![[Contents]](TOC.GIF)
![[Prev Chap]](REW.GIF)
![[*]](BLANK.GIF){kind=spacer}
![[Next Sect]](NEXT.GIF)
![[Next Chap]](FF.GIF)
![[Index]](INDEX.GIF)
![[(i)]](HELP.GIF)
This chapter contains notes about issues and known problems with the base operating system and, whenever possible, provides solutions or workarounds to those problems.
The following topics are discussed:
The following notes apply to commands and utilities.
![[Prev Sect]](PREV.GIF)
A conflict exists between the Dataless Management Services (DMS) and the System V Environment (SVE) that causes a failure when attempting to add a client on a server. This note applies only when the server is running SVE.
The
tar
utility that is shipped as part of the System V Environment
does not
support all of the features supplied by the DIGITAL UNIX
tar
utility.
The SVE
tar
utility is installed into the
/usr/sbin
directory. As a
result of
the directory path set in the
dmu
utility, the
dmu
utility attempts to
use the SVE
tar
utility, instead of the DIGITAL UNIX
tar
utility.
To resolve this problem, you must edit the lines in the
/usr/sbin/dmu
script that reference the DIGITAL UNIX
tar
utility to include the full path name. Change occurrences of
tar
to
/sbin/tar
in lines 719, 724, 1121, 1128, and 1131.
The
make
command will not recognize escaped comment symbols as
literal characters in a Makefile.
Comment lines that begin with a
#
(number sign)
and all text following
this symbol up to the end of
the line are considered part of a comment.
This is also true even if the symbol is preceded with a backslash
(\).
The following notes describe problems that may occur when using commands and utilities under certain security settings.
Programs cannot reliably inspect the permission bits in the
stat
structure and determine the access that will be granted to a particular
user. On local file systems, read-only mounts and Access Control Lists
(ACLs) can both modify
the access that will be allowed. On remote file systems, in addition to
read-only mounts and ACLs, there may be additional controls
that can alter the permitted access such as:
Programs that copy files to update them, rather than updating them in place,
often do not preserve ACLs. Some programs that have this problem are
gzip,
compress,
and
emacs.
The best solution for programs that need to make access decisions is for the
program to use the
access()
call to determine what access will be granted.
Note that even this may not work as the access protections of the file
could be changed between the
access()
call and the
read,
write,
or
execute
operation.
For programs that copy files, the following command will copy a file while preserving ACLs and any other extended attribute (property list):
#
cp -p
See the
acl(4),
and
proplist(4)
reference pages for more information.
The
pax,
tar,
cpio,
dump,
restore,
vdump,
and
vrestore
archive tools may not restore ACLs on files in the manner you would
think that they should be restored. Always check the ACLs on your
files after saving and restoring them with any of these tools.
The
gendisk
utility is used to create product media. There is a problem in using
it on the FDI diskette devices that are found on all non-TURBOchannel
bus Alpha platforms.
The solution involves making some hard links to the diskette device
special files with the name of the device that
gendisk
will use:
#
cd /dev
#
ln rfd0c rfl0c
#
ln rfd0a rfl0a
#
ln fd0a fl0a
#
ln fd0c fl0c
#
fddisk -fmt /dev/rfd0c
You will see the following messages:
NOTE: Setting interleave factor to ``-i2:4''. Use ``-i<nnn>[:<ccc>]'' option to override. Disk type: 3.50 inch, HD (1.44MB) Number of sectors per track: 18 Number of surfaces: 2 Number of cylinders: 80 Sector size: 512 interleave factor: 2:4 Formatting disk... Percentage complete: Format complete, checking... Quick check of disk passes OK.
disklabel
to label the diskette:
#
disklabel -wr fd0 rx23
gendisk.
Note
When using these instructions to run the
gendisk
utility on the diskette, do not respond
yes
to the question asking to clean the disk.
The following is an example of a
gendisk
command session:
#
gendisk -d MYPRODUCT425 /dev/rfd0c
Generating MYPRODUCT425 Kit from <system address> on /dev/fl0c
WARNING: this will remove any information stored in /dev/fl0c. Are you sure you want to do this? (y/n): y
Do you want to clean the entire disk first? Note: This will replace your current disk label with a default one. (y/n) [n]: n
Preparing /dev/fl0c (floppy) done.
Checking /dev/fl0c /sbin/ufs_fsck /dev/rfl0c ** /dev/rfl0c File system unmounted cleanly - no fsck needed
Mounting /dev/fl0c on /usr/tmp/cd_mnt8344
Writing Images (dd=/).
Image instctrl...done. Image SVGASTATIC100...done.
Verifying Images (dd=/).
Image instctrl...done. Image SVGASTATIC100...done.
Kit MYPRODUCT425 done.
Cleaning up working directories. Unmounting /dev/fl0c
By default, the Emacs editor will rename the original file and save the new file as a copy under the original name. If the original file had an Access Control List (ACL) it will now apply to the backup file. If the directory had a default ACL, the new file (original file name) will now have the default ACL instead of the original ACL. If the directory did not have a default ACL, the new file will be protected only by the file permission bits.
The Emacs editor has some user-preference variables that you can set to control which file will retain the original ACL. The relevant Emacs variables are:
backup-by-copying
backup-by-copying-when-mismatch
backup-by-copying-when-linked
DIGITAL ships the Emacs software as it is received from the source.
