1 .\" Copyright (c) 1980, 1986, 1988, 1993
2 .\" The Regents of the University of California. All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
12 .\" 3. All advertising materials mentioning features or use of this software
13 .\" must display the following acknowledgement:
14 .\" This product includes software developed by the University of
15 .\" California, Berkeley and its contributors.
16 .\" 4. Neither the name of the University nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
20 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 .\" @(#)3.t 8.1 (Berkeley) 7/27/93
36 .ds RH "Upgrading a \*(Ps System
38 .Sh 1 "Upgrading a \*(Ps system"
40 This section describes the procedure for upgrading a \*(Ps
41 system to \*(4B. This procedure may vary according to the version of
42 the system running before conversion.
43 If you are converting from a
44 System V system, some of this section will still apply (in particular,
45 the filesystem conversion). However, many of the system configuration
46 files are different, and the executable file formats are completely
49 In particular be wary when using this information to upgrade
51 There are at least four different versions of ``\*(Ps'' out there:
55 This was the original version of \*(Ps for HP300s from which the
56 other variants (and \*(4B) are derived.
57 It is largely a \*(Ps system with Sun's NFS 3.0 filesystem code and
58 some \*(Ps-Tahoe features (e.g. networking code).
59 Since the filesystem code is 4.2/4.3 vintage and the filesystem
60 hierarchy is largely \*(Ps, most of this section should apply.
62 MORE/bsd from Mt. Xinu.
64 This is a \*(Ps-Tahoe vintage system with Sun's NFS 4.0 filesystem code
65 upgraded with Tahoe UFS features.
66 The instructions for \*(Ps-Tahoe should largely apply.
70 At least one site bootstrapped HP300 support from the Reno distribution.
71 The Reno filesystem code was somewhere between \*(Ps and \*(4B: the VFS switch
72 had been added but many of the UFS features (e.g. ``inline'' symlinks)
74 The filesystem hierarchy reorganization first appeared in this release.
75 Be extremely careful following these instructions if you are
76 upgrading from the Reno distribution.
80 As if things were not bad enough already,
81 this release has the \*(4B filesystem and networking code
82 as well as some utilities, but still has a \*(Ps hierarchy.
83 No filesystem conversions are necessary for this upgrade,
84 but files will still need to be moved around.
85 .Sh 2 "Installation overview"
87 If you are running \*(Ps, upgrading your system
88 involves replacing your kernel and system utilities.
89 In general, there are three possible ways to install a new \*(Bs distribution:
90 (1) boot directly from the distribution tape, use it to load new binaries
91 onto empty disks, and then merge or restore any existing configuration files
93 (2) use an existing \*(Ps or later system to extract the root and
95 filesystems from the distribution tape,
96 boot from the new system, then merge or restore existing
97 configuration files and filesystems; or
98 (3) extract the sources from the distribution tape onto an existing system,
99 and use that system to cross-compile and install \*(4B.
100 For this release, the second alternative is strongly advised,
101 with the third alternative reserved as a last resort.
102 In general, older binaries will continue to run under \*(4B,
103 but there are many exceptions that are on the critical path
104 for getting the system running.
105 Ideally, the new system binaries (root and
107 filesystems) should be installed on spare disk partitions,
108 then site-specific files should be merged into them.
109 Once the new system is up and fully merged, the previous root and
111 filesystems can be reused.
112 Other existing filesystems can be retained and used,
113 except that (as usual) the new
115 should be run before they are mounted.
117 It is \fBSTRONGLY\fP advised that you make full dumps of each filesystem
118 before beginning, especially any that you intend to modify in place
120 It is also desirable to run filesystem checks
121 of all filesystems to be converted to \*(4B before shutting down.
122 This is an excellent time to review your disk configuration
123 for possible tuning of the layout.
124 Most systems will need to provide a new filesystem for system use
130 filesystem can be an MFS virtual-memory-resident filesystem,
131 potentially freeing an existing disk partition.
132 (Additional swap space may be desirable as a consequence.)
136 The recommended installation procedure includes the following steps.
137 The order of these steps will probably vary according to local needs.
141 filesystems from the distribution tapes.
143 Extract kernel and/or user-level sources from the distribution tape
145 This can serve as the backup documentation as needed.
147 Configure and boot a kernel for the local system.
148 This can be delayed if the generic kernel from the distribution
149 supports enough hardware to proceed.
156 Merge site-dependent configuration files from
163 Note that many file formats and contents have changed; see section 3.4
166 Copy or merge files from
171 and other locations into
174 Merge local macros, dictionaries, etc. into
177 Merge and update local software to reflect the system changes.
179 Take off the rest of the morning, you've earned it!
181 Section 3.2 lists the files to be saved as part of the conversion process.
182 Section 3.3 describes the bootstrap process.
183 Section 3.4 discusses the merger of the saved files back into the new system.
184 Section 3.5 gives an overview of the major
185 bug fixes and changes between \*(Ps and \*(4B.
186 Section 3.6 provides general hints on possible problems to be
187 aware of when converting from \*(Ps to \*(4B.
188 .Sh 2 "Files to save"
190 The following list enumerates the standard set of files you will want to
191 save and suggests directories in which site-specific files should be present.
192 This list will likely be augmented with non-standard files you
193 have added to your system.
194 If you do not have enough space to create parallel
195 filesystems, you should create a
197 image of the following files before the new filesystems are created.
198 The rest of this subsection describes where theses files
199 have moved and how they have changed.
202 /.cshrc \(dg root csh startup script (moves to \f(CW/root/.cshrc\fP)
203 /.login \(dg root csh login script (moves to \f(CW/root/.login\fP)
204 /.profile \(dg root sh startup script (moves to \f(CW/root/.profile\fP)
205 /.rhosts \(dg for trusted machines and users (moves to \f(CW/root/.rhosts\fP)
206 /etc/disktab \(dd in case you changed disk partition sizes
207 /etc/fstab * disk configuration data
208 /etc/ftpusers \(dg for local additions
209 /etc/gettytab \(dd getty database
210 /etc/group * group data base
211 /etc/hosts \(dg for local host information
212 /etc/hosts.equiv \(dg for local host equivalence information
213 /etc/hosts.lpd \(dg printer access file
214 /etc/inetd.conf * Internet services configuration data
215 /etc/named* \(dg named configuration files
216 /etc/netstart \(dg network initialization
217 /etc/networks \(dg for local network information
218 /etc/passwd * user data base
219 /etc/printcap * line printer database
220 /etc/protocols \(dd in case you added any local protocols
221 /etc/rc * for any local additions
222 /etc/rc.local * site specific system startup commands
223 /etc/remote \(dg auto-dialer configuration
224 /etc/services \(dd for local additions
225 /etc/shells \(dd list of valid shells
226 /etc/syslog.conf * system logger configuration
227 /etc/securettys * merged into ttys
228 /etc/ttys * terminal line configuration data
229 /etc/ttytype * merged into ttys
230 /etc/termcap \(dd for any local entries that may have been added
231 /lib \(dd for any locally developed language processors
232 /usr/dict/* \(dd for local additions to words and papers
233 /usr/include/* \(dd for local additions
234 /usr/lib/aliases * mail forwarding data base (moves to \f(CW/etc/aliases\fP)
235 /usr/lib/crontab * cron daemon data base (moves to \f(CW/etc/crontab\fP)
236 /usr/lib/crontab.local * local cron daemon data base (moves to \f(CW/etc/crontab.local\fP)
237 /usr/lib/lib*.a \(dg for local libraries
238 /usr/lib/mail.rc \(dg system-wide mail(1) initialization (moves to \f(CW/etc/mail.rc\fP)
239 /usr/lib/sendmail.cf * sendmail configuration (moves to \f(CW/etc/sendmail.cf\fP)
240 /usr/lib/tmac/* \(dd for locally developed troff/nroff macros (moves to \f(CW/usr/share/tmac/*\fP)
241 /usr/lib/uucp/* \(dg for local uucp configuration files
242 /usr/man/manl * for manual pages for locally developed programs (moves to \f(CW/usr/local/man\fP)
243 /usr/spool/* \(dg for current mail, news, uucp files, etc. (moves to \f(CW/var/spool\fP)
244 /usr/src/local \(dg for source for locally developed programs
245 /sys/conf/HOST \(dg configuration file for your machine (moves to \f(CW/sys/<arch>/conf\fP)
246 /sys/conf/files.HOST \(dg list of special files in your kernel (moves to \f(CW/sys/<arch>/conf\fP)
247 /*/quotas * filesystem quota files (moves to \f(CW/*/quotas.user\fP)
250 \(dg\|Files that can be used from \*(Ps without change.
