This chapter provides brief descriptions of features that were new to the Tru64 UNIX operating system in Version 5.0 or that changed significantly from previous releases.
Tru64 UNIX Version 5.0 is a major release that includes the following enhancements:
The operating system is scalable to very large configurations.
Performance improvements have been implemented in many areas, including file systems, storage management, and networking.
Installation, set up, and system management have been simplified.
Reliability, availability, and serviceability features have been enhanced.
Support for future versions of the Tru64 UNIX TruCluster software product is included.
New and updated versions of some associated products are included.
The following sections provide more information on the major new features
included in Version 5.0.
8.1 Scalability Enhancements
Version 5.0 provides the following scalability enhancements:
More efficient scaling with more CPUs
Enhanced scaling allows for the addition of more CPUs in SMP systems. AlphaServer 8400 systems can include up to 14 CPUs in a single system. Additionally, several design improvements have been made to allow CPU scaling well beyond 14 CPUs with future systems.
Very Large Memory (VLM)
Improved memory utilization to 28 GB provides for more efficient use of memory in VLM configurations.
File and Storage Limits
This version supports 4 TB or larger file and storage systems.
Performance benchmarks
This version provides improvements in the following benchmarks: AIM VII, LADDIS, TPC-C, TPC-D and SPECweb.
Enhanced device support
SCSI-3 standard support allows up to 256 target and LUN addresses per SCSI bus and supports dual pathing (an alternate path to a device).
New device naming provides a flexible framework that allows more than 256 device names per SCSI bus. The new device naming supports SCSI-3 and FibreChannel. It includes the ability to convert existing device names in an existing configuration to new device names automatically, while retaining support for old device names.
FibreChannel support for switched connections and multiple concurrent paths (up to 64) with adaptive load balancing has been added. Both SCSI-2 and SCSI-3 commands are supported.
Dynamic Tuning
Most tuning can now be done at run time without rebooting the system.
In addition to these enhancements, this version of Tru64 UNIX also
provides extended system limits.
More information on some of these limits
can be found in the relevant sections of this manual.
For more information
on system limits in general, see the
Software Product Description
(SPD).
8.2 Installation Improvements
This release provides several improvements to the Update and Full Installation processes.
The following enhancements have been made the Update Installation process:
A graphical user interface has been added to the Update Installation process. In previous releases, the Update Installation provided only a text-based interface.
Updating Worldwide Language Support (WLS) software is performed automatically during an Update Installation of the base operating system. It is no longer necessary to remove WLS software before the operating system is updated or to update WLS software as a separate task.
The Update Installation can be invoked with the optional
-u
flag to run the Update Installation in unattended mode.
Unattended
means that barring any problems with the update, there is no user interaction
required.
The only exception to this is the switching of CD-ROMs if WLS
software is being updated.
The
-u
flag builds a kernel
with all kernel components and does not provide the chance to archive obsolete
files.
An analysis phase has been added to the beginning of the Update Installation process. The system is analyzed for layered products that prevent the Update from continuing, layered products that will need to be reinstalled after the Update, fatal and non-fatal file system type conflicts, and available disk space. If layered product or non-fatal file type conflicts are discovered, you can resolve them directly from the Update Installation user interface; there is no need to exit the Update, resolve the conflict, and restart the Update. If your system does not have enough available disk space for new software and room for temporary processing, disk space recovery options are available directly from the Update Installation user interface as well.
The following improvements have been made to the Full Installation process:
Both the text-based and graphical user interfaces have a new task-oriented design, which steps you through each installation task and lets you go backward and forward at any time to change your answers.
The Advanced File System (AdvFS) is now the default file system type rather than the UNIX File System (UFS).
During optional software subset selection, software dependencies are automatically identified and resolved. Dependency checking ensures that other software required for the proper operation of the optional software also is installed. If such a relationship is detected, the dependent software is installed automatically and you are notified accordingly.
You can configure the Logical Storage Manager (LSM) and install directly into LSM volumes during the Full Installation process.
Worldwide Language Support (WLS) software can be installed during a Full Installation, eliminating the need to install WLS software as a separate task.
A third invocation point has been added for user-supplied
files, which can be used to customize the installation.
This file must be
called
postreboot, and it is searched for and executed
immediately after the newly installed system reboots.
More specifically,
the
postreboot
file is invoked after the check for a
config.cdf
file so that the
postreboot
file
can take advantage of a network-configured system.
For more information, see the
Installation Guide.
8.3 System Management
This version
of Tru64 UNIX provides many new features and enhancements to its system
management utilities.
The following sections highlight some of these changes.
For more information, see the
System Administration
guide, the
Installation Guide,
the
sysman_intro(8)
reference page, and the online help for the applications.
8.3.1 Event Manager
The Event Manager (EVM) has been added to the SysMan utilities. EVM provides a centralized means of gathering, distributing, storing, and reviewing event information, regardless of how the events are posted. Event Manager makes event information more accessible and provides an event infrastructure that is flexible and adaptable. Some of the features included with EVM are:
A means for user-level components to post events
A means for processes to request notification when specified events occur
An event logger that stores selected events and can display them on the system console or forward them to the system administrator as electronic mail
An event viewer that allows you to retrieve and review stored event information from a character-cell terminal, a CDE window, or a Web browser
A set of command-line utilities for posting, retrieving, or monitoring events from a shell script or a terminal
A supporting application programming interface (API) library
For more information, see the
System Administration
guide and the
EVM(5)reference
page.
8.3.2 Exporting Tru64 UNIX System Management Data Using SNMP
This
release includes methods for exporting Tru64 UNIX system management data
using the Simple Network Management Protocol (SNMP).
For more information,
see the
System Administration
guide.
8.3.3 SysMan Integration and Application Access
The integration of and access to the SysMan
applications has been enhanced in this version of Tru64 UNIX.
You can now
access the SysMan applications from the System_Admin section of the desktop's
Application Manager, the Custom Setup checklist, and by using the
sysman
command.
The
sysman
command provides access to the suite of
system management utilities, making it easier for you to find the applications
you need to manage your system.
This suite includes the SysMan Menu, the SysMan
Station, the
sysman
command line interface, and the
sysman -clone
command.
The following list provides a brief overview
of these applications:
The SysMan Menu provides a framework for organizing various system management tasks. Each task represents a small application that is launched from the SysMan Menu. All the tasks on the SysMan Menu can be performed from an X11-capable display, a personal computer running Windows 95, Windows 98, or Window NT, or a character cell terminal.
The SysMan Station provides a graphical representation of
the system and enables system management from a personal computer.
For more
information, see the
sms(8)
reference page.
The
sysman
command provides command-line
access to system management data for scripting.
The
sysman -cli
command enables you to view, add, modify, and delete data.
You
can perform all the system management tasks available on the SysMan Menu from
the command line using the
sysman -cli
command.
For more
information see the
sysman_cli(8)
reference page.
The Configuration Description File (CDF) file is an extension
of the install CDF file.
It enables you to save certain SysMan configuration
information from a previously configured system and replicate that configuration
information across one or more systems.
The configuration information is saved
to a text-based CDF file.
You can edit the CDF file and change any value;
however, certain host-specific attributes must be edited to retain a unique
network identity for the cloned systems.