The following command line options do not work as documented in the
emacs(1)
reference page:
-cr,
-geometry,
-i,
-ib,
-iconic,
-iconname,
-in,
-internal borderwidth,
-mc,
-T,
and
-title.
In some cases, a workaround is available by using an appropriate X resource.
The
write(2)
system call may fail with an ETXTBSY error when an attempt is made to
overwrite a running program or shared library. This prevents the
image in memory from being overwritten accidentally, which can result
in application crashes or hangs.
For example, using the
/usr/bin/cp
command to copy into an executing program will fail with the message
Text file busy
when the
write
system call is invoked:
%
a.out &
%
cp foo a.out
cp: a.out: Text file busy
A workaround is to use the
/usr/bin/mv
command:
%
mv -f foo a.out
You may also see this error in a development or compilation
environment where the
make
utility is used to build executables.
The following sections apply to restrictions on using the SysMan applications.
The following notes apply to Account Manager,
dxaccounts.
When copying user accounts via cut and paste or drag and drop, the Allow Duplicate UIDs option in the General Preferences dialog box will be honored. For example, when making a copy of user account that has a UID of 200, if the Allow Duplicate UIDs check box is off (the default), the resulting copy will have a unique UID automatically generated. If the Allow Duplicate UIDs check box is on, then the copy will have an identical UID. The same rules apply to copying groups.
The Account Manager has the following restrictions on both base security and enhanced security (C2) systems:
Workaround: Delete the original icon after the copy has been completed.
Workaround: Use the
usermod
or
groupmod
commands to set a starting value within the range:
usermod -D -x next_uid=xxx
usermod -D -x next_gid=xxx
Suppose the minimum UID is 100 and the maximum UID is 10000. Then the following line would cause the Account Manager to start generating UIDs from 5000:
usermod -D -x next_uid=5000
johndoe
from 200 to 201, the files and subdirectories under his home directory
will still belong to UID 200. Furthermore, if
johndoe
does not own his home directory, the ownership of that directory will
not change either.
Workaround: Use the
chown
command to change the directory and files, if applicable.
Workaround: Use the copy/paste feature to copy users, groups, or templates from Account Manager A to B.
Workarounds: Account manager correctly allows two or
more system administrators to work on the same password files
simultaneously. The proper file locking will occur and
new accounts can be added or modified. However, the
local groups file,
/etc/group,
and the NIS groups file,
/var/yp/src/group,
are written out after each group modification.
Therefore, the last system administrator to make a change
in a group's view window would overwrite any prior changes
from a different system administrator. For this reason,
running multiple, concurrent Account Manager
instances is not recommended.
Warning: DtComboBoxWidget: Unable to find item to select
Workaround: None. You can safely ignore these messages.
Leading and trailing white space is not stripped from text entry areas. This could lead to confusion, for example, if a field on the Find dialog contains a space character before the desired search string. The search string would not match because of the spurious space character.
The following problems apply to Account Manager when running on enhanced security systems.
Workaround: Change the template lock setting on the Create/Modify Template dialog screen after selecting the template by double clicking on the template icon in the Template view icon box.
Workaround: Set passwords through
/usr/tcb/bin/dxchpwd
or the
/usr/bin/passwd
command when the C1Crypt
Encryption type is chosen.
Workaround: Set the C1Crypt Encryption type for the user from the Create/Modify User dialog.
Workaround: Set passwords through
/usr/tcb/bin/dxchpwd
or
the
/usr/bin/passwd
command if the
minimum/maximum password length limitation is
necessary.
Workaround: To delete a user account you must do the following:
/etc/passwd
and
/etc/group
files
to remove references to the user.
#
/usr/tcb/bin/edauth -r <user name>
Workaround: Use the following command to remove the dangling protected password database entry:
#
/usr/tcb/bin/edauth -r <user name>
Workaround: Restart Account Manager to restore the former template icon. Use the Delete Toolbar icon or the Edit->Delete... option from the Template view to delete the undesired template
Workaround: Modify the copied user's account and change the template from the default to the desired template. Note that the template reference is maintained if the user is dropped within the same view.
Workaround: Only the drag and drop method of template assignment has this problem. You can use the Create/Modify dialog box to change a single user's template or use the Modify Selected dialog box to change templates for several selected users. Both methods correctly propagate the template's lock field.
template %2
instead of the template's name.
Workaround: None.
Workaround: Restart Account Manager and then delete the template.
Workaround: Manually remake the NIS maps or perform an Account Manager function (for example, Account Modification) that will trigger the maps to be remade. To manually remake the maps do the following:
#
cd /var/yp
#
make all
The Print Configuration Manager may have some problems with
/etc/printcap
files from DEC OSF/1 Version 3.2 or earlier, as follows:
Using
/etc/printcap
files in the current version of DIGITAL UNIX,
the system assigns printer names
lp[0-9]*,
[0-9]*,
and for the default printer,
lp.
For example, the default printer may have a name field such as
lp0|0|lp|default|declaser3500:....
Another printer may be named
lp7|7|some_alias|another alias:....
Therefore, the system has difficulty with printers
that have less than two names or that use
these reserved names as aliases.
Some of the attribute value checking is different between earlier versions and the current version. For example, some fields that were not required now are, and some attribute values that were legal no longer are.
The Print Configuration Manager requires that all comments be associated with a printer. As a result, comments appearing after the last printer are truncated.
To avoid these problems, invoke the
printconfig
utility with the menu interface
(printconfig -ui menu).