251 \(dd\|Files that need local changes merged into \*(4B files.
252 *\|Files that require special work to merge and are discussed in section 3.4.
254 .Sh 2 "Installing \*(4B"
256 The next step is to build a working \*(4B system.
257 This can be done by following the steps in section 2 of
258 this document for extracting the root and
260 filesystems from the distribution tape onto unused disk partitions.
261 For the SPARC, the root filesystem dump on the tape could also be
263 For the HP300 and DECstation, the raw disk image can be copied
264 into an unused partition and this partition can then be dumped
265 to create an image that can be restored.
266 The exact procedure chosen will depend on the disk configuration
267 and the number of suitable disk partitions that may be used.
268 It is also desirable to run filesystem checks
269 of all filesystems to be converted to \*(4B before shutting down.
270 In any case, this is an excellent time to review your disk configuration
271 for possible tuning of the layout.
274 are required reading.
276 The filesystem in \*(4B has been reorganized in an effort to
279 The root filesystem should be small.
281 There should be a per-architecture centrally-shareable read-only
285 Variable per-machine directories should be concentrated below
286 a single mount point named
289 Site-wide machine independent shareable text files should be separated
290 from architecture specific binary files and should be concentrated below
291 a single mount point named
294 These goals are realized with the following general layouts.
295 The reorganized root filesystem has the following directories:
299 /bin (user binaries needed when single-user)
300 /sbin (root binaries needed when single-user)
301 /local (locally added binaries used only by this machine)
302 /tmp (mount point for memory based filesystem)
304 /home (mount point for AMD)
305 /var (mount point for per-machine variable directories)
306 /usr (mount point for multiuser binaries and files)
311 filesystem has the following directories:
314 /usr/bin (user binaries)
315 /usr/contrib (software contributed to \*(4B)
316 /usr/games (binaries for games, score files in \f(CW/var\fP)
317 /usr/include (standard include files)
318 /usr/lib (lib*.a from old \f(CW/usr/lib\fP)
319 /usr/libdata (databases from old \f(CW/usr/lib\fP)
320 /usr/libexec (executables from old \f(CW/usr/lib\fP)
321 /usr/local (locally added binaries used site-wide)
322 /usr/old (deprecated binaries)
323 /usr/sbin (root binaries)
324 /usr/share (mount point for site-wide shared text)
325 /usr/src (mount point for sources)
330 filesystem has the following directories:
333 /usr/share/calendar (various useful calendar files)
334 /usr/share/dict (dictionaries)
335 /usr/share/doc (\*(4B manual sources)
336 /usr/share/games (games text files)
337 /usr/share/groff_font (groff font information)
338 /usr/share/man (typeset manual pages)
339 /usr/share/misc (dumping ground for random text files)
340 /usr/share/mk (templates for \*(4B makefiles)
341 /usr/share/skel (template user home directory files)
342 /usr/share/tmac (various groff macro packages)
343 /usr/share/zoneinfo (information on time zones)
348 filesystem has the following directories:
351 /var/account (accounting files, formerly \f(CW/usr/adm\fP)
352 /var/at (\fIat\fP\|(1) spooling area)
353 /var/backups (backups of system files)
354 /var/crash (crash dumps)
355 /var/db (system-wide databases, e.g. tags)
356 /var/games (score files)
358 /var/mail (users mail)
359 /var/obj (hierarchy to build \f(CW/usr/src\fP)
360 /var/preserve (preserve area for vi)
361 /var/quotas (directory to store quota files)
362 /var/run (directory to store *.pid files)
363 /var/rwho (rwho databases)
364 /var/spool/ftp (home directory for anonymous ftp)
365 /var/spool/mqueue (sendmail spooling directory)
366 /var/spool/news (news spooling area)
367 /var/spool/output (printer spooling area)
368 /var/spool/uucp (uucp spooling area)
369 /var/tmp (disk-based temporary directory)
370 /var/users (root of per-machine user home directories)
373 The \*(4B bootstrap routines pass the identity of the boot device
374 through to the kernel.
375 The kernel then uses that device as its root filesystem.
376 Thus, for example, if you boot from
380 as its root filesystem. If
382 is configured as a swap partition,
383 it will be used as the initial swap area,
384 otherwise the normal primary swap area (\c
387 The \*(4B bootstrap is backward compatible with \*(Ps,
388 so you can replace your old bootstrap if you use it
389 to boot your first \*(4B kernel.
390 However, the \*(Ps bootstrap cannot access \*(4B filesystems,
391 so if you plan to convert your filesystems to \*(4B,
392 you must install a new bootstrap \fIbefore\fP doing the conversion.
393 Note that SPARC users cannot build a \*(4B compatible version
394 of the bootstrap, so must \fInot\fP convert their root filesystem
395 to the new \*(4B format.
397 Once you have extracted the \*(4B system and booted from it,
398 you will have to build a kernel customized for your configuration.
399 If you have any local device drivers,
400 they will have to be incorporated into the new kernel.
401 See section 4.1.3 and ``Building 4.3BSD UNIX Systems with Config'' (SMM:2).
403 If converting from \*(Ps, your old filesystems should be converted.
404 If you've modified the partition
405 sizes from the original \*(Ps ones, and are not already using the
406 \*(4B disk labels, you will have to modify the default disk partition
407 tables in the kernel. Make the necessary table changes and boot
408 your custom kernel \fBBEFORE\fP trying to access any of your old
409 filesystems! After doing this, if necessary, the remaining filesystems
410 may be converted in place by running the \*(4B version of
412 on each filesystem and allowing it to make the necessary corrections.
415 is more strict about the size of directories than
416 the version supplied with \*(Ps.
417 Thus the first time that it is run on a \*(Ps filesystem,
418 it will produce messages of the form:
420 \fBDIRECTORY ...: LENGTH\fP xx \fBNOT MULTIPLE OF 512 (ADJUSTED)\fP
422 Length ``xx'' will be the size of the directory;
423 it will be expanded to the next multiple of 512 bytes.
426 will also set default \fIinterleave\fP and
427 \fInpsect\fP (number of physical sectors per track) values on older
428 filesystems, in which these fields were unused spares; this correction
429 will produce messages of the form:
431 \fBIMPOSSIBLE INTERLEAVE=0 IN SUPERBLOCK (SET TO DEFAULT)\fP\**
432 \fBIMPOSSIBLE NPSECT=0 IN SUPERBLOCK (SET TO DEFAULT)\fP
435 The defaults are to set \fIinterleave\fP to 1 and
436 \fInpsect\fP to \fInsect\fP.