This feature is available by running
the
sysman -clone
command.
For more information, see the
System Setup checklist online help, the
Installation Guide -- Advanced Topics, and the
sysman_clone(8)
reference page.
For more information on system management applications, see
the
sysman(8)
reference page, the online help for the specific application,
and the
System Administration
guide.
8.3.4 New and Changed SysMan Configuration Applications
This version of Tru64 UNIX provides several new configuration applications and many enhancements to existing system management applications. The following list provides a brief overview of the new applications and the changes to the existing ones. For more information on these applications, see the online help for the application and the Network Administration and System Administration guides.
Quick Setup
The recommended method for performing an initial system configuration after a full installation is to use the new Quick Setup application. Quick Setup is a wizard-like application that guides you through the essential and most commonly performed configuration steps. It provides a fast, user-friendly way to set up your system with the basic system configuration. The resulting system can be used as is or you can augment it with settings accessible in the full-featured configuration applications.
After a full install, the Quick Setup application is available from the System Setup application that is displayed the first time you log in as root. On a graphics-capable system, click on the Quick Setup icon on the System Setup checklist. On a character-cell system, first enter choice 5 (Begin system configuration) and then enter choice 1 (Quick Setup).
Division of Privileges (DoP)
Division of Privileges (DoP) functionality has been enhanced in this
release.
All privileged system management applications launched via the SysMan
Menu, the SysMan Station, the desktop's Application Manager, or the Custom
Setup checklist/menu use DoP.
The DoP user interface,
sysman dopconfig, enables administrators to grant users or groups access to execute
these privileged programs without knowing the root password.
The DoP command
line interface also allows users to execute a privileged program or modify
the privilege database.
For further information about DoP, see the
dop(8)
reference page, the
System Administration
guide, and the
dopconfig
online help.
Network Setup Wizard
The Network Setup Wizard leads you through the various applications
that you use to add a system to a network.
The wizard steps you through the
applications in a recommended order and provides information to help you determine
which applications are applicable to each situation.
This application replaces
the former network configuration applications,
netsetup
and
netconfig.
Each step in the Network Setup Wizard can
also be invoked as a standalone application off the SysMan Menu.
For more
information, see the
System Administration
guide and the Network Setup Wizard online
help.
Asynchronous Transfer Mode (ATM) configuration
This release provides a new SysMan application for configuring the ATM subsystem. This application supports configuring Classical IP over PVCs and IP Switching.
Point-to-Point Protocol (PPP) configuration
This release provides new PPP Option File and Authentication File configuration
applications.
The Option File configuration application offers a simplified
method of creating and deleting PPP option files and for selecting options
and their values.
The PPP Authentication File configuration allows you to
add, delete, or modify an entry in the
pap-secrets
or
chap-secrets
authentication files.
These applications eliminate
the need to manually create or modify these files.
Network Time Protocol (NTP) configuration
The new NTP configuration application enables you to set up an NTP client
or peer (a local NTP server that can synchronize the time with another server
or be synchronized by it).
It also enables you to check the status of the
NTP daemon and to start, restart, and stop the daemon.
This application replaces
the former
ntpsetup
application.
Change to Domain Name Service (DNS) configuration
The DNS configuration application has a new interface which presents
you with a list of tasks relating to DNS/BIND.
This application replaces
the former
bindsetup
and
bindconfig
applications.
(Note that the Tru64 UNIX implementation of DNS is based
on BIND Version 8.1.)
Change to Network File System (NFS) configuration
The NFS configuration application has a new interface which presents
you with a list of tasks relating to NFS.
This application replaces the former
nfssetup
and
nfsconfig
applications.
Change to the
dxshutdown
application
The
dxshutdown
application now starts the new SysMan
Shutdown application.
The new user interface is similar to the original, which
is still available in the obsolete subset OSFOLDDECW500.
For more information,
see the
System Administration
guide and the
dxshutdown(8)
reference page.
The
bindsetup,
nfssetup,
ntpsetup, and
netsetup
scripts have been retired.
Replacement applications are available from the SysMan Menu.
The new
secconfig
utility replaces the retired
secsetup
utility.
You can access the new utility by choosing Security Configuration from the SysMan Menu or by selecting the Security icon from the SysMan Configuration menu.
The
secconfig
utility's new Enhanced Security options
provide the following features:
Shadow password mode
Custom mode, which enables you to enable login logging, establish defaults for site passwords, and password prompting options
You can also use the new utility to enable and disable ACL processing, which you can now do without rebuilding the kernel.
The
secconfig
utility is required for TruCluster
support.
The old
secsetup
utility resides in the Obsolete
Commands and Utilities subset.
Do not use it on a TruCluster member.
For more
information, see the
Security
guide.
The new
auditconfig
utility replaces the
old
audit_setup
utility.
You can access the new utility by choosing Audit Configuration from the SysMan Menu or by selecting the Audit icon from the SysMan Configuration menu.
Use the
auditconfig
utility to select the location
of the audit log files, the action to take if file system space is exhausted,
and to select which events to audit.
To simplify audit event selection, suggested events for different system types are grouped into categories (sometimes referred to as profiles). Choosing an event category enables auditing of all events and file accesses associated with the category. The Events within Categories option displays all events associated with a category, and allows you to tailor the category choices to your site.
The
auditconfig
utility is required for TruCluster
support.
The old
auditsetup
utility resides in the Obsolete
Commands and Utilities subset.
Do not use it on a TruCluster member.
For more
information, see the
Security
guide.
The enhancements to file systems and storage include the following:
Direct I/O for AdvFS provides direct disk access without cache management for database and other applications to increase I/O throughput.
AdvFS Smooth Synch.
Enhancements to the
vdump
command.
Public backup application programming interface for AdvFS.
Salvage (data recovery utility).
Increased scalability for AdvFS to support more users, faster access, more and larger files, and better handling of many small files.
New on-disk formats for AdvFS domains.
Enhancements to the Logical Storage Manager (LSM) include the following:
Dirty Region Logging (DRL) replaces Block Change Logging (BCL). DRL provides faster and more predictable failover.
RAID5 support.
Hot spare support (automatic recovery).
Usability improvements.
Increased limits.
Automatic configuration and load-balancing.
Root/swap encapsulation and mirroring on different disks.
8.4.1 File Systems Support for Increased Subdirectories and Links
This version introduces UFS Version 4, which simply supports 65533 hardlinks and continues to support existing UFS (now called Version 3). There is no on-disk structure change; however, there is an incompatibility problem when you use UFS Version 4 with earlier versions of the operating system. For more information, see the System Administration guide.
AdvFS, UFS, and VFS now support up to 65531 subdirectories. Previously they supported 32765 subdirectories. The maximum number of links to a file has been increased from 32767 to 65533.
AdvFS domains created under previous releases are called AdvFS Version
3 domains, while AdvFS domains created under Tru64 UNIX Version 5.0A
are AdvFS Version 4 domains.
An AdvFS Version 4 domain allows up to 65531
subdirectories and up to 65535 links to a file.
All AdvFS Version 3 domains,
even those created using the Tru64 UNIX Version 5.0, or higher,
mkfdmn -V3
command, will support, at most, 32765 subdirectories
and 32767 links to a file.