This brings up the
lprsetup
utility, which is fully compatible
with earlier
printcap
files.
The following problems apply to configuring BIND servers with the BIND configuration graphical user interface.
Workaround: Edit the
/etc/namedb/named.boot
file to remove the zone entry that needs to be deleted.
Workaround: If the Forwarder is not needed, you can edit the
/etc/namedb/named.boot
file to remove the Forwarder entry after you Commit to the
setup in the BIND configuration interface.
/etc/namedb/named.boot
file will be deleted if the Zones
button is not clicked first.
Workaround: Whenever you modify your BIND setup using the BIND configuration interface, click on the Zones button before you Commit to any changes.
Workaround: The address can be modified by editing the secondary
domain entry in the
/etc/namedb/named.boot
file.
The
dxshutdown
application does not create the
/etc/nologin
file as described in the documentation.
This means that users will be able to log in to a machine
that is being shut down up until the actual time of the shut down.
Note that this behavior differs from that of the
shutdown
command that creates the
/etc/nologin
file at 5 minutes prior to the shutdown.
The following notes apply to system administration.
In previous releases of DIGITAL UNIX, the
/etc/sysconfigtab
file was documented as a system file that could be
changed using an editor such as
vi.
System administrators often edit this file to
tune and customize the system.
In recent releases, proper maintenance of the subsystem stanzas in
/etc/sysconfigtab
has become more important. Improper formatting and organization could
prevent your changes from being recognized by the kernel and result in
the loss of customizations during update installations. To maintain
the correct structure of
/etc/sysconfigtab,
you should use only the
sysconfigdb
command or the
dxkerneltuner
interface to make changes.
See the
sysconfig(8),
sysconfigdb(8),
sysconfigtab(4),
and
dxkerneltuner(8)
reference pages for information.
When the
/etc/passwd
file is very large, a performance degradation may occur.
When the number of
passwd
entries reaches the 30,000 to 80,000 range or greater,
mkpasswd
will sometimes fail to create a hashed
(ndbm)
database. Because the purpose of this database is to allow for
efficient (fast) searches for
passwd
file information, failure to build it causes commands that rely on it
to do a linear search of
/etc/passwd.
This results in a serious performance degradation for those commands.
For customers choosing to use the
mkpasswd -s
option to avoid this type of failure, a potential database or binary
compatibility problem may arise. If a customer application that
accesses the password database created by
mkpasswd
is built statically (nonshared), that application will be unable to
read from or write to the password database correctly. This would
cause the customer application to fail either by generating incorrect
results or by possibly dumping core. Any statically linked
application would be affected if it directly or indirectly calls any
of the
libc ndbm
routines documented in the
ndbm(3)
reference page and then accesses the password database. To remedy
this situation, you must re-link the application.
Customers who do not use the
mkpasswd -s
option will not see this compatibility problem.
Certain software license PAKs include expiration dates that currently limit the ability to run software when the date is set well into the future (into the year 2000). While most customers do not have PAKs with expiration dates, those who do (such as CSLG, ASAP, or Partner PAK Program members) may benefit from the following enhancements.
The
lmf
utility and supporting code have been enhanced to allow customers with
expiring software license PAKs to set the system date beyond the
expiration dates within a specific time window to allow Year 2000
(Y2K) testing.
Also, a test PAK,
00Y2K-TESTING,
is available for use with DIGITAL UNIX Version 4.0D and higher. If
you have expiring license PAKs, you can install this test PAK,
allowing your PAKs to operate beyond their expiration dates between
the dates of December 1, 1999 and March 2, 2000. The test PAK allows
you to conduct Y2K testing within the specified time window.
For information about obtaining the
00Y2K-TESTING
PAK and other Y2K issues, see the
DIGITAL UNIX Year 2000 Readiness
white paper, which is available in HTML format on the
DIGITAL UNIX V4.0D Documentation, Volume 1
CD-ROM. This document is also available on the DIGITAL UNIX
web page at the following URL:
http://www.UNIX.digital.com/unix/year2000/whitepaper.html
Once you obtain and install the
00Y2K-TESTING
PAK and set the system date forward for Y2K testing,
you must execute the following command from the root account the first
time run level 3 (also referred to as "init 3" or "multiuser mode")
is entered after each system boot:
#
/usr/sbin/lmf reset
This will ensure that all software licenses are loaded while the system date is set within the Y2K testing window. You need to execute this command only once within run level 3 between each system boot. You can toggle the system between run level 1 and run level 3 after the first execution of the command in run level 3. You will only be required to execute the command again after rebooting the system.
If a printer is connected to multiple queues through a LAT or a local
tty
port and different jobs are submitted to different queues within a short
period, some of the jobs may be lost. If this happens, resubmit the print
request.
Compressed crash dumps have been enabled for this release of DIGITAL UNIX, as explained in Section 1.5.
You may need to disable this feature if you have tools or scripts that
do not work with compressed crash dumps. If necessary, use
dbx
to set the
compressed_dump
variable to 0 in the running kernel, as follows:
(dbx) assign compressed_dump = 0
Note that this must be repeated each time the kernel is booted.
Alternatively, you can use
dbx
to patch the value of
compressed_dump
to 0 in the kernel image file.
Chapter 4 of the
Kernel Debugging
guide provides more information
about crash dump settings. Also, see the
savecore(8),
sysconfig(8),
and
dbx(1)
reference pages.
The
/var/adm/syslog.dated
directory contains preserved copies of log files that are used for
debugging. Normally, these files do not contain many entries.