437 This is correct on most drives;
438 it affects only performance (usually virtually unmeasurably).
440 Filesystems that have had their interleave and npsect values
441 set will be diagnosed by the old
443 as having a bad superblock; the old
445 will run only if given an alternate superblock
447 in which case it will re-zero these fields.
448 The \*(4B kernel will internally set these fields to their defaults
449 if fsck has not done so; again, the \fI\-b32\fP option may be
450 necessary for running the old
453 In addition, \*(4B removes several limits on filesystem sizes
454 that were present in \*(Ps.
455 The limited filesystems
456 continue to work in \*(4B, but should be converted
457 as soon as it is convenient
460 with the \fI\-c 2\fP option.
461 The sequence \fIfsck \-p \-c 2\fP will update them all,
462 fix the interleave and npsect fields,
463 fix any incorrect directory lengths,
464 expand maximum uid's and gid's to 32-bits,
465 place symbolic links less than 60 bytes into their inode,
466 and fill in directory type fields all at once.
467 The new filesystem formats are incompatible with older systems.
468 If you wish to continue using these filesystems with the older
469 systems you should make only the compatible changes using
471 .Sh 2 "Merging your files from \*(Ps into \*(4B"
473 When your system is booting reliably and you have the \*(4B root and
475 filesystems fully installed you will be ready
476 to continue with the next step in the conversion process,
477 merging your old files into the new system.
479 If you saved the files on a
481 tape, extract them into a scratch directory, say
484 \fB#\fP \fImkdir /usr/convert\fP
485 \fB#\fP \fIcd /usr/convert\fP
489 The data files marked in the previous table with a dagger (\(dg)
490 may be used without change from the previous system.
491 Those data files marked with a double dagger (\(dd) have syntax
492 changes or substantial enhancements.
493 You should start with the \*(4B version and carefully
494 integrate any local changes into the new file.
495 Usually these local changes can be incorporated
496 without conflict into the new file;
497 some exceptions are noted below.
498 The files marked with an asterisk (*) require
499 particular attention and are discussed below.
501 As described in section 3.3,
502 the most immediately obvious change in \*(4B is the reorganization
503 of the system filesystems.
504 Users of certain recent vendor releases have seen this general organization,
505 although \*(4B takes the reorganization a bit further.
506 The directories most affected are
508 that now contains only system configuration files;
510 a new filesystem containing per-system spool and log files; and
512 that contains most of the text files shareable across architectures
513 such as documentation and macros.
514 System administration programs formerly in
520 Various programs and data files formerly in
527 Administrative files formerly in
531 and, similarly, log files are now in
537 and the sources for programs in
540 .Pn /usr/src/usr.bin .
541 Other source directories parallel the destination directories;
543 has been greatly expanded, and
546 The source for the manual pages, in general, are with the source
547 code for the applications they document.
548 Manual pages not closely corresponding to an application program
550 .Pn /usr/src/share/man .
551 The locations of all man pages is listed in
552 .Pn /usr/src/share/man/man0/man[1-8] .
555 has been updated and made more detailed;
556 it is included in the printed documentation.
557 You should review it to familiarize yourself with the new layout.
561 is provided to build and check filesystem hierarchies
562 with the proper contents, owners and permissions.
563 Scripts are provided in
566 .Pn /usr/src/etc/mtree )
572 Once a filesystem has been made for
575 can be used to create a directory hierarchy there
576 or you can simply use tar to extract the prototype from
577 the second file of the distribution tape.
578 .Sh 3 "Changes in the \f(CW/etc\fP directory"
582 directory now contains nearly all the host-specific configuration
584 Note that some file formats have changed,
585 and those configuration files containing pathnames are nearly all affected
586 by the reorganization.
587 See the examples provided in
592 The following table lists some of the local configuration files
593 whose locations and/or contents have changed.
597 \*(Ps and Earlier \*(4B Comments
599 /etc/fstab /etc/fstab new format; see below
600 /etc/inetd.conf /etc/inetd.conf pathnames of executables changed
601 /etc/printcap /etc/printcap pathnames changed
602 /etc/syslog.conf /etc/syslog.conf pathnames of log files changed
603 /etc/ttys /etc/ttys pathnames of executables changed
604 /etc/passwd /etc/master.passwd new format; see below
605 /usr/lib/sendmail.cf /etc/sendmail.cf changed pathnames
606 /usr/lib/aliases /etc/aliases may contain changed pathnames
607 /etc/*.pid /var/run/*.pid
612 New in \*(Ps-Tahoe \*(4B Comments
614 /usr/games/dm.config /etc/dm.conf configuration for games (see \fIdm\fP\|(8))
615 /etc/zoneinfo/localtime /etc/localtime timezone configuration
616 /etc/zoneinfo /usr/share/zoneinfo timezone configuration
622 New in \*(4B Comments
624 /etc/aliases.db database version of the aliases file
625 /etc/amd-home location database of home directories
626 /etc/amd-vol location database of exported filesystems
627 /etc/changelist \f(CW/etc/security\fP files to back up
628 /etc/csh.cshrc system-wide csh(1) initialization file
629 /etc/csh.login system-wide csh(1) login file
630 /etc/csh.logout system-wide csh(1) logout file
631 /etc/disklabels directory for saving disklabels
632 /etc/exports NFS list of export permissions
633 /etc/ftpwelcome message displayed for ftp users; see ftpd(8)
634 /etc/kerberosIV Kerberos directory; see below
635 /etc/man.conf lists directories searched by \fIman\fP\|(1)
636 /etc/mtree directory for local mtree files; see mtree(8)
637 /etc/netgroup NFS group list used in \f(CW/etc/exports\fP
638 /etc/pwd.db non-secure hashed user data base file
639 /etc/spwd.db secure hashed user data base file
640 /etc/security daily system security checker
643 System security changes require adding several new ``well-known'' groups to
645 The groups that are needed by the system as distributed are:
650 wheel 0 users allowed superuser privilege
651 daemon 1 processes that need less than wheel privilege
652 kmem 2 read access to kernel memory
653 sys 3 access to kernel sources
654 tty 4 access to terminals
655 operator 5 read access to raw disks
656 bin 7 group for system binaries
657 news 8 group for news
658 wsrc 9 write access to sources
659 games 13 access to games
660 staff 20 system staff
661 guest 31 system guests
662 nobody 39 the least privileged group
663 utmp 45 access to utmp files
664 dialer 117 access to remote ports and dialers
666 Only users in the ``wheel'' group are permitted to
669 Most programs that manage directories in
671 now run set-group-id to ``daemon'' so that users cannot
672 directly access the files in the spool directories.
673 The special files that access kernel memory,
677 are made readable only by group ``kmem''.
678 Standard system programs that require this access are
679 made set-group-id to that group.
680 The group ``sys'' is intended to control access to kernel sources,
681 and other sources belong to group ``wsrc.''
682 Rather than make user terminals writable by all users,
683 they are now placed in group ``tty'' and made only group writable.
684 Programs that should legitimately have access to write on user terminals
689 now run set-group-id to ``tty''.
690 The ``operator'' group controls access to disks.
691 By default, disks are readable by group ``operator'',
692 so that programs such as
694 can access the filesystem information without being set-user-id to ``root''.
697 program is executable only by group operator
698 and is setuid to root so that members of group operator may shut down
699 the system without root access.
701 The ownership and modes of some directories have changed.
704 programs now run set-user-id ``root'' instead of ``daemon.''
705 Also, the uucp directory no longer needs to be publicly writable,
708 reverts to privileged status to remove its lock files.