Because AdvFS Version 3 domains cannot have more than 32767 links, they can be moved back and forth between Tru64 UNIX Version 5.0, or higher, and earlier versions of the operating system. AdvFS Version 4 domains, however, will only work on Tru64 UNIX Version 5.0, or higher, systems.
Note that the
pathconf()
and
fpathconf()
system calls will return the maximum value for a particular pathname
with the _PC_LINK_MAX option.
For more information on AdvFS, see the
AdvFS Administration.
For more information
on UFS, see the
System Administration, and the
newfs(8)
and
fsck(8)
reference pages.
8.5 New Networking Features
Networking enhancements include the following:
ATM enhancements, including a new SysMan configuration
application.
You no longer need to configure Classical IP over PVCs and IP
Switching through the
/etc/atm.conf
file.
The
/etc/atm.conf
file is still supported for starting user-written
or third-party ATM components that are not supported by the ATM configuration
application.
The
atm.conf
file is now automatically invoked
when the system boots, immediately after the ATM configuration.
Support for RFCs 1901-1908 (SNMPv2C) in the Extensible SNMP Agent, subagent developer's tools, and SNMP-related commands.
Support for RFC 2257 (Agent Extensibility) in the Extensible SNMP Agent and subagent developer's tools.
Support for RFC 2089 (Mapping SNMPv2 to SNMPv1) in the bilingual extensible SNMP agent.
PPP has been updated to Version 2.3.1 and a new configuration application has been added.
Resource Reservation Protocol (RSVP) (RFC 1633) has been added for Ethernet and FDDI, which provides QoS for realtime traffic.
The Domain Name Service (DNS) has been upgraded from BIND Version 4.9.3 to Version 8.1.1, including dynamic updates to DNS.
New TCP/IP features, including Path MTU over UDP and enhanced rlogin and telnet scaling.
XTI XPG4 now supports Orderly Release.
The XTI XPG4 service
type has been changed from
T_COTS
to
T_COTS_ORD.
Orderly Release includes support for the
t_sndrel
and
t_rcvrel
library routines.
In previous releases you
needed to use XPG3 to get Orderly Release support.
8.6 DAPBA and DAPCA ATM Adapter Support
This release of Tru64 UNIX contains support for the following three new ATM adapters:
3X-DAPBA-FA - 155 Mbps ATM adapter (fiber)
3X-DAPBA-UA - 155 Mbps ATM adapter (UTP)
3X-DAPCA-FA - 622 Mbps ATM Adapter (fiber)
These adapters are all 64-bit PCI cards.
See the
lfa(7)
reference page for more information on the adapter and the
sys_attrs_lfa(5)
reference page for more information on the driver configuration options.
Not all platforms support these adapters.
See the
Server
Options Catalog
for the number and type of each adapter supported
on your platform and for any configuration rules that apply.
8.7 Advanced Server for UNIX
The integration of the Advanced Server for UNIX with the Tru64 UNIX operating system has been enhanced to provide for Single Task Management capabilities for UNIX and Windows/NT systems. The UNIX administrator can use UNIX or Windows NT administration tools to configure resources for PC users, such as the following:
Adding a user
File sharing
Printer sharing
Password synchronization for Windows, NIS, and UNIX domains
8.8 Enhanced TruCluster Support
Several features included in this version of Tru64 UNIX provide support for future TruClusters products, in addition to providing other functionality. These features include the following:
New device naming
Modifications to the file system layout
Expanded process IDs (PIDs)
Context-dependent symbolic links (CDSLs)
For more information on new device names and CDSLs, see the
System Administration
guide.
8.9 Documentation
The Tru64 UNIX documentation set has been updated to make it more comprehensive and easier to use. Some of the major improvements are:
To address the needs of different users, the Installation Guide has been divided into two volumes. The Installation Guide has been reduced in scope to make it easier for the novice user. The new Installation Guide -- Advanced Topics guide provides expert installers with the information required to do custom installations.
The System Administration guide has been updated to make it more task-oriented.
The following manuals have been added to the documentation set:
AdvFS Administration - This manual describes the Advanced File System (AdvFS) and the AdvFS Utilities. It provides detailed information on features and functions, and it gives suggestions on how to use these functions. Procedures for working at the command line and with the AdvFS graphical user interface are described.
Writing Kernel Modules - This manual provides information for device driver developers who will benefit from having an intermediate layer of code between the driver software and physical devices. It will also benefit third-party developers who want to augment the kernel with modules tailored to their particular environment.
System Configuration Supplement: OEM Platforms - This manual provides information on installing and configuring the VME and DMCC single system computers.
The online help has been updated to make it more complete and robust.
The complete set of base operating system reference pages is now included in HTML form on the Documentation CD-ROM, with access through the standard HTML Documentation Library. The reference pages are indexed both alphabetically and by section. Reference pages for layered products are not included on the Documentation CD-ROM; if they are installed, those reference pages can be viewed with the man command, the xman command, or the webman viewer. With the addition of the HTML reference pages, the webman viewer has been changed so that it displays only reference pages that are actually installed on the system. The redundant set of compressed reference pages has been removed from the Documentation CD-ROM.
The following sections provide brief descriptions of additional changes
included in Tru64 UNIX Version 5.0.
8.10.1 Changes to Device Naming
This release provides full support for FibreChannel, SCSI-3, and wide SCSI devices. The implementation of this support required a major change to the Tru64 UNIX device naming scheme. This version of Tru64 UNIX implements this change for all disk and tape devices.
For example, prior to Version 5.0, disks were named as follow:
/dev/rz2X
/dev/rz3X
/dev/rz4X
This naming had encoded within it the bus and Logical Unit Number (LUN)
of the SCSI disk.
For example, disk 0 on bus 0 was
rz0.
Disk 0 in bus 1 was
RZ8, and so on.
As a result Tru64 UNIX
was limited to supporting no more than eight devices per bus, because the
name for any additional devices would collide with other devices.
Wide SCSI supports up to 16 devices per bus; within FibreChannel the number is in the thousands. FibreChannel also allows the LUNs to change dynamically, which the old device naming scheme could not support.
Therefore, in Version 5.0 disk names have the following format:
/dev/disk/dsknx
Tape drives have the following format:
/dev/tape/tapen_dx
(For more information on the formats, see the System Administration guide.)
The new device name will use the world-wide identifier (WWID) of the disk. A disk's WWID is set by the manufacturer for devices that support it and is unique. Therefore, no two disks can have the same WWID.
Using the WWID to identify a disk has two implications:
Once a disk is recognized by the operating system, the disk's
/dev/disk/dskX
name will stay the same,
even if its SCSI address changes.
Tru64 UNIX can support multipathing to a disk where the disk is accessible through different SCSI controllers. Therefore, within a Tru64 UNIX Version 5.0 cluster environment, as disks are moved from one node to another node, the disk names and how they are accessed remains the same.
Tapes devices will reside under the
/dev/tape
directory; no-rewind tape devices will reside under the
/dev/ntape
directory.
This version of Tru64 UNIX supports the existing device
names as a compatibility option, but the same device cannot be accessed through
both the old and new name at the same time.