However, under certain error conditions, a DIGITAL UNIX subsystem
might log an excessive amount of entries to a file and cause a
problem.
You should either physically check the logs on a regular basis or
use the
cron
utility to set up a regular job to clear the log files. The default
root
crontab file in the
/var/spool/cron/crontabs
directory contains the following sample line for clearing up the
/var/adm/syslog.dated
directory (the \ indicates line continuation):
40 4 * * * find /var/adm/syslog.dated -depth -type d -ctime +5 \
-exec rm -rf {} ;
If enabled, this
cron
job will be activated every morning at 4:40 a.m. and will delete any log
file in
/var/adm/syslog.dated
that has not been updated for the last five days. You can edit the
crontab
file to uncomment and modify this line or add a similar line
by using the following command:
# crontab -e
For more information, see the
crontab(8)
reference page.
The security of the
syslog
facility has been enhanced in this release. Unless the domain host name of a
remote host is entered in the local file,
/etc/syslog.auth,
the local system will not log any
syslog
messages from that remote host.
If you are installing
the secure version of
syslogd
on a system, and you have configured or intend to configure other
hosts to forward
syslog
messages to the system, complete the following steps:
su
to become the superuser
(root)
/etc/syslog.auth
using a text editor. This file must be owned by
root
and have permissions set to 0600.
syslog
messages to the local system. Host names must meet the following criteria:
/etc/syslog.auth.
(A line started with the "#" character is considered as a comment and is
ignored.)
trout.fin.huk.com.
/etc/hosts
file or the local system must resolve it through a name server
(such as BIND).
MAXHOSTNAMELEN
constant in
<sys/param.h>,
although each line in the
/etc/syslog.auth
file is limited to 512 characters.
System configurations that are large, containing many adapters and
devices, may exhibit incomplete message logging in the
/var/adm/messages
file.
If this happens, you should compensate for the large system
configuration by increasing the value of the
msgbuf_size
attribute in the
generic
subsystem using
sysconfigdb
utility or the
dxkerneltuner
interface.
The default value for
msgbuf_size
is 4096. Usually, setting it to 8192 is sufficient to resolve the
problem. If you have a smaller configuration and you do not see this
problem, you should not make the change.
Refer to the
sysconfigdb(8),
reference page and the
System Configuration and Tuning
guide for information about modifying system attributes.
For DIGITAL UNIX Version 4.0D and its software supplements, the supported version of the EISA Configuration Utility (ECU) is Version 1.10 or higher. If your system is configured with an EISA bus, you should update the ECU to this supported version.
Consult the Open3D Software Product Description (SPD) before installing Open3D to ensure that this DIGITAL layered product is supported on your system.
Installing Open3D on systems not supported by the Open3D layered product can leave your system in an unusable state.
For this release, bootable tape will not work with the LSM product. Not all platforms and tape drives support bootable tape. The following processor platforms are supported:
The following tape devices are supported:
To use the
btcreate
utility, your system must have at least 156,000 512-byte blocks of free
space in the
/usr
directory.
You will not have enough space if your system uses an RZ26 or smaller disk with the default partitions and you have installed all of the subsets and kernel options.
To overcome this limitation, you can reclaim the required space by removing some subsets or by creating and mounting new partitions.
The following steps show you how to create and mount new partitions for
a UNIX file system (UFS). If you prefer to use AdvFS, use the
mkfdmn
and
mkfset
commands.
newfs
command to recreate a new partition:
#
newfs /dev/rz1d
/usr/sys
directory:
#
cd /usr/sys
.BOOTABLE directory under the
/usr/sys
directory, where
SYSTEM
is the system name:
#
mkdir FLAWLESS.BOOTABLE
.BOOTABLE directory:
#
mount /dev/rz1d /usr/sys/FLAWLESS.BOOTABLE
This device should have at least 75,000 512-blocks available.
#
newfs /dev/rz1b
#
mount /dev/rz1b /mnt
/usr/sys/bin
directory.
/usr/sys/bin
directory to the
/mnt
directory:
#
cp * /mnt
/mnt
directory:
#
umount /mnt
/usr/sys/bin
directory:
#
mount /dev/rz1b /usr/sys/bin
After completing these steps, your system should have the necessary
space to run
btcreate.
If you are using AdvFS, the
/usr/sys/bin
file system must be copied during
btcreate
in order to copy the entire contents of the
/usr
file system.
Ensure that the kernel has been built with the tape drive connected to your system. If the drive was not connected when the kernel was built, you will see dump errors and the system will not be able to boot from the tape drive.
Bootable tape will not function with the
-m mfs
option on systems with 32 MB
memory configurations.
After booting the kernel from tape, commands that use
shared libraries will core dump.
Use the
-m ufs
option while creating
the tape on systems with 32 MB memory configurations.
Bootable tape does not support the bootable kernel built with the
/usr/sys/conf/GENERIC
kernel configuration file.
Be sure to use a system-specific custom kernel.
Using a bootable tape on a platform other than the one on which it was created is not supported. For example, you cannot create a tape on a 4100 system and boot from it on a 1000A system.
When using QIC tape drives to create bootable tapes, you must use only high-density tapes of 320 or more megabytes. The QIC-24, QIC-120, and QIC-150 format tapes of fixed-512 blocks will not work. Tapes with a variable block size, such as the QIC-320 and QIC-525, will work with bootable tape.