709 After copying your version of
713 \fB#\fP \fIchown \-R root /var/spool/at\fP
714 \fB#\fP \fIchown \-R uucp.daemon /var/spool/uucp\fP
715 \fB#\fP \fIchmod \-R o\-w /var/spool/uucp\fP
718 The format of the cron table,
720 has been changed to specify the user-id that should be used to run a process.
721 The userid ``nobody'' is frequently useful for non-privileged programs.
722 Local changes are now put in a separate file,
723 .Pn /etc/crontab.local .
725 Some of the commands previously in
729 several new functions are now handled by
734 You should look closely at the prototype version of these files
735 and read the manual pages for the commands contained in it
736 before trying to merge your local copy.
737 Note in particular that
739 has had many changes,
740 and that host names are now fully specified as domain-style names
741 (e.g., vangogh.CS.Berkeley.EDU) for the benefit of the name server.
743 Some of the commands previously in
747 and several new functions have been added to
749 to do nightly security checks on the system.
754 each night, and mails the output to the super-user.
755 Some of the checks done by
759 \(bu Syntax errors in the password and group files.
760 \(bu Duplicate user and group names and id's.
761 \(bu Dangerous search paths and umask values for the superuser.
762 \(bu Dangerous values in various initialization files.
763 \(bu Dangerous .rhosts files.
764 \(bu Dangerous directory and file ownership or permissions.
765 \(bu Globally exported filesystems.
766 \(bu Dangerous owners or permissions for special devices.
768 In addition, it reports any changes to setuid and setgid files, special
769 devices, or the files in
771 since the last run of
773 Backup copies of the files are saved in
775 Finally, the system binaries are checksummed and their permissions
776 validated against the
781 The C-library and system binaries on the distribution tape
782 are compiled with new versions of
786 that use the name server,
788 If you have only a small network and are not connected
789 to a large network, you can use the distributed library routines without
790 any problems; they use a linear scan of the host table
792 if the name server is not running.
793 If you are on the Internet or have a large local network,
794 it is recommend that you set up
795 and use the name server.
796 For instructions on how to set up the necessary configuration files,
797 refer to ``Name Server Operations Guide for BIND'' (SMM:10).
798 Several programs rely on the host name returned by
800 to determine the local domain name.
802 If you are using the name server, your
804 configuration file will need some updates to accommodate it.
805 See the ``Sendmail Installation and Operation Guide'' (SMM:8) and
808 configuration files in
809 .Pn /usr/src/usr.sbin/sendmail/cf .
812 has also been changed to add certain well-known addresses.
813 .Sh 3 "Shadow password files"
815 The password file format adds change and expiration fields
816 and its location has changed to protect
817 the encrypted passwords stored there.
818 The actual password file is now stored in
819 .Pn /etc/master.passwd .
820 The hashed dbm password files do not contain encrypted passwords,
821 but contain the file offset to the entry with the password in
822 .Pn /etc/master.passwd
823 (that is readable only by root).
828 functions will no longer return an encrypted password string to non-root
830 An old-style passwd file is created in
840 Several new users have also been added to the group of ``well-known'' users in
857 The ``daemon'' user is used for daemon processes that
858 do not need root privileges.
859 The ``operator'' user-id is used as an account for dumpers
860 so that they can log in without having the root password.
861 By placing them in the ``operator'' group,
862 they can get read access to the disks.
863 The ``uucp'' login has existed long before \*(4B,
864 and is noted here just to provide a common user-id.
865 The password entry ``nobody'' has been added to specify
866 the user with least privilege. The ``games'' user is a pseudo-user
867 that controls access to game programs.
869 After installing your updated password file, you must run
871 to create the password database.
877 .Sh 3 "The \f(CW/var\fP filesystem"
879 The spooling directories saved on tape may be restored in their
880 eventual resting places without too much concern. Be sure to
881 use the `\-p' option to
883 so that files are recreated with the same file modes.
884 The following commands provide a guide for copying spool and log files from
885 an existing system into a new
888 At least the following directories should already exist on
900 cd $SRC; tar cf - msgs preserve | (cd /var && tar xpf -)
904 # copy $SRC/spool to /var
906 tar cf - at mail rwho | (cd /var && tar xpf -)
907 tar cf - ftp mqueue news secretmail uucp uucppublic | \e
908 (cd /var/spool && tar xpf -)
912 # everything else in spool is probably a printer area
914 mv at ftp mail mqueue rwho secretmail uucp uucppublic .save
915 tar cf - * | (cd /var/spool/output && tar xpf -)
922 mv syslog.7 /var/log/maillog.7
923 mv syslog.6 /var/log/maillog.6
924 mv syslog.5 /var/log/maillog.5
925 mv syslog.4 /var/log/maillog.4
926 mv syslog.3 /var/log/maillog.3
927 mv syslog.2 /var/log/maillog.2
928 mv syslog.1 /var/log/maillog.1
929 mv syslog.0 /var/log/maillog.0
930 mv syslog /var/log/maillog
934 # move $SRC/adm to /var
936 tar cf - . | (cd /var/account && tar xpf -)
939 mv messages messages.[0-9] ../log
940 mv wtmp wtmp.[0-9] ../log
943 .Sh 2 "Bug fixes and changes between \*(Ps and \*(4B"
945 The major new facilities available in the \*(4B release are
946 a new virtual memory system,
947 the addition of ISO/OSI networking support,
948 a new virtual filesystem interface supporting filesystem stacking,
949 a freely redistributable implementation of NFS,
950 a log-structured filesystem,
951 enhancement of the local filesystems to support
952 files and filesystems that are up to 2^63 bytes in size,
953 enhanced security and system management support,
954 and the conversion to and addition of the IEEE Std1003.1 (``POSIX'')
955 facilities and many of the IEEE Std1003.2 facilities.
956 In addition, many new utilities and additions to the C
957 library are present as well.
958 The kernel sources have been reorganized to collect all machine-dependent
959 files for each architecture under one directory,
960 and most of the machine-independent code is now free of code
961 conditional on specific machines.
962 The user structure and process structure have been reorganized
963 to eliminate the statically-mapped user structure and to make most
964 of the process resources shareable by multiple processes.
965 The system and include files have been converted to be compatible
966 with ANSI C, including function prototypes for most of the exported
968 There are numerous other changes throughout the system.
969 .Sh 3 "Changes to the kernel"
971 This release includes several important structural kernel changes.
972 The kernel uses a new internal system call convention;
973 the use of global (``u-dot'') variables for parameters and error returns
975 and interrupted system calls no longer abort using non-local goto's (longjmp's).
976 A new sleep interface separates signal handling from scheduling priority,
977 returning characteristic errors to abort or restart the current system call.
978 This sleep call also passes a string describing the process state,
979 that is used by the ps(1) program.
980 The old sleep interface can be used only for non-interruptible sleeps.
981 The sleep interface (\fItsleep\fP) can be used at any priority,
982 but is only interruptible if the PCATCH flag is set.
983 When interrupted, \fItsleep\fP returns EINTR or ERESTART.
985 Many data structures that were previously statically allocated
986 are now allocated dynamically.
987 These structures include mount entries, file entries,
988 user open file descriptors, the process entries, the vnode table,
989 the name cache, and the quota structures.
991 To protect against indiscriminate reading or writing of kernel
992 memory, all writing and most reading of kernel data structures
993 must be done using a new ``sysctl'' interface.
994 The information to be accessed is described through an extensible
995 ``Management Information Base'' (MIB) style name,
996 described as a dotted set of components.
999 retrieves kernel state and allows processes with appropriate
1000 privilege to set kernel state.