The following utilities have been added to enhance the support for device naming and hardware management:
The Device Special File Manager (dsfmgr)
for managing device special file names.
The Hardware Manager (hwmgr) to assist
in device management.
This utility replaces the
scsimgr
utility.
8.10.2 Changes to Data Structures to Support Larger File Systems and Storage
Prior to Version 5.0, there were restrictions on the support of
files and file systems that exceeded 1.2 TB.
This was due to the use of 32
bit fields within the
stat
and
statfs
structures.
In this release, the following structures have been modified:
The
struct stat
in
/usr/include/sys/stat.h
The
struct statfs
in
/usr/include/sys/mount.h
The changes to the
stat
and
statfs
structures are to support multiterabyte file systems.
This enhancement is
implemented in a way that allows current programs to continue to run without
error.
The
stat
and
statfs
changes are
the default for programs and objects that are rebuilt on Version 5.0.
The
new definitions may only cause problems for applications that pass the structures
as part of their API, and then only if the API and the caller were compiled
on different versions of the operating system.
Any use of
stat
or
statfs
within
an application or library will continue to work without error regardless of
any change in the current defaults.
However, if the application accepts
stat
or
statfs
structures as input to routines
in their API, or returns these structures from routines in their API, a problem
could occur, if the API and the code using the API were compiled on different
versions of the operating system.
If all the sources are compiled on systems
running Tru64 UNIX Version 5.0, or higher, no problems will occur.
Also
if your API links with libraries and object files created on previous versions
of the operating system, you can use the
-D_V40_OBJ_COMPAT
compiler flag to create object files that are compatible.
Applications and libraries that are built on Version 5.0 will not run
on prior versions of the operating system.
8.10.3 Swap Device List and /sbin/swapdefault Moved to /etc/sysconfigtab
The list of swap devices has moved from the
/etc/fstab
file to the
/etc/sysconfigtab
file.
The use of
/sbin/swapdefault
to indicate the swap allocation modes has been
moved to the
/etc/sysconfigtab
file.
The swap devices and swap allocation mode are automatically placed in
the
/etc/sysconfigtab
file during installation.
For more information, see the
System Administration
guide.
8.10.4 Hot Swap Support
The kernel now supports hot-swap I/O devices. This functionality provides the capability to automatically fault-in a device driver when an I/O device is hot-plugged in.
When the hardware code detects a new device is hot-plugged in and determines
that the device driver is not present in the kernel, it can make a single
kernel function call (for example
cfg_configure) to automatically
load the device's driver into the kernel.
Additionally, hot-swap provides
the flexibility of not having to prebuild a kernel subsystem or driver into
the kernel but to dynamically fault it in at the first access of the device.
8.10.5 Kernel Attribute Changes
All kernel
attribute names now use underscores.
They no longer contain dashes.
Old
kernel attribute names using dashes are hidden; they are no longer automatically
shown in the output of a query operation.
Although existing tools and programs
using the old attribute names still work in this release, the
old names with dashes will be retired in a future release.
For more information
on kernel attributes, see the
sys_attrs(5)
reference page.
8.10.6 Kernel Tuning Attribute Changes
The default values
for the
maxusers
and
vm_page_free_target
kernel tuning attributes
have been modified to improve performance on larger systems.
The default values
set for these attributes depend on the amount of memory in the system.
For
more information, see the
System Configuration and Tuning
guide.
You can override the default values for the
maxusers
and
vm_page_free_target
attributes by setting the values
in the
/etc/sysconfigtab
file.
Note also that the
vm-mapentries,
vm-vpagemax,
vm-maxvas,
vm-maxwire,
vm-heappercent,
vm-zone_size, and
vm-vpagemax
attributes have been removed.
The
vm-mapentries
and
vm-vpagemax
attributes are now set internally to their
maximum values.
The
vm-maxvas
attribute is replaced by
the
max_per_proc_address_space
attribure in the
proc
subsystem.
The
vm_ubcseqstartpercent
attribute is now defined
to be a percentage of
ubc_maxpercent
instead of available
memory.
This allows the system to automatically adjust the sequential drain
threshold when the
ubc_maxpercent
attribute is modified.
If both the
ubc_maxpercent
and
vm_ubcseqstartpercent
attributes are specified in the
/etc/sysconfigtab
file, examine and adjust the
vm_ubcseqstartpercent
attribute
according to the new specification.
For example, if prior to installing Version
5.0 the
ubc_maxpercent
attribute is set to 40 and the
vm_ubcseqstartpercent
attribute is set to 20, the attributes must
be set as follows to achieve the same results:
vm:
ubc_maxpercent = 40
vm_ubcseqstartpercent = 50
This section
provides information on additional new features to the system management environment.
8.10.7.1 Enhanced Hardware Management
This
release includes Enhanced Hardware Management which provides a single method
for managing hardware on a Tru64 UNIX system.
See the
System Administration
guide
for more information.
8.10.7.2 Insight Manager Integrated with sys_check
The
sys_check
tool
has been integrated with Insight Manager.
An entry in the
/var/spool/cron/crontabs/root
file that runs
sys_check
once a week at 3:00
a.m.
every Sunday morning and makes its output available to the Insight
Manager home page.
This entry is commented out by default.
You can make
sys_check
data available to Insight
Manager by running
sys_check
automatically as a
cron
job or by running it from the SysMan Menu.
In the
SysMan Menu, it is listed as Create a configuration report under Support and
Services.
If you want to run
sys_check
automatically as part
of your regular system operations, remove the comment character from in front
of the
runsyscheck
entry in the
/var/spool/cron/crontabs/root
file.
You can edit the entry to run at a time that is convenient
for your operations.
For more information, see the
System Administration
guide and the
sys_check(8)
reference page.
8.10.7.3 New /etc/rc.config.common File
Every system has a system-specific configuration file
(/etc/rc.config) and a cluster-wide configuration file
(/etc/rc.config.common).
Both files can contain run-time
configuration variables on a standalone system.
All cluster members in a cluster share the
/etc/rc.config.common
file.
You can also create and use an
/etc/rc.config.site
file on multiple system for site-specific purposes.
The hierarchy of the configuration files allows an administrator to define configuration variables consistently over all systems within a LAN and within a cluster. Variables that are the same for all machines on the LAN can be defined in the site-wide file. Variables that are not defined for the site but are the same for each cluster member can be defined in the cluster-wide file. Finally, machine-specific variables can be defined in the system-specific file on each system.
The
rcmgr
command accesses these variables in
a standard search order.
The command first reads the
/etc/rc.config
file, then the
/etc/rc.config.common
file, and
then the
/etc/rc.config.site
file, if it exists.
You must
manually edit the
/etc/rc.config
to pull in the
/etc/rc.config.site.
In Tru64 UNIX Version 5.0, some run-time configuration variables that
were previously stored in the
/etc/rc.config
file have
been placed in the
/etc/rc.config.common
file.
You can use the
rcmgr
command to locate, retrieve, and
set run-time configuration variables, whether they reside in the
/etc/rc.config,
/etc/rc.config.common, or
/etc/rc.config.site
file.
For more information, see the
rcmgr(8)
reference page.
8.10.7.4 Mail Enhancements
The
sendmail
program has been updated to
sendmail
Version 8.