Using an improperly configured QIC tape drive to create a bootable tape will result in an I/O error, a write error, or permission denied error. Therefore, you must take one of the following actions:
If creating a bootable tape with a UFS
file system
extends to multiple tapes, the
/sbin/dump
command displays a message indicating that the tape must be changed.
If the tape is not changed promptly,
warning messages repeat periodically until the tape is changed.
When you change the tape, the warning messages will stop.
When selecting disk partitions while restoring file systems from tape, add 5 percent to the needed file size displayed on the console.
A QIC tape created with the
btcreate
utility may fail with the following error when booted:
failed to send Read to mka...
Be sure that the tape is write protected before booting.
The behavior of the
open
call to a tape device has changed. You can no longer use
write
mode to open a write protected tape. The attempt to open the tape
will fail, returning the following message:
EACCES (permission denied).
If an application is written so that it attempts to
open the tape device with
O_RDWR
when the intention is only to read
the tape, the open attempt will fail. Applications should be changed to open the
device with
O_RDONLY.
For applications that cannot be changed, use the
following command to obtain the previous behaviour of the open call:
#
sysconfig -r cam_tape open_behaviour=0
The following notes apply to the use of enhanced security features.
The following restrictions apply to distributing enhanced security profiles via NIS:
rpc.yppasswdd
daemon must respond and update the last successful and last
unsuccessful login fields in the
prpasswd
NIS map.
yppush
operation initiated from the
rpc.yppasswdd
daemon. (Most successful logins do not require a
yppush
operation, but login failures and password changes do.)
The login process will not continue or terminate until both of these steps are completed.
The more NIS slave servers that are present in a given NIS domain, the
more time
rpc.yppasswdd
takes to complete these steps. Also, nearly-simultaneous login
attempts are processed sequentially by the NIS master, each waiting on
a possible
yppush
for the previous attempt to succeed. Therefore, if several
simultaneous attempts arrive at once, some may timeout and require you
to log in again. You can alleviate this problem to some extent by
using the
-p
option of
yppush.
One way to do this is to modify the
/var/yp/Makefile
file and change the
YPPUSH=
line. The following example allows up to 6 simultaneous transfers to
NIS slave servers (the default number is 4):
YPPUSH=$(YPDIR)/yppush -p 6
prpasswd
map, the more likely the time limit is to expire during a login
attempt, causing that attempt to fail. Simultaneous or
nearly-simultaneous login attempts will fail if the NIS master server
does not respond quickly enough to the pending login processes. If the
total time taken on the NIS master for the following commands exceeds
25 seconds, then there will be circumstances under which only one user
will succeed in logging in at a time:
#
cd /var/yp
#
make passwd prpasswd PRPWDPUSHONLY=1 NOPUSH='"'
You can decrease the time required for map transfers if you use the
btree
format to store the maps on all of your NIS servers.
With successful logins, the
rpc.yppasswdd
daemon will defer pushing the maps if the login notification comes
from a Version 4.0D client. Therefore, the
yppush
operation is only completed when an older client initiates the
operation or when it is necessary to clear a failed login count.
prpasswd
information may be able to use NFS to share the
/tcb/files
and
/var/tcb/files
directories instead. This requires you to export the directories with
root access to the participating nodes (with
-root=0
or
-root=client1:client2:client3
as appropriate). It also requires you to enable NFS locking to ensure
that no database corruption occurs. For more information, see the
exports(4)
reference page.
In previous releases of DIGITAL UNIX, NIS slaves that were listed in
the
ypservers
NIS map on the NIS master but that did not already have a copy of the
prpasswd
and
prpasswd_nonsecure
NIS maps may not have succeeded in transferring those maps during the
yppush
operation. This problem has been fixed for Version 4.0D and higher.
Because the user profile and
tty
information is now stored in database files, the previous recovery
method of editing the files while in single-user mode is no longer
available. However, as long as the
/usr
(and, if separate,
/var)
file systems are mounted, you can use the
edauth
utility in single-user mode
to edit extended profiles and ttys database entries.
If the
/etc/passwd
file is somehow lost, but the extended profiles are still available,
then you can use a command sequence as in the following example to
recover some of the missing data (the "\" character indicates line
continuation):
#
bcheckrc
#
/tcb/bin/convuser -dn | /usr/bin/xargs /tcb/bin/edauth -g | \
sed '/:u_id#/!d;s/.*:u_name=//;s/:u_id#/:*:/;s/:u_.*$/:/' >psw.missing
This will create a
psw.missing
file containing entries like the following:
root:*:0:
Primary group information, finger information, home directory, and login shell are not recorded in the extended profile. You must recover the data for those fields by other means.
The Enhanced Security routines
pw_idtoname,
pw_nametoid,
gr_idtoname,
and
gr_nametoid
(described in
pw_mapping(3))
previously used the
/etc/auth/system/pw_id_map
and
/etc/auth/system/gr_id_map
files to find the required information for mapping names to numeric
identifiers, and vice versa. The disk space required by those files
imposed a limit on how many accounts a system could support.
The Enhanced Security routines no longer use the
pw_id_map
and
gr_id_map
files. If you are running DIGITAL UNIX Version 4.0D or later and
still have those files, it is recommended that you remove them to
recover the space occupied on the
root
paritition.