1003 The kernel runs with four different levels of security.
1004 Any superuser process can raise the security level, but only
1007 Security levels are defined as follows:
1009 Permanently insecure mode \- always run system in level 0 mode.
1011 Insecure mode \- immutable and append-only flags may be turned off.
1012 All devices may be read or written subject to their permissions.
1014 Secure mode \- immutable and append-only flags may not be cleared;
1015 disks for mounted filesystems,
1021 Highly secure mode \- same as secure mode, plus disks are always
1022 read-only whether mounted or not.
1023 This level precludes tampering with filesystems by unmounting them,
1024 but also inhibits running
1026 while the system is multi-user.
1029 and the \-\fBo\fP option to
1031 for information on setting and displaying the immutable and append-only
1034 Normally, the system runs in level 0 mode while single user
1035 and in level 1 mode while multiuser.
1036 If the level 2 mode is desired while running multiuser,
1037 it can be set in the startup script
1041 If it is desired to run the system in level 0 mode while multiuser,
1042 the administrator must build a kernel with the variable
1044 in the kernel source file
1045 .Pn /sys/kern/kern_sysctl.c
1047 .Sh 4 "Virtual memory changes"
1049 The new virtual memory implementation is derived from the Mach
1050 operating system developed at Carnegie-Mellon,
1051 and was ported to the BSD kernel at the University of Utah.
1052 It is based on the 2.0 release of Mach
1053 (with some bug fixes from the 2.5 and 3.0 releases)
1054 and retains many of its essential features such as
1055 the separation of the machine dependent and independent layers
1056 (the ``pmap'' interface),
1057 efficient memory utilization using copy-on-write
1058 and other lazy-evaluation techniques,
1059 and support for large, sparse address spaces.
1060 It does not include the ``external pager'' interface instead using
1061 a primitive internal pager interface.
1062 The Mach virtual memory system call interface has been replaced with the
1063 ``mmap''-based interface described in the ``Berkeley Software
1064 Architecture Manual'' (see UNIX Programmer's Manual,
1065 Supplementary Documents, PSD:5).
1066 The interface is similar to the interfaces shipped
1067 by several commercial vendors such as Sun, USL, and Convex Computer Corp.
1068 The integration of the new virtual memory is functionally complete,
1069 but still has serious performance problems under heavy memory load.
1070 The internal kernel interfaces have not yet been completed
1071 and the memory pool and buffer cache have not been merged.
1072 Some additional caveats:
1074 Since the code is based on the 2.0 release of Mach,
1075 bugs and misfeatures of the BSD version should not be considered
1076 short-comings of the current Mach virtual memory system.
1078 Because of the disjoint virtual memory (page) and IO (buffer) caches,
1079 it is possible to see inconsistencies if using both the mmap and
1080 read/write interfaces on the same file simultaneously.
1082 Swap space is allocated on-demand rather than up front and no
1083 allocation checks are performed so it is possible to over-commit
1084 memory and eventually deadlock.
1086 The semantics of the
1088 system call are slightly different.
1089 The synchronization between parent and child is preserved,
1090 but the memory sharing aspect is not.
1091 In practice this has been enough for backward compatibility,
1092 but newer code should just use
1094 .Sh 4 "Networking additions and changes"
1096 The ISO/OSI Networking consists of a kernel implementation of
1097 transport class 4 (TP-4),
1098 connectionless networking protocol (CLNP),
1099 and 802.3-based link-level support (hardware-compatible with Ethernet\**).
1101 Ethernet is a trademark of the Xerox Corporation.
1103 We also include support for ISO Connection-Oriented Network Service,
1105 The session and presentation layers are provided outside
1106 the kernel using the ISO Development Environment by Marshall Rose,
1107 that is available via anonymous FTP
1108 (but is not included on the distribution tape).
1109 Included in this development environment are file
1110 transfer and management (FTAM), virtual terminals (VT),
1111 a directory services implementation (X.500),
1112 and miscellaneous other utilities.
1114 Kernel support for the ISO OSI protocols is enabled with the ISO option
1115 in the kernel configuration file.
1118 manual page describes the protocols and addressing;
1124 The OSI equivalent to ARP is ESIS (End System to Intermediate System Routing
1125 Protocol); running this protocol is mandatory, however one can manually add
1126 translations for machines that do not participate by use of the
1129 Additional information is provided in the manual page describing
1134 has a new syntax and several new capabilities:
1135 it can install routes with a specified destination and mask,
1136 and can change route characteristics such as hop count, packet size
1139 Several important enhancements have been added to the TCP/IP
1140 protocols including TCP header prediction and
1141 serial line IP (SLIP) with header compression.
1142 The routing implementation has been completely rewritten
1143 to use a hierarchical routing tree with a mask per route
1144 to support the arbitrary levels of routing found in the ISO protocols.
1145 The routing table also stores and caches route characteristics
1146 to speed the adaptation of the throughput and congestion avoidance
1151 structure (the structure used to describe a generic network address with an
1152 address family and family-specific data)
1153 has changed from previous releases,
1154 as have the address family-specific versions of this structure.
1157 family field has been split into a length,
1161 System calls that pass a
1163 structure into the kernel (e.g.
1167 have a separate parameter that specifies the
1169 length, and thus it is not necessary to fill in the
1171 field for those system calls.
1172 System calls that pass a
1174 structure back from the kernel (e.g.
1178 receive a completely filled-in
1180 structure, thus the length field is valid.
1181 Because this would not work for old binaries,
1182 the new library uses a different system call number.
1183 Thus, most networking programs compiled under \*(4B are incompatible
1186 Although this change is mostly source and binary compatible
1187 with old programs, there are three exceptions.
1188 Programs with statically initialized
1191 (usually the Internet form, a
1194 Generally, such programs should be changed to fill in the structure
1195 at run time, as C allows no way to initialize a structure without
1196 assuming the order and number of fields.
1197 Also, programs with use structures to describe a network packet format
1198 that contain embedded
1200 structures also require change; a definition of an
1202 structure is provided for this purpose.
1203 Finally, programs that use the
1205 ioctl to get a complete list of interface addresses
1208 field when iterating through the array of addresses returned,
1209 as not all the structures returned have the same length
1210 (this variance in length is nearly guaranteed by the presence of link-layer
1211 address structures).
1212 .Sh 4 "Additions and changes to filesystems"
1214 The \*(4B distribution contains most of the interfaces
1215 specified in the IEEE Std1003.1 system interface standard.
1216 Filesystem additions include IEEE Std1003.1 FIFOs,
1217 byte-range file locking, and saved user and group identifiers.
1219 A new virtual filesystem interface has been added to the
1220 kernel to support multiple filesystems.
1221 In comparison with other interfaces,
1222 the Berkeley interface has been structured for more efficient support
1223 of filesystems that maintain state (such as the local filesystem).
1224 The interface has been extended with support for stackable
1225 filesystems done at UCLA.
1226 These extensions allow for filesystems to be layered on top of each
1227 other and allow new vnode operations to be added without requiring
1228 changes to existing filesystem implementations.
1230 the umap filesystem (see
1232 is used to mount a sub-tree of an existing filesystem
1233 that uses a different set of uids and gids than the local system.
1234 Such a filesystem could be mounted from a remote site via NFS or it
1235 could be a filesystem on removable media brought from some foreign
1236 location that uses a different password file.
1238 Other new filesystems that may be stacked include the loopback filesystem
1240 the kernel filesystem
1241 .Xr mount_kernfs (8),
1242 and the portal filesystem
1243 .Xr mount_portal (8).
1245 The buffer cache in the kernel is now organized as a file block cache
1246 rather than a device block cache.