This version of
sendmail
provides
enhanced functionality, including:
The ability to create, modify, and display
dbm
files
The ability to use
sendmail
Version 8 without
reconfiguring the system
This release also provides the ability to connect to a POP3 server from
a base UNIX client, namely MH (Rand Mail Handler).
The implementation of POP3
provided with Tru64 UNIX is supplied by the MH suite of programs.
This implementation
also includes a POP3 client.
8.10.7.5 Enhancement to the shutdown Command
The
shutdown
command has been enhanced with
a new option,
-s, that enables you to specify that the
system should execute the run-level transition scripts before
reboot or halt operations.
This option can be used with the
-r
or
-h
options.
8.10.7.6 Change in root crontab Behavior
The
root crontab
file
(/usr/var/spool/cron/crontabs/root) contains three entries
that clean up system log files once a week at 2:00 AM every Sunday:
The
/var/adm/wtmp
file that tracks user
logins
The
/var/adm/messages
file that tracks
system boot and kernel error messages (including device probe results) that
are not captured in the
/var/adm/binary.errlog
file
The
/var/adm/cron/log
file that tracks
the activity of the cron daemon
One compressed backup file of each log file is retained until the next week as part of this process.
If you do not want the
cron
daemon to perform this
cleanup or want to preserve your log files for a longer period of time, you
can either change the frequency of the cleanup or remove (or comment out)
the applicable entries in the
root crontab
file.
For more information, see the
crontab(1)
reference page.
8.10.7.7 NetRAIN Interface Configuration
The method for configuring a Redundant Array of Independent Network Adapters (NetRAIN) interface has changed in this release of Tru64 UNIX. If you are upgrading to Version 5.0 and you configured a NetRAIN set in an earlier version of the operating system, you will need to migrate your set to the new configuration.
Remove the current NetRAIN configuration lines from the
inet.local
file or
rc.config
file on your system, then
follow the instructions in the NetRAIN section of the
Network Administration
guide
to configure an interface.
8.10.8 AdvFS File System
The following sections describe new features
for the AdvFS file system.
8.10.8.1 Fileset Creation with var Area in /usr
Selecting
the "in /usr" option for the
var
area now creates both
a
usr
fileset and a
var
fileset within
the
usr
domain when AdvFS is selected for the
usr
file system.
Previously, this option created a single
usr
fileset within the
usr
domain that contained
both
usr
and
var
information.
This change affects users who back up AdvFS filesets with the
vdump
command.
Previously, if your system was configured with
var
in the
usr
fileset, you needed only to back
up the
usr
fileset.
Now that this option creates a separate
fileset for the
var
area, you must issue an additional
vdump
command against the
var
fileset or the
information in the
var
fileset will not be backed up.
8.10.8.2 New On-Disk Format for AdvFS Domains
This release provides an improved AdvFS on-disk file system structure that obviates many of the problems with AdvFS file systems that have a large number of files. File domains created using Tru64 UNIX Version 5.0 will use the new on-disk format and will take advantage of its benefits.
File domains that were created using versions of Tru64 UNIX prior to Version 5.0 are recognized by later versions. However, domains created earlier do not support Version 5.0 enhancements. Filesets that are created in these domains, even after an operating system upgrade to Version 5.0, retain the characteristics of the older operating system. File domains created using Tru64 UNIX Version 5.0 are not recognizable by earlier versions of Tru64 UNIX and may not be used by them in any way.
For more information, see the
AdvFS Administration
guide.
8.10.8.3 New AdvFS System Attributes
The following system attributes have been added to AdvFS:
AdvfsMinFreeAccess
AdvfsMaxFreeAccessPercent
AdvfsDomainPanicLevel
The
AdvfsMinFreeAccess
and
AdvfsMaxFreeAccessPercent
attributes provide you with more control over the number of available
AdvFS access structures on your system.
Access structures are the in-memory
representation of an AdvFS file.
These attributes supersede the
AdvfsAccessCleanupPercent
attribute, which has been removed.
The
AdvfsDomainPanicLevel
attribute controls what
happens during an AdvFS domain panic.
By default, when an AdvFS domain panic
occurs, this attribute enables the system to create a crash dump without crashing
the system.
Additionally, the default value of the
AdvfsAccessMaxPercent
attribute has changed.
For more information, see the
AdvFS Administration
and
System Configuration and Tuning
guides and the
sys_attrs_advfs(5)
reference page.
8.10.8.4 Ehancement to the quotacheck Command
The
quotacheck -t ufs
option is
a new option for the
quotacheck
command.
You can use this
option in the
/sbin/init.d/quota
script to run the
quotacheck
command on only UFS file systems when quotas are enabled.
For more information, see the
quotacheck(8)
reference page.
8.10.8.5 QUOTACHECK_CONFIG Environment Variable
The
QUOTACHECK_CONFIG
environment
variable in the
/etc/rc.config
file is now available to
control the behavior of the
/sbin/init.d/quota
script.
System administrators can set the
QUOTACHECK_CONFIG
environment
variable to specify options they want to use when running the
quotacheck
script during system boot.
That is, you can instruct the
/sbin/init.d/quota
script to check both UFS and AdvFS file systems
by using the
QUOTACHECK_CONFIG
environment variable.
The default is to check the UFS file system only.
8.10.9 Logical Storage Manager Meta-Data Changes
This version of Tru64 UNIX has a new on-disk internal format for the Logical Storage Manager's (LSM) meta-data. When you boot this version of Tru64 UNIX, either during the installation process or for the first time, the LSM configuration databases for all existing LSM auto-imported diskgroups are automatically converted from the old format to the new format. Once a disk group is converted to the new format, it can not be used on earlier releases.
For LSM diskgroups that are not auto-imported (for example,
a disk group that was explicitly deported), the configuration database is
not automatically converted to the new format.
Later when the diskgroup is
imported with the
voldg
import command, the import will
fail and cannot be used unless the administrator explicitly converts the diskgroup
from the old format to the new format.
To facilitate the conversion, a new
LSM option to the
voldg import
command,
-convert_old, updates a diskgroup's on-disk format.
For more information, see the
Logical Storage Manager
manual.
8.10.10 Development Environment
The following sections provide information on
new and changed features for the Tru64 UNIX development environment.
8.10.10.1 New Features in Object-File and Symbol-Table Formats
New versions of the Tru64 UNIX object file format (Version 3.13) and symbol table format (Version 3.13) are supported in this release. These changes might impose new requirements on tools that use or modify object files.
The following list provides a brief description of the new features in Version 3.13 of the object file format:
Comment section extensions
Object and symbol table versioning
Abstract types for cross development
Optimization symbol table entries
64-bit auxiliaries
New variant record representation
Procedures with no code
Static parameters
Unallocated parameters and locals
Uplevel links
AddressNil constant
Correct PDR addresses
Fortran array descriptor representation
For a full description of the new and changed features, see the supplementary
documentation
Tru64 UNIX Object File/Symbol Table Format Specification.
8.10.10.2 Time Zone Enhancements
Support for many
new time zones has been added in this release of Tru64 UNIX.
The new and
updated time zone files have been added under the
/etc/zoneinfo/directory.
The time zone data file format has also been expanded
to handle more complex transition rules.