Logins with NIS-shared extended user profiles under Enhanced Security
have been streamlined, thus lifting the former restriction of 4,000
accounts. However, depending on the method chosen for building the
NIS maps (using
nissetup
or the
/var/yp/Makefile
file), the limits of the
ndbm
storage format may still impose a limit on the number of accounts
that can be shared through NIS. If you are sharing more than 10,000 accounts
with NIS, DIGITAL recommends that you use the
btree
storage format instead of
ndbm
(where practical). The limitations on NIS slave servers and NIS
master availability for use of the
prpasswd
NIS map are unchanged.
The
useradd
command correctly honors the default administrative
lock value found in the
/.sysman/Account_defaults file.
If
Account_defaults
does not exist, the internal default for
useradd
is to create locked accounts. You can use the
administrative_lock_applied
extended command line option to override the default. In the
following example,
useradd
creates a locked account for
foo
regardless of the default value for administrative lock:
useradd -x administrative_lock_applied=1 foo
For base security, a locked account has the text
Nologin
in the password field in the
/etc/passwd
file. If an account is unlocked and has no password, that account has
no value in the password field. The account is open and accessible to
anyone. A warning is displayed if an unlocked account with no
password is created.
For enhanced security, all accounts have an asterisk
(*)
in the password field in
/etc/passwd,
but the lock flag in the protected password database is correctly
set to reflect the lock status. As with base security, an unlocked
account with no password is accessible to anyone.
The
usermod
command correctly sets the lock flags for enhanced security when the
administrative_lock_applied
option is given on the command line. If
usermod
is used to unlock a locked account with no password, a warning is
displayed.
The
userdel
command will retire, instead of remove, accounts on a system running
enhanced security.
The following notes apply to network and communications software.
When using
netconfig
while CDE is running, avoid restarting network services after
reconfiguring the primary network interface. This action can result
in error dialog boxes and may even cause CDE to hang. The problems
may not be observed until you use
bindconfig
to set up BIND.
In particular, do not use the following
netconfig
features while running a CDE session:
yes
to restart the network services from the
netsetup
or
netconfig
menu interfaces.
yes
to the following prompt after reconfiguring the primary network
interface from the
netconfig
graphical interface:
restarting network services
netconfig
graphical interface to start, stop, or restart the network.
netconfig
then use the
/usr/sbin/rcinet
stop, start, or restart options from the command line.
For the configuration changes to take effect, you must use
/sbin/reboot
or
/sbin/shutdown -r now
to reboot your machine from the command line.
The following restrictions apply when using IP switching over ATM:
ips)
per host is supported.
atmsig
command to start UNI signaling on a driver used for IP switching.
ips
interface,
tcpdump
and
packetfilter
are not supported.
/etc/atm.conf
file,
and not through the
atmsetup
utility.
This release does not support Orderly Release in XPG4 XTI (default XTI interface). It is still available for users of XPG3 XTI. See the Network Programmer's Guide for information on using XPG3 XTI.
The
ifconfig
command is run by the
/usr/sbin/rcinet
script when you use the following command to restart the network:
#
/usr/sbin/rcinet restart
This will clear and reset the primary network interface address.
Network interfaces with configured interface aliases use the alias address as a source address for outgoing packets. Resetting the primary network interface address can cause a problem for systems with a firewall or proxy-access configuration based on the primary address. Generally, alias addresses are not in the access control lists in such systems.
To avoid this problem, you can use one of the following solutions:
#
ifconfig <if_w_aliases> down delete
When you use
netsetup
to restart the network, an error message similar to the following will
be displayed:
kill: 204: no such process
This problem also appears when you execute the following commands:
#
rcinet stop
#
rcinet restart
The message is incorrect and has no effect on your system.
The Common Desktop Environment (CDE) provides facilities and features for applications to communicate in a networked environment. After the network is configured and enabled, these features become available each time a new desktop session is started. After a desktop session has started, the current session has a static dependency on the state of the network configuration. Network and system administrators should be very cautious about dynamic changes to the network configuration while in a network-aware desktop session.
Prior to making any dynamic network changes, such as
changing the state of your network adapter to off or
changing your primary network address, add the following entry to the
/.dtprofile
file:
export DTNONETWORK=true
The system administrator must then log out and back in as root for the change to take effect. This change removes the dependency on the state of the network. Failure to do this may result in a session hanging after clicking on a CDE icon, such as the screen lock or Exit icons.
After all network changes are completed, remove the
export DTNONETWORK=true
entry from the
/.dtprofile
file.
The autosense feature has been removed from the Tulip Ethernet and Fast Ethernet driver. This feature automatically determined whether your Ethernet connection was 10BaseT (UTP, Twisted Pair), 10Base2 (BNC, Thinwire), or 10Base5 (AUI, Thickwire) during the boot sequence. It also attempted to select between 10 Mbps and 100 Mbps operation if applicable, but not between half-duplex and full-duplex mode.
The Tulip driver used autosense in those systems where the
Alpha SRM Console did not support or communicate (to the driver) the
setting of the
EW*0_MODE
environment variable. Autosense was also used as the default mode for
the EISA DE425 adapter.
In both cases, the default is now Twisted-Pair (half-duplex, 10 Mbps). If this new default is acceptable, then you do not need to do anything. Otherwise, you need to take one or more of the following actions:
EW*0_MODE
console environment variable for each
tu
or EW interface as desired.
lan_config
command to select the desired mode of operation. This command
overrides whatever was selected via the ECU or console
(EW*0_MODE
setting). You may use the
/etc/inet.local
configuration file to maintain
lan_config
settings across system restarts.