1247 As a consequence, cached blocks from a file
1248 and from the corresponding block device would no longer be kept consistent.
1249 The block device thus has little remaining value.
1250 Three changes have been made for these reasons:
1252 block devices may not be opened while they are mounted,
1253 and may not be mounted while open, so that the two versions of cached
1254 file blocks cannot be created,
1256 filesystem checks of the root now use the raw device
1257 to access the root filesystem, and
1259 the root filesystem is initially mounted read-only
1260 so that nothing can be written back to disk during or after change to
1261 the raw filesystem by
1264 The root filesystem may be made writable while in single-user mode
1270 The mount command has an option to update the flags on a mounted filesystem,
1271 including the ability to upgrade a filesystem from read-only to read-write
1272 or downgrade it from read-write to read-only.
1274 In addition to the local ``fast filesystem'',
1275 we have added an implementation of the network filesystem (NFS)
1276 that fully interoperates with the NFS shipped by Sun and its licensees.
1277 Because our NFS implementation was implemented
1278 by Rick Macklem of the University of Guelph
1279 using only the publicly available NFS specification,
1280 it does not require a license from Sun to use in source or binary form.
1281 By default it runs over UDP to be compatible with Sun's implementation.
1282 However, it can be configured on a per-mount basis to run over TCP.
1283 Using TCP allows it to be used quickly and efficiently through
1284 gateways and over long-haul networks.
1285 Using an extended protocol, it supports Leases to allow a limited
1286 callback mechanism that greatly reduces the network traffic necessary
1287 to maintain cache consistency between the server and its clients.
1288 Its use will be familiar to users of other implementations of NFS.
1289 See the manual pages
1299 and the document ``The 4.4BSD NFS Implementation'' (SMM:6)
1300 for further information.
1303 has changed from previous \*(Bs releases
1304 to a blank-separated format to allow colons in pathnames.
1306 A new local filesystem, the log-structured filesystem (LFS),
1307 has been added to the system.
1308 It provides near disk-speed output and fast crash recovery.
1309 This work is based, in part, on the LFS filesystem created
1310 for the Sprite operating system at Berkeley.
1311 While the kernel implementation is almost complete,
1312 only some of the utilities to support the
1313 filesystem have been written,
1314 so we do not recommend it for production use.
1319 .Xr lfs_cleanerd (8)
1320 for more information.
1321 For a in-depth description of the implementation and performance
1322 characteristics of log-structured filesystems in general,
1323 and this one in particular, see Dr. Margo Seltzer's doctoral thesis,
1324 available from the University of California Computer Science Department.
1326 We have also added a memory-based filesystem that runs in
1327 pageable memory, allowing large temporary filesystems without
1328 requiring dedicated physical memory.
1330 The local ``fast filesystem'' has been enhanced to do
1331 clustering that allows large pieces of files to be
1332 allocated contiguously resulting in near doubling
1333 of filesystem throughput.
1334 The filesystem interface has been extended to allow
1335 files and filesystems to grow to 2^63 bytes in size.
1336 The quota system has been rewritten to support both
1337 user and group quotas (simultaneously if desired).
1338 Quota expiration is based on time rather than
1339 the previous metric of number of logins over quota.
1340 This change makes quotas more useful on fileservers
1341 onto which users seldom login.
1343 The system security has been greatly enhanced by the
1344 addition of additional file flags that permit a file to be
1345 marked as immutable or append only.
1346 Once set, these flags can only be cleared by the super-user
1347 when the system is running in insecure mode (normally, single-user).
1348 In addition to the immutable and append-only flags,
1349 the filesystem supports a new user-settable flag ``nodump''.
1350 (File flags are set using the
1355 will omit the file from incremental backups
1356 but retain them on full backups.
1357 See the ``-h'' flag to
1359 for details on how to change this default.
1360 The ``nodump'' flag is usually set on core dumps,
1361 system crash dumps, and object files generated by the compiler.
1362 Note that the flag is not preserved when files are copied
1363 so that installing an object file will cause it to be preserved.
1365 The filesystem format used in \*(4B has several additions.
1366 Directory entries have an additional field,
1368 that identifies the type of the entry
1369 (normally found in the
1374 This field is particularly useful for identifying
1375 directories without the need to use
1378 Short (less than sixty byte) symbolic links are now stored
1379 in the inode itself rather than in a separate data block.
1380 This saves disk space and makes access of symbolic links faster.
1381 Short symbolic links are not given a special type,
1382 so a user-level application is unaware of their special treatment.
1383 Unlike pre-\*(4B systems, symbolic links do
1384 not have an owner, group, access mode, times, etc.
1385 Instead, these attributes are taken from the directory that contains the link.
1386 The only attributes returned from an
1388 that refer to the symbolic link itself are the file type (S_IFLNK),
1389 size, blocks, and link count (always 1).
1391 An implementation of an auto-mounter daemon,
1393 was contributed by Jan-Simon Pendry of the
1394 Imperial College of Science, Technology & Medicine.
1395 See the document ``AMD \- The 4.4BSD Automounter'' (SMM:13)
1396 for further information.
1400 contains special files
1404 that, when opened, duplicate the corresponding file descriptor.
1410 refer to file descriptors 0, 1 and 2.
1415 for more information.
1416 .Sh 4 "POSIX terminal driver changes"
1418 The \*(4B system uses the IEEE P1003.1 (POSIX.1) terminal interface
1419 rather than the previous \*(Bs terminal interface.
1420 The terminal driver is similar to the System V terminal driver
1421 with the addition of the necessary extensions to get the
1422 functionality previously available in the \*(Ps terminal driver.
1425 calls and old options to
1428 This emulation is expected to be unavailable in many vendors releases,
1429 so conversion to the new interface is encouraged.
1431 \*(4B also adds the IEEE Std1003.1 job control interface,
1432 that is similar to the \*(Ps job control interface,
1433 but adds a security model that was missing in the
1434 \*(Ps job control implementation.
1437 creates a job-control session consisting of a single process
1438 group with one member, the caller, that becomes a session leader.
1439 Only a session leader may acquire a controlling terminal.
1440 This is done explicitly via a
1443 call, not implicitly by an
1446 The call fails if the terminal is in use.
1447 Programs that allocate controlling terminals (or pseudo-terminals)
1448 require change to work in this environment.
1451 provided in the X11R5 release includes the necessary changes.
1452 New library routines are available for allocating and initializing
1453 pseudo-terminals and other terminals as controlling terminal; see
1454 .Pn /usr/src/lib/libutil/pty.c
1456 .Pn /usr/src/lib/libutil/login_tty.c .
1458 The POSIX job control model formalizes the previous conventions
1459 used in setting up a process group.
1460 Unfortunately, this requires that changes be made in a defined order
1461 and with some synchronization that were not necessary in the past.
1462 Older job control shells (csh, ksh) will generally not operate correctly
1463 with the new system.
1465 Most of the other kernel interfaces have been changed to correspond
1466 with the POSIX.1 interface, although that work is not complete.
1467 See the relevant manual pages and the IEEE POSIX standard.
1468 .Sh 4 "Native operating system compatibility"
1470 Both the HP300 and SPARC ports feature the ability to run binaries
1471 built for the native operating system (HP-UX or SunOS) by emulating
1473 Building an HP300 kernel with the HPUXCOMPAT and COMPAT_OHPUX options
1474 or a SPARC kernel with the COMPAT_SUNOS option will enable this feature
1475 (on by default in the generic kernel provided in the root filesystem image).