(See the
tzfile(4)
reference page
for details).
The
zic
compiler,
zdump
command, and several time-related functions in the standard C library have
also been updated to support the expanded time zone data file format.
For more information, see the
Installation Guide.
8.10.10.3 New Graphical Program Analysis Tools (GPA)
The Graphical Program Analysis Tools (GPA) is a set of standalone tools available from the Developers' Toolkit, which is an optional part of the Tru64 UNIX operating system available on the Associated Products Volume 1 CD-ROM The following new tools have been added:
The Memory Profiler enables you to obtain information about how a Tru64 UNIX application uses memory. The tool uses a graphical display to help you understand when your application is using memory inefficiently, such as through fragmented memory allocations. The tool focuses primarily on dynamic memory use.
The Multi-Process Viewer gathers performance information about processes running on multiple Tru64 UNIX systems and displays the information graphically while you work on another Tru64 UNIX system. You can also use it to monitor the child processes created by a process.
8.10.10.4 Visual Threads Tool for Threads Debugging
Visual Threads is a new tool available on the Tru64 UNIX Associated Products Volume 2 CD-ROM that lets you analyze your multithreaded applications for potential logic and performance problems. It is licensed as part of the Developer's Toolkit for Tru64 UNIX.
You can use Visual Threads with DECthreads applications that use POSIX threads (Pthreads) and with Java applications.
Visual Threads features include the following:
Detects violation conditions based on the application of particular rules in your application. Several predefined rules look for data protection errors, deadlock conditions, programming errors, and performance issues.
Lets you use templates to define your own rules to specify criteria for violation conditions.
Keeps track of the events associated with the violations.
Records events to a trace file so that you can play back and analyze them later.
Dynamically displays events as they occur, with controls for filtering.
Suspends execution of the application when it detects violation conditions. You can choose from several options at this point, including invoking the debugger in the appropriate context for your application.
Dynamically monitors multithreading objects (threads, mutexes, and so on) in real time.
Provides easy access to object-level statistics and current state information, including use of resources (for example, the mutexes a particular thread holds).
The
cc
compiler now supports the OpenMP application
program interface (API).
The OpenMP API supports multiplatform shared-memory
programming on UNIX platforms and Microsoft Windows NT architectures.
Jointly
defined by a group of major computer hardware and software vendors, OpenMP
is a portable, scalable model that gives shared-memory programmers a simple
and flexible interface for developing parallel applications for platforms
ranging from desktop to supercomputers.
The feature consists of a set of compile-time
#pragma
directives, a new header file (omp.h), a new runtime library
(libots3.so
and
.a), and new command
line options (-mp
and
-omp) that enable
the pragmas and link with the new runtime library (and other existing thread
libraries).
If you do not specify one of the command line options to enable
the directives the compiler ignores the directives (effectively treating them
as comments).
8.10.10.6 Profile-Based Optimization Support
This version of Tru64 UNIX
provides many compiler optimizations.
For many applications, optimizations
are more effective if the compiler and linker (om) have
an execution profile to guide the optimizations.
The compiler and linker can use a profile to guide optimizations. In previous releases different pixie profiles were used. In this release they can use the same pixie profile. For example:
>cc -non_shared -O3 -feedback a.out *.c>pixie -update a.out>cc -non_shared -O3 -feedback a.out -om *.c
These commands build the application, profile it, and rebuild it using the profile information.
The old feedback behavior is still supported, including the old semantics
for the
-feedback
switch and the
-om_ireorg_feedback
option.
For more information, see the
Programmer's Guide
and the
prof_intro(1),
cc(1),
pixie(1),
and
prof(1)
reference pages.
8.10.10.7 Integrated Profiling Commands
The
hiprof,
pixie,
third, and
uprofile
commands now provide complete profiling capabilities in single commands that
perform all necessary instrumentation, execution, and display as selected
by their command line options.
The new
prof_intro(1)
reference page guides
programmers to the most suitable tools for various tasks, such as optimizing
or debugging an application.
All profilers can now profile applications that use any combination
of signal handlers, and
fork
and
pthread
routines.
All profilers have enhanced consistency and capabilities.
For more
information, see the
Programmer's Guide,
Programmer's Guide
and the
hiprof(1),
pixie(1),
prof(1),
third(1),
uprofile(1), and
pfm(7)
reference pages.
8.10.10.8 Extensions to atom Command's Programmable Interfaces
The
atom
command's
IsInstType(5),
GetProcInfo(5),
and
GetInstInfo(5)
routines have new options to let tool-writers detect nonoperational
(NOP) instructions and interprocedural branches.
Atom can also now instrument executables that have been optimized with
the
-om
flag of the
cc(1)
command.
8.10.10.9 Change to Profiling of Threaded Programs with hiprof
The
-cputime
option of the
hiprof(5)
profiler now provides an instruction-count
profile for threaded programs, the same as the
-calltime
option.
This is due to the fact that the cpu cycles reported for kernel-threads
by the RPCC instruction cannot be mapped to
pthread(3)
threads.
The only significant difference is that the profile is displayed as
the number of instructions executed instead of cpu seconds used.
The
-cputime
option still profiles cpu seconds for nonthreaded programs.
The new
-samples
option provides a profile in terms
of cpu seconds for both threaded and nonthreaded programs.
Therefore, you
might prefer to use this option instead of the
-cputime
option.
The new behavior is the default for the new
hiprof(1)
command.
8.10.10.10 SIGFPE Signal Code Usage Changes
In
previous releases,
SIGFPE FAULT
codes were incorrectly
used instead of the correct
SIGFPE TRAP
codes.
A
FAULT
implies that the precise PC is known and
that the operation can be fixed and re-executed.
When the exception is imprecise
and the instruction cannot be restarted, use a
TRAP
code.
The system software has been fixed to use
TRAP
codes
properly.
If you prefer the old behavior, you can use the configurable variable
use_faulty_fpe_traps
to restore the system to the old behavior,
as follows:
#sysconfig -r generic use_faulty_fpe_traps=1
If you have
existing executables that cannot handle the proper
TRAP
codes you may want to restore the old behavior of always using
FAULT
codes.
Both before and after the fix, you can distinguish the true
TRAP
and
FAULT
codes by comparing the
sc_pc
and the
sc_trap_pc
fields of the signal
context block.
With a true
FAULT, the
sc_pc
field contains the trigger PC of the faulting instruction.
With a true
TRAP, the
sc_pc
field contains the
trap PC where the exception was realized (and so it will be the same as the
sc_fp_trap_pc
field).
See the
ieee(3)
reference page for
details.
To continue from a
FAULT
(with the default IEEE result
for the exceptional operation), a signal handler might look similar to the
following:
void fpe_handler(int sig, int code, struct sigcontext *scp)
{
.
.
.
if (scp->sc_pc != scp->sc_fp_trap_pc)
scp->sc_pc += 4;
.
.
.
}
If it is a true
FAULT, incrementing
the
sc_pc
value by 4 is necessary to advance the PC beyond
the exceptional instruction.
(Alternatively, the handler could correct the
exceptional condition and allow the faulting instruction to re-execute).
8.10.10.11 Double Long Type is Now 128 Bits
The default size of the C language long double type has changed
from 64 bits to 128 bits.