Refer to the
tu(7),
lan_config(8),
and
inet.local(8)
reference pages for more information.
Note that the autosense feature is different from autonegotiation. The autosense feature uses a software algorithm to determine what media is currently present on the given device, and the autonegotiation feature uses specific hardware for determining the speed (10/100) and mode (full duplex/half duplex). The autonegotiation feature is still available in the Tulip driver and there are no plans to retire it.
The following notes apply to Local Area Transport (LAT).
The
latsetup
utility sometimes creates devices with duplicate minor numbers.
If you manually create LAT BSD devices that do not match the valid BSD
tty
name space convention,
latsetup
can create devices with duplicate minor
numbers. For example, creating device
tty0
with a minor number 2 instead of 1 can cause this problem.
When a CTRL/A character is typed during a LAT tty session, all lowercase characters are converted to uppercase. Another CTRL/A changes the mode back to normal.
When doing a number of simultaneous
llogin
connections, you should use
llogin
with the
-p
option. To speed up an
llogin
connection, add the target host name as a reserved service.
You no longer need to build LAT into the kernel. LAT is not made a mandatory kernel option upon selecting the LAT subset and does not appear in the kernel configuration file. As LAT requires the Data Link Bridge (DLB), you must still build DLB into the kernel when using LAT.
The default behavior upon booting to multiuser mode is for LAT to be
dynamically loaded into the running kernel. If LAT is not started at
boot-time via the
/sbin/rc3.d/S58lat
script, the recommended method for starting and stopping LAT is to
verify that
LATSETUP
is enabled in
/etc/rc.config
and execute the
/sbin/init.d/lat
program, using the
start
or
stop
options.
The notes in this section apply to file systems.
When using the UNIX file system (UFS), there is a problem when
setting properties. Setting a property on a FAST symbolic link, a
block special file, or a character special file causes
fsck
to erroneously detect contradictory block counts and produce
inconsistent file system activity. There is no solution for this
problem and it will be fixed in a future release.
Starting with Version 4.0D, the
newfs
command no longer searches the
/etc/disktab
file for hard disk geometry information. It now performs an
ioctl GETDEVGEOM
call to determine the characteristics of a disk.
For an NFS client to make direct use of ACLs or extended attributes
(property lists) over NFS,
you must be enable the
proplistd
daemon on an NFS server. You also must use the
proplist
mount option when mounting on the client. Access checks are enforced
by the server in any case, although NFSv2 client caching could
sometimes cause inappropriate read access to be granted. Correctly
implemented NFSv3 clients make the necessary access checks.
Start the
proplistd
daemon by selecting the number of
proplist
daemons to run when you use the
nfssetup
utility. You can also use the
proplistd
command to start the daemon manually:
#
/usr/sbin/proplistd 4
On the client, the file system must be mounted with the
proplist
option by either of the following methods:
proplist
to the options field in the
/etc/fstab
file:
sware1:/advfs /nfs_advfs nfs rw,proplist 0 0
#
mount -o proplist sware1:/advfs /nfs_advfs
See the
acl(4),
fstab(4),
proplist(4),
mount(8),
nfssetup(8),
and
proplistd(8)
reference pages for more information. Note that the
proplist
option is not documented in
mount(8).
On AdvFS file systems there is a hard limit of 1560
bytes for a property list entry. Since Access Control Lists (ACLs)
are stored in property list entries, this equates to 62 ACL
entries in addition to the three required ACL entries. The
EINVAL
error is returned if you attempt to exceed this limit.
To facilitate interoperation of the UFS and AdvFS ACLs, a
configurable limit has been imposed on UFS ACLs. The default
value of the UFS limit is 1548 bytes, equivalent to the 65-entry
limit on AdvFS. The UFS configurable limit on ACLs has been
added to the
sec
subsystem and has been given the attribute name
ufs-sec-proplist-max-entry.
You can use the
sysconfig
utility to dynamically configure the attribute or you can use
sysconfigdb
or
dxkerneltuner
to statically configure the attribute in the
/etc/sysconfigtab
file.
A configurable property list element size for UFS has also been added
to the
sec
subsystem and has been given the attribute name
ufs-proplist-max-entry.
The value of
ufs-proplist-max-entry
must be larger than
ufs-sec-proplist-max-entry
by enough space to hold a property list element header. The
sysconfig
utility adjusts the
ufs-proplist-max-entry
attribute automatically. The default value of
ufs-proplist-max-entry
is 8192 bytes.
See the
cfgmgr(8),
seconfig(8),
seconfigdb(8),
sysconfig(8),
and
sysconfigdb(8)
reference pages for more information.
The following notes discuss features, problems, and restrictions of the Advanced File System (AdvFS).
For information about recovering from AdvFS domain panics and
correcting an overlapping
frag
data corruption problem, see
Appendix F.
You can use the
fsync()
system call to synchronously write dirty file data to
disk. There are two ways a file can have dirty data in memory. One way
is via the
write()
system call. The other is from a memory write reference after an
mmap()
system call. For AdvFS files, the
fsync()
system call writes out dirty data only from the
write()
system call.
If dirty data from an
mmap()
also needs to be written then you must also use the
msync()
system call.
Formerly, when
chfile -l on
was applied to an AdvFS file, the file system retained a copy of any
user data that was being written to the target file in the AdvFS log
file until the data had been incorporated into the target file. The
log file was written to asynchronously, meaning that the user data was
held in the log file buffer (volatile memory) and flushed to the disk
at intervals. If any user data was still in the log file buffer when
the system crashed, it was lost.