1476 Though this native operating system compatibility was provided by the
1477 developers as needed for their purposes and is by no means complete,
1478 it is complete enough to run several non-trivial applications including
1479 those that require HP-UX or SunOS shared libraries.
1480 For example, the vendor supplied X11 server and windowing environment
1481 can be used on both the HP300 and SPARC.
1483 It is important to remember that merely copying over a native binary
1484 and executing it (or executing it directly across NFS) does not imply
1486 All but the most trivial of applications are likely to require access
1487 to auxiliary files that do not exist under \*(4B (e.g.
1488 .Pn /etc/ld.so.cache )
1489 or have a slightly different format (e.g.
1491 However, by using system call tracing and
1492 through creative use of symlinks,
1493 many problems can be tracked down and corrected.
1495 The DECstation port also has code for ULTRIX emulation
1496 (kernel option ULTRIXCOMPAT, not compiled into the generic kernel)
1497 but it was used primarily for initially bootstrapping the port and
1498 has not been used since.
1499 Hence, some work may be required to make it generally useful.
1500 .Sh 3 "Changes to the utilities"
1502 We have been tracking the IEEE Std1003.2 shell and utility work
1503 and have included prototypes of many of the proposed utilities
1504 based on draft 12 of the POSIX.2 Shell and Utilities document.
1505 Because most of the traditional utilities have been replaced
1506 with implementations conformant to the POSIX standards,
1507 you should realize that the utility software may not be as stable,
1508 reliable or well documented as in traditional Berkeley releases.
1509 In particular, almost the entire manual suite has been rewritten to
1510 reflect the POSIX defined interfaces, and in some instances
1511 it does not correctly reflect the current state of the software.
1512 It is also worth noting that, in rewriting this software, we have generally
1513 been rewarded with significant performance improvements.
1514 Most of the libraries and header files have been converted
1515 to be compliant with ANSI C.
1516 The shipped compiler (gcc) is a superset of ANSI C,
1517 but supports traditional C as a command-line option.
1518 The system libraries and utilities all compile
1519 with either ANSI or traditional C.
1520 .Sh 4 "Make and Makefiles"
1522 This release uses a completely new version of the
1524 program derived from the
1526 program developed by the Sprite project at Berkeley.
1527 It supports existing makefiles, although certain incorrect makefiles
1529 The makefiles for the \*(4B sources make extensive use of the new
1530 facilities, especially conditionals and file inclusion, and are thus
1531 completely incompatible with older versions of
1533 (but nearly all the makefiles are now trivial!).
1534 The standard include files for
1541 .Pn /usr/src/share/mk .
1543 Another global change supported by the new
1545 is designed to allow multiple architectures to share a copy of the sources.
1546 If a subdirectory named
1548 is present in the current directory,
1550 descends into that directory and creates all object and other files there.
1551 We use this by building a directory hierarchy in
1559 as symbolic links to the corresponding directories in
1561 (This step is automated.
1562 The command ``make obj'' in
1564 builds both the local symlink and the shadow directory,
1567 that may be a symbolic link, as the root of the shadow tree.
1570 is for historic reasons only, and the system make configuration files in
1572 can trivially be modified to use
1577 hierarchy on the local system, and another on each
1578 system that shares the source filesystem.
1582 .Pn /usr/src/contrib
1585 have been converted to use the new make and
1588 this change allows compilation for multiple
1589 architectures from the same source tree
1590 (that may be mounted read-only).
1593 The Kerberos authentication server from MIT (version 4)
1594 is included in this release.
1597 for a general, if MIT-specific, introduction.
1598 If it is configured,
1604 will all begin to use it automatically.
1606 .Pn /etc/kerberosIV/README
1607 describes the configuration.
1608 Each system needs the file
1609 .Pn /etc/kerberosIV/krb.conf
1610 to set its realm and local servers,
1611 and a private key stored in
1612 .Pn /etc/kerberosIV/srvtab
1614 .Xr ext_srvtab (8)).
1615 The Kerberos server should be set up on a single, physically secure,
1617 Users and hosts may be added to the server database manually with
1619 or users on authorized hosts can add themselves and a Kerberos
1620 password after verification of their ``local'' (passwd-file) password
1625 Note that by default the password-changing program
1627 changes the Kerberos password, that must exist.
1632 changes the ``local'' password if one exists.
1634 Note that Version 5 of Kerberos will be released soon;
1635 Version 4 should probably be replaced at that time.
1636 .Sh 4 "Timezone support"
1638 The timezone conversion code in the C library uses data files installed in
1639 .Pn /usr/share/zoneinfo
1640 to convert from ``GMT'' to various timezones. The data file for the default
1641 timezone for the system should be copied to
1642 .Pn /etc/localtime .
1643 Other timezones can be selected by setting the TZ environment variable.
1645 The data files initially installed in
1646 .Pn /usr/share/zoneinfo
1647 include corrections for leap seconds since the beginning of 1970.
1648 Thus, they assume that the
1649 kernel will increment the time at a constant rate during a leap second;
1650 that is, time just keeps on ticking. The conversion routines will then
1651 name a leap second 23:59:60. For purists, this effectively means that
1652 the kernel maintains TAI (International Atomic Time) rather than UTC
1653 (Coordinated Universal Time, aka GMT).
1655 For systems that run current NTP (Network Time Protocol) implementations
1656 or that wish to conform to the letter of the POSIX.1 law, it is possible
1657 to rebuild the timezone data files so that leap seconds are not counted.
1658 (NTP causes the time to jump over a leap second, and POSIX effectively
1659 requires the clock to be reset by hand when a leap second occurs.
1660 In this mode, the kernel effectively runs UTC rather than TAI.)
1662 The data files without leap second information
1663 are constructed from the source directory,
1664 .Pn /usr/src/share/zoneinfo .
1665 Change the variable REDO in Makefile
1666 from ``right'' to ``posix'', and then do
1668 make obj (if necessary)
1673 You will then need to copy the correct default zone file to
1674 .Pn /etc/localtime ,
1675 as the old one would still have used leap seconds, and because the Makefile
1678 each time ``make install'' is done.
1680 It is possible to install both sets of timezone data files. This results
1682 .Pn /usr/share/zoneinfo/right
1684 .Pn /usr/share/zoneinfo/posix .
1685 Each contain a complete set of zone files.
1687 .Pn /usr/src/share/zoneinfo/Makefile
1689 .Sh 4 "Additions and changes to the libraries"
1691 Notable additions to the libraries include functions to traverse a
1692 filesystem hierarchy, database interfaces to btree and hashing functions,
1693 a new, faster implementation of stdio and a radix and merge sort
1698 functions will do either physical or logical traversal of
1699 a file hierarchy as well as handle essentially infinite depth
1700 filesystems and filesystems with cycles.
1701 All the utilities in \*(4B which traverse file hierarchies
1702 have been converted to use
1704 The conversion has always resulted in a significant performance
1705 gain, often of four or five to one in system time.
1709 functions are intended to be a family of database access methods.
1710 Currently, they consist of
1712 an extensible, dynamic hashing scheme,
1714 a sorted, balanced tree structure (B+tree's), and
1716 a flat-file interface for fixed or variable length records
1717 referenced by logical record number.
1718 Each of the access methods stores associated key/data pairs and
1719 uses the same record oriented interface for access.
1723 function has been rewritten for additional performance.
1724 In addition, three new types of sorting functions,
1729 have been added to the system.
1732 function is optimized for data with pre-existing order,
1733 in which case it usually significantly outperforms
1737 functions are variants of most-significant-byte radix sorting.
1738 They take time linear to the number of bytes to be
1739 sorted, usually significantly outperforming
1741 on data that can be sorted in this fashion.
