is a change from www/ because, amazingly, "public_html" is hard coded into one of apache's binaries! All existing user directories have been renamed) Please update index.htm to something more personal. (If you dislike the tilde, ask us and we'll create an alias, no problem) Also, this site supports user .cgi scripts. Your cgi directory is public_html/cgi-bin/* They are accessed as /~username/cgi-bin on the web site. By default WebDAV is disabled, but if you want to use this, it can be enabled for your directory (if you don't know what it is, you don't want it) === Domain Name Server === We are running two IPs with BIND 9, and they are registered nameservers. This means that when you request a hostname through a registrar, you can use asyserver's names to host your hostname. Also, we provide dynamic domain name services through both the bind and GNUDip protocols. This allows you to run a client on your modem, dsl, or cable (which usually has a changing address) and have the name yourchoice.dyn.asyserver.com always point to the up to date IP. === Virtual Web Sites ==== If your domain is hosted on asyserver's DNS, you can make www.yourdomain.com go directly to your asyserver web pages. === File Transfer === Due to the general suckiness of FTP, please use the SSH file transfer client (window, new, file tranfer) === CVS Server === We are running a CVS server. Access it locally or via SSH Tunnel: set CVSROOT :pserver:user@localhost:/home/cvsroot ssh -L 2401:localhost:2401 -N -f -g -q -x user@asyserver.com cvs -d :pserver:user@localhost:/home/cvsroot login cvs -d :pserver:user@localhost:/home/cvsroot co module === PostgreSQL Database === We are running a PostgreSQL database server If you want a database for local use or with your cgi-scripts just contact one of us and we'll create it for you. Or if you'd like we can give you create database access if you need more than one. * Now using PAM authentication for database access. This means you use your system password. Also, you can administer your database using: https://www.asyserver.com/phpPgAdmin/index.php === Network Time === This server is synced with tier 1 time servers Please point your ntp clients (e.g. Windows Internet Time Tab) to asyserver.com === Unision File Synchronization === To keep local copies (or backups) of your files we have Unison installed. Go here to learn about it: http://www.cis.upenn.edu/~bcpierce/unison/ === Apache Tomcat Servlet/JSP Engine === We're running one of these at a user request. If you want access please let us know. === Finger === We're running a standard finger client. If you do not want your information displayed "touch ~/.nofinger" If you want to add information, create a ~/.plan file. ("finger zyrain" for an example) === Disk Quota === You have a 1 Gigabyte disk limit. You can use up to 10Gigabytes temporarily (up to 7 days). If you need more, ask. === File Permissions === The default umask is 022. If this means nothing to you please be sure to read about linux file permissions here: http://www.linuxpowered.com/html/editorials/file.html In short, be aware that by default new files are readable by everyone. (This is so that they can be read by the webserver) If you want andrew style ACLs, let us know and we'll consider switching. === Daily Backups === We have a two stage daily backup. Stage 1 copies all files into /backup//backup.zip (use unzip to get them back). Stage 2 copies the .zip files onto a remote machine to handle the case of a disk crash. If you want to recover a file from the stage 2 backup, e-mail zyrain immediately. === System === This system is a 1.4 GHz Pentium 4 with 512MB RAM (if we exceed that somehow we can upgrade it) running Redhat Linux 7.3 with automatic security patches via the Redhat Network. If you need any developer libraries or want any apps installed just let us know. === Bandwidth === We have a tremendous amount of bandwidth (500 GB/mo). So, don't worry about it. We monitor it anyway, so we'll let you know if it becomes a problem. === Coming Soon === VPN access to the server User configurable Dynamic Domain Name hosting through GNUDIP Virtual Web Site statistics Antivirus === Admins === If you have any questions, e-mail us at: Neal@Tibrewala.net dodger@andrew.cmu.edu *** Decomissioned Software *** The rest of this file is for stuff long gone (in case by some miracle it comes back) === Jabber IM Client === We are running a Jabber IM server. We have a command linke client called JWGC that works just like zephyr. Type "jstart" to activate and/or create your account. Then you need to subscribe to everyone you want to receive jabbers from like this (these are saved automatically): jctl subscribe user@asyserver.com Then, to jabber a user just "j user" or "jstop" to stop receiving messages. Once done, you can also use your own client on your machine. I suggest Exodus for windows platforms. A list of clients is available here: http://www.jabber.org/user/clientlist.php Other commands (use command -h for help) jlocate - Gets a users status jstat - Gets your jabber status === Group Chat === We are running jabber group chat (aka conferences). Like zephyr classes you can connect to: asylum@chat.asyserver.com dnd@chat.asyserver.com Logs can be accessed at http://www.asyserver.com Unfortunately, the command line jwgc client doesn't support group chat at this time. So, either use a local client or the full screen JabberX client like so: jstop JabberX username jabberpassword /join asylum@chat.asyserver.com === Windows Shares === NOTE: Samba windows sharing has been disabled There are too many remote exploits and crashes. We will experiment with other windows compatible sharing mechanisms, or implement sharing via VPN only You can access your files via windows sharing by connecting to "\\asyserver.com\username" Initially the password for this is the same as your linux password, but they are not kept in sync by default. Use "smbpasswd" to change your windows sharing password.