This allows applications to perform mathematical
calculations on larger numbers and with more precision than was possible with
the previous long double type.
The previous long double was the same size
as the double type.
8.10.10.12 64-bit Time-Handling Interfaces
A conditional
set of time-related data types and interfaces has been added to support basic
handling of times beyond the limits imposed by the current 32-bit
time_t
data type (Dec 13 20:45:52 GMT 1901 through Jan 19 03:14:07
GMT 2038).
To support customers needing access to times beyond this range, a separate
64-bit data type,
time64_t, has been added along with several
corresponding interfaces.
This data type and all corresponding interfaces
are Compaq extensions and are accessed by defining the
_TIME64_T
feature macro during compilation.
The supporting interfaces
are as follows:
ctime64(),
ctime64_r(),
difftime64(),
gettimeofday64(),
gmtime64(),
gmtime64_r(),
localtime64(),
localtime64_r(),
mktime64(),
settimeofday64(), and
time64().
A separate
timeval64 struct
that contains a larger
time64_t
seconds field and is used by the
gettimeofday64()
and
settimeofday64()
functions is also provided.
Macros to assist developers converting between
time_t
and
time64_t
data types as well as
timeval
and
timeval64
are also provided.
These macros are:
TIMET32TO64(),
TIMET64TO32(),
TIMEVAL32TO64(), and
TIMEVAL64TO32().
While the
getdate(),
strptime(),
and
strftime()
functions do not contain
time_t
in their external interfaces, they use the broken down
tm struct, which can refer to times beyond the specified 32-bit
time_t
range.
These modules have been rebuilt to support the larger
range of times.
For more information, see the reference pages that correspond to the
specific function.
Also see the
time(3)
reference page for information on
the
time64_t
data type, the
_TIME64_T
feature macro, and
TIMET32TO64()
and
TIMET64TO32()
conversion macros.
For more information, see the
gettimeofday(2)
reference page.
It contains information about the
timeval64 struct
and the
TIMEVAL32TO64()
and
TIMEVAL64TO32()
conversion macros.
8.10.10.13 DECthreads Process-Shared Synchronization Objects
You can now use DECthreads to create process-shared synchronization objects which protect data objects that are shared among threads running in different processes. Process-shared synchronization objects can be mutexes, condition variables, and read-write locks. This feature might facilitate the porting of some multithreaded applications to Tru64 UNIX.
The following routines support process-sychronization objects. For more information about using process-shared synchronization objects, see the Guide to DECthreads and the following reference pages:
8.10.10.14 DECthreads Debug Assistant Library
Since the release of DIGITAL UNIX Version 4.0, the
Ladebug and TotalView debuggers have been able to determine the state of threads
in a threaded process by using the DECthreads Debug Assistant Library.
The
header file for this library,
pthread_debug.h, is currently
available on the Tru64 UNIX kit.
It provides the DECthreads debugging interface
and the sole documentation regarding the interface.
The
libpthreaddebug
library implements this interface.
The Debug Assistant Library is intended only for use by a debugger.
Because it must suspend the target process, it is not intended for use by
the process being debugged.
8.10.10.15 DECthreads Read-Write Locks
DECthreads support for read-write locks was added to Tru64 UNIX Version 4.0F. The following two new DECthreads read-write lock routines have been added in this release:
pthread_rwlockattr_getpshared()
pthread_rwlockattr_getpshared()
8.10.10.16 DECthreads Thread Stack and Backing Store Allocation
DECthreads now defines a writable
stack area for each thread, based on the stack size you specify using
pthread_attr_setstacksize()
routine or, if you accept the default,
some maximum based on uncommitted virtual memory at the time the thread is
created.
However, the writable stack area is made available to the thread,
and the corresponding backing store is reserved, only in predefined increments
as it is needed.
In this way, no more backing store is reserved than the
stack actually requires.
8.10.10.17 DECthreads Thread Stack Overflow Warning Area
DECthreads now configures a thread's stack area with an overflow warning area as well as a guard area. The stack overflow warning area is allocated at the overflow end of the thread's defined writable stack area and before the guard area. If the thread attempts to write in the warning area, a stack overflow exception occurs. Your program can catch this exception and continue processing as long as the thread does not attempt to write in the guard area. If the thread attempts to write in the guard area, a memory addressing violation occurs.
DECthreads configures a thread with no guard area or warning area if either of the following is true:
You specify the size of the thread's guard area as zero (0)
using the
pthread_attr_setguardsize()
routine.
You create the thread using a thread attributes object whose
stackaddr
attribute is set using the
pthread_attr_setstackaddr()
routine.
The size of the stack overflow warning area is platform dependent.
For Tru64 UNIXVersion 5.0, and higher, the warning area is
two pages (16384 bytes).
8.10.10.18 The malloc Function Is Now Tunable
The
C runtime library
malloc(3)
function and associated functions have been modified
to allow significantly better concurrency when used by multithreaded applications.
Additionally, the following three new memory allocator tuning variables have
been added to allow more control of allocator behavior:
__delayed_free
__first_fit
__max_cache
As always when developing applications that make significant use of
dynamically allocated memory and require maximum speed of execution,
carefully read the Tuning Memory Allocation section of the
malloc(3)
reference page.
8.10.11 Commands and Utilities
The following sections provide information
on changes to commands and utilities.
8.10.11.1 DXMtools
In this release, a
graphical interface has been added to the
mtools
(dxmtools) utilities.
The
mtools
utilities allow
you to manipulate DOS files on a floppy diskette.
You can access the
dxmtools
utilities from the Desktop_Apps menu in the Application
Manager.
8.10.11.2 Improvements to the Program Stack
The
default stack (program stack, used by the primary thread) allocation method
has been changed to provide guard pages and to prevent arbitrary
mmap()from interfering with the stack area.
The current stack limit is used to allocate the stack when a new program is executed. Thus, if the stack limit has been increased, the new limit will decrease the amount of virtual address space available for other purposes. Also, increasing the stack limit without increasing the address space, may result in a failure to execute the program, in which case a failure message similar to the following is displayed:
"csh: exec failed to allocate default stack (6)"
If this occurs, lower the stack limit or increase the address space limit. See the reference pages for the appropriate shell for information on how to change the limits.
If the stack limit has been increased, the FreePort Express application
might not run a SunOS SPARC executable file.
The reason is that
fpx
tries to load the SPARC text at a low address, which is now
occupied by the large stack.
If this occurs, lower the stack limit and rerun
the command.
8.10.11.3 Changes to the iostat Disk Statistics Fields
The
bps
and
tps
disk statistics fields have been widened (increased the size
of the number that can be displayed) to allow for the higher numbers encountered
with modern disk drives.
Formerly, the
bps
and
tp
columns could merge together causing confusion about the information
displayed.
To allow for the wider fields and still keep the line length less
than 80 columns, the default number of disks displayed was reduced from four
to two.
8.10.11.4 Changes to ACL-Related Features
This release provides several enhancements to access control list (ACL) features, including the following:
The
typedef acl_id
declaration in the/usr/include/sys/acl.h
file has been changed to
acl_id_type.
The
acle_t
structure contained a member named
acl_id
with the type
acl_id.