Starting with Version 4.0D, using the
chfile
command on an AdvFS file forces all writes to the file to be
performed in a synchronous manner, regardless of the arguments of the
open()
system call. In other words, files that have had
chfile -l on
applied to them will always behave in exactly the same manner as files
that are opened using the
O_SYNC
flag in the
open()
arguments. This new implementation guarantees that the user's data
will be on disk when the
write()
system call returns to the calling program.
Refer to the
open(2)
reference page for more information about the
O_SYNC
flag.
You can reuse a partition that was previously part of an AdvFS domain.
However, before you reuse the partition, you must remove the domain on the
partition you want to reuse. Use the
rmfdmn
command to remove the entire domain. After the unused domain is
removed, you can create a new domain on the partition.
Under certain conditions, the disk usage information on an AdvFS file system
may become corrupted. To correct this, turn on quotas in the
/etc/fstab
file for the affected file system, and then run the
quotacheck
command on the file system. This should correct the disk usage
information.
The following notes describe problems and restrictions of the Logical Storage Manager (LSM).
Under certain hardware failure scenarios, an LSM volume configured with a sparse plex may erroneously return success to the file system or application when in fact the I/O failed. DIGITAL recommends that you do not configure volumes with sparse plexes.
Root, primary swap, and secondary swap volumes configured under LSM have the following restrictions:
rootdg.
Physical block 0 on DIGITAL disks is typically write protected by default. If
a disk is added to LSM by using the
voldiskadd
utility, physical block 0 is skipped. However, if a partition that includes
physical block 0 is encapsulated into LSM by using the
volencap,
vollvmencap,
or
voladvdomencap
utility, physical block 0 is not skipped. This is not a problem because the
file system already skips block 0 and does not write to it.
A problem can occur when an LSM volume that contains a write-protected block 0 is dissolved and its disk space is reused for a new purpose. Neither the new application nor LSM know about the write-protected physical disk block 0 and a write failure can occur.
To fix this problem, use the following steps to remove the write-protected physical disk block 0 from the LSM disk before it can be assigned to the new volume:
voldg
and
voldisk
commands to remove the disk from LSM.
voldiskadd
command to add either a specific partition of the disk
or the entire disk to LSM.
When you create an LSM mirror using a disk that is configured as Just-a-Bunch-of-Disks (JBOD) with either the SWXCR-P or SWXCR-E RAID controllers, a disk failure requires that you reconfigure the disk on the controller. The disk is in an unusable state once it is set off line by the controller and cannot be used by LSM until it is reconfigured. Refer to the StorageWorks RAID Array 200 Subystem Family Installation and Configuration Guide.
If you use the
setld
utility to install LSM after you originally install DIGITAL UNIX,
you must rebuild the system kernel to enable LSM.
To rebuild the kernel, run the
doconfig
utility with no command flags. Note that the
doconfig
menu display does not include LSM. However, the
doconfig
utility will build a kernel that includes LSM. Refer to the
Logical Storage Manager
guide for more information.
Only
LUN 0
is supported as a boot device by the console. Hence, you can
only mirror the LSM
rootvol
and
swapvol
volumes to
LUN 0
in an
HSZ.
Therefore, when you use the
volrootmir
script to mirror
rootvol
and
swapvol,
use only
LUN 0
on an
HSZ
as an argument to the
volrootmir
script.
If you use the LSM
rootvol
volume for the root file system and
the
swapvol
volume is in use as a primary swap volume, LSM adds the following entries to
the
/etc/sysconfigtab
file to enable rootability:
lsm: lsm_rootvol_is_dev=1 lsm_swapvol_is_dev=1
If these entries are deleted or if the
/etc/sysconfigtab
file is deleted, the system will
not boot. If this happens, you can boot the system interactively
as follows:
>>>
boot -fl i
......... .........
Enter
kernel_name option_1 ... option_n:
vmunix lsm_rootdev_is_volume=1
Use the
sysconfigdb
utility to add the LSM entries as shown above to the
/etc/sysconfigtab
file after the system boots. Then, reboot the system for the changes
to take effect.
The following notes apply to restrictions on using functions that support internationalization or internationalized components.
Before DIGITAL UNIX Version 4.0, the
zh_TW
locale was an alias of the
zh_TW.dechanyu
locale. With the introduction of CDE in Version 4.0, the
zh_TW
locale pointed to
zh_TW.dechanyu
in some cases and to
zh_TW.eucTW
in other cases.
Starting with Version 4.0D, to conform with other
vendors, the various
zh_TW
links are now all set to
zh_TW.eucTW.
To avoid confusion, you should always use explicit locale names
with the codeset extension (such as
zh_TW.dechanyu)
rather than the shortened name without the codeset in it (such as
zh_TW).
The same applies when you select a language during a CDE login or from
the XDM session manager.
Under certain circumstances, Netscape Navigator may crash upon
invocation when the current locale is
ja_JP.deckanji.
If this happens, a workaround for the problem is to add the
following four lines to the
/usr/i18n/lib/X11/ja_JP.deckanji/app-defaults/Netscape
file:
netscape.xnlLanguage: ja_JP.eucJP netscape.XnlLanguage: ja_JP.eucJP Netscape.xnlLanguage: ja_JP.eucJP Netscape.XnlLanguage: ja_JP.eucJP
This will force Navigator to run in the
ja_JP.eucJP
locale to avoid the crash.