Rocky Morgan: UNIX Wizard

I was a NT and Exchange administrator doing contracting work at Excel Data Corp in 1994. I was initially hired to be the internal system administrator and eventually worked my way up to contracting.

Excel had a little RedHat 1.0 server called Merlin that was setup with a Livingston Postmaster and 25 U.S. Robotics Sportster 14.4 modems. Each employee was given a remote login and there was telnet access as well (no SSH yet!).

I was in charge of setting up new accounts. This was done with a shell script I barely understood that wrote directly to the /etc/passwd and /etc/shadow file (I know I didn’t even use useradd or adduser).

To say I was a newbie isn’t enough: I got on irc and asked questions and just typed in commands people told me on #Linux on EFNET! I am so surprised the company wasn’t hacked.

One day Merlin wasn’t working quite right. Some folks couldn’t login. ls /home showed UID and GID numbers instead of names for some users.

I had no clue. The CTO at the time was a guy named Rocky Morgan. An old school UNIX guy that used to work for DEC.

Well he came over and logged into the console and ran one command. If my memory serves it was something like:


Of course that wasn’t the command but it might as well have been.

The command spit out a couple of line lines…The users who were affected. The command showed the /etc/passwd for those users had incorrect fields. Some how the script I had used to create users broke it. I spent an hour looking at the thing and had no clue. Rocky came over and within 30 seconds showed the problem and how to fix it.

I was so impressed. At that moment I wanted to wield that kind of power. I swore that one day I would be able to write out a long command with multiple pipes and do something useful. I would do it from memory and one day I would be a UNIX master.

Fast forward to 2008. I was working at Pelago. Someone wanted to know if we were getting attacked. The web servers were slammed. I logged in and ran the following command:

awk '{ print plain" "$7 }' access.log | sort | uniq-c | sort-n

The command showed the source ip address and the URI that was getting hit. The output looked something like:

15 /careers/meet-the-team/
15 /_themes/stripe/fonts/ss-gizmo/ss-gizmo.eot?
15 /favicon.ico
15 /
17 /blog/feed/
18 /
19 /
19 /
20 /robots.txt

It was a nice distribution of ip addresses with legal URIs. We weren’t getting attacked (turns out a famous actress tweeted about our application and we were getting flash traffic).

Now this entire process took me about 30 seconds and it was run using across a fleet of web servers. I turned to the coworker who asked and explained everything looked fine. He had a surprised look on his face and he just said...

“How did you
do that?!”
I was the UNIX masterHappy It took 15 years but at that moment I thought of Rocky and that I had made my dream come true.

I posted a slightly shorter version of this story 10 months ago on