In some cases, this
caused compilation errors.
Changing this member to
acl_id_type
resolves this problem.
When default ACLs are inherited, the POSIX specification requires
that the ACL being inherited as an access ACL should not be modified by the
current
umask.
Previously the three base entries of inherited
access ACLs (the user, group, and other permission bits) were being ANDed
with the
umask
command of the current process prior to
being set.
The
setacl
command now works properly with
user and group names that start with digits.
When the user or group name
entered is all digits, the
setacl
command searches for
a completely numeric user or group name matching the digits first.
If there
is no such user or group name, the command considers the digits to be a UID
or GID.
The
acl_get_file
and
acl_get_fd
routines have been modified to return NULL if a default ACL is
requested and no default ACL exists.
Previously they would return the current
permission bits in ACL form.
The
getacl
and
setacl
routines have been modified as follows:
An informational message is displayed if ACL processing is not enabled.
Attempting to set a default ACL on a file causes an error.
No ACL is displayed if there is no default ACL on the given
directory.
Previously the
getacl
command would display
the current permission bits in ACL form.
The notes in this section provide information on enhancements to security
features.
8.10.12.1 Login Success and Failure Logging is Optional
In the Tru64 UNIX Enhanced Security mode, in accordance
with strict C2 security rules, the time of each successful or unsuccessful
login attempt is recorded in the authentication database,
auth.db.
This time value is the source of the last successful and unsuccessful
login messages.
The time value also provides Enhanced Security with the means
to perform break-in detection and evasion for unsuccessful login attempts.
A potential side effect of logging each successful login is frequent write
activity and therefore NIS slave updates.
To allow more flexibility in Enhanced Security configuration, this version introduces selectable login logging options for the Enhanced Security model. You can now disable the logging of successful logins, unsuccessful logins, or both.
When unsuccessful login logging is disabled, break-in detection and
evasion are not possible.
When successful login logging is disabled, the source
of the last login time is the local machine-specific
utmp
database rather than the authentication database.
In a TruCluster environment,
this means that a successful login to an account on one member is not recognized
by another member, since the
utmp
database is member-specific.
To alter the logging options, use the new
secconfig
utility (available from the SysMan Security option).
Under the Enhanced Security
Custom option, select the Login Logging Option you want to use.
In an environment where successful logins are more frequent than unsuccessful login attempts, disabling successful login logging while enabling unsuccessful login logging will provide break-in detection and evasion while still potentially reducing write activity and NIS slave updates.
For more information, see the
Security
guide.
8.10.12.2 Enabling and Disabling ACLs
The way you enable and disable Access Control Lists (ACLs) has changed.
In previous versions of the operating system it was necessary to edit
the configuration file, rebuild the system image, and reboot to enable or
disable the use of ACLs.
Now, you can enable and disable ACL processing using
the Enable ACL button of the
secconfig
utility.
Alternatively, you can enable and disable ACL processing using the
sysconfig -r sec acl_mode=enable
command or it can be done automatically
at system startup by adding the
acl_mode
entry to your
sysconfig
file.
For more information, see the
Security
guide.
8.10.12.3 ACL Management Utility
This
version of Tru64 UNIX provides a new ACL management utility,
dxsetacl.
This utility is available from the Daily Administration menu or
from the
/usr/bin/X11/dxsetacl
file.
This utility allows
an appropriately privileged user to create, change, and delete ACLs.
It also
provides the ability to browse files and display existing ACLs.
For more information,
see the
Security
guide.
8.10.12.4 Shadow Password Support
This version of Tru64 UNIX has been modified to allow a more gradual transition from Base Security to the more strict Enhanced Security levels.
This release introduces the Shadow Passwords Only option.
Enabling Shadow
Passwords Only from the
secconfig
utility results in the
same underlying security configuration changes required for eventual use of
full Enhanced Security.
However, this mode functions as if Base Security is
still being used with the exception that account passwords are no longer found
in the
/etc/passwd
file.
You can enable the additional Enhanced security features at any time
using the
secconfig,
dxaccounts, or
the
edauth
utility.
8.10.12.5 Netscape Communicator
This release contains the latest version of Netscape Communicator, Version 4.51. For information on new features included in Netscape Communicator 4.51, see the release notes at the following URL:
http://home.netscape.com/eng/mozilla/4.5/relnotes/unix-4.51.html
You can also visit the Netscape Communicator New Features Tour at the following URL:
http://home.netscape.com/communicator/v4.5/tour/index.html
You can also download the latest version of Netscape Communicator for Tru64 UNIX from the Netscape NetCenter's Download World Wide Web site at the following URL:
http://home.netscape.com/download/index.html#clients
8.10.13 Window Systems Software
The following sections
provide information on new and changed features for the window system software.
8.10.13.1 X Environment
The X environment has been updated to X11R6.3. This version includes the following new extensions:
Remote Execution Plugin for Netscape
Security extension
X print server
Application group extension
Low Bandwidth X
Additionally, the X keyboard extension (xkb) has
been updated to the Version 1.0 release rather than the prerelease version
of Version 0.65 found in DIGITAL UNIX Version 4.0.
The PanoramiX extension
has also been moved from Advanced Development Kit (ADK) status to being a
fully supported extension in this release.
8.10.13.2 Enabling Microsoft Windows Keys
The
operating system now supports Microsoft Menu and Right and Left Windows keys.
If you are using a PC keyboard, you can enable this feature.
For more information,
see the
X Window System Administrator's Guide.
8.10.13.3 CDE Setup
CDE Setup enables you to set up, customize, and configure your preferences for the Common Desktop Environment (CDE) including the following:
Customize the CDE front panel
Configure a system as a stand-alone system
Change default key and button settings
Configure terminal emulator resources
Manage the login behavior of a session
Configure system services
You perform these customizations from a graphical interface; they do
not require you to edit CDE and X configuration files directly.
For more
information, see the CDE Setup online help.
8.10.13.4 CDE Window List
The CDE window manager
(dtwm) has been enhanced to provide navigation aids that
enable you easily locate and access any open application.
With multiple workspaces
and many open windows on each workspace, it is sometimes time-consuming to
search for a particular window.
The CDE window manager now includes a function
that displays a list of all currently active window applications.
For more
information, see the CDE Window List online help.
8.10.13.5 X Server Command Line Option to Get Old Vendor String
The X server has
been enhanced with a new command line option,
-ov, to allow
applications to obtain the X server vendor string in its old format.
Beginning with this release the X server, by default, returns a vendor
string of "Compaq Computer Corporation Tru64 UNIX V5.0".
However, to allow for
migration of applications that may have a dependency on the old vendor and
product name, the
-ov
command line option has been added
to the X server.
Using this command line option causes the X server to return
a vendor string of "DECWINDOWS Digital Equipment Corporation Digital UNIX
V5.0".
To make use of this new option, do the following:
Edit the
/usr/var/X11/Xserver.conf
file.
Locate the line containing the
-pn
option
at the bottom of the file and add
-ov
after the
-pn.
You also need to stop and restart the X server using the
/sbin/init.d/xlogin
command for this change to take effect.
Please note that this command line option is only intended for short term usage while applications are modified to accept the new vendor string. This command line option will be removed in a future version of Tru64 UNIX.