1742 An implementation of the POSIX 1003.2 standard
1747 .Pn /usr/src/contrib/sort .
1749 Some additional comments about the \*(4B C library:
1751 The floating point support in the C library has been replaced
1752 and is now accurate.
1754 The C functions specified by both ANSI C, POSIX 1003.1 and
1755 1003.2 are now part of the C library.
1756 This includes support for file name matching, shell globbing
1757 and both basic and extended regular expressions.
1759 ANSI C multibyte and wide character support has been integrated.
1760 The rune functionality from the Bell Labs' Plan 9 system is provided
1765 functions have been generalized and replaced with a general
1766 purpose interface named
1771 routines have been replaced, and are usually much faster.
1774 interface permits applications to provide their own I/O stream
1779 library has been largely rewritten.
1780 Important additional features include support for scrolling and
1783 An application front-end editing library, named libedit, has been
1784 added to the system.
1786 A superset implementation of the SunOS kernel memory interface library,
1787 libkvm, has been integrated into the system.
1789 .Sh 4 "Additions and changes to other utilities"
1791 There are many new utilities, offering many new capabilities,
1793 Skimming through the section 1 and section 8 manual pages is sure
1795 The additions to the utility suite include greatly enhanced versions of
1796 programs that display system status information, implementations of
1797 various traditional tools described in the IEEE Std1003.2 standard,
1798 new tools not previous available on Berkeley UNIX systems,
1800 Also, with only a very few exceptions, all the utilities from
1801 \*(Ps that included proprietary source code have been replaced,
1802 and their \*(4B counterparts are freely redistributable.
1803 Normally, this replacement resulted in significant performance
1804 improvements and the increase of the limits imposed on data by
1805 the utility as well.
1807 A summary of specific additions and changes are as follows:
1810 amd An auto-mounter implementation.
1811 ar Replacement of the historic archive format with a new one.
1812 awk Replaced by gawk; see /usr/src/old/awk for the historic version.
1813 bdes Utility implementing DES modes of operation described in FIPS PUB 81.
1814 calendar Addition of an interface for system calendars.
1815 cap_mkdb Utility for building hashed versions of termcap style databases.
1816 cc Replacement of pcc with gcc suite.
1817 chflags A utility for setting the per-file user and system flags.
1818 chfn An editor based replacement for changing user information.
1819 chpass An editor based replacement for changing user information.
1820 chsh An editor based replacement for changing user information.
1821 cksum The POSIX 1003.2 checksum utility; compatible with sum.
1822 column A columnar text formatting utility.
1823 cp POSIX 1003.2 compatible, able to copy special files.
1824 csh Freely redistributable and 8-bit clean.
1825 date User specified formats added.
1826 dd New EBCDIC conversion tables, major performance improvements.
1827 dev_mkdb Hashed interface to devices.
1829 find Several new options and primaries, major performance improvements.
1830 fstat Utility displaying information on files open on the system.
1831 ftpd Connection logging added.
1832 hexdump A binary dump utility, superseding od.
1833 id The POSIX 1003.2 user identification utility.
1835 jot A text formatting utility.
1836 kdump A system-call tracing facility.
1837 ktrace A system-call tracing facility.
1838 kvm_mkdb Hashed interface to the kernel name list.
1839 lam A text formatting utility.
1840 lex A new, freely redistributable, significantly faster version.
1841 locate A database of the system files, by name, constructed weekly.
1842 logname The POSIX 1003.2 user identification utility.
1843 mail.local New local mail delivery agent, replacing mail.
1844 make Replaced with a new, more powerful make, supporting include files.
1845 man Added support for man page location configuration.
1846 mkdep A new utility for generating make dependency lists.
1847 mkfifo The POSIX 1003.2 FIFO creation utility.
1848 mtree A new utility for mapping file hierarchies to a file.
1849 nfsstat An NFS statistics utility.
1850 nvi A freely redistributable replacement for the ex/vi editors.
1851 pax The POSIX 1003.2 replacement for cpio and tar.
1852 printf The POSIX 1003.2 replacement for echo.
1853 roff Replaced by groff; see /usr/src/old/roff for the historic versions.
1854 rs New utility for text formatting.
1855 shar An archive building utility.
1856 sysctl MIB-style interface to system state.
1857 tcopy Fast tape-to-tape copying and verification.
1858 touch Time and file reference specifications.
1859 tput The POSIX 1003.2 terminal display utility.
1860 tr Addition of character classes.
1861 uname The POSIX 1003.2 system identification utility.
1862 vis A filter for converting and displaying non-printable characters.
1863 xargs The POSIX 1003.2 argument list constructor utility.
1864 yacc A new, freely redistributable, significantly faster version.
1871 (``zoo'') should be installed early on if attempting to
1872 cross-compile \*(4B on another system.
1875 program is not completely backward compatible with historic versions of
1877 although it is believed that all documented features are supported.
1881 utility has two new options that are important to be aware of if you
1883 The ``fstype'' and ``prune'' options can be used together to prevent
1884 find from crossing NFS mount points.
1887 for an example of their use.
1888 .Sh 2 "Hints on converting from \*(Ps to \*(4B"
1890 This section summarizes changes between
1891 \*(Ps and \*(4B that are likely to
1892 cause difficulty in doing the conversion.
1893 It does not include changes in the network;
1894 see section 5 for information on setting up the network.
1896 Since the stat st_size field is now 64-bits instead of 32,
1897 doing something like:
1902 and then (improperly) defining foo with an ``int'' or ``long'' parameter:
1911 will fail miserably (well, it might work on a little endian machine).
1912 This problem showed up in
1914 as well as several other programs.
1915 A related problem is improperly casting (or failing to cast)
1916 the second argument to
1924 lseek(fd, (long)off, 0);
1931 The best solution is to include
1933 which has prototypes that catch these types of errors.
1935 Determining the ``namelen'' parameter for a
1937 call on a unix domain socket should use the ``SUN_LEN'' macro from
1939 One old way that was used:
1942 addrlen = strlen(unaddr.sun_path) + sizeof(unaddr.sun_family);
1944 no longer works as there is an additional
1948 The kernel's limit on the number of open files has been
1949 increased from 20 to 64.
1950 It is now possible to change this limit almost arbitrarily.
1951 The standard I/O library
1952 autoconfigures to the kernel limit.
1953 Note that file (``_iob'') entries may be allocated by
1957 this allocation has been known to cause problems with programs
1958 that use their own memory allocators.
1959 Memory allocation does not occur until after 20 files have been opened
1960 by the standard I/O library.
1963 can be used with more than 32 descriptors
1964 by using arrays of \fBint\fPs for the bit fields rather than single \fBint\fPs.
1967 as their first argument to
1969 will no longer work correctly.
1970 Usually the program can be modified to correctly specify the number
1971 of bits in an \fBint\fP.
1972 Alternatively the program can be modified to use an array of \fBint\fPs.
1973 There are a set of macros available in
1979 Old core files will not be intelligible by the current debuggers
1980 because of numerous changes to the user structure
1981 and because the kernel stack has been enlarged.
1984 header that was in the user structure is no longer present.
1985 Locally-written debuggers that try to check the magic number
1986 will need to be changed.
1988 Files may not be deleted from directories having the ``sticky'' (ISVTX) bit
1990 except by the owner of the file or of the directory, or by the superuser.
1991 This is primarily to protect users' files in publicly-writable directories
1996 All publicly-writable directories should have their ``sticky'' bits set
1999 The following two sections contain additional notes about
2000 changes in \*(4B that affect the installation of local files;
2001 be sure to read them